The Securities and Exchange Commission's (“SEC”) 2024 Review Priorities cover a wide range of topics.1 It was published late last year. Considering this year's priorities, recent rules, and the rapidly changing regulatory landscape, our experts have identified three key Discuss what to expect in the field.
artificial intelligence
Author: Della Nevin
overview
As in the past, the review department “continues to focus on specific services such as automated investment tools, AI, trading algorithms and platforms, and the risks associated with the use of emerging technologies and alternative data sources.”2 Screening of investment advisors and broker-dealers may include an assessment of automated trading and related conflicts of interest. Additionally, investment companies, including mutual funds and his ETFs, may also continue to prioritize revising their investment strategies using algorithmic modeling and alternative data sources.
its meaning
Organizations need to understand where and how they are using AI. They should inventory all proposed or currently used AI systems and assess whether any usage violates rules and regulations. You should also consider whether use creates a conflict of interest or potential customer harm, and identify any mitigation measures in place to address each assessed risk. It is important to develop and regularly review written policies regarding AI governance and related regulatory risks, and to evaluate existing policies regarding conflicts of interest, customer disclosure, and customer harm related to AI. It is also important to develop and implement tests to understand how AI systems are performing compared to regulatory requirements and established policies.
When automated decision-making or recommendation systems are implemented, organizations must ensure that AI recommendations are “explainable.”3 Guardrails, testing, or human oversight of such AI systems may need to be implemented and documented. Additionally, the use of alternative data sources has been a priority for SEC reviews for some time, so organizations should inventory all sources of alternative data and review their contracts to ensure that the acquisition and use of such data You should consider making sure that it complies with applicable rules and regulations. Whether the data can be shared or used with AI systems. Similarly, organizations that use investor data within AI systems may be required to adopt policies and procedures to ensure compliance with applicable privacy and data protection laws.
cyber security
Author: Jordan Ray Kelly, Matt Seidel, Sara Sendek
overview
The SEC states that “cybersecurity remains a long-standing area of focus for all registrants.”Four Recent rules requiring materiality designation and 72-hour disclosure period after annual disclosureFive Strengthening risk mitigation and board governance strategies will focus attention on organizational response and preparedness efforts. SEC Enforcement Action6 SolarWinds, Inc. and its Chief Information Security Officer (“CISO”) believe that its upcoming communications disclosure strategy will prevent the organization from accusing the organization of securities fraud, particularly regarding misrepresentations or mischaracterizations of the severity or level of cybersecurity incidents. This suggests that there is a possibility of exposure. Information security and preparedness.
its meaning
Organizations may continue to be reluctant to disclose at an early stage whether an incident will have a material impact on current or future revenues, and may be reluctant to factor reputational risk or loss of customer or investor confidence into their decisions. can be time consuming. The SEC may continue to interpret poorly considered or overly risk-averse communication strategies as misrepresentations. This means organizations need to have effective strategies in place in advance of an incident.
Publicly reporting an ongoing incident can significantly change crisis communication considerations, so organizations should consider how they respond to incidents and their overall strategy from application decisions. You shouldn't waste your time thinking about what to do. Companies should consider how their risk mitigation and governance strategies will be viewed by the public and media, and develop plans to mitigate negative scrutiny.
ESG
Author: Miriam Lobel, Todd Rahn
overview
The SEC adopted long-awaited climate disclosure rules;7 On March 6, ESG was not included in the 2024 enforcement priorities. New climate disclosures will impact all publicly traded companies, but the omission of ESG from the SEC's enforcement priorities this year may indicate recognition of the effort and time required to implement them. There is. This is a period during which registrants can focus their energies on preparing updated disclosures. There is also the question of how much information companies must provide before there is an active legal challenge to this rule. However, despite the removal of ESG from the SEC's enforcement priorities for the first time since its emergence in 2021, requirements for such disclosures for registrants continue to increase, and this exclusion does not mean that the SEC It does not limit the ability to discuss and comment on issues.
its meaning
The SEC's new climate disclosure rules are raising legal and political challenges.8 Given the current politicization of ESG. These challenges will test how much climate information the SEC can require from companies under existing legal authority. However, ESG reporting requirements have expanded across different jurisdictions, and the regulatory environment surrounding ESG has become more complex since the SEC first proposed climate-related disclosures in March 2022. California recently enacted two new laws, SB253 (Climate Change Corporate Data Accountability Act). ) and SB261 (Climate-Related Financial Risks Act) require certain climate-related disclosures from companies with revenues of more than $1 billion and $500 million, respectively, in the state. California's model could prompt other U.S. states to regulate disclosure. The EU's Corporate Sustainability Reporting Directive (“CSRD”) has also entered into force, requiring companies operating in continental Europe to make extensive ESG-related disclosures, including greenhouse gas emissions. Other governments, such as the UK, India, and Australia, also have regulations regarding ESG and climate-related reporting.
The bottom line? ESG and compliance requirements related to climate-related reporting appear to be here to stay. Good ESG reporting takes time to get right. No matter how strictly the SEC enforces its climate disclosure rules, which are reduced in scope compared to the pre-2022 rules, jurisdictions around the world are requiring more disclosures, and most organizations cannot afford to wait to see which rules become established. These regulations are so diverse that they will impact many companies, large and small, across all industries. With this in mind, it is important to prepare climate-related reports regardless of current or anticipated regulations from the SEC or other jurisdictions. This requires significant effort across many areas, including data availability, internal controls, talent recruitment and training, and delivering performance on disclosed commitments while collaborating across geographies to ensure compliance. is.
conclusion
The above analysis highlights the importance of carefully considering and understanding the SEC's priorities. This typically requires experience and expertise that most organizations do not have. Even in the case of ESG, which the SEC did not include in its 2024 enforcement priorities, it is key for organizations to prepare for compliance with new climate disclosure rules and closely monitor regulators' actions to anticipate what will happen. It will be. To come. A trusted partner can assist with such analysis. Because so many aspects of corporate operations are of interest to the SEC, and because the legal, technological, and political landscape is rapidly changing and becoming more complex every day, seek the knowledge of experienced experts. helps organizations avoid regulatory surprises.
