In a panel at a recent securities conference, former SEC division heads discussed SEC Chair Gary Gensler’s rulemaking agenda and staff appointments. The panelists noted an ambitious to-do list and centralized approach to rulemaking and predicted coming prescriptive requirements in the areas of climate change and human capital disclosures. They also foresee increased requirements for cybersecurity and 10b5-1 trading plans.
The panel took place September 23, 2021 at Northwestern Pritzker School of Law’s Garrett Institute and Corporate Counsel Virtual Institute. The panel was moderated by Sonia Barros, partner at Sidley Austin, and included Stephanie Avakian, former Director of the SEC Division of Enforcement and partner at Wilmer Cutler Pickering Hale and Dorr; Bill Hinman, former Director of the SEC Division of Corporation Finance and partner at Simpson Thacher & Bartlett; and John White, former Director of the SEC Division of Corporation Finance and partner at Cravath, Swaine & Moore.
Ambitious SEC rulemaking agenda. Gensler has put out a full agenda with many items, said White, but it is not necessarily unrealistic. Most significantly, Gensler has the votes he needs, with a 3-2 Commission. Gensler also has a reputation as a very experienced rulemaker, and from what he has said publicly, his aspirations for the rules seem measured and achievable. Further, White observed that Gensler seems to be centralizing rulemaking within the chairman’s office, which is a break from tradition but could allow him to get things done more efficiently. That said, Gensler has acknowledged the list is very ambitious, calling it a “sprawling regulatory workload” in remarks on September 22 at the Council for Institutional Investors.
Hinman agreed that Gensler’s rulemaking agenda is ambitious. In comparison, former SEC Chair Jay Clayton cut back the agenda to rules that could reasonably be accomplished within a year. Hinman pointed out that rulemaking can be delayed when staff resources get pulled away to deal with pressing issues, such as Covid-19, China-related issues, and issues relating to retail investors like Robinhood and gamification. Hinman also pointed out that Gensler is revisiting some recently finalized rules. For example, of 15 Division of Corporation Finance rules on the agenda, six were done during the Clayton administration, including exempt offerings, resource extraction, human capital management, Rule 14a-8, and proxy voting advice.
Unusual staff appointments. It is unusual for this many director-level positions to remain unfilled at this point in a chairmanship, said Avakian. Current open positions include Investment Management, Trading and Markets, and Examinations. At the same time, Gensler has fully staffed his own policy advisory group, including the newly created position of ESG/climate advisor. This gives an idea of his focus and supports the theory that a lot of rulemaking may get done from the chairman’s office, said Avakian. Another break from the past is that a number of high-level positions have been filled from academia, including CorpFin, Division of Economic and Risk Analysis (DERA), and the Office of the General Counsel.
Climate change disclosures. Noting that an audience poll identified ESG as the number one topic, White said the rulemaking agenda includes proposals for two areas, climate change and human capital management. Regarding climate change, Alison Herren Lee laid the groundwork with an invitation for public comment in March, and John Coates publicly discussed alternatives during his time as acting director of CorpFin.
White highlighted Gensler’s remarks to the Principles for Responsible Investment as reflecting Gensler’s plans for climate disclosure. White noted three key aspects of the remarks:
- Gensler wants to require disclosure of specific quantitative metrics, focusing on Scope One and Scope Two greenhouse gas emissions disclosures. He has also asked staff to look at Scope Three disclosures.
- Gensler said he wants staff to learn from and be inspired by external standard setters, but the SEC will write its own rules to establish the appropriate climate risk disclosure regime for U.S. markets.
- Gensler wants the disclosures to go in Form 10-K.
Hinman agreed that Gensler is taking a modest approach to climate disclosures. Imposing Scope Three disclosures, which would require companies to report on downstream greenhouse gas emissions, would be expensive for companies, especially small businesses, said Hinman.
Hinman pointed to a recent move by SEC staff that gives a hint of how they are viewing climate change disclosure. The SEC published a sample of staff comment letters relating to climate change. The letters reference various elements of previous staff guidance. In particular, staff is looking at whether companies publish different information in their 10-Ks than their sustainability report and asking companies to explain any discrepancy. That’s fair, said Hinman.
On the materiality of climate change disclosures, Hinman said that Commissioner Alison Herren Lee stated while serving as Acting Chair that unless there is a prescriptive requirement, companies do not have to talk about some of these items, unless a failure to talk about the issue makes the remainder of disclosure problematic or misleading. On some of the more granular points, Hinman thinks that gives companies a path to be able to say in the absence of a line-item requirement, this is something we did not view as material or necessary to get into to make the same as we did make materially correct.
Hinman said he hopes staff does not take a more novel approach to materiality, which is that information might be material because investors are interested in it, regardless of whether it ties to the financial condition, prospects, or health of the company. Gensler has suggested this in a couple of speeches, said Hinman.
From an enforcement perspective, Avakian said it is hard to imagine disclosure cases being brought for omissions in the absence of prescriptive requirements. More likely, she imagines an enforcement action in the context of a registrant making affirmative statements overstating their “green” credentials. She advised that companies should make sure they have strong disclosure controls and governance.
Human capital disclosures. White believes the human capital proposal may come earlier than the climate proposal, possibly by the end of the year. He assumes the proposed disclosures will relate to workforce diversity and compensation. In particular, he looks to the dissents of the two Democratic commissioners to the final rules last fall. Each mentioned three metrics, with one overlapping, for a total of six metrics.
Hinman agreed that the previous Democratic commissioner dissents probably provide a good idea of what will be in the new proposal. Hinman said he has been a little surprised to see that in complying with the existing rule, companies actually giving a fair amount of human capital resource metrics and disclosures, and they are doing it in a way that is filtered by what's material to their company. He hopes that staff will have enough time to review current Form 10-K disclosures as they think about refining the forthcoming proposal.
Cybersecurity. Avakian thinks we will see “increased aggression” from the SEC about cybersecurity disclosure failures. Although there is guidance on what companies ought to disclose in the wake of a breach or incidents, it is not at all prescriptive.
Until recently, the SEC had only brought one straight disclosure case, in which charged Yahoo with fraud for failing to disclose what was at the time one of the world's largest data breaches. Since then, the SEC has brought two more cases.
In First American, the SEC charged a failure to maintain disclosure of controls and procedures designed to ensure that all the available relevant information concerning a cyber vulnerability was analyzed for disclosure in the filings. The interesting thing, said Avakian, is that the SEC did not state that the disclosure was wrong. Rather, the issue was that disclosure controls and procedures were not designed to ensure that management had all the relevant information.
In Pearson, a company was alleged to have made misstatements about a 2018 intrusion. The company discussed the hypothetical risk of an incident when a breach had already occurred and also misstated the scope of the breach when they made a statement.
Avakian believes Chairman Gensler has previewed prescriptive rulemaking on the horizon for both cyber preparedness as well as disclosure obligations in the wake of a breach or ransomware payment.
Regarding cybersecurity guidance adopted during Hinman’s directorship, Hinman said the guidance really emphasizes disclosure controls. One of the reasons for that was to make sure not only that disclosure was coming out in a timely basis, but also to make sure that insider trading or trading policies took into account what was happening. In some egregious situations, there have been breaches accompanied by someone inside the company selling their stock. Arguably, the person trading did not know about the breach at the time, but it was a fairly senior person, which is an ugly fact pattern for any company to deal with, said Hinman.
10b5-1 trading plans. Regarding 10b5-1 trading plans, Hinman said this is an area of focus for Gensler. It started as a focus under Clayton, and Hinman believes Gensler will build on this. In particular, one issue is that there is no standard for phase-in periods. They vary across different executive plans—they may happen fairly quickly, or they may be delayed a month or until after the next earnings announcement.
Hinman thinks the proposal will likely include the following elements:
- A standard of at least a one month “feathering” period.
- A provision about earnings releases between the time of the adoption of a plan and the time the first trades occur.
- An explicit requirement that you can only have one plan at a time.
- A provision that says if you stop a plan, you cannot restart with a new plan for some extended period of time.
- A requirement that a plan be adopted in good faith.
Proxy reform. Hinman believes that recent announcements and guidance around proxy voting advice have made it a little unclear how to interpret existing rules. He believes the rules were pretty straightforward and were adopted on a 3-2 vote, and it is not the best precedent to put recently adopted rules aside. Similarly, proxy access rules are being revisited that were only recently completed after a lot of work and effort from staff. All of that will be reconsidered, said Hinman.