The NASPP Blog

Category Archives: Section 16

July 18, 2017

Update on Share Withholding Litigation

Back in December I reported on a shareholder who was sending demand letters to companies alleging that share withholding transactions aren’t exempt from Section 16(b) unless the transaction is automatic, i.e., insiders have no choice in how to pay their taxes (“Shareholder Challenging 16(b) Status of Share Withholding“). I have a few updates on this development.

The Bad News

Back in December, it was just one shareholder but now there at least two more shareholders that are issuing demand letters like this. Also, we’ve now progressed beyond demand letters, with several companies now in litigation over this.

Both Good and Bad News

As noted in the March 2017 issue of Section 16 Updates, the shareholders have submitted demand letters to around 70 companies. One bit of good news is that in most cases, the amount of the alleged short-swing profits has been small, so payments to the shareholders have also been small.

But this is also bad news because it means that most companies would prefer to settle rather than pursuing costly litigation, which is necessary to get clarification on this matter from the courts.  As noted in Section 16 Updates:

A clear ruling on the issue is much needed, given the chilling effect that the shareholders’ demand letters have had on the grant and exercise of elective stock withholding rights and the burden that re-approvals have imposed on compensation committees.

The Good News

On May 8, there was a ruling in favor of the defendant in one of the cases that has been litigated (Jordan v. Flexton), which Alan Dye describes in his blog on (“Court Holds that Discretionary Tax Withholding Exempted by Rule 16b-3“). Here is Alan’s summary of the decision:

The court dismissed the complaint for failure to state a claim, holding in a one-page order that “the transactions in question are compensation related and are designed to be exempt under” Rule 16b-3(e). While a lengthier discussion of the issue might have been more helpful in resolving other pending cases, the court’s holding is nevertheless important because it clearly rejects the plaintiff’s argument that Rule 16b-3 exempts withholding transactions only if they are “automatic.” Moreover, the court allowed reliance on the exemption even where the decision to withhold shares was made by the issuer (i.e., employees) rather than the insider or the compensation committee. The case therefore provides reason to believe that courts will reach a similar result regarding all forms of stock withholding so long as withholding was authorized by the compensation committee as part of the initial equity award.

I’m sure this is a topic that Alan will be discussing in his session “Section 16 & Insider Considerations in Today’s Market” at the 25th Annual NASPP Conference—don’t miss it!

– Barbara

Tags: , ,

February 14, 2017

More on Updating EDGAR Passwords

During the Section 16 Q&A webcast in January, Alan Dye discussed the new procedures for resetting an EDGAR passphrase. The passphrase is used if you need to generate new EDGAR codes (CCC, password, and PMAC) for you or your insiders in the event that you’ve forgotten the password or it has expired.

Linda Epstein from Hewlett Packard Enterprise emailed to tell us that there is an easier way to update an insider’s expired password, assuming the following:

  • You know the insider’s EDGAR codes (CIK, CCC, expired password, and PMAC—you don’t need the passphrase for this), and
  • Have your own access to EDGAR.

The Easier Way

Rather than logging into the insider’s account, you can simply log into the main EDGAR website (or the EDGAR Online Forms Management website) under your account and select the Retrieve/Edit Data function. EDGAR will ask you to enter the CIK and CCC for the account you want to edit. Turns out, you can enter any account here (so long as you have the access codes for that account)—it doesn’t have to be your own account.

Once you enter the CIK and CCC code, you then have the ability to change the password for the account, provided you know the old password and the Password Modification Authorization Code (PMAC). This is easier than generating all new EDGAR codes, especially if the individual is an insider at more than one company (which would require you to notify all the other companies of his/her new CCC).

Update Contact Info Too

You can also use the Retrieve/Edit Data function to update an insider’s contact info, including email address, and you don’t need the insider’s password or PMAC to do this.

Given the ability to do this, I’m not sure you’d even need to update the insider’s password (you can still submit filings for an insider whose password has expired). But if you did need to do so, without the insider’s password or PMAC, you’d be stuck generating new EDGAR codes. Here again, this feature could be handy. Because, let’s face it, if you don’t know those two things, you also probably don’t know the insider’s passphrase and you’re going to have to generate a new passphrase. This feature would at least allow you to ensure that the insider’s email is correct (or change it to an email address that you can access), since, under the new passphrase procedures, you have to provide the “electronic security token” that is emailed to the insider when the new passphrase is requested.

It also means that instead of the nightmare I went through to update my passphrase, I could have had one of my friends who does Section 16 filings update my expired password for me (ironically, I knew my old password and PMAC, I just didn’t know my passphrase). I’m sure one of you would have come through for me. Good to know for the future (not that I am ever going to forget my passphrase or let my password expire again).

This Explains a Lot

Well, maybe not a lot, but it does at least explain why you have to enter your CIK and CCC to change your password after logging into EDGAR, something that, until now, seemed like a useless extra step to me.  I’m not sure it explains the need for the PMAC, however (if you already know the insider’s old password, how much more authorization do you need).

If anyone else has any handy EDGAR tips, I’m all ears.

– Barbara

Tags: , ,

January 4, 2017

Yet Another EDGAR Security Protocol

The SEC has announced an update to the process used to generate a new EDGAR passphrase. In anticipation of this, now would be a good time to make sure your email address is correct (and the email addresses for all of your Section 16 insiders) in the EDGAR system.

What Is a Passphrase and How Is It Different from a Password or a Password Modification Authorization Code (PMAC)?

The EDGAR system has a ridiculous number of password-type codes assigned to each individual user.  You probably only need one password to access your bank account, but EDGAR assigns four password-type codes to each user.  And, even with that shockingly complex security protocol, it’s still possible to submit fake EDGAR filings.

Your passphrase is used to generate a completely new set of EDGAR codes (CCC, password, and PMAC). You do this when you are first assigned a CIK (because you won’t have any of the other codes yet). It’s also the only way to generate a new password if you’ve forgotten yours.

What Is the New Process?

The problem with having to use your passphrase to generate a new password (and CCC) is that if you’ve forgotten your password, you’ve probably also forgotten your passphrase. In which case, you have to request a new passphrase before you can generate a new password.

Previously, to generate a new passphrase, you completed the online request form and submitted a new notarized Form ID to the SEC (for a more detailed, somewhat humorous explanation of this, see “My EDGAR Nightmare“).  Now, you’ll also have to provide an “electronic security token” with your request.  The electronic security token will be emailed to you by EDGAR at the time you make the request to change your passphrase. This is why it is important to make sure your email address is correct; if the EDGAR system doesn’t have your correct email address, you won’t get the email with your electronic security token and you’ll have to go through some sort of manual review to get your passphrase updated, which could take more than two days (and I’m sure you all understand the significance of process that takes longer than two days in the EDGAR context).

What Exactly Is an Electronic Security Token?

Got me. Since EDGAR is emailing it to you, my guess is that it is some sort of code that you enter into the EDGAR website, but it could also be a link in the email that you have to click.

Will Form ID Still Be Required to Change a Passphrase?

No idea on this either. The announcement from the SEC did not include a lot of information.

When Is the New Process Going Into Effect?

The SEC announcement, which was issued on December 12, says “soon.” When dealing with the government, “soon” often is later than you might expect but I still wouldn’t wait to make sure your and your insiders’ email addresses are correct.

Thanks to Tami Bohm of Radian Group for reminding me to blog about this.

– Barbara

Tags: ,

December 6, 2016

Shareholder Challenging 16(b) Status of Share Withholding

Just when you thought it was safe to withhold shares to cover taxes, a shareholder has started issuing demand letters to companies claiming that share withholding is a nonexempt sale for purposes of Section 16b.


Yep, I say “shareholder” because apparently it’s just one guy and he’s representing himself, he’s not even engaging the services of the plaintiffs’ bar.

What the Heck?

But wait, you say, that’s ridiculous.  Share withholding is exempt from Section 16(b) pursuant to Rule 16b-3(e), which covers dispositions back to the issuer that are approved in advance by the board or compensation committee (and approval of the grant agreement allowing said disposition counts as approval of the disposition).

You are correct, but the shareholder is claiming that Rule 16b-3(e) applies only if shares are withheld automatically. His claim is that if the insider could pay the taxes in some other way (e.g., cash), the transaction isn’t exempt.

Is My Company Going to Hear from this Guy?

Only if the share withholding transaction can be matched against a nonexempt purchase that occurs within six months before or after it. A nonexempt sale by itself is nothing to be alarmed about; the sale has to be matched against a nonexempt purchase to trigger profits recovery.

Also, since the shareholder’s argument hinges on the share withholding transaction being at the election of the insider, if you don’t allow insiders a choice in how to pay their taxes (and the shareholder can figure this out), you may not hear from him.

What Does Alan Dye Say?

I’m not sure lawyers ever use the term “ridiculous” but Alan doesn’t believe the shareholder’s position has merit. From his blog “Shareholder Challenging Availability of Rule 16b-3(e) to Exempt Elective Exercise of Tax Withholding Right” (August 23, 2016):

“For what it’s worth, Peter Romeo and I disagree strongly with the shareholder’s position, as do the attorneys I’ve spoken with who are responding to similar demand letters.”

Alan also notes that the shareholder has just issued demand letters, he hasn’t filed any complaints yet. But Alan says that he has been litigious in other Section 16(b) contexts.

What Should We Do?

If you allow insiders to use share withholding to cover their taxes on either awards or stock options, you should make sure your in-house legal team is aware of this, so they can decide how to proceed.

In addition, at the time shares are withheld to cover taxes, it is a good idea to check (or have whoever is responsible for Section 16 filings check) for nonexempt purchases by insiders in the past six months. Even though you might still allow the insiders to go ahead with the share withholding, it will be helpful to know ahead of time that the transaction might attract a demand letter, so your legal team can be prepared for it.

– Barbara

Tags: , ,

July 7, 2016

My EDGAR Nightmare

I recently had to update my EDGAR passphrase.  I thought this would be a relatively simple process. I’m a smart person and I have a proven success rate in navigating government websites—I know how to use the DMV website to make an appointment, I’ve requested a certified copy of my birth certificate online, I can find a public company’s stock plan on EDGAR—how hard could it be to update my EDGAR password?  Turns out, way harder than I expected.

This is a long blog entry, but it’s not my fault. I blame the SEC (and maybe Microsoft).

How I Got Into this Mess

I got my EDGAR access codes over a decade ago, back when the SEC first rolled out the system for filing Section 16 forms online. It was so long ago, it was before the SEC required a notarized Form ID or a passphrase. I did not want to go through the hassle of submitting a notarized form to the SEC, so I had a system in place to make sure I didn’t forget to update my EDGAR password, which consisted of a reminder in my Outlook calendar set for about a month before my EDGAR password expired.  Once a year, the reminder would pop up and—unlike how I respond to my alarm clock—I would not ignore it or hit snooze. I would immediately update my EDGAR password and set the reminder for the next year.

This system worked fantastically for over a decade, including through a change in employers. And then I got a new laptop with Outlook 13 on it. Outlook 13 had some sort of “known issue” that caused emails to disappear from my inbox. The only way to fix it was to remove Outlook 13 and go back to Outlook 10. In the process, my entire calendar was lost. Completely gone.

After massive hyperventilating and gnashing of the teeth, I was able to recreate most of it, but there were some appointments I forgot—including the reminder about my EDGAR password.

Fixing an Expired EDGAR Password

To update an expired EDGAR password, you have to generate a new set of EDGAR codes. This requires a passphrase.  I had no idea what my passphrase was because the passphrase system wasn’t in place when I originally got my EDGAR codes, hence I didn’t have it noted in any of the various places where I have made note of my EDGAR codes (this was regrettable on my part).  Here’s what I needed to do:

1. Generate a new passphrase. This required me to submit an Update Passphrase Confirmation form, which has to be notarized. I thought getting the notarization would be hard, and it was, mainly because I kept forgetting to bring the form with me when I met with my notary friend who would notarize the form for free.

This part was also very confusing because the only way to get the Update Passphrase Confirmation form is to fill out an online request for a new passphrase.  But the SEC won’t issue a new passphrase until the notarized form is submitted, so I would have to come back and complete this very same online form again once I had my notarization. Essentially, you complete one new passphrase request that the SEC completely ignores. Then, once you have your notarized form, you complete a second request that the SEC will act on if you can manage to submit your notarized form properly (see steps 2 to 5).

Finally, to add to my frustration, it took several tries to come up with a passphrase that would meet the SEC’s crazy specifications so that I could print the form that I had to have notarized.  (Note to the SEC: a password that is so complicated to remember and so hard to update that you write it down in multiple places it is a total security fail.)

2. Months later, after I finally got the form notarized (access to EDGAR isn’t really a pressing concern for me on a day-to-day basis), I had to go back to EDGAR to submit the form.

3. Of course I first tried this after 7:00 PM Pacific (I am in California) and EDGAR is shut down for the night at that time. Despite how ridiculous this is for an online system, it shouldn’t have been a surprise; as soon as I got the error message, I remembered that EDGAR shuts down for the night.

4. The next day I thought I was all set.  I had my form and it was between 3:00 AM and 7:00 PM Pacific.  Thankfully, the EDGAR system let me use the same passphrase I had come up with after several tries in step 1, so I didn’t have think of another one.  But I still made every error in the book before I could submit the form—my file name was too long, then it had spaces, then it had capital letters, then my reason for needing to update my passphrase was too long, then it included profanity (just kidding, I did not swear at the SEC, at least not in writing).

5. After several tries, I finally managed to submit my update passphrase request form without getting an immediate error. I took this to be a good sign, even though there was no way I could tell that the submission had succeeded, since I got the same “submission completed” screen that I got when the submission failed.

6. Then I waited.  After two business days, I received an email that my request to change my passphrase had been accepted. This was a major hurdle overcome, but I still had to go in and generate my new EDGAR codes.

7. Guess what time it was when I tried generate my new EDGAR codes:  yep, after 7:00 PM Pacific (this is one of my most productive time periods).  So I set an appointment in my calendar to remind me to generate my codes before 7:00 PM the next day (no worries about me trying to generate them before 3:00 AM).

8. The next day, my reminder pops up and I go to generate my new EDGAR codes. After all this, I am positively holding my breath that I wrote down my passphrase correctly because I sure as heck didn’t want to have to start this whole process again. Luckily, I am at least competent in this one thing, because the passphrase worked and I finally have my new EDGAR codes.  Phew!

Lesson Learned

You might think the lesson I learned is to not let my EDGAR password expire, but that isn’t it all. The lesson I learned is …

Don’t forget your EDGAR passphrase!

If I had just remembered my passphrase, this whole blog entry could have been avoided. Maybe I should rent a safe deposit box or get one of those fireproof safes just to store my EDGAR passphrase.

Wondering why EDGAR is such a hot mess? Check out this nifty podcast that explains the problem with government websites: “DMV Nation.”

– Barbara

Tags: ,

January 15, 2016

“Inadvertent” is No Excuse for Untimely Section 16 Filings

It’s been a while since I tackled Section 16 reporting in this blog. The last time I covered it, the SEC was on widespread mission to crack down on the smallest of infractions, Section 16(a) included. That was in 2014, and things seem to have quieted since then. Or have they? In today’s blog I’ll address that question.

All is (not) Quiet on the Section 16 Front

This time last year, there was a fair amount of buzz circulating around about the SEC’s (at the time) newfound aggression in pursuing enforcement for Section 16(a) reporting violations. It was the latest in a line of actions brought by the Commission as part of what SEC Chairman White had described as a “broken windows” initiative, where the agency put focus on frequently overlooked minor violations and highlighted that it was “important to pursue even the smallest infractions.”

While some companies have struggled to file Section 16 reports on a timely basis, the SEC’s ability to identify even the smallest of those infractions has increased greatly in recent years. Advances in technology and renewed attention to enforcement have combined to create an environment where it’s no longer safe to assume that a tiny infraction, even if just an oversight, will be overlooked. Although hype around this type of enforcement has quieted in recent months, it doesn’t mean that SEC attention has waned. Companies should be attentive in pursuing flawless (or near flawless) compliance with Section 16 reporting requirements.

Proxy season is on the horizon for many companies, and although any Section 16(a) reporting violations that happened in the past are what they are, there’s still time to focus on the Item 405 proxy disclosure piece that identifies any late reported Section 16 activity. Effort can also be made to ensure no Section 16 reporting mishaps occur going forward. It’s time to examine opportunities for improvement in these areas.

Inadvertent Mistakes Aren’t a Defense

There was a time where it almost seemed reasonable to say “it was just an inadvertent mistake.” That language appears in the Item 405 disclosure of many proxy statements. Why? Because, the truth is that inadvertent mistakes do happen. What is important to know is that violations of Section 16(a) reporting requirements are enforced only by the SEC, and (key to note) there is no “intent” or other “state of mind requirement” for there to be a “violation”; therefore, inadvertent failures to timely file Section 16 Forms 3, 4 and 5 may constitute violations of the federal reporting requirements. Essentially, nobody had to have “intended” to violate Section 16 in order for there to be an infraction. Additionally, relying on others is not a defense either: (“The insider didn’t give us timely information and therefore, I couldn’t make the filing on time.”)

Since an inadvertent mistake won’t necessarily absolve an issuer (or an insider) from responsibility and potential SEC enforcement action, it’s more important than ever to develop practices that prevent mistakes from occurring in the first place.

Must-Have Section 16 Resources

This month, Section 16 is getting a lot of NASPP coverage. With the goal to achieve “flawless” reporting this year, there’s lots to focus on, especially if you have a history of recent Item 405 disclosures in the proxy (pointing to opportunities for improvement in this area).

On January 27, Alan Dye will be doing his annual webcast on the Latest Section 16 Developments (free for NASPP members). Since the SEC’s major Section 16 enforcement initiative in late 2014, involving 28 insiders and civil penalties totaling $2.6 million, Section 16 filings have been in the spotlight like never before, commencing a new era of enforcement for the SEC. This is a Q&A webcast, designed to make sure you are equipped to comply. Hear practical tips on refining your Section 16 procedures and answers to your questions on the challenges you are facing today (submit your questions to

We’ve also got a great interview with Alan Dye that will be featured in the next episode of our Equity Expert podcast series (out next week). Be sure to subscribe today so that you are notified when Alan’s interview becomes available. The podcast is all audio, and is accessible on the NASPP website or through a podcast app on your mobile device (search for “Equity Expert”). The podcast is available for free to everyone. If you’re not listening to it, you’re missing out on some great interviews!

The Jan-Feb issue of The NASPP Advisor is due out next week, and both the Top 10 List and Administrators’ Corner articles are dedicated to Section 16 practices. Keep an eye out for it, because you won’t want to miss the tips and practices for achieving better compliance with Section 16 reporting requirements.

Watch for and take advantage of these great resources to help improve Section 16 compliance and reporting practices this year.


Tags: , , ,

May 19, 2015

How Many Grant Dates Can One Option Have?

How many grant dates can one option have? The answer, as it turns out, is more than you might think.  I was recently contacted by a reporter who was looking at the proxy disclosures for a public company and was convinced that the company was doing something dodgy with respect to a performance option granted to the CEO.  The option was not reported in the SCT for the year in which it was granted, even though the company discussed the award in some detail in the CD&A, had reported the grant on a Form 4, and the option price was equal to the FMV on the date the board approved the grant.  The reporter was convinced this was some clever new backdating scheme, or some way of getting around some sort of limit on the number of shares that could be granted (either the per-person limit in the plan for 162(m) purposes or the aggregate shares allocated to the plan).

Bifurcated Grant Dates

When I read through the proxy disclosures, I could see why the reporter was confused.  The problem was that the option had several future performance periods and the compensation committee wasn’t planning to set the performance goals until the start of each period. The first performance period didn’t start until the following year.

Under ASC 718 the key terms of an award have to be mutually understood by both parties (company and award recipient) for the grant date to occur. I’m not sure why the standard requires this.  I reviewed the “Basis for Conclusions” in FAS 123(R) and the FASB essentially said “because that’s the way we’ve always done it.” I’m paraphrasing—they didn’t actually say that, but that was the gist of it.  Read it for yourself: paragraph B49 (in the original standard, the “Basis for Conclusions” wasn’t ported over to the Codification system).

The performance goals are most certainly a key metric. So even though the option was granted for purposes of Section 409A and any other tax purposes (the general standard to establish a grant date under the tax code is merely that the corporate action necessary to effect the grant, i.e., board approval, be completed), the option did not yet have a grant date for accounting purposes.

And the SCT looks to ASC 718 for purposes of determining the value of the option that should be reported therein. Without a grant date yet for ASC 718 purposes, the option also isn’t considered granted for purposes of the SCT. Thus, the company was right to discuss the grant in the CD&A but not report it in the SCT. (The company did explain why the grant wasn’t reported in the SCT and the explanation made perfect sense to me, but I spend an excessive amount of time thinking about accounting for stock compensation. To a layperson, who presumably has other things to do with his/her time, I could see how it was confusing and suspicious).

Trifurcated Grant Dates?

The option vested based on goals other than stock price targets, so it is interesting that the company chose to report the option on a Form 4 at the time the grant was approved by the compensation committee. Where a performance award (option or RSU) is subject to performance conditions other than a stock price target, the grant date for Section 16 purposes doesn’t occur until the performance goals are met. So the company could have waited until the options vested to file the Form 4.

If you are keeping score, that’s three different grant dates for one option:

Purpose  Grant Date
 1. Tax  Approval date
 2. Accounting / SCT  Date goals are determined
 3. Form 4  Date goals are met

If the FASB is looking for other areas to simplify ASC 718, the determination of grant date is just about at the top of my list. While they are at it, it might nice if the SEC would take another look at the Form 4 reporting requirements, because I’m pretty sure just about everyone (other than Peter Romeo and Alan Dye, of course) is confused about them (I had to look them up).

– Barbara

Tags: , , , , , , ,