SEC Publishes More New C&DI On Cybersecurity Rules

On June 24, 2024 the SEC published five (5) new compliance and disclosure interpretations (C&DI) on cybersecurity incident disclosures supplementing the C&DI published in December 2023 (see HERE).

Cybersecurity

In July, 2023 the SEC adopted final new rules requiring disclosures for both domestic and foreign companies related to cybersecurity incidents, risk management, strategy and governance (see HERE for a review of the new rules).

The cybersecurity rules add new Item 1.05 to Form 8-K requiring disclosure of a material cybersecurity incident including the incident’s nature, scope, timing, and material impact or reasonably likely impact on the company.  An Item 1.05 Form 8-K is due within four business days following determination that a cybersecurity incident is material. Given the sensitive nature of cybersecurity crimes, the SEC has added a provision allowing an 8-K to be delayed if it is informed by the United States Attorney General, in writing, that immediate disclosure would pose a substantial risk to national security or

SEC Proposes Amendments To Acquisitions And Dispositions Of Businesses

In May of this year, the SEC proposed amendments to the financial statements and other disclosure requirements related to the acquisitions and dispositions of businesses.  In September 2015, the SEC issued a request for public comment related to disclosure requirements for entities other than the reporting company itself, including subsidiaries, acquired businesses, issuers of guaranteed securities and affiliates.  See my blog HERE.  Taking into account responses to portions of that request for comment, in the summer of 2018, the SEC adopted final rules to simplify the disclosure requirements applicable to registered debt offerings for guarantors and issuers of guaranteed securities, and for affiliates whose securities collateralize a company’s securities.  See my blog HERE.

The SEC is now proposing amendments to Rules 3-05, 3-14, and Article 11 of Regulation S-X and adding new Rule 6-11.  The amendments would also make several related conforming rule and form changes.  Rule 3-05 was included in the September 2015 request for comment.  Like

Yahoo Hacking Scandal And Obligations Related To Cybersecurity

On September 26, 2016, Senator Mark R. Warner (D-VA), a member of the Senate Intelligence and Banking Committees and cofounder of the bipartisan Senate Cybersecurity Caucus, wrote a letter to the SEC requesting that they investigate whether Yahoo, Inc., fulfilled its disclosure obligations under the federal securities laws related to a security breach that affected more than 500 million accounts.  Senator Warner also requested that the SEC re-examine its guidance and requirements related to the disclosure of cybersecurity matters in general.

The letter was precipitated by a September 22, 2016, 8-K and press release issued by Yahoo disclosing the theft of certain user account information that occurred in late 2014. The press release referred to a “recent investigation” confirming the theft of user account information associated with at least 500 million accounts that was stolen in late 2014. Just 13 days prior to the 8-K and press release, on September 9, 2016, Yahoo filed a preliminary 14A filing with

COMPREHENSIVE REVIEW OF TITLE I OF THE JOBS ACT AS RELATED TO EMERGING GROWTH COMPANIES

On April 5, 2012, President Obama signed the Jumpstart our Business Startups Act (JOBS Act) into law.  The JOBS Act was passed on a bipartisan basis by overwhelming majorities in the House and Senate.  The Act seeks to remove impediments to raising capital for emerging growth public companies by relaxing disclosure, governance and accounting requirements, easing the restrictions on analyst communications and analyst participation in the public offering process, and permitting companies to “test the waters” for public offerings.   The following is an in-depth review of Title I of the JOBS Act related to Emerging Growth Companies.

Introduction – What is an Emerging Growth Company?

The JOBS Act created a new category of company: an “Emerging Growth Company” (EGC).  An EGC is defined as a company with annual gross revenues of less than $1 billion that first sells equity in a registered offering after December 8, 2011.  In addition, an EGC loses its EGC status on the earlier