In late February, the SEC approved what it labeled “Guidance on Public Company Cybersecurity Disclosures.” And, sure enough, about three-quarters of its 24 pages focus on the various categories and locations of cybersecurity risk and incident disclosure obligations, as well as materiality determinations. Because the SEC’s much-anticipated guidance appeared right in the thick of calendar-year companies’ Form 10-K and proxy statement preparations, much attention has been paid to its disclosure aspects. But as the dust settles on Form 10-K and proxy statement filings, don’t lose sight of the SEC’s important governance guidance. Continue Reading
The recently released Society of Corporate Compliance and Ethics 2017 Compliance and Ethics Officer and Staff Salary Survey contains a host of interesting CCO and other compliance personnel compensation information. Also interesting is the survey’s profile data regarding compliance professionals and their companies.
The SCCE is a nonprofit association of more than 5,800 members, including CCOs and their staffs, employed in a wide range of industries. The 2017 survey’s data was derived from 1,376 email responses, which were then distilled down to 444 individuals employed by non-health care providers and responsible for at least 26 percent of their organization’s legal and regulatory risk (i.e., actual compliance personnel rather than personnel with isolated compliance duties).
A review of the survey’s data exposed five common compliance myths. Continue Reading
The SEC recently approved an amendment to NYSE’s Listed Company Manual prohibiting companies from issuing material news after NYSE closes for trading – 4:00 p.m. Eastern time on normal trading days – until the earlier of (a) publication of the company’s official closing price by NYSE and (b) five minutes after NYSE’s official closing time. An important exception permits companies to publicly disclose material information immediately following a non-intentional disclosure if necessary to comply with Regulation FD.
According to the SEC’s final rule release, the amendment is designed to address the fact that trading occurs after 4:00 p.m. Eastern time on other securities exchanges and non-exchange venues (known as “away markets”). Therefore, if a company issues material news before NYSE completes its trading process and posts the company’s closing price, there can be material differences between NYSE’s closing price and trading prices on away markets, potentially creating “significant investor confusion.”
As a practical matter, this means that NYSE-listed companies should wait at least five minutes before releasing news after the market closes in order to comply with the new rule. This is a change from the old advisory text to Section 202.06 of NYSE’s Listed Company Manual, which requested that listed companies wait until the earlier of publication of their security’s official closing price on NYSE and 15 minutes after NYSE’s closing time before releasing material news.
You may have heard that the Republican tax overhaul (originally known as the Tax Cuts and Jobs Act of 2017) was signed into law on December 22, 2017. That same day, the SEC staff provided helpful disclosure guidance in the form of Staff Accounting Bulletin No. 118 and C&DI 110.02. Together, this timely guidance clarifies how companies should disclose certain income tax effects of the new law and the extent to which Item 2.06 of Form 8-K (disclosure of asset impairments) is implicated.
SAB 118 responds to widespread concern over how to comply with applicable financial and other reporting requirements while companies are still figuring out the impact of the new tax law. SAB 118 specifically addresses, and is limited to, issues related to tax recognition for the current year and deferred tax liabilities and assets for future years in accordance with FASB Accounting Standards Codification Topic 740. The guidance acknowledges that there may be situations where the accounting for certain tax effects of the law will be incomplete by the time financial statements are issued for a company’s reporting period that includes December 22, 2017 and seeks to provide more certainty and consistency of views where a company does not have the necessary information available, prepared or analyzed (including computations) by the applicable filing date.
U.S Deputy Attorney General Rod Rosenstein recently announced the Department of Justice’s revised FCPA Corporate Enforcement Policy. The revised Policy is based on the DOJ’s FCPA Pilot Program (in place since April 2016), which provided mitigation credit for voluntary reporting of wrongdoing and specified levels of cooperation and remediation in connection with the resulting investigation.
Much has been made about the new Policy provisions that create the presumption of a DOJ enforcement declination and specify percentage reductions from the U.S. Federal Sentencing Guidelines in the event that a company self-discloses, cooperates and/or remediates in accordance with specified Policy requirements. Certainly, these provisions significantly further the shift toward encouraging company cooperation, as well as continue the focus on holding individuals accountable, and deserve careful attention.
It was, however, Deputy Attorney General Rosenstein’s third “policy enhancement” that most caught my eye. That provision provides detail about how the DOJ evaluates compliance programs, specifying what he calls “hallmarks of an effective compliance program.”
The Policy first states that the criteria for an effective compliance and ethics program may vary based on the size and resources of the organization, which seems fair enough. It then provides a list of criteria (quoted below), which it says will be periodically updated:
- The company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated;
- The resources the company has dedicated to compliance;
- The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk;
- The authority and independence of the compliance function and the availability of compliance expertise to the board;
- The effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment;
- The compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors;
- The auditing of the compliance program to assure its effectiveness; and
- The reporting structure of any compliance personnel employed or contracted by the company.
Sustainability concepts are now widely accepted as legitimate, mainstream considerations for boards of directors and corporate management. (See, for example, this Doug’s Note.) As a result, many companies now routinely consider the long-term impact on their entire universe of stakeholders of various environmental, social and governance (ESG) issues. Conversely, most boards of directors and C-suites no longer solely consider maximizing short-term shareholder profits in their decision-making. A balanced corporate mindset now factors in long-term considerations (see this Doug’s Note) and the interests of employees, business partners, communities and society as a whole.
The emergence of sustainability may also be blurring the traditional distinction between “activist” and “institutional” investors. At the risk of over-generalizing, activist investors have historically been associated with maximizing short-term shareholder profits through a variety of often harsh corporate maneuvers. Institutional investors, on the other hand, have often been seen as taking a longer view, which resulted in general support of management accompanied by behind-the-scenes efforts to influence corporate strategy.
Those two camps may now be moving toward the middle of that spectrum, driven in significant part not only by the dramatic rise in popularity of sustainability as a corporate principle, but also the increased desire among institutional investors to engage with management on such issues. After a few years of resistance, companies have embraced the concept of regular, substantive shareholder engagement, resulting in lines of communication that are more open than ever, which allows traditionally passive institutional investors more ability to routinely influence management priorities and strategic decisions.
In January, I passed along a list of 12 review and comment priorities distributed at the 48th Annual Institute on Securities Regulation in New York by a panel of speakers that included SEC Chief Accountant Wesley Bricker and Chief Accountant of the Division of Corporation Finance Mark Kronforst (see this Doug’s Note). I won’t repeat the panel’s list here except to note that “MD&A: Results of operations” was at the top, followed next by “Non-GAAP measures.”
Lists like this can be useful predictors of hot topics for the coming year and provide helpful guidance for company disclosures. I, therefore, read with interest Deloitte’s recently released, comprehensive 2017 survey of SEC comment letters. The survey contains much valuable information regarding, and analysis of, the SEC staff’s strategic priorities, as gleaned from their recent comment letters. Below are a few items that jumped out at me.
Top 10 review topics.
Here is Deloitte’s list of the top 10 review topics for the 12 months ended July 31, 2017, which not coincidentally corresponds closely to the panel’s list mentioned above.
- Non-GAAP measures
- Fair value
- Segment reporting
- Revenue recognition
- Intangible assets and goodwill
- Income taxes
- State sponsors of terrorism
- Signatures, exhibits and agreements
- Acquisitions, mergers and business combinations
Other Deloitte survey tidbits. Continue Reading
Recent proposed rules to modernize and simplify SEC disclosure requirements have gotten a lot of attention. You may recall that the Fixing America’s Surface Transportation (FAST) Act of 2015 directed the SEC to issue a report recommending amendments to Regulation S-K to accomplish those goals. The SEC issued its report in November 2016. The proposals are the next step in the process.
The proposed changes, while helpful, are perhaps only marginally so. The most significant proposal would modify MD&A by allowing companies to forgo discussion of the oldest period being presented if (1) it has been previously reported and (2) the disclosure is no longer material. Although this is not an earth shattering development, eliminating the redundancy of the year-two to year-three comparison would be nice. The materiality qualifier may, however, limit the proposal’s practical effect if companies take a conservative approach to determining materiality.
Also helpful would be the proposal to streamline the process for obtaining confidential treatment for commercially sensitive information. The proposed change would permit companies to omit from exhibits confidential information that is not material and would cause competitive harm without having to first request confidential treatment from the SEC staff. Companies also would be permitted to omit “personally identifiable information” in all cases without submitting a request. Exhibits would remain subject to review by the staff, which could issue comments if it determines that redactions were not appropriate.
Several other proposed changes are even more minor, mostly just simplifying the forms themselves, tweaking certain disclosure provisions, or clarifying regulation instructions. They include updates and clarifications to: Continue Reading
Late last month, the SEC approved the new auditing standards adopted by the PCAOB back in June, which substantially modify the content of the auditor’s report. They also raise various concerns that public companies and the SEC will need to closely monitor going forward.
Critical audit matters disclosure.
By far the biggest and most controversial change to the old standards is the requirement that the auditors include in a separate section of their report “critical audit matters” applicable to the current period covered by the report. CAMs are defined as:
“any matter … that was communicated or required to be communicated to the audit committee and that relates to accounts or disclosures that are material to the financial statements and involved especially challenging, subjective, or complex auditor judgment.”
The auditor must identify the CAM, describe the principal considerations that led the auditor to determine it was a CAM, describe how the CAM was addressed in the audit, and reference the accounts or disclosures related to the CAM. In the unlikely event that a report contains no CAMs, it must affirmatively so state.
Though the determination of a CAM is supposed to be principles-based, the new rules provide a nonexclusive list of factors for the auditor to consider in its determination. Even so, the standards emphasize that disclosure must be tailored to the particular company and audit, meaning that it should not be boilerplate.
Emerging growth companies and employee stock purchase plans, savings plans and similar plans are excluded from the CAM disclosure requirements.
The modified auditor’s report also must:
- State the year the auditor began serving as the company’s auditor,
- Provide an enhanced description of the auditor’s role, responsibilities and independence, and
- Satisfy certain format requirements designed to enhance readability.
All changes to the report except for communication of CAMs are effective for audits of fiscal years ending on or after December 15, 2017.
Communication of CAMs becomes effective for large accelerated filers for fiscal years ending on or after June 30, 2019, and, for all other companies, for fiscal years ending on or after December 15, 2020.
Auditors may, however, elect to comply with the new standards prior to the applicable effective date.
Things to watch for.
TerraLex recently published The General Counsel Excellence Report 2017, which tracks the continuing evolution of the role of corporate general counsel to encompass important nontraditional areas of focus and responsibilities. TerraLex, a referral network of more than 150 law firms (including Parker Poe) in more than 100 countries, sponsored similar surveys in 2013 and 2015.
The 31-page report makes for interesting reading. For example, it notes that even the GC’s title is changing, with 45 percent of respondents describing their role as “General Counsel” (slightly down from 2015) while more than 20 percent use titles like “Head of Legal,” “Group Head of Legal,” “Head of Legal & Regulatory Affairs” or even “General Counsel, Director of M&A, Strategy and Risk.” The report states that “[i]t is clear … that the exact role of the general counsel is becoming an increasingly difficult one to define.”
Also interesting is the general counsel’s perception of his or her role within the company. According to the report:
“General counsel thought it most important that they were a stakeholder in business decisions rather than just managing the legal department – just over 60 percent gave this answer the most important or next most important score compared with 45 percent who voted for managing the legal department. Being the conscience of the business was also a popular answer and this idea of the legal officer as moral guardian of the corporate entity is a theme which runs through the survey and the interviews. “
This leads to the report’s observations regarding the issues that general counsel find most concerning. Not surprisingly, “regulation and compliance” remains the frontrunner and by an increasingly wide margin, rising from 60 percent to 70 percent from 2015 to 2017. This is entirely consistent with, and no doubt the result of, investor and regulator focus on the importance of effective compliance programs and risk management, as well as increasing recognition among boards of directors and senior executives that they bear substantive oversight responsibility for such matters. In other words, it has become widely recognized that compliance and risk management can no longer be relegated to out-of-sight silos within the company controlled solely by midlevel personnel. (See this article in Corporate Compliance Insights.)