It is no secret that the Securities and Exchange Commission’s (SEC) current priorities have shifted into the world of nonfinancial governance matters. Earlier this year, SEC Chairman Mary Jo White expressed concern about existing disclosure requirements for board diversity and explained that the SEC staff is reviewing current disclosures with an eye toward providing recommendations for changes. The SEC is also currently exploring rulemaking with respect to sustainability. In April 2016, in connection with the SEC’s disclosure effectiveness initiative, the SEC issued Concept Release No. 33-10064 on Business and Financial Disclosure Required by Regulation S-K (the concept release). The concept release sought comment on modernizing certain disclosure requirements under Regulation S-K. In particular, the concept release requested feedback on the importance of sustainability matters, including climate change. Corporation Finance Director Keith Higgins recently reported that the highest number of comments on the Concept Release related to “improved sustainability disclosure.” In addition, there continues to be heightened interest in cybersecurity given the number of data breaches over the last few years, most recently with Yahoo.
In light of the interest in these priorities, it is an ideal time to explore the impact of potential rulemaking initiatives on these matters. As with past rulemaking initiatives, new disclosure requirements may ultimately lead to changed corporate governance practices. This article explores how SEC rules may drive corporate governance behavior in the context of these priorities.
Sustainability:
In the approximately 340-page concept release, the SEC dedicated a section to the discussion of public policy and sustainability matters, with the SEC noting that investors “have expressed a desire for greater disclosure of a variety of public policy and sustainability matters.” The vast majority of comments to the concept release addressed this section. In the concept release, the SEC did express concern regarding imposing disclosure of environmental and other matters of social concern on all public companies.
Commenters generally acknowledged a significant interest in sustainability disclosures and many recommended increased disclosure. In addition, many commenters supported the adoption of required disclosure in an effort to promote consistent and complete disclosure. Many comment letters addressed climate change and political spending disclosure.
The SEC stated that it believes it should not promote “goals unrelated to the objectives of the federal securities laws.” For example, the SEC suggested that it is not appropriate to mandate – disclosure to serve the needs of a limited subset of investors, as the increased costs to public – companies may outweigh the investor benefits. The SEC nevertheless noted that the role of sustainability may be “evolving” due to increased investor interest.
The SEC appears to be struggling with the interplay between the desire for increased disclosure and the need to avoid mandating disclosure unrelated to the objectives of investor protection. In fact, the SEC specifically acknowledges in the concept release that adopting such disclosure requirements could have the unintended effect of changing corporate behavior, which is in contravention of the goal of securities laws of generating material information for investors. In order to assess the appropriateness of such disclosure requirements, the SEC requested additional comments in order to help it identify how important sustainability matters are to investors. Ultimately, if the SEC adopts new rules mandating disclosure of sustainability issues, there may be additional costs of such disclosure to public companies. Companies may, for example, be pressured to adopt sustainability policies in the event they are required to disclose the absence of such a policy. This outcome however is the ultimate goal of many investors and others who desire more disclosure with respect to sustainability matters.
It appears clear to the SEC, having received hundreds of comments to the Concept Release, that sustainability is a matter of interest. And, as previously noted the vast majority of the comments address the sustainability disclosure portion of the Concept Release with many supporting improved disclosure requirements. This response clearly seems to indicate that the market views sustainability matters as being important to investors. As such, it seems likely that the SEC will have to address sustainability. Given current investor interest, this disclosure should be welcomed, so long as it provides meaningful information specific to each company.
Board Diversity:
Although not addressed in the concept release, another current area of the SEC’s focus is board diversity. As noted above, the SEC announced that its staff is considering the current disclosures relating to board diversity. Chairman White addressed board diversity in a keynote speech at the Annual Conference of the International Corporate Governance Network in June 2016. She stressed in her speech that diverse boards are correlated with better company performance. She therefore concluded that this correlation should drive investor interest in board diversity and its disclosure.
The SEC’s rules currently require only limited disclosure relating to diversity. In 2009, when the SEC adopted enhanced disclosures for proxy statements, it included rules requiring public companies to disclose how they consider diversity in their director nomination process and, if a company has a diversity policy, how its effectiveness is assessed. As noted in Chairman White’s speech, those rules do not define diversity. She noted that disclosure under the current rules has been vague and did not evolve over time. Many commenters have agreed with this assessment and have argued that the rules have not resulted in the disclosure of useful information. It is now evident that one of the SEC’s initiatives is to prepare recommendations for a proposal to amend its rules to provide more meaningful disclosure on board diversity.
Like the SEC’s other rulemaking efforts on corporate governance matters, including the enhancements to proxy statement disclosure, any such rule would be focused on disclosure. As noted by Chairman White in her speech, the SEC does not have the authority to mandate diversity. Having already concluded that such information is important to investors, any new rule would instead seek to elicit disclosure of diversity information that is meaningful to investors. Although the form and content of such information remains to be seen, Chairman White’s comments on the practices of some companies may be informative. She specifically praised and noted the usefulness of proxy statement disclosure of data and analysis of a board’s gender, race and diversity composition. Reporting of such metrics is likely one area that the SEC is exploring.
Despite concluding that such information is important to investors, the SEC will again need to navigate a path between establishing effective disclosure requirements and avoiding a mandate of corporate governance behavior. Rules that emphasize a lack of diversity or require disclosure of the reasons for such lack of diversity could cause companies to adjust their governance policies. Notwithstanding such concerns, in light of the acknowledged importance of diversity to investors, the goal of improved diversity disclosure is likewise important to achieve. Ideally, the SEC will craft new disclosure rules that produce important information regarding a company’s diversity while at the same time avoiding unnecessary changes to a company’s corporate governance practices.
Cybersecurity:
Finally, Yahoo’s recent discovery of a data breach has heightened existing interest in cybersecurity matters. The SEC issued guidance to public companies in 2011 on disclosure relating to cybersecurity risks and incidents. That guidance merely applied existing disclosure rules to a new area of risk, concluding that such rules applied to cybersecurity matters. The SEC has since adopted other rules on cybersecurity for self-regulatory organizations and broker- dealers among others. While the topic remains a current area of interest for the SEC, no rules of general applicability to public companies have been proposed or adopted relating to cybersecurity disclosure. In addition, the SEC has not penalized any companies for failing to provide sufficient disclosure relating to cybersecurity or data breaches.
News of the Yahoo data breach and its potential fallout, however, could result in renewed interest in rulemaking on cybersecurity. Lawmakers have previously called for an SEC investigation into Yahoo’s disclosure relating to the data breach. Senator Mark Warner stated in a letter to the SEC that the breach was a material event that should have been disclosed to investors when Yahoo’s executives knew about it. The breach also raises the question of whether Yahoo’s disclosure of risks relating to cybersecurity events was sufficient.
Options for cybersecurity disclosure could include reporting the existence of cybersecurity policies and plans and the board’s role in assessing cybersecurity risk, as well as the occurrence and circumstances of any cybersecurity incidents, regardless of whether material. The reporting of such incidents has been specifically questioned by Senator Mark Warner, who asked the SEC to “evaluate the adequacy of current SEC thresholds for disclosing events of this nature.”
Enhanced cybersecurity disclosure rules may impact governance practices of public companies. For example, it is unlikely that a public company would be willing to disclose to its investors that it lacks any policy relating to cybersecurity. That being said, cybersecurity is undoubtedly an important issue for today’s investors, and as such, appropriate and meaningful disclosure of such matters should be provided by public companies.
Conclusion:
In light of these important initiatives, the SEC should not shy away from implementing changes designed to generate meaningful and important information for investors. If an issue is important to investors, which sustainability, board diversity and cybersecurity certainly are, investors should know about it. Companies should be aware that to the extent the SEC does mandate disclosures regarding these issues, new corporate governance behaviors may need to be adopted.
Katayun I. Jaffari is a partner in Ballard Spahr’s Business and Finance Department and a member of the Securities, Employee Benefits/Executive Compensation, Life Sciences/Technology, Energy and Project Finance, and Mergers and Acquisitions/Private Equity practice groups. She has extensive experience counseling public and private companies in the areas of corporate governance and securities law and compliance, including reporting requirements under NYSE and NASDAQ regulations. She has also written and lectured extensively in these areas. She can be reached at jaffarik@ballardspahr.com or (215) 864-8475.
Peter A. Jaslow is an associate in Ballard Spahr’s Business and Finance Department. He advises clients regarding securities matters, including corporate governance, disclosure, and compliance matters. In particular, he represents companies in public and private offerings and other capital- raising transactions, merger and acquisition transactions, and a variety of commercial technology transactions. He can be reached at jaslowp@ballardspahr.com or (215) 864-8737.
Reprinted with permission from The Legal Intelligencer.© 2016 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.