This Week's Alert Sponsored by

Commissioner Stein Calls for Digital Disclosure Task Force

In a speech last week - "Disclosure in the Digital Age: Time for a New Revolution" - before the 48th Annual Rocky Mountain Securities Conference, SEC Commissioner Stein called for the creation of a Digital Disclosure Task Force composed of investors, analysts, academics, companies and technology experts to "reimagine" disclosure and how information can be exchanged between companies and investors.

Although seemingly supportive of the SEC's pending EDGAR redesign and Disclosure Effectiveness initiatives, Stein suggested that much more needs to be done, including re-evaluating "materiality" to encompass investors' desire for, e.g., ESG and cyber disclosure (areas which she believes were not sufficiently addressed in the SEC's recently issued Reg. S-K Business and Financial Disclosures Concept Release (reported on here and here)), and moving toward a structured or machine-readable data approach so that individual investors can easily and more quickly access just the information they want. Stein made similar comments in her remarks at the open meeting wherein the Commission approved the Reg. S-K Concept Release. See also this Reuters article.

Bipartisan Bill Would Regulate Proxy Advisers

Bipartisan legislation co-sponsored by Reps. Sean Duffy (R -WI) and John Carney (D-DE) and set to be introduced this week would impose new registration, disclosure and other requirements on proxy advisors. As noted in the following summary prepared by Shareholder Communications Coalition advisor Niels Holch and the Society, the proposed legislation was discussed by Congressman Duffy and Vitae Pharmaceuticals President & CEO Jeff Hatfield on a Nasdaq-hosted webinar yesterday:

Congressman Duffy reviewed the latest draft of his bipartisan bill to regulate proxy advisory firms. Although counterintuitive to be seeking more regulation, he said he is concerned that the "space" is virtually unregulated in light of the fact that (among other things):

• ISS and Glass Lewis control 97% of the market.
• Proxy advisors have significant influence on major company issues, e.g., M&A, director elections.
• ISS's model is characterized by conflicts of interest.
• Institutional investor voting decisions are usually outsourced and often controlled by proxy advisors.
• Proxy advisors' reports to investors contain inaccuracies that form the basis for their voting recommendations.
• Proxy advisors aren't accountable for their voting recommendations and there is no transparency.

The bill would require proxy advisory firms to: (i) register with the SEC; (ii) disclose the procedures and methodologies they use to develop voting recommendations: (iii) adopt a code of ethics; and (iv) disclose and mitigate conflicts of interest. The bill would also require that all public companies have an opportunity to review and comment on the proxy advisors' draft reports before they are issued to their client-investors, and require each proxy advisory firm to employ an ombudsman to field and resolve complaints about report inaccuracies underlying voting recommendations before the voting takes place.

The House Financial Services Committee is expected to hold a hearing on the bill next week.  See also this WSJ article.

DOJ: Yates Memo in Practice

On Tuesday, Deputy AG Sally Yates - author of the so-called "Yates Memo" (reported on here, here and here) - discussed the impacts to date of the "individual accountability policy" memorialized by that memo in her remarks at the NYC Bar Association White Collar Crime Conference. Purportedly countering law firm and bar association reports about the new policy's negative consequences, Yates identified these positive effects from the company perspective:

• Companies are not only continuing to cooperate with the government as a result of the policy, they are making real and tangible efforts to adhere to the DOJ's requirement that they identify facts about individual conduct - right down to providing so-called "Yates Binders" that contain relevant emails of individuals being interviewed by the government.
• No one has informed the DOJ that they will be forced to waive privilege in order to comply with the policy. Yates emphasized that this is not required, and the policy entailed no roll-back of existing protections in this regard.
• The DOJ has affirmatively been hearing that the new approach is causing positive change within companies. Compliance officers have reported that the DOJ's focus on individuals has helped them steer officers and employees within their organizations toward best practices and higher standards. 

See also this WSJ post.

UK: Fossil Fuel Divestment/Green Company Investment Index Launched

The London Stock Exchange's FTSE Russell launched a FTSE Divest-Invest Developed 200 Index for investors seeking to methodically divest from fossil fuel investments while increasing their exposure to "green" companies. The new index reportedly excludes from the 200 largest companies within the FTSE Developed All-Cap Index those companies that are part of the industrial classification benchmark sectors, and subsectors that include oil & gas and coal and mining companies. The excluded companies are then replaced by "green" companies whose weights are based on their low carbon economy and industrial indicator factor, which is defined as a constituent's ratio of its "green revenues" to its total revenues. See this FTSE Russell's Fact Sheet and Ground Rules.

PCAOB Releases Auditor's Reporting Model Reproposal

Yesterday, as anticipated, the PCAOB issued a reproposal on enhancing the auditor's report by requiring auditors to provide information on critical audit matters (CAMs). The Society was among the many who commented extensively on the initial proposed standards issued in August 2013. The reproposed standard retains the pass/fail model of the existing auditor's report and the auditor's current role of attesting to information prepared by management.

Key aspects of the reproposal include:

• The standard would require communication in the audit report of any CAMs, but - unlike the 2013 proposal - CAMs would be limited to matters communicated or required to be communicated to the audit committee and that (i) relate to accounts or disclosures that are material to the financial statements, and (ii) involved especially challenging, subjective, or complex auditor judgment.
• The auditor would take into account a list of factors in determining whether a matter involved especially challenging, subjective, or complex auditor judgment - such as the auditor's assessment of the risks of material misstatement.
• The audit report would identify the CAM, describe the principal considerations that led the auditor to determine that the matter is a CAM, describe how it was addressed in the audit, and refer to the relevant financial statement accounts and disclosures. If there are no CAMs, the auditor would state that in the report.
• Auditor tenure would be included in the audit report.
• Unlike the initial proposal, the reproposal doesn't (and isn't expected to) encompass auditor responsibilities for other information outside the financial statements.

See the PCAOB's release and fact sheet, our March 2014 report, and this WSJ article. Comments to the reproposal are due August 15th.

PCAOB Advisory Group Focused on Non-GAAP Measures

The PCAOB Standing Advisory Group's (SAG) May 18th - 19th meeting is planned to include a focused discussion on the auditor's role regarding non-GAAP financial measures and other operating measures (e.g., unit sales, subscriber numbers) (collectively, "Company Performance Measures) - apparently triggered by the increase in use of and reliance on these measures in the context of static auditor responsibilities. SEC Staff reportedly will share their observations (including as relates to issuers and audit committees) on non-GAAP measures as part of the discussion. As previously reported, non-GAAP reporting practices have fairly recently been a recurring topic of SEC Chair and Staff remarks and scrutiny and related media focus.

The meeting agenda's accompanying Briefing Paper includes these discussion questions for consideration:

• What are company practices in developing and disclosing company performance measures? How are investors using company performance measures?
• What procedures, if any, are companies and audit committees asking auditors to perform on company performance measures? Are the procedures different depending on where the company performance measures are located?
• Should auditor responsibilities be expanded to include specific procedures for company performance measures? If so, what should auditor's responsibilities be and should such responsibilities vary depending on where the information is located? Should auditors report the results of their work? If so, how much specificity would be necessary to explain what was done and on which measures?
• What obstacles, if any, exist to expanding auditor responsibilities to include specific procedures for company performance measures, including non-GAAP financial measures?
• What unintended consequences might arise from expanding auditor responsibilities to include specific procedures for company performance measures?

The meeting agenda also includes a discussion of other emerging audit issues, including: (i) the role/responsibilities of the auditor in company whistleblower activity, (ii) SAG's concerns about FASB's materiality proposals here and here (previously reported on here), and (iii) aligning company/audit committee/investor expectations of auditor responsibilities re: cybersecurity-related matters (e.g., ICFR, accounts, disclosures).

SEC Approves PCAOB's Audit Partner Disclosure

On Monday, the SEC approved the PCAOB's proposed new rules and accompanying amendments to auditing standards requiring audit firms to disclose the names of each audit engagement partner, as well as the names of other audit firms that participated in each audit, on a new PCAOB form - Auditor Reporting of Certain Audit Participants, or Form AP. As previously reported, the rules require auditors to file the new form for each issuer audit 35 days after the date the auditor's report is first included in an SEC filing - or 10 days after the auditor's report is first included in an SEC filing for IPOs - disclosing:

• Name of the engagement partner;
• Names, locations, and extent of participation of other accounting firms that took part in the audit if their work constituted 5% or more of the total audit hours; and
• Number and aggregate extent of participation of all other accounting firms that took part in the audit whose individual participation was less than 5% of the total audit hours.

The disclosure requirement for the engagement partner will be effective for auditor's reports issued on or after January 31, 2017. Disclosure of other audit firms participating in the audit will be required for reports issued on or after June 30, 2017. See the PCAOB's release.

PCAOB Rethinking Audit Inspection Approach

Last week, PCAOB Board Member Jeanette Franzel discussed how the PCAOB may modify its current risk-based audit inspection approach to take into account relatively recent significant improvements in audit quality - particularly observable among the larger audit firms. Franzel identified these potential changes under consideration:

• Selecting audits for inspection on a broader basis - including potentially random selections, which could help assess the operation of firms' quality control systems across a wider span of audits;
• Emphasizing testing of firms' quality control systems rather than detailed individual audit inspections - potentially catching quality control weaknesses early to prevent audit deficiencies and decreasing the number of audits inspected; and
• Further exploring PCAOB reporting approaches and communications about inspections results to provide companies, investors, audit committees, and the public with timely and meaningful information about the inspection results.  

See also these articles from the Journal of Accountancy and the WSJ.

Bill Amends SOX to Include Cyber Certs, Controls & Disclosure

New Cybersecurity Systems and Risks Reporting Act (H.R. 5069) sponsored by Rep. Jim McDermott (D-WA) would amend the Sarbanes-Oxley Act (SOX) generally to require:

• SOX 302 certifications to include the company's principal cybersecurity systems officer(s) and cybersecurity/information systems
• SOX 404 internal controls assessment to include cybersecurity/information systems structures and procedures for financial and information systems reporting
• Via SOX Section 407 (which defines "financial expert"), disclosure by the company of whether its audit committee has at least one member who is a "cybersecurity systems expert" [emphasis added] (and - if not - why not) as defined by the SEC in consultation with the Department of Homeland Security and the Commerce Department, and subject to these considerations: whether a person, through education or experience as a CITO or CISO (or comparable), has: (1) an understanding of generally accepted principles of computer, network, and data security and privacy; (2) experience in preparing IS audits for cybersecurity risk discovery and maintaining, implementing and monitoring information and cybersecurity systems; (3) experience with the information systems aspects of internal accounting controls; and (4) an understanding of how audit committees function.
• Cybersecurity risk disclosures would be added to the list of criteria the SEC must consider in scheduling its reviews of companies' filings at least once every three years per SOX Section 408.

As previously reported, CII's new guidance for investors specifically rejects the notion of a required cyber expert director to effect adequate board cybersecurity oversight - contrary to the presumption raised by the Cybersecurity Disclosure Act of 2015 introduced in December, as well as this new bill. See also Jim Hamilton's blog.

Global Cyber Standard-Setting Considerations

The Global Financial Markets Association (GFMA) - comprised of SIFMA, ASIFMA, and AFME; the ISDA; and other industry groups submitted an agreed-upon, non-exhaustive, sensible set of cybersecurity principles this week to the Financial Stability Board and the International Organization of Securities Commissions with the aim of promoting effective global policy on cybersecurity, data and technology by sharing considerations that the group believes should be taken into account when a nation or one of its agencies or standard-setting bodies creates laws, regulations or standards that affect the technology infrastructure of financial services firms operating globally.

Adoption of the principles reportedly depends upon acknowledging two threshold issues: (i) cybersecurity, data protection and technological advancement are international issues requiring global solutions, and (ii) cybersecurity threats, risks, and the technology that mitigate them shift faster than regulations and standards can respond - necessitating focus on people, processes and technology rather than standards compliance to manage risks.

The paper observes:

A strong, open and resilient technological ecosystem is essential to the health and protection of financial markets. Increased reliance on and use of technology creates benefits, but also engender inherent risks. Those risks, both to technological infrastructure and financial stability, require responses from regulators and government agencies, and we applaud governments for paying closer attention to this critically important issue.

It is also important, however, that countries and jurisdictions tackling risks do not create rules that inadvertently force global businesses to fragment their technology systems, impeding competition and innovation, thereby harming investors. This fragmentation would not only impede the flow of global capital and its contribution to economic growth, but also exacerbate the very risks regulators are trying to mitigate.  

See GFMA's release.

Mitigating Risks Associated With Cybersecurity Whistleblowers

Orrick's new memo "Avoiding the Risk of Cybersecurity Whistleblowers" discusses a key cybersecurity whistleblower case (see this Reuters article) as a backdrop to offering tips for companies to reduce the likelihood that a cyber whistleblower will report directly to the SEC or similar agency. Among the sound suggestions (which are in large part applicable to whistleblower programs generally) are these:

• Resist the urge to identify an anonymous whistleblower; it is very difficult to retaliate against someone whose identity is unknown. Implement a system by which you can follow up with an anonymous whistleblower that safeguards their identity (i.e., Ethics Point or Hushmail).
• Train IT managers and other managers on the front lines about what could form the basis for cybersecurity whistleblower complaints and how to properly receive and escalate them.
• Review third-party vendor practices (contractors, consultants, auditors, hotline administrators) to ensure they too provide optimal whistleblower procedures. Make clear in company policies that reports from third parties are also accepted by the company.

Access numerous additional cybersecurity resources here.

Audit Committee Oversight: Forward-Looking Guidance

This new memo from PwC includes these sound audit committee considerations relative to ensuring appropriate oversight of the company's forward-looking guidance practices:

• Understand management's philosophy to ensure the practice supports management's focus on the long-term value drivers and is consistent with compensation incentives.
• Evaluate management's rationale for providing guidance to understand market pressures, and evaluate how management has weighed the advantages and disadvantages of providing guidance—or the extent of such guidance.
• Understand management's processes for: (1) developing assumptions and estimates, (2) accumulating guidance information, and (3) ensuring the process is robust and management judgments are reasonable.
• Review management protocols for providing guidance - including use of non-GAAP information, and guidelines for updating quarterly guidance for both positive and negative material changes
• Periodically revisit company policy– as trends evolve, market views fluctuate and related risks change.
• Benchmark peer and competitor practices to help evaluate the nature and extent of guidance provided and to evaluate whether the company is an outlier.
• Inquire of possible "earnings management" to meet guidance to understand if transactions or non-recurring adjustments are influenced by earnings pressure that increases financial reporting risks, including risk of fraud.

The memo also covers relevant listing exchange requirements, common guidance practices, and pros and cons of providing guidance.

Board Diversity: GC/CLO Best Practices

A group of chief legal officers (CLOs) and other corporate governance experts (which included The Governance Solutions Group's and Society member Denise Kuprionis) convened by the Thirty Percent Coalition released this thought piece last week on board gender diversity.

Premised on the notion that CLOs are well positioned to promote board diversity due to their role in advising CEOs and boards on governance practices, the paper identifies best practices for CLOs to pursue and advocate, including, e.g., taking steps to ensure that board committees responsible for director recruiting routinely include female candidates in the candidate pool; encouraging broader searches that go beyond candidates with CEO experience; and ensuring that the board's search firm is fully "on board" with the company's diversity commitment. See also the Thirty Percent Coalition's release.

Board Composition: Director & Investor Considerations

PwC's new Director-Shareholder Insights discusses several board composition-related "hot topics" that are currently the focus of investor scrutiny - including skill and attribute needs and gaps, diversity, tenure, mandatory retirement age, and board refreshment strategies. The Appendix features reader-friendly mini-checklists of director and investor considerations relative to each of these topics that could serve as a useful tool for board discussion. Among other welcome input, the piece takes into account that the board may consider external advisors rather than individual board members to satisfy identified attribute/expertise gaps. 

S&P 500: Annual Scrutiny of Political Disclosure & Accountability

The Center for Political Accountability recently informed S&P 500 companies of the launch of the data gathering and analysis process for its now well known annual CPA-Zicklin Index of Corporate Political Disclosure and Accountability. The same 24 indicators used in 2015 will be used again this year to rate the level of each company's political accountability. Actual data collection will begin in June and rely entirely on information that is publicly available on company websites. The CPA will send preliminary scores and supporting data to companies for review on a rolling basis starting in late June and plans to release the Index findings in late September.

CalPERS Set to Support Board Gender Diversity Bill

CalPERS' Investment Committee is scheduled to consider and approve formal support for Rep. Carolyn Maloney's (D-NY) board gender diversity bill: "Gender Diversity in Corporate Leadership Act of 2016" at its May 16th meeting - subject to also suggesting that the bill be expanded to encompass additional types of diversity. As previously reported, the Maloney bill - introduced in March - directs the SEC to: (i) establish a Gender Diversity Advisory Group to study strategies to increase board gender diversity, (ii) report annually to Congress on the status of board gender diversity among issuers, and (iii) undertake rulemaking to mandate issuer proxy statement disclosure of the gender composition of boards and director nominees. In March, we noted support by the U.S. Chamber of Commerce for Maloney's bill.

CalPERS was among the nine large public pension funds that submitted a rulemaking petition to the SEC in March 2015 to amend Reg. S-K to elicit disclosure of each board nominee's gender, race, and ethnicity in a chart or matrix form.

Capital Group Focuses on Executive Pay

Reuters reports on a recent interview with Capital Group concerning the investment manager's increasing focus on what it deems to be excessive or "unfair" executive compensation paid to its funds' portfolio companies top management. Among the largest holders of U.S. stocks via its American Funds mutual funds, Capital Group reportedly has one of the lowest say-on-pay approval rates among large U.S. fund managers. The article notes that the investor is "emerging as one of the toughest critics" of executive compensation.

Here is an excerpt from its newly posted proxy voting principles on executive compensation:   

We also believe that absolute levels of compensation (as well as pensions and severance, when they apply) should be monitored with an eye toward preventing excess. In addition, we are vigilant about assuring fairness for public shareholders; we frown on plans that unjustly dilute their stakes and stand ready to vote these convictions. We believe the goal should be to balance incentives for high performance with a commitment to superior shareholder returns.

Investors Release Guidance on Utility Company Engagement

A global network of more than 270 institutional investors led by the Institutional Investors Group on Climate Change (IIGCC) with support from investor networks in North America (Ceres INCR) and Australasia (IGCC) recently published this guidance: "Investor Expectations of Electric Utilities Companies" to foster constructive engagement between utility company boards and management and their investors about risks and opportunities related to climate change and appropriate strategies with the aim of mitigating investors' long-term risks. Investor expectations are grouped into six categories including Governance and Transparency & Disclosure.

The sector-focused guide is reportedly intended to be used in tandem with the more general "Institutional Investors' Expectations of Corporate Climate Risk Management" published in late 2012. See this Ceres release.

This week's highlighted question from the Huddle is:

The corporate secretary of our closed corporation has resigned. We would like to appoint a secretary immediately. Has anyone ever done a retroactive appointment at a subsequent board meeting with unanimous consent, or an ad hoc appointment by the Chair for different functions? The Bylaws "Officers" section states that the Secretary may be replaced by the board at any regular or special meeting. However, there is a provision under a separate section permitting the board to take an informal action without a meeting, upon unanimous written consent.

This question generated a lot of activity and many excellent answers (too many to note here) including:

Typical bylaws provide that the President, the CFO and the Secretary are to be appointed at the regular annual meeting of the board following the annual meeting of stockholders and that the board may fill vacancies for the unexpired portion of the annual term by vote at an interim meeting or by unanimous written consent in lieu of a meeting. Whether a UWC vs a majority vote at a meeting is appropriate will depend on the dynamics at play. If you have discussed the vacancy and the contemplated appointment with the Chair and you do not expect an objection to the appointment from any of the remaining members of the board, then a UWC might suffice.

Check out the Society Huddle.

• The SEC Does Read Comment Letters
  daily.financialexecutives.org, May 11, 2016
• New Rules Give Startups Access to Main Street Investors
  The Wall Street Journal, May 11, 2016
• IASB Chair Rings Alarm Over Use of Non-GAAP Measures
  The Wall Street Journal, May 11, 2016
• Chipotle Board Members Survive Shareholder Vote
  The Wall Street Journal, May 11, 2016
• Yates Assesses Effects of 'Yates Memo'
  The Wall Street Journal, May 10, 2016
• Investor Outreach on Rev Rec Rule Needed: SEC Official
  cfo.com, May 10, 2016
• SEC Looking More Closely at XBRL Filings
  accountingtoday.com, May 9, 2016
• Wall Street Cops to Hedge Funds: Treat Investors Better
  The Wall Street Journal, May 9, 2016
• Mind the (Non) GAAP: The SEC Elevates Its Attention to Non-GAAP Measures
  daily.financialexecutives.org, May 6, 2016
• Facebook's new non-voting shares plan arouses Delaware plaintiffs' bar
  Reuters, May 4, 2016

See other recently posted Articles of Interest.

Also, just a reminder that you can find additional topic-specific articles and other resources here.