To print this article, all you need is to be registered or login on Mondaq.com.
As a fitting cap to a busy month, on March 30, the SEC Division
of Examinations announced its
2022 Examination Priorities. These priorities are consistent
with the recent activities of the SEC more generally, as
exemplified by the Top 5 Enforcement Developments below. The
Examinations program will focus on private funds, environmental,
social, and governance (ESG) investing, retail investor
protections, information security and operational resiliency,
emerging technologies, and crypto-assets
These priorities, in addition to the key developments below,
provide high-level guidance to in-house counsel and compliance
professionals keeping abreast of the recent SEC developments.
1) Proposed Rules Changes on Cybersecurity
On March 9, 2022, the SEC
proposed rules that appear to formalize the Enforcement
Division’s
recent scrutiny of public company cybersecurity disclosures by
requiring specific disclosures regarding cybersecurity risk
management, strategy, governance, and incident reporting. If
adopted, the rules would require that issuers report material
cybersecurity incidents within four business days of a materiality
determination. The proposed rules would also require public
companies to provide periodic updates about previously reported
material cybersecurity incidents and to disclose immaterial
cybersecurity incidents, which, in the aggregate, are deemed to be
material. The amended rules also would require periodic reporting
about (i) a public company’s policies and procedures to
identify and manage cybersecurity risks; (ii) the company’s
board of directors’ cybersecurity expertise and oversight of
cybersecurity risks; and (iii) management’s role and expertise
in assessing and managing cybersecurity risk and implementing
cybersecurity policies and procedures.
Although the SEC has stated that the goal of these proposed
rules is to enhance cybersecurity disclosures to investors, the
practical operation of these requirements in an environment that
often requires forensic investigation and flexibility has caused
some cybersecurity professionals alarm. Critics of the proposed
rules have expressed concerns that requiring specific disclosure
about an incident’s impact on such things as business
operations may not be possible within four days of a materiality
determination, and have questioned the lack of a law enforcement
exception to the four-business-day deadline.
Whether the rules are adopted as proposed or are modified
following the 60-day comment period, the SEC’s proposal serves
as a good reminder for public companies to revisit cybersecurity
policies and procedures, including to ensure companies have the
requisite expertise to respond to a significant cyberattack, and to
confirm that incident response policies provide a clear path to
escalate incidents to senior leadership and/or a disclosure
committee as appropriate
2) Proposed Rules Changes on Climate-Related Disclosures
On March 22, 2022, the SEC
proposed new rules aimed at standardizing climate-related
disclosures for investors. This proposal appears to reflect a
paradigm shift to a more prescriptive approach to
disclosures—including requiring certain disclosures without
regard to materiality— leaving some observers to question
whether this change will be limited to climate-related disclosures
or signals a broader change at the Commission.
If adopted, the new rules would require public companies to
include certain climate-related disclosures in their registration
statements and periodic reports, as well as plans to address such
risks. The required disclosures would also include information
about an issuer’s greenhouse gas emissions, including from
upstream and downstream value-chain activities, although smaller
entities could be granted a safe harbor. As with the proposed
cybersecurity rules discussed above, the proposed climate-related
rules require disclosures regarding corporate governance and risk
management practices and the expertise of board members,
potentially impacting the people chosen to serve on such
boards.
These proposed rules serve as yet another reminder of the
SEC’s focus on climate-related disclosures—coming on the
heels of the SEC’s Division of Corporation Finance’s
publication of a sample letter in September 2021 illustrating
the kinds of comments that may be issued to companies regarding
their climate-related disclosures—such that companies would
be well served to ensure they have sufficient expertise to address
climate-related risks no matter what specific language is
ultimately adopted.
3) Proposed Rule Changes for SPACs
On March 30, 2022, the SEC took aim at special purpose
acquisition companies (SPACs) with proposed
rules focused on IPOs and “de-SPACs” involving those
SPACs. The primary goal of the proposed rules is to ensure
regulatory tools traditionally used to protect investors during
IPOs are applied to SPACs, including disclosure requirements,
standards for marketing practices, and gatekeeper and issuer
obligations.
Among the most important provisions of the proposed rules are
(i) the treatment of targets as “co-registrants” for
de-SPAC transactions, exposing such private operating companies and
signatories to liability under Section 11 of the Securities Act;
(ii) a change in the definition of blank-check companies so that
the PSLRA’s safe harbor provisions for forward-looking
statements would not apply to target companies’ projections;
and (iii) an expansion of who qualifies as an underwriter in the
de-SPAC transactions by “deem[ing] anyone who has acted as an
underwriter of the securities of a SPAC and takes steps to
facilitate a de-SPAC transaction, or any related financing
transaction or otherwise participates (directly or indirectly) in
the de-SPAC transaction to be engaged in a distribution and to be
an underwriter in the de-SPAC transaction.”
The proposal also includes a new rule addressing the status of
SPACs under the Investment Company Act of 1940, which would exempt
SPACs that satisfy certain conditions that limit their duration,
asset composition, business purpose, and activities from
registering under the Investment Company Act.
While in many instances the proposed rules require diligence and
disclosures many SPACs are already undertaking, the rules as
proposed threaten to add considerable cost and potential liability
to SPAC participants. In statements offered at the Commission’s
March 30, 2022 Open Meeting leading to these proposed rules, the
SEC’s Commissioners invited a robust comment process to help
clarify the costs and benefits of the proposed rules, and early
public reactions suggest these proposed rules will be vigorously
debated before any language is finalized and adopted.
4) Guidance for Lawyers and CCOs Acting as Gatekeepers
March has presented additional glimpses into the SEC’s and
FINRA’s views of the role of lawyers as regulatory gatekeepers.
On March 4, 2022, Commissioner Allison Herren Lee (who has since announced
she does not intend to seek a second term after a successor for her
is found) proposed new requirements intended for corporate lawyers
to live up to the goals of Section 307 of Sarbanes-Oxley, during
her
remarks at PLI’s Corporate Governance Master Class. Section
307 was supposed to create new structures of accountability for
lawyers, by mandating the adoption of minimum standards of
professional conduct for attorneys appearing before the SEC.
However, the only standard that has been adopted is the “up
the ladder” rule, which requires lawyers to report certain
potential violations up the chain of management. Commissioner Lee
suggests solutions to the problem of “can-do,” or
“goal-directed,” lawyering, which Lee described as legal
advice tailored to what management wants to hear. Lee’s
statements were aimed at the securities bar at large, and reflected
her thoughts on steps the SEC could take to fulfill the mandate of
Section 307, such as offering greater detail regarding a
lawyer’s obligation to a corporate client, clearer standards on
“materiality,” minimum standards of competence and
expertise, and some degree of oversight at the firm level.
Soon afterwards, on March 17, 2022, FINRA issued new guidance on
the role of chief compliance officers (CCOs) with respect to
supervisory liability. The guidance may come as a relief to CCOs
unsure about their obligations, as it specifies that FINRA will
bring actions against a CCO for failure to supervise under the
Supervision Rule (3110) only when the firm confers supervisory
responsibility on the CCO and the CCO fails to discharge those
responsibilities in a reasonable manner. Factors indicating that a
CCO was not reasonable in the discharge of responsibilities would
include whether he or she was aware of and failed to address
multiple red flags or actual misconduct, or if he or she failed to
establish, maintain, or enforce a firm’s written procedures.
The CCO could be spared if he or she had been given insufficient
support in terms of staffing, budget, training, or otherwise.
5) Ripple Executives Must Face Charges, but Key Defense Still
in Play
On March 11, 2022, Southern District of New York Judge Analisa
Torres
denied Ripple executives’ motions to dismiss the SEC’s
claims that they aided and abetted Ripple’s unregistered sale
of $1.4 billion worth of the company’s signature digital asset,
XRP. Judge Torres held that the agency had sufficiently alleged
that the two executives knew or recklessly disregarded facts that
made Ripple’s sale of XRP amount to the unregistered sale of
securities.
Notably, however, Judge Torres also
denied the agency’s request to strike Ripple’s
“fair notice” affirmative defense, i.e., Ripple’s
claim that it was never given fair notice by the agency that its
actions relating to the token violated securities laws. This
affirmative defense is integral to Ripple’s defense strategy,
as it has maintained since the action was filed in 2020 that the
SEC did not inform the company, or the crypto market generally,
that the SEC viewed XRP as a security.
SEC critics who have long argued that the Commission has been
“regulating through enforcement” rather than by adopting
clear cryptocurrency rules have hailed Judge Torres’s decision
to permit Ripple to pursue its affirmative defense as confirming
their views. At the very least, the decision supports the
industry’s need for clarity from the SEC and other regulators
as to the rules of the cryptocurrency road.
Originally Published by Harvard Law School Forum on
Corporate Governance
Because of the generality of this update, the information
provided herein may not be applicable in all situations and should
not be acted upon without specific legal advice based on particular
situations.
© Morrison & Foerster LLP. All rights reserved
