From the Public Company Advisory Group of Weil, Gotshal & Manges LLP Weil, Gotshal & Manges LLP January 17, 2018 Heads Up for the 2018 10-K and Proxy Season: Key Issues for the Audit Committee By Catherine Dixon, P.J. Himelfarb and Ellen Odoner Audit committees have a lot on their collective plate as 2018 unfolds. The importance of their oversight role under the federal securities laws has been magnified by the sweeping changes in U.S. federal tax law and accounting standards, which either became effective on January 1, 2018, or loom on the near horizon. Investor and regulatory perceptions of audit committee and management performance in the New Year may turn, in significant part, on how effectively companies implement certain New GAAP standards (primarily revenue recognition and leases) and apply existing GAAP in a disruptive global environment. Other areas of audit committee oversight responsibility likely to attract critical scrutiny this year include the impact of tenure on the independence of the outside auditor, cybersecurity risk management and disclosure, and the perennial SEC hot button, management’s use of non-GAAP financial measures to communicate with investors. In this Alert, we discuss the audit committee’s oversight responsibilities in each of the following areas: ● Transition to the new revenue recognition standard and other New GAAP ● Disclosure and accounting implications of the new federal tax legislation ● Accounting for loss contingencies ● Use of non-GAAP measures ● Cybersecurity risk management and disclosure ● Disclosure of auditor tenure and other changes in the auditor’s report Governance & Securities Weil, Gotshal & Manges LLP January 17, 2018 2 Oversight: Transition to the New Revenue Recognition Standard and Other New GAAP FASB's sweeping new revenue recognition standard, Accounting Standards Codification (ASC) 606, took effect for calendar-year reporting companies on January 1, 2018. Spurred on by the PCAOB as well as senior SEC staff accountants, we expect independent auditors to make their clients' readiness to implement the new standard an important focus of this year's integrated audit of financial statements and internal control over financial reporting (ICFR). Audit committees, already charged by the SEC with keeping a watchful eye on their companies' new GAAP implementation efforts, should prepare for this topic to figure prominently in their year-end dialogue with the auditor. A related area of focus for audit committees is disclosure -- both in the upcoming Form 10-K, and to the markets -- about the expected qualitative and quantitative effects of adopting ASC 606 on the company's consolidated financial statements. As outlined in our Alert available here, the SEC staff has offered detailed guidance for required transition disclosures in the financial statement footnotes and MD&A. For the many companies that took a cautious approach in responding to this guidance in financial reports for the first three quarters of 2017, this year's 10-K will be the culmination of their SEC-mandated transition disclosure. SEC Chief Accountant Wesley Bricker has emphasized that the final pre-adoption report may be the occasion for companies that have not done so before to provide more qualitative and perhaps also quantitative information in keeping with the guidance. Companies also should address in the 10-K any material changes in ICFR made during Q4 to prepare for adoption of the new standard.1 Finally, audit committees and management alike should be prepared for the auditor's heightened scrutiny of the forgoing disclosures prompted by PCAOB admonitions in a recent Staff Alert, available here. In addition to overseeing disclosure in the upcoming Form 10-K, audit committees of companies that expect ASC 606 to have a material financial impact on the company as a whole, or on a reporting segment, should review with management the company's investor communications strategy. For an instructive example of how one company with a June 30 fiscal year-end, Microsoft, "bridged" the new and old ways of recognizing revenue via an extensive multimedia investor presentation that followed (by one day) the filing of its final pre-adoption 10-K containing detailed qualitative and quantitative transition disclosures, see our Alert available here. Audit committees will find no rest for the weary once their companies adopt the new revenue recognition accounting standard. SEC and PCAOB staff scrutiny has been expanding beyond revenue recognition to cover the transition to other important U.S. GAAP standards whose effective dates are rapidly approaching – leases (ASC 842, effective January 1, 2019, for calendar–year reporting companies) and credit losses (ASC 326, effective January 1, 2020, for calendar-year reporting companies) – which, together with revenue recognition, Chief Accountant Bricker has termed the “New GAAP.”2 Oversight: Application of Existing GAAP in Light of the New Tax Act With the December 22, 2017 enactment of the Tax Cuts and Jobs Act (the Tax Act) come numerous questions for preparers of corporate financial statements regarding the anticipated financial and operational effects of far-reaching federal tax reform that became effective on January 1, 2018. The uncertainty arising from the complex new statutory provisions that (among other things) reduce the corporate tax rate to 21%, create a territorial tax system and impose a mandatory, one-time tax on the foreign earnings of U.S.-based corporations, has been amplified for many calendar year-end companies by the speed with which the legislation was enacted and the proximity of the enactment date to the December 31 fiscal year-end. To assist companies in addressing the implications of the Tax Act under considerable time pressure, the SEC has published two-pronged staff guidance on income tax accounting and related disclosures, available here. ● Staff Accounting Bulletin No. 118. SAB 118, available here, addresses the application of relevant U.S. GAAP by companies preparing an initial accounting of the income tax effects of the Tax Act in situations where the company “does not have the necessary information available, prepared or analyzed (including computations) in reasonable detail to complete the accounting under [FASB’s] ASC Topic 740” by the time the financial statements for the reporting period (annual or quarterly, as the case may be) that includes the December 22, 2017 Governance & Securities Weil, Gotshal & Manges LLP January 17, 2018 3 enactment date are issued. In these situations, SAB 118 allows companies to use a more flexible “measurement period” approach that will expire on the first anniversary of the Tax Act (December 22, 2018). Under the SAB’s analysis, a company that is unable to complete the ASC 740-prescribed accounting for all or some of the income tax effects of the Tax Act for the current period – which could entail, for example, the calculation of the amount of taxes payable for this period and/or the determination of the amount and timing of recognition of deferred tax assets or deferred tax liabilities – would report “provisional amounts” derived from “reasonable estimates” in their SEC-filed financial statements (with subsequent adjustments as necessary during the remainder of the “measurement period”). With respect to those income tax effects for which a reasonable estimate cannot be determined, the company would not have to disclose provisional amounts, but instead would apply ASC 740 based on the federal tax laws in effect immediately before the Tax Act was signed into law. Certain explanatory disclosures also would be required, presumably in the financial statement footnotes and MD&A. Last but not least, any provisional amounts (or adjustments to provisional amounts) included in a company’s financial statements during the temporary measurement period “should be included in income from continuing operations as an adjustment to tax expense or benefit in the reporting period in which the amounts are determined.” ● New Form 8-K Compliance and Disclosure Interpretation 110.02. New Form 8-K C&DI 110.02, available here, clarifies how companies relying on the SAB 118 “measurement period” approach should analyze the Form 8-K, Item 2.06 “material impairment” disclosure obligation relating to tax assets whose value may be affected under the new federal tax regime. In brief, a company’s re-measurement of a deferred tax asset to incorporate the effects of the Tax Act in accordance with SAB 118 “is not an impairment under ASC Topic 740” that must be disclosed under Item 2.06 of Form 8-K. As noted in the new C&DI, however, those companies applying SAB 118 that conclude a material impairment of a tax asset has (or may have) occurred during the reporting period, solely as a result of the Tax Act’s enactment, may defer disclosure of this impairment (or a provisional amount relating to a possible impairment) until the filing of its next periodic report, in reliance upon this Instruction to Item 2.06: “No filing is required under this Item 2.06 if the conclusion [regarding material impairment] is made in connection with the preparation or review of audited financial statements required to be included in the next periodic report due to be filed under the Exchange Act, the periodic report is filed on a timely basis and such conclusion is disclosed in the report.” Although not specifically mentioned in the staff’s Tax Act-related guidance, audit committees and management alike should keep in mind that the Tax Act’s impact on income tax accounting, whether viewed in isolation or in conjunction with the adoption of ASC 606 effective January 1, 2018, may put the design of their company’s ICFR to the test. As a member of the SEC’s accounting staff explained, in an early December 2017 speech discussing the potential for substantial ICFR changes arising from implementation and adoption of the New GAAP, “[a] key feature of an effective system of internal control is its ability to adapt timely to changes that, if not addressed, may impact the company’s ability to achieve” a critical objective of ICFR, which is “’to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP.’”3 The SEC accounting staff believe that Principle #9 of the 2013 COSO Framework, which offers guidance on adapting the ICFR risk assessment process to significant, complex or unusual transactions, is particularly relevant for the many companies now grappling with the “double whammy” of ASC 606 adoption and the Tax Act’s implications for income tax accounting. Some companies began to release preliminary estimates of the expected income tax effects of the Tax Act on, or shortly after, the date of enactment, typically pursuant to either an Item 7.01 or 8.01 Form 8-K. For the most part, companies that have done so have been careful to include cautionary statements regarding the preliminary nature of their estimates. Companies that provide such disclosures after the close of an annual or quarterly reporting period, but prior to filing their next periodic report due in early 2018, should keep in mind that a duty to disclose under Item 2.02 of Form 8-K may arise if any of the information thus disclosed relates to financial results for the completed period. Governance & Securities Weil, Gotshal & Manges LLP January 17, 2018 4 There is another SEC disclosure compliance point to keep in mind, if a company plans to disseminate financial information to the markets in advance of filing the Form 10-K (or 10-Q) for the completed reporting period that includes the date of the Tax Act’s enactment. The use of non-GAAP measures in such “informal” communications – whether to back out estimated tax expenses or otherwise update previously delivered earnings guidance -- potentially implicates Regulation G and Item 10(e) of Regulation S-K. This would not be the case, however, if the company doesn’t “do the math” and only provides estimated or provisional amounts that have been determined in accordance with ASC 740 as recently interpreted by the SEC staff in SAB 118. More on the topic of non-GAAP financial measures, below. Because we anticipate that SEC Division of Corporation Finance staff will examine and comment on many of these disclosures in connection with the staff’s regular Sarbanes-Oxley reviews of periodic reports filed in 2018, we recommend that companies and their audit committees pay special attention not only to the GAAP-mandated accounting and disclosures required in financial statements as part of periodic reports filed with the SEC – regardless of whether the company takes the flexible approach to ASC 740 application permitted by SAB 118 -- but also to the need for careful analysis and drafting of any necessary risk factor and MD&A “known trends, events and uncertainties” disclosures in the body of their periodic reports. For many large U.S. companies with multinational operations, income tax accounting likely will qualify this year as a “Critical Accounting Estimate” for MD&A disclosure purposes. Oversight: Application of Existing GAAP to Material Loss Contingencies With all the regulatory attention being paid to New GAAP transition issues and the accounting and disclosure implications of federal tax reform, it may be tempting to assume that the SEC staff will be less focused in the coming year on such perennial GAAP “hot button” issues as the recognition and disclosure of material loss contingencies under ASC 450-20. Nothing could be further from the truth if the past year is any guide, as evidenced by Division of Corporation Finance staff comment letters and a notable SEC enforcement proceeding brought against General Motors for failing to devise and maintain a sufficient system of internal accounting controls for material loss contingencies. From the perspective of the Division of Corporation Finance’s accounting staff, the quality of pre-accrual disclosures required in the financial statement footnotes when a particular loss contingency is “reasonably possible” (more than “remote” but less than “probable”), is just as important as the recognition of a loss once it becomes “probable” and the amount of the loss (or a range of losses) can be “reasonably estimated” and an accrual made. As reflected in Division comment letters, the staff may issue a comment where a material charge is taken for the reporting period in which a previously undisclosed governmental investigation is resolved with the company’s agreement to pay a large fine, without any advance warning in prior-period SEC filings.4 Another situation that may trigger a staff comment arises when a company’s loss contingencies footnote indicates that an estimate of a “reasonably possible” loss (or range of losses) cannot be determined. The following comment is illustrative of the latter situation: “With respect to the cyber-security incident and related assessments, please tell us your consideration of the requirement in ASC 450- 20-50-4.b to disclose an estimate of the [reasonably] possible loss or range of loss or to disclose that such an estimate can not be made.” SEC enforcement proceedings in the accounting area also offer useful guidance with respect to the SEC’s view of GAAP compliance. This was the case when, without an admission or denial of culpability, General Motors agreed last year to pay a $1 million penalty to settle SEC charges that deficient internal accounting controls prevented the company from properly assessing the potential impact on its financial statements of a defective ignition switch found in some of GM’s vehicles. Specifically, the SEC’s administrative cease-and-desist order, available here, indicates that for a period of 18 months, GM’s controls for loss contingencies were focused on accrual for probable losses resulting from possible vehicle recalls, but did not ensure that information regarding reasonably possible losses stemming from such recalls could be evaluated in a timely manner by the appropriate GM personnel in accordance with ASC 450. Governance & Securities Weil, Gotshal & Manges LLP January 17, 2018 5 Oversight: Use of Non-GAAP Financial Measures Financial executives are now confronting the challenges of how best to explain the financial effects on their companies of the proverbial “perfect storm” -- New GAAP adoption and sweeping federal tax law changes -- in the non-GAAP terms the markets demand. As emphasized by SEC Chief Accountant Bricker in a notable 2017 speech aimed primarily at corporate audit committees, available here, these challenges heighten the importance of the audit committee’s financial reporting oversight role with respect to management’s key judgments and assumptions in both the GAAP and non-GAAP spheres. Prodded by the PCAOB, the outside auditors likely have already begun to discuss these issues with audit committees and responsible management. For all these reasons, we anticipate that the SEC’s accounting staff will be paying particularly close attention this year to corporate compliance with the SEC’s rules governing disclosures of non-GAAP financial measures, whether made in periodic reports filed with the SEC, earnings releases furnished under cover of Item 2.02 of Form 8-K, or investor/analyst conference calls and/or presentations. Recent assurances from senior SEC staff accountants at major year-end conferences that the quality of corporate non-GAAP disclosures has improved substantially were tempered by a reminder that the staff will continue to monitor this area and issue comments if questions arise. It is worth noting, in this regard, that compliance with the non-GAAP disclosure rules was the #1 comment raised by the staff in 2017.5 It remains to be seen whether companies adopting ASC 606 this January will follow “early-adopter” Microsoft’s lead and jettison disclosure of non-GAAP revenue measures entirely in 2018.6 Nor do we know yet how Tax Acttriggered changes in income tax accounting under existing GAAP will affect the use of common non-GAAP earnings measures by companies disclosing provisional amounts over the SAB 118 measurement period. Although it is difficult at this early stage to make predictions, we would expect that any company concluding that it will experience a significant gain or loss as a result of tax reform enactment would present its fourth quarter and full fiscal year 2017 earnings on a non-GAAP basis excluding the income tax effects. We shouldn’t have long to wait for these questions to be answered, given that some calendar-year reporting companies have already begun to hold their fiscal 2017 earnings calls. JPMorgan Chase & Co., for example, released its Q4 and full-year fiscal 2017 earnings report, and held a related conference call, on January 12, 2018. As part of a much broader presentation during the call, the company’s CFO indicated that the unaudited results disclosed for the completed Q4 and full-year 2017 periods, respectively, reflect an estimated $2.4 billion decrease in net income, and EPS decline of approximately $0.69, largely driven by a Tax Act-prescribed “deemed repatriation” charge and downward adjustments to the value of tax-oriented investments, which were partially offset by an expected benefit from the revaluation of a deferred tax liability. Net income and EPS figures carving out the estimated Tax Act effects, along with another “significant item,” are identified as non-GAAP financial measures and reconciled to the “reported” or GAAP historical results. As to JPMorgan Chase’s 2018 outlook, the company stated that its adoption of ASC 606 on January 1, 2018, “is expected to increase both FY2018 revenue and expense by [approximately] $1.2 billion, with the vast majority of the impact in AWM [Asset & Wealth Management].” Based on current estimates, the company also noted in its earnings slide presentation that it anticipates that its FY 2018 effective tax rate will be in the neighborhood of 19%, and that tax-equivalent adjustments would decrease both management revenue and managed tax expense (both non-GAAP measures) by about $1.2 billion “on an annual run-rate basis.” Oversight: Cybersecurity Risk Management and Disclosure Because audit committees are often charged by boards of directors with oversight of their companies’ cybersecurity risk management practices,7 they should be aware that SEC Chair Jay Clayton has made cybersecurity an agency priority. As the Chair described it, in late September 2017, the SEC “is focused on identifying and managing cybersecurity risks and ensuring that market participants – including issuers, intermediaries, investors and government authorities – are actively and effectively engaged in this effort and are appropriately informing investors and other market participants of these risks.”8 Division of Enforcement Co-Director Stephanie Avakian subsequently reinforced this message, warning that, while “we have not yet brought a case” involving a cyber- Governance & Securities Weil, Gotshal & Manges LLP January 17, 2018 6 disclosure failure by a public company, and “are not looking to second-guess reasonable, good-faith [corporate] disclosure decisions, … we can certainly envision a case where enforcement action would be appropriate.”9 Consistent with these statements from the top, Division of Corporation Finance staff members have noted that companies should expect the adequacy of cybersecurity-related disclosures, especially in the risk factor and MD&A sections of periodic reports, to be under the staff microscope during the 2018 comment and review process. The Director of the SEC’s Division of Corporation Finance, William Hinman, has advised public companies to continue to apply the Division’s principles-based guidance issued in 2011, available here, in “consider[ing] whether their publicly filed reports adequately disclose information about their risk management and cybersecurity risks, in light of developments in their operations and the nature of current and evolving cyber threats.”10 Recent Division comment letters suggest considerable staff interest in the adequacy of disclosures of potentially material cyber incidents and the nature and scope of cybersecurity risks stemming from the outsourcing of certain business functions. A representative 2017 staff comment states as follows: “Please provide a description of any cyber incidents that you have experienced that are individually, or in the aggregate, material, including a description of the costs and other consequences, and disclose the extent to which you outsource functions that have material cybersecurity risks. Please refer to CF Disclosure Guidance: Topic No. 2.” Director Hinman indicated recently that the staff is considering whether to recommend that the SEC update and expand upon its 2011 guidance. We expect that any updated guidance would re-emphasize the need for risk-related disclosures to be company-specific rather than generic “boilerplate,” and also would take into account the impact of significant technological developments that have occurred over the past six years, such as companies’ increased reliance on use of cloud storage and the phenomenon of ransomware (to name just two of many). Companies should consider whether these factors are relevant for disclosure in their upcoming Form 10-Ks in advance of any formal updating of the SEC guidance. Mr. Hinman has underscored two key “takeaways” from last year’s widely publicized cyber attacks that should inform current corporate compliance practices: First, make sure your company’s disclosure controls and procedures include effective “early-warning” mechanisms for prompt identification of a cyber breach and communication of this information by IT personnel to the appropriate senior personnel within the company who are responsible for assessing the potential materiality of the breach for federal securities law disclosure and insider trading compliance purposes. Second, make sure your insider trading policies and procedures likewise are structured to treat information regarding such incidents as potential “material non-public” information that, pending disclosure to the investing public, could require a company to close an otherwise open trading window for itself, directors and officers, and other relevant “knowledge” insiders. Audit committees charged with oversight of their companies’ cyber risk management initiatives should ensure that they have the necessary time and tools. To this end, we recommend that responsible committees take measures to ensure that they: (a) spend ample time regularly on the adequacy of the cyber risk management framework and processes that senior managers are using to identify, evaluate and mitigate cyber risks; (b) consider carefully whether the committee is comprised of individuals with the optimal mix of skill sets and experiences necessary to understand the company’s evolving cyber risk profile and the effectiveness of management’s risk-mitigation measures; (c) satisfy themselves that internal controls and procedures relating to cyber risk management are monitored to assess ongoing effectiveness in the face of proliferating risks, keeping in mind the possible overlap with ICFR; and (d) engage outside independent experts as needed to advise and/or educate members of the committee. Shareholders will be watching, with some making cyber risk management an engagement priority for 2018. BlackRock’s global head of investment stewardship, Michelle Edkins, had this to say on the subject in an interview published last month: The purpose of our engagement is to understand how the board is overseeing the management approach to cyberrisk, and the extent to which certain members of the board have specific background or expertise. There isn’t necessarily a need to have a cyber director, as it can become Governance & Securities Weil, Gotshal & Manges LLP January 17, 2018 7 very complex if every board member has a specific expertise. It is important that the board knows about the overall approach in protecting the company from a cyberattack and the risk of data loss, about the training of employees on information security. We want to ensure management and the board have a response protocol in case of a breach that is serious or severe. Every company has a technology dimension to its business and we talk about cyber where we think there is a more pronounced risk; for instance, with companies that have significant amount[s] of client data and companies where a cyber breach would be a clear risk to the whole sector.11 Oversight: Disclosure of Auditor Tenure and Other Changes in the Auditor’s Report For most calendar-year reporting companies, the independent auditor’s report on the 2017 audit will reflect the first set of changes required by AS 3101, the new auditor’s reporting standard adopted by the PCAOB and approved by the SEC last Fall. As discussed in our prior Alerts available here and here, the new standard retains the traditional pass/fail opinion but phases in a number of significant changes. A key change in the upcoming audit report will be disclosure of auditor tenure – with the baseline being the first year the auditor began serving consecutively as the company’s auditor. As the PCAOB staff made clear in updated guidance issued on December 28, 2017, available here, the disclosure “should reflect the entire relationship between the company and the auditor” and, thus, should take into account service by the company’s auditor before the company became public, service to the company by predecessors of the auditor and service by the auditor to certain predecessors of the company. Disclosure beyond just the length of tenure is permitted when helpful to a reader’s understanding of the current relationship between the auditor and the company. While the SEC’s proxy rules do not require disclosure of auditor tenure, the impact of tenure on auditor independence and audit quality is an increasing focus of investor concern. This has led many large companies to include disclosure of auditor tenure in their proxy statements and, in particular, for audit committees to articulate in their reports the benefits and independence safeguards they considered in deciding to reappoint a long-tenured auditor. Companies that have not made this disclosure in prior years should consider the merits of doing so in their 2018 proxy statement, in light of the fact that the information on their auditor’s tenure will be highlighted in the new audit report. The most sweeping change to the audit report – disclosure of “critical audit matters” -- will first apply to the 2019 audits of calendar-year large accelerated filers. Despite what seems today to be generous lead-time, audit committees and financial management would be well served to conduct “practice runs” in 2018 to see what issues their auditors would consider to rise to the level of a CAM, and to think about what responses disclosure of a particular CAM might prompt on the part of the company itself. Governance & Securities Weil, Gotshal & Manges LLP January 17, 2018 8 ENDNOTES 1 See Wesley R. Bricker, Chief Accountant, SEC Office of the Chief Accountant, Statement in Connection with the 2017 AICPA Conference on Current SEC and PCAOB Developments (Wash. D.C., Dec. 4, 2017), available here. 2 For a more detailed discussion of the SEC accounting staff’s views on implementation of the New GAAP, with a particular focus on ASC 606, see C. Dixon, E. Odoner and A. Alterbaum, Bridging the New GAAP, INSIGHTS, Vol. 12, No. 12 (December 2017)(“INSIGHTS”). 3 Michal P. Dusza, SEC Professional Accounting Fellow, Remarks before the 2017 AICPA Conference on Current SEC and PCAOB Developments (Wash. D.C., Dec. 4, 2017), available here. 4 Similar facts formed the predicate for a civil case the SEC filed in a Washington, D.C., federal district court against RPM International Inc. and the company’s General Counsel. The SEC’s complaint, filed in September 2016, can be found here. The defendants have disputed the SEC’s charges that they failed to make timely disclosures under ASC 450 of, respectively, a reasonably possible, then probable, material loss contingency relating to a Department of Justice False Claims Act investigation, contrary to the antifraud, reporting, books and records, and internal controls provisions of the federal securities laws. See, e.g., SEC v. RPM International Inc. and Edward W. Moore, __ F. Supp. 3d __, 2017 WL 4358693, Fed. Sec. L. Rep. P99,895 (D.D.C., September 29, 2017) (denial of defense motion to dismiss). 5 See Deloitte & Touche LLP, SEC Comment Letters – Including Industry Insights (November 2017). 6 See INSIGHTS, above. 7 2017 Spencer Stuart U.S. Board Index, at p. 30 (57% of S&P 500 boards of directors allocated cybersecurity risk oversight duties to audit committees). In a March 2017 speech aimed at audit committees and those who advise them, SEC Chief Accountant Bricker struck this cautionary note: “While audit committees may be equipped to play a role in overseeing risks that extend beyond financial reporting, such as cybersecurity and portions of enterprise risk management, I believe it is important for audit committees to not lose focus on their core roles and responsibilities” under the Sarbanes-Oxley Act. Remarks of Wesley R. Bricker, Chief Accountant, SEC Office of the Chief Accountant, before the University of Tennessee’s C. Warren Neel Corporate Governance Center, “Advancing the Role and Effectiveness of Audit Committees” (Knoxville, TN, March 24, 2017), available here. 8 SEC Chairman Jay Clayton, Statement on Cybersecurity (Sept. 20, 2017)(“Clayton Statement”), available here. 9 Speech by Stephanie Avakian, Co-Director, SEC Division of Enforcement, The SEC Enforcement Division’s Initiatives Regarding Retail Investor Protection and Cybersecurity (Washington, D.C., Oct. 26, 2017)(“Avakian Speech”), available here. 10 See Clayton Statement, above; accord Avakian Speech, above. 11 M.L. Stein, BlackRock’s 2018 Focus: Board Diversity, Climate Risk, WSJ Risk & Compliance Journal, Dec. 14, 2017. Governance & Securities Weil, Gotshal & Manges LLP January 17, 2018 9 * * * Please contact any member of Weil’s Public Company Advisory Group or your regular contact at Weil, Gotshal & Manges LLP: Howard B. Dicker View Bio firstname.lastname@example.org +1 212 310 8858 Catherine T. Dixon View Bio email@example.com +1 202 682 7147 Lyuba Goltser View Bio firstname.lastname@example.org +1 212 310 8048 Adé K. Heyliger View Bio email@example.com +1 202 682 7095 P.J. Himelfarb View Bio firstname.lastname@example.org +1 202 682 7208 Ellen J. Odoner View Bio email@example.com +1 212 310 8438 Alicia Alterbaum View Bio firstname.lastname@example.org +1 212 310 8207 Kaitlin Descovich View Bio email@example.com +1 212 310 8103 Erika Kaneko View Bio firstname.lastname@example.org +1 212 310 8434 Reid Powell View Bio email@example.com +1 212 310 8831 Niral Shah View Bio firstname.lastname@example.org +1 212 310 8316 Aabha Sharma View Bio email@example.com +1 212 310 8569 © 2018 Weil, Gotshal & Manges LLP. All rights reserved. Quotation with attribution is permitted. This publication provides general information and should not be used or taken as legal advice for specific situations that depend on the evaluation of precise factual circumstances. The views expressed in these articles reflect those of the authors and not necessarily the views of Weil, Gotshal & Manges LLP. If you would like to add a colleague to our mailing list, please click here. If you need to change or remove your name from our mailing list, send an email to firstname.lastname@example.org.