Key Considerations for the 2025 Annual Reporting and Proxy Season: Your Upcoming Form 10-K

Each year in our Annual Memo, White & Case's Public Company Advisory Group provides practical insights on preparing Annual Reports on Form 10-Ks, Annual Meeting Proxy Statements and, for FPIs, the Annual Report on Form 20-F. This installment of our Annual Memo will focus on preparations for your Form 10-K, divided into two sections: Annual Report on Form 10-K Housekeeping Considerations in Part I below, and Disclosure Considerations in Part II below.

With the inauguration of President Trump on January 20, 2025, public companies await the impact of the new administration on the SEC. President Trump's pick for the next SEC Chair, Paul Atkins, is an experienced appointee, having previously served as SEC Commissioner from August 2002 until 2008 as an appointee of former President George W. Bush.¹ Atkins will assume office following an unprecedented period of SEC rulemaking impacting public companies, with approximately 50 new substantive SEC rules adopted over the past four years, including three rules that were subsequently vacated by courts holding that the SEC had overreached its authority.² Despite an expected change in approach by the new administration away from prescriptive rulemaking and towards a more principles based approach, it is important to note that the SEC's recent rule changes and guidance remain in effect and public companies remain subject to them, absent further action by the SEC.

Part I: Top Housekeeping Considerations

As in our prior annual alerts, we begin with our top housekeeping reminders for preparing your Annual Report on Form 10-K, as follows:

1. New Exhibit: File your insider trading policy as Exhibit 19 to the Form 10-K. Under new Item 408(b) of Regulation S-K, insider trading policies must be filed as exhibits to upcoming Form 10-Ks for the 2024 fiscal year filed in 2025.³ Companies must file their insider trading policy as Exhibit 19 to the 2024 Form 10-K,⁴ and this new exhibit is required for all public companies, including smaller reporting companies (SRCs) and emerging growth companies.

• Disclosure Beyond the Exhibit. In addition to the exhibit requirement, companies are also required to disclose whether they have adopted insider trading policies "governing the purchase, sale, and/or other dispositions of the registrant's securities by directors, officers and employees, or the registrant itself, that are reasonably designed to promote compliance with insider trading laws," ⁵ and to tag this disclosure in inline XBRL.⁶ However, pursuant to Instruction G(3) of the Form 10-K, this information may be included in the annual meeting proxy statement and simply incorporated by reference into the Form 10-K from the proxy statement, as companies typically do for most of the other information required by Part III of the Form 10-K.⁷ In order to incorporate information by reference in accordance with SEC requirements, companies should refer to the specific section of the proxy statement that they are incorporating by reference.⁸
• Importance of Reviewing Insider Trading Policy Before Public Filing. Companies should review their insider trading policies before disclosing them publicly in their 10-K exhibit and consider whether any updates should be made in advance of their initial public filing. These updates can include, for example, removing any personal contact information of personnel identified in the policy, as well as any substantive revisions to update the policy in light of recent SEC rule changes and emerging market trends. For more information on insider trading policies and market practices on key policy provisions, see our recent client alert "Insider Trading Policies: A Survey of Recent Filings."

2. Exhibit Housekeeping. Beyond the Insider Trading Policy exhibit, remember to review your exhibit list including the following steps: (1) confirm that all required exhibits are filed under Item 601 of Regulation S-K, including for example: (i) exhibits filed since last year's annual report on Forms 8-K and 10-Q, (ii) the required clawback policy under Item 601(b)(97) of Regulation S-K,⁹ which was new last year, and (iii) the consent of the auditors under Item 601(b)(23)(ii) to incorporate the financial statements from the Form 10-K into the list of the company's current registration statements, which must be updated to include any newly filed registration statements and remove any registration statements that are no longer effective.;¹⁰ (2) remove outdated exhibits no longer required to be filed, such as material contracts that have been fully performed; and (3) confirm permissible redactions and omissions in filed exhibits under Item 601 of Regulation S-K (see our 2023 Annual Memo's Housekeeping Considerations for further information on these permissible redactions and omissions for exhibits).

3. Confirm your Filing Status for 2025. It is important to confirm your filing status and filing deadline. This year's Form 10-K is due on Monday, March 3, 2025 for large, accelerated filers, Monday, March 17, 2025 for accelerated filers, and Monday, March 31, 2025 for non-accelerated filers.¹¹ To confirm your filing status, keep in mind that:

• Determining Public Float: Public float is central to calculating your filing status and is computed as of the last business day of the company's most recently completed second fiscal quarter (June 30, 2024 for calendar year end companies) by multiplying (a) the number of shares of common stock on that day held by non-affiliates¹² by (b) the closing stock price on that day. As a result, confirming the identity and holdings of affiliates and subtracting out their shares is critical for an accurate calculation of "public float."
• Large Accelerated, Accelerated and Smaller Reporting Thresholds: The public float thresholds for initial qualifications are set forth in Rule 12b-2 of the Exchange Act, but if your company previously qualified as a "large accelerated filer" or an "accelerated filer," or did not qualify as a "smaller reporting company," the thresholds to now move into each respective status are lower than those required for the initial qualification (e.g., less than $560 million as opposed to $700 million for accelerated filer status, less than $60 million as opposed to $75 million for non-accelerated filer status, or for the SRC public float test, less than $200 million as opposed to $250 million).¹³
• Emerging Growth Company (EGC) Status Check: If your company is an EGC, remember to annually assess whether you have ceased to qualify as an EGC based on: (1) having total annual gross revenues of $1.235 billion or more, (2) the passage of time beyond the fifth anniversary of the first date common equity was sold pursuant to an effective registration statement, (3) the issuance of more than $1 billion in non-convertible debt in the previous three years, or (4) becoming a large accelerated filer. See the definition of "emerging growth company" in Rule 12b-2.

Outstanding Share Data: Companies should also confirm that their outstanding share data is used and presented consistently throughout their Form 10-K. In September 2023, the SEC published a sample comment letter to companies regarding their XBRL disclosures, which included a sample comment that "the common shares outstanding reported on the cover page and on your balance sheet are tagged with materially different values. It appears that you present the same data using different scales (presenting the whole amount in one instance and the same amount in thousands in the second)."

4. Clawback checkboxes (new last year): Starting December 1, 2023, public companies were required to have in place a clawback policy compliant with stock exchange listing standards adopted pursuant to the SEC's new clawback rules. As set forth in the Form 10-K and explained in SEC C&DI 104.19, companies must now have the two additional check box disclosures shown below on the cover page of their Form 10-Ks. For guidance on when to check these boxes, see our 2024 Annual Memo.

• Beyond the cover page checkboxes, clawback disclosure is also required under new Item 402(w) of Regulation S-K if your company was required to prepare an accounting restatement that required a clawback (or if there is an outstanding balance of unrecovered compensation related to a prior restatement). This disclosure can be included in the proxy statement and incorporated by reference into the Form 10-K under Part III, Item 11.¹⁴

5. D&O Questionnaire Update: Given the SEC's recent enforcement action related to director independence, D&O questions for assessing director independence under the general independence test for purposes of stock exchange rules have become a focal point for public companies. The general independence test generally requires the Board to affirmatively determine that there are no relationships between the director and the listed company's management that impact the director's independence. As a result, companies should consider clarifying to directors that close business or personal relationships with management may need to be disclosed in their responses to D&O Questionnaires, and, as an illustration, providing examples of the types of relationships that could impair independence under the general independence test.¹⁵ A company's D&O Questionnaire should also make clear that a director's responses to D&O Questionnaires are important and form the basis for disclosures made by the company in its SEC filings.

Part II: Key Disclosure Considerations

1. Cybersecurity: For the second year, public companies are now required to include in Form 10-Ks (under Part I, Item 1C) mandatory cybersecurity disclosure. For a detailed discussion of the SEC's requirements on this cybersecurity disclosure, including guiding principles for preparing the disclosure, see our 2024 Annual Memo. As a reminder, all registrants must begin tagging responsive disclosure in Inline XBRL beginning with annual reports for fiscal years ending on or after December 15, 2024.¹⁶

Since the filing of last year's Form 10-Ks, SEC Staff has issued comments on the new 10-K cybersecurity disclosure that may provide guidance moving forward. In particular, these comments focused on the following:

• Inconsistent statements regarding the use of third parties in cybersecurity risk management (e.g., one company stated that it "does not currently engage any third-party service providers" but went on to disclose that the Audit Committee receives updates from third party support specialists);¹⁷
• Inadequate disclosure regarding the relevant expertise of members of the management or management committees (e.g., one company failed to sufficiently identify which management positions or teams are responsible for managing material risks from cybersecurity threats, and failed to provide the required information on their expertise under Item 106(c)(2)(i) of Regulation S-K);¹⁸
• Whether and how the company's process for assessing, identifying, and managing material risks from cybersecurity threats has been integrated into its overall risk management system or processes (e.g., one company noted that it had a comprehensive and layered auditing approach to evaluate the effectiveness of existing controls, but did not explain how this was integrated into its overall risk management system or processes).¹⁹

During 2024, the SEC's Division of Enforcement continued its focus on cybersecurity disclosure. For example, in October 2024, the SEC announced settled charges against four technology companies that had been impacted by the 2020 SUNBURST cyber-attack for making misleading disclosures regarding cybersecurity incidents and risks, and in December 2024, the SEC charged yet another company for misleading disclosure following a cybersecurity breach, including for describing cyber risks hypothetically (e.g., cybersecurity attacks "may interrupt our business or compromise sensitive customer data..."), despite the fact that the company had already experienced a cyberattack that did exfiltrate sensitive customer data and did disrupt operations.

Although the new administration is expected to change the SEC's enforcement approach on cybersecurity, public companies should still take away important reminders from recent actions that reiterate lessons from prior court decisions and underscore bedrock disclosure principles of materiality and accuracy, including:²⁰

• Do not disclose a risk as hypothetical when in fact that risk has already materialized, and do not describe specific, known risks in only generic terms.
• Evaluate and update existing disclosures to reflect changing circumstances and the company's changed risk profile as a result of any recent cybersecurity incident.
• Describe fully and accurately any cybersecurity incidents that are disclosed; quantifying certain aspects of an incident without disclosing other material information on its scope and impact may be materially misleading. Nonetheless, any disclosures should be balanced against the need for the company to avoid revealing critical information about its cybersecurity controls or risk to protect against future cyberattacks.

2. Artificial Intelligence Considerations for your Annual Report. New artificial intelligence ("AI") technologies present both significant opportunities and risks for companies. In addition to risk factor disclosure,²¹ companies should consider whether it is necessary or advisable to make disclosures about the ways in which AI might impact their strategy, productivity, competition or product demand, which, depending on the nature of the issuer's business and its particular facts and circumstances, might be appropriately included in the "Business" section of their Annual Report on Form 10-K or trend disclosure in the MD&A. To the extent the potential impact of AI is in fact discussed, it is important not to "AI" wash, or mislead investors as to your true artificial intelligence capabilities, which SEC Chair Gary Gensler cautioned companies against in a statement late last year.

3. Remember to Review and Update Risk Factors. Risk factor disclosure is a critical part of the Form 10-K, and companies should consider developments in 2024 as they draft their risk factors. These considerations include developments with respect to (1) cybersecurity, (2) artificial intelligence, (3) political conditions in the US, (4) international geopolitics and the risks of political engagement, (5) climate, (6) supply chain considerations and (7) human capital management and labor. These risks can also become factors related to known trends and uncertainties for discussion in the MD&A (see below). For a discussion of these developments and important tips for drafting risk factors, see our forthcoming client alert dedicated to risk factor updates.

4. MD&A Considerations. As in prior years, MD&A has remained one of the top targets of SEC Staff comments, with most comments in 2024 focused on the requirements in Item 303 of Regulation S-K, including:

• the discussion and analysis of results of operations, including the description and quantification of each material factor, unusual or infrequent events, and economic developments causing changes in results between periods (including a condensed labor market, wage inflation, global supply chain issues and inflation affecting revenues and underwriting);²²
• the discussion of known trends or uncertainties that are reasonably expected to impact near and long-term results (e.g., the impact of supply chain disruptions, inflation, increases in interest rates);²³
• metrics used by management in assessing performance, including how they are calculated and period over period changes;²⁴
• critical accounting estimates, including the judgments made in the application of significant accounting policies and the likelihood of materially different reported results if different assumptions were used;²⁵ and
• liquidity and capital resources, including requests for a clearer discussion of the drivers of cash flows and the trends and uncertainties related to meeting known or reasonably likely future cash requirements.²⁶

In particular, the Staff has continued to focus on key performance indicators ("KPIs") and has requested disclosure by companies on how KPIs are defined and calculated and how they are used by management. In addition, the Staff has asked companies why KPIs are useful for investors and why KPIs or other performance metrics are discussed in earnings releases or investor presentations if they are not also discussed in their periodic reports or are presented inconsistently.

Companies should keep in mind these areas of focus and review their MD&A disclosure to confirm they provide investors with key information on the company's financial performance and future outlook through the eyes of management, allowing readers to have a deeper understanding of the company's financial condition from the perspective of company leadership. As the MD&A is crucial to an understanding of the company's current performance and future trends that will impact operations, companies should review their MD&A disclosures to confirm that the provide sufficiently specific and thorough analyses.

5. Mind the Non-GAAP. The SEC Staff continues to focus on non-GAAP financial measures in its comment letters, following the release of updated non-GAAP C&DIs in December 2022²⁷ (for a summary of these updates, see "Five Key Reminders on Non-GAAP Compliance" in our 2023 Annual Memo). In 2024, many of the Staff's comment letters focused on:

• the prominence of the most directly comparable GAAP measure when compared to the non-GAAP financial measure;
• reconciliations of the non-GAAP financial measure to the most directly comparable GAAP financial measure;
• the appropriateness of adjustments;
• the use of individually tailored accounting principles; and
• the lack of disclosure as to why management believes the non-GAAP financial measure provides useful information to investors.

SEC Staff comments also focused on compliance with the C&DIs. For example, the Staff asked registrants whether operating expenses are "normal" or "recurring" and, therefore, whether their exclusion from a non-GAAP financial measure could be misleading based on C&DI Question 100.01.²⁸ The Staff has also commented on non-GAAP adjustments to revenue and expenses that could have the effect of changing the recognition and measurement principles required by GAAP, thereby rendering them "individually tailored" and potentially resulting in a misleading measure, based on C&DI Question 100.04.²⁹ It is important that companies review any non-GAAP disclosures against SEC requirements and guidance to ensure that non-GAAP measures are appropriately used and compliant with regulatory requirements

6. Climate Change Disclosure. Momentum may have shifted away from ESG overall, but climate change remains a key focus for many public companies and investors. Although the SEC's extensive climate-related disclosure requirements have been voluntarily stayed pending the resolution of legal challenges, companies should continue to consider their existing climate-related disclosure in light of the SEC's 2010 climate change disclosure guidance and the SEC's 2021 sample comment letter on climate disclosure.

While climate-related comments from the SEC decreased in 2024 when compared with 2023, companies should still pay attention to known areas of Staff focus, depending on the nature of the company's business and its particular facts and circumstances. These known areas of Staff focus include:

• Direct and indirect impacts of climate-related business trends, such as decreased demand for goods or services that produce significant greenhouse gas emissions and increased demand for energy from alternative sources;³⁰
• Physical effects of climate change on operations and results;³¹
• Material expenditures for climate-related projects and compliance costs;³² and
• Whether information contained in sustainability reports is material and therefore required to be included in the Form 10-K.³³

In addition to comment letters, a recent SEC enforcement action targeted a company's sustainability disclosures, arguing that Keurig's disclosures regarding the recyclability of its coffee pods were inaccurate, because two of the nation's largest recycling companies had given negative feedback on a recycling plan and did not intend to accept pods for recycling, which was not disclosed in the company's filings.³⁴ This action highlights the continued importance of ensuring that disclosures on sustainability-related topics are complete and not misleading due to the omission of information, and emphasizes the SEC's willingness to review non-filed materials, such as sustainability reports, when assessing the accuracy and completeness of disclosure.³⁵

7. Consider your Human Capital Management (HCM) Disclosures. The fiscal year 2024 Form 10-K is the fifth annual report in which US public companies must comply with amended Item 101 of Regulation S-K, which requires a description of human capital resources and human capital measures or objectives that the company focuses on in managing its business, to the extent material to the company as whole.³⁶ Based on White & Case survey information of Fortune 50 companies' disclosure in recent years, companies have covered a broad range of topics in their HCM disclosure, including employee engagement and culture initiatives, talent development and retention, employee health and wellness, flexible work arrangements, pay equity and diversity, equity and inclusion (DEI). Given the increased scrutiny on DEI programs, reports of a retreat on DEI in corporate America³⁷ and indications that the Trump administration will seek to end DEI programs in the federal government,³⁸ companies should carefully consider their HCM disclosures, including on DEI programs, initiatives and any DEI metrics, in order to ensure their disclosure is updated and aligned with their companies' current priorities and policies.

8. Director and Officer Rule 10b5-1 Plan Adoption and Termination Disclosure. As a reminder, under recently added Item 408(a) of Regulation S-K, companies must now disclose for each fiscal quarter in Form 10-Qs and for the fourth quarter in Form 10-Ks (1) whether any director or officer has adopted or terminated any Rule 10b5-1 plan or any other written trading arrangement that meets the requirements of a "non-Rule 10b5-1 trading arrangement,"³⁹ and (2) the material terms of the Rule 10b5-1 or non-Rule 10b5-1 trading arrangement. The "material" terms required to be disclosed include: (i) the name and title of the director or officer, (ii) the date of adoption or termination of the plan and its duration, (iii) the aggregate number of securities to be sold or purchased under the plan and (iv) whether the plan is a 10b5-1 plan or a non-Rule 10b5-1 trading arrangement. Pricing terms are not required to be disclosed. Although there is no requirement to affirmatively indicate if no plans were adopted for a particular quarter, S&P 500 companies have generally been affirmatively stating that "During the quarter ended [date], no director or Section 16 officer adopted or terminated any Rule 10b5-1 trading arrangements or non-Rule 10b5-1 trading arrangements" or otherwise simply affirmatively stating "None" under a subheading for the relevant Part II item.

Appendix A: Additional Housekeeping Reminders

1.  The following Form 10-K form check items are not new this year, but were recently added in the past three years and should therefore be confirmed for your upcoming filing:

• Update Item 6 in Part II to state "Item 6. [Reserved]" (instead of "Item 6. Selected Financial Data" from the prior Form 10-K) due to the SEC's elimination of the disclosure requirement for selected financial data in 2021.⁴⁰
• Add new "Item 9C" in Part II of the Form 10-K with the caption "Disclosure Regarding Foreign Jurisdictions that Prevent Inspections".⁴¹
• Tag in inline XBRL the independent auditor's: (i) name, (ii) location (i.e., city and state, province or country) and (iii) PCAOB ID number.⁴² Companies should coordinate this tagging with the financial printer.
• For companies with mining operations,⁴³ consider whether expanded Regulation S-K 1300 requirements, which became mandatory for Form 10-Ks filed in 2022 for the fiscal year ended December 31, 2021, apply. If a company's current mining operations, in the aggregate, are material to its business, Regulation S-K 1300 disclosures would be required in its Form 10-K.⁴⁴ In addition, companies with property that is individually material to their business must obtain a technical report summary,⁴⁵ which must be signed by a "qualified person" (as defined in Regulation S-K 1300) and filed as Exhibit 96.1 to the Form 10-K.⁴⁶

2. Considerations for Outstanding Registration Statements: Consider how the filing of the Form 10-K may impact any outstanding registration statements. Specifically, if you have an outstanding registration statement on Form S-1, a post-effective amendment to the Form S-1 must be filed in order to incorporate the annual financial statements and other information from the Form 10-K into the Form S-1. You should also consider if you have become Form S-3 eligible, so that you can convert the Form S-1 into a Form S-3 and avoid future post-effective amendments for as long as you remain S-3 eligible. If you have an outstanding registration statement on Form S-3, ensure that you continue to meet the eligibility requirements for using the Form S-3 when filing your Form 10-K by taking the following steps: (i) if you previously filed as a well-known seasoned issuer (WKSI), confirm that you are still a WKSI in order to use that registration statement (otherwise, it will need to be re-filed as a non-WKSI shelf); or (ii) if you previously filed a non-WKSI shelf registration statement, confirm that you still meet the requirements to use that registration statement; otherwise, you will need to re-file as a Form S-1. In addition, remember to update your auditor consent to include any newly filed registration statements and remove any registration statements that are no longer effective.

3. D&O Questionnaires: Ahead of your Form 10-K filing, review and update your D&O questionnaires, which provide back-up and support for the disclosures to be included in your Form 10-K and proxy statement. In addition to the updates discussed in Part I, Section 5, companies should:

• Consider updates to state that a director nominee consents to being named in the proxy statements of both the company and of any dissident shareholder, in order to comply with the new universal proxy rules;
• If you plan to voluntarily disclose the diversity of your directors, include a question to elicit information on your directors' diversity characteristics that covers the potential diversity categories that you may want to disclose (under investor policies) and to obtain their consent to disclose this information;⁴⁷
• Consider adding a question to elicit information from directors on their expertise with respect to AI, cybersecurity, climate change and human capital, as applicable, in light of both SEC and investor focus on board qualifications in these areas;
• Consider adding or refining questions on outside directorships or officerships to identify any potential antitrust concerns, given the Department of Justice's focus on potential violations of Section 8 of the Clayton Act; and
• Consider building out (or adding) Iran-related activities questions to cover potentially problematic transactions with Russian entities.⁴⁸

The following White & Case attorneys authored this alert: Maia Gez, Scott Levi, Michelle Rutta, Melinda Anderson, Danielle Herrick.

_{1 Mr. Atkins also served as a member of the staff of two former SEC Chairmen, Richard C. Breeden and Arthur Levitt. For more information, see: SEC.gov | Paul S. Atkins.
2 For example, the U.S. Court of Appeals for the Fifth Circuit held that the SEC acted arbitrarily and capriciously, in violation of the Administrative Procedure Act, in adopting the share repurchase disclosure rule, which was officially vacated on December 19, 2023. In addition to the three vacated rules, the SEC's climate disclosure rules remain voluntarily stayed pending judicial review of consolidated petitions challenging the rule on many fronts, including that the SEC exceeded its authority. For those recent rule changes in effect, any amendments would require the issuance of a new proposed rule, allowing for a comment period, followed by issuing an adopting release. As opposed to rules, recent guidance issued by the SEC in Compliance and Disclosure Interpretations (C&DIs), SEC staff comments and "Dear Issuer" letters to public companies, as well as staff bulletins are expected to be more readily changed by the new administration. However, absent additional guidance from the SEC, public companies should continue to follow current SEC guidance.
3 Under Release Nos. 33-11138; 34-96492, Insider Trading Arrangements and Related Disclosures, the requirement began for 10-Ks covering a full fiscal period on or after April 1, 2023, meaning the Form 10-K for the 2024 fiscal year filed in 2025. For SRCs, the requirement applies to the first filing covering a full fiscal period on or after October 1, 2023. See also, the Small Entity Compliance Guide and C&DIs 120.26-120.28.
4 See Item 601 of Regulation S-K. If a company's insider trading policies are contained in a code of ethics compliant with Item 406 of Regulation S-K and the code of ethics is filed as an exhibit, a hyperlink to that exhibit accompanying the company's disclosure as to whether it has insider trading policies and procedures will satisfy this requirement.
5 See Item 408(b) of Regulation S-K. A straightforward example of this disclosure is the following: "Policy Prohibiting Insider Trading and Related Procedures. We have adopted an insider trading policy governing the purchase, sale, and other dispositions of the registrant's securities by directors, senior management, and employees. A copy of the insider trading policy is filed as an exhibit to this Annual Report."
6 See Item 408(b)(3) of Regulation S-K.
7 Instruction G(3) permits the information required by Part III (Items 10, 11, 12, 13 and 14) to be incorporated by reference from a company's annual meeting proxy statement, if such proxy statement is filed not later than 120 days after the end of the fiscal year covered by the Form 10-K.
8 See Rule 12b-23 of the Exchange Act, which requires that companies "include an express statement clearly describing the specific location of the information you are incorporating by reference. The statement must identify the document…and the location of the information within that document."
9 For the Form 10-K exhibit list, companies can use a description aligned with Item 601(b)(97), "Policy relating to recovery of erroneously awarded compensation, as required by applicable listing standards adopted pursuant to 17 CFR 240.10D-1."
10 This includes the description of securities for securities registered under Section 12 of the Exchange Act. See Item 601(b)(4)(iv) of Regulation S-K.
11 See the SEC's helpful information on filing deadlines.
12 "Holdings" only includes shares of common stock that are outstanding. Thus, "holdings" excludes shares of common stock that have not yet been issued but are still considered "beneficially owned" under Rule 13d-3 insofar as they can be acquired within 60 days (e.g., shares underlying exercisable options). The term "affiliate" is defined under Rule 12b-2 of the Exchange Act as "a person that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the person specified." An individual or entity's status as an "affiliate" is a fact-specific inquiry which must be determined by considering all relevant facts and circumstances; however, the Commission has indicated that status as an officer, director or 10% stockholder is one fact which must be taken into consideration in such inquiry. See American-Standard, SEC No-Action Letter (October 11, 1972).
13 See Rule 12b-2 of the Exchange Act for the definitions of "large accelerated filer," "accelerated filer" and "smaller reporting company," and the SEC's helpful guides for determining filing status and smaller reporting company status. Each issuer should run this calculation as facts and circumstances vary depending on prior qualifications. For example, if a company had previously been a large, accelerated filer, the subsequent qualification thresholds to become an accelerated filer are less than $560 million but $60 million or more, or to become a non-accelerated filer, less than $60 million, in each case, in public float. In addition, for the revenue test to qualify as an SRC, as opposed to the public float test, the lower thresholds also differ and are 80 percent of the prior thresholds under which it failed to qualify as an SRC (i.e., less than $560 million in public float (if it previously had more than $700 million in public float under the public float prong of the revenue test) and less than $80 million in revenue (if it previously had more than $100 million in revenue under the revenue prong of the revenue test)). As a reminder, for SRCs, the revenue test is based on revenues in the most recent fiscal year completed before the last day of the second fiscal quarter. See Section 5110.3 of the Division of Corporation Finance Financial Reporting Manual.
14 Under Item 402(w), companies are also required to disclose if there was an outstanding balance of unrecovered excess incentive-based compensation relating to a prior restatement. This information may also be included in proxy statements and incorporated by reference into the Form 10-K.
15 For example, in the SEC's recent action, the relationship at issue involved a director with a close friendship with one of the company's executives, which included regular, luxury vacations together with their respective spouses, paid for by the director.
16 See Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, SEC Release No. 34-97989 (July 26, 2023). The inline XBRL tagging must include block text tagging narrative disclosures and detail tagging quantitative amounts. The SEC has stated that companies must use the "Cybersecurity Disclosure Taxonomy" tags within iXBRL to tag these disclosures, which includes a specific flag for "Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant."
17 For example, "We note the following statements…'We have not currently engaged any third party service providers to support, manage, or supplement our cybersecurity processes,' 'The Audit Committee periodically receives updates from management and our third party IT support specialists of our cybersecurity threat risk management and mitigation strategies…' and 'In such sessions, the Audit Committee …discusses such matters with our third party IT support specialists and other members of senior management.' These statements appear inconsistent. Please revise future filings to clarify whether you engage assessors, consultants, auditors or other third parties in connection with your processes for assessing, identifying and managing material risks from cybersecurity threats as required by Item 106(b)(1)(ii) of Regulation S-K." Comment letter to Wilhelmina International, Inc. (August 21, 2024).
18 For example, "We note that leaders from your executive management team oversee cybersecurity risk management. Please confirm that in future filings you will identify which management positions or teams are responsible for assessing and managing material risks from cybersecurity threats, and provide the relevant detail of all such persons or members in such detail as is necessary to fully describe the nature of the expertise as required by Item 106(c)(2)(i) of Regulation S-K." Comment letter to TNF Pharmaceuticals, Inc. (September 23, 2024). There were eight comment letters to this effect in 2024.
One comment letter specifically called on the company to describe the relevant expertise of the senior leadership team responsible for risk management, in addition to the expertise of the CISO, which had already been disclosed. See comment letter to Equifax Inc. (September 16, 2024). In its response, Equifax noted that "[w]hile our senior leadership team… has responsibility for risk management at the managerial level and overall managerial responsibility for the various programs of the Company, including information security, our Chief Information Security Officer ("CISO") is the management position responsible for assessing and managing material risks from cybersecurity threats under Item 106(c)(2)(i) of Regulation S-K. In future filings, we will clarify that the CISO is the management position responsible for assessing and managing material risks from cybersecurity threats."
The SEC made a similar comment to First Merchants Corp., noting that the company "describe[s] the relevant expertise of [its] CISO but not of the other members" of the information security committee that "assists executive management and the Board of Directors in their oversight of responsibilities related to information security."
19 For example, "We note the statement…that your internal audit executes a 'comprehensive and layered auditing approach' to evaluate the effectiveness of existing controls and 'ensure that cybersecurity risk has been adequately mitigated within [y]our institution.' Please revise future filings to disclose whether your processes for assessing, identifying, and managing material risks from cybersecurity threats have been integrated into your overall risk management system or processes. See Item 106(b)(1)(i) of Regulation S-K." Comment letter to Community Trust Bancorp Inc. (August 29, 2024).
20 Including: (i) Mylan N.V., a major pharmaceutical company that agreed to pay a $30 million penalty to the SEC for using hypothetical language to discuss risks related to potential misclassification of its most profitable product as a generic drug because the company knew at the time that a government agency had in fact already taken a contrary position; (ii) Yahoo, Inc., where the SEC found that Yahoo's risk factor disclosures in its annual and quarterly reports were materially misleading in that they claimed the company only faced the "risk of potential future data breaches" that might expose the company to loss and liability "without disclosing that a massive data breach had in fact already occurred"; and (iii) First American Financial Corporation, a real estate settlement services company that settled an enforcement action for its alleged failure to adequately disclose a security vulnerability that could be used to compromise the company's computer systems, which the company's information security personnel had been aware of for several months.
21 For information on addressing AI in risk factors, see our upcoming client alert dedicated to risk factor updates.
22 For example, see the following SEC Staff comment: "Where a material change in a line item is attributed to two or more factors, including any offsetting factors, the contribution of each identified factor should be described in quantified terms, if reasonably practicable. Please revise your disclosures in future filings accordingly. Similar revisions should be considered throughout your results of operations disclosures, such as in your discussion of the change in research and development and selling, general and administrative expenses. Refer to Item 303(a) of Regulation S-K and Section III.D of SEC Release No. 33-6835."
23 For example, "Please discuss in future filings whether supply chain disruptions or inflation have materially affected your outlook or business goals. Specify whether these challenges have materially impacted your results of operations or capital resources and quantify, to the extent possible, how your sales, profits, and or liquidity have been impacted. Revise also to discuss in future filings any known trends or uncertainties resulting from mitigation efforts undertaken, if any. Explain whether any mitigation efforts introduce new material risks, including those related to product quality, reliability, or regulatory approval of products."
24 For example, "We note in your earnings calls that you discuss net revenue per client and inventory turnover. If these metrics are used by management to manage the business, and promote an understanding of the company's operating performance, they should be identified as key performance indicators and discussed pursuant to Item 303(a) or Regulation S-K and Section III.B.1 of SEC Release No. 33-8350. Please tell us your consideration of disclosing these metrics, or other key performance indicators used."
25 For example, "We note your disclosure which refers the reader to the Notes to the Consolidated Financial Statements for information regarding the recognition of revenue. Please revise future critical accounting estimates disclosures to provide insight into the judgments that are made in your revenue recognition process. The accounting estimate disclosures are designed to supplement the description of accounting policies in the notes to the financial statements and provide greater insight into the quality and variability of information regarding financial condition and operating performance. Typical disclosures discuss the types of assumptions underlying the most significant and subjective estimates, provide a sensitivity analysis of those assumptions to deviations of actual results, and disclose the circumstances that have resulted in revised assumptions in the past. As an example, we note that significant judgment is used in determining total contract cost for revenue that is recorded over time using the cost-to-cost method."
26 For example, "We note that you raised capital in financing transactions and had significant negative cash flows from operations for both the fiscal years presented. Please expand your Liquidity and Capital Resources section to identify any material liquidity deficiencies. Address any known trends or any known demands, commitments, events or uncertainties that will result in or that are reasonably likely to result in liquidity increasing or decreasing in any material way. Your discussion should analyze your ability to meet your liquidity needs both on a long-term and short-term basis. Also, tell us how you considered the going concern guidance in ASC 205-40. Provide us with your proposed future disclosure."
27 Specifically, the SEC updated Non-GAAP Financial Measures C&DIs Questions 100.01, 100.04-100.06, and 102.10(a), (b) and (c), which can be found here.
28 For example: "We see that Contribution Margin is adjusted to exclude costs in geographies that are in implementation and are not yet generating revenue. Please also revise future filings to remove the adjustment since the costs relate to normal recurring costs to grow your business. Reference Question 100.01 of the CD&I related to non-GAAP Financial Measure Updated December 13, 2022."
29 For example: "We note you include adjustments in arriving at net operating profit after taxes that appear to remove your operating lease rent expense under GAAP and replace it with estimated depreciation and include lease adjustments in arriving at average invested capital. As this appears to be an individually tailored method, please remove from your filing or advise. Refer to Question 100.04 of the Non-GAAP Financial Measures Compliance and Disclosure Interpretations."
30 For example: "To the extent material, discuss the indirect consequences of climate-related regulation or business trends, such as the following: decreased demand for goods or services that produce significant greenhouse gas emission or are related to carbon-based energy sources; increased demand for goods that result in lower emissions than competing products; increased competition to develop innovative new products that result in lower emissions; increased demand for generation and transmission of energy from alternative energy sources; and any anticipated reputational risks resulting from operations or products that produce material greenhouse gas emissions."
31 For example: "We note disclosure in your Form 10-K that climate change may increase the frequency and severity of natural catastrophes and the resulting losses in the future and impact your risk modeling assumptions. We further note disclosure in your Proxy Statement…that insured losses due to extreme weather events are increasing over time, and as climate change worsens, these losses will continue to grow. Please discuss the physical effects of climate change on your operations and results. This disclosure may include the following: severity of weather, such as floods, hurricanes, sea levels, arability of farmland, extreme fires, and water availability and quality; quantification of material weather-related damages to your property or operations; potential for indirect weather-related impacts that have affected or may affect your major customers or insured locations; and any weather-related impacts on the cost or availability of (re)insurance. Include quantitative information for each of the periods covered by your Form 10-K and explain whether increased amounts are expected in future periods."
32 For example: "We note your disclosure…stating that you are taking certain steps to address climate change. Revise your disclosure to identify any past and/or future capital expenditures for climate-related projects. As part of your response, provide quantitative information for these types of expenditures for each of the periods for which financial statements are presented in your Form 10-K and for any future periods."
33 For example: "We note that you provided more expansive disclosure in your corporate social responsibility report (CSR report) than you provided in your SEC filings. Please advise us what consideration you gave to providing the same type of climate-related disclosure in your SEC filings as you provided in your CSR report."
34 It is worth noting that the SEC charged Keurig with violating Section 13(a) of the Securities and Exchange Act of 1934 and Rule 13a-1 thereunder, which require accurate and complete reports be filed with the SEC, rather than alleging that the company had made any materially misleading statements or omissions or violated anti-fraud provisions.
35 Although the SEC did not claim inaccurate or incomplete statements in Keurig's sustainability reports, it included the Company's inclusion of a recyclability goal in an older sustainability report as part of the factual record.
36 In light of affirmative action and other DEI-related litigation and activism, including the Students for Fair Admissions Supreme Court cases and suits brought by non-profit conservative groups against DEI policies at public companies, companies should carefully review their HCM disclosures, including those on DEI programs and initiatives.
37 See "From Ford to Walmart, Corporate America Drew Back From DEI. The Upheaval Isn't Over. - WSJ" (noting that "Ford Motor said it would stop providing workplace data to a gay-rights lobbying group. UBS stopped giving out $25,000 grants directed at businesses led by women of color. Walmart said it wouldn't renew funding for a charity it created to address racial disparities.")
38 See "Christopher Rufo Has Trump's Ear and Wants to End DEI for Good - WSJ."
39 A "non-Rule 10b5-1 trading arrangement" is defined under the rule as an arrangement where the director or officer asserts that: (i) at a time when they were not aware of MNPI about the security or the issuer of the security, they adopted a written arrangement for trading the securities; and (ii) the trading arrangement: (a) specified the amount of securities to be purchased or sold and the price at which and the date on which the securities were to be subsequently purchased or sold; (b) included a written formula/algorithm for determining the amount of securities to be purchased or sold and the price at which the securities were to be purchased or sold; or (c) did not permit the covered person to exercise any subsequent influence over how, when, or whether to effect purchases or sales (and any other person who, pursuant to the trading arrangement did exercise such influence must not have been aware of MNPI when doing so). This requirement is intended to capture disclosure of plans that may be viewed by corporate insiders as reducing the likelihood of insider trading, but that do not follow all of the requirements of Rule 10b5-1(c) (including the cooling off period), so that insiders do not purposely enter into these plans solely to avoid disclosure of them.
40 For more information, see "Considerations for the Form 10-K in 2022: Mandatory Compliance with SEC's Rule Amendments to Items 301, 302 and 303" in our prior memo.
41 New Item 9C was added to the Form 10-K in 2021 pursuant to the Holding Foreign Companies Accountable Act (HFCAA) (as explained in our prior alert) in order to identify any issuers that retain auditors that the PCAOB is unable to inspect completely. Given the SEC's recent statement that "the PCAOB has been able to fulfill its oversight responsibilities as it relates to audit firms in China and Hong Kong," this year companies should not have any disclosure (beyond "Not applicable" or "None") under this item in their upcoming Form 10-Ks.
42 This requirement is a result of the SEC's December 2021 amendments implementing the HFCAA for all auditors that provide their opinions related to financial statements, in accordance with Section 6.5.54 of the EDGAR Filing Manual. Practices vary as to the location of this tagging in annual reports, but a commonly used option is to tag the auditor's name and PCAOB ID number in the Index to the Financial Statements and the auditor's location at the end of the audit report.
43 The SEC's comment letter practices indicate that this inquiry should be conducted both by companies that sell mineral extractions and vertically integrated companies that do not sell their mineral extractions but whose mining operations supply raw materials.
44 These disclosures include: (i) summary property disclosure on overall mining operations, mineral resources and mineral reserves; (ii) individual property disclosure for any property that is individually material to their business; and (iii) a description of the internal controls that the company uses in its exploration and mineral resource and reserve estimation efforts, including quality control/quality assurance programs, verification of analytical procedures, and a discussion of comprehensive risk inherent in the estimation.
45 The technical report summary must describe the information reviewed and conclusions reached by the qualified person about the company's mineral resources and/or reserves on each material property (or, optionally, exploration results).
46 The technical report summary must be filed as Exhibit 96.1 to the Form 10-K the first time the company discloses mineral reserves or mineral resources in its Form 10-K. In addition, it must be filed as an exhibit in subsequent Form 10-Ks if: (i) there is a material change in the mineral reserves or mineral resources, as disclosed in the Form 10-F, from the last technical report summary filed for the property; or (ii) the company has previously filed a technical report summary supporting the disclosure of exploration results and there is a material change in the exploration results from the last technical report summary filed for the property.
47 As a reminder, on December 11, 2024, the United States Court of Appeals for the Fifth Circuit struck down The Nasdaq Stock Market's board diversity rules, holding that the SEC exceeded its statutory authority when it approved the rules. As a result of the ruling, public companies no longer need to comply with Nasdaq's board diversity rule requirements.
48 Since February 2022, the US has imposed sweeping sanctions on Russia, bringing a number of high-net-worth individuals and companies with substantial investments in the US within scope of the of the Iran Threat Reduction and Syria Human Rights Act of 2012 (ITRA). Companies should undertake diligence to determine whether any sanctioned individuals or entities may be involved in their activities to assess compliance and potential disclosure requirements, as the ITRA requires Form 10-K and Form 10-Q disclosure if the company (or any affiliate) knowingly engaged in certain sanctionable activities.}

_{White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.}

_{This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.}

_{© 2025 White & Case LLP}