On March 10, 2022, one day after the SEC formally proposed rules that would require new cybersecurity disclosures, the SEC set March 21, 2022, as the date the Commission will meet to consider proposing rules to “enhance and standardize registrant’s climate-related disclosures for investors.” You can find the meeting notice and a link to the agenda here.
The meeting will begin at 11:00 AM ET and will be webcast on the SEC’s website, www.sec.gov.
As always, your thoughts and comments are welcome!
On March 9, 2022, as you can read in this Meeting Notice, the SEC is meeting to consider rule making about “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.”
As a bit of background, on January 24, 2022, Chair Gary Gensler delivered a speech titled “Cybersecurity and Securities Laws” at the Northwestern Pritzker School of Law’s Annual Securities Regulation Institute. He addressed cybersecurity from a variety of perspectives, including a discussion of what may be the very first “hack”, a telegraph scheme in France in 1834! His remarks included this discussion of public company cybersecurity disclosures, which provides important insights for drafting risk factor and related cybersecurity disclosures in 34 Act reports:
Public Companies
Next, let me turn to public companies’ disclosure with respect to cyber risk and cyber events.
The basic bargain is this: Investors get to decide what risks they wish to take. Companies that are raising money from the public have an obligation to share information with investors on a regular basis.
Disclosure regimes evolve over the decades. Cybersecurity is an emerging risk with which public issuers increasingly must contend.
Thus, I’ve asked staff to make recommendations for the Commission’s consideration around companies’ cybersecurity practices and cyber risk disclosures. This may include their practices with respect to cybersecurity governance, strategy, and risk management.
A lot of issuers already provide cyber risk disclosure to investors. I think companies and investors alike would benefit if this information were presented in a consistent, comparable, and decision-useful manner.
In addition, I’ve asked staff to make recommendations around whether and how to update companies’ disclosures to investors when cyber events have occurred.
Make no mistake: Public companies already have certain obligations when it comes to cybersecurity disclosures. If customer data is stolen, if a company paid ransomware, that may be material to investors. As recent cases show, failure to make accurate disclosures of cybersecurity incidents and risks can result in enforcement actions.
You can find links to discussions of cybersecurity enforcement cases listed in this post about SEC enforcement priorities.
As always, your thoughts and comments are welcome!
On February 22, 2022, SEC Acting Chief Accountant Paul Munter issued a Statement titled “Statement on the FASB’s Agenda Consultation: Engagement with Investors and Other Stakeholders Vital to Development of High Quality Accounting Standards.”
After a brief review of the FASB’s Agenda Consultation project Dr. Munter states:
“It is critically important that the FASB, and the Trustees of the Financial Accounting Foundation (the “FAF”) in its important oversight role over the FASB, continue to improve processes for obtaining and considering investor and other stakeholder feedback, and for clearly communicating with those stakeholders regarding how that feedback has impacted the standard-setting process. On behalf of Commission staff in OCA, in this statement, we highlight below why engagement with investors and other stakeholders is vital to the FASB’s ability to develop high quality accounting and financial reporting standards, and we provide observations on the FASB’s standard-setting process, its agenda consultation, and the related ITC feedback from investors and other stakeholders.”
The Statement then provides the Acting Chief Accountant’s observations on the Agenda Consultation project in areas including:
As you read the Statement, you may want to focus on Dr. Munter’s discussion of the costs of preparing disaggregated information, the FASB’s goodwill project, and accounting and disclosures for digital assets.
The conclusion of the Statement includes this thought:
The financial reporting system’s collective objective of providing investors with high quality financial reporting demands that all stakeholders seek ways to improve and better address the needs of investors. In that regard, it is important that both the FAF and FASB focus on continued improvement in the fulfillment of their respective roles and responsibilities in the financial reporting system—especially in their efforts to more promptly address significant and evolving investor needs within the context of the financial statements.
As always, your thoughts and comments are welcome.
On November 24, 2021, the SEC Staff issued Staff Accounting Bulletin 120 to address recognition of compensation expense if a company enters into share-based payment transactions when in possession of material non-public information. Such share-based payment transactions are frequently referred to as “spring-loaded.” The SAB provides the staff’s views that companies must consider the impact of the release of material non-public information when estimating the fair value of such grants.
The SAB describes its objective with this language:
“Specifically, the staff is updating the Series to provide additional guidance to companies estimating the fair value of share-based payment transactions in accordance with Topic 718 regarding the determination of the current price of the underlying share and the estimation of the expected volatility of the price of the underlying share for the expected term when the company is in possession of material non-public information.”
The SAB includes a number of examples dealing with these issues. It also updates various other SAB areas to conform with ASC 718.
As a reminder the Press Release closes with these words:
“The statements in SABs are not rules or interpretations of the Commission nor are they published bearing the Commission’s official approval. They represent interpretations and practices followed by the Division of Corporation Finance and the Office of the Chief Accountant in administering the disclosure requirements of the federal securities laws.
As always, your thoughts and comments are welcome!
On August 25, 2021, the SEC announced charges against the former CEO of HeadSpin, Inc. HeadSpin is a private tech company in Silicon Valley. According to the Press Release and related SEC Complaint, the former CEO falsely manipulated sales records and key performance metrics. The SEC alleges that the former CEO exerted control over HeadSpin’s financial reporting and was able to misstate results with actions such as creating false invoices and altering real invoices.
In this type of announcement the SEC almost always includes language that their investigation “is continuing.” Usually further cases follow against the company and other parties. The SEC did enforce against HeadSpin, but, surprisingly, the enforcement action did not assess penalties against the company. As outlined in the SEC’s January 28, 2022, Press Release and Complaint, it was an internal investigation started by the company’s Board of Directors that discovered the CEO’s actions. Additionally, the company took significant remedial steps including removal of the CEO, hiring new senior management and repaying investors. Based on these steps and others outlined in the Complaint, the SEC settled fraud charges against the company without any penalty.
Both the Press Release and SEC Complaint offer valuable insights about steps companies can take when such a problem is discovered.
As always, your thoughts and comments are welcome!
Climate change has been a major and well publicized part of the SEC’s agenda in the last year. As you can read on the climate change section of the SEC’s webpage, CorpFin focused on climate change in the review process, the Enforcement Division formed a climate change task force, and the Commission issued an Invitation to Comment on climate change related matters.
CorpFin comment letters have addressed climate change. On September 22, 2021, the staff issued this sample letter to companies providing examples of the types of comments it is issuing.
A recent comment letter to CarMax Auto Funding LLC regarding a registration statement disclosure provides an example of a climate change comment:
Risk Factors, page 38
The Interpretive Release mentioned in this comment, also known as FR 82, can be found here.
The company responded to this comment with modified risk factor disclosure. You can find the modified risk factor and an example of a risk factor summary in the registration statement.
As always, your thoughts and comments are welcome.
On January 21, 2022, CorpFin published a short Announcement, requesting that companies not furnish “courtesy copies” of materials filed or furnished on the EDGAR system, unless the staff requests them.
On December 2, 2021, the SEC adopted a Final Rule implementing the requirements of the Holding Foreign Companies Accountable Act (HFCAA). You can read more and find a link to the related Fact Sheet here. (Remember to include new Item 9C in your next 10-K!)
To implement the reporting required by the HFCAA the SEC must determine each reporting company’s auditor and the auditor’s location. The Final Rule includes an addition to the “Document Entity and Information” section of the XBRL taxonomy for this information:
Consistent with these commenters’ suggestions, the final amendments include a new tagging requirement to facilitate the Commission’s accurate and efficient identification of Commission-Identified Issuers. To implement this requirement, in December 2021, the Document Entity and Information (“DEI”) taxonomy will be updated to include three additional data elements, applicable to annual report filings on Forms 10-K, 20-F, and 40-F that are submitted with XBRL presentations. Those three data elements will identify the auditor (or auditors) who have provided opinions related to the financial statements presented in the registrant’s annual report, the location where the auditor’s report has been issued, and the PCAOB ID Number(s) of the audit firm(s) or branch(es) providing the opinion(s).
The update to the EDGAR filing manual was released on December 20, 2021. All annual reports for periods ending on or after December 15, 2021, will require these new tags.
Details of the new tags are included in Volume II of the EDGAR Filer Manual. Section 6.5.54 begins with this language:
Auditor Name, Location, and Firm ID
The name represents the plain text (not logo nor signature) name of the auditor; the location text represents the city along with either or both country, US state or Canadian province; the firm ID is the auditors’ Firm ID as assigned by the US PCAOB.
If the DEI namespace version used in the filing has those three standard elements, then the absence of any of the three facts will cause the filing to be suspended (see table in 6.5.21).
If the DEI namespace version used in a filing does not have the three standard elements, the use of that DEI namespace version will cause the filing to be suspended. The filer will need to resubmit the filing with a DEI namespace version that has the three standard elements.
All three facts must also be visible in the sense defined by 5.2.5.14, and should be tagged where they normally appear, adjacent to the auditors’ opinion.
An interesting aspect of this change is that generally only information prepared by the company is tagged. How information about the company’s auditor will be tagged by management is likely something companies should discuss with their auditors.
As always, your thoughts and comments are welcome.
As year-end reporting ramps up, this post focuses on nine areas that are new or frequently mishandled in the annual reporting and proxy processes. It will hopefully help:
Deal with recent changes in Form 10-K and the proxy process, and
Avoid frequent errors in 10-K form and content.
Anytime the SEC makes changes to the items or item numbers in Form 10-K there is confusion about handling these changes. This is the case right now with old Item 6 – Selected Financial Data.
The first step to getting this change right is to review the most recent version of the Form 10-K Instructions at the SEC’s webpage. There you will find Item 6 still included but with a different title:
Item 6. [Reserved]
The second step is to remember that Exchange Act Rule 12b-13 requires that all item numbers in the instructions must be included in a report:
12b-13 Preparation of statement or report.
The statement or report shall contain the numbers and captions of all items of the appropriate form, but the text of the items may be omitted provided the answers thereto are so prepared as to indicate to the reader the coverage of the items without the necessity of his referring to the text of the items or instructions thereto. However, where any item requires information to be given in tabular form, it shall be given in substantially the tabular form specified in the item. All instructions, whether appearing under the items of the form or elsewhere therein, are to be omitted. Unless expressly provided otherwise, if any item is inapplicable or the answer thereto is in the negative, an appropriate statement to that effect shall be made.
Thus, the right approach is to include Item 6, but use the new title – [Reserved].
Speaking of new Form 10-K Item numbers, earlier in 2021 the SEC added new Item 9C:
Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections.
This disclosure is related to the Holding Foreign Companies Accountable Act. You can read more in this blog post. While this will not apply to many companies, as mentioned above, this new item should be included in your year-end 10-K.
You might ask, “Is Exhibit (4)(vi) still an issue?” Surprisingly, the answer is yes. When the SEC’s Disclosure Modernization process added this exhibit to Form 10-K to include information about a company’s securities, an omission in the Final Rule language created confusion about the requirement. You can read more in this post with all the details. That confusion continues to today, so, to be clear, Form 10-K requires Exhibit (4)(vi), which should include the following from S-K Item 601:
(vi) For each class of securities that is registered under Section 12 of the Exchange Act, provide the information required by Item 202(a) through (d) and (f) of Regulation S-K
(§ 229.202 of this chapter).
Instruction 1 to paragraph (b)(4)(vi). A registrant is only required to provide the information called for by Item 601(b)(4)(vi) if it is filing an annual report under Exchange Act Section 13(a) or 15(d).
(Other instructions are omitted).
The required disclosures are found in S-K Item 202 – Description of registrants securities requirements.
Another common, although minor, error in many Form 10-K’s is including the S-K Item 201 Equity Compensation Plan Information in Item 5 rather than Item 12. The 10-K instructions are a bit confusing because both Item 5 and Item 12 refer to this disclosure. However, the staff has been clear in both a letter to the ABA and a Compliance and Disclosure Interpretation, that the table should be in Item 12 if it is included in Form 10-K. You can read more details in this blog post.
Another possible change some companies could consider is moving the performance graph required by S-K Item 201 to their annual report to shareholders or ARS. The ARS is not filed information but is only furnished. An instruction to S-K Item 201(e) makes it clear that this information is not required in Form 10-K:
You can read more in this blog post.
SEC reviews continue to find many companies failing to follow some of the basic non-GAAP measure requirements of Regulation G and S-K Item 10(e). Year-end is a great time to review Reg G, S-K Item 10(e) and the related Compliance and Disclosure Interpretations if you include non-GAAP measures in MD&A or other documents.
One of the significant changes to MD&A requirements in S-K Item 303 made by the SEC’s November 2020 MD&A Final Rule was the addition of this language:
Where the financial statements reflect material changes from period-to-period in one or more line items, including where material changes within a line item offset one another, describe the underlying reasons for these material changes in quantitative and qualitative terms.
In the last several years the staff has written countless comments requesting companies to discuss changes in both quantitative and qualitative terms. Here is one example:
Please expand your results of operations discussion to quantify the impact of each factor identified as causing changes in results between periods. For example, we note that Mountain Reported EBITDA increased as a result of strong North American pass sales growth, strong growth in visitation and spending at western U.S. resorts, and recent acquisitions. Please quantify the impact of each factor attributing to the increase, here, and throughout your discussion, in accordance with Item 303(a)(3)(iii) of Regulation S-K and Section III.D of SEC Release No. 33-6835.
Vail Resorts, Inc., February 3, 2020
With this frequent comment topic now part of the regulatory guidance in S-K Item 303, it is likely a good idea to consider adding this kind of analysis to MD&A if it is not already included.
The SEC Enforcement Division continues to keep a watchful eye on how companies are disclosing perks. As you can read in this post, enforcement cases focus on issues ranging from companies not using the right definition of perks to not disclosing all perks paid to officers. It would be wise, in advance of developing information for the proxy, to review how your company computes and discloses perks.
As the Division of Corporation Finance announced on December 13, 2021, it has changed its policy and will now respond in writing to no-action requests regarding shareholder proposals. This change should be incorporated into the planning schedule for proxy statements and annual meetings.
As always, your thoughts and comments are welcome! If you have any tips you would like to add, feel free to put them in a comment.
On December 2, 2021, the SEC adopted rules finalizing implementation of the Holding Foreign Companies Accountable Act (HFCAA). The HFCAA requires a company to make certain submissions and disclosures if the auditor’s report on the financial statements in its annual report is issued by an auditor located in a foreign jurisdiction where the PCAOB is unable to inspect the auditor’s work.
The Final Rule specifies the SEC’s process to identify affected companies, which are referred to as “Commission-Identified Issuers.” This process is based on an identification of auditors whose work is not subject to inspection in a related PCAOB Rule. Identified companies are required to “provide information documenting that they are not owned or controlled by a governmental entity in its public accounting firm’s foreign jurisdiction on or before the due date of their annual report.”
According to the related Fact Sheet, “Commission-Identified Issuers,” that also meet the definition of “foreign issuer” in Rule 3b-4, will be required to make disclosures for itself and other related entities, that include:
The definition of “foreign issuer” is in Exchange Act Rule 3b-4:
3b-4 Definition of “foreign government,” “foreign issuer” and “foreign private issuer”.
The term foreign issuer means any issuer which is a foreign government, a national of any foreign country or a corporation or other organization incorporated or organized under the laws of any foreign country.
You can read more in this Fact Sheet and the Final Rule.
As always, your thoughts and comments are welcome!