The SEC’s Division of Corporation Finance today published five new Compliance and Disclosure Interpretations, or “C&DIs,” all concerning Item 1.05 of Exchange Act Form 8-K, Disclosure of Cybersecurity Incidents.

New C&DI 104B.05 describes a ransomware attack on a public company ended by a payment to the threat actor before any materiality evaluation of the incident. The C&DI holds that, despite the end of the attack, the company must still make a materiality determination for the event. The interpretation necessarily implies that a report on Form 8-K would be required in the event that the incident was found to be material on general securities law principles.

Question 104B.06 describes a material cybersecurity incident that is ended or remediated by a ransom payment before the filing of a report on 8-K. The interpretation holds that a current report is still required.

Insurance covering all or a substantial part of a ransomware payment may not mean that that an associated cybersecurity incident must have been immaterial in the view expressed in Question 104B.07.

In the SEC staff’s perspective, the size of a ransomware payment is only one factor to consider in the materiality assessment of a cybersecurity incident. Thus, under Question 104B.08, a small ransomware payment would not categorically mean that the related incident was immaterial.

In Question 104B.09, a public company experiences a series of individually immaterial cybersecurity incidents. In the described circumstances, the company must determine whether any incidents were related and, if so, assess whether the related events were cumulatively material.

See the C&DIs here.

Webinar | June 27, 2024
1:00 – 2:00 pm ET
Register here.

The SEC adopted amendments aimed at enhancing and standardizing disclosures related to cybersecurity risks and incidents. But how is this impacting SEC registrants and how are they addressing cyber incidents within the new framework?

Join us for an overview and discussion on cyber disclosures and other topics affecting companies in this webinar. Topics to be discussed include:

  • Overview of the rules
  • Changes to Regulation S-K and disclosing a registrants processes for assessing, identifying, and managing material risks from cybersecurity threats
  • The national security and public safety delay provision
  • Implications for how companies respond to cyber incidents
  • Addressing cyber policies and procedures
  • Board skillsets, oversight and other governance matters
  • Making materiality assessments and evaluating Form 8-K disclosures
  • Sample disclosures

For decades, corporate merger and acquisition deals have been plagued by meritless claims asserting, typically, that the companies and their officers and directors have provided insufficient disclosures. Courts have sought to crack down on these lawsuits, but—as in the game of whack-a-mole—the plaintiffs bringing these lawsuits have adjusted their tactics to avoid the judicially imposed barriers.

Defendants and courts pulled unwillingly into this game just received a substantial assist from the Seventh Circuit in opposing efforts to demand mootness fees related to merger disclosures. Judge Frank Easterbrook’s opinion for the court in Alcarez v. Akorn, Inc. might even mark the beginning of the end for the practice of paying fees to plaintiffs’ counsel for dismissing certain insufficient-disclosure claims under the federal securities laws, which has received substantial criticism in the courts and academic circles. This article reviews the evolution of mootness fees and then considers whether the Akorn opinion opens a major new phase in that evolution, as the decision concludes that court review of the suit’s propriety under the Private Securities Litigation Reform Act (“PSLRA”) and Federal Rule of Civil Procedure 11 is required for both individual stockholder actions—the current predominant practice—and purported stockholder class actions, like those at issue in the Akorn opinion. No matter what the next phase brings, Akorn gives merger-litigation defendants and companies that receive disclosure-related demand letters more leverage to refuse to pay mootness fees.

Read our Legal Update.

In this MB Sounding Board MicroTalk, Larry Cunningham talks to Henrique Canarim, Vice President, Senior Assistant General Counsel, and Assistant Corporate Secretary at Leidos, about the rising trend of shareholder engagement by directors, its advantages, and preparing directors for this process.

May 21, 2024
16:00 – 19:00 BST
Register here.

Join the Nasdaq Center for Board Excellence and connect with fellow board members and CEOs for a discussion about the transformative role of artificial intelligence, ethics, governance, and strategies for a competitive advantage. Together with Mayer Brown, we look forward to welcoming you and sharing enriching conversations to inspire board excellence.

Location
May Fair Hotel
Stratton Street
London W1J 8LT

Webinar | May 14, 2024
12:00 p.m. – 1:00 p.m. ET
Register here.

Please join us via webinar for a panel discussion on the current state of climate change and ESG-related regulations affecting corporate issuers, financial institutions and pension fund investors doing business in Canada and the US. Lawyers from Osler and Mayer Brown will discuss:

The SEC final climate change rules, the principal changes from the SEC’s proposed rules, and the status of the rules given the current stay, including: 

  • A brief overview of changes to Regulation S-K and Regulation S-X affecting non-financial statement disclosures
  • Scope and phase-in periods for the SEC’s final rules
  • Litigation challenges to the SEC final rules and the current status given the SEC stay
  • California climate change legislation and disclosure requirements
  • Litigation challenges to California legislation
  • An overview of other pending SEC ESG-related proposals, status and prospects

Current CSA disclosure requirements and developments, and the CSSB’s recent proposal, including: 

  • Existing CSA climate-related disclosure guidance from 2019
  • CSA consultation paper from 2021 – NI 51-107
  • The interplay of CSA and SEC rulemaking and treatment of MJDS issuers
  • Overview of CSSB’s proposed CSDS 2
  • CSA’s response and next steps for CSA – timing and decisions to make
  • Other areas of potential CSA ESG-related rule-making

The SEC’s new climate regulations have sparked legal and legislative challenges. Both the House and Senate are advancing measures to revoke these rules, reflecting a broader effort to counter what is seen by many as regulatory overreach by the SEC under Chair Gary Gensler’s leadership.  Senator Tim Scott (R-S.C.) and Representative Bill Huizenga (R-Mich.) introduced resolutions through the Congressional Review Act (CRA) to reject the SEC’s climate regulations.

The CRA allows Congress to examine and potentially overturn new federal rules by passing a joint resolution, which is then presented to the President for approval, potentially invalidating these.  Given the nearly even party split in Congress and unpredictable voting behaviors, these resolutions might succeed. However, President Biden is unlikely to endorse such a measure, whereas a President like Trump might support it.

Senator Scott and Representative Huizenga have openly criticized the SEC’s broad regulatory agenda, which they argue exceeds its authority, lacks public input, and has not been properly analyzed for costs and benefits.  Earlier in the year, Senator Scott led a group of Republican Senators in demanding transparency from the SEC about its climate regulations. They questioned the SEC’s statutory authority and its interactions with European regulators, which they believed undermined U.S. interests. The SEC’s reluctance to provide the requested documents has been a major source of dispute, especially concerning its involvement in global climate and wider social justice efforts.

Representative Huizenga conducted a 14-month inquiry into the SEC’s climate rulemaking process, including holding four hearings on climate disclosures (I testified at one). His subcommittee sought details from the SEC on the scope of its enforcement powers for a climate disclosure rule. However, the process was hindered by what Huizenga termed a lack of cooperation from the SEC, which provided an excessive number of documents without clarifying its stance, while also pushing through the 886-page final climate rules. 

In presenting the resolution in the House, Representative Huizenga criticized the SEC for yielding to the political left and ignoring the Supreme Court’s ruling in West Virginia vs. EPA, which emphasized the necessity for explicit congressional authorization for major regulatory actions. He also referenced a 2023 federal appellate court decision that overturned a new SEC rule on share buybacks, citing the SEC’s arbitrary and capricious actions and failure to comply with the Administrative Procedure Act, including inadequate responses to public comments and insufficient cost-benefit analysis.

Shortly after the SEC adopted its new climate rules, a federal appellate court issued a temporary stay. Although this suspension was lifted when the case was consolidated in a different appellate court, the SEC stayed the rules on its own due to the numerous challenges these face. Invoking the CRA to nullify the SEC’s climate rules signals Congressional determination to supervise regulatory bodies. The resolution is poised to become a central issue not only in the debate regarding the scope of the SEC’s statutory authority, but the broader debate over the government’s role in business regulation and environmental protection.

Larry Cunningham delivered the 2024 Weinberg Distinguished Lecture last week at the University of Delaware. His topic was: “Speaking Out on Hot Button Topics: How Boards Can Steer CEOs and Companies in Choppy Waters.”  Following are excerpts from the lecture, which reviews the data on this topic and the forces at work, discusses the board’s role and provides a sample CEO-Board framework and reviews the background debates over corporate purpose and Delaware’s preeminence in corporate law.  Please note the views expressed are Larry’s professional views, not necessarily those of Mayer Brown LLP or its clients.

Read the full text here.

As the business environment continues to evolve in complexity, so does the oversight role of boards. At the same time, investor, regulator, and other stakeholder expectations of board involvement in certain aspects of the business, including aspects traditionally within management’s sole purview, are changing in ways that may blur the lines of responsibility between the two. Ultimately, management’s job is to manage, whereas the board’s role is to oversee. Effective oversight relies upon maintaining clear lines of responsibility between the board and management.

Deloitte and the Society for Corporate Governance’s Board Practices Quarterly presents findings from a survey of members of the Society on the board’s leadership structure, independence, and involvement in a number of business matters, including activities related to corporate strategy, human capital, risk and risk management, and operations.

Read the report here.

Jennifer Zepralka joined our Washington D.C. office as a partner, and comes to us from the SEC, where she led the Office of Small Business Policy, working on major rulemakings.  Her insights will prove valuable to clients navigating an increasingly complex regulatory environment.  Jennifer brings a wealth of experience advising companies on compliance, corporate and federal securities law, and ongoing SEC reporting. Prior to joining Mayer Brown, Jennifer served two stints at the SEC, holding key roles in the Division of Corporation Finance, and also undertook corporate governance work as a partner in a global law firm.  She joins lawyers in our Public Companies & Corporate Governance practice and our Public Policy, Regulatory & Government Affairs practice. 

Read more about Jennifer here.  Jennifer will be a regular contributor to the blog.