8 Things to Know Right Now
Here's our latest edition of our monthly feature – a quick snapshot of recent developments:
- The SEC adopted new cybersecurity risk disclosure rules that create a new Item 1.05 for Form 8-K, which requires companies to disclose any cybersecurity incident they determine to be material and describe the material aspects of the nature, scope, and timing of the incident, as well as the material impact or reasonably likely material impact of the incident on the company, including its financial condition and results of operations.
- The materiality determination will be a challenge to implement. Instruction 1 to new Item 1.05 requires that the determination be made "without unreasonable delay." Such a materiality assessment may need to take into account a range of factors, such as impact on operations and financial condition; reputational harm; effect on competitiveness or relationships with customers and vendors; potential litigation or regulatory action; and loss of data, assets, or intellectual property. While it may take a company time to investigate an incident to fully understand the extent of the incident and all of these factors, the adopting release indicates that continued investigation "should not delay" the materiality determination.
- For those keeping track, the major changes in the final cybersecurity disclosure rules included a narrow exception permitting delay of Form 8-K disclosure in the event of a threat to national security or public safety, and the elimination of the requirement to disclose whether any directors have cybersecurity expertise.
- The PCAOB proposed significant amendments to the audit standard regarding noncompliance with laws and regulations. Many companies – and audit committees – are concerned with the breadth of the proposal, the expansion of the role of the auditor into areas of legal expertise, and the potential to substantially increase public company audit costs. Comments on the proposal are due August 7th. The Center for Audit Quality has prepared a two-page letter for audit committee members to consider submitting to the SEC.
- The Delaware Chancery Court recently decided a "books & records" case – Simeone v. The Walt Disney Company – that highlights the steps that a board can take to protect a business decision on a potentially divisive issue, re-affirming the board's "significant discretion to guide corporate strategy—including on social and political issues."
- The first proxy season under the SEC's new "pay vs. performance" rules is over and here are the primary trends that we saw.
- Well-known shareholder proponent John Chevedden recently spoke at a conference and his remarks about his views on shareholder proposals are worth reading.
- In a rare SEC enforcement action, the SEC entered a settlement with a large broker-dealer for Rule 13h-1 violations for large trader reporting failures. Although this enforcement action targeted a broker-dealer issue, it's worth noting for public companies because individual executives sometimes trip over the 13H thresholds. If executives and their financial advisors are aware of the thresholds, they can usually easily avoid triggering a 13H filing.
Public Chatter
Public Chatter provides practical guidance—and the latest developments—to those grappling with public company securities law and corporate governance issues, through content developed from an in-house perspective.