Tag Archives: Paul M. Rodel

SEC Releases New Guidance on Material Cybersecurity Incident Disclosure

by Eric T. JuergensErez LiebermannBenjamin R. Pedersen, Paul M. Rodel, Anna Moody, Kelly Donoghue, and John Jacob

Photos of authors.

Top left to right: Eric T. Juergens, Erez Liebermann, Benjamin R. Pedersen, and Paul M. Rodel. Bottom left to right: Anna Moody, Kelly Donoghue, and John Jacob. (Photos courtesy of Debevoise & Plimpton LLP)

On June 24, 2024, the staff of the Division of Corporation Finance of the Securities and Exchange Commission (the “SEC”) released five new Compliance & Disclosure Interpretations (“C&DIs”) relating to the disclosure of material cybersecurity incidents under Item 1.05 of Form 8-K. A summary of the updates is below, followed by the full text of the new C&DIs.  While the fact patterns underlying the new C&DIs focus on ransomware, issuers should consider the guidance generally in analyzing disclosure obligations for cybersecurity events.

Continue reading

100 Days of Cybersecurity Incident Reporting on Form 8-K: Lessons Learned

by Charu A. Chandrasekhar, Erez Liebermann, Benjamin R. Pedersen, Paul M. Rodel, Matt Kelly, Anna Moody, John Jacob, and Kelly Donoghue

Photos of authors

Top (left to right): Charu A. Chandrasekhar, Erez Liebermann, Benjamin R. Pedersen, and Paul M. Rodel
Bottom (left to right): Matt Kelly, Anna Moody, John Jacob, and Kelly Donoghue (photos of courtesy of Debevoise & Plimpton LLP)

On December 18, 2023, the Securities and Exchange Commission’s (the “SEC”) rule requiring disclosure of material cybersecurity incidents became effective. To date, 11 companies have reported a cybersecurity incident under the new Item 1.05 of Form 8-K (“Item 1.05”).[1]

After the first 100 days of mandatory cybersecurity incident reporting, we examine the early results of the SEC’s new disclosure requirement.

Continue reading

SEC Issues Long-Awaited Climate-Related Disclosure Rule

by Eric T. Juergens, Benjamin R. Pedersen, Paul M. Rodel, Kristin A. Snyder, Caroline N. Swett, Ulysses Smith, Michael Keene, Mie Morikubo, Michael Pan, Amy Pereira, and Maayan G. Stein

photos of authors

Top left to right: Eric T. Juergens, Benjamin R. Pedersen, Paul M. Rodel, Kristin A. Snyder, Caroline N. Swett, and Ulysses Smith. Bottom left to right: Michael Keene, Mie Morikubo, Michael Pan, Amy Pereira, and Maayan G. Stein. (Photos courtesy of Debevoise & Plimpton LLP).

On March 6, 2024, the U.S. Securities and Exchange Commission (“SEC”) adopted a long-awaited final rule, The Enhancement and Standardization of Climate-Related Disclosures for Investors, which will require registrants, including foreign private issuers (“FPIs”),[1] to disclose extensive climate-related information in their registration statements and periodic reports (the “Final Rule”). The Final Rule is intended to facilitate the disclosure of “complete and decision-useful information about the impacts of climate-related risks on registrants” and to improve “the consistency, comparability, and reliability of climate-related information for investors.” The Final Rule constitutes one of the most significant changes ever to SEC disclosure requirements, and is expected to face legal challenges. The Final Rule is available here and the accompanying fact sheet is available here.

Continue reading

SEC Adopts New Cybersecurity Rules for Issuers – Part 2 Key Takeaways

by Charu A. Chandrasekhar, Avi Gesser, Matthew E. Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul M. Rodel, Steven J. Slutzky, Matt Kelly, Kelly Donoghue, Chris Duff, John Jacob, Amy Pereira, Ned Terrace, Luke Dembosky, and Mengyi Xu

Photos of the authors

Top left to right: Charu A. Chandrasekhar, Avi Gesser, Matthew E. Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul M. Rodel, Steven J. Slutzky, and Matt Kelly.
Bottom left to right: Kelly Donoghue, Chris Duff, John Jacob, Amy Pereira, Ned Terrace, Luke Dembosky, and Mengyi Xu.
(Photos courtesy of Debevoise & Plimpton LLP)

On July 26, 2023, the SEC adopted long-anticipated final rules on cybersecurity risk management, strategy, governance and incident disclosure for issuers (“Final Rules”). We summarized the key obligations under the Final Rules, and changes from the Proposing Release,[1] in our July 27, 2023 update. In this companion update, we discuss key takeaways across three areas for issuers to consider:

Continue reading

SEC Adopts New Cybersecurity Rules for Issuers

by Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew E. Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul M. Rodel, Steven J. Slutzky, Matt Kelly, Kelly Donoghue, John Jacob, Amy Pereira, Mengyi Xu, and Chris Duff 

Photos of the authors

Top left to right: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew E. Kaplan, Erez Liebermann, Benjamin R. Pedersen, and Paul M. Rodel.
Bottom left to right: Steven J. Slutzky, Matt Kelly, Kelly Donoghue, John Jacob, Amy Pereira, Mengyi Xu, and Chris Duff.
(photos courtesy of authors)

On July 26, 2023, the SEC adopted the long-anticipated final rules on cybersecurity risk management, strategy, governance, and incident disclosure for issuers. The new rules are part of the SEC’s larger efforts focused on cybersecurity regulation with a growing universe of rules aimed at different types of SEC registrants, including: (i) its proposed cybersecurity rules for registered investment advisers and funds and market entities, including broker-dealers, (ii) its proposed amendments to Reg S-P and Reg SCI and (iii) existing cybersecurity obligations under SEC regulations, including Reg S-P, Reg S-ID, and the recently amended Form PF.

Continue reading

SEC Adopts Share Repurchase Disclosure Rules

by Eric T. Juergens, Matthew E. Kaplan, Nicholas P. Pellicani, Paul M. Rodel, Steven J. Slutzky, Jonathan R. Tuttle, and Charu A. Chandrasekhar

Photos of the authors

Top row from left to right: Eric T. Juergens, Matthew E. Kaplan, Nicholas P. Pellicani, and Paul M. Rodel.
Bottom row from left to right: Steven J. Slutzky, Jonathan R. Tuttle, and Charu A. Chandrasekhar. (Photos courtesy of Debevoise & Plimpton)

On May 3, 2023, the U.S. Securities and Exchange Commission (the “SEC”) adopted rules requiring additional disclosures by issuers of repurchases of equity securities registered under Section 12 of the Exchange Act made by or on behalf of the issuer or by any “affiliated purchaser” of the issuer.[1] Most significantly, the rules require:

  • most issuers to disclose their daily share repurchase activity on a quarterly basis;
  • additional disclosures in periodic reports regarding the objective and structure of an issuer’s repurchase program, including Rule 10b5-1 trading arrangements, and policies relating to trading activity by officers and directors during repurchase programs; and
  • issuer periodic reports to identify trading activity by officers and directors in close proximity to an announcement of a share repurchase program.

Continue reading