Tag: reporting

Digging for Trouble: The Double-Edged Sword of Decisions to Report Misconduct

On May 10, 2024, Romy Andrianarisoa, former Chief of Staff to the President of Madagascar, was convicted for soliciting bribes from Gemfields Group Ltd (Gemfields), a UK-based mining company specializing in rubies and emeralds. Andrianarisoa, along with her associate Philippe Tabuteau, was charged after requesting significant sums of money and a five percent equity stake in a mining venture in exchange for facilitating exclusive mining rights in Madagascar.

The investigation, spearheaded by the UK’s National Crime Agency (NCA), began when Gemfields reported their suspicions of corruption. Using covert surveillance, the NCA recorded Andrianarisoa and Tabuteau requesting 250,000 Swiss Francs (approximately £215,000) and a five percent equity stake, potentially worth around £4 million, as payments for their services. Gemfields supported the investigation and prosecution throughout.

During the investigation, six covertly recorded audio clips were released, suggesting Andrianarisoa had significant influence over Madagascar’s leadership and her expectation of substantial financial rewards. The arrests in August 2023 and subsequent trial at Southwark Crown Court culminated in prison sentences of three and a half years for Andrianarisoa and two years and three months for Tabuteau.

Comment

Gemfields has, quite rightly, been praised for reporting this conduct to the NCA and supporting their investigation and prosecution. In doing so, they made a strong ethical decision and went above and beyond their legal obligations: there is no legal requirement on Gemfields to report solicitations of this kind.

Such a decision will also have been difficult. Reporting misconduct and supporting the investigation is likely to have exposed Gemfields to significant risk and costs:

  • First, in order to meet their obligations as prosecutors, put together the best case, and comply with disclosure requirements, the NCA likely required Gemfields employees to attend interviews and provide documents. These activities require significant legal support and can be very costly both in time and money.
  • Secondly, such disclosures and interviews might identify unrelated matters of interest to the NCA. It is not uncommon in these cases for corporates reporting misconduct to become the subject of unrelated allegations of misconduct and separate investigations themselves.
  • Furthermore, to the extent that Gemfields supported the covert surveillance aspects of the NCA’s investigation, there may have been significant safety risks to both the employees participating, and unrelated employees in Madagascar. Such risks can be extremely difficult to mitigate.
  • Finally, the willingness to publicly and voluntarily report Andrianarisoa is likely to have created a chilling effect on Gemfields’ ability to do legitimate business in Madagascar and elsewhere. Potential partners may be dissuaded from working with Gemfields for fear of being dragged into similar investigations whether warranted or not.

Organisations in these situations face difficult decisions. Many will, quite rightly, want to be good corporate citizens, but in doing so, must recognise the potential costs and risks to their business and, ultimately, their obligations to shareholders and owners. In circumstances where there is no obligation to report, the safest option may be to walk away and carefully record the decision to do so. No doubt, Gemfields carefully considered these risks prior to reporting Andrianarisoa’s misconduct.

Businesses facing similar challenges should:

  • Ensure they understand their legal obligations. Generally, there is no obligation to report a crime. However, particularly for companies and firms operating in the financial services or other regulated sectors, this is not universally the case.
  • Carefully consider the risks and benefits associated with any decision to report another’s misconduct, including not only financial costs, but time and safety costs too.
  • Develop a compliance programme that assists and educates teams on how to correctly identify misconduct, escalate appropriately, and decide whether to report.
© 2024 Bracewell LLP
For more news on Reporting Global Misconduct, visit the NLR Criminal Law & Business Crimes section.

Mandatory Cybersecurity Incident Reporting: The Dawn of a New Era for Businesses

A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the federal government. This change stems from the U.S. Department of Homeland Security’s (DHS) Cybersecurity Infrastructure and Security Agency (CISA) issuing a Notice of Proposed Rulemaking (NPRM) on April 4, 2024. This notice aims to enforce the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Essentially, this means that “covered entities” must report specific cyber incidents and ransom payments to CISA within defined timeframes.

Background

Back in March 2022, President Joe Biden signed CIRCIA into law. This was a big step towards improving America’s cybersecurity. The law requires CISA to create and enforce regulations mandating that covered entities report cyber incidents and ransom payments. The goal is to help CISA quickly assist victims, analyze trends across different sectors, and share crucial information with network defenders to prevent other potential attacks.

The proposed rule is open for public comments until July 3, 2024. After this period, CISA has 18 months to finalize the rule, with an expected implementation date around October 4, 2025. The rule should be effective in early 2026. This document provides an overview of the NPRM, highlighting its key points from the detailed Federal Register notice.

Cyber Incident Reporting Initiatives

CIRCIA includes several key requirements for mandatory cyber incident reporting:

  • Cyber Incident Reporting Requirements – CIRCIA mandates that CISA develop regulations requiring covered entities to report any covered cyber incidents within 72 hours from the time the entity reasonably believes the incident occurred.
  • Federal Incident Report Sharing – Any federal entity receiving a report on a cyber incident after the final rule’s effective date must share that report with CISA within 24 hours. CISA will also need to make information received under CIRCIA available to certain federal agencies within the same timeframe.
  • Cyber Incident Reporting Council – The Department of Homeland Security (DHS) must establish and chair an intergovernmental Cyber Incident Reporting Council to coordinate, deconflict, and harmonize federal incident reporting requirements.

Ransomware Initiatives

CIRCIA also authorizes or mandates several initiatives to combat ransomware:

  • Ransom Payment Reporting Requirements – CISA must develop regulations requiring covered entities to report to CISA within 24 hours of making any ransom payments due to a ransomware attack. These reports must be shared with federal agencies similarly to cyber incident reports.
  • Ransomware Vulnerability Warning Pilot Program – CISA must establish a pilot program to identify systems vulnerable to ransomware attacks and may notify the owners of these systems.
  • Joint Ransomware Task Force – CISA has announced the launch of the Joint Ransomware Task Force to build on existing efforts to coordinate a nationwide campaign against ransomware attacks. This task force will work closely with the Federal Bureau of Investigation and the Office of the National Cyber Director.

Scope of Applicability

The regulation targets many “covered entities” within critical infrastructure sectors. CISA clarifies that “covered entities” encompass more than just owners and operators of critical infrastructure systems and assets. Entities actively participating in these sectors might be considered “in the sector,” even if they are not critical infrastructure themselves. Entities uncertain about their status are encouraged to contact CISA.

Critical Infrastructure Sectors

CISA’s interpretation includes entities within one of the 16 sectors defined by Presidential Policy Directive 21 (PPD 21). These sectors include Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial Services, Food and Agriculture, Government Facilities, Healthcare and Public Health, Information Technology, Nuclear Reactors, Materials, and Waste, Transportation Systems, Water and Wastewater Systems.

Covered Entities

CISA aims to include small businesses that own and operate critical infrastructure by setting additional sector-based criteria. The proposed rule applies to organizations falling into one of two categories:

  1. Entities operating within critical infrastructure sectors, except small businesses
  2. Entities in critical infrastructure sectors that meet sector-based criteria, even if they are small businesses

Size-Based Criteria

The size-based criteria use Small Business Administration (SBA) standards, which vary by industry and are based on annual revenue and number of employees. Entities in critical infrastructure sectors exceeding these thresholds are “covered entities.” The SBA standards are updated periodically, so organizations must stay informed about the current thresholds applicable to their industry.

Sector-Based Criteria

The sector-based criteria target essential entities within a sector, regardless of size, based on the potential consequences of disruption. The proposed rule outlines specific criteria for nearly all 16 critical infrastructure sectors. For instance, in the information technology sector, the criteria include:

  • Entities providing IT services for the federal government
  • Entities developing, licensing, or maintaining critical software
  • Manufacturers, vendors, or integrators of operational technology hardware or software
  • Entities involved in election-related information and communications technology

In the healthcare and public health sector, the criteria include:

  • Hospitals with 100 or more beds
  • Critical access hospitals
  • Manufacturers of certain drugs or medical devices

Covered Cyber Incidents

Covered entities must report “covered cyber incidents,” which include significant loss of confidentiality, integrity, or availability of an information system, serious impacts on operational system safety and resiliency, disruption of business or industrial operations, and unauthorized access due to third-party service provider compromises or supply chain breaches.

Significant Incidents

This definition covers substantial cyber incidents regardless of their cause, such as third-party compromises, denial-of-service attacks, and vulnerabilities in open-source code. However, threats or activities responding to owner/operator requests are not included. Substantial incidents include encryption of core systems, exploitation causing extended downtime, and ransomware attacks on industrial control systems.

Reporting Requirements

Covered entities must report cyber incidents to CISA within 72 hours of reasonably believing an incident has occurred. Reports must be submitted via a web-based “CIRCIA Incident Reporting Form” on CISA’s website and include extensive details about the incident and ransom payments.

Report Types and Timelines

  • Covered Cyber Incident Reports within 72 hours of identifying an incident
  • Ransom Payment Reports due to a ransomware attack within 24 hours of payment
  • Joint Covered Cyber Incident and Ransom Payment Reports within 72 hours for ransom payment incidents
  • Supplemental Reports within 24 hours if new information or additional payments arise

Entities must retain data used for reports for at least two years. They can authorize a third party to submit reports on their behalf but remain responsible for compliance.

Exemptions for Similar Reporting

Covered entities may be exempt from CIRCIA reporting if they have already reported to another federal agency, provided an agreement exists between CISA and that agency. This agreement must ensure the reporting requirements are substantially similar, and the agency must share information with CISA. Federal agencies that report to CISA under the Federal Information Security Modernization Act (FISMA) are exempt from CIRCIA reporting.

These agreements are still being developed. Entities reporting to other federal agencies should stay informed about their progress to understand how they will impact their reporting obligations under CIRCIA.

Enforcement and Penalties

The CISA director can make a request for information (RFI) if an entity fails to submit a required report. Non-compliance can lead to civil action or court orders, including penalties such as disbarment and restrictions on future government contracts. False statements in reports may result in criminal penalties.

Information Protection

CIRCIA protects reports and RFI responses, including immunity from enforcement actions based solely on report submissions and protections against legal discovery and use in proceedings. Reports are exempt from Freedom of Information Act (FOIA) disclosures, and entities can designate reports as “commercial, financial, and proprietary information.” Information can be shared with federal agencies for cybersecurity purposes or specific threats.

Business Takeaways

Although the rule will not be effective until late 2025, companies should begin preparing now. Entities should review the proposed rule to determine if they qualify as covered entities and understand the reporting requirements, then adjust their security programs and incident response plans accordingly. Creating a regulatory notification chart can help track various incident reporting obligations. Proactive measures and potential formal comments on the proposed rule can aid in compliance once the rules are finalized.

These steps are designed to guide companies in preparing for CIRCIA, though each company must assess its own needs and procedures within its specific operational, business, and regulatory context.

Listen to this post

© 2024 Bradley Arant Boult Cummings LLP
For more on Cybersecurity, visit the NLR Communications, Media & Internet section.

EEOC Publishes Long-Awaited Final Guidance on Workplace Harassment

On April 29, 2024, the U.S. Equal Employment Opportunity Commission (EEOC) issued the final version of new workplace harassment guidance for employers, formally updating the EEOC’s position on the legal standards and employer liability under federal antidiscrimination laws for the first time in more than two decades.

Quick Hits

  • The EEOC issued a final version of new guidance for employers clarifying its positions on the applications of federal laws prohibiting harassment and retaliation.
  • The new guidance is the first update to the EEOC’s workplace harassment guidance since 1999 and incorporates several new developments in the law and modern workforces.
  • Key to the new guidance is that it recognizes unlawful harassment against LGBTQ+ individuals and addresses workplace protections for “pregnancy, childbirth, or related medical conditions,” including “lactation.”
  • The new guidance took immediate effect upon issuance.

The new guidance, “Enforcement Guidance on Harassment in the Workplace,” clarifies the EEOC’s position on several key issues following its receipt of nearly 40,000 comments in response to its proposed guidance published on October 2, 2023.

“The EEOC’s updated guidance on harassment is a comprehensive resource that brings together best practices for preventing and remedying harassment and clarifies recent developments in the law,” EEOC Chair Charlotte Burrows said in a statement released with the new guidance.

In that regard, the final guidance aligns with the Supreme Court of the United States’ 2020 decision in Bostock v. Clayton County, Georgia—wherein the prohibition under Title VII of the Civil Rights Act of 1964 against gender discrimination was held to include claims predicated on sexual orientation and gender identification—and recognizes potentially unlawful workplace harassment against LGBTQ+ individuals. The final guidance also addresses another key area of focus, that is, workplace protections for “pregnancy, childbirth, or related medical conditions,” including “lactation” in accordance with the Pregnant Workers Fairness Act (PWFA) and Providing Urgent Maternal Protections for Nursing Mothers Act (PUMP Act), and the EEOC’s final guidance on the PWFA issued on April 15, 2024.

While claims of harassment represented more than a third of all discrimination charges filed with the EEOC between fiscal years 2016 and 2023, the Commission has not updated its guidance on harassment since 1999. The final guidance consolidates and replaces the EEOC’s five guidance documents issued from 1987 through 1999.

Significant for employers, the final guidance provides more than seventy hypothetical examples of potential unlawful harassment, including examples reflective of today’s modern workforce with both hybrid and remote workers and widespread use of electronic communication and social media.

Covered Harassment

The EEOC made several key updates to what it considers covered harassment under Title VII and other federal antidiscrimination laws.

Race and Color

The new guidance expands the EEOC’s explanation on potential harassment based on “color” under Title VII, separating it out into its own section that was not included in the proposed guidance. The guidance states that while discrimination based on color is “sometimes related to harassment based on race or national origin, color-based harassment due to an individual’s pigmentation, complexion, or skin shade or tone is independently covered by Title VII.”

The guidance provides an example of potential color-based harassment where a supervisor harasses Black employees with “darker complexions” and not Black employees with “lighter skin tones,” even though they are all of the same race or national origin.

Pregnancy, Childbirth, or Related Medical Conditions

The guidance states that harassment based on pregnancy, childbirth, or related medical conditions “can include issues such as lactation; using or not using contraception; or deciding to have, or not to have, an abortion,” if that harassment “is linked to a targeted individual’s sex.” The new guidance adds multiple hypothetical examples of such harassment not included in the proposed guidance, including a situation where employees make negative comments about a pregnant employee who is allowed to “telework up to three days per week and utilize flexible scheduling” as an accommodation for “pregnancy-related morning sickness.” Another example highlighted a situation where negative comments are directed toward a female worker who expresses milk in the lactation room at work and other inappropriate behavior, namely a male worker knocking on the door of the lactation room and feigning intent to enter the room.

Sexual Orientation and Gender Identity

The new guidance explains the EEOC’s view that discrimination based on sexual orientation or gender identity is a form of unlawful sex-based discrimination under Title VII, including epithets, physical assault, “outing” (meaning disclosing an individual’s sexual orientation or gender identity without permission), or other harassing conduct toward individuals because they do “not present in a manner that would stereotypically be associated with that person’s sex.”

Further, the guidance identifies as potential harassment the “repeated and intentional use of a name or pronoun inconsistent with the individual’s known gender identity (misgendering); or the denial of access to a bathroom or other sex-segregated facility consistent with the individual’s gender identity.” Importantly, the final guidance requires some intentional or knowing behavior, that is “repeated and intentional” misgendering based on an individual’s “known” gender identity. (Emphasis added.)

Genetic Information

The new guidance further clarifies the EEOC’s understanding of unlawful harassment under the Genetic Information Nondiscrimination Act (GINA) as applying to “harassment based on an individual’s, or an individual’s family member’s, genetic test or on the basis of an individual’s family medical history.” For instance, the guidance states that such harassment could include harassing an employee “because the employee’s mother recently experienced a severe case of norovirus, which resulted in overnight hospitalization.”

Retaliatory Harassment

The final guidance includes a new section that addresses the concept of “retaliatory harassment.” The guidance clarifies the EEOC’s position that “retaliatory harassing conduct” may still be challenged as unlawful retaliation “even if it is not sufficiently severe or pervasive to alter the terms and conditions of employment by creating a hostile work environment.” The EEOC explained that the legal standards for hostile work environment and retaliation are different as the anti-retaliation provisions proscribe a broader range of behaviors, namely, “anything that might deter a reasonable person from engaging in protected activity.”

Intraclass and Intersectional Harassment

The guidance includes examples of “intraclass” harassment where the harasser is in the same protected category as the individual being harassed. One hypothetical involves a fifty-two-year-old supervisor making derogatory comments toward a sixty-five-year-old employee as an example of harassment based on age, even though both individuals are over the age of forty. “Intersectional” harassment refers to situations where individuals are targeted based on their membership in more than one protected category. In one example, the hypothetical raises a situation where a male manager made comments to a female worker about her having a “hot flash” and being menopausal. The EEOC explained that such targeting based on “stereotypes about older women is covered as both age and sex discrimination.”

Reporting Procedures, Complaint Process, and Training

The proposed guidance outlined the “minimum” features of an effective anti-harassment policy, the “minimum” features for an effective complaint process, and the “minimum” features for effective anti-harassment training. The final guidance eliminates the “minimum” language, but the features of each are substantively the same otherwise.

As it concerns remedial measures, the Commission removed language from the proposed guidance that seemingly recognized the “fewer options” available to employers when faced with instances of harassment perpetrated by nonemployees, harassment toward employees working at client locations as is common for temporary staffing agencies, or harassment arising from off-duty conduct. In its place, the final guidance simply provides that employers have an “arsenal of incentives and sanctions” available to them to address harassment, but those options “may vary depending on who engages in the conduct and where it occurs, among other considerations.”

Next Steps

While the final guidance is likely to face legal challenges in the courts, employers may want to review their workplace policies and practices, particularly in light of potential liability for discrimination or harassment against LGBTQ+ employees. Additionally, employers may want to note differing state or local laws and state or local agency guidance that differ from Title VII and other federal laws enforced by the EEOC.

In addition to the new guidance, the EEOC published a “Summary of Key Provisions” document and a fact sheet for small businesses, with more information for employers.

© 2024, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.
For more on Workplace Harassment, visit the NLR Labor & Employment section.

White House Publishes Revisions to Federal Agency Race and Ethnicity Reporting Categories

On March 28, 2024, the White House unveiled revisions to the federal statistical standards for race and ethnicity data collection for federal agencies, adding a new category and requiring a combined race and ethnicity question that allows respondents to select multiple categories with which they identify.

Quick Hits

  • The White House published an updated SPD 15 with revisions to the race and ethnicity data collection standards for federal agencies.
  • The revisions change the race and ethnicity inquiry by making it one question and encouraging respondents to identify under multiple categories.
  • Federal agencies have eighteen months to submit an agency action plan for compliance and must bring all of their data collections and programs into compliance within five years.
  • The race and ethnicity categories are widely used across federal agencies and serve as a model for employers for their own data collection and required diversity reporting.

The White House’s Office of Management and Budget (OMB) published updates to its Statistical Policy Directive No. 15: Standards for Maintaining, Collecting, and Presenting Federal Data on Race and Ethnicity (SPD 15) with major revisions, the first since 1997. The revisions took immediate effect and were formally published in the Federal Register on March 29, 2024.

OMB stated that the revisions—which come after a two-year review process that included input from more than 20,000 comments, ninety-four listening sessions, three virtual town halls, and a Tribal consultation—are “intended to result in more accurate and useful race and ethnicity data across the federal government.”

Background

In 2022, OMB convened the Federal Interagency Technical Working Group on Race and Ethnicity Standard (Working Group) to review the race and ethnicity standards in the 1997 SPD 15 with the goal of “improving the quality and usefulness of Federal race and ethnicity data.” The race and ethnicity standards are used by federal contractors and subcontractors for affirmative action programs (AAPs) and by employers for federal EEO-1 reporting and U.S. Equal Employment Opportunity Commission (EEOC) surveys. Many employers further use the race and ethnicity categories for their own recordkeeping purposes, and federal agencies use the categories for various surveys and federal forms.

In January 2023, OMB published the Working Group’s proposals, observing that the 1997 SPD 15 standards might no longer accurately reflect the growing diversity across the United States and evolving understandings of racial and ethnic identities. During the pendency of the review process, several justices of the Supreme Court of the United States criticized the imprecision of the 1997 race and ethnicity categories throughout the Court’s 237-page opinion in the June 2023 Students for Fair Admissions, Inc. v. Harvard College (SFFA decision) case, in which the Court struck down certain race-conscious admissions policies in higher education.

Revisions to SPD 15

The updated standards closely follow the Working Group’s final recommendations and revise SPD 15 to require that data collection:

  • combine the race and ethnicity inquiry into one question that allows respondents to select multiple categories with which they identify,
  • add “Middle Eastern or North African” (MENA) as a “minimum reporting category” that is “separate and distinct from the White’ category,” and
  • “require the collection of more detailed data as a default.”

Under the 1997 standards, respondents were required to first select an ethnicity (i.e., “Hispanic or Latino” or “Not Hispanic or Latino”), and second, select a race category (i.e., “American Indian or Alaskan Native,” “Asian,” “Black or African American,” “Native Hawaiian or Other Pacific Islander,” or “White”).

The revised race and ethnicity categories for minimum reporting are:

  • “American Indian or Alaska Native”
  • “Asian”
  • “Black or African American”
  • “Hispanic or Latino”
  • “Middle Eastern or North African”
  • “Native Hawaiian or Pacific Islander”
  • “White”

The updated SPD 15 further revises some terminology and definitions used and provides agencies with guidance on the collection and presentation of race and ethnicity data pursuant to SPD 15. Additionally, the update instructs federal agencies to begin updating their surveys and forms immediately and to complete and submit an AAP, which will be made publicly available, to comply with the updated SPD 15 within eighteen months. Federal agencies will have five years to bring all data collections and programs into compliance.

OMB noted that “the revised SPD 15 maintains the long-standing position that the race and/or ethnicity categories are not to be used as determinants of eligibility for participation in any Federal program.”

Looking Ahead

The new race and ethnicity categories have implications for employers as they use these categories for federal reporting compliance and their own recordkeeping purposes, including potentially influencing their own diversity, equity, and inclusion (DEI) initiatives. Covered federal contractors and subcontractors must also use the categories in meeting their affirmative action obligations.

Still, the updated SPD 15 adds only one new minimum category. OMB recognized the tension with attempting to “facilitate individual identity to the greatest extent possible while still enabling the creation of consistent and comparable data.” One of the issues OMB identified as needing further research is “[h]ow to encourage respondents to select multiple race and/or ethnicity categories when appropriate by enhancing question design and inclusive language.” The agency is also establishing an Interagency Committee on Race and Ethnicity Statistical Standards that will conduct further research and regular reviews of the categories every ten years, though OMB may decide to review SPD 15 again at any time.

Employers may want to take note of the revisions to SPD 15 as these changes will directly impact many employers’ compliance and recordkeeping obligations. They may also want to be on the lookout for additional guidance from federal agencies, such as the Office of Federal Contract Compliance Programs (OFCCP) and the EEOC, on when and how to implement the standards. Relevant agencies will have to take action before employers will be required to implement the new standards. In the meantime, employers may want to consider whether to use the government’s new or existing categories when shaping their DEI initiatives, as racial and ethnic identities and terminology continue to evolve.

© 2024, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.
For more on Race and Ethnicity Reporting, visit the NLR Civil Rights section.

The ‘Effective Spread’ of Order Execution Quality Reporting

On March 6, 2024, by unanimous vote, the Securities and Exchange Commission (SEC) adopted changes to Rule 605 under Regulation NMS, the provision that previously required only entities defined as “market centers” to publish detailed statistics on the quality of execution of “covered orders” in NMS stocks. Amended Rule 605 expands the reporting requirement in many ways:

  • by reporting party, to (a) broker-dealers with over 100,000 customer accounts (not just “market centers”); (b) Single Dealer Platforms; and (c) Automated Trading Systems (as a stand-alone reporter, separate from any reports by the broker-dealer operator the ATS);
  • by expanding the scope of “covered orders” to include: (a) non-marketable limit orders received outside market hours and executed during market hours; (b) stop orders; and (c) short sale orders not marked short exempt and not subject to price test restrictions under Reg SHO.
  • by revising time and size categories to include odd-lot and fractional share orders and measure execution time in microseconds and milliseconds. Timestamps must also contain millisecond granularity.
  • by expanding execution quality metrics. This expansion is wide-ranging and, among other things, (a) adds effective over quoted spread (“E/Q”) as a reporting metric; (b) requires reporting of average realized spread at multiple periods from 50 milliseconds to five minutes after execution; (c) measures price improvement not only relative to the NBBO, but also relative to the “best available displayed price,” a new baseline that includes available odd-lot liquidity; (d) adds measures of size improvement; and (e) includes fill rate information for non-marketable limit orders.

In the past, Rule 605 reports were practically unreadable for retail investors. They were data-heavy rather than in “plain English” and were reported at the security level, requiring significant data analysis to draw meaningful conclusions. The revised Rule seeks to remedy this deficiency, requiring covered broker-dealers and market centers to provide a Summary Report broken out by S&P 500 and non-S&P 500 securities, by order type (market and marketable limit) and order size, with columns for: average order size (shares and notional), average midpoint, percentage of orders executed at the quote or better, percentage receiving price improvement (both absolute and as a percentage of midpoint); average effective spread; average quoted spread; average effective over quoted spread (or “E/Q” percentage); average realized spread 15 seconds and one minute after execution; and average execution speed, in milliseconds.

While the rule revisions are comprehensive and will require significant programming (or vendor) expense, particularly for broker-dealers newly subject to the rule, many of the changes are welcome. Rule 605 had previously been subject to many increasingly outdated metrics, and firms that route orders will welcome more comprehensive and granular data elements. It remains to be seen whether retail and institutional customers will use the data to demand better execution quality from their broker-dealers or manage order-entry decisions based on the data.

What is meaningful, however, is the timing of this rule revision. These revisions were proposed in December 2022 as part of a package of significant market structure changes, including a proposed Order Competition Rule, a proposed far-reaching SEC best execution requirement known as Regulation Best Execution, and proposals to revise the pricing increments for quoting and trading equity securities and the minimum fees to access that liquidity. These other proposals were very controversial and subject to strong pushback from many parts of the securities industry. Many argued that the SEC should first adopt the proposed amendments to Rule 605 and then use the data from revised Rule 605 reporting to evaluate the other rule proposals. This approach would, of course, delay consideration of the other rule proposals while data were generated under revised Rule 605. The SEC’s adoption of just the Rule 605 revisions does not preclude further consideration of the other rules, but it is a welcome development and a step in the right direction.

The Rule 605 amendments will become effective 60 days after the release is published in the Federal Register. The compliance date is currently set for 18 months after that effective date.

©2024 Katten Muchin Rosenman LLP
For more news on SEC Regulations, visit the NLR Securities & SEC section.

What Is Going On With The Revised EEO-1 Form? Acting EEOC Chair Provides Insight Into Its Status

As loyal readers of our blog are aware, in February 2016, the EEOC released a rule to amend the Form EEO-1.  The new rule requires private employers (including federal contractors) with 100 or more employees to submit pay data with their EEO-1 reports.  Employers with fewer than 100 employees will still not need to file an EEO-1.  Federal contractors with 50-99 employees are still required to file an EEO-1, but are not required to submit the new pay data.  The rule is slated to go into effect on March 31, 2018.

Since the election of President Trump, employers have been watching anxiously to see if the new form and the burdens it places on them will be modified or ideally repealed.  Although employers are not required to submit the new form until March 2018, the addition of compensation information has dramatically increased the complexity of preparing EEO-1 submissions.  As a consequence, if the new EEO-1 form is to remain in effect, employers should start preparing for this new requirement immediately (if they have not already begun).

Efforts have been underway to rescind the new EEO-1 form – including efforts in Congress.  The Chamber of Commerce requested that the Office of Management and Budget (“OMB”) rescind the new form because it violates the Paperwork Reduction Act (“PRA”), arguing that the EEOC’s revised EEO-1 does not “(1) minimize the burden on those required to comply with government requests; (2) maximize the utility of the information being sought; and/or (3) ensure that the information provided is subject to appropriate confidentiality and privacy protections” as required by the PRA.

On August 3, 2017, Acting Chair of the Equal Employment Opportunity Commission (“EEOC”), Victoria Lipnic, speaking at the Industry National Liaison Group’s Annual Conference in San Antonio, Texas, discussed the fate of the revised Form EEO-1.  Speech provided new information about the EEO-1 and her efforts to have the revised form rescinded.

Chair Lipnic noted that the Office of Information and Regulatory Affairs (“OIRA”), which is housed within the OMB, would be the entity deciding Chamber of Commerce’s challenge.  Chair Lipnic informed the gathering that the Administrator of OIRA, Neomi Rao, had only recently been confirmed to the post, but that she (Chair Lipnic) had already reached out to discuss the issues raised by the new EEO-1 form.

Chair Lipnic shared that she has sent Administrator Rao a memorandum, asking OIRA to decide by the end of this month (August 2017) whether to implement or discard the wage data collection portion of the revised EEO-1.  Recognizing the burden posed by the new compensation data requirements, Chair Lipnic expressed that it was important to provide employers with information about the fate of the revised EEO-1 sooner rather than later, so employers can prepare to comply.  In Chair Lipnic’s words, “time is of the essence.”

This post was written by Connie N Bertram Guy Brenner and Alex C Weinstein of Proskauer Rose LLP.
Read more legal analysis at the National Law Review.

The Affordable Care Act—Countdown to Compliance for Employers, Week 47: The Reporting Conundrum

MintzLogo2010_Black

 

The Affordable Care Act establishes three new, high-level, reporting requirements:

  • Code § 6051(a)(14)

Employers must report the cost of coverage under an employer-sponsored group health plan on an employee’s Form W-2, Wage and Tax Statement;

  • Code § 6055

Entities that offer minimum essential coverage (i.e., health insurance issuers, certain sponsors of self-insured plans, government agencies and other parties that provide health coverage) must report certain information about the coverage to the employee and the IRS; and

  • Code § 6056

Applicable large employers must provide detailed information relating to health insurance coverage that they offer.

The W-2 reporting rules have been in effect for a while, and I do not address them in this post. This post instead addresses Code §§ 6055 and 6056, which were originally slated to take effect in 2014, but which were subsequently delayed by one year in IRS Notice 2013-45.

The Treasury Department and IRS issued proposed regulations under both rules on September 30, 2012. (For an explanation of the proposed regulations, please see our October 21, 2013 client advisory. Although garnering far less attention than the Act’s pay-or-play rules, the rules under newly added Code §§ 6055 and 6056 should not be overlooked. Both provisions require a good deal of specific information about covered persons and the particular features of the group health plan coverage such persons are offered. Required reports must be furnished to both the government and covered individuals.

  • Under Code section 6055, plan sponsors must report to the IRS who is covered by the plans and the months in which they were covered. Plan sponsors must also provide this information to the employees who are enrolled in their plans along with additional contact information for the plan.
  • Under Code section 6056, applicable large employers must report to the IRS, and provide to affected full-time employees, information that includes:

(i) The employer’s contact information;

(ii) Whether the company offered minimum essential coverage to full-time employees and their dependents;

(iii) The months during which coverage was available;

(iv) The monthly cost to employees for the lowest self-only minimum essential coverage;

(v) The number of full-time employees during each month; and

(vi) Information about each full-time employee and the months they were covered under the plan.

Absent regulatory simplification, the costs of compiling, processing, and distributing the required reports will be substantial. But the regulators are in a difficult position, since they must remain true to the requirements of the law. The proposed regulations do offer some suggestions for simplification. For example:

  • Employers might be permitted to report coverage on IRS Form W-2, rather than requiring a separate return under Section 6055 and furnishing separate employee statements. But this approach could be used only for employees employed for the entire calendar year and only if the required contribution for the lowest-cost self-only coverage remains stable for the entire year.
  • The W-2 method could also be extended to apply in situations in which the required monthly employee contribution is below a specified threshold (e.g., 9.5% of the FPL) for a single individual, i.e. the individual cannot be eligible for the premium assistance tax credit.
  • Employers might be permitted to identify the number of full-time employees, but not report whether a particular employee offered coverage is full-time, if the employer certifies that all employees to whom it did not offer coverage during the calendar year were not full-time.

Industry comments filed in response to the proposed regulations have seized these suggestions to ask for further relief. Some commenters suggested replacing the reporting process with a certification process under which an employer could simply certify that it has made the requisite offer of coverage. Others have asked that information be provided to employees only on request, on the theory that not all employees will need to demonstrate that the employer either failed to offer coverage or that the coverage was either unaffordable or did not constitute minimum value.

While many of the comments submitted in response to the proposed regulations were both thoughtful and practical, many are also difficult to square with the terms of the statute. As a result, the most likely outcome is that the final rules under Code §§ 6055 and 6056 will look a lot like the proposed rules—which look a lot like the statute.

Article by:

Alden J. Bianchi

Of:

Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.