Public Companies Quarterly Update (Q2 2024)

Robert Christoffel, Michael Gold, Mark Gruhin, George Naya, Sarah Nichols, Joel Plainfield, Guzel Sadykova, Vanessa Schoenthaler
Saul Ewing LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Saul Ewing LLP

Welcome to Saul Ewing’s Public Companies Quarterly Update series. Our intent is to, on a quarterly basis, highlight important legal developments of which we think public companies should be aware. This edition is related to developments during the second quarter of 2024. 

What You Need to Know: 

  • Implementation of the Securities and Exchange Commission’s (“SEC’s”) climate-related disclosure rules remains stayed by the Fifth Circuit Court of Appeals and the SEC, with ongoing litigation in the Eighth Circuit challenging the SEC’s authority to have adopted the rules, nevertheless companies should continue to consider climate-related risks and disclosures amid ongoing pressure from investors and other regulators.
  • The U.S. Department of the Treasury (“Treasury”) and Internal Revenue Service (“IRS”) in recent months have issued proposed and final regulations on the 1% excise tax on stock repurchases and similar transactions for publicly traded domestic corporations, enacted as part of the Inflation Reduction Act of 2022. Under these regulations, the excise tax would not only apply to straightforward “repurchases” and redemptions but may also implicate certain reorganizations, acquisitions, and compensatory equity awards, requiring companies take proactive measures to manage tax liabilities and reporting obligations.
  • The Corporate Transparency Act (“CTA”) compliance deadline for existing companies is less than six months away, and while the CTA generally exempts public companies, not all subsidiaries may be exempt and companies should remain aware of the reporting requirements and ensure compliance throughout the organizational structure.
  • New Compliance and Disclosure Interpretations (“C&DIs”) provide clarity to reporting cybersecurity incidents involving ransomware under new Item 1.05 to Form 8-K.
  • The SEC entered an order against BF Borgers CPA PC (“BF Borgers”), and its owner, Benjamin F. Borgers (“Borgers”), permanently barring them from practicing before the SEC as accountants, impacting a significant number of reporting companies and prompting the Division of Corporation Finance’s (“CorpFin’s”) Office of the Chief Accountant (“OCA”) to issue guidance regarding a company’s disclosure and reporting obligations in light of the order.
  • The U.S. House of Representatives passed the Financial Innovation and Technology for the 21st Century Act on May 22, 2024 (“FIT21”), perhaps signaling growing support for division of regulatory oversight of digital assets between the SEC and Commodity Futures Trading Commission (“CFTC”).

An Update on the SEC’s Climate-Related Rules; Stay Continues

As indicated in our last newsletter, the SEC adopted final rules requiring public companies to disclose climate-related information in registration statements and reports. See Public Companies Quarterly Update (Q1 2024). On March 15, 2024, the U.S. Court of Appeals for the Fifth Circuit issued an administrative stay temporarily blocking the implementation of the new rules. On April 4, 2024, the SEC issued its own order staying the rules.

The Judicial Panel on Multidistrict Litigation, by lottery, designated the U.S. Court of Appeals for the Eighth Circuit to consolidate the cases challenging the rules. The Eighth Circuit set a briefing schedule for the litigation, requiring the petitioners opening brief by June 14, 2024, and intervenors and amici briefs in support of petitioner by June 24, 2024. Respondents brief is due by August 5, 2024, with intervenors and amici briefs in support of respondents due by August 15, 2024. Petitioner’s reply brief is due by September 3, 2024.

Petitioners have made many arguments against the rules, which the SEC has indicated it will “vigorously defend.” A central tenet of the arguments against the rule is often that the SEC did not have the authority to issue it. Petitioners have also argued that the new rules attempt to address a major question without the necessary authorization from Congress and that the rules are arbitrary and capricious.

The Supreme Court’s ruling on June 28, 2024 in Loper Bright Enterprises vs. Raimondo, over-ruling the long-standing precedent in Chevron vs. Natural Resources Defense Council, will clearly have an effect on the way the lower courts evaluate these arguments. Lower courts will now review the question of the SEC’s authority to issue these rules and its internal determinations of the other questions without deferring to the SEC’s interpretation of the questions under the securities laws. Overall, this adds uncertainty to the eventual fate of the climate change disclosure rules and in what form, if any, they may eventually go effective.

Meanwhile, back in the less lofty world of the everyday practitioner … issuers continue to need to consider climate-related risks and disclosures. We would expect the SEC to continue to issue comment letters related to climate-related disclosures, referring to the SEC’s 2010 guidance on climate change disclosures. See Interpretation: Commission Guidance Regarding Disclosure Related to Climate Change. Moreover, companies need to continue to prepare for the possibility that some or all of the promulgated rules will survive the court challenges. Implementation of the internal controls and reporting procedures to comply with these rules will take time and, if companies have not started planning for them, they should now. Investors and customers continue to put pressure on companies to be more forthcoming about climate-related disclosures and other regulators, most notably in the European Union and California, are requiring disclosures.

The SEC rules may not survive in their current form but the trend towards disclosure is likely to march forward. Please reach out to any of the authors of this newsletter or your regular Saul Ewing contact for more information.

Excise Tax on Stock Repurchases and “Economically Similar Transactions”

In April, Treasury and IRS issued two sets of proposed regulations on the excise tax on stock repurchases and “economically similar” transactions that was enacted as part of the Inflation Reduction Act of 2022. The proposed regulations generally align with initial guidance issued by Treasury and IRS in 2023 (Notice 2023-2, the “Notice”). One set of the proposed regulations provides taxpayers and tax professionals with guidance on how to report and pay the excise tax (the “Procedural Regulations”). In June, Treasury and IRS finalized the Procedural Regulations. The other set of proposed regulations provides guidance on the application of the new excise tax imposed by Section 4501 of the Internal Revenue Code (the “Substantive Regulations”). Neither the proposed or final Procedural Regulations nor the proposed Substantive Regulations deviated much from the preliminary guidance set forth in the Notice. Accordingly, few if any significant changes are expected to be included when the Substantive Regulations are promulgated in final form. Absent a change, the regulations would apply to transactions that occurred after December 31, 2022. 

The excise tax is 1% of the fair market value of net shares repurchased during a taxable year by a “Covered Corporation.” A Covered Corporation is a domestic corporation whose stock is traded on an established securities market, which includes both regulated exchanges and interdealer systems (such as alternative trading systems and over-the-counter markets) that merely distribute bid and ask prices. In addition to the obligation to pay the excise tax, Covered Corporations will in most instances also be required to file an excise tax return for any taxable year in which a repurchase (or economically similar transaction) occurs. The reporting obligation applies with respect to such a taxable year regardless of whether an excise tax is actually due for that taxable year.

The proposed Substantive Regulations define a broad set of transactions that fall within the excise tax’s ambit: capturing both stock repurchases and “economically similar transactions.” An economically similar transaction is any transaction Treasury determines to be economically similar to a stock repurchase or redemption for purposes of the excise tax. Fortunately, the proposed Substantive Regulations include an exclusive list of such economically similar transactions (see prop. Treas. Reg. Section 58.4501-2(e)(4)). We note, however, that the proposed Substantive Regulations include a reservation by Treasury to add additional transactions to the list—mainly on a prospective basis but potentially also retroactively. 

The list of economically similar transactions encompasses a broad range of transactions. Certain cash payments made in reorganizations and acquisitions are included in the list. For example, the receipt of any “boot” (such as cash) by the stockholders of a Covered Corporation in a reorganization under Section 368(a) of the Internal Revenue Code (including asset acquisitions and forward and reverse triangular mergers) is listed as an economically similar transaction subject to the excise tax. The proposed Substantive Regulations also extend the reach of the excise tax into capital markets transactions by disregarding the tax integration of convertible debt issued simultaneously with a derivative. The result is a requirement for a company to evaluate separately the stock issued or received with respect to each individual component of the transaction. The settlement of options and other compensatory equity awards, and their forfeiture, as well as the application of a clawback arrangement also have potential excise tax liability and reporting obligations. 

Given the excise tax’s broad scope, we recommend companies and their advisors to proactively assess the extent to which their ongoing operations (from January 1, 2023 onwards) generate excise tax liabilities or trigger reporting obligations. Adjustments to those operations, including to compensatory programs, could then be evaluated and implemented on a prospective basis. Similarly, companies involved in reorganizations or acquisitions must take the excise tax into consideration when structuring their reorganization or transaction to avoid falling into one of its many traps for the unwary.

The authors would like to thank Robert Christoffel for his review and thoughtful comments to the above piece. Please reach out to Robert Christoffel, any of the members of our tax team or your regular Saul Ewing contact for more information.

A Guide for Public Company Compliance with the Corporate Transparency Act

CTA Overview

The CTA, effective January 1, 2024 as part of the Anti-Money Laundering Act of 2020, represents a significant step from regulators toward increasing transparency in corporate ownership in the U.S. The CTA mandates that certain entities disclose their beneficial ownership information to the Financial Crimes Enforcement Network (“FinCEN”) by filing a Beneficial Ownership Information Report (“BOIR”). For companies formed on or after January 1, 2024, a BOIR must be submitted within 90 days of the entity’s creation; for entities existing prior to 2024, a BOIR must be submitted by January 1, 2025. Any changes to beneficial ownership might necessitate an amendment to a company’s BOIR, which must be filed within 30 days of the change.

Under the CTA, corporations, limited liability companies, and any other entity that has filed a formation document with any U.S. state or territory must report their beneficial owners to FinCEN. A beneficial owner is an individual who owns or controls, whether directly or indirectly through other entities, at least 25 percent of the company’s ownership interests, or a beneficial owner may be someone who exercises substantial control over the company (e.g., CEO, COO, CFO, etc.). The information to be reported includes the beneficial owners’ full legal names, dates of birth, current residential or business addresses, and photographic evidence of an identification document with a unique identifying number, typically a driver’s license or passport. In addition, companies formed after the CTA’s effective date must also report this information for its company applicants, or the two individuals responsible for directing the filing of the formation documents.

The CTA provides for civil and criminal penalties for violations, including a fine of up to $10,000, imprisonment for up to two years, or both, for persons who willfully provide false or fraudulent BOIR information or who fail to report complete or updated BOIR information to FinCEN. Penalties may also apply to reporting companies and senior officers of reporting companies.

Exemption for Public Companies

The CTA provides for 23 exemptions to the reporting requirements, which, generally, exempt companies that operate in industries already highly regulated. Public companies, defined under the CTA as issuers of securities registered under Section 12 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), or required to file reports under Section 15(d) of the Exchange Act, are generally exempt from the CTA’s reporting requirements. This exemption acknowledges that public companies are already subject to rigorous disclosure and reporting obligations under federal securities laws, ensuring a high level of transparency.

Also of note is an available CTA exemption for subsidiaries of exempt companies, whereby an entity that is wholly owned by an exempt company is also exempt from reporting requirements. This exemption means that several entities in a public company’s organizational chart could also be exempt and therefore would not need to file a BOIR with FinCEN. However, it remains crucial for public companies to confirm their exemption status at the public company and subsidiary levels and to maintain documentation supporting these exemptions. This includes ensuring that the public company remains compliant with SEC reporting requirements and promptly addresses any changes in its status that might affect its exemption.

Establishing Internal Controls for CTA Compliance

While public companies are typically exempt from the CTA, establishing robust internal controls to ensure ongoing compliance and to address any potential changes in exemption status remains important. Below are some recommendations for assessing and establishing controls:

  • Regularly assess eligibility for exemptions under the CTA of each company in the organizational structure.
  • Maintain detailed documentation to support a company’s exemption status.
  • Maintain records of all beneficial ownership information in the event an exemption status changes.
  • Educate employees, especially those in legal, compliance, and finance departments, about the CTA and its implications.
  • Provide ongoing training related to recognizing and responding to potential changes in exemption status.
  • Establish clear reporting mechanisms for changes in ownership or control that could impact a company’s exemption status.
  • Engage outside counsel to review the organizational structure, exemption status and compliance efforts.
  • Stay informed about amendments or regulatory updates related to the CTA.
  • Implement or revise internal audit processes to regularly review compliance with CTA requirements.
  • Ensure that these mechanisms are integrated into the broader compliance and risk management framework.

Staying proactive and vigilant in compliance efforts not only protects the company from potential legal and financial penalties but also reinforces its reputation as a transparent and trustworthy organization in the eyes of regulators, investors, and the public.

The SEC Issued Five New Cybersecurity Incident Compliance and Disclosure Interpretations

On June 24, 2024, the staff of CorpFin issued five new C&DIs related to cybersecurity incidents involving ransomware.

A Refresher on Cybersecurity Incident Disclosure Requirements

As we discussed in our Q3 2023 newsletter, on July 26, 2023, the SEC adopted new rules to enhance and standardize disclosures related to cybersecurity risk management, strategy, governance and incidents. The rules added a new Item 1.05 to Form 8-K, which generally requires that a company disclose a “cybersecurity incident” within four business days of determining that the incident is material. See Public Companies Quarterly Update (Q3 2023).

A “cybersecurity incident” is defined in new Item 106 of Regulation S-K to mean an unauthorized occurrence, or a series of related occurrences, on or through a company’s “information system” that jeopardizes the confidentiality, integrity or availability of the information system or any information residing therein. An “information system” is defined to mean electronic information resources, owned or used by a company, including physical or virtual infrastructure controlled by such information resources, or components thereof, organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of the company’s information to maintain or support its operations.

When disclosing a cybersecurity incident, a company must describe the material aspects of its nature, scope, and timing, and the material impact or reasonably likely material impact on the company, including on its financial condition and results of operations.

What is Ransomware?

The U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) describes ransomware as “a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” In a ransomware attack a bad actor will demand ransom, often in the form of a difficult to trace digital currency, in exchange for decrypting the affected files. Many ransomware attacks are carried out using a trojan horse—a malicious code or software disguised as a legitimate file—contained in an email attachment that a system user is duped into downloading or opening.

CorpFin’s Ransomware C&DIs

The first new C&DI, 104B.05, addresses a scenario where a company, following a ransomware attack, makes the demanded ransomware payment and, as a result, the related attack ends before the company makes a determination about whether the incident is material, and answers the question: is it still necessary to make a materiality determination? Yes, in CorpFin’s view a company cannot simply conclude that a cybersecurity incident is not material because it has ended. Rather the staff advises that, as with other materiality assessments, a company should determine “if there is a substantial likelihood that a reasonable shareholder would consider it important in making an investment decision, or if it would have significantly altered the total mix of information made available,” notwithstanding the fact that the incident may have already been resolved.

C&DI 104B.06 addresses a scenario where a company experiences a material ransomware attack that results in a disruption in operations or the exfiltration of data and that has a material impact or is reasonably likely to have a material impact on the company, including its financial condition and results of operations, and asks: if the company makes the ransomware payment and, as a result, the related attack ends before the Form 8-K deadline, does the company still need to disclose the cybersecurity incident under Item 1.05 to Form 8-K? Yes, in CorpFin’s view, notwithstanding the fact that the incident has ended, the company must still report it under Item 1.05 to Form 8-K within four business days after the determination that it was a material cybersecurity incident.

C&DI 104B.07 asks: if a company makes a demanded ransomware payment but has an insurance policy that reimburses all or a substantial portion of the payment, is the cybersecurity incident as a result not material? CorpFin thinks not, and clarifies that when assessing the materiality of a cybersecurity incident, a company “should take into consideration all relevant facts and circumstances, which may involve consideration of both quantitative and qualitative factors” including, for example, “consider[ing] both the immediate fallout and any longer term effects on its operations, finances, brand perception, customer relationships, and so on … .” Such an analysis may include an assessment of the subsequent availability, or increase in cost, of insurance policies covering cybersecurity incidents.

C&DI 104B.08 questions whether the size of the ransomware payment, in and of itself, is determinative as to whether an incident is material? Again, CorpFin says no. The size of a ransomware payment is only one of the facts and circumstances that a company should consider in making a materiality determination, further a lack of quantifiable harm does not necessarily mean that an incident is not material. For example, CorpFin notes that a cybersecurity incident that results in significant reputational harm, but which may not cross a particular quantitative threshold, should nonetheless be reported if the reputational harm is material.

Finally, C&DI 104B.09 addresses a scenario where a company experiences a series of cybersecurity incidents involving ransomware attacks over time, and determines that each incident, individually, is immaterial, and asks the question: is disclosure required pursuant to Item 1.05 of Form 8-K? Here CorpFin clarifies that when assessing its disclosure obligations, a company should consider whether any of the cybersecurity incidents were related, and, if so, determine whether those related incidents, collectively, were material.

The SEC Charged an Audit Firm and Its Owner with Massive Fraud, Impacting a Significant Number of Reporting Companies 

On May 3, 2024, the SEC charged audit firm BF Borgers, and its owner, Benjamin F. Borgers, with significant and systematic non-compliance with Public Company Accounting Oversight Board (“PCAOB”) standards, affecting over 1,500 SEC filings between January 2021 and June 2023. Key findings from the SEC’s order include that BF Borgers: falsely assured clients that their audits adhered to PCAOB standards; fabricated audit documentation to indicate compliance; and falsely stated in the audit reports of over 500 public company filings that it had complied with PCAOB standards.

To settle the charges, BF Borgers and Borgers agreed to, among other things, $12 million and $2 million, respectively, civil penalties, censures and permanent bars from practicing before the SEC as accountants under Section 4C of the Exchange Act and Rule 102(e) of the SEC’s Rules of Practice.

The bar took effect immediately, and companies that had previously retained BF Borgers were required to engage new, qualified, independent, PCAOB-registered public accountants to audit or review their financial statements right away. In conjunction with the bar, CorpFin’s OCA issued a statement providing additional guidance regarding the disclosure and reporting obligations that an affected company might have, including:

  • Disclosing under Item 4.01 to Form 8-K when BF Borgers resigned or was dismissed, as well as the information required by Item 304 to Regulation S-K, however, in lieu of including a letter from BF Borgers stating whether it agrees with the Item 304 disclosure, OCA advised that it would be appropriate to indicate that BF Borgers is not currently permitted to appear or practice before the SEC.
  • OCA advised that Exchange Act reports filed before the effective date of the bar did not necessarily need to be amended solely because of bar, however, that companies should consider whether their filings may need to be amended to address any reporting deficiencies.
  • OCA advised that companies with pending registration statements or offering statements that contained or incorporated by reference financial information audited or reviewed by BF Borgers would need to file pre-effective or pre-qualification, as applicable, amendments to include financial information audited or reviewed, as applicable, by a new qualified, independent accountant.
  • OCA reminded companies with effective registration statements under the Securities Act of 1933, as amended (the “Securities Act”), containing or incorporating by reference financial information audited or reviewed by BF Borgers, that sales of securities under those registration statements must be preceded or accompanied by a Securities Act Section 10(a)-compliant prospectus, which must not include an untrue statement of a material fact or omit to state a material fact necessary in order to make the statements, in the light of the circumstances under which they were made, not misleading.
  • Similarly, companies with qualified offerings statements containing or incorporating by reference financial information audited or reviewed by BF Borgers, were reminded that those offering statements must not include an untrue statement of a material fact or omit to state a material fact necessary in order to make the statements, in the light of the circumstances under which they were made, not misleading

According to the SEC’s order, of 369 BF Borgers’ clients whose public filings incorporated its audits and reviews between January 2021 and June 2023, at least 75 percent of the filings incorporated audits and reviews that did not comply with PCAOB standards. So many companies were ultimately impacted by BF Borgers’ bar that, on May 20, 2024, the SEC issued an exemptive order granting affected companies that timely filed a Form 12b-25 (Notification of Late Filing) an additional 25 calendar days to file their Form 10-Q.

Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, described “Borgers and his sham audit mill” as “one of the largest wholesale failures by gatekeepers in our financial markets.”

This case underscores the critical role of compliance with auditing standards to maintain market trust and protect investors.

Financial Innovation and Technology for the 21st Century Act and the Central Role of Decentralization

On May 22, 2024, the U.S. House of Representatives passed FIT21 with bipartisan support, marking the first major digital asset legislation passed by a congressional chamber. FIT21 aims to create a new federal regulatory framework for digital assets by delineating SEC and CFTC responsibilities, establishing categories for digital assets, and requiring digital asset intermediaries to register with appropriate agencies. Despite House approval, the bill faces uncertainty in the Senate and opposition from President Biden, who seeks stronger protections for consumers and investors. SEC Chairman Gary Gensler also warns that FIT21 creates regulatory gaps and undermines existing securities laws.

The federal regulatory framework for digital assets advanced under FIT21 divides responsibilities for regulation of digital assets, transactions, and market participants between the SEC and CFTC, as well as modifies existing securities and commodity laws to account for blockchain technology applications. Among other things, FIT21 principally distinguishes between three categories of digital assets which determine whether a digital asset falls under the jurisdiction of the SEC or the CFTC as a (i) “restricted digital asset” (subject to the SEC’s jurisdiction), (ii) “digital commodity” (subject to the CFTC’s jurisdiction), and (iii) “permitted payment stablecoin” (which, depending on the type of intermediary involved in a transaction may fall under either SEC or CFTC jurisdiction). Brokers, dealers, and exchanges transacting in either “restricted digital assets” and “digital commodities” would need to register with, and be subject to regulation by, the SEC or CFTC, respectively.

Under FIT21, digital assets would generally initially be considered “restricted digital assets” unless they meet the definition for permitted payment stablecoins or are otherwise self-certified as digital commodities. The bill would establish criteria for distinguishing between restricted digital assets and digital commodities based on the:

  • level of decentralization and functionality of the digital asset’s blockchain system;
  • method that the end investor or consumer uses to acquire the digital asset; and 
  • party holding the digital asset at the time of determination. 

The categorization scheme of digital assets proposed under FIT21 would remove digital assets recorded on a blockchain from the statutory definition of “securities” and determination of whether a digital asset qualifies as a “restricted digital asset” subject to the SEC’s jurisdiction and securities regulations would no longer be based on the Supreme Court’s longstanding Howey test. Instead, central to the distinction between a “restricted digital asset” regulated by the SEC and a “digital commodity” regulated by the CFTC, FIT21 would provide legal recognition of the concept of “decentralization” as a distinguishing feature of blockchain systems, such that digital assets based upon sufficiently decentralized and functional blockchain systems should be considered “digital commodities.” 

With respect to the determination of the “decentralization” of a digital asset, FIT21 would create a self-certification procedure where any person can file a certification with the SEC that the blockchain system to which a digital asset relates qualifies as a decentralized and functional system. The SEC would then have sixty days to rebut such a certification, but if it did not and the system is deemed decentralized, then the assets on that blockchain would be considered “digital commodities” (even if previously considered restricted digital assets), subject to CFTC jurisdiction. And although the SEC would oversee the self-certification procedure, FIT21 directs both the SEC and CFTC to jointly establish criteria for the self-certification process. Chairman Gensler cautions that under FIT21’s procedures, limits on SEC staff resources would cause the SEC to be “[unable to] review and challenge more than a fraction of those assets.”

If enacted, FIT21 would significantly change the regulatory landscape for digital assets and blaze a new path for the CFTC to have considerably expanded oversight over the trading of digital commodities and the entities and platforms that transact in them. While FIT21 remains the subject of considerable debate and appears unlikely to be voted on by the Senate, its divided approach to SEC and CFTC oversight may yet forecast the approach of digital asset regulation to come. 

Closing Thoughts

Though the SEC was not as active on the rulemaking front in the second quarter of 2024 as it has been in prior quarters, there is still much for public companies to keep up with on the compliance, regulatory and enforcement fronts as we move into the second half of the calendar year. 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Saul Ewing LLP

Written by:

Saul Ewing LLP
Saul Ewing LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Saul Ewing LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide