On November 13, 2024, during the Practicing Law Institute’s 56th Annual Institute on Securities Regulation, a panel of experts discussed recent disclosure developments for public companies. The main topics of discussion included Insider Trading Policies and 10b5-1 Plans, Non-GAAP Measures, Cybersecurity, and ESG.

Navigating the Updated SEC Rules for 10b5-1 Plans

The SEC’s recent amendments to Rule 10b5-1, aimed at tightening regulations on trading plans for company insiders, took effect last year.

Practical Impact on Company and Insider Practices

Despite initial concerns, many companies have observed minimal change in day-to-day operations.  Companies continue to operate as they did before, but with a heightened emphasis on implementation of formalized disclosure controls and procedures to track and report 10b5-1 plans accurately.  The panel recommended that companies proactively discuss and align their approaches to cooling-off periods and other compliance measures with their treasury and finance teams, as well as their CFOs.

Option Grant Practices and New Disclosure Requirements under Item 402

Item 402(x) of Regulation S-K requires companies to disclose option grants made to named executive officers either within four business days before or one business day after filing a 10-K, 10-Q or a Form 8-K that contains material non-public information (MNPI).  Concerns initially arose that the requirement to disclose such grants would place companies under increased scrutiny. However, most companies are opting to maintain their existing option grant schedules, with a narrative disclosure explaining that they do not time their grants around MNPI disclosures. This approach has led most companies to refrain from adopting a policy, opting instead to document existing practices.

Disclosure Requirements under Item 408

Under Item 408(b) of Regulation S-K, companies are required to file their insider trading policies as exhibits to Form 10-K. For those companies that have not already filed their policies, the panel suggested some tips to ensure the policies are ready for public scrutiny, including reviewing and removing any internal company jargon, administrative details, or personally identifiable information (e.g., compliance officer contact details) from the policy, and considering the treatment of other materials referred to in the insider trading policy, such as FAQs and similar documents. Companies should also be mindful of the requirement that they disclose whether their insider trading policies apply to the company’s own transactions in its securities, and consider including a provision in the policy to address this concern.

Non-GAAP Measures

The SEC’s comment letters continue to focus intensively on non-GAAP measures. Companies are focused on strict compliance with Reg G and Item 10(e) requirements, ensuring that GAAP measures maintain “equal or greater prominence” relative to non-GAAP figures. Key considerations include accurate reconciliation from GAAP to non-GAAP measures, consistent application of exclusions across reporting periods, and a clear explanation of the value of non-GAAP metrics to both investors and management.  New non-GAAP adjustments or tailored metrics should be carefully vetted with the audit and disclosure committees to preempt potential SEC concerns. While companies may see a shift in the enforcement tone as new leadership influences the SEC’s approach, vigilance around these disclosures remains crucial.

Cybersecurity Disclosures

The SEC has recently increased its focus on cybersecurity disclosures, issuing comment letters instead of broader guidance or “Dear CFO” letters. A key area of scrutiny has been the adequacy of disclosures regarding management’s cybersecurity expertise, including detailed qualifications and oversight responsibilities. Other areas of comment include the adequacy of disclosures about third-party risk, enterprise risk management integration, and board oversight of cybersecurity and data privacy risks. Companies should consider collaborating closely with their Chief Information Security Officer (CISO) to ensure that disclosures are robust and specific.

ESG Disclosures

As the United States prepares for a shift in presidential administrations, the path forward regarding ESG disclosures has become less clear. The SEC’s final rule requiring registrants to provide certain climate-related information in their registration statements and annual reports remains under a voluntary stay by the SEC as it defends the final rule from various legal challenges. The future of that rule, including whether the incoming SEC leadership will continue defending the rule, is uncertain. However, even without an effective climate-related disclosure rule from the SEC, public companies will still need to consider disclosure developments in California, Europe, and other jurisdictions as applicable, and should be mindful of the accuracy of any environmental claims they make in their disclosures.