New Requirement to Tag Auditor Information

On December 2, 2021, the SEC adopted a Final Rule implementing the requirements of the Holding Foreign Companies Accountable Act (HFCAA).  You can read more and find a link to the related Fact Sheet here. (Remember to include new Item 9C in your next 10-K!)

To implement the reporting required by the HFCAA the SEC must determine each reporting company’s auditor and the auditor’s location.  The Final Rule includes an addition to the “Document Entity and Information” section of the XBRL taxonomy for this information:

Consistent with these commenters’ suggestions, the final amendments include a new tagging requirement to facilitate the Commission’s accurate and efficient identification of Commission-Identified Issuers. To implement this requirement, in December 2021, the Document Entity and Information (“DEI”) taxonomy will be updated to include three additional data elements, applicable to annual report filings on Forms 10-K, 20-F, and 40-F that are submitted with XBRL presentations.  Those three data elements will identify the auditor (or auditors) who have provided opinions related to the financial statements presented in the registrant’s annual report, the location where the auditor’s report has been issued, and the PCAOB ID Number(s) of the audit firm(s) or branch(es) providing the opinion(s).

The update to the EDGAR filing manual was released on December 20, 2021.  All annual reports for periods ending on or after December 15, 2021, will require these new tags.

Details of the new tags are included in Volume II of the EDGAR Filer Manual.  Section 6.5.54 begins with this language:

Auditor Name, Location, and Firm ID

The name represents the plain text (not logo nor signature) name of the auditor; the location text represents the city along with either or both country, US state or Canadian province; the firm ID is the auditors’ Firm ID as assigned by the US PCAOB.

If the DEI namespace version used in the filing has those three standard elements, then the absence of any of the three facts will cause the filing to be suspended (see table in 6.5.21).

If the DEI namespace version used in a filing does not have the three standard elements, the use of that DEI namespace version will cause the filing to be suspended. The filer will need to resubmit the filing with a DEI namespace version that has the three standard elements.

All three facts must also be visible in the sense defined by, and should be tagged where they normally appear, adjacent to the auditors’ opinion.

An interesting aspect of this change is that generally only information prepared by the company is tagged.  How information about the company’s auditor will be tagged by management is likely something companies should discuss with their auditors.

As always, your thoughts and comments are welcome.

A Few Form 10-K Tips and Reminders

As year-end reporting ramps up, this post focuses on nine areas that are new or frequently mishandled in the annual reporting and proxy processes.  It will hopefully help:

            Deal with recent changes in Form 10-K and the proxy process, and

            Avoid frequent errors in 10-K form and content.

  1. What to do with old 10-K Item 6?

Anytime the SEC makes changes to the items or item numbers in Form 10-K there is confusion about handling these changes.  This is the case right now with old Item 6 – Selected Financial Data.

The first step to getting this change right is to review the most recent version of the Form 10-K Instructions at the SEC’s webpage.  There you will find Item 6 still included but with a different title:

            Item 6. [Reserved]

The second step is to remember that Exchange Act Rule 12b-13 requires that all item numbers in the instructions must be included in a report:

12b-13 Preparation of statement or report.

The statement or report shall contain the numbers and captions of all items of the appropriate form, but the text of the items may be omitted provided the answers thereto are so prepared as to indicate to the reader the coverage of the items without the necessity of his referring to the text of the items or instructions thereto. However, where any item requires information to be given in tabular form, it shall be given in substantially the tabular form specified in the item. All instructions, whether appearing under the items of the form or elsewhere therein, are to be omitted. Unless expressly provided otherwise, if any item is inapplicable or the answer thereto is in the negative, an appropriate statement to that effect shall be made.

Thus, the right approach is to include Item 6, but use the new title – [Reserved].


  1. Being Sure to Include New Item 9C.

Speaking of new Form 10-K Item numbers, earlier in 2021 the SEC added new Item 9C:

Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections.

This disclosure is related to the Holding Foreign Companies Accountable Act.  You can read more in this blog post.  While this will not apply to many companies, as mentioned above, this new item should be included in your year-end 10-K.


  1. Double-Check Your Exhibit (4)(vi).

You might ask, “Is Exhibit (4)(vi) still an issue?”  Surprisingly, the answer is yes.  When the SEC’s Disclosure Modernization process added this exhibit to Form 10-K to include information about a company’s securities, an omission in the Final Rule language created confusion about the requirement.  You can read more in this post with all the details.  That confusion continues to today, so, to be clear, Form 10-K requires Exhibit (4)(vi), which should include the following from S-K Item 601:

(vi) For each class of securities that is registered under Section 12 of the Exchange Act, provide the information required by Item 202(a) through (d) and (f) of Regulation S-K
(§ 229.202 of this chapter).

Instruction 1 to paragraph (b)(4)(vi). A registrant is only required to provide the information called for by Item 601(b)(4)(vi) if it is filing an annual report under Exchange Act Section 13(a) or 15(d).

(Other instructions are omitted).

The required disclosures are found in S-K Item 202 – Description of registrants securities requirements.


  1. Place the S-K Item 201 Equity Compensation Plan Information in Item 12 or Your Proxy

Another common, although minor, error in many Form 10-K’s is including the S-K Item 201 Equity Compensation Plan Information in Item 5 rather than Item 12.  The 10-K instructions are a bit confusing because both Item 5 and Item 12 refer to this disclosure.  However, the staff has been clear in both a letter to the ABA and a Compliance and Disclosure Interpretation, that the table should be in Item 12 if it is included in Form 10-K.  You can read more details in this blog post.


  1. Consider Placing the Performance Graph in Your Annual Report to Shareholders

Another possible change some companies could consider is moving the performance graph required by S-K Item 201 to their annual report to shareholders or ARS.  The ARS is not filed information but is only furnished.  An instruction to S-K Item 201(e) makes it clear that this information is not required in Form 10-K:

  1. The information required by paragraph (e) of this Item need not be provided in any filings other than an annual report to security holders required by Exchange Act Rule 14a-3 (17 CFR 240.14a-3) or Exchange Act Rule 14c-3 (17 CFR 240.14c-3) that precedes or accompanies a registrant’s proxy or information statement relating to an annual meeting of security holders at which directors are to be elected (or special meeting or written consents in lieu of such meeting). Such information will not be deemed to be incorporated by reference into any filing under the Securities Act or the Exchange Act, except to the extent that the registrant specifically incorporates it by reference.

You can read more in this blog post.


  1. Metric and Non-GAAP Reminders

SEC reviews continue to find many companies failing to follow some of the basic non-GAAP measure requirements of Regulation G and S-K Item 10(e).  Year-end is a great time to review Reg G, S-K Item 10(e) and the related Compliance and Disclosure Interpretations if you include non-GAAP measures in MD&A or other documents.


  1. MD&A Quantification

One of the significant changes to MD&A requirements in S-K Item 303 made by the SEC’s November 2020 MD&A Final Rule was the addition of this language:

Where the financial statements reflect material changes from period-to-period in one or more line items, including where material changes within a line item offset one another, describe the underlying reasons for these material changes in quantitative and qualitative terms.

In the last several years the staff has written countless comments requesting companies to discuss changes in both quantitative and qualitative terms.  Here is one example:

Please expand your results of operations discussion to quantify the impact of each factor identified as causing changes in results between periods. For example, we note that Mountain Reported EBITDA increased as a result of strong North American pass sales growth, strong growth in visitation and spending at western U.S. resorts, and recent acquisitions. Please quantify the impact of each factor attributing to the increase, here, and throughout your discussion, in accordance with Item 303(a)(3)(iii) of Regulation S-K and Section III.D of SEC Release No. 33-6835.

Vail Resorts, Inc., February 3, 2020

With this frequent comment topic now part of the regulatory guidance in S-K Item 303, it is likely a good idea to consider adding this kind of analysis to MD&A if it is not already included.


  1. Perks Disclosures

The SEC Enforcement Division continues to keep a watchful eye on how companies are disclosing perks.  As you can read in this post, enforcement cases focus on issues ranging from companies not using the right definition of perks to not disclosing all perks paid to officers.  It would be wise, in advance of developing information for the proxy, to review how your company computes and discloses perks.


  1. Shareholder Proposal Processes

As the Division of Corporation Finance announced on December 13, 2021, it has changed its policy and will now respond in writing to no-action requests regarding shareholder proposals.  This change should be incorporated into the planning schedule for proxy statements and annual meetings.

As always, your thoughts and comments are welcome!  If you have any tips you would like to add, feel free to put them in a comment.

SEC Finalizes Holding Foreign Companies Accountable Act Reporting

On December 2, 2021, the SEC adopted rules finalizing implementation of the Holding Foreign Companies Accountable Act (HFCAA).  The HFCAA requires a company to make certain submissions and disclosures if the auditor’s report on the financial statements in its annual report is issued by an auditor located in a foreign jurisdiction where the PCAOB is unable to inspect the auditor’s work.

The Final Rule specifies the SEC’s process to identify affected companies, which are referred to as “Commission-Identified Issuers.”  This process is based on an identification of auditors whose work is not subject to inspection in a related PCAOB Rule.  Identified companies are required to “provide information documenting that they are not owned or controlled by a governmental entity in its public accounting firm’s foreign jurisdiction on or before the due date of their annual report.”

According to the related Fact Sheet, “Commission-Identified Issuers,” that also meet the definition of “foreign issuer” in Rule 3b-4, will be required to make disclosures for itself and other related entities, that include:

  •  During the period covered by the form, the registered public accounting firm has prepared an audit report for the issuer;
  •  The percentage of the shares of the issuer owned by governmental entities in the foreign jurisdiction in which the issuer is incorporated or otherwise organized;
  •  Whether governmental entities in the applicable foreign jurisdiction with respect to that registered public accounting firm have a controlling financial interest with respect to the issuer;
  •  The name of each official of the Chinese Communist Party who is a member of the board of directors of the issuer or the operating entity with respect to the issuer; and
  • Whether the articles of incorporation of the issuer (or equivalent organizing document) contains any charter of the Chinese Communist Party, including the text of any such charter.

The definition of “foreign issuer” is in Exchange Act Rule 3b-4:

3b-4 Definition of “foreign government,” “foreign issuer” and “foreign private issuer”.

The term foreign issuer means any issuer which is a foreign government, a national of any foreign country or a corporation or other organization incorporated or organized under the laws of any foreign country.

You can read more in this Fact Sheet and the Final Rule.

As always, your thoughts and comments are welcome!

A Busy Holiday Season at the SEC

The SEC was busy in the weeks before the holiday season, taking several significant actions.  Here is a summary you can use to explore each development.

Latest Reg Flex Agenda

The SEC published its latest regulatory agenda, which you can review here.  Key issues to be addressed in the near-term include climate change and human capital resources disclosures.  Cybersecurity risk governance is also on the agenda.

Proposed New Rules for 10b5-1 Plans

On December 15, 2021, the SEC proposed amendments to Rule 10b5-1 to “strengthen the affirmative defense to insider trading” provided by the rule.  Details are in this related Fact Sheet and the Proposed Rule.  One significant change would be a 120-day cooling-off period before trading could begin under a plan.

Proposed New Rules and Disclosures for Stock Buybacks

On December 15, 2021, the SEC proposed amendments to its rules requiring disclosure about repurchases of equity securities.  You can read more in this Fact Sheet and the Proposed Rule.  Companies would be required to provide a new Form SR before the end of the first business day following a buyback.  In addition, periodic disclosures would include disclosure of the objective of share repurchases and any related process.

CorpFin Announcement Personally Identifiable Information in Rule 14a-8 Submissions

On December 17, 2021, CorpFin issued this Announcement requiring companies to redact all personally identifiable and any other related sensitive information from Rule 14a-8 submissions related to shareholder proposals.  The announcement also addresses how shareholder proponents should limit the amount of personally identifiable and sensitive information they include in correspondence to only information required to establish their eligibility to submit a proposal.

As always, your thoughts and comments are welcome!

CorpFin Staff to Respond in Writing to Shareholder Proposal Requests

On December 13, 2021, in this brief Announcement, the CorpFin staff stated they will return to the policy of issuing written responses to all shareholder no-action letter requests.  The Division’s response letters will be posted on their website.  In 2019, the Division implemented a policy of responding in writing only in limited instances and instead provided information in a chart on their webpage.  The Division expects to publish a similar chart at the end of the proxy season.

The policy change to respond to all written no-action requests in writing is effective from December 13, 2021, the publication date of the notice.

As always, your thoughts and comments are welcome!

Cybersecurity Insights from Commissioner Roisman

On October 29, 2021, SEC Commissioner Elad L. Roisman delivered a speech to the Los Angeles County Bar titled “Cybersecurity: Meeting the Emerging Challenge.”  In this speech he addresses important cybersecurity matters, beginning with this introductory section – “Understanding that You May be a Victim.”

“Before I go further, it’s important to acknowledge a point that is sometimes overlooked in discussions about cybersecurity.  In the case of cyber-crimes, companies are the targets and victims.  The last thing a company wants is to suffer this kind of criminal and illegal attack.  But, today, the threat of a cyber-attack is so constant and significant for every market participant that it should be viewed as a substantial likelihood.

The SEC has imposed specific obligations on particular registrants relating to certain cybersecurity risks.  But it’s undeniable that our registrants, who have more general obligations under the securities laws—such as to serve the best interests of clients or to shareholders—also are accountable for taking measures to prevent and mitigate damage from these threats as part of their broader responsibilities.

Accordingly, it has become increasingly important for market participants to work with counsel and other experts on preparing for potential cyber-attacks before they happen—that is, devising a plan for monitoring for cyber threats, responding to potential breaches, and understanding when information must be reported outside the company and to whom.”

After this assertion that cyber-attack should be viewed as a risk with a “substantial likelihood” and that companies should take measures to address this risk, he discusses cybersecurity risk for a variety of entities that the SEC regulates, including exchanges, SRO’s, advisors, broker dealers and others.

In the section addressing public issuers, he reviews the SEC’s 2018 Release “Commission Statement and Guidance on Public Company Cybersecurity Disclosures.”  In a related footnote he mentions that the Division of Corporation Finance “blazed trail” for this release with Disclosure Guidance Topic 2.  He reminds issuers that disclosure requirements in areas including risk factors, description of the business and MD&A may create obligations to disclose cybersecurity-related matters.  He also mentions that the 2018 Release focuses on  the importance of disclosure controls and procedures.  (See this post for an enforcement case about cybersecurity-related disclosure controls and procedures.)

Commissioner Roisman also discusses internal accounting controls over cybersecurity risk, mentioning the SEC’s 2018 “21(a) Report” that focused on cases where companies had been victimized in cybersecurity-related fraud.  That report, which did not enforce against the victim companies, reminded companies that internal accounting controls should address these kinds of risks.

Commissioner Roisman notes that the SEC’s rulemaking agenda includes issuer cybersecurity matters, but that no formal rulemaking has taken place yet.  He provides these thoughts about possible rulemaking:

“But I will let you know some of the things that I would be looking for as I consider any additional rules in this area.  First, we need to define any new legal obligations clearly.  Second, we need to make sure that these obligations do not create inconsistencies with requirements established by our sister government agencies.  Third, we should recognize that some registrants have greater resources than others, and we should not try to set the resource requirements for an entity.  And finally, because issuers’ businesses vary, the cybersecurity-related risks they face also will vary, and therefore a principles-based rule would likely work best.”

Commissioner Roisman’s thoughts provide helpful insights that can lead to action steps as we address cybersecurity risk going forward.

As always, your thoughts and comments are welcome!

PLI’s InSecurities Podcast Explores 2021 SEC Enforcement Results

On November 18, 2021, the SEC issued a detailed Press Release reviewing Enforcement Division activity for 2021.  This Press Release, while a departure from the “glossy” annual report in previous years, provides significant information about the types of enforcement cases, sanctions and focus areas of the Division.  If you would like more insight into the Division’s activities, PLI’s InSecurities podcast, hosted by Chris Ekimoff and Kurt Wolfe, provides a deep dive discussion in this “Special Episode: The 2021 SEC Enforcement ‘Report,’” featuring Sarah Heaton Concannon, who recently left the Enforcement Division.

As always, your thoughts and comments are welcome!

A Message From the Chief Accountant – Auditor Independence

On October 26, 2021, SEC Acting Chief Accountant Paul Munter released a Statement titled “The Importance of High Quality Independent Audits and Effective Audit Committee Oversight to High Quality Financial Reporting to Investors.”  In the Statement, Mr. Munter focuses on the responsibilities of audit committees, management, and of course auditors, in assuring auditors are independent of clients.

He discusses the importance of auditor independence to our capital markets, the shared responsibility for auditor independence, and the importance of gatekeepers in this process, saying:

“The independence of the auditor, in both fact and appearance, is foundational to the credibility of the financial statements.   While sourcing a high quality independent auditor is a key responsibility of the audit committee,  compliance with auditor independence rules is a shared responsibility of the issuer, its audit committee, and the auditor.

As we near the twentieth anniversary of SOX, it is critical for all gatekeepers to continue to vigilantly maintain the independence of auditors, in both fact and appearance. In this regard, auditors and audit clients must carefully consider the scope of their audit and any permissible non-audit engagements that have been pre-approved by the audit committee to guard against impairments of independence. As part of this responsibility, all gatekeepers in the financial reporting ecosystem should be especially mindful of the nature and the scope of any other services provided by the independent auditor.”

The Statement highlights the four guiding principles in Regulation S-X behind the SEC’s auditor independence rules.  Regulation S-X Article 2.01 states:

“In considering this standard, the Commission looks in the first instance to whether a relationship or the provision of a service:

  • Creates a mutual or conflicting interest between the accountant and the audit client;
  • places the accountant in the position of auditing his or her own work
  • results in the accountant acting as management or an employee of the audit client; or
  • places the accountant in a position of being an advocate for the audit client.

These factors are general guidance only, and their application may depend on particular facts and circumstances.”

This auditor independence enforcement case involving an audit firm, three of the firm’s partners, and a public company’s former chief accounting officer, illustrates Mr. Munter’s key point that auditor independence is a shared responsibility of companies, audit committees and auditors.  In this case, the audit firm paid a penalty of $10 million, three partners in the firm paid penalties and were barred from SEC practice, and the former chief accounting officer of the company involved paid a fine and was barred from SEC practice.

As always, your thoughts and comments are welcome!


Yet Another Perks Enforcement Case!

As we have blogged about on previous occasions, the SEC Enforcement Division is actively watching for companies that fail to adequately disclose executive perks.  In a recent case against ProPetro Holding Corp., an oilfield services company, and its former CEO, the SEC underscored this point in their enforcement agenda.

The Press Release announcing this case states:

“The SEC’s order finds that Redman (the former CEO) caused ProPetro to incur $380,594 worth of personal and travel expenses unrelated to the performance of his duties as CEO. He also failed to disclose to company personnel that he had pledged all of his ProPetro stock in two private real estate transactions. During the same period, ProPetro failed to properly disclose $47,591 in additional, authorized perks it paid to Redman.”

As you can read in the related AAER, use of a company aircraft for personal trips and use of a company credit card for personal expenses were major parts of this case.

As is typical in these cases, ProPetro and Redman agreed to cease and desist from further violations, and the former CEO agreed to pay a $195,046 penalty. The order notes ProPetro’s significant cooperation with the agency’s investigation as well as its very extensive remedial efforts, including “hiring an entirely new management team with significant public company experience, hiring additional finance department personnel, installing several new directors, and developing new controls, policies, and procedures concerning perks.”  The company did not pay a penalty.

These steps go well beyond company actions and SEC’s sanctions in other cases, such as when Dow Chemical was required to hire an independent consultant to conduct a review of its policies, procedures, controls, and training relating to perks.

As always, your thoughts and comments are welcome!

Making Liquidity and Capital Resources Disclosures Meaningful

Many MD&A liquidity and capital resources discussions try to explain changes in operating cash flows with opaque explanations, such as “our cash from operating activities decreased because of an increase in accounts receivable.”  Trying to unpack the logic behind this kind of statement to a non-accountant is almost impossible.  It is far more understandable to say, “our cash collections from customers decreased resulting in a decrease in cash flows from operating activities.”  The problem with this more understandable statement, which is essentially based on the direct method of preparing the statement of cash flows, is that reporting systems frequently do not provide the necessary information.

Finding the balance between convoluted statements about how changes in balance sheet accounts affect cash flows and the lack of information necessary to apply the direct method to the statement of cash flows is complex and frequently frustrating.

The SEC challenges companies on this issue when disclosure is unclear.  Here is an example where a company was called upon to clarify these kinds of disclosures in MD&A.

To begin, here is the company’s operating cash flows discussion:

Cash Flows

Operating Activities. Net cash provided by operating activities for the years ended December 31, 2019 and 2018 was $306.3 million and $199.1 million, respectively. Cash provided by operations in 2019 and 2018 resulted from our net income adjusted for non-cash charges for share-based compensation, depreciation and amortization, timing of income tax and employee related payments and changes in other working capital. The significant increase in net cash from operating activities between 2018 and 2019 is primarily due to the higher net income and changes in working capital balances.

This disclosure triggered the following comment from the SEC:

Liquidity, Capital Resources, and Financial Position

Cash Flows

Operating Activities, page 51

Staff Comment:

It appears from the statement of cash flows changes in assets and liabilities, which include working capital items, between 2019 and 2018 of $101.6 million is the substantial cause of the $107.3 million, or 54%, increase in 2019 operating cash flows compared to 2018.  Please revise your disclosure to discuss the material items and the associated underlying factors contributing to the variance.  Refer to IV.B.1 of SEC Release No. 33-8350 for guidance.  Quantify any factors cited, pursuant to section 501.04 of the staff’s Codification of Financial Reporting.  Additionally, define what you consider to be your working capital.

And here is the company’s response, including example new disclosures:

The Company acknowledges the Staff’s comment and will include in its future Annual Reports on Form 10-K enhanced disclosure regarding the matters identified above substantially similar to the following:

Operating Activities.  Net cash provided by operating activities for the years ended December 31, 2019 and 2018 was $306.3 million and $199.1 million, respectively.  Cash provided by operations increased $101.6 million from 2018 to 2019 as a result of changes in the Company’s working capital balances in 2018, resulting from the transaction with GCU.  The Company defines working capital as the assets and liabilities, other than cash, generated through the Company’s primary operating activities.  Changes in these balances are included in the changes in assets and liabilities presented in the consolidated statement of cash flows.  Additionally, for the year ended December 31, 2019 an increase in net income of $30.2 million was partially offset by decreases in non-cash reconciling items of $24.5 million over the prior year period.

Our working capital balances changed primarily due to the transaction with GCU on July 1, 2018, which resulted in operational changes that impacted cash flows of the Company in the second half of 2018.  Commencing July 1, 2018, the Company transitioned to an education services company and no longer has student receivables but records a receivable each month for education services provided to university partners. These changes, along with accrual of interest on the Secured Note receivable from GCU, resulted in a combined $59.3 million reduction in cash inflows from receivables in 2018.    Additionally, in 2018, accounts payable and accrued liabilities associated with our operations prior to the Transaction were settled, resulting in net cash outflows of $30.0 million.

The Company will provide similar disclosures for material fluctuations in operating cash flows in future filings.

As always, your thoughts and comments are welcome!