Last week, a group of financial services industry trade associations submitted a joint petition for rulemaking to the SEC requesting that the agency amend the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule that was adopted in 2023. The petition focuses on the requirement to file current reports under Item 1.05 of Form 8-K to disclose material cybersecurity incidents.
The petition was submitted by the American Bankers Association, Bank Policy Institute, Securities Industry and Financial Markets Association, Independent Community Bankers of America, and Institute of International Bankers. The groups note that “[w]hile we continue to have significant concerns regarding the rule as a whole— including the requirements of Regulation S-K Item 106 relating to cybersecurity risk management, strategy, and governance disclosures—we believe the most urgent and problematic aspects are the cybersecurity incident disclosure mandates under Form 8-K Item 1.05 for domestic issuers and under Form 6-K for foreign private issuers, both of which require rapid—often premature— disclosure of material cybersecurity incidents.”
In support of the request to revisit the Item 1.05 disclosure requirement, the petition notes a number of key concerns:
We respectfully request that the SEC rescind Item 1.05 because: (1) publicly disclosing cybersecurity incidents directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims, thereby compromising coordinated regulatory efforts to enhance national cybersecurity; (2) the complex and narrow disclosure delay mechanism interferes with incident response and law enforcement investigations; (3) it has created market confusion and uncertainty as companies struggle to distinguish between mandatory and voluntary disclosures; (4) the incident disclosure requirement has been weaponized as an extortion method by ransomware criminals to further malicious objectives, and may subject disclosing companies to additional cybersecurity threats; (5) insurance and liability implications of premature disclosures can exacerbate financial and operational harm to registrants; and (6) the public disclosure requirement risks chilling candid internal communications and routine information sharing.
Critically, without Item 1.05, investor interests will still be protected, and we believe they would be better served, through the pre-existing disclosure framework for reporting material information— which may include material cybersecurity incidents—while better mitigating the concerns raised above.
As noted in this blog, Debevoise’s Data Strategy and Security group assisted the five trade associations in preparing the joint petition for rulemaking.
It remains to be seen to what extent the SEC will undertake any changes to the cybersecurity disclosure rules in response to this petition for rulemaking or otherwise. It does appear that the SEC is very much in “listening mode” on the topic of regulatory reform, so it is possible that this is an area the SEC will choose to focus on as it seeks to revisit some of the rulemaking that was completed by the agency over the past four years.
Earlier this month, I reported on a data dump from the SEC’s Division of Economic and Risk Analysis (DERA) providing new data and analysis on the key market areas of public issuers, exempt offerings, commercial mortgage-backed securities, asset-backed securities, money market funds, and security-based swap dealers. Yesterday, the SEC announced that DERA has published three new reports that provide information on utilization of Regulation A and Regulation Crowdfunding and beneficial ownership of qualifying private funds. The SEC announcement notes that following about the Regulation A and Regulation Crowdfunding papers:
– Analysis of the Regulation A Market: A Decade of Regulation A provides statistics on the state of the Regulation A offering exemption over the past decade. It documents the level of offering activity and reported proceeds as well as the characteristics of issuers and offerings relying on this exemption. There were more than 1,400 offerings during this period seeking an aggregate of more than $28 billion in capital. Approximately $9.4 billion in proceeds was reported by more than 800 issuers. A typical Regulation A issuer was relatively small and young, and most issuers had not yet established a record of profitability.
– Analysis of Crowdfunding Under the JOBS Act provides an analysis of offering activity in the Title III securities-based crowdfunding market between May 16, 2016, (effective date of Regulation Crowdfunding) and December 31, 2024. During this period, there were more than 8,400 offerings initiated by more than 7,100 issuers, excluding withdrawn offerings. The offerings sought a total of approximately $560 million based on the target (minimum) amount. However, almost all offerings had a minimum-maximum format and accepted oversubscriptions up to a higher maximum. In the aggregate, the maximum amount sought in these offerings was approximately $8.4 billion. Based on the analysis of Electronic Data Gathering, Analysis, and Retrieval (EDGAR) filings during this period, there were more than 3,800 offerings where issuers reported proceeds; in total, they reported approximately $1.3 billion in proceeds. The crowdfunding exemption has continued to gain momentum over time and serves small and early-stage companies seeking access to capital, often for the first time. The median issuer had approximately $80,000 in total assets, including $13,000 in cash, $60,000 in debt, and $10,000 in revenue, and three employees.
DERA’s papers on Regulation A and Regulation Crowdfunding are timely as the SEC considers ways to promote capital formation, particularly for smaller companies.
To say that “time flies” is an understatement, as we now find ourselves past the unofficial start of summer and with June just around the corner. Given that the summer will inevitably pass by in a blink of an eye, now is the time to make your travel plans for our “2025 Proxy Disclosure & 22nd Annual Executive Compensation Conferences,” taking place in Las Vegas on October 21st & 22nd. Be sure to register now to take advantage of the Early Bird rate before it is gone!
I am looking forward to joining my fellow SEC All-Stars for our annual deep dive into all of the things going on at the SEC: “The SEC All-Stars: Proxy Season Insights” panel on October 21 and “The SEC All-Stars: Executive Pay Nuggets” panel on October 22. Please check out the rest of our action-packed agenda and our outstanding speakers. This is shaping up to be a big year in our space, so you do not want to miss all of the practical guidance that our speakers have to share.
The SEC’s Investor Advisory Committee will meet next Thursday, June 5 to consider a number of matters, including engagement with beneficial owners and non-GAAP financial disclosures. On the topic of engaging beneficial owners, the Committee’s agenda notes:
The right to vote at a shareholder meeting belongs to the registered shareowner under state law. In the case of shares of an issuer held by a fund, the voting rights are typically directed by the fund or the fund’s manager, not by the fund’s investors who benefit from the stock’s performance. Recent innovations have opened pathways for fund asset managers to engage with fund investors—those who beneficially own the fund’s investments—in order to gain insight into those investors’ voting preferences.
Pass-through voting (or voting choice) refers to different types of mechanisms that an asset manager may use to engage with fund investors/beneficial owners of the fund’s equity investments in order to discern voting preferences or to delegate voting decisions. To date, a number of asset managers, particularly those who engage in passive management strategies, have undertaken a variety of programs to engage with beneficial owners on proxy voting decisions.
The panel is comprised of experts with varying perspectives on the proxy voting process as it applies to funds and beneficial owners and will discuss trends in pass-through voting, potential impacts of pass-through voting, and the challenges and opportunities in more directly engaging beneficial owners in decisions about how asset managers vote proxies. This panel will also address challenges and opportunities of engaging beneficial owners of equity securities, including non-objecting beneficial owners, and whether anything can be learned about engaging beneficial owners from shareholder participation and engagement in directly held investments.
And on the topic of non-GAAP financial disclosures, the agenda states:
In the United States, financial accounting standards are developed by the Financial Accounting Standards Board (FASB), an independent body that ensures consistency and comparability in financial reporting. The Securities and Exchange Commission (SEC) requires companies to submit financial statements in accordance with U.S. Generally Accepted Accounting Principles (GAAP) as established by FASB. The GAAP standards are robust and provide specific guidance on the presentation of certain financial information. However, the regulatory system allows companies to supplement GAAP-based reporting with non-GAAP financial measures, which provide additional insight into operational performance. These measures are commonly included in Management’s Discussion and Analysis (MD&A), earnings releases, and investor presentations to help frame financial results from management’s perspective. These non-GAAP financial disclosures are valued and relied on by investors. Despite their usefulness, there is the risk that non-GAAP metrics may be presented in a way that emphasizes a more favorable outlook than GAAP reporting alone might suggest. This potential tension makes non-GAAP disclosures an area that is litigated in the courts and a topic raised by the SEC when reviewing issuer disclosures.
The panel is comprised of practitioners with experience in dealing with issues surrounding non-GAAP from differing perspectives. The panel will discuss the following issues: What areas of current regulations on non-GAAP measures, if any, could be strengthened or clarified? Would greater standardization of certain non-GAAP measures benefit investors? What challenges or benefits exist in implementing industry-specific non-GAAP reporting guidelines? How will AI impact the quality and transparency of non-GAAP reporting and could AI be used to detect potentially misleading non-GAAP disclosures?
Meetings of the Investor Advisory Committee are open to the public and a webcast archive is made available after the conclusion of the meeting.
Last week, SEC Chairman Paul Atkins appeared before the House Appropriations Subcommittee on Financial Services and General Government. In his written statement to the Subcommittee, Chairman Atkins discussed the Commission’s mission, key priorities and recent changes at the SEC. On the topic of the SEC’s mission, Chairman Atkins noted:
First and foremost, it is a new day at the SEC. I am determined that we return to our core mission that Congress set for us more than 90 years ago.
The SEC’s three-part mission was enunciated by Congress in the Exchange Act: protecting investors; facilitating capital formation; and maintaining fair, orderly, and efficient markets.
Investor protection is vital to our mission—holding accountable those who lie, cheat, and steal. The SEC will remain vigilant in our important role to ensure that investors have confidence to participate in the markets.
Capital formation is also at the root of what we do—fostering a direct, economical route for investors’ capital to find its way to entrepreneurs and industry to create products and services. This engine of growth employs people, helping them to work and save to achieve their dreams.
The third core part of our mission is maintaining fair, orderly, and efficient markets. Congress calls on the Commission to ensure that our regulations balance costs and benefits, that they do not become too burdensome by adding needless friction to the marketplace, undermining the capital formation that yields so much benefit.
During my tenure as chairman, the SEC will not stray from this core three-part mission.
In the area of digital assets, Chairman Atkins stated:
A key priority of my Chairmanship will be to develop a rational regulatory framework for crypto asset markets that establishes clear rules of the road for the issuance, custody, and trading of crypto assets while continuing to discourage bad actors from violating the law. Clear rules of the road are necessary for investor protection against fraud—not the least to help them identify scams that do not comport with the law.
Policymaking will be done through notice and comment rulemaking not through regulation-by-enforcement. The Commission will utilize its existing authorities to set fit-for-purpose standards for market participants. The Commission’s enforcement approach will return to Congress’ original intent, which is to police violations of these established obligations, particularly as they relate to fraud and manipulation.
In terms of operational matters, Chairman Atkins noted that “the SEC’s Offices and Divisions have decreased headcount by 15% since the beginning of the current fiscal year. Many of our colleagues at the SEC elected to take advantage of the Administration’s Fork in the Road, Voluntary Early Retirement Authority (VERA) or Voluntary Separation Incentive Payments (VSIP).” He further noted that there will be targeted reorganizations to come, including asking Congress for permission to disband FinHub. Chairman Atkins noted that the agency has begun a process to review its technology infrastructure and contractual obligations, especially regarding information technology. He also noted that the he firmly believes in the regional office concept.
Broadridge recently released its fifth annual Digital Transformation & Next-Gen Technology Study, which draws on the perspectives of over 500 financial services technology and operations leaders to better understand how they are approaching artificial intelligence, cybersecurity, crypto and data, among other trends. Broadridge will also be holding a webinar titled “The State of Digital Transformation in Financial Services: Executive Perspectives,” which will take place on Wednesday, June 11, 2025, at 11:00 am Eastern time.
Some of the key takeaways from the Broadridge study are:
– Financial firms are seeking a seamless single platform and source of truth;
– Data silos and legacy technology emerge as top pain points;
– GenAI is proving its place in financial services workflow;
– Digital assets and blockchain technologies have captured the attention, and increasingly the wallets, of financial firms; and
– Cybersecurity takes center stage.
On the topic of digital assets and blockchain technology, the study notes:
Nearly three-quarters (71%) of financial firms are making major investments in blockchain and distributed ledger technologies (DLT) this year, up from 59% in 2024, and 64% are making big investments in cryptocurrency, up from 51% last year.
A majority of respondents (53%) agree that digital assets will become widely accessible, and 40% believe digital assets are increasingly relevant to their business. However, 73% feel greater regulation is on the way.
As companies migrate to new jurisdictions of incorporation, some of the tried-and-true practices that we have come to be accustomed to with Delaware corporations could be revisited. For example, Keith Bishop recently observed on his California Corporate & Securities Law blog how the difference in how Nevada treats broker non-votes may obviate the need for Nevada corporation to include a proposal seeking shareholder ratification of the selection of the company’s independent registered public accounting firm. Keith’s blog notes:
My eye caught one subtle difference between Nevada and Delaware corporate law in the discussion of voting and quorum requirements:
“Abstentions and broker non-votes are counted as present and entitled to vote for purposes of determining a quorum.”
This statement is, of course, consistent with NRS 78.315(1)(a) which provides: “Unless this chapter, the articles of incorporation or the bylaws provide for different proportions: (a) A majority of the voting power, which includes the voting power that is present in person or by proxy, regardless of whether the proxy has authority to vote on any matter, constitutes a quorum for the transaction of business . . .” (emphasis added). However, it does differ from Delaware’s treatment of broker non-votes:
“Accordingly, uninstructed shares will cause a broker non-vote deemed present for quorum purposes if and only if the broker has discretionary authority with respect to at least one item on a meeting’s agenda. If no discretionary authority exists on any agenda item, uninstructed shares will not be present with respect to any items and will therefore not count towards a quorum. Conversely, if a broker has discretionary authority and submits a limited proxy authorizing the vote of shares with respect to one or more agenda items, such shares will be deemed present for those items and will count for quorum purposes.”
R. Franklin Balotti & Jesse A. Finkelstein, The Delaware Law of Corporations and Business Organizations § 7.10 (Fourth Edition, 2025-1 Supp 2020-2021) (footnote omitted). This is the reason that it has become de rigueur for Delaware corporations to include a proposal to ratify the appointment of auditors since this is a proposal that brokers may vote in their discretion under NYSE Rule 452.
By counting proxies regardless of whether the proxy has authority to vote on any matter, Nevada moots the purpose of including at least one discretionary proposal. Nevada corporations may want to consider what purpose is served by asking for shareholder ratification of the appointment of the auditor. Shareholders are likely to have little or no knowledge of the auditor’s performance and the vote is essentially advisory.
Last week, SAR published this helpful one-pager highlighting three factors that indicate a high likelihood that the current soft market for D&O insurance will not outlast the previous one. The report notes that these three factors are:
– Hypercompetition perpetuates defensive pricing in a consolidating intermediary market;
– Alleged market capitalization losses outpace the growth in U.S. market capitalization by 2X since 2020; and
I am happy to see that Mark Borges is back blogging on Borges’ Proxy Disclosure Blog, and I encourage you to check it out! I have already found Mark’s recent blogs on clawback disclosures particularly helpful. Mark explains his return to blogging in this post:
Following a lengthy (25 month) hiatus and discussions with the folks at CCR Corporation (especially Meredith and John), I’ve decided to relaunch the Proxy Disclosure Blog. At the time I began scaling back and then forsaking posting altogether, I believed that my comments on drafting executive compensation disclosure for your proxy statement had run its course and that there wasn’t much new to say. In danger of just repeating myself, I decided to take a break and focus on other activities.
However, as has become abundantly clear, times have changed. Many of the proxy statements that I read today have raised the bar significantly in terms of the quality of their executive compensation disclosure – particularly in the CD&A. I’m constantly encountering disclosures that are dramatically more sophisticated and effective than those of even two short years ago. Frequently, I find myself thinking “I’ve never seen this particular graphic before,” or “that’s a great way to explain this particular incentive plan design,” or “others would probably be interested in seeing this disclosure” (and, occasionally, “why didn’t I think of that?”).
The other obvious change has been the completion of the relevant Dodd-Frank Act rulemaking (with the exception, of course, of Section 956). We’ve all struggled a bit with Item 402(v) of Regulation S-K and the (still) relatively new “pay versus performance” disclosure. Given the rule’s uncertain status, I may be a bit late to the party, but the last time I checked this morning the rule remains effective, so perhaps there’s still a little life left in looking at these disclosures.
The other new disclosure involves Item 402(w) and the follow up to the clawback policies we all had to ensure were in place before the end of 2023. In speaking with practitioners and inhouse counsel, we remain very curious about how Exchange Act Rule 10d-1 and its exchange listing standard counterparts will be applied to enforce a clawback triggered by a financial restatement. Fortunately, as anticipated, this is a disclosure requirement that won’t come into play that often. Nonetheless, some minimal preparation as a safeguard against the day we hope will never come is probably prudent and I know that I’ve been hoping that the initial required disclosures would offer some insights into how companies have approached the mechanics of recovery.
If you do not have access to all of the great resources on CompensationStandards.com, I encourage you to sign up today!
On Monday, the DOJ announced a “Civil Rights Fraud Initiative” that will use the False Claims Act to “investigate and, as appropriate, pursue claims against any recipient of federal funds that knowingly violates federal civil rights laws.” While the DOJ’s announcement focuses on educational institutions, this McGuire Woods blog notes that government contractors may also find themselves in the crosshairs:
Under this new initiative, implemented through a memorandum issued by the Deputy Attorney General, DOJ will utilize the FCA to investigate and pursue claims against federal contractors and funding recipients (e.g., grants, cooperative agreements, etc.) that “knowingly violate[] federal civil rights laws.” A central focus of the initiative appears to be pursuing claims against entities who certify compliance with civil rights laws while “knowingly” engaging in what the memorandum implementing the initiative calls “racist preferences, mandates, policies, programs, and activities, including thorough [DEI] programs” that provide benefits based on race, ethnicity, or national origin.
The blog says that the DOJ will coordinate with other federal agencies, and will establish partnerships with state attorney generals and local law enforcement to share information and coordinate enforcement actions. Traditionally, qui tam actions brought by private “whistleblowers” have featured prominently in FCA actions, and in the DOJ’s announcement of this new initiative, it said that it “strongly encourages anyone with knowledge of discrimination by federal funding recipients to consider filing a qui tam action under the False Claims Act.”
