Month-In-Brief: Securities Law

CURRENT MONTH (September 2023)

SEC Chief Accountant Urges “Comprehensive” Approach to Risk Assessment

By: Thomas W. White, Retired Partner, WilmerHale

In late August, Securities and Exchange Commission (SEC) Chief Accountant Paul Munter issued another in a series of statements regarding financial reporting and auditing. Mr. Munter’s latest statement sets forth his office’s views of the appropriate scope of corporate risk assessment processes. The statement begins by observing that “[m]anagement’s and auditors’ risk assessment processes are critical to the decisions regarding financial reporting and the effectiveness of internal control over financial reporting (ICFR).” It then expresses concern that management and auditors, in some instances, “appear too narrowly focused on information and risks that directly impact financial reporting, while disregarding broader, entity-level issues that may also impact financial reporting and internal controls.” This “narrow focus” can “result in material risks to the business going unaddressed and undisclosed, thereby diminishing the quality of financial information.” The statement goes on to discuss management’s obligations in identifying, responding to, and disclosing risks. It also discusses auditors’ “gatekeeper” responsibilities.

Mr. Munter’s observations include:

• Risk Assessment—Management Considerations. “[T]o be effective, risk assessment processes must comprehensively and continually consider issuers’ objectives, strategies, and related business risks; evaluate contradictory information; and deploy appropriate management resources to respond to those risks. . . . Management needs to be alert to new or changing business risks to identify changes that could significantly impact its system of internal control, and design and implement responses that support issuers’ ability to appropriately disclose information in its periodic filings.”
• Risk Assessment—Auditor Considerations. “When identifying risks of material misstatement and designing appropriate audit responses, auditors should remain alert to potential changes in issuers’ objectives, strategies, and business risks.” This includes consideration of an issuer’s public statements and comparing information disclosed in periodic filings to information obtained through the audit.
• Entity–Level Controls. “When evaluating control deficiencies identified outside of an issuer’s financial reporting objective, management and auditors should consider the root cause of the deficiency and whether it impacts the issuer’s ICFR conclusions.” In addition, “when assessing the severity of control deficiencies identified as a result of a misstatement, management and auditors should consider not only the actual misstatement, but also the magnitude of potential misstatement (i.e., the so-called ‘could factor’).”
• Reporting Obligations. The statement reviews management’s financial reporting obligations related to ICFR and risk. It also makes suggestions regarding the auditor’s report. These include potentially identifying a business risk that represents a risk of material misstatement that is reported to the audit committee as a critical audit matter. Also, the auditor’s report might also include an “emphasis paragraph” that “could include matters related to an issuer’s objectives, strategies, and related business risks.”

SEC Proposes Changes to Make EDGAR More Secure

By: Tylandra Callands, J.D. Candidate, Class of 2024, Mitchell Hamline School of Law

On September 13, the SEC unveiled a series of proposed amendments to enhance the security and usability of its Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system. Key among these proposed changes is the requirement for EDGAR filers to designate specific individuals responsible for managing their accounts. These individuals will need unique account credentials to access and make filings on EDGAR, adding an extra layer of security.

The SEC is also proposing the introduction of multi-factor authentication for every person filing documents into the EDGAR system to boost security further. The multi-factor authentication is part of an effort to strengthen login protocols and reduce the risk of unauthorized access.

On the technical front, the SEC plans to implement Application Programming Interfaces (APIs) that will facilitate machine-to-machine submissions on EDGAR and allow for easier retrieval of filing information. These APIs aim to simplify the submission process and make it more efficient.

To offer a practical understanding of these proposed changes, the SEC will open a beta software environment to the public on September 18, 2023. This beta environment will mirror the proposed rule and form amendments, allowing filers to test the new features and provide feedback.

The SEC proposal is open for comment until around November 21, 2023.

FASB Approves Accounting Standard for Crypto Assets

By: Thomas W. White, Retired Partner, WilmerHale

On September 6, the Financial Accounting Standards Board (FASB) approved a new accounting standard for crypto assets such as Bitcoin. Up to now, Generally Accepted Accounting Principles have not specifically addressed accounting for crypto assets. Such assets have been accounted for as “indefinite-lived intangible assets” using a “cost-less-impairment” model. The assets are recorded on the balance sheet at cost; increases in value of the asset above cost are not recognized in the earnings statement or balance sheet until the asset is sold. The assets are tested for impairment at least annually, and a loss is recorded to the extent an asset’s carrying amount exceeds its fair value. Once recorded, an impairment loss cannot be reversed. In effect, the financial statement impact of changes in value of crypto assets can only go one way—down.

During a recent agenda consultation process by FASB, investors and other stakeholders identified digital assets as a top priority for the FASB to address. They expressed the view that the cost-less-impairment model did not provide decision-useful information regarding the underlying economics of crypto assets and the entity’s financial position.

The new standard approved by FASB defines crypto assets as intangible assets that do not provide the holder with enforceable rights to, or claims on, underlying goods, services, or other assets; are created or reside on a distributed ledger based on blockchain technology; are secured through cryptography; are fungible; and are not created or issued by the reporting entity or its related parties. The standard does not apply to non-fungible tokens (NFTs). Subsequent to acquisition, crypto assets will be measured at fair value in accordance with the FASB’s Accounting Standards Codification, Topic 820, Fair Value Measurement. Accordingly, gains and losses on crypto asset value will be recognized in net income and reported in each annual and interim period. The new standard will also include requirements regarding presentation of crypto assets on an entity’s annual and interim period financial statements and disclosures regarding an entity’s crypto holdings.

The standard will be effective for fiscal years beginning after December 15, 2024. Early adoption is permitted.

SEC Division of Corporation Finance Staff Issues Sample Comment Letter re: XBRL

By: Anna Pinedo, Mayer Brown

On September 7, the Staff of the Division of Corporation Finance (“Division”) of the SEC issued a sample comment letter (“Letter”) containing sample comments that the Division may issue to companies relating to the disclosure of financial and other information using the eXtensible Business Reporting Language (“XBRL”) format. The SEC’s rules require companies to use XBRL and Inline XBRL formats to present or “tag” certain financial and other information in their registration statements and periodic and current reports.

The Division referred to the Financial Data Transparency Act, which requires, among other things, that the SEC establish a program to improve the quality of the corporate financial data filed or furnished by issuers under the Securities Act of 1933 Act (the Securities Act) and the Securities Exchange Act of 1934 (the Exchange Act). The Staff of the Division stated that it has provided comments relating to XBRL and Inline XBRL to companies through the Division’s selective reviews of filings. The Letter identified the following XBRL and Inline XBRL issues that may be the subject of comments:

1. Failure to include the required Inline XBRL presentation under Item 405 of Regulation S-T.
2. Inconsistent XBRL tagging of materially different values between the number of common shares outstanding on the cover page of a company’s filing and on the company’s balance sheet.
3. Pay versus Performance disclosure under Regulation S-K Item 402(v) must be in Inline XBRL for all required data points, in accordance with Item 405 of Regulation S-T and the EDGAR Filer Manual.
4. Although it is permissible to combine sets of relationship disclosures into one graph, table, or other format under Regulation S-K Item 402(v)(5), companies are still required to provide separate XBRL tags for each required Item 402(v) data point.
5. Use of a custom tag rather than XBRL element consistent with current U.S. GAAP in an income statement, under Item 405(c)(1)(iii)(B) of Regulation S-T.

Companies should consider reviewing their use of XBRL and Inline XBRL with these comments in mind.

SEC Adopts Amendments to “Names Rule” Under the Investment Company Act

By: Rani Doyle

The SEC adopted amendments to rule 35d-1 under the Investment Company Act of 1940, the fund “Names Rule.” The amendments seek to better protect investors by:

• improving and broadening the scope of funds that must comply with the current requirement to adopt a policy to invest at least 80 percent of their assets in accordance with the investment focus the fund’s name suggests;
• providing enhanced disclosure and reporting requirements related to terms used in fund names; and
• establishing additional recordkeeping requirements.

More specifically, the amendments include a new requirement that a fund review its portfolio assets’ treatment under its 80 percent investment policy at least quarterly and will include specific time frames—generally ninety days—for getting back into compliance if a fund departs from its 80 percent investment policy.

The amendments will include enhanced prospectus disclosure requirements for terminology used in fund names, including a requirement that any terms used in the fund’s name that suggest an investment focus must be consistent with those terms’ plain English meaning or established industry use. The amendments will also include additional reporting and recordkeeping requirements for funds regarding compliance with the names-related regulatory requirements.

The amendments will become effective sixty days after publication in the Federal Register. Fund groups with net assets of $1 billion or more will have twenty-four months to comply with the amendments, and fund groups with net assets of less than $1 billion will have thirty months to comply. The SEC’s Fact Sheet for the final rules can be accessed with this link.

SEC Division of Enforcement Charges Two Companies for Failure to Disclose Related Party Transactions

By: Rani Doyle

In one case, the SEC settled charges against a Virginia corporation for failing to make required disclosures that it employed the siblings of one of its executive officers and paid annual compensation to that related person in an amount that exceeded the threshold specified in SEC rules calling for related party disclosure. Without admitting or denying the SEC’s findings, the company agreed to pay a civil money penalty of $500,000.

In another case, the SEC charged a Delaware corporation for failing to disclose a company board director’s role in a shareholder’s sale of approximately $424 million worth of private shares of the company’s stock prior to the company’s initial public offering (IPO). According to the SEC’s order, a board director arranged for a shareholder to sell its shares pre-IPO to a special purpose vehicle (“SPV”) set up by an investment adviser affiliated with the director. The director then contacted an investor interested in purchasing the shares through the SPV. The company approved the sale, and the director received significant compensation from the investment adviser for his role in the transaction. The SEC charged the company for failing to disclose information regarding the sale in its relevant Form 10-K. Without admitting or denying the SEC’s findings, the company agreed to a cease-and-desist order and to pay a $10 million civil penalty.

These two cases highlight the need for public companies to be vigilant about their training, monitoring, and addressing potential or actual conflicts and related party transactions involving directors and executive officers.