SEC Staff Seeks Enhancements to Governance and Risk Oversight Disclosures

SEC Staff Seeks Enhancements to Governance and Risk Oversight Disclosures

November 28, 2022, Covington Alert

Between August 31 and September 30, 2022, SEC staff (the “Staff”) sent letters to at least 27 companies, of varying sizes and across industries, following the agency’s review of their most recent definitive proxy statements.[1] With some differences, each letter asked the company, in its future proxy statement disclosures, to expand upon its discussion of its leadership structure and risk oversight process. In particular, many of the letters asked the companies to discuss or expand upon:

• whether they would “consider having the Chair and CEO roles filled by a single individual,” and if shareholders would have prior input before such a change was made, or, alternatively, when the shareholders would have notice of such a change;
• the role played by the lead independent director, including the extent to which the lead independent director may represent the board in communications with shareholders and other stakeholders, require board consideration of risk matters or override the CEO on risk matters, and provide input on board design; and
• the ways in which the board administers its risk oversight function, including the timeframe over which risks are evaluated and whether the board consults with outside advisors to anticipate future risks, and whether the company has a Chief Compliance Officer and to whom that officer reports.

A number of the companies have submitted replies, in which they acknowledged the Staff’s comments and affirmed that they would enhance their relevant disclosures in future proxy filings.

The topics identified by the Staff in its letters are required to be included in proxy statement disclosures—to some degree—under Item 407(h) of Regulation S-K. Item 407(h) requires a registrant to “briefly describe” the leadership structure of its board, including whether the same person serves as both Chair and CEO. If the same person does serve as both Chair and CEO, a registrant must disclose whether it has a lead independent director and describe “what specific role the lead independent director plays in the leadership of the board.” Finally, a registrant must “disclose the extent of the board’s role” in risk oversight and “how the board administers” the risk oversight function, including “the effect this has on the board’s leadership structure.”

The Staff’s recent letters seem to augment these obligations by requesting more detail and increased granularity about board structure, the authority of lead independent directors, and the ways in which boards carry out their risk oversight function. The Staff likely hopes that the letters will encourage not only the targeted companies to deepen their disclosures in these areas, but other companies as well, which might make the changes in order to lower the probability of receiving their own Staff letters next year. In recent years, the Staff has used a similar comment letter process to elicit enhanced disclosures from a number of companies on a range of other disclosure topics, including climate change and Russia’s invasion of Ukraine.

Acting Deputy Director of the SEC’s Division of Corporate Finance Cicely LaMothe, discussing the letters at a recent Practising Law Institute event, noted that the Staff will look broadly at company disclosures in proxy statements next year—not just at the disclosures of companies that received letters—and that the Staff hopes to see “improved transparency” on these topics. In addition, LaMothe emphasized that Staff comments are not meant to serve as a mechanical blueprint for disclosure, but that they aim to “focus and enhance” what might otherwise be “boilerplate disclosure.” LaMothe explained that the Staff has noticed that 407(h) disclosures often vary little across industries and risk profiles, which is part of what prompted the Staff to write the letters.

This push by the Staff to improve corporate disclosures regarding governance and risk oversight comes against the backdrop of an active SEC that has proposed major changes to the public company disclosure regime this year. Notably, in March 2022, the SEC proposed rules on cybersecurity risk management and governance and rules on climate-related disclosures. Amongst a number of new required disclosures (discussed in our prior client alerts available here and here), the proposed rules would add disclosure requirements regarding board oversight and governance of cybersecurity- and climate-related risks.

It is possible against this backdrop to understand the recent Staff letters as part of a broader push by the SEC to have companies provide more holistic, tailored, and detailed disclosures related to governance and risk oversight. Although the proposed rules have not been finalized and may undergo substantial change, the Staff letters demonstrate that the Staff may still use the filing review process to hone in on boilerplate disclosures and to encourage improved proxy statement disclosures before any new rules come into effect.

If you have any questions concerning the material discussed in this advisory, please contact the members of our Securities and Capital Markets practice group.