4 best practices for having an SEC compliant IR website in 2024.

Complying with rules and regulations is part of the daily routine for Investor Relations (IR) professionals. Those responsible for ensuring that a company meets its regulatory standards recognize the risks of not meeting them. For example, in 2022, the SEC brought 760 enforcement actions, a nine percent increase over 2021, and it leveled $6.4 billion in civil penalties, disgorgement, and pre-judgment interest against issuers and individuals for violating SEC rules. 

It’s particularly crucial to ensure SEC compliance in areas such as financial reporting, disclosures, adherence to listing rules, and the handling of inside information, especially when it comes to managing an investor relations website. With this in mind, the 2023 Examination Priorities Report included areas of focus and regulatory changes that must be accounted for to have an SEC compliant IR website.

1. SEC filings and financial disclosure delays

On September 27, 2023, the SEC announced charges against six officers, directors, and major shareholders, as well as five publicly traded companies, for consistent failures in the timely filing of Form 4 and Section 13D and 13G beneficial ownership reports. This enforcement action found these issuers and insiders repeatedly delayed or neglected the required filings. Consequently, the companies and their directors and officers were penalized with a range of fines from $66,000–$200,000 each.

This action by the SEC sends a clear message about the importance of timely and accurate financial disclosures. The substantial penalties imposed reflect the seriousness with which the SEC views these reporting obligations, underscoring the need for corporate transparency in financial dealings. 

To avoid penalties like those imposed by the SEC for failures in filing beneficial ownership reports, companies and their IROs can adopt several best practices regarding their IR website to best accommodate SEC compliance:

• Customized investor content: Understand investor preferences for reviewing disclosures and tailor the content on the IR website accordingly.
• Real-time updates: Having access to website tools allows companies to update their IR website with the latest information promptly.
• Automate reporting processes: Utilize software that can automate parts of the reporting process, such as a newswire like Businesswire, to reduce the risk of human error.
• Establish clear communication channels: Create dedicated sections on the website for legal, financial, and compliance updates.
• Detailed disclosure history: Create a comprehensive archive section on the Investor Relations website for historical SEC filings and financial disclosures. 

2. Non-GAAP deviations from GAAP measures

In a recent publication, PwC explained how non-GAAP measures are a significant focus for the SEC, often leading to enforcement actions and frequent topics in comment letters. These measures, used by companies to provide a deeper understanding of financial performance by excluding certain items, are subject to SEC rules when they deviate from GAAP measures. 

The SEC’s guidance emphasizes avoiding misleading non-GAAP measures and requires clear reconciliation with GAAP financials. The SEC consistently scrutinizes non-GAAP disclosures, with a substantial number of comment letters in 2023 addressing these measures, indicating their ongoing importance in financial reporting and regulatory compliance. 

“Non-GAAP metrics can offer insight by excluding certain items, yet their subjective nature poses both clarity and misinterpretation risks. While providing a clearer view, careful scrutiny is essential to avoid potentially misleading portrayals of financial health. Coherency is key to maintaining credibility.” – Sam Senna, Q4’s IR Services Director in Client Success

Investor Relations Officers (IROs) should adopt several key strategies in response to the SEC’s focus on non-GAAP measures, such as:

• Dedicated Non-GAAP website section: Create a specific section on the website for non-GAAP measures, providing investors easy access to this information.
• Make detailed explanations available on the website: Offer detailed explanations and justifications for using non-GAAP measures, helping investors understand why they are relevant and how they are calculated.
• Take advantage of interactive tools: Incorporate interactive tools such as calculators or comparison charts that allow investors to see the differences between GAAP and non-GAAP measures.
• Regularly update content: Keep the non-GAAP information on the website regularly updated to reflect the latest financial data and SEC guidelines.
• Accessibility: Ensure that the website is user-friendly and inclusive for all investors and that non-GAAP information is presented clearly.

3. Cybersecurity concerns

The SEC has implemented new rules that significantly impact how companies report on cybersecurity matters. These rules require registrants to disclose any material cybersecurity incidents, specifying details about the incident’s nature, scope, timing, and potential or actual material impact on the company. 

Alongside incident reporting, companies must provide annual reports on their cybersecurity risk management, strategies, and governance. This includes a thorough description of the processes for identifying and managing cybersecurity threats and outlining the roles of the board of directors and management in overseeing these risks.

The timing for these disclosures is specific: companies must report material cybersecurity incidents within four business days, although there can be exceptions for national security reasons. The rules stipulate varying compliance dates for different forms, with an additional grace period for smaller reporting companies to meet the Form 8-K disclosure requirements.

To ensure compliance with these rules and best protect themselves from cyberattacks, IROs can:

• Create an incident response plan: Develop and maintain a robust incident response plan to address and mitigate security breaches or cyber threats quickly.
• Perform regular security audits: Conduct frequent and thorough security audits to identify and address vulnerabilities in the website’s infrastructure.
• Use best-in-class data encryption: Utilize strong encryption protocols for data transmission, especially for sensitive financial information and personal data of investors.
• Enforce strict access controls: Implement access controls and authentication processes to restrict unauthorized access to sensitive website areas.
• Maintain best-in-class technology: Ensure all website software is regularly updated to protect against known vulnerabilities.

4. ESG new regulations and proposed updates

In 2023, significant advancements in climate-related financial disclosures are prominent points of interest in both the United States and the European Union. The SEC’s proposed rule changes are a pivotal part of this movement, potentially requiring detailed disclosures about climate risks and their potential impact on businesses. These proposed changes aim to provide investors with consistent, comparable, and decision-useful information, reflecting a growing recognition of climate risks as critical financial considerations. 

“New rules, like the SEC’s proposed changes, stress the importance of clear reporting on climate risks. This shows a growing understanding of these risks as essential financial considerations, aiming to give investors key information for making decisions.” – Sam Senna, Q4’s IR Services Director in Client Success

Simultaneously, the European Union is advancing its sustainability agenda with the European Sustainability Reporting Standards (ESRS). These standards are part of the EU’s broader strategy to integrate sustainability into corporate reporting. The ESRS framework emphasizes the need for transparent and comprehensive reporting on environmental, social, and governance (ESG) factors.

Together, these initiatives in the US and EU represent a significant shift towards enhanced ESG transparency in financial reporting, acknowledging the critical role of climate and sustainability information in investment decision-making and corporate accountability on a global scale. To specifically tailor Investor Relations websites for the evolving ESG landscape in 2023, IROs should:

• Have a dedicated ESG section: Create a distinct section on the website for ESG-related information, clearly outlining the company’s policies, practices, and performance.
• Utilize interactive data visualization: Incorporate interactive charts and graphs visually representing the company’s progress and impact in ESG areas, including sustainability metrics and climate-related risks.
• Report on specific events regarding ESG: Update the website with regular ESG reports, including annual sustainability reports and any disclosures related to climate risks and management strategies.
• Allow for stakeholder communication: Provide a platform for stakeholders to engage in ESG-related discussions, such as forums or Q&A sections, enhancing transparency and stakeholder involvement.
• Provide educational content on ESG standards: Include informational content explaining ESG standards, such as the ESRS in the EU and the SEC’s reporting requirements, to educate stakeholders about the frameworks guiding the company’s ESG disclosures.

Prioritizing Compliance and Best Practices for IR Websites in 2024

In the face of escalating SEC enforcement and evolving regulations, companies must prioritize these best practices to ensure their IR website remains compliant and effective in 2024. This approach will safeguard against penalties and maintain investor trust through transparency and responsiveness to regulatory changes. 

To learn more about IR website best practices, you can review Q4’s “Best-in-Class Checklist for Evaluating IR Website Partners” or speak to one of our experts today.