Chapter 7 — What to Expect After the Registration Statement Is Declared Effective

7.6 Other Post-IPO Considerations

In addition to current and periodic filing responsibilities, a company needs to carefully consider other topics as it moves forward as a public registrant. The company will need to establish controls and procedures to support topics such as investor relations, XBRL requirements, cybersecurity reporting, proxy statements, compliance with the Foreign Corrupt Practices Act, tender offers, stock repurchase programs, beneficial ownership reporting, trading activities by insiders, compliance with safe harbor provision requirements related to the disclosure of forward-looking information (e.g., the Private Securities Litigation Reform Act of 1995), and disposition of restricted securities and securities held by affiliates.

Moreover, SEC registrants must provide XBRL data. XBRL is an eXtensible Markup Language (XML) standard for tagging financial reports. With XBRL, a uniform taxonomy or format is used to facilitate the transparency and comparability of information. For example, the U.S. GAAP financial reporting taxonomy consists of a list of computer-readable tags in XBRL that allows companies to label financial data presented in financial statements and footnote disclosures. Inline XBRL allows filers to embed XBRL data directly into an HTML document and is required for all filers. After an IPO, use of inline XBRL is required starting with the first Form 10-Q for domestic filers and the first Form 20-F for FPIs.

Companies will also need to monitor regulatory developments, such as new and amended FASB and SEC requirements. Because such requirements will take time to implement, it is important for companies to prepare for compliance while planning their IPOs. See Deloitte’s Strategies for Going Public for more information about these requirements. The sections below discuss recent SEC rules that apply to newly public companies.

7.6.1 Executive Compensation Disclosures Related to Pay Versus Performance

In August 2022, the SEC issued a final rule that requires certain registrants to provide disclosures about executive pay and company performance within any proxy statement or information statement for which executive compensation disclosures are required. The disclosure requirements were effective for registrants beginning with fiscal years ending on or after December 16, 2022, and apply to all registrants other than EGCs, registered investment companies, and FPIs. SRCs are exempt from certain of the requirements.

While the final rule’s requirements do not apply to EGCs, they include transition provisions for newly public companies that are not EGCs. Because the disclosures are not required in registration statements, they do not have to be provided during the IPO process. In addition, the requirements apply only for years in which a registrant was subject to reporting requirements under the 1934 Act (i.e., a public company). For example, if a non-EGC registrant completes its IPO in 2023, the proxy statement for fiscal year 2023 would provide such disclosure only for fiscal year 2023. The registrant would add subsequent years to each annual proxy filing until it includes five years (i.e., in the proxy filing for fiscal year 2027, which would be the year that includes the fourth anniversary of its IPO).

Connecting the Dots

As noted above, a registrant that initially qualifies as an EGC is exempt from providing disclosures about executive pay and company performance. However, a registrant that loses its EGC status is required to comply with the rule. For example, a calendar-year EGC registrant that initially completed its IPO in March 2020 but lost its EGC status as of December 31, 2023, would be required to provide disclosures about executive pay and company performance for three years (two years for an SRC) in its early 2024 proxy statement (i.e., for 2021, 2022, and 2023). This requirement is consistent with the transition provisions in the final rule that allow registrants to provide three years of disclosures in their first filing. See Deloitte’s September 2, 2022, Heads Up for more information about the final rule on pay versus performance.

7.6.2 Clawback Policies

In October 2022, the SEC issued a final rule aimed at ensuring that executive officers do not receive “excess compensation” if the financial results on which previous awards of compensation were based are subsequently restated because of material noncompliance with financial reporting requirements. Such restatements would include those correcting an error that either (1) “is material to the previously issued financial statements” (a “Big R” restatement) or (2) “would result in a material misstatement if the error were corrected in or left uncorrected in the current period” (a “little r” restatement).

The final rule requires issuers to “claw back” excess compensation for the three fiscal years before the determination of a restatement regardless of whether an executive officer had any involvement in the restatement. However, compensation received before the company is listed on a national exchange does not have to be clawed back under the SEC rule. While specific disclosures about clawback policies are not required in IPO registration statements, companies undertaking an IPO must adopt a clawback policy that becomes effective upon completion of the IPO to meet the listing standards of the national exchange that they will be listed on.

Under the final rule, an issuer must also disclose its recovery policy in an exhibit to its annual report and include new checkboxes on the cover page of its annual report to indicate whether the financial statements “reflect correction of an error to previously issued financial statements and whether [such] corrections are restatements that required a recovery analysis.” Additional disclosures are required in the proxy statement or annual report when a clawback occurs. Such disclosures include the date of the restatement, the amount of excess compensation to be clawed back, and any amounts outstanding that have not yet been clawed back.

With very limited exceptions, the final rule applies to all listed issuers, including EGCs, SRCs, FPIs, and controlled companies. For further discussion of the SEC’s clawback rule, see Deloitte’s November 14, 2022, Heads Up.

7.6.3 Cybersecurity-Related Disclosures

In July 2023, the SEC issued a final rule that requires registrants to provide enhanced disclosures about “cybersecurity incidents and cybersecurity risk management, strategy, and governance.” While the final rule does not affect initial registration statements, new registrants will need to begin complying with the rule’s requirements in both their annual filings and their Form 8-K filings (in the event of a material cybersecurity incident) after an IPO. At the 2023 AICPA & CIMA Conference on Current SEC and PCAOB Developments, Erik Gerding, director of the Division, noted that registrants are encouraged to involve chief information security officers, cybersecurity experts, and securities lawyers in disclosure committee discussions to help ensure compliance with the final rule.

However, the final rule is not intended to prescribe what constitutes good cyber risk management, strategy, and governance. Instead, it addresses concerns over investor access to timely and consistent information related to cybersecurity as a result of the widespread use of digital technologies and artificial intelligence, the shift to hybrid work environments, the rise in the use of crypto assets, and the increase in illicit profits associated with ransomware and stolen data, all of which continue to escalate cybersecurity risk and its related costs to registrants and investors. The final rule establishes new disclosure requirements related to:

Material cybersecurity incidents, which would need to be disclosed on the new Item 1.05 of Form 8-K within four business days of being deemed material. A registrant may delay filing the Form 8-K if the U.S. Attorney General “determines immediate disclosure would pose a substantial risk to national security or public safety.”

Since the final rule went into effect, the SEC has noted that many Item 1.05 filings have pertained to events that have been either (1) not yet determined to be material or (2) determined not to be material. In a May 21, 2024, statement, Mr. Gerding encouraged registrants to use a different item in Form 8-K (e.g., Item 8.01) in either of these circumstances and to reserve Item 1.05 filings for material incidents.
Annual disclosures in Form 10-K pertaining to (1) cybersecurity risk management and strategy, (2) “management’s role in assessing and managing material risks from cybersecurity threats,” and (3) “the board of directors’ oversight of cybersecurity risks.”
The presentation of disclosures in Inline XBRL.

All SEC registrants are subject to the new rule. For more information about the final rule, see Deloitte’s July 30, 2023 (updated December 19, 2023), Heads Up.

7.6.4 Enhancements to Climate-Related Disclosure Requirements

On March 6, 2024, the SEC issued a final rule that requires registrants to provide climate disclosures in their annual reports and registration statements, including those for IPOs. The final rule applies to all issuers, including SRCs and EGCs; however, nonaccelerated filers, SRCs, and EGCs are not required to provide, or to obtain assurance over, Scope 1 and Scope 2 GHG emission disclosures.

In the footnotes to the financial statements, registrants must provide information about (1) specified financial statement effects of severe weather events and other natural conditions, (2) certain carbon offsets and RECs, and (3) material impacts on financial estimates and assumptions that are due to severe weather events and other natural conditions or disclosed climate-related targets or transition plans. These disclosures will be subject to existing audit requirements for financial statements.

Disclosures required outside of the financial statements include:

For large accelerated filers and accelerated filers (that are not SRCs or EGCs), material Scope 1 and Scope 2 GHG emissions, subject to assurance requirements that will be phased in.
Governance and oversight of material climate-related risks.
The material impact of climate risks on the company’s strategy, business model, and outlook.
Risk management processes for material climate-related risks.
Material climate targets and goals.

The final rule was scheduled to become effective on May 28, 2024; however, the SEC has voluntarily stayed the rule's effective date pending judicial review. Despite the stay, it is important for entities that are planning on going public to prepare now for compliance with the rule’s requirements since implementation will take time. For more information about the final rule on climate-related disclosures, see Deloitte’s March 15, 2024 (updated April 8, 2024), Heads Up.