Reminders for the 2025 Reporting Season

Many companies are in the midst of preparing their year-end Annual Reports on Form 10-K and looking ahead to their annual meeting of shareholders. In addition to changes to rules, regulations and disclosure trends, the current season adds an additional layer of complexity and uncertainty due to the new Presidential administration and the numerous executive orders that have been issued to date by President Trump. This alert provides an overview of key considerations and reminders as companies prepare these reports.

New Insider Trading Policy Disclosure and Exhibit Filing Requirements

In December 2022, the U.S. Securities and Exchange Commission (“SEC”) adopted several amendments to Exchange Act Rule 10b5-1 and accompanying amendments to Regulation S-K requiring disclosure of companies’ insider trading plans. Specifically, new Item 408(b) of Regulation S-K requires companies to disclose whether they have adopted policies and procedures governing transactions in the company’s securities that are reasonably designed to prevent insider trading and to file such policies and procedures as an exhibit to their Annual Report on Form 10-K. If a company has not adopted such policies, it must explain why.

These requirements apply to the Form 10-K for the fiscal year ending December 31, 2024, for calendar year-end companies. While the disclosure requirements apply to Form 10-K, we expect that many companies will opt to address these disclosures in their proxy statements, which are forward-incorporated by reference in Form 10-K, rather than in the body of Form 10-K itself.

The new disclosures and exhibit must be tagged in Inline XBRL. 

Risk Factor and Other Hot Topics

We encourage all companies to re-evaluate their risk factor disclosures each year. Topics that may be appropriate to address are described below and may vary depending on a company’s particular circumstances.

Artificial Intelligence

The rise of artificial intelligence (“AI”) was one of the hottest topics in 2024, and it comes as no surprise that investors and regulators alike have focused on how companies are addressing AI.

The SEC has indicated that it may heighten its focus on AI-related disclosures and has warned against “AI washing,” which involves exaggerating or making false claims with respect to a company’s AI capabilities or use.[1] The SEC has also warned against using generic or boilerplate language in AI-related risk disclosures.

Thus, companies should carefully consider whether AI-related risk factors are appropriate for their business. If they are, companies should consider risk factor disclosure that is appropriately tailored to their specific business and operations. For example, if companies are using proprietary AI or relying on third-party service providers, it may be appropriate to discuss the risks associated with either approach. Companies that are developing their own AI may consider risks associated with this application and the resources required to advance it. Companies may also choose to consider risks associated with generative AI in terms of security, data privacy, and reliability.

Cybersecurity

In 2023, the SEC adopted final rules requiring disclosure of material cybersecurity incidents, as well as cybersecurity risk management, strategy, and governance.

Companies should ensure that these disclosures are consistent with any discussions of cybersecurity in risk factors. Notably, discussions about risk factors of any risks associated with the company’s processes for identifying, assessing, and managing cybersecurity threats, as well as any risks associated with the company’s oversight procedures and/or reliance on third parties or technology for notifications of any cybersecurity incidents, should be consistent with disclosures elsewhere in the Form 10-K.

In the year that has passed since compliance was mandated, the SEC began issuing comment letters on filings relating to cybersecurity disclosure. These comment letters have mostly focused on (1) inconsistent statements regarding the use of third parties (assessors, consultants, auditors, etc.) to assess, identify, and manage cybersecurity threats; and (2) inadequate or incomplete disclosure regarding the persons responsible for assessing, identifying, and managing cybersecurity threats, as well as the relevant expertise of such persons. Companies should familiarize themselves with these comment letters to determine whether to implement any changes to their own cybersecurity disclosures during the upcoming reporting season.

Climate Change and Extreme Weather

While the SEC’s climate change disclosure rules have been stayed (and are unlikely to be implemented), companies still must consider whether climate change and associated extreme weather events pose material risks. For example, companies may have been acutely affected by the California wildfires in early 2025. Others may wish to address whether the increased frequency and intensity of extreme weather events should be disclosed as a potential risk to the company’s business and financial performance.

Evolving U.S. Legal and Political Landscape

The transition between Republican and Democratic presidential administrations often results in a period of regulatory uncertainty, but the speed of change in the days following President Trump’s inauguration has been unprecedented. Accordingly, this has resulted in a high degree of legal and political uncertainty that may present material risks for public companies.

• Illegal Discrimination Executive Order

On January 21, 2025, President Trump signed an executive order titled “Ending Illegal Discrimination and Restoring Merit-Based Opportunity” that rescinds affirmative action and other anti-discrimination laws applicable to federal contractors, requires contractors to certify that they do not have unlawful “DEI programs,” and requires federal agencies to create strategic enforcement plans targeting illegal DEI programs in the private sector, including public companies.

Among other directives, the order instructs the heads of all federal agencies to “enforce our longstanding civil-rights laws and to combat illegal private-sector DEI preferences, mandates, policies, programs, and activities.” The order also mandates that the Attorney General submit a report with recommendations for “enforcing Federal civil-rights laws and taking other appropriate measures to encourage the private sector to end illegal discrimination and preferences, including DEI” within 120 days.  

The force and applicability of this directive, along with the meaning of “unlawful DEI programs,” are unclear. Accordingly, companies may wish to consider addressing this uncertainty in their risk factors, to the extent that it may pose a material risk to their operations.

• Tariffs

On February 1, 2025, President Trump issued three executive orders directing the United States to impose new tariffs on imports from Canada, Mexico, and China. The tariffs impose an additional 25% rate of duty on imports from Canada and Mexico and 10% on imports from China. The tariffs will apply to all imports except Canadian energy resources exports, which will be subject to a 10% tariff. The orders specifically state that the President may raise the tariffs further if Canada, Mexico, and China retaliate, and all three countries have signaled their intention to retaliate. 

While the force and immediacy of these orders are unclear (for example, both Mexico and Canada quickly entered into agreements with the United States to pause potential tariffs), companies should consider whether these policies might impact their business or financial performance. Any existing risk factors to this effect should be updated in accordance with more recent statements from President Trump and his advisors.

• Inflation and Interest Rates

While the Federal Reserve cut interest rates in 2024, it recently declined to cut rates further in January 2025 as it awaits further progress on inflation. Companies should revisit their risk factors in consideration of the 2024 rate cuts and the rate cut pause of last month, and continue to monitor developments.

Geo-Political Issues

The continuation of a number of foreign conflicts, including in the Middle East and the war between Russia and Ukraine, may pose material risks for companies necessitating disclosure. The SEC previously published a sample comment letter regarding possible disclosure issues relating to the impact that Russia’s invasion of Ukraine may have on a company’s business and financial performance. The sample comment letter encourages companies to detail any direct or indirect exposure to Russia and/or Ukraine through investments, property, employees, supply chains, operations, and other facets of business.

Although the SEC has not published a similar sample comment letter regarding the conflict in the Middle East, companies should consider whether any similar disclosure obligations apply.

In addition, for companies based in or with a majority of their operations in China, the SEC previously provided a sample comment letter highlighting disclosure obligations, with specific focus on the need to disclose any material risks relating to the role of the PRC intervening in, or exercising control over, a company’s operations in the PRC. Companies that are not based in China but that otherwise have business exposure in China, should also review and consider the sample comment letter.

Moreover, as global supply chains become increasingly connected, companies should continually assess whether their disclosure of risks to their business from geo-political forces remain adequate.

Hypothetical Risk Factors

In November 2024, the U.S. Supreme Court heard oral arguments in a case involving hypothetical risk factor disclosure. Shortly after the oral arguments, the Supreme Court issued a surprising order dismissing the writ of certiorari “as improvidently granted,” effectively closing the door on Supreme Court guidance on this issue.

Companies should thus continue to ensure that risks factors are not written as hypothetical possibilities when the risks have already materialized. For example, a company should not claim that it “may experience data breaches” when the company has, in fact, experienced data breaches. Such hypothetical language may mislead investors and has been the subject of SEC comment letters and enforcement actions, and private securities litigation.

Inline XBRL

The SEC continues to expand Inline XBRL (“iXBRL”) requirements in documents filed with the SEC. Many of the newer disclosure obligations adopted in recent years come with iXBRL obligations. Currently, the following items in the Form 10-K are required to be tagged in iXBRL:

• Cover page information;
• Financial statements, including footnotes and schedules;
• Audit report/financial statement section index, including:
• The identity of the auditor(s) who have provided opinions related to financial statements that are included in the Form 10-K;

• The location where the auditor’s report has been issued; and

• The PCAOB ID Number(s) of the audit firm(s) providing the opinion(s);

• Cybersecurity risk management, strategy, and governance, as required under Item 106 of Regulation S-K;
• Clawbacks, as required under Item 402(w) of Regulation S-K;
• Company policies and procedures related to the award of option grants and other instruments  as required under Item 402(x) of Regulation S-K; and
• Disclosure regarding insider trading policies as required under Item 408 of Regulation S-K, as well as the insider trading policies and procedures themselves filed as Exhibit 19 to Form 10-K.

Climate Disclosure Rules Halted

In March 2024, the SEC adopted final climate disclosure rules that would have imposed new disclosure requirements related to material climate-related risks, governance, and strategy and greenhouse gas emissions, along with financial statement reporting requirements. Following a number of lawsuits challenging these rules, the SEC voluntarily stayed adoption of climate disclosure rules in April 2024. 

With the transition in presidential administrations and a new SEC Chair incoming, it is unlikely that these rules will ever be adopted in their current form.

Nevertheless, companies should continue to consider whether the general disclosure rules and concepts of materiality could still require disclosure on these topics. As noted above, risk factor disclosure may be appropriate for some companies and industries, and disclosure could also be required in a company’s business section or in MD&A.

Nasdaq Diversity Rules Struck Down

On December 11, 2024, the Court of Appeals for the Fifth Circuit struck down Nasdaq’s proposed diversity disclosure rules, which had been approved by the SEC. The proposed rules generally required Nasdaq-listed companies to disclose board diversity statistics in their proxy statements and either set a target of having at least two diverse board members or provide an explanation of why the company could not meet this objective. 

In invalidating the rules, the court deemed that the SEC exceeded its authority in approving the rule. Nasdaq has stated that it will not appeal the court’s decision, and it appears unlikely that the SEC will pursue an appeal either. Regardless, state lawmaking agencies, proxy advisory firms, institutional investors, and other parties continue to focus on improving board diversity, and many companies may nonetheless opt to voluntarily include information on the diversity of their boards in their annual meeting proxy statements.

Proxy Advisory Firm Policy Updates

Both Glass Lewis and Institutional Shareholder Services (“ISS”) provided updated proxy voting guidelines in late 2024. The following summarizes key updates from each.

Glass Lewis

• Board Oversight of AI: Glass Lewis introduced a new AI policy, noting the importance of a board of directors’ awareness of its company’s use of AI and the corresponding risks, as well as the existence of company policies regarding AI use and risks. Glass Lewis indicated that it will not make voting recommendations based on a company’s oversight of AI-related complications if the company has not experienced any material AI-related problems. However, if a company has experienced AI-related problems, Glass Lewis indicated that it will analyze the company’s AI-related policies and procedures to ensure adequate oversight and remedial action and, as a result, may advise against certain directors.
• Board Responsiveness to Shareholder Proposals: Glass Lewis provided an updated policy on responsiveness to shareholder proposals, adding a recommendation that boards of directors engage with shareholders regarding shareholder proposals that fail to pass but gain significant support (generally thirty to fifty percent) to discuss the proposals and disclose any efforts that the board has made to address shareholder concerns.
• Executive Compensation: Glass Lewis clarified their approach to evaluating companies’ executive compensation programs. Notably, Glass Lewis will continue to analyze executive compensation programs “holistically.” Notwithstanding “egregious” compensation-related decisions or practices, no one factor will result in a negative vote recommendation. Instead, Glass Lewis will assess unfavorable factors within the broader context of a compensation program’s overall structure, disclosure quality, and alignment with performance, among other things.
• Reincorporation and Defensive Strategies: Glass Lewis changed its position on companies reincorporating in other jurisdictions by indicating that it will make recommendations on a case-by-case basis while considering economic benefit, shareholder rights, and other aspects of the laws of the state or country of reincorporation.
  
  Glass Lewis also updated its change-in-control policy, noting that companies allowing committee discretion related to the treatment of unvested equity awards during a change in control must provide a clear rationale for that treatment.

ISS

• SPAC Extensions: ISS changed its policy from voting on a case-by-case basis on proposals relating to extending special purpose acquisition fund (“SPAC”) termination deadlines to generally supporting requests for extensions of up to one year from the original termination date.
• Environmental Issues: ISS revised its policy on environmental and social shareholder proposals to replace the reference to “General Environmental Proposals” with “Natural Capital-Related and/or Community Impact Assessment Proposals.” This new term is designed to capture broad topics, including biodiversity, deforestation, ecosystem loss, water pollution, and other topics. Under the updated guidelines, ISS will review the adequacy of the company’s existing social and environmental policies and disclosure to ensure that they align with “broadly accepted reporting frameworks.” ISS will also consider the effect of any litigation, regulatory noncompliance, remediation, harm to reputation, or other consequence of operational failures.

Prepare for EDGAR Next

On September 27, 2024, the SEC adopted amendments to Regulation S-T, resulting in major changes to the Electronic Data Gathering, Analysis, and Retrieval (“EDGAR”) System for SEC filings. 

EDGAR Next will require companies and individual directors and officers who have Section 16 filing obligations to designate individuals to file on the company’s behalf and manage its or his/her EDGAR account. These designated individuals will need to complete multifactor authentication and create their own individual account credentials in order to access and manage EDGAR accounts.

EDGAR Next is currently in beta testing and is expected to go live on March 24, 2025, although the existing EDGAR system may be used until September 2, 2025. Individuals responsible for making SEC filings should be aware of these changes and the implementation timeline.

Compensation-Related Updates

Equity Grant Policy Disclosures

In December 2022, the SEC amended Regulation S-K to add new Item 402(x) setting forth new disclosure requirements regarding companies’ policies and practices concerning the timing of awards of stock options and stock appreciate rights (“SARs”) in relation to the disclosure of material nonpublic information. The new Item 402(x) disclosure will be first required for calendar year-end companies starting with Form 10-K for the fiscal year ending December 31, 2024. 

In accordance with Item 402(x), companies will need to provide both narrative and tabular disclosures regarding the timing of any award of stock options, SARs, or other similar instruments issued in proximity to disclosures of material nonpublic information. The narrative disclosure must describe the company’s policies and procedures regarding the timing and criteria for such awards and whether material nonpublic information is factored into decisions regarding the timing and criteria. The narrative disclosure should also describe how the board determines when to grant such awards, whether the board or compensation committee considers material nonpublic information when determining the timing and terms of such an award, and, if so, how such information is considered, and whether the company has timed the disclosure of material nonpublic information for the purpose of affecting the value of executive compensation.

If, during the last fiscal year, the company made grants to named executive officers (“NEOs”) within four business days before or one business day after the filing of a periodic report on Form 10-Q or 10-K or the filing/furnishing of a current report on Form 8-K that contained material nonpublic information, the company must also disclose the following information in tabular format:

• the NEO’s name;
• the date of the grant;
• the number of securities underlying the award;
• the per-share exercise price;
• the grant-date fair value; and
• the percentage change in the closing market price of the securities underlying the award on the trading day before and after disclosure of the material nonpublic information.

These disclosures must be tagged in Inline XBRL.

Again, we expect that many companies will opt to address these disclosures in their proxy statements.

Disclosure and Taxation of Executive Perks in the Age of Executive Security

In today’s heightened political environment, companies are forced to consider implementing new or enhanced perquisites for their executive teams to ensure the safety of such executives, such as company-provided executive security. In doing so, companies should be aware that the taxation and securities disclosure rules applicable to such perks do not always align. 

From a taxation perspective, if the company-provided executive security meets the working condition fringe test under Section 132(f) of the Internal Revenue Code, then such benefit may not be taxable to the executive, and the company may retain the right to deduct the cost of such benefit. The tax treatment of these arrangements is dependent on satisfying specified requirements and should be carefully scrutinized with tax and legal advisors. 

On the other hand, the SEC views company-provided executive security as a disclosable perk. As a result, the value of such benefits will need to be reported in the “All Other Compensation” column of the Summary Compensation Table. The SEC has been particularly active in the enforcement of perquisite disclosure, and it is generally recommended to err on the side of caution when determining whether a benefit should be reported as a perk in the Summary Compensation Table. Companies should carefully analyze their practices and ensure that both the tax reporting and SEC disclosures are meeting the necessary requirements. 

Reconsider Incorporation of DEI Metrics in Annual Bonus and Incentive Arrangements

As noted above, the new administration has doubled down on its quest to eliminate what it deems to be “unlawful DEI programs.” While the January 21, 2025 executive order largely sets forth rules applicable to government agencies and federal contractors, it also aims to “combat illegal private-sector DEI preferences, mandates, policies, programs, and activities.” Prior to the enactment of this executive order, many publicly held companies had incorporated environmental, social, and governance performance metrics into their incentive compensation programs, including metrics relating to the achievement of various DEI goals. Given the uncertainty surrounding the enforcement actions that may be triggered by the executive order, companies should continue to analyze the impact of retaining such DEI metrics in such incentive compensation programs and discuss with their legal teams ways to minimize such risk. 

With contributions from associate Samantha A. Wood.

[1]In March 2024, the SEC settled charges against two investment advisers in “AI-washing”-related cases.