Proposed Rules On Cybersecurity Disclosure
Earlier this year, the SEC published proposed rules on cybersecurity risk management, strategy, governance and incident disclosure by public companies. Although the comment period has passed, a final rule has not yet been issued. As of now, cybersecurity disclosures are encompassed within the general anti-fraud provisions including the requirement to disclose “such further material information, if any, as may be necessary to make the required statements, in light of the circumstances under which they are made, not misleading” as well SEC guidance last updated in 2018 (see HERE).
The proposed amendments would require, among other things, current reporting about material cybersecurity incidents and updates about previously reported cybersecurity incidents. The proposal also would require periodic reporting about a company’s policies and procedures to identify and manage cybersecurity risks; the company’s board of directors’ oversight of cybersecurity risk; and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures. The proposal would further
Audit Committees – NYSE American
Like Nasdaq, I’ve written several times about the NYSE American listing requirements including the general listing requirements (see HERE) and annual compliance guidelines (see HERE). As an aside, although the Nasdaq recently enacted significant changes to its initial listing standards, the NYSE American has not done the same and no such changes are currently anticipated. I suspect that the NYSE American will see a large uptick in new company applicants as a result.
I recently drilled down on audit committee requirements and director independence standards for Nasdaq and in this and the next blog, I will do the same for the NYSE American. As required by SEC Rule 10A-3, all exchange listed companies are required to have an audit committee consisting of independent directors. NYSE American Company Guide Rule 803 delineates the requirements independent directors and audit committees. Rule 803 complies with SEC Rule 10A-3 related to audit committees for companies listed on a national securities exchange.
Drill Down On NASDAQ Audit Committee Requirements
I’ve written several times about Nasdaq listing requirements including the general listing requirements (see HERE) and the significant listing standards changes enacted in August of this year (see HERE). This blog will drill down on audit committees which are part of the corporate governance requirements for listed companies. Nasdaq Rule 5605 delineates the requirements for a Board of Directors and committees. The Nasdaq rule complies with SEC Rule 10A-3 related to audit committees for companies listed on a national securities exchange.
SEC Rule 10A-3
SEC Rule 10A-3 requires that each national securities exchange have initial listing and ongoing qualification rules requiring each listed company to have an audit committee comprised of independent directors. Although the Nasdaq rules detail its independence requirements, the SEC rule requires that at a minimum an independent director cannot directly or indirectly accept any consulting, advisory or other compensation or be affiliated with the company or any of its subsidiaries. The prohibition against compensation
