Month: November 2023

Some highlights of the 2023 PLI Securities Regulation Institute

This year’s PLI Securities Regulation Institute was a source for a lot of useful information and interesting perspectives. Panelists discussed a variety of topics, including climate disclosure (although no one shared any insights into the timing of the SEC’s final rules), proxy season issues, accounting issues, ESG and anti-ESG, and some of the most recent SEC rulemakings, such as pay versus performance, cybersecurity, buybacks and 10b5-1 plans. Some of the panels focused on these recent rulemakings echoed concerns expressed last year about the difficulty and complexity of implementation of these new rules, only this time, we also heard a few panelists questioning the rationale and effectiveness of these new mandates. What was the purpose of all this complication? Was it addressing real problems or just theoretical ones? Are investors really taking the disclosure into account? Is it all for naught?  Pay versus performance, for example, was described as “a lot of work,” but, according to one of the program co-chairs, in terms of its impact, a “nothingburger.”  (Was “nothingburger” the word of the week?) Aside from the agita over the need to implement the volume of complex rules, a key theme seemed to be the importance of controls and process—the need to have them, follow them and document that you followed them—as well as an intensified focus on cross-functional teams and avoiding silos. In addition, geopolitical uncertainty seems to be affecting just about everything. (For Commissioner Mark Uyeda’s perspective on the rulemaking process presented in his remarks before the Institute, see this PubCo post.) Below are just some of the takeaways, in no particular order.

Commissioner Uyeda has some suggestions about the rulemaking process

In remarks this week before PLI’s 55th Annual Institute on Securities Regulation, SEC Commissioner Mark Uyeda shared his views about the disclosure rulemaking process. He observed that, since becoming a commissioner 16 months ago, the SEC has adopted five major disclosure rules—pay versus performance, clawbacks, amendments to rule 10b5-1, share repurchases and cybersecurity—and has identified four more that are in the works.  He focused on four key issues: determining purpose, the need for re-proposals, scaling disclosure and considering rulemaking costs and burdens on a cumulative basis. As you might guess, Uyeda had some thoughtful criticisms of the rulemaking process and offered some potential remedies.

New Corp Fin intake system for no-action requests related to shareholder proposals

Corp Fin has announced a new intake system for requests from companies for no-action positions from the staff regarding companies’ intentions to exclude shareholder proposals under Rule 14a-8. In the announcement, Corp Fin indicates that Rule 14a-8 submissions and related correspondence must now be submitted using Corp Fin’s online shareholder proposal form, available at https://www.sec.gov/forms/shareholder-proposal, and that emailed materials will no longer be accepted. The announcement—and the form itself—emphasize that staff responses to these requests are only “informal, non-binding staff views” regarding exclusion of shareholder proposals.

Will the SEC’s shadow trading theory fall to SCOTUS’s major questions doctrine?

In August 2021, the SEC filed a complaint in the U.S. District Court charging Matthew Panuwat, a former employee of Medivation Inc., an oncology-focused biopharma, with insider trading in advance of Medivation’s announcement that it would be acquired by a big pharma company.  But it wasn’t your average run-of-the-mill insider trading case. Panuwat didn’t trade in shares of Medivation or shares of the acquiror, nor did he tip anyone about the transaction.  No, according to the SEC, he engaged in what has been referred to as “shadow trading”; he used the information about his employer’s acquisition to purchase call options on another biopharma, which the SEC claimed was comparable to Medivation.  (See this PubCo post.)  Since then, we’ve seen the usual moves on the chess board (discussed briefly below). But what’s particularly interesting, as Alison Frankel pointed out in Reuters, is the amicus brief filed by the Investor Choice Advocates Network, a self-described “nonprofit, public interest organization focused on expanding access to markets by underrepresented investors and entrepreneurs.”  In its brief, ICAN contended that the SEC’s invocation of the novel “shadow-trading” theory made this a “major questions” case—a judicial torpedo that we might begin to see fired with some regularity.  

SEC approves Nasdaq rule change regarding reverse stock splits

In August, the SEC posted a proposed Nasdaq rule change that would establish listing standards related to notification and disclosure of reverse stock splits.  According to the Nasdaq proposal, the volume of reverse splits processed by Nasdaq has increased substantially from 94 in 2020, 31 in 2021and 196 in 2022 to 164 reverse splits—just as of June 23, 2023.  In most cases, Nasdaq observed, the purpose of the reverse splits was to comply with Nasdaq’s $1 minimum bid price requirement to remain on the Capital Market tier. In light of this increased volume, Nasdaq proposed amendments to its listing rules to “enhance the ability for market participants to accurately process these events, and thereby maintain fair and orderly markets.” Failure to comply could result in a trading halt. Last week, the SEC approved the proposed rule change. It’s worth noting that, as a corollary to the new reverse split listing standards, Nasdaq has also submitted to the SEC a separate rule proposal to adopt a new regulatory halt procedure specific to securities in the process of a reverse split.

Fifth Circuit grants Chamber’s petition for review of buyback rule—will the Court ultimately vacate the rule?

In May this year, the SEC adopted final rules intended to modernize and improve disclosure regarding company stock repurchases. The rule requires quarterly reporting of detailed quantitative information on daily repurchase activity and revises and expands the narrative requirements, including disclosure regarding the rationale for the buyback. (See this PubCo post.) It didn’t take long for the Chamber to object.  Just over a week following adoption, the U.S. Chamber of Commerce, along with two Texas co-plaintiffs, submitted a petition to the Fifth Circuit for review of the final rule. Petitioners made three arguments: that “(1) the rationale-disclosure requirement violates the First Amendment by impermissibly compelling their speech; (2) the SEC acted arbitrarily and capriciously in adopting the final rule by not considering their comments or conducting a proper cost benefit analysis; and (3) the SEC did not provide the public with a meaningful opportunity to comment.”   On Halloween, the three-judge panel issued its opinion. The Court granted the petition, holding that the SEC violated the Administrative Procedure Act. But the Court did not vacate the rule—not yet anyway. Instead, the Court remanded the rule back to the SEC for 30 days to attempt to repair the analytical defects. Will the SEC adequately repair the defects? Will the Court ultimately vacate the rule? That all remains to be seen.

SEC charges SolarWinds and CISO with securities fraud and control failures

You remember the 2020 SolarWinds hack, perhaps one of the worst cyberattacks in history?  As NPR described it in 2021, we all regularly receive routine software updates like this one:

“‘This release includes bug fixes, increased stability and performance improvements’…. Last spring, a Texas-based company called SolarWinds made one such software update available to its customers. It was supposed to provide the regular fare—bug fixes, performance enhancements—to the company’s popular network management system, a software program called Orion that keeps a watchful eye on all the various components in a company’s network. Customers simply had to log into the company’s software development website, type a password and then wait for the update to land seamlessly onto their servers. The routine update, it turns out, is no longer so routine. Hackers believed to be directed by the Russian intelligence service, the SVR, used that routine software update to slip malicious code into Orion’s software and then used it as a vehicle for a massive cyberattack against America. ‘Eighteen thousand [customers] was our best estimate of who may have downloaded the code between March and June of 2020,’”

according to the Company’s CEO. And not just any customers—the Company determined that many very well-known companies and about a dozen government agencies were compromised, including the Treasury, Justice and Energy departments, the Pentagon and, ironically, the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security. On Monday, the SEC announced that it had filed a complaint against SolarWinds and its Chief Information Security Officer, Timothy G. Brown, charging ‘fraud and  internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.”  In the complaint, the SEC charges that “SolarWinds’ public statements about its cybersecurity practices and risks painted a starkly different picture from internal discussions and assessments about the Company’s cybersecurity policy violations, vulnerabilities, and cyberattacks.” According to Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, the SEC’s enforcement action “underscores our message to issuers: implement strong controls calibrated to your risk environments and level with investors about known concerns.”