The SEC’s Cybersecurity Assessment: A Roadmap for Companies Nationwide

On June 24, 2024, the U.S. Securities and Exchange Commission (SEC) published five new Form 8-K Compliance and Disclosure Interpretations (C&DIs) expanding the agency’s interpretations of cybersecurity incident disclosures pursuant to Item 1.05 of Form 8-K. In July 2023, the SEC adopted final rules with respect to cybersecurity incidents that generally require public companies to disclose (i) material cybersecurity incidents within four business days after determining the incident was material and (ii) material information regarding their cybersecurity risk management, strategy and governance on an annual basis. We wrote about the final cybersecurity disclosure rules here.

The Securities and Exchange Commission (SEC) recently adopted final rules (available here; also see the fact sheet and press release) representing significant changes to  special purpose acquisition companies (SPACs), shell companies and the disclosure of projections. These rules aim to enhance disclosures, protect investors and align the regulatory framework for SPACs with traditional IPOs. The following summarizes the key aspects of these rules.

On September 20, 2023, the U.S. Securities and Exchange Commission (SEC) issued a final rule amending the so-called “Names Rule” (found here) that is “designed to modernize and enhance” protections under Rule 35d-1 of the Investment Company Act of 1940. The final rule is part of the SEC’s holistic efforts to regulate environmental, social and governance (ESG) matters, and is the SEC’s latest attempt to curb greenwashing in U.S. capital markets. The amendments require registered investment funds that include ESG factors in their names to place 80% of their assets in investments corresponding to those factors, thereby extending to ESG funds the SEC’s long-standing approach of regulating the names of registered funds to ensure they are marketed to investors truthfully. Fund complexes with more than $1 billion in assets will have two years from the final rule’s effective date (60 days after publication in the Federal Register) to comply, while fund complexes with less than $1 billion in assets will be given a compliance period of 30 months.

Chair Gary Gensler said “[t]he Names Rule reflects a basic idea: A fund’s investment portfolio should match a fund’s advertised investment focus. In essence, if a fund’s name suggests an investment focus, the fund in turn needs to invest shareholders’ dollars in a manner consistent with that investment focus. Otherwise, a fund’s portfolio might be inconsistent with what fund investors desired when selecting a fund based upon its name.” The sole dissenting vote against the rule modification, Commissioner Mark Uyeda, said “[w]ith these amendments, the Commission overemphasizes the importance of a fund’s name, as if to suggest that investors and their financial professionals need not look at the prospectus disclosures.” Commissioner Uyeda also expressed concern that fund investors will bear the increased compliance costs associated with the rule change.

As discussed in our prior publication (found here), the Securities and Exchange Commission (SEC) adopted amendments on December 14, 2022, regarding Rule 10b5-1 insider trading plans and related disclosures. On May 25, 2023, the SEC issued three new compliance and disclosure interpretations (C&DIs) relating to the Rule 10b5-1 amendments.