Attestations for Cyber Controls

Last week I was in Atlanta speaking to a group of IT auditors. Conversation turned to the SEC’s proposals for expanded disclosure of cybersecurity risks, and attendees raised a good question: Does this mean that CISOs and other executives will need to attest that, yes, the company’s cybersecurity measures are effective? Under the text of…

Read More

SEC Proposes Climate Risk Disclosure Rule

climate

The Securities and Exchange Commission today unveiled its long-awaited proposal for disclosure of risks related to climate change, including disclosure of greenhouse gas emissions stemming from a company’s supply chain as well as audit and attestation requirements for larger companies’ disclosures.  The SEC adopted the proposed rule on a 3-1 vote, with lone Republican commissioner…

Read More

SEC Proposes Cyber Disclosure Rules

cybersecurity

The Securities and Exchange Commission has proposed new rules that would require all public companies to disclose much more about how they manage cybersecurity risks and to disclose “material cybersecurity incidents” to investors promptly. The commission voted to propose the new rules on Wednesday morning — and to be clear, these are proposed new rules,…

Read More

SEC Comment Letters on Climate

climate

At long last, the Securities and Exchange Commission is starting to provide a glimpse of the questions that SEC staffers are asking companies about the risks of climate change — and so far, the companies receiving such questions are doing their best to give the usual imprecise answers.  That glimpse came in the form of…

Read More

On Disclosure Controls and Rogue CEOs

Nikola Corp., a supposed maker of hydrogen-powered trucks and other vehicles, will pay $125 million to settle charges with the Securities and Exchange Commission that the company failed to prevent its now-indicted former CEO from making all sorts of baloney statements about the company’s prospects on social media. The SEC announced the settlement on Tuesday,…

Read More

Notes on Disclosing Cybersecurity Lapses

cybersecurity

Today let’s return to the issue of disclosing cybersecurity issues to investors, because, frankly, so many companies still struggle with exactly what to say in securities filings. That issue came up at the Securities Enforcement Forum last week and we have some excellent insights to share with the class.  First let’s note that the Securities…

Read More

Another Cyber Disclosure Example!

disclosure

Well this is a splendid bit of good timing: two days after we wrote about poor disclosure of a cybersecurity breach at one large company, another large company has suffered a breach of its own and given us a very different example of how to handle your disclosure duties. The latest victim is T-Mobile, which…

Read More

Gensler: Climate Risk Proposal by Year-End

climate

SEC chairman Gary Gensler said today that he wants a draft proposal for mandatory climate risk disclosures by the end of this year, and dropped more hints than ever before about what that proposal might entail. Gensler made his remarks on a webinar hosted by Principles for Responsible Investment, a think tank that supports more…

Read More

Another Crenshaw Speech on SEC Policy

enforcement

SEC commissioner Caroline Crenshaw was at it again last week, delivering another speech about what the Securities & Exchange Commission should do to be a more effective regulator for current times. Compliance professionals should heed her words, since Crenshaw is shaping up to be the resident progressive theorist among the five commissioners. That matters in…

Read More

More SEC Talk on ESG Disclosures

ESG

Another day, another statement from the Securities and Exchange Commission about how the agency might approach enhanced ESG disclosures. This time we have a speech from the acting head of the Division of Corporation Finance, getting a bit more specific about how an enhanced ESG disclosure regime might work in practice. The statement came from…

Read More