Preparing for the 2025 Annual Report and Proxy Season

This Client Alert provides an overview of new developments and highlights key considerations for calendar year-end public companies preparing their Annual Reports on Form 10-K for 2024 and proxy statements for annual meetings in 2025. In this Client Alert, we touch upon recent rulemaking from the U.S. Securities and Exchange Commission (the "SEC" or the "Commission"), emerging trends among reporting companies, recent comment letters issued by the staff of the SEC’s Division of Corporation Finance (the "Staff") and developments in the securities litigation and SEC enforcement landscape.

While we anticipate that changes in SEC leadership under the new presidential administration will likely result in a shift in the SEC’s disclosure rulemaking and enforcement priorities, public companies remain subject to rules and guidance that are currently in effect, subject to certain rules that are presently stayed following judicial review, as discussed further below.

Insider Trading Policies and Procedures

In December 2022, the SEC adopted several rule amendments and disclosure requirements relating to insider trading arrangements. Compliance with several of these amendments has already been phased in, including the new conditions to the availability of the affirmative defense under Rule 10b5-1(c)(1), the disclosure requirements relating to the adoption and termination (including modification) of an insider’s Rule 10b5-1 plan and changes relating to the reporting requirements on Forms 4 and 5. Compliance with other amendments is forthcoming for calendar year-end companies, as described below. 

• Company Adoption of Insider Trading Policies and Procedures – Under new Item 408(b)(1) of Regulation S-K, a company is required to disclose in its Form 10-K or annual meeting proxy statement whether it has adopted insider trading policies and procedures governing the purchase, sale and/or other disposition of the company’s securities by its directors, officers and employees, or the company itself, that are reasonably designed to promote compliance with insider trading laws, rules and regulations, as well as applicable listing standards. If a company has not adopted such policies and procedures, then it must explain why it has not done so. If a company has adopted insider trading policies and procedures, then, pursuant to Items 408(b)(2) and 601(b)(19) of Regulation S-K, it must file such policies and procedures as an exhibit to its Annual Report on Form 10-K.

Companies are required to comply with these requirements in the first filing that covers the first full fiscal year beginning on or after April 1, 2023. For calendar year-end companies, compliance will be required in the Form 10-K filed in February or March 2025. The disclosure required by this item must be tagged in Inline XBRL format.

• Options Granted Close in Time to the Release of Material Nonpublic Information – Under new Item 402(x) of Regulation S-K, companies are required to provide disclosures about their policies and practices on the timing of option awards made close in time to the company’s disclosure of material non-public information ("MNPI"). Companies must include both narrative and tabular disclosures, as described below.
  • Narrative Disclosure – Companies must discuss their policies and practices on the timing of awards of stock options, stock appreciation rights ("SARs") and similar option-like instruments in relation to the disclosure of MNPI. The disclosure generally must include (1) how the company’s board of directors determines when to grant such awards (e.g., whether the awards are granted on a pre-determined schedule), (2) whether, and if so how, the board (or the compensation committee) takes MNPI into account when determining the timing and terms of an award and (3) whether the company has timed the disclosure of MNPI for the purpose of affecting the value of executive compensation.
  • Tabular Disclosure – If, during the last completed fiscal year, stock options, SARs or similar option-like instruments were awarded to a named executive officer ("NEO") within a period starting four business days before and ending one business day after the filing of the company’s Form 10-Q or Form 10-K, or the filing or furnishing of a Current Report on Form 8-K that discloses MNPI (other than a Form 8-K used to disclose the grant of a new material option award under Item 5.02(e) of Form 8-K), then certain information must be provided in tabular form about the award. The table must include (1) the name of the NEO and, on an award-by-award basis, (2) the grant date of the option award, (3) the number of securities underlying the options, (4) the per-share exercise price of the options, (5) the grant date fair value of the award and (6) the percentage change in the market price of the underlying securities between the closing market price of the security one trading day prior to and the trading day beginning immediately following the disclosure of MNPI.

The disclosures required by Item 402(x) are required in the first filing covering the full fiscal year beginning on or after April 1, 2023. For calendar year-end companies, compliance will be required in the Form 10-K filed in February or March 2025. The disclosure required by this item must be tagged in Inline XBRL format.

• Adoption, Modification and Termination of Rule 10b5-1 Plans and Certain Other Trading Arrangements – As a reminder, recently adopted Item 408(a) of Regulation S-K requires companies to provide quarterly disclosure on Form 10-Q and Form 10-K of (i) the adoption, modification or termination of a Rule 10b5-1 plan or non-Rule 10b5-1 trading arrangement by any director or Section 16 officer and (ii) a description of the material terms of each plan, including the name and title of the director or officer; the date the plan was adopted, modified or terminated; the plan’s duration; and the total amount of securities to be purchased or sold under the plan. Pricing terms are not required to be disclosed. Companies are encouraged to implement controls and procedures with respect to any adoptions or terminations of, or changes to, Rule 10b5-1 plans and to confirm that any pre-existing plans, or new plans adopted in the future, comply with the amended requirements of Rule 10b5-1. For more information on the Rule 10b5-1 amendments or related disclosure obligations, see our December 19, 2022 alert. 
• New Guidance Regarding Sell-to-Cover Plans – Among other changes introduced by the amendments to the Rule 10b5-1(c) affirmative defense to insider trading liability, anyone other than an issuer is generally prohibited from using multiple overlapping Rule 10b5-1 plans. However, the amended rule states that plans covering "eligible sell-to-cover" transactions shall not be considered overlapping plans, provided that such plans cover transactions in which an insider instructs an agent to sell "only such securities as are necessary to satisfy tax withholding obligations arising exclusively from the vesting of a compensatory award" and the insider does not otherwise exercise control over the timing of the sales. In February 2024, certain members of the ABA’s Joint Committee on Employee Benefits ("JCEB") published a memorandum to the JCEB regarding their informal discussions with the Staff regarding the scope of "eligible sell-to-cover" transactions under Rule 10b5-1(c)(1)(ii)(D)(3). Based on these informal discussions with the Staff:
  • "Necessary" Tax Obligations – The members of the JCEB who met with the Staff understand that the Staff does not interpret the reference in Rule 10b5-1(c)(1)(ii)(D)(3) to "only such securities as are necessary to satisfy tax withholding obligations" to mean only the number of shares required to satisfy minimum tax withholding requirements, but rather that the arrangement may cover the expected effective tax rate. However, the Staff noted that the exception for "eligible sell-to-cover" transactions could not be used where shares are sold with the intent of covering taxes for events unrelated to the vesting of the applicable compensatory award subject to the sell-to-cover plan.
  • Reliance on Exception by Non-Employee Directors – The members of the JCEB who met with the Staff understand that the Staff will not object to a non-employee director establishing a contract, instruction or plan as an "eligible sell-to-cover" transaction despite the fact that non-employee directors are not subject to tax withholding obligations. The same rationale as described above for employees would also apply if the non-employee director’s sale in this scenario is designed to cover the director’s withholding tax obligation arising exclusively from the vesting of a compensatory award. As with employee sell-to-cover transactions, the JCEB members believe the Staff would take the position that the sale would not qualify as an "eligible sell-to-cover" transaction where shares are sold with the intent of covering taxes for events unrelated to the vesting of the applicable compensatory award.

Risk Factors

Public companies should carefully review their risk factors and forward-looking statement disclaimers to ensure that all material risks are up to date and adequately described. Although risk factor disclosure will vary depending on the company and its industry, we have included below a non-exhaustive list of potential topics to consider, to the extent applicable. 

• Cybersecurity – Companies should review existing risk factors relating to cybersecurity to confirm that they remain accurate and reflect the company’s circumstances and risk profile. If a company has experienced a cybersecurity incident, it must use language to reflect the realization of that risk and not merely describe such risk in hypothetical terms. Further, if a company is aware of specific, known cybersecurity risks, then it must not describe such risks in generic terms. In 2024, the SEC charged multiple companies with making materially misleading disclosures regarding cybersecurity risks and intrusions, underscoring the SEC’s aggressive focus on both the accuracy and completeness of cybersecurity disclosures.
• Inflation and Interest Rate Risks – While inflationary pressures have eased and interest rates have decreased as compared to recent years, companies should continue to assess whether their disclosures regarding inflationary pressures and risks and uncertainty regarding inflation and future rate changes are adequately discussed. The Federal Reserve reduced interest rates most recently in December 2024, bringing the target range for the federal funds rate to 4.25% to 4.50%, and has signaled the possibility of further rate cuts in 2025, which may affect a company’s operations and financial condition, requiring additional disclosure in risk factors, Management’s Discussion and Analysis (MD&A) and financial statements.
• Artificial Intelligence – Companies that utilize artificial intelligence ("AI") must ensure that their risk factors adequately address material risks posed by such use. Risks may relate to, for example, cybersecurity, competition, innovation, AI-related laws and regulations, ethical concerns and reputational risk. As companies consider their AI disclosures, they are reminded that they must be specific when describing their material AI-related risks rather than using boilerplate language and avoid "AI-washing" – the practice of making exaggerated or unsupported claims about AI’s role or impact. AI disclosures are expected to remain an area of heightened interest by the Staff, particularly as the use of AI becomes increasingly prevalent in the marketplace.
• Geopolitical Conditions – Companies should continue to monitor global geopolitical conditions, including the conflicts in the Middle East, the ongoing war between Russia and Ukraine and rising tensions between China and Taiwan, and, to the extent their operations are or may be impacted, how their risk factors should be updated as these conflicts develop.
• COVID-19 – Companies may consider removing designated risk factors related to the COVID-19 pandemic if they have not already done so. Unless a company remains materially impacted by disruptions stemming from the pandemic, it may be appropriate to incorporate any pandemic-related risks into a more general risk factor about public health and safety threats.
• U.S. Presidential Transition – Companies should assess how leadership transitions in the United States and globally could affect their operations, including potential impacts on trade, the movement of goods and services and the imposition of new tariffs. Companies are encouraged to monitor and assess whether any material changes to their risk factors emerge as the transition progresses over the course of the year.
• Climate Change & Natural Disasters – Although the SEC’s climate disclosure rules have been stayed, companies are reminded that their risk factors still must adequately address material risks posed by climate change and natural disasters. If a company has experienced disruptions to its business due to recent natural disasters, including the hurricanes experienced along the East Coast or the wildfires in California, then it must ensure that its risk factors are carefully reviewed and updated to reflect the materialization of climate- or weather-related risks.

Pay Versus Performance – SEC Staff Comments

The Staff issued several comment letters in 2024 addressing technical noncompliance in pay versus performance ("PVP") disclosures required under Item 402(v) of Regulation S-K. As evidenced by the comment letters, the Staff is looking closely at PVP disclosures, including comparing disclosures to the Summary Compensation Table and audited financial statements and re-calculating figures such as Compensation Actually Paid. Mistakes identified by the Staff have included, among other things:

• Failing to describe the relationship between pay and performance, including where a particular measure is not used in setting compensation;
• Using other net income amounts in the PVP table, such as net income attributable to the controlling interest or registrant;
• Failing to provide GAAP reconciliations for non-GAAP financial measures;
• Using an incorrect peer group (e.g., one that is not the same as the peer group used for purposes of the stock performance graph required by Item 201(e)(1)(ii) of Regulation S-K or, if applicable, the Compensation Discussion and Analysis disclosures required by Item 402(b) of Regulation S-K); and
• Omitting footnote reconciliation disclosures from prior years where the Compensation Actually Paid values reported from prior years were corrected.

Given the Staff’s recent focus on these disclosures, companies are urged to carefully review all calculations included in their PVP disclosures and revisit Staff guidance in preparing their 2025 annual proxy statements to ensure their PVP disclosures fully comply with these detailed requirements.

Cybersecurity 

As previously announced in our August 23, 2023 alert, the SEC now requires disclosure of certain information related to cybersecurity risk management, strategy, governance and material incidents under Item 106 of Regulation S-K. This is the second year in which public companies are required to provide the mandatory cybersecurity disclosure under Item 106. As to be expected, there was significant variation among companies’ cybersecurity disclosures during the first year of compliance with the rule, reflecting the fact that companies’ cybersecurity programs vary based on each company’s specific circumstances. That being said, certain disclosure trends emerged, including: 

• Organization: Most companies organized their disclosure into two sections, generally tracking the organization of Item 106, with one section dedicated to cybersecurity risk management and strategy and the other section focused on cybersecurity governance.
• Length: Disclosure generally ran a page to a page and a half in length.
• Frameworks: Companies commonly referenced their program alignment with one or more external frameworks or standards, with the National Institute of Standards and Technology (NIST) Cybersecurity Framework being the most commonly cited. Companies also frequently discussed specific administrative and technical components of their cybersecurity programs and their high-level approach to responding to cybersecurity incidents.
• Board Oversight: Companies often disclosed that they had delegated primary oversight responsibility for cybersecurity risk oversight to a board committee, typically the audit or risk committee.
• Management’s Role: Most companies listed one or more management positions responsible for addressing and managing cybersecurity risks, commonly the Chief Information Security Officer (CISO). The level of detail provided on the individual’s background varied by company, ranging from a general statement on prior cybersecurity-related roles to more detailed discussions identifying specific titles and technical experience and skills.

We expect that the Staff will be more active in commenting on Item 106 disclosures this year. Beginning with annual reports for fiscal years ending on or after December 15, 2024, cybersecurity disclosures made under Item 106 must be tagged in Inline XBRL format. 

ASC Topic 280 – Segment Reporting

Compliance with enhanced disclosure requirements for segment reporting is now required for most public companies. In November 2023, the Financial Accounting Standards Board issued Accounting Standards Update 2023-07 ("ASU 2023-07"), which requires enhanced disclosures about significant segment expenses. The amendments seek to improve the transparency of financial disclosures to enable investors to better understand an entity’s overall performance and assess potential future cash flow. Existing disclosure requirements on how companies identify operating segments, aggregate those operating segments or apply the quantitative thresholds to determine its reportable segments remain unchanged by the amendments.

ASU 2023-07 applies to all public companies that are required to report segment information in accordance with Accounting Standards Codification Topic 280 and is required for both annual and interim reports. The update is effective for fiscal years beginning after December 15, 2023 and interim periods within fiscal years beginning after December 15, 2024, and must be applied retrospectively to all prior periods presented. For calendar year-end companies, the enhanced disclosures required by ASU 2023-07 must be included in their Form 10-K filings for fiscal year 2024.

According to ASU 2023-07, the amendments will:

1. Require that a public company disclose, on an annual and interim basis, significant segment expenses that are regularly provided to the chief operating decision maker (CODM) and included within each reported measure of segment profit or loss (collectively referred to as the "significant expense principle").
2. Require that a public company disclose, on an annual and interim basis, an amount for other segment items by reportable segment and a description of its composition. The other segment items category is the difference between segment revenue less the segment expenses disclosed under the significant expense principle and each reported measure of segment profit or loss.
3. Require that a public company provide all annual disclosures about a reportable segment’s profit or loss and assets currently required by Topic 280 in interim periods.
4. Clarify that if the CODM uses more than one measure of a segment’s profit or loss in assessing segment performance and deciding how to allocate resources, a public company may report one or more of those additional measures of segment profit. However, at least one of the reported segment profit or loss measures (or the single reported measure, if only one is disclosed) should be the measure that is most consistent with the measurement principles used in measuring the corresponding amounts in the public company’s consolidated financial statements. In other words, in addition to the measure that is most consistent with the measurement principles under GAAP, a public company is not precluded from reporting additional measures of a segment’s profit or loss that are used by the CODM in assessing segment performance and deciding how to allocate resources.
5. Require that a public company disclose, on an annual basis, the title and position of the CODM and an explanation of how the CODM uses the reported measure(s) of segment profit or loss in assessing segment performance and deciding how to allocate resources.
6. Require that a public company with a single reportable segment provide all the disclosures required by ASU 2023-07 and all existing segment disclosures in Topic 280. 

Public companies should ensure that they take the necessary steps to comply with these new requirements, including establishing appropriate internal controls to gather and report the necessary segment information in their annual and periodic reports. Because the new requirements must be applied retrospectively, public companies, even those with only one reporting segment, will be required to make these disclosures for previous periods. Accordingly, public companies should ensure they allow adequate time to gather all prior and current period information necessary to make the required disclosures. And, as always, public companies should be mindful that the Staff continues to issue a significant number of comments on segment disclosures, including where the disclosures by a company in its filings with the SEC do not appear to be consistent with its other public disclosures. Thus, companies should review their public disclosures holistically as they comply with both the new and existing segment disclosure requirements. 

Beneficial Ownership Reporting

As discussed in our January 18, 2024 alert, the SEC adopted amendments to the rules governing beneficial ownership reporting under Sections 13(d) and 13(g) of the Securities Exchange Act of 1934, as amended (the "Exchange Act"), to, among other things, shorten the period in which beneficial owners of more than 5% of a public company’s equity securities have to make initial filings and amendments to Schedules 13D and 13G. The revised Schedule 13D deadlines became effective on February 5, 2024 and the revised Schedule 13G deadlines became effective on September 30, 2024. The amendments also added a requirement that these filings use a structured, machine-readable XML text, which applies to all information disclosed on Schedules 13D and 13G (excluding exhibits), effective December 18, 2024.

In September 2024, the SEC announced the resolution of a number of enforcement actions for violations of beneficial ownership reporting obligations under both Sections 13 and 16 of the Exchange Act. Actions have been brought against officers, directors and investment firms, as well as public companies themselves. These actions have focused on the timing of initial filings and amendments, transitions from Schedule 13G to 13D and late and missing Section 16 filings. Violations ranged from one-off filings, which were late by a few weeks or few months, to years of repeatedly late or missed filings, and sanctions ranged from $10,000 to $750,000, depending on the scope and nature of the violation. In the enforcement sweep, two public companies were charged with contributing to their insiders’ late or missed Section 16(a) filings (by maintaining insufficient procedures to file timely on their behalf) and failing to disclose the delinquent filings as required by Item 405 of Regulation S-K in their Forms 10-K or proxy statements.

These actions, taken together, highlight the SEC’s renewed focus on compliance with beneficial ownership reporting requirements. The enforcement actions also signal a potential shift in the SEC’s enforcement approach as certain of the actions involved more run-of-the-mill failures to make timely or complete filings as compared to the egregious violations that historically have been the source of SEC scrutiny. The SEC indicated that all violations involved in recent actions were identified using data analytics. With the now-effective requirement that all Section 13 filings be made using XML text (in addition to the pre-existing requirement that all Section 16 filings be XML tagged), violations of reporting obligations are expected to be identified more easily.

In light of recent amendments and the SEC’s focus on compliance, companies and investors are encouraged to confirm that the legal and/or compliance teams responsible for beneficial ownership filings understand all applicable reporting requirements. These teams may include brokers, financial advisors and estate planning advisors who may assist company insiders with transactions involving company securities. Companies must also ensure that proper internal controls and systems are in place to identify filing requirements, particularly where a company has undertaken the responsibility of filing on behalf of its insiders, including tracking changes in an insider’s beneficial ownership holdings and filing triggers, like future equity grant or vesting dates. Further, companies should review their procedures for identifying missed or late filings for purposes of Item 405 Regulation S-K disclosures.

Director and Officer Questionnaire Considerations

Although no significant updates to director and officer questionnaires are required by SEC or U.S. stock exchange rules in preparation for this year’s proxy season, companies may wish to consider the following items in light of recent developments:

• The scope of director independence questions, and whether those questions cover non-financial and other relationships that may affect a board’s determination of a director’s independence, following the SEC’s recent settled charges against a company for failing to disclose a board member’s close personal friendship with an executive officer of that company and subsequent filing of a proxy statement containing materially misleading information.
• The illustrative list of director qualifications and expertise, including cybersecurity and any emerging areas that may be of interest to the company’s investor base.
• In the section on beneficial ownership of the company’s securities, clarifying that Item 403(b) of Regulation S-K requires disclosure of securities that have been pledged in connection with a loan or margin account in light of a recent SEC enforcement action brought for insufficient disclosure.
• Highlighting the importance of timely notifying the company of changes in beneficial ownership and reporting late or missed transactions, given the SEC’s recent enforcement sweep for late beneficial ownership reports, as discussed in more detail above. 

Nasdaq Board Diversity Rule

In December 2024, the U.S. Court of Appeals for the Fifth Circuit vacated the SEC’s approval of Nasdaq’s board diversity requirements, ruling that such approval exceeded the Commission’s statutory authority. Nasdaq announced that it does not intend to appeal the decision and the SEC has stated that it is reviewing the ruling. The effect of the ruling is that Nasdaq-listed companies are no longer required to meet specified board diversity criteria or make prescribed disclosures regarding their board’s diversity characteristics, subject to the result of a potential appeal by the SEC, which we view as unlikely given the upcoming changes in the U.S. presidential administration.

Despite the Fifth Circuit’s decision, companies may wish to continue disclosing board diversity information on a voluntary basis, particularly in light of interest among stakeholders, the company’s investor base and the voting recommendations of proxy advisory firms. 

EDGAR Next

In September 2024, the SEC adopted new rules to make its Electronic Data Gathering, Analysis, and Retrieval ("EDGAR") system more secure and user-friendly. The amendments, referred to as "EDGAR Next," represent a significant change to the legacy account management and filing process and aim to address potential security issues with the current platform while streamlining the management of filer accounts. The amendments introduce a new account management "dashboard" and will require individual login credentials and an annual confirmation for each account, among other changes. We discussed the amendments in detail in our November 5, 2024 alert. The EDGAR Next amendments apply to entities (public and private) and individuals that make filings with the SEC, and filers will be required to fully transition to EDGAR Next by September 15, 2025.

Other Reminders

• Climate-Related Disclosure Rules – The climate disclosure rules, adopted by the SEC in early 2024, were voluntarily stayed by the SEC in April 2024 following litigation challenging the rules. The climate disclosures that would otherwise be required by the SEC are not required at this time, and the future of these rules remains uncertain given the pending litigation and upcoming changes in the administration. Companies are nevertheless encouraged to stay apprised of the applicability of various climate disclosure rules, even if not required by the SEC, given the growing number of jurisdictions in the U.S. and abroad that are requiring climate-related disclosures. 
• Share Repurchase Disclosure – In December 2023, the U.S. Court of Appeals for the Fifth Circuit vacated the SEC’s Share Repurchase Disclosure Modernization rule. As a result of the vacatur, the disclosure requirements reverted to those that were in effect prior to the effective date of the final repurchase rule. As a reminder, companies are required under Item 703 of Regulation S-K to report quantitative aggregated monthly share repurchase data in tabular form in their Forms 10-Q and Forms 10-K, in addition to certain narrative footnote disclosures, for any fiscal quarter in which repurchases were made. 
• Increases in SEC Registration Fees – On August 20, 2024, the SEC announced an increase to the fee rate payable in connection with the registration of securities under Section 6(B) of the Securities Act of 1933, as amended, and Section 13(e) and 14(g) of the Exchange Act. Effective October 1, 2024, the registration fee is set at $153.10 per million, up from $147.60 per million in fiscal 2024. Companies should ensure that they update their registration fee calculation models and any registration fee exhibit table to account for the higher fee.