Posts Tagged ‘disclosure’
Attestations for Cyber Controls
Last week I was in Atlanta speaking to a group of IT auditors. Conversation turned to the SEC’s proposals for expanded disclosure of cybersecurity risks, and attendees raised a good question: Does this mean that CISOs and other executives will need to attest that, yes, the company’s cybersecurity measures are effective? Under the text of…
Read MoreSEC Proposes Climate Risk Disclosure Rule
The Securities and Exchange Commission today unveiled its long-awaited proposal for disclosure of risks related to climate change, including disclosure of greenhouse gas emissions stemming from a company’s supply chain as well as audit and attestation requirements for larger companies’ disclosures. The SEC adopted the proposed rule on a 3-1 vote, with lone Republican commissioner…
Read MoreSEC Proposes Cyber Disclosure Rules
The Securities and Exchange Commission has proposed new rules that would require all public companies to disclose much more about how they manage cybersecurity risks and to disclose “material cybersecurity incidents” to investors promptly. The commission voted to propose the new rules on Wednesday morning — and to be clear, these are proposed new rules,…
Read MoreSEC Comment Letters on Climate
At long last, the Securities and Exchange Commission is starting to provide a glimpse of the questions that SEC staffers are asking companies about the risks of climate change — and so far, the companies receiving such questions are doing their best to give the usual imprecise answers. That glimpse came in the form of…
Read MoreOn Disclosure Controls and Rogue CEOs
Nikola Corp., a supposed maker of hydrogen-powered trucks and other vehicles, will pay $125 million to settle charges with the Securities and Exchange Commission that the company failed to prevent its now-indicted former CEO from making all sorts of baloney statements about the company’s prospects on social media. The SEC announced the settlement on Tuesday,…
Read MoreNotes on Disclosing Cybersecurity Lapses
Today let’s return to the issue of disclosing cybersecurity issues to investors, because, frankly, so many companies still struggle with exactly what to say in securities filings. That issue came up at the Securities Enforcement Forum last week and we have some excellent insights to share with the class. First let’s note that the Securities…
Read MoreAnother Cyber Disclosure Example!
Well this is a splendid bit of good timing: two days after we wrote about poor disclosure of a cybersecurity breach at one large company, another large company has suffered a breach of its own and given us a very different example of how to handle your disclosure duties. The latest victim is T-Mobile, which…
Read MoreGensler: Climate Risk Proposal by Year-End
SEC chairman Gary Gensler said today that he wants a draft proposal for mandatory climate risk disclosures by the end of this year, and dropped more hints than ever before about what that proposal might entail. Gensler made his remarks on a webinar hosted by Principles for Responsible Investment, a think tank that supports more…
Read MoreAnother Crenshaw Speech on SEC Policy
SEC commissioner Caroline Crenshaw was at it again last week, delivering another speech about what the Securities & Exchange Commission should do to be a more effective regulator for current times. Compliance professionals should heed her words, since Crenshaw is shaping up to be the resident progressive theorist among the five commissioners. That matters in…
Read MoreMore SEC Talk on ESG Disclosures
Another day, another statement from the Securities and Exchange Commission about how the agency might approach enhanced ESG disclosures. This time we have a speech from the acting head of the Division of Corporation Finance, getting a bit more specific about how an enhanced ESG disclosure regime might work in practice. The statement came from…
Read More