Developments in Securities Regulation, Corporate Governance, Capital Markets, M&A and Other Topics of Interest. MORE

The SEC adopted final rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.

Form 8-K Item 1.05 – Material Cybersecurity Incidents

Required Disclosure

Form 8-K, Item 1.05 provides that if a registrant experiences a cybersecurity incident that is determined by the registrant to be material, the registrant must describe in Form 8-K the material aspects of the nature, scope, and timing of the incident, and the material impact or reasonably likely material impact on the registrant, including its financial condition and results of operations.

A “cybersecurity incident” is defined to mean an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.   “Information systems” is defined to mean electronic information resources, owned or used by the registrant, including physical or virtual infrastructure controlled by such information resources, or components thereof, organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of the registrant’s information to maintain or support the registrant’s operations.

The required information must be provided in an Interactive Data File in accordance with Rule 405 of Regulation S-T and the EDGAR Filer Manual.

A report pursuant to Item 1.05 must be filed within four business days after the registrant determines that it has experienced a material cybersecurity incident.  A registrant’s materiality determination regarding a cybersecurity incident must be made without unreasonable delay after discovery of the incident.

To the extent that the information called for in Item 1.05 is not determined or is unavailable at the time of the required filing, the registrant must include a statement to that effect in the filing and then must file an amendment to its Form 8-K filing under this Item 1.05 containing such information within four business days after the registrant, without unreasonable delay, determines such information or within four business days after such information becomes available.

A registrant need not disclose specific or technical information about its planned response to the incident or its cybersecurity systems, related networks and devices, or potential system vulnerabilities in such detail as would impede the registrant’s response or remediation of the incident.

Materiality Assessment

The SEC declined to provide additional guidance regarding the application of a materiality determination to cybersecurity and declined to replace materiality with a significance standard. The SEC expects that registrants will apply materiality considerations as would be applied regarding any other risk or event that a registrant faces. According to the SEC, carving out a cybersecurity-specific materiality definition would mark a significant departure from current practice, and would not be consistent with the intent of the final rules. Accordingly, the SEC reiterated, consistent with the standard set out in the cases addressing materiality in the securities laws, that information is material if “there is a substantial likelihood that a reasonable shareholder would consider it important” in making an investment decision, or if it would have “significantly altered the ‘total mix’ of information made available.” Because materiality’s focus on the total mix of information is from the perspective of a reasonable investor, companies assessing the materiality of cybersecurity incidents, risks, and related issues should do so through the lens of the reasonable investor. The evaluation should take into consideration all relevant facts and circumstances, which may involve consideration of both quantitative and qualitative factors. Thus, for example, when a registrant experiences a data breach, it should consider both the immediate fallout and any longer term effects on its operations, finances, brand perception, customer relationships, and so on, as part of its materiality analysis. The SEC also noted that, given the fact-specific nature of the materiality determination, the same incident that affects multiple registrants may not become reportable at the same time, and it may be reportable for some registrants but not others.

Form 10-K, Item 1C

Registrants will be required to disclose the information required by Item 106 in Form 10-K.  The information required by this Item must be disclosed in an Interactive Data File in accordance with Rule 405 of Regulation S-T and the EDGAR Filer Manual. The information includes:

Risk management and strategy

 A description of the registrant’s processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats in sufficient detail for a reasonable investor to understand those processes. In providing such disclosure, a registrant should address, as applicable, the following non-exclusive list of disclosure items:

  • Whether and how any such processes have been integrated into the registrant’s overall risk management system or processes;
  • Whether the registrant engages assessors, consultants, auditors, or other third parties in connection with any such processes; and
  • Whether the registrant has processes to oversee and identify such risks from cybersecurity threats associated with its use of any third-party service provider.

Registrants must also describe whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the registrant, including its business strategy, results of operations, or financial condition and if so, how.

A “cybersecurity threat” is defined to mean any potential unauthorized occurrence on or conducted through a registrant’s information systems that may result in adverse effects on the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.

Governance

Registrant’s are also required to describe the board of directors’ oversight of risks from cybersecurity threats. If applicable, the registrant must identify any board committee or subcommittee responsible for the oversight of risks from cybersecurity threats and describe the processes by which the board or such committee is informed about such risks.

Management’s role in assessing and managing the registrant’s material risks from cybersecurity threats must also be disclosed. In providing such disclosure, a registrant should address, as applicable, the following non-exclusive list of disclosure items:

  • Whether and which management positions or committees are responsible for assessing and managing such risks, and the relevant expertise of such persons or members in such detail as necessary to fully describe the nature of the expertise;
  • The processes by which such persons or committees are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents; and
  • Whether such persons or committees report information about such risks to the board of directors or a committee or subcommittee of the board of directors.

Board of Directors’ Cybersecurity Expertise

The SEC declined to adopt disclosures regarding cybersecurity expertise of directors in the final rules.

S-3 Eligibility

General Instruction I.A.3.(b) of Form S-3 was amended so that the untimely filing of an Item 1.05 Form 8-K will not result in the loss of Form S-3 eligibility.

Implementation Deadlines The final rules will become effective 30 days following publication of the adopting release in the Federal Register. With respect to Regulation S-K Item 106, all registrants must provide such disclosures beginning with annual reports for fiscal years ending on or after December 15, 2023. With respect to compliance with the incident disclosure requirements in Form 8-K Item 1.05, all registrants other than smaller reporting companies must begin complying on the later of 90 days after the date of publication in the Federal Register or December 18, 2023. Smaller reporting companies will have an additional 180 days and must begin complying with Form 8-K Item 1.05 on the later of 270 days from the effective date of the rules or June 15, 2024. With respect to compliance with the structured data requirements, all registrants must tag disclosures required under the final rules in Inline XBRL beginning one year after initial compliance with the related disclosure requirement.

The SEC has adopted final amendments requiring disclosures related to issuers’ share repurchases. The amendments will require domestic issuers to:

  • Disclose daily repurchase activity quarterly;
  • Check a box indicating if certain directors or officers traded in the relevant securities within four business days before or after the public announcement of an issuer’s repurchase plan or program;
  • Provide narrative disclosure about the issuer’s repurchase programs and practices in its periodic reports; and
  • Provide quarterly disclosure in an issuer’s periodic reports on Forms 10-K and 10-Q related to an issuer’s adoption and termination of 10b5-1 trading arrangements.

Disclosure of Share Repurchases

The final amendments require corporate issuers that file on domestic forms to disclose the total repurchases made each day for the quarter in an exhibit to their Form 10-Q and Form 10-K (for the fourth fiscal quarter).  The final amendments also:

  • Require the daily repurchase data to be filed instead of furnished;
  • Eliminate the requirement in current Item 703(a) of Regulation S-K that issuers disclose their monthly quantitative repurchase data in their periodic reports as the information will be included in an exhibit;
  • Require disclosure of purchases that were “intended to qualify for” the Rule 10b-18 safe harbor; and
  • Require issuers to disclose, in tabular form, the number of shares purchased daily in reliance on Rule 10b-18 or intended to qualify for the affirmative defense provisions of Rule 10b5-1(c).

Narrative Revisions to Item 703 of Regulation S-K

The final amendments require an issuer to disclose:

  • The objectives or rationales for each repurchase plan or program and process or criteria used to determine the amount of repurchases;
  • Any policies and procedures relating to purchases and sales of its securities by its officers and directors during a repurchase program, including any restriction on such transactions; and
  • Whether any of its directors and officers subject to the reporting requirements under Exchange Act Section 16(a) purchased or sold shares or other units of the class of the issuer’s equity securities that are registered pursuant to section 12 of the Exchange Act and subject of a publicly announced repurchase plan or program within four business days before or after the issuer’s announcement of such repurchase plan or program or the announcement of an increase of an existing share repurchase plan or program by checking a box before the tabular disclosure of issuer purchases of equity securities.

Additionally, the final amendments require disclosure of the number of shares (or units) purchased other than through a publicly announced plan or program, and the nature of the transaction (e.g., whether the purchases were made in open-market transactions, tender offers, in satisfaction of the issuer’s obligations upon exercise of outstanding put options issued by the issuer, or other transactions), and certain disclosures for publicly announced repurchase plans or programs, including:

  • The date each plan or program was announced;
  • The dollar amount (or share or unit amount) approved;
  • The expiration date (if any) of each plan or program;
  • Each plan or program that has expired during the period covered by the table; and
  • Each plan or program the issuer has determined to terminate prior to expiration, or under which the issuer does not intend to make further purchases.

New Item 408(d)

New Item 408(d) will require an issuer to disclose whether, during its most recently completed fiscal quarter (the issuer’s fourth fiscal quarter in the case of an annual report), the issuer adopted or terminated a contract, instruction, or written plan to purchase or sell its securities intended to satisfy the affirmative defense conditions of Rule 10b5-1(c). Issuers are also required to provide a description of the material terms of the contract, instruction, or written plan (other than terms with respect to the price at which the party executing the respective trading arrangement is authorized to trade), such as:

  • The date on which the registrant adopted or terminated the Rule 10b5-1 trading arrangement;
  • The duration of the Rule 10b5-1 trading arrangement; and
  •  The aggregate number of securities to be purchased or sold pursuant to the Rule 10b5-1 trading arrangement.

New Item 408(d) does not require disclosure of the price at which the party executing the trading arrangement is authorized to trade.

Although there may be some overlap in the disclosure provided pursuant to new Item 408(d) and the disclosure provided pursuant to the amendment to Item 703 of Regulation S-K about an issuer’s Rule 10b5-1(c) trading arrangements adopted during the prior fiscal quarter, new Item 408(d) is intended to complement the new Item 703 disclosure. The disclosure requirement in Item 703 will be triggered only if an issuer had conducted a share repurchase in the prior fiscal quarter. In contrast, Item 408(d) will require disclosure if a Rule 10b5-1 plan was adopted or terminated, regardless of whether a share repurchase transaction pursuant to that plan actually occurred during the prior fiscal quarter that is covered in the Form 10-Q or Form 10-K (for the issuer’s fourth fiscal quarter). To prevent potential duplicative disclosures, the SEC included a note to Item 408(d)(1), which states that, if the disclosure provided pursuant to Item 703 contains disclosure that would satisfy the requirements of Item 408(d)(1), a cross-reference to that disclosure will satisfy the Item 408(d)(1) requirements.

Structured Data Requirement

The final amendments require issuers to tag the information disclosed pursuant to Items 601 and 703 of Regulation S-K in a structured, machine-readable data language in accordance with Rule 405 of Regulation S-T and the EDGAR Filer Manual. The final amendments require detail tagging of the quantitative amounts disclosed within the required tabular disclosures and block text tagging and detail tagging of required narrative and quantitative information.

Compliance Date

Domestic issuers will be required to comply with the new disclosure and tagging requirements in their Exchange Act periodic reports on Forms 10-Q and 10-K (for their fourth fiscal quarter) beginning with the first filing that covers the first full fiscal quarter that begins on or after October 1, 2023.

Both the NYSE and Nasdaq have issued proposed clawback rules in connection with SEC Rule 10D-1.

NYSE

The NYSE proposes to comply with Rule 10D-1 by adopting proposed new Section 303A.14 of the Listed Company Manual. Proposed Section 303A.14 is designed to conform closely to the applicable language of Rule 10D-1 and requires an issuer to adopt a Recovery Policy.

The issuer’s Recovery Policy must apply to all incentive-based compensation received by a person:

  • After beginning service as an executive officer;
  • Who served as an executive officer at any time during the performance period for that incentive-based compensation;
  • While the issuer has a class of securities listed on a national securities exchange or a national securities association; and
  • During the three completed fiscal years immediately preceding the date that the issuer is required to prepare an accounting restatement as described in proposed Section 303A.14.

An executive officer is the issuer’s president, principal financial officer, principal accounting officer (or if there is no such accounting officer, the controller), any vice-president of the issuer in charge of a principal business unit, division, or function (such as sales, administration, or finance), any other officer who performs a policy-making function, or any other person who performs similar policy making functions for the issuer.  Policy-making function is not intended to include policy making functions that are not significant. Identification of an executive officer for purposes of Section 303A.14 would include at a minimum executive officers identified pursuant to Regulation S-K Item 401(b).

 The amount of incentive-based compensation that must be subject to the issuer’s recovery policy (“erroneously awarded compensation”) is the amount of incentive-based compensation received that exceeds the amount of incentive[1]based compensation that otherwise would have been received had it been determined based on the restated amounts, and must be computed without regard to any taxes paid. For incentive-based compensation based on stock price or total shareholder return, where the amount of erroneously awarded compensation is not subject to mathematical recalculation directly from the information in an accounting restatement:

  • The amount must be based on a reasonable estimate of the effect of the accounting restatement on the stock price or total shareholder return upon which the incentive-based compensation was received; and
  • The issuer must maintain documentation of the determination of that reasonable estimate and provide such documentation to the Exchange.

The issuer must recover erroneously awarded compensation in compliance with its Recovery Policy except to the extent that the conditions in one of the three bullets set forth below are met, and the issuer’s committee of independent directors responsible for executive compensation decisions, or in the absence of such a committee, a majority of the independent directors serving on the board, has made a determination that recovery would be impracticable.

  • The direct expense paid to a third party to assist in enforcing the policy would exceed the amount to be recovered. Before concluding that it would be impracticable to recover any amount of erroneously awarded compensation based on expense of enforcement, the issuer must make a reasonable attempt to recover such erroneously awarded compensation, document such reasonable attempt(s) to recover, and provide that documentation to the Exchange.
  • Recovery would violate home country law where that law was adopted prior to November 28, 2022.
  • Recovery would likely cause an otherwise tax-qualified retirement plan, under which benefits are broadly available to employees of the registrant, to fail to meet the requirements of 26 U.S.C. 401(a)(13) or 26 U.S.C. 411(a) and regulations thereunder.

Proposed Section 802.01F(a) would provide that in any case where the Exchange determines that a listed issuer has not recovered erroneously-awarded compensation as required by its Recovery Policy reasonably promptly after such obligation is incurred, trading in all listed securities of such listed issuer would be immediately suspended and the Exchange would immediately commence delisting procedures with respect to all such listed securities. Rule 10D-1 does not specify the time by which the issuer must complete the recovery of excess incentive-based compensation, NYSE would however determine whether the steps an issuer is taking constitute compliance with its compensation Recovery Policy.

Nasdaq

As required by Rule 10D-1, Nasdaq proposes to adopt Listing Rule 5608, titled recovery of erroneously awarded compensation.

Under the proposed Rule, listed companies will be required to recover the amount of incentive-based compensation received by an executive officer that exceeds the amount the executive officer would have received had the incentive-based compensation been determined based on the accounting restatement. Incentive-based compensation is deemed received in the fiscal period during which the financial reporting measure specified in the incentive-based compensation award is attained, even if the grant or payment of the incentive-based compensation occurs after the end of that period. For incentive-based compensation based on stock price or total shareholder return, companies can use a reasonable estimate of the effect of the restatement on the applicable measure to determine the amount to be recovered.

Nasdaq defines “executive officer” in a manner similar to the NYSE proposal.

Equity awards that vest exclusively upon completion of a specified employment period, without any performance condition, and bonus awards that are discretionary or based on subjective goals or goals unrelated to financial reporting measures, do not constitute incentive-based compensation.

Nasdaq proposes to provide that a company is required to recover compensation in compliance with its recovery policy, except to the extent that pursuit of recovery would be impracticable in a manner similar to the NYSE proposal. Before concluding that pursuit is impracticable, a company must first make a reasonable attempt to recover the incentive-based compensation and provide that documentation to Nasdaq.

Nasdaq proposes to require that a company will be subject to delisting if it does not adopt a compensation recovery policy that complies with the applicable listing standard, disclose the policy in accordance with Commission rules or comply with the policy’s recovery provisions. Rule 10D-1 requires that a listed company recover the amount of erroneously awarded incentive-based compensation reasonably promptly, but does not specify the time by which the issuer must complete the recovery of excess incentive-based compensation; rather, Nasdaq would determine whether the steps an issuer is taking constitute compliance with its compensation recovery policy. The issuer’s obligation to recover erroneously awarded incentive-based compensation reasonably promptly will be assessed on a holistic basis with respect to each such accounting restatement prepared by the issuer. In evaluating whether an issuer is recovering erroneously awarded incentive-based compensation reasonably promptly, the Exchange will consider whether the issuer is pursuing an appropriate balance of cost and speed in determining the appropriate means to seek recovery, and whether the issuer is securing recovery through means that are appropriate based on the particular facts and circumstances of each executive officer that owes a recoverable amount.

The SEC has adopted final amendments to Rule 10b5-1 under the Securities Exchange Act of 1934. The amendments:

  • Add new conditions to the availability of the affirmative defense under Exchange Act Rule 10b5-1(c)(1), including cooling-off periods for directors, officers, and persons other than issuers;
  • Create new disclosure requirements regarding issuers’ insider trading policies and procedures and the adoption and termination (including modification) of Rule 10b5-1 and certain other trading arrangements by directors and officers;
  • Create new disclosure requirements for executive and director compensation regarding certain equity compensation awards made close in time to the issuer’s disclosure of material nonpublic information; and
  • Update Forms 4 and 5 to require filers to identify transactions made pursuant to a plan that is intended to satisfy the affirmative defense conditions of Rule 10b5-1(c) and to disclose all bona fide gifts of securities on Form 4.

Amendments to Rule 10b5-1

The SEC is amending Rule 10b5-1(c)(1) to:

  • Apply a cooling-off period on persons other than the issuer;
  • Impose a certification requirement on directors and officers;
  • Limit the ability of persons other than the issuer to use multiple-overlapping Rule 10b5-1 plans;
  • Limit the use of single-trade plans by persons other than the issuer to one such single-trade plan in any 12-month period; and
  • Add a condition that all persons entering into a Rule 10b5-1 plan must act in good faith with respect to that plan.

Cooling Off Period

The SEC is adopting a cooling-off period that will apply to all persons other than the issuer, with directors and “officers” (as defined in Rule 16a-1(f)) of the issuer subject to a longer cooling-off period than applies to other persons (other than the issuer) who rely on the Rule 10b5-1(c)(1) affirmative defense.

Under the final rule, a director or “officer” (as defined in Rule 16a-1(f)) who adopts (including a modification of) a Rule 10b5-1 plan would not be able to rely on the Rule 10b5-1 affirmative defense unless the plan provides that trading under the plan will not begin until the later of (1) 90 days after the adoption of the Rule 10b5-1 plan or (2) two business days following the disclosure of the issuer’s financial results in a Form 10-Q or Form 10-K for the fiscal quarter in which the plan was adopted or, for foreign private issuers, in a Form 20-F or Form 6-K that discloses the issuer’s financial results (but in any event, the required cooling-off period is subject to a maximum of 120 days after adoption of the plan).

The final rule does not impose the same cooling-off period required for directors and officers to other persons. Instead, the rule requires a cooling-off period of 30 days for persons other than directors, officers or the issuer.

The final rule provides that only certain types of modifications of an existing Rule 10b5-1 plan should trigger a new cooling-off period. A new paragraph to Rule 10b5-1(c)(1) specifically provides that a modification or change to the amount, price, or timing of the purchase or sale of the securities (or a modification or change to a written formula or algorithm, or computer program that affects the amount, price, or timing of the purchase or sale of the securities) underlying a contract, instruction, or written plan as described in Rule 10b5-1(c)(1)(i)(A) is a termination of such contract, instruction, or written plan, and the adoption of a new contract, instruction, or written plan, and such new adoption will trigger a new cooling-off period.

The SEC decided not to adopt a cooling-off period for the issuer at this time. In light of the comments received on this aspect of the proposed rules, the SEC believes that further consideration of a potential application of a cooling-off period to the issuer is warranted.

Director and Officer Certifications

Under the final rule, if a director or “officer” (as defined in Rule 16a-1(f)) of the issuer of the securities adopts a Rule 10b5-1 plan, as a condition to the availability of the affirmative defense, such director or officer will be required to include a representation in the plan certifying that at the time of the adoption of a new or modified Rule 10b5-1 plan that:

  • They are not aware of material nonpublic information about the issuer or its securities; and
  • They are adopting the contract, instruction, or plan in good faith and not as part of a plan or scheme to evade the prohibitions of Rule 10b-5.

The SEC did not adopt a proposed instruction that a director or officer seeking to rely on the affirmative defense should retain a copy of the certification for a period of ten years. The burden of establishing that the requirements of the affirmative defense have been met will fall on the corporate insider who wishes to rely on it. As a result, the SEC found that the proposed instruction was unnecessary as directors and officers already have reason to keep accurate records, including the representations, to establish that they have satisfied the conditions of the affirmative defense.

Multiple-Overlapping Rule 10b5-1 Plans

With respect to multiple overlapping Rule 10b5-1 contracts, instructions or plans, the final rule adds a condition to the Rule 10b5-1(c)(1) affirmative defense that persons, other than issuers, may not have another outstanding (and may not subsequently enter into any additional) contract, instruction or plan that would qualify for the affirmative defense under the amended Rule 10b5-1 for purchases or sales of any class of securities of the issuer on the open market during the same period.

The final rule addresses an insider’s use of multiple brokers to execute trades pursuant to a single Rule 10b5-1 plan that covers securities held in different accounts. Specifically, a series of separate contracts with different broker-dealers or other agents acting on behalf of the person (other than the issuer) to execute trades thereunder may be treated as a single “plan,” provided that the contracts with each broker-dealer or other agent, when taken together as a whole, meet all of the applicable conditions of and remain collectively subject to the provisions of Rule 10b5- 1(c)(1). A modification of any such contract will be a modification of each other contract or instruction.

The final rule also provides that a broker-dealer or other agent executing trades on behalf of the insider pursuant to the Rule 10b5-1 plan may be substituted by a different broker-dealer or other agent as long as the purchase or sales instructions applicable to the substituted broker and the substitute are identical, including with respect to the prices of securities to be purchased or sold, dates of the purchases or sales to be executed, and amount of securities to be purchased or sold.

The final rule permits persons (other than the issuer) to maintain two separate Rule 10b5-1 plans at the same time so long as trading under the later-commencing plan is not authorized to begin until after all trades under the earlier-commencing plan are completed or expire without execution.  This provision would not be available for the later-commencing plan, however, if the first trade under the later-commencing plan is scheduled to begin during the “effective cooling-off period”—namely, the cooling-off period that would be applicable under paragraph (c)(1)(ii)(B) to the later-commencing plan if the date of adoption of the later commencing plan were deemed to be the date of termination of the earlier-commencing plan.

The final rule permits certain “sell-to-cover” transactions in which an insider instructs their agent to sell securities in order to satisfy tax withholding obligations at the time an award vests. Under this modification, an insider will not lose the benefit of the affirmative defense with respect to an otherwise eligible Rule 10b5-1 plan if the insider has in place another plan that would qualify for the affirmative defense, so long as the additional plan or plans only authorize qualified sell-to-cover transactions.   The rule however does not permit sales incident to the exercise of option awards because it could create a risk of opportunistic trading. Option exercises occur at the discretion of the insider, and such decisions could occur when the insider later obtains material nonpublic information.

Single-Trade Plans

The final rule includes a limit on single-trade plans. The limitation applies to Rule 10b5-1 plans of all persons, other than the issuer. As a result, the final rule provides that if the contract, instruction, or plan is “designed to effect” the open-market purchase or sale of the total amount of securities as a single transaction, the contract, instruction or plan will not receive the benefit of the affirmative defense unless:

  • The person who entered into the contract, instruction, or plan has not, during the prior 12-month period, adopted another contract, instruction, or plan that was designed to effect the open-market purchase or sale of the total amount of securities subject to that plan in a single transaction; and
  • Such other contract, instruction, or plan in fact was eligible to receive the affirmative defense.

For the single-trade provision, a plan is “designed to effect” the purchase or sale of securities as a single transaction when the contract, instruction, or plan has the practical effect of requiring such a result. In contrast, a plan is not designed to effect a single transaction where the plan leaves the person’s agent discretion over whether to execute the contract, instruction, or plan as a single transaction. Similarly, a plan is also not designed to effect the purchase or sale of securities as a single transaction when

  • The contract, instruction, or plan does not leave discretion to the agent, but instead provides that the agent’s future acts will depend on events or data not known at the time the plan is entered into, such as a plan providing for the agent to conduct a certain volume of sales or purchases at each of several given future stock prices; and
  • It is reasonably foreseeable at the time the plan is entered into that the contract, plan, or instruction might result in multiple transactions.

Good Faith

The final rule adds a condition that the person who entered into the Rule 10b5-1 contract, instruction, or plan “has acted in good faith with respect to” the contract, instruction, or plan.  The SEC believes this requirement will help ensure that traders do not engage in opportunistic trading in connection with Rule 10b5-1 plans, and will help deter corporate insiders from improperly influencing the timing of corporate disclosures to benefit their trades under such a plan.

Additional Disclosures Regarding Rule 10b5-1 Trading Arrangements

Currently, there are no mandatory disclosure requirements concerning the use of Rule 10b5-1 trading arrangements or other trading arrangements by issuers or corporate insiders.

Quarterly Reporting of Rule 10b5-1 and Non-Rule 10b5-1 Trading Arrangements

The final rule will require registrants to disclose in Form 10-K and Form 10-Q whether, during the registrant’s last fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report), any director or “officer” (as defined in Rule 16a-1(f)) has adopted or terminated:

  • Any contract, instruction or written plan for the purchase or sale of securities of the registrant that is intended to satisfy the affirmative defense conditions of Rule 10b5-1(c) (a “Rule 10b5-1(c) trading arrangement”); and/or
  • Any written trading arrangement for the purchase or sale of securities of the registrant that meets the requirements of a non-Rule 10b5-1 trading arrangement as defined in Item 408(c) (a “non-Rule 10b5-1 trading arrangement”).

In addition, the final rule will require registrants to provide a description of the material terms of the Rule 10b5-1 trading arrangement or non-Rule 10b5-1 trading arrangement other than terms with respect to the price at which the individual executing the respective trading arrangement is authorized to trade, such as:

  • The name and title of the director or officer;
  • The date of adoption or termination of the trading arrangement;
  • The duration of the trading arrangement;
  • The aggregate number of securities to be sold or purchased under the trading arrangement;
  • Whether such trading arrangement is a Rule 10b5-1 trading arrangement or is a non-Rule 10b5-1 trading arrangement; and
  • Any modification or change to a Rule 10b5-1 plan by a director or officer that falls within the meaning of new Rule 10b5-1(c)(1)(iv).

Disclosure of Insider Trading Policies and Procedures

Under the final rule, registrants will be required to disclose whether they have adopted insider trading policies and procedures governing the purchase, sale, and other dispositions of their securities by directors, officers, and employees, or the registrant itself that are reasonably designed to promote compliance with insider trading laws, rules, and regulations, and any listing standards applicable to the registrant. If a registrant has not adopted such insider trading policies and procedures, it must explain why it has not done so. These disclosures will be required in annual reports on Form 10-K and proxy and information statements on Schedules 14A and 14C.

The final rule does not require disclosure of the registrant’s policies and procedures within the body of the annual report or proxy/information statement. Instead, the final rule requires issuers to file a copy of their insider trading policies and procedures as an exhibit to Form 10-K.

Identification of Rule 10b5-1 and non-Rule 10b5-1 Transactions on Forms 4 and 5

The final rule requires a Rule 10b5-1(c) checkbox as a mandatory disclosure requirement on Forms 4 and 5 that requires a Form 4 or 5 filer to indicate via the checkbox whether a transaction reported on that form was “intended to satisfy the affirmative defense conditions” of Rule 10b5-1(c).  An optional checkbox will allow a filer to indicate whether a transaction reported on the form was made pursuant to a pre-planned contract, instruction, or written plan for the purchase or sale of equity securities of the issuer that does not satisfy the conditions of Rule 10b5-1(c).

Disclosure Regarding Option Grants and Similar Equity Instruments Made Close in Time to the Release of Material Nonpublic Information

The final rule requires registrants to discuss the registrant’s policies and practices on the timing of awards of stock options, SARs and/or similar option-like instruments in relation to the disclosure of material nonpublic information by the registrant, including:

  • How the board determines when to grant such awards (for example, whether such awards are granted on a predetermined schedule);
  • Whether, and if so, how, the board or compensation committee takes material nonpublic information into account when determining the timing and terms of an award; and
  • Whether the registrant has timed the disclosure of material nonpublic information for the purpose of affecting the value of executive compensation.

The final rule provides that, if, during the last completed fiscal year, stock options, SARs, and/or similar option-like instruments were awarded to an NEO within a period starting four business days before the filing of a periodic report on Form 10-Q or Form 10-K, or the filing or furnishing of a current report on Form 8-K that discloses material nonpublic information (including earnings information), other than a current report on Form 8-K disclosing a material new option award grant under Item 5.02(e), and ending one business day after a triggering event, the issuer must provide the following information concerning each such award for the NEO on an aggregated basis in the tabular format set forth in the rule:

  • The name of the NEO;
  • The grant date of the award;
  • The number of securities underlying the award;
  • The per-share exercise price;
  • The grant date fair value of each award computed using the same methodology as used for the registrant’s financial statements under generally accepted accounting principles; and
  • The percentage change in the market price of the underlying securities between the closing market price of the security one trading day prior to and one trading day following the disclosure of material nonpublic information.

Reporting of Gifts on Form 4

Under the final rule, Section 16 reporting persons will be required to report dispositions of bona fide gifts of equity securities on Form 4 (rather than Form 5) in accordance with Form 4’s filing deadline (that is, before the end of the second business day following the date of execution of the transaction).

Transition

The final rules will become effective 60 days following publication of the adopting release in the Federal Register. Section 16 reporting persons will be required to comply with the amendments to Forms 4 and 5 for beneficial ownership reports filed on or after April 1, 2023. Issuers will be required to comply with the new disclosure requirements in Exchange Act periodic reports on Forms 10-Q, 10-K and 20-F and in any proxy or information statements in the first filing that covers the first full fiscal period that begins on or after April 1, 2023. The final amendments defer by six months the date of compliance with the additional disclosure requirements for smaller reporting companies.

The SEC has adopted rules to require securities exchanges to adopt listing standards that require issuers to develop and implement a policy providing for the recovery of erroneously awarded incentive-based compensation received by current or former executive officers. The final rules require a listed issuer to file the policy as an exhibit to its annual report and to include disclosures related to its recovery policy and recovery analysis where a recovery is triggered.

The new rules implement Section 10D of the Securities Exchange Act of 1934, a provision added by the Dodd-Frank Wall Street Reform and Consumer Protection Act. New Exchange Act Rule 10D-1 directs national securities exchanges and associations to establish listing standards that require a listed issuer to:

  • adopt and comply with a written policy for recovery of erroneously awarded incentive-based compensation received by its current or former executive officers in the event it is required to prepare an accounting restatement due to its material noncompliance with any financial reporting requirement under the securities laws, during the three completed fiscal years immediately preceding the date that the issuer is required to prepare an accounting restatement; and
  • disclose those compensation recovery policies in accordance with Commission rules, including providing the information in tagged data format.

Further the final rules require specific disclosure of the listed issuer’s policy on recovery of incentive-based compensation and information about actions taken pursuant to such recovery policy. The amendments also require all listed issuers to:

  • file their written recovery policies as exhibits to their annual reports;
  • indicate by check boxes on their annual reports whether the financial statements included in the filings reflect correction of an error to previously issued financial statements and whether any of those error corrections are restatements that required a recovery analysis; and
  • disclose any actions they have taken pursuant to such recovery policies.

The final rules will become effective 60 days following publication of the adopting release in the Federal Register. Exchanges will be required to file proposed listing standards no later than 90 days following publication of the release in the Federal Register, and the listing standards must be effective no later than one year following such publication. Issuers subject to such listing standards will be required to adopt a recovery policy no later than 60 days following the date on which the applicable listing standards become effective.

In a settled enforcement action, the SEC charged VMware, Inc., with omission of material information in its disclosures concerning its order “backlog” and revenue management, in quarterly and annual Exchange Act reports, on earnings calls, and in earnings releases, during its 2019 and 2020 fiscal years.   According to the SEC, this information was necessary in order to make such statements, in light of the circumstances under which they were made, not misleading.

The SEC alleged that beginning with the adoption of a new accounting standard for its FY2019, VMware began discretionarily holding back some sales orders, which were otherwise ready to be booked and recorded as revenue in the current quarter, in an effort to delay revenue and control the timing of revenue recognition, which was important to the company. These discretionary holds, which VMware referred to internally as “managed pipeline” or “MPL,” delayed the delivery of license keys to customers and thus, according to VMware’s revenue recognition policy, delayed the recognition of license revenue to the next quarter or service revenue to future quarters as services were performed. As a result, the SEC stated VMware shifted tens of millions of dollars in revenue into future quarters.

The SEC alleged VMware utilized discretionary holds if the company was on track to meet its financial guidance to securities analysts and investors. The holds then would be released shortly after the end of the quarter. This had the effect of increasing the amount of backlog that VMware reported in its Forms 10-Q and 10-K and delaying revenue recognition into future quarters.

According to the SEC, beginning with its Form 10-Q filed for Q1 FY19, VMware began disclosing in its filings that “[t]he amount and composition of [VMware’s] backlog will fluctuate period to period, and backlog is managed based upon multiple considerations, including product and geography,” but the disclosure omitted material information regarding the discretionary nature of VMware’s backlog, the extent to which VMware controlled the amount of its backlog, and how backlog was used to manage the timing of the company’s recognition of total and license revenue. In the SEC’s view VMware’s backlog practices during the relevant period were controlled for the purpose of determining in which quarters revenue would be recognized, and had the effect of obscuring the company’s financial results and avoiding revenue shortfalls versus company financial guidance and analysts’ estimates in at least three quarters during FY20, as well as full-year FY20.

The SEC charged VMware with non-scienter based provisions of the Securities Act and Exchange Act.  VMware agreed to pay a civil monetary penalty of $8,000,000.

VMware did not admit or deny the SEC’s findings.

The Securities and Exchange Commission adopted final rules implementing the pay versus performance requirement as required by Congress in the Dodd-Frank Act.

The rules will require registrants to disclose, in proxy or information statements in which executive compensation disclosure is required, how executive compensation actually paid by the registrants and related to the financial performance of the registrants over the time horizon of the disclosure based on the SEC’s rules.  The SEC has prescribed a prescriptive format for making the disclosure.

Overview            

The rules will apply to all reporting companies, except foreign private issuers, registered investment companies, and Emerging Growth Companies. Smaller Reporting Companies (“SRCs”) will be permitted to provide scaled disclosures.

New Item 402(v) of Regulation S-K will require registrants to provide a table disclosing specified executive compensation and financial performance measures for the registrant’s five most recently completed fiscal years.

Registrants will be required to include in the table, for the principal executive officer (“PEO”) and, as an average, for the other named executive officers (“NEOs”), the Summary Compensation Table measure of total compensation and a measure reflecting “executive compensation actually paid,” calculated as prescribed by the rule.

The financial performance measures to be included in the table are:

  • Total shareholder return (“TSR”) for the registrant;
  • TSR for the registrant’s peer group;
  • The registrant’s net income; and
  • A financial performance measure chosen by the registrant and specific to the registrant (the “Company-Selected Measure”) that, in the registrant’s assessment, represents the most important financial performance measure the registrant uses to link compensation actually paid to the registrant’s NEOs to company performance for the most recently completed fiscal year.

New Item 402(v) also will require a registrant to provide a clear description of the relationships between each of the financial performance measures included in the table and the executive compensation actually paid to its PEO and, on average, to its other NEOs over the registrant’s five most recently completed fiscal years. The registrant will be required to also include a description of the relationship between the registrant’s TSR and its peer group TSR.

A registrant will also be required to provide a list of three to seven financial performance measures that the registrant determines are its most important measures (using the same approach as taken for the Company-Selected Measure). Registrants are permitted, but not required, to include non-financial measures in the list if they considered such measures to be among their three to seven “most important” measures.

Registrants will be required to use Inline XBRL to tag their pay versus performance disclosure.

Effective Date

The rules will become effective 30 days following publication of the release in the Federal Register.

Registrants must begin to comply with these disclosure requirements in proxy and information statements that are required to include Item 402 executive compensation disclosure for fiscal years ending on or after December 16, 2022.

Registrants, other than SRCs, will be required to provide the information for three years in the first proxy or information statement in which they provide the disclosure, adding another year of disclosure in each of the two subsequent annual proxy filings that require this disclosure. SRCs will initially be required to provide the information for two years, adding an additional year of disclosure in the subsequent annual proxy or information statement that requires this disclosure. In addition, an SRC will only be required to provide the required Inline XBRL data beginning in the third filing in which it provides pay versus performance disclosure, instead of the first.

The Securities and Exchange Commission proposed amendments to Exchange Act Rule 14a-8, the shareholder proposal rule, which requires companies subject to the federal proxy rules to include shareholder proposals in their proxy statements, subject to certain procedural and substantive requirements.

According to the SEC the proposed amendments would:

  • Revise three of the substantive bases for exclusion of shareholder proposals under the rule: the substantial implementation exclusion; the duplication exclusion; and the resubmission exclusion;
  • Provide greater certainty and transparency to shareholders and companies as they evaluate whether these bases for exclusion would apply to particular proposals; and
  • Facilitate communication between shareholders and the companies they own, as well as among a company’s shareholders, on important issues.

The proposed amendments would revise the substantial implementation, duplication, and resubmission bases for excluding shareholder proposals.

Substantial Implementation. Rule 14a-8(i)(10) currently allows companies to exclude a shareholder proposal that “the company has already substantially implemented.” The proposed amendments would:

  • Provide that a proposal may be excluded as substantially implemented if “the company has already implemented the essential elements of the proposal.”

Duplication. Rule 14a-8(i)(11) currently allows companies to exclude a shareholder proposal that “substantially duplicates another proposal previously submitted to the company by another proponent that will be included in the company’s proxy materials for the same meeting.” The proposed amendments would:

  • Specify that a proposal “substantially duplicates” another proposal if it “addresses the same subject matter and seeks the same objective by the same means.”

Resubmission. Rule 14a-8(i)(12) currently allows companies to exclude a shareholder proposal that “addresses substantially the same subject matter as a proposal, or proposals, previously included in the company’s proxy materials within the preceding five calendar years” if the matter was voted on at least once in the last three years and did not receive sufficient shareholder support. The proposed amendments would:

  • Provide that a proposal constitutes a resubmission if it “substantially duplicates” a prior proposal; and
  • Specify that, as with the duplication exclusion, a proposal “substantially duplicates” another proposal if it “addresses the same subject matter and seeks the same objective by the same means.” These changes would align the “resubmission” standard under Rule 14a-8(i)(12) with the “duplication” standard under Rule 14a-8(i)(11), in consideration of the similar objectives of these exclusions.

The SEC brought an enforcement action against The Brink’s Company for using confidentiality agreements that the SEC alleged violated Exchange Act Rule 21F-17. That rule prohibits any person from taking any action to impede an individual from communicating directly with the Commission, including by “enforcing, or threatening to enforce, a confidentiality agreement….” The SEC has brought at least nine other similar enforcement actions in the past.

One of Brinks’ forms prohibited employees from divulging confidential information about the company to any third party without the prior written authorization of a Brinks, Inc. executive officer. The agreement defined “Confidential Information” broadly to include information about “current and potential customers, . . . prices, costs, business plans, market research, sales, marketing, . . . operational processes and techniques, [and] financial information including financial information set forth in internal records, files and ledgers or incorporated in profit and loss statements, financial reports and business plans. . . ,” The SEC notes that the reference to financial records often are components of whistleblower complaints.

The SEC stated that Brinks in-house attorneys received general client bulletins, legal alerts, and case summaries from various private law firms discussing the Commission’s enforcement actions charging violations of Rule 21F-17(a).  According to the SEC,  a partner at Brinks U.S.’s outside employment counsel, sent an email to the company’s General Counsels and other lawyer attaching a “Client Memo” that described the Commission’s initial Rule 21F-17 enforcement action, cited key findings from the Commission’s order, predicted that the Commission would be bringing more cases enforcing Rule 21F-17, and recommended that public companies consider incorporating into their employment agreements certain whistleblower carve-out language apparently copied verbatim from the order.

While Brinks eventually adopted whistleblower carve-outs into its severance agreements, the general confidentiality agreement was not modified.

Brinks agreed to pay a $400,000 civil monetary penalty to the SEC and agreed to certain injunctive relief.  Brinks did not admit or deny the SEC’s findings.

SEC Commissioner Hester M. Peirce issued a statement stating she believed the settlement exceeded the SEC’s authority.  Ms. Peirce objected to the requirement that Brinks’ employment agreement include the following provision:

Protected Rights. Employee understands that nothing contained in this Agreement limits Employee’s ability to file a charge or complaint with the Securities and Exchange Commission, or any other federal, state, or local governmental regulatory or law enforcement agency (“Government Agencies”). Employee further understands that nothing in this Agreement limits Employee’s ability to communicate with any Government Agencies or otherwise participate in or fully cooperate with any investigation or proceeding that may be conducted by any Government Agency [sic], including providing documents or other information, without notice to or approval from the Company. Employee can provide confidential information to Government Agencies without risk of being held liable by Brinks for liquidated damages or other financial penalties. This Agreement does not limit Employee’s right to receive an award for information provided to any Government Agencies.

Ms. Peirce objects to the text which expands the whistleblower protection beyond the SEC rules to include other government agencies.  She stated the Commission’s authority to adopt and enforce Rule 21F-17 necessarily is limited to the scope and purpose of Exchange Act Section 21F, which is to ensure the free flow of information to the Commission.

Ms. Peirce noted that even though Brinks agreed to this provision of the settlement that should not be misconstrued as an indication that other companies are under any obligation to use the same or similar language to avoid running afoul of Rule 21F-17.

The Securities and Exchange Commission adopted rules and form amendments to:

  • Mandate the electronic filing or submission of certain documents that currently are permitted to be filed or submitted in paper; and
  • Mandate the use of Inline eXtensible Business Reporting Language (“Inline XBRL”) for the filing of the financial statements and accompanying schedules to the financial statements required by Form 11-K.

The amended rules apply to various issuers, affiliates, and national securities exchanges that file or submit reports to the SEC and will require the electronic filing or submission of:

  • Documents that currently are permitted to be submitted electronically under Rule 101(b) of Regulation S-T, including notices of exempt solicitations and exempt preliminary roll-up communications, the “glossy” annual report to security holders, Form 144 for sales of securities of issuers subject to the reporting requirements of Section 13 or 15(d) of the Exchange Act, filings on Form 6-K, and filings made by multilateral development banks;
  • Certifications made pursuant to Section 12(d) of the Exchange Act and Exchange Act Rule 12d1-3 that a security has been approved by an exchange for listing and registration; and
  • Certain foreign language documents.

The amended rules also will require the use of Inline XBRL for the filing of the financial statements and accompanying notes to the financial statements required by Form 11-K and make technical updates to Form F-10, Form F-X, and Form CB to remove outdated references.

The Commission is providing the following transition periods to provide filers with adequate time to prepare to submit these documents electronically in accordance with the EDGAR Filer Manual, including applying for the necessary filer codes on EDGAR:

  • Six months after the effective date of the amendments for filers to submit their “glossy” annual reports to security holders electronically in accordance with the EDGAR Filer Manual and, other than for Form 144, for paper filers who would be first-time electronic filers;
  • Six Months after the date of publication in the Federal Register of the Commission release that adopts the version of the EDGAR Filer Manual addressing updates to Form 144 for filing Form 144 electronically on EDGAR; and
  • Three years after the effective date of the amendments for filers to submit the financial statements and accompanying schedules to the financial statements required by Form 11-K in the Inline XBRL structured data language.