The 2023 Reporting Season: Recent SEC Guidance

Brian BrehenyRaquel Fox and Joseph Yaffe are Partners at Skadden, Arps, Slate, Meagher & Flom LLP. This post is based on their Skadden memorandum.

Assess the Impact of SEC Staff Comments

The staff of the Disclosure Review Program (DRP) in the SEC’s Division of Corporation Finance has remained quite active. During the 12-month period ended June 30, 2022, the staff issued approximately 10% more comment letters on company filings compared to the prior year period. [1] This uptick in comment letters reversed the downward trend of recent years. In addition to the general areas of focus of staff comments (discussed below), the staff launched new initiatives focused on disclosures related to climate change and corporate governance. [2]

The Division of Corporation Finance also announced the addition of two new review offices to the DRP — the Office of Crypto Assets and the Office of Industrial Applications and Services. [3] The Office of Crypto Assets will continue the work currently performed across the DRP to review filings involving cryptoassets. The Office of Industrial Applications and Services will oversee filings currently assigned to the Office of Life Sciences for companies that are not pharma, biotech or medicinal products companies. The addition of these two new offices reflects the recent growth in the cryptoasset and the life sciences industries.

Comment Trends

The use of non-GAAP financial measures remained the most frequent area generating staff comment. Management’s discussion and analysis of financial condition and results of operations (MD&A), segment reporting and revenue recognition ranked second, third and fourth, respectively, once again comprising the top four most frequent comment areas. Climate related disclosures moved into the top 10 areas of comment for the first time, primarily due to the SEC staff’s application of the Sample Letter to Companies Regarding Climate Change Disclosures that the staff of the SEC’s Division of Corporation Finance issued in September 2021. [4] Comments on acquisitions and business combinations were also one of the top 10 comment areas this year for the first time since 2019, mainly driven by an increase in deal activity. Comments on contingencies (ranked eighth last year) and income taxes (ranked tenth last year) dropped out of the top 10 comment areas this year.

Areas of Focus

Below is a summary of the SEC staff’s most noteworthy areas of focus.

Non-GAAP Financial Measures: The SEC staff continues to focus on non-GAAP financial measures and compliance with the staff’s related interpretive guidance. Although staff comments have remained focused on areas of historical interest for the staff, such as whether the most directly comparable GAAP financial measure is presented with equal or greater prominence relative to the non-GAAP measure, the staff has also focused on adjustments to non-GAAP measures that could be viewed as resulting in “individually tailored recognition and measurement methods.” [5] These comments have objected to, among other things, excluding the impact of recently revised accounting standards, such as those related to revenue recognition and credit losses. In addition, the staff continues to question how pandemic-related non-GAAP adjustments were incremental to and separable from normal operations. The staff has also continued to object to the use of a particular non-GAAP measure that it believes to be misleading and thus unable to be disclosed, notwithstanding compliance with the SEC’s non-GAAP rules.

Although most of these comments involve the use of non-GAAP measures in earnings releases and SEC filings, the SEC staff also reviews other materials, including information on company websites and in investor presentations. Therefore companies should ensure that any public disclosures of non-GAAP financial measures comply with applicable SEC rules and staff guidance.

MD&A: The 12-month period ended June 30, 2022, represents the first period in which companies were required to comply with the amended MD&A disclosure requirements adopted by the SEC in November 2020. [6] While the SEC staff commented on the application of a number of the amended MD&A disclosure requirements during the period, SEC staff comments on MD&A continued to focus on historical areas of interest, with the most common topic being the results of operation. For example, the staff continues to request that companies quantify material changes in operations and include offsetting factors.

The staff also continued to focus on key performance indicators (KPIs) and operating metrics, including period-over-period comparisons and whether companies have disclosed performance indicators used by management that would be material to investors. KPIs can be financial or nonfinancial and vary based on a company’s industry and business. In January 2020, the SEC issued interpretive guidance regarding disclosures required for KPIs and other metrics in MD&A. While the guidance generally is consistent with prior statements from the SEC staff, the issuance of commission-level guidance was noteworthy in that it demonstrated a greater interest in the use and disclosure of KPIs.

The SEC staff comments on MD&A have also focused on known trends or uncertainties, particularly those related to macroeconomic factors such as inflation and rising interest rates, supply chain issues and Russia’s invasion of Ukraine. For instance, in applying the Sample Letter to Companies Regarding Disclosures Pertaining to Russia’s Invasion of Ukraine and Related Supply Chain Issues issued in May 2022, the staff has asked registrants to describe any known trends and uncertainties “arising from, related to, or caused by the global disruption” from Russia’s actions. SEC staff comments have also asked about known and anticipated events and trends that may impact the company’s future liquidity and capital resources as a result of supply chain disruptions. In addition, the SEC staff has asked companies to discuss in detail whether inflation or supply chain disruptions have materially affected their outlook or business goals and to identify actions planned or taken, if any, to mitigate inflationary pressure or supply chain disruptions. The SEC staff also has continued to ask registrants to discuss how they expect the pandemic will impact future results both in the near- and long-term, including whether they expect COVID-19 to impact future operations differently than it has affected the current period.

We expect to see more SEC staff comments on these macroeconomic trends in MD&A, given that supply chain disruptions and the Russia-Ukraine conflict continue, inflation remains at historically high levels and interest rates continue to rise. As a result, we encourage companies to continually reassess and update their MD&A disclosure in light of macroeconomic trends and uncertainties. Companies should also think creatively about the kinds of forward-looking information they can provide to investors, as historical information may be relatively less significant given the economic and operational uncertainties resulting from macroeconomic trends. In doing so, companies should consider CF Disclosure Guidance Topic No. 9 and No. 9A related to COVID-19 and supply chains as well as the staff’s sample comment letter on the direct and indirect effects of Russia’s invasion of Ukraine, as many of their disclosure considerations could apply to these macroeconomic trends. For further detail on SEC guidance on Russia’s invasion of Ukraine, supply chain and inflation disclosures, see the section of this guide titled “Reassess Business and Risk Factor Disclosures.”

Consider the Impact of Climate Change and ESG in Company Disclosures

The SEC continues to focus on environmental, social and governance (ESG) matters such as climate change, board diversity, human capital management and cybersecurity risk governance. [7] Notably, in March 2022, the SEC proposed extensive and prescriptive disclosure rules related to climate change. As discussed in our March 24, 2022, client alert “SEC Proposes New Rules for Climate-Related Disclosures,” if adopted substantially as proposed, those rules are expected to require significant time and resources for companies to prepare the mandated disclosures. [8]

In addition, while the SEC has not yet adopted specific disclosure rules regarding climate change and other ESG matters, companies should remember that they need to disclose any material impact of such matters under the SEC’s existing rules. For example, beginning in September 2021, as explained in our September 22, 2021, client alert “SEC Staff Issues Detailed Form 10-K Comments Regarding Climate-Related Disclosures,” the staff in the SEC’s Division of Corporation Finance has issued detailed, stand-alone comment letters regarding climate-related disclosures (or lack thereof) in companies’ most recent Form 10-K filings. The SEC staff continued to issue such comment letters in 2022, reminding companies to disclose in their periodic filings with the SEC any material climate-related risks, past impacts on company operations and/or known trends or uncertainties.

  • To date, the SEC and its staff have issued the following disclosure guidance related to climate change:
  • On February 2, 2010, the SEC issued interpretive guidance expressing its views regarding existing disclosure requirements as they apply to climate change matters.
  • On February 24, 2021, Acting Chair Allison Herren Lee noted in a public statement that she directed the staff of the Division of Corporation Finance to review “the extent to which public companies address the topics identified in the 2010 guidance, assess compliance with disclosure obligations under the federal securities laws, engage with public companies on these issues, and absorb critical lessons on how the market is currently managing climate-related risks.”
  • On September 22, 2021, the staff of the Division of Corporation Finance published “Sample Letter to Companies Regarding Climate Change Disclosures,” which includes an illustrative, non exhaustive list of comments that the staff may issue to companies about their climate related disclosure or the absence of such disclosure in the companies’ SEC filings.

Based on the guidance from the SEC and its staff to date, companies should consider the
following topics, among other things, in preparing their SEC filings and provide appropriate
disclosures if material:

  • whether and to what extent to incorporate into SEC filings climate change-related disclosures provided outside of SEC filings — such as those included in a stand-alone ESG, sustainability, corporate responsibility or similar report;
  • any past or future capital expenditures for climate change-related initiatives;
  • physical effects of climate change on the company’s property or operations;
  • weather-related impacts on the cost or availability of insurance;
  • compliance costs related to climate change, including costs associated with existing or pending legislation and regulation related to climate change;
  • litigation risks related to climate change and the potential impact to the company;
  • effects of transition risks related to climate change that may affect the company’s business, financial condition and results of operations (examples include risks related to policy and regulatory changes that could impose operational and compliance burdens, market trends that may alter business opportunities, credit risks or technological changes); and
  • the company’s purchase or sale of carbon credits or offsets and any related effects on the company’s business, financial condition and results of operations.

Companies should also consider discussing material ESG risks and impacts in their other SEC disclosures, such as the MD&A, risk factors and descriptions of business or legal proceedings, as well as in financial statements and accompanying notes. In addition, companies may want to revisit or enhance their 10-K (or 20-F) and proxy statement disclosures regarding climate change, human capital management, diversity, equity and inclusion, cybersecurity governance and other ESG matters in light of the considerations outlined above.

Reassess Disclosure Controls and Procedures

SEC rules require public companies to maintain and regularly evaluate the effectiveness of disclosure controls and procedures (DCPs). Chief executive officers (CEOs) and chief financial officers (CFOs) also must certify the effectiveness of the company’s DCPs on a quarterly basis. [9] While these requirements are not new, given the SEC’s continuing focus on the effectiveness of disclosure controls and related enforcement actions, companies should periodically reassess their DCPs and consider any necessary changes to help ensure the consistency, accuracy and reliability of their voluntary and required disclosures.

The SEC’s Continuing Focus on ESG Disclosure Controls

In recent years, companies have expanded their disclosure about ESG matters largely on a voluntary basis outside of SEC filings in stand-alone ESG, sustainability, corporate responsibility or similar reports. At the same time, more companies are providing ESG disclosures, particularly climate-related information, in their SEC filings. One study found that, as of June 2022, over 90% of S&P 500 companies included at least some mention of climate related information in their annual report on Form 10-K, although the type and length of the information included varied from company to company. [10]

Despite the voluntary nature of some of these disclosures, companies should remain vigilant about the accuracy of their ESG disclosures. As discussed in our April 30, 2021, client alert “SEC Primed To Act on ESG Disclosure,” in March 2021 the SEC established the Climate and ESG Task Force in the Division of Enforcement, with a mandate to identify any material gaps or misstatements in companies’ disclosures regarding climate and other ESG matters under existing disclosure requirements. Since then, the Enforcement Division has been pursuing ESG actions and is expected to continue to hold companies accountable for material misstatements or omissions regarding ESG-related matters either in voluntary disclosures or SEC filings.

For example, in April 2022, the SEC charged a Brazilian mining company with allegedly making false and misleading claims about the safety of its dams in the company’s sustainability reports and in SEC periodic filings. In September 2022, the SEC settled a charge against an American mineral producer for alleged material misstatements about the company’s mine operations made on multiple earnings calls and SEC periodic filings, which the SEC attributed to failures in the company’s DCPs.

In addition, recent SEC staff comment letters have focused on the differential between ESG disclosures in SEC filings compared to more expansive ESG disclosures provided outside of SEC filings (such as a stand-alone ESG, sustainability, corporate responsibility or similar report). This focus is another indication that companies should reassess their DCPs and consider whether any changes are needed to conform their ESG disclosures for accuracy across all outlets.

Director Independence and Interlock Disclosure

Another recent SEC focus area in DCPs relates to director independence and “interlocking” relationships between executives and members of compensation committees. For example, in January 2022, the SEC settled charges against an American e-commerce company for alleged failures to adequately evaluate and disclose certain material information regarding the independence of members of its board of directors, the independence of board committees and the existence of interlocking relationships between its directors and executive officers. [11] According to the SEC’s settlement order, the company appointed a new director who was determined to be independent at the time of appointment but later became CFO of another public issuer on whose board and compensation committee the company’s CEO also served, resulting in an interlocking relationship between the company’s CEO and the new director. The SEC’s order found that the company did not maintain adequate DCPs to identify and analyze potential director independence and issues of interlocking and failed to disclose the interlocking relationship and the director’s resulting loss of independence in its SEC filings.

Considerations for Implementing More Robust DCPs

Given the ongoing SEC focus on the effectiveness of DCPs, companies should periodically reassess their DCPs to help ensure the existing processes bring all potentially material information to management’s attention in a timely manner and result in adequate disclosures as appropriate. In addition, due to the lack of guidance on DCPs regarding ESG-related disclosures, companies should develop and tailor a process that is consistent with their business, management and supervisory practices. Some companies may find it appropriate to integrate voluntary ESG reporting into their existing DCPs for SEC reporting, while others may develop DCPs for voluntary ESG reporting as a separate structure with separate processes. Ideally, companies should vet voluntary ESG disclosures through a controls process as robust as their DCPs for disclosures included in SEC filings. [12]

Revisit Internal Procedures Relating to Insider Trading, Regulation FD, Cybersecurity and Form 144 Filing

Insider Trading

The SEC continues to focus on insider trading issues. As discussed above, the SEC has proposed new rules relating to Rule 10b5-1 trading plans and issuer repurchases [13] and brought the below recent insider trading enforcement actions. The SEC also has been escalating its investigation into insider trading cases, using data analysis tools to help detect suspicious trading patterns. [14] In addition, the SEC recently settled charges against officers for trading pursuant to Rule 10b5-1 plans that they allegedly entered into while in possession of material nonpublic information. [15]

In July 2022, the SEC announced that it had filed insider trading charges against nine individuals in connection with three different alleged insider trading schemes that resulted in such individuals obtaining almost $7 million in improper gains. [16] In each of these cases, according to the SEC’s complaints, the defendants traded based on material nonpublic information about the impending acquisition of another company ahead of its announcement. All nine individuals were charged with violating anti-fraud provisions of the securities laws, and the SEC sought permanent injunctive relief, disgorgement and civil penalties. The SEC’s investigation is ongoing in all three cases.

The SEC’s complaint in one of these actions alleges that a former chief information security officer (CISO) at a California-based technology company learned of material nonpublic information about the company’s plans to acquire two companies. For each planned acquisition, before such information became public, the CISO allegedly purchased shares of the acquisition target for himself and informed his friends to make similar purchases. Their trades together generated approximately $5.2 million in profits. The second action brought by the SEC involves an investment banker who allegedly shared with a friend who was a trader at a large financial institution information he learned at work about four upcoming acquisitions. They allegedly traded on such information before its announcement, obtaining approximately $300,000 in profits. In the third action, the SEC alleges that a former FBI trainee secretly reviewed a binder of deal documents about a planned tender offer from his then-romantic partner, who was an associate attorney for the buyer’s counsel on the transaction. The former FBI trainee traded on such information before it was made public and informed a friend who made similar trades, and generating aggregate profits of approximately $1.4 million.

The recent rule proposals, the above enforcement actions and the tools and resources that the SEC is employing to seek insider trading violations are reminders of the SEC’s continuing focus on insider trading issues, particularly Rule 10b5-1 plans, and what may be viewed as material information by the SEC in connection with securities trading. Companies should take extra caution to follow their policies and consider all relevant factors when making disclosure determinations and when reviewing Rule 10b5-1 plans for their employees. Companies should also consider how recent SEC rule proposals impact current company practices and policies.

Regulation FD

Regulation FD prohibits selective disclosure of material nonpublic information to securities market professionals and shareholders who are reasonably likely to trade based on the information. Although SEC enforcement actions alleging Regulation FD violations are rare, the SEC’s recent, ongoing litigated action against a large public company and three of its investor relations (IR) executives serves as a reminder that companies should remain vigilant in complying with the requirements of Regulation FD when disclosing material nonpublic information.

In March 2021, the SEC brought charges against a large public company for allegedly “repeatedly violating” Regulation FD, and three of its IR executives for “aiding and abetting” the alleged Regulation FD violations, by selectively disclosing material nonpublic information to several research analysts. [17] According to the complaint, the company became aware in March 2016 that a steeper-than-expected decline in its first quarter smartphone sales would cause revenues to fall short of analysts’ revenue estimates. The complaint alleges that three IR executives made private, one-on-one phone calls to approximately 20 sell-side analysts, disclosing internal smartphone sales data and the impact that data would have on internal revenue metrics, in an attempt to avoid missing revenue estimates for a third consecutive quarter. The complaint further alleges that promptly after those calls, the contacted analysts substantially reduced their revenue forecasts, resulting in the consensus estimate falling to just below the level that the company ultimately reported to the public in its first quarter earnings release.

The SEC, the company and the three IR officers all separately filed motions for summary judgment on
the SEC’s March 2021 complaint, and the court denied all those motions on September 8, 2022. In its 129-page opinion, the court found “formidable” evidence that the three IR officers improperly warned analysts in March and April 2016 that lower-than-expected smartphone sales would decrease overall revenue. The court also concluded that a reasonable jury could find for either side on the issue of whether the three IR officers had intent to defraud. This case will now proceed to trial, barring settlement.

Cybersecurity

The SEC continues to make cybersecurity a priority. As discussed above, the SEC has made several rule proposals relating to cybersecurity [18] and brought the below recent enforcement actions. These actions should continue to serve as a warning to companies to evaluate the adequacy of their policies and procedures.

Recent SEC Enforcement Matters

In August 2021, the SEC settled charges against a London- based foreign private issuer that publishes educational materials and provides other services to school districts in the United States for misleading investors about a cybersecurity breach and having inadequate disclosure controls and procedures. [19] In September 2018, the company was notified of a vulnerability in its servers and that a patch was available to address the issue. The company took no action until March 2019 after it learned that several million rows of data were stolen, including personally identifying information (PII) stored on a server. The company implemented the patch to address the concern only after the breach. In July 2019, the company sent notice of the breach to impacted customer accounts without providing full details of the breach. Shortly after sending the notice, the company filed a Form 6-K that discussed its data privacy risks but did not disclose the fact that one had occurred. After receiving a media inquiry in late July 2019, the company only then issued a statement informing investors and the public about the breach, and the public disclosures made misstatements about the nature of the breach and the data involved. The SEC described the company’s statement as understating the nature and scope of the breach and overstating the company’s data protections. The company paid a $1 million penalty.

In August 2021, the SEC also settled charges with eight SEC- registered broker-dealers and/or investment advisers affiliated with three firms for various cybersecurity failures leading to the exposure of PII of thousands of customers and clients. [20] The alleged failures included failure to (i) protect accounts in a manner consistent with company policies, (ii) adopt and implement policies and procedures to review customer communications leading to misleading statements to such customers, (iii) adopt and implement firmwide enhanced security measures until years after discovery of a breach and (iv) adopt written policies and procedures in a timely manner after discovering a breach and implement those additional security measures firmwide. The firms paid penalties in an aggregate amount of $750,000.

In another action in June 2021, the SEC settled charges with a real estate settlement services company relating to disclosure controls and procedures violations with respect to a cybersecurity vulnerability that exposed over 800 million title and escrow document images, including images containing sensitive PII. [21] A journalist brought the vulnerability to the attention of the company. In response, the company issued a public statement and disclosed the event in a Form 8-K. However, the senior executives responsible for producing the public response were not informed of certain details relevant to their assessment in developing such a response. For example, the SEC found that the company’s disclosure controls and procedures failed to inform the senior executives that the company’s information security personnel were previously aware of the vulnerability months earlier and that the company failed to address the issue in accordance with its policies. The company paid a $487,616 penalty.

Recommended Actions

In light of these recent enforcement actions and continued SEC focus on cybersecurity, companies should ensure that they have adequate policies and procedures in place to address their particular business needs, follow those policies and procedures and address any known threats or breaches in a timely manner. In particular, communicating information about any threats or breaches to individuals responsible for making public disclosures is of paramount importance so that all relevant information can be evaluated when communicating to impacted customers and the public. Companies should also consider how recent SEC rule proposals may impact their current practices and policies.

Mandatory Electronic Filing of Form 144

In June 2022, the SEC adopted rule and form amendments that require electronic filing of all Forms 144 on EDGAR. Previously, companies could file Form 144 in paper format, which many reporting persons elected to use. The mandatory electronic filing of Forms 144 will commence on April 13, 2023.

For compliance with this rule change, persons selling under Rule 144 will need to make sure that they have all necessary EDGAR codes. Directors and officers should confirm with their brokers whether any entities or trusts they are affiliated with will need separate EDGAR codes. While brokers have typically handled the filing of Forms 144 for directors and officers, brokers may now ask companies to assist with the electronic filing of such forms. In that case, companies should make sure they have capacity and appropriate internal procedures to help company affiliates selling under Rule 144 comply with their reporting obligations.

Read the full report here.

Endnotes

1See Ernst & Young’s SEC Reporting Update “Highlights of Trends in 2022 SEC Comment Letters” (September 8, 2022).(go back)

2For more information, see the sections of this guide titled “Consider the Impact of Climate Change and ESG in Company Disclosures” and “Revisit Board Leadership and Risk Oversight Disclosures.”(go back)

3See the SEC’s press release “SEC Division of Corporation Finance to Add Industry Offices Focused on Crypto Assets and Industrial Applications and Services” (September 9, 2022).(go back)

4For more information on climate-related disclosure, see the section of this guide titled “Consider the Impact of Climate Change and ESG in Company Disclosures.”(go back)

5See the SEC staff’s Compliance & Disclosure Interpretations for Non-GAAP Financial Measures Question 100.04 (May 17, 2016).(go back)

6See our November 25, 2020, client alert “SEC Amends MD&A and Other Financial Disclosure Requirements” for more information on the amended MD&A disclosures requirements adopted by the SEC in November 2020.(go back)

7See, e.g., our client alerts “SEC Primed To Act on ESG Disclosure” (April 30, 2021) and “H1 2022 – ESG Trends and Expectations” (July 28, 2022).(go back)

8See the section of this guide titled “Note the Status of Recent and Pending SEC Rulemakings” for further details.(go back)

9SEC rules define DCPs as controls and other procedures designed to ensure that information required to be disclosed in all SEC filings is (i) recorded, processed, summarized and reported, within the time periods specified in the SEC’s rules and forms, and (ii) accumulated and communicated to the company’s management as appropriate to allow timely decisions regarding required disclosures. See Exchange Act Rules 13a-15(e) and 15d-15(e).(go back)

10See Center for Audit Quality’s “S&P 500 10-K Analysis” (October 2022).(go back)

11See the SEC’s press release “SEC Charges Lifestyle E-Commerce Company for Failing To Evaluate and Disclose Board Member’s Lack of Independence” (January 7, 2022).(go back)

12For further practical considerations, see our publication with the Society for Corporate Governance “Enhancing Disclosure Controls and Procedures Relating to Voluntary Environmental and Social Disclosures” (June 29, 2021).(go back)

13See the section of this guide titled “Note the Status of Recent and Pending SEC Rulemakings” for further details.(go back)

14See the SEC’s press release “SEC Files Multiple Insider Trading Actions Originating from the Market Abuse Unit’s Analysis and Detection Center” (July 25, 2022).(go back)

15See the SEC’s settlement order available in this link: https://www.sec.gov/litigation/admin/2022/33-11104.pdf.(go back)

16See id.(go back)

17See the SEC’s press release “SEC Charges AT&T and Three Executives With Selectively Providing Information to Wall Street Analysts” (March 5, 2021).(go back)

18See the section of this guide titled “Note the Status of Recent and Pending SEC Rulemakings” for further details.(go back)

19See the SEC’s press release “SEC Charges Pearson plc for Misleading Investors About Cyber Breach” (August 16, 2021).(go back)

20See the SEC’s press release “SEC Announces Three Actions Charging Deficient Cybersecurity Procedures” (August 30, 2021).(go back)

21See the SEC’s press release “SEC Charges Issuer With Cybersecurity Disclosure Controls Failures” (June 15, 2021).(go back)

Both comments and trackbacks are currently closed.