The Imperatives of AI Governance

If your enterprise doesn’t yet have a policy, it needs one. We explain here why having a governance policy is a best practice and the key issues that policy should address.

Why adopt an AI governance policy?

AI has problems.

AI is good at some things, and bad at other things. What other technology is linked to having “hallucinations”? Or, as Sam Altman, CEO of OpenAI, recently commented, it’s possible to imagine “where we just have these systems out in society and through no particular ill intention, things just go horribly wrong.”

If that isn’t a red flag…

AI can collect and summarize myriad information sources at breathtaking speed. Its ability to reason from or evaluate that information, however, consistent with societal and governmental values and norms, is almost non-existent. It is a tool – not a substitute for human judgment and empathy.

Some critical concerns are:

  • Are AI’s outputs accurate? How precise are they?
  • Does it use PII, biometric, confidential, or proprietary data appropriately?
  • Does it comply with applicable data privacy laws and best practices?
  • Does it mitigate the risks of bias, whether societal or developer-driven?

AI is a frontier technology.

AI is a transformative, foundational technology evolving faster than its creators, government agencies, courts, investors and consumers can anticipate.

AI is a transformative, foundational technology evolving faster than its creators, government agencies, courts, investors and consumers can anticipate.

In other words, there are relatively few rules governing AI—and those that have been adopted are probably out of date. You need to go above and beyond regulatory compliance and create your own rules and guidelines.

And the capabilities of AI tools are not always foreseeable.

Hundreds of companies are releasing AI tools without fully understanding the functionality, potential and reach of these tools. In fact, this is somewhat intentional: at some level, AI’s promise – and danger – is its ability to learn or “evolve” to varying degrees, without human intervention or supervision.

AI tools are readily available.

Your employees have access to AI tools, regardless of whether you’ve adopted those tools at an enterprise level. Ignoring AI’s omnipresence, and employees’ inherent curiosity and desire to be more efficient, creates an enterprise level risk.

Your customers and stakeholders demand transparency.

The policy is a critical part of building trust with your stakeholders.

Your customers likely have two categories of questions:

How are you mitigating the risks of using AI? And, in particular, what are you doing with my data?

And

Will AI benefit me – by lowering the price you charge me? By enhancing your service or product? Does it truly serve my needs?

Your board, investors and leadership team want similar clarity and direction.

True transparency includes explainability: At a minimum, commit to disclose what AI technology you are using, what data is being used, and how the deliverables or outputs are being generated.

What are the key elements of AI governance?

Any AI governance policy should be tailored to your institutional values and business goals. Crafting the policy requires asking some fundamental questions and then delineating clear standards and guidelines to your workforce and stakeholders.

1. The policy is a “living” document, not a one and done task.

Adopt a policy, and then re-evaluate it at least semi-annually, or even more often. AI governance will not be a static challenge: It requires continuing consideration as the technology evolves, as your business uses of AI evolve, and as legal compliance directives evolve.

2. Commit to transparency and explainability.

What is AI? Start there.

Then,

What AI are you using? Are you developing your own AI tools, or using tools created by others?

Why are you using it?

What data does it use? Are you using your own datasets, or the datasets of others?

What outputs and outcomes is your AI intended to deliver?

3. Check the legal compliance box.

At a minimum, use the policy to communicate to stakeholders what you are doing to comply with applicable laws and regulations.

Update the existing policies you have in place addressing data privacy and cyber risk issues to address AI risks.

The EU recently adopted its Artificial Intelligence Act, the world’s first comprehensive AI legislation. The White House has issued AI directives to dozens of federal agencies. Depending on the industry, you may already be subject to SEC, FTC, USPTO, or other regulatory oversight.

And keeping current will require frequent diligence: The technology is rapidly changing even while the regulatory landscape is evolving weekly.

4. Establish accountability. 

Who within your company is “in charge of” AI? Who will be accountable for the creation, use and end products of AI tools?

Who will manage AI vendor relationships? Is their clarity as to what risks will be borne by you, and what risks your AI vendors will own?

What is your process for approving, testing and auditing AI?

Who is authorized to use AI? What AI tools are different categories of employees authorized to use?

What systems are in place to monitor AI development and use? To track compliance with your AI policies?

What controls will ensure that the use of AI is effective, while avoiding cyber risks and vulnerabilities, or societal biases and discrimination?

5. Embrace human oversight as essential.

Again, building trust is key.

The adoption of a frontier, possibly hallucinatory technology is not a build it, get it running, and then step back process.

Accountability, verifiability, and compliance require hands on ownership and management.

If nothing else, ensure that your AI governance policy conveys this essential.

SEC Enforcement Targets Anti-Whistleblower Practices in Financial Firm’s Settlement Agreements with Retail Clients by Imposing Highest Penalty in Standalone Enforcement Action Under Exchange Act Rule 21 F-17(a)

As the year gets underway, the Securities and Exchange Commission (SEC or Commission) is continuing its ongoing enforcement efforts to target anti-whistleblower practices by pursuing a broader range of entities and substantive agreements, including the terms of agreements between financial institutions and their retail clients. The most recent settlement with a financial firm signifies that the SEC is imposing increasingly steep penalties to settle these matters while focusing on confidentiality provisions that do not affirmatively permit voluntary disclosures to regulators. We discuss below the latest SEC enforcement actions in the name of whistleblower protection and offer some practical tips for what firms and companies may do to proactively mitigate exposure.

On 16 January 2024, the SEC announced a record $18 million civil penalty against a dual registered investment adviser and broker-dealer (the Firm), asserting that the use of release agreements with retail clients impeded the clients from reporting securities law violations to the SEC in violation of Rule 21F-17(a) of the Securities Exchange Act of 1934 (Exchange Act).1

The SEC found that from March 2020 through July 2023, the Firm regularly required its retail clients to sign confidential release agreements in order to receive a credit or settlement of more than $1,000. Under the terms of these releases, clients were required to keep confidential the existence of the credits or settlements, all related underlying facts, and all information relating to the accounts at issue, or risk legal action for breach of the agreement. The agreements “neither prohibited nor restricted” the clients from responding to any inquiries from the SEC, the Financial Industry Regulatory Authority (FINRA), other regulators or “as required by law.” However, the agreements did not expressly allow the clients to initiate voluntary reporting of potential securities law violations to the regulators. The SEC found that this violated Rule 21F-17(a) “which is intended to ‘encourag[e] individuals to report to the Commission.’”While the Firm did report a number of the underlying client disputes to FINRA, the SEC found this insufficient to mitigate the lack of language in the release agreements that expressly permitted the clients to report potential securities law violations to the SEC.

The SEC initiated a settled administrative proceeding against the Firm, which neither admitted nor denied the SEC’s findings. In addition to the $18 million civil monetary penalty, the settlement requires that the Firm cease and desist from further violations of Rule 21F-17(a). Notably, the SEC credited certain remedial measures promptly undertaken by the Firm, including revising the at-issue release language and affirmatively alerting affected clients that they are not prohibited from communicating with governmental and regulatory authorities.

This enforcement action is significant for several reasons. First, it signals a broader enforcement focus by the SEC with respect to Rule 21F-17(a) in that this is the first action involving the terms of agreements between a financial institution and its retail clients, which are prevalent throughout the financial services industry. Previously, enforcement had focused squarely on restrictive confidentiality provisions involving employees, such as those found in employment or severance agreements or in connection with internal investigation interviews.

Second, the unprecedented magnitude of the penalty in a standalone Rule 21F-17(a) case underscores the SEC’s emphasis on preventing practices that it views as obstructions of whistleblower rights. SEC Enforcement Director Gurbir Grewal’s statement announcing the settlement reflects this position, “Whether it’s in your employment contracts, settlement agreements or elsewhere, you simply cannot include provisions that prevent individuals from contacting the SEC with evidence of wrongdoing.” Companies (public and private), broker-dealers, investment advisers, and other market participants should expect to see continued enforcement investigations in connection with the SEC’s ongoing attention toward compliance with Rule 21F-17(a), as discussed further below.

The SEC’s Whistleblower Protection Program

Established in 2011 pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the SEC Whistleblower Program provides monetary awards to individuals who “tip” the SEC with original information that leads to an enforcement action resulting in monetary sanctions that exceed $1 million. Through the end of the SEC’s FY2023, the SEC has awarded almost $2 billion to 385 whistleblowers.In FY2023 alone, the SEC received over 18,000 whistleblower tips and awarded more than $600 million in whistleblower awards to 68 individuals.4

In furtherance of the Whistleblower Program, the SEC also issued Exchange Act Rule 21F-17(a), which provides that “no person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”5

SEC Struck Several Blows in 2023 Against Companies that Failed to Carve out Whistleblower Protections in Their Confidentiality Agreements

The SEC has been aggressively enforcing Rule 21F-17(a) since its first enforcement action in 2015 with respect to that Rule,through several waves of enforcement actions. During 2023, the SEC was especially active with a number of settled enforcement actions asserting violations of Rule 21F-17(a) in which the respondents neither admitted nor denied the SEC’s findings:

  • In February 2023, the SEC fined a video game development and publishing company $35 million for violating federal securities laws through its inadequate disclosure controls and procedures. The settled action also included a finding that the company had violated Rule 21F-17(a) by executing separation agreements in the ordinary course of its business that required former employees to provide notice to the company if they received a request for information from the SEC’s staff.7
  • In May 2023, the SEC imposed a $2 million fine on an internet streaming company for: (i) retaliating against an employee who reported misconduct to the company’s management prior to and after filing a complaint with the SEC; and, (ii) impeding the reporting of potential securities law violations, by including provisions in employee severance agreements requiring that departing employees waive any potential right to receive a whistleblower award, in violation Rule 21F-17(a).8
  • In September 2023, in another standalone enforcement action for violations of Rule 21F-17(a), the SEC imposed a $10 million civil monetary penalty on a registered investment adviser (RIA) for requiring that its new employees sign employment agreements that prohibited the disclosure of “Confidential Information” to anyone outside of the company, without an exception for voluntary communications with the SEC concerning possible securities laws violations.Further, the RIA required many departing employees to sign a release in exchange for the receipt of certain deferred compensation and other benefits affirming that, among other things, the employee had not filed any complaints with any governmental agency. Although the RIA later revised its policies and issued clarifications to employees that they were not prevented from communicating with the SEC and other regulators, the RIA failed to amend its employment and release agreements to provide the carve out.
  • Also in September 2023, the SEC charged two additional firms with violations of Rule 21F-17(a). In one case imposing a $375,000 civil penalty, the SEC found that a commercial real estate services and investment firm impeded whistleblowers by requiring its employees, as a condition of receiving separation pay, to represent that they had not filed a complaint against the firm with any federal agency.10 In another case, the SEC imposed a $225,000 civil penalty against a privately-held energy and technology company for requiring certain departing employees to waive their rights to monetary whistleblower awards.11 This particular action underscores that Rule 21F-17 applies to all entities, and not only to public companies.

Mr. Grewal, in an October 2023 speech before the New York City Bar Association Compliance Institute, emphasized that potential impediments to the SEC’s Whistleblower Program would be a continued focus of the agency’s enforcement efforts, stating, “we take compliance with Rule 21F-17 very seriously, and so should each of you who work in a compliance function or advise companies. You need to look at these orders and the violative language cited by the Commission and think about how those actions may impact your firms. And if they do, then take the steps necessary to effect compliance.”12

Key Take-Aways

The SEC’s recent enforcement actions demonstrate that violations of Rule 21F-17(a) can carry significant fines and reach virtually any confidentiality agreement that does not carve out communications between a firm’s current or former employees or customers and the SEC or other regulators about potential securities violations. Moreover, although many of the enforcement actions relate to language in agreements, Rule 21F-17 is not so limited and can also apply to language in internal policies, procedures, guidance, manuals, or training materials. The message from the SEC is clear: it will continue to enforce Rule 21F-17 with respect to public companies, private companies, broker-dealers, investment advisers, and other financial services entities.

The SEC in its recent orders has provided credit to companies for cooperation as well as for instituting remedial actions.13 Being proactive in identifying and correcting potential violations in advance of any investigation by the SEC can result in mitigation of any action or penalties.

Legal and compliance officers may want to consider the following steps in order to evaluate and potentially mitigate any potential exposure to an enforcement action:

  • Conduct a review of all employee-facing and client-facing documents or contracts with confidentiality provisions and remove or revise any content that may be viewed as impeding (even unintentionally) a person’s ability to report potential securities law violations to the SEC. Depending on the circumstances, this may involve including a reference expressly permitting communications with the SEC and other government or regulatory entities without advance notice or disclosure to the company.
  • Remove any language from the templates that could be interpreted as hindering an employee’s or client’s ability to communicate with the SEC concerning potential securities law violations, including language threatening disciplinary action against employees for disclosing confidential information in their communications with government agencies when reporting potential violations.
  • Prepare addenda or updates to current employee- and client-facing agreements that reflect the revised confidentiality clauses.
  • Include reference in written anti-retaliation policies that employees’ communications and cooperation with the SEC and other government agencies will not result in retaliation from the company.
  • Conduct trainings for company managers and supervisors regarding appropriate communications to employees regarding their interactions with the government.
  • Implement policies that prevent any company personnel from taking steps to block or interfere with an employee’s use of company platforms or systems to communicate with the SEC and other government agencies.14

In the Matter of JP Morgan Securities LLC, Admin. Proc. No. 3-21829 (Jan. 16, 2024), https://www.sec.gov/files/litigation/admin/2024/34-99344.pdf.

Id. (quoting Securities Whistleblower Incentives and Protections Adopting Release, Release No. 34-63434 (June 13, 2011)).

SEC Office of the Whistleblower Annual Report to Congress for Fiscal Year 2023 (Nov. 14, 2023), https://www.sec.gov/files/2023_ow_ar.pdf; SEC Whistleblower Office Announces Results for FY 2022 (Nov. 15, 2022), https://www.sec.gov/files/2022_ow_ar.pdf; 2021 Annual Report to Congress Whistleblower Program (Nov. 15, 2021), https://www.sec.gov/files/owb-2021-annual-report.pdf; 2020 Annual Report to Congress Whistleblower Program (Nov. 16, 2020), https://www.sec.gov/files/2020_owb_annual_report.pdf.

SEC Office of the Whistleblower Annual Report to Congress for Fiscal Year 2023 (Nov. 14, 2023), https://www.sec.gov/files/2023_ow_ar.pdf.

17 C.F.R. § 240.21F-17.

In the Matter of KBR, Inc., Admin. Proc. No. 3-16466 (Apr. 1 2015), https://www.sec.gov/files/litigation/admin/2015/34-74619.pdf (imposing a US$130,000 fine on a company in a settled enforcement action for requiring that witnesses in certain internal investigations sign confidentiality agreements warning that they could be subject to discipline if they discussed the matters at issue outside the company without prior approval of the company’s legal department).

In the Matter of Activision Blizzard, Inc. Admin. Proc. No. 3-21294 (Feb. 3, 2023), https://www.sec.gov/files/litigation/admin/2023/34-96796.pdf.

In the Matter of Gaia, Inc. et. al., Admin. Proc. No. 3-21438 (May 23, 2023), https://www.sec.gov/files/litigation/admin/2023/33-11196.pdf.

In the Matter of D.E. Shaw & Co., L.P., Admin. Proc. No. 3-21775 (Sep. 29, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98641.pdf.

10 In the Matter of CBRE Inc., Admin. Proc. No. 3-21675  (Sept. 19, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98429.pdf.

11 In the Matter of Monolith Res., LLC, Admin. Proc. No. 3-21629 (Sept. 8, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98322.pdf.

12 Gurbir S. Grewal, Remarks at New York City Bar Association Compliance Institute (Oct. 24, 2023), https://www.sec.gov/news/speech/grewal-remarks-nyc-bar-association-compliance-institute-102423.

13 See, e.g., In the Matter of CBRE Inc., Admin. Proc. No. 3-21675  (Sept. 19, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98429.pdf (crediting respondent’s remediation program, which included, among other measures, an audit of relevant agreements, updates to policies with respect to Rule 21F-17, and mandatory trainings); In the Matter of Monolith Res., LLC, Admin. Proc. No. 3-21629 (Sept. 8, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98322.pdf (crediting respondent’s prompt remedial acts including revisions to the at-issue release language and affirmatively alerting affected clients that they are not prohibited from communicating with governmental and regulatory authorities.)

14 Cf.  In the Matter of David Hansen, Admin Proc. 3-20820 (Apr. 12, 2022), https://www.sec.gov/enforce/34-94703-s (settled SEC enforcement action against former Chief Information Officer of a technology company for violating Rule 21F-17(a) by, among other things, removing an employee’s access to the company’s computer systems after the employee raised concerns regarding misrepresentations contained in the company’s public disclosures).

Top Risks for Businesses in 2024

Just weeks into 2024, it is already clear that uncertainty will be the watchword. Will the economic soft landing of 2023 persist into 2024? Will labor unrest, strong in 2023, settle down as inflation cools? Will inflation remain tamed? Will the U.S. elections bring continuity or a new administration with very different views on the role of the U.S. in the world and in regulating business?

Uncertainty is also fueling a complex risk environment that will require monitoring global developments more so than in the past. As outlined below, geopolitical risks are present, multiple, interconnected and high impact. International relations have traditionally fallen outside the mandate of most C-Suites, but how the U.S. government responds to geopolitical challenges will impact business operations. Beyond additional disruptions to global trade, businesses in 2024 will face risks associated with expanding protectionist economic policies, climate change impacts, and AI-driven disruptors.

Geopolitical Tensions Disrupting Global Trade

The guardrails are coming off the international system that enshrines the ideals of preserving peace and security through diplomatic engagement, respecting international borders (not changing them through military might) and ensuring the free flow of global trade. In 2022, the world was shocked by Russia’s invasion of Ukraine, but it has taken time for the full impact to reverberate through the international system. While political analysts write on a “spillover of conflict,” the more insidious impact is that more leaders of countries and non-state groups are acting outside the guardrails because they are no longer deterred from using military force to achieve political goals, making 2024 ripe for new military conflicts disrupting global trade beyond the ongoing war in Europe.

In October 2023, Hamas launched a war from Gaza against Israel. Thus far, fighting has spread to the West Bank, between Israel and Lebanese Hezbollah in the north, and to the Red Sea, with Iranian-backed Houthis attacking shipping through the strategic Bab al Mandab strait. Container ships and oil tankers, to avoid the risks, are re-routing to the Cape of Good Hope, adding two weeks of extra sailing time, with the associated costs. Insurance premiums for cargo ships sailing in the eastern Mediterranean have skyrocketed, with some no longer servicing Israeli ports. Companies and retailers with tight delivery schedules are switching to airfreight, which is expected to drive up airfreight rates.

Iran, emboldened by its blossoming relationship with Russia as one of Moscow’s new arms suppliers, is activating its proxy armies in Yemen, Iraq, Syria and Lebanon to attack Western targets. In a two-day period in January 2024, the Iran Revolutionary Guards directly launched strikes in Syria, Iraq and Pakistan. Nuclear-armed Pakistan retaliated with a cross border strike in Iran. While there are many nuances to these incidents, it is evident that deterrence against cross-border military conflict is eroding in a region with deep, festering grievances among neighbors. Iran is in an escalatory mode and could resume harassing shipping in the Persian Gulf and the strategic Strait of Hormuz, where about a fifth of the volume of the world’s total oil consumption passes through on a daily basis.

In East Asia, North Korea is also emboldened by the changing geopolitical environment. Pyongyang, too, has become a major supplier of weaponry to Moscow for use in Ukraine. While Russia (and China) in the past have constructively contained North Korean predilection for aggression against its neighbors, Supreme Leader Kim Jong Un may believe the time is ripe to change the status quo. Ominously, in a Jan. 15 speech before the Supreme People’s Assembly (North Korea’s parliament), Kim rejected the policy of reunification with South Korea and proposed incorporating the country into North Korea “in the event of war.” While North Korean leaders frequently revert to brinksmanship and aggressive language, Kim’s speech reflects confidence of a nuclear power, aligned with Russia against a shared adversary – South Korea, which is firmly aligned with the G7 consensus on Russia. A war in the Korean peninsula would be felt around the world because East Asia is central to global shipping and manufacturing, disrupting supply chains, as well as the regional economy.

China is also waiting for the right moment to “unite” Taiwan with the mainland. Beijing has seen the impact of Western sanctions on Russia over Ukraine and has been deterred from aiding the Russian war effort. In many ways, China has benefited from these sanctions and the reorientation of global trade. Also, Russia, with its far weaker economy, has proven surprisingly resilient to sanctions, another lesson for China. Meanwhile, the Taiwanese people voted in January and returned for a third time the ruling party that strongly rejects Chinese territorial claims. Tensions are high, with the Chinese military once again harassing Taiwanese defenses. For Beijing, the “right moment” could fall this year should conflict break out on the Korean peninsula, which would tie the U.S. down because of the Mutual Defense Treaty.

The uncertainty here is not that there are global tensions, but how the U.S. will respond as they develop and how U.S. businesses can navigate external shocks. Will the U.S. be drawn into a new war in the Middle East? Can the U.S. manage multiple conflicts, already deeply involved in supporting Ukraine? Is the U.S. economy resilient enough to withstand trade disruptions? How can businesses strengthen their own resiliency?

Economic Protectionism Increasing Costs and Risks

Geopolitical tensions, the global pandemic and the unequal benefits of globalization are impacting economic policies of the U.S. and the political discourse around the merits of unrestrained free trade. Protectionist economic policies are creeping in, under the nomenclature of “secure supply chains,” “friend-shoring” and “home-shoring.” The U.S. has imposed tariffs on countries (even allies) accused of unfair trade practices and has foreclosed access to certain technologies by unfriendly countries, namely China.

While the response to some of these trade restrictions are new trade agreements with “friends” to regulate access under preferred terms, in essence creating multiple “friends” trade blocs for specific sectors, other responses are retaliatory, including counter tariffs and export restrictions or outright bans. In 2024, the U.S. economy will see the impact of these trade fragmentation policies in acute ways, with upside risks of new business opportunities and downside risks of supply chain disruptions, critical resource competition, increased input costs, compliance risks and increased reputational risks.

Trade with China, which remains significant and important to the stability of the U.S. economy, will pose new risks in 2024. While Washington and Beijing have agreed to some political and security guardrails to manage the relationship, economic competition is unrestrained and stability in the bilateral relations is not guaranteed. The December 2023 bipartisan report by the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party, with its 150 recommendations on fundamentally resetting economic and technological competition with China, if even partially adopted, risks reigniting the trade war.

2024 is a presidential election year for the U.S. A change of control of the executive branch could result in many economic and regulatory policy reversals. The definition of “friend” could shift or narrow. Restrictions on trade with China could accelerate.

Impacts of Climate Change and Sustainability Policies

2023 was the hottest year on record, and El Niño conditions are expected to further boost the warming trend. Many regions experienced record-breaking wildfire activity in 2023, including Canada where 18 million hectares of land burned. Extreme storms caused life-threatening flooding in Europe, Asia and the Americas. 2024 is expected to bring even more climate hazards. The impacts will be physical and financial, including growing insurance losses and adverse impacts on operations and value chain. Analysts expect that in 2024, the economic and financial costs of adverse health impacts from climate change will increase, with risks related to the spread of infectious disease, insufficient access to clean water, and physical harm to the elderly and vulnerable. The direct economic effect will be on health systems, but also loss of productivity due to extreme weather incidents and effects of epidemics.

Energy transition to low-carbon emissions is underway in the U.S., but it is uneven and still uncertain. The financial market is investing in an impressive number of startups and large-scale projects revolving around cleantech. Still, there is hesitancy on the opportunity and risks of sustainability. Thus far, progress towards sustainability goals has been private sector-led and government-enabled. There is a risk that government incentive programs encouraging the transition to low-carbon energy could be reversed or curtailed under a new administration.

In 2024, some companies will face more climate disclosure compliance requirements. The Securities and Exchange Commission (SEC) is expected to release its final rule on climate change disclosures. The final action has been delayed several times because of pushback by public companies on some of the requirements, including Scope 3 greenhouse gas emission disclosures (those linked to supply chains and end users). California has not waited for the SEC’s final rule: In October 2023, Gov. Gavin Newsom signed into law legislation that will require large companies to disclose greenhouse gas emissions. The California climate laws go into effect in 2026, but companies will need to start much earlier to build the capabilities to plan, track and report their carbon footprint. For U.S. companies doing business in the European Union, they will need to comply with the EU Corporate Sustainability Reporting Directive, with the rules coming into force mid-2024.

Disruptive Technology

In 2023, generative AI was the talk of the town; in 2024, it will be the walk. Companies are popping up with new tools for every imaginable sector, to increase efficiency, task automation, customization, personalization and cost reduction. Business leaders are scrambling to integrate AI to gain a competitive edge, while navigating the everyday risks related to privacy, liability and security. While there are concerns that AI will displace humans, there is a growing consensus that while some jobs will disappear, people will focus on higher value work. That said, new rounds of labor disruptions linked to workforce transition are likely in 2024.

2024 will also bring AI-generated misinformation and disinformation. Bad actors will spread “synthetic” content, such as sophisticated voice cloning, doctored images and counterfeit websites, seeking to manipulate people, damage companies and economies, and foment dissent.

In 2024, around 2 billion people in more than 50 countries will vote in elections at risk of manipulation by misinformation and disinformation, which could destabilize the real and perceived legitimacy of newly elected governments, risking political unrest, violence, terrorism and erosion of democratic processes. Large democracies will hold elections in 2024, including the U.S., the EU, Mexico, South Korea, India, Pakistan, Indonesia and South Africa. Synthetic content can be very difficult to detect, while easy to produce with AI tools.

This is not a theoretical threat; synthetic content is already being disseminated in the U.S., targeting New Hampshire voters with robocalls that share fake recorded messages from President Biden encouraging people not to vote in the primary election. The U.S. is already polarized with citizens distrustful of the government and media, a ready vulnerability. Businesses are not immune. Notably, CEOs have stood apart, with higher ratings for trustworthiness and risk being called upon to vouch for “truth” (and becoming collateral damage in the fray).

AI-powered malware will make 2023 cyber risks look like child’s play. Attackers can use AI algorithms to find and exploit software vulnerabilities, making attacks precise and effective. AI can help hackers quickly identify security measures and evade them. AI-created phishing attacks will be more sophisticated and difficult to detect because the algorithms can assess larger amounts of piecemeal information and craft messages that mimic communication styles.

The role of states backing cyber armies to spread disinformation or steal information is growing and is part and parcel of the erosion of the existing international order. States face little deterrence from digital cross-border attacks because there are yet to be established mechanisms to impose real costs.

SEC Ramps Up Enforcement against Public Companies and Subsidiaries in FY 2022

The SEC imposed $2.8 billion in monetary settlements, the largest total in any fiscal year recorded in the Securities Enforcement Empirical Database.

New YorkThe U.S. Securities and Exchange Commission (SEC) filed 68 enforcement actions against public companies and subsidiaries in the first full fiscal year of Chair Gary Gensler’s tenure. Monetary settlements imposed in public company or subsidiary actions reached $2.8 billion, according to a report released today by the NYU Pollack Center for Law & Business and Cornerstone Research.

The report, SEC Enforcement Activity: Public Companies and Subsidiaries—Fiscal Year 2022 Update, analyzes information from the Securities Enforcement Empirical Database (SEED). The 68 enforcement actions in FY 2022, which ended September 30, reflected a 28% increase from the previous fiscal year.

The SEC imposed monetary settlements on 97% of the 75 public company and subsidiary defendants that settled in FY 2022. Both the dollar amount and the percentage were the largest of any fiscal year recorded in SEED, which covers actions beginning in FY 2010.

“The number of defendants that settled in FY 2022 with admissions of guilt increased substantially from the previous fiscal year. This was driven by actions involving Broker Dealer allegations brought by the SEC in September,” said Stephen Choi, the Bernard Petrie Professor of Law and Business at New York University School of Law and director of the Pollack Center for Law & Business. “The 16 defendants admitting guilt was double the largest number in any previous fiscal year in SEED.”

The $2.8 billion in monetary settlements imposed in public company or subsidiary enforcement actions in FY 2022 was $921 million more than in FY 2021 and $321 million more than in any other fiscal year in SEED. The median monetary settlement in FY 2022 was $9 million, the largest in SEED. The average settlement was $42 million.

“The increase in monetary settlements is consistent with the SEC’s public statements that ‘robust remedies’ are an enforcement priority,” said report coauthor Sara Gilley, a Cornerstone Research vice president. “The $1.2 billion in monetary settlements with 16 public broker-dealer subsidiaries for recordkeeping failures represents 44% of total monetary settlements in the fiscal year.”

Issuer Reporting and Disclosure continued to be the most common allegation type in FY 2022, accounting for 38% of actions. Allegations in the SEC’s Broker Dealer classification were the second most common for the first time since FY 2018. Nearly 70% of the 16 Broker Dealer actions were filed against financial institutions for recordkeeping failures.

Click here to read the full report from Cornerstone Research.

Copyright ©2022 Cornerstone Research

What Public Comments on the SEC’s Proposed Climate-Related Rules Reveal—and the Impact They May Have on the Proposed Rules

On March 21, 2022, the Securities and Exchange Commission (“SEC”) published for comment its much-anticipated proposed rules on climate disclosures, entitled “The Enhancement and Standardization of Climate-Related Disclosures for Investors.”[1]  The SEC invited public comments on these rules, and the response was overwhelming—nearly 15,000 comments were published on the SEC’s website over the course of three months, from individuals and organizations representing all aspects of modern American society.  Few, if any, of the SEC’s rule proposals have ever received such voluminous, significant, and diverse comments.  And the comments themselves range from brief statements to complex legal arguments either in support or in opposition, as well as detailed proposals for further changes to the proposed climate disclosures.  The comment period closed on June 17, 2022, and further action by the SEC to finalize the proposed rule is anticipated this fall.

This article provides a brief summary of the comments, and analyzes and summaries the key points the comments conveyed.

Statistical Analysis of Form and Individualized Submissions

Since the beginning of the public comment period, the SEC has received 14,645 comments on the proposed climate disclosure rules.[2]  To provide some context for how massive that figure is, the SEC has only received 144 comments on its proposed cybersecurity risk management rules, which were announced two weeks before the proposed climate disclosures and have also been the subject of extensive commentary in the press.  Yet despite the prominence of the SEC’s cybersecurity proposal, it has received fewer than 1% of the comments offered on the climate disclosure rule.

Of the 14,645 comments, approximately 12,304, or 84% of the total, are form letters.  This includes 10,589 comments that the SEC itself identified as form letters, and another 1,715 apparently individualized comments that were actually form letters.  However, even when removing these form letters from consideration, fully 2,341 individualized comment letters remain—a substantial number, and a significant percentage (16%) of the volume.[3]

The form letters are worth exploring in more detail.  Of the 12,304 comments, fully 10,861 (88%) broadly express support for the proposed climate disclosure rule, and only 1,443 (12%) are in opposition.  This disparity in the level of support for the two positions is best conveyed by the chart below.

Positions for and against the new SEC Disclosures

Notably, it has been possible to identify some, although not all, of the organizations that sponsored the form letter writing campaign.  In particular, form letters proposed by the Union of Concerned Scientists in support of the proposed climate disclosures were submitted 6886 times—more than 55% of the total volume of form letters.  Additionally, the form letters proposed by the Climate Action Campaign and the National Wildlife Federation in support of the SEC’s proposed disclosures were also quite voluminous among the submissions—1208 and 956 comment letters, respectively.  The most frequent form letters submitted in opposition to the proposed climate disclosure rules—e.g., those proposed by FreedomWorks (348 letters) and the Club for Growth (172 letters)—did not achieve nearly the same volume of submissions.

But the apparent overwhelming majority in favor of the proposed SEC climate disclosure rules, as conveyed by the form letters, is belied by the individualized submissions, which were far more closely divided.  Of the 2341 individualized comment letters submitted, approximately 53% (1238 comment letters) expressed support, about 43% (1015 comment letters) were opposed, and a handful—around 4% (88 comment letters)[4]—did not express a position.  The below chart demonstrates the levels of support expressed by the individualized submissions:

Individual submissions supporting, opposing, and neutral to the new SEC Disclosures

Besides the mere volume of submissions, however, the most noteworthy aspect of the individualized submissions are the substantive arguments—both factual and legal—that these comment letters articulate, whether in support or opposition to the proposed rules, as well as the identity of those making these submissions.

Arguments in Support of the Proposed SEC Climate Disclosure Rules

The organizations and individuals that chose to offer support for the SEC’s proposed climate disclosures represent a wide swathe of society.  Broadly speaking, these proposed climate disclosures attracted support from, among others: Democratic politicianscivil society organizations (such as environmental NGOs), individual corporationsprofessional services organizations, and academics. While the rationales offered by these different groups varied considerably, in part due to their varying perspectives (e.g., environmental NGOs were more concerned with the impact on the transition to a clean-energy environment, while corporations often focused on the consequences of particular aspects of the rules), the individualized comments in support of the proposed disclosures nonetheless shared some common features.

Specifically, there are a number of common arguments that are frequently featured among the 1239 individualized submissions in support of the SEC’s proposed climate disclosures.  Six arguments appear in over 10% of the submissions.  In order of prevalence, these are:

  1. Environmental Protection (347 submissions, 28%): that the proposed rules will help protect the environment
  2. Investor Choice (280 submissions, 23%): that the proposed rules will enable investors to make more informed choices
  3. Investor Protection (263 submissions, 21%): that the proposed rules will enable investors to protect themselves and their investments from climate-related risk
  4. Standardization of Climate Disclosures (259 submissions, 21%): that the proposed rules will enable the standardization of climate disclosures, making data comparable
  5. Increased Transparency (171 submissions, 14%): that the proposed rules will increase transparency and hold companies accountable for their emissions
  6. Alignment with International and Foreign Regulatory Frameworks (169 submissions, 14%): that the proposed rules will bring the United States into alignment with both international frameworks and other countries (e.g., the EU)

No other argument appeared in more than 6% of the individualized submissions in support of the SEC’s proposed climate disclosures.

Notably, the most common arguments in favor of the proposed climate disclosures share a common feature: these are all policy arguments, focusing on the benefits to investors and the broader economy from the adoption of the SEC’s proposed disclosures.  Only a single argument among the top ten most frequent arguments in support was a legal argument—namely that the proposed rules fall within the SEC’s statutory authority—and that argument appeared in only around 3% of the submissions (41 submissions).[5]  This focus on policy benefits among supporters of the SEC’s proposed climate disclosures is unsurprising, as these public policy rationales were a key factor in encouraging the Biden Administration to pursue this regulatory agenda.  However, the reluctance to engage with critics of the proposed climate disclosures on a legal basis may signal the difficulties that the SEC’s proposed climate disclosures may encounter in future court challenges.

Arguments in Opposition to the Proposed SEC Climate Disclosure Rules

Those entities and individuals that submitted individualized comment letters opposing the SEC’s proposed climate disclosures also represent a broad range of American society, albeit with a somewhat different focus.  Generally, individualized letters in opposition to the SEC’s proposed climate disclosures tended to be submitted by, among others: Republican politiciansindividual corporationstrade industry groups, and NGOs. (Unsurprisingly, the fossil fuel industry and extractive industries were particularly well-represented among the commenters.)  These individualized submissions—frequently lengthy and extensively analyzing the SEC’s regulatory practices and authority—shared a number of common themes.

In particular, there are a number of common arguments that featured frequently among the 1014 individualized submissions to the SEC in opposition to these proposed climate disclosures.  Three (3) arguments appeared in more than ten (10) percent of these submissions:

  1. Ultra vires (322 submissions, 32% ): that the SEC lacks the ability to issue these disclosures as the proposed rule is beyond the scope of the SEC’s legal authority
  2. Compliance Costs (218 submissions, 21% ): that compliance with the proposed rule will impose unreasonable and extensive costs on businesses
  3. Climate Science Skepticism (123 submissions, 12%): that the science concerning climate change is unsettled and therefore the proposed rule is inappropriate

Although no other common argument appeared in more than 7% of the individualized letters in opposition, it should still be noted that there were a large number of letters that objected to the increased burdens placed on particular types of businesses, whether farmers (53 submissions, 5%), fossil fuel companies (49 submissions, 5%), or small businesses (36 submissions, 4%).

Overall, it is striking that around a third of the comments submitted in opposition stated that the SEC had acted beyond its authority (ultra vires) in proposing this new rule.  While this critique is hardly novel—it has been a frequent refrain of the Republican SEC Commissioners ever since this topic was first broached—the prevalence of this argument among the individualized comments suggests that both the public and sophisticated market actors perceive this issue as a key vulnerability in the SEC’s proposal, and that this legal argument will likely be emphasized in the inevitable legal challenge to this SEC rule.  And, based on recent decisions by the Supreme Court, it is altogether likely that this line of attack may find a sympathetic audience in the courts.

Potential Changes to the SEC Climate Disclosure Rules Resulting from Public Comments

Despite the differences between the advocates and opponents of the SEC’s proposed climate disclosures, both sides submitted proposals to the SEC to change or adjust the proposed rules.  Although there was often substantial disagreement about the content of these proposed changes, there were also significant areas of convergence.

Some of the changes to the SEC’s proposed climate disclosures frequently submitted by supporters of the rule included:

  1. ISSB: that the SEC should further align its proposal with the ISSB and help create a global standard (76 comments);
  2. Extended Phase-In Period: to extend the phase-in period for these new disclosure requirements (72 comments);
  3. Alignment with International and Foreign Standards: that the SEC should further align its proposal with international and foreign standards, such as the EU or TCFD (66 comments);
  4. Enhance Scope 3 GHG Emissions: to eliminate exemptions so that all companies must disclose Scope 3 GHG emissions (55 comments);
  5. Principles-Based Approach to Materiality: to adopt a principles-based approach to materiality rather than bright-line rules (53) comments;
  6. Remove Scope 3 GHG Emissions: to remove the requirement that Scope 3 GHG emissions be disclosed (36 comments);
  7. Furnish, Not File: that the disclosures be provided in a document that is “furnished” to the SEC, rather than filed (which impacts potential liability) (26 comments).

Although certain proposed changes by proponents of the SEC’s proposed climate disclosure rule are undeniably expected (e.g., removing exemptions for disclosure of Scope 3 GHG emissions), there are others that seem somewhat surprising on initial review (e.g., extending the phase-in period or removing Scope 3 GHG emissions entirely).  This can most easily be explained by the fact that supporters of the SEC’s proposed rule include corporations and other business interests, which will resist certain burdensome regulations even if generally offering support for the overall thrust of the proposal.  There are also academics and others who continue to express skepticism concerning the utility of disclosing Scope 3 emissions, or even whether it can be adequately measured.

It should be emphasized that these changes proffered by supporters of the SEC’s proposed rule, many of which are designed to render the proposed rule less onerous, may indicate that the support for the proposed rule—or at least the most stringent aspects of it—is relatively weak (or at least among the corporate interests nominally aligned with the SEC).

The most frequent changes suggested by opponents of the rule included:

  1. Remove Scope 3 GHG Emissions: to remove the requirement that Scope 3 GHG emissions be disclosed (69 comments);
  2. Principles-Based Approach to Materiality: to adopt a principles-based approach to materiality rather than bright-line rules (35 comments);
  3. Extended Phase-In Period: to extend the phase-in period for these new disclosure requirements (25 comments);
  4. Furnish, Not File: that the disclosures be provided in a document that is “furnished” to the SEC, rather than filed (which impacts potential liability) (18 comments).

These proposed changes (and others) advanced by opponents of the SEC’s proposed rule are generally designed to make the rules less stringent and also to reduce costs and potential legal liability.

As can be seen by comparing the above lists, there are certain areas where suggested changes to the proposed rule converged.  In particular, there are issues where both opponents of the SEC’s proposed rule and some of its supporters would try to render it less intrusive or impactful, particularly with respect to the elimination of the requirement to report Scope 3 GHG emissions and to extend the phase-in period further.  (Although, as noted, this apparent convergence between opponents and supporters of the SEC’s proposed rule may be due to divergent interests among the supporters of the SEC’s proposed rule with respect to its implementation.)

But, regardless of the specific content of the particular proposed changes, what is undoubtedly significant is that these proposed changes have highlighted the aspects of the SEC’s proposed climate disclosure rule that are likely most sensitive to regulated corporations.  Such an insight reveals not only the areas where active lobbying is most likely to take place, but also previews probable priorities for corporate compliance departments.  In effect, focusing on the aspects of the proposed rule where changes were proposed is a means to identify the key issues from the perspective of the regulated entities and the public at large.

Conclusion

The level of engagement with the SEC’s proposed climate disclosures, as demonstrated by the number and detail of the public comments offered, is extraordinary. This degree of attention indicates the significant impact that is expect to result from the ultimate promulgation of these rules (or a revised version thereof).

Of course, the key question here is what changes, if any, are likely to be made to the SEC’s proposed rule based upon the public comments submitted to the SEC.  In this context, it is noteworthy that a handful of key issues have been identified by both proponents and opponents of the proposed disclosures as especially ripe for potential revision.  As noted above, these include, among others, the length of the phase-in period and the disclosure of Scope 3 GHG emissions.  If any changes are to be made to the SEC’s proposed climate disclosure rule, it is likely that such changes will be related to these issues.

However, given the relative lack of forward momentum with respect to other aspects of the Biden Administration’s climate agenda, there may well be political pressure not to weaken or otherwise rollback the SEC’s proposed rule, as this is one of the few areas where significant—and publicly-recognized—progress has been made with regulations designed to address the issue of climate change.  Further, the Biden Administration’s SEC has certainly recognized the inevitability of a legal challenge to these proposed climate disclosures, and, since no degree of alteration would suffice to preempt such a lawsuit, the SEC may conclude that it is better to seek to implement all aspects of the proposed regulation for the political benefit that can be achieved in the short term, since the substantive aspects of the proposed disclosure may not ultimately survive judicial scrutiny.  The SEC may also prefer to send a strong signal to the market by maintaining its original proposed rule.  Recognizing these pressures, it seems unlikely that the public comments submitted to the SEC will have a significant impact on the final rule promulgated in the coming months—and improbable that the SEC will make the proposed disclosures less robust.


FOO​TNOTES

[1] These proposed rules are discussed more fully in our prior publication:  https://www.mintz.com/insights-center/viewpoints/2451/2022-03-30-brief-summary-secs-proposed-climate-related-rules

[2] Although the total number of comments, when including both form letters and individualized letters, is 14,739, there are 94 comment letters on the SEC website that are duplicates, and have thus been removed from the calculation.

[3] For comparison, the proposed SEC rule on disclosing compensation ratios drew about 300,000 form letters and around 1500 individualized comment letters.  In this case, the individualized comment letters represented only about 0.5% of the total volume.  https://www.sec.gov/comments/s7-07-13/s70713.shtml

[4] The eighty-eight comment letters that did not adopt an express position on the proposed climate disclosure rules instead conveyed a number of different points, including proposing narrow changes to the proposed rule without taking a stance on the rule as a whole, or offering further context for the SEC’s actions (e.g., comparing the SEC to other regulators, whether domestic or international).  This category also includes a number of early comments that simply requested that the SEC extend the deadline for submitting comments.

[5] There are public comments in support of the proposed rule that focus on the legal issues.  In particular, the submission of Prof. John Coates of Harvard Law School, a former SEC official, is devoted exclusively to defending the legal authority of the SEC to issue the proposed climate disclosure rule. https://www.sec.gov/comments/s7-10-22/s71022-20130026-296547.pdf

©1994-2022 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

The SEC’s Proposed Rules on Climate-Related Disclosures – What to Do Now: A Guide for In-House Counsel Facing the Proposed Rules

The U.S. Securities and Exchange Commission’s recently proposed rules governing climate-related disclosures, if adopted as proposed, would represent a sea change to the existing public-company disclosure regime.  The rules would require that public companies include the following, among other disclosures, in reports and registration statements filed with the SEC:

  • disclosure of greenhouse gas (GHG) emissions data covering Scope 1 and Scope 2 emissions for all companies and Scope 3 emissions for companies1 (other than those that qualify as “smaller reporting companies”) for which Scope 3 emissions are material or that have set emissions reduction targets that include Scope 3 emissions, with third-party attestation being required for Scope 1 and Scope 2 data for companies that qualify as “large accelerated filers” or “accelerated filers”;
  • extensive and detailed disclosures regarding climate-related risks, including physical risks and transition-related risks, to a company’s financial statements, business operations or value chain (i.e., upstream and downstream activities of third parties related to the company’s operations);
  • disclosure in the notes to audited financial statements of quantitative and qualitative information regarding financial impacts of climate-related risk, including disaggregated quantitative information with respect to impacts of physical risks or transition activities on specific financial statement line items if the impact is 1% or more of the line item;
  • extensive and detailed disclosures regarding climate-related governance, strategy and risk management; and
  • to the extent relevant to a particular company, disclosures regarding the company’s transition plan, climate-related targets or goals, use of scenario analyses or other analytical tools in evaluating climate-related risk and use of an internal carbon price.

For many companies, the rules would require enterprise-wide changes to how the company collects, assesses and reports climate-related data and other information, as well as changes to their governance structures and systems of controls.  Changes may be driven both by the need to comply with the disclosure requirements and by a company’s view of how its disclosures will be received by investors or the public generally.

The tasks of understanding the implications of the proposed rules for a particular company and preparing for eventually complying with the rules are monumental, and, unfortunately, public companies currently find themselves in the difficult position of possibly needing to act with some urgency in order to be prepared to comply with rules of uncertain substance on an uncertain timeline.  At this point, the proposed rules are just that – proposed and not final.  The period for public comment on the proposed rules will run until May 20 at the earliest and could be extended by the SEC, and public comments are likely to reflect the controversial nature of the proposed rules and strong opinions by both supporters and detractors.  After the comment period, whether and when the SEC releases final rules, and the extent to which any final rules largely follow or reflect significant changes from the proposed rules, will remain to be seen.  Like the proposed rules, any final rules should provide for phase-in periods for compliance.  Further, any final rules are almost certain to face legal challenges that could delay implementation of the rules even if such challenges ultimately are unsuccessful.  It is therefore very difficult to predict when companies will need to comply with new rules and precisely what information they will be required to disclose under new rules.

Despite that uncertainty, it appears very likely that the SEC will adopt final climate-related disclosure rules in the not-too-distant future and that those rules will include in some form most, if not all, of the big buckets of disclosure requirements reflected in the proposed rules.  Because of the significant effort and degree of organizational change that compliance with the rules likely will require, companies may not be able to wait until final rules are released to begin assessing the impacts of the proposed rules on their organizations.  And, if the SEC were to adopt final rules later this year in the proposed form, companies that are large accelerated filers with a calendar fiscal year would be required to include information for 2023, including Scope 1 and 2 emissions data, in their annual reports filed in early 2024, meaning that they would need to have the systems in place to track and record the relevant information by the end of this year.

Assessing the potential impact of the proposed rules on a company and preparing the company for eventually complying with the rules will require participation from many different parts of the organization, but we expect that, at many companies, the task of setting the company on a course to do those things will fall on the general counsel and other in-house counsel with responsibility for relevant substantive areas.  With that in mind, we have prepared the following guide for in-house counsel with respect to near-term actions their companies should be taking or should consider taking, depending on their circumstances.  Bracewell will expand on a number of the topics noted below in future alerts, webinars or other similar communications.

1.   Engage senior management, the board of directors and relevant board committees and begin assessing governance, oversight and management of climate-related risks.

In-house counsel likely will be hearing from their CEOs and board members, if they haven’t already, asking what the proposed rules mean for their company.  In any case, in-house counsel should ensure that top-level management and board members understand the potential challenges and changes their companies may face with the proposed rules and encourage the level of board and senior management oversight and engagement that is appropriate for their situation.  The proposed rules would require companies to provide detailed disclosures concerning their boards’ oversight of climate-related risks and management’s role in assessing and managing those risks. Although many companies already have robust board oversight of ESG matters and include related disclosures in their SEC filings, the proposed rules are far more granular in dictating the type of information that would need to be disclosed.

In that regard, in-house counsel may be asked what changes, if any, should be made to board or committee composition and structure in light of the proposed new disclosure requirements.  Among other matters, consideration should be given to whether the creation of a new ESG committee – or a purely climate-focused committee – is appropriate or whether responsibility reasonably can be shouldered by an existing committee, such as the audit committee.

2.   Establish organizational responsibility for assessing the implications of the proposed rules for your company.

As noted above, this is a huge task that will require input from a multidisciplinary team, including legal, accounting, operations and possibly other personnel.  Identifying the right team and setting clear responsibilities and timelines are critical near-term tasks.

3.   Understand the potential timeline for compliance with the proposed rules as it relates to your organization.

As noted above, there is considerable uncertainty regarding, among other matters, whether final rules will require compliance on the timelines contemplated in the proposed rules, which would have the compliance requirements phased in over several years based on a company’s status as a large accelerated filer, an accelerated filer, a non-accelerated filer or a smaller reporting company.  This fact sheet on the proposed rules published by the SEC provides helpful tables (on page 3) detailing the phase-in periods contemplated by the proposed rules for companies with a calendar fiscal year, assuming the proposed rules were adopted as final with an effective date in December 2022.

Despite the uncertainty, it is certainly possible that the SEC could adopt final rules later this year with compliance dates as contemplated by the proposed rules, and companies therefore would be ill-advised to assume that they will have a longer ramp-up period than they would under the proposed rules and the assumption of a December 2022 effective date.

4.   Understand the proposed rules and the disclosures they will require for your company based on its specific circumstances, including with regard to differences between what the company is disclosing now and what would be required by the proposed rules.

The proposed rules are highly prescriptive and are intended to produce consistent and comparable disclosures across the public-company spectrum.  With limited exceptions (e.g., that smaller reporting companies would be exempted from the requirement to disclose Scope 3 emissions), all public companies will need to assess required disclosure under all provisions of the rules.  That assessment, however, will need to be made in light of the company’s specific circumstances, and there will be categories of required disclosures that are very relevant to some industries or companies but of no or limited relevance to other industries or companies.  Additionally, many companies have been voluntarily disclosing information that is similar to some of the information that may be required to be provided under the proposes rules, but there may be gaps between or differences in required disclosures and a company’s current practices.

As companies begin to digest the proposed rules, it will make sense for them to drill down on the specific types of disclosures they would need to make if the proposed rules were adopted as proposed.  Questions that companies might ask themselves include the following:

  • Will we need to disclose Scope 3 emissions data based on materiality or having set targets or goals including Scope 3 emissions?
  • What, if anything, have we done with respect to the following topics such that disclosure regarding those topics would be required?
    • Adoption of a transition plan
    • Setting of climate-related goals or targets
    • Use of carbon offsets or renewable energy credits in setting goals or targets
    • Use of scenario analyses or other analytical tools in evaluating climate risk
    • Use of an internal carbon price
      • Note that, with respect to goals or targets, the proposed rules refer to a company’s having “set” such goals or targets and not to its having publicly disclosed them.  Similarly, with respect to all of these topics, it is not clear that the related disclosure would be triggered only by some level of formality or organizational scope in the adoption, setting or use of the applicable item.  Companies therefore should assess the relevance of these topics broadly, including informal use or discussion within the organization.
  • What information that we are not currently disclosing would the proposed rules require us to disclose?
  • For information that we are currently disclosing, would the proposed rules require that information to be established, assembled or disclosed differently, or disclosed more expansively or granularly, from how we are doing it now?  If so, how?
  • Which required disclosures might be particularly challenging for our company, such that they might merit special or prioritized focus?

5.   Begin to evaluate existing systems and resources related to climate-related information and identify changes that will need to be made.

Companies in some industries, such as energy or manufacturing, likely already have systems in place to collect much of the data called for by the proposed rules, and many public companies have been publishing voluntary disclosures in the form of ESG reports for years.  However, smaller companies in such industries may not currently have the resources necessary to devote to compliance with the new rules.  Likewise, companies in non-GHG intensive industries, such as financial services, previously may not have had the need, or a more limited need, for such systems.  And even those companies that are experienced in collecting and disclosing climate-related data and other information likely would, under the proposed rules, need to expand their systems to cover a much broader universe of information and ensure that controls and procedures meet standards for disclosures in SEC-filed documents and are appropriate for enhanced scrutiny and potential liability that will come with including such disclosures in SEC-filed documents.  Companies may need to invest significantly in new personnel with appropriate expertise and in new technology, and they will need to expand their disclosure controls and procedures and internal control over financial reporting to cover new sets of information that are wide-ranging, voluminous and highly detailed.  Accordingly, public companies should begin to assess their existing capabilities and identify the changes they would need to make to comply with proposed rules to ensure that the changes can be effected in time to comply with new rules.

Additionally, the climate-related risk disclosures contemplated by the proposed rules may require that companies devote significant resources to expanding the process by which they identify and assess climate-related risk.  Further, the need for companies to evaluate climate-related risks to upstream and downstream – value chain – activities, and potentially to disclose Scope 3 emissions associated with those activities, may pose significant challenges and likely will require many companies to develop new processes to address disclosure requirements that relate to matters that are largely outside of the company’s control and access.  These are areas that companies may want to focus on in the near term.

6.   Evaluate needs and strategy for retaining third parties to assist with disclosures, including for attestation of GHG emissions data.

As noted above, for large accelerated filers and accelerated filers, the proposed rules would require attestation regarding Scope 1 and Scope 2 GHG emissions data by an independent third party meeting certain minimum qualifications, which may be a public accounting firm if it meets the minimum qualifications but need not be an accounting firm.  The market for providing these attestation services is evolving and will continue to evolve as accounting firms and others develop their ability to provide these services.  Some observers have raised concerns that the supply of emission-attestation services may not initially meet the demand for such services that the proposed rules would create.  Companies may wish to begin thinking about their options for third-parties to handle the attestation, particularly large accelerated filers who could be subject to the attestation requirements as soon as in their 2024 annual reports filed in early 2025. Additionally, it is important for companies to have conversations around attestation ahead of their information gathering efforts to ensure that the disclosure information being developed and gathered will be sufficient for attestors to provide the required assurance.

In addition to attestation services, companies should consider their potential need for and access to other third-party advisors with the necessary expertise and experience, including attorneys, accountants/auditors and firms providing consulting and other services to assist companies with climate-related disclosures.

7.   Consider whether the disclosures contemplated by the proposed rules warrant any changes to your current, planned or contemplated climate-related activities, such as setting or disclosing of climate-related goals or targets.

As noted above, the proposed rules contemplate detailed disclosures regarding several matters that may or may not be relevant to a particular company depending on things that the company may or may not have done in advance of the initial compliance date for the proposed rules.  These include whether a company has:

  • adopted a climate transition plan,
  • set climate-related goals or targets,
  • included Scope 3 emissions in its goals or targets,
  • used carbon offsets or renewable energy credits in setting its goals or targets,
  • used scenario analyses or other analytical tools in assessing climate-related risk, or
  • used an internal carbon price.

Companies may wish to reassess their existing, planned or contemplated activities in these areas in view of the proposed rules.  It may be the case that a company would want to modify its activities in one or more of these areas when viewed through the lens of what the company’s disclosures regarding such activities would look like under the proposed rules.  For example, if your company is planning to set or announce new GHG emissions goals, should the company modify the goals as they relate to Scope 3 emissions or otherwise before doing so, or would it be preferable for the company to delay any such setting or announcement of goals until there is clarity on the content of final rules?

8.   Determine whether to submit comments on the proposed rules.

The proposed rule release includes over 200 requests for comment.  Comments are due by the later of 30 days after the date the proposing release is published in the Federal Register (which had not happened as of the date of this update) or May 20, 2022.  (As noted above, it is possible that the comment period could be extended beyond that date, but, unless and until the SEC actually does that, parties desiring to submit comments should proceed with the expectation that they will need to submit them by the applicable current deadline.)  Although the SEC will not agree with all comments received and may adopt final rules despite strong and widely-held opposing views reflected in the comments, the SEC and its staff will consider the comments received in adopting final rules and likely will make at least some changes to the proposed rules based on comments.  If your company would like to have its voice heard on the proposed rules, you may consider doing so by submitting comments directly or through an industry association or similar group.

9.   Monitor developments.

As noted above, we are in the early stages of the process through which the proposed rules could, in their current form or with changes, become final rules with which public companies actually would need to comply.  In-house lawyers should continue to monitor developments and advise others in their organizations of such developments as appropriate so that preparations for compliance with new climate-related disclosure rules can be adjusted as necessary.

10. Don’t forget that climate-related disclosures may be required under existing SEC rules and interpretations.

With the anticipation of a massive new disclosure regime for climate-related matters and preparation for compliance with that regime, it might be easy to overlook that fact the existing SEC rules and interpretations may require climate-related disclosures in SEC filings, and the SEC staff may issue comments on climate-related disclosures, or the absence thereof, in a company’s SEC filings, as they did for a number companies in the fall of 2021 with respect to the companies’ 2020 annual reports on Form 10-K.  Pending the adoption and implementation of final new rules, companies should continue to assess their disclosures in view of the SEC’s 2010 guidance on climate-related disclosures.

_______________________________________

1. Scope 1 emissions are direct GHG emissions from operations that are owned or controlled by a company.  Scope 2 emissions are indirect GHG emissions from the generation of purchased or acquired energy that is consumed by a company’s operations.  Scope 3 emissions are all indirect GHG emissions not otherwise included in a company’s Scope 2 emissions, which occur in the upstream and downstream activities of a company’s value chain.

© 2022 Bracewell LLP
For more about SEC disclosures, please visit the NLR Financial, Securities & Banking section.

When Board Conflict Crosses the Line…

Elected officials are, naturally, sometimes at the center of conflict and division within their board.  Conflict is to be expected.  However, what happens when board members take action to freeze out a minority board member from information that he or she needs to do his or her respective job?  The use of information-control tactics against minority members on a board, impeding their ability to receive that information necessary to perform his or her duties is problematic – and it may be unconstitutional.\

Elected officials have duty to be informed. Palm v.Centre Tp., 415 A.2d 990, 992 (Pa. Commw. Ct. 1980):

It is the duty of a school board member, a commissioner, a councilman, or a supervisor to be informed. Supervisors are not restricted to information furnished at a public meeting. A supervisor has the right to study, investigate, discuss and argue problems and issues prior to the public meeting at which he may vote. Nor is a supervisor restricted to communicating with the people he represents. He is not a judge. He can talk with interested parties as does any legislator.

This responsibility extends beyond the contours of the public meeting and what is discussed at those meetings.

Elected officials have protections under the First Amendment. The Third Circuit has historically recognized that a public official’s right to free speech under the First Amendment will be violated when the retaliatory conduct of her peers interferes with her ability to adequately perform her elected duties. See Werkheiser v. Pocono Tp., 780 F.3d. 172, 182 (3d Cir. 2015); Monteiro v. City of Elizabeth, 436 F.3d 397, 404 (3d Cir. 2006).

To avoid entering the territory of this kind of interference, everyone can play a role in ensuring the government functions adequately and that Board members’ rights, duties, and privileges are protected.  Board division, when gone too far, can cross constitutional lines.  To avoid walking that line, there are things that everyone can do to make for a well-functioning Board or meeting:

  • Managers can stay neutral and ensure that every board member is kept up to date on significant municipal operations and projects.
  • Solicitors can host a meeting with the board to educate the board on laws pertaining to their position, such as a municipal code and the Pennsylvania Sunshine Act.
  • Board members can foster respect for fellow board members and learn how to communicate so that each board member can participate in healthy debate on contentious issues.  Enacting policies related to meeting decorum can be helpful, but they need to be enforced evenhandedly.

For more tips for handling divisiveness among a board, see the December 2021 article on “Tips for Handling Board Conflicts” in the Pa Township News.

©2022 Strassburger McKenna Gutnick & Gefsky
          

Red States Move to Penalize Companies That Consider Climate Change When Making Investments

A number of conservative-leaning states, particularly those with a significant fossil fuel industry (e.g., Texas, West Virginia), have begun implementing polices and enacting laws that penalize companies which “pull away from the fossil fuel industry.”  Most of these laws focus on precluding state governmental entities, including pension funds, from doing business with companies that have adopted policies that take climate change into account, whether divesting from fossil fuels or simply considering climate change metrics when evaluating investments.

This trend is a troubling development for the American economy.  Irrespective of the merits of the policy, or fossil fuel investments generally, there are now an array of state governments and associated entities, reflecting a significant portion of the economy, that have adopted policies explicitly designed to remove climate change or other similar concerns from consideration when companies decide upon a course of action.  But there are other states (typically coastal “blue” states) that have enacted diametrically opposed policies, including mandatory divestments from fossil fuel investments (e.g., Maine).  This patchwork of contradictory state regulation has created a labyrinth of different concerns for companies to navigate.  And these same companies are also facing pressure from significant institutional investors, such as BlackRock, to consider ESG concerns when making investments.

Likely the most effective way to resolve these inconsistent regulations and guidance, and to alleviate the impact on the American economy, would be for the federal government to issue a clear set of policy guidelines and regulatory requirements.  (Even if these were subject to legal challenge, it would at least set a benchmark and provide general guidance.)  But the SEC, the most likely source of such regulations, has failed to meet its own deadlines for promulgating such regulations, and it is unclear when such guidance will be issued.

In the absence of a clear federal mandate, the contradictory policies adopted by different state governments will only apply additional burdens to companies doing business across multiple state jurisdictions, and by extension, to the economy of the United States.

Republicans and right-leaning groups fighting climate-conscious policies that target fossil fuel companies are increasingly taking their battle to state capitals. Texas, West Virginia and Oklahoma are among states moving to bar officials from dealing with businesses that are moving to ditch fossil fuels or considering climate change in their own investments. Those steps come as major financial firms and other corporations adopt policies aligned with efforts to reduce greenhouse gas emissions.”

©1994-2022 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

The Confidentially Marketed Public Offering for the Smaller Reporting Company

What is it?

A Confidentially Marketed Public Offering (“CMPO”) is an offering of securities registered on a shelf registration statement on Form S-3 where securities are taken “off the shelf” and sold when favorable market opportunities arise, such as an increase in the issuer’s price and trading volume resulting from positive news pertaining to the issuer.  In a CMPO, an underwriter will confidentially contact a select group of institutional investors to gauge their interest in an offering by the issuer, without divulging the name of the issuer.  If an institutional investor indicates its firm interest in a potential offering and agrees not to trade in the issuer’s securities until either the CMPO is completed or abandoned, the institutional investor will be “brought over the wall” and informed on a confidential basis of the name of the issuer and provided with other offering materials.  The offering materials made available to investors are typically limited to the issuer’s public filings, and do not include material non-public information (“MNPI”).  By avoiding the disclosure of MNPI, the issuer mitigates the risk of being required to publicly disclose the MNPI in the event the offering is terminated.  Once brought over the wall, the issuer, underwriter and institutional investors will negotiate the terms of the offering, including the price (which is usually a discount to the market price) and size of the offering.  Once the offering terms are determined, the issuer turns the confidentially marketed offering into a public offering by filing a prospectus supplement with the Securities and Exchange Commission (“SEC”) and issuing a press release informing the public of the offering.  Typically, this occurs after the close of markets.  Once public, the underwriters then market the offering broadly to other investors, typically overnight, which is necessary for the offering to be a “public” offering as defined by NASDAQ and the NYSE (as discussed further below).  Customarily, before markets open on the next trading day, the issuer informs the market of the final terms of the offering, including the sale price of the securities to the public, the underwriting discount per share and the proceeds of the offering to the issuer, by issuing a press release and filing a prospectus supplement and Current Report on Form 8-K with the SEC.  The offering then closes and shares are delivered to investors and funds to the issuer, typically two or three trading days later.

What Type of Issuer Can Conduct a CMPO and How Much Can an Issuer Raise?

To be eligible to conduct a CMPO, an issuer needs to have an effective registration statement on Form S-3, and is therefore only available to companies that satisfy the criteria to use such form.  For issuers that have an aggregate market value of voting and non-voting common stock held by non-affiliates of the issuer (“public float”) of $75M or more, the issuer can offer the full amount of securities remaining available for issuance under the registration statement.  Issuers that have a public float of less than $75M will be subject to the “baby shelf rules”.   In a CMPO, issuers subject to the baby shelf rules can offer up to one-third of their public float, less amounts sold under the baby shelf rules in the trailing twelve month period prior to the offering.  To determine the public float, the issuer may look back sixty days from the date of the offering, and select the highest of the last sales prices or the average of the bid and ask prices on the exchange where the issuer’s stock is listed.  For an issuer subject to the baby shelf rules, the amount of capital that the issuer can raise will continually fluctuate based on the issuer’s trading price.

What Exchange Rules Does an Issuer Need to Consider?

The public offering period of a CMPO must be structured to satisfy the applicable NASDAQ or New York Stock Exchange criteria for a “public offering”.  In the event that the criteria are not satisfied, rules requiring advance shareholder approval for private placements where the offering could equal 20% or more of the pre-offering outstanding shares may be implicated.  Moreover, a sale of securities in a transaction other than a public offering at a discount to the market value of the stock to insiders of the issuer is considered a form of equity compensation and requires stockholder approval.  Nasdaq also requires issuers to file a “listing of additional shares” in connection with a CMPO.

Advantages and Disadvantages of CMPOs

There are a number of advantages of a CMPO compared to a traditional public offering, including the following:

  • A CMPO offers an issuer the ability to raise capital on an as needed basis as favorable market conditions arise through a process that is much faster than a traditional public offering.
  • The shares issued to investors in a CMPO are freely tradeable, resulting in more favorable pricing for the issuer.
  • In a CMPO, the issuer can determine the demand for its securities on a confidential basis without market knowledge.  If terms sought by investors are not agreeable to the issuer, the issuer can abandon the CMPO, generally without adverse consequences on its stock price.
  • If properly structured as a public offering, a CMPO will negate the requirement to obtain stockholder approval for the transaction under applicable Nasdaq and NYSE rules.

Disadvantages of conducting a CMPO include:

  • To conduct a CMPO, an issuer must be eligible to use Form S-3 and have an effective registration statement on file with the SEC.
  • Issuers subject to the baby shelf rules may be limited in the amount of capital they can raise in a CMPO.
  • In the event a CMPO is abandoned, investors that have been “brough over the wall” and received MNPI concerning the issuer may insist that the issuer publicly disclose such information to enable such investors to publicly trade the issuer’s securities.

This article is for general information only and may not be relied upon as legal advice.  Any company exploring the possibility of a CMPO should engage directly with legal counsel.

© Copyright 2021 Stubbs Alderton & Markiles, LLP

For more articles on the NASDAQ and NYSE, visit the NLR Financial, Securities & Banking section.

Board Oversight in the Age of COVID-19: Part Four

Part 4 of a weekly series detailing approaches that independent board members are utilizing to address coronavirus-related matters and highlighting emerging issues. Part 1, Part 2 and Part 3 of the series may be accessed on our website. 

The surreal nature of the current coronavirus environment in the United States continues. The number of new cases appears to have peaked in New York City and the Bay Area, while the S&P 500 ended the week down only about 13.5% year to date, and is higher now than on January 1, 2019. Yet, unemployment claims surged and are approximately 8.5 times higher than levels from the 2008–2009 financial crisis, and scores of businesses across the country remain shuttered and face bankruptcy. So the question of the past four weeks remains — where exactly do we go from here?

What Are Boards Doing Now?

Board Communications. Boards continue to evolve the nature of the periodic updates they are receiving. In addition to hearing about fund performance and operational matters, now some are including presentations from those asset management employees that focus on macro-economic themes, including the head of fixed-income research or those in similar positions.

Future Board Meetings. Boards continue to evaluate their June board schedules, and more are expecting to hold these meetings virtually. Some are also considering the need to hold additional telephonic board meetings to address items already deferred from meeting agendas in March, and expected to be deferred from June meeting agendas, as boards continue to assess the maximum length and most efficient structure of virtual board meetings.

15(c) Requests. Boards and their independent counsel continue to evaluate additional questions for 15(c) Request Letters to address COVID-19 matters. While the nature and extent of these requests is dependent on the types of periodic updates the board is already receiving, most are expecting to request and receive some form of “bring down” update from Fund management closer to the date of the meeting during which 15(c) renewals will be considered.

What’s Next – Emerging Issues

Below are some emerging issues that came to light over the past week, which boards may want to consider as they continue to exercise their fiduciary duties.

Liquidity: Some complexes are filing Form N-LIQUID with respect to funds that have breached the 15% limit on illiquid securities, and related reports are being made to the board, along with a remediation plan. Breaches may be due to a more careful review of holdings or to changes in the character of holdings. Alternatively, some complexes are reporting issues with liquidity categorizations provided by third party service providers causing Liquidity Risk Program Administrators to consider overriding or challenging the liquidity classifications provided. The SEC staff has been open and willing to discuss such filings and related matters, and we are aware that OCIE staff has been participating on some of these calls.

Service Providers: As the impact of the virus is expanding globally, boards are considering the types of risks that may be presented by service providers with operations in less developed countries, including India, where BCP plans may be less robust, do not contemplate “work from home” opportunities for all employees and may be harder to implement. This may be a heighted concern for ETFs, as these funds tend to have more unaffiliated service providers with offshore operations.

Index providers: Fund management has noted the benefit of advance communication with index providers to address the potential impact of market halts or bankruptcies of companies included in an index. While most index rebalances have been suspended, the impact of other market developments remains.

Back Office Issues: Fund management continues to consider operational matters, including the speed and efficiency of processing customer orders and the working relationship with financial printers, where production delays and other operational concerns are occurring.

Borrowing Relief: So far, we are not seeing many Funds utilizing this relief to access liquidity, as fund management considers operational issues.

Closed End Funds: The advantages of holding virtual annual shareholders meetings are being weighed against potential disadvantages, including that certain proxy solicitation firms may object to hosting a virtual meeting if it is contested and concerns that activists could take advantage of this format to hijack the meeting.

Interval Funds: Boards are closely monitoring management’s preparation for upcoming periodic repurchase offers to assess liquidity and valuation issues. In addition, boards are discussing whether repurchase amounts should be set at levels that seek to clear out shares tendered or to prorate, and considering the impact of such decisions on the management of the portfolio, continuing sales and liquidity for future repurchase offers.


© 2020 Vedder Price

For more on COVID-19 impact on various industries, see the Coronavirus News section of the National Law Review