This SEC Order, In the Matter of The Dow Chemical Company, is a great refresher—at Dow’s expense, unfortunately for Dow—on the analysis required to determine whether or not certain expenses and benefits are perquisites or personal benefits that must be disclosed in the Summary Comp Table in the proxy statement. As you probably know, the analysis for determining whether an item is a disclosable “perk” can be very tricky to apply, especially when it involves the use of corporate jets by executives and their friends and families. The SEC claims that Dow applied the wrong standard altogether in its analysis, failing to disclose over a five-year period $3M in CEO perks and understating the CEO’s disclosed perks by an average of 59%. Dow settled the charges for a fine of $1.75M and also undertook to engage an independent consultant that would perform a review of Dow’s policies, procedures and controls and conduct training related to the determination of perks.
Yesterday, the SEC voted (by a vote of three to two) to propose amendments to the rules related to its whistleblower program. According to Chair Clayton, the program has been a resounding success in providing incentives to individuals to blow the whistle on wrongdoing. The press release reports that “[o]riginal information provided by whistleblowers has led to enforcement actions in which the Commission has ordered over $1.4 billion in financial remedies, including more than $740 million in disgorgement of ill-gotten gains and interest, the majority of which has been, or is scheduled to be, returned to harmed investors.” The proposal is intended to improve the program by increasing efficiencies and providing more tools and more flexibility to the SEC, enabling the SEC to adjust, within certain limitations, the amounts payable as awards under the program. The amendments also modify the requirements for anti-retaliation protection to conform to SCOTUS’s recent decision in Digital Realty v. Somers (see this PubCo post).
In this recent Cooley Alert, SEC Issues New Guidance on Cybersecurity Disclosure and Policies, we wrote that the SEC had not yet brought a formal enforcement proceeding for failure to make timely disclosure regarding cybersecurity risks and/or cyber incidents and asked whether an enforcement action might just be on the horizon? In that regard, we noted that, in 2017, the co-director of the SEC’s Enforcement Division had warned that, although the SEC was “not looking to second-guess good faith disclosure decisions,” enforcement actions were certainly possible in the right circumstances. Indeed, the co-director had cautioned that no one should mistake the absence of enforcement actions for an unwillingness by the SEC to pursue companies with inadequate cybersecurity disclosures before and after breaches or other incidents. Apparently, SEC Enforcement has now identified circumstances it considers to be “right”: today, the SEC announced “that the entity formerly known as Yahoo! Inc. has agreed to pay a $35 million penalty to settle charges that it misled investors by failing to disclose one of the world’s largest data breaches in which hackers stole personal data relating to hundreds of millions of user accounts.”
Today, SCOTUS issued its opinion in Cyan Inc. v. Beaver County Employees Retirement Fund. The opinion by Justice Kagan for a unanimous Court answered two questions: Did the Securities Litigation Uniform Standards Act of 1998 eliminate state court jurisdiction over class actions alleging only ’33 Act violations, and, even if not, under SLUSA, can defendants remove these state court actions to federal court? SCOTUS said no in both cases: “SLUSA did nothing to strip state courts of their longstanding jurisdiction to adjudicate class actions alleging only 1933 Act violations. Neither did SLUSA authorize removing such suits from state to federal court.”
Happy International Women’s Day!
According to the latest Equilar Gender Diversity Index (GDI), based on the current rate of growth, board gender parity for companies in the Russell 3000 is now expected to be achieved by 2048, an advance from the estimate published in the inaugural 2017 GDI, which did not project parity until 2055. At that point, women held only 15.1% of board seats for the Russell 3000, compared to 16.5% as of the end of 2017. Should we cheer?
Yesterday, the SEC announced that it had adopted—without the scheduled open meeting, which was abruptly cancelled with only a cryptic statement—long-awaited new guidance on cybersecurity disclosure. The guidance addresses disclosure obligations under existing laws and regulations, cybersecurity policies and procedures, disclosure controls and procedures, insider trading prohibitions and Reg FD and selective disclosure prohibitions in the context of cybersecurity. The new guidance builds on Corp Fin’s 2011 guidance on this topic (see this Cooley News Brief), adding in particular new discussions of policies and insider trading. While the guidance was adopted unanimously, some of the Commissioners were not exactly enthused about it, viewing it as largely repetitive of the 2011 guidance—and hardly more compelling. Anticlimactic? See if you agree.