One of the benefits of the new requirement to file insider trading policies as 10-K exhibits is that we now have significantly more data on “what’s market” with respect to key policy terms. Previously, any benchmarking exercise was challenging due to limited available data — while some companies voluntarily chose to post their insider trading policies on their websites, many did not.
While insider trading policies, in particular, should really be tailored to the particular circumstances of any given company to be most effective, benchmarking is nonetheless helpful — especially to ensure that your policies and practices aren’t an outlier from your peers. The latest survey of insider trading policies recently filed by 50 public companies, including 25 Fortune 100 companies and 25 mid-cap companies, is now out from the team at White & Case, and it lays out the data in a readily understandable way using a number of charts to show the frequency of various approaches to key policy terms. For example, here are some stats on when quarterly “blackout periods” start and end, and who is subject to those periods and preclearance procedures:
– For the start of blackout periods, the majority of companies used two weeks before quarter end (55%), with three to four weeks before quarter end being the next most prevalent (22%). Notably, 8% of companies used five to six weeks before quarter end!
– For the end of quarterly blackout periods, the majority of companies used one full trading day after earnings are released (54%), and many companies used two full trading days after earnings are released (40%). Here, I was surprised to see that two companies left this to “company discretion.”
– The folks subject to the blackout periods were most commonly (86%) limited to directors, Section 16 officers/executive officers and other designated employees who have access to financial information. 14% of companies included all employees.
– The insiders subject to preclearance procedures usually aligned with the list subject to a company’s quarterly blackout periods, but not always. 86% limited preclearance requirements to directors, Section 16 officers/executive officers and other designated employees who have access to financial information. 4% imposed them on all employees, and 8% limited them to directors and Section 16 officers only. One company did not include preclearance procedures.
We’ve posted the transcript for our webcast “Audit Quality: Lessons from BF Borgers and Other Recent Developments.” Deloitte’s William Calder, Maynard Nexsen’s Bob Dow, and Nonlinear Analytics’ Olga Usvyatsky discussed what corporate attorneys need to know about the latest audit-quality developments to advise their client(s) on financial reporting and corporate governance matters. Their discussion covered current challenges facing the accounting and auditing professions, an overview of recent PCAOB-related rulemaking, and lessons for public companies and audit committees.
Here’s a snippet from Bob’s discussion of the BF Borgers enforcement action and considerations for financial reporting teams and audit committees:
In the three years leading up to this enforcement action, in each year’s inspection report, [the PCAOB] indicated that there was a 100% error rate. In other words, 100% of the audits that they examined had significant deficiencies in the audit. . . . [also] this firm had, at one point, 300 public company clients, and they had a total of 10 CPAs on staff. They only had one audit partner that could sign opinions, and that was Mr. Borgers himself . . . This case is like a worst-case example, but we can take some general lessons from it.
One obvious lesson is that there’s a big risk when audit firms take on more work than they have the capacity and resources to handle. This is an extreme example, but I’ve seen other examples of firms that got in over their heads . . .
Another lesson has to do with the importance of firm culture . . . There was a lot of cooperation within the firm to basically do what have been referred to in some arenas as “scam audits,” where there’s really no audit being done at all. That’s a deep issue within the culture of the CPA firm. You’ve got to ask yourself about the professionalism of each of the staff members within the firm, not just Mr. Borgers, who was basically running this operation.
Another lesson is simply, as I mentioned earlier, the importance of quality control systems within the audit firm. Here, you had just a complete breakdown of their quality control systems, but it does show that it’s impossible to consistently have quality audits unless you have a good quality control system within the audit firm.
Finally, for public companies, we need to talk about the audit committee’s role . . . there was a lot of evidence out there even before this enforcement action came down – audit inspection reports indicated 100% of the audits were deficient – that there were issues with the BF Borgers audits. That’s a lesson for audit committees about doing due diligence. These audit inspection reports are available publicly on the PCAOB site. Any diligent audit committee should get a hold of those, and take a look at them, and ask questions if they have negative information in them . . . [And] there’s a lesson here for audit committees to not focus on only price and speed, but on quality when you’re fulfilling your fiduciary duty as an audit committee member.
Members of this site can access the transcript of this program. If you are not a member, email sales@ccrcorp.com to sign up today and get access to the full transcript – or sign up online.
On Friday, the SEC issued a press release announcing that Corp Fin Director Erik Gerding intends to leave the SEC at the end of this year. The range of rulemaking adopted under Director Gerding’s leadership has been broad and impressive. As highlighted in the press release:
Mr. Gerding led the Division as it recommended rules to the Commission on climate-related disclosures for investors; cybersecurity risk management, strategy, governance, and incident disclosure by public companies; and special purpose acquisition companies. During his tenure, the Division also implemented new or updated rules on beneficial ownership reporting, universal proxy, listing standards for clawbacks of erroneously awarded compensation, conflicts of interest in securitizations, “pay versus performance” executive compensation disclosures, and Rule 10b5-1 plans regarding when insiders can sell their shares.
The SEC simultaneously announced that Cicely LaMothe will serve as Acting Director upon Director Gerding’s departure. Cicely LaMothe currently serves as Deputy Director, Disclosure Operations for the Division of Corporation Finance and was previously the Program Director of the Disclosure Review Program, Associate Director of the Office of Assessment and Continuous Improvement, and Associate Director of Disclosure Operations.
Per Axios, lawmakers seem optimistic that they will avert a government shutdown with a continuing resolution to fund the government into March. But we once again find ourselves up against a government funding deadline this Friday, and the SEC is preparing accordingly, adding this note on its homepage about its operational status in the event of a lapse in appropriations:
[T]he SEC’s operating status will change concurrently with the rest of the federal government, in accordance with the agency’s plan for operating during a shutdown. As that plan contemplates, we are currently preparing for a potential shutdown, with a focus on the market integrity and investor protection components of our mission. Our plan calls for the continuing operation of certain Commission systems, including EDGAR. Additional information is available from the Division of Corporation Finance, the Division of Examinations, and the Division of Investment Management.
As it has done a few times before, Corp Fin also posted an announcement last Friday, “Division of Corporation Finance Actions in Advance of a Potential Government Shutdown,” providing guidance on the Division’s operations during a shutdown and various considerations for filing matters. This guidance may seem very familiar because it largely follows the guidance we have received from the Staff in past government shutdown situations. With that in mind, check out Dave’s top ten takeaways from the SEC’s guidance in September 2023.
The latest issue of The Corporate Counsel newsletter has been sent to the printer. It is also available now online to members of TheCorporateCounsel.net who subscribe to the electronic format. The issue includes the following articles:
– Annual Season Items
– The SEC’s Cybersecurity Summer Is Over: What to Do Now That Winter Is Coming
Please email sales@ccrcorp.com to subscribe to this essential resource if you are not already receiving the important updates we provide in The Corporate Counsel newsletter.
This Skadden memo offers insights into emerging board governance practices aimed at providing appropriate oversight to corporate cybersecurity programs. This excerpt notes that boards are starting to look beyond the already heavily burdened audit committee when deciding who should take the lead for the board on cybersecurity oversight:
There is no one-size-fits-all approach. What is important is to be thoughtful about which body has the time available to assess these issues on an on-going basis and will be able to bring relevant expertise to the challenge. Responsibility could be given to the audit committee, since that body usually oversees controls of various sorts and general compliance with legal and regulatory requirements.
But, where cybersecurity issues are central to the business, some companies have created a technology committee rather than saddle the audit committee with additional work, since it typically already has a lot on its plate. Such a technology committee is usually dedicated to overseeing the strategy, performance and compliance of all the company’s technology, positioning this committee well to make cybersecurity governance decisions and address newly emerging challenges associated with other technology issues such as artificial intelligence deployment.
Other companies have a risk committee dedicated to identifying, assessing and mitigating risks, including cybersecurity risks, across the company. In short, there are many approaches to how a board may structure its cybersecurity oversight, yet it is ultimately the board’s responsibility to determine which structure or body would best serve the company.
The memo also provides an overview of directors’ oversight responsibilities and key considerations that boards should keep in mind when establishing governance structures to address cybersecurity concerns.
After I blogged about the SEC’s position on expenditures for executive security being regarded as a perk, a member reached out with an anecdote about an interesting – and troubling – real world scenario where this issue came up:
Some years ago, one of my former firm’s clients was a major defense contractor, and had been advised by the US Government that because of known threats, certain security-related items should be installed at the CEO’s residence. The SEC staff insisted that the costs needed to be disclosed as perquisites, to which we relented. One of our concerns was that because other senior executives did not have comparable security coverage, we were letting the bad guys know where the systemic vulnerabilities might be. This continues to be an issue. When it comes to matters of national security, I disagree with the staff position.
In light of the SEC’s position, companies thinking about implementing or upgrading security arrangements for their executives should consider whether casting a wider net may be necessary in order to avoid disclosure that inadvertently reveals – or creates – security vulnerabilities.
We’ve posted the transcript for our webcast “Surviving Say-On-Pay: A Roadmap for Winning the Vote in Challenging Situations” – full of practical tips for say-on-pay scenarios that companies frequently encounter – from D.F. King’s Zally Ahmadi, Compensia and CompensationStandards.com’s Mark Borges, Orrick’s JT Ho, Foot Locker’s Jenn Kraft, and Tesla’s Derek Windham. They covered the following topics:
You will definitely want to check this out as we enter the proxy season, and the transcript is a low-time-and-effort way help you think through any changes you want to make on how you approach your say-on-pay proposal in 2025.
Members of this site can access the transcript of this program. If you are not a member, email sales@ccrcorp.com to sign up today and get access to the full transcript – or sign up online.
Yesterday, in Alliance for Fair Board Recruitment v. SEC, (5th Cir.; 12/24), the 5th Circuit held that the SEC exceeded its authority when it approved Nasdaq’s board diversity rule. The case was decided by a 9-8 vote, and the Court’s action overrules a 5th Circuit panel’s prior decision upholding the rule.
In reaching this decision, the 5th Circuit concluded that the SEC’s actions implicated the “major questions” doctrine and that absent a clear Congressional directive, the agency lacked the statutory authority to authorize Nasdaq’s rule. The SEC and Nasdaq argued, among other things, that because “full disclosure” was central to the Exchange Act, the SEC had broad authority to adopt a board diversity disclosure requirement. The Court disagreed, and this excerpt from the majority’s opinion indicates that it viewed the scope of the authority granted by the Exchange Act more narrowly:
SEC and Nasdaq contend that Supreme Court precedent establishes that full disclosure is the “core” purpose of the Exchange Act. . . But that is not true. What the Court has actually said is that the Act “embrace[s] a fundamental purpose . . . to substitute a philosophy of full disclosure for the philosophy of caveat emptor. and thus to achieve a high standard of business ethics in the securities industry.” Affiliated Ute Citizens of Utah v. United States, 406 U.S. 128, 151 (1972) (emphasis added) (quotation omitted); compare post, at 45 (Higginson, J., dissenting).
In other words, the Court has acknowledged that disclosure is not an end in itself but rather serves other purposes, such as the purpose of promoting ethical behavior or “the purpose of avoiding frauds.” Ibid. Thus, nothing in the Court’s precedents undermines our conclusion that a disclosure rule is related to the purposes of the Act only if it is related to the elimination of fraud, speculation, or some other Exchange Act–related harm.
The Court ultimately concluded that the board diversity rule was “far removed” from the purposes of the Act. According to a Bloomberg Law article on the decision, Nasdaq doesn’t plan to appeal the ruling, while the SEC is “reviewing the decision and will determine next steps as appropriate.”
Wilson Sonsini recently issued the 2024 edition of its SV 150 Governance Report, which surveys governance practices among Silicon Valley’s largest companies. The report is full of information on topics such as board composition, demographics and governance practices, proxy statement disclosure practices, executive compensation, shareholder proposals and activist activities. Here’s what the report has to say about the prevalence of various defensive measures:
– 54% of companies had staggered boards and charter provisions requiring a supermajority vote to remove a director.
– 55% of companies had plurality voting standards for director elections
– 100% of companies allowed the board to change the number of directors
– 92% of companies permitted the board to fill vacancies
– 99% of companies had an advance notice bylaw
– 28% of companies had a proxy access bylaw
– 27% of companies permitted stockholders to call a special meeting
– 63% of companies required a supermajority vote to amend charter documents
– 96% of companies authorized a class of blank check preferred
– 82% of companies had an exclusive forum bylaw
– 63% of companies had a federal forum bylaw that applied to 1933 Act claims
Only a single company had a poison pill in place, although the prevalence of blank check preferred means that virtually all of the SV 150 have a pill on the shelf or could implement one at a moment’s notice. Less than 1% of the SV 150 companies had cumulative voting rights.
