We’d like to again remind our readers that Form 12b-25 is not an automatic extension for quarterly and annual reports.  In a prior blog post, we discussed an enforcement sweep in which eight companies paid fines for failing to disclose “anticipated restatements” in Form 12b-25.

On August 22, 2023, the SEC announced another sweep that caught five companies for exactly the same issue, failing to disclose “anticipated restatements.”  These companies restated their financial statements within three to twenty-one days after filing Form 12b-25.

As a reminder, Part III of Form 12b-25 includes this instruction:

State below in reasonable detail why Forms 10-K, 20-F, 11-K, 10-Q, 10-D, N-CEN, N-CSR, or the transition report or portion thereof, could not be filed within the prescribed time period.

(Attach extra Sheets if Needed)

As always, your thoughts and comments are welcome!

In this post from May 2023, we overviewed four FASB projects that will likely require significant implementation efforts.  These coming new standards will require new disclosures that will involve system and reporting complexities.  The four projects are:

• • Segment Reporting,
  • Improvements to Income Tax Disclosures,
  • Disaggregation – Income Statement Expenses, and
  • Accounting for and Disclosure of Crypto Assets.

Each of the projects has progressed to the Proposed ASU stage.  Segment reporting, income tax disclosures and crypto asset accounting and disclosure are all in the final standard process.  Below are summaries and links to the most recent developments for each project.

Segment Reporting

The FASB’s Technical Agenda indicates that a Final ASU for segment reporting is expected during the third quarter of 2023.  While this project does not change the operating segment definition, it will increase disclosures about segments.  As you can read in this Project Update and the related Proposed ASU, the project will introduce a new disclosure principle focused on “significant” expenses that would be used to determine which expense categories should be disclosed for individual segments.  It also would require disclosure of “other segment items” and apply these same requirements to companies that report a single segment.  There are several comment letters related to the Proposed ASU, including this thoughtful letter from a group of University of Denver accounting students that includes a discussion about the Proposed ASU’s use of the term “significant.”

Improvements to Income Tax Disclosures

According to the FASB’s Technical Agenda, a Final ASU for this project is projected to be issued in the fourth quarter of 2023.  As described in the related Project Update, this new standard will not change accounting for income taxes but will require new disclosures focusing on two areas, the effective rate reconciliation and taxes paid.  You can read the March 15, 2023, Proposed ASU and related comment lettersfor more background, including this interesting comment letter from the Global Reporting Initiative.  The due date for comment letters was May 30, 2023.  Disclosures that may present significant challenges, particularly for companies that operate in multiple jurisdictions, include:

• • A proposed breakdown in the effective rate reconciliation addressing eight specific categories and related qualitative disclosure, and
  • Details of taxes paid including disaggregated information about taxes paid by jurisdiction.

Disaggregation – Income Statement  Expenses

On July 31, 2023, the FASB issued a Proposed ASU for this project.  Comments are due by October 30, 2023.  As you can read in the Project Update, the proposal would require significant incremental disclosures about certain types of expenses, including:

• • Inventory and manufacturing expense,
  • Employee compensation,
  • Depreciation,
  • Intangible asset amortization, and
  • Depreciation, depletion, and amortization recognized as part of oil- and gas-producing activities.

Additional disaggregated information about inventory and manufacturing costs would also be disclosed.  The Proposed ASU includes several examples of the proposed expense disclosures.

Accounting for and Disclosure of Crypto Assets

According to the FASB’s Technical Agenda, a Final ASU for this project is projected to be issued in the fourth quarter of 2023.  While this project may not affect as many companies as the three discussed above, it does create accounting guidance for certain crypto assets where there was no formal guidance before.  It would require that crypto assets, as defined by the Board, would be accounted for at fair value with unrealized gains and losses recognized in income.  This would be a major change from the existing indefinite lived intangible asset accounting model currently applied to such assets.  You can read more in this March 23, 2023, Proposed ASU and this Tentative Board Decisions document.  The comment period for the Proposed ASU ended on June 6, 2023, and you can read comment letters here, including this interesting letter from MicroStrategy, a large holder of bitcoin.

As always, your thoughts and comments are welcome!

In our workshops we discuss the various avenues through which CorpFin provides reporting and filing guidance.  Perhaps more importantly, we also review how to keep current with new guidance.  One very helpful tool is the “What’s New” section of CorpFin’s homepage (located on right side of page).

While this “What’s New” box looks like a heading for the column below, it is actually a link to this helpful webpage where CorpFin usually announces new guidance:

As you can see, on August 25, 2023, CorpFin issued several new C&DIs related to the recent Insider Trading Arrangements Final Rule.  The new C&DIs, among other things, clarify that the new check box on Form 4 to indicate that a trade was conducted pursuant to a plan does not apply to plans adopted before the Final Rule’s effective date, and that the cooling-off period provision related to “[t]wo business days following the disclosure of the issuer’s financial results in a Form 10-Q or Form 10-K for the completed fiscal quarter in which the plan was adopted” does not include the date of filing.

As always, your thoughts and comments are welcome!

On July 26, 2023, the SEC adopted a Final Rule significantly expanding cybersecurity disclosure requirements.  The rule adds Item 1.05 to Form 8-K to disclose material cybersecurity incidents and new Item 106 to Regulation S-K to require annual disclosures about cybersecurity governance, risk management and strategy in Form 10-K.  Similar changes have been made to Forms 20-F and 6-K for Foreign Private Issuers.

The transition for the new Item 1.05 Form 8-K and related Form 6-K disclosures is the later of 90 days after the date of publication of the Final Rule in the Federal Register or December 18, 2023.  Smaller reporting companies have an additional 180 days for the Form 8-K changes.

The transition for the new annual report disclosures on Form 10-K and Form 20-F is for fiscal years ending on or after December 15, 2023.

The new disclosures must be tagged with iXBRL beginning one year after the initial disclosure requirements.

New Form 8-K Item 1.05

Item 1.05 requires disclosure of a cybersecurity incident within four days of a company determining that a cybersecurity incident has occurred and is material.  General Instruction B.1. to Form 8-K now states:

A report pursuant to Item 1.05 is to be filed within four business days after the registrant determines that it has experienced a material cybersecurity incident.

Disclosure on Form 8-K may be delayed if the “United States Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety.”  In this case the U.S. Attorney general must notify the SEC in writing.

The instructions to Form S-3 have been amended to add the Item 1.05 Form 8-K to the list of 8-Ks where late filing does not affect Form S-3 eligibility.

The Instructions for the new Item are:

Item 1.05 Material Cybersecurity Incidents.

(a) If the registrant experiences a cybersecurity incident that is determined by the registrant to be material, describe the material aspects of the nature, scope, and timing of the incident, and the material impact or reasonably likely material impact on the registrant, including its financial condition and results of operations.

The instructions also state:

A registrant need not disclose specific or technical information about its planned response to the incident or its cybersecurity systems, related networks and devices, or potential system vulnerabilities in such detail as would impede the registrant’s response or remediation of the incident.

Similar changes are made to Form 6-K.

New Form 10-K Disclosures

Cybersecurity disclosures will be presented in new Item 1.C. in Part I of Form 10-K.  The following has been added to the instructions to the Form:

Part I
**** *
Item 1C. Cybersecurity.
(a) Furnish the information required by Item 106 of Regulation S-K (§ 229.106 of this chapter).

New S-K Item 106 defines various terms and requires disclosures in two main areas:

• • • Risk management and strategy; and

• • • Governance

Risk management and strategy disclosures include “processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats.”  These disclosures should address whether cybersecurity risk management is integrated into the company’s overall risk management processes, information about the use of outside resources and how the company addresses cybersecurity risk in the use of third party service providers.

In an MD&A like requirement, risk management and strategy disclosures should also address whether cybersecurity risks “have materially affected or are reasonably likely to materially affect the registrant, including its business strategy, results of operations, or financial condition and if so, how.”

Governance disclosures should describe the board of directors’ oversight of cybersecurity risks The Final rule also states, “If applicable, identify any board committee or subcommittee responsible for the oversight of risks from cybersecurity threats and describe the processes by which the board or such committee is informed about such risks.”  Companies must also include details about management’s role in assessing and managing material cybersecurity risk.  Not included in the Final Rule was a provision in the proposed rule to address board expertise in the cybersecurity area.

You can read the entire text of new Item 106 and the related definitions on page 169 of the Final Rule.

Similar changes are made to Form 20-F in a new Item 16K.

As always, your thoughts and comments are welcome.

On July 19, 2023, the SEC announced that they will hold an open meeting on July 26, 2023 to consider adopting final rules “to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934.”

The related Proposed Rule was published on March 9, 2022.

You can find more details in the meeting agenda and the information about the meeting webcast in the Sunshine Act Notice.

As always, your thoughts and comments are welcome.