Last year, California became the first state to pass laws requiring companies to make disclosures about their greenhouse gas (“GHG”) emissions as well as the risks that climate change poses for their businesses and their plans for addressing those risks. These new laws now face funding and legal hurdles that are delaying their implementation.
While California’s new laws navigate these challenges, the U.S. Securities and Exchange Commission (“SEC”) adopted its own final climate disclosure rule on March 6. Formally entitled The Enhancement and Standardization of Climate-Related Disclosures for Investors (“SEC Rule”), it requires public companies to make disclosures about the climate-related risks that have materially impacted, or are reasonably likely to have a material impact on, a registrant’s business strategy, operations, or financial condition, and also to disclose their Scope 1 and Scope 2 GHG emissions. The SEC Rule is significantly scaled-back from what the SEC originally proposed in March 2022; most notably, it does not require disclosure of Scope 3 GHG emissions. It too faces legal challenges.
California’s New Laws[1]
On October 7, 2023, California Governor Gavin Newsom signed into law two sweeping climate disclosure bills, Senate Bill 253 (“SB 253”), the Climate Corporate Data Accountability Act, and Senate Bill 261 (“SB 261”), the Climate-Related Risk Act.
Under SB 253, companies that do business in California and have more than $1 billion in annual revenue will be required to disclose emissions data to the California Air Resources Board (“CARB”) each year, starting in 2026. The new law will affect more than 5,400 companies. Under the new law, CARB can levy fines of up to $500,000 per year for violations thereunder. The new reporting requirements apply to both public and private companies, unlike the SEC Rule, which applies only to certain public companies.
Under SB 261, companies with more than $500 million in annual revenue will be required to disclose on a biennial basis how climate change impacts their business, including reporting certain climate-related financial risks and their plans for addressing those risks. These disclosures also begin in 2026 and will affect roughly 10,000 companies.
Funding Hurdles
Funding is necessary for CARB to develop and implement regulations for both climate disclosure laws, as well as to review, administer, and enforce the new laws. To implement SB 253, CARB estimated that it required $9 million in the 2024-25 fiscal year and $2 million in the 2025-26 fiscal year. For SB 261, CARB estimated that it needed an aggregate of $13.7 million over the 2024-25 and 2025-26 fiscal years to identify covered entities, establish regulations, and develop a verification program.
Governor Newsom’s $291.5 billion budget proposal for the 2024-25 fiscal year did not allocate any funding for the implementation of the new laws. The sponsors of the two laws, SB 253’s Senator Scott Wiener and SB 261’s Senator Henry Stern, immediately released a statement sharply critical of this aspect of the Governor’s budget proposal.[2] With limited exceptions, the budget proposal defers all new discretionary spending decisions to the spring, pending input from the legislature, with a final spending plan expected in July of 2024.
The budget process in California can be a lengthy negotiation. The Governor proposes a budget, but then must work with the Legislature to develop the final budget. In this regard, it is important to note that Senator Wiener was appointed to chair the Senate Budget Committee earlier this year. Thus, it’s possible that funding will be provided to implement the laws, though CARB already faced an aggressive set of deadlines for developing the regulations.
Legal Challenges
Some companies, including tech giants like Apple and Salesforce, want the new rules implemented quickly. Large businesses may have an interest in implementing the legislation expeditiously for the benefit of operational certainty and because they have the resources to absorb costs that their smaller competitors cannot. Other companies view the new rules as needlessly burdensome and are committed to halting the legislation in its tracks.
In January, the U.S. Chamber of Commerce joined the American Farm Bureau Federation, California Chamber of Commerce, Central Valley Business Federation, Los Angeles County Business Federation and Western Growers Association in filing a lawsuit[3]in federal district court challenging the climate disclosure laws under the theory that they violate the First Amendment of the U.S. Constitution and are preempted by federal law.
According to the complaint, the climate disclosure requirements violate the First Amendment of the U.S. Constitution by “forc[ing] thousands of companies to engage in controversial speech that they do not wish to make, untethered to any commercial purpose or transaction…for the explicit purpose of placing political and economic pressure on companies to “encourage” them to conform their behavior to the political wishes of the State.” The plaintiffs argue that, in the event that the State seeks to compel a business to speak noncommercially on controversial political matters, such action shall be presumed by a reviewing court to be unconstitutional unless the government proves that it is narrowly tailored to serve a compelling state interest. The plaintiffs also allege that the new climate disclosure laws are not narrowly tailored to further any legitimate interest of the state, let alone a compelling one.
The lawsuit also contends that the federal Clean Air Act preempts California’s ability to regulate GHG emissions beyond its jurisdictional borders. According to the plaintiffs, the new laws seek to regulate out-of-state emissions “through a novel program of speech regulation.” The complaint further argues that, because the new disclosure requirements operate as de facto regulations of GHG emissions nationwide, they “run headlong” into the Dormant Commerce Clause and broader principles of federalism. The plaintiffs ask the court to enjoin California from implementing or enforcing the new rules, thereby making them null and void.
A more serious preemption challenge may be that the California climate disclosure laws are preempted by the SEC Rule. The issue was addressed during the March 6 SEC hearing (discussed below), and it’s been reported that SEC General Counsel Megan Barbero answered that “nothing” in the Rule “expressly preempts any state law.” However, she added that the issue could arise as a question of “implied preemption,” which “would be determined by a court in a future judicial proceeding.” The question would be whether the SEC has “occupied the field” to such an extent that it preempts state rules in the space. Those would be questions of fact largely turning on how the climate laws are being applied and enforced, and thus any such challenge is likely to await CARB’s implementation of the laws.
The SEC Rule
On March 6, 2024, the SEC adopted the final SEC Rule which will require public companies to include certain climate-related disclosures in registration statements and annual reports. The final SEC Rule requires registrants to disclose material climate-related risks, activities undertaken to mitigate or adapt to such risks, information regarding the board of directors’ oversight of climate-related risks and management of material climate-related risks, and information about climate-related targets or goals that are material to the company’s business, operations, or financial condition.
To add transparency to investors’ assessments of certain climate-related risks, the SEC Rule also requires disclosure of material Scope 1 and Scope 2 GHG emissions, the filing of an attestation report in connection thereof, and disclosure of impacts that severe weather events and other climate-related conditions have on financial statements, including costs and losses. The final SEC Rule includes a phased-in compliance period for all registrants, with compliance dates ranging from fiscal year 2025-26 to 2031-32, depending on the registrant’s filer status and the content of the disclosure. In general, the SEC Rule requires less than the California climate disclosure laws, as Senator Wiener observed[4].
Key Takeaways
Implementation and/or enforcement of SB 253 and SB 261 is delayed for the time being due to a lack of funding, and thus the roll-out of the regulatory regime for the two laws appears likely to slip, such that the laws’ 2026 compliance deadlines may also slip.
The lawsuit challenging SB 253 and SB 261 adds some uncertainty to the process of ensuring compliance with climate disclosure requirements, and may cause further delay.
The delayed implementation of the new laws affords companies additional time to develop a compliance strategy. Due to the lessened scope of the SEC Rule, companies that are prepared to comply with the California laws are likely to be prepared to comply with the SEC Rule. And implementation of the SEC Rule may be delayed by legal challenges as well, thereby creating more time for companies to develop a compliance strategy.
FOOTNOTES
[1] A prior article describing these laws in more detail is here.
[3] Chamber of Commerce of the United States of America, et al. v. Cal. Air Resources Board, et al. (Cal. Central Dist., Western Div.) (Case No. 2:24-cv-00801).
On March 6, 2024, by unanimous vote, the Securities and Exchange Commission (SEC) adopted changes to Rule 605 under Regulation NMS, the provision that previously required only entities defined as “market centers” to publish detailed statistics on the quality of execution of “covered orders” in NMS stocks. Amended Rule 605 expands the reporting requirement in many ways:
by reporting party, to (a) broker-dealers with over 100,000 customer accounts (not just “market centers”); (b) Single Dealer Platforms; and (c) Automated Trading Systems (as a stand-alone reporter, separate from any reports by the broker-dealer operator the ATS);
by expanding the scope of “covered orders” to include: (a) non-marketable limit orders received outside market hours and executed during market hours; (b) stop orders; and (c) short sale orders not marked short exempt and not subject to price test restrictions under Reg SHO.
by revising time and size categories to include odd-lot and fractional share orders and measure execution time in microseconds and milliseconds. Timestamps must also contain millisecond granularity.
by expanding execution quality metrics. This expansion is wide-ranging and, among other things, (a) adds effective over quoted spread (“E/Q”) as a reporting metric; (b) requires reporting of average realized spread at multiple periods from 50 milliseconds to five minutes after execution; (c) measures price improvement not only relative to the NBBO, but also relative to the “best available displayed price,” a new baseline that includes available odd-lot liquidity; (d) adds measures of size improvement; and (e) includes fill rate information for non-marketable limit orders.
In the past, Rule 605 reports were practically unreadable for retail investors. They were data-heavy rather than in “plain English” and were reported at the security level, requiring significant data analysis to draw meaningful conclusions. The revised Rule seeks to remedy this deficiency, requiring covered broker-dealers and market centers to provide a Summary Report broken out by S&P 500 and non-S&P 500 securities, by order type (market and marketable limit) and order size, with columns for: average order size (shares and notional), average midpoint, percentage of orders executed at the quote or better, percentage receiving price improvement (both absolute and as a percentage of midpoint); average effective spread; average quoted spread; average effective over quoted spread (or “E/Q” percentage); average realized spread 15 seconds and one minute after execution; and average execution speed, in milliseconds.
While the rule revisions are comprehensive and will require significant programming (or vendor) expense, particularly for broker-dealers newly subject to the rule, many of the changes are welcome. Rule 605 had previously been subject to many increasingly outdated metrics, and firms that route orders will welcome more comprehensive and granular data elements. It remains to be seen whether retail and institutional customers will use the data to demand better execution quality from their broker-dealers or manage order-entry decisions based on the data.
What is meaningful, however, is the timing of this rule revision. These revisions were proposed in December 2022 as part of a package of significant market structure changes, including a proposed Order Competition Rule, a proposed far-reaching SEC best execution requirement known as Regulation Best Execution, and proposals to revise the pricing increments for quoting and trading equity securities and the minimum fees to access that liquidity. These other proposals were very controversial and subject to strong pushback from many parts of the securities industry. Many argued that the SEC should first adopt the proposed amendments to Rule 605 and then use the data from revised Rule 605 reporting to evaluate the other rule proposals. This approach would, of course, delay consideration of the other rule proposals while data were generated under revised Rule 605. The SEC’s adoption of just the Rule 605 revisions does not preclude further consideration of the other rules, but it is a welcome development and a step in the right direction.
The Rule 605 amendments will become effective 60 days after the release is published in the Federal Register. The compliance date is currently set for 18 months after that effective date.
On March 6, 2024, the Securities and Exchange Commission (the “SEC”) adopted regulations[1] that will require public companies to file mandatory climate-related disclosures with the SEC beginning in 2026. First proposed in March 2022, the climate-related disclosure rules were finalized after consideration of over 24,000 comment letters and active lobbying of the SEC by business and public interest groups alike. These new rules are aimed at eliciting more consistent, comparable, and reliable information for investors to make informed decisions related to climate-related risks on current and potential investments.
The new rules require a registrant to disclose material climate-related risks and activities to mitigate or adapt to those risks; information about the registrant’s oversight of climate-related risks and management of those risks; and information on any climate-related targets or goals that are material to the registrant’s business, results of operations, or financial condition. In addition, these new rules require disclosure of Scope 1 and/or Scope 2 greenhouse gas (“GHG”) emissions with attestation by certain registrants when emissions are material; and disclosure of the financial effects of extreme weather events.
Unlike the initial proposal, the EU Climate Sustainability Reporting Directive (“CSRD”) and the California Climate Data Accountability Act, the new rules do not require disclosure of Scope 3 GHG emissions. The new rules require reporting based upon financial materiality, not the double-materiality (impact and financial) standard utilized by the EU under the CSRD. Whether registrants will ultimately be required to comply with the new rules depend upon the outcome of anticipated challenges, such as the challenge to the SEC’s authority to promulgate the rule filed in the Eleventh Circuit on March 6th by a coalition of ten states.
Highlights of the New Rule
In the adopting release, the SEC notes that companies are increasingly disclosing climate-related risks, whether in their SEC filings or via company websites, sustainability reports, or elsewhere; however, the content and location of such disclosures have been varied and inconsistent.[2] The new rules not only specify the content of required climate-related disclosures but also the presentation of such disclosures.
The new rules amend the SEC rules under the Securities Act of 1933 (“Securities Act”) and Securities Exchange Act of 1934 (“Exchange Act”), creating a new subpart 1500 of Regulation S-K and Article 14 of Regulation S-X. As a result, registrants, companies that are registered under the Exchange Act, will need to:
File climate-related disclosures with the SEC in their registration statements and Exchange Act annual reports;
Provide the required climate-related disclosures in either a separately captioned section of the registration statement or annual report, within another appropriate section of the filing, or the disclosures may be included by reference from another SEC filing so long as the disclosure meets the electronic tagging requirements; and
Electronically tag climate-related disclosures in Inline XBRL.
The rules require a registrant to disclose:
Climate-related risks that have had or are reasonably likely to have a material impact on the registrant’s business strategy, results of operations, or financial condition;
The actual and potential material impacts of any identified climate-related risks on the registrant’s strategy, business model, and outlook;
Specified disclosures regarding a registrant’s activities, if any, to mitigate or adapt to a material climate-related risk including the use, if any, of transition plans, scenario analysis, or internal carbon prices;
Any oversight by the board of directors of climate-related risks and any role by management in assessing and managing the registrant’s material climate-related risks;
Any processes the registrant has for identifying, assessing, and managing material climate-related risks and, if the registrant is managing those risks, whether and how any such processes are integrated into the registrant’s overall risk management system or processes;
Information about a registrant’s climate-related targets or goals, if any, that have materially affected or are reasonably likely to materially affect the registrant’s business, results of operations, or financial condition. Disclosures would include material expenditures and material impacts on financial estimates and assumptions as a direct result of the target or goal or actions taken to make progress toward meeting such target or goal;
For large accelerated filers (“LAFs”) and accelerated filers (“AFs”) that are not otherwise exempted, information about material Scope 1 emissions and/or Scope 2 emissions;
For those required to disclose Scope 1 and/or Scope 2 emissions, an assurance report at the limited assurance level, which, for an LAF, following an additional transition period, will be at the reasonable assurance level;
The capitalized costs, expenditures expensed, charges, and losses incurred as a result of severe weather events and other natural conditions, such as hurricanes, tornadoes, flooding, drought, wildfires, extreme temperatures, and sea level rise, subject to applicable one percent and de minimis disclosure thresholds, disclosed in a note to the financial statements;
The capitalized costs, expenditures expensed, and losses related to carbon offsets and renewable energy credits or certificates (“RECs”) if used as a material component of a registrant’s plans to achieve its disclosed climate-related targets or goals, disclosed in a note to the financial statements; and
If the estimates and assumptions a registrant uses to produce the financial statements were materially impacted by risks and uncertainties associated with severe weather events and other natural conditions or any disclosed climate-related targets or transition plans, a qualitative description of how the development of such estimates and assumptions was impacted, disclosed in a note to the financial statements.
Highlights of what did not get adopted
In its adopting release, the SEC described various modifications it made to its March 2022 proposed rules. The SEC explained that it made many of these changes in response to various comment letters it received. Some of the proposed rules that did not get adopted are:[3]
The SEC eliminated the proposed requirement to provide Scope 3 emissions disclosure.
The adopted rules in many instances now qualify the requirements to provide certain climate-related disclosures based on materiality.
The SEC eliminated the proposed requirement for all registrants to disclose Scope 1 and Scope 2 emissions in favor of requiring such disclosure only by large accelerated filers and accelerated filers on a phased in basis and only when those emissions are material and with the option to provide the disclosure on a delayed basis.
The SEC also exempted emerging growth companies and smaller reporting companies from the Scope 1 and Scope 2 disclosure requirement.
The SEC modified the proposed assurance requirement covering Scope 1 and Scope 2 emissions for accelerated filers and large accelerated filers by extending the reasonable assurance phase in period for LAFs and requiring only limited assurance for AFs.
The SEC eliminated the proposed requirements for registrants to disclose their GHG emissions in terms of intensity.[4]
The SEC removed the requirement to disclose the impact of severe weather events and other natural conditions and transition activities on each line item of a registrant’s financial statements. The SEC now requires disclosure of financial statement effects on capitalized costs, expenditures, charges, and losses incurred as a result of severe weather events and other natural conditions in the notes to the financial statements.
The adopted rules are less prescriptive than certain of those that were proposed. For example, the former now exclude in Item 1502(a) of Regulation S-K negative climate-related impacts on a registrant’s value chain from the definition of climate-related risks required to be disclosed. Similarly, this definition no longer includes acute or chronic risks to the operations of companies with which a registrant does business. Also, Item 1501(a) as adopted omits the originally proposed requirement for registrants to disclose (a) the identity of board members responsible for climate-risk oversight, (b) any board expertise in climate-related risks, (c) the frequency of board briefings on such risks, and (d) the details on the board’s establishment of climate-related targets or goals. Along the same lines, Item 1503 as adopted requires disclosure of only those processes for the identification, assessment, and management of material climate-related risks as opposed to a broader universe of climate-related risks. The rule as adopted does not require disclosure of how the registrant (a) determines the significance of climate-related risks compared to other risks, (b) considers regulatory policies, such as GHG limits, when identifying climate-related risks, (c) considers changes to customers’ or counterparties’ preferences, technology, or market prices in assessing transition risk, and (d) determines the materiality of climate-related risks. In the same vein, the adopted rules, unlike the proposed rules, do not require disclosure of how the registrant determines how to mitigate any high priority risks. Nor do the new rules retain the proposed requirement for a registrant to disclose how any board or management committee responsible for assessing and managing climate-related risks interacts with the registrant’s board or management committee governing risks more generally.
The SEC eliminated the proposal to require a private company that is a party to a business combination transaction, as defined by Securities Act Rule 165(f), registered on Form S-4 or Form F-4, to provide the subpart 1500 and Article 14 disclosures.
Timing of Implementation
The new rules will become effective 60 days after publication in the Federal Register. Compliance with the rules will not be required until much later, however.
Consistent with its earlier proposal, and in response to comments that the SEC received concerning the timing of implementing the proposed rule, the new rules contain delayed and staggered compliance dates that vary according to the registrant’s filing status and the type of disclosure.
The below table from the SEC’s new release summarizes the phased-in implementation dates.[5]
FILING STATUS
Large Accelerated Filers (“LAFs”)—a group whom the SEC believed most likely to be already collecting and disclosing climate-related information—will be the first registrants required to comply with the rule. The earliest that an LAF would be required to comply with the climate-disclosure rules would be upon filing its Form 10-K for the fiscal year ended December 31, 2025, which would be due no later than March 2026.[6]
Accelerated Filers (“AFs”) are not required to comply with the new rules for yet another year after LAFs. Climate-related disclosures for AFs must be included upon filing a Form 10-K for the fiscal year ended December 31, 2026, due no later than March 2027. Smaller Reporting Companies (“SRCs”), Emerging Growth Companies (“EGCs”), and Non-Accelerated Filers (“NAFs”) have yet another year to meet the first compliance deadline for climate-related disclosures. These types of filers need not include their climate-related disclosures until filing their Form 10-Ks for the fiscal year ended December 31, 2027, which, again, would be due no later than March 2028.
TYPES OF DISCLOSURES
The new rules also phase in the requirements to include certain disclosures over time. The requirements to provide quantitative and qualitative disclosures concerning material expenditures and material impacts to financial estimates or assumptions under Items 1502(d)(2), 1502(e)(2), and 1504(c)(2) are not applicable until the fiscal year immediately following the fiscal year in which the registrant’s initial compliance is required. LAFs, for example, are not required to report these qualitative and quantitative disclosures until filing a Form 10-K for the fiscal year ended December 31, 2026, due in March 2027. That should be one year after an LAF files its first Form 10-K with climate-related disclosures. The SEC adopted this phased-in approach to respond to commentators’ concerns regarding the availability (or current lack thereof) of policies, processes, controls, and system solutions necessary to support these types of disclosures.
Likewise, the new rules provide for a further phased-in compliance date for those registrants required to report their Scope 1 and Scope 2 GHG emissions and an even later date for those filers to obtain limited or reasonable assurance for those emissions disclosures. An LAF, for example, is not required to disclose its Scope 1 and Scope 2 emissions until filing its Form 10-K for the fiscal year ended December 31, 2026, due in March 2027. And those disclosures would not be required to be subject to the limited-assurance or reasonable-assurance requirements until filing the Form 10-K for the year ended December 31, 2029 or December 31, 2033, respectively.
In accordance with the table above, AFs, SRCs, EGCs, and NAFs have even more time to meet these additional disclosure requirements, if they are required to meet them at all.
It should be noted that the SEC recognized that registrants may have difficulty in obtaining GHG emission metrics by the date their 10-K report would be due. As a result, the rule contains an accommodation for registrants required to disclose Scope 1 and Scope 2 emissions, allowing domestic registrants, for example, to file those disclosures in the Form 10-Q for the second fiscal quarter in the fiscal year immediately following the year to which the GHG emissions disclosure relates. This disclosure deadline is permanent and not for a transition period.
Liability for Non-Compliance
In the introduction to the adopting release, the SEC explains that requiring registrants to provide certain climate-related disclosures in their filings will, among other things, “subject them to enhanced liability that provides important investor protections by promoting the reliability of the disclosures.”[7] This enhanced liability stems from the treatment of the disclosures as “filed” rather than “furnished” for purposes of Exchange Action Section 18 and, if included or otherwise incorporated by reference into a Securities Act registration statement, Securities Act Section 11.[8] According to the SEC, “climate-related disclosures should be subject to the same liability as other important business or financial information” that registrants include in registration statements and periodic reports and, therefore, should be treated as filed disclosures.[9]
In an attempt to balance concerns about the complexities and evolving nature of climate data methodologies and increased litigation risk, the SEC, in the adopting release, emphasizes certain modifications made in the new rules including:
limiting the scope of the GHG emissions disclosure requirement;
revising several provisions regarding the impacts of climate-related risks on strategy, targets and goals, and financial statement effects so that registrants will be required to provide the disclosures only in certain circumstances, such as when material to the registrant; and
adopting a provision stating that disclosures (other than historic facts) provided pursuant to certain of the new subpart 1500 provisions of Regulation S-K constitute “forward-looking statements” for the purposes of the PSLRA safe harbors.[10]
Registrants are subject to liability under Securities Act Section 17(a), Exchange Act Section 10(b), and/or Rule 10b-5 for false or misleading material statements in the information disclosed pursuant to the new rules.[11]
Observations
Consistent with its recent trajectory, the SEC continues to be a kinder, gentler regulator on climate disclosure requirements. Although the new rules will apply broadly to publicly traded companies, their scope is less demanding than the requirements under recent similar laws enacted in California or the EU. Under the California Climate Corporate Data Accountability Act (the “CCDA”), companies with annual revenues in excess of $1 billion and “doing business in California”[12] will be required to publicly disclose Scope 1 and Scope 2 emissions beginning in 2026, and Scope 3 emissions beginning in 2027. And because the California law applies to all companies, not just those that are publicly traded, it is also more broadly applicable and will trigger assessments and compliance for companies that are not subject to the SEC’s rule. The CCDA is currently the subject of legal challenge that includes questions of whether the required disclosures violate the First Amendment right to free speech, as well as possible federal preemption. As a result, there is a chance that the CCDA may yet be diluted or found unconstitutional. But in light of the imminent timeline for compliance, many companies subject to the CCDA are already developing programs to facilitate and ensure timely compliance with the requirements.
Similarly, the EU has broader reporting obligations under the CSRD than the SEC’s new rules. Compliance with the CSRD is required for both public and private EU companies as well as for non-EU companies with certain net annual turnovers, certain values of assets, and a certain number of employees. Under the CSRD, companies must publish information across a wide spectrum of subjects, including emissions, energy use, diversity, labor rights, and governance. Initial reporting under the CSRD begins to phase-in in 2025.
A key takeaway here is that although the SEC rules may have taken a lighter approach to climate disclosures, many large companies are likely to be subject to more stringent requirements under either the CCDA or the EU CSRD. And as some companies begin to comply to provide this information and data, the market may drive demand and an expectation that other companies, not otherwise subject to these various reporting regimes, follow suit. While the SEC rules may be a slimmed down version of what could have been, it is likely that the trend toward transparency and disclosure will continue to be driven by other regulatory bodies and market forces alike.
[1] Securities and Exchange Commission, Final Rule The Enhancement and Standardization of Climate-Related Disclosures for Investors, 17 CFR 210, 229, 230, 232, 239, and 249, adopting release available at https://www.sec.gov/files/rules/final/2024/33-11275.pdf.
[2] Id. at 48.
[3] Id. at 31-33.
[4] Id. at 225.
[5] Id. at 589.
[6] The new rules’ compliance dates apply to annual reports and registration statements. But, in the case of registration statements, compliance is required beginning with any registration statement that is required to include financial information for the full fiscal year indicated in the table above.
[7] Id. at 13.
[8] Id. at 584. At a high level, Section 18 imposes liability for false and misleading statements with respect to any material fact in documents filed with the SEC under the Exchange Act and Section 11 imposes liability for material misstatements or omissions made in connection with registered offerings conducted under the Securities Act.
[9] Id.
[10] Id. at 803.
[11] Id.
[12] A term which is not defined in the law, but is likely intentionally very broad, and is expected to be interpreted in that way.
This is likely to be one of the most consequential rulemakings of Chairman Gary Gensler’s tenure given the prioritization of addressing climate change as a key pillar for the Biden administration. However, given the significant controversy associated with this rulemaking effort, the final rules are likely to face legal challenges and congressional oversight in the coming months. As such, it remains unclear at this point whether the final rules will survive the forthcoming scrutiny.
WHAT IS IN THE RULE?
According to the SEC’s fact sheet:
“The final rules would require a registrant to disclose, among other things: material climate-related risks; activities to mitigate or adapt to such risks; information about the registrant’s board of directors’ oversight of climate-related risks and management’s role in managing material climate-related risks; and information on any climate-related targets or goals that are material to the registrant’s business, results of operations, or financial condition.
Further, to facilitate investors’ assessment of certain climate-related risks, the final rules would require disclosure of Scope 1 and/or Scope 2 greenhouse gas (GHG) emissions on a phased-in basis by certain larger registrants when those emissions are material; the filing of an attestation report covering the required disclosure of such registrants’ Scope 1 and/or Scope 2 emissions, also on a phased-in basis; and disclosure of the financial statement effects of severe weather events and other natural conditions including, for example, costs and losses.
The final rules would include a phased-in compliance period for all registrants, with the compliance date dependent on the registrant’s filer status and the content of the disclosure.”
NEXT STEPS
The final rules are likely to face significant opposition, including legal challenges and congressional oversight. It is expected that there will be various lawsuits brought against the final rules, which are likely to receive support from several industry groups, or potentially GOP-led state attorneys general who have been active in litigating against environmental, social and governance (ESG) policies and regulations. It is also possible that the final rules could face criticism from some climate advocates that the SEC did not go far enough in its disclosure requirements.
Further, it is expected that the House Financial Services Committee (HFSC) will conduct oversight hearings, as well as introduce a resolution under the Congressional Review Act (CRA), to attempt to block the regulations from taking effect. HFSC Chairman Patrick McHenry (R-NC) indicated that the Oversight and Investigations Subcommittee will hold a field hearing on March 18 and the full Committee will convene a hearing on April 10 to discuss the potential implications of the rules. If a CRA resolution were to pass the House and garner sufficient support from moderate Democrats in the Senate to pass, it would likely be vetoed by President Biden.
Ultimately, the SEC climate risk disclosure rules are unlikely to significantly change the trajectory of corporate disclosures made by multinational companies based in the U.S., most of whom have already been making sustainability disclosures in accordance with the Financial Stability Board’s Task Force on Climate-Related Financial Disclosures. The ongoing problem for investors is that such disclosures are not standardized and therefore are not comparable. Consequently, many of these large issuers may continue to enhance their sustainability disclosures in accordance with standards issued by the International Sustainability Standards Board and the Global Reporting Initiative as an investor relations imperative notwithstanding the SEC’s timetable for implementation of these final rules.
A more detailed analysis of the SEC rules is forthcoming from our Corporate and Asset Management and Investment Funds practices in the coming days.
B&D is pleased to present the third installment of our 2024 Litigation Look Ahead series. (Read part two on the increased application of the major questions doctrine here.) In this section of the compilation, our litigation team highlights two pending Supreme Court cases examining the constitutionality of appointed administrative law judges and the judicial review process under the Administrative Procedure Act. The outcome of these cases could have significant ramifications on the enforcement power of the executive branch and the deadline for challenging final agency actions.
Securities and Exchange Commission v. Jarkesy, No. 22-859
CASE SUMMARY
The Securities and Exchange Commission (SEC) brought a civil enforcement action against George Jarkesy and an investment advisor, alleging securities fraud. SEC utilized the agency’s in-house administrative adjudication procedures to pursue the matter. SEC’s administrative law judge (ALJ) found Jarkesy and his co-defendants liable and ordered various remedies. The defendants pursued administrative appeals, unsuccessfully, and then sought review in the U.S. Court of Appeals for the Fifth Circuit. In May 2022, the Fifth Circuit held that the SEC’s use of ALJs to enforce civil securities laws violates the accused’s Seventh Amendment right to a jury trial. The Fifth Circuit further found the SEC’s administrative courts unconstitutional because the appointed judges are protected from removal, in violation of Article II of the Constitution, and Congress improperly granted the SEC legislative power by allowing the agency to decide whether to sue in administrative or federal court. The SEC petitioned the U.S. Supreme Court for certiorari, which it granted, and oral arguments took place on November 29, 2023.
IMPLICATIONS
The case challenges the constitutionality of appointed ALJs to resolve disputes. While Jarkesy only pertains to the SEC’s use of ALJs to enforce securities laws, EPA and many other federal agencies rely on in-house civil administrative proceedings to enforce laws, in lieu of civil actions in court. If the Supreme Court affirms the Fifth Circuit’s decision, the ruling could have broader impacts by eliminating or restricting the ability of other agencies to use ALJs. Such a result would channel more enforcement cases to the courts, a more time-consuming, resource-intensive, and costly process. Limiting the enforcement power of the executive branch would greatly impact how agencies enforce statutes and their regulations. A ruling in favor of the petitioners could also call into question the past decisions of ALJs. To minimize the enormous consequences of such a decision, the Supreme Court may find a middle ground, focusing on limitations on the Seventh Amendment right to a jury trial in the context of agency enforcement actions.
Corner Post, Inc. v. Board of Governors of the Federal Reserve System, No. 22-1008
CASE SUMMARY
The U.S. Supreme Court is considering a circuit split regarding the six-year statute of limitations for Administrative Procedure Act (APA) challenges, a cornerstone of environmental litigation. Under the APA, any person who claims to have been injured by an agency’s action has the right to go to court to challenge the action, but they must file their action within six years after the “right of action first accrues.”
In this case, Corner Post, Inc., the operator of a convenience store and truck stop, challenged the Federal Reserve’s debit card interchange rules, known as Regulation II, which set the range of fees larger card-issuing banks can charge merchants for processing debit card payments, asserting the rules were promulgated in violation of the APA. The rules were adopted in 2011. Corner Post, which opened for business seven years later in 2018, argued that the statute of limitations does not begin to run until a plaintiff suffers a “legal wrong” or becomes “adversely affected or aggrieved,” as required by 5 U.S.C. § 702. Consequently, the statute of limitations did not apply to bar its claim because the “adverse affect” of the challenged rule did not occur until 2018.
A North Dakota federal district court dismissed the case as untimely because the six-year statute of limitations expired in 2017. The U.S. Court of Appeals for the Eighth Circuit affirmed, holding that the six-year statute of limitations for facial challenges to regulations brought under the APA accrues upon publication of the final rule. In this ruling, the Eighth Circuit followed the majority position that the APA claims first accrued upon publication of the final agency action. Corner Post, Inc. filed a petition for certiorari, which was granted, and the case is now before the Supreme Court.
IMPLICATIONS
The Supreme Court heard oral arguments in the case on February 20, 2024. The precise question before the Court is whether a facial challenge to a regulation, brought under the APA, accrues when the regulation is first published or when the plaintiff first suffers a related “legal wrong” or an “adverse affect.” At oral arguments, the Justices questioned Corner Post’s position. In particular, Justice Ketanji Brown Jackson seemed concerned that a ruling favoring Corner Post would put every agency rule in effect in question, subject to facial challenges whenever a regulated entity claims to have first suffered a related harm.
The outcome of this case could have major impacts on the ability of regulated entities to assert facial challenges to regulations under the APA. If the Supreme Court reverses and holds that the statute of limitations accrues when a party is first injured, plaintiffs will be permitted to challenge a regulation—no matter the promulgation date—so long as they commence the cause of action within six years of the initial harm. Such a holding could open floodgates within the judicial system, creating a pathway for parties to challenge long-settled regulations, leading to perennial regulatory instability.
In Conclusion
The decisions in both Jarkesy and Corner Post could significantly affect the executive branch’s ability to enforce statutes and regulations as well as litigants’ options for bringing judicial challenges. In either case, Supreme Court decisions in favor of the petitioners would magnify the effect of other decisions that may alter how courts approach administrative law questions, such as the pending decisions regarding Chevron deference.
A ruling in favor of the petitioner in Jarkesy could unravel a complex system of administrative adjudication and expedite a litigant’s access to the crowded federal courts. A ruling in favor of the petitioner in Corner Post could change how courts apply the statute of limitations for APA challenges to agency actions and open the door to such claims years, or even decades, after regulations are published. Such rulings would eliminate long-standing obstacles in the path to federal court.
Furthermore, if the Supreme Court strikes down or limits Chevron deference, vastly different criteria would apply when federal courts review agency actions. This combined impact of the three cases could potentially mark a revolution in administrative law litigation, with the landscape fundamentally altered to provide regulated entities more opportunities to challenge agency action in federal court, freed, to some extent, from the agency-favorable doctrine of Chevron deference, allowing the judiciary more opportunity to shape agency action.
Coming Soon in our Litigation Look Ahead Series…
In our 2024 Litigation Look Ahead series, we highlight cases – environmental and otherwise – that could have notable impacts on the regulated community or lead to changed regulatory approaches. Upcoming installments of the series will examine Fifth Amendment takings, the Commerce Clause, the Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA), and natural resource law. In case you missed it, read part two of the series covering the increased application of the major questions doctrine.
Six companies have now made Item 1.05 Form 8-K filings. Three of these companies also have amended their first Form 8-K filings to provide additional detail regarding subsequent events. The remainder of the filings seem self-contained such that no amendment is necessary, but these companies may amend at a later date. In general, the descriptions of the cybersecurity incidents have been written at a high level and track the requirements of the new rules without much elaboration. It is interesting, but perhaps coincidental, that the filings seem limited to two broad industry groups: technology and financial services. In particular, two of the companies are bank holding companies.
Although several companies have now made reports under the new rules, the sample space may still be too small to draw any firm conclusions or decree what is “market.” That said, several of the companies that have filed an 8-K under Item 1.05 have described incidents and circumstances that do not seem to be financially material to the particular companies. We are aware of companies that have made materiality determinations in the past on the basis of non-financial qualitative factors when impacts of a cyber incident are otherwise quantitatively immaterial, but these situations are more the exception than the rule.
There is also a great deal of variability among the forward-looking statement disclaimers that the companies have included in the filings in terms of specificity and detail. Such a disclaimer is not required in a Form 8-K, but every company to file under Item 1.05 to date has included one. We believe this practice will continue.
Since the effectiveness of the new rules, a handful of companies have filed Form 8-K filings to describe cybersecurity incidents under Item 8.01 (“Other Events”) instead of Item 1.05. These filings have approximated the detail of what is required under Item 1.05. It is not immediately evident why these companies chose Item 8.01, but presumably the companies determined that the events were immaterial such that no filing under Item 1.05 was necessary at the time of filing. Of course, the SEC filing is one piece of a much larger puzzle when a company is working through a cyber incident and related remediation. It remains to be seen how widespread this practice will become. To date, the SEC staff has not publicly released any comment letters critiquing any Form 8-K cyber filing under the new rules, but it is still early in the process. The SEC staff usually (but not always) makes its comment letters and company responses to those comment letters public on the SEC’s EDGAR website no sooner than 20 business days after it has completed its review. With many public companies now also making the new Form 10-K disclosure on cybersecurity, we anticipate the staff will be active in providing guidance and commentary on cybersecurity disclosures in the coming year.
On February 8, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) jointly adopted amendments to Form PF, the confidential reporting form for certain registered investment advisers to private funds. Form PF’s dual purpose is to assist the SEC’s and CFTC’s regulatory oversight of private fund advisers (who may be both SEC-registered investment advisers and also registered with the CFTC as commodity pool operators or commodity trading advisers) and investor protection efforts, as well as help the Financial Stability Oversight Council monitor systemic risk. In addition, the SEC entered into a memorandum of understanding with the CFTC to facilitate data sharing between the two agencies regarding information submitted on Form PF.
Continued Spotlight on Private Funds
The continued focus on private funds and private fund advisers is a recurring theme. The SEC recently adopted controversial and sweeping new rules governing many activities of private funds and private fund advisers. The SEC’s Division of Examinations also continues to highlight private funds in its annual examination priorities. Form PF is similarly no stranger to recent revisions and expansions in its scope. First, in May 2023, the SEC adopted requirements for certain advisers to hedge funds and private equity funds to provide current reporting of key events (within 72 hours). Second, in July 2023, the SEC finalized amendments to Form PF for large liquidity fund advisers to align their reporting requirements with those of money market funds. And last week, this third set of amendments to Form PF, briefly discussed below.
“Boundless curiosity is wonderful in a small child; it is a less attractive trait in regulatory agencies…. Systemic risk involves the forest — trying to monitor the state of every individual tree at every given moment in time is a distraction and trades off the mistaken belief that we have the capacity to draw meaning from limitless amounts of discrete and often disparate information. Unbridled curiosity seems to be driving this decision rather than demonstrated need.”
Additional Reporting by Large Hedge Fund Advisers on Qualifying Hedge Funds
These amendments will, among other things, expand the reporting requirements for large hedge fund advisers with regard to “qualifying hedge funds” (i.e., hedge funds with a net asset value of at least $500 million). The amendments will require additional disclosures in the following categories:
Investment exposures, borrowing and counterparty exposures, currency exposures, country and industry exposures;
Market factor effects;
Central clearing counterparty reporting;
Risk metrics;
Investment performance by strategy;
Portfolio, financing, and investor liquidity; and
Turnover.
While the final amendments increase the amount of fund-level information the Commission will receive with regard to individual qualifying hedge funds, at the same time, the Commission has eliminated the aggregate reporting requirements in Section 2a of Form PF (noting, in its view, that such aggregate information can be misleading).
Enhanced Reporting by All Hedge Funds
The amendments will require more detailed reporting on Form PF regarding:
Hedge fund investment strategies (while digital assets are now an available strategy to select from, the SEC opted not to adopt its proposed definition of digital assets, instead noting that if a strategy can be classified as both a digital asset strategy and another strategy, the adviser should report the strategy as the non-digital asset strategy);
Counterparty exposures (including borrowing and financing arrangements); and
Trading and clearing mechanisms.
Other Amendments That Apply to All Form PF Filers
General Instructions. Form PF filers will be required to report separately each component fund of a master-feeder arrangement and parallel fund structure (rather than in the aggregate as permitted under the existing Form PF), other than a disregarded feeder fund (e.g., where a feeder fund invests all its assets in a single master fund, US treasury bills, and/or “cash and cash equivalents”). In addition, the amendments revise how filers will report private fund investments in other private funds, “trading vehicles” (a newly defined term), and other funds that are not private funds. For example, Form PF will now require an adviser to include the value of a reporting fund’s investments in other private funds when responding to questions on Form PF, including determining filing obligations and reporting thresholds (unless otherwise directed by the Form).
All Private Funds. Form PF filers reporting information about their private funds will report additional and/or new information regarding, for example: type of private fund; identifying information about master-feeder arrangements, internal and external private funds, and parallel fund structures; withdrawal/redemption rights; reporting of gross and net asset values; inflows/outflows; base currency; borrowings and types of creditors; fair value hierarchy; beneficial ownership; and fund performance.
Final Thoughts
With the recent and significant regulatory spotlight on investment advisers to private funds and private funds themselves, we encourage advisers to consider the interrelationships between new data reporting requirements on Form PF and the myriad of new regulations and disclosure obligations being imposed on investment advisers more generally (including private fund advisers).
The effective date and compliance date for new final amendments to Form PF is 12 months following the date of publication in the Federal Register.
As the year gets underway, the Securities and Exchange Commission (SEC or Commission) is continuing its ongoing enforcement efforts to target anti-whistleblower practices by pursuing a broader range of entities and substantive agreements, including the terms of agreements between financial institutions and their retail clients. The most recent settlement with a financial firm signifies that the SEC is imposing increasingly steep penalties to settle these matters while focusing on confidentiality provisions that do not affirmatively permit voluntary disclosures to regulators. We discuss below the latest SEC enforcement actions in the name of whistleblower protection and offer some practical tips for what firms and companies may do to proactively mitigate exposure.
On 16 January 2024, the SEC announced a record $18 million civil penalty against a dual registered investment adviser and broker-dealer (the Firm), asserting that the use of release agreements with retail clients impeded the clients from reporting securities law violations to the SEC in violation of Rule 21F-17(a) of the Securities Exchange Act of 1934 (Exchange Act).1
The SEC found that from March 2020 through July 2023, the Firm regularly required its retail clients to sign confidential release agreements in order to receive a credit or settlement of more than $1,000. Under the terms of these releases, clients were required to keep confidential the existence of the credits or settlements, all related underlying facts, and all information relating to the accounts at issue, or risk legal action for breach of the agreement. The agreements “neither prohibited nor restricted” the clients from responding to any inquiries from the SEC, the Financial Industry Regulatory Authority (FINRA), other regulators or “as required by law.” However, the agreements did not expressly allow the clients to initiate voluntary reporting of potential securities law violations to the regulators. The SEC found that this violated Rule 21F-17(a) “which is intended to ‘encourag[e] individuals to report to the Commission.’”2 While the Firm did report a number of the underlying client disputes to FINRA, the SEC found this insufficient to mitigate the lack of language in the release agreements that expressly permitted the clients to report potential securities law violations to the SEC.
The SEC initiated a settled administrative proceeding against the Firm, which neither admitted nor denied the SEC’s findings. In addition to the $18 million civil monetary penalty, the settlement requires that the Firm cease and desist from further violations of Rule 21F-17(a). Notably, the SEC credited certain remedial measures promptly undertaken by the Firm, including revising the at-issue release language and affirmatively alerting affected clients that they are not prohibited from communicating with governmental and regulatory authorities.
This enforcement action is significant for several reasons. First, it signals a broader enforcement focus by the SEC with respect to Rule 21F-17(a) in that this is the first action involving the terms of agreements between a financial institution and its retail clients, which are prevalent throughout the financial services industry. Previously, enforcement had focused squarely on restrictive confidentiality provisions involving employees, such as those found in employment or severance agreements or in connection with internal investigation interviews.
Second, the unprecedented magnitude of the penalty in a standalone Rule 21F-17(a) case underscores the SEC’s emphasis on preventing practices that it views as obstructions of whistleblower rights. SEC Enforcement Director Gurbir Grewal’s statement announcing the settlement reflects this position, “Whether it’s in your employment contracts, settlement agreements or elsewhere, you simply cannot include provisions that prevent individuals from contacting the SEC with evidence of wrongdoing.” Companies (public and private), broker-dealers, investment advisers, and other market participants should expect to see continued enforcement investigations in connection with the SEC’s ongoing attention toward compliance with Rule 21F-17(a), as discussed further below.
The SEC’s Whistleblower Protection Program
Established in 2011 pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the SEC Whistleblower Program provides monetary awards to individuals who “tip” the SEC with original information that leads to an enforcement action resulting in monetary sanctions that exceed $1 million. Through the end of the SEC’s FY2023, the SEC has awarded almost $2 billion to 385 whistleblowers.3 In FY2023 alone, the SEC received over 18,000 whistleblower tips and awarded more than $600 million in whistleblower awards to 68 individuals.4
In furtherance of the Whistleblower Program, the SEC also issued Exchange Act Rule 21F-17(a), which provides that “no person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”5
SEC Struck Several Blows in 2023 Against Companies that Failed to Carve out Whistleblower Protections in Their Confidentiality Agreements
The SEC has been aggressively enforcing Rule 21F-17(a) since its first enforcement action in 2015 with respect to that Rule,6 through several waves of enforcement actions. During 2023, the SEC was especially active with a number of settled enforcement actions asserting violations of Rule 21F-17(a) in which the respondents neither admitted nor denied the SEC’s findings:
In February 2023, the SEC fined a video game development and publishing company $35 million for violating federal securities laws through its inadequate disclosure controls and procedures. The settled action also included a finding that the company had violated Rule 21F-17(a) by executing separation agreements in the ordinary course of its business that required former employees to provide notice to the company if they received a request for information from the SEC’s staff.7
In May 2023, the SEC imposed a $2 million fine on an internet streaming company for: (i) retaliating against an employee who reported misconduct to the company’s management prior to and after filing a complaint with the SEC; and, (ii) impeding the reporting of potential securities law violations, by including provisions in employee severance agreements requiring that departing employees waive any potential right to receive a whistleblower award, in violation Rule 21F-17(a).8
In September 2023, in another standalone enforcement action for violations of Rule 21F-17(a), the SEC imposed a $10 million civil monetary penalty on a registered investment adviser (RIA) for requiring that its new employees sign employment agreements that prohibited the disclosure of “Confidential Information” to anyone outside of the company, without an exception for voluntary communications with the SEC concerning possible securities laws violations.9 Further, the RIA required many departing employees to sign a release in exchange for the receipt of certain deferred compensation and other benefits affirming that, among other things, the employee had not filed any complaints with any governmental agency. Although the RIA later revised its policies and issued clarifications to employees that they were not prevented from communicating with the SEC and other regulators, the RIA failed to amend its employment and release agreements to provide the carve out.
Also in September 2023, the SEC charged two additional firms with violations of Rule 21F-17(a). In one case imposing a $375,000 civil penalty, the SEC found that a commercial real estate services and investment firm impeded whistleblowers by requiring its employees, as a condition of receiving separation pay, to represent that they had not filed a complaint against the firm with any federal agency.10 In another case, the SEC imposed a $225,000 civil penalty against a privately-held energy and technology company for requiring certain departing employees to waive their rights to monetary whistleblower awards.11 This particular action underscores that Rule 21F-17 applies to all entities, and not only to public companies.
Mr. Grewal, in an October 2023 speech before the New York City Bar Association Compliance Institute, emphasized that potential impediments to the SEC’s Whistleblower Program would be a continued focus of the agency’s enforcement efforts, stating, “we take compliance with Rule 21F-17 very seriously, and so should each of you who work in a compliance function or advise companies. You need to look at these orders and the violative language cited by the Commission and think about how those actions may impact your firms. And if they do, then take the steps necessary to effect compliance.”12
Key Take-Aways
The SEC’s recent enforcement actions demonstrate that violations of Rule 21F-17(a) can carry significant fines and reach virtually any confidentiality agreement that does not carve out communications between a firm’s current or former employees or customers and the SEC or other regulators about potential securities violations. Moreover, although many of the enforcement actions relate to language in agreements, Rule 21F-17 is not so limited and can also apply to language in internal policies, procedures, guidance, manuals, or training materials. The message from the SEC is clear: it will continue to enforce Rule 21F-17 with respect to public companies, private companies, broker-dealers, investment advisers, and other financial services entities.
The SEC in its recent orders has provided credit to companies for cooperation as well as for instituting remedial actions.13 Being proactive in identifying and correcting potential violations in advance of any investigation by the SEC can result in mitigation of any action or penalties.
Legal and compliance officers may want to consider the following steps in order to evaluate and potentially mitigate any potential exposure to an enforcement action:
Conduct a review of all employee-facing and client-facing documents or contracts with confidentiality provisions and remove or revise any content that may be viewed as impeding (even unintentionally) a person’s ability to report potential securities law violations to the SEC. Depending on the circumstances, this may involve including a reference expressly permitting communications with the SEC and other government or regulatory entities without advance notice or disclosure to the company.
Remove any language from the templates that could be interpreted as hindering an employee’s or client’s ability to communicate with the SEC concerning potential securities law violations, including language threatening disciplinary action against employees for disclosing confidential information in their communications with government agencies when reporting potential violations.
Prepare addenda or updates to current employee- and client-facing agreements that reflect the revised confidentiality clauses.
Include reference in written anti-retaliation policies that employees’ communications and cooperation with the SEC and other government agencies will not result in retaliation from the company.
Conduct trainings for company managers and supervisors regarding appropriate communications to employees regarding their interactions with the government.
Implement policies that prevent any company personnel from taking steps to block or interfere with an employee’s use of company platforms or systems to communicate with the SEC and other government agencies.14
6 In the Matter of KBR, Inc., Admin. Proc. No. 3-16466 (Apr. 1 2015), https://www.sec.gov/files/litigation/admin/2015/34-74619.pdf (imposing a US$130,000 fine on a company in a settled enforcement action for requiring that witnesses in certain internal investigations sign confidentiality agreements warning that they could be subject to discipline if they discussed the matters at issue outside the company without prior approval of the company’s legal department).
13 See, e.g., In the Matter of CBRE Inc., Admin. Proc. No. 3-21675 (Sept. 19, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98429.pdf (crediting respondent’s remediation program, which included, among other measures, an audit of relevant agreements, updates to policies with respect to Rule 21F-17, and mandatory trainings); In the Matter of Monolith Res., LLC, Admin. Proc. No. 3-21629 (Sept. 8, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98322.pdf (crediting respondent’s prompt remedial acts including revisions to the at-issue release language and affirmatively alerting affected clients that they are not prohibited from communicating with governmental and regulatory authorities.)
14 Cf. In the Matter of David Hansen, Admin Proc. 3-20820 (Apr. 12, 2022), https://www.sec.gov/enforce/34-94703-s (settled SEC enforcement action against former Chief Information Officer of a technology company for violating Rule 21F-17(a) by, among other things, removing an employee’s access to the company’s computer systems after the employee raised concerns regarding misrepresentations contained in the company’s public disclosures).
Just weeks into 2024, it is already clear that uncertainty will be the watchword. Will the economic soft landing of 2023 persist into 2024? Will labor unrest, strong in 2023, settle down as inflation cools? Will inflation remain tamed? Will the U.S. elections bring continuity or a new administration with very different views on the role of the U.S. in the world and in regulating business?
Uncertainty is also fueling a complex risk environment that will require monitoring global developments more so than in the past. As outlined below, geopolitical risks are present, multiple, interconnected and high impact. International relations have traditionally fallen outside the mandate of most C-Suites, but how the U.S. government responds to geopolitical challenges will impact business operations. Beyond additional disruptions to global trade, businesses in 2024 will face risks associated with expanding protectionist economic policies, climate change impacts, and AI-driven disruptors.
Geopolitical Tensions Disrupting Global Trade
The guardrails are coming off the international system that enshrines the ideals of preserving peace and security through diplomatic engagement, respecting international borders (not changing them through military might) and ensuring the free flow of global trade. In 2022, the world was shocked by Russia’s invasion of Ukraine, but it has taken time for the full impact to reverberate through the international system. While political analysts write on a “spillover of conflict,” the more insidious impact is that more leaders of countries and non-state groups are acting outside the guardrails because they are no longer deterred from using military force to achieve political goals, making 2024 ripe for new military conflicts disrupting global trade beyond the ongoing war in Europe.
In October 2023, Hamas launched a war from Gaza against Israel. Thus far, fighting has spread to the West Bank, between Israel and Lebanese Hezbollah in the north, and to the Red Sea, with Iranian-backed Houthis attacking shipping through the strategic Bab al Mandab strait. Container ships and oil tankers, to avoid the risks, are re-routing to the Cape of Good Hope, adding two weeks of extra sailing time, with the associated costs. Insurance premiums for cargo ships sailing in the eastern Mediterranean have skyrocketed, with some no longer servicing Israeli ports. Companies and retailers with tight delivery schedules are switching to airfreight, which is expected to drive up airfreight rates.
Iran, emboldened by its blossoming relationship with Russia as one of Moscow’s new arms suppliers, is activating its proxy armies in Yemen, Iraq, Syria and Lebanon to attack Western targets. In a two-day period in January 2024, the Iran Revolutionary Guards directly launched strikes in Syria, Iraq and Pakistan. Nuclear-armed Pakistan retaliated with a cross border strike in Iran. While there are many nuances to these incidents, it is evident that deterrence against cross-border military conflict is eroding in a region with deep, festering grievances among neighbors. Iran is in an escalatory mode and could resume harassing shipping in the Persian Gulf and the strategic Strait of Hormuz, where about a fifth of the volume of the world’s total oil consumption passes through on a daily basis.
In East Asia, North Korea is also emboldened by the changing geopolitical environment. Pyongyang, too, has become a major supplier of weaponry to Moscow for use in Ukraine. While Russia (and China) in the past have constructively contained North Korean predilection for aggression against its neighbors, Supreme Leader Kim Jong Un may believe the time is ripe to change the status quo. Ominously, in a Jan. 15 speech before the Supreme People’s Assembly (North Korea’s parliament), Kim rejected the policy of reunification with South Korea and proposed incorporating the country into North Korea “in the event of war.” While North Korean leaders frequently revert to brinksmanship and aggressive language, Kim’s speech reflects confidence of a nuclear power, aligned with Russia against a shared adversary – South Korea, which is firmly aligned with the G7 consensus on Russia. A war in the Korean peninsula would be felt around the world because East Asia is central to global shipping and manufacturing, disrupting supply chains, as well as the regional economy.
China is also waiting for the right moment to “unite” Taiwan with the mainland. Beijing has seen the impact of Western sanctions on Russia over Ukraine and has been deterred from aiding the Russian war effort. In many ways, China has benefited from these sanctions and the reorientation of global trade. Also, Russia, with its far weaker economy, has proven surprisingly resilient to sanctions, another lesson for China. Meanwhile, the Taiwanese people voted in January and returned for a third time the ruling party that strongly rejects Chinese territorial claims. Tensions are high, with the Chinese military once again harassing Taiwanese defenses. For Beijing, the “right moment” could fall this year should conflict break out on the Korean peninsula, which would tie the U.S. down because of the Mutual Defense Treaty.
The uncertainty here is not that there are global tensions, but how the U.S. will respond as they develop and how U.S. businesses can navigate external shocks. Will the U.S. be drawn into a new war in the Middle East? Can the U.S. manage multiple conflicts, already deeply involved in supporting Ukraine? Is the U.S. economy resilient enough to withstand trade disruptions? How can businesses strengthen their own resiliency?
Economic Protectionism Increasing Costs and Risks
Geopolitical tensions, the global pandemic and the unequal benefits of globalization are impacting economic policies of the U.S. and the political discourse around the merits of unrestrained free trade. Protectionist economic policies are creeping in, under the nomenclature of “secure supply chains,” “friend-shoring” and “home-shoring.” The U.S. has imposed tariffs on countries (even allies) accused of unfair trade practices and has foreclosed access to certain technologies by unfriendly countries, namely China.
While the response to some of these trade restrictions are new trade agreements with “friends” to regulate access under preferred terms, in essence creating multiple “friends” trade blocs for specific sectors, other responses are retaliatory, including counter tariffs and export restrictions or outright bans. In 2024, the U.S. economy will see the impact of these trade fragmentation policies in acute ways, with upside risks of new business opportunities and downside risks of supply chain disruptions, critical resource competition, increased input costs, compliance risks and increased reputational risks.
Trade with China, which remains significant and important to the stability of the U.S. economy, will pose new risks in 2024. While Washington and Beijing have agreed to some political and security guardrails to manage the relationship, economic competition is unrestrained and stability in the bilateral relations is not guaranteed. The December 2023 bipartisan report by the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party, with its 150 recommendations on fundamentally resetting economic and technological competition with China, if even partially adopted, risks reigniting the trade war.
2024 is a presidential election year for the U.S. A change of control of the executive branch could result in many economic and regulatory policy reversals. The definition of “friend” could shift or narrow. Restrictions on trade with China could accelerate.
Impacts of Climate Change and Sustainability Policies
2023 was the hottest year on record, and El Niño conditions are expected to further boost the warming trend. Many regions experienced record-breaking wildfire activity in 2023, including Canada where 18 million hectares of land burned. Extreme storms caused life-threatening flooding in Europe, Asia and the Americas. 2024 is expected to bring even more climate hazards. The impacts will be physical and financial, including growing insurance losses and adverse impacts on operations and value chain. Analysts expect that in 2024, the economic and financial costs of adverse health impacts from climate change will increase, with risks related to the spread of infectious disease, insufficient access to clean water, and physical harm to the elderly and vulnerable. The direct economic effect will be on health systems, but also loss of productivity due to extreme weather incidents and effects of epidemics.
Energy transition to low-carbon emissions is underway in the U.S., but it is uneven and still uncertain. The financial market is investing in an impressive number of startups and large-scale projects revolving around cleantech. Still, there is hesitancy on the opportunity and risks of sustainability. Thus far, progress towards sustainability goals has been private sector-led and government-enabled. There is a risk that government incentive programs encouraging the transition to low-carbon energy could be reversed or curtailed under a new administration.
In 2024, some companies will face more climate disclosure compliance requirements. The Securities and Exchange Commission (SEC) is expected to release its final rule on climate change disclosures. The final action has been delayed several times because of pushback by public companies on some of the requirements, including Scope 3 greenhouse gas emission disclosures (those linked to supply chains and end users). California has not waited for the SEC’s final rule: In October 2023, Gov. Gavin Newsom signed into law legislation that will require large companies to disclose greenhouse gas emissions. The California climate laws go into effect in 2026, but companies will need to start much earlier to build the capabilities to plan, track and report their carbon footprint. For U.S. companies doing business in the European Union, they will need to comply with the EU Corporate Sustainability Reporting Directive, with the rules coming into force mid-2024.
Disruptive Technology
In 2023, generative AI was the talk of the town; in 2024, it will be the walk. Companies are popping up with new tools for every imaginable sector, to increase efficiency, task automation, customization, personalization and cost reduction. Business leaders are scrambling to integrate AI to gain a competitive edge, while navigating the everyday risks related to privacy, liability and security. While there are concerns that AI will displace humans, there is a growing consensus that while some jobs will disappear, people will focus on higher value work. That said, new rounds of labor disruptions linked to workforce transition are likely in 2024.
2024 will also bring AI-generated misinformation and disinformation. Bad actors will spread “synthetic” content, such as sophisticated voice cloning, doctored images and counterfeit websites, seeking to manipulate people, damage companies and economies, and foment dissent.
In 2024, around 2 billion people in more than 50 countries will vote in elections at risk of manipulation by misinformation and disinformation, which could destabilize the real and perceived legitimacy of newly elected governments, risking political unrest, violence, terrorism and erosion of democratic processes. Large democracies will hold elections in 2024, including the U.S., the EU, Mexico, South Korea, India, Pakistan, Indonesia and South Africa. Synthetic content can be very difficult to detect, while easy to produce with AI tools.
This is not a theoretical threat; synthetic content is already being disseminated in the U.S., targeting New Hampshire voters with robocalls that share fake recorded messages from President Biden encouraging people not to vote in the primary election. The U.S. is already polarized with citizens distrustful of the government and media, a ready vulnerability. Businesses are not immune. Notably, CEOs have stood apart, with higher ratings for trustworthiness and risk being called upon to vouch for “truth” (and becoming collateral damage in the fray).
AI-powered malware will make 2023 cyber risks look like child’s play. Attackers can use AI algorithms to find and exploit software vulnerabilities, making attacks precise and effective. AI can help hackers quickly identify security measures and evade them. AI-created phishing attacks will be more sophisticated and difficult to detect because the algorithms can assess larger amounts of piecemeal information and craft messages that mimic communication styles.
The role of states backing cyber armies to spread disinformation or steal information is growing and is part and parcel of the erosion of the existing international order. States face little deterrence from digital cross-border attacks because there are yet to be established mechanisms to impose real costs.
The new year brings the most expansive disclosure requirements for U.S. business entities since the Depression. Starting January 1, 2024, U.S. companies and foreign companies operating in the United States will be required to report their beneficial owners and principal officers to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) pursuant to the Corporate Transparency Act (CTA) adopted as part of the 2021 National Defense Authorization Act, unless subject to specific exemptions.
Who Is Required to Report?
The CTA’s filing requirements (31 CFR 1010.380(c)(1)) apply to both domestic reporting companies and foreign reporting companies.
Domestic reporting companies are corporations, limited liability companies and any other entity registered to do business in any state or tribal jurisdiction by the filing of a document with the secretary of state or similar official.
Foreign reporting companies are business entities formed under the law of a foreign country that are registered to do business in any state or tribal jurisdiction by the filing of a document with the secretary of state or similar official
The CTA provides 23 categories of exemption. The following types of entities are not required to file reports with FinCEN:
Large Operating Companies
This exemption applies to entities that (1) have 20 people or more full time employees in the United States, (2) have gross revenue (or sales) in excess of $5 million on their prior year’s tax return and (3) have a physical office in the United States.
Securities Reporting Issuers
Governmental Authorities
Banks
Credit Unions
Depository Institution Holding Companies
Money Services Businesses
Brokers and Dealers in Securities
Securities Exchanges and Clearing Agencies
Other Exchange Act Registered Entities
Investment Companies and Investment Advisers
Venture Capital Fund Advisers
Insurance Companies
State-Licensed Insurance Producers
Commodity Exchange Act Registered Entities
Accounting Firms
Public Utilities
Financial Market Utilities
Pooled Investment Vehicles
Tax-Exempt Entities
Entities Assisting a Tax-Exempt Entity
Subsidiaries of Certain Exempt Entities
Inactive Entities
It is worth noting that the definition of reporting companies is not limited to corporations and limited liability companies. Limited partnerships, professional service entities and other entities may qualify as reporting companies and, if so, are required to comply with the CTA’s reporting requirements.
How Does a Company Comply?
FinCEN requires affected companies to file beneficial ownership information reports (BOI Reports) using an electronic filing system. See the BOI E-Filing System.
What Information Should Be Reported?
Reporting companies must identify beneficial owners in their BOI Reports.
Beneficial owners are defined as individuals who directly or indirectly (1) exercise substantial control over a reporting company or (2) own or control at least 25 percent of ownership interests of a reporting company. Ownership interests covered by the CTA may include profits interests, convertible instruments, options and contractual arrangements as well as equity securities. In addition, owners who hold their ownership interests jointly or through a trust, agent or other intermediary are also required to be identified – although minors are generally exempted from reporting obligations.
Senior officers (typically, the president, CEO, CFO, COO and officers who perform similar functions); individuals with the ability to appoint senior officers or a majority of the board of directors or a similar body; and anyone else who directs, determines or has substantial input to other important decisions of a reporting company also need to be identified in BOI Reports as individuals exercising substantial control over reporting companies.
Reporting companies created on or after January 1, 2024, also must identify “company applicants” in their BOI Reports. Company applicants are the individuals who filed the documents creating the reporting company and individuals primarily responsible for directing or controlling the filing of documents creating a reporting company.
BOI Reports must contain the following information regarding the reporting company:
Legal name
Any trade name or d/b/a name
Address of the company’s principal place of business in the United States
Jurisdiction of formation
Taxpayer Identification Number.
BOI Reports must contain the following information regarding each beneficial owner and company applicant:
Full legal name
Date of birth
Current address
Copy of a passport, driver’s license or other identification document.
Every person who files a BOI Report must certify the information contained is true, correct and complete.
Information contained in BOI Reports will not be available to the public. However, FinCEN is authorized to disclose such information to:
U.S. federal agencies engaged in national security, intelligence or law enforcement activity
With court approval, to certain other state or local law enforcement agencies
Non-U.S. law enforcement agencies at the request of a U.S. federal law enforcement agency, prosecutor or judge
With the consent of the reporting company, financial institutions and their regulators
Federal regulators in assessing financial institutions compliance with customer due diligence requirements
The U.S. Department of the Treasury for purposes including tax administration.
Is There a Fee?
No fee is required in connection with filing of BOI Reports.
When Do Companies Need to File?
U.S. and foreign reporting companies that were formed or registered to do business in the United States prior to January 1, 2024, must file their initial BOI Reports no later than January 1, 2025. U.S. and foreign reporting companies formed on or after January 1, 2024, must file their initial BOI Reports within 90 days of receipt of notice of formation.
Reporting companies are required to file updated reports with FinCEN within 30 days of occurrence of a change in any of the information contained in their BOI Reports.
What If There Are Changes or Inaccuracies in the Reported Information?
Inaccuracies in BOI Reports must be corrected within 30 days of the date a reporting company becomes aware of or had reason to know of such inaccuracy. FinCEN has indicated that there will be no penalties for filing inaccurate BOI Reports if such reports are corrected within 90 days of their filing.
What If a Company Fails to File?
The willful failure to report the information required by the CTA or filing fraudulent information under the CTA may result in civil or criminal penalties, including penalties of up to $500 per day as long as a violation continues, imprisonment for up to two years and a fine of up to $10,000. Senior officers of an entity that fails to file a required report may be held accountable for such failure.
If you have questions regarding the provisions of the CTA or its applicability to your company, you may go to the FinCEN website.
