Category Archives: Hot Topic

Yet One More Violation of Whistleblower Protection Rules

In two recent posts we discussed enforcement actions against Monolith Resources and CBRE, Inc. for violating the SEC’s whistleblower protection rules.  On September 29, 2023, the SEC announced its latest such case, this one against D.E.Shaw and Co. L.P., for using employment agreements that violated the whistleblower protection rules.  This violation resulted in a $10,000,000 civil penalty along with a cease-and-desist order.

You can read more details in the related Order.

All these cases send direct and clear reminders to proactively review employment, termination and similar agreements to assure they do not run afoul of the whistleblower protection rules.

As always, your thoughts and comments are welcome!

Enforcement Sends an Emphatic Section 16 Reporting Reminder

On September 27, 2023, the Enforcement Division announced settled enforcement orders against six individuals and five companies based on Section 16 and Forms 13D and 13G reporting failures.  The individuals and  companies paid fines ranging from $115,000 to $200,000.  Sanja Wadhwa, Deputy Director of the SEC’s Division of Enforcement, said:

“Today’s enforcement action should serve to remind SEC filers that reporting obligations under the securities laws are not optional, and there are consequences for failing to file required forms in a timely manner.”

This enforcement sweep is very similar to a September 2014 sweep.  You can read more in this Press Release, where you can find links to the individual orders.

As always, your thoughts and comments are welcome!

Yes, Violating Whistleblower Protection Rules Is an Enforcement Hot Topic!

In a prior blog post, we reviewed a September 8, 2023, Enforcement Order against Monolith Resources, LLC based on the company violating the SEC’s whistleblower protection rules.

Less than two weeks later, on September 19, 2023, the Enforcement Division added to the growing list of these cases with an announcement that CBRE, Inc., a wholly-owned subsidiary of NYSE-listed CBRE Group, Inc., had also violated the whistleblower protection rules.   In its separation agreements CBRE Inc. had included language requiring employees to attest “that they had not filed a complaint against CBRE with any federal agency.”  After the SEC commenced its investigation, the company took strong remedial steps.  In settling the case CBRE, Inc. paid a civil penalty of $375,000.

You can read more in the related SEC Order.

As always, your thoughts and comments are welcome!

Another 12b-25 Enforcement Sweep

We’d like to again remind our readers that Form 12b-25 is not an automatic extension for quarterly and annual reports.  In a prior blog post, we discussed an enforcement sweep in which eight companies paid fines for failing to disclose “anticipated restatements” in Form 12b-25.

On August 22, 2023, the SEC announced another sweep that caught five companies for exactly the same issue, failing to disclose “anticipated restatements.”  These companies restated their financial statements within three to twenty-one days after filing Form 12b-25.

As a reminder, Part III of Form 12b-25 includes this instruction:

State below in reasonable detail why Forms 10-K, 20-F, 11-K, 10-Q, 10-D, N-CEN, N-CSR, or the transition report or portion thereof, could not be filed within the prescribed time period.

(Attach extra Sheets if Needed)

As always, your thoughts and comments are welcome!

Another Violation of Whistleblower Protection Rules

The SEC has enforced against several companies for including clauses in separation or employment agreements that violate whistleblower protection laws.  You can read more in these releases about settled actions with KBR, Inc. and Brink’s Company.

In a settled enforcement announced on September 8, 2023, Monolith Resources, LLC entered into a cease-and-desist order and paid a civil money penalty of $225,000 because the company included provisions in separation agreements that required certain departing employees to waive rights to whistleblower awards.  What makes this case different, is that Monolith Resources, LLC is a privately held company.

You can read more in the related Press Release and SEC Order.

As always, your thoughts and comments are welcome!

FASB Projects Progressing

In this post from May 2023, we overviewed four FASB projects that will likely require significant implementation efforts.  These coming new standards will require new disclosures that will involve system and reporting complexities.  The four projects are:

    • Segment Reporting,
    • Improvements to Income Tax Disclosures,
    • Disaggregation – Income Statement Expenses, and
    • Accounting for and Disclosure of Crypto Assets.

Each of the projects has progressed to the Proposed ASU stage.  Segment reporting, income tax disclosures and crypto asset accounting and disclosure are all in the final standard process.  Below are summaries and links to the most recent developments for each project.

Segment Reporting

The FASB’s Technical Agenda indicates that a Final ASU for segment reporting is expected during the third quarter of 2023.  While this project does not change the operating segment definition, it will increase disclosures about segments.  As you can read in this Project Update and the related Proposed ASU, the project will introduce a new disclosure principle focused on “significant” expenses that would be used to determine which expense categories should be disclosed for individual segments.  It also would require disclosure of “other segment items” and apply these same requirements to companies that report a single segment.  There are several comment letters related to the Proposed ASU, including this thoughtful letter from a group of University of Denver accounting students that includes a discussion about the Proposed ASU’s use of the term “significant.”

Improvements to Income Tax Disclosures

According to the FASB’s Technical Agenda, a Final ASU for this project is projected to be issued in the fourth quarter of 2023.  As described in the related Project Update, this new standard will not change accounting for income taxes but will require new disclosures focusing on two areas, the effective rate reconciliation and taxes paid.  You can read the March 15, 2023, Proposed ASU and related comment lettersfor more background, including this interesting comment letter from the Global Reporting Initiative.  The due date for comment letters was May 30, 2023.  Disclosures that may present significant challenges, particularly for companies that operate in multiple jurisdictions, include:

    • A proposed breakdown in the effective rate reconciliation addressing eight specific categories and related qualitative disclosure, and
    • Details of taxes paid including disaggregated information about taxes paid by jurisdiction.

Disaggregation – Income Statement  Expenses

On July 31, 2023, the FASB issued a Proposed ASU for this project.  Comments are due by October 30, 2023.  As you can read in the Project Update, the proposal would require significant incremental disclosures about certain types of expenses, including:

    • Inventory and manufacturing expense,
    • Employee compensation,
    • Depreciation,
    • Intangible asset amortization, and
    • Depreciation, depletion, and amortization recognized as part of oil- and gas-producing activities.

Additional disaggregated information about inventory and manufacturing costs would also be disclosed.  The Proposed ASU includes several examples of the proposed expense disclosures.

Accounting for and Disclosure of Crypto Assets

According to the FASB’s Technical Agenda, a Final ASU for this project is projected to be issued in the fourth quarter of 2023.  While this project may not affect as many companies as the three discussed above, it does create accounting guidance for certain crypto assets where there was no formal guidance before.  It would require that crypto assets, as defined by the Board, would be accounted for at fair value with unrealized gains and losses recognized in income.  This would be a major change from the existing indefinite lived intangible asset accounting model currently applied to such assets.  You can read more in this March 23, 2023, Proposed ASU and this Tentative Board Decisions document.  The comment period for the Proposed ASU ended on June 6, 2023, and you can read comment letters here, including this interesting letter from MicroStrategy, a large holder of bitcoin.

As always, your thoughts and comments are welcome!

New Insider Trading Plan C&DIs and a Tip for Keeping Up with CorpFin Developments

In our workshops we discuss the various avenues through which CorpFin provides reporting and filing guidance.  Perhaps more importantly, we also review how to keep current with new guidance.  One very helpful tool is the “What’s New” section of CorpFin’s homepage (located on right side of page).

While this “What’s New” box looks like a heading for the column below, it is actually a link to this helpful webpage where CorpFin usually announces new guidance:

As you can see, on August 25, 2023, CorpFin issued several new C&DIs related to the recent Insider Trading Arrangements Final Rule.  The new C&DIs, among other things, clarify that the new check box on Form 4 to indicate that a trade was conducted pursuant to a plan does not apply to plans adopted before the Final Rule’s effective date, and that the cooling-off period provision related to “[t]wo business days following the disclosure of the issuer’s financial results in a Form 10-Q or Form 10-K for the completed fiscal quarter in which the plan was adopted” does not include the date of filing.

As always, your thoughts and comments are welcome!

The Enforcement Division’s Perks Focus Continues

On June 20, 2023, the SEC Enforcement Division announced the latest in a continuing series of perks-focused enforcement cases.  This latest case involved Stanley Black and Decker, Inc. (SBD) and a former company officer, Jeffrey Ansell.

According to the SEC’s Order, SBD failed to disclose “at least $1.3 million” in perks paid to four named executive officers and one director.  These perks related primarily to the use of the company aircraft.

Ansell, who had been Executive Vice President of SBD and President of SBD’s Tools & Storage segment, “received undisclosed compensation that consisted, in part, of $280,000 in personal expenses he charged to the company,” according to the SEC Press Release.

In an example of how cooperation with the SEC can impact on the enforcement process, the SEC did not impose a civil penalty against SBD.  As you can read in the Order, SBD’s cooperation was extensive.  It included a special investigation by outside counsel under the oversight of a Special Committee of independent directors, prompt self-reporting, extensive cooperation with the Enforcement Division, and prompt remedial actions and public reporting of the misstatement.  In addition, based on the company’s self-reporting, cooperation, and remediation, the SEC did not bring any charges against the company because of Ansell’s conduct.

Gurbir S. Grewal, Director of the Enforcement Division, made this comment in the Press Release announcing the action:

“Today’s action not only reaffirms the Commission’s commitment to enforcing executive compensation disclosure rules, but also to incentivizing self-reporting and cooperation when entities and individuals discover violations of the federal securities laws.”

Ansell paid a $75,000 civil money penalty.

Many perks enforcement cases find that companies do not use the appropriate definitions and processes to determine perks.  The SEC’s Order (with a bit of a call back to the Dow case), quotes the Adopting Releasethat enacted the current requirements for perks disclosure:

“…an item is not a perquisite or personal benefit,” and does not need to be reported, “if it is integrally and directly related to the performance of the executive’s duties. Otherwise, an item is a perquisite or personal benefit if it confers a direct or indirect benefit that has a personal aspect, without regard to whether it may be provided for some business reason or for the convenience of the company, unless it is generally available on a non-discriminatory basis to all employees.”

The SEC’s Order draws from the Adopting Release stating:

“…the concept of a benefit that is ‘integrally and directly related’ to job performance is a narrow one,” which “draws a critical distinction between an item that a company provides because the executive needs it to do the job, making it integrally and directly related to the performance of duties, and an item provided for some other reason, even where that other reason can involve both company benefit and personal benefit.”

Again, from the SEC’s Order, even where the company:

“…has determined that an expense is an ‘ordinary’ or ‘necessary’ business expense for tax or other purposes or that an expense is for the benefit or convenience of the company,” that determination “is not responsive to the inquiry as to whether the expense provides a perquisite or other personal benefit for disclosure purposes.” Indeed, “business purpose or convenience does not affect the characterization of an item as a perquisite or personal benefit where it is not integrally and directly related to the performance by the executive of his or her job.”

As always, your thoughts and comments are welcome!

SEC Adopts New Cybersecurity Rules

On July 26, 2023, the SEC adopted a Final Rule significantly expanding cybersecurity disclosure requirements.  The rule adds Item 1.05 to Form 8-K to disclose material cybersecurity incidents and new Item 106 to Regulation S-K to require annual disclosures about cybersecurity governance, risk management and strategy in Form 10-K.  Similar changes have been made to Forms 20-F and 6-K for Foreign Private Issuers.

The transition for the new Item 1.05 Form 8-K and related Form 6-K disclosures is the later of 90 days after the date of publication of the Final Rule in the Federal Register or December 18, 2023.  Smaller reporting companies have an additional 180 days for the Form 8-K changes.

The transition for the new annual report disclosures on Form 10-K and Form 20-F is for fiscal years ending on or after December 15, 2023.

The new disclosures must be tagged with iXBRL beginning one year after the initial disclosure requirements.

New Form 8-K Item 1.05

Item 1.05 requires disclosure of a cybersecurity incident within four days of a company determining that a cybersecurity incident has occurred and is material.  General Instruction B.1. to Form 8-K now states:

A report pursuant to Item 1.05 is to be filed within four business days after the registrant determines that it has experienced a material cybersecurity incident.

Disclosure on Form 8-K may be delayed if the “United States Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety.”  In this case the U.S. Attorney general must notify the SEC in writing.

The instructions to Form S-3 have been amended to add the Item 1.05 Form 8-K to the list of 8-Ks where late filing does not affect Form S-3 eligibility.

The Instructions for the new Item are:

Item 1.05 Material Cybersecurity Incidents.

(a) If the registrant experiences a cybersecurity incident that is determined by the registrant to be material, describe the material aspects of the nature, scope, and timing of the incident, and the material impact or reasonably likely material impact on the registrant, including its financial condition and results of operations.

The instructions also state:

A registrant need not disclose specific or technical information about its planned response to the incident or its cybersecurity systems, related networks and devices, or potential system vulnerabilities in such detail as would impede the registrant’s response or remediation of the incident.

Similar changes are made to Form 6-K.

New Form 10-K Disclosures

Cybersecurity disclosures will be presented in new Item 1.C. in Part I of Form 10-K.  The following has been added to the instructions to the Form:

Part I
**** *
Item 1C. Cybersecurity.
(a) Furnish the information required by Item 106 of Regulation S-K (§ 229.106 of this chapter).

New S-K Item 106 defines various terms and requires disclosures in two main areas:

      • Risk management and strategy; and
      • Governance

Risk management and strategy disclosures includeprocesses, if any, for assessing, identifying, and managing material risks from cybersecurity threats.”  These disclosures should address whether cybersecurity risk management is integrated into the company’s overall risk management processes, information about the use of outside resources and how the company addresses cybersecurity risk in the use of third party service providers.

In an MD&A like requirement, risk management and strategy disclosures should also address whether cybersecurity risks “have materially affected or are reasonably likely to materially affect the registrant, including its business strategy, results of operations, or financial condition and if so, how.”

Governance disclosures should describe the board of directors’ oversight of cybersecurity risks The Final rule also states, “If applicable, identify any board committee or subcommittee responsible for the oversight of risks from cybersecurity threats and describe the processes by which the board or such committee is informed about such risks.”  Companies must also include details about management’s role in assessing and managing material cybersecurity risk.  Not included in the Final Rule was a provision in the proposed rule to address board expertise in the cybersecurity area.

You can read the entire text of new Item 106 and the related definitions on page 169 of the Final Rule.

Similar changes are made to Form 20-F in a new Item 16K.

As always, your thoughts and comments are welcome.

Cybersecurity Risk Rulemaking Moving Towards a Final Rule

On July 19, 2023, the SEC announced that they will hold an open meeting on July 26, 2023 to consider adopting final rules “to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934.”

The related Proposed Rule was published on March 9, 2022.

You can find more details in the meeting agenda and the information about the meeting webcast in the Sunshine Act Notice.

As always, your thoughts and comments are welcome.