March 17, 2022 | Editor: Martin Wennerström
SEC proposes heightened cybersecurity risk disclosure
The U.S. SEC has proposed amendments to existing rules on public companies’ disclosure of cybersecurity, risk management, strategy, governance, and incident reporting. The amendments would, inter alia, require public companies to report on material cybersecurity incidents and periodic updates on past incidents, as well as the companies’ policies and procedures on cybersecurity risk management, board oversight of cybersecurity risks and directors’ cybersecurity expertise. SEC Chair Gary Gensler issued a statement in support of the amendments, considering cybersecurity an emerging risk that must be addressed by public companies. Gensler stated that standardized and periodic cybersecurity risk disclosure would enable investors to assess cybersecurity risks more effectively. SEC Commissioner Hester Price released a dissenting statement arguing the proposed rules would pressure companies to “adapt their existing policies and procedures to the Commission’s preferred approach”, while noting that securities regulators are not “best suited to design cybersecurity programs.”
Investors pressure Amazon for enhanced tax transparency
Ericsson and top executive named in U.S. class action suit
The Sweden-based telecom company Ericsson, along with its CEO Börje Ekholm and CFO Carl Mellander, have been named in a U.S. lawsuit accusing the company of misleading investors. In February it was revealed that a 2019 company investigation found payments made to avoid Iraqi customs, including in areas controlled by ISIS. The U.S. DOJ has accused Ericsson of breaching a 2019 deferred prosecution agreement by failing to disclose details of its operations. Following the agreement, Ericsson paid USD 1 billion to settle corruption probes regarding bribery claims.