2024 SEC and Corporate Governance Update
Publications - Client Alert | January 16, 2024PDF Download: "2024 SEC and Corporate Governance Update"
A number of significant Securities and Exchange Commission (“SEC”) rulemakings and other events took place in 2023 that will impact the 2024 reporting cycle. The following summary is designed to help our clients and friends keep track of the most significant developments and rule changes as they plan for their annual meetings, periodic reporting and corporate governance matters in the coming year.
RECENTLY ADOPTED SEC FINAL RULES
8-K Cybersecurity Rules in Effect; New Cybersecurity Disclosures to be Included in Upcoming 10-Ks
On July 26, 2023, the SEC adopted final rules for public companies implementing new disclosure obligations regarding cybersecurity incidents and risk oversight processes. The rules added Item 1.05 to Form 8-K, obligating companies to disclose material cybersecurity incidents within four business days of a determination that such incident is material (subject to narrow exceptions). This disclosure must include key aspects of the material cybersecurity incident such as the nature, scope and timing of the incident. Public companies are required to comply by December 18, 2023, but smaller reporting companies are not required to comply until June 15, 2024.
The addition of Item 106 to Regulation S-K imposes new annual disclosure obligations regarding cybersecurity processes and oversight such as (1) company process for assessing, identifying and managing risks from cybersecurity threats; (2) any risks of cybersecurity threats that have materially affected or are reasonably likely to materially affect the company; (3) the board of directors’ oversight of cybersecurity risk and any board committee or subcommittee responsible for such oversight; and (4) management’s role in assessing and managing material risks from cybersecurity threats, including a description of management positions and/or committees responsible for oversight and their relevant expertise. Domestic public companies must apply these changes to their Annual Reports on Form 10-K covering fiscal years ending on or after December 15, 2023.
What companies should be doing now: Companies should ensure that they have instituted proper policies and procedures in order to facilitate timely communication and analysis regarding cybersecurity incidents in order to comply with the new 8-K disclosure obligations. In addition, companies should begin preparing their new cybersecurity disclosures to be included in their upcoming Annual Reports. This may require coordinating with various internal departments.
Share Repurchase Program Disclosure Rules Vacated
In May 2023, the SEC adopted final rules requiring new disclosures related to companies’ share repurchase programs. The new and revised rules will require domestic companies to provide daily share repurchase data during the most recent quarter in an exhibit to their periodic and annual reports on Form 10-Q and Form 10-K. The new disclosures must also include a checkbox indicating if directors or Section 16 officers traded in the relevant securities within four business days before or after the public announcement of the company’s new or expanded repurchase plan or program and provide a narrative disclosure describing the company’s objectives or rationales for its share repurchases, the process or criteria used to determine the amount of repurchases, and any policies and procedures relating to purchases and sales of the company’s securities by its officers and directors during a repurchase program. In addition, companies must begin providing disclosures in their periodic reports relating to the adoption and termination of company 10b5-1 plans, including the material terms, dates and the duration of such plans.
Originally, domestic companies were required to comply with the new disclosure requirements in their first filing covering the first full fiscal quarter beginning on or after October 1, 2023 (Form 10-K for calendar year- end companies). However, the new rules were challenged by the U.S. Chamber of Commerce, and on October 31, 2023, the U.S. Court of Appeals for the Fifth Circuit held that the rulemaking was “arbitrary & capricious” and remanded the rules to the SEC “to correct the defects” the court identified in its ruling by November 30, 2023. On November 22, 2023, the SEC stayed the effectiveness of the share repurchase rules pending further SEC action and filed a motion to extend the period of the remand. On November 26, 2023, the Fifth Circuit issued an order rejecting the SEC’s request for an extension. On December 19, 2023, the Fifth Circuit vacated the new repurchase rules. Pending any further appeals from the SEC, the new rules should be considered dead and companies should be prepared to report share repurchase information under the pre-existing rules requiring disclosure of aggregated monthly issuer repurchase information.
Rule 10b5-1 and Insider Trading Reforms Now in Effect
In December 2022, the SEC adopted amendments to Rule 10b5-1 under the Securities Exchange Act of 1934 which went into effect in 2023. Among other things, the amendments created new elements that must be satisfied to rely on the affirmative defense against insider trading liability under Rule 10b5-1, including mandatory cooling-off periods and certification requirements. The amendments also limited the use of multiple-overlapping Rule 10b5-1 plans and single-trade plans for non-issuers.
The amendments also implemented new disclosure obligations in company periodic reports regarding the adoption or termination of Rule 10b5-1 plans by officers and directors. Pursuant to the new Item 408 of Regulation S-K, companies are now required to disclose in their periodic reports any trading plans (whether or not adopted in accordance with Rule 10b5-1) adopted or terminated by officers or directors during the previous quarter, including a description of the material terms of the plan and the identity of the officer or director involved. These disclosure obligations went into effect for most reporting companies starting with their second quarter 10-Q.
Item 408 also requires companies to disclose in their annual reports whether they have adopted policies and procedures for directors, officers and employees (i.e., an insider trading policy) that are reasonably designed to promote compliance with insider trading laws (or explain why not) and, if so, to publicly file such policies and procedures as an exhibit to their 10-K (see Exhibit 19 to Item 601 of Regulation S-K). The new disclosure must also be tagged in inline XBRL. These disclosures will be required for annual report filings covering the first full fiscal period that began on or after April 1, 2023 (the applicable date for smaller reporting companies was October 1, 2023). Effectively, this means that the disclosures will not be included in the upcoming annual report for year-end companies and instead will first be covered in the annual report covering the period ending December 31, 2024.
What companies should be doing now: Companies are encouraged to review and revise their insider trading policies to (i) confirm compliance with the new rules and (ii) tend to any other necessary “housekeeping” within their policies before their insider trading policies are required to be disclosed publicly. For example, this may include a full review of your policy to make sure it is in line with these practices, as well as an audit of the practices and procedures under your policy to confirm they are operating efficiently and in ways that “are reasonably designed to promote compliance with insider trading laws.” Companies should also update their D&O questionnaires to include a question (or questions) designed to ensure compliance with the new quarterly disclosure obligations regarding the adoption or termination of 10b5-1 plans by insiders.
Clawback Policy Listing Standards Now in Effect
In June 2023, the SEC approved the NYSE and Nasdaq proposed listing standards regarding Dodd-Frank compliant clawback policies. The listing standards became effective on October 2, 2023 and required that listed issuers adopt Dodd-Frank compliant clawback policies by December 1, 2023. As a reminder, the new listing standards require companies to maintain policies for the recovery (i.e., clawback) of excess incentive‑based compensation from current and former executive officers in the event of an accounting restatement (including “Big R” and “little r” restatements) regardless of whether the executive was at fault and without regard to any taxes paid or incurred by the executive. The new rules apply to all listed companies, including smaller reporting companies and emerging growth companies.
Companies will be required to file their Dodd-Frank-compliant clawback policies as an exhibit to their upcoming Form 10-K (see Item 601(b)(97) of Reg S-K) and indicate on the 10-K cover page whether the filing contains the correction of an error to previously issued financial statements and whether any of those error corrections involved a restatement that triggered a clawback analysis. Companies will also be required to provide certain proxy statement disclosures if there was a restatement that required a clawback during the last fiscal year or if there was an outstanding balance of unrecovered excess incentive-based compensation relating to a prior restatement. The new cover page change and the proxy disclosures will both be required to be tagged with inline XBRL.
What companies should be doing now: Ensure that companies have implemented their Dodd-Frank-compliant clawback policies. In addition, NYSE listed companies must submit a confirmation through the NYSE listing manager, no later than December 31, stating that the company has adopted a Dodd-Frank- compliant clawback policy or that it is relying on an applicable exemption. Companies should also prepare a copy of their clawback policy to be filed with their upcoming Form 10-K.
SEC Provides Additional Guidance on Pay-Versus-Performance Disclosures
In August 2022, the SEC adopted final rules for the long-awaited pay versus performance disclosure requirements originally proposed in April 2015 in compliance with the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. Item 402(v) of Regulation S-K requires public companies to provide a number of tabular and other disclosures in their proxy statements, all of which are tagged in inline XBRL (with certain relief for smaller reporting companies). Company pay versus performance disclosure required detailed calculations to determine “compensation actually paid” (CAP) to the principal executive officer and an average of the CAP paid to the other named executive officers and disclosure regarding the relationship between CAP and certain company financial measures. In response to the first proxy cycle that included the pay versus performance disclosure, the SEC issued several rounds of Compliance and Disclosure Interpretations (C&DIs) in February, September and November of this year to aid in interpretation of the pay versus performance rules. The C&DIs are included in a larger set of C&DIs for Regulation S-K. During the first proxy cycle of pay versus performance disclosure, Companies were afforded initial transition relief with the rules only requiring a three-year look-back. For this proxy cycle, the most recent fiscal year will be added as a fourth year to the pay versus performance disclosure. Now, after the initial year of pay versus performance disclosure, footnote disclosure for CAP adjustments will generally only be required for the most recent fiscal year.
New Universal Proxy Card Rules in Effect as of the 2023 Annual Meetings
In November 2021, the SEC adopted rules requiring companies to use universal proxy cards that include all director nominees (including dissident nominees) presented for election in contested elections. In addition, the new rules require registrants to disclose, in their proxy statements, the deadline for a shareholder to submit nominees to be included in the company’s proxy card for its next annual meeting (similar to the disclosure requirement of the deadline for 14a-8 shareholder proposals). Recently, the SEC has provided additional guidance on this topic, which noted, among other things, that companies may reject dissident nominations for failing to comply with the registrant’s advance notice bylaw requirements.
Moreover, as part of the rules, the SEC also amended Rule 14a-4(b) to require proxy cards for all director elections to include an “against” option instead of a “withhold authority to vote” option if governing law gives legal effect to a vote against a nominee. The rule also addresses situations in which applicable state law does not give legal effect to votes cast against a nominee and director elections are governed by a majority voting standard and requires disclosure of the methods by which votes will be counted.
What companies should be doing now: Companies should review their advance notice bylaws to determine whether amendments are necessary to, at a minimum, address new Rule 14a-19, similar to the way many existing advance notice bylaws make reference to the requirement to comply with Rule 14a-8. If changes are necessary, we advise our clients and friends to be surgical with the changes, as some companies have made overly aggressive changes that have drawn the ire of investors. In addition, companies should ensure their proxy cards reflect the amendments to Rule 14a-4(b) and consider updating the consent language in their D&O questionnaires to obtain consent from director nominees to be named in any proxy statement (in accordance with the Rule 14a-4(b) amendments).
Proposed Changes to EDGAR Filer Access and Account Management
In September 2023, the SEC proposed rule and form amendments regarding the EDGAR filing system. If adopted as proposed, the amendments will implement new procedures for obtaining and maintaining SEC filer account credentials, including new processes for authorizing account administrators and the use of multi-factor authentication. Concurrent with the proposed rules, the SEC released a beta version of the new “EDGAR Next” user interface. The comment period for these proposed rules ended in November 2023; however, the SEC has not indicated when the proposed rules could be made final.
Avoid XBRL Disclosure Issues: Sample Comment Letter
In September 2023, the SEC released a sample comment letter highlighting common XBRL disclosure issues. The SEC typically issues sample comment letters when there are emerging trends or issues that are common among issuers. The potential comments suggest several prevalent trends or issues with XBRL disclosure such as failure to properly include the required inline XBRL presentation, inconsistencies between the number of common shares reported on the cover page versus in the balance sheet, failure to properly tag pay versus performance disclosures, and using inconsistent XBRL elements period over period or using custom tags on financial statements (as opposed to XBRL elements consistent with U.S. GAAP). Considering the sample comment letter, issuers should re-visit their XBRL tagging processes to confirm compliance.
ADDITIONAL CORPORATE DEVELOPMENTS TO KEEP IN MIND
Continued Delay of Climate Change Final Rules
In March 2022, the SEC proposed new rules that will impose significant climate change-related disclosure obligations on registrants. After the initial comment period, the SEC reopened the comment period until November 1, 2022. If the rules are adopted as proposed, companies would be required to disclose financial statement metrics; provide data regarding scope 1 and 2 emissions, consisting of their own greenhouse gas (GHG) emissions and how much energy they consume, and potentially provide data regarding scope 3 emissions, consisting of GHG emissions generated by the company’s suppliers and customers; climate-related risks and the impacts of said risks, particularly those likely to have a material impact on the company’s business or financial statements; governance and the oversight of climate-related risks; and climate-related goals and transition plans, including indicating progress toward meeting the company’s goals.
Although adoption of final rules was expected in October 2023, the SEC continues to push back the anticipated adoption date. Currently, the SEC has indicated the final rules will be adopted in April 2024. While companies are expected to receive certain grace periods before the new disclosure obligations go into effect, companies should be ready to allot ample time and resources to expand any current tracking efforts to compile the necessary information related to the new disclosure obligations once adopted.
Human Capital Management Rules to be Proposed in 2024
The SEC’s Fall 2023 regulatory agenda indicated that it would propose new human capital management disclosure rules in April 2024 to supplement the rules passed in 2021. The 2021 amendment to Item 101 of Regulation S-K requires the disclosure of material information regarding a company’s human capital resources. In September 2023, the SEC’s Investor Advisory Committee approved subcommittee recommendation for new human capital management prescriptive disclosure such as headcounts for different types of workers in the company, turnover metrics, total cost of the workforce and other demographic data and narrative disclosures of management discussion and analysis of firm practices and strategies.
Corporate Board Diversity Rules to be Proposed in 2024
The SEC’s Fall 2023 regulatory agenda indicated that it would propose new corporate board diversity disclosure rules in October 2024 to enhance disclosures about the diversity of board members and nominees. Currently, Item 407(c)(2)(vi) requires that companies disclose whether the board has a policy regarding consideration of diversity in identifying whether they have any policies regarding and how such policy is implemented. Furthermore, Nasdaq companies are required to disclose board diversity data in their proxy statements. Presumably, the proposed rules would be similar to the Nasdaq requirements.
Consider Potential Artificial Intelligence-Related Disclosures
The advancements in generative artificial intelligence have attracted the attention of companies, legislators, and regulators alike. In July 2023, SEC Chairman Gensler made comments on potential risks to consider when implementing AI, including: explainability, bias, robustness, deception, and privacy and intellectual privacy concerns. Companies can expect the SEC to pay more attention to AI regulation and enforcement actions in the near future. Companies have already begun including AI-related risks in their periodic reports, including regulatory risks, operation risks, competition risks, cybersecurity risks, ethical risks, and third-party risks. Companies should assess the material impact of AI on the company’s business outlook and performance and update their risk factors and other disclosures, if necessary. Outside of disclosures, companies should continue monitoring regulatory developments, evaluate their AI governance and oversight procedures, and look toward establishing broader company policies relating to the use of AI.
ESG Matters Remain at the Forefront of Proxy Advisors and Institutional Investors’ Agendas
ESG matters continue to be front and center for proxy advisory firms and large institutional investors, with increasing demand for more thorough and meaningful disclosure. This proxy season companies should take a fresh look at their internal ESG practices and current disclosures, focusing on company-specific ESG risks and the company’s current ESG oversight policies and processes in order to ensure that the company is not lagging behind its peer group or similarly situated companies or failing to address any recent initiatives.
Nasdaq Companies Must Have One Diverse Director by End of 2023
In August 2021, the SEC approved Nasdaq’s proposed rules regarding disclosure of board diversity. The rules require Nasdaq-listed companies to (i) disclose either in their proxy statement or on the company website board-level diversity statistics using a standard template and (ii) have (or disclose why they do not have) at least two diverse directors on their board. The board diversity matrix disclosure is required to be included in listed companies’ proxy statements this year, including both initial and current year diversity statistics. In June, Nasdaq provided additional guidance, including examples of acceptable and unacceptable board diversity disclosures.
As a reminder, the requirement to have at least two diverse directors (or provide explanation why not) is being phased in over time, with listed companies being required to have at least one diverse director by August 7, 2023 and two diverse directors by August 6, 2025. In December 2022, the SEC amended the diverse director compliance dates from August 7, 2023 and August 6, 2025 to December 31, 2023 and December 31, 2025, respectively, in order to align the compliance dates with the end of the fiscal year for most companies. Beyond Nasdaq, large institutional investors such as BlackRock and State Street as well as proxy advisory firms like ISS and Glass Lewis have adopted policies encouraging board diversity, threatening to withhold votes or vote against board leaders of companies not meeting certain diversity goals.
Nasdaq Amendments to Code of Conduct Oversight
In September 2023, the SEC approved a Nasdaq proposal to amend its listing rules to allow board committees to provide waivers of the code of conduct for directors or executive officers. Previously, waivers of the code of conduct could only be provided by the full board. The rules were immediately effective upon the SEC’s approval. Nasdaq-listed companies should consider this amendment during their annual review of their code of ethics and committee charters.
Delaware General Corporation Law Amended to Provide Additional Officer Exculpation
In August 2022, the Delaware General Corporation Law was amended to allow corporations to further limit the liability of officers for breaches of the duty of care by including a provision in the corporation’s certificate of incorporation. Previously, this exculpation authority was available only to the corporation’s directors. Accordingly, there has been much discussion in the public company space as to whether companies should submit proposals for charter amendments to take advantage of the new exculpation provisions at their next annual meeting. After a positive showing during the 2023 proxy season, companies can have more confidence that an officer exculpation amendment would be supported by shareholders. Companies that want to implement this amendment should begin working on a proposal and an appropriate rationale to put forth to shareholders.
ADDITIONAL INFORMATION
This legal update is merely a high-level summary of the developments discussed herein as of January 16, 2024 and does not purport to be a complete discussion of each of the noted rule changes. Complying with the SEC rules and regulations is a complex task within an ever-changing environment. If you have questions about the rules discussed above, please contact your Kutak Rock attorney or one of the authors listed below.