Securities Snapshot: 3rd Quarter 2023 - What You Need to Know About The SEC's Latest Rulemaking

The weather may be cooling down, but the Securities and Exchange Commission (“SEC”) did not cool down its pace of rulemaking during the third quarter of 2023. The SEC adopted its highly anticipated cybersecurity disclosure rules, which will become effective in the fourth quarter of 2023 along with share repurchase rule amendments. Additionally, the SEC provided clarification on its amendments relating to Rule 10b5-1 trading plans and arrangements and early observations are in on how issuers are responding to the universal proxy rules. During this quarter, the European Union also adopted the standards for companies to file their annual sustainability reports. In this Snapshot, we review the new rulemaking and the SEC’s current rulemaking agenda.

Final Cybersecurity Disclosure Rule Adoption

On July 26, 2023, the SEC adopted final rules requiring the disclosure of material cybersecurity incidents and cybersecurity risk management, strategy, and governance by public companies. The final rules require current reporting about material cybersecurity incidents, as well as periodic reporting on a company’s policies and procedures to identify and manage cybersecurity risk. For a more detailed summary of the new cybersecurity disclosure rule, see our previous publication here.

The final rule added Item 1.05 to Form 8-K, which requires disclosure of material cybersecurity incidents within four business days of the company’s determination that the cybersecurity incident is material. New Item 106 of Regulation S-K requires periodic disclosure regarding the company’s cybersecurity risk management and strategy, including with respect to the company’s processes for assessing, identifying, and managing material risks. Additionally, new Item 106 requires annual disclosure regarding the company’s cybersecurity governance, including with respect to oversight by the board and management. Form 10-K has been amended to add Item 1C to Part I to include the information required by new Item 106 of Regulation S-K.

Compliance with new Item 1.05 to Form 8-K is required by December 18, 2023. Compliance with the new periodic disclosure requirements in Item 106 of Regulation S-K is required beginning with annual reports for fiscal years ending on or after December 15, 2023.

Share Repurchase Rule Reminders

Under the amendments to Item 703 of Regulation S-K, adopted on May 3, 2023, issuers must provide additional disclosures for their share repurchase activity. Issuers will be required to comply with the amendments on Forms 10-Q and 10-K (for their fourth fiscal quarter) beginning with the first filing that covers the first full fiscal quarter that begins on or after October 1, 2023. Our previous summary of the rule and its requirements can be found here.  

The amendments require tabular disclosure of an issuer’s repurchase activity aggregated on a daily basis either quarterly or semi-annually, depending on the size of issuer. The tabular disclosure of daily repurchases will be included in Exhibit 26 to the issuer’s Form 10-Q or 10-K. Issuers must also indicate by checkbox whether their Section 16 officers traded in company equity securities within four business days before or after the public announcement of the repurchase plan or program.   

The amendments expand the requirements for narrative disclosure of the issuer’s repurchase program. The narrative disclosure is required to include the objectives and rationales for the share repurchases and the process or criteria used to determine the amount of repurchases. The issuer must also disclose any policies and procedures relating to the purchases and sales of the issuer’s securities during a repurchase program by its officers and directors, including any restriction on such transactions.

Rule 10b5-1 Plan Staff Guidance

On August 25, 2023, the Staff of the SEC’s Division of Corporation Finance issued guidance on amendments to Rule 10b5-1 of the Exchange Act and the trading plan disclosure requirements contained in Item 408(a) of Regulation S-K. The new rules were discussed in our prior update found here. The guidance is included in three new Exchange Act Rules Compliance & Disclosure Interpretations (“C&DIs”) and two new Regulation S-K C&DIs.

Exchange Act Rules C&DIs:

The first C&DI clarifies that for purposes of calculating two business days with respect to the cooling-off period, the filing date of the relevant Form 10-Q or Form 10-K does not count as the first business day. Instead, the first business day is the business day immediately following the filing date of the relevant Form 10-Q or Form 10-K.

The second C&DI clarifies that a participant can rely on Rule 10b5-1 for participation in a 401(k) plan, even when the participant elects how much to contribute to her individual 401(k) account and there is an open-market transaction conducted at the direction of the plan administrator to match a contribution by the participant with employer stock. These transactions will not be deemed to constitute an impermissible overlapping plan for purposes of Rule 10b5-1.

The final C&DI clarifies that the Rule 10b5-1 check box on Form 4 does not apply to trading plans that were adopted prior to February 27, 2023 (the effective date of the Rule 10b5-1 amendments). Rather, it applies to transactions made pursuant to trading plans intended to satisfy the affirmative defense conditions of the amended Rule 10b5-1.

Regulation S-K C&DIs:

The new Regulation S-K C&DIs clarify that Item 408(a) does not require disclosure of the termination of a plan that ends due to its expiration or completion. Further, the C&DIs clarify that Item 408(a) requires disclosure for any Rule 10b5-1 trading arrangement or non-Rule 10b5-1 trading arrangement covering securities in which an officer or director has a direct or indirect pecuniary interest reportable under Section 16 that the officer or director has made the decision to adopt or terminate.

Universal Proxy Early Observations

The 2023 proxy season was the first full proxy season following the adoption of Rule 14a-19, which requires proxy cards distributed in connection with a contested director election to include all director candidates, whether nominated by the company or by stockholders. Following the adoption of Rule 14a-19, a number of companies amended the advance notice provisions of their bylaws to account for the universal proxy rules. Based on the results of a survey conducted by Wilson Sonini Goodrich & Rosati, of the approximately 70 companies in the Silicon Valley 150 that amended their bylaws between November 1, 2021 and July 31, 2023, 50 amended their bylaws explicitly to address Rule 14a-19. Further, 90 percent of the amendments occurred after August 31, 2022, which was the effective date of Rule 14a-19.

The majority of these amendments incorporated language expressly referring to the new rule and requiring nominating stockholders to comply with Rule 14a-19 timing and disclosure requirements. Many of these amendments require that the nominating stockholder file a compliant proxy statement and agree to solicit at least 67 percent of the shares entitled to vote. Additionally, many added the requirement that the nominating stockholder must provide the company with reasonable evidence of its compliance with Rule 14a-19, including the solicitation requirement before the stockholder meeting. The amendments typically require notice at least five business days in advance of the stockholder meeting. For many companies, a stockholder’s failure to comply with Rule 14a-19 requirements in connection with the nomination of directors deems the nomination proposal invalid. This means the stockholder’s nominees will not be included on the company’s proxy card.

European Union Corporate Sustainability Reporting Directive

The European Union (“EU”) Corporate Sustainability Reporting Directive (“CSRD”) went into effect January 5, 2023 and the associated European Sustainability Reporting Standards (“ESRS”) were adopted by the European Commission on July 31, 2023. The CSRD requires EU and certain non-EU companies with activities in the EU to file annual sustainability reports alongside their financial statements on the company’s environmental, social, and governance (“ESG”) matters. These reports must be prepared in accordance with the ESRS.

Under the CSRD and ESRS, companies will be required to disclose significant detail regarding their sustainability-related information. The ESRS includes two standards for these disclosures, ESRS 1 and ESRS 2, which provide general reporting concepts, including double materiality and reporting boundaries, and overarching disclosure requirements. The ESRS 1 and ESRS 2 also require disclosure on ten topical standards with specific disclosure requirements for ESG matters.

The CSRD will apply to both EU and certain non-EU companies. Non-EU companies with securities listed on an EU regulated market will have to report under the CSRD. Additionally, non-EU companies with: (a) an annual net turnover at the consolidated or individual level in the EU exceeding EUR 150 million for each of the last two consecutive financial years; and (b) which have a qualifying EU subsidiary or a branch in the EU that generated an annual net turnover in excess of EUR 40 million in the preceding financial year  must report under the CSRD. Net turnover is defined as the amount derived from the sale of products and the provision of services after deducting sales rebates and value added tax (and other taxes directly linked to turnover).

The application of the CSRD will take place in four stages, for financial years starting on or after:


The term “large” applies to a company or, where that company is a parent of a consolidated group, a group meeting two of the following tests: (a) balance sheet total exceeding EUR 20 million; (b) net turnover exceeding EUR 40 million; and (c) more than 250 employees.

Status of Select Commission Rulemaking

The SEC has delayed its anticipated timing for several closely followed rules, including its climate change disclosure rule. The SEC has not released its latest Reg Flex Agenda since spring of 2023, where it extended the timing for the climate disclosure rules, among several other rulemakings, to October 2023.

Commission Proposal

Additionally, the following anticipated key rules are slated for initial proposal on the Reg Flex Agenda, which we will continue to monitor and advise on proposed rules issued related thereto:

Anticipated Key Rules

Should you have any questions or need assistance, please contact us.

James C. Kennedy

F. Mark Reuter

Allison A. Westfall

Olivia M. King

KMK Law articles and blog posts are intended to bring attention to developments in the law and are not intended as legal advice for any particular client or any particular situation. The laws/regulations and interpretations thereof are evolving and subject to change. Although we will attempt to update articles/blog posts for material changes, the article/post may not reflect changes in laws/regulations or guidance issued after the date the article/post was published. Please consult with counsel of your choice regarding any specific questions you may have.


© 2024 Keating Muething & Klekamp PLL. All Rights Reserved

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Functional cookies collect information about your choices and preferences, and collect information about your use of the Sites and Services which enable us to improve functionality.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.