Debevoise Digest: Securities Law Synopsis – December 2023

December 2023

New Share Repurchase Rules on Hold Following Fifth Circuit Decision

On October 31, 2023, the U.S. Court of Appeals for the Fifth Circuit held in Chamber of Commerce of the USA vs. SEC that the SEC violated the Administrative Procedure Act and directed the SEC to “correct the defects” in its Share Repurchase Disclosure Modernization rule (the “Share Repurchase Rules”) within 30 days. The Fifth Circuit agreed with the U.S. Chamber of Commerce (the “Chamber”) that the SEC, in its rulemaking process, failed to adequately respond to the Chamber’s comments and failed to substantiate the Share Repurchase Rules’ benefits. After the Fifth Circuit denied the SEC’s request for an extension of an additional 60 days to provide an update on the status of the SEC’s efforts to remedy the defects in the Share Repurchase Rules, the SEC submitted on December 1, 2023 a letter to the Fifth Circuit informing the court that the SEC was unable to correct the defects in the rule within the prescribed time period. The Fifth Circuit is expected to vacate the rule, in which case the SEC will likely appeal the Fifth Circuit’s ruling.

For more information, see our Debevoise Update from May 2023 and our Debevoise Debrief from November 2023.

SEC Settles Stock Repurchase Charges against Charter Communications, Inc.

On November 14, 2023, the SEC announced it had settled charges against Charter Communications, Inc. (“Charter”) for alleged internal accounting controls failures relating to stock repurchases made through trading plans designed to comply with Rule 10b5-1 (“Rule 10b5-1”) under the Securities Exchange Act of 1934 (the “Exchange Act”). As part of the settlement, Charter agreed to pay a $25 million fine but did not admit or deny the allegations.

Although the SEC’s charges are styled as an internal accounting controls action, they stem from a governance disparity in Charter’s stock repurchase program. In its execution of the program, Charter entered into stock repurchase plans that contained “accordion” provisions pursuant to which the amount of repurchases under the plans would increase if Charter elected to complete certain debt offerings. According to the SEC, because Charter retained discretion over whether and when to conduct these debt offerings, the accordion provisions gave Charter the ability to influence trading activity after adoption of the plans. Consequently, the plans were inconsistent with the requirements of Rule 10b5-1, resulting in Charter operating outside the scope of its Board authorization, which was predicated on the use of purchase plans that would comply with Rule 10b5-1.

The Charter settlement is similar to a $20 million settlement with Andeavor LLC in 2020 where the SEC also asserted that a failure to comply with the requirements of Rule 10b5-1 resulted in a violation of Exchange Act Section 13(b)(2)(B). The action against Charter is a further indication that the SEC intends to continue prioritizing review of share repurchase programs and Rule 10b5-1 plans. Given the SEC’s focus, we advise issuers to carefully evaluate whether their internal controls and disclosure controls over both existing and future share repurchase programs, and the corresponding disclosure, are sufficiently robust to accurately record, process, summarize and report the necessary information. Issuers should also ensure that any board authorization reflects the transactions that management is contemplating (and that management executes transactions in accordance with that authorization) and, if appropriate, provides management with sufficient flexibility to determine and execute repurchase transactions without additional board action.

For more information, see our Debevoise Debrief.

SEC Issues New and Updated Proxy Rules C&DIs

On November 17, 2023, the Securities and Exchange Commission (the “SEC”) issued five new Compliance and Disclosure Interpretations (“C&DIs”) and updated one C&DI on the Proxy Rules and Schedule 14A/14C. The new and revised guidance:

  • clarifies that when calculating the “10-calendar day” period for purposes of Rule 14a-6, the date of filing is day one if the filing was submitted by 5:30 p.m. Eastern Time (Proxy Rules and Schedules 14A/14C C&DI 126.03);
  • requires a legend be included that clearly identifies the “participants” in a solicitation under Rule 14a-12(a)(1)(i) when engaging in solicitation activities before furnishing a proxy statement (Proxy Rules and Schedules 14A/14C C&DI 132.03);
  • addresses a soliciting party’s use of discretionary authority under Rule 14a-4 with respect to:
    • overvoted proxy cards (proxy cards that grant authority to vote for more director nominees than director seats are up for election) – a soliciting party must disregard all votes with respect to the director election proposal and may not vote the shares for director nominees in accordance with the soliciting party's recommendations (Proxy Rules and Schedules 14A/14C C&DI 139.07);
    • undervoted proxy cards (proxy cards that grant authority to vote for fewer nominees than director seats are up for election) – a soliciting party must vote in accordance with the proxy card and may not vote the shares for the remaining director seats up for election (Proxy Rules and Schedules 14A/14C C&DI 139.08); and
    • signed but unmarked proxy cards – a soliciting party may exercise its discretionary authority to vote the shares in accordance with the soliciting party’s recommendations so long as the form of proxy states in bold-faced type how the proxy holder will vote where no choice is specified (Proxy Rules and Schedules 14A/14C C&DI 139.08); and
  • clarifies that a proposal “involves” another matter within the meaning of Note A of Schedule 14A when information about the other matter called for is material to the security holder’s voting decision (Proxy Rules and Schedules 14A/14C C&DI 151.02).

SEC Issues New and Revised Pay-Versus-Performance C&DIs

On November 21, 2023, the SEC issued eight new Regulation S-K C&DIs and revised two prior Regulation S-K C&DIs on the pay-versus-performance disclosures required by Item 402(v) of Regulation S-K. This is the third round of Regulation S-K C&DIs from the SEC on this topic this year; our Debevoise Updates from February 2023 and September 2023 summarize the first two sets of C&DIs published by the SEC on this topic.

The new and revised guidance addresses the following, among other things:

  • interpretive issues related to calculating “compensation actually paid,” including a clarification of the meaning of “vesting” for equity awards held by retirement-eligible named executive officers, the treatment of dividends and dividend equivalents paid on stock awards prior to the vesting date of awards and how to calculate average compensation actually paid where multiple Named Executive Officers serve during a given fiscal year (Regulation S-K C&DIs 128D.18, 128D.23 and 128D.30);
  • peer group total shareholder return (“TSR”) issues, including peer group TSR disclosure requirements for the 2024 proxy, required disclosures (and exceptions) for peer group changes and clarifications about peer group selections and the market capitalization weighting requirement when calculating peer group TSR (Regulation S-K C&DIs 128D.07, 128D.24, 128D.25, 128D.26 and 128D.27); and
  • disclosure obligations for smaller reporting companies (“SRCs”) and emerging growth companies (“EGCs”) that lose their respective SRC or EGC status (Regulation S-K C&DIs 128D.28 and 128D.29).

For more information, see our Debevoise Update.

FBI Publishes Guidance about Requesting Disclosure Delays under SEC Cybersecurity Rules for National Security or Public Safety Reasons

On December 6, 2023, the FBI published its anticipated guidance and Policy Notice regarding cyber victim requests to delay SEC-mandated disclosures. Under the SEC’s cyber disclosure rules, pursuant to Item 1.05(c), the U.S. Department of Justice (the “DOJ”) is permitted to determine if a delay in publicly filing the Form 8-K is merited for reasons of national security or public safety. The DOJ is permitted to grant a delay of public filing for 30 business days and may delay such disclosure for an additional 30 days. In “extraordinary circumstances,” the DOJ may also delay such disclosure for an additional 60 business days due to substantial national security risks. An exemptive order from the SEC would be required for delays to exceed a total of 120 business days for national security risks or 60 days in instances that solely related to public safety risks. If the FBI does not receive the delay request from the victim directly or through the US Secret Service (the “USSS”), the Cybersecurity and Infrastructure Security Agency (the “CISA”) or another sector risk management agency (“SRMA”) concurrently with the materiality determination, the FBI won’t process the request. This means that failure to report the cyber incident immediately to the FBI or SRMAs upon determination of materiality will cause a delay-referral request to be denied.  The FBI also encourages victims to engage with the FBI directly or through the USSS, the CISA or SRMAs prior to making a materiality determination. The FBI published guidance on 10 items that must be included in each delay request, as well as the process steps for considering the delay request once an incident is reported. The guidance indicates that the FBI will soon provide a dedicated email address to request a reporting delay and, if approved, to request delay extensions.

For more information, see the FBI’s Guidance page.

In addition, on December 12, 2023, the DOJ published guidelines outlining the process to request its authorization to delay SEC-mandated disclosures. For more information, see the DOJ’s Cybersecurity Incident Delay Determinations.

SEC’s Division of Enforcement Year-End Results Announced

The SEC’s Division of Enforcement announced its enforcement results for the fiscal year (“FY”) 2023, which reflect a continuing aggressive approach to enforcement and remedies. Key results include:

  • disgorgement and penalties were the second highest in the SEC’s history, at just under $5 billion;
  • the SEC brought 501 standalone enforcement actions in FY 2023, continuing the upward trend starting in FY 2020 with an 8% increase year over year;
  • the number of follow-on administrative proceedings and actions against issuers who were delinquent in making required filings with the SEC stayed at the same level as last year; and
  • the SEC issued a new record-high amount in whistleblower awards, which totaled nearly $600 million, with a record-breaking $279 million award to one whistleblower.

The actions highlighted by the SEC in its press release provide valuable insights into evolving trends and areas of continued enforcement, including the SEC’s “Industry Shaping” initiatives, insider disclosures and Regulation A compliance. Once again, the SEC focused enforcement on crypto assets, as well as off-channel communications, ESG and cybersecurity. Moving into the FY 2024, we expect to see the SEC’s aggressive approach to enforcement and remedies continue to accelerate.

For more information, see Debevoise In Depth.

SEC v. Govil Potentially Limits SEC’s Disgorgement Power

On October 31, 2023, the U.S. Court of Appeals for the Second Circuit decided SEC v. Govil, holding that disgorgement is an equitable remedy, notwithstanding the 2021 Exchange Act amendments under the National Defense Authorization Act, which explicitly authorized the SEC to seek disgorgement, and a contrary ruling by the U.S. Court of Appeals for the Fifth Circuit. Under the Second Circuit ruling, the disgorgement remedy can only be awarded if the SEC proves that a victim suffered pecuniary harm. This new requirement has potentially far-reaching implications for the SEC’s longstanding approach to remedies in many of the cases the agency brings. The split Govil creates with the Fifth Circuit increases the likelihood that the Supreme Court will weigh in on this issue.

FCA’S Power to Publicly Censure under the EU Market Abuse Regulation

On November 17, 2023, the Financial Conduct Authority (the “FCA”) issued a rare public censure to NMC Health Plc (“NMC”), a former FTSE 100 healthcare company headquartered in the United Arab Emirates, for market manipulation under EU Market Abuse Regulation (596/2014) (“EU MAR”). The company was found to have underreported its indebtedness by nearly $4 billion, and though the FCA chose not to impose a financial penalty (so to minimize the impact on creditors, as NMC had entered administration in 2020), the FCA decided that public censure was an appropriate alternative. EU MAR applied to financial instruments trading on a UK-regulated market until December 31, 2020, when the regulation was onshored into UK law.

As NMC’s shares were admitted to trading on the London Stock Exchange in 2012 (following which it entered the FTSE 100 in 2017), the FCA had jurisdiction for the purposes of EU MAR. NMC had been operating two sets of accounts prior to certain public financial disclosures it made between February 2019 and March 2020, with those ultimately used in the preparation of such disclosures omitting significant liabilities. Debt facilities, guaranteed by NMC and drawn upon by related parties of its subsidiary, were not included in the company’s published debt figures. The FCA concluded that NMC had committed market abuse in breach of Article 15 EU MAR by publishing this false or misleading information and making false or misleading statements when NMC initially challenged the FCA’s allegations. Although the FCA seldom issues Final Notices for companies in breach of EU MAR, other non-UK-based issuers with equity or debt listed on the London Stock Exchange or other European exchanges should be mindful of the relevant regulatory authority’s powers to penalize or censure companies for breaches of EU or UK MAR at its discretion, as applicable.

Ransomware Group Weaponizes SEC Cybersecurity Rules

On November 7, 2023, prolific ransomware group AlphV reportedly breached a public company’s information systems, exfiltrated data and attempted to weaponize the SEC’s new cybersecurity incident disclosure rules by filing a whistleblower tip with the SEC when its victim did not publicly disclose the cybersecurity incident. AlphV, however, jumped the gun on the applicability of new Regulation S-K Item 1.05, which, beginning December 18, will require registrants to disclose certain information about a material cybersecurity incident within four business days of determining that such cybersecurity incident is material. Nonetheless, AlphV’s familiarity with and exploitation of their target’s public disclosure obligations is a further escalation in a steadily increasing trend of pressure tactics by leading ransom groups. With the compliance date for the new SEC cybersecurity rules looming, and this pressure tactic on display, public companies should ensure their cybersecurity incident response plan and disclosure controls and procedures are ready.

For more information, see our Debevoise Update.

SEC Rule-Making Agenda

The SEC’s Fall 2023 Regulatory Agenda was posted earlier this month. A summary of key rule changes is included below. We expect the spring 2024 agenda to be released by June 2024. For more information, see the full regulatory agenda here.



Stage of Rulemaking

Expected Release Date / Statutory Deadline

Financial Data Transparency Act Joint Rulemaking

Proposed Rule Stage


April 2024


Human Capital Management Disclosure

Incentive-Based Compensation Arrangements

Regulation D and Form D Improvements

Revisions to the Definition of Securities Held of Record

Cybersecurity Risk Management Rules for Broker-Dealers, Clearing Agencies, MSBSPs, the MSRB, National Securities Associations, National Securities Exchanges, SBSDRs, SBS Dealers, and Transfer Agents

Final Rule Stage


April 2024


Climate Change Disclosure

Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies

Enhanced Disclosures by Certain Investment Advisers and Investment Companies about Environmental, Social, and Governance Investment Practices

Form PF; Reporting Requirements for All Filers and Large Hedge Fund Advisers

Further Definition of Dealers

Open-End Fund Liquidity Risk Management Programs and Swing Pricing; Form N–PORT Reporting

Special Purpose Acquisition Companies

Registration for Index-Linked Annuities; Amendments to Form N-4 for Index-Linked and Variable Annuities

Proposed Rule Stage

June 2024

Corporate Board Diversity

Proposed Rule Stage

October 2024

Rule 144 Holding Period

Covered Clearing Agency Resiliency and Recovery and Wind-Down Plans

Final Rule Stage

October 2024

Electronic Submission of Certain Materials Under the Securities Exchange Act of 1934; Amendments Regarding FOCUS Report