This recent Ideagen/Audit Analytics blog notes that although lengthy auditor tenure is an area of concern among governance advocates, two dozen public companies have had the same auditor for more than a century! So which audit firms have managed to hold on to their audit clients for more than 100 years? This excerpt provides the answer:
PricewaterhouseCoopers (PwC), Deloitte and Ernst & Young (EY) are the only members of the US centenarian club. PwC audited eight of these companies, Deloitte audited six and EY was the auditor of record for the remaining 10 companies. The longest audit tenure on record was BCE Inc.’s (formerly known as Bell Canada Enterprises, Inc.) relationship with Deloitte, which has spanned 144 years.
The blog lists each of the US public companies that has retained the same auditor for over 100 years and discloses the name of that auditor. It also points out that the number of public companies that have had the same auditor for more than a century has doubled since 2016.
It’s long been an open secret that many Reg D issuers opt not to file a Form D for their offerings. One reason may be that the SEC hasn’t made non-compliance with Form D filing requirements an enforcement priority. That changed on Friday, when the SEC announced settled enforcement proceedings against three issuers that failed to make required Form D filings. This excerpt from the SEC’s press release explains the agency’s rationale for the actions:
An issuer’s failure to follow the requirements to file a Form D (or amend its existing Form D filing) impedes the Commission’s ability to fully assess the scope of the Regulation D market, which is key to the Commission’s understanding of whether Regulation D is appropriately balancing the need for investor protection on one hand and the furtherance of capital formation on the other, particularly as it relates to small businesses.
It also harms the Commission’s ability to monitor and enforce compliance with the requirements of Regulation D and the ability of state securities regulators and self-regulatory organizations to monitor and enforce other securities laws and rules. In addition, it hampers the ability of investors and other market participants to understand whether companies are complying with federal securities laws in their offerings, to research and analyze the Regulation D market, and to report on capital-raising in industries that use Regulation D.
Each of the issuers agreed to cease and desist from failing to comply with Rule 503 of Regulation D and agreed to pay civil penalties ranging from $60,000 to $195,000. In addition, the order in each of these actions points out that the offerings at issue involved general solicitation, which made the statutory Section 4(a)(2) exemption unavailable. (Keith Bishop has posted some thoughts on this topic over on his blog).
If the SEC’s goal is improved compliance with Rule 503’s filing requirement, then I think that in addition to “message cases” like these, the SEC should take a hard look at the information that it asks issuers to provide in a Form D. There’s a lot of stuff in there only a bureaucrat could love, and most issuers regard Form D as the Securities Act’s version of a “TPS Report.” But the bottom line is that if you don’t file a Form D, you’re not complying with the law, and you aren’t going to get a lot of sympathy from the Division of Enforcement.
One thing I’m not sure about is whether the cease-and-desist orders in these cases are regarded as an “order, judgment, or decree of any court of competent jurisdiction. . . enjoining such person for failure to comply with Rule 503. . . ” If so, the issuers also would be prohibited under Rule 507 from relying on Reg D absent a waiver from the SEC. My gut tells me that they are, but I’d think that’s something the SEC might highlight in its press release, which it didn’t do. If any SEC enforcement lawyers out there can enlighten me, I’d appreciate it – and I’ll update the blog.
On Friday, the SEC announced that EDGAR will be closed on Tuesday and Wednesday. The announcement noted that Christmas Eve is being treated as a federal holiday this year. Here’s the other relevant info from the SEC’s announcement:
Please be aware that on December 24, 2024 and December 25, 2024:
– EDGAR filing websites will not be operational.
– Filings will not be accepted in EDGAR.
– EDGAR Filer Support will be closed.
Filings required to be made on Tuesday, December 24 and Wednesday, December 25 will be considered timely if filed on December 26, 2024, EDGAR’s next operational business day.
This is our last blog before the holidays begin, and I know that this time of year makes a lot of people nostalgic, especially geriatrics like me. So, for my fellow boomers and our Gen X readers, here’s a link to a website featuring something that many of us remember fondly from our childhoods – decades of the Sears Holiday “Wishbook” and other holiday catalogues. Even if you’re not a boomer, I bet you’ll have fun visiting the National Toy Hall of Fame’s website. You’re sure to find at least a few of your childhood favorites here.
Merry Christmas and Happy Hanukkah to all those who celebrate! We’ll be back after the 25th, but blogging will be lighter than usual over the holidays.
I shared some D&O questionnaire considerations on The Proxy Season Blog in early December that I thought would be worth distributing more widely here since, after the holidays, proxy season will be “full steam ahead!” While SEC and US stock exchange rules don’t require significant adjustments to questionnaires this year, you may want to consider some potential updates — per this Bryan Cave blog and this Thompson Hine alert — given recent developments. Here are a few:
– In the section on director independence, expand the list of examples of material relationships to include close friendships or other close social ties with management, in light of the SEC settlement with a public company director, as discussed in our October 7, 2024 post.
– In the section on director expertise, collect information sufficient to assess the board’s skills cybersecurity expertise, even though the new rules do not require discussion of board-level expertise in this area.
– In the section on beneficial ownership, highlight or clarify the need to disclose margin loans or other form of pledges of issuer securities, in light of Carl Icahn’s settlement with the SEC, as discussed in our August 20, 2024 post. In addition, companies may wish to request confirmation that insiders have either not entered into, or terminated, any 10b5-1 or non-10b5-1 trading arrangements (as defined in Reg. S-K Item 408(c)) during the preceding fiscal year.
– In the section on Forms 4 and 5, remind insiders of the importance of reporting late or missed transactions, as well as the need to timely notify the company of changes in beneficial ownership, in light of the recent SEC enforcement sweep, as discussed in our October 3, 2024 post.
– In the undertakings: include the consent of the director for the disclosure regarding diversity for purposes of the Nasdaq diversity matrix or other disclosure a company may wish to make on this topic (and consider identifying any state law disclosure requirements, if applicable); and include the consent of the director or nominee to be included in the company’s proxy materials, as well as a nominee in a dissident’s proxy materials, should that become applicable, in light of universal proxy card rules.
– The SEC recently adopted amendments (collectively referred to as “EDGAR Next”) intended to enhance EDGAR’s security. Among other new requirements, applicants for EDGAR access will be required to disclose if the applicant, the account administrator(s), or the individual signing the Form ID has been convicted of or civilly or administratively enjoined, barred, suspended, or banned as a result of a federal or state securities violation. Companies may want to consider adding a question to their D&O questionnaires to address this new EDGAR Next requirement. Additionally, as the EDGAR Next question is not limited to the past 10 years, companies should carefully consider where to place the question in their D&O questionnaires.
For Nasdaq-listed companies, don’t forget to assess your approach to board diversity disclosures and update accordingly! And, as always, for 100+ pages of practical guidance, check out our “D&O Questionnaires Handbook.”
Yesterday, the SEC posted this notice & request for comment on a proposed Nasdaq rule change that would amend Listing Rules 5405 and 5505 to:
– Require that a company listing on the Nasdaq Global Market or Nasdaq Capital Market in connection with an IPO satisfy the applicable minimum Market Value of Unrestricted Publicly Held Shares (“MVUPHS”) requirement solely from the proceeds of the offering; and
– Make similar changes affecting companies that uplist to Nasdaq from the OTC market in conjunction with a public offering.
The notice explains the rationale for the proposal:
Nasdaq Listing Rules require a company to have a minimum Market Value of Unrestricted Publicly Held Shares. For initial listing on the Nasdaq Global Market, a company must have a minimum MVUPHS of $8 million under the Income Standard, $18 million under the Equity Standard, and $20 million under either the Market Value or Total Assets/Total Revenue Standards. For initial listing on the Nasdaq Capital Market, a company must have a minimum MVUPHS of $5 million under the Net Income Standard, and $15 million under either the Equity or Market Value of Listed Securities Standards.
Unrestricted Publicly Held Shares are shares that are not held by an officer, director or 10% shareholder of the company and which are not subject to resale restrictions of any kind. In the case of a company listing in conjunction with a public offering, previously issued shares registered for resale (“Resale Shares”), and not held by an officer, director or 10% shareholder of the company, are counted as Unrestricted Publicly Held Shares in addition to the shares being sold in the offering. . . .
Nasdaq has observed that the securities of companies that meet the applicable MVUPHS requirement by including Resale Shares have experienced higher volatility on the date of listing than those of similarly situated companies that meet the requirement with only the proceeds from the offering. Nasdaq believes that the Resale Shares may not contribute to liquidity to the same degree as the shares sold in the public offering.
The latest Issue of the Deal Lawyers newsletter was just sent to the printer. It is also available now online to members of DealLawyers.com who subscribe to the electronic format. This issue includes the following articles:
– 2024 Survey of Trends and Key Components of CVRs in Life Sciences Public M&A Deals
– Comment Letter Trends: Contested Election Disclosures for the 2024 Proxy Season
The Deal Lawyers newsletter is always timely & topical – and something you can’t afford to be without to keep up with the rapid-fire developments in the world of M&A. If you don’t subscribe to Deal Lawyers, please email us at sales@ccrcorp.com or call us at 800-737-1271.
Programming Note: We are now entering end-of-year mode! With the holidays just around the corner, our blogging will be more limited the next few weeks. We will be back in full force in January. Happy holidays, everyone!
Last week, Gibson Dunn released this survey of annual report cybersecurity disclosures by S&P 100 companies. The report notes that there is significant variation among the disclosures — at least partially reflecting necessary variability due to differences in company size & complexity, nature & scope of activities, industry, regulation, sensitivity of data and risk profile. Since disclosure in this area requires a special balancing act of providing investors decision-useful information and not revealing sensitive data that could be exploited, the Gibson Dunn team expects these disclosures will continue to change with the evolving cyber threat landscape and as disclosure practices converge.
To that end, the data in the report may be useful to consider as you decide whether and how to ‘tune-up’ your 10-K cyber disclosures for your next annual report filing. Here is the executive overview from the report describing the key disclosure trends:
– Materiality. The phrasing used by companies for this disclosure requirement varies widely. Specifically, in response to the requirement to describe whether any risks from cybersecurity threats have materially affected or are reasonably likely to materially affect the company, the largest group of companies (40%) include disclosure in Item 1C largely tracking Item 106(b)(2) language (at times, subject to various qualifiers); 38% vary their disclosure from the Item 106(b)(2) requirement in how they address the forward-looking risks; and 22% of companies do not include disclosure specifically responsive to Item 106(b)(2) directly in Item 1C, although a substantial majority of these companies cross-reference to a discussion in Item 1A “Risk Factors.”
– Board Oversight. Most companies delegate specific responsibility for cybersecurity risk oversight to a board committee and describe the process by which such committee is informed about such risks. Ultimately, however, the majority of surveyed companies report that the full board is responsible for enterprise-wide risk oversight, which includes cybersecurity.
– Cybersecurity Program. Companies commonly reference their program alignment with one or more external frameworks or standards, with the National Institute of Standards and Technology (NIST) Cybersecurity Framework being cited most often. Companies also frequently discuss specific administrative and technical components of their cybersecurity programs, as well as their high-level approach to responding to cybersecurity incidents.
– Assessors, Consultants, Auditors or Other Third Parties. As required by Item 106(b)(1)(ii), nearly all companies discuss retention of assessors, consultants, auditors or other third parties, as part of their processes for oversight, identification, and management of material risks from cybersecurity threats.
– Risks Associated with Third-Party Service Providers and Vendors. In line with the requirements of Item 106(b)(1)(iii), all companies outline processes for overseeing risks associated with third-party service providers and vendors.
– Drafting Considerations. Most companies organize their disclosure into two sections, generally tracking the organization of Item 106, with one section dedicated to cybersecurity risk management and strategy and another section focused on cybersecurity governance. Companies typically include disclosures responsive to the requirement to address material impacts of cybersecurity risks, threats, and incidents in the section on risk management and strategy.
The average length of disclosure among surveyed companies is 980 words, with the shortest disclosure at 368 words and the longest disclosure at 2,023 words. The average disclosure runs about a page and a half.
And don’t forget to take a look at your disclosures outside of Item 106 of Reg. S-K. The SEC enforcement actions targeting cybersecurity disclosures in the wake of an incident are continuing to roll in — with a new cease-and-desist order posted just this week focused on allegations of misleading hypothetical risk factor disclosure and omissions of material information (for example, failing to include that the accessed customer data included customer PII).
Last week, as expected from oral arguments (and for the second time this term!), SCOTUS dismissed cert as “improvidently granted” in NVIDIA Corp. v. E. Ohman J:or Fonder AB. Full disclosure, this may have happened more than twice this term, but I’m aware of these two instances because both could have impacted the way we draft risk factors and cautionary disclaimers. Here’s more from the D&O Diary:
At the outset of the current U.S. Supreme Court term, corporate and securities law observers and commentators were excited that the Court had agreed to take up two securities law cases that had significant potential to provide insights about securities lawsuit pleading standards and processes. However, as noted here, in November, the court dismissed the Facebook Cambridge Analytica case, one of the two cases the Court was to take up this term. Now, in a terse, one-line December 11, 2024, order, the Court dismissed the Nvidia case, the second of the two cases it had agreed to take up, meaning that instead of addressing two securities law cases this term, it will now not consider any securities cases.
… A dismissal on these grounds means that the Court has decided that it should not have agreed to review the case. A dismissal of this type typically occurs when the Court realizes, upon further examination, that the case does not meet the criteria for Supreme Court review or that there was some procedural or substantive issue that makes the case unsuitable for their consideration.
What is the practical implication of this outcome? Continued uncertainty.
The Supreme Court’s dismissal of the case also means that the Court now will not weigh in on the interesting and important issues that the case presented. The question of what a plaintiff relying on internal documents in support of a securities law claim must plead is a recurring one. The question of the extent to which a plaintiff can rely on expert witness testimony to support the sufficiency of a securities law claim also is recurring. The lower courts must now deal with these questions without Supreme Court guidance on the issue, and in that regard must deal with the split in the circuit on these issues that Nvidia has cited in support of its petition for the writ of certiorari.
The split in the circuits, usually of such significant concern to the Supreme Court, is a particularly noteworthy concern with respect to these questions; Nvidia had argued in its petition for the writ that the positions of the Second and Ninth Circuits on these issues diverge, meaning that, with diverging positions in the two Circuits with the greatest volume of securities litigation activity, resulting in potentially diverging case outcomes.
Last week, the SEC announced settled enforcement proceedings against Cantor Fitzgerald for its alleged role in causing two SPACs that it controlled to make misleading statements to investors about the status of their discussions with potential acquisition targets ahead of their initial public offerings (IPOs). This excerpt from the agency’s press release summarizes the allegations:
The SEC’s order finds that Cantor Fitzgerald caused the SPACs in their SEC filings to deny having had contact or substantive discussions with potential business combination targets prior to their IPOs. However, the Order finds that at the time of each SPAC’s IPO, Cantor Fitzgerald personnel, acting on behalf of the SPACs, had already commenced negotiations with a small group of potential target companies for the SPACs, including with View and Satellogic, the companies with which the SPACs eventually merged.
Without admitting or denying the SEC’s allegations, Cantor Fitzgerald agreed to a cease & desist order and a civil money penalty of $6.75 million.
What makes this proceeding interesting isn’t really the allegations themselves, but a dissenting statement issued by Commissioner Uyeda covering several SPAC-related enforcement actions. In that statement, the Commissioner argues that SPACs are different than operating companies in ways that matter to deciding when preliminary merger negotiations should be regarded as “material”:
The U.S. Supreme Court in Basic v. Levinson adopted the probability/magnitude test for assessing the materiality of preliminary merger negotiations. The Second Circuit case cited by Basic for this test involved a small corporation that would be merged out of existence. For this corporation, the Second Circuit stated, and Basic agreed, that its merger was “the most important event that can occur in [its] life, to-wit, its death” and accordingly, information about the merger “can become material” before there is an agreement on the acquisition price and structure.
Unlike the corporation discussed in Basic, each SPAC respondent’s stated purpose was to acquire a target company. The SPAC’s “death” is planned for and sought after from the time the SPAC is formed. Given this distinction, the probability/magnitude test, as applied to information concerning a SPAC’s preliminary merger negotiations, should result in such information not becoming material until a time much closer to the SPAC and target company reaching a binding agreement on the acquisition price and structure. Any discussions prior to such time, even if they are “substantive,” are part of the day-to-day operations of a SPAC.
With the upcoming change in administrations, my guess is that Commissioner Uyeda’s views on this topic may be more influential – and that today’s dissenting statement could well become tomorrow’s policy.
