Tag: Department of Justice

Corp Fin issues new CDIs on delaying Form 8-Ks for material cybersecurity incidents

Corp Fin has just released some new CDIs, summarized below, relating to material cybersecurity incidents.  As you know, in July, the SEC voted, three to two, to adopt final rules on cybersecurity disclosure, which includes a requirement for material  incident reporting on Forms 8-K and 6-K.  Compliance with the 8-K and 6-K incident disclosure requirements will be required for all companies other than smaller reporting companies beginning on December 18, 2023. SRCs will have an additional 180 days deferral. (See this PubCo post.) The new CDIs can all be found under the caption Exchange Act Forms, in a new Section 104B, Item 1.05 Material Cybersecurity Incidents.  Summaries are below, but each CDI number is linked to the CDI on the SEC website, so you can easily read the version in full. 

DOJ Guidance for Corporate Compliance Programs

The Department of Justice has just released its updated guidance for Evaluation of Corporate Compliance Programs.  The DOJ Manual identifies factors that prosecutors take into account “in conducting an investigation of a corporation, determining whether to bring charges, and negotiating plea or other agreements.” Among these factors is the “adequacy and effectiveness of the corporation’s compliance program.” Although the guidance is designed to assist prosecutors in assessing and making informed decisions about the extent of “credit” to be attributed to a company in light of its corporate compliance program, the factors that prosecutors are advised to consider in evaluating these programs should not be lost on companies seeking to develop and implement their own compliance programs.  Of course, the guidance is not intended to be formulaic and recognizes that the relevance and significance of the factors and questions identified will vary depending on a range of company attributes, including “each company’s risk profile and solutions to reduce its risks.”