SEC Chair Gary Gensler and SEC Commissioner Jaime Lizárraga to Resign, Former SEC Commissioner Paul Atkins Nominated as New SEC Chair

On November 21, 2024, current SEC Chair Gary Gensler announced that he would step down from his position on January 20, 2025, when President-Elect Donald Trump will take office. Chair Gensler was appointed by President Joe Biden, and it is customary for agency heads to step down after the election of a president from the other party.

On November 22, 2024, SEC Commissioner Jaime Lizárraga announced that he would also be stepping down from his position on January 17, 2025. The resignations of both Chair Gensler and Commissioner Lizárraga will leave one Democrat on the Commission when President-Elect Trump enters office.

Although the SEC is an independent agency, the five SEC Commissioners are appointed by the President and confirmed by the Senate, serving staggered five-year terms. The SEC Chair is appointed by the President from the sitting Commissioners. To ensure that the Commission remains non-partisan, no more than three Commissioners may belong to the same political party.

Chair Gensler’s tenure was marked by ambitious reforms and numerous legal challenges relating to, among other items, cybersecurity disclosure, cryptocurrency enforcement, climate disclosure and restrictions on off-channel communications. Following Chair Gensler’s resignation, most observers expect enforcement of these policies and regulations to wane, as President-Elect Trump has nominated former SEC Commissioner Paul Atkins, an outspoken advocate of cryptocurrency who is expected to ease the SEC’s policymaking and oversight functions, to replace Chair Gensler once he takes office.

For more information, please refer to the SEC’s press release.

SEC Division of Corporation Finance Discusses Annual Report and Proxy Trends and Areas of Focus

At the 56th Annual Institute on Securities Regulation conference on November 13, 2024, the SEC Division of Corporation Finance (the “Division”) spoke about disclosure trends and areas of focus for the upcoming annual reporting and proxy season. Key topics discussed included:

• Artificial Intelligence (“AI”) Disclosure: AI-related disclosures have nearly doubled in Form 10-Ks from 2023 to 2024, largely in the form of disclosing AI-related risks, risk factors and risk management practices. The Division encourages registrants to avoid boilerplate disclosures and to tailor AI-related disclosures to the company’s actual use cases and risks.

• Cybersecurity: The Division urges registrants to include robust cybersecurity disclosure in their Form 10-Ks, include identifying who in management is responsible for assessing the company’s cybersecurity-related risks and describing their relevant expertise, as well as disclosing how a company oversees any third parties hired to manage the company’s cybersecurity risks. The Division also reiterated that materiality determinations with respect to Item 1.05 8-Ks require both qualitative and quantitative assessments.

• Pay versus Performance: Disclosure to focus on based on the Division’s review of recent filings:
  • Providing both qualitative and quantitative detail regarding the link between executive pay and company performance;
  • Describing how company-selected measures are calculated based on the audited financial statements (even though such figures are not subject to the full reconciliation requirements of Regulation G and Item 10(e) of Regulation S-K); and
  • Disclosing net income as shown in the company’s audited income statement, including net income attributable to the non-controlling interest.

• Clawbacks: To comply with Rule 10D-1 of the Securities Exchange Act, after making any restatement, a registrant is required to analyze whether the restatement results in any recovery of incentive-based compensation. As detailed in Item 402(w) of Regulation S-K, Item 6.F of Form 20-F and paragraph (19) to General Instruction B of Form 40-F, if there is no amount recoverable, the registrant is required to provide a brief explanation of the basis for this conclusion.

• Insider Trading Policies: In order to comply with Item 408(a) and 408(b) of Regulation S-K, registrants must: (1) tag disclosures in XBRL and (2) file insider trading policies as exhibits to Forms 10-K and 20-F.

• Non-GAAP: In 2024, non-GAAP comments from the Division primarily related to failures to comply with Regulation G and Item 10(e) of Regulation S-K with respect to metric labeling and missing or incomplete reconciliations. Companies should ensure that (1) each non-GAAP metric and each adjustment included therein is appropriately labeled and (2) a full reconciliation to the nearest GAAP metric is included. The Division noted companies should also revisit non-GAAP measures frequently to reflect any new adjustments or changes in materiality.

New FASB Segment Reporting Disclosure Requirements

In November 2023, the Financial Standards Accounting Board (“FASB”) issued Accounting Standards Update (“ASU”) 2023-07, titled “Segment Reporting (Topic 280): Improvements to Reportable Segment Disclosures” (“ASU 2023-07”) Public entities subject to ASU 2023-07 will now be required to disclose the title and position of their chief operating decision maker (“CODM”), and to explain how the CODM uses the disclosed measures of segment profit or loss. Public entities will also now be required, on an annual and interim basis, to disclose significant segment expenses for each reportable segment, including entities with a single reportable segment, which previously only had to provide some entity-wide disclosures. A significant segment expense is one that is (1) regularly provided to the CODM, (2) included in reported segment profit or loss and (3) quantitatively and qualitatively significant. Because ASU 2023-07 does not define “significant,” entities should employ their professional judgment and holistically evaluate the significance of each segment expense. Additionally, these public entities will be required to disclose, on an annual and interim basis, an amount for “other segment items” by reportable segment and to describe its composition. Other segment items are calculated by subtracting from segment revenue (1) significant segment expenses and (2) each reported measure of segment profit or loss.

ASU 2023-07 is effective for fiscal years beginning after December 15, 2023, and interim periods within fiscal years beginning after December 15, 2024. Consequently, the new disclosures will be required in the upcoming Form 10-K filings for companies with a fiscal year ending December 31, 2024. The SEC highlighted segment disclosure as one of its focus areas in aJune 2024 statement on disclosure review, so public entities should pay close attention to these disclosures.

For more information, please refer to ASU 2023-07.

SCOTUS Dismisses Facebook “Hypothetical” Risk Factors Case

On November 22, 2024, the Supreme Court issued a single line order dismissing as “improvidently granted” a writ of certiorari in a securities class action case brought against Facebook, Inc., which is the language the Court uses when it accepts a case for consideration and then reverses course. The case presented the question of whether risk factor disclosures are false or misleading when they do not disclose a risk that has materialized in the past, even if that past event presents no known risk of ongoing or future business harm (also commonly known as “hypothetical risk factors”). In Facebook, Inc. v. Amalgamated Bank, et al., plaintiffs alleged that Facebook’s “cyber & data privacy” risk factor in its 2016 Form 10-K was materially misleading, claiming the risk factor framed the risk of data misuse as hypothetical when Facebook was already aware that such data misuse had already occurred on two prior occasions when Cambridge Analytica, a political consulting firm, had improperly collected and harvested Facebook users’ personal data.

While the Supreme Court heard oral argument by the parties on November 6, 2024, the justices later determined that Facebook’s petition should not have been granted and declined to address whether Facebook could be held liable under securities antifraud rules for failing to disclose risks that had materialized but presented no known risk of ongoing or future harm. The Supreme Court’s dismissal leaves standing the Ninth Circuit’s decision to allow the plaintiffs to proceed with their complaint alleging misleading hypothetical cybersecurity data privacy risk factor disclosure. In the absence of any further clarity from the courts, companies should continue to closely monitor their risk factor disclosures, given the potential risks from both an SEC enforcement and private securities litigation perspective.

PCAOB NOCLAR Proposal Updates

In June 2024, the PCAOB proposed amendments to its auditing standards related to non-compliance with laws and regulations (“NOCLAR”), including requirements for accounting firms to identify and evaluate possible or actual noncompliance with laws and regulations, including fraud, and communicate such events of noncompliance to management and the audit committee of the company. Current PCAOB standards only require accounting firms to identify non-compliance with laws and regulations that have a direct and material effect on the financial statements. The PCAOB’s recent NOCLAR proposal would significantly broaden the responsibilities of accounting firms to monitor the compliance activities of their clients. Following the proposal, the PCAOB received strong opposition from accounting firms, public companies, audit committees and investors.

The NOCLAR proposal was slated to be finalized by the PCAOB by the end of this year. However, commentators have speculated that the results of the recent presidential election have put the standard on hold in anticipation of the expected changes in the regulatory environment under the incoming administration. However, during a meeting of the Standards and Emerging Issues Advisory Group on November 12, 2024, PCAOB Chief Auditor Barbara Vanich reaffirmed the PCAOB’s intention to follow through with its previously issued recommendations, including the recommendation to adopt the NOCLAR proposal this year

Despite the uncertainty surrounding whether the PCAOB will finalize and adopt the NOCLAR proposal by the end of 2024, a question remains as to whether the SEC, which oversees the PCAOB, will approve the finalized rule and allow it to go into effect before the anticipated changes from the incoming administration’s personnel and priorities in early 2025.

SEC Enforcement Actions Trends: Enforcement Actions Fall Significantly and Cryptocurrency and Text Message Cases Predominate

On November 22, 2024, the SEC’s Division of Enforcement released its enforcement results for fiscal year 2024. In 2024, enforcement activity steeply declined, as the SEC brought 583 actions, a 26% decrease from fiscal year 2023 and the lowest in ten years. 431 of the enforcement actions in fiscal year 2024 were standalone actions – actions alleging violations that are not predicated on a prior finding of a violation – which reflects a 14% decline from the prior year and the lowest total since 2020, likely driven by large drops in the numbers of securities offering cases and issuer reporting/audit and accounting cases. The three most prevalent types of standalone actions were: (1) investment adviser and investment company matters, (2) securities offering matters and (3) broker-dealer matters.

The majority of the enforcement actions and monetary remedies in fiscal year 2024 reflected the priorities of outgoing SEC Chair Gary Gensler and centered around recordkeeping violations arising from text messaging and cryptocurrency enforcement. However, with the presidential administration set to imminently change, it is unlikely that the next Commission and Enforcement Director will fully embrace the priorities reflected in this year’s press release. In addition to moving away from Chair Gensler’s signature matters, i.e., crypto and off-channel communications, we expect the new administration to have a renewed emphasis on “bread and butter” enforcement matters that were in focus during the first Trump administration, including offering frauds, investment adviser fraud and violations impacting retail investors.

For more information, please refer to Debevoise In Depth, SEC Enforcement Actions Fall Significantly As Crypto and Text Message Cases Predominate (Nov. 25, 2024).

Recent Developments for California Climate Disclosure Laws

On September 27, 2024, California Governor Gavin Newsom signed into law Senate Bill (“SB”) 219, which makes certain changes to two climate disclosure laws California enacted last year: the Climate Corporate Data Accountability Act (SB 253) and the Climate-Related Financial Risk Act (SB 261). SB 253 requires companies with revenue exceeding $1 billion that do business in California to report Scopes 1 and 2 greenhouse gas (“GHG”) emissions annually beginning in 2026 for the 2025 fiscal year and Scope 3 GHG emissions beginning in 2027 for the 2026 fiscal year. SB 261 requires companies with revenue exceeding $500 million that do business in California to report on climate-related financial risks and measures to address those risks starting in 2026.

SB 219 does not fundamentally change the climate reporting framework set out by SB 253 and SB 261 but focuses on granting the California Air Resources Board (“CARB”) more flexibility in administering the two laws, including (1) granting CARB an additional six months, until July 1, 2025, to adopt implementing regulations relating to the disclosure of GHG emissions, (2) altering the timing sequence for reporting of Scope 3 GHG emissions to begin on a schedule determined by CARB rather than 180 days after disclosure of Scopes 1 and 2 GHG emissions and (3) authorizing, rather than requiring, CARB to contract with emissions reporting and climate reporting organizations to implement the reporting programs. SB 219 also removes the requirement in SB 253 that subsidiary companies provide separate climate-related financial risk reports, allowing for consolidation at the parent company level and relieves companies of the requirement to pay fees upon filing of disclosures (the fee will still be required, but the date for payment is no longer specified).

On December 5, 2024, CARB published an enforcement notice stating that it will exercise “enforcement discretion” in reviewing reporting entities’ first reports required in 2026 under SB 253 on the condition that the entities demonstrate “good faith efforts” to comply with the law. This will allow reporting entities additional lead time to implement new data collection processes for emissions reporting by allowing submissions of GHG emissions data that can be determined from information related to the reporting entity’s prior fiscal year that it already possesses or is already collecting at the time the notice was issued. However, CARB emphasized that the notice does not constitute an interpretation of statutory reporting requirements and encouraged reporting entities to move toward full compliance as quickly as possible.

For additional detail on SB 219, please refer to Debevoise Update, California Climate Disclosure Laws: Recent Developments (Nov. 15, 2024). For additional background on SB 253 and SB 261, please refer to Debevoise Debrief, California Climate Disclosure Bills Signed into Law (Oct. 10, 2023) and Debevoise Update, California Climate Disclosure Bills Expected to Become Law (Oct. 5, 2023).

Private Intermittent Securities and Capital Exchange System (PISCES): The Future of Private Share Listings?

On November 14, 2024, the Chancellor of the Exchequer, Rachel Reeves, delivered her first Mansion House speech during which she highlighted the need for reforming the UK’s capital markets, including by committing to legislation in May 2025 to create the Private Intermittent Securities and Capital Exchange System (“PISCES”), a new trading venue for private company shares. PISCES is envisioned as a new secondary trading platform operated by firms approved by the Financial Conduct Authority (“FCA”), where shareholders of privately held companies would be able to sell their unlisted shares in certain intermittent trading windows, representing the world’s first regulated market for private company shares. While PISCES would provide access for institutional and professional investors to a universe of growing companies, it could not be used by companies to raise capital through the issuance of new shares or to trade other securities, such as bonds. Investor eligibility and company and transaction requirements will likely also be imposed.

While the specific disclosure and liability regime of PISCES remains uncertain, participant companies are not expected to be required to disclose all “inside information” in the manner required on public markets. Further, regardless of its content, disclosure by companies trading on PISCES will be made within a “private perimeter,” meaning that information about participant companies would be accessible to eligible investors participating in a specific PISCES trading event but would not be required to be made public or even available to other participants on the PISCES platform not involved in such trading event.

The proposed establishment of PISCES comes at a time when companies and their shareholders are increasingly looking for alternatives to traditional exit opportunities, such as IPOs, M&A transactions and continuation fund vehicles. As the public equity markets (particularly in the United Kingdom and Europe) have struggled in recent years, including with historically low levels of IPOs, large private equity firms have threatened to bypass the traditional IPO process due to increased regulation, high execution costs and volatile market conditions in search of a more efficient process. The so-called “private IPO” has been suggested as a potential structure to allow companies to rationalize their shareholder base, increase liquidity for investors and potentially improve their valuation, while avoiding the costs and scrutiny of a public listing, although significant questions remain as to whether “private IPOs” will be considered a viable transaction type. However, to the extent “private IPOs” will ultimately represent a legitimate liquidity option for investors, PISCES potentially offers the blueprint for how such a market could be operated and, most importantly, regulated.

For more information, please refer to Debevoise In Depth, “Private IPOs”: Is PISCES the Future of Private Share Listings? (Nov. 21, 2024).

PCAOB Increases Reporting Requirements for Accounting Firms

On November 21, 2024, the Public Company Accounting Oversight Board (“PCAOB”) voted to require certain large accounting firms that issue more than 200 audit reports annually and have more than 1,000 audit personnel, which would include several large accounting firms, such as Deloitte, Ernst & Young, PricewaterhouseCoopers, KPMG, BDO and Grant Thorton, to privately send their financial statements annually to the PCAOB and inform the PCAOB of any significant ownership interests, related party transactions and private-equity investments. In addition, these firms will also be required to privately inform the PCAOB about any events material to the firm’s organization, liquidity or financial resources, such as a planned acquisition or a restructuring.

Further, all registered audit firms will be subject to increased reporting requirements relating to: (1) governance information, including information related to their leadership, legal structure, ownership and key quality control operational and oversight roles and (2) the reporting of fees received from clients, which now must include specific dollar amounts as opposed to percentages of the fees.

All registered audit firms will also be required to confidentially report any significant cybersecurity events to the PCAOB and publicly report their policies and procedures to identify and manage cybersecurity risks on a periodic basis.

The requirements are intended to be responsive to investor demands for greater transparency from audit firms. The first phase of these requirements is expected to become effective beginning either March 2027 or one year after SEC approval, whichever occurs later.

For more information, please refer to the PCAOB’s news release.

Key Considerations for the 2024 Annual Reporting Season

With the annual reporting season approaching, public companies should consider the following key areas when preparing their annual reports on Form 10-K or Form 20-F:

• New Insider Trading Policy Disclosure Requirements: For public companies with a calendar year end, compliance with new disclosure requirements relating to insider trading policies and procedures begins with the 2024 Form 10-K or Form 20-F or related proxy statement. Pursuant to new Item 601(b)(15) of Regulation S-K, public companies must now file any insider trading policy as an exhibit to their annual report (or may include the insider trading policy in a code of ethics that is filed as an exhibit to the annual report). Further, Item 408(b) of Regulation S-K now requires disclosure of whether a public company has adopted insider trading policies and procedures that are reasonably designed to promote compliance with insider trading laws, rules and regulations and any applicable listing standards, or explain why they have not done so. This disclosure can be incorporated by reference in the Form 10-K if the information will be disclosed in a definitive proxy statement filed within 120 days of the end of the fiscal year.

• Item 402(x) and New Equity Grant Timing Policy Disclosure Requirements: In December 2022, the SEC adopted Item 402(x) of Regulation S-K, which adds new disclosure requirements related to the timing of equity grant awards. Beginning in 2025, calendar year-end companies will be required to provide: (1) narrative disclosure on policies and practices on the timing of option grants in relation to the release of material non-public information (“MNPI”), including how the board determines when to grant such options and whether MNPI is taken into account, and (2) tabular disclosure of any stock option or stock appreciation rights awards granted to any named executive officer within a period starting four business days before, and ending one business day after, the filing or furnishing of a Form 10-Q, 10-K or 8-K that discloses MNPI, which includes the award’s grant date, number of shares, exercise price, grant date fair value and percentage change in the market price of the underlying stock between one trading day prior to and one trading day following the disclosure of MNPI. While these disclosure requirements are formally applicable to Form 10-K, we expect many issuers to address these in their 2025 proxy statements and incorporate by reference into their Form 10-K. Further discussion of Item 402(x) can be found in a forthcoming client update on key issues for the 2025 proxy season.

• Cybersecurity Disclosures Recap: In 2023, the SEC adopted final rules on cybersecurity disclosure for public companies, which included new annual disclosure requirements in Item 106 relating to cybersecurity risk-management processes and governance, which took effect beginning with the 2023 Form 10-K or Form 20-F. Beginning with annual reports for fiscal years ending on or after December 15, 2024, Regulation S-K Item 106 disclosure must be tagged in Inline eXtensible Business Reporting Language. During 2024, the SEC’s Division of Enforcement also continued its aggressive stance with regard to cybersecurity disclosure, including settling charges against four technology companies who had been downstream victims of the 2020 SUNBURST cyber-attack. Companies should consider the enforcement cases as reflecting the SEC’s views on disclosure decisions regarding cybersecurity incidents. In light of the charges and the SEC’s continued review of cybersecurity disclosure, companies preparing to file their Form 10-K or Form 20-F should review their cybersecurity disclosures and refresh their risk factors to address emerging cybersecurity risks as well as actual incidents.

• Other Disclosure Considerations: Other key disclosure topics that public companies should consider include disclosure and policies and procedures related to artificial intelligence, non-GAAP financial measures, climate-related disclosures and geopolitical conflict disclosures.

For more information and a discussion of practical tips for the upcoming annual reporting season, please refer to Debevoise In Depth, Key Considerations for the 2024 Annual Reporting Season (Nov. 18, 2024).

SEC Rule-Making Agenda

PCAOB Standard-Setting and Rule-Making Agenda