Category: Corporate Governance
Corp Fin issues new CDIs regarding the proxy rules
On Friday, Corp Fin released some new CDIs, summarized below, relating to the proxy rules. The CDIs can all be found under the caption Proxy Rules and Schedule 14A, and all are new with one exception for a newly revised CDI under Rule 14a-6. Universal proxy is once again a hot topic, and there are three new CDIs on universal proxy to add to your collection. (You might recall that Corp Fin issued new CDIs on universal proxy in August and December last year. See this PubCo post and this PubCo post.) Summaries are below, but each CDI number below is linked to the CDI on the SEC website, so you can easily read the version in full.
SEC reports Enforcement stats for fiscal 2023 —with big contributions from whistleblowers
The SEC has announced its Enforcement stats for fiscal 2023, which revealed that the SEC filed 784 total enforcement actions, up 3% from the 760 filed in fiscal 2022. However, the level of financial remedies declined in fiscal 2023 to $4.9 billion from a record $6.4 billion last year. Nevertheless, it was still the second highest amount in SEC history. (Of course, you might recall that Gurbir S. Grewal, Director of the Division of Enforcement, said last year that the SEC didn’t expect to break last year’s records and set new ones every year because they “expect behaviors to change. We expect compliance.”) Of those financial recoveries, in fiscal 2023, the SEC distributed $930 million to harmed investors, representing the second consecutive year of distributions in excess of $900 million. But the standout statistics this year related to the SEC’s whistleblower program, where new records were set with whistleblower awards totaling almost $600 million, and 18,000 whistleblower tips in fiscal 2023, about 50% more tips than were received in fiscal 2022. A new record was also set with a $279 million award to one whistleblower. Overall, in fiscal 2023, the SEC received over “40,000 tips, complaints, and referrals in total,” a 13% increase over last year. According to SEC Chair Gary Gensler, the “investing public benefits from the Division of Enforcement’s work as a cop on the beat….Last fiscal year’s results demonstrate yet again the Division’s effectiveness—working alongside colleagues throughout the agency—in following the facts and the law wherever they lead to hold wrongdoers accountable.” Grewal added that “[i]nvestor protection and enhancing public trust in our markets requires that we work with a sense of urgency, using all the tools in our toolkit. As today’s results make clear, that’s precisely what the Enforcement Division did in fiscal year 2023….Whether it was by leveraging risk-based initiatives, seeking robust remedies, rewarding cooperation, protecting whistleblowers, or returning nearly a billion dollars to harmed investors, the Enforcement Division stood up for the investing public.”
SEC charges Charter Communications with controls violation related to 10b5-1 plans for company buybacks
Yesterday, the SEC announced a settled action against Charter Communications for “violating internal accounting controls requirements when it engaged in stock buybacks not authorized by its board of directors.” More specifically, the Board had authorized the company to conduct stock buybacks using Rule 10b5-1 plans, but the SEC contended that Charter’s plans contained a provision that permitted too much discretion—allowing Charter to “change the total dollar amounts available to buy back stock and to change the timing of buybacks after the plans took effect.” As a result, the SEC concluded, the plans did not satisfy Rule 10b5-1. But this was not a case about insider trading. Rather, the SEC charged, because the plans did not satisfy Rule 10b5-1, the buybacks were effectively unauthorized. And that was a problem of ineffective internal accounting controls (which, the SEC maintained, aren’t necessarily just about accounting). According to Melissa Hodgman, Associate Director of Enforcement, “[c]ompanies whose boards authorize buybacks using Rule 10b5-1 plans must have controls that reasonably assure that their trading plans meet all of the rule’s conditions….This includes the fundamental requirement that, to benefit from the protection of Rule 10b5-1, traders have to relinquish their ability to influence the amount or timing of trades after their trading plans go into effect.” Charter agreed to pay a civil penalty of $25 million. Commissioners Hester Peirce and Mark Uyeda dissented.
The PCAOB suggests some questions for audit committee members
The PCAOB has posted a 2023 audit committee resource that identifies a number of questions that audit committees may want “to consider amongst themselves or in discussions with their independent auditors, particularly given today’s economic and geopolitical landscape.” The topics include the risk of fraud, risk assessment and internal controls, auditing and accounting risks, digital assets, M&A activities, use of the work of other auditors, talent and its impact on audit quality, independence, critical audit matters and cybersecurity. Audit committee members will certainly want to review the resource in its entirety, but, to give you a flavor, summarized below are some of the questions.
Some highlights of the 2023 PLI Securities Regulation Institute
This year’s PLI Securities Regulation Institute was a source for a lot of useful information and interesting perspectives. Panelists discussed a variety of topics, including climate disclosure (although no one shared any insights into the timing of the SEC’s final rules), proxy season issues, accounting issues, ESG and anti-ESG, and some of the most recent SEC rulemakings, such as pay versus performance, cybersecurity, buybacks and 10b5-1 plans. Some of the panels focused on these recent rulemakings echoed concerns expressed last year about the difficulty and complexity of implementation of these new rules, only this time, we also heard a few panelists questioning the rationale and effectiveness of these new mandates. What was the purpose of all this complication? Was it addressing real problems or just theoretical ones? Are investors really taking the disclosure into account? Is it all for naught? Pay versus performance, for example, was described as “a lot of work,” but, according to one of the program co-chairs, in terms of its impact, a “nothingburger.” (Was “nothingburger” the word of the week?) Aside from the agita over the need to implement the volume of complex rules, a key theme seemed to be the importance of controls and process—the need to have them, follow them and document that you followed them—as well as an intensified focus on cross-functional teams and avoiding silos. In addition, geopolitical uncertainty seems to be affecting just about everything. (For Commissioner Mark Uyeda’s perspective on the rulemaking process presented in his remarks before the Institute, see this PubCo post.) Below are just some of the takeaways, in no particular order.
SEC charges SolarWinds and CISO with securities fraud and control failures
You remember the 2020 SolarWinds hack, perhaps one of the worst cyberattacks in history? As NPR described it in 2021, we all regularly receive routine software updates like this one:
“‘This release includes bug fixes, increased stability and performance improvements’…. Last spring, a Texas-based company called SolarWinds made one such software update available to its customers. It was supposed to provide the regular fare—bug fixes, performance enhancements—to the company’s popular network management system, a software program called Orion that keeps a watchful eye on all the various components in a company’s network. Customers simply had to log into the company’s software development website, type a password and then wait for the update to land seamlessly onto their servers. The routine update, it turns out, is no longer so routine. Hackers believed to be directed by the Russian intelligence service, the SVR, used that routine software update to slip malicious code into Orion’s software and then used it as a vehicle for a massive cyberattack against America. ‘Eighteen thousand [customers] was our best estimate of who may have downloaded the code between March and June of 2020,’”
according to the Company’s CEO. And not just any customers—the Company determined that many very well-known companies and about a dozen government agencies were compromised, including the Treasury, Justice and Energy departments, the Pentagon and, ironically, the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security. On Monday, the SEC announced that it had filed a complaint against SolarWinds and its Chief Information Security Officer, Timothy G. Brown, charging ‘fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.” In the complaint, the SEC charges that “SolarWinds’ public statements about its cybersecurity practices and risks painted a starkly different picture from internal discussions and assessments about the Company’s cybersecurity policy violations, vulnerabilities, and cyberattacks.” According to Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, the SEC’s enforcement action “underscores our message to issuers: implement strong controls calibrated to your risk environments and level with investors about known concerns.”
Gensler talks climate with the Chamber
In his introduction to a conversation late last week with SEC Chair Gary Gensler on “Climate Disclosure Developments: The SEC, California, and EU Extraterritoriality,” the President and CEO of the U.S. Chamber of Commerce’s Center for Capital Markets, observed that, although companies have voluntarily responded to investors by increasingly disclosing information on climate, now policymakers in different states and across the globe are working to impose a plethora of mandatory reporting requirements for climate disclosure. The thing is, they’re not consistent. While the Chamber supported disclosure of material climate information, he cautioned that the actions by these policymakers have created a real risk that companies will face duplicate, differing, overlapping and even conflicting requirements. The SEC’s proposal to enhance standardization of climate disclosure might offer some real relief on that score, and that makes it all the more important, he said, for the SEC to act within its authority. The potential for public companies to become ensnared in this labyrinth of overlapping and conflicting regulation was the apparent subject of this conversation. In the end, however, Gensler’s steady focus was on the remit of the SEC under U.S. law. Risks to issuers arising out of inconsistency with California and the EU—well, not so much.
It’s not over till it’s over: Petition filed for rehearing en banc on Nasdaq board diversity rule
As discussed in this PubCo post, on October 18, a three-judge panel of the Fifth Circuit denied the petitions filed by the Alliance for Fair Board Recruitment and the National Center for Public Policy Research challenging the SEC’s final order approving the Nasdaq listing rules regarding board diversity and disclosure. The new listing rules adopted a “comply or explain” mandate for board diversity for most listed companies and required companies listed on Nasdaq’s U.S. exchange to publicly disclose “consistent, transparent diversity statistics” regarding the composition of their boards. (See this PubCo post.) Given that, by repute, the Fifth Circuit is the circuit of choice for advocates of conservative causes, the decision to deny the petition may have taken some by surprise—unless, that is, they were aware, as discussed in the WSJ and Reuters, that the three judges on this panel happened to all be appointed by Democrats. Yesterday, the Petitioners filed a petition requesting a rehearing en banc by the Fifth Circuit, where Republican presidents have appointed 12 of the 16 active judges. Not that politics has anything to do with it, of course.
Is there an alternative to Scope 3?
As you know, the SEC has proposed a sweeping set of regulations for disclosure on climate (see this PubCo post, this PubCo post and this PubCo post), and we anxiously wait to see what the final rules have in store (obviously not happening in October as the SEC had previously targeted). One controversial part of that proposal draws on the Greenhouse Gas Protocol, requiring disclosure of a company’s Scopes 1 and 2 greenhouse gas emissions, and, for larger companies, Scope 3 GHG emissions if material (or included in the company’s emissions reduction target), with a phased-in attestation requirement for Scopes 1 and 2 data for large accelerated filers and accelerated filers. There haven’t been many complaints about the Scope 1 and Scope 2 requirements, but Scope 3 is another matter. According to the SEC, some commenters indicated that, for many companies, Scope 3 emissions represent a large proportion of overall GHG emissions, and therefore, could be material. However, those emissions result from the activities of third parties in the company’s “value chain,” making collection of the data much more difficult and much less reliable. In two articles published in the Harvard Business Review—“Accounting for Climate Change” and “We Need Better Carbon Accounting. Here’s How to Get There”—Robert Kaplan and Karthik Ramanna from Harvard Business School and the University of Oxford, respectively, propose another idea—the E-liability accounting system. The GHG protocol is, at this point, deeply embedded. Would the E-liability system work? Should the SEC or other regulators make room for a different concept?
Relentless Inc. v. Dept. of Commerce: SCOTUS grants cert. to another case about Atlantic herring—and Chevron deference
On October 13, SCOTUS granted cert. in the case of Relentless, Inc. v. Dept of Commerce, a case about whether the National Marine Fisheries Service has the authority to require herring fishing vessels to pay some of the costs for onboard federal observers who are required to monitor regulatory compliance. Does that ring a bell? Probably, because it’s exactly the same issue on which SCOTUS has already granted cert. in Loper Bright Enterprises v. Raimondo. (See this PubCo post.) Why grant cert. in this case too? It’s been widely reported that the reason was to allow Justice Kenji Brown Jackson, who had recused herself on Loper Bright, to participate in what will likely be a very important decision: whether the Court should continue the decades-long deference of courts, under Chevron U.S.A., Inc. v. Nat. Res. Def. Council, to the reasonable interpretations of statutes by agencies (such as the National Marine Fisheries Service or, as has happened fairly often, the SEC, see this Cooley News Brief). The question presented is “ [w]hether the Court should overrule Chevron or at least clarify that statutory silence concerning controversial powers expressly but narrowly granted elsewhere in the statute does not constitute an ambiguity requiring deference to the agency.” The decision could narrow, or even completely undo, that deference. The grant of cert provided that the two cases will be argued in tandem in the January 2024 argument session. Mark your calendars.
You must be logged in to post a comment.