New Disclosure Requirements for Your Form 10-K

13 Januari 2024

After a prolific year of rulemaking for the US Securities and Exchange Commission (SEC), public companies need to be aware of new disclosure requirements for their upcoming Form 10-K filings for the fiscal year ended 31 December 2023 (2023 Form 10-K) relating to cybersecurity, clawbacks, and insider trading. Companies should also consider certain additional disclosure developments and evolving best practices when preparing their 2023 Form 10-Ks. The following memo summarizes these new disclosure requirements and additional disclosure considerations for 2023 Form 10-Ks, new disclosure requirements for Form 10-K filings for the fiscal year ended 31 December 2024 (2024 Form 10-K), and the timing of pending and anticipated SEC rulemaking.

New Disclosure Requirements for 2023 Form 10-Ks

Cybersecurity
Cybersecurity Risk Management and Strategy

Item 106(b) of Regulation S-K requires a company to describe its processes for assessing, identifying, and managing material risks from cybersecurity threats, including: 

  • Whether and how such processes have been integrated into the company’s overall risk management system or processes;
  • Whether the company engages third parties in connection with such processes; and
  • Whether the company has processes to oversee and identify risks from cybersecurity threats associated with its use of third-party service providers.

A company must also describe whether and how any risks from cybersecurity threats have materially affected or are reasonably likely to materially affect the company, including its business strategy, results of operations, or financial condition.

Cybersecurity Governance

Item 106(c) of Regulation S-K (Item 106(c)) requires a description of the board of directors’ oversight of risks from cybersecurity threats (including identification of any board committee or subcommittee responsible for such risk oversight) and a description of the processes by which the board or such committee or subcommittee is informed of such risks. Item 106(c) also requires a description of management’s role in assessing and managing material risks from cybersecurity threats, including:

  • Whether and which management positions or committees are responsible for assessing and managing such risks and the relevant expertise of such persons or members;
  • The processes by which such persons or committees are informed about or monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents; and
  • Whether such persons or committees report information about such risks to the board of directors or a committee or subcommittee thereof.
Clawbacks
Clawback of Erroneously Awarded Compensation

Item 402(w) of Regulation S-K requires a company to disclose certain information if, at any time during or after its last completed fiscal year, it was required to prepare an accounting restatement that required recovery of erroneously awarded compensation pursuant to its clawback policy or if there was an outstanding balance of erroneously awarded compensation to be recovered. The disclosure must include for each restatement:

  • The date the company became required to make such accounting restatement;
  • The aggregate dollar amount of the erroneously awarded compensation attributable to such accounting restatement, including how it was calculated;
  • If the reporting measure underlying the erroneously awarded compensation related to stock price or a total shareholder return metric, the estimates used in determining the erroneously awarded compensation attributable to such accounting restatement, and the methodology used for such estimates;
  • The aggregate dollar amount of erroneously awarded compensation that remains outstanding at the end of the last completed fiscal year; and
  • If the aggregate dollar amount of such erroneously awarded compensation has not yet been determined, the disclosure of this fact and an explanation of the reason.

If the company deems recovery to be impracticable, it must disclose, for each current and former named executive officer and all other current and former executive officers as a group, why it did not pursue recovery and the amount of recovery forgone.

Exhibit Index

Clawback policies adopted in accordance with New York Stock Exchange or Nasdaq requirements must be filed as Exhibit 97 to the 2023 Form 10-K.

Cover Page

The Form 10-K cover page includes two checkboxes that a company must now check if:

  • It is including financial statements that reflect the correction of an error to previously issued financial statements; and
  • Any of those corrections are restatements that required a recovery analysis of incentive-based compensation.
Insider Trading Disclosures
Officer and Director Trading Arrangements

Item 408(a) of Regulation S-K requires disclosure of Rule 10b5-1 trading arrangements and non-Rule 10b5-1 trading arrangements adopted or terminated by a director or Section 16 officer during the fourth quarter of the fiscal year. The expiration of a trading plan pursuant to its terms is not required to be disclosed. If disclosure is required, a company must identify the officer or director and describe the material terms of such arrangement, including its date, duration, and total amount of securities to be sold or purchased, but excluding any pricing terms.

Additional Disclosure Considerations for 2023 Form 10-Ks

Share Repurchases
  • Given that the US Court of Appeals for the Fifth Circuit vacated the SEC’s Share Repurchase Disclosure Modernization rule in December 2023, a company should report its share repurchases in the same manner that it previously reported such repurchases prior to the effectiveness of this rule.
Risk Factors
  • Since risk factor disclosures are often updated just once a year when preparing a Form 10-K filing, a company should review its risk factors with fresh eyes and consider
  • The risk factors of peer companies to help it assess current and emerging risks facing similarly situated companies;
  • Areas of SEC focus such as:
    • Framing disclosure of a risk as hypothetical when it has already occurred;
    • Artificial intelligence and the potential risks to the company of its increased adoption;
    • Geopolitical risks:
    • Inflation and interest rate risks;
    • Climate-related and other environmental, social, and governance related risks; and
  • The structure and organization of the risk factor disclosures, including a summary of the risk factors if the risk factor disclosure is over 15 pages.
Comment Letter Trends
Non-GAAP Disclosures
  • Non-GAAP measures are an area of focus by the staff of the SEC’s Division of Corporation Finance (Staff) in Form 10-K comment letters. The preparation of the 2023 Form 10-K is a good opportunity to review these measures disclosed not only in the Form 10-K, if applicable, but in other disclosures filed or furnished with the SEC, and confirm they are calculated and presented in accordance with SEC rules and relevant Staff interpretations.
Climate-Related Disclosures
  • Another area of focus by the Staff in Form 10-K comment letters is climate-related disclosures. While drafting its 2023 Form 10-K, a company should also review all of its climate-related disclosures (including in its corporate sustainability report and on its website) in light of the SEC’s proposed climate-change disclosure rules and the Sample Letter to Companies Regarding Climate Change Disclosures issued by the Staff in September 2021.

New Disclosure Requirements for 2024 Form 10-Ks

As it is never too early to plan ahead, a company should be aware of new disclosure requirements with respect to insider trading and option award grants that must be disclosed in its 2024 Form 10-K to be filed in early 2025.

Insider Trading Policies and Procedures
  • Item 408(b) of Regulation S-K requires a company to disclose whether it has adopted policies or procedures governing purchases, sales, or other dispositions of its securities by directors, officers, and employees or by the issuer itself and, if not, why it has not done so. Any insider trading policy must be filed as Exhibit 19 to the 2024 Form 10-K. If the company’s code of ethics includes such a policy, a separate exhibit filing is not required.
Option Award Granting Policies and Procedures
  • Item 402(x) of Regulation S-K requires narrative and tabular disclosure of the timing for granting option awards and disclosing material nonpublic information (MNPI). A company must disclose any policies and practices in this regard, including how the board determines when to grant such awards, whether the board or compensation committee takes MNPI into account (and, if so, how), and whether the company has timed the disclosure of MNPI to affect the valuation of any executive compensation.
  • In the related tabular disclosure, a company must disclose option awards granted within the four business days before, or one business day after, any filing of a Form 10-Q, Form 10-K, or Form 8-K with the SEC disclosing MNPI. This table must include the grant date, the number of securities underlying the award, the exercise price of the award, the grant date fair value of the award, and the percentage change of the closing price of the securities underlying the award between the trading day prior to the disclosure of MNPI and the trading day immediately following the disclosure of MNPI.

Pending and Anticipated SEC Rulemaking

  • According to the SEC’s Fall 2023 Regulatory Agenda, the following key rules are scheduled for finalization or proposal during 2024:
    • Finalization of climate change disclosure rule (scheduled for April 2024)—The proposed rule is designed to enhance a company’s disclosures regarding climate-related opportunities and risks.
    • Finalization of Exchange Act Rule 14a-8 Amendments (scheduled for April 2024)—The proposed rule includes updating certain substantive bases for a company to exclude a shareholder proposal from its proxy statement and amending the exclusions for substantial implementation, duplication, and resubmission.
    • Proposed rule amendments to enhance human capital management disclosure (scheduled for April 2024).
    • Proposed rule amendments to enhance corporate board diversity disclosure (scheduled for October 2024).