Issue link: https://digital.shearman.com/i/1512772
Shearman & Sterling LLP SEC Demands Stronger Disclosure Controls in Recent Enforcement Actions | 16 classification, while controllership appeared to believe that the financial planning function had more robust vetting procedures than it actually did. The order included an undertaking for the company to develop and implement appropriate non-GAAP policies and disclosure controls. THE NEXT FRONTIER: CHARGES AGAINST THE C-SUITE? We do not have any reason to believe the SEC's aggressive focus on disclosure controls is poised to subside. Rather, we believe that the SEC will use disclosure controls-based enforcement selectively in (a) matters of broader public interest, or (b) where the SEC sees a specific opportunity to highlight an example of information it views as receiving insufficient attention. We can expect to see more actions addressing the key thematic areas disclosure controls discussed above. However, in addition to illustrating the various types of disclosure controls public companies should implement to cover different disclosure areas, the recent controls- based enforcement actions have also put more of a spotlight on senior management and its responsibility for the control environment. In their Form 10-Q and 10-K certifications (20-F certifications for foreign issuers), a company's CEO and CFO must state that they are responsible for establishing and maintaining disclosure controls, that they designed (or supervised the design of) such disclosure controls to ensure that material information is made known to them by others within the company, and that they evaluated the effectiveness of the disclosure controls and presented their conclusions about this effectiveness in the corresponding quarterly or annual report. To date, the SEC has not brought individual charges against company executives for alleged disclosure controls failures in most cases. In three recent cases (2023, 2021 and 2022), the SEC charged company CEOs with causing company disclosure control failures (and in two of those cases also with falsely certifying that they had designed and evaluated the disclosure controls). 12 Importantly, in addition to the disclosure controls charges, these cases also included significant charges alleging actually misleading disclosure (a manipulated "core sales" metric, overstated assets under management, and incorrect accounting) and fairly direct CEO involvement—but they point to the prospect that executives responsible for disclosure controls may in the future face SEC action if those controls are found to be seriously deficient. And in the currently pending case against SolarWinds, the SEC did not pursue the CEO or CFO, but did charge the company's Chief Information Security Officer with aiding and abetting the company's alleged disclosure and disclosure controls violations. TAKE-AWAYS The SEC's continued emphasis on disclosure controls in its enforcement docket means companies should keep disclosure controls fresh and periodically reevaluate their processes, including assessing the membership of disclosure committees to ensure appropriate representation of relevant stakeholders throughout the organization. Companies should consider reviewing existing disclosure content, particularly risk factor disclosures, with an eye towards identifying key topics and new or emerging risks and then compare those topics and risks to their disclosure processes. They should ensure that each of these topics and risks is covered by a corresponding stakeholder on their disclosure committees and that procedures are in place to appropriately collect information from those most knowledgeable or closest to the underlying facts and feed it into the disclosure drafting and review process. Finally, in addition to taking steps to check that the more formal upward reporting process is in working order, sensitizing people throughout the organization to the company's disclosure obligations can also help to improve the information flow to the disclosure function by encouraging operations personnel—who do not have formal disclosure responsibilities—to timely flag issues for consideration by their superiors. 12 In re Newell Brands Inc., Admin. Proc. No. 3-21766, https://www. sec.gov/files/litigation/admin/2023/33-11251.pdf (Sep. 29, 2023); In re Medley Management Inc., Brook B. Taube and Seth B. Taube, Admin. Proc. No. 3-20836, https://www.sec.gov/files/litigation/ admin/2022/33-11057.pdf (Apr. 28, 2022); In re Tandy Leather Factory, Inc. and Shannon Greene, CPA, Admin. Proc. No. 3-20403, https://www.sec.gov/files/litigation/admin/2021/34-92455.pdf (July 21, 2021).