All posts by George Wilson

HeadSpin Enforcement – Avoiding Penalties

Reporting

On August 25, 2021, the SEC announced charges against the former CEO of HeadSpin, Inc.  HeadSpin is a private tech company in Silicon Valley.  According to the Press Release and related SEC Complaint, the former CEO falsely manipulated sales records and key performance metrics.  The SEC alleges that the former CEO exerted control over HeadSpin’s financial reporting and was able to misstate results with actions such as creating false invoices and altering real invoices.

In this type of announcement the SEC almost always includes language that their investigation “is continuing.”  Usually further cases follow against the company and other parties.  The SEC did enforce against HeadSpin, but, surprisingly, the enforcement action did not assess penalties against the company.  As outlined in the SEC’s January 28, 2022,  Press Release and Complaint, it was an internal investigation started by the company’s Board of Directors that discovered the CEO’s actions.  Additionally, the company took significant remedial steps including removal of the CEO, hiring new senior management and repaying investors.  Based on these steps and others outlined in the Complaint,  the SEC settled fraud charges against the company without any penalty.

Both the Press Release and SEC Complaint offer valuable insights about steps companies can take when such a problem is discovered.

As always, your thoughts and comments are welcome!

A Climate Change Comment Letter

ESG, Hot Topic

On February 24, 2021, Acting Chair Allison Herren Lee issued a Statement on the Review of Climate-Related Disclosure  where she directed the CorpFin staff to “enhance its focus on climate-related disclosures” in filing reviews.  On September 22, 2021, CorpFin issued a Sample Letter to Companies Regarding Climate Change Disclosures to provide example climate change comments.  The issues raised in the sample letter to companies are consistent with the SEC’s 2010 FR-82 – Commission Guidance Regarding Disclosure Related to Climate Change.  You can find more background in this blog post.

The staff posts all the comment letters and responses from an individual company review twenty business days or more after the review is closed.  Some climate change related reviews are now being posted on the EDGAR system.  Cintas, Monster, and Palo Alto Networks are among the companies that have received climate change related comment letters.

Cintas received a climate change related comment letter in September 2021.  You can read the complete SEC comment letters and company responses with these links:

            First SEC comment letter – Dated September 16, 2021 – five climate comments

            First company response  – Dated September 28, 2021

            Second SEC comment letter – Dated October 21, 2021

            Second company response – Dated November 3, 2021

            Closing letter – Dated January 14, 2022

The first comment in the SEC’s letter to Cintas is essentially the same as the first example in the Sample Letter to Companies:

  1. We note that you provided more expansive disclosure in your CSR report than you provided in your SEC filings. Please advise us what consideration you gave to providing the same type of climate-related disclosure in your SEC filings as you provided in your CSR report.

The company’s first response to this comment was:

Response: In response to the Staff’s comment, the Company respectfully advises the Staff that the Company’s Environmental, Social and Governance Report (“ESG Report”) is designed to provide selected information regarding the Company’s ESG performance to a broad audience that includes investors, employee-partners, customers, communities, suppliers and other interested parties. As a result, the ESG Report may include detailed information, such as information regarding the Company’s efforts to reduce energy use and greenhouse gas (“GHG”) emissions, that is beyond the scope of the information that is required to be disclosed pursuant to applicable SEC rules and/or regulations. When considering whether to include climate-related disclosure in its SEC filings, including the type of climate-related disclosure provided in the ESG Report, the Company takes into account applicable SEC rules and regulations, including Item 101, Item 103, Item 105 and Item 303 of Regulation S-K, as well as the SEC’s Compliance and Disclosure Interpretations, available guidance from the Staff (including the SEC’s 2010 Commission Guidance Regarding Disclosure Related to Climate Change) and applicable standards of materiality. The Company also considers that, while certain climate-related information may be of interest to readers of the ESG Report, such information may not be material to investors in the context of an SEC filing, while SEC filings may otherwise include separate climate-related disclosure required pursuant to Regulation S-K and other applicable SEC rules, regulations and guidance. The Company respectfully advises the Staff that it will, in response to the Staff’s comment, and historical practice, continue to evaluate its climate-related disclosure in SEC filings in light of applicable SEC rules, regulations and guidance and applicable standards of materiality.

The SEC’s follow-up comment letter did not raise this issue again.

The fourth comment in the original letter addressed, consistent with FR-82 and the Sample Letter, the indirect effects of climate change:

  1. To the extent material, discuss the indirect consequences of climate-related regulation or business trends, such as the following:
  • decreased demand for goods or services that produce significant greenhouse gas emissions or are related to carbon-based energy sources;
  • increased demand for goods or services that result in lower emissions than competing products;
  • increased competition to develop innovative new services that result in lower emissions; and
  • any anticipated reputational risks resulting from operations or products that produce material greenhouse gas emissions.

The companies first response to this comment was:

Response: In response to the Staff’s comment, the Company respectfully advises the Staff that the Company considers applicable SEC disclosure rules, regulations, and guidance, including Item 101, Item 105 and Item 303 of Regulation S-K, when preparing its SEC filings and, as applicable and to the extent material, evaluates disclosure regarding indirect consequences of climate-related regulation or business trends. As of the filing of the Form 10-K, however, the Company had not identified any material indirect consequences of climate-related regulation or business trends. The Company respectfully advises the Staff that it will, in response to the Staff’s comment, and historical practice, continue to evaluate its climate-related disclosure in SEC filings, including disclosure regarding the indirect consequences of climate-related regulation or business trends, in light of applicable SEC rules, regulations and guidance and applicable standards of materiality.

The SEC’s second letter included a follow-up comment about this issue:

  1. Your response to prior comment 3, which states that you have not identified any material indirect consequences of climate-related regulation or business trends, appears to be conclusory without providing sufficient detail. Please provide us with additional support for your conclusion, including with regard to the individual items noted in our prior comment.

The company’s second response expanded its answer:

Response: As background for the Staff, the Company respectfully advises the Staff that the Company provides certain products and services that generally enhance its customers’ image and help keep customers’ facilities and employees clean and safe. These products and services include uniforms through rental and sales programs, mats, mops, restroom supplies, first aid and safety products, fire extinguishers and testing and safety training. None of these products produce significant greenhouse gas emissions. The Company generally provides these products to customers via approximately 11,000 local delivery routes. These local delivery routes are run by Company employees on Company-owned trucks. These trucks do create greenhouse gas (“GHG”) emissions in compliance with current regulatory emissions requirements. Many of the Company’s products, such as uniforms, mats, mops and other rentable products, are laundered in Company-owned laundry facilities. The laundering process uses water and energy to run the washers, dryers and other processing equipment.

In response to the Staff’s comment, the Company respectfully advises the Staff that, at the time of the filing of the Form 10-K and to date, aside from the general economic effects of the COVID-19 pandemic on its customers, the Company did not experience and has not experienced any significant decreased demand for products or services, whether such products or services might produce significant GHG emissions or are related to carbon-based energy sources, or significant demand for products or services that might result in lower emissions than competing products or services. The Company did not identify and has not identified any significant changes in competition due to innovative new services that result in lower emissions. While the Company has had inquiries from customers and investors about its fleet and laundry processes with regards to GHG emissions and other carbon-based energy impacts, the Company did not identify and has not identified any material reputational risks resulting from these inquiries.

The next letter the SEC sent to the company was the closing letter, which included the SEC’s standard closing language:

We have completed our review of your filing. We remind you that the company and its management are responsible for the accuracy and adequacy of their disclosures, notwithstanding any review, comments, action or absence of action by the staff.

As always, your thoughts and comments are welcome!

A Climate Change Related SEC Comment

Hot Topic, Reporting

Climate change has been a major and well publicized part of the SEC’s agenda in the last year.  As you can read on the climate change section of the SEC’s webpage, CorpFin focused on climate change in the review process, the Enforcement Division formed a climate change task force, and the Commission issued an Invitation to Comment on climate change related matters.

CorpFin comment letters have addressed climate change.  On September 22, 2021, the staff issued this sample letter to companies providing examples of the types of comments it is issuing.

A recent comment letter to CarMax Auto Funding LLC regarding a registration statement disclosure provides an example of a climate change comment:

Risk Factors, page 38

  1. To the extent that you believe investors in these asset-backed securities may be impacted by climate related events, including, but not limited to, existing or pending legislation or regulation that relates to climate change, please consider revising your disclosure to describe these risks. See the Commission’s Guidance Regarding Disclosure Related to Climate Change, Interpretive Release No. 33-9106 (February 8, 2010).

The Interpretive Release mentioned in this comment, also known as FR 82, can be found here.

The company responded to this comment with modified risk factor disclosure.  You can find the modified risk factor and an example of a risk factor summary in the registration statement.

As always, your thoughts and comments are welcome.

New Requirement to Tag Auditor Information

10-K/10-Q Tips, Reporting

On December 2, 2021, the SEC adopted a Final Rule implementing the requirements of the Holding Foreign Companies Accountable Act (HFCAA).  You can read more and find a link to the related Fact Sheet here. (Remember to include new Item 9C in your next 10-K!)

To implement the reporting required by the HFCAA the SEC must determine each reporting company’s auditor and the auditor’s location.  The Final Rule includes an addition to the “Document Entity and Information” section of the XBRL taxonomy for this information:

Consistent with these commenters’ suggestions, the final amendments include a new tagging requirement to facilitate the Commission’s accurate and efficient identification of Commission-Identified Issuers. To implement this requirement, in December 2021, the Document Entity and Information (“DEI”) taxonomy will be updated to include three additional data elements, applicable to annual report filings on Forms 10-K, 20-F, and 40-F that are submitted with XBRL presentations.  Those three data elements will identify the auditor (or auditors) who have provided opinions related to the financial statements presented in the registrant’s annual report, the location where the auditor’s report has been issued, and the PCAOB ID Number(s) of the audit firm(s) or branch(es) providing the opinion(s).

The update to the EDGAR filing manual was released on December 20, 2021.  All annual reports for periods ending on or after December 15, 2021, will require these new tags.

Details of the new tags are included in Volume II of the EDGAR Filer Manual.  Section 6.5.54 begins with this language:

Auditor Name, Location, and Firm ID

The name represents the plain text (not logo nor signature) name of the auditor; the location text represents the city along with either or both country, US state or Canadian province; the firm ID is the auditors’ Firm ID as assigned by the US PCAOB.

If the DEI namespace version used in the filing has those three standard elements, then the absence of any of the three facts will cause the filing to be suspended (see table in 6.5.21).

If the DEI namespace version used in a filing does not have the three standard elements, the use of that DEI namespace version will cause the filing to be suspended. The filer will need to resubmit the filing with a DEI namespace version that has the three standard elements.

All three facts must also be visible in the sense defined by 5.2.5.14, and should be tagged where they normally appear, adjacent to the auditors’ opinion.

An interesting aspect of this change is that generally only information prepared by the company is tagged.  How information about the company’s auditor will be tagged by management is likely something companies should discuss with their auditors.

As always, your thoughts and comments are welcome.

A Few Form 10-K Tips and Reminders

10-K/10-Q Tips, Reporting

As year-end reporting ramps up, this post focuses on nine areas that are new or frequently mishandled in the annual reporting and proxy processes.  It will hopefully help:

            Deal with recent changes in Form 10-K and the proxy process, and

            Avoid frequent errors in 10-K form and content.

  1. What to do with old 10-K Item 6?

Anytime the SEC makes changes to the items or item numbers in Form 10-K there is confusion about handling these changes.  This is the case right now with old Item 6 – Selected Financial Data.

The first step to getting this change right is to review the most recent version of the Form 10-K Instructions at the SEC’s webpage.  There you will find Item 6 still included but with a different title:

            Item 6. [Reserved]

The second step is to remember that Exchange Act Rule 12b-13 requires that all item numbers in the instructions must be included in a report:

12b-13 Preparation of statement or report.

The statement or report shall contain the numbers and captions of all items of the appropriate form, but the text of the items may be omitted provided the answers thereto are so prepared as to indicate to the reader the coverage of the items without the necessity of his referring to the text of the items or instructions thereto. However, where any item requires information to be given in tabular form, it shall be given in substantially the tabular form specified in the item. All instructions, whether appearing under the items of the form or elsewhere therein, are to be omitted. Unless expressly provided otherwise, if any item is inapplicable or the answer thereto is in the negative, an appropriate statement to that effect shall be made.

Thus, the right approach is to include Item 6, but use the new title – [Reserved].

 

  1. Being Sure to Include New Item 9C.

Speaking of new Form 10-K Item numbers, earlier in 2021 the SEC added new Item 9C:

Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections.

This disclosure is related to the Holding Foreign Companies Accountable Act.  You can read more in this blog post.  While this will not apply to many companies, as mentioned above, this new item should be included in your year-end 10-K.

 

  1. Double-Check Your Exhibit (4)(vi).

You might ask, “Is Exhibit (4)(vi) still an issue?”  Surprisingly, the answer is yes.  When the SEC’s Disclosure Modernization process added this exhibit to Form 10-K to include information about a company’s securities, an omission in the Final Rule language created confusion about the requirement.  You can read more in this post with all the details.  That confusion continues to today, so, to be clear, Form 10-K requires Exhibit (4)(vi), which should include the following from S-K Item 601:

(vi) For each class of securities that is registered under Section 12 of the Exchange Act, provide the information required by Item 202(a) through (d) and (f) of Regulation S-K
(§ 229.202 of this chapter).

Instruction 1 to paragraph (b)(4)(vi). A registrant is only required to provide the information called for by Item 601(b)(4)(vi) if it is filing an annual report under Exchange Act Section 13(a) or 15(d).

(Other instructions are omitted).

The required disclosures are found in S-K Item 202 – Description of registrants securities requirements.

 

  1. Place the S-K Item 201 Equity Compensation Plan Information in Item 12 or Your Proxy

Another common, although minor, error in many Form 10-K’s is including the S-K Item 201 Equity Compensation Plan Information in Item 5 rather than Item 12.  The 10-K instructions are a bit confusing because both Item 5 and Item 12 refer to this disclosure.  However, the staff has been clear in both a letter to the ABA and a Compliance and Disclosure Interpretation, that the table should be in Item 12 if it is included in Form 10-K.  You can read more details in this blog post.

 

  1. Consider Placing the Performance Graph in Your Annual Report to Shareholders

Another possible change some companies could consider is moving the performance graph required by S-K Item 201 to their annual report to shareholders or ARS.  The ARS is not filed information but is only furnished.  An instruction to S-K Item 201(e) makes it clear that this information is not required in Form 10-K:

  1. The information required by paragraph (e) of this Item need not be provided in any filings other than an annual report to security holders required by Exchange Act Rule 14a-3 (17 CFR 240.14a-3) or Exchange Act Rule 14c-3 (17 CFR 240.14c-3) that precedes or accompanies a registrant’s proxy or information statement relating to an annual meeting of security holders at which directors are to be elected (or special meeting or written consents in lieu of such meeting). Such information will not be deemed to be incorporated by reference into any filing under the Securities Act or the Exchange Act, except to the extent that the registrant specifically incorporates it by reference.

You can read more in this blog post.

 

  1. Metric and Non-GAAP Reminders

SEC reviews continue to find many companies failing to follow some of the basic non-GAAP measure requirements of Regulation G and S-K Item 10(e).  Year-end is a great time to review Reg G, S-K Item 10(e) and the related Compliance and Disclosure Interpretations if you include non-GAAP measures in MD&A or other documents.

 

  1. MD&A Quantification

One of the significant changes to MD&A requirements in S-K Item 303 made by the SEC’s November 2020 MD&A Final Rule was the addition of this language:

Where the financial statements reflect material changes from period-to-period in one or more line items, including where material changes within a line item offset one another, describe the underlying reasons for these material changes in quantitative and qualitative terms.

In the last several years the staff has written countless comments requesting companies to discuss changes in both quantitative and qualitative terms.  Here is one example:

Please expand your results of operations discussion to quantify the impact of each factor identified as causing changes in results between periods. For example, we note that Mountain Reported EBITDA increased as a result of strong North American pass sales growth, strong growth in visitation and spending at western U.S. resorts, and recent acquisitions. Please quantify the impact of each factor attributing to the increase, here, and throughout your discussion, in accordance with Item 303(a)(3)(iii) of Regulation S-K and Section III.D of SEC Release No. 33-6835.

Vail Resorts, Inc., February 3, 2020

With this frequent comment topic now part of the regulatory guidance in S-K Item 303, it is likely a good idea to consider adding this kind of analysis to MD&A if it is not already included.

 

  1. Perks Disclosures

The SEC Enforcement Division continues to keep a watchful eye on how companies are disclosing perks.  As you can read in this post, enforcement cases focus on issues ranging from companies not using the right definition of perks to not disclosing all perks paid to officers.  It would be wise, in advance of developing information for the proxy, to review how your company computes and discloses perks.

 

  1. Shareholder Proposal Processes

As the Division of Corporation Finance announced on December 13, 2021, it has changed its policy and will now respond in writing to no-action requests regarding shareholder proposals.  This change should be incorporated into the planning schedule for proxy statements and annual meetings.

As always, your thoughts and comments are welcome!  If you have any tips you would like to add, feel free to put them in a comment.

SEC Finalizes Holding Foreign Companies Accountable Act Reporting

Reporting

On December 2, 2021, the SEC adopted rules finalizing implementation of the Holding Foreign Companies Accountable Act (HFCAA).  The HFCAA requires a company to make certain submissions and disclosures if the auditor’s report on the financial statements in its annual report is issued by an auditor located in a foreign jurisdiction where the PCAOB is unable to inspect the auditor’s work.

The Final Rule specifies the SEC’s process to identify affected companies, which are referred to as “Commission-Identified Issuers.”  This process is based on an identification of auditors whose work is not subject to inspection in a related PCAOB Rule.  Identified companies are required to “provide information documenting that they are not owned or controlled by a governmental entity in its public accounting firm’s foreign jurisdiction on or before the due date of their annual report.”

According to the related Fact Sheet, “Commission-Identified Issuers,” that also meet the definition of “foreign issuer” in Rule 3b-4, will be required to make disclosures for itself and other related entities, that include:

  •  During the period covered by the form, the registered public accounting firm has prepared an audit report for the issuer;
  •  The percentage of the shares of the issuer owned by governmental entities in the foreign jurisdiction in which the issuer is incorporated or otherwise organized;
  •  Whether governmental entities in the applicable foreign jurisdiction with respect to that registered public accounting firm have a controlling financial interest with respect to the issuer;
  •  The name of each official of the Chinese Communist Party who is a member of the board of directors of the issuer or the operating entity with respect to the issuer; and
  • Whether the articles of incorporation of the issuer (or equivalent organizing document) contains any charter of the Chinese Communist Party, including the text of any such charter.

The definition of “foreign issuer” is in Exchange Act Rule 3b-4:

3b-4 Definition of “foreign government,” “foreign issuer” and “foreign private issuer”.

The term foreign issuer means any issuer which is a foreign government, a national of any foreign country or a corporation or other organization incorporated or organized under the laws of any foreign country.

You can read more in this Fact Sheet and the Final Rule.

As always, your thoughts and comments are welcome!

A Busy Holiday Season at the SEC

Hot Topic, Reporting

The SEC was busy in the weeks before the holiday season, taking several significant actions.  Here is a summary you can use to explore each development.

Latest Reg Flex Agenda

The SEC published its latest regulatory agenda, which you can review here.  Key issues to be addressed in the near-term include climate change and human capital resources disclosures.  Cybersecurity risk governance is also on the agenda.

Proposed New Rules for 10b5-1 Plans

On December 15, 2021, the SEC proposed amendments to Rule 10b5-1 to “strengthen the affirmative defense to insider trading” provided by the rule.  Details are in this related Fact Sheet and the Proposed Rule.  One significant change would be a 120-day cooling-off period before trading could begin under a plan.

Proposed New Rules and Disclosures for Stock Buybacks

On December 15, 2021, the SEC proposed amendments to its rules requiring disclosure about repurchases of equity securities.  You can read more in this Fact Sheet and the Proposed Rule.  Companies would be required to provide a new Form SR before the end of the first business day following a buyback.  In addition, periodic disclosures would include disclosure of the objective of share repurchases and any related process.

CorpFin Announcement Personally Identifiable Information in Rule 14a-8 Submissions

On December 17, 2021, CorpFin issued this Announcement requiring companies to redact all personally identifiable and any other related sensitive information from Rule 14a-8 submissions related to shareholder proposals.  The announcement also addresses how shareholder proponents should limit the amount of personally identifiable and sensitive information they include in correspondence to only information required to establish their eligibility to submit a proposal.

As always, your thoughts and comments are welcome!

CorpFin Staff to Respond in Writing to Shareholder Proposal Requests

Uncategorized

On December 13, 2021, in this brief Announcement, the CorpFin staff stated they will return to the policy of issuing written responses to all shareholder no-action letter requests.  The Division’s response letters will be posted on their website.  In 2019, the Division implemented a policy of responding in writing only in limited instances and instead provided information in a chart on their webpage.  The Division expects to publish a similar chart at the end of the proxy season.

The policy change to respond to all written no-action requests in writing is effective from December 13, 2021, the publication date of the notice.

As always, your thoughts and comments are welcome!

Cybersecurity Insights from Commissioner Roisman

Hot Topic, Reporting

On October 29, 2021, SEC Commissioner Elad L. Roisman delivered a speech to the Los Angeles County Bar titled “Cybersecurity: Meeting the Emerging Challenge.”  In this speech he addresses important cybersecurity matters, beginning with this introductory section – “Understanding that You May be a Victim.”

“Before I go further, it’s important to acknowledge a point that is sometimes overlooked in discussions about cybersecurity.  In the case of cyber-crimes, companies are the targets and victims.  The last thing a company wants is to suffer this kind of criminal and illegal attack.  But, today, the threat of a cyber-attack is so constant and significant for every market participant that it should be viewed as a substantial likelihood.

The SEC has imposed specific obligations on particular registrants relating to certain cybersecurity risks.  But it’s undeniable that our registrants, who have more general obligations under the securities laws—such as to serve the best interests of clients or to shareholders—also are accountable for taking measures to prevent and mitigate damage from these threats as part of their broader responsibilities.

Accordingly, it has become increasingly important for market participants to work with counsel and other experts on preparing for potential cyber-attacks before they happen—that is, devising a plan for monitoring for cyber threats, responding to potential breaches, and understanding when information must be reported outside the company and to whom.”

After this assertion that cyber-attack should be viewed as a risk with a “substantial likelihood” and that companies should take measures to address this risk, he discusses cybersecurity risk for a variety of entities that the SEC regulates, including exchanges, SRO’s, advisors, broker dealers and others.

In the section addressing public issuers, he reviews the SEC’s 2018 Release “Commission Statement and Guidance on Public Company Cybersecurity Disclosures.”  In a related footnote he mentions that the Division of Corporation Finance “blazed trail” for this release with Disclosure Guidance Topic 2.  He reminds issuers that disclosure requirements in areas including risk factors, description of the business and MD&A may create obligations to disclose cybersecurity-related matters.  He also mentions that the 2018 Release focuses on  the importance of disclosure controls and procedures.  (See this post for an enforcement case about cybersecurity-related disclosure controls and procedures.)

Commissioner Roisman also discusses internal accounting controls over cybersecurity risk, mentioning the SEC’s 2018 “21(a) Report” that focused on cases where companies had been victimized in cybersecurity-related fraud.  That report, which did not enforce against the victim companies, reminded companies that internal accounting controls should address these kinds of risks.

Commissioner Roisman notes that the SEC’s rulemaking agenda includes issuer cybersecurity matters, but that no formal rulemaking has taken place yet.  He provides these thoughts about possible rulemaking:

“But I will let you know some of the things that I would be looking for as I consider any additional rules in this area.  First, we need to define any new legal obligations clearly.  Second, we need to make sure that these obligations do not create inconsistencies with requirements established by our sister government agencies.  Third, we should recognize that some registrants have greater resources than others, and we should not try to set the resource requirements for an entity.  And finally, because issuers’ businesses vary, the cybersecurity-related risks they face also will vary, and therefore a principles-based rule would likely work best.”

Commissioner Roisman’s thoughts provide helpful insights that can lead to action steps as we address cybersecurity risk going forward.

As always, your thoughts and comments are welcome!