Crown image Columbia Law School

SEC Corporation Finance Director Speaks on the State of Disclosure Review

Good afternoon.[1] I appreciate the opportunity to speak with you again today as part of the Corp Fin Workshop. I wanted to make a few remarks about the important work being done in the Division’s Disclosure Review Program and highlight some of our areas of focus going forward. This is part of an initiative to be more transparent and communicate with the marketplace about what is going on in the Disclosure Review Program.

Before I begin, I do need to provide our standard disclaimer: The views we express today are provided in our official capacities in the Commission’s Division of Corporation Finance but do not necessarily reflect the views of the Commission, the Commissioners, or any other members of the staff. This disclaimer also extends to my colleagues on the panel today, who are also speaking in their official capacities.

The Division of Corporation Finance has over 400 professionals, primarily comprised of accountants and attorneys, who carry out the Commission’s important three-part mission of protecting investors, facilitating capital formation, and maintaining fair, orderly, and efficient markets. Of those Division individuals, over 70% are focused on disclosure review.

It is that work I would like to highlight for you this afternoon because of the key role that it plays furthering the SEC’s mission.

I am happy to share the stage with our panelists this afternoon and spend some time looking back at the state of disclosure for fiscal year 2023 and then lay out some of our disclosure priorities for fiscal year 2024.

It is through disclosure that investors are provided with the information they need to make informed investment and voting decisions. And, while high-profile IPOs and de-SPACs receive a lot of attention, it is important to remember that investment and voting decisions are not only made when a company initially offers its securities to the market. Those decisions happen daily in secondary markets, which is why public companies are charged with the responsibility to provide updated information to investors through their periodic reporting.

Corp Fin’s annual report review program is the primary mechanism that we use to monitor and enhance compliance with disclosure rules and accounting requirements in these periodic reports filed by public companies. The Sarbanes-Oxley Act mandates that we review each reporting company at least once every three years; however, we review a significant number of companies more frequently. In fiscal year 2023, we reviewed approximately 3,300 companies as part of our annual review program.

While the nature of comments varies significantly depending on the specific facts for each company, the top areas of comment in fiscal year 2023 probably come as no surprise to this audience and include, among others, China-related matters, non-GAAP disclosures, management’s discussion and analysis (MD&A), revenue recognition, and financial statement presentation.

In addition to annual report reviews, Division staff considers trends and emerging risks in the market where our additional focus could significantly improve disclosures. In some instances, we address these topics as part of the review of annual reports, while in others, we may target a particular issue in other periodic filings such as a quarterly report. This flexibility in our approach allows for more timely engagement as issues arise.

Emerging areas of focus in 2023 included market disruptions in the banking industry, cybersecurity risks, the impact of inflation, and disclosure related to newly adopted rules, such as pay versus performance. We also continued to monitor disclosures by companies based or with a majority of their operations in the People’s Republic of China, what we call “China-Based Companies.” Many of these topics are going to be covered in more detail by my colleagues as part of this Workshop, but I did want to spend just a few minutes going over two initiatives where 2023 marked the first year of disclosures and share how we approached the new requirements in SEC filings.

I will start with Commission Identified Issuers or “CIIs.” Public companies identified as CIIs under the Holding Foreign Companies Accountable Act of 2020,[2] or HFCAA, were required to comply with submission and disclosure requirements under the HFCAA and Commission rules.[3] These disclosures required, among other things, at both the issuer and consolidated foreign operating entity level the following: information on ownership and controlling financial interests by foreign government entities; identification of Chinese Communist Party, or CCP, officials who are on the issuer’s board; and whether the issuer’s articles of incorporation (or any equivalent organizing document) contain any “charter” of the CCP.[4]

There were 174 companies identified as CIIs, and Division staff reviewed the disclosures for all CIIs that filed annual reports to assess their compliance with these submission and disclosure requirements. Comments in this area sought additional transparency in instances where the disclosure was missing or deficient or where the scope of representations by the company were vague or unclear.

I also want to touch briefly on the pay versus performance, or PVP, disclosure requirements that went into effect in late 2022. We try to approach the first-year implementation of new rules pragmatically, and pay versus performance is a great example of that. In August 2022, the Commission adopted the final PVP rule, which requires disclosure of information reflecting the relationship between executive compensation actually paid by a company and the company’s financial performance.[5]

In 2023, Division staff assessed the first year of PVP disclosures through several lenses, including using XBRL tagging to analyze disclosures in a large number of filings. As part of that work, we looked at over 2,400 inline XBRL disclosures. We also conducted a more detailed review of PVP disclosure in a random sample of proxy statements across industries, and in some instances issued future (i.e., forward-looking) comments.

As with any new rule, we were not looking to play “gotcha.” At the same time, given the forward-looking orientation of our comments in the first year, we also don’t see the first season as establishing a settled market practice. Based on our review of PVP disclosures, we were able to observe some of the more obvious disclosure issues in complying with the new rule and identify areas where staff observations, through comments and compliance and disclosure interpretation (C&DIs), could be helpful to the registrant community and ultimately to investors. In response to questions and comments after the PVP rule adoption, and in response to issues we saw in our review, we ended up publishing a number of C&DIs on the PVP rules.[6] We hope registrants and their advisors find these useful as they prepare or adjust their disclosure for this current year.

The staff in the Disclosure Review Program also plays an integral role in facilitating capital formation through their reviews of registration statements. The Division staff selectively reviews filings made under the Securities Act, the Exchange Act, or pursuant to Regulation A to monitor and enhance compliance with the applicable disclosure and accounting requirements. In fiscal year 2023, the SEC received over 2,200 registration statements, including initial public offerings and follow-on offerings, which collectively sought to register the offer and sale of approximately $1 trillion of securities.

To close out the discussion of 2023, I want to talk about transparency, and our engagement with companies as we sought to drive better disclosure last year. While we do not publicly disclose the criteria we use to select a company or filing for review, we do understand the importance of transparency in our comment process. Once our review is complete, we publicly disseminate, via the Commission’s Electronic Data Gathering, Analysis, and Retrieval system (EDGAR), both our comment letters and the company’s response to those letters. However, it is important to keep in mind those comments are tailored to a company’s specific facts and circumstances and do not necessarily apply to other filings. As a result, we have put an emphasis on using a multi-pronged approach to communicating, especially as it relates to emerging disclosure issues that may be relevant to a critical mass of issuers or investors.

Recently, we have issued Sample or Dear Issuer letters and other “one-to-many communications” on topics such as China-related matters (which builds on a previous Dear Issuer Letter and other staff statements we have issued over the past several years), as well as on disruptions in crypto markets and data-tagging. These letters often focus on emerging issues and are designed to better help companies understand what disclosures might be required under existing disclosure rules in order to help ensure that investors are receiving information they need to make informed investment and voting decisions.

We will keep doing this sort of work – analyzing emerging issues, thinking about what disclosures might be required under our existing rules, and communicating with the public.

Finally, I’d like to briefly touch on our disclosure priorities for 2024, which we will discuss more during this Workshop.

Certain financial reporting topics, especially areas that involve judgment or where the Financial Accounting Standards Board or the International Accounting Standards Board have recently issued accounting standards, are generally areas of particular focus. Examples of these areas include:

  • Segment reporting, including compliance with new U.S. GAAP disclosures effective in annual periods beginning after December 15, 2023;
  • Compliance with non-GAAP regulations and rules;
  • Critical accounting estimates disclosure in MD&A; and
  • Disclosures related to supplier finance programs in the notes to the financial statements and any related information in MD&A.

In addition to those financial reporting topics, I anticipate that many of the disclosure priorities from 2023 will continue through the upcoming year.

  • We will continue our focus on China-Based Companies and eliciting disclosure from companies on material risks they face from the PRC government intervening in, or exercising control over, their operations in the PRC.
  • While it appears that inflation is beginning to come down, this is not the time for issuers to revert to boilerplate disclosures. Any material ongoing impacts should be disclosed and we ask companies to not just note high level trends, but discuss the more particularized risks and impacts on their specific company.
  • Given the market disruptions in the banking industry that began about a year ago, we will be continuing to take a close look at updated disclosures related to interest rate risk and liquidity risk.

There will be some new additions to our priorities as well, many of which you may have already heard us mention in recent conferences or seen through the comment letter process, such as artificial intelligence and potential exposure due to changes in the commercial real estate market.

We are also tracking how companies are navigating the disclosure requirements resulting from newly adopted rules including, clawbacks,[7] SPACs,[8] and cybersecurity.[9] Thank you for allowing me to speak with you this afternoon about the hard work that our disclosure operations staff continue to do.

Disclosure Priorities

Artificial Intelligence

Over the last year, we have observed a significant increase in the number of companies that mention artificial intelligence in their annual reports. These companies often discussed the topic in the risk factors or description of business sections, or both. There are also a number of companies that discuss the topic in their management’s discussion and analysis (MD&A).

As companies incorporate the use of artificial intelligence into their business operations, they are exposed to additional operational and regulatory risks. A number of existing rules or regulations may require disclosure about how a company uses artificial intelligence and the risks related to its use, including disclosure in the description of business section, risk factors, MD&A, the financial statements, and the board’s role in risk oversight. In 2024, the Division staff will consider how companies are describing these opportunities and risks, including, to the extent material, whether or not the company:

  • clearly defines what it means by artificial intelligence and how the technology could improve the company’s results of operations, financial condition, and future prospects;
  • provides tailored, rather than boilerplate, disclosures, commensurate with its materiality to the company, about material risks and the impact the technology is reasonably likely to have on its business and financial results;
  • focuses on the company’s current or proposed use of artificial intelligence technology rather than generic buzz not relating to its business; and
  • has a reasonable basis for its claims when discussing artificial intelligence prospects.[10]

Disclosures by China-Based Companies

In the last several years, the Division staff has published Dear Issuer Letters regarding the disclosure obligations of China-Based Companies.[11] The letters address an array of disclosure issues, including those related to the variable interest entity (VIE) structure, the reliability of financial reporting, the regulatory environment in China, and corporate governance matters. The Division staff will continue to focus on these and other emerging risks these companies face in 2024.

The Division staff noted, in the context of the Commission’s rules under the HFCAA, that it monitored disclosures by certain China-Based Companies and provided additional guidance where appropriate. As part of its filing review process, the Division staff also issued comments to China-Based Companies to enhance their compliance with disclosure obligations under the federal securities laws. The Division continues to believe that companies should provide more prominent, specific, and tailored disclosures about China-specific matters so that investors have the information they need to make informed investment and voting decisions.

Commercial Real Estate

Banks with significant commercial real estate (CRE) exposure and real estate investment trusts (REITs), including office and retail REIT sub-sectors, are subject to several CRE risks, including heightened vacancy rates, elevated interest rates, extended loan maturities, and increased loan delinquencies. While these risks are not new,[12] in light of increased attention on these risks, the Division staff has been considering, and will continue to consider how, among other matters:

  • banks are disclosing disaggregation of loan portfolio characteristics, geographic and other concentrations, loan-to-value ratios, loan modifications, nonaccrual loan policies, policies around timing, frequency and sources of appraisals, and risk management; and
  • office and retail REITs are describing default risks or liquidity issues and any mitigating efforts, debt maturity and lease term schedules, trends in lease renewals, major tenant rollovers, financial viability of tenants, property dispositions, asset impairments, and tenant receivables.

We would encourage companies to consider other areas of their disclosures where more granular information could be provided to improve investors’ understanding of the material risks inherent in the company’s CRE or other loan portfolios and any mitigating steps they are taking to address those risks.[13] Companies should also keep in mind that other types of industries outside of banks and REITs could be impacted by the current CRE environment, and they should continue to re-evaluate these disclosures as the interest rate environment changes.

Recently Adopted Rules

The Division staff will review disclosures made pursuant to certain recently adopted rules to assess compliance, provide guidance to companies, and improve disclosures for investors.

Cybersecurity

On July 26, 2023, the Commission adopted new rules to enhance and standardize disclosures regarding cybersecurity risks and incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934.[14] The new rules have two main components:

  • Disclosure of material cybersecurity incidents in Item 1.05 of Form 8-K.
  • Annual disclosure of cybersecurity risk management, strategy, and governance matters.

In addition, in December, the Division issued a C&DI which clarified that consultation with the Department of Justice regarding a cybersecurity incident does not necessarily result in the determination that the incident is material, and noted that the requirements of Item 1.05 do not preclude a registrant from consulting with the Department of Justice, including the FBI, the Cybersecurity & Infrastructure Security Agency, or any other law enforcement or national security agency at any point regarding the incident, including before a materiality assessment is completed.[15]

Further, I issued a statement in December that, among other things, “encourag[ed] public companies to work with the FBI, CISA, and other law enforcement and national security agencies at the earliest possible moment after cybersecurity incidents occur” and stated “I believe this timely engagement is in the interest of investors and the public.”[16]

The Division staff will review both current reports about material cybersecurity incidents and selected annual disclosures to assess compliance with the rules, provide guidance, and improve disclosures.

Clawbacks

On October 26, 2022, the Commission adopted new rules mandated by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, which direct national securities exchanges to adopt listing standards that require listed companies to develop and implement a policy providing for the recovery of erroneously awarded incentive-based compensation received by current or former executive officers (a Clawback Policy) and to disclose such policy.[17]

The Division staff will review disclosures to confirm the filing of the Clawback Policy and to assess disclosures when a recovery analysis is triggered.

Pay Versus Performance[18]

Consistent with the remarks above concerning pay versus performance disclosures, in 2024, the Division staff will continue its efforts to monitor disclosures made in response to this rule requirement and issue comments as necessary to improve disclosures. As it did in 2023, the Division staff will continue to leverage machine-readable data to make preliminary assessments of compliance with the rules.

Universal Proxy

On November 17, 2021, the Commission adopted rules requiring parties in a contested election to use universal proxy cards that include all director nominees presented for election at a shareholder meeting.[19]

The Division staff is committed to helping ensure the smooth implementation of these important new rules and answering interpretive questions ahead of the proxy season. Since the universal proxy rules were adopted, the Division has published several C&DIs addressing questions soliciting parties had about the new universal proxy rules and related disclosures.[20] In 2023, the first proxy season with universal proxy cards, the rules generally worked well, and there was no significant change in the number of proxy contests. In 2024, the Division staff will continue to review proxy contest filings to assess compliance with the universal proxy rules and improve disclosures regarding shareholders’ voting options.

Beneficial Ownership Reporting

On October 10, 2023, the Commission adopted amendments to modernize the rules governing beneficial ownership reporting.[21] The Division staff is closely monitoring the implementation of these new rules.

The Division staff will review selected beneficial ownership reports to assess compliance with the new, shortened filing deadlines and issue comments as necessary to improve required disclosures.

ENDNOTES

[1] A live stream of The SEC Speaks in 2024 event is available at both https://www.sec.gov/news/upcoming-events/sec-speaks-2024 and https://www.pli.edu/sec-speaks-2024.

[2] Pub. L. No. 116-222, 134 Stat. 1063 (Dec. 18, 2020).

[3] Holding Foreign Companies Accountable Act Disclosure, Release Nos. 34-93701; IC-34431(Dec. 2, 2021) [86 FR 70027 (Dec. 9, 2021)].

[4] Id.

[5] Pay Versus Performance, Release No. 34-95607 (Aug. 25, 2022) [87 FR 55134 (Sep. 8, 2022)] (“PVP Adopting Release”).

[6] See Regulation S-K C&DIs, Sections 128D and 228D, available athttps://www.sec.gov/divisions/corpfin/guidance/regs-kinterp.htm (“PVP C&DIs”).

[7] Listing Standards for Recovery of Erroneously Awarded Compensation, Release Nos. 33-11126; 34-96159; IC-34732 (Oct. 26, 2022) [87 FR 73076 (Nov. 28, 2022)] (“Clawbacks Adopting Release”).

[8] Special Purpose Acquisition Companies, Shell Companies, and Projections, Release Nos. 33-11265; 34-99418; IC-35096 (Jan. 24, 2024) [89 FR 14158 (Feb. 26, 2024)].

[9] Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, Release Nos. 33-11216; 34-97989 (July 26, 2023) [88 FR 51896 (Aug. 4, 2023)] (“Cybersecurity Adopting Release”).

[10] See, e.g., 17 CFR 229.10(b). See also Chair Gary Gensler, “AI, Finance, Movies, and the Law” Prepared Remarks before the Yale Law School, Feb. 13, 2024, available athttps://www.sec.gov/news/speech/gensler-ai-021324.

[11] Sample Letter to China-Based Issuers, Dec. 2021, available athttps://www.sec.gov/corpfin/sample-letter-china-based-companies; and Sample Letter to Companies Regarding China-Specific Disclosures, July 2023, available athttps://www.sec.gov/corpfin/sample-letter-companies-regarding-china-specific-disclosures.

[12] See, e.g., CF Disclosure Guidance: Topic No. 5, Apr. 20, 2012, available athttps://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic5.htm#:~:text=Disclose%20the%20relevant%20thresholds%20they,changes%20in%20charge%2Doff%20policies.; and Sample Letter Sent to Public Companies on MD&A Disclosure Regarding Provisions and Allowances for Loan Losses, Aug. 2009, available athttps://www.sec.gov/divisions/corpfin/guidance/loanlossesltr0809.htm.

[13] We would also encourage companies to review their critical accounting estimates and revise their disclosures accordingly, to communicate changes in any specific estimate, input and/or assumption(s), as well as the various judgments and determinations contemplated by management as part of this process.

[14] See Cybersecurity Adopting Release.

[15] See Exchange Act Form 8-K C&DIs, Question 104B.04, available athttps://www.sec.gov/divisions/corpfin/guidance/8-kinterp.htm#104b.04. See also Exchange Act Form 8-K C&DIs, Section 104B, available at https://www.sec.gov/divisions/corpfin/guidance/8-kinterp.htm#104b.04.

[16] Erik Gerding, Director, Division of Corporation Finance, Cybersecurity Disclosure (Dec. 14, 2023), available at https://www.sec.gov/news/statement/gerding-cybersecurity-disclosure-20231214#_ftnref15.

[17] Clawbacks Adopting Release. See also Exchange Act Rules C&DIs, Section 121H, https://www.sec.gov/divisions/corpfin/guidance/exchangeactrules-interps.htm.

[18] See PVP Adopting Release. See also PVP C&DIs.

[19] Universal Proxy, Release Nos. 34-93596; IC-34419 (Nov. 17, 2021) [86 FR 68330 (Dec. 1, 2021)].

[20] Proxy Rules and Schedules 14A/14C C&DIs, Section 139. Rule 14a-10, available athttps://www.sec.gov/corpfin/proxy-rules-schedules-14a-14c-cdi.htm.

[21] Modernization of Beneficial Ownership Reporting, Release Nos. 33-11253; 34-98704 (Oct. 10, 2023) [88 FR 76896 (Nov. 7, 2023)].

These remarks were delivered by Erik Gerding, director of the Division of Corporation Finance at the U.S. Securities and Exchange Commission, during a Division of Corporation Finance panel discussion at the 2024 SEC Speaks Conference held on April 2, 2024, in Washington, D.C.