Rapid rulemaking and aggressive enforcement by the Securities and Exchange Commission (SEC), combined with legislative, judicial, and regulatory developments, have created new requirements and expectations for U.S. public companies. As we approach year end, such companies might consider taking the following actions in 2024:
- For Delaware corporations, consider amending your charter to provide for officer exculpation if you have not already done so. Since August 2022, it has been permissible for Delaware corporations to extend exculpation protection to specified corporate officers. Given the steady support for officer exculpation charter amendment proposals from shareholders and ISS in 2023, we expect many Delaware corporations to seek shareholder approval of these amendments in 2024. Companies should build in time for board approval as well as a preliminary proxy statement filing. See the Sidley article here.
- Implement systems to ensure compliance with the new SEC cybersecurity disclosure requirements. Beginning on December 18, 2023, companies must disclose a material cybersecurity incident under Item 1.05 of Form 8-K within four business days of determining that the incident is material, with limited exceptions. The materiality determination must be made “without unreasonable delay” after discovery of the incident. If companies have not already done so, they should update their incident response plans and related processes to ensure that a timely determination can be made regarding the materiality of cybersecurity incidents and implement procedures to promptly notify the internal team in charge of SEC reporting of material incidents requiring disclosure. Companies should also review existing cybersecurity risk management, strategy, and governance practices in light of the new cybersecurity disclosure requirements that will first apply to 2023 Form 10-Ks. See the Sidley Update here and listen to the Sidley Podcast here.
- Stay apprised of recently adopted climate-related directives and laws in the European Union (EU) and California as well as the pending SEC climate disclosure rules expected by April 2024. Non-EU companies with a significant presence in the EU or with securities listed on an EU-regulated market will become subject to broad new EU rules on corporate sustainability due diligence and disclosures (the Corporate Sustainability Reporting Directive) beginning in 2024. Companies with EU operations should assess whether and which entities in their corporate structure are within the scope of the new EU rules and begin determining how and when to adapt their corporate sustainability policies and processes to comply. See the Sidley Updates here and here.Whereas many public companies already publish voluntary climate-related disclosures in reports outside of SEC filings, the SEC rules, if adopted, will require public companies to disclose such information in SEC filings according to rigorous methods and standards prescribed by the SEC, and certain of this information would be subject to attestation or independent audit requirements. While the rules pertain only to disclosures, they will impact operations by indirectly requiring companies to take action, to the extent they are not already doing so, to put monitoring, accounting, planning, and governance practices in place to enable them to satisfy the disclosure requirements. See the Sidley Updates here (California laws) and here (proposed SEC rules).
- Consider whether any updates to corporate diversity, equity, and inclusion (DEI) programs, policies, or disclosures are advisable in the wake of the Supreme Court’s June 2023 affirmative action decision.1 Although the U.S. Supreme Court’s ruling that university admissions policies must be “color blind” under the Equal Protection Clause of the U.S. Constitution is, by its terms, limited to higher education, there have already been high-profile lawsuits and challenges to corporate diversity initiatives, and companies face heightened risk of such challenges to their DEI policies and programs following the ruling. Companies can take steps to continue to advance diversity in the workplace while reducing their legal risk, including by auditing and considering updates to their existing DEI programs, policies, and disclosures. Given the highly dynamic legal landscape around these issues, this is an area to watch closely as case law and trends evolve in 2024. See the Sidley Update here and listen to the Sidley Podcast here.
- Prepare for compliance with the new EU Foreign Subsidies Regulation (FSR), if applicable. The FSR imposes mandatory filing and approval requirements for M&A deals where (a) the group being acquired, the joint venture being created, or at least one of the merging groups that is being combined has a business presence in the EU and an aggregate turnover in the EU of at least €500 million in the last financial year; and (b) the parties to the deal, in the aggregate, received at least €50 million in financial contributions from non-EU countries (foreign financial contributions or FFCs) in the three years prior to executing the transaction agreement. In addition, the European Commission may require below-threshold deals to be notified. To avoid deal delays, parties at risk of meeting notification thresholds should take an inventory of FFCs received from non-EU countries in the last three years and implement systems to ensure that those contributions are tracked on an ongoing basis. Preparing this inventory may be complicated, given that “foreign financial contributions” is broadly defined and includes Covid-19 support, support for renewable energy, tax exemptions, and any transactions with public bodies (e.g., public utilities, state hospitals). See the Sidley Updates here and here.
- Ensure that share repurchases comply with board authorizations. In November 2023, the SEC announced that it settled charges against a company for insufficient internal accounting controls relating to its share repurchases, which did not conform to SEC Rule 10b5-1 as required by the authorizing resolutions adopted by the company’s board. The company agreed to pay a civil penalty of $25 million. This enforcement action serves as a reminder that companies should ensure that they have policies and procedures for confirming that trading plans to be used for share repurchases are consistent with the authorizing resolutions and Rule 10b5-1, if applicable.
- Update insider trading policies and procedures in light of the new SEC rules. Companies should ensure that their Rule 10b5-1 plans and insider trading policies comply with the December 2022 amendments to Rule 10b5-1 (e.g., new cooling-off periods). A calendar-year company will first be required to file its insider trading policy as an exhibit to its 2024 Form 10-K. Prior to that time, companies should revise their insider trading policies to (a) explicitly add gifts to the types of transactions covered by the policy and (b) permit insiders to use written trading arrangements other than Rule 10b5-1 plans. Finally, companies should review their policies and remove any content that may be extraneous or better suited for an internal memorandum. See the Sidley Update here.
- Proactively prepare for shareholder activism; confirm there are no illegal director interlocks. Particularly given the current universal proxy rules, companies are well advised to review director biographies in proxy statements and on corporate websites to ensure they reflect the strengths, qualifications, and relevant experience of individual directors. Before any activist situation arises, companies should also assess their vulnerabilities and ask experienced proxy contest counsel to review their corporate bylaws to ensure that they reflect current best practices. See the Sidley article here. Companies should also confirm that they have no interlocking directorates in violation of the Clayton Act – enforcement by the Federal Trade Commission and the Department of Justice resulted in more than a dozen director resignations in 2023, as discussed in the Sidley article here.
- Ensure that the board understands the impact of artificial intelligence (AI) on corporate strategy and risk. Corporate boards need to understand and stay apprised of AI-related legislative and regulatory initiatives in the U.S. and abroad and oversee the company’s compliance, as well as the development of relevant policies, information systems, and internal controls, to ensure that AI use is consistent with legal, regulatory, and ethical obligations, with appropriate safeguards to protect against risks. See the Sidley articles here and here and listen to the Sidley webinar on the EU AI Act here.
- Refresh policies on corporate statements about high-profile social and political issues. Companies may face negative consequences to their business or reputation whether they speak or stay silent. Accordingly, companies may wish to consider adopting policies and processes for determining what issues to speak out on and when, who has authority to speak, and which types of statements (if any) require board notification or prior approval. These decisions should align with a company’s core values and take into account the potential benefits and risks associated with taking a position. See the Sidley article here.
- Make sure that non-GAAP disclosures comply with SEC rules and guidance. SEC staff guidance issued in December 2022 and a March 2023 enforcement action illustrate the SEC’s continued scrutiny of non-GAAP reporting. Companies that use non-GAAP measures in their public filings should ensure that they have adequate disclosure controls and procedures in place to comply with applicable SEC rules and guidance, particularly the requirement to disclose the most directly comparable GAAP measure with equal or greater prominence (as construed by the SEC).
- Make sure employee agreements do not impede whistleblowing. The SEC has recently brought enforcement actions against companies alleging that they entered into agreements with employees that the SEC found impeded potential whistleblowers from reporting complaints to the SEC. Companies should review agreements with current and former employees and delete any language that purports to restrict employees from communicating with government agencies.
1Students for Fair Admissions, Inc. (SFFA) v. President & Fellows of Harvard College, No. 20-1199, and SFFA v. University of North Carolina, et al., No. 21-707 (June 29, 2023).
This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.