There’s some big Wu-Tang Clan-related crypto news that I’d like to share to close out the week. A few years ago, I blogged about how a “digital autonomous organization” or “DAO” named PleasrDAO had acquired the sole copy of the group’s legendary “Once Upon a Time in Shaolin” album that the feds grabbed from its original owner, fraudster Martin Shkreli.
PleasrDAO had big plans for the album, but those plans depended on its ability to persuade The RZA and Cilveringz to sign off on them. That sign-off was necessary because RZA opted to impose a unique restriction on any owner of Once Upon a Time in Shaolin when the album was announced in 2015 – whoever bought it would not be able to release it until 2103, 88 years following its release.
Well, it looks like PleasrDAO was successful, because according to this Bloomberg BusinessWeek article, it recently sponsored swanky listening sessions in NYC where attendees could hear selections from the album while “sipping artisanal cocktails.” If you missed the New York sessions, don’t despair – all you have to do is travel to New Zealand to catch the sessions being held at a Tasmanian museum through June 24th (in case you’re on the fence, they’re getting rave reviews).
So why is PleasrDAO holding these events? Well, this is where the tenuous connection to the federal securities laws that allows me to periodically blog about The Wu-Tang Clan comes into play. Here’s an excerpt from the article:
Perhaps not surprisingly, these exclusive sessions have coincided with the start of a campaign to wring more money from the album. On June 13, PleasrDAO started selling digital ownership stakes in Once Upon a Time in Shaolin for $1, entitling buyers to a short sampler from the album along with an encrypted file of the music that will remain locked—but maybe not until 2103, as originally promised. The collective says each sale will reduce the time it takes to make the entire album publicly available by 88 seconds. In short, the decades-long restriction is more fungible than most people might have assumed.
The article says that PleasrDAO raised $250K selling these NFTs in just four days, and cites a NY Times report as indicating that it would need to raise a total of $28 million to release the album to the public. It looks like PleasrDAO has attempted to structure this NFT to avoid having it classified as a security. Of course, that’s what all the NFT folks have said – and the SEC hasn’t always agreed. So, PleasrDAO would be wise to take some advice from the Wu-Tang Clan and “watch your step, kid, watch your step, kid, protect ya neck, kid!”
On Tuesday, the SEC announced an enforcement action against RR Donnelley & Sons arising out of alleged disclosure and internal controls violations associated with a series of cyber incidents occurring in November and December 2021 that resulted in a hacker obtaining information belonging to 29 of the company’s clients. This excerpt from the SEC’s press release explains the basis for the action:
According to the SEC’s order, data integrity and confidentiality were critically important to RRD’s business. Because client data was stored on RRD’s network, its information security personnel and the third-party service provider RRD hired were responsible for monitoring the network’s security. However, according to the order, RRD failed to design effective disclosure controls and procedures to report relevant cybersecurity information to management with the responsibility for making disclosure decisions, and failed to carefully assess and respond to alerts of unusual activity in a timely manner.
The order further finds that RRD failed to devise and maintain a system of cybersecurity-related internal accounting controls sufficient to provide reasonable assurances that access to RRD’s assets – its information technology systems and networks – was permitted only with management’s authorization.
Under the terms of the SEC’s order in the case, the company consented, on a neither admit nor deny basis, to the entry of a C&D enjoining future violations of Exchange Act Section 13(b)(2)(B) and Rule 13a-15(a). In addition, the company agreed to pay a civil monetary penalty of $2.125 million.
In a dissenting statement, Commissioners Peirce and Uyeda again challenged the SEC’s use of Section 13(b)(2)(B) in a setting not involving accounting controls:
The Commission’s order faulting RRD’s internal accounting controls breaks new ground with its expansive interpretation of what constitutes an asset under Section 13(b)(2)(B)(iii). By treating RRD’s computer systems as an asset subject to the internal accounting controls provision, the Commission’s Order ignores the distinction between internal accounting controls and broader administrative controls. This distinction, however, is essential to understanding and upholding the proper limits of Section 13(b)(2)(B)’s requirements.
If this objection to an expansive interpretation of Section 13(b)(2)(B) sounds familiar, that’s because it’s one that these same two commissioners raised in response to two prior enforcement actions – the SEC’s 2020 enforcement action against Andeavor and its 2024 enforcement action against Charter Communications.
Here’s the final installment in our series of guest blogs on AI Related Disclosures by Orrick’s J.T. Ho, Bobby Bee and Hayden Goudy:
AI-related Business and MD&A Disclosure. Several companies in the S&P 500 mentioned AI in the Business or MD&A sections of their most recent 10-K, tying AI to their main products and services or to key business updates. While less common than an AI-related risk factor, 40% of the S&P 500 had an AI-related disclosure in the Business or MD&A sections of their most recent 10-K, an increase from 30% in the previous period.
AI-related disclosure in the Business or MD&A sections of the 10-K varied significantly by industry. For instance, 85% of companies in the information technology sector made an AI-disclosure in the Business or MD&A sections, compared to 56% of companies in the financial sector and 38% of companies in health care.
As more companies adopt AI in their operations, products and services, we expect more references to AI in the Business and MD&A sections of 10-Ks across the S&P 500.
Limited Disclosure in the Proxy Statement. AI-related disclosure in the proxy statement across the S&P 500 was limited. While more than 39% of companies in the S&P 500 mentioned AI in their most recent proxy statement, a significant proportion of references were to new AI-related products or the role that AI was playing as part of a business transformation. Additionally, 24% of the S&P 500 disclosed director-level AI-related expertise or experience in their most recent proxy statement.
However, a much smaller percentage of companies in the S&P 500, approximately 9%, disclosed the role of the board or its committees in overseeing AI-related risks.
For companies that disclosed board or committee oversight, the allocation of that responsibility varied.
The most common approach was at the full board level – 18 companies in the S&P 500 disclosed a clear role for the full board in overseeing AI-related risks. The second most common approach was for the Audit Committee to oversee AI-related risk.
We’re really looking forward to returning to an in-person format for our upcoming Proxy Disclosure and Executive Compensation Conferences to be held in San Francisco on October 14th and 15th. Our agenda is always topical, and this year is no exception. Here’s a taste of what we have in store for you:
– If you’ve been following this week’s blogs on AI-related disclosure issues, you won’t want to miss our “Governing and Disclosing AI” panel
– Our “Cyber Incidents: Handling Real Time Reporting” panel will offer insights to keep you out of the Division of Enforcement’s cross-hairs when it comes to cybersecurity issues.
– Our “Living with Clawbacks – What Have We Learned?” panel will bring you up to speed on how companies are adjusting to the clawback listing standards and the emerging issues they are encountering.
Of course, we’ll also have panels addressing the latest developments in shareholder activism, climate disclosure, key 10-K and proxy disclosures, perks, navigating ISS & Glass Lewis. You’ll hear insights on proxy disclosure and executive comp hot topics from our “SEC All-Stars” and have the opportunity to listen to Dave interview Corp Fin Director Erik Gerding. As always, we’ll also have a little fun – this year, it’s in the form of a “Family Feud”-style “lightning round” ame show that we think you’ll really enjoy.
We hope many of you will join us in San Francisco! Register by July 26th to lock in our “early bird” deal for individual in-person registrations ($1,750, discounted from the regular $2,195 rate). If traveling isn’t in the cards, we also offer a virtual option so you won’t miss out on the practical takeaways our speaker lineup will share. (Also check out our discounted rate options for groups of virtual attendees!) You can register now by visiting our online store or by calling us at 800-737-1271.
Yesterday, the SCOTUS granted a cert petition filed by NVIDIA seeking review of the 9th Circuit’s decision in E. Ohman J:Or Fonder AB v. NVIDIA Corp., (9th Cir.; 8/23), concerning the PSLRA’s heightened pleading requirements for allegations of falsity and scienter. In its cert petition, NVIDIA pointed out that plaintiffs often try to meet the PSLRA’s heightened pleading requirements for falsity & scienter by alleging that internal documents contradict a company’s public statements, and that the 9th Circuit’s ruling presented two questions that have divided the circuits concerning how the PSLRA’s pleading requirements apply in this “common and recurring context”:
1. Whether plaintiffs seeking to allege scienter under the PSLRA based on allegations about internal company documents must plead with particularity the contents of those documents.
2. Whether plaintiffs can satisfy the PSLRA’s falsity requirement by relying on an expert opinion to substitute for particularized allegations of fact.
NVIDIA went on to note that, with respect to the pleading requirement for alleging scienter based on internal documents that contradict public statements, five circuits have held that the statute requires to allege the contents of those documents with particularity, while two (now including the 9th) have held that plaintiffs may allege scienter “merely by hypothesizing about what those documents ‘would have’ said.” As to the falsity requirement, NVIDIA pointed out that two circuits have held that plaintiffs can’t satisfy the PSLRA’s pleading standards by substituting an expert opinion for particularized allegations of fact, so the 9th Circuit’s decision permitting plaintiffs to do that creates a split.
By the way, the case caption isn’t a typo, “E. Ohman J:Or Fonder AB” is the correct name of the lead plaintiff. For some odd reason, today is my day for blogs involving parties with names that look like typos to American eyes. Over on DealLawyers.com, I blogged about an EC investigation of a deal under the EU’s Foreign Subsidy Rule in which for some reason the regulators decided to abbreviate the name of Emirates Telecommunications Group Company PJSC as “(e&)”.
Here’s the second installment in our series of three guest blogs on AI Related Disclosures by Orrick’s J.T. Ho, Bobby Bee and Hayden Goudy:
Corporate Disclosure Trends We identified AI as one of the fastest growing disclosure topics in SEC filings across the S&P 500, with a rapidly growing number of companies disclosing AI-related risk factors in the 10 K. However, disclosure of AI-related oversight at the board and management level in the proxy statement significantly lagged disclosure of AI-related risks in the 10-K.
Companies Disclosed AI-Related Risks More Often Than AI Oversight. We found a gap between the prevalence with which companies in the S&P 500 disclosed significant or material AI-related risks and the prevalence with which they disclosed board and committee oversight of those risks in the proxy statement. Together with growing investor and activist interest, we expect increasing pressure from a range of stakeholders on public companies to address this gap, including pressure to develop and disclose an approach to AI oversight at the board or committee level.
AI-related Risk Factors.The most common type of AI-related disclosure in SEC filings across the S&P 500 was an AI-related risk factor. Nearly 60% of the S&P 500 disclosed an AI-related risk factor in their most recent 10-K. This was a major increase from the previous reporting period, where only 16% of the S&P 500 disclosed an AI-related risk factor.
Most relevant risk factors in the S&P 500 were not focused solely on AI. Instead, we found that references to AI were generally integrated into existing risk factors. Companies included AI-related references into risk factors addressing:
– Cybersecurity risks, such as higher levels of exposure due to threat actors using AI, or a higher likelihood of a data breach due to the use of AI tools.
– Operational and business risks, such as higher costs from adopting AI technology or potential loss of market share from AI-driven disruption.
– Potential harm to the company brand and reputation from intellectual property disputes involving AI.
– Costs or risks associated with AI regulations.
The final installment of this series will address AI-related Business and MD&A disclosure, as well as practices regarding AI-disclosures in proxy materials.
The latest issue of The Corporate Counsel has been sent to the printer. It is also available now online to members of The CorporateCounsel.net who subscribe to the electronic format. The issue includes the following articles:
– Supreme Court Weighs in on MD&A Disclosure: Should You Revisit Your MD&A Now?
– Navigating Item 601(b): Material (and Other) Agreements
Please email sales@ccrcorp.com to subscribe to this essential resource if you are not already receiving the important updates we provide in The Corporate Counsel newsletter.
We’re off tomorrow for the Juneteenth holiday. Our blogs will be back on Thursday.
Al disclosure is a topic that’s getting a lot of attention from investors and a lot of scrutiny from the SEC. That’s why we pleased to bring you this week a series of three guest blogs on AI disclosure practices among the S&P 500 by Orrick’s J.T. Ho, Bobby Bee and Hayden Goudy:
The growth of generative artificial intelligence (AI) is transforming business, sparking a rise in public company disclosure and considerable investor interest. A growing number of companies are disclosing AI capabilities, opportunities and risks in filings with the Securities and Exchange Commission (SEC). At the same time, the SEC has demonstrated its commitment to combat “AI washing” – the practice of overstating or falsifying AI usage – with enforcement actions against several investment advisors signaling the start of a broader effort to police AI-related disclosures.
Activist investors are also interested in AI-related risks. Several shareholder proposals requesting disclosure of AI-related oversight have received high levels of support at recent annual shareholder meetings.
Our review of SEC filings from the S&P 500 for the 12 months ending April 30, 2024, paints the portrait of an evolving landscape when it comes to AI-related disclosures. It reveals trends in:
(Including in proxy statements and in the “Risk Factors,” “Business” and “Management Discussion and Analysis” (MD&A) sections of annual reports on Form 10-K)
What Public Companies Should Consider Doing Now
Relevant disclosure is not only appropriate but often necessary when AI becomes a material aspect of a company’s business. Investors and market regulators expect transparency, effective governance oversight and effective risk management over the numerous ways that companies are developing and deploying AI. Misrepresenting AI capabilities and failing to properly oversee risks could severely damage investor trust and lead to lawsuits and regulatory action.
Where AI has a significant impact on the business, public companies should:
– Validate AI statements and develop effective disclosure controls and procedures to support the accuracy of public AI-related disclosures.
– Develop governance structures to identify and manage AI-related risks at both the board and management level, and disclose both significant AI-related risks and oversight of those risks in required SEC disclosures.
A Closer Look at Investor Activity and Corporate Disclosure Trends
In the sections that follow, we examine AI-related disclosure trends in SEC filings across the S&P 500. We also explore the expectations of proxy advisors and activist investors, share data on increasing references to AI in annual reports on Form 10-K and highlight a potential gap in proxy statement disclosures regarding AI oversight.
Emerging Investor Expectations
While AI is an emerging priority for many investors, institutional asset managers and proxy advisors generally have not established formal guidelines regarding oversight of AI by the board or its committees.
Several major investors have identified AI as a significant opportunity for their investment activities, but most U.S.-based investors have not articulated specific expectations for oversight and management of AI by public companies.
The proxy advisors Glass Lewis and ISS have identified AI as a relevant area for future policy development, but currently approach AI-related matters on a case-by-case basis. For the limited number of AI-related shareholder proposals voted on to date, Glass Lewis and ISS generally consider the following criteria when making recommendations:
Activist Investor Interests
Activist investors are also interested in AI-related issues.
We identified 13 shareholder proposals related to AI submitted in the 2024 proxy season. These proposals ask for disclosure on topics including the use of AI in company product and operations, the role of the board in overseeing AI and the prevalence of AI-related risks. Several AI-related proposals have received the support of 20 percent or more of votes cast at an annual shareholder meeting.
We expect AI-related shareholder proposals to continue to be an agenda item for activist investors, especially for companies that experience AI-related controversies or have business models at risk due to the potential impact of AI.
Be sure to check out the next installment of this three-part series, which will focus on AI-related risk factor disclosures.
Meredith is taking a well-deserved break for a couple of weeks & Liz is still out on leave, so the newest member of our editorial team, Meaghan Nelson, is taking a turn at blogging. Meaghan’s been working with us for the past several months updating our Handbooks, but now she’s stepping out into a more public role as a blogger – and I think you’ll really enjoy her stuff. Now, I’ll turn this blog over to Meaghan and let her tell you a little more about herself in her own words:
Hello, everyone! I’ve been working with the editorial team the last several months behind the scenes and am now ready for prime time (although truth be told, I did make a brief guest appearance back in 2021)! I’ll be cutting my teeth on The Advisors’ Blog over on CompensationStandards.com this week and will be making appearances on the other blogs in due time.
As the blog title alludes to, I’ve been a huge fan of CCR Corp for the entirety of my practice and am thrilled to join these illustrious ranks. My only hope is that I can deliver the important and timely corporate and securities news and practical tips we’ve all come to enjoy with the same level of humor and pith as my fellow editors. At the bare minimum, I’ll continue the current trend of increasing exclamation points and millennial pop culture references.
A few things about me:
I’ve been a corporate and securities lawyer for the last 14 years, the last 8 of which were spent in-house building corporate teams and leading the legal function. I’ve worked in finance, big law (both NYC and Silicon Valley), at companies both newly public and public for decades, and, most recently, at a late-stage start-up that is on the path to an IPO whenever that window opens again. More details on my background are in my bio.
I currently live in Boise, ID having relocated in the summer of 2021. As a newly minted Idahoan and a person married to an actual Midwesterner, I feel compelled to issue a PSA that we’re in the Mountain West not the Midwest. While Idaho is my home now, I’m a native Californian who has lived all over—SF Bay Area for a decade and before that (at various points of time): NYC, Illinois, Tennessee, Georgia, Maine, Florida, Republic of Ireland, Northern Ireland, West Virginia, Kansas, and California. I credit my extroversion to all that moving and enjoy being able to make a regional connection with nearly everyone I meet.
I look forward to sharing my experiences as both outside and in-house counsel and keeping you all up to date. I’d love to hear from you regarding any ideas you have on what would be interesting to read and hear about (mnelson@ccrcorp.com). Thank you for being a part of this community!
Tune in at 2 pm Eastern tomorrow for the CompensationStandards.com webcast – “Proxy Season Post-Mortem: The Latest Compensation Disclosures” – to hear Mark Borges of Compensia, Dave Lynn of CompensationStandards.com and Goodwin & Ron Mueller of Gibson Dunn discuss the ins and outs of compensation disclosures during the 2024 proxy season. They’ll cover:
The State of Say-on-Pay During the 2024 Proxy Season
Highlights and Tips from this Year’s CD&As
Best Practices for Disclosing Incentive Compensation Adjustments and Outcomes
Trends in Disclosure Regarding Operational and Strategic Metrics
Pay-versus-Performance: SEC Staff Guidance Issues and Year 2 Enhancements
Perquisites Disclosure and Recent Enforcement Focus
Shareholder Proposals – Company Strategies; No-Action Trends; Activists and Universal Proxies
Proxy Advisory Firms – Is Their Influence Starting to Wane?
Rule 10b5-1 Plan Disclosure Developments
Pending SEC Rulemaking
Members of CompensationStandards.com are able to attend this critical webcast at no charge. If you’re not yet a member, subscribe now. If you need assistance, send us an email at info@ccrcorp.com – or call us at 800.737.1271.
We will apply for CLE credit in all applicable states (with the exception of SC and NE, which require advance notice) for this 90-minute webcast. You must submit your state and license number prior to or during the program using this form. Attendees must participate in the live webcast and fully complete all the CLE credit survey links during the program. You will receive a CLE certificate from our CLE provider when your state issues approval, typically within 30 days of the webcast. All credits are pending state approval.
