For many companies, closing out 2018 means it is time to prepare an annual report and shift attention to the upcoming proxy season. This is an opportune time to take a look back at rulemaking, interpretive guidance and enforcement activity from the SEC in 2018 to determine potential changes to your disclosure going forward. One theme over the last year is the SEC’s strong interest in public company cybersecurity, illustrated by new guidance and enforcement actions.
Other notable developments in the last quarter of 2018 include: for the second year in a row the SEC issued guidance relating to the role of company boards in the shareholder proposal process; environmental, social and governance matters remained a strong focus of the annual updates to the Institutional Shareholder Services and Glass Lewis proxy voting guidelines; and the SEC staff settled an enforcement action that gave all public companies a strong reminder of the SEC’s position with regard to “equal prominence” of GAAP and non-GAAP financial metrics in earnings releases.
Updates and Reminders for 2018 Form 10-K and 2019 Proxy Statement
Over the past year, the US Securities and Exchange Commission (SEC) has revised a number of disclosure requirements, most notably its adoption of a wide range of Disclosure Update and Simplification amendments, which took effect November 5, 2018. For many calendar year reporting companies, the 2018 Form 10-K will be the first time that many of these new provisions (or deletions) are implemented. As such, public companies should keep the following in mind as they prepare to file their Form 10-K and proxy statement this year:
Disclosure Update and Simplification Amendments – These revisions to public company disclosure obligations were adopted for the purpose of simplifying and updating reporting requirements that had become redundant, duplicative, outdated or superseded. Changes to the Form 10-K include: the elimination of the requirement to provide segment or geographic-based financial information in the description of the company’s business (Item 1); the inclusion of changes in financial condition and results of operations based on geographic area in the company’s MD&A (Item 7); and the elimination of the requirement to provide the high and low sales prices for the company’s common stock over the last two fiscal years (Item 5). For additional detail and commentary on the SEC’s Disclosure Update and Simplification amendments, see our On the Subject.
Cybersecurity Disclosure – The SEC has heightened its focus on public company disclosures related to cybersecurity risks and breaches, and this trend is likely to continue into the new year. In the Commission Statement and Guidance on Public Company Cybersecurity Disclosures, the SEC staff illustrated how disclosure of cybersecurity risks and preventative measures may be appropriate throughout a company’s annual report, including in sections dealing with business and operations, risk factors, legal proceedings, financial performance and corporate governance. Although the disclosures need not be so specific as to provide a roadmap for bad actors, the SEC staff requested that public companies tailor and contextualize their disclosure and avoid boilerplate or generic language. Companies should review their cybersecurity disclosures from prior years in light of this new guidance.
Hedging Disclosure – On December 18, the SEC adopted final rules (including a new Item 407(i) of Regulation S-K) requiring companies to disclose in any proxy statement for the election of directors any practices or policies regarding the ability of employees or directors to engage in certain hedging transactions with respect to the company’s equity securities. Although most companies will not be required to include this disclosure until they report on fiscal years beginning on or after July 1, 2019, companies would be well-served to plan ahead for such disclosure. Consideration should be given to the terms of existing policies, such as the scope of transactions that are—and are not—prohibited, and any disclosures that the company has historically provided with regard to its hedging practices.
On October 16, 2018, the Enforcement Division of the SEC released a 21A report warning public companies that inadequate prevention of cyber fraud – the use of digital deception to extract wire transfers from company employees and executives – may violate the internal accounting control provisions of the Securities Exchange Act of 1934 (the Exchange Act).
The report sets out two common types of cyber scams and cautions companies to take adequate precautions. As the report emphasizes, “issuers themselves are in the best position to develop internal accounting controls that account for their particular operational needs and risks.” That said, two specific compliance takeaways that emerge from the report are (1) improving transaction authorization procedures and (2) implementing personnel training designed to highlight red flags for cyber scams.
Incidences of cyber fraud have increased in recent years and the SEC’s actions with regard to cybersecurity coincide with a global trend toward increased regulation. As cyber-related incidents and scandals continue to dominate the headlines, domestic and international regulators rush to keep pace and demonstrate vigilance. To survive in this regulatory environment, it is essential that companies design and implement a robust cybersecurity strategy.
For additional commentary on the SEC’s 21(a) Report Regarding Certain Cyber-Related Frauds Perpetrated Against Public Companies and Related Internal Accounting Controls Requirements, see our On the Subject. You can also get the latest updates on privacy and cybersecurity regulation from McDermott’s Global Privacy and Cybersecurity practice.
SEC Issues Staff Legal Bulletin 14J on Shareholder Proposals
For the second year in a row (and the third time in four years), the staff of the Division of Corporation Finance of the SEC issued fourth quarter guidance relating to the shareholder proposal process. The interpretive guidance, in the form of Staff Legal Bulletin No. 14J (SLB 14J), addresses the substantive review of no-action requests from public companies that seek to exclude shareholder proposals from their proxy materials pursuant to the “ordinary business” and “economic relevance” exclusion principles found in Exchange Act Rule 14a-8.
Of note, SLB 14J provides additional guidance to companies that seek to include a summary of the discussions and analysis of its board of directors regarding the significance of a shareholder proposal, a practice that was first suggested by the SEC staff in Staff Legal Bulletin No. 14I (SLB 14I). In SLB 14I, the SEC staff signaled that, although not required and not dispositive of the issue, a no-action request premised on the “ordinary business” and “economic relevance” exclusion principles could benefit from the analysis and findings of a company’s board of directors.
SLB 14J expands upon SLB 14I by reflecting on best practices. The SEC staff stated that no-action requests benefit from the inclusion of board analysis when the request includes specific substantive factors the board considered in arriving at its conclusion, including a description of how and the extent to which the proposal relates to the company’s core business activities, an analysis of quantitative data (including financial statement impact) illustrating the significance of the proposal on the company and whether the company has already taken action to address the issue by some other method. SLB 14J clarifies that the SEC staff find it less helpful if a request detailing the board’s process does not also include a discussion of the specific factors considered.
SLB 14J confirms that companies may still receive no-action relief under the “ordinary business” and “economic relevance” exclusion principles without including in their request a determination of their board of directors.
In laying out the SEC’s agenda for 2019, Chairman Jay Clayton signaled that the SEC will continue to review the shareholder proposal and adopt new requirements and procedures, including the potential review (and presumed heightening) of the ownership and resubmission thresholds for shareholder proposals.
For additional commentary on SLB 14J and the shareholder proposal process, see our On the Subject.
Updates to the 2019 Proxy Voting Guidelines and ISS Governance QualityScore
Institutional Shareholder Services (ISS) and Glass Lewis issued their respective proxy voting guidelines for the 2019 proxy season. Updates to the guidelines primarily affect environmental, social and governance (ESG) policies which have attracted increased interest in recent years.
Both proxy advisors (as well as large institutional shareholders) have placed increased emphasis on gender diversity in the boardroom. As discussed in our prior quarterly update, leading up to the 2018 proxy season ISS and Glass Lewis expressed their intentions to highlight or generally discourage the re-election of boards with no women directors.
In their guidelines for 2019, both ISS and Glass Lewis adopted stronger policies regarding gender diversity, stating that adverse voting recommendations may be issued against nominating committee chairs if the company’s board has no female members. The Glass Lewis policy will be in effect during this proxy season while the ISS policy will take effect for meetings held on or after February 1, 2020, essentially adopting a one-year grace period. On November 29, 2018, ISS also updated its ISS Governance QualityScore methodology, creating a new subcategory of Board Diversity that will track diversity among members of a company board and its named executive officers.
In addition, both ISS and Glass Lewis adopted policies regarding management proposals that have been structured to conflict with a properly submitted shareholder proposal, providing company management a substantive argument for exclusion of the shareholder proposal (pursuant to Rule 14a-8(i)(9)). ISS and Glass Lewis both argue that this tactic is used to avoid the adoption of shareholder-sponsored charter or bylaw proposals that may provide more onerous conditions than the proposal supported by management. The guidelines include factors by which the proxy advisors will determine whether or not to withhold recommendations.
For additional commentary on these and other updates to the ISS and Glass Lewis proxy voting guidelines, see our On the Subject.
Renewed SEC Staff Focus on “Equal Prominence” of GAAP Numbers in Earnings Releases
On the day after Christmas, the SEC issued a settled enforcement action for violations of the “equal prominence” rules that apply to non-GAAP financial disclosure in earnings releases.
The enforcement action cited the use of non-GAAP financial measures, such as “adjusted EBITDA,” “adjusted net income” and “free cash flow before special items,” in the headlines and “highlights” sections of two consecutive earnings releases without providing equal or greater prominence to the comparable GAAP financial measures. The GAAP equivalents to these non-GAAP metrics were disclosed only in the body of the earnings release.
While not dispositive of the SEC staff’s decision to bring an enforcement action, it is worth noting in this case that the non-GAAP metrics in the headline and bullets were significantly “positive” (i.e., 26 percent increase in Adjusted Net Income), while the GAAP equivalents in the body of the earnings release indicated trends in the opposite direction (i.e., an increase in net loss reported on a GAAP basis).
The takeaway: the SEC staff is still closely monitoring non-GAAP disclosure in earnings releases and is willing to bring an enforcement action when the circumstances warrant (i.e., in lieu of issuing a comment letter to correct in the future).