Corporate Governance: 2024 Year-End Review

As 2025 begins, we cover several significant corporate governance developments that occurred in the second half of 2024 and since our Corporate Governance: 2024 Midyear Review was published in August.

We first highlight whirlwind decisions resulting in the stay of the implementation of the Corporate Transparency Act (CTA). We also note the Securities and Exchange Commission’s (SEC) Division of Examination’s anticipated priorities for 2025, which notably do not include environmental, social and governance (ESG)-related goals.

Next, we turn to governance developments in securities regulation and Delaware Corporate Law, upon which we have reported, newly issued artificial intelligence (AI) guidance, litigation following severe cybersecurity breaches, and matters concerning ESG investing and enforcement. 

Texas Top Cop Shop v. Garland Hits Pause on the Implementation of the CTA

The landmark Corporate Transparency Act (CTA), enacted in 2021, was designed to combat money laundering and the financing of terrorism by requiring corporations, limited liability companies and other entities organized or registered under state law to disclose their beneficial owners to the Financial Crimes Enforcement Network (FinCEN), the criminal-enforcement arm of the U.S. Treasury. The CTA took effect on Jan. 1, 2024, and reporting was initially due Jan. 1, 2025; however, this requirement is now paused after a Fifth Circuit merits panel reinstated a nationwide injunction on Dec. 26, 2024.

In Texas Top Cop Shop, Inc. v. Garland, six plaintiffs, including the named firearm retailer, alleged that the CTA and its implementing regulations were unconstitutional, facially and as applied. They sought a declaratory judgment and an injunction against enforcement. On Dec. 3, 2024, Judge Amos Mazzant in the Eastern District of Texas issued a nationwide preliminary injunction, concluding that plaintiffs were likely to succeed in showing that Congress lacked authority to enact the CTA under the Commerce Clause and the Necessary and Proper Clause of the Constitution.^[1]

The Fifth Circuit motions panel, however, disagreed. On Dec. 23, 2024, the three-judge panel issued a per curiam opinion staying the injunction, finding that the government had made a strong showing that it was “likely to succeed on the merits in defending [the] CTA’s constitutionality.”^[2] After this decision, FinCEN modestly extended the reporting deadlines.

Just three days later, however, a merits panel of the Fifth Circuit vacated the motions panel’s order staying the district court’s preliminary injunction, putting reporting back on hold. The merits panel stated that it aimed “to preserve the constitutional status quo” while it considered “the parties’ weighty substantive arguments.”^[3]

Finally, on Dec. 31, 2024, the government filed an application with the Supreme Court to stay the injunction pending resolution in the Fifth Circuit or, if the government loses there, pending resolution in the Supreme Court. FinCEN also suggested that the Supreme Court may wish to go further and treat its application as a petition for writ of certiorari before judgment to answer the question of whether the district court had erred in “entering preliminary relief on a universal basis.”

At minimum, FinCEN argued, the Court should narrow the injunction to apply only to the parties in Texas Top Cop Shop, as other courts have done. For example, the Northern District of Alabama took this approach in a case decided on March 1, 2024.

SEC Department of Examination Announces 2025 Priorities

In late October, the SEC’s Division of Examinations released its 2025 examination priorities. These are intended to “inform investors and registrants of potential risks in the U.S. capital markets” and make them aware of the division’s areas of focus for the upcoming year.

The priorities are categorized by the type of market participant, with tailored target areas for investment advisers, investment companies, broker-dealers, self-regulatory organizations, clearing agencies and others. The SEC also identified priorities applicable to many market participants, including:

• Monitoring registrants’ cybersecurity measures to ensure that retail consumers’ information is protected
• Assessing registrants’ use of emerging technologies such as automated investment tools, AI and trading algorithms to ensure that representations and disclosures to consumers are accurate and produce advice consistent with investors’ strategies
• Examining registrant offerings of cryptocurrency assets
• Reviewing Systems Compliance and Integrity entities to ensure they can maintain operational capacity and are equipped to respond to incidents such as a third party experiencing a cyber event
• Evaluating anti-money-laundering efforts to ensure firms are appropriately tailoring the programs to their business models, testing the programs, establishing adequate consumer identification elements and meeting their suspicious-activity reporting obligations

Notably missing from the 2025 priorities are ESG-related goals. The SEC recently disbanded the Climate and ESG Task Force within its Enforcement Division, noting that the expertise developed by the task force had been distributed throughout the agency.

The Enforcement Division’s 2024 priorities similarly did not explicitly state ESG-related goals. The SEC, however, has continued to prosecute claims against companies for incomplete and inaccurate statements about their environmental behaviors and to promulgate environmentally related rules. For example, in September, the SEC settled an investigation of Keurig Dr Pepper Inc. regarding statements that Keurig had made about the recyclability of its K-Cup products. And in January, the SEC promulgated rules titled “Enhancement and Standardization of Climate-Related Disclosures for Investors” (the Climate Rules), which have since been challenged in a consolidated case in the Eighth Circuit called Iowa v. SEC. The SEC voluntarily stayed the rules pending the resolution of this litigation, as discussed below in the ESG section.

As the incoming administration appoints new leadership to the SEC, the agency’s commitment to pursuing ESG-related rules and enforcement actions is likely to change.

Delaware Corporate Law and Federal Securities Regulations

Delaware Supreme Court Affirms Breach of Fiduciary Duty Judgment Against Mindbody CEO but Reverses Bidder’s Aiding and Abetting Liability

On Dec. 2, 2024, in In re Mindbody, Inc., Stockholder Litigation, the Delaware Supreme Court affirmed the Court of Chancery’s decision that Mindbody CEO Richard Stollmeyer had breached his duties of loyalty and disclosure in connection with Mindbody’s sale to Vista Equity Partners Management LLC (Vista). It concluded that the plaintiffs had made out a “paradigmatic” Revlon claim by proving that Mr. Stollmeyer had tilted the transaction toward his preferred bidder. However, the Delaware Supreme Court simultaneously reversed the Court of Chancery’s determination that Vista was liable for aiding and abetting Mr. Stollmeyer’s disclosure breach.

The lower court found that Mr. Stollmeyer had “greased the wheels” for Vista to acquire Mindbody by having numerous meetings with Vista representatives and tipping Vista off to the start of the formal bid process — without disclosing these kinds of communications to the board. Additionally, Mr. Stollmeyer had breached his duty of disclosure by omitting mention of these pretransaction activities in Mindbody’s proxy statements.

As to Vista, the Court of Chancery had determined that Vista aided and abetted Mr. Stollmeyer’s breach due to its contractual obligation to review Mindbody’s proxy materials. However, the Delaware Supreme Court reversed. It concluded that Vista lacked the element of “knowing participation” essential to an aiding and abetting claim. To show knowing participation, two forms of knowledge are required: 1) knowledge that the primary party’s conduct constitutes a breach and 2) knowledge that the participants’ behavior was legally improper.

Here, the court determined that Vista likely knew that Mr. Stollmeyer’s conduct constituted a breach; however, it may not have known that its own behavior in reviewing the proxy materials was improper. The Supreme Court focused on Vista’s “passive” participation — simply reviewing the proxy material — and concluded that such conduct did not amount to liability for aiding and abetting Mr. Stollmeyer’s disclosure breach. Vista’s status as a third-party buyer also afforded it some protection.

Lastly, the Delaware Supreme Court affirmed the Court of Chancery’s holding that defendants had waived their right to seek credit for a $27 million settlement that two different defendants had previously made to the plaintiffs because they raised the argument too late.

Delaware Court of Chancery Strikes Elon Musk’s Executive Pay Package at Tesla Inc.

Also on Dec. 2, Delaware Court of Chancery Chancellor Kathaleen McCormick rejected a $56 billion compensation package for Tesla Inc.’s (Tesla) CEO Elon Musk for the second time. Chancellor McCormick concluded that Tesla’s efforts to rectify the award after the court had decided that it was the product of fiduciary duty breaches were in vain.^[4]

The Tesla board of directors (the Board) had initially met to approve the pay package in January 2018. It was structured based on 12 milestones: Each time Tesla hit a market capitalization and operational threshold, Musk received options to purchase more shares.

On June 5, 2018, a Tesla stockholder filed an action alleging that Mr. Musk breached his fiduciary duties as a controlling shareholder and the directors who approved the pay breached their fiduciary duties as directors. After a trial, on Jan. 30, 2024, the court determined that the defendants had breached their duties of loyalty because they had “capitulated to Musk’s terms” and “failed to prove that those terms were entirely fair.”^[5] It ordered rescission of the pay package.

Following the January decision, the Board formed a special committee to (1) determine whether Tesla should reincorporate in Texas and (2) ask shareholders to ratify the pay package. One outside director composed the independent committee considering these proposals. In its April 29, 2024, proxy statement, Tesla recommended that shareholders ratify the exact compensation package that the court had rejected four months earlier and told them that their approval could “extinguish claims for breach of fiduciary duty.”^[6] The shareholders approved the compensation.

Next, the Tesla directors and Mr. Musk returned to court. On June 28, 2024, they filed a “Motion to Revise the Post-Trial Opinion,” and argued that the shareholders’ recent approval of the pay package ratified it. The court disagreed, rejecting this argument on four independent grounds.

First, procedurally, the court could not consider the shareholder vote because it was new evidence that did not exist at the time of trial; it was not “newly discovered” evidence that could be reviewed under the Delaware Court of Chancery’s procedural rules.

Second, the defense was not timely raised. Shareholder ratification is an affirmative defense that can be waived, and here, where it was raised not only after the close of fact-finding but also five months after the court’s decision, it was not timely.

Third, the stockholder vote alone could not ratify the Board’s approval of the pay package since it was a “conflicted-controller transaction.” As discussed below, in In re Match Gp. Inc. Deriv. Litig., the Delaware Supreme Court affirmed that “entire fairness is the presumptive standard of review” for conflicted-controller transactions.^[7] Under the entire fairness standard, the most that shareholder ratification can accomplish is to shift the burden of proof to the plaintiff.

To change the standard of review to the deferential business judgment rule, the defendants would have had to adhere to the procedural safeguards described in Kahn v. M&F Worldwide Corp. (MFW): That the transaction is “conditioned ab initio upon both the approval of an independent, adequately-empowered Special Committee that fulfills its duty of care; and the uncoerced, informed vote of a majority of the minority stockholders.”^[8] Here, Tesla held a shareholder vote and established an independent committee in 2024 to ratify a pay package that had been decided on in 2018 after negotiations that had begun in 2017. The court concluded that this was far too late and the entire fairness standard applied. Further, the court noted that the shareholder vote was not informed due to the false statements in the April 29, 2024, Proxy Statement about how ratification of the pay package would extinguish claims for fiduciary duty breaches.

A Delayed Look at the Delaware Supreme Court Decision in ‘In re Match Derivative Litigation’: Director Independence

Widely recognized for its holdings concerning the proper procedural safeguards in transactions involving controlling shareholders, in In re Match Group, Inc. Deriv. Litig., the Delaware Supreme Court also provided critical guidance on when a director is considered independent. The case concerned a merger transaction between Match Group Inc. (Old Match) and its controlling shareholder, IAC InterActiveCorp (Old IAC), which in turn was controlled by a shareholder named Barry Diller.

Old Match separated from Old IAC, at which point Old IAC made distributions to its shareholders. Old Match then became a wholly owned subsidiary of Old IAC, and Old Match’s minority shareholders received minority interests in Old IAC.

Old Match’s minority shareholders challenged their treatment, and Old Match defended by arguing that it was entitled to the application of the business judgment rule based on its use of the procedural safeguards announced in Kahn v. M&F Worldwide Corp. (MFW):^[9] the approval of the transaction by an independent committee and the vote of unaffiliated shareholders.

However, here the court concluded that one of the directors on Old Match’s independent committee, Thomas McInerney, was not independent, based largely on his relationship with Mr. Diller. Mr. McInerney had worked at Old IAC for 13 years and served on several affiliated boards, earned more than $55 million through his employment and $4.5 million through his board service, and had said that he was “more than grateful to Barry Diller for the opportunities he and IAC have given me.” In turn, Mr. Diller said that he had “total respect for [Mr. McInerney’s] ability, trustworthiness and decency.”

The Delaware Supreme Court held that these long-standing business affiliations, alongside a relationship exhibiting mutual and “personal ties of respect, loyalty, and affection,” eroded Mr. McInerney’s independence. The court additionally noted that independence can be compromised where the director may feel they owe their success, and therefore a “debt of gratitude,” to another.

While Match does not depart from existing Delaware case law on director independence, it may make it slightly easier for plaintiffs to show a lack of independence in specific scenarios. It also suggests additional considerations that boards should make when determining which directors to place on independent committees.

Delaware Governor Signs Into Law Amendments to Delaware’s General Corporation Law

On July 17, 2024, Delaware Gov. John Carney signed into law amendments to the Delaware General Corporation Law (DGCL). Effective Aug. 1, 2024, and applying retroactively, these amendments were introduced to reverse three recent Delaware Court of Chancery decisions and provide more predictability to corporate practices.

In West Palm Beach Firefighters’ Pension Fund v. Moelis & Co., the Delaware Court of Chancery invalidated certain approval rights granted to a founding stockholder because they improperly constrained the board of directors’ authority to manage the corporation. New amendments to Section 122(18) allow Delaware corporations to enter agreements with stockholders that limit a board’s discretion so long as they do not violate other provisions of the DGCL or the corporation’s certificate of incorporation.

New Section 261(a)(1) of the DGCL was responsive to Crispo v. Musk. In this suit, a Twitter stockholder sought damages and specific performance from Elon Musk after Mr. Musk had attempted to terminate a merger with Twitter. Once Mr. Musk had abandoned this attempt and the merger closed, the plaintiff sought a mootness fee, arguing that his prior effort contributed to Mr. Musk’s decision to go through with the deal. The Court of Chancery concluded that the plaintiff lacked standing so was not entitled to such a fee. New Section 261(a) allows merger agreements to contain penalties for breaches, including those based on the loss of stockholder premiums. It also permits the appointment of stockholder representatives to enforce rights under merger agreements.

Several new amendments were also adopted in response to Sjunde Ap-Fonden v. Activision Blizzard. In this decision, the court concluded that Microsoft’s acquisition of video game company Activision Blizzard violated Delaware’s procedures for obtaining board and shareholder approval of a merger agreement because, among other reasons, the draft agreement that the board approved was not in final form. New Sections 147, 232(g) and 268(a) and (b) clarify that boards can approve agreements that are in “substantially final form” and have documents annexed to them.

FinCEN Adopts Final Rules Bringing Investment Advisers Within the Ambit of the Bank Secrecy Act

On Sept. 4, 2024, the Financial Crimes Enforcement Network (FinCEN) adopted final rules (the Final Rules) bringing certain investment advisers and exempt reporting advisers (ERAs) within the definition of “financial institution” under the Bank Secrecy Act (BSA) and therefore subject to the BSA’s minimum standards for anti-money-laundering and countering the financing of terrorism (AML/CFT) programs.

The Final Rules are intended to address illicit finance risks outlined in a February 2024 report, including that investment advisers may attract illicit proceeds or manage funds ultimately controlled by sanctioned entities, among others.

The Final Rules define “investment advisers” as SEC-registered investment advisers (RIAs) and exempt reporting advisers (ERAs). In contrast to the proposed rules published Feb. 14, 2024, RIAs that register with the SEC only because they are midsize or multistate advisers or pension consultants are not considered “investment advisers.” Similarly, RIAs that do not report any assets under management on the Form ADV are excluded.

Under the Final Rules, investment advisers are required to implement risk-based AML/CFT programs, file reports with FinCEN such as suspicious activity reports and adhere to certain recordkeeping and information-sharing procedures.

Notably, the Final Rules do not require investment advisers to implement Customer Identification Programs. In May, FinCEN proposed rules to require investment advisers to verify the identities of their customers with such programs; however, these Final Rules do not include this requirement.

Acknowledging that many firms now considered investment advisers have already implemented some AML/CFT measures, the Final Rules allow for several exclusions from its requirements. For example, investment advisers can exclude mutual funds from their compliance obligations without first verifying that the mutual fund has its own AML/CFT programs. The Final Rules will create consistency across investment advisers so that bad actors cannot “shop around” for an investment adviser that has not implemented AML/CFT controls.

FinCEN is delegating examination authority for the Final Rules to the SEC, as it has done for AML/CFT obligations under the BSA with respect to brokers and dealers in securities, and mutual funds. The Final Rules take effect Jan. 1, 2026.

SEC Provides Guidance on Liquidity Rule Compliance

On Aug. 28, 2024, the SEC released guidance on open-end funds’ compliance with the Liquidity Rule, Rule 22e-4, under the Investment Company Act. The guidance covers the three areas below:

1. Frequency of liquidity classification: Funds must review liquidity classifications more often than monthly if changes in the market, trading and investment considerations materially affect classifications. Policies should outline how and when intramonth reviews will occur.
2. The meaning of “cash”: For the purposes of the Liquidity Rule, “cash” refers only to U.S. dollars. Since, under the Liquidity Rule, a fund is classified as “highly” or “moderately” liquid depending on how long it takes for an investment to be converted to cash, the guidance clarifies that any required currency conversions should be analyzed as part of a foreign investment’s conversion to cash.
3. Highly liquid investment minimums: Funds with lower liquidity or greater flow volatility must set higher liquid investment minimums than more liquid funds.

The SEC also adopted form amendments requiring open-end funds to disclose information on Form N-CEN concerning the service providers that an open-fund uses. These amendments take effect Nov. 17, 2025, or May 18, 2026, for funds with less than $1 billion.

SEC Requires Registered Funds To Provide More Frequent Portfolio Transparency

In an effort to provide investors with more up-to-date information about registered funds’ portfolio holdings, the SEC announced amendments to Form N-PORT reporting on Aug. 28, 2024. Currently filed quarterly, registered funds will now file Form N-PORT monthly within 30 days of month-end, with reports becoming public 60 days later. These changes apply to mutual and closed-end funds and take effect on Nov. 17, 2025. Smaller funds, with net assets under $1 billion, have until May 17, 2026, to comply.

These revisions aim to enhance portfolio transparency and reduce reporting delays.

AI Guidance

DOJ Updates Corporate Compliance Programs Criteria To Include Focus on AI Emerging Technologies

On Sept. 23, 2024, Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the U.S. Department of Justice’s (DOJ) Criminal Division, announced updates to DOJ’s guidance on the Evaluation of Corporate Compliance Programs (ECCP).

The ECCP sets forth criteria for prosecutors to consider when determining whether corporate compliance programs are adequate. The updates to the ECCP now require prosecutors to consider the following additional criteria:

• Whether compliance programs consider how companies manage risks related to new technologies such as AI
• Whether companies sufficiently encourage employees to proactively report misconduct without fear of retaliation
• Whether compliance personnel are able to adequately access and leverage company data and resources for compliance purposes

These updates align with recently announced DOJ policies and priorities that encourage companies to invest in robust measures to deter corporate misconduct.

NY Department of Financial Services Releases AI Cybersecurity Guidance

On Oct. 16, 2024, the New York Department of Financial Services issued Part 500: Guidance on how covered entities — largely banks, insurers and other financial firms —should implement cybersecurity regulations with regard to AI.

The guidance highlights four risks that AI may pose to covered entities, including its ability to (1) foster unique types of social engineering such as deepfakes, (2) speed and scale cyberattacks, (3) expand the amount of nonpublic information (NPI) that entities store, and (4) increase the risks associated with third-party service providers (TPSPs).

The guidance suggests six primary means of addressing these risks, including:

• Ensuring that company-specific risk assessments consider AI threats and are updated routinely
• Exercising due diligence before using a TPSP and considering how the TPSP protects itself from AI threats
• Controlling access to NPI by limiting the number of users with access and utilizing multifactor authentication systems
• Training employees on how to defend against cybersecurity attacks
• Maintaining a monitoring process for identifying security vulnerabilities

Cybersecurity Litigation 

Southern District of New York Dismisses Most Claims in SEC Cybersecurity-Related Enforcement Action Against SolarWinds

On July 18, 2024, U.S. District Judge Paul A. Engelmayer of the Southern District of New York dismissed most of the charges that the SEC brought against SolarWinds and its chief information security officer (CISO) concerning SolarWinds’ cybersecurity practices and disclosures. This was the first time that the SEC charged a CISO individually.

SolarWinds designed and sold software used by private companies and government entities. In late 2020/early 2021, SolarWinds suffered a large-scale cyberattack from Russian hackers known as SUNBURST. Hackers slipped malicious code into a software update of SolarWinds’ primary product, Orion, and used it to access the networks, systems and data of thousands of SolarWinds customers.

After the attack, the SEC brought three main types of claims against SolarWinds and its CISO. First, the agency alleged that SolarWinds and its CISO perpetrated securities fraud by making material misrepresentations and omissions in public filings and online about the company’s cybersecurity protocols. This was the first time the agency brought fraud-based claims premised on a cybersecurity breach. These charges, related to website statements touting five cybersecurity protections, were the only charges that the court did not dismiss.

Second, the SEC alleged violations of Section 13(b)(2)(B) of the Securities Exchange Act of 1934 (Exchange Act) for failing to implement and maintain internal accounting controls to ensure that SolarWinds’ assets — its technology products — were protected. This too was a novel charge. Judge Engelmayer dismissed it, holding that Section 13(b)(2)(B) only applies to financial accounting controls, not cybersecurity controls.

Lastly, the SEC alleged Exchange Act violations for failing to appropriately classify the severity of the attack, which resulted in a lack of reporting to upper management. The SEC alleged that the CISO aided and abetted this violation by failing to elevate it or disclose the company’s cybersecurity failures. The court rejected these claims, finding that SolarWinds had a system to facilitate disclosure of material cybersecurity risks, and concluded that the SEC’s claims had “traction only with the benefit of … hindsight.”

While companies can rest assured that they cannot be liable under Section 13(b)(2)(B) for cybersecurity controls, they should remain alert, as the SEC will continue to regulate cybersecurity deficiencies, particularly in light of recently enacted rules. Additionally, since some claims against SolarWinds’ CISO still stand, company officers should ensure that all company statements they help draft are accurate and that they report cybersecurity concerns to upper management.

SEC Announces Penalties Against Four Companies for Downplaying Severity of SolarWinds Cybersecurity Breach in Disclosures

In the aftermath of the data breach at SolarWinds described above, the SEC brought charges against Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd. and Mimecast Ltd. for making materially misleading disclosures about the effect of the cyberattack on their businesses. These issuers agreed to pay a total of almost $7 million in civil penalties in response to the charges.

The SEC claimed that the companies’ public disclosures “negligently minimized” the severity of the breaches and the new cybersecurity risks that resulted. The disclosures at issue allegedly described known risks as mere hypotheticals, downplayed the amount of data and number of customers affected, and described the attack too generally.

Under cybersecurity disclosure rules adopted after the SolarWinds attack, public companies that have experienced a cybersecurity incident must disclose it within four business days of determining that it was material and update those disclosures as needed. Companies should ensure that all their disclosures adequately inform investors about the entire scope of known cybersecurity risks and harms.

See our year-end review on data privacy for more coverage on cybersecurity topics.

Environmental, Social, and Governance Investing

Nasdaq’s Diversity Disclosure Rules Struck Down by En Banc Circuit Court of Appeals

On Dec. 11, 2024, the U.S. Court of Appeals for the Fifth Circuit struck down Nasdaq diversity-disclosure rules that would have required Nasdaq-listed companies to report that they have, or explain why they do not have, directors of diverse racial, gender or LGBTQIA+ backgrounds on their boards. While Nasdaq-listed companies are no longer required to disclose board diversity information, many public companies likely will still do so voluntarily.

The case began when the Alliance for Fair Board Recruitment and National Center for Public Policy Research sought Administrative Procedure Act (APA) review shortly after the SEC approved the diversity and disclosure rules in 2021. Petitioners argued that the agency lacked the statutory power to approve the rules and that the rules violated constitutional equal protection and free speech protections. While a three-judge panel initially affirmed the SEC’s approval of the rules, the full Fifth Circuit reconsidered the decision and reversed in a 9-8 decision.

The en banc court concluded that the SEC may not approve an exchange’s rule “unless it can establish the rule has some connection to an actual ‘enumerated purpose’ of the Securities Exchange Act of 1934 (Exchange Act).” The court rejected the SEC reading of a disclosure-purpose into the Exchange Act, determining instead that the act was adopted to protect investors and the economy from “fraud, manipulation, speculation, and anticompetitive” exchange behavior. The majority also invoked the “major questions doctrine” to support its holding, stating that the rules had broad economic and political significance so required “unequivocal” backing in statutory text.

Judge Stephen A. Higginson, who penned the vacated panel decision, wrote for the dissent, noting that the Exchange Act gave the SEC a “limited role in reviewing private exchange-proposed rules,” and the agency’s role was not to “interrogate investors’ motivations.” The parties have until March to request Supreme Court review; however, it is unlikely that they will.

As these decisions have come down, states such as California, Illinois and Connecticut have also made efforts to prompt consistent reporting on board diversity data. The California rules, too, have been challenged in state and federal courts.

SEC Voluntarily Stays Implementation of Climate Rules During Pendency of State of Iowa, et al. v. SEC

Earlier this year, the SEC enacted Climate Rules that require public companies to disclose climate-related risks, including Scope 1 and Scope 2 greenhouse gas emissions, material climate-related goals, information about board-level oversight of climate-related risks and many other matters.

The Climate Rules were intended to provide investors with more consistent and comparable information about climate-related risks and companies’ management of those risks. They were challenged, however, in 10 petitions brought in six Circuit Courts of Appeals. These actions were consolidated in the Eighth Circuit under the caption Iowa v. SEC.^[10] After several petitioners sought court-issued administrative stays, on April 4, 2024, only one month after promulgating the Climate Rules, the SEC announced its own voluntary stay of them until the conclusion of the litigation.

Petitioners challenged the Rules on three main grounds: (1) that the SEC exceeded its statutory authority, (2) that the SEC’s process for adopting and assessing the Rules violated the Administrative Procedure Act (APA) and (3) that the Rules violate the First Amendment by requiring issuers to offer their opinions about climate change.

On Aug. 6, 2024, the SEC filed a brief disputing these points and addressing the impact that the Supreme Court’s decision in Loper Bright would have on the case. It emphasized that in passing the Securities Act of 1933 (Securities Act) and Securities Exchange Act of 1934 (Exchange Act), Congress intended to create a disclosure-based system for regulating securities and that these statutes grant the SEC authority to require disclosure of “not only certain enumerated information, but also ‘such information’ as the Commission determines to be ‘necessary or appropriate in the public interest or for the protection of investors.’”^[11] The brief highlighted that the SEC is “agnostic” as to how investors use disclosed climate-related information; the rules simply facilitate standardized disclosures.

The SEC also argued that it complied with APA requirements concerning the adoption of the Climate Rules. Based on an extensive record, the SEC concluded that investors greatly value information on climate-related risks but that there is a current dearth of dependable and comparable information on the topic. Further, the SEC provided a cost-benefit analysis and provided the public meaningful opportunity to participate in the rulemaking process.

Finally, the SEC contended that the Rules comply with the First Amendment because they require disclosure of purely factual information and satisfy the lower level of scrutiny applicable to commercial speech.

The last petitioner reply brief was filed Sept. 26, 2024. An oral argument in the case has yet to be scheduled.

Advisory Firm Pays $17.5M Civil Penalty To Settle SEC Charges for Making Misrepresentations Regarding ESG Considerations in Investment Decisions

On Nov. 8, 2024, the SEC announced charges against Invesco Advisers Inc. (Invesco), an investment advisory firm, in an effort to prevent greenwashing. The SEC argued Invesco violated Sections 206(2) and 206(4) of the Investment Advisers Act of 1940 by making materially misleading statements that exaggerated the proportion of assets under its management (AUM) that incorporated ESG factors into investment decisions. The SEC alleged that Invesco inflated its percentage of ESG-integrated AUM by considering funds held in passively managed exchange-traded funds as ESG-integrated, even though they are not. Further, the SEC concluded that Invesco lacked adequate compliance procedures to ensure that its ESG disclosures were accurate. Invesco agreed to pay a $17.5 million civil penalty to settle the claims.

^[1]_{Memorandum Opinion and Order, No. 4:24-cv-00478 (E.D. Tex. Dec. 3, 2024).}

^[2]_{Unpublished Order, No: 24-40792, at 3 (5th Cir. Dec. 23, 2024).}

^[3]_{Order, No: 24-40792, at 2 (5th Cir. Dec. 26, 2024).}

^[4]_{Tornetta v. Musk et al., No. 2018-0408-KSJM, 2024 WL 4930635 (Del. Ch. Dec. 2, 2024). Tornetta v. Musk et al., No. 2018-0408-KSJM,  (Del. Ch. Jan. 30, 2024).}

^[5]_{Tornetta v. Musk et al., No. 2018-0408-KSJM, 2024 WL 4930635, at *4 (Del. Ch. Dec. 2, 2024).}

^[6]_{Id. at *7.}

^[7]_{315 A.3d 446, 451 (Del. 2022).}

^[8]_{88 A.3d 635, 644 (Del. 2014).}

^[9]_{88 A.3d 635 (Del. 2014).}

^[10]_{No. 24-1522 (8th Cir.).}

^[11]_{Consolidated Brief for Respondent SEC at 23, Iowa v. SEC, No. 24-1522 (8th Cir.) (citing 15 U.S.C. 77g(a)(1), 78l(b)(1)).}