All posts by George Wilson

SEC Proposes Rules on Cybersecurity Disclosures

Hot Topic

On March 9, 2022, in a highly anticipated meeting, the SEC proposed rules that would require enhanced disclosures about material cybersecurity incidents and public companies’ policies and procedures surrounding cybersecurity risk.

As you can read in the accompanying Fact Sheet, the Proposed Rule would:

  • Require disclosure on Form 8-K of material cybersecurity incidents,
  • Require periodic updating of information about previously disclosed incidents, and
  • Require periodic disclosures including policies and procedures to identify and manage cybersecurity risks, management’s role in such policies and procedures, and information about board expertise and oversight of cybersecurity risk.

The Proposed Rule will have a comment period of 60 days from publication on the SEC’s website or 30 days after publication in the Federal Register, whichever is longer.

As always, your thoughts and comments are welcome!

Chair Gensler Cybersecurity Speech – Cybersecurity and Securities Law

Hot Topic, Reporting

On March 9, 2022, as you can read in this Meeting Notice, the SEC is meeting to consider rule making about “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.”

As a bit of background, on January 24, 2022, Chair Gary Gensler delivered a speech titled “Cybersecurity and Securities Laws” at the Northwestern Pritzker School of Law’s Annual Securities Regulation Institute.  He addressed cybersecurity from a variety of perspectives, including a discussion of what may be the very first “hack”, a telegraph scheme in France in 1834!  His remarks included this discussion of public company cybersecurity disclosures, which provides important insights for drafting risk factor and related cybersecurity disclosures in 34 Act reports:

Public Companies

Next, let me turn to public companies’ disclosure with respect to cyber risk and cyber events.

The basic bargain is this: Investors get to decide what risks they wish to take. Companies that are raising money from the public have an obligation to share information with investors on a regular basis.

Disclosure regimes evolve over the decades. Cybersecurity is an emerging risk with which public issuers increasingly must contend.

Thus, I’ve asked staff to make recommendations for the Commission’s consideration around companies’ cybersecurity practices and cyber risk disclosures. This may include their practices with respect to cybersecurity governance, strategy, and risk management.

A lot of issuers already provide cyber risk disclosure to investors. I think companies and investors alike would benefit if this information were presented in a consistent, comparable, and decision-useful manner.

In addition, I’ve asked staff to make recommendations around whether and how to update companies’ disclosures to investors when cyber events have occurred.

Make no mistake: Public companies already have certain obligations when it comes to cybersecurity disclosures. If customer data is stolen, if a company paid ransomware, that may be material to investors. As recent cases show, failure to make accurate disclosures of cybersecurity incidents and risks can result in enforcement actions.

You can find links to discussions of cybersecurity enforcement cases listed in this post about SEC enforcement priorities.

As always, your thoughts and comments are welcome!

SEC Acting Chief Accountant Statement – FASB Agenda Consultation

Reporting

On February 22, 2022, SEC Acting Chief Accountant Paul Munter issued a Statement titled “Statement on the FASB’s Agenda Consultation: Engagement with Investors and Other Stakeholders Vital to Development of High Quality Accounting Standards.”

After a brief review of the FASB’s Agenda Consultation project Dr. Munter states:

“It is critically important that the FASB, and the Trustees of the Financial Accounting Foundation (the “FAF”) in its important oversight role over the FASB, continue to improve processes for obtaining and considering investor and other stakeholder feedback, and for clearly communicating with those stakeholders regarding how that feedback has impacted the standard-setting process. On behalf of Commission staff in OCA, in this statement, we highlight below why engagement with investors and other stakeholders is vital to the FASB’s ability to develop high quality accounting and financial reporting standards, and we provide observations on the FASB’s standard-setting process, its agenda consultation, and the related ITC feedback from investors and other stakeholders.”

The Statement then provides the Acting Chief Accountant’s observations on the Agenda Consultation project in areas including:

  • The Importance of Investors and Other Stakeholders to the Standard-Setting Process
  • Overall Feedback and Making the Case for Change
  • Disaggregation of Financial Reporting Information
  • Climate-Related Transactions and Disclosures
  • Digital Assets

As you read the Statement, you may want to focus on Dr. Munter’s discussion of the costs of preparing disaggregated information, the FASB’s goodwill project, and accounting and disclosures for digital assets.

The conclusion of the Statement includes this thought:

The financial reporting system’s collective objective of providing investors with high quality financial reporting demands that all stakeholders seek ways to improve and better address the needs of investors. In that regard, it is important that both the FAF and FASB focus on continued improvement in the fulfillment of their respective roles and responsibilities in the financial reporting system—especially in their efforts to more promptly address significant and evolving investor needs within the context of the financial statements.

As always, your thoughts and comments are welcome.

SEC Issues Staff Accounting Bulletin 120 Addressing “Spring-Loaded” Share-Based Payments

Reporting

On November 24, 2021, the SEC Staff issued Staff Accounting Bulletin 120 to address recognition of compensation expense if a company enters into share-based payment transactions when in possession of material non-public information.  Such share-based payment transactions are frequently referred to as “spring-loaded.”  The SAB provides the staff’s views that companies must consider the impact of the release of material non-public information when estimating the fair value of such grants.

The SAB describes its objective with this language:

“Specifically, the staff is updating the Series to provide additional guidance to companies estimating the fair value of share-based payment transactions in accordance with Topic 718 regarding the determination of the current price of the underlying share and the estimation of the expected volatility of the price of the underlying share for the expected term when the company is in possession of material non-public information.”

The SAB includes a number of examples dealing with these issues.  It also updates various other SAB areas to conform with ASC 718.

As a reminder the Press Release closes with these words:

“The statements in SABs are not rules or interpretations of the Commission nor are they published bearing the Commission’s official approval. They represent interpretations and practices followed by the Division of Corporation Finance and the Office of the Chief Accountant in administering the disclosure requirements of the federal securities laws.

As always, your thoughts and comments are welcome!

HeadSpin Enforcement – Avoiding Penalties

Reporting

On August 25, 2021, the SEC announced charges against the former CEO of HeadSpin, Inc.  HeadSpin is a private tech company in Silicon Valley.  According to the Press Release and related SEC Complaint, the former CEO falsely manipulated sales records and key performance metrics.  The SEC alleges that the former CEO exerted control over HeadSpin’s financial reporting and was able to misstate results with actions such as creating false invoices and altering real invoices.

In this type of announcement the SEC almost always includes language that their investigation “is continuing.”  Usually further cases follow against the company and other parties.  The SEC did enforce against HeadSpin, but, surprisingly, the enforcement action did not assess penalties against the company.  As outlined in the SEC’s January 28, 2022,  Press Release and Complaint, it was an internal investigation started by the company’s Board of Directors that discovered the CEO’s actions.  Additionally, the company took significant remedial steps including removal of the CEO, hiring new senior management and repaying investors.  Based on these steps and others outlined in the Complaint,  the SEC settled fraud charges against the company without any penalty.

Both the Press Release and SEC Complaint offer valuable insights about steps companies can take when such a problem is discovered.

As always, your thoughts and comments are welcome!

A Climate Change Comment Letter

ESG, Hot Topic

On February 24, 2021, Acting Chair Allison Herren Lee issued a Statement on the Review of Climate-Related Disclosure  where she directed the CorpFin staff to “enhance its focus on climate-related disclosures” in filing reviews.  On September 22, 2021, CorpFin issued a Sample Letter to Companies Regarding Climate Change Disclosures to provide example climate change comments.  The issues raised in the sample letter to companies are consistent with the SEC’s 2010 FR-82 – Commission Guidance Regarding Disclosure Related to Climate Change.  You can find more background in this blog post.

The staff posts all the comment letters and responses from an individual company review twenty business days or more after the review is closed.  Some climate change related reviews are now being posted on the EDGAR system.  Cintas, Monster, and Palo Alto Networks are among the companies that have received climate change related comment letters.

Cintas received a climate change related comment letter in September 2021.  You can read the complete SEC comment letters and company responses with these links:

            First SEC comment letter – Dated September 16, 2021 – five climate comments

            First company response  – Dated September 28, 2021

            Second SEC comment letter – Dated October 21, 2021

            Second company response – Dated November 3, 2021

            Closing letter – Dated January 14, 2022

The first comment in the SEC’s letter to Cintas is essentially the same as the first example in the Sample Letter to Companies:

  1. We note that you provided more expansive disclosure in your CSR report than you provided in your SEC filings. Please advise us what consideration you gave to providing the same type of climate-related disclosure in your SEC filings as you provided in your CSR report.

The company’s first response to this comment was:

Response: In response to the Staff’s comment, the Company respectfully advises the Staff that the Company’s Environmental, Social and Governance Report (“ESG Report”) is designed to provide selected information regarding the Company’s ESG performance to a broad audience that includes investors, employee-partners, customers, communities, suppliers and other interested parties. As a result, the ESG Report may include detailed information, such as information regarding the Company’s efforts to reduce energy use and greenhouse gas (“GHG”) emissions, that is beyond the scope of the information that is required to be disclosed pursuant to applicable SEC rules and/or regulations. When considering whether to include climate-related disclosure in its SEC filings, including the type of climate-related disclosure provided in the ESG Report, the Company takes into account applicable SEC rules and regulations, including Item 101, Item 103, Item 105 and Item 303 of Regulation S-K, as well as the SEC’s Compliance and Disclosure Interpretations, available guidance from the Staff (including the SEC’s 2010 Commission Guidance Regarding Disclosure Related to Climate Change) and applicable standards of materiality. The Company also considers that, while certain climate-related information may be of interest to readers of the ESG Report, such information may not be material to investors in the context of an SEC filing, while SEC filings may otherwise include separate climate-related disclosure required pursuant to Regulation S-K and other applicable SEC rules, regulations and guidance. The Company respectfully advises the Staff that it will, in response to the Staff’s comment, and historical practice, continue to evaluate its climate-related disclosure in SEC filings in light of applicable SEC rules, regulations and guidance and applicable standards of materiality.

The SEC’s follow-up comment letter did not raise this issue again.

The fourth comment in the original letter addressed, consistent with FR-82 and the Sample Letter, the indirect effects of climate change:

  1. To the extent material, discuss the indirect consequences of climate-related regulation or business trends, such as the following:
  • decreased demand for goods or services that produce significant greenhouse gas emissions or are related to carbon-based energy sources;
  • increased demand for goods or services that result in lower emissions than competing products;
  • increased competition to develop innovative new services that result in lower emissions; and
  • any anticipated reputational risks resulting from operations or products that produce material greenhouse gas emissions.

The companies first response to this comment was:

Response: In response to the Staff’s comment, the Company respectfully advises the Staff that the Company considers applicable SEC disclosure rules, regulations, and guidance, including Item 101, Item 105 and Item 303 of Regulation S-K, when preparing its SEC filings and, as applicable and to the extent material, evaluates disclosure regarding indirect consequences of climate-related regulation or business trends. As of the filing of the Form 10-K, however, the Company had not identified any material indirect consequences of climate-related regulation or business trends. The Company respectfully advises the Staff that it will, in response to the Staff’s comment, and historical practice, continue to evaluate its climate-related disclosure in SEC filings, including disclosure regarding the indirect consequences of climate-related regulation or business trends, in light of applicable SEC rules, regulations and guidance and applicable standards of materiality.

The SEC’s second letter included a follow-up comment about this issue:

  1. Your response to prior comment 3, which states that you have not identified any material indirect consequences of climate-related regulation or business trends, appears to be conclusory without providing sufficient detail. Please provide us with additional support for your conclusion, including with regard to the individual items noted in our prior comment.

The company’s second response expanded its answer:

Response: As background for the Staff, the Company respectfully advises the Staff that the Company provides certain products and services that generally enhance its customers’ image and help keep customers’ facilities and employees clean and safe. These products and services include uniforms through rental and sales programs, mats, mops, restroom supplies, first aid and safety products, fire extinguishers and testing and safety training. None of these products produce significant greenhouse gas emissions. The Company generally provides these products to customers via approximately 11,000 local delivery routes. These local delivery routes are run by Company employees on Company-owned trucks. These trucks do create greenhouse gas (“GHG”) emissions in compliance with current regulatory emissions requirements. Many of the Company’s products, such as uniforms, mats, mops and other rentable products, are laundered in Company-owned laundry facilities. The laundering process uses water and energy to run the washers, dryers and other processing equipment.

In response to the Staff’s comment, the Company respectfully advises the Staff that, at the time of the filing of the Form 10-K and to date, aside from the general economic effects of the COVID-19 pandemic on its customers, the Company did not experience and has not experienced any significant decreased demand for products or services, whether such products or services might produce significant GHG emissions or are related to carbon-based energy sources, or significant demand for products or services that might result in lower emissions than competing products or services. The Company did not identify and has not identified any significant changes in competition due to innovative new services that result in lower emissions. While the Company has had inquiries from customers and investors about its fleet and laundry processes with regards to GHG emissions and other carbon-based energy impacts, the Company did not identify and has not identified any material reputational risks resulting from these inquiries.

The next letter the SEC sent to the company was the closing letter, which included the SEC’s standard closing language:

We have completed our review of your filing. We remind you that the company and its management are responsible for the accuracy and adequacy of their disclosures, notwithstanding any review, comments, action or absence of action by the staff.

As always, your thoughts and comments are welcome!

A Climate Change Related SEC Comment

Hot Topic, Reporting

Climate change has been a major and well publicized part of the SEC’s agenda in the last year.  As you can read on the climate change section of the SEC’s webpage, CorpFin focused on climate change in the review process, the Enforcement Division formed a climate change task force, and the Commission issued an Invitation to Comment on climate change related matters.

CorpFin comment letters have addressed climate change.  On September 22, 2021, the staff issued this sample letter to companies providing examples of the types of comments it is issuing.

A recent comment letter to CarMax Auto Funding LLC regarding a registration statement disclosure provides an example of a climate change comment:

Risk Factors, page 38

  1. To the extent that you believe investors in these asset-backed securities may be impacted by climate related events, including, but not limited to, existing or pending legislation or regulation that relates to climate change, please consider revising your disclosure to describe these risks. See the Commission’s Guidance Regarding Disclosure Related to Climate Change, Interpretive Release No. 33-9106 (February 8, 2010).

The Interpretive Release mentioned in this comment, also known as FR 82, can be found here.

The company responded to this comment with modified risk factor disclosure.  You can find the modified risk factor and an example of a risk factor summary in the registration statement.

As always, your thoughts and comments are welcome.

New Requirement to Tag Auditor Information

10-K/10-Q Tips, Reporting

On December 2, 2021, the SEC adopted a Final Rule implementing the requirements of the Holding Foreign Companies Accountable Act (HFCAA).  You can read more and find a link to the related Fact Sheet here. (Remember to include new Item 9C in your next 10-K!)

To implement the reporting required by the HFCAA the SEC must determine each reporting company’s auditor and the auditor’s location.  The Final Rule includes an addition to the “Document Entity and Information” section of the XBRL taxonomy for this information:

Consistent with these commenters’ suggestions, the final amendments include a new tagging requirement to facilitate the Commission’s accurate and efficient identification of Commission-Identified Issuers. To implement this requirement, in December 2021, the Document Entity and Information (“DEI”) taxonomy will be updated to include three additional data elements, applicable to annual report filings on Forms 10-K, 20-F, and 40-F that are submitted with XBRL presentations.  Those three data elements will identify the auditor (or auditors) who have provided opinions related to the financial statements presented in the registrant’s annual report, the location where the auditor’s report has been issued, and the PCAOB ID Number(s) of the audit firm(s) or branch(es) providing the opinion(s).

The update to the EDGAR filing manual was released on December 20, 2021.  All annual reports for periods ending on or after December 15, 2021, will require these new tags.

Details of the new tags are included in Volume II of the EDGAR Filer Manual.  Section 6.5.54 begins with this language:

Auditor Name, Location, and Firm ID

The name represents the plain text (not logo nor signature) name of the auditor; the location text represents the city along with either or both country, US state or Canadian province; the firm ID is the auditors’ Firm ID as assigned by the US PCAOB.

If the DEI namespace version used in the filing has those three standard elements, then the absence of any of the three facts will cause the filing to be suspended (see table in 6.5.21).

If the DEI namespace version used in a filing does not have the three standard elements, the use of that DEI namespace version will cause the filing to be suspended. The filer will need to resubmit the filing with a DEI namespace version that has the three standard elements.

All three facts must also be visible in the sense defined by 5.2.5.14, and should be tagged where they normally appear, adjacent to the auditors’ opinion.

An interesting aspect of this change is that generally only information prepared by the company is tagged.  How information about the company’s auditor will be tagged by management is likely something companies should discuss with their auditors.

As always, your thoughts and comments are welcome.

A Few Form 10-K Tips and Reminders

10-K/10-Q Tips, Reporting

As year-end reporting ramps up, this post focuses on nine areas that are new or frequently mishandled in the annual reporting and proxy processes.  It will hopefully help:

            Deal with recent changes in Form 10-K and the proxy process, and

            Avoid frequent errors in 10-K form and content.

  1. What to do with old 10-K Item 6?

Anytime the SEC makes changes to the items or item numbers in Form 10-K there is confusion about handling these changes.  This is the case right now with old Item 6 – Selected Financial Data.

The first step to getting this change right is to review the most recent version of the Form 10-K Instructions at the SEC’s webpage.  There you will find Item 6 still included but with a different title:

            Item 6. [Reserved]

The second step is to remember that Exchange Act Rule 12b-13 requires that all item numbers in the instructions must be included in a report:

12b-13 Preparation of statement or report.

The statement or report shall contain the numbers and captions of all items of the appropriate form, but the text of the items may be omitted provided the answers thereto are so prepared as to indicate to the reader the coverage of the items without the necessity of his referring to the text of the items or instructions thereto. However, where any item requires information to be given in tabular form, it shall be given in substantially the tabular form specified in the item. All instructions, whether appearing under the items of the form or elsewhere therein, are to be omitted. Unless expressly provided otherwise, if any item is inapplicable or the answer thereto is in the negative, an appropriate statement to that effect shall be made.

Thus, the right approach is to include Item 6, but use the new title – [Reserved].

 

  1. Being Sure to Include New Item 9C.

Speaking of new Form 10-K Item numbers, earlier in 2021 the SEC added new Item 9C:

Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections.

This disclosure is related to the Holding Foreign Companies Accountable Act.  You can read more in this blog post.  While this will not apply to many companies, as mentioned above, this new item should be included in your year-end 10-K.

 

  1. Double-Check Your Exhibit (4)(vi).

You might ask, “Is Exhibit (4)(vi) still an issue?”  Surprisingly, the answer is yes.  When the SEC’s Disclosure Modernization process added this exhibit to Form 10-K to include information about a company’s securities, an omission in the Final Rule language created confusion about the requirement.  You can read more in this post with all the details.  That confusion continues to today, so, to be clear, Form 10-K requires Exhibit (4)(vi), which should include the following from S-K Item 601:

(vi) For each class of securities that is registered under Section 12 of the Exchange Act, provide the information required by Item 202(a) through (d) and (f) of Regulation S-K
(§ 229.202 of this chapter).

Instruction 1 to paragraph (b)(4)(vi). A registrant is only required to provide the information called for by Item 601(b)(4)(vi) if it is filing an annual report under Exchange Act Section 13(a) or 15(d).

(Other instructions are omitted).

The required disclosures are found in S-K Item 202 – Description of registrants securities requirements.

 

  1. Place the S-K Item 201 Equity Compensation Plan Information in Item 12 or Your Proxy

Another common, although minor, error in many Form 10-K’s is including the S-K Item 201 Equity Compensation Plan Information in Item 5 rather than Item 12.  The 10-K instructions are a bit confusing because both Item 5 and Item 12 refer to this disclosure.  However, the staff has been clear in both a letter to the ABA and a Compliance and Disclosure Interpretation, that the table should be in Item 12 if it is included in Form 10-K.  You can read more details in this blog post.

 

  1. Consider Placing the Performance Graph in Your Annual Report to Shareholders

Another possible change some companies could consider is moving the performance graph required by S-K Item 201 to their annual report to shareholders or ARS.  The ARS is not filed information but is only furnished.  An instruction to S-K Item 201(e) makes it clear that this information is not required in Form 10-K:

  1. The information required by paragraph (e) of this Item need not be provided in any filings other than an annual report to security holders required by Exchange Act Rule 14a-3 (17 CFR 240.14a-3) or Exchange Act Rule 14c-3 (17 CFR 240.14c-3) that precedes or accompanies a registrant’s proxy or information statement relating to an annual meeting of security holders at which directors are to be elected (or special meeting or written consents in lieu of such meeting). Such information will not be deemed to be incorporated by reference into any filing under the Securities Act or the Exchange Act, except to the extent that the registrant specifically incorporates it by reference.

You can read more in this blog post.

 

  1. Metric and Non-GAAP Reminders

SEC reviews continue to find many companies failing to follow some of the basic non-GAAP measure requirements of Regulation G and S-K Item 10(e).  Year-end is a great time to review Reg G, S-K Item 10(e) and the related Compliance and Disclosure Interpretations if you include non-GAAP measures in MD&A or other documents.

 

  1. MD&A Quantification

One of the significant changes to MD&A requirements in S-K Item 303 made by the SEC’s November 2020 MD&A Final Rule was the addition of this language:

Where the financial statements reflect material changes from period-to-period in one or more line items, including where material changes within a line item offset one another, describe the underlying reasons for these material changes in quantitative and qualitative terms.

In the last several years the staff has written countless comments requesting companies to discuss changes in both quantitative and qualitative terms.  Here is one example:

Please expand your results of operations discussion to quantify the impact of each factor identified as causing changes in results between periods. For example, we note that Mountain Reported EBITDA increased as a result of strong North American pass sales growth, strong growth in visitation and spending at western U.S. resorts, and recent acquisitions. Please quantify the impact of each factor attributing to the increase, here, and throughout your discussion, in accordance with Item 303(a)(3)(iii) of Regulation S-K and Section III.D of SEC Release No. 33-6835.

Vail Resorts, Inc., February 3, 2020

With this frequent comment topic now part of the regulatory guidance in S-K Item 303, it is likely a good idea to consider adding this kind of analysis to MD&A if it is not already included.

 

  1. Perks Disclosures

The SEC Enforcement Division continues to keep a watchful eye on how companies are disclosing perks.  As you can read in this post, enforcement cases focus on issues ranging from companies not using the right definition of perks to not disclosing all perks paid to officers.  It would be wise, in advance of developing information for the proxy, to review how your company computes and discloses perks.

 

  1. Shareholder Proposal Processes

As the Division of Corporation Finance announced on December 13, 2021, it has changed its policy and will now respond in writing to no-action requests regarding shareholder proposals.  This change should be incorporated into the planning schedule for proxy statements and annual meetings.

As always, your thoughts and comments are welcome!  If you have any tips you would like to add, feel free to put them in a comment.