U.S. Securities and Exchange Commission (SEC) officials, private practitioners, in-house counsel, and others in the corporate and securities industry gathered in Chicago on September 26 and 27, 2024, for the Annual Ray Garrett Jr. Corporate & Securities Law Institute (the Institute).
Panelists discussed current events and issues affecting public companies and registered entities. Top-ranking SEC officials also joined the conversation, reflecting on disclosure and enforcement trends during the SEC’s past statistical year and providing insight to attendees on what is to come.
Disclosures
Cybersecurity
SEC panelists discussed how companies have sought to comply over the past year with the SEC’s cybersecurity disclosure rules that went into effect in July 2023 and clarified how compliance can be improved. For example, Director of the Division of Corporation Finance Erik Gerding pointed to a May 2024 statement explaining that, because the rules require public companies to disclose material cybersecurity incidents under Item 1.05 of Form 8-K, where companies choose to disclose a cybersecurity incident for which a materiality determination has not yet been made or that the company determined was not material, companies should disclose that cybersecurity incident under a different Item of Form 8-K (e.g., Item 8.01).
Gerding also left Institute attendees with the following considerations for clearer and more compliant disclosures: (1) boilerplate language is not helpful to investors and does not conform to the purpose of the rules to inform investors; and (2) the materiality analysis for determining whether a cyber event is reportable is the same analysis as the one for deciding what the material impact is or would be, and companies should use the same standard in making these determinations.
Artificial Intelligence
Panelists discussed artificial intelligence (AI) throughout the Institute. Gerding noted that AI disclosures in Forms 10-K have roughly doubled over the past year from 27% to 59%. However, as Gerding explained, most of these disclosures reflected boilerplate language and were not tailored to the specific risks of the registrant. Gerding encouraged registrants to make more specific disclosures that include:
- What the company means by “AI.”
- How the company is using AI in its business.
- Discussion of business market and industry risks in terms of the company’s actions that gain or lose market share.
- Information related to data privacy, cybersecurity, regulatory, litigation, or other risks, if facing such risks because of AI.
As these disclosures become more commonplace, we may see the SEC release additional guidance.
Enforcement
Chief Counsel for the SEC’s Division of Enforcement, Sam Waldon, discussed recent enforcement actions and litigation, which cover topics that we anticipate will remain enforcement priorities.
Gatekeepers
Gatekeepers continued to be an area of focus for the SEC, according to Waldon. While Waldon acknowledged that there are limits to what a gatekeeper can do if they lack the power to fix the issue, there are still a number of actions that can be taken. Waldon encouraged gatekeepers to “say something” if they “see something.” It is important for gatekeepers to let supervisors know if they see a mistake and to continue monitoring the situation to ensure that it is being appropriately addressed. Gatekeepers should keep reporting up and, when warranted, report out. The SEC also brought a number of gatekeeper actions, such as the recent settlement with the audit firm Prager Metis for falsely misrepresenting that its audits of FTX complied with Generally Accepted Auditing Standards and not appreciating the increased risks from this lack of compliance.
Shadow Trading
The Panuwat case has received much attention recently due to what many perceived as the SEC’s use of a novel theory of insider trading known as “shadow trading.” While the facts of the case are novel, Waldon emphasized that the legal theory is not. Waldon encouraged in-house counsel and those advising them to review employee policies and training materials to ensure they make clear that employees have an obligation to keep material nonpublic information (MNPI) confidential and that there are consequences when MNPI is misused, regardless of how the misuse occurs. Waldon emphasized that policies should not describe the issue too narrowly, and companies should ensure that misuse of MNPI is not limited to the company’s own securities.
The Impact of Recent Litigation
Waldon was given the opportunity to address some challenging rulings in recent ligation. When asked about the Jarkesy opinion, Waldon emphasized its narrow holding and that it is unlikely to have a significant impact on how the SEC brings enforcement actions. In Jarkesy, the Supreme Court of the United States held that under the Seventh Amendment, defendants have the right to a jury trial when the SEC seeks civil penalties for securities fraud—the SEC cannot require litigants to adjudicate such claims in its administrative tribunals. However, Waldon highlighted that the SEC has been almost exclusively litigating these types of cases in federal court for some time now. In fact, over the past three years, no fraud cases have been litigated in the SEC’s administrative tribunals. Tina Diamantopoulos, Director of the SEC’s Chicago Regional Office, agreed with Waldon’s assessment of Jarkesy and the likely impact—or lack thereof—on enforcement actions moving forward.
Key Takeaways
During the Institute, panelists centered discussion on the SEC’s disclosure and enforcement priorities. Here are the key takeaways:
- Registrants should review the SEC’s cybersecurity disclosure rules and ensure their disclosures are tailored to the company.
- Where appropriate, registrants should specifically address AI in their disclosures, including its meaning, use in the business, and risks arising from its use.
- Gatekeepers should stay vigilant and vocalize concerns to ensure that those concerns are appropriately addressed.
- Registrants should review their insider trading policies and employee training materials and consider making updates to address prohibitions more broadly against the misuse of MNPI.
- SEC panelists’ perspectives are that the Jarkesy opinion is likely to not have much, if any, impact on the SEC’s enforcement actions.
[View source.]
