Q1 2024 Takeaways on What Directors and Officers Need to Know

Elizabeth Bieber is a Partner and Pamela Marcogliese is Head of US Transactions at Freshfields Bruckhaus Deringer LLP. This post is based on a Freshfields memorandum by Ms. Bieber, Ms. Marcogliese, and the Freshfields Corporate Advisory group.

SEC Adopts, then Stays, Final Rules on Climate-Related Disclosures

On March 6, 2024, the SEC adopted its long anticipated final rules on climate-related disclosures, which it had originally proposed in March 2022. The final rules amend Regulations S-K and Regulation S-X to set forth the climate-related information that U.S. domestic filers and FPIs are required to disclose in their annual reports and registration statements filed with the SEC.

Companies must include extensive disclosure of material climate-related matters including as they relate to risk and risk management, strategy, management- and board-level governance, targets and goals, GHG emissions (Scope 3 not explicitly required) and specified financial statement line-item impacts. Notable changes include:

  • Many of the disclosure requirements have been qualified by materiality.
  • Quantification of financial statement line-item impacts are subject to 1% and de minimis thresholds.
  • Attestation reports are only required for large accelerated filers (limited assurance, and then reasonable assurance) and accelerated filers (limited assurance only).
  • Some requirements are not applicable to EGCs or SRCs.

Companies are not permitted to substitute compliance with the final rules through disclosures made in response to requirements of other climate-related disclosure regimes.

  • Compliance date to be phased in and is dependent upon the content of the disclosure and the status of the company (as a large accelerated filer, an accelerated filer, non-accelerated filer, SRC or EGC).
  • Earliest compliance date relates to the financial year beginning 2025 for certain of the disclosures required to be made by large accelerated filers.

As a result of a legal challenge, on March 15, 2024, the United States Court of Appeals for the Fifth Circuit stayed the final rules, which was later dissolved on March 22, 2024 after the Judicial Panel on Multidistrict Litigation Lottery selected the United States Court of Appeals for the Eighth Circuit as the venue for hearing consolidated petitions. On April 4, 2024, the SEC stayed the final rules pending the completion of judicial review by the Eighth Circuit.

Key Takeaways

  • The rules are subject to both the SEC voluntary stay and appellate review, which makes finalization and timing of the final uncertain, but companies can use this time to advance preparation
  • The SEC made significant revisions to the proposed rules to reduce the burden on registrants, including:
    • Additional materiality qualifiers that limit the required disclosures
    • No scope 3 GHG emissions explicitly required
    • Disclosure of financial statements impacts limited to specified line items and subject to 1% and de minimis thresholds
    • Attestation report requirement of limited assurance for large accelerated (initially) and accelerated filers. Reasonable assurance for large accelerated filers (after phase in)
    • Reduction of some of the compliance and cost burdens on smaller registrants
  • Companies subject to multiple climate-related disclosure regimes will need to carefully coordinate on reporting requirements

Regulators Begin Scrutiny of Artificial Intelligence Risks

Key Takeaways

  • The use of artificial intelligence (AI) internally, and in product offerings to customers, creates unique risks for companies and their customers, including legal and reputational harm
  • The Department of Justice announced in March that it expects corporate compliance programs to take into account AI-related risks, and numerous regulators have already begun scrutiny of corporate practices
  • Boards should anticipate regulatory and shareholder scrutiny over corporate governance related to the use of AI

Generative AI has accelerated the race toward ever more innovative data-driven products and services, and regulators are not taking a “wait-and-see” approach to this new generation of technology. In the United States, regulators – including the Department of Justice (DOJ), the Securities and Exchange Commission (SEC), the Federal Trade Commission (FTC), and the Consumer Financial Protection Bureau (CFPB) – are not waiting for new laws to be passed before tackling the risks related to AI. Each has insisted their existing power can be used to regulate AI and, unlike earlier hesitations to regulate cybersecurity, regulators are moving quickly to put a stake in the ground regarding mitigation of AI risks and abuses.

On March 7, 2024, in an address at the American Bar Association’s 39th National Institute on White Collar Crime, Deputy Attorney General Lisa Monaco made clear that the DOJ will target corporate practices related to AI. Monaco directed the DOJ Criminal Division to update its guidance on Evaluation of Corporate Compliance Programs to incorporate risks associated with AI. In her words, misuse of AI is one of the “most significant risks” for a growing number of businesses.

Boards should anticipate SEC and shareholder scrutiny of boards’ actions related to AI, including whether they are being briefed by management regarding the use of AI by the company, their assessment of risks regarding the use of AI internally and in product offerings, and discussion of risk acceptance and mitigation related to those actions.

New SEC Cybersecurity Disclosure Rule

On July 26, 2023, the Securities and Exchange Commission adopted new rules and amendments that enhance and standardize cybersecurity disclosure requirements for U.S. domestic filers and foreign private issuers. The new rules require companies to disclose and describe material cybersecurity incidents and their impacts. Material cybersecurity incident disclosures are required starting December 18, 2023, and June 15, 2024, for smaller reporting companies. In addition, annual disclosure of information about their cybersecurity governance, strategy, and risk management processes are required beginning with annual reports for fiscal years ending on or after December 15, 2023.

Incident Reporting. The SEC’s new rules require all U.S. domestic reporting companies to disclose material cybersecurity incidents on the new Item 1.05 of Form 8-K, generally within four business days of the company’s determination that they experienced such an incident and FPIs must furnish this disclosure on Form 6-K promptly after the incident is disclosed or otherwise publicized in a foreign jurisdiction, to any stock exchange or to security holders. Consistent with the definition of materiality in other disclosure contexts, the rules explain that a “material” incident is one in which “there is a substantial likelihood that a reasonable shareholder would consider it important.” The rules provide for a delay for disclosures for up to thirty days if the “Attorney General determines that the incident disclosure would pose a substantial risk to national security or public safety and notifies the Commission of such determination in writing.” The SEC is paying attention to these disclosures – the first company to file an Item 1.05 8-K also received the first comment letter. For example, the comment letter asks that the disclosures be expanded to address the scope of business operations impacted and the known material impact(s) the incident has had and the material impact(s) that are likely to continue.

Risk Management, Strategy, and Governance Disclosures. In addition to incident reporting requirements, the new rules add disclosure requirements to Form 10-K for domestic registrants and Form 20-F for FPIs. Companies must disclose information on their approach to risk management, strategy, and governance concerning material cybersecurity threats. Companies are required to describe their processes for assessing, identifying, and managing material risks from cybersecurity threats, as well as the material effects or reasonably likely material effects of risks from cybersecurity threats. Companies must also disclose their board of directors’ oversight of and management’s role and expertise in assessing and managing risks from cybersecurity threats.

Key Takeaways

  • Review disclosure control policies and procedures for identifying and escalating incidents
  • Strengthen governance and oversight of mission-critical cybersecurity risks
  • Perform periodic reviews of the corporate cyber posture and resourcing
  • When considering material impacts, include, for example, vendor relationships and potential reputational harm related to impacted data, as well as any impact to financial conditions or operations

Pay, Performance and Enduring Focus on Human Capital

Key Takeaways

  • The scope of responsibility for Compensation Committees is expected to intensify amid increasing investor scrutiny of pay programs and workforce dynamics
  • Proxy advisory firm updates for 2024 include a focus on enhanced disclosure of non-GAAP performance goals and executive severance practice

Investor and Regulatory Focus

Shareholder proposals on labor rights and pay equity, among other matters, are poised to be continuing topics at annual shareholder meetings in 2024, despite slightly lower support in 2023 as compared to the prior year. Compensation Committees, particularly in select industries, may need to evaluate whether their company could be impacted by these proposals or other workforce dynamics and ensure proper response strategies are in place.

California’s AB 1076 took effect in January 2024, requiring employers to provide written notice to current and former employees in the state indicating that any prior non-compete agreements are unenforceable (subject to certain exceptions for transaction-based agreements). Companies are subject to a penalty of $2,500 for each instance of failure to provide the required notice. Meanwhile, the FTC voted to ban employment related non-competes at a federal level on April 23, 2024. The rule could have significant impact on talent acquisition and is likely to face legal challenge.

Proxy Advisor Guidelines

Amid fluctuating markets, adjustments from GAAP to non-GAAP figures in the determination of executive performance metrics will be carefully scrutinized by proxy advisory firms. If non-GAAP adjustments materially increase incentive payouts (particularly in years of incongruous shareholder return) the implementation of such adjustments is likely to be viewed negatively. Compensation Committees should develop a preestablished framework for addressing non-GAAP adjustments in connection with the design of performance-based awards.

Excessive payments made to executives in connection with an apparent voluntary resignation or retirement will be regarded as a “problematic pay practice” that may lead to an adverse Say-on-Pay recommendation by ISS. FAQs released for 2024 call for clear statements regarding the type of termination occurring under any applicable employment agreement and caution against disclosure indicating an executive “stepped down” or that the executive and the board have “mutually agreed” on departure, positing that such statements do not enable investors to fully evaluate severance payments.

An Increasingly Complex and Politicized Regulatory Process

Key Takeaways

  • While antitrust enforcement has been highly politicized, leading to expanding investigational scope and novel theories of harm, enforcement trends are not matching the political fervor
  • However, the global regulatory landscape is increasingly complicated by multi-jurisdictional review, cross-agency collaboration, and divergent outcomes
  • Global transactions are facing longer review timelines (e.g., 18-22 months), while U.S.-only deals can be relatively quick.

Antitrust scrutiny is on the rise globally with antitrust authorities accepting fewer settlements while expanding reviews to incorporate novel theories of harm.

Increased regulatory uncertainty and expanded reviews are affecting deal terms. Outside dates expanding to account for longer regulatory reviews, hell or high water provisions are less common due to unpredictability, and break fees are more common and higher overall.

Despite this increased scrutiny and political interest, overall antitrust enforcement in the U.S. is down. While the U.S. agencies have been faced with record numbers of HSR filings, the number of Second Requests remains steady, with the agencies challenging fewer deals and winning fewer challenges relative to this increased activity.

Duties of Controlling Stockholders:

In re Sears Hometown & Outlet Stores, Inc. S’holder Litig.

The Delaware Chancery Court in Sears considered the fiduciary duties of controlling stockholders when they exercise stockholder-level power, such as selling their shares or voting to enact governance measures (in contrast with director-level power, such as entering into a conflict transaction with the company).

The conduct at issue was an amendment of the company’s bylaws to require two separate votes at least 30 business days apart before a liquidation plan could be approved and the removal of two directors from the board (and the special committee) whom the controlling stockholder perceived as his most vocal opponents.

The court reiterated that a controlling stockholder does not owe enforceable duties when declining to sell its shares or when voting against a change to the status quo. It noted, however, that when a controlling stockholder seeks to change the status quo, it “cannot harm the corporation knowingly or through grossly negligent action.”

The court separately observed that the applicable standard of review to address a controlling stockholder’s exercise of stockholder-level power is enhanced scrutiny, which requires considering: (1) whether the controlling stockholder acted in good faith, after a reasonable investigation, to achieve a legitimate objective and (2) whether the controlling stockholder chose reasonable means to achieve that objective.

The court ultimately held that the conduct at issue did not violate the controlling stockholder’s fiduciary duties, because he had believed in good faith (and correctly), after reasonable investigation, that the liquidation plan would not achieve the committee’s expectations, and his actions were “within the range of reasonableness” and more constrained than, for example, governance changes requiring unanimity or more drastic board composition changes.

Key Takeaways

  • Until the Delaware Supreme Court rules, it is not clear that Sears will be the law
  • If Sears is the law, it did not implement an insurmountable framework; controllers who do not receive a non-ratable benefit should be able readily to satisfy its requirements
  • For now, after Sears, controlling stockholders exercising stockholder-level power should (1) maintain disciplined recordkeeping, (2) ensure board materials reflect their thesis and supporting analysis, and (3) consider whether less drastic means are available to achieve their objectives

Reincorporation of Delaware Companies:

Palkon v. Maffei (TripAdvisor)

The Chancery Court in TripAdvisor denied a motion to dismiss a breach of fiduciary duty claim brought by TripAdvisor stockholders concerning its conversion to a Nevada corporation but declined to enjoin that conversion.

The court reasoned that the complaint adequately pleaded that the conversion was a self-interested transaction effectuated by TripAdvisor’s 56% controlling stockholder, since TripAdvisor’s stockholders would supposedly own shares carrying a reduced set of “litigation rights” post-conversion, which necessarily “inures to the benefit of [TripAdvisor’s] stockholder controller and the directors.”

In so holding, the court rejected the defendants’ argument that entire fairness cannot apply outside of a transaction in which stockholders received cash for their shares. As to fair dealing, the court concluded that defendants “did not make any effort to replicate arm’s length bargaining”: management proposed the conversion, the board recommended it, and the controller approved it without conditioning it on special committee approval or a majority-of-the-minority vote.

As to the propriety of an injunction, however, because the standard legal remedy is money damages and because the court believed it could craft an adequate monetary remedy, it concluded that injunctive relief was “off the table.”

The Delaware Supreme Court has taken an appeal on an interlocutory basis, which likely acknowledges that it is a significant issue.

Key Takeaways

  • Until the Delaware Supreme Court rules, it is not clear that TripAdvisor will be the final word, but may be a stop along the journey
  • TripAdvisor is likely to play a key role in the evaluation of reincorporation measures going forward, particularly given the increased frequency with which such measures are being considered
  • However, as a matter of issue spotting, Delaware corporations with controlling stockholders considering reincorporation should carefully analyze and consider issues such as (1) conditioning reincorporation on either special committee approval or a majority-of-the minority vote, and (2) compensation regarding “litigation rights” following reincorporation, if applicable.