Lessons Learned in 2012

by Snell & Wilmer

As one calendar year ends and the next begins, it is natural to look back to take an inventory of lessons learned and to look forward in an attempt to implement such lessons. The year 2012 certainly had its fair share of wisdom to absorb. Throughout this Corporate Communicator, we touched on a number of such topics, but below we discuss three areas noted during interactions with our clients this year.

SEC Comment Letter Process

Receiving a comment letter from the SEC is often old-hat for a CFO and GC of a public company. The SEC began publicly releasing correspondence between it and public registrants in 2005. In issuing comments to a registrant, the SEC staff may request that the company provide additional supplemental information so the staff can better understand the company’s disclosure, revise disclosure in a document on file with the SEC, provide additional disclosure in a document on file with the SEC, or provide additional or different disclosure in a future filing with the SEC. As any seasoned CFO or GC understands, there may be several rounds of letters from the SEC staff and responses from the filer until the issues identified in the staff review are resolved. Set forth below are some short tips regarding the review process:

  • Public companies may want to consider implementing an official process and procedure related to the receipt of an SEC comment letter.
    • This process may contemplate immediate distribution of the comment letter to both internal and external working group members (e.g., accounting and legal departments, auditors and outside legal counsel) upon receipt from the SEC staff. Consideration may be given to identifying consistent points of contact for external parties.
    • Any comments that are unclear or not understood by the company can be clarified with the SEC staff.
    • Companies may want to ensure they meet designated response deadlines set forth in the comment letter (generally 10 business days) or to reach out to the SEC staff for an extension request if the response deadline is not feasible.
  • Responses should be concisely drafted and specifically address each area of inquiry.
    • While the SEC staff has clarified that comment letters (1) are not an official expression of SEC views and (2) are limited to the specific facts of the filing in question and do not apply to other filings, many registrants and their outside legal counsel and accountants comb through SEC comment letters to get a sense of trends and SEC positions on specific topics. More often than not, your competitors and peers have received a similar comment from the SEC and there is often a compelling argument to not “reinvent the wheel” when crafting a response to a comment the SEC has made in prior comment letters.
    • A registrant should not necessarily assume that the SEC understands the company’s disclosure as well as the registrant. While seemingly an obvious point, this concept bleeds into various areas. For instance, if the SEC has commented on immaterial disclosure, or has made a comment that is misguided, the registrant may want to offer a detailed and cogent response that clarifies why this disclosure is immaterial or the staff’s comment is misguided. There may be a tendency of management to take the path of least resistance, which may not be the best course in the long run for the registrant. Like most disclosure issues, management must reach a balanced approach on such matters.
    • When applicable (it is typically clear from the staff comment), the registrant may want to make clear that it will include a requested disclosure in future filings. A failure to do so may result in an unnecessary follow-up comment.
    • Clearly citing specific rules, regulations or authorities relied upon in responses increases the likelihood of not receiving further staff comments.
  • After response letters have been submitted, registrants may want to have a consistent follow-up process.
    • After submitting a response, it is acceptable to follow-up with the SEC staff any time after a 10-day business period has lapsed since the registrant’s response.
    • Some registrants avoid oral conversations with SEC staff unless absolutely necessary. Other registrants believe that oral conversations before and after response letters have been submitted open up the channels of communication and, if used judiciously, can alert the staff to registrant-specific issues like specific timing issues or matters unique to the registrant.
    • In the event the SEC staff indicates orally that the review is complete, the registrant may want to request a letter of confirmation, although we have found the SEC staff is fairly consistent in issuing its customary “no further comment” letters.

Director Compensation Litigation

Executive compensation, with all of its considerations for public companies, continues to be a subject that demands the attention of management and in-house counsel. Pages could be filled with germane executive compensation topics and elsewhere in this Corporate Communicator, we have addressed many of these salient topics such as compensation committee independence, ISS policy updates and Dodd-Frank rule making. In recent years, shareholder litigation related to executive compensation has arisen in the context of failure to obtain approval of Say-on-Pay advisory votes but courts have typically upheld the deference granted directors under the business judgment rule in the context of failed Say-on-Pay votes.

Ultimately, we continue to emphasize the need for “proper process” for boards and management in the context of compensation decisions and the related disclosure thereof. Below are a few take-aways in light of developments in 2012:

  • Proper process may want to be used to determine compensation. For instance, boards may want to carefully consider the use of benchmarking and compensation consultants in not only executive compensation decisions but also director compensation decisions. Due diligence, based on guidance from compensation, legal and other experts, has become a must. Hindsight is 20/20 and it is substantially easier to second guess board decisions that were not based on objective criteria used by the company’s peers. Boards may want to take a step back from their deliberations and consider whether their process of decision making and the data used to come to such compensation decisions will look adequate in the glare of hindsight.
  • It goes without saying that public companies may want to have a good process in vetting the adequacy of annual proxy disclosures. Careful thought may want to be given to get adequate feedback from within and outside of the company. Shareholder litigation inherently focuses not only on board process but the adequacy and correctness of disclosures.
  • Finally, given the overwhelming scrutiny boards of public companies face in the current regulatory and shareholder climate, it is a wonder why so many qualified individuals still want to serve on public company boards. Some public companies are finding it difficult to recruit and retain qualified directors who meet all the criteria public companies desire in this age of specialization, diversity, independence, etc. The upshot is that when a public company finds the correct mix on its board, it is imperative that compensation for directors be set to retain such directors in light of the current demands that such service requires. We believe that the upward trends in director compensation reflect these realities.

Technology Risks

Technology in all its forms (be it social media, mobile devices, remote access or its many other iterations), presents multiple challenges for public companies. Below we address two areas of technology concerns that continued to inundate the news in 2012: (1) social media and (2) cyber security.

  • Social media (e.g., Twitter, Facebook, LinkedIn, etc.) have become a significantly integrated part of our personal and professional lives in a very short amount of time. Some public companies have embraced the benefits of social media while many have taken a “wait and see” approach. Many commentators are concerned that public companies have not developed sufficient policies and procedures and, possibly more important, risk assessments related to social media concerns. These policies can address simple issues related to employee access to social media in the workplace to more nuanced issues related to how the company intends to utilize social media to its advantage. Management and boards of public companies may want to make social media a recurring part of the dialogue related to technology concerns at their company—not just from a risk perspective but also from a business growth perspective. Late in 2012, the SEC’s Enforcement Staff entered the fray by issuing a Wells Notice to Netflix and its CEO over a Facebook post about the aggregate number of hours people were viewing Netflix content. This action may severely chill the use of social media as a means to provide the investor community material disclosures. This is particularly true since many in the legal community have had reservations regarding the use of social media as a form of disclosure for public companies.
  • As public companies continue to evolve with technology, boards are focusing more and more on cyber security.[8] In 2012, boards of multiple notable public companies were forced to address cyber breaches at their companies. These concerns regarding cyber breaches will be more relevant as companies continue to integrate remote access and data sharing technologies.
  • The SEC has existing disclosure guidance regarding these risks.[9] While this guidance is ostensibly “advisory” in nature, in 2012, the SEC made disclosures regarding cyber security a point of review in connection with SEC comment letters on public filings and more than a few companies received comments from the SEC on issues related to cyber security. One thing we can count on in future years is increased regulation/attention in this area[10] and increased potential litigation for companies who fall prey to cyber security breaches. Hence, boards may want to continue to make cyber security concerns a focus of oversight, particularly as it relates to contingency plans and adequacy of existing insurance.
  • For example, general liability insurance policies may prove to be inadequate in the event of a material cyber-security breach and boards might consider purchasing specific cyber insurance covering the company and third-party exposure, as well as ensuring that the company’s D&O insurance covers cyber-related claims based on allegations of securities fraud, breach of fiduciary duty and alternative theories of liability.
  • Like oversight in all significant areas of concern for a public company, board oversight with respect to cyber security is about proper process. Boards may want to discuss issues regarding cyber security on a regular basis at a board level and may rely upon consultants, experts and even management in its role of oversight, paying particular attention to sufficiency of the company’s overall cyber security plans and resources.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Snell & Wilmer | Attorney Advertising

Written by:

Snell & Wilmer

Snell & Wilmer on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.