As public companies gear up for another reporting season, this client alert highlights a baker’s dozen (and who doesn’t like something extra for free) of timely topics to be mindful of while preparing annual disclosures.
1. Insider Trading Policy: Pursuant to new Item 408(b) of Regulation S-K, all companies (including smaller reporting companies (“SRCs”) and emerging growth companies (“EGCs”)) must file their insider trading policies as Exhibit 19 to Form 10-K beginning with the FY 2024 Form 10-K for calendar year filers. Companies with ancillary materials related to their insider trading policy should consider whether the ancillary materials contain material provisions that should also be filed with the insider trading policy. Additionally, companies must include a narrative disclosure on whether they have adopted insider trading policies and procedures applicable to directors, officers, employees and the company itself, and if not, explain why they have not done so. The narrative disclosure is required in Form 10-K but may be incorporated by reference from a proxy statement filed within 120 days after the end of the fiscal year, similar to what companies typically do for most of the other information required by Part III of Form 10-K. The narrative disclosure must be tagged in inline XBRL. Foreign private issuers (“FPIs”) are required to provide similar disclosures regarding their insider trading policies and procedures in their annual report on Form 20-F. Canadian companies utilizing the Multi-Jurisdictional Disclosure System (“MJDS filers”) are not subject to these new disclosure requirements.
Companies should review their insider trading policies before filing to determine whether any changes are appropriate to reflect Securities and Exchange Commission (“SEC”) rule changes and market practices. Amendments in future filings may raise questions with the SEC and investors.
2. Narrative and Tabular Disclosure of Option Grants and Similar Equity Instruments: Pursuant to new Item 402(x) of Regulation S-K, companies are now required to disclose (1) their policies and procedures on the timing of awards of options and other similar instruments in relation to the release of material nonpublic information (“MNPI”) and other related narrative information; and (2) corresponding tabular disclosure of options or similar instruments awarded to named executive officers beginning four business days before the filing of a Form 10-Q or 10-K, or a Form 8-K disclosing MNPI, and ending one business day after such filing. The disclosure is required in Form 10-K but may be incorporated by reference from a proxy statement filed within 120 days after the end of the fiscal year. Item 402(x) information must be tagged in inline XBRL. Scaled disclosure is available for SRCs and EGCs. FPIs and MJDS filers are not subject to these new disclosure requirements.
3. Cybersecurity Disclosures: For the second year, calendar year filers are required to include cybersecurity disclosures in Forms 10-K pursuant to Item 106 of Regulation S-K. The disclosure must include a description of the company’s (i) processes to assess, identify and manage cybersecurity risks, (ii) board oversight of such risks and (iii) management’s role and expertise in assessing and managing such risks. New for FY 2024, cybersecurity disclosures must be tagged in inline XBRL, meaning that the quantitative amounts must be detail tagged and narrative disclosure must be block text tagged using Cybersecurity Disclosure (CYD) taxonomy tags. Companies should be prepared to determine what parts of their disclosure are responsive to Item 106, as well as how to handle vague or cross-referenced responsive items within the disclosure. Companies should review their cybersecurity disclosures in light of recent litigation, enforcement actions stemming from cybersecurity disclosures and SEC staff comment letters on cybersecurity disclosures. Companies should pay particular attention to disclosures, especially risk factors, if they have been materially affected by a cybersecurity incident. All public companies, including EGCs, SRCs and FPIs (other than MJDS filers) are subject to these disclosure and tagging requirements.
4. Climate Change Disclosures: In March 2024, the SEC adopted final rules entitled “The Enhancement and Standardization of Climate-Related Disclosures for Investors” (the “Climate Rules”) to enhance and standardize climate-related disclosures by public companies. The SEC voluntarily stayed the effectiveness of the Climate Rules while the courts consider the legal challenges to the rule. The impact of the new administration and change in SEC leadership will likely influence the course of action the SEC takes with respect to many topics, including climate change. The Climate Rules, as adopted, would require significant financial and narrative disclosure regarding the impact of climate-related events and expenditures, governance and risk management, and strategy and goals, and would require disclosure of GHG emission metrics. The Climate Rules are applicable to FPIs other than MJDS filers.
Notwithstanding the stay of the Climate Rules, the SEC staff will continue to review climate-related disclosures under general principles of disclosure. The SEC staff has generally focused on the direct and indirect impacts of climate-related business trends, the physical effects of climate change on operations and results and material expenditures for climate-related projects and compliance costs. In addition, companies should ensure that climate-related disclosure in SEC filings is consistent with climate-related disclosure otherwise published.
5. Human Capital Management Disclosures: Item 101(c)(2)(ii) of Regulation S-K requires companies to include a description of their human capital resources, including the number of persons employed by the company, and any human capital measures or objectives that the company focuses on in managing its business. Companies have covered a wide variety of topics in their human capital management disclosure, including employee recruitment, retention, training, engagement and turnover. Given current trends in diversity, equity and inclusion, companies should ensure that disclosure reflects current and anticipated policies and objectives. FPIs and MJDS filers are not subject to these disclosure requirements.
6. Artificial Intelligence Disclosures: Artificial intelligence (“AI”) has become increasingly important for many companies, and companies should ensure that they discuss both the opportunities and risks of AI. Companies should clearly define what they mean by AI in relation to their business, how they use or intend to use AI (without overstating or “AI Washing”) and how AI might impact their strategy, productivity, competition or product demand. Companies should also discuss any material risks AI poses, both in terms of business risks and legal and regulatory risks, as well as how their boards manage these risks. Companies should consider where disclosure is appropriate, including in the business description, risk factors, MD&A and financial statement sections of SEC filings.
7. Director and Officer Rule 10b5-1 Disclosures: Item 408(a) of Regulation S-K requires companies to disclose for each fiscal quarter whether any director or officer has adopted or terminated any Rule 10b5-1 plan or “non-Rule 10b5-1 trading arrangement” and the material terms of the Rule 10b5-1 plan or other arrangement. Item 408(a) information must be tagged in inline XBRL. FPIs and MJDS filers are not subject to this disclosure requirement.
8. Risk Factor Disclosures: As a general rule, companies should regularly review their risk factor disclosures to ensure that they reflect changes to the companies’ business and the risks the companies face. As market conditions, internal operations and regulatory landscapes change, an assessment of disclosure should identify risks that may no longer be relevant or new, material risks that have emerged. Risk factors should not be boilerplate and should be tailored to the company’s specific facts and circumstances. That said, benchmarking disclosure against peers may provide useful insights into both what risks similarly situated companies deem material and what risks investors may expect in the discussion. Care should also be taken to review hypothetical risk factor language and confirm whether it remains hypothetical at the time of disclosure (i.e., if a risk has actually occurred, it should be disclosed). For example, the SEC recently settled charges against a company for disclosing cybersecurity risks as hypothetical when the company had experienced cyberattacks that resulted in the risks disclosed.
A few timely topics to keep in mind while reviewing risk factors include:
- the macroeconomic climate, including inflation and interest rate risks;
- any discussed or proposed policies of the new administration, such as potential imposition of tariffs on imports;
- cybersecurity;
- AI;
- climate-related matters;
- data privacy and protection;
- geopolitical conflicts and political instability in various parts of the world;
- risks associated with the commercial real estate industry; and
- China-related risks.
9. Non-GAAP Financial Measures: The SEC staff continues to review and comment on the use of non-GAAP financial measures. In December 2022, the SEC staff issued updated Compliance & Disclosure Interpretations relating to the use of non-GAAP financial measures focusing on the following topics:
- presentation of non-GAAP financial measures with equal or greater prominence than the most directly comparable GAAP financial measure;
- reconciliation to the most comparable GAAP financial measure;
- appropriateness of adjustments to eliminate normal, recurring cash operating expenses or items identified as nonrecurring, infrequent, or unusual;
- use of individually tailored accounting principles; and
- disclosure of why management believes the non-GAAP presentation provides useful information to investors regarding the financial condition or results of operations of the registrant.
Companies should not became complacent just because they have not received comments on their non-GAAP financial measures in the past.
10. Clawbacks: Consider whether the financial statements include any corrections of an error to previously issued financial statements. The SEC staff has confirmed that only “Big R” (which require an Item 4.02 Form 8-K) and “little r” restatements (errors deemed immaterial, individual or in the aggregate, to previously issued financial statements that are recognized and corrected in the current period), as opposed to immaterial error corrections (such as typos), require the company to check the first clawback checkbox on the Form 10-K cover page. If errors required an analysis under the company’s clawback policy, the company should check the second clawback checkbox on the Form 10-K cover page and include disclosure regarding the analysis (generally in the proxy statement). Don’t forget that Item 402(w) of Regulation S-K also now requires disclosure of actions to recover erroneously awarded compensation pursuant to a company’s clawback policy. Even if the disclosure is contained in the proxy statement, you may have to check a box (or two) on the cover of the Form 10-K.
11. Segment Reporting: The Financial Accounting Standards Board (“FASB”) final Accounting Standards Update requiring incremental disclosures related to a public entity’s reportable segments went into effect for fiscal years beginning after December 15, 2023. The changes are designed to provide more detailed information about reportable segments’ expenses. Segment reporting disclosure continues to be a focus of the SEC staff. Areas of focus include how companies identify and aggregate segments into reportable segments and whether changes (e.g., sales of business units) should be reflected in updated segments. The SEC staff has also focused on segment profit or loss measures, noting that companies should use only one measure of segment profit or loss. The SEC staff has advised that segment profit or loss for each reportable segment reported in the notes to financial statements as required by GAAP is, by definition, not a non-GAAP measure. However, disclosure of total segment profit or loss on a consolidated basis outside of the financial statements would be considered a non-GAAP financial measure that must comply with the SEC’s non-GAAP guidance.
12. EDGAR Next: EDGAR Next requires all EDGAR filers, including Section 16 filers, to authorize individuals who will be responsible for managing the filer’s EDGAR account. Individuals acting on behalf of EDGAR filers will need to present individual account credentials obtained from Login.gov and complete multifactor authentication to access EDGAR accounts and make filings. Key dates include:
- March 24, 2025: the EDGAR Next new dashboard goes live;
- September 15, 2025: compliance with EDGAR Next is required to file; and
- December 22, 2025: existing filers who have not enrolled in EDGAR Next will be required to submit a new, amended Form ID to request access to file and take other actions on their accounts.
13. Bonus Round:
- MD&A: Companies should ensure they are familiar with SEC staff guidance on preparing the MD&A, including staff comment letters, especially for peer companies. For example, companies should review and update known trends or uncertainties that are reasonably expected to impact near and long-term results (e.g., the impact of inflation or tariffs on the company). As a reminder that the SEC does not always limit its review to the filed report, the SEC has raised questions regarding the presentation of metrics in earnings releases and investor presentations that do not appear in the Form 10-K or Form 10-Q.
- Filing Status: Companies should verify their filing status (i.e., are they an SRC, EGC, FPI, etc.), to confirm disclosure standards and filing deadlines.
- Personal Relationships: The failure to consider, and disclose as appropriate, personal relationships between directors and executive officers or the company could result in a materially misleading statement related to director independence.
