Here are a few interesting snippets regarding shareholder proposals and Item 1.05 Form 8-K from this week’s 2024 Proxy Disclosure & 21st Annual Executive Compensation Conferences from CCR Corp. On the panels, the watchword of the day seemed to be consistency—given that some topics are increasingly required to be discussed in more than one SEC filing, location or context (e.g., cyber disclosures in the proxy and 10-K), the panelists urged the audience to make sure that the disclosures were consistent with each other and that the discussions of policies, charters and procedures were consistent with company’s conduct.
Shareholder proposals. First, Corp Fin Director Erik Gerding observed that requests for no-action increased 41% this season; 69% percent received responses indicating that the staff would not recommend enforcement action if the company excluded the proposal from its proxy statement, a significant increase from 58% in the prior year. However, Gerding cautioned against attributing too much significance to year-over-year comparisons; there may be all kinds of factors that contribute to the data in one year as compared with another, such as, as one panelist suggested, a slew of submissions of the same proposal from one proponent all of which can be excluded on the same basis.
Stepping back for a broader perspective, one of the panelists observed that shareholder proposals can have a normative impact—even when they are not submitted for a vote. That is, when companies agree with proponents to take certain actions or make certain disclosures voluntarily in exchange for withdrawal of the proposal, the disclosure or actions can become, over time, the conventional practice that sets the standard.
The panelists reported that, this season, there was an increase in governance-related proposals. What was particularly noteworthy though was the submission of 15 binding shareholder proposals on governance matters—including 13 proposals from a single proponent to amend the bylaws to require binding annual shareholder votes on director compensation. For five of the proposals, the Corp Fin staff took a no-action position on the basis that the proposal would violate state law and, for one of the proposals, on the basis of micromanagement. And as discussed in this Cooley Alert, 2024 Shareholder Proposal Highlights, the other seven proposals were submitted for votes, but received little support from shareholders or proxy advisory firms. As you know, almost all shareholder proposals are precatory, so whether the submission of binding proposals, perhaps on other topics, will develop into a thing remains to be seen.
While some plaintiffs took to litigation over advance notice bylaw provisions, the panel noted that prolific proposal proponent (how’s that for alliteration?) James McRitchie is now seeking to address perceived advance notice issues with, as he phrases it, “right-to-cure” proposals. According to his website, these proposals “focus on the need of shareholders to be timely noticed of defects contained in a notice of nomination, allowing them to cure such defects before proxies are distributed. The language covers both proxy access and universal proxy candidates.”
Most striking, as discussed on the panel, this season also witnessed the emergence of a new tactic in shareholder proposals—the “zero slate” campaign that capitalizes on the current availability of universal proxy. Although universal proxy was intended to provide a mechanism for submitting to shareholders competing slates of directors in proxy contests, that’s not what’s going on here. In fact, “zero slate” means just that—the proponents do not offer their own slate of directors and simply include the company’s slate on their proxy cards. What’s different is that the proponents include on their proxy cards the proposal—or, notably, proposals—they are submitting for a shareholder vote. This strategy effectively coerces the company into including the proposal(s) in its own proxy materials so that the company can solicit votes against the proposals and monitor quorum satisfaction. According to the panel, in effect, this tactic provides an end-around the shareholder proposal rules: the requirements are those applicable to universal proxy, not Rule 14a-8, with the result that there are no bases for exclusion predicated on number, subject matter or other content.
As discussed in the Cooley Alert referred to above, use of this tactic was essentially enabled by the universal proxy-related amendments to Rule 14a-4(d), which allowed the proponent to solicit votes for the company’s director nominees without first obtaining the nominees’ consent. This season, the strategy was adopted by the AFL-CIO and United Mine Workers of America, which used universal proxy to submit five proposals on their own proxy materials to Warrior Met Coal’s shareholders under the company’s advance notice bylaws, rather than pursuant to Rule 14a-8. As the Alert advises, “the threat of receiving a potentially unlimited number of proposals that cannot be excluded pursuant to Rule 14a-8 represents an unwelcome novel pressure tactic.” Although a “recent uptick in litigation challenging the enforceability of advance notice bylaws has caused many companies to consider removing more aggressive provisions,” the Alert advises that these provisions “continue to provide important protections against proposals outside of Rule 14a-8 and may take on renewed relevance following the Warrior Met Coal campaign.”
Item 1.05 of Form 8-K. Finally, on another topic entirely, one of the panels discussed an unusual “close of review” letter that Corp Fin issued to AT&T regarding its recent Item 1.05 Form 8-K. Why was the letter unusual? Typically, close of review letters don’t say much; they just indicate that the staff has concluded its review. This one said quite a bit.
AT&T had filed an 8-K under Item 1.05 to report a cybersecurity incident. In the report, the company said that, as of the date of the filing, the “incident has not had a material impact on AT&T’s operations, and AT&T does not believe that this incident is reasonably likely to materially impact AT&T’s financial condition or results of operations.”
In its initial comment letter, the staff asked “whether or not this incident is a material cybersecurity incident under Item 1.05(a) of Form 8-K. If you determined the cybersecurity incident to be material, please describe all material impacts or reasonably likely material impacts on the company as required by Item 1.05(a), not just the impacts on ‘AT&T’s operations’ and ‘financial condition or results of operations.’” The staff stressed that, as the SEC had “noted in the adopting release, the rule’s inclusion of ‘financial condition and results of operations’ is not exclusive; companies should consider qualitative factors alongside quantitative factors in assessing the material impact of an incident. For example, consider impacts on customer relationships, competitiveness, and potential reputational harm related to the cybersecurity incident. If you did not determine the cybersecurity incident to be material, please provide an analysis supporting your conclusion and advise us as to why you filed under Item 1.05 of Form 8-K rather than Item 8.01 of Form 8-K.”
In its response, AT&T confirmed that it had “determined this incident to be a material cybersecurity incident under Item 1.05(a) of Form 8-K.” However, the company distinguished between “whether an incident is ‘material’ for purposes of 1.05(a) of Form 8-K” and the question of “whether an incident is likely to have a ‘material impact’ on the registrant.” According to the company, “‘material’ is broader than ‘material impact,’ and the definition’s focus is on investors and their viewpoints. The Company carefully considered both quantitative and qualitative factors when it evaluated the materiality of the incident. In view of the nature of the incident—which involved the exfiltration of records of calls and texts of nearly all of AT&T’s wireless customers over a six-month period in 2022—the Company concluded that, particularly with the reputational and customer perception risks associated with the incident, information about the incident would significantly alter the total mix of information made available and that there was a substantial likelihood that a reasonable shareholder would consider information about the incident to be important in making a voting or investment decision. In other words, the Company concluded that the incident was ‘material’ under well-established law highlighted by the SEC in its guidance on Item 1.05(a) of Form 8-K.”
Although the staff indicated that it had completed its review and ultimately did not issue additional comments, it nevertheless begged to differ. The staff advised that its “decision not to issue additional comments should not be interpreted to mean that the Commission staff or the Commission either agree or disagree with, or are opining on the legality of, your disclosure or responses, conclusions, or positions you have taken.” The staff then explained that the concept of material impact should be broadly interpreted to include qualitative as well as quantitative factors. “Specifically,” the staff noted
“despite your conclusion that you did not believe that there was any material impact or reasonably likely material impact as a result of the incident, your response states that ‘the Company concluded that, particularly with the reputational and customer perception risks associated with the incident, information about the incident would significantly alter the total mix of information made available and that there was a substantial likelihood that a reasonable shareholder would consider information about the incident to be important in making a voting or investment decision.’ We again call your attention to the Commission’s statement in the adopting release that Item 1.05’s inclusion of ‘financial condition and results of operations’ is not exclusive; companies should consider qualitative factors alongside quantitative factors in assessing the material impact of an incident. For example, consider impacts on customer relationships, competitiveness, and potential reputational harm related to the cybersecurity incident.’ It appears inconsistent to conclude that an incident is material because of ‘reputational and customer perception risks associated with the incident’ but that the incident has not had, and is not reasonably likely to have, any material impacts on the company, including with respect to the company’s reputation and customer perception.”