The Staff also identified the financial statements, disclosure controls and procedures and the board’s role in risk oversight as other areas where AI-related disclosures may be required under existing rules.

The staff highlighted the following considerations:

• Whether the use of AI exposes the company to additional operational or regulatory risks, including risks related to data privacy, discriminatory results or bias, IP, consumer protection, regulatory compliance and macroeconomic conditions.
• Whether the company’s disclosure on its use and development of AI and material AI risks are tailored to its facts and circumstances.
• Whether the company has support for its claims when disclosing AI opportunities.
• Whether disclosure of the board’s role in AI oversight is warranted.
• Whether investors would benefit from disclosure of the company’s use of any AI risk management framework—like NIST or any industry-specific guidance (similar to cybersecurity disclosures).
• Whether the company faces risks related to the EU AI Act and whether current general disclosure, if any, should be more tailored to address how a company will be impacted based on its particular facts and circumstances.

Access the workshop video by the SEC.

Gensler explained three tenants behind the historical drive for mandatory disclosure:

• the public good nature of securities information
• misalignment between management and shareholder interests; and
• the imperative for efficient valuation

He also stressed the necessity of regulatory intervention to ensure consistent, comparable, and reliable information dissemination, drawing parallels between historical debates over mandatory versus voluntary disclosure.

Throughout his speech, Gensler emphasized the pivotal role of mandatory disclosure in fostering efficient markets, facilitating capital formation, and engendering investor trust. He also reaffirmed the SEC's commitment to upholding rigorous disclosure standards grounded in materiality, including enhanced disclosures on climate, cybersecurity, SPACs, and executive compensation.

Access the speech on the SEC’s website.

This follows concerns raised by shareholders about limitations in exercising their rights and participating effectively in such meetings. The guidance aims to help companies comply with regulations and ensure better engagement and access to information for shareholders during virtual meetings.

In order for reporting issuers to fulfill their obligations under securities legislation, it is important that reporting issuers provide clear and comprehensive disclosure in management information circulars and associated proxy-related materials with respect to the logistics for accessing, participating and voting at a virtual meeting.

Reporting issuers can facilitate shareholder participation at virtual shareholder meetings by:

• simplifying registration and authentication procedures
• providing shareholders with opportunities to make motions or raise points of order
• ensuring shareholders have the ability to raise questions and provide direct feedback to management in any question-and-answer segment of the meeting
• indicating where shareholder proposals will be presented and voted on at the meeting, coordinating with proponents of those proposals in advance of the meeting, and ensuring proponents are given a reasonable opportunity to speak to the proposal and respond to any questions that arise from the proposal
• ensuring any virtual platform used by an issuer has functionality permitting shareholder participation to the fullest extent possible; and
• ensuring the Chair is experienced and knowledgeable in the technological platform being used for the virtual meeting.

CSA Staff will continue to monitor the practice of virtual shareholder meetings, including reviewing disclosure in proxy-related materials during the upcoming proxy season. Further guidance and updates may be issued, as required.

Access the updated guidance on the CSA’s website.

Similar to his speech delivered in December 2023, Gensler once again highlighted the SEC's role in ensuring transparency and preventing fraud in AI-related disclosures, emphasizing the need for companies to provide accurate information about their AI usage and associated risks to investors.

Moreover, Gensler discussed the broader implications of AI in finance, highlighting its potential benefits in efficiency and user experience, as well as its challenges such as unexplainable decisions, biases, and inaccuracies. He warned against the systemic risks posed by the widespread adoption of AI models in financial institutions, citing concerns about herding behavior and network interconnectedness. He also stressed about the importance of accountability and responsible governance in deploying AI models, urging companies to implement appropriate safeguards and disclose material risks to investors.

Access Gary Gensler’s speech on the SEC’s website

The primary objectives of the proposals are to provide greater regulatory clarity on permitted crypto asset investment activities, to prohibit the use of crypto assets in securities lending and (reverse) repurchase transactions and to confirm custodial expectations.

The most significant updates to the existing public crypto asset fund practices include:

• explicit limitations on Non-Fungible Tokens ;
• mandates for investing solely in crypto assets (or derivatives with crypto asset underliers) that are traded on recognized exchanges while continuing to allow purchases on crypto asset trading platforms;
• requiring crypto custodians to obtain, and deliver to public crypto asset funds, SOC 2 Type 2-like reports

The Notice represents the second phase of the CSA’s ongoing effort to establish a comprehensive regulatory framework for public crypto asset funds in Canada. Following their initial guidance document (CSA Staff Notice 81-336 Guidance on Crypto Asset Investment Funds), these amendments aim to further clarify existing securities regulations and refine expectations for how such funds operate under National Instrument 81-102 Investment Funds.

Access the notice on Ontario Securities Commission’s website.

The decision, prompted by a legal challenge from the U.S. Chamber of Commerce, Longview Chamber of Commerce, and Texas Association of Business, deemed the SEC's actions arbitrary and capricious, citing a lack of response to comments and insufficient cost-benefit analysis. Despite a 30-day remand period, the SEC was unable to rectify the rule's defects, leading to its ultimate vacatur.

The ruling signifies the conclusion of the share repurchase disclosure rulemaking, pending potential further actions.

Access more details on the news at TheCorporateCounsel.net

The report highlights key risks  and other considerations, that auditors should be focused on when planning and performing audit procedures. It notes that the PCAOB will continue to prioritize inspections of financial-services sector audits and, digital assets.

Among the PCAOB’s inspection enhancements in 2024 will be the creation of a PCAOB team that will evaluate culture across the largest domestic audit firms. This initiative will include interviewing firm personnel and evaluating other documentation, with the aim of using this information to enhance the PCAOB’s understanding of how audit firm cultures may be affecting audit quality.

Chair Williams has encouraged audit committees to ask questions to hold firms accountable to performing high-quality audits.

Access the spotlight report on PCAOB’s website

Mr. Gerding addressed the SEC’s rationale behind releasing the final rule, including “investors’ need for improved disclosure” about cybersecurity considering the greater cybersecurity risks in an increasingly technology-reliant world. He also stressed that, although investors “need consistent and comparable disclosures” about cybersecurity, it would be a “misconception” to think that the Commission is “seeking to prescribe particular cybersecurity defenses, practices, technologies, risk management, governance, or strategy.” Rather, “public companies have the flexibility to decide how to address cybersecurity risks and threats based on their own particular facts and circumstances.”

Given the final rule’s imminent compliance date, Mr. Gerding addressed some of the actions public companies should consider taking, such as consulting with “chief information security officers, other company’s cybersecurity experts and technologists, the disclosure committee, and those responsible for advising them on securities law compliance.” He also stressed the Division’s own “open door policy” with respect to assisting companies with their interpretive questions regarding the final rule’s provisions. Mr. Gerding closed his remarks by reassuring companies that the Division does not “seek to make ‘gotcha’ comments or penalize foot faults.” Rather, he underscores that the SEC’s overarching goal with this rule, as with other rules, is to “elicit tailored disclosures that provide consistent, comparable, and decision-useful information to investors.”

Access the rule on SEC’s website

While the publication remains relatively consistent with the one published last year, updates have been made on the topics of board skills matrices, director continuing education, human capital management and succession planning, board and management diversity and executive share ownership requirements.

In this year’s publication, CCGG has highlighted a share ownership policy where the requirements are expressed as a multiple of an executive officer’s long-term incentive plan (LTIP) target, as opposed to the common practice of using base salary. CCGG has stated that benchmarking ownership relative to total direct compensation or the annual LTIP target may be more meaningful than base salary if base salary is the smallest component of total direct compensation.

Access the annual review on CCGG’s website.

The U.S. Attorney General’s determination of whether disclosure of a material cybersecurity incident qualifies for a delay will be based on whether such disclosure “poses a substantial risk to public safety and national security.” The SEC must be notified of the determination of the Department of Justice (DOJ) in writing. If a registrant’s request is approved, the DOJ will communicate its decision to the SEC in addition to informing the registrant so that it can delay its Form 8-K filing.

Form 6-K will be amended to require foreign private issuers to furnish information on material cybersecurity incidents that they make or are required to make public or otherwise disclose in a foreign jurisdiction to any stock exchange or to security holders. Form 20-F will be amended to require that foreign private issuers make periodic disclosure comparable to that required in new Regulation S-K Item 106.

The SEC also issued several new compliance and disclosure interpretations (C&DIs) that address additional considerations for registrants that are requesting a delay from disclosing a material incident.

Access the final rule on SEC’s website and the guide on FBI’s website