United States: SEC Activity In 2018

2018 brought a number of changes at the Securities and Exchange Commission (SEC). Notably, Commissioners Robert Jackson and Elad Roisman were sworn in during 2018, resulting in the five-person commission's being back at full strength. Consequently, the SEC has moved forward on a number of regulatory initiatives aimed at promoting capital formation by seeking to ease compliance burdens on companies while still ensuring that investor protections remain intact.

Disclosure Modernization and Simplification

The SEC continued to make modernizing and simplifying existing corporate disclosure a priority during 2018. On July 24, 2018, the SEC voted to propose rule amendments intended to simplify and streamline the financial disclosure requirements made in connection with registered debt offerings and subsequent periodic reporting for guarantors and issuers of guaranteed securities, as well as for affiliates whose securities collateralize a registrant's securities. The proposed amendments are intended to make investor disclosure easier to understand, and the SEC is hopeful that the changes will have the effect of increasing the number of public offerings that make use of these kinds of credit enhancements, thereby affording investors protection they may not be provided in unregistered offerings.

On August 17, 2018, the SEC voted to adopt amendments to various public company disclosure requirements it believes are redundant, duplicative, overlapping, outdated or superseded. On balance, the amendments to Regulation S-K and Regulation S-X are more technical in nature than revolutionary, but they will nonetheless require companies to revise and update a number of routine disclosures appearing in periodic reports and registration statements. The full slate of amendments is described in the SEC's adopting release, but the amendments include changes to the Business Section, such as removing the requirements to disclose segment financial information, the amount spent on research and development, the financial information by geographic area and any risks related to, and dependence on, foreign operations, and changes to disclosure related to the description of common equity, changes to the Management Discussion & Analysis, such as removing the requirement to discuss seasonality in interim reports, among other changes. These new disclosure standards took effect on November 5, 2018, and are effective for all SEC filings made on or after that date.

Cybersecurity

The SEC continued its efforts to focus on cybersecurity in 2018. For example, the SEC published cybersecurity interpretative guidance for public companies on February 21, 2018. The new interpretative guidance marked the first time that the five SEC commissioners, as opposed to agency staff, have provided official agency guidance to public companies regarding their cybersecurity disclosure and compliance obligations. The guidance reiterates public companies' obligation to disclose material information to investors, particularly when that information concerns cybersecurity risks or incidents, and provides a number of pointers as to how a public company should undertake a materiality analysis in the context of a cybersecurity risk or incident. It also addresses two topics not previously addressed by agency staff: the importance of cybersecurity policies and procedures in the context of disclosure controls and the application of insider trading prohibitions in the cybersecurity context.

On October 16, 2018, the SEC issued a report of investigation entitled "Certain Cyber-Related Frauds Perpetrated Against Public Companies and Related Internal Accounting Controls Requirements." As the latest addition to a growing body of guidance concerning cybersecurity for public companies, the report reminds businesses that the internal accounting controls required under the federal securities laws should take into account the threat of spoofed or manipulated electronic communications. The report focuses on a particular kind of cyber scam known as a "business email compromise." According to the SEC, having internal accounting control systems that account for such cyber-related threats and related human vulnerabilities is vital to maintaining a sufficient accounting control environment and safeguarding assets. The SEC also made clear that having internal controls documented on paper is not enough and that employees must be trained appropriately to implement those controls. In issuing the report, the SEC emphasized that it did not mean to suggest that every company that is the victim of a cyber-related scam is automatically in violation of the internal accounting controls requirements of the federal securities laws. Nevertheless, companies' internal accounting controls may need to be reassessed in light of emerging risks, including risks arising from cyber-related frauds. We expect that internal controls over cyber risks will be the subject of increased scrutiny by the SEC and its staff in the future.

With the issuance of the report, the SEC continues its vigilant focus on cybersecurity threats affecting public companies. Given the highly malicious nature of today's cybersecurity environment, we expect the SEC to continue to play a leading role in regulating the cyber practices of US businesses.

Enforcement

2018 was a busy year for the SEC's Division of Enforcement. The SEC recently announced its enforcement results for fiscal year 2018, reporting 821 enforcement actions filed in 2018, compared with the 754 actions filed in 2017. The actions resulted in total disgorgements and penalties of more than $3.9 billion, returned $794 million to harmed investors, suspended trading in the securities of 280 companies and obtained nearly 550 bars and suspensions.

During 2018, the Division of Enforcement took steps to focus additional resources on two key priority areas: protecting retail investors and combating cyber threats.

• Focus on the Main Street Investor. Over half of the 490 stand-alone enforcement actions brought by the SEC in 2018 involved wrongdoing against retail investors. The Division of Enforcement's Retail Strategy Task Force (RSTF), which was formed in 2018, contributed to the Division of Enforcement's retail focus by undertaking a number of lead-generation initiatives involving several issues impacting retail investors, including disclosures concerning fees and expenses and conflicts of interest for managed accounts, market manipulations and fraud involving unregistered offerings.
• Cyber-Related Misconduct. Since the formation of the Cyber Unit at the end of fiscal year 2017, the Division of Enforcement's focus on cyber-related misconduct has steadily increased. During 2018, the SEC brought 20 stand-alone cases, including those cases involving initial coin offerings and digital assets. At the end of the fiscal year, the Division of Enforcement had more than 225 cyber-related investigations ongoing.

The Division of Enforcement also undertook a new initiative, the Share Class Selection Disclosure Initiative, in 2018 designed to focus on misconduct that occurs in the interaction between investment professionals and their clients.

Whistleblower Program

The SEC's whistleblower program continued to grow in 2018. In 2018, the SEC awarded more than $168 million to 13 individuals whose information and cooperation assisted the SEC in bringing successful enforcement actions, resulting in more dollars awarded to whistleblowers in 2018 than in all prior years combined. The SEC also made two of its largest whistleblower awards during 2018, a total combined $83 million award shared by three individuals, and an award of almost $54 million shared by two individuals. The SEC also received more whistleblower tips in 2018 than in any other previous year.

Nevertheless, not all violations are of such materiality as to support the large awards discussed above. Thus, it is not a lost cause to believe that many employees will continue to report internally. For that reason, we continue to recommend that companies constantly reevaluate their internal reporting programs and whistleblower hotlines so that they are accessible to employees and encourage internal reporting. In addition, allegations that are reported internally need to be handled properly. Among other things, the whistleblower may be incentivized to communicate with the SEC or other regulators quickly if they do not believe their concerns are taken seriously. In addition, companies must train managers to avoid actions that might be deemed retaliatory. Companies should also review their use of separation and severance agreements to make sure their terms do not run afoul of the SEC's whistleblower rules.

Looking Ahead to 2019

In a speech¹ and related congressional testimony² delivered in December 2018, SEC Chairman Jay Clayton summarized a number of regulatory priorities for 2019 that may interest retailers. Clayton anticipates a number of efforts focused on the proxy solicitation and voting process. Of particular note for retailers, Clayton would like to take action on the ownership and resubmission thresholds for shareholder  proposals under Rule 14a-8. He also hopes to see greater reform in the oversight and regulation of proxy advisory firms.

As to proxy advisors, he would like to see "clarity regarding the analytical and decision-making processes advisors employ, including the extent to which those analytics are company- or industry-specific." A frequent criticism of proxy advisory firms is their one-size-fits-all approach, and on this point, Clayton observed that "it is clear to me that some matters put to a shareholder vote can only be analyzed effectively on a company-specific basis, as opposed to applying a more general market or industry-wide policy." He also made mention of considering both conflicts of interest at proxy advisory firms as well as ensuring that investors have effective access to company's responses to information in proxy advisor reports.

On the topic of long-term investment, Clayton referenced the ongoing debate regarding the "adequacy and appropriateness of mandated quarterly reporting and the prevalence of optional quarterly guidance, and whether our reporting system more generally drives an overly short-term focus." He encouraged market participants to share their views with the SEC if there are other aspects of SEC regulations that drive short-termism. The SEC recently released a more formal request for public comment on these issues.

Clayton also briefly discussed three other risks the SEC is monitoring: (1) the impact to reporting companies of Brexit, the United Kingdom's exit from the European Union; (2) the transition away from LIBOR as a reference rate for financial contracts; and (3) cybersecurity. For retailers with British operations, the Brexit issue is no doubt a central point of concern. Each of the final two issues may impact all publicly traded retailers' periodic disclosures and other policies and procedures.

Finally, Commissioner Stein's holdover term as a commissioner comes to an end at the end of 2018. With her vacancy in early 2019, President Trump will have the opportunity to appoint a replacement for her.

Footnotes

1 https://www.sec.gov/news/speech/speech-clayton-120618

2 https://www.sec.gov/news/testimony/testimony-oversight-us-securities-and-exchange-commission-0

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.