/>iAs the 2025 proxy season approaches, public companies must gear up for an environment shaped by evolving regulations, investor expectations, and governance trends. To ensure your company is well-prepared, here are some practical tips to keep in mind:
1) Dust Off the Proxy Season Calendar and Confirm Filer Status
Start your preparations by revisiting your proxy season timeline. Ensure you know your key deadlines for Securities and Exchange Commission (SEC) filings, including the Form 10-K/20-F, proxy statement, and annual meeting. Check your filer status (e.g., large accelerated, accelerated, non-accelerated) to confirm applicable deadlines and determine whether any recent status changes affect your compliance requirements.
2) Be Aware of New SEC Disclosure Obligations
The SEC has introduced several new disclosure obligations for 2025. Among others, there are two key changes to note:
-
Insider Trading Policies and Procedures.
- Narrative Disclosure - Item 408(b) of Regulation S-K requires a company to disclose whether it has adopted policies or procedures governing purchases, sales, or other dispositions of its securities by directors, officers, and employees or by the issuer itself and, if not, why it has not done so.
- Exhibit Filing - Any insider trading policy must be filed as Exhibit 19 to the 2024 Form 10-K. If the company’s code of ethics includes such a policy, a separate exhibit filing is not required. (A similar disclosure requirement applies under Item 16J of Form 20-F.)
-
Option Award Granting Policies and Procedures (402(x) of Regulation S-K):
- Narrative Disclosure - Under new Item 402(x), a company must provide narrative disclosure discussing its policies and practices regarding the timing of awards of stock options, stock appreciation rights (SARs) and similar option-like instruments in relation to the disclosure of material nonpublic information (MNPI), including how the board determines when to grant these awards. In addition, a company must disclose whether the board or compensation committee takes MNPI into account when determining the timing and terms of applicable awards, and, if so, how and whether the company has timed the disclosure of MNPI for the purpose of affecting the value of executive compensation.
- Potential New Tabular Disclosure - New Item 402(x) also requires detailed tabular disclosure if, during the last completed fiscal year, stock options, SARs or similar option-like instruments were awarded to a named executive officer (NEO) within a period starting four business days before and ending one business day after the filing of a Form 10-K or 10-Q, or the filing or furnishing of a Current Report on Form 8-K that discloses MNPI (including earnings information).
3) Revisit Cybersecurity Disclosure in Light of SEC Comment Letters and Trends
On July 26, 2023, the SEC adopted final rules requiring (i) the disclosure of material cybersecurity incidents in Form 8-K, and (ii) new cybersecurity risk management, strategy, and governance disclosures in Form 10-K and 20-F. All public companies were required to comply with these disclosure requirements for the first time beginning with their annual reports on Form 10-K or 20-F for the fiscal year ending on or after Dec. 15, 2023. As a result, calendar fiscal year companies included these disclosures for the first time in their respective annual report filings last annual reporting cycle.
With the passage of time, we are beginning to see SEC comment letters issued on filings related to the new cybersecurity disclosure rules. We believe it is prudent to be familiar with these comment letter trends to assess whether any improvements might apply to a company’s first-year disclosures.
Here is an SEC comment exchange related to a company’s Item 1C cybersecurity disclosures (with the SEC comment in bold and the response following):
“We note your senior leadership team consisting of your CEO and his direct reports (SLT) is responsible for setting the tone for strategic growth, effective operations and risk mitigation at the management level, as well as, the overall managerial responsibility for confirming that the information security program functions in a manner that meets the needs of Equifax. We also note that you described the relevant expertise of your CISO but not of the other members of the SLT. Please revise future filings to discuss the relevant expertise of such members of senior management as required by Item 106(c)(2)(i) of Regulation S-K.
We respectfully acknowledge the Staff’s comment above. While our senior leadership team (“SLT”) has responsibility for risk management at the managerial level and overall managerial responsibility for the various programs of the Company, including information security, our Chief Information Security Officer (“CISO”) is the management position responsible for assessing and managing material risks from cybersecurity threats under Item 106(c)(2)(i) of Regulation S-K. In future filings, we will clarify that the CISO is the management position responsible for assessing and managing material risks from cybersecurity threats.”
It appears the SEC staff accepted the reporting person’s explanation in the above-referenced exchange, as there were no follow-up letters made public. A link to the actual letter is here.
4) Be Aware of Proxy Advisory and Institutional Shareholder Policy Updates
Both Glass Lewis and ISS have updated their guidelines for 2025, which take effect for meetings held after Jan. 1, 2025 for Glass Lewis and on or after Feb. 1, 2025 for ISS. Below are a few key takeaways from their updates:
-
Board Oversight of AI
- Given the rise in the use of artificial intelligence (AI), Glass Lewis has noted the importance of boards’ awareness of and policies surrounding the use of such technologies and the potential associated risks. If the company has not suffered any material incidents related to its use or management of AI, Glass Lewis will generally not make voting recommendations on the basis of its oversight of AI-related issues, but if there has been a material incident, Glass Lewis will review the company’s AI-related policies to ensure sufficient oversight and adequate response to such incidents and may recommend against certain directors in light thereof.
-
Defensive Profile and Reincorporation.
- Glass Lewis revised its stance on reincorporating the company in different states to clarify that it will take these on a case-by-case basis, depending on the shareholder rights, financial benefits, and other corporate governance provisions of the laws of the state or country of reincorporation.
- ISS votes case by case when it comes to poison pills with a term of one year or less, but this year it added several factors to its list of items it takes into consideration, including the context in which the pill was adopted and the company’s overall track record regarding corporate governance. This allows for a more holistic approach in ISS’s evaluation.
-
Executive Compensation.
- In the aftermath of the first full year of pay versus performance disclosures, Glass Lewis has clarified it will continue to evaluate executive compensation programs holistically and not in accordance with a predetermined scorecard. While there are some factors that may lead to a recommendation against or for a say-on-pay vote, Glass Lewis said it will evaluate each program in the context of its whole, rather than its parts.
-
Board Responsiveness to Shareholders.
- Both advisors included discussion about the board’s willingness and ability to respond to shareholders in its updates for this year. Glass Lewis has added to its discussion on board responsiveness a recommendation that shareholder proposals that received significant support but did not pass (generally more than 30 percent but less than a majority) should illicit board engagement with shareholders to address the issue and then provide disclosure of those efforts. Additionally, in its evaluation of whether to recommend a vote for or against a short-term poison pill, ISS states it will include the board’s responsiveness to shareholders in its review of the company’s corporate governance practices.
-
Expansion of Environmental Focus.
- ISS revised its guidance on what used to be its section on general environmental and community impact proposals to include all natural capital-related matters. This includes topics like biodiversity, deforestation and related ecosystem loss, and other areas that group under the theme “natural capital.”
-
SPACs
- ISS revised its stance on proposals for special purpose acquisition companies (SPAC) extensions from a case-by-case model with a variety of factors at play, including length of the request, prior requests for extension, and acquisition transactions pending in the pipeline, to a general support of extensions of up to one year from the original termination date.
In addition to ISS and Glass Lewis, in December 2024 BlackRock released its updated U.S. proxy voting guidelines for benchmark policies.
5) Consider Hypothetical Risk Factors
On Nov. 6, 2024, the U.S. Supreme Court heard oral arguments for Facebook, Inc. v. Amalgamated Bank, a securities law case involving the 2016 Facebook (now Meta)/Cambridge Analytica’s user data scandal. Facebook investors alleged that the company, among other things, had included in its risk factor disclosures references to risks of unauthorized user data disclosures, but such risks were presented as hypothetical when in fact they had already materialized.
In its Oct. 18, 2023 opinion, the U.S. Court of Appeals for the Ninth Circuit ruled, “Because Facebook presented the prospect of a breach as purely hypothetical when it had already occurred, such a statement could be misleading even if the magnitude of the ensuing harm was still unknown.” Facebook subsequently filed a petition to the Supreme Court for a writ of certiorari. On Nov. 22, 2024, the Supreme Court dismissed the case on the grounds that the writ of certiorari was improvidently granted, affirming the Ninth Circuit’s ruling.
In light of this case and the continued hindsight focus on “hypothetical risk factors” by shareholder litigants, companies should consider reviewing their risk factors and assess whether any of them that may be deemed “hypothetical” have actually occurred, and therefore require further disclosures.
6) Familiarize Yourself With SEC Changes to EDGAR System
On Sept.27, 2024, the SEC adopted a series of rule and form amendments concerning access to and management of accounts on their Electronic Data Gathering, Analysis, and Retrieval system (EDGAR). These amendments – designed to enhance the security of EDGAR, improve the ability of filers to manage their EDGAR accounts, and modernize connections to EDGAR – are collectively referred to as EDGAR Next.
At the heart of the amendments is a shift in how filers (and appropriately permissioned third parties) access EDGAR. Presently, the SEC assigns EDGAR filers access codes; any individual in possession of a filer’s access codes may access the filer’s account, view and make changes to the information maintained therein, and transmit submissions on the filer’s behalf. EDGAR Next will retire the majority of these codes and require that EDGAR filers authorize specific individuals to perform the above-mentioned functions. Each authorized individual will verify their identity using login.gov credentials.
Enrollment in EDGAR Next opens on March 24, 2025, and all existing filers must enroll by Dec. 19, 2025.
To get a jump on preparing for enrollment, filers should take the earliest opportunity to (i) ensure that all of their existing EDGAR access codes are current and (ii) identify the individuals (e.g., employees, legal advisors, third-party filing agents) who will need access to their EDGAR accounts. Individuals who anticipate interfacing with the EDGAR Next system should obtain login.gov credentials.
7) Changes to Nasdaq Diversity Disclosure Requirement
In December 2024, the U.S. Court of Appeals for the Fifth Circuit vacated the SEC’s approval of Nasdaq’s board diversity rules. Nasdaq has stated that it will not appeal the decision. As a result, Nasdaq-listed companies will no longer need to include the previously required board diversity matrix in their proxy statement or on their website, or provide other narrative disclosure explaining why they did not have at least the minimum number of directors in specified diversity categories. There was no comparable disclosure requirement for New York Stock Exchange (NYSE) listed companies.
Notwithstanding this change, board diversity remains a continued focus for many public company boards and other considerations are still in place. For example, ISS, Glass Lewis and certain large institutional investors have their own diversity standards that may influence a company’s disclosure, and Item 407(c) of Regulation S-K may elicit diversity-related disclosures regarding a nominating committee’s consideration of director candidates. As a result, many companies are continuing to solicit such information in their directors and officers (D&O) questionnaires for the 2025 proxy season. Ultimately, each public company will need to consider relevant factors in determining whether, or to what extent, diversity factors into their SEC disclosures.
