In this quarterly newsletter, we highlight key developments related to U.S. Securities and Exchange Commission (SEC) and Public Company Accounting Oversight Board (PCAOB) rulemaking, corporate governance, the increasing attention on green hushing, and proxy season trends over the past quarter, with a focus on developments of interest to U.S. public companies.

This Quarterly Review addresses developments relating to:

  • New disclosure requirements for Rule 10b5-1 and non-Rule 10b5-1 trading arrangements of directors and Section 16 officers in the upcoming Form 10‑Q or 10-K
  • Deadline approaches for New York Stock Exchange and Nasdaq compensation clawback policies
  • Risk factors to consider adding or updating: banking crisis, artificial intelligence, COVID-19
  • SEC’s order charging Marcum LLP with widespread quality control and audit deficiencies
  • Green hushing gains attention
  • SEC meeting to approve new cybersecurity disclosure rules to be held on July 26th
  • MOVEit cybersecurity attack and remarks by SEC Enforcement Chief regarding cybersecurity
  • SEC’s Investor Advisory Committee‘s recommendation regarding proposed amendments to Regulation 13D-G and Proposed Exchange Act Rule 10B-1
  • PCAOB’s proposal to enhance auditor obligations related to a company’s noncompliance with laws and regulations
  • ISS QualityScore data verification window – closes July 21st
  • Proxy season summary
  • SEC’s rulemaking agenda
  • Upcoming reminders for the third quarter of 2023

New Disclosure Requirements for Rule 10b5-1 and Non-Rule 10b5-1 Trading Arrangements of Directors and Section 16 Officers in the Upcoming Form 10-Q or 10-K

Beginning with the periodic report covering the first full fiscal quarter beginning on or after April 1, 2023 (i.e., Form 10-Q for the fiscal quarter ending June 30, 2023, for calendar year companies), companies are required to disclose, whether, in the last fiscal quarter, a director or Section 16 officer adopted or terminated any “Rule 10b5-1 trading arrangement” or “non-Rule 10b5-1 trading arrangement.” If so, new Item 408(a) of Regulation S-K requires companies to identify whether the arrangement is a “Rule 10b5-1 trading arrangement” or “non-Rule 10b5-1 trading arrangement” and to describe its material terms (other than execution price), including: the name and title of the director or Section 16 officer; date of adoption or termination; duration of the arrangement; and aggregate number of securities to be bought or sold pursuant to the arrangement. In addition, disclosure of a modification or change to an arrangement (e.g., change to the amount, price, or timing of the purchase or sale) would also be required, as it constitutes the termination of an existing plan and the adoption of a new contract, instruction, or written plan.

These new disclosures are required in Part II-Item 5 of Form 10-Q and Part II-Item 9B of Form 10-K and must be tagged in EDGAR using Inline XBRL.

For more information, please refer to Weil’s Governance and Securities Alert, available here.

Deadline Approaches for New York Stock Exchange (NYSE) and Nasdaq Compensation Clawback Policies

In June 2023, the NYSE and Nasdaq filed, and the SEC approved, amendments to proposed listing standards relating to executive compensation clawbacks. The amendments go into effect on October 2, 2023 and require listed companies to develop and implement by December 1, 2023 a policy providing for the recovery (or clawback), in the event of a required accounting restatement, of incentive-based compensation received by current or former executive officers where such compensation is based on the erroneously reported financial information. The stock exchanges will prohibit the initial or continued listing of any security of an issuer that is not in compliance.

For more information, please refer to Weil’s Governance and Securities Alert, available here.

Risk Factors to Consider Adding or Updating: Banking Crisis, Artificial Intelligence, COVID-19

Companies should periodically review their disclosure in the Risk Factors section of their Forms 10-K and 10-Q. New or updated risks to consider in the second quarter of 2023 include:

  • Banking Crisis: The recent high-profile bank failures involving Silicon Valley Bank, Signature Bank, and First Republic Bank have generated significant market volatility among certain publicly traded companies and, in particular, regional banks. This past quarter saw a substantial number of public companies include risk factors related to these bank failures in their 10-Q/10-K filings. Companies with exposure to banking risks should consider adding or updating their risk factors as the crisis evolves.
  • Artificial Intelligence (AI): The meteoric rise in generative AI applications has been accompanied by increased discussion and new disclosure at public companies about risks related to AI. Such risks include, but are not limited to: concerns about increased compliance and legal risks associated with evolving AI laws, regulations, and standards; risks related to the impact of AI on the companies’ profitability and productivity; risks related to increased market competition as a result of the proliferation of AI technologies; reputational risks related to AI; increased cybersecurity risks; social and ethical challenges associated with AI initiatives; and risks stemming from reliance on third-party AI systems. In 2023 to date, more than 100 companies in the S&P 500 have included risk factor disclosure related to AI in their Form 10-Q/10-K.
  • COVID-19: The federal Public Health Emergency for COVID-19 ended on May 11, 2023. In light of this, companies should consider whether risk factors related to the COVID-19 pandemic can be deleted, shortened, or consolidated into a more general business-related risk factor.

SEC’s Order Charging Marcum LLP with Widespread Quality Control and Audit Deficiencies

On June 21, 2023, the SEC charged audit firm Marcum LLP with systemic quality control failures and violations of audit standards in connection with audit work for many of its clients, including hundreds of special purpose acquisition company (SPAC) clients. The SEC found that Marcum failed to comply with audit standards in 25 to 50 percent of audits reviewed, and failed to design, implement, and monitor an adequate system of quality control. Without admitting or denying the SEC’s findings, Marcum agreed to pay a $10 million penalty, to be censured, and to undertake several remedial actions, including retaining an independent consultant to review and evaluate its audit, review, and quality control policies, as well as abide by certain restrictions on accepting new audit clients.

The PCAOB concurrently announced a settled disciplinary order that requires Marcum to create and fill a new Chief Quality Officer position and a new committee to Audit Oversight Committee. The order also imposed a $3 million civil penalty.

These actions confirm that the SEC (and PCAOB) are continuing to closely monitor the SPAC market. Moreover, DeSPACed companies audited by Marcum must consider what impact the limitations and additional remedial actions placed on Marcum will have on the timing and scrutiny of its audits.

“Green Hushing” Gains Attention

On the heels of the term “greenwashing” joining the general lexicon, “green hushing” has been gaining more traction as of late. Some companies have received criticism and faced reputational damage for claims of greenwashing – the exaggeration of their environmental and sustainability bona fides – as well as calls to strengthen other ESG commitments. On the other hand, some companies are experiencing relatively newer anti-ESG criticisms and the effects of increasing politicization concerning ESG. In light of ESG-related scrutiny from both pro- and anti-ESG perspectives, it appears that a growing number of companies are choosing to downplay or altogether not disclose their climate/ sustainability goals and practices, or even refrain from even mentioning “ESG” in their disclosures – a practice labeled green hushing. However, green hushing activities may be curbed as mandatory climate and sustainability disclosure requirements such as the EU’s Corporate Sustainability Reporting Directive (CSRD) and the SEC’s climate-related rule proposal come into effect. Additionally, investor demands to adopt ESG goals still remain prevalent among many public companies.

SEC Meeting to Approve New Cybersecurity Disclosure Rules to be held on July 26th

On July 26, 2023, the SEC will vote to approve new rules related to the disclosure of cybersecurity risk management, strategy, governance, and incidents by public companies, as discussed in further detail below. The meeting will be open to the public via webcast at www.sec.gov beginning at 10:00 am ET.

MOVEit Cybersecurity Attack and Remarks by SEC Enforcement Chief Regarding Cybersecurity

In May 2023, cybercriminals compromised the file transfer software MOVEit, which is widely used among U.S. government agencies and thousands of organizations around the world. This cyberattack compromised the personal data of millions of people.

On June 22, 2023, the Director of the SEC’s Division of Enforcement gave a speech at a conference in which he discussed principles that guide the work of the Enforcement Division to ensure that companies take their cybersecurity and disclosure obligations seriously.

Companies should be mindful of the increasing frequency and sophistication of cybersecurity attacks, and continually review their cybersecurity policies, protocols, risks, and disclosures related thereto. For further discussion of cybersecurity-related risk factors, please refer to Weil’s Governance and Securities Alert, available here.

The SEC is poised to adopt several new rules on privacy and cybersecurity that will impact public companies, broker-dealers, investment companies and registered investment advisers, including the Proposed Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure Rule applicable to public companies. The key disclosure requirements of the proposed rules for public companies, if adopted, would include:

  • Incidents: Disclosure within four business days after identifying a material cybersecurity incident (new Item 1.05 of Form 8-K); and disclosure of material changes, additions or updates to previously reported information (Form 10-Q and 10-K disclosures under Items 106(d) of Regulation S-K).
  • Risk Management and Governance: Disclosure of cybersecurity risk management policies and procedures and governance practices (new Items 106(b) and (c) of Regulation S-K).
  • Board Expertise: Disclosure of board members who possess cybersecurity expertise (new Item 407(j) of Regulation S-K).

As discussed above, the SEC will vote to approve new cybersecurity-related rules on July 26, 2023.

For more information, please refer to Weil’s Governance and Securities Alert, available here.

SEC’s Investor Advisory Committee’s Recommendation Regarding Proposed Amendments to Regulation 13D-G and Proposed Exchange Act Rule 10B-1

On June 22, 2023, the SEC Investor Advisory Committee hosted panel discussions to discuss the proposed amendments to SEC Regulation 13D-G and new Rule 10B-1 under the Securities Exchange Act of 1934. Among other updates, the proposed 13D-G rule amendments would shorten the time lag between when an investor crosses the 5% ownership threshold of a company’s outstanding shares from ten calendar days (for active and passive investors) to five calendar days for the filing of Schedule 13D or 13G. “Qualified Institutional Investors” and “Exempt Investors” would have five business days after the month-end in which they cross the 5% threshold. The proposed new Rule 10B-1 would require persons (or groups of persons) that exceed certain thresholds regarding securities-based swap positions to publicly file required information on a new Schedule 10B within one business day of crossing the threshold. The SEC Investor Advisory Committee discussed various elements of implementation, and ultimately recommended in favor of the Regulation 13D-G and proposed Rule 10B-1 proposals, but noted that the reporting of cash-settled derivatives should be better aligned with the requirements of Rule 10B-1.

The full draft recommendations reviewed by the Committee is available here.

PCAOB’s Proposal to Enhance Auditor Obligations Related to a Company’s Noncompliance with Laws and Regulations

On June 6, 2023, the PCAOB issued for public comment a proposal that would amend several PCAOB auditing standards related to the auditor’s responsibility for considering a company’s noncompliance with laws and regulations, including fraud, in the performance of an audit. If adopted, the proposal would add new requirements on auditors to identify, evaluate, and communicate possible or actual noncompliance with laws and regulations. If adopted as proposed, these new tasks could expand the types of information needed by auditors from their issuer‑clients and present a risk to an audit client’s legal privileges.

The deadline for public comment on the proposal is August 7, 2023.

ISS QualityScore Data Verification Window- Closes July 21st

On July 10, 2023, Institutional Shareholder Services (ISS) opened its Environmental & Social Disclosure QualityScore data verification window until July 21st. In June 2023, ISS announced enhancements to its Environmental & Social Disclosure QualityScore Methodology that are expected to take effect in Q3 2023. More than 150 factors underlying the scoring will be given increased emphasis, close to 50 factors will be retired, and more than 60 new factors will be added. Topics and enhancements in scope include, but are not limited to, the following:

  • expansion of included topics to allow for more in-depth assessments of labor relations and occupational health disclosures;
  • improved tracking of disclosures in the areas of workforce diversity and equality, with the addition of gender pay gap factors;
  • enhanced assessment of disclosures concerning human rights for companies and their suppliers;
  • introduction of new participation factors in social and environmental initiatives and frameworks including Women’s Empowerment Principles, RE100, ILO 169, among others;
  • update to existing assessments of companies’ natural resources profiles; and
  • increase in granularity of reviewing carbon- and climate-related disclosures.

Companies should review and confirm that ISS’s data accurately reflects the company’s disclosures so that they are reflected in the scores as first calculated under the updated methodology. Access to the data verification portal is provided free-of-charge and available year-round, except the period between a company’s proxy statement filing and its annual meeting.

Proxy Season Summary

As of July 2023, most public companies have held their 2023 annual meetings of stockholders. A June 29, 2023 report by Semler Brossy detailed aggregate results of the 2023 proxy season.

Average vote support for Russell 3000 director elections was 94.4%, 10 basis points lower than year-end figures for 2022. Less than 1% (0.3%) of directors did not receive majority support.

Average support on Say-on-Pay was 88.6% at S&P 500 companies and 90.0% at Russell 3000 companies in 2023, an increase from last year’s averages. Nine S&P 500 companies and 38 Russell 3000 companies have received less than majority support for Say-on-Pay so far in 2023.

ESG Proposals

Shareholders voted on 226 social proposals and 93 environmental proposals through June 2023. Median support for such proposals decreased from each of the prior two years, and totaled 15% for social proposals and 18% for environmental proposals. Four social proposals and two environmental proposals have received majority support in 2023 so far.

For an in-depth review of company proposals to amend the charter to provide for officer exculpation, please refer to Weil’s Governance and Securities Alert, available here.

SEC’s Rulemaking Agenda

In June 2023, the SEC’s spring regulatory agenda was published, which provided insight into the SEC’s plans (which are subject to change) regarding adoption of some significant rulemakings, including those on climate change and cybersecurity.

For more information, please refer to Weil’s Governance and Securities Alert, available here.

Upcoming Reminders for the third quarter of 2023:

  • ISS Environmental and Social QualityScore data verification window closes July 21st
  • SEC’s meeting to approve new cybersecurity disclosure rules to be held on July 26th
  • Glass Lewis’ Q3 2023 peer submission window closes August 20th
  • Q1 financial statements for calendar year large accelerated filers and accelerated filers go stale August 8th and for all other filers on August 14th