SEC Guidance on Public Company Cybersecurity Disclosures

Tue, 13 Mar 2018 13:28:31 +0000

Posted by Lillian Brown, Meredith Cross, and Benjamin Powell, Wilmer Cutler Pickering Hale and Dorr LLP, on Tuesday, March 13, 2018

Editor's Note: Lillian Brown, Meredith Cross, and Benjamin Powell are partners at Wilmer Cutler Pickering Hale and Dorr LLP. This post is based on a WilmerHale publication by Ms. Brown, Ms. Cross, Mr. Powell, Jonathan Cedarbaum, and Alan Wilson.

On February 21, 2018, the Securities and Exchange Commission (SEC) approved an interpretive release updating guidance on public company disclosure and other obligations concerning cybersecurity matters. The interpretive release, titled “Commission Statement and Guidance on Public Company Cybersecurity Disclosures,” Release No. 33-10459 (Guidance), had been scheduled to be considered at an open meeting on February 21, which was canceled. Much of the Guidance is devoted to reiterating and expanding upon the Division of Corporation Finance’s 2011 CF Disclosure Guidance: Topic No. 2, Cybersecurity, which was issued to assist companies in assessing what disclosures might be required about cybersecurity risks or incidents. WilmerHale discussed the 2011 guidance here. Emphasizing the increasing significance of cybersecurity incidents in recent years, the new Guidance further illustrates potential disclosures that companies should consider and comments on matters beyond disclosure obligations. The Guidance stresses the importance of cybersecurity policies and procedures, and discusses the application of disclosure controls and procedures, insider trading prohibitions, and Regulation FD selective disclosure prohibitions. Recognizing that the cybersecurity landscape continues to shift, Chairman Clayton commented in a separate statement that the Commission “will continue to evaluate developments in this area and consider feedback about whether any further guidance or rules are needed.”

(more…)

SEC Guidance and Non-GAAP Measures

Sat, 11 Jun 2016 13:43:55 +0000

Posted by Meredith B. Cross, Wilmer Cutler Pickering Hale and Dorr LLP, on Saturday, June 11, 2016

Editor's Note: Meredith B. Cross is a partner in the Transactional and Securities Departments at Wilmer Cutler Pickering Hale and Dorr LLP. This post is based on a WilmerHale publication by Ms. Cross, Knute J. Salhus, Thomas W. White, Jonathan Wolfman, and Jennifer A. Zepralka.

On May 17, 2016, the SEC’s Division of Corporation Finance escalated the SEC’s efforts to curb perceived misuse of non-GAAP financial measures with the issuance of a revised set of Compliance and Disclosure Interpretations (CDIs). This action follows a series of speeches by SEC Chair Mary Jo White and SEC senior staff members, and an uptick in comment letter activity, all focused on what a member of the SEC staff described in one speech as a “troubling increase over the past few years in the use of, and nature of adjustments within, non-GAAP measures by companies.”

All public companies should consider and address the SEC staff’s new guidance, as well as other recent developments regarding the use of non-GAAP measures, as they prepare for their next earnings announcement. To help you work through the implications of the new guidance, we discuss below the new and revised CDIs, and offer our analysis of key takeaways and action items.

(more…)

The Harvard Law School Forum on Corporate Governance

SEC Guidance on Public Company Cybersecurity Disclosures

SEC Guidance and Non-GAAP Measures