The New 10-K Requirements For Annual Report Season
As 2023 has come to a close it is time to prepare for the upcoming annual report season and this year there are multiple new requirements to be cognizant of. With annual reports being followed by proxies and first quarter 10-Q’s in rapid succession, it is important to get ahead of all the new disclosures. This blog will summarize each of the new disclosures and include some practice tips.
First, though is what is suddenly not a new requirement and in particular the share repurchase disclosures. Adopted on May 3, 2023 (see HERE) the new disclosure requirements would have taken effect for inclusion in the upcoming 10-K season. Following a successful court challenge, on November 22, 2023, the SEC issued an order postponing the effective date of the new rules pending further SEC action (see HERE). However, the SEC may not get the opportunity to resurrect the rules. The U.S. Chamber of Commerce is doubling down and has asked the Fifth Circuit to strike the new rules completely.
In the meantime, there are plenty of new disclosure requirements to keep us busy.
Cybersecurity
On July 26, 2023, the SEC adopted final new rules requiring disclosures for both domestic and foreign companies related to cybersecurity incidents, risk management, strategy and governance (see HERE).
In addition to a new Form 8-K disclosure requirement, the new rules add Item 106 to Regulation S-K, requiring companies to make an annual disclosure in its Form 10-K, describing the “process, if any, for assessing, identifying and managing material risks from cybersecurity threats in sufficient detail for a reasonable investor to understand those pressures.” A non-exclusive list of disclosures require the company to describe: (i) whether and how the described cybersecurity processes have been integrated into the company’s overall risk management system or processes; (ii) whether the company engages assessors, consultants, auditors, or other third parties in connection with any such processes; and (iii) whether the company has processes to oversee and identify material risks from cybersecurity threats associated with its use of any third-party service provider.
Item 106(b) also requires disclosure of “[w]hether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the registrant, including its business strategy, results of operations, or financial condition and if so, how.”
Item 106 further requires companies to describe its board of directors’ oversight of risks from cybersecurity threats and management’s role and expertise in assessing and managing material risks from cybersecurity threats. This disclosure should include any board committee or subcommittee responsible for such oversight and describe the processes by which the board of directors or such committee is informed about such risks.
Item 106 also requires disclosure of management’s role and expertise in assessing and managing material risks from cybersecurity threats. The rules contain a non-exclusive list of examples of the types of information a company should disclose, including: (i) whether and which management positions or committees are responsible for assessing and managing such risks, and the relevant expertise of such persons or members in such detail as necessary to fully describe the nature of the expertise; (ii) the processes by which such persons or committees are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents; and (iii) whether such persons or committees report information about such risks to the board of directors or a committee or subcommittee of the board of directors.
Instruction 2 to Item 106(c) provides a non-exhaustive list of what constitutes “relevant expertise,” including: prior work experience in cybersecurity; any relevant degrees or certifications; and any knowledge, skills, or other background in cybersecurity.
Item 106 disclosure must be tagged in Inline XBRL beginning one year after the initial compliance date.
Rule 10b5-1 Trading Plans
On December 14, 2022, the SEC adopted amendments to Rule 10b5-1 under the Securities Exchange Act of 1934 (“Exchange Act”) to enhance disclosure requirements and investor protections against insider trading (see HERE). The rules add new Item 408 under Regulation S-K and corresponding amendments to Forms 10-Q and 10-K to require (i) quarterly disclosure of the use of Rule 10b5-1 and other trading arrangements by a company, and its directors and officers for the trading of the company’s securities; and (ii) annual disclosure of a company’s insider trading policies and procedures. New Item 16J to Form 20-F requires similar disclosures from a foreign private issuer.
Item 408 requires companies to disclose whether in the last fiscal quarter, any director or officer ” (as defined in Rule 16a-1(f)) has adopted or terminated (i) any contract, instruction or written plan for the purchase or sale of securities of the company that is intended to satisfy the affirmative defense conditions of Rule 10b5-1(c) (a “Rule 10b5-1(c) trading arrangement”), and/or (ii) any written trading arrangement for the purchase or sale of securities of the company that meets the requirements of a non-Rule 10b5-1 trading arrangement as defined in Item 408(c) (a “non-Rule 10b5-1 trading arrangement”).
Item 408 also requires a description of the material terms of the Rule 10b5-1 trading arrangement or non-Rule 10b5-1 trading arrangement other than terms with respect to the price at which the individual executing the respective trading arrangement is authorized to trade. Disclosure would require the name and title of the officer/director, the date of adoption or termination of the plan, the duration of the plan and the aggregate number of securities to be sold or purchased under the plan. Pricing information is not required. Consistent with the rest of the rules, modifications to a plan or arrangement should be treated as a termination and new adoption of a plan and disclosed as same.
New Item 408 also requires a company to disclose in annual reports on Form 10-K and proxy and information statements, whether they have adopted insider trading policies and procedures governing the purchase, sale, and other dispositions of their securities by directors, officers, and employees, or the company itself that are reasonably designed to promote compliance with insider trading laws, rules, and regulations, and any listing standards applicable to the company. For each Rule 10b5-1 trading plan identified, the company must provide a description of the material terms such as the date, duration, and number of securities to be purchased pursuant to the plan.
If the company has not adopted such insider trading policies and procedures, it must explain why it has not done so. Item 16J requires analogous disclosures by foreign private issuers. Companies must also file a copy of their insider trading policies and procedures as an exhibit to Form 10-K.
Moreover, the new rules require robust disclosure related to the timing of stock option awards in relation to disclosure of material nonpublic information. The disclosure must include policies and practices on the timing of awards of stock options, stock appreciation rights (“SARs”) and/or similar option-like instruments in relation to the disclosure of material nonpublic information, including how the board determines when to grant such awards (for example, on a predetermined schedule); whether, and if so, how, the board or compensation committee takes material nonpublic information into account when determining the timing and terms of an award, and whether the company has timed the disclosure of material nonpublic information for the purpose of affecting the value of executive compensation.
If, during the last completed fiscal year, stock options, SARs, and/or similar instruments were awarded to a named executive officer within a period starting 4 business days before the filing of a periodic report on Form 10-Q or Form 10- K, or the filing of a Form 8-K that discloses material nonpublic information, including earnings information, and ending one business day after a triggering event, the company must provide the following information concerning each such award on an aggregated basis in tabular format: (i) the name of the named executive officer; (ii) the grant date of the award; (iii) the number of securities underlying the award; (iv) the per share exercise price; (v) the grant date fair value; and (vi) the percentage change in the market price of the underlying securities between the closing market price of the security one trading day prior to and one trading day following the disclosure of material nonpublic information.
Executive Compensation Clawback Rules
On October 26, 2022, the SEC adopted final rules on listing standards for the recovery of erroneously awarded incentive-based executive compensation (“Clawback Rules”) (see HERE). The Clawback Rules implement Section 954 of the Dodd-Frank Act and require that national securities exchanges require disclosure of policies regarding and mandating clawback of compensation under certain circumstances as a listing qualification.
Under the final Exchange rules, listed companies must develop and implement a policy providing for the recovery (or clawback), in the event of a required accounting restatement, of incentive-based compensation received by current or former executive officers where such compensation is based on the erroneously reported financial information.
Companies must (i) file their written recovery policies as exhibits to their annual reports on Form 10-K, (ii) indicate by check boxes on its 10-K whether the financial statements included in the filing reflect a correction of an error to previously issued financial statements and whether any such corrections are restatements that required a recovery analysis; and (iii) disclose any actions they have taken pursuant to such recovery policies.
Where there has been a restatement requiring recovery of compensation, a company must disclose: (i) the date on which the company was required to prepare an accounting restatement; (ii) the aggregate dollar amount of erroneously awarded compensation attributable to such restatement, and an analysis of how the amount was calculated; (iii) if the financial reporting measure is related to the stock price or total shareholder return, the company must include the estimates that were used in determining the erroneously awarded compensation attributable to the restatement and an explanation of the methodology used for the estimates; (iv) the aggregate dollar amount of erroneously awarded compensation that remains outstanding at the end of the last completed fiscal year; and (v) if the aggregate dollar amount of erroneously awarded compensation has not yet been determined, explain the reasons. Where recovery is impracticable the company must disclose the amount of recovery foregone and a brief description of the reason why the company decided not to pursue it.
Moreover, if the company completes an accounting restatement and determines that it does not trigger the recovery of erroneously awarded compensation, it must explain why the application of the clawback policy resulted in this conclusion.