Search results

Since the implementation of the Sarbanes‐Oxley Act of 2002, the SEC has adopted new rules for certifications and proposed many other new rules. The proposals cover financial experts, codes of ethics, internal controls, improper influence of audits, off‐balance‐sheet transactions, non‐GAAP financial information, and trades during pension blackout periods. Among the specific requirements of the new rules are that: (1) an issuer’s principal executive officer and principal financial officer certify the contents of the issuer’s quarterly and annual reports; (2) financial experts on audit committees be disclosed; (3) codes of ethics be disclosed; (4) internal control reports be included in annual reports; (5) officers and directors be prohibited from fraudulently influencing the auditor of financial statements; (6) a separately captioned subsection of the MD&A explain an issuer’s off‐balance‐sheet arrangements; (7) Non‐GAAP financial measures be clearly explained; and (8) officers and directors be prohibited from buying or selling equity securities acquired in connection with employment when other employees are “blocked out” from trading in their individual pension accounts.

The purpose of this paper is to explain the SEC's recent guidance on disclosure obligations related to cybersecurity risks and cyber incidents.

The paper provides an overview of the guidance, including recommended mention of cybersecurity and cyber incident considerations in a company's discussion of risk factors, MD&A, description of business, disclosure of legal proceedings, financial statement disclosures, and disclosure controls and procedures. The paper recommends steps that companies should take in light of the guidance, including a review of cybersecurity practices, cyber disclosure, disclosure controls and procedures, regulation S‐P information security policies and procedures, and other legislative and regulatory proposals relating to cybersecurity.

The SEC staff guidance clarifies that even though the SEC's existing disclosure rules do not specifically reference cybersecurity, public companies should consider the growing importance of cybersecurity and make appropriate disclosures “consistent with the relevant disclosure considerations that arise in connection with any business risk”.

The paper provides expert guidance by experienced financial services lawyers.

To summarize and explain the US Securities and Exchange Commission’s (Commission) recent report of investigation cautioning public companies to consider cyber-related threats when designing and implementing internal accounting controls.

Explains that the Commission’s report arose out of a Commission enforcement investigation into the internal accounting controls of nine unidentified public companies that were victims of email scams, explains that the Commission issued the report to emphasize that cybersecurity remains a high priority for the Commission and the report should serve as a reminder that all public companies need to consider cyber-related threats when devising and maintaining internal accounting controls and provides practical considerations for public companies to consider in light of the Commission’s report.

Public companies should assume that the Commission is actively monitoring all areas related to cybersecurity, including corporate disclosures of cyber-related incidents and also whether companies have established policies, procedures, and internal controls in place to ensure cyber-related incidents are prevented. Given that assumption, public companies should take prompt steps to assess and, if appropriate, improve internal accounting controls, disclosure controls, and cyber-related policies and procedures to address the risk of cyber-related incidents.

Practical guidance from experienced securities lawyers.

To analyze the U.S. Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) June 2020 Risk Alert, which identified three categories of deficiencies that the SEC regularly finds in its reviews of advisers to private funds, in order to understand its guidance and recommend best practices.

The study discusses the categories of deficiencies that the SEC regularly finds in its reviews of private fund advisers, current SEC enforcement trends, and recommendations for disclosures, internal controls, policies and procedures.

The SEC will expect private funds to identify and remedy regular deficiencies in three primary categories: gaps in client and investor disclosures regarding conflicts of interest; deficiencies in disclosures related to fees and expenses; and issues with policies and procedures regarding the treatment of material nonpublic information.

Private fund advisers should expect increased scrutiny during examinations on the identified deficiencies and use this opportunity to be proactive in addressing these issues.

Expert analysis and guidance from experienced securities enforcement attorneys.

In Spring 2002, Jeff Skilling (the former CEO of Enron Corporation) incredulously testified before lawmakers that he thought Enron was in great shape the day he left and that he knew next to nothing about the off‐balance‐sheet transactions that ultimately brought down his company. As we watched the train derail that day, it became clear that lawmakers convened the hearing not only to assure the public that Congress too was angry, but also to look for a solution to the problem that a CEO didn’t know some pretty important things about his company, its operations and performance, and that the company’s independent auditors appeared compromised and may have acted accordingly.

The purpose of this paper is to summarize and analyze SEC guidance to companies and issuers of securities on the use of company web sites to disclose information to investors, as published in an interpretive release, Release 34‐58288, Commission Guidance on the Use of Company Web Sites.

The Release provides guidance to public companies posting information on their web sites, including: when information posted on their web site is considered “public” for purposes of the “fair disclosure” requirements of Regulation FD; the application of the antifraud provisions of the federal securities laws to information posted on company web sites; the types of controls and procedures advisable with respect to posting information; and the appropriate format of the information presented on the web site.

While the Release sanctions web site‐only disclosures in some cases, companies should continue to file particularly important or time‐sensitive information with the SEC and also issue a press release. To avoid liability for “republishing” historical information, companies should organize their web sites so that previously posted statements and materials are separately located and identified. Companies should make the context of hyperlinked information clear; a company will not be shielded from antifraud liability for hyperlinking information it knows, or is reckless in not knowing, to be materially false or misleading. To avoid liability, companies should clearly identify summary information as such and alert readers to the location of more detailed disclosure. If a company chooses to post certain information such as non‐GAAP financial measures, committee charters, and amendments to codes of ethics on its web site in lieu of filing it with the SEC, that information should be subject to the same disclosure controls and procedures that apply to information filed with the SEC. Acknowledging that information on company web sites is becoming increasingly interactive and not static, the SEC will not require information appearing on company web sites to satisfy printer‐friendly standards unless already specifically required by SEC rules.

In view of the principles suggested in the SEC's guidance, each issuer should carefully review its disclosure policy and web site.

The paper offers practical guidance by experienced securities lawyers

To examine the COVID-19 pandemic’s effects on regulated entities within the context of cybersecurity, US Securities and Exchange Commission (SEC) compliance, and parallel proceedings.

Describes the SEC’s ability to conduct its operations within the telework environment, its commitment and ability to monitor the securities market, its enhanced monitoring of the adverse effects of SEC-regulated companies from COVID-19, its guidance to public companies of disclosure obligations related to cybersecurity risks and incidents, the SEC Office of Compliance and Examinations’s (OCIE’s) focus on broker-dealers’ and investment advisories’ cybersecurity preparedness, the role and activities of the SEC Division of Enforcement’s Cyber Unit, and parallel proceedings on cyberbreaches and incidents by different agencies, branches of government or private litigants.

SEC-regulated entities face many challenges in trying to maintain their ongoing business operations and infrastructure due to severe financial pressures, the threat of infection to employees and customers, and cybersecurity risks posed by remote operations from hackers and fraudsters. The SEC has reemphasized that its long-standing focus on cybersecurity and resiliency within the securities industry will continue, including ongoing vigilance over companies’ efforts to identify, assess, and address the inherent, heightened cybersecurity risks of teleworking and the resource reallocation that business need to sustain their operations until a safe and effective vaccine is developed for COVID-19.

Expert analysis and guidance from experienced lawyers with expertise in securities, litigation, government enforcement, information technology, data protection, privacy and cybersecurity.

The Sarbanes‐Oxley Act outlawed some of the worst practices of the failed companies, and imposed significant changes in accounting and auditing rules, as well as oversight of public accounting. This article contains a checklist that is intended to provide principal executive, financial and accounting officers with a catalog of and brief commentary on new or amended rules that may require changes in procedures or duties within their respective areas of responsibility. The checklist covers certification requirements, reports on disclosure and financial controls, financial reporting, requirements relating to audit committees, relations with the auditor, and management conduct.

At the heart of the commentary on recent financial scandals and the legislative response in Sarbanes‐Oxley has been attention to the need for effective compliance programs at corporations to prevent misconduct. Coincident with these regulatory developments, the Federal Sentencing Commission has invited a review of the Federal Sentencing Guidelines, which are now over a decade old. One element of those guidelines, the standards for sentencing corporations, has greatly influenced thinking about effective compliance systems. This article reviews the Federal Sentencing Guidelines in a critical light and distills insights from other authorities to define the elements of an effective compliance program for any organization. The investment advisory industry is used as an example for applying the rules of good compliance.

The Securities and Exchange Commission (SEC) has defined “soft dollar” practices as arrangements under which products or services, other than execution of securities transactions, are obtained by an investment adviser from or through a broker‐dealer in exchange for the direction by the adviser of client brokerage transactions to the broker‐dealer. In the wake of the mutual fund scandals of 2003, soft dollar practices have come under increased scrutiny by the SEC, the U.S. Congress, and others. This article is based on testimony presented by the Investment Counsel Association of America (ICAA) to the U.S. Senate Committee on Banking, Housing, and Urban Affairs at a hearing on soft dollars held on March 31, 2004. The article outlines the following positions: (1) the SEC should ensure that there is adequate disclosure about soft dollar practices, combined with appropriate inspection and enforcement of regulations governing such practices; (2) the consequences of abolishing soft dollars ‐ an outcome that would require Congressional action ‐ most likely would affect smaller investment advisory firms adversely, create entry barriers for new investment advisory firms, and diminish the quality and availability of proprietary and third‐party research; (3) investment advisers should be required to keep appropriate records relating to soft dollar arrangements and to develop and implement internal controls and procedures designed to ensure that soft dollar arrangements are supervised, controlled, and monitored; and (4) eliminating the use of soft dollars for third‐party research would harm investors, diminish the availability of quality research, provide a regulatory‐driven advantage for full‐service brokerage firms, disadvantage third‐party research providers, and result in less transparency to investors, regulators, and market participants.