7.6 Other Post-IPO Considerations
In addition to current and periodic filing responsibilities, a company needs to
carefully consider other topics as it moves forward as a public registrant. The
company will need to establish controls and procedures to support areas such as
investor relations, XBRL requirements, cybersecurity, proxy statements, compliance
with the Foreign Corrupt Practices Act, tender offers, stock repurchase programs,
beneficial ownership reporting, trading activities by insiders, compliance with safe
harbor provision requirements related to the disclosure of forward-looking
information (e.g., the Private Securities Litigation Reform Act of 1995), and
disposition of restricted securities and securities held by affiliates. Companies
will also need to follow the regulatory process, such as SEC and FASB activity, for
new and amended requirements. Because these responsibilities and requirements are
far-reaching and will take time to implement, it will be important for a company to
prepare to comply with them during the planning stages of its IPO. See Deloitte’s
Strategies for Going Public for more
information about these requirements.
XBRL is an eXtensible Markup Language (XML) standard for tagging
financial reports. With XBRL, a uniform taxonomy or format is used to facilitate the
transparency and comparability of information. For example, the U.S. GAAP financial
reporting taxonomy consists of a list of computer-readable tags in XBRL that allows
companies to label financial data presented in financial statements and footnote
disclosures. Inline XBRL allows filers to embed XBRL data directly into an HTML
document and is required for all filers. After an IPO, use of inline XBRL is
required starting with the first Form 10-Q for domestic filers and for the first
Form 20-F for FPIs.
Changing Lanes
SEC Final Rule Released in
2022
Executive Compensation Disclosures
In August 2022, the SEC issued a final rule that requires certain
registrants to provide disclosures about executive pay and company
performance within any proxy statement or information statement for which
executive compensation disclosures are required. The disclosure requirements
were effective for registrants beginning with fiscal years ending on or
after December 16, 2022, and apply to all registrants other than EGCs,
registered investment companies, and FPIs. SRCs are exempt from certain of
the requirements.
While the final rule’s requirements do not apply to EGCs,
they include transition provisions for newly public companies that are not
EGCs. Because the disclosures are not required in registration statements,
they do not have to be provided during the IPO process. In addition, the
requirements apply only for years in which a registrant was subject to
reporting requirements under the 1934 Act (i.e., a public company). For
example, if a non-EGC registrant completes its IPO in 2023, the proxy
statement for fiscal year 2023 would provide such disclosure only for fiscal
year 2023. The registrant would add subsequent years to each annual proxy
filing until it includes five years (i.e., in the proxy filing for fiscal
year 2027, which would be the year that includes the fourth anniversary of
its IPO).
SEC Final Rule Released in
2023
Cybersecurity-Related Disclosures
In July 2023, the SEC issued a final
rule that requires registrants to provide enhanced
disclosures about “cybersecurity incidents and cybersecurity risk
management, strategy, and governance.”
The final rule addresses concerns over investor access to
timely and consistent information related to cybersecurity as a result of
the widespread use of digital technologies and artificial intelligence, the
shift to hybrid work environments, the rise in the use of cryptoassets, and
the increase in illicit profits associated with ransomware and stolen data,
all of which continue to escalate cybersecurity risk and its related costs
to registrants and investors. The final rule establishes new requirements
related to:
- Material cybersecurity incidents, which would need to be disclosed on Form 8-K within four business days of their being deemed material. A registrant may delay filing the Form 8-K if the U.S. Attorney General “determines immediate disclosure would pose a substantial risk to national security or public safety.”
- Annual disclosures in Form 10-K pertaining to (1) cybersecurity risk management and strategy, (2) “management’s role in assessing and managing material risks from cybersecurity threats,” and (3) “the board of directors’ oversight of cybersecurity risks.”
- The presentation of disclosures in Inline XBRL.
All SEC registrants would be subject to the new rule. For
more information about the final rule, see Deloitte’s July 30, 2023,
Heads
Up.
SEC Proposed Rule Released in
2022
Enhancements to Climate-Related Disclosure
Requirements
EGCs and other companies should be aware of the SEC’s
proposal that would require public companies to enhance and standardize
their climate disclosures. For more information about this proposal, see the
Changing Lanes in Section
1.7.
Connecting the Dots
As previously stated above regarding the SEC's final rule on
executive compensation disclosures, registrants that initially qualify as an
EGC are exempt from providing disclosures about executive pay and company
performance. However, a registrant that loses its EGC status is required to
comply with the rule. For example, a calendar-year EGC registrant that
initially completed its IPO in March 2020 but lost its EGC status as of
December 31, 2023, would be required to provide disclosures about executive
pay and company performance for three years (two years for an SRC) in its
early 2024 proxy statement (i.e., for 2021, 2022, and 2023). This
requirement is consistent with the transition provisions in the final rule
that allow registrants to provide three years of disclosures in their first
filing. See Deloitte’s September 2, 2022, Heads Up for more
information.