You recently received an email invitation to our upcoming Governance, Risk & Compliance Forum. The GRC Forum is a half-day, interactive event devoted specifically to the issues faced by risk and compliance personnel at companies in all industries and at all stages of GRC development.
The Fall 2017 session will be held on Thursday, September 28 at the Duke Mansion in Charlotte. We’ll start with coffee and breakfast at 8:15 a.m. The three presentations will run from 9:00 a.m. until noon. There is no charge for attending, and attendees are expected to be approved for compliance certification and continuing legal education credit.
Topics to be covered.
The GRC Forum and related GRC Blog generally address topics related to assessing, enhancing and maintaining an enterprise-wide governance, risk and compliance function. Specific topics to be discussed at this upcoming Fall 2017 session will include:
- Session I: Update on the current state of corporate social responsibility, including CSR reporting and corporate America’s response to the Trump administration’s withdrawal from the Paris climate accord.
- Session II: A discussion of cybersecurity breach response policies and plans, including background on current data privacy and security laws in the U.S., the EU’s new comprehensive data protection law and the EU Network Infrastructure Security Directive, critical components of a comprehensive plan, and practical tips on how to create, draft, train on and implement a plan.
- Session III: Remarks by North Carolina Attorney General Josh Stein on compliance and public protection, followed by Q&A.
Who should attend?
GRC touches a variety of professionals, including:
- compliance officers
- risk management officers
- boards of directors
- legal departments
- CFOs, internal auditors and other finance personnel
- human resource directors
- investor relations and public communications personnel
Companies of all sizes and in all industries are invited.
If you haven’t already, please click here to sign up. I hope to see you there.
This past spring, the SEC issued final rules designed to make it easier to access and retrieve exhibits to company filings through the use of hyperlinks. For most companies, this new requirement becomes effective for filings made on or after September 1, 2017, which means it’s time to be sure you are ready. (Smaller reporting companies and non-accelerated filers using ASCII format have until September 1, 2018 to comply.)
Item 601 of Regulation S-K, which requires companies to include an exhibit index that lists each exhibit included with the filing, now requires that each exhibit to Forms S-1, S-3, S-4 and S-8 (among others) under the Securities Act and Forms 10, 10-K, 10-Q and 8-K (among others) under the Exchange Act include an active hyperlink to the particular document on EDGAR. This applies whether or not the exhibit is incorporated by reference.
For periodic reports, an active hyperlink must be included for each exhibit listed when the report is filed. For registration statements, a hyperlink must be included in the initial filing and in each amendment (pre-effective and post-effective) thereafter.
The new rules exclude a short list of filings, including among others:
- XBRL exhibits, and
- exhibits that were filed on paper before EDGAR filings became mandatory, have not been re-filed electronically and are incorporated by reference.
Companies must submit all affected registration statements and reports in HyperText Markup Language (HTML) format, which is not generally a problem since that is the format already used by almost everyone. One potential glitch arises, however, if your exhibit list includes an old document that was filed in American Standard Code for Information Interchange (ASCII) format as part of a single large document (which is how things were done in olden days). Absent express guidance from the SEC staff, your alternatives are to link back to the single document while specifically referencing the relevant exhibit contained therein or to re-file the exhibit with the current document.
Back in September 2015, the New York Stock Exchange amended the NYSE Listed Company Manual to:
- expand the pre-market hours during which NYSE-listed companies must provide prior notice of material news,
- expand the circumstances under which NYSE may halt trading, and
- provide guidance related to the release of material news after the close of trading.
Then last week NYSE did it again, this time to require listed companies to give NYSE’s Market Watch team at least 10 minutes prior notice before making any public announcement, including announcements made outside of normal trading hours (9:30 a.m. to 4:00 p.m. Eastern time), regarding:
- any dividend or stock distribution required by NYSE Listed Company Manual Section 204.12, and
- the fixing of a dividend or stock distribution record date.
As a practical matter, this means that companies must now give NYSE notice of a dividend or stock distribution 10 minutes before the announcement, rather than simultaneously with the announcement, as before. The SEC deems this important because, among other things, the record date determines (a) when the stock will trade ex-dividend and (b) the requirements regarding brokers’ cutoff dates for determining full and fractional shares.
Requiring notice 10 minutes before such announcements regardless of the time of day (rather than just during normal trading hours) allows NYSE to address any concerns with the content of the announcement and reduce the possibility of investor confusion if the disseminated information is inaccurate or misleading.
The SEC noted in a footnote (perhaps hoping that NYSE’s staff wouldn’t notice) that NYSE Market Watch will be available “at all times” (day or night) to review the announcement and will contact the listed company “immediately” if there is a problem.
The amended rule became effective on August 14.
Other expanded market notification information.
I am sometimes surprised by the number of insiders who trade in their company’s stock outside of Rule 10b5-1 trading plans. It is often said, with some accuracy, that executive officers, directors and other insiders always possess material nonpublic information (MNPI) due to the very nature of their jobs. And in fact, many insiders are able to actually create MNPI merely by deciding to initiate a strategic change or direct a financial decision. If that is true, or at least arguable under the glare of 20/20 hindsight, then trading outside of a trading plan is a dangerous proposition.
The question, then, is, “Why take the chance?” A trading plan provides an easily implemented affirmative defense against insider trading claims, and courts have consistently deferred to valid trading plans, even under questionable circumstances. Furthermore, it is well-known that the SEC is vigorously pursuing insider trading violations of all shapes and sizes. (See this Doug’s Note.) For that matter, why doesn’t every company require that its insiders trade only under a trading plan?
The elements of a trading plan.
An enforceable trading plan must satisfy the following requirements:
- The insider was not aware of any MNPI at the time it was adopted.
- It specifies a non-discretionary trading method.
- The insider may not exercise any subsequent influence over how, when or whether to make purchases or sales.
- The insider must enter into the plan in good faith and not as part of a plan or scheme to evade the insider trading prohibitions.
That sounds easy, so what’s the problem?
Honestly, I’m not sure. Some companies may feel that prohibiting trades outside of a plan is unduly restrictive, i.e., an insider should be able to bear the risk if he or she wants to. But that mindset ignores the harsh consequences of an insider trading investigation by the SEC, including legal fees, management time and distraction and reputational damage, even if the insider is ultimately exonerated.
Sometimes companies reason that if the insider truly always possess MNPI by virtue of his or her job (see above), then the requirement that the trading plan be adopted only in the absence of MNPI can never be satisfied anyway. That concern is easily allayed by imposing a holding period between the date of plan adoption and the first trade date. At a minimum, there should be a least one intervening earnings release, and most companies impose a 90-day delay for that reason. Some companies mandate a 30-day delay, but that only partially accomplishes the goal. Less than 30 days is dangerous.
Then there’s the question of trading plan disclosure, which is not required by SEC rule. Some companies are perfectly happy to voluntarily disclose the adoption of a trading plan in Item 8 of Form 8-K. Others worry that disclosure (whether in a Form 8-K or as a footnote to the related Form 4, or both) draws too much attention to an event that would otherwise have minimal fanfare, making it better to avoid trading plans altogether. That reasoning seems to minimize the potential liability of trading outside of a plan and to overlook the benefits of disclosure. For example, disclosure gives the company the opportunity to provide color around the reasons for the insider’s trade and manage the message, rather than letting the market speculate as to the insider’s motivations. It also enhances market perception of the company’s commitment to transparency.
A few bonus tips.
It is surprising how much attention free cash flow continues to generate in SEC disclosures. After all, it’s been used for decades as a non-GAAP financial measure. In fact, back in 2003, the SEC’s non-GAAP financial measure FAQs stated that companies should be “cautious” when using it, noting that it does not have a uniform definition and might inappropriately imply that it represents residual cash flow available for discretionary expenditures.
Fast forward to the much-scrutinized 2016 non-GAAP financial measures C&DIs, which essentially repeated the old free cash flow FAQ, though now companies need only be “aware” of, rather than “cautious” about, the absence of a uniform definition. This softer language presumably reflects the staff’s general softening toward non-GAAP measures, which it now sees as helpful disclosure so long as it’s done properly.
Then unexpectedly (at least to me), Monsanto Company received the following comment in a February letter that appears to have resulted from the staff’s routine review of Monsanto’s Form 10-K:
“We note you define free cash flow as the total of net cash provided or required by operating activities and net cash provided or required by investing activities. Pursuant to Question No. 102.07 of the Staff’s Compliance & Disclosure Interpretations (“C&DIs”) on Non-GAAP Financial Measures, issued May 17, 2016, please advise of your consideration given to redefining this measure or its computation as the typical calculation of free cash flow (i.e., cash flows from operating activities less capital expenditures). Please provide us with any proposed revisions to your disclosure of free cash flow to be included in future filings.”
The comment seems inconsistent with the staff’s position that free cash flow does not have a uniform definition and that companies need simply provide a “clear description of how this measure is calculated.” The staff expresses no issue with the clarity of Monsanto’s description, but rather just doesn’t seem to like the definition itself.
On July 25, the SEC issued a Rule 21(a) investigative report concluding that the sun rises in the east and sets in the west. No, wait, that’s not right. The report actually concluded that tokens offered by an unincorporated “virtual organization” known as The DAO (presumably short for “decentralized autonomous organization”) in what is known as an “initial coin offering” (ICO) were securities and, therefore, are subject to the federal securities laws.
Despite loads of cool-sounding techno-jargon in The DAO’s marketing materials and multiple breathless articles by mainstream media touting ICOs as the next big thing, the SEC had no trouble slotting The DAO tokens into the U.S. Supreme Court’s 71-year-old Howey definition of a “security,” which should come as no surprise to anyone.
What’s going on?
ICO’s have sprung out of nowhere in the past couple of years to rival traditional venture capital in the amount of funds raised for early stage technology projects. In fact, Shawn Langlois, social media editor of MarketWatch, said in a recent column that “the total crypto market cap now stands at a whopping $87 billion.”
Basically, promotors sell virtual coins in ICOs in exchange for U.S. currency or some other form of virtual currency (for example, bitcoin or ether). The ICO proceeds are then ostensibly used to fund development of the company’s digital platform, software or other technology project. The virtual coins typically can be resold in a secondary market on virtual currency exchanges.
Not surprisingly, the SEC says in its related Investor Bulletin that “some promoters … may lead buyers of the virtual coins … to expect a return for their investment or to participate in a share of the returns provided by the project.” And therein lies the problem.
A recent litigation release from the SEC Division of Enforcement, though seemingly unremarkable, highlights five basic principles that sometimes slip off a company’s insider trading compliance radar.
The SEC’s complaints.
According to the SEC’s complaints against two former employees and the spouse of a former employee of Ariad Pharmaceuticals, Inc., which develops and markets drugs to treat cancer:
- The husband of an Ariad employee traded Ariad stock before company announcements about the safety profile and FDA approval status of Ariad’s only FDA-approved drug and after his wife learned of material non-public information related to Ariad’s dealings with the FDA. The husband also advised a friend to trade Ariad stock on the basis of non-public information learned from his wife, enabling the friend to obtain profits of $4,188.00.
- Ariad’s former Senior Director of Pharmacovigilance and Risk Management sold Ariad stock after she had attended meetings with the FDA and had learned of a forthcoming FDA decision to require Ariad to include a safety warning on its product label, thereby avoiding $9,420.00 in losses.
- Ariad’s former Associate Director of Pharmacovigilance and Risk Management alerted certain of her relatives one day before Ariad publicly announced a pause in all clinical trials for its FDA-approved drug. By selling in advance of Ariad’s announcement, her relatives avoided $2,888.10 in losses.
The SEC’s complaints charged each defendant with violating Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5 thereunder and sought various injunctions, disgorgements with interest, and civil penalties.
The five reminders.
First: The SEC remains vigilant against insider trading of all shapes and sizes. For example, consider that:
- Ariad was relatively small and low profile, not an S&P 500 company or media darling.
- The amounts of profits or avoided losses involved were relatively insignificant.
- The relevant persons were not Ariad’s most senior executives.
It remains clear, therefore, that insider trading enforcement remains a focus of the SEC and Department of Justice, no matter how seemingly minor the violation may be.
Second: Tipping remains in the SEC’s crosshairs, despite the Second Circuit’s 2014 Newman decision, which narrowed the scope of “personal benefits” sufficient to establish tipper/tippee liability. (See this Doug’s Note.) read more…
Well, we’re more than half-way through the year, Independence Day has come and gone, the 2018 proxy season is closer than it used to be, and we still don’t know whether pay ratio disclosures will go away.
A brief background.
Dodd-Frank Act Section 953(b) requires that the SEC amend Item 402 of Regulation S-K to mandate pay ratio disclosures. In 2015, the SEC dutifully adopted the mandated rules, which state that all companies required to provide executive compensation disclosure under Item 402(c) of Regulation S-K must provide new executive compensation disclosure regarding:
- the median of annual total compensation of all employees,
- the annual total compensation of the CEO, and
- the ratio of those two amounts.
The new rules, which are complex and involve much time-consuming preparation, require companies to report the pay ratio disclosure for their first fiscal year beginning on or after January 1, 2017. This means that, for calendar-year companies, the new disclosures are required in 2018 proxy statements.
Companies generally reacted with an initial howl of outrage over the perceived arbitrary uselessness of these disclosures, observed that the implementation date was nearly three years away, and then studiously ignored the issue, hoping that in the meantime Section 953(b) would be modified or repealed.
Yet, as 2017 rounded into view, the Division of Corporation Finance issued guidance regarding some of the rule’s vaguer points, seemingly in part to remind companies that the rule was still out there and that much work was required to comply with its provisions. But just as companies reluctantly began to gear up (or to think about gearing up) to collect the necessary compensation data and draft the related disclosures, then-acting SEC Chairman Michael Piwowar issued a statement directing the SEC staff to take a fresh look at the rule because some companies “have begun to encounter unanticipated compliance difficulties that may hinder them in meeting the reporting deadline” and ordered a 45-day public comment period.
And there was much rejoicing.
Then, on June 8, the U.S. House of Representatives passed the Financial CHOICE Act of 2017, which would outright repeal Dodd-Frank’s Section 953(b). More good news, right? Well, not necessarily since many prognosticators believe that the Financial CHOICE Act is unlikely to make it through the Senate and become law. And even if it does, the SEC could still choose to leave the new pay ratio disclosure rules in place, particularly since it received more than 14,000 letters supporting the new rule during acting Chairman Piwowar’s comment period.
So, what should companies do?
After more than six years of deliberations, it looks like the revised auditor’s report is about to become reality. On June 1, the PCAOB adopted a new auditing standard that substantially modifies the long-familiar content of that venerable report. Now the SEC must consider and act on the PCAOB’s recommendation, a process that typically involves another public comment period.
CAM disclosure. The biggest change will be communication in the report by the auditors of “critical audit matters” applicable to the current period covered by the report. CAMs are defined as:
“any matter … that was communicated or required to be communicated to the audit committee and that relates to accounts or disclosures that are material to the financial statements and involved especially challenging, subjective, or complex auditor judgments.”
The new standard notes that the determination of a CAM is principles-based, though it also provides a non-exclusive list of factors for the auditor to consider in its determination. The PCAOB emphasizes that this disclosure should be client-specific and should not be boilerplate.
CAMs will be described in a separate section of the auditor’s report. The auditor must identify the CAM, describe the principal considerations that led the auditor to determine it was a CAM, describe how the CAM was addressed in the audit and reference the accounts or disclosures related to the CAM. In the unlikely event that a report contains no CAMs, it must affirmatively so state.
Emerging growth companies and employee stock purchase, savings and similar plans are excluded from the CAM disclosure requirements.
Additional changes. The modified auditor’s report also must:
- State the year the auditor began serving as the company’s auditor,
- Provide an enhanced description of the auditor’s role, responsibilities and independence, and
- Satisfy certain format requirements designed to enhance readability.
When are the changes effective?
Subject to the SEC’s expected approval, all changes to the report except for communication of CAMs is effective for audits of fiscal years ending on or after December 15, 2017.
Communication of CAMs becomes effective for large accelerated filers for fiscal years ending on or after June 30, 2019 and, for all other companies, for fiscal years ending on or after December 15, 2020.
Auditors may, however, elect to comply with the new standards at any time after SEC approval.
What should you be doing now?
It’s fair to say that President Trump’s June 1 announcement that the U.S. will withdraw from the Paris climate accord has been widely reported. It’s also fair to say that the announcement triggered a host of passionate reactions, positive and negative, around the world. Within corporate America, a number of high-profile corporations (for example, Apple, Disney, Facebook, General Electric, Google, Salesforce, Tesla and Twitter) pledged to continue their efforts to cut greenhouse gas emissions and adhere to the spirit of the accord.
This leads one to wonder whether withdrawal from the Paris climate accord might, per the law of unintended consequences, actually increase investor emphasis on corporate social responsibility (CSR) and the number of companies that voluntarily report their sustainability initiatives. It’s an intriguing possibility.
Momentum for sustainability reporting has been building for years. In fact, the vast majority of S&P 500 companies now publish some type of sustainability or CSR report, and disclosures have begun to appear in SEC filings, particularly proxy statements. Mid-size and smaller companies, lacking the resources of their larger brethren, have been slower to do so, though some have begun and others are giving it serious consideration. Increased pressure from institutional investors, employees and other stakeholders, now coupled with widespread concern over withdrawal from the accord, could tip the reporting balance, especially for companies in sustainability-sensitive industries or companies that otherwise want to send a certain message.
One challenge for all companies is to make sense out of the CSR reporting landscape. First of all, the terminology itself—sustainability, CSR, environmental, social and governance (ESG), and triple bottom line, to name a few—is confusingly ambiguous and overlapping. Fundamentally, it all speaks to a company’s commitment to certain aspects of non-traditional, long-term value creation and to a broader range of stakeholders.