In remarks to the audience at a Financial Times summit earlier this month, Gurbir Grewal, SEC Director of Enforcement, citing a recent poll from Deloitte, observed that over “a third of executives reported that their organization’s accounting and financial data was targeted by cyber adversaries last year.” As threats increase, Grewal maintained, cybersecurity is “foundational to maintaining the integrity of not just our securities markets, but our economy as a whole.” (See this PubCo post.) Similarly, in remarks in January 2022, SEC Chair Gary Gensler suggested that the economic cost of cyberattacks could possibly be in the trillions of dollars, taking many forms, including denials-of-service, malware and ransomware. It’s also a national security issue. He reminded us that “cybersecurity is a team sport,” and that the private sector is often on the front lines. And, in his statement at the SEC open meeting yesterday morning, Commissioner Jaime Lizárraga shared the eye-opening stats that, last year, 83% of companies experienced more than one data breach, with an average cost of in the U.S. of $9.44 million; breaches increased 600% over the last decade. Given the ubiquity, frequency and complexity of these threats, in March last year, the SEC proposed cybersecurity disclosure rules intended to help shareholders better understand cybersecurity risks and how companies are managing and responding to them. At an open meeting yesterday morning, the SEC voted, three to two, to adopt final rules on cybersecurity disclosure. Although a number of changes to the proposal were made in response to comments, the basic structure remains the same in the final rules, with requirements for both material incident reporting on Form 8-K and periodic disclosure of material information regarding cybersecurity risk management, strategy and governance. According to Gensler, “[w]hether a company loses a factory in a fire—or millions of files in a cybersecurity incident—it may be material to investors….Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them.”
The GAO has just issued its 2022 Report on Conflict Minerals, which examines companies’ conflict minerals compliance in 2022. As you probably know, the SEC’s conflict minerals rules were originally mandated by Congress in an attempt to limit the use of revenue from the trade in conflict minerals to fund the operations of armed groups in the DRC and adjoining countries. Under Dodd-Frank, the GAO is required to assess periodically the effectiveness of the SEC’s conflict minerals rules in promoting peace and security in the DRC region. Are the SEC’s rules having any impact? Based on this report, it seems that the violence in the DRC has not abated: “overall peace and security in the eastern DRC has not improved since 2014 because of persistent, interdependent factors that fuel violence by non-state armed groups.” In 2020, the GAO reports, about 122 armed groups operated in the region, using revenue from the trade in conflict minerals as one source of funding. Experts view corruption as a contributing factor. The GAO observes that, in 2022, “armed groups continue to raise revenue from various sources, such as illegal taxation on citizens and the exploitation of natural resources,” such as conflict minerals.
That’s what SEC Chair Gary Gensler said about the timeline for the final climate disclosure rules when asked on Monday (probably at the National Press Club), as reported by Reuters. (See this PubCo post, this PubCo post and this PubCo post.) According to the SEC’s most recent rulemaking agenda, the final climate disclosure rules have a target date for adoption of October 2023. (See this PubCo post.) Gensler, however, Reuters reported, “said this was not hard and fast. ‘We’ve got some work still to do,’ Gensler said. ‘I don’t have a time. It’s really when the staff is ready and when the Commission is ready.’” October? IMHO, nah….
“ESG month” may not be exactly what you think. It’s the moniker, according to Politico, ascribed to the plan of the House Financial Services Committee, reflected in this interim report from its ESG Working Group, “to spend the next few weeks holding hearings and voting on bills designed to send a clear signal: Corporations, in particular big investment managers, should think twice about integrating climate and social goals into their business plans.” But this is not just another generic offensive in the culture wars; according to Politico, this effort is more targeted—aimed not at major brands of beer or amusement parks, but rather at the processes that some argue activists use to pressure companies to address ESG concerns, as well as the “firms that play big roles in ESG investing.” At the first of six hearings on July 12, Committee Chair Patrick McHenry maintained that the series of hearings and related proposed legislation was not about “delivering a message,” but was rather about protecting investors and keeping the markets robust and competitive. First item up? Reforms to the proxy process to prevent activists from diverting attention from core issues; while he supported shareholder democracy, he believed that democracy should reflect the say of the shareholders, not external parties that, in his view, exploit the existing process to impose their beliefs. The Working Group appears to have identified the shareholder proposal process as instrumental in promoting ESG concerns. Will this spotlight have any impact?
Many questions have been raised about the direct and indirect impact of the SCOTUS decision in in Students for Fair Admissions, Inc. v. President and Fellows of Harvard College (decided with Students for Fair Admissions, Inc. v. University of North Carolina, et al.), that using race as a factor in college admissions violates the Equal Protection Clause of the Constitution. This excellent Cooley Alert, Supreme Court’s Affirmative Action in Education Ruling Leaves Employment Diversity Initiatives Untouched—for Now, from members of Cooley’s Employment Group, provides many of the answers.
Boards and their advisors seeking to navigate the culture wars and their often conflicting pressures from a variety of stakeholders and outside groups may find some comfort and guidance in this recent decision from the Delaware Chancery Court in Simeone v. The Walt Disney Company. The case involved a books-and-records demand from a stockholder asserting a potential breach of fiduciary duty by Disney’s directors and officers in their determination to publicly oppose Florida’s so-called “Don’t Say Gay” bill. Originally, Disney was silent on the bill. However, following reproaches from employees and other creative partners, Disney’s board deliberated at a special meeting, and the company changed course and publicly criticized the bill. The Court declined to grant the plaintiff’s books-and-records request, concluding that the plaintiff had not provided a credible basis from which to infer wrongdoing and thus had not “demonstrated a proper purpose to inspect books and records.” Rather, the Court concluded, the Disney board had made a business decision to reverse course—“a decision that cannot provide a credible basis to suspect potential mismanagement irrespective of its outcome.” Under Delaware’s business judgment rule, directors have “significant discretion to guide corporate strategy—including on social and political issues.” Importantly, the Court confirmed that, in exercising its business judgment, a board may take into account the interests of non-stockholder corporate stakeholders where those interests are “rationally related” to building long-term value.
On Monday, the International Sustainability Standards Board released its first two reporting standards. Not another ESG standard you say? Aren’t there enough standards already in play, with both the US and Europe proposing or adopting mandatory standards? Not to mention that the ISSB standards are just voluntary, although some countries, such as Canada, Japan, Hong Kong and the UK, may adopt the standards as mandatory. But take note—the WSJ suggests that the ISSB standards could well become “the global baseline” because “the advantages of using a single standard worldwide may, for many companies, outweigh the disadvantages of being more demanding than the SEC’s coming climate reporting rules.” According to Mary Schapiro, former SEC Chair and current Head of the TCFD Secretariat and Vice Chair for Global Public Policy at Bloomberg L.P., “The global economy needs common reporting standards to reduce fragmentation and drive comparability in climate-related financial data. Built upon the foundation of the TCFD framework, the ISSB Standards provide a global baseline for companies to disclose decision-useful, climate-related financial information—information that is critical for creating more transparent markets, helping achieve a smooth low-carbon transition, and building a more resilient and sustainable global economy.”
In May, SEC Chief Accountant Paul Munter, quoted here, cautioned his conference audience about the potential for audit committee overload. “More demands are being put on audit committees, sometimes on topics outside their core responsibility,” he said. “Audit committees need to be continually vigilant that they have enough time to focus on their core mission—protecting investors—and don’t let other topics cloud that out.” While the AC’s primary responsibilities are generally thought to be oversight of financial reporting, including the audit of a company’s financial statements and internal control over financial reporting, these days, the AC often becomes the default committee of choice for oversight of other emerging risks, such as cybersecurity and even ESG. With ACs now perhaps the “kitchen sink of the board,” are its members stretched too thin to carry out fundamental responsibilities? Are members being asked to operate outside of their core skillsets? What is the impact? These concerns appear to have prompted the panel at last week’s meeting of the SEC’s Investor Advisory Committee discussing AC workload and transparency.
On Wednesday, SEC Commissioner Mark Uyeda spoke to the Society for Corporate Governance 2023 National Conference on the topic of shareholder proposals under rule 14a-8, a topic on which, historically, the commissioners’ energetic back-and-forth has been reflected in Corp Fin interpretations that have literally shifted back and forth. You might think these reversals are a new thing, but Uyeda reminds us about the goings-on in 2015, when Whole Foods was first permitted to exclude, as a conflicting proposal under Rule 14a-8(i)(9), a proxy access proposal, only to have the staff reverse course shortly thereafter. (See this PubCo post, this PubCo post and this PubCo post.) “Relying on the Commission’s rules, or its staff’s positions,” he later observes, “in this area is akin to building a sand castle on the beach. Any rule or interpretation, no matter how recently adopted, is at risk of being erased by the next wave.” However, Uyeda finds the reversals over the course of the last few years particularly problematic. In his view, the recent interpretative changes in SLB 14L have led to a surfeit of proposals the aggregate effect of which he finds to be “value-eroding.” He suggests some approaches to address the problem. Are we looking at a fundamental—some might say radical— reimagining of the shareholder proposal process?
The SEC’s Spring 2023 Reg-Flex Agenda—according to the preamble, compiled as of April 10, 2023, reflecting “only the priorities of the Chair”—has now been posted. Here is the short-term agenda, which shows most Corp Fin agenda items targeted for action by October 2023, potentially making the next four months an especially frenetic period, with only a few proposal-stage items targeted for April 2024. And here is the long-term (maybe never) agenda. Describing the new agenda, SEC Chair Gary Gensler observed that “[t]echnology, markets, and business models constantly change. Thus, the nature of the SEC’s work must evolve as the markets we oversee evolve. In every generation since President Franklin Roosevelt’s, our Commission has updated its ruleset to meet the challenges of a new hour. Consistent with our legal mandate, guided by economic analysis, and informed by public comment, this agenda reflects the latest step in that long tradition.”
The short-term agenda includes a half dozen or so potential proposals that were on the Fall 2022 agenda, but didn’t quite make it out of the starting gate, such as plans for disclosure regarding corporate board diversity and human capital. Similarly, issues related to the private markets are still awaiting proposals. The question of why and how to address the decline in the number of public companies has, in the recent past, been a point of contention among the commissioners: is excessive regulation of public companies a deterrent to going public or has deregulation of the private markets juiced their appeal, but sacrificed investor protection in the bargain? That debate may play out in the coming months with two new proposals targeted for October this year: a plan to amend the definition of “holders of record” and a proposal to amend Reg D, including updates to the accredited investor definition. And the behemoth proposal regarding climate change disclosure—identified on the last agenda as targeted for final action but not considered for adoption on the schedule as planned—reappears on the current calendar with a later target date. Will that new target be met? Notably, political spending disclosure is, once again, not identified on the agenda. That’s because Section 633 of the Appropriations Act once again prohibits the SEC from using any of the funds appropriated “to finalize, issue, or implement any rule, regulation, or order regarding the disclosure of political contributions, contributions to tax exempt organizations, or dues paid to trade associations.”