ARTICLE
24 June 2024

New Disclosure In Upcoming SEC Filings

G
GableGotwals

Contributor

GableGotwals logo
Explore
The SEC has adopted a number of substantive new rules that will require new disclosures as soon as December 18, 2023 for material cybersecurity incidents on Form 8-K.
United States Corporate/Commercial Law
Photo of Jeffrey T. Haughey
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

The SEC has adopted a number of substantive new rules that will require new disclosures as soon as December 18, 2023 for material cybersecurity incidents on Form 8-K. The following is an abbreviated list of these new requirements and a summary of the actions companies should take to stay abreast of these new rules.

Clawback Policy by December 1, 2023:

  • Companies listed on the NYSE or Nasdaq must adopt an NYSE/Nasdaq-compliant clawback policy by December 1, 2023. Note: NYSE-listed companies must confirm their adoption of a compliant clawback policy or their reliance on an applicable exemption through their NYSE Listing Manager accounts by December 31, 2023.

Form 8-K Current Reports beginning December 18, 2023

  • Cybersecurity Incidents: Disclose material cybersecurity incidents within four business days after determining (without unreasonable delay) that such incident is material. (New Item 1.05 of Form 8-K)

Form 10-K for the year ended December 31, 2023

  • Clawback Policies:
    • Check boxes on the cover page to confirm whether the previously issued financial statements in the filing include an error correction and whether a compensation recovery analysis was triggered during the fiscal year.
    • Disclose actions taken to recover erroneously awarded incentive compensation pursuant to mandatory incentive-based compensation recovery policies. (New Item 402(w) of Reg S-K) Note: This may be incorporated in the company's proxy statement filed within 120 days of the end of its fiscal year.
    • File the clawback policy as Exhibit 97. (New Item 601(b)(97) of Reg. S-K)
    • Click here to review a previous Alert on clawback rules.
  • Cybersecurity: Annual disclosure of (1) cybersecurity risk management, strategy, and governance, (2) Board oversight, and (3) management's role. (New Item 106 of Reg. S-K). Click here to read a previous Alert on Public Company Cybersecurity Disclosure Requirements.
  • Director and Officer (Non)Rule 10b5-1 Plan Disclosures: Quarterly disclosure of the adoption, modification or termination of Rule 10b5-1 and non-Rule 10b5-1 trading arrangements, including their material terms (other than price), of directors and Section 16 officers. Note: The expiration or completion of such an arrangement need not be reported. (New Item 408(a) of Reg. S-K) Click here to view the fact sheet on 10b5-1 Plan Disclosures.
  • Company Rule 10b5-1 Plan Disclosure: Quarterly disclosure of the company's adoption, modification or termination of any Rule 10b5-1 trading arrangement, including the material terms of the arrangement (other than price). (Item 408(d) of Reg. S-K).
  • Company Share Repurchases: Quarterly share repurchase disclosure of such programs and practices, including a new Exhibit 26 with tabular disclosure of the company's repurchase activity for the period aggregated on a daily basis that includes a check box for trading by directors and officers within four business days before or after the announcement of an issuer plan or program, including increases in existing plans. (Items 601(b)(26) and 703 of Reg. S-K) Note: On October 31, 2023, a panel of the Fifth Circuit held that the SEC acted arbitrarily and capriciously in adopting this final rule, in violation of the Administrative Procedure Act, which would vacate the entire rule. However, the SEC has 30 days to fix the defects in the rule and substantiate its decision to adopt it. We will have to wait and see whether this rule will be restored or if it will need to be reproposed for adoption at a later time. Click here to read a previous Alert on Buyback Disclosure Rules.

2024 Proxy Statement

  • The disclosure in Form 10-K related to actions taken to recover erroneously awarded incentive compensation may be incorporated by reference from a proxy statement filed within 120 days of the end of the fiscal year in question. (New Item 402(w) of Reg. S-K)

Form 10-K for the year ended December 31, 2024

  • Insider Trading Policy:
    • Disclose insider trading policies and procedures that are reasonably designed to promote compliance with insider trading laws and applicable exchange listing standards. (New Item 408(b) of Reg. S-K)
    • Disclose policies and procedures regarding the timing of awards of options (and similar instruments) granted close in time to the release of material non-public information (MNPI) and tabular disclosure of options awarded to NEOs beginning four business days before the filing of Forms 10-Q or 10-K, or a Form 8-K disclosing MNPI (i.e. an earnings release) and ending one business day after such filing. (New Item 402(x) Note: This may be incorporated in the company's proxy statement filed within 120 days of the end of its fiscal year.
    • File insider trading policy as Exhibit 19. (Amended Item 601(b)(19) of Reg. S-K). Click here to view the fact sheet on disclosure of insider trading policies.

2025 Proxy Statement

  • Insider Trading Policy:
    • Stock options granted close in time to the release of MNPI that is required in Form 10-K may be incorporated by reference from a proxy statement filed within 120 days of the end of the fiscal year. (New Item 402(x) of Reg. S-K)

Actions Companies Could Take in Preparation of the Upcoming 10-K and Proxy Season

  • Clawback Policy: Be sure to amend or adopt a clawback policy the meets the applicable exchange listing standard by December 1, 2023.
  • Cybersecurity:
    • Review Board, Committee and management responsibilities, including the experience of the Chief Information Security Officer (CISO).
    • Consider adequacy of the methods of assessing, identifying, and managing these threats.
    • Provide training to the internal cybersecurity disclosure team on the timing and scope of the new cybersecurity disclosure rules.
  • (Non)Rule 10b5-1 Trading Arrangements and Insider Trading:
    • Develop tracking mechanisms to identify the adoption, modification, and termination of such plans.
    • Review insider trading policies and procedures.
    • Revise or adopt policies regarding timing of stock options and SARs and policies regarding gifts.
  • XBRL: Many of the new disclosures will require them to be in XBRL. Companies should coordinate with their EDGAR providers to ensure that the applicable disclosures are formatted correctly.
  • Internal Controls and Procedures, Policies, Charters, Tracking Mechanisms, and Risk Factors: Review all of these in connection with each of these new disclosure topics (Clawback Policies, Cybersecurity, (Non)Rule 10b5-1 trading arrangements and insider trading policies, and share repurchase plans and programs).
  • Board Diversity and Composition (Nasdaq Companies in particular): Nasdaq companies listed on its Global Select Market and Global Market must currently have at least one director (two by December 23, 2025), including at least one who self-identifies as a female and one who self-identifies as an Underrepresented Minority or as LBGTQ+ (as defined in Nasdaq Rule 5605(f)), and to annually disclose directors' self-identified gender, race, and ethnicity in a standard Board Diversity Matrix.
  • Pay vs. Performance: Now that this will be the second year of this disclosure, companies should review their peer disclosures to identify any emerging market practices.
  • Section 16 Executive Officer Determinations: Given new requirements such as the potential clawback of incentive-based compensation in the event of an accounting restatement and new cooling off periods for Rule 10b5-1 plans, companies may wish to re-examine who constitutes an executive officer for purposes of Section 16 of the Exchange Act.
  • D&O Questionnaires: Many of the new disclosures will require changes to D&O Questionnaires that are used to gather the appropriate information Some information will need to be confirmed on a quarterly basis. In addition to whether directors self-identify various diversity characteristics, they should also consent to the disclosure of such characteristics. The experience of management, including the Chief Information Security Officer, should be confirmed as it relates to cybersecurity Now that universal proxies may be used in election contests, the consent of directors to be named as a nominee should be broad enough to include the proxy card of a dissident, not just the company.
  • Officer Exculpation: Many Delaware companies were successful last year in proposing amendments authorizing officer exculpation provisions similar to existing director exculpation provisions. As a result, more companies may choose to propose officer exculpation if their state of incorporation permits it.
  • Time to Vote at Annual Meetings: Companies should provide clear and reasonable procedures for the opening and closing of the polls. Some suggest that a best practice is to give shareholders up to 10 minutes to vote or change their vote during the meeting once the polls are opened.

Originally published November 14, 2023

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Jeffrey T. Haughey
Jeffrey T. Haughey
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More