Tag: SEC Division of Corporation Finance
In discussions of inflation, SEC staff want the details
According to a review of SEC staff comments by Bloomberg, Corp Fin staff have been weighing in to remind companies about the need to discuss, in SEC filings, the material impact of inflation—and don’t forget the details. No doubt you remember that Item 303 of Reg S-K used to include an express requirement to discuss the impact of inflation and changing prices on net sales, revenues and income from continuing operations, but that provision was eliminated as part of the MD&A modernization project in 2020. (See this PubCo post.) Of course, at that point we hadn’t had any real inflation for years. Then the SEC removed the explicit requirement and what do we have? Inflation, of course—up to 9% in June 2022.
Compliance dates for SEC cybersecurity disclosure rules
As you know, the SEC adopted final rules on cybersecurity disclosure on July 26, with compliance dates tied to publication in the Federal Register. (See this PubCo post.) Those rules were published on August 4 with compliance dates spelled out in the published release.
SEC adopts final rules on cybersecurity disclosure [UPDATED]
[This post revises and updates my earlier post primarily to provide a more detailed discussion of the contents of the adopting release.]
At an open meeting on Wednesday last week, the SEC voted, three to two, to adopt final rules on cybersecurity disclosure. In his statement at the open meeting, Commissioner Jaime Lizárraga shared the stunning statistics that, last year, 83% of companies experienced more than one data breach, with an average cost of in the U.S. of $9.44 million; breaches increased 600% over the last decade and total costs across the U.S. economy could run as high as trillions of dollars per year. Given the ubiquity, frequency and complexity of these threats, in March last year, the SEC proposed cybersecurity disclosure rules intended to help shareholders better understand cybersecurity risks and how companies are managing and responding to them. Although a number of changes to the proposal were made in the final rules in response to objections that the proposal was too prescriptive and could increase companies’ vulnerability to cyberattack, the basic structure remains the same, with requirements for both material incident reporting on Form 8-K and periodic disclosure of material information regarding cybersecurity risk management, strategy and governance. According to SEC Chair Gensler, “[w]hether a company loses a factory in a fire—or millions of files in a cybersecurity incident—it may be material to investors….Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them.”
SEC adopts final rules on cybersecurity disclosure
In remarks to the audience at a Financial Times summit earlier this month, Gurbir Grewal, SEC Director of Enforcement, citing a recent poll from Deloitte, observed that over “a third of executives reported that their organization’s accounting and financial data was targeted by cyber adversaries last year.” As threats increase, Grewal maintained, cybersecurity is “foundational to maintaining the integrity of not just our securities markets, but our economy as a whole.” (See this PubCo post.) Similarly, in remarks in January 2022, SEC Chair Gary Gensler suggested that the economic cost of cyberattacks could possibly be in the trillions of dollars, taking many forms, including denials-of-service, malware and ransomware. It’s also a national security issue. He reminded us that “cybersecurity is a team sport,” and that the private sector is often on the front lines. And, in his statement at the SEC open meeting yesterday morning, Commissioner Jaime Lizárraga shared the eye-opening stats that, last year, 83% of companies experienced more than one data breach, with an average cost of in the U.S. of $9.44 million; breaches increased 600% over the last decade. Given the ubiquity, frequency and complexity of these threats, in March last year, the SEC proposed cybersecurity disclosure rules intended to help shareholders better understand cybersecurity risks and how companies are managing and responding to them. At an open meeting yesterday morning, the SEC voted, three to two, to adopt final rules on cybersecurity disclosure. Although a number of changes to the proposal were made in response to comments, the basic structure remains the same in the final rules, with requirements for both material incident reporting on Form 8-K and periodic disclosure of material information regarding cybersecurity risk management, strategy and governance. According to Gensler, “[w]hether a company loses a factory in a fire—or millions of files in a cybersecurity incident—it may be material to investors….Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them.”
Corp Fin posts three new CDIs on Rule 10b5-1
Last week, Corp Fin posted (and then deleted and reposted—but that’s another story) three new CDIs regarding the affirmative defense under Rule 10b5-1. As you may recall, in December last year, the SEC adopted new amendments to the rules regarding Rule 10b5-1 plans. These amendments added new conditions to the affirmative defense of Rule 10b5-1(c) designed to address concerns about abuse of the rule by opportunistic trading on the basis of material non-public information. Among other changes, Rule 10b5-1(c)(1) was amended to apply a cooling-off period to persons other than the issuer, impose a good-faith certification requirement on directors and officers, limit the ability of persons other than the issuer to use multiple overlapping Rule 10b5-1 plans, limit the use of single-trade plans by persons other than the issuer to one single-trade plan in any 12-month period, and add a condition that all persons entering into Rule 10b5-1 plans must act in good faith with respect to those plans. In addition, the amendments included requirements for new disclosures regarding (1) companies’ insider trading policies and procedures, and the use of 10b5-1 plans and certain other similar trading arrangements by directors and officers; (2) director and officer equity compensation awards made close in time to company to disclosure of MNPI; and (3) bona fide gifts of securities on Forms 4 by Section 16 filers and transactions under 10b5-1 plans on Forms 4 and 5. (See this PubCo post.) The new CDIs relate to the timing of compliance and the use and termination of multiple plans.
Corp Fin posts a slew of new CDIs on pay versus performance
On Friday afternoon, Corp Fin posted a slew of new CDIs—15 in total—regarding the new pay-versus-performance rule. You may recall that, in August last year, the SEC finally adopted a new rule that will require disclosure of information reflecting the relationship between executive compensation actually paid by a company and the company’s financial performance—a new rule that was originally mandated by Dodd-Frank in 2010. Lots of questions have arisen about implementation of the rule, and SEC representatives let it be known that CDIs on the topic would be forthcoming. (See this post from thecorporatecounsel.net blog.) Not surprisingly, most of the CDIs are about the complicated Pay Versus Performance table and are just as thorny as the rule, so get your Advil ready.
Corp Fin issues new CDIs regarding the clawback rules
In October last year, the SEC adopted a new clawback rule, Exchange Act Rule 10D-1, which directed the national securities exchanges to establish listing standards requiring listed issuers to adopt and comply with a clawback policy and to provide disclosure about the policy and its implementation. The clawback policy must provide that, in the event the listed issuer is required to prepare an accounting restatement—including not only a “reissuance,” or “Big R,” restatement (which involves a material error and an 8-K), but also a “revision” or “little r” restatement—the issuer must recover the incentive-based compensation that was erroneously paid to its current or former executive officers based on the misstated financial reporting measure. (See this PubCo post.) Now, the Corp Fin staff has issued some new CDIs, summarized below, providing guidance about the timing of the new required disclosure, which officers of foreign private issuers are subject to the disclosure rule and plans subject to the clawback.
Renee Jones to leave SEC; Erik Gerding to be named Corp Fin Director
On Friday, the SEC announced the departure of Renee Jones as head of Corp Fin. She has been Director of Corp Fin since June 2021 and will be returning to her position on the faculty of Boston College Law School. In her place as Director of Corp Fin will be Erik Gerding, who is currently serving as Deputy Director of Corp Fin. SEC Chair Gary Gensler praised Jones for leading Corp Fin “during a time when we have proposed—and in numerous cases adopted—critical reforms to benefit investors….I am grateful for her counsel, judgment, and deep understanding of the capital markets. Thanks to Renee’s leadership, we have enhanced investors’ access to the full, fair, and truthful information as required by our securities laws to make informed investment decisions.” Gerding remarked that he “look[s] forward to continuing the work that Renee led at the Division over the last year….” Will we see any difference in Corp Fin rulemaking? Time will tell.
Corp Fin posts revised and new non-GAAP CDIs
The Corp Fin staff has issued a group of revised and new compliance & disclosure interpretations on the use of non-GAAP financial measures. The CDIs are more detailed and expansive in describing disclosure that the staff considers to be misleading as well as presentations that the staff believes reflect excessive non-GAAP prominence over the comparable GAAP number under Reg S-K Item 10(e). Summaries are below.
Happy Holidays!
Corp Fin urges companies to amp up disclosure on impact of crypto market developments
Last week, Corp Fin posted another sample comment letter—this one urging affected companies to provide “specific, tailored disclosure” about the “disruption” in the crypto markets and collateral events, the “company’s situation in relation to those events and conditions, and the potential impact on investors.” The sample comments focus on “the material impacts of crypto asset market developments, which may include a company’s exposure to counterparties and other market participants; risks related to a company’s liquidity and ability to obtain financing; and risks related to legal proceedings, investigations, or regulatory impacts in the crypto asset markets.” Below is a brief summary.
You must be logged in to post a comment.