Looking ahead to 2013, directors, executives and general counsel of public companies can take some solace from the fact that 2012 was not a year in which a large number of significant new disclosure rules or governance requirements were adopted by the U.S. Securities and Exchange Commission (SEC) or the stock exchanges as had regularly been the case in the prior 10 years. Aside from the impact of relaxed securities regulation under the Jumpstart Our Business Startups Act of 2012 (the JOBS Act) applicable to “emerging growth companies,” 2012 has seen the least amount of new disclosure and governance regulation applicable to U.S. public companies since the passage of the Sarbanes-Oxley Act of 2002 launched a decade of steadily increasing regulation of public companies.

Nonetheless, there remains a significant amount of regulation under the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 that is yet to be implemented by many public companies, including compliance processes and disclosures under adopted rules regarding compensation consultants and advisers, conflict minerals and financial swaps. There are also yetto- be-proposed rules that have no deadlines for adoption in Dodd-Frank concerning compensation clawbacks for erroneously awarded compensation (Dodd-Frank Section 954), hedging of company stock by directors and officers (Dodd-Frank Section 955), and additional compensation disclosure regarding pay-for-performance and pay ratios (Dodd-Frank Section 952), which are expected to be at least proposed in 2013. Some of these rules, even those already adopted by the SEC as in the case of conflicts minerals disclosure, pose new challenges to securities and governance counsel and other compliance officials, requiring additional knowledge and skills.

Below is a brief discussion of several items that SEC reporting companies (public companies) should consider as 2013 approaches. These include the following:

  • Updated Proxy Advisory Firm Voting Policies
  • New Compensation Committee Listing Standards and Proxy Disclosure
  • Communications Between Auditors and Audit Committees
  • Dodd-Frank Swap Clearing Exemption for End Users
  • Crisis Management and Sustainability
  • Cyber Security Risks
  • Websites and Social Media
  • Conflict Minerals and Resource Extraction – Evaluation and Reporting
  • U.S. Government Guidance on Foreign Corrupt Practices Act
  • Iran Sanctions Disclosure and Compliance

Compliance practices based on the enhanced public company regulatory regime built during the Sarbanes-Oxley/Dodd-Frank corporate reform decade continue to evolve, accompanied by increased demands of activist shareholders and enhanced roles for third parties, such as proxy advisory firms. Also, as reflected in the discussion below, global macro trends in technology, climate, and political and economic instability require that public companies increase their attention to issues such as cyber security, sustainability, crisis management and risks associated with non-U.S. operations, investments and transactions.

It is clear that the stakes for ensuring compliance with public company responsibilities continue to rise, and not merely as a result of regulatory scrutiny. For example, regarding disclosure, similar to “strike” suits alleging misleading or insufficient disclosure in connection with shareholder approval of M&A transactions, several public companies have recently been sued in actions alleging inadequate disclosure of executive compensation when new or modified compensation plans are put up for shareholder approval, which can possibly delay or disrupt the shareholders’ meeting. Also, the SEC’s new Office of the Whistleblower established in accordance with Dodd-Frank is up and running, and the SEC reported receiving more than 3,000 tips, reporting many to be of “high quality,” in its first year of operation. The SEC also paid its first bounty to a whistleblower in 2012. Such bounties can be as much as 30 percent of the amount of any financial penalties imposed on wrongdoers, providing a strong incentive to potential whistleblowers to report a covered violation of law or regulation to the SEC.

Updated Proxy Advisory Firm Voting Policies

The leading proxy advisory firm, Institutional Shareholders Services (ISS), recently issued its voting policy updates for the upcoming proxy season. In response, boards of public companies need to determine where changes to their governance and compensation practices should be made.

On December 4, 2012, ISS released FAQs further explaining its peer group selection process: Note that in the FAQs, ISS advises that a company that wishes to inform ISS of any changes that the company has made to its peer group (i.e., the group the company used to benchmark CEO pay in 2012) must do so online by December 21, 2012, to ensure ISS utilizes the updated information in its peer group selection process. A link to the electronic form that a company will use to submit a peer group update is available here.

Highlights of the ISS 2013 policy changes relate to board responsiveness to majority supported shareholder proposals, pay-forperformance evaluations (including peer group construction and realizable pay), the hedging and pledging of company stock, and golden parachutes, each further discussed below. ISS also changed its policy regarding proposals to incorporate environmental and social non-financial performance metrics into executive compensation from “vote against” to “vote case-by-case.”

Board Responsiveness. A decision by a board not to respond favorably to a majority supported shareholder proposal will cause more angst for directors under the revised ISS policy. Starting with meetings held in 2014, if a board has failed to take responsive action (either implementing the proposed measure or, when necessary, making a management proposal to implement at the next annual meeting) to a shareholder proposal that received a majority of votes cast, ISS will recommend a vote against or withhold on at least some directors (e.g., those serving on a relevant committee, such as governance or compensation). The prior policy, still in effect for 2013 (which is a reprieve from the modification as proposed, which would have applied the new policy to 2013 meetings), is to recommend a vote against or withhold on the entire board if the board did not take positive action on a proposal that received the support of a majority of outstanding shares in the prior year, or a majority of the votes cast in two of the prior three years.

Pay-for-Performance Evaluation and Peer Group Composition. ISS’s pay-for-performance analysis of a company considers both (i) peer group alignment—the degree of alignment between the company’s total shareholder return (TSR) rank and the CEO’s total pay rank within a peer group, as measured over one-year and three-year periods (weighted 40 percent/60 percent), and the multiple of the CEO’s total pay relative to the peer group median—and (ii) the absolute alignment between the trend in CEO pay and company TSR over the prior five fiscal years, i.e., the difference between the trend in annual pay changes and the trend in annualized TSR during the period.

In response to criticism that the peer group ISS identified for a particular company often had little overlap with a company’s selfselected peer group, ISS in 2013 will adjust the manner in which it chooses a peer group for comparison and will also consider the company’s disclosed peer group in selecting its comparison group. ISS has also refined the manner in which it uses Global Industry Classification Standard (GICS) codes in determining peer groups and will give emphasis to peers that maintain the company near the median of the peer group, have chosen the company as a peer or are in the company’s self-selected peer group. Under the revised policy, ISS has also modified its requirements relating to the sizes of potential peer companies, especially in the case of the smallest and largest companies, and will use revenues instead of assets in making peer determinations for certain financial companies.

If a quantitative analysis suggests a weak pay-for-performance alignment, ISS will conduct a qualitative analysis before finalizing its “say-on-pay” vote recommendation, considering factors such as the following: the overall ratio of performance-based compensation; the rigor of performance goals; peer group benchmarking; actual financial or operating results; and special circumstances, such as the hiring of a new CEO. For large-cap companies, a new factor that may be considered in such a qualitative analysis is “realizable pay as compared to grant pay,” defined in the revised policy as follows:

Realizable pay will consist of the sum of relevant cash and equity-based grants and awards made during a specified performance period being measured, based on equity award values for actual earned awards, or target values for ongoing awards, calculated using the stock price at the end of the performance measurement period. Stock options or stock appreciation rights (SARs) will be re-valued using the remaining term and updated assumptions, as of the performance period, using a Black-Scholes option pricing model. Realizable pay consideration may mitigate or exacerbate a CEO’s pay-for-performance concerns.

ISS notes that consideration of realizable pay might mitigate a pay-for-performance concern in some cases and exacerbate the concern in others. In addition to assessing that outcome in its case, companies that are considering adding realizable pay as additional disclosure to that required in their proxy statements will also want to consider the ISS definition of realizable pay in the event it evolves into a standard for such disclosure.

Pledging and Hedging. The updated ISS policy identifies “hedging of company stock and significant pledging of company stock” by directors and/or executives as examples of “failures of risk oversight.” ISS states that this type of failure, “under extraordinary circumstances,” may result in a vote against or a withhold vote with respect to directors individually, committee members or the entire board. The final policy updates do not call for a negative recommendation with respect to say-on-pay voting, although that had been part of ISS’s draft updates. It is unclear exactly when the pledging of stock will trigger adverse voting recommendations from ISS under its 2013 policy updates. The draft updates stated that any pledging of shares demonstrates a failure of risk oversight. ISS received several comments that appropriately objected to such a rigid policy.

Comments on the draft updates suggested safe-harbor approaches, such as exemptions for de minimis pledges or pledges that are part of a loan where the lender has full recourse against all assets of the executive or director. But ISS instead opted for a substantive, facts-and-circumstances standard. ISS will consider the following factors “in determining vote recommendations for election of directors of companies who currently have executives or directors with pledged company stock”:

  • Disclosure in the company’s proxy statement of an anti-pledging policy that prohibits future pledging activity
  • The magnitude of aggregate pledged shares in terms of total common shares outstanding or market value or trading volume
  • Disclosure of progress or lack thereof in reducing the magnitude of aggregate pledged shares over time
  • Disclosure in the proxy statement that shares subject to stock ownership and holding requirements do not include pledged company stock
  • Any other relevant factors

ISS does not consider pledging at any amount to be a “responsible use of equity.” But the above factors, as well as ISS’s prior practice when a new “problematic pay practice” is added, suggest ISS will allow public companies in many instances to avoid adverse voting recommendations in 2013 by committing not to allow future pledging of company stock and to clean up existing company stock-pledging arrangements over time. However, ISS is taking a more restrictive approach with respect to hedging of company stock. Explanatory notes to the 2013 policy updates state that “any amount of hedging will be considered a problematic practice warranting a negative voting recommendation.” Nothing from the face of the 2013 policy updates suggests that anything less than immediate unwinding of hedging arrangements will be acceptable. However, unwinding derivative securities issued to (or by) third parties might be impossible or impractical. As an interim step, it would be fairly easy to include hedging restrictions in upcoming grants of equity compensation or to impose an anti-hedging policy prospectively.

Some public companies already have self-imposed prohibitions and/or restrictions on pledging and hedging of company stock by executives and directors. Public companies with stock-trading policies that do not already address these transactions, and especially those with management members that in fact have outstanding pledged and/or hedged company stock positions, should consider if any action should be taken before finalizing the 2013 proxy statement in light of ISS’s 2013 policy updates. With respect to any outstanding pledges, companies should consider disclosure regarding the facts listed above to avoid a negative recommendation. In addition, the footnote to the beneficial ownership table that discloses any pledges as required by Item 403(b) of Regulation S-K for a particular individual could include a discussion of the rationale for the pledging of shares.

Golden Parachute Proposals. Dodd-Frank requires a separate shareholder vote on potential golden parachute payments when seeking shareholder approval for certain corporate transactions. Prior ISS policy focused only on new or extended golden parachute arrangements. ISS updated its current policy to include a review of existing change-in-control arrangements with named executive officers and closer scrutiny of the presence of multiple legacy problematic features in change-in-control agreements. The proposed changes will likely result in ISS recommending against an increased number of golden parachute proposals. Companies with pending transactions should consider the combined effect of any existing and proposed golden parachute payments on a vote recommendation by ISS.

Proxy adviser Glass Lewis & Co., LLC, also updated its voting guidelines in November 2012, supplementing its “say-on-pay” guidelines issued in July 2012. On governance issues, the highlights of Glass Lewis’s November updates included board responsiveness, the number of boards on which a company’s CEO serves and exclusive forum provisions. Glass Lewis added a new section to its guidelines on board responsiveness, confirming its practice of scrutinizing the reasons for any vote of 25 percent or more against a board recommendation or in favor of a shareholder proposal, and noted that this policy applies to modifications to the design or structure of the company’s executive compensation programs. With regard to its broad principles applicable to the review of equity compensation plans, Glass Lewis further provided that plans should not count shares in ways that understate the potential dilution or cost to common shareholders, and stated that this refers to “‘inverse’ full value award multipliers.” An inverse multiplier provision counts options or stock appreciation rights as less than one share against total shares available for grant under the plan, meaning more options or stock appreciation rights could be granted than are included in a fungible reserve for issuance under a plan.

In its July 2012 updates regarding compensation evaluations, Glass Lewis modified its selection of peer groups, moving away from a system based on GICS codes, industry sector and location, to an approach (in collaboration with Equilar) based on peers identified by the company and peers of those companies, and various relationships among peer groups, to create through a proprietary algorithm a final comparison peer group. Glass Lewis also modified the metrics considered in its pay-forperformance evaluation to include (still using a three-year weighted average) TSR, change in operating cash flow, earnings per share growth, return on equity and return on assets. Also, Glass Lewis’s updated pay-for-performance model will now consider a three-year (instead of one-year) weighted average of total compensation for the CEO and top five executives.

New Compensation Committee Listing Standards and Proxy Disclosure

On September 25, 2012, the New York Stock Exchange (NYSE) and the Nasdaq Stock Exchange each filed with the SEC proposed amendments to their respective listing requirements regarding compensation committees of listed companies in accordance with the requirements of Section 952 of Dodd-Frank and the SEC’s new Exchange Act Rule 10C-1, which was adopted by the SEC on June 20, 2012. The proposed NYSE listing standards are available here, and the proposed Nasdaq listing standards are available here. The new listing standards, as required by Dodd-Frank and Rule 10C-1, will

  • Enhance independence requirements applicable to members of a compensation committee
  • Specify the compensation committee’s authority to retain compensation consultants, independent legal counsel and other advisers
  • Require the committee’s consideration of the independence of any compensation advisers
  • Specify the committee’s responsibility for the appointment, compensation and oversight of the work of any compensation adviser

The proposed new listing standards regarding independence would be effective on the earlier of a listed company’s 2014 annual shareholders’ meeting and October 31, 2014 (for NYSE companies), or December 31, 2014 (for Nasdaq companies), while the proposed provisions regarding compensation committee authority and the consideration of adviser conflicts would take effect July 1, 2013, for NYSE companies and immediately upon approval for Nasdaq companies.

The SEC’s adopting release for the new rules on listing standards and additional disclosures regarding compensation committee consultant conflicts is available here.

The SEC also added a new disclosure requirement to it proxy rules, which is now effective: new subsection (e)(3)(iv) of Item 407 of Regulation S-K provides that with respect to any compensation consultant that has played a role in determining or recommending the amount or form of executive or director compensation and whose work has raised any conflict of interest, companies are required to disclose the nature of the conflict and how the conflict is being addressed. This is in addition to the existing requirement to disclose information about the use of compensation consultants, including specific information about fees paid to consultants. Public companies must conduct appropriate diligence to determine whether disclosure will be required in their 2013 proxy statements. An instruction to the new provision provides that the following six factors should be considered in determining whether a conflict of interest exists:

  • Whether the compensation consulting company employing the compensation adviser is providing any other services to the company
  • How much the compensation consulting company that employs the compensation adviser has received in fees from the company, as a percentage of that person’s total revenue
  • What policies and procedures have been adopted by the compensation consulting company employing the compensation adviser to prevent conflicts of interest
  • Whether the compensation adviser has any business or personal relationship with a member of the compensation committee
  • Whether the compensation adviser owns any stock of the company
  • Whether the compensation adviser or the person employing the adviser has any business or personal relationship with an executive officer of the company

These are the same factors that the new listing standards required by Rule 10C-1 will require a compensation committee to consider before selecting a compensation consultant, legal counsel (excluding in-house legal counsel) or other adviser.

The conflict of interest disclosure requirements only apply to compensation consultants, and not legal counsel and other advisors to the compensation committee, but the proposed listing standards will require the committee to consider all such potential conflicts when making appointments. In order to determine whether or not a conflict exists, companies will need to solicit information from consultants, counsel and advisors based on these factors and any others the company determines to be relevant. An update to the annual director and officer questionnaire is also advisable to cover relationships that might exist between compensation committee members or executive officers and consultants.

With respect to the proposed listing standards, which the SEC is expected to approve in early 2013, boards will continue to have significant discretion in making independence determinations, but listed companies should assess the independence of their current and prospective compensation committee members under the proposed listing standards. In most cases, especially for NYSE-listed companies, independence determinations previously made will likely be confirmed. Under the proposed Nasdaq standards, however, companies will for the first time be required to have a compensation committee and committee charter, and members of a Nasdaq company compensation committee(as with audit committee members under Sarbanes-Oxley rules) will be prohibited from receiving any compensatory fees from the company other than directors fees and fixed payments for prior services. All listed public companies should begin to consider updates to compensation committee charters that may be needed in anticipation of the revised listing standards.

Communications Between Auditors and Audit Committees

On August 15, 2012, the Public Company Accounting Oversight Board (PCAOB) adopted Auditing Standard No. 16, Communications with Audit Committees, and related amendments to other PCAOB standards. The new standard will establish requirements for communications between the auditor and the audit committee, and is intended to promote additional dialogue between the auditor and the committee on significant audit and financial statement matters.

The new standard, which is directly applicable only to auditors but will necessarily affect audit committees indirectly, is subject to approval by the SEC and is expected to be effective for audits and quarterly reviews for fiscal years beginning on or after December 15, 2012. A copy of the standard as filed with the SEC is available here.

Audit committees should evaluate whether implementation of the new standard will require any changes to the meeting agendas or annual calendar, and whether in due course the audit committee charter should be updated to reflect the new requirements. Companies also should determine how the audit committee will respond to a new requirement that the auditor seek from the audit committee information relating to possible violations of law, in particular with regard to the role the audit committee has with respect to overseeing the company’s compliance program.

The standard also requires communications to and discussions with the audit committee in a timely manner and prior to the issuance of the auditor’s report of detailed information concerning the overall audit strategy, critical accounting polices and practices, critical accounting estimates, significant unusual transactions, difficult or contentious matters, the company’s ability to continue as a going concern, uncorrected misstatements, departures from the auditor’s standards report and other matters arising from the audit.

In addition, the new standard requires the auditor to establish an understanding of the terms of the audit engagement with the audit committee and to record that understanding in an engagement letter annually. The auditor should discuss with the audit committee any significant issues that the auditor discussed with management in connection with the appointment of the auditor, including significant discussions regarding the application of accounting principles and auditing standards. The auditor must communicate to the audit committee the objective of the audit, the responsibilities of the auditor and the responsibilities of management. If the engagement letter is executed on behalf of the company by a party other than the audit committee, or its chair on behalf of the audit committee, the auditor should determine that the audit committee has acknowledged and agreed to the terms of the engagement.

Dodd-Frank Swap Clearing Exemption for End Users

Provisions contained in Title VII of Dodd-Frank apply to SEC reporting companies and their subsidiaries that are derivatives users. Most public companies that use derivatives for hedging and risk management purposes will be regulated as “end users” under Dodd-Frank.1

Evolving Regulations. Although key recordkeeping rules are already in effect, many Dodd-Frank regulations will be issued or phased in during 2013. The SEC and the U.S. Commodities Futures Trading Commission (CFTC) are the key Dodd-Frank derivatives regulators. The CFTC regulates “swaps,” while the SEC regulates “security-based swaps,” and the CFTC and SEC jointly regulate “mixed swaps.”

Broad Applicability. Dodd-Frank applies to public companies that enter into “swaps,” which are defined broadly under new extensive regulations. Neither commodity futures contracts nor sales of non-financial commodities for future delivery (when the parties are commercial users that intend physical delivery) are treated as swaps.

Recordkeeping and Reporting Compliance. All swap users, including end users, must make their records accessible to regulators and must maintain those records for five years after each trade terminates. Most reporting will be done by swap dealers and major swap participants, but swaps between two end users will require an agreement as to which end user will be responsible for the reporting.

Position Limits. Position limit rules had been scheduled to become effective October 12, 2012, for certain designated energy, metal and agricultural commodity products (including futures, options on futures and swaps on these designated products). But on September 28, 2012, the U.S. District Court for the District of Columbia vacated the position limit rules, sending them back to the CFTC on the grounds that Dodd-Frank did not grant the CFTC a clear and unambiguous mandate to set position limits. This requires the CFTC to justify the imposition of position limits before such limits can be reissued. The CFTC may still appeal this decision.

Clearing Requirements and Commercial End User Exemption. All swaps must now be “cleared” if a central clearing counterparty (Derivatives Clearing Organization) is willing to accept the swaps for clearing. In addition, cleared swaps must be traded on either a swap execution facility or a designated contract market. An end user that is not a “financial entity” is eligible for an exemption from mandatory clearing for swaps that it enters into to hedge or mitigate its “commercial risk.” To be eligible for this “end user exemption,” the end user must provide the CFTC with information as to how it will meet its financial obligations. For public companies, the board of directors (or a committee designated by the board) must approve (on an annual basis) the election to enter into uncleared swaps. A company must also demonstrate to its swap counterparties, on a trade-bytrade basis, that it is eligible to elect the end user exemption and that it is hedging or mitigating its commercial risks.

Only “eligible contract participants” can enter into over-the-counter (OTC) swap transactions. To be an eligible contract participant, a corporation must have more than $10 million in assets and $1 million in net worth, or it must have more than $1 million in net worth and it must be engaging in commercial hedging. An end user can still choose, in its sole discretion, to clear its trades even if the end user exemption is available to it.

Documentation. Dodd-Frank also changes the ways in which swap transactions are documented. Regulations dictate the types of collateral that can be taken, and swap dealers and major swap participants face extensive requirements as to how much collateral they must obtain when entering into OTC trades. Although these requirements may not directly apply to trades with exempt commercial end users, dealers and major swap participants may attempt to impose these requirements as “best practices.” End users must also make additional representations to their swap dealers, requiring more recordkeeping and due diligence. There have been efforts toward standardization of documents, such as the International Swaps and Derivatives Association (ISDA) Dodd-Frank Protocol, which can be entered into by end users and dealers to supply required representations and information needed by dealers to comply with CFTC Business Conduct Rules (effective January 1, 2013). ISDA has requested an extension from the CFTC from January 1, 2013, until May 1, 2013.

Possible Action Items.

  • Determine which of the company’s contracts, agreements and transactions are “in” Dodd-Frank as “swaps,” and which ones are “out” of Dodd-Frank. Because of the broad definition of “swaps,” commercial agreements that might not be thought of as “swaps” can be so designated.
  • Determine the company’s entity status as an end user, dealer or “major swap participant”2 and implement procedures for ongoing tracking of that status.
  • If the company is a commercial end user, evaluate the exemption from clearing that is available to end users. If the company wants to take advantage of the end user exemption, prepare to meet all of the requirements, including authorization from the board of directors (or a board-designated committee).
  • Evaluate the new Dodd-Frank recordkeeping and reporting requirements and the company’s current recordkeeping compliance status, and determine and implement any necessary changes.
  • Obtain a legal entity identifier number or CICI number so the company can continue to enter into OTC swaps.
  • Update trading and hedging policies and procedures to reflect the new Dodd-Frank requirements.
  • Update swap documents to meet Dodd-Frank requirements.
  • Monitor CFTC and SEC rulemakings and new developments that might apply to the company’s swap activities.

Crisis Management and Sustainability

It should no longer require a major financial crisis such as followed the Lehman Brothers collapse or a Hurricane Sandy for public companies to assess their preparedness for an unexpected crisis—including events such as an economic emergency, financial restatement, possible FCPA violation, natural disaster, unexpected departure of a key executive, a severe downturn in a company’s business or significant risk prevention failure. Public companies continue to operate in unstable times as demonstrated by the issues that the SEC Staff recently reported it is focused on with respect to company disclosures, including exposure to the European sovereign debt crisis; adverse effects of Hurricane Sandy; costs of foreign cash repatriation and whether companies are appropriately addressing related tax implications; goodwill impairment; non-GAAP measures; cyber security; and loss contingencies.

Questions for public companies to consider include: how to plan for the unknown, what are the critical elements of a well-defined plan, what resources should be readily available and how to manage communications. The legal issues will include governance and disclosure questions, but issues can cross disciplines and can multiply if an initial response is improperly handled. Ethical rules and Sarbanes-Oxley “up the ladder” reporting requirements might also be implicated.

The board of directors must understand that its role when a crisis occurs is crucial, and that how well it responds can make a significant difference in whether the company successfully navigates the challenge presented. The board should have a ready understanding of when a special committee would be appropriate. Also, the board will need to recognize circumstances when senior management, including possibly the CEO, may be unable to lead the crisis management effort because of a conflict or other involvement in the matter at hand. The board should anticipate in advance which advisers it will turn to depending on the kind of crisis that arises, and all board members should understand that a crisis may require that the entire board meet in frequent special sessions to ensure that it is acting responsibly and without unnecessary delay.

The flip side to crisis management is the related challenge of sustainability, i.e., ensuring that the company can not only weather a crisis, but that it thrives and prospers over time in the best long-term interest of its shareholders. Shareholders of public companies are increasingly focused on the issue of sustainability, which is generally understood to refer to both environmental and social issues, and to include corporate social responsibility issues such as political spending and lobbying activities. More than 900 proposals relating to these issues were submitted by shareholders of public companies in 2012, and, as noted above in the section entitled “Updated Proxy Advisory Firm Voting Policies,” in 2013 ISS will for the first time determine its voting on sustainability proposals on a case-by-case basis, and starting in 2014 will issue voting recommendations against directors who do not respond positively to a shareholder proposal that receives a majority of votes cast. Accordingly, public companies should consider their sustainability and social responsibility profile, and the possibility of issuing a report on their efforts on these issues in the future if they do not already do so, as a means of engaging on these issues in a positive manner with their shareholders and with the other constituencies important to the corporate mission.

Cyber Security Risks

FBI Director Robert Mueller said in a speech earlier in 2012 that “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.” Companies cannot afford to ignore the risks of a potential cyber attack, and government officials have said that their experience indicates that most companies are unprepared for such an attack. At a recent securities law conference, Preet Bharara, the U.S. Attorney for the Southern District of New York, said that companies of all kinds must consider the cyber threat and what kind of preventive programs they have in place.

With regard to regulation concerning national security-related cyber threats, which have and will continue to influence practices in the corporate area generally, Democrats in the U.S. Congress have been pushing for increased focus on the issue. In 2011, members of the Senate led by Senate Commerce Committee Chairman Jay Rockefeller (D-WV) petitioned the SEC to issue guidance to public companies regarding cybersecurity disclosure, and in October 2011, the SEC Staff did so. A McDermott advisory regarding this guidance is available here. As awareness of risks continues to evolve and hacking events increase, public companies should re-assess their disclosures under this guidance by conferring with internal and external experts, and by reference to the risk and event disclosures of other public companies.

Cybersecurity legislation in 2012 supported by the Obama administration was criticized by Republicans and the U.S. Chamber of Commerce as unduly burdensome regulation and failed in the Senate. Subsequently, Senator Rockefeller sent a letter to the CEOs of all Fortune 500 companies requesting that they describe their companies’ cybersecurity practices as well as their views on the Chairman’s proposed cybersecurity legislation. Senator Rockefeller has also petitioned the White House to issue an executive order to accomplish many of the objectives of the defeated legislation. President Obama has responded initially by declaring December 2012 to be Critical Infrastructure Protection and Resilience Month to focus attention on cyber security risks and perhaps pressure Congress to act on the stalled legislation. A draft executive order is currently in circulation and receiving stakeholder input.

Companies should not await further federal regulation to set standards for preventive practices, but instead should assess their risks and develop contingency plans in the event of an attack. In the event of an attack, internal and external counsel and technical experts will likely be involved, led by the general counsel and other senior executives, because of the numerous legal and technical issues that might arise, including, to name just a few, protection of confidential information (including information regarding a potential acquisition or divestiture), information technology systems, employee privacy, intellectual property rights and the need to ensure the safekeeping of other corporate assets, the conduct of appropriate investigations and the anticipation of litigation. In most cases of cyber attack, federal, state and local law enforcement should be involved promptly. Public disclosure may be required. The head of the Enforcement Division of the SEC has indicated that if the hacking rises to a material level it must be disclosed, but there is some understanding that the timing of disclosure may need to be managed to avoid greater risk due to premature disclosure. The SEC Staff has also indicated that they believe that if hacking results in a leak of material nonpublic information, the company may have an obligation to address those rumors since the information was sourced from the company, even if illicitly. Special preventive and responsive considerations will apply to the potential or actual leak of information concerning a material M&A transaction given confidentiality duties to a counterparty of such a transaction.

Websites and Social Media

With respect to websites and social media, from a securities law perspective, public companies also must continuously ensure that their business practices stay within legal requirements as the use of various social media platforms continues to expand dramatically. Disclosure via social media may implicate the SEC’s Regulation FD (Fair Disclosure), particularly if communications are made by “authorized persons,” and the insider trading prohibitions of the Securities Exchange Act of 1934.

In 2012 there have been several instances of public company executives releasing non-public information via social media that have raised questions. For example, in December 2012, Netflix, Inc., disclosed in a Form 8-K filing that the company and its CEO, Reed Hastings, each received a “Wells Notice” from the SEC Staff indicating its intent to recommend to the SEC that it commence proceedings against Netflix and Mr. Hastings for violations of Regulation FD and other securities laws in connection with a posting by Hastings on his Facebook page that Netflix members were enjoying more than a billion hours per month of Netflix for the first time. The comment was picked up by the press and widely reported; the company did not issue a press release or file a Form 8-K at the time. The CEO issued a statement filed with the December Form 8-K defending his actions. First, he noted that he thought posting to more than 200,000 people is very public, especially with subscribers including reporters and bloggers. Second, he stated that the company does not currently use Facebook and other social media to get material information to investors. Third, he said he believed that the fact of 1 billion hours of viewing in June 2012 was not “material” to investors, as it had been previously blogged that the company was serving nearly 1 billion hours per month. Finally, the CEO stated that while the stock price rose the day of the Facebook post, the increase started well before the post and was likely driven by a positive research report distributed the evening before.

Under the circumstances described in the CEO’s statements, an SEC enforcement case against Netflix and its CEO would appear to be less than clear cut, but if the case is pursued it possibly offers the SEC an opportunity to better define the parameters of permissible public disclosures using social media. A more problematic case in 2012 that serves as a clear cautionary tale to public companies involved a CFO who reportedly tweeted from his personal Twitter account several days prior to the company’s release of its earnings the following message: “Board meeting. Good numbers=Happy Board.” The company conducted a brief investigation and fired the CFO, noting that he had “improperly communicated company information through social media.”

Public companies should re-assess (or adopt for the first time if necessary) social media policies; provide training on such policies; monitor use of social media; and, if the company does intend that significant public information be disseminated via social media, ensure that the use of these platforms is sufficiently publicized. The mere fact that the use of information technology has dramatically expanded does not mean that the traditional concerns regarding the improper distribution of material nonpublic information has changed or that basic securities law principles have changed. McDermott’s White Paper 'Informal Corporate Disclosure in the Age of Twitter” outlines the securities law aspects of social media and the possible use of social media and company websites for the distribution of corporate information, including a discussion of the most recent comprehensive SEC statement on these issues issued in 2008.

Conflict Minerals and Resource Extraction – Evaluation and Reporting

Pursuant to a mandate in the Dodd-Frank Act, the SEC issued final rules on August 22, 2012, requiring public companies to account for the use in their products of so-called “conflict minerals.” The Dodd-Frank provision seeks to impair funding to groups committing human rights violations in areas of central Africa where these critical minerals are mined.

The new rules require public companies to account for the use in their products of these conflict minerals—including gold, tungsten, tantalum and tin (3T+G)—in order to create greater transparency and accountability from companies that use conflict minerals by requiring them to disclose whether any such minerals were sourced from the Democratic Republic of Congo (DRC) or adjoining countries (the covered countries). Dissenting votes on the new rules were cast by the SEC’s Republican members, who contended that the SEC did not conduct a thorough enough cost-benefit analysis and that the rules could amount to a de facto embargo of covered minerals from the region and may have the unintended consequence of worsening conditions in the DRC by depriving the livelihoods of many affected persons who depend on mining activities.

The U.S. Chamber of Commerce, the National Association of Manufacturers and the Business Roundtable have petitioned the U.S. Court of Appeals for the District of Columbia Circuit to modify or set aside the new rules. Final briefs in the case are not due until March 28, 2013. Accordingly, unless the rules are stayed by the court or the SEC voluntarily (and to date there is no indication that either will happen), companies that are or may be affected should not wait to see if the rules withstand this challenge and should begin to conduct the extensive supply chain diligence that they will be required to commence early in 2013 in order to comply with the reporting requirements of the rules. The first annual reports on new Form SD are due May 31, 2014, and cover activities for the preceding calendar year.

The SEC estimates that approximately 6,000 public companies and 285,000 suppliers (many of which are not public companies) will be affected by the confirmatory diligence that will underlie compliance with the new conflict minerals rules. A public company should not assume the rules do or do not apply to it, regardless of the company’s products or services, because the rules leave many interpretive issues to be resolved. Companies with products that contain conflict minerals necessary to a product’s functionality or production will need to determine whether such conflict minerals originated in the covered countries, develop plans for country of origin due diligence and establish systems to monitor sourcing of these minerals on an ongoing basis.

Under the new rules, an issuer will first need to determine whether it is subject to conflict minerals reporting requirements. Only companies that manufacture or contract to manufacture products for which conflict minerals are necessary to their functionality or production must file the new Form SD. The SEC has declined to define precisely these terms, instead issuing guidance and examples and leaving public companies to make a facts-and-circumstances-specific determination. Companies will need to assess closely any products that utilize 3T+G minerals to determine whether the new filing requirement applies. In determining whether an issuer is subject to the rule, the SEC will look at whether conflict minerals were intentionally included in any of the company’s products, including as ornamentation or decoration, as well as the function the conflict minerals serve in the products and the products’ intended use or purpose. Public companies that “contract for manufacture” of products containing 3T+G could also be subject to the new rules, although, again, the SEC did not define what “contract for manufacture” entails, leaving companies to make another fact-specific determination.

If an issuer does use 3T+G minerals in any of its products, it will be required to conduct a “reasonable country of origin inquiry,” i.e., one that is reasonably designed to determine whether the 3T+G minerals originated in the covered countries or whether they were scrap or recycled. The results of this inquiry must be reported on Form SD as well as on the company’s internet website, the address for which must also be included on Form SD. If the inquiry provides reason to believe that any of the 3T+G minerals originated in the covered countries, the issuer will be required to file and post to its website an independently audited Conflict Minerals Report detailing the steps taken to ensure the 3T+G minerals used in its products did not benefit the militias committing atrocities in the covered countries. Form SD also provides a mechanism for affected public companies to certify that the 3T+G sourced from the covered countries is “conflict-free.” Significantly, the final rules also remove a requirement from the proposed rules that public companies using recycled or scrap 3T+G minerals provide the Conflict Minerals Report. If after its reasonable country of origin inquiry a company cannot determine the origin of the conflict minerals used in its products, it will be allowed to report its products as Conflict Mineral Undeterminable for the first two years of the reporting requirement (four years in the case of companies the SEC designates as “smaller reporting companies”), effectively giving public companies a two- or four-year phase-in period during which to construct supply-chain tracking systems.

Although the new rules will not require any product labeling, the compliance costs to public companies—and to any private companies in their supply chains—will be substantial. The rule effectively requires a full accounting of an entire supply chain, which may be complex or multi-layered, with public companies needing to be able to trace the conflict minerals used in their products back to the smelters where they originated. Because the rules require companies to “file” the new Form SD with the SEC—instead of merely “furnishing” it—failure to comply with the new rules may subject public companies to potential Section 18 liability under the Securities Exchange Act of 1934.

The SEC has also issued final rules on Section 1504 of the Dodd-Frank Act that require public resource extraction companies to publicly disclose, on a project-by-project basis, payments totaling $100,000 or more in a fiscal year that are made to the federal government or foreign governments as they relate to the commercial development of oil, natural gas or minerals. These rules, which have also been challenged in a federal court, will not affect as many public companies as the conflict minerals rules but may still be a significant undertaking for those affected. Affected energy and mining companies have expressed concerns that these types of disclosures may put them at competitive disadvantages with competitors who need not comply with such requirements and may misuse this confidential business information in preparing their own bids. Affected public companies have also commented that this new rule may affect their ability to continue operations (or seek new engagements) in countries where such disclosures are prohibited under law. Resource extraction payment disclosures under Section 1504 are required to be filed with the SEC on the new Form SD and must also be published on the websites of affected public companies.

See McDermott’s “Checklist for Resource Extractors and Conflict Mineral Manufacturers” for recommendations on compliance with both sets of new rules.

U.S. Government Guidance on Foreign Corrupt Practices Act

On November 14, 2012, the SEC and the Criminal Division of the U.S. Department of Justice (DOJ) issued a resource guide for the Foreign Corrupt Practices Act (FCPA) (the Guidance). This long-awaited Guidance from the SEC and the DOJ addresses a number of important topics for those doing business around the globe.

In the past decade, FCPA enforcement has dramatically increased. Financial sanctions imposed by the SEC and DOJ have exceeded $500 million in each of the last four years, culminating in record-breaking sanctions of more than $1 billion in 2010. Given the aggressive enforcement environment, the lack of clarity in the statute and a relative dearth of case precedent (because most FCPA cases are resolved through settlement rather than by the courts), there was a great need for additional clarity from the DOJ and SEC. The Guidance is a helpful resource to which companies can refer when analyzing their FCPA risk and the government’s view on FCPA compliance.

Companies active outside the United States or considering acquisition of non-U.S. businesses should pay close attention to the reminder in the Guidance of the importance of conducting risk-based due diligence on third parties and in cross-border M&A deals and foreign joint ventures. The Guidance states that the U.S. government expects companies to assess a number of factors in determining whether heightened FCPA-related due diligence is appropriate, including whether high-risk countries are implicated, the size and significance of the deal to the company, whether the company has experience and a comfort level in dealing with a particular proposed third party, consultant ties to political and government leaders, the fee structure of the contract and the degree of vagueness of the services to be provided. One bright spot for companies with significant operations outside the United States was a reference in the Guidance to a limitation on the concept of successor liability. Specifically, the Guidance notes that parent companies will not face FCPA successor liability in cases where the DOJ or SEC would have lacked jurisdiction over a target company’s conduct. While successor liability remains a concern for U.S. companies acquiring foreign assets, at least this portion of the Guidance appears to limit FCPA liability under certain circumstances.

The Guidance also emphasizes that the effectiveness of a company’s compliance program is a significant factor in reaching a settlement in the event of an alleged FCPA violation. The effectiveness of a compliance program can determine whether a declination, deferred prosecution agreement or non-prosecution agreement is appropriate. Effective compliance programs can also reduce the fine amount and affect the determination of whether the government will require a corporate monitor. The Guidance encourages companies to self-report FCPA violations they uncover, because the government places a high premium on self-reporting, along with cooperation and remedial efforts, in determining the appropriate resolution of FCPA matters. However, the decision to self-report is a complex one and should not be undertaken without the assistance of experienced FCPA counsel.

The Guidance is broad in scope and offers no revolutionary shifts in FCPA interpretation or enforcement. It explains the government’s position on jurisdictional questions, such as who may be subject to the FCPA, and describes the FCPA’s key provisions. It also provides numerous case references and hypothetical scenarios to address various FCPA compliance issues, such as FCPA due diligence, facilitation payments, cooperation credit and successor liability.

A McDermott summary of the topics addressed in the 120-page Guidance is available here.

Iran Sanctions Disclosure and Compliance

Although few public companies will ultimately need to provide any new disclosure, public companies that might directly or indirectly do any business with Iran or Iranian entities or persons may be affected by the Iran Threat Reduction and Syrian Human Rights Act of 2012 (Threat Reduction Act), which was enacted in August 2012 and is the latest in a long series of sanctions imposed against Iran. This new statute will affect in particular “foreign private issuers” (as defined by the SEC) and foreign subsidiaries of U.S. public companies doing business with Iran or Iranian entities or persons. Companies potentially affected should confirm appropriate procedures and controls are in place to comply with the compliance and disclosure provisions of the Threat Reduction Act.

Among other provisions, the Threat Reduction Act added Section 13(r) to the Securities Exchange Act of 1934, which requires SEC reporting companies, in quarterly and annual reports due to be filed after February 6, 2013, to disclose if the company or any of its affiliates have knowingly engaged in sanctionable activities that relate to Iran or Iranian entities or nationals, in particular transactions relating to Iran’s energy, marine transport and financial sectors. More specifically, companies will be required to disclose whether they or any of their affiliates engaged in (i) any activities sanctionable under specified Iran sanctions laws; (ii) transactions with the government of Iran or with persons whose assets are frozen pursuant to executive orders dealing with terrorism or weapons of mass destruction proliferation; or (iii) the transfer of goods, technology or services to Iran that are likely to be used for human rights abuses against Iranian people. The standard of “knowledge” is actual knowledge or “should have known.”

If a company reports engaging in any of the subject activities, it is required to provide a separate notice of that disclosure to the SEC, which is then required to pass on the information to Congress and the president and post the information on the SEC’s website

On December 4, 2012, the SEC Staff updated its compliance and disclosure interpretations to address reporting issues with regard to Section 13(r). The new interpretations, which cover, among other issues, the periods covered by the new requirements, the application of the new rules to affiliates of a company and an exemption from reporting of activities subject to authorization of the U.S. government, are available (commencing with Question 147.01) here.