News

Public Companies Update

June One-Minute Reads

July 8, 2024

Corp Fin issues statement, new C&DIs on disclosure of cybersecurity incidents

On May 21, 2024, Erik Gerding, director of the Securities and Exchange Commission (SEC) Division of Corporation Finance (Corp Fin), issued a statement clarifying that the disclosure of cybersecurity incidents under Item 1.05 of Form 8-K should be limited to cybersecurity incidents that a registrant determines to be material. All other cybersecurity incidents not meeting this threshold – or otherwise not falling within the instructions of Item 1.05 – may be disclosed on Form 8-K but under a different item, such as Item 8.01. Gerding stated that “it could be confusing for investors if companies disclose either immaterial cybersecurity incidents or incidents for which a materiality determination has not yet been made under Item 1.05,” and as such, this clarification is “intended to encourage filing of voluntary disclosures in a manner that does not result in investor confusion or dilute the value of Item 1.05 disclosures regarding material cybersecurity incidents.”

In addition to Gerding’s statement, on June 24, 2024, Corp Fin issued a new set of compliance and disclosure interpretations (C&DIs) related to Item 1.05 of Form 8-K. Generally, the new C&DIs address filings in the context of cybersecurity incidents involving ransomware attacks that result in a disruption in operations or the exfiltration of data. The new C&DIs address whether disclosure is required in the following cases:

  • If a ransomware payment has been made either before (Question 104B.05) or after (Question 104B.06) a materiality determination has been made.
  • If a ransomware payment has been reimbursed under an insurance policy (Question 104B.07).
  • If a small ransomware payment is by itself determinative of materiality (Question 104B.08).
  • If a series of individually immaterial cybersecurity incidents involving ransomware attacks over time – either by a single threat actor or by multiple threat actors – may require disclosure (Question 104B.09).

For more information on the new C&DIs, see this June 26 PubCo post.

SEC chair issues statement on pending crypto bill in Congress

On May 22, 2024, SEC Chair Gary Gensler issued a statement regarding the Financial Innovation and Technology for the 21st Century Act (FIT 21), arguing that the legislation would create regulatory gaps and undermine decades of precedent regarding the oversight of investment contracts. The bill would remove investment contracts that are recorded on the blockchain from the definition of securities; due to this, Gensler argues that the bill would cause those investment contracts to lose the protections afforded by federal securities laws.

The bill also would allow the issuers of these crypto investment contracts to self-certify that the products are a special class of “digital commodities” that fall outside of the SEC’s oversight. Although the SEC would be able to review and challenge any self-certification, any successful challenge would only allow the SEC minimal oversight of the product and would not remove it from the legislation’s scope entirely. Gensler further argues that because the bill also would remove crypto asset trading systems from the definition of an exchange, this would allow those exchanges to operate outside the purview of the SEC – potentially exposing customers to conflicts of interest and reduced custody protections.

Finally, the bill would exempt entities categorized as “decentralized finance” organizations and eliminate the Regulation A and Regulation D offering restrictions that currently apply to crypto securities. All of these changes, according to Gensler, would undermine the current capital markets by providing a path to avoid robust disclosure, SEC enforcement and private rights of action for investors in federal court – all of which are available to investors in securities under the current framework.

Fifth Circuit vacates SEC private fund adviser rules

On June 5, 2024, in a unanimous decision, the US Court of Appeals for the Fifth Circuit vacated rules adopted by the SEC in August 2023 that increased the SEC’s regulation of private fund advisers. The court stated that the SEC exceeded its statutory authority when it adopted the final rules, which would have required private fund advisers registered with the SEC to:

  1. Provide investors with quarterly statements regarding private fund performance, fees and expenses.
  2. Have each private fund audited annually.
  3. Solicit a fairness opinion in connection with an adviser-led secondary transaction.

WTW releases memo on trends gleaned from two years of pay-versus-performance disclosure

On June 5, 2024, WTW released a memo updating its review of pay-versus-performance (PVP) disclosure at approximately 530 companies in the S&P 1500 over the last two years. In the memo, WTW concluded that the “overall trends in PVP disclosures” in its second year “were comparable to those in the first year of PVP.”

WTW found that:

  • For its company-selected measure, a “majority of organizations continued to use profit or income measures.” WTW noted that this is because many companies “review the measures used in company executive incentive plans” to create a “short list for determining the company-selected measure,” which “tend to rely heavily on profit or income measures, especially in annual incentive plans.”
  • 80% of organizations use an industry index for the total shareholder return (TSR) comparator group.
  • “The locations of the PVP disclosure continue to be near the CEO pay ratio, and graphical descriptions of PVP were heavily favored over narrative descriptions.”
  • 31% of companies disclosed revisions or changes made to their PVP disclosure in their second year. WTW noted that, “[O]f the types of revisions and changes examined, alterations to disclosed pay or performance values were more common than revisions of PVP disclosure decisions. PVP disclosure decisions include determining the company-selected measure or TSR comparator group. WTW found only 1% to 2% of organizations changed either of those decisions for year two.”

The memo includes a more detailed breakdown of the PVP disclosure by item as well.

Bloomberg Law analyzes Nasdaq diversity data

This June 13 PubCo post highlights efforts by Bloomberg Law to analyze data related to the Nasdaq board diversity disclosures made in 2023 proxy statements by 314 Nasdaq-listed companies. The analysis found that all companies satisfied the requirement to have at least one woman director on the board, but that many companies failed to meet the requirement to have at least one director that identifies as LGBTQ+ or as an underrepresented minority. Specifically, Bloomberg found that out of the 314 companies:

  • 28% of companies had no minority directors.
  • Of the women directors, about 60% were white, 15% were Asian and 12% were Black.
  • Fewer than 10% of women directors identified as Hispanic or Latinx.
  • Only 5% of women directors identified as two or more races or ethnicities.
  • Around 1 – 2% of women directors identified as Native Hawaiian or Pacific Islander.
  • No men or women directors in the dataset identified as LGBTQ+ or as Alaska Native or Native American.

Data reveals good ESG profiles may fetch a premium in the market

In this June 3, 2024, article from CFO Dive, Deloitte reveals that 83% of buyers in an M&A transaction “would pay a 3% premium to acquire a company with solid environmental, social and governance (ESG) performance, with 14% saying they would pay as much as 6% extra.” Similarly, a global poll revealed that companies would ask for a minimum 3% discount if the ESG metrics of a target were weak, and the number of companies with this position increased from 36% in 2022 to 67% in 2024. Deloitte also remarked that it is seeing a majority of M&A transactions terminated when due diligence findings of ESG matters are poor. It’s clear from the data that although ESG issues may change from year to year, overall, they still remain an important metric against which a company’s value is judged.


Director’s corner – Guidance from Beth Sasfai, leader of Cooley’s ESG and sustainability advisory practice

How should boards oversee company climate reporting readiness in a state of uncertainty and volatility?

Companies are preparing for climate reporting under a significant cloud of uncertainty. In response to litigation challenging its authority to adopt climate rules, in early April, the SEC voluntarily stayed the rules pending the completion of litigation filed in the federal courts, which is likely to go on for some time. In addition, companies await implementing regulations for the recently adopted California climate rules (which are not expected until January 1, 2025), and there is recent litigation to enjoin efforts by the California Air Resources Board to enforce those rules. All of this unpredictability is further compounded by the upcoming presidential election, announcements of GOP-led legislative hearings and an intent to use the Congressional Review Act to overturn the SEC rules.

Many companies are unsure whether to continue to charge forward with efforts to comply with the specifics of the SEC and California climate rules, as they also struggle with the need to continue providing voluntary climate-related disclosures on websites and in sustainability reports in response to demands from investors, customers and other stakeholders. Below are four things directors can do in the current “lull” to help bring a company’s climate reporting closer to investor-grade that don’t depend on knowing the specific details of any particular rule and won’t be wasted efforts:

  1. Formalize the key role of the controller function in ESG reporting. Many companies are designating an “ESG controller function” in the finance organization. The function is responsible for overseeing and managing the integration of ESG issues into operations and reporting protocols – including setting up reporting process development, supporting ESG reporting and compliance, and developing a reliable data governance and controls framework, as well as focusing on data management and systems. Typically, an ESG controller role sits in finance, as many companies find that is the best place for the function to effectively integrate ESG considerations into enterprise financial planning, risk management, data management systems and other decision-making processes.
  2. Understand significant gaps as they pertain to ESG data and disclosures and whether the company has line of sight to how it will meet any formal climate targets – particularly, scope 3 goals that involve the value chain – and whether the company can back up “green” and “environmentally friendly” claims that are used to market products or attract potential customers or employees.
  3. Assess effectiveness of internal controls over ESG reporting. ESG reporting controls ultimately should look like financial controls – something to be documented through narratives, flowcharts, and risk and control matrices that are evaluated annually and that can be subjected to gap analyses, effectiveness testing and remediation. Best practice is to develop repeatable and ultimately automated controls, which means leveraging existing financial controls where possible and engaging the IT department as a key stakeholder for long-term strategic planning.
  4. Evaluate potential reputational and liability risks associated with the company’s risk management and due diligence processes, as well as existing climate-related disclosures. Involve legal teams front and center to identify potential ESG-related liabilities and to scrub voluntary disclosures made in ESG reports, websites, proxy statements and elsewhere with an eye toward mitigating legal risk.

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.