SEC charges RR Donnelley with control failures related to cybersecurity incident
In this June Order, SEC Enforcement brought settled charges against R.R. Donnelley & Sons, a “global provider of business communications services and marketing solutions,” for control failures: more specifically, a failure to maintain adequate disclosure controls and procedures related to cybersecurity incidents and alerts and a failure to devise and maintain adequate internal accounting controls—more specifically, “a system of cybersecurity-related internal accounting controls sufficient to provide reasonable assurances that access to RRD’s assets—its information technology systems and networks, which contained sensitive business and client data—was permitted only with management’s authorization.” RRD agreed to pay over $2.1 million to settle the charges. Interestingly, in a Statement, SEC Commissioners Hester Peirce and Mark Uyeda decried the SEC’s use of “Section 13(b)(2)(B)’s internal accounting controls provision as a Swiss Army Statute to compel issuers to adopt policies and procedures the Commission believes prudent,” not to mention its “decision to stretch the law to punish a company that was the victim of a cyberattack.”
Corp Fin updates FAQs regarding draft registration statements
The 2012 JOBS Act permitted Emerging Growth Companies to initiate the IPO process by submitting their IPO registration statements confidentially to the SEC for nonpublic review by the SEC staff. The confidential process was intended to allow an EGC to defer the public disclosure of sensitive or competitive information until it was almost ready to market the offering—and potentially to avoid the public disclosure altogether if it ultimately decided not to proceed with the offering. In 2017, Corp Fin extended that benefit to companies that were not EGCs, allowing them, for the first time, to submit confidential draft registration statements for IPOs, as well as for most offerings made in the first year after going public. (See this PubCo post and this PubCo post.) Yesterday, Corp Fin posted newly updated FAQs regarding voluntary submissions of DRS for nonpublic review under the expanded procedures. The FAQs are summarized below. One notable addition is an FAQ regarding de-SPACs.
SCOTUS overrules Chevron—a gut punch to the administrative state?
On Friday, SCOTUS issued its decision in two very important cases, Loper Bright Enterprises v. Raimondo and Relentless, Inc. v. Dept of Commerce, about whether the National Marine Fisheries Service (NMFS) has the authority to require Atlantic herring fishing vessels to pay some of the costs for onboard federal observers who are required to monitor regulatory compliance. To be sure, the transcendent significance of these cases has little to do with fishing and everything to do with the authority of administrative agencies to regulate: the question presented to SCOTUS was whether the Court should continue the decades-long deference of courts, under Chevron U.S.A., Inc. v. Nat. Res. Def. Council, to the reasonable interpretations of statutes by agencies. The doctrine of Chevron deference mandates that, if a statute does not directly address the “precise question at issue” or if there is ambiguity in how to interpret the statute, courts must accept an agency’s “permissible” (think, “reasonable”) interpretation of a law unless it is arbitrary or manifestly contrary to the statute. In a majority opinion by Chief Justice John Roberts, the Court rejected the doctrine: the “deference that Chevron requires of courts reviewing agency action cannot be squared with the [Administrative Procedure Act].” In case you scoff at the significance of the decision, consider the seminal nature of the doctrine as described in this 2006 article by Cass Sunstein: Chevron “has become foundational, even a quasi-constitutional text—the undisputed starting point for any assessment of the allocation of authority between federal courts and administrative agencies. Ironically, Justice Stevens, the author of Chevron, had no broad ambitions for the decision; the Court did not mean to do anything dramatic. But shortly after it appeared, Chevron was quickly taken to establish a new approach to judicial review of agency interpretations of law, going so far as to create a kind of counter-Marbury for the administrative state.” Alluding to language from Marbury, Sunstein proclaimed that “Chevron seemed to declare that in the face of ambiguity, it is emphatically the province and duty of the administrative department to say what the law is.” Not anymore. A six-justice majority of the Court has just overruled Chevron, with concurrences by each of Justices Clarence Thomas and Neil Gorsuch and a dissent by Justice Elena Kagan, joined by Justices Sonia Sotomayor and Ketanji Brown Jackson (only on Relentless). The implications of the decision are almost boundless—every current and future federal regulatory regime could be affected. As Kagan wrote in her dissent, this decision “puts courts at the apex of the administrative process as to every conceivable subject—because there are always gaps and ambiguities in regulatory statutes, and often of great import. What actions can be taken to address climate change or other environmental challenges? What will the Nation’s health-care system look like in the coming decades? Or the financial or transportation systems? What rules are going to constrain the development of A.I.? In every sphere of current or future federal regulation, expect courts from now on to play a commanding role.”
Fifth Circuit vacates SEC rescission of “notice-and-awareness” provisions in proxy advisor rules
Is it ok for an agency to change its mind? Well that depends. If the agency was “arbitrary and capricious” in failing to provide an adequate explanation to justify its change, a court may well vacate that about-face. At least, that’s what just happened to the SEC and Chair Gary Gensler in the Fifth Circuit in National Association of Manufacturers v. SEC, the case challenging the SEC’s rescission in 2022 of some of the key controversial provisions governing proxy voting advice that were adopted by the SEC in July 2020 and favored by NAM—the notice-and-awareness provisions that were designed to facilitate engagement between proxy advisors and the subject companies. You may recall that, in July 2022, NAM filed a complaint asking that the 2022 rescission be set aside under the Administrative Procedure Act and declared unlawful and void, and, in September, NAM filed a motion for summary judgment, characterizing the case as “a study in capricious agency action.” The Federal District Court for the Western District of Texas begged to differ, however, issuing an Order granting summary judgment to the SEC and Gensler and denying summary judgment to NAM and the Natural Gas Services Group in this litigation (see this PubCo post). NAM appealed. In August last year, a three-judge panel of the Fifth Circuit heard oral argument on NAM’s appeal, and it was apparent that the Court was none too sympathetic to the SEC’s case, with Judge Edith Jones mocking the SEC’s concern with the purported burdens on proxy advisors as “pearl-clutching.” (See this PubCo post.) Now, almost a year later, in an opinion by Judge Jones, the panel has concluded “that the explanation provided by the SEC was arbitrary and capricious and therefore unlawful,” reversing the district court’s judgment and vacating and remanding to the SEC the 2022 rescission in part.
What’s happening with anti-ESG legislation?
Reams of anti-ESG legislation have been proposed recently at both the state and federal levels. This article from Institutional Investor updates us on the status of state anti-ESG legislative efforts in 2024. And, following “ESG month” in the U.S. House (see this PubCo post) and the advancement of seven pieces of anti-ESG legislation to the House floor, Public Citizen engaged pollsters Lake Research Partners to conduct a survey of voters’ views of anti-ESG bills and the policies underlying them, as discussed in this article on the Harvard Law School Forum on Corporate Governance.
Corp Fin issues new CDIs on cybersecurity incident disclosure
Corp Fin has just issued a new set of CDIs under Form 8-K, Item 1.05, Material Cybersecurity Incidents. The SEC adopted final rules regarding cybersecurity disclosure in 2023, requiring companies “to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.” Under the final rules, if a public company experiences a cybersecurity incident that the company determines to be material, the company is required to file a Form 8-K under new Item 1.05, describing the “material aspects of the nature, scope, and timing of the incident, and the material impact or reasonably likely material impact on the registrant, including its financial condition and results of operations.” The materiality determination regarding a cybersecurity incident must be made “without unreasonable delay” after discovery of the incident. To the extent that the required information has not been determined or is unavailable at the time of the required filing, the company is required to include a statement to that effect in the filing and then file an amendment to its Form 8-K containing that information within four business days after the company, without unreasonable delay, determines the information or the information becomes available. (See this PubCo post.) Generally, the new CDIs address Form 8-K Item 1.05 filings in the context of cybersecurity incidents that involve ransomware attacks that result in a disruption in operations or the exfiltration of data. Summaries are below, but each CDI number below is linked to the CDI on the SEC website, so you can easily read the version in full.
Delaware SB 313, controversial proposed corporate law amendments, heads to Governor for signature
What’s the latest on SB 313, the proposed amendments to the Delaware General Corporation Law largely designed to address the outcome of the decision in West Palm Beach Firefighters’ Pension Fund v. Moelis & Company? That case invalidated portions of a stockholder agreement relinquishing to a founding stockholder control over certain corporate governance matters, a decision that many practitioners viewed as inconsistent with current market practice. The proposed amendments in SB 313 would add a new subsection (18) to Section 122 of the DGCL to allow corporations to enter into the types of stockholder contracts at issue in Moelis, even if the provisions are not set forth in a certificate of incorporation. As discussed in this PubCo post and this PubCo post, those proposed amendments have turned out to be highly contentious: a number of academics and jurists, including Delaware Chancellor Kathaleen McCormick in a seven-page letter to the Delaware State Bar Committee, raised objections to the haste and timing (prior to adjudication of an appeal by the Delaware Supreme Court) of the legislation. And Law360 reports that posts by Vice Chancellor Travis Laster (purportedly not acting as vice chancellor) questioned “S.B. 313’s terms” and contended that “[c]laims by critics that the Moelis decision put thousands of agreements at risk, the vice chancellor wrote, ‘smacks of hyperbole.’” Adding even more fuel to the fire was a letter submitted to the Delaware legislature, posted on the Harvard Law School Forum on Corporate Governance, by a group of over 50 law professors in opposition to the amendments, along with these separate posts by noted academics on the HLS Forum and on the CLS Blue Sky blog, with this lonely post in favor. But the bill then “sailed through” the Delaware Senate “without debate or an opposing vote,” on to the Delaware House. (See this PubCo post.) The bill has now passed the House and been forwarded to the Governor for signature—but not without some acrimony.
Jury convicts former executive for insider trading and fraudulent use of Rule 10b5-1 plan
Back in March 2023, the DOJ unsealed an indictment against Terren Peizer, formerly the executive chair of Ontrak, Inc., representing the first time, according to the press release, that the DOJ brought “criminal insider trading charges based exclusively on an executive’s use of 10b5-1 trading plans.” The DOJ charged that Peizer entered into a fraudulent scheme using 10b5-1 plans and engaged in insider trading, both of which charges carry stiff criminal penalties. Peizer, the DOJ alleged, “avoided more than $12.5 million in losses by entering into two Rule 10b5-1 trading plans while in possession of material, nonpublic information concerning the serious risk that Ontrak’s then-largest customer would terminate its contract.” According to the WSJ, the trial continued for nine days. On Friday, Bloomberg reports, a jury in the U.S. District Court for the Central District of California found Peizer “guilty of one count of securities fraud and two counts of insider trading.” In a statement, Peizer’s counsel, as reported by Law360, said that the “testimony from all the witnesses at trial showed that Mr. Peizer did not operate the company, and relied on his management team for updates….That same management team told Mr. Peizer that there was no material nonpublic public information at the time he entered in his trading plans, and those plans were supposed to protect him. Mr. Peizer was entitled to rely on that advice. In our view, this result is a travesty of justice, as Terren Peizer is innocent of these charges. We will not rest until it is overturned.” The head of the DOJ’s criminal division observed, in the DOJ press release, that when Peizer “learned significant negative news about Ontrak, he set up Rule 10b5-1 trading plans to sell shares before the news became public and to conceal that he was trading on inside information….With today’s verdict, the jury convicted Peizer of insider trading. This is the Justice Department’s first insider trading prosecution based exclusively on the use of a trading plan, but it will not be our last. We will not let corporate executives who trade on inside information hide behind trading plans they established in bad faith.” Notably, Peizer wasn’t just convicted despite his use of 10b5-1 plans, he was convicted because of his use—a use that the jury found to be fraudulent.
Corp Fin Director issues statement regarding sharing information about cybersecurity incidents
Yesterday, Corp Fin Director Erik Gerding issued a new statement, Selective Disclosure of Information Regarding Cybersecurity Incidents. As you know, last year the SEC adopted new rules regarding cybersecurity disclosure, including requirements for both material incident reporting on Item 1.05 of Form 8-K and periodic disclosure of material information regarding cybersecurity risk management, strategy and governance. (See this PubCo post.) Gerding’s new statement is designed to disabuse companies of the idea that the new rules preclude them from discussing information about a material cybersecurity incident with others, including their commercial counterparties, beyond the information included in the Form 8-K. Gerding assures us that “[t]hat is not the case.” But while the new rules may not prohibit disclosure, what about Reg FD?
The Chamber and NCPPR file brief challenging SEC climate disclosure rule
As you probably recall, on March 6, the SEC adopted final rules “to enhance and standardize climate-related disclosures by public companies and in public offerings.” (See this PubCo post, this PubCo post, this PubCo post, and this PubCo post.) Even though, in the final rules, the SEC scaled back significantly on the proposal—including putting the kibosh on the controversial mandate for Scope 3 GHG emissions reporting and requiring disclosure of Scope 1 and/or Scope 2 GHG emissions on a phased-in basis only by accelerated and large accelerated filers and only when those emissions are material—all kinds of litigation immediately ensued. Those cases were then consolidated in the Eighth Circuit (see this PubCo post) and, in April, the SEC determined to exercise its discretion to stay the final climate disclosure rules “pending the completion of judicial review of the consolidated Eighth Circuit petitions.” There are currently nine consolidated cases—with two petitioners, the Sierra Club and the Natural Resources Defense Council, having voluntarily exited the litigation (see this PubCo post), and a new petition having just been filed by the National Center for Public Policy Research, a familiar presence in various cases, such as the legal challenges to the Nasdaq board diversity rules (see this PubCo post), state and corporate DEI initiatives (see this PubCo post and this PubCo post), and litigation over shareholder proposals (see this PubCo post). Petitioners have recently begun to submit briefing. One that has been made available is the brief that was filed on behalf of the U.S. Chamber of Commerce, Texas Association of Business, Longview Chamber of Commerce and the National Center for Public Policy Research.
You must be logged in to post a comment.