Katayun Jaffari of Cozen O'Connor. Courtesy photo

Introduction

The Securities and Exchange Commission (SEC) has been extremely busy since the beginning of the year and it is expected that activity will not slow down for the rest of 2021. On June 11, the Office of Information and Regulatory Affairs released the "Spring 2021 Unified Agenda of Regulatory and Deregulatory Actions," which included the agenda for regulatory actions, both short and long-term, that each administrative agency, including the SEC, plans to initiate. This article discusses a few of those initiatives by the SEC but first looks at the changes in leadership at the SEC this year.

Leadership Changes

With the change in the administration this year came changes to the SEC. On April 17, Gary Gensler was sworn in as the new chair of the SEC. At a recent speech, Gensler commented that "as chair, every day he will be animated by the SEC's mission: protecting investors, facilitating capital formation, and promoting fair, orderly, and efficient markets. It is that mission that has helped make American capital markets the most robust in the world." During his speech, he spoke about his enforcement responsibilities by comparing his role at the SEC to "a cop on the beat to protect everyday investors and achieve our three-part mission."

In addition to Gensler, two additional important appointments became effective in on June 21. Renee Jones was appointed the SEC's director of the Division of Corporation Finance (the Division) and John Coates, most recently serving as the Division's acting director, was named the SEC's general counsel. When asked to comment on his new role, Coates said that "during his tenure as acting director of Corporation Finance, he experienced firsthand the unwavering commitment of the SEC staff, and he looked forward to serving in a new role as the commission's general counsel."

The SEC's Agenda

The SEC's 2021 rule making agenda items include "disclosure relating to climate risk, human capital, including workforce diversity and corporate board diversity, and cybersecurity risk; market structure modernization within equity markets, treasury markets, and other fixed income markets; transparency around stock buybacks, short sale disclosure, securities-based swaps ownership, and the stock loan market; investment fund rules, including money market funds, private funds, and ESG funds; 10b5-1 affirmative defense provisions; unfinished work directed by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, including, among other things, securities-based swaps and related rules, incentive-based compensation arrangements, and conflicts of interest in securitizations; enhancing shareholder democracy; special purpose acquisition companies; and mandated electronic filings and transfer agents."  From this long list, two areas are garnering significant attention—cybersecurity and ESG.

• Cybersecurity

The SEC notes that "as markets grow more global and complex, so too are the threats through cyber intrusion, denial of service attacks, manipulation, misuse by insiders and other cyber misconduct." As a result, the SEC is focusing its attention on cybersecurity through inquiries as well as enforcement actions. Under U.S. securities laws, companies must disclose material information including information regarding cybersecurity, including data breaches that could affect their share prices or other relevant details. Cybersecurity is not a new area for the SEC, which issued guidance in 2011, CF Disclosure Guidance: Topic No. 2, and 2018, Commission Statement and Guidance on Public Company Cybersecurity Disclosures. The guidance in 2018 was released to reinforce the 2011 guidance regarding cybersecurity disclosure and also expanded the 2011 guidance by highlighting the importance of cybersecurity policies and procedures and the application of insider trading prohibitions in the context of cybersecurity.

As proof of its commitment to improving transparency related to cybersecurity, the SEC is currently investigating whether companies hit by the SolarWinds cyberattack in 2020 failed to divulge the breach. The SolarWinds security breach involved foreign hackers breaching SolarWinds' software, thereby impacting numerous government agencies, businesses and consulting firms. In response, the SEC sent investigative letters to public companies as well as investment firms asking them to volunteer information regarding whether they were victims of the cyberattack. As a result of this investigation, the SEC may develop policies to combat cybersecurity risks related to the markets and to lessen any negative impacts on investors. While the guidance described above is not codified in SEC rules, it is clear from recent SEC actions that public companies must ensure compliance.

• Environmental, Social and Governance (ESG)

ESG issues have steadily grown in notoriety as they become vital components of many companies' strategic missions. Investors are using a company's ESG strategy as a factor when evaluating investment opportunities. Although since 2010 under the "Interpretive Guidance on Disclosure Related to Business or Legal Developments Regarding Climate Change" there has been some SEC guidance regarding disclosures around climate change, Gensler has been "struck by the call for enhanced disclosures" and has formally asked the SEC staff for more. In particular, Gensler has instructed the SEC staff to develop recommendations regarding governance, strategy and risk management related to climate risk. The SEC staff is also considering a range of specific metrics that may be most relevant to investors such as greenhouse gas emissions. Gensler has asked the SEC staff to "consider potential requirements for companies that have made forward-looking climate commitments, or that have significant operations in jurisdictions with national requirements to achieve specific, climate-related targets."  

With investors calling on the SEC to issue new ESG guidance, the SEC commissioners are under pressure to act—but a widening gap in opinions may curtail their efforts. During the most recent proxy season, shareholder climate proposals received record support. Testifying before the Subcommittee on Financial Services and General Government, U.S. House Appropriations Committee on May 26, Gensler expressed his support regarding new disclosure requirements related to climate change and human capital. In June, Commissioner Allison Herren Lee explained the significance of adopting proposed rules requiring ESG disclosures, noting that when it comes to the relationship between ESG and financial performance it is "not a matter of if, but when," these issues will materialize. She acknowledges the potential risks of ESG disclosure rules—namely, reputational risks, human capital risks and regulatory risk. These risks, however, appear to be outweighed by pleas for proactive integration of regular ESG reporting. Herren Lee maintains that the SEC has the authority and obligation to build a disclosure regime to provide transparency around companies' climate ESG practices.

Some SEC commissioners, however, take a different stance. Commissioner Elad Roisman expressed his skepticism on applying traditional disclosure rules in an ESG context as he is not convinced the SEC could make ESG rules that are sustainable. Further, he believes the SEC cannot provide companies with one list of ESG disclosures that would satisfy all demands for information. In his view, because the SEC does not employ climate specialists, it is not equipped to mandate specific reporting requirements. On top of concerns about the influx of costly securities litigation, Commissioner Hester M. Pierce explains that "a prescriptive ESG framework would run directly counter to the SEC's tried and true principles-based disclosure framework, which is rooted in materiality, rather than specific metrics." She asserts that implementing a standardized ESG strategy could limit choices for investors, stifle innovation, and put the SEC in an inappropriate position of deciding whether an asset manager's strategy is sufficiently "green" or socially conscious. With conflicting positions on ESG disclosures, the path forward may be in flux.

A Final Thought

Cybersecurity and ESG are likely going to be primary focuses of the SEC in the near future. While the path forward for cybersecurity is much clearer than the path for ESG, companies and investors can expect new rulemaking regarding both topics and thus companies should brace themselves for additional disclosure requirements.

— Summer associates Jenna Schaffer and Jordan Scull, contributed to the preparation of the article.

Katayun I. Jaffari is chair of the corporate governance and securities group at Cozen O'Connor. She counsels public and private companies in the areas of corporate governance and securities law and compliance, including capital-raising transactions and reporting requirements under SEC, NYSE and Nasdaq regulations, as well as providing general corporate advice and execution with respect to executive compensation, mergers and acquisitions transactions and board and business counseling. She can be reached at [email protected] or 215-665-4622.