On March 21, 2022, the SEC proposed rules to require new climate-related disclosures.  As you can read in this Press Release, the proposed rule would require new disclosures, including information about:

• “Governance of climate-related risks and relevant risk management processes
• How any climate-related risks identified by the registrant have had or are likely to have a material impact on its business and consolidated financial statements, which may manifest over the short-, medium-, or long-term
• How any identified climate-related risks have affected or are likely to affect the registrant’s strategy, business model, and outlook
• The impact of climate-related events (severe weather events and other natural conditions) and transition activities on the line items of a registrant’s consolidated financial statements, as well as on the financial estimates and assumptions used in the financial statements.”

The proposed rule would also require disclosure about greenhouse gas emissions.  All registrants would make disclosures about Scope 1 and Scope 2 emissions.  Scope 3 disclosures would be required if material or if the company has set a goal that includes Scope 3 emissions.  Accelerated and large accelerated filers would be required to include an attestation report regarding greenhouse gas emission disclosures.

You can read more in this Fact Sheet and find the proposed rule here.  The comment period for the proposed rule will be for 30 days after publication in the Federal Register or 60 days after the date of publication on sec.gov, whichever period is longer.

You can learn more in our One-Hour Briefing scheduled for April 8, 2022, “Climate Change – The SEC’s Proposed New Disclosures.”

As always, your thoughts and comments are welcome.

In this post we reviewed an SEC comment letter exchange focused on climate change issues, currently a major focus area in the SEC’s comment process.  On September 21, 2021, Meta Platforms, Inc. (“Meta”), formerly known as Facebook, received this comment letter with a number of climate-related questions.  One of the comments asked Meta about the physical impacts of climate change on its business:

6. You disclose that your business may be subject to interruptions, delays, or failures resulting from earthquakes, adverse weather conditions, or other natural disasters. If material, discuss the significant physical effects of climate change on your operations and results. This disclosure may include the following:

• severity of weather as a result of climate change, such as floods, hurricanes, sea levels, extreme fires, and water availability and quality;
• quantification of material weather-related damages to your property or operations;
• potential for indirect weather-related impacts that have affected or may affect your major customers or suppliers, and
• any weather-related impacts on the cost or availability of insurance.

After requesting more time than the regular 10 days to respond, Meta’s November 4, 2021, response letter addressed this comment with the following language:

Response

The Company respectfully advises the Staff that it regularly assesses its physical climate-related risks. Under the Applicable Disclosure Requirements, it has not experienced any material physical effects of climate change, including as related to the above listed events, on its operations and results that would be required to be disclosed under the Applicable Disclosure Requirements.

In a November 12, 2021, second comment letter, the staff included this follow-up comment:

5. Your response to prior comment 6 states that you have not experienced material physical effects of climate change. Please tell us about the physical effects of climate change you have experienced, such as effect on the severity of weather, and how you assessed the materiality of such effects. As requested in our prior comment, quantify weather-related damages to your property or operations, discuss how weather-related impacts have affected or may affect your customers or suppliers and discuss any weather-related impacts on the cost or availability of insurance.

Meta’s December 29, 2021, response to this follow-up comment provides interesting details and a more extensive discussion about how the company tracks the impact of factors such as weather on its business:

Response

As noted in response to comment 4, the Company generates substantially all of its revenue from selling advertisements, which are displayed on the Company’s online products – Facebook, Instagram and Messenger – as well as third-party applications and websites. Its material properties are its headquarters, its offices and its data centers, as disclosed under Part I, Item 2. Properties of the 2020 Form 10-K.

As part of the disclosure process described in response to comment 1, the Company assesses whether any events, including any adverse weather conditions, had a material effect on the Company, including as a result of any damage to the Company’s properties or operations. In particular, the Company’s finance team runs a financial statement line item fluctuation analysis each quarter to identify events, including weather events, that had a significant impact on financial results in the relevant reporting period. Members of the legal and finance teams then hold a meeting (the “Significant Events Meeting”) to review the results. For purposes of this review, the finance team reviews transactions or events where the aggregate, cumulative impact is or exceeds $100 million, which is approximately 0.3% of income before provision for income taxes for the year ended December 31, 2020. In that meeting, they assess whether any identified events had a material effect on the Company’s business, operating results or financial condition and whether to otherwise make any updates to the Company’s disclosures.

We would note that as part of this review in the first quarter of 2021, the Company’s finance team identified that the polar vortex wave impacting the United States in February 2021 caused the Company to incur increased energy costs of approximately just over 1% of the Company’s net income for the quarter. Although the impact of the polar vortex was therefore not material to the Company, the Company determined that it would be prudent to update its risk factors relating to adverse weather events in the Form 10-Q filed for the first quarter of 2021 to disclose that it had been, and may in the future be, subject to increased energy or other costs to maintain the availability or performance of its products in connection with adverse weather events. In connection with preparing the 2020 Form 10-K, however, the Company did not identify any potentially material weather-related impacts on its business or any weather-related events that caused potentially material damages to its properties or operations.

With respect to the Company’s customers and suppliers, as noted above, the Company generates substantially all of its revenue from selling advertisements, which are displayed on the Company’s online products – Facebook, Instagram and Messenger – as well as third-party applications and websites. The Company has a large and diversified base of advertisers in many countries around the world. As disclosed in the 2020 Form 10-K, no customer represented 10% or more of the Company’s revenue in 2020 and the Company generated revenue from advertisers located throughout the world, with approximately 45% generated in the United States and Canada, 24% generated in Europe, 23% generated in Asia-Pacific and 8% generated in the rest of the world. The Company believes that its diversified customer base, both by size and geography, helps mitigate the risk that any adverse weather event affecting any particular customer or any particular region where it has customers would have a material effect on the Company as a whole, and in preparing the 2020 Form 10-K, the Company did not identify weather-related impacts to its customers that had a potentially material effect on the Company’s business, operating results or financial condition. Weather-related impacts that have affected the Company’s suppliers include events such as the polar vortex in the United States in February 2021 that led to disruption in the business of the Company’s energy suppliers and increased energy costs for the Company as described above. However, in preparing the 2020 Form 10-K, the Company did not identify weather-related impacts to its suppliers that had a potentially material effect on the Company’s business, operating results or financial condition.

With respect to the cost or availability of insurance, the Company reviews events that had a significant impact on costs, including insurance costs, during the Significant Events Meeting. Members of the Company’s treasury team, which handles its insurance policies, participate in the Significant Events Meeting and in the disclosure process more generally. No potentially material increases in the cost or availability of insurance as a result of climate change were identified during the Significant Events Meeting or otherwise in connection with the preparation of the 2020 Form 10-K.

After this detailed response, the SEC sent Meta the regular closing letter for this comment process.

As always, your thoughts and comments are welcome!

On March 10, 2022, one day after the SEC formally proposed rules that would require new cybersecurity disclosures, the SEC set March 21, 2022, as the date the Commission will meet to consider proposing rules to “enhance and standardize registrant’s climate-related disclosures for investors.”  You can find the meeting notice and a link to the agenda here.

The meeting will begin at 11:00 AM ET and will be webcast on the SEC’s website, www.sec.gov.

As always, your thoughts and comments are welcome!

On March 9, 2022, as you can read in this Meeting Notice, the SEC is meeting to consider rule making about “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.”

As a bit of background, on January 24, 2022, Chair Gary Gensler delivered a speech titled “Cybersecurity and Securities Laws” at the Northwestern Pritzker School of Law’s Annual Securities Regulation Institute.  He addressed cybersecurity from a variety of perspectives, including a discussion of what may be the very first “hack”, a telegraph scheme in France in 1834!  His remarks included this discussion of public company cybersecurity disclosures, which provides important insights for drafting risk factor and related cybersecurity disclosures in 34 Act reports:

Public Companies

Next, let me turn to public companies’ disclosure with respect to cyber risk and cyber events.

The basic bargain is this: Investors get to decide what risks they wish to take. Companies that are raising money from the public have an obligation to share information with investors on a regular basis.

Disclosure regimes evolve over the decades. Cybersecurity is an emerging risk with which public issuers increasingly must contend.

Thus, I’ve asked staff to make recommendations for the Commission’s consideration around companies’ cybersecurity practices and cyber risk disclosures. This may include their practices with respect to cybersecurity governance, strategy, and risk management.

A lot of issuers already provide cyber risk disclosure to investors. I think companies and investors alike would benefit if this information were presented in a consistent, comparable, and decision-useful manner.

In addition, I’ve asked staff to make recommendations around whether and how to update companies’ disclosures to investors when cyber events have occurred.

Make no mistake: Public companies already have certain obligations when it comes to cybersecurity disclosures. If customer data is stolen, if a company paid ransomware, that may be material to investors. As recent cases show, failure to make accurate disclosures of cybersecurity incidents and risks can result in enforcement actions.

You can find links to discussions of cybersecurity enforcement cases listed in this post about SEC enforcement priorities.

As always, your thoughts and comments are welcome!

Climate change has been a major and well publicized part of the SEC’s agenda in the last year.  As you can read on the climate change section of the SEC’s webpage, CorpFin focused on climate change in the review process, the Enforcement Division formed a climate change task force, and the Commission issued an Invitation to Comment on climate change related matters.

CorpFin comment letters have addressed climate change.  On September 22, 2021, the staff issued this sample letter to companies providing examples of the types of comments it is issuing.

A recent comment letter to CarMax Auto Funding LLC regarding a registration statement disclosure provides an example of a climate change comment:

Risk Factors, page 38

1. To the extent that you believe investors in these asset-backed securities may be impacted by climate related events, including, but not limited to, existing or pending legislation or regulation that relates to climate change, please consider revising your disclosure to describe these risks. See the Commission’s Guidance Regarding Disclosure Related to Climate Change, Interpretive Release No. 33-9106 (February 8, 2010).

The Interpretive Release mentioned in this comment, also known as FR 82, can be found here.

The company responded to this comment with modified risk factor disclosure.  You can find the modified risk factor and an example of a risk factor summary in the registration statement.

As always, your thoughts and comments are welcome.