Key Considerations for the 2020 Annual Reporting Season

23 min read

This memorandum outlines key considerations from White & Case’s Public Company Advisory Practice for foreign private issuers (“FPIs”) in preparation for the 2020 annual reporting season. It describes our key considerations for Annual Reports on Form 20-F in two parts:

  1. Housekeeping Items for Form 20-Fs in 2020; and
  2. Top Seven Disclosure Considerations for the Form 20-F in 2020.


Considerations for Annual Reports on Form 20-F in 2020

Recent SEC rulemaking and other developments in 2019, including rules adopted in 2019 pursuant to the FAST Act,1 have resulted in a number of changes to SEC filings, including your upcoming Form 20-F, as described below.

Housekeeping Items for Form 20-Fs in 2020

As a result of the FAST Act rule changes, the following housekeeping items should be addressed for upcoming Form 20-Fs:

Update 20-F Cover Page: Make sure your Form 20-F cover page is updated to reflect the most recent changes to the form adopted pursuant to the recent FAST Act rule changes, by adding the trading symbol (your company’s ticker) to the cover page.

Two additional changes were made to the Form 20-F cover page in 2018 pursuant to additional rule amendments.2 Given all of these recent changes, it is important to confirm that your Form 20-F cover page reflects all recent updates (see also XBRL changes to the cover page, described in “XBRL Changes” below).3

Top Seven Disclosure Considerations for the Form 20-F in 2020

Below is our list of the top seven items to consider when preparing your upcoming Form 20-F in 2020.

  1. Operating and Financial Review and Prospects (i.e., MD&A): Revised Item 5 of Form 20-F requires only a two year discussion of financial results. Specifically, companies are permitted to eliminate discussion of the earliest of the three-year period presented in their financial statements if: (i) such discussion is already included in any of its prior SEC filings and (ii) the company identifies the location in the prior filing where the omitted discussion may be found. While we expect most companies to take advantage of this rule change, it is important to first confirm whether any of the discussion of the third earliest year remains material and should therefore still be included in the MD&A.4
  2. Exhibits: The following items should be considered when preparing your upcoming Form 20-F exhibit list:

    • New Exhibit to Form 20-F – Description of Registered Securities: Form 20-F’s “Instructions as to Exhibits” section was revised to require that companies file a new exhibit with their Form 20-F providing a description of each class of securities registered under Section 12 of the Securities Exchange Act of 1934 (the “Exchange Act”). Previously, this information was only required to be provided in registration statements filed under the Securities Act of 1933 (the “Securities Act”). Descriptions of company securities from prior SEC filings can provide a useful starting point for this new exhibit; however, registrants will need to assess whether updates are needed, for example, to reflect changes to their certificate of incorporation or bylaws.
    • Material Contracts No Longer Required If Fully Performed: For companies that are not “newly reporting registrants,”5 Form 20-F’s “Instructions as to Exhibits” section requires material contracts to be filed only if they are to be performed in whole or in part at or after the filing date of the annual report. The previous rule had also required material contracts that were fully performed before the filing date but that were entered into within two years of the filing to be filed. Accordingly, companies should review their exhibit index to check if any material contracts can be removed from the exhibit index pursuant to this rule change.
    • Redaction of Confidential Information: Companies are now permitted to omit confidential information from material contracts without having to submit a formal confidential treatment request (“CTR”), so long as the redacted information: (i) is not material and (ii) would likely cause competitive harm to the company if publicly disclosed. Companies should follow the procedures for redactions described in recent SEC staff guidance, which also notes that the SEC staff is selectively reviewing filings for compliance.6 As an alternative, companies can still use the traditional CTR process (see SEC staff guidance issued in December 2019).7 Furthermore, companies that previously obtained a confidential treatment order that is about to expire must still file an application to continue to protect the confidential information from public release; accordingly, it is important to assess whether existing CTRs are set to expire in the upcoming year.8 In all cases, a company should confirm that the omitted information is not material and that it only omits information that it treats as private or confidential. Information that has previously been made public (either by the company or a third party) would not be eligible for confidential treatment.
    • Omission of Schedules; Personally Identifiable Information: Form 20-F’s “Instructions as to Exhibits” now allows registrants to omit schedules and similar attachments to exhibits, provided: (i) they do not contain material information, and (ii) that information is not otherwise disclosed in the exhibit or the disclosure document.9 Accordingly, for new exhibits, companies should assess whether they can omit any exhibit schedules or attachments under this rule change. Schedules included with previously filed exhibits cannot be removed. In addition, registrants are now explicitly allowed to omit personally identifiable information from exhibits, such as bank account numbers, social security numbers, home addresses and similar information.
  3. Risk Factors: For upcoming Form 20-Fs, a number of recent trends and events may impact risk factor disclosures, as well as disclosures in other sections of the annual report. Although each company will need to assess its own material risks and tailor risk factors to its unique circumstances, below is a list highlighting certain areas of SEC focus and key trends that a company should also consider when assessing its risk factors.

    • Cybersecurity: As cybersecurity incidents and data misuse continue to persist, the SEC staff has been focusing on, and providing comments regarding, cybersecurity and privacy disclosures. As part of this focus, the SEC staff monitors press reports and may raise questions directly with affected companies about the sufficiency of cybersecurity or privacy disclosures in SEC reports on that basis. SEC guidance,10 as well as recent high profile enforcement actions for inadequate or misleading disclosures,11 emphasize that cybersecurity and complying with personal data rights pose economic, operational, and reputational risks that can impact any company. With respect to disclosure issues, recent cases caution against framing risk factor disclosures in hypothetical terms without specifically addressing actual incidents experienced by a company.12 Material cybersecurity and data privacy risks must be disclosed and, to the extent the company already experienced actual cybersecurity or data misuse incidents, such occurrences and their impact on the company should be described if they are material or otherwise are required to be disclosed as a matter of context. Companies are cautioned against the use of “may” happen with respect to something that has already happened in the past or is currently happening. In addition, other specific disclosure with respect to cyber and data risks associated with suppliers and acquisition targets, among others, may be warranted.

      Meanwhile, the impact on corporate operations of an ever-expanding and complex array of personal data privacy laws throughout the world often requires additional risk disclosures. Most notable in this regard is compliance with the European Union’s General Data Protection Regulation (the “GDPR”), which became effective in 2018 and remains a material issue for many companies regardless of whether they have a physical presence in Europe. Compliance with the GDPR could require changes to a company’s business practices on whether and how to collect and use certain types of personal data, affect a company’s ability to transfer personal data internationally, impact decisions to expand into certain regions or lines of business, and subject companies to sizable financial penalties, all of which could materially adversely affect profitability and outlook. Similarly, the California Consumer Privacy Act (the “CCPA”), effective January 1, 2020, has companies evaluating whether the new law poses material risks to their business model, especially with respect to restrictions on the broadly defined “sale” of personal data. Companies should consider what non-boilerplate disclosures, if any, are necessary with respect to their readiness for compliance, as well as the business impact of compliance, with these and other emerging data privacy laws and regulations.

    • IP and Technology Risks: In December 2019, the SEC’s Division of Corporation Finance (“Corp Fin”) released guidance specifically calling on companies to assess risks related to the potential theft or compromise of their technology, data or intellectual property in connection with their international operations and disclose them where material.13 Beyond direct intrusions, the guidance notes that companies may also face theft or compromise of these assets via indirect routes. For example, a company’s products may be reverse engineered by joint venture parties, including those affiliated with state actors. The guidance encourages companies to consider a range of questions when assessing these risks, including whether they are operating in foreign jurisdictions where the ability to enforce rights over intellectual property is limited as a statutory or practical matter, and whether they have controls and procedures in place to adequately protect technology and intellectual property. The SEC staff also emphasized that disclosure of material risks should be specifically tailored, and that where a company’s technology, data or intellectual property is being (or previously was) materially compromised, hypothetical disclosure of potential risks is not sufficient to satisfy a company’s reporting obligations. Furthermore, companies should continue to consider this evolving area of risk and evaluate its materiality on an ongoing basis.
    • Brexit: Brexit disclosure remains one of the SEC’s key areas of focus for the upcoming season. The uncertainty surrounding Brexit-related developments means that companies are preparing for different outcomes, mitigating the risk of whatever outcome they may face, and investors should be informed about the nature and extent of those risks and about the steps companies are taking to prepare for them. Through comment letters, guidance and speeches, the SEC continues to caution companies against boilerplate disclosure in this area. If Brexit-related risks represent material risks to the company, disclosure should be tailored and should describe with sufficient specificity how Brexit is expected to impact the company and its operations. SEC Chairman Jay Clayton and Corp Fin Director Bill Hinman have both emphasized the importance of Brexit disclosure, and SEC staff may closely review SEC filings to assess whether companies adequately address the impact of Brexit, including indirectly through other businesses and individuals on whom the company relies.14
    • LIBOR: In light of the expected discontinuation of LIBOR after 2021,15 the SEC staff issued guidance in July 201916 stating that: (i) companies should consider disclosing their efforts to date to identify and mitigate associated risks and assess their impacts, as well as disclosing any significant matters yet to be addressed; (ii) if a material exposure to LIBOR has been identified but the company cannot yet reasonably estimate the expected impact, companies should consider disclosing that fact; and (iii) disclosures that allow investors to see this issue through the eyes of management are likely to be the most useful for investors (such as information used by management and the board in assessing and monitoring how transitioning from LIBOR may impact the company). The SEC staff expressly indicated that it is actively monitoring the extent to which risks related to the discontinuation of LIBOR are being addressed, and noted that companies should assess whether disclosure may be appropriate in their risk factor section as well as in the MD&A, the business section and/or the financial statements.
    • Regulatory: Changes and potential changes in law, regulation, policy and/or political leadership may necessitate modifications to risk factor disclosure for certain companies. Some examples include: tariffs (imposed or threatened); potential or actual withdrawal or modification of international trade agreements; modifications to sanctions imposed by the US or other countries; changes to immigration policies that may present material risks to companies that rely on foreign employees or contractors; changes in tax or environmental policies; and political developments in the registrant’s home country.
    • Environmental: Environmental issues such as climate change have been receiving increased attention, and companies should consider whether they present material risks for their businesses. Risk factor disclosure related to environmental issues should be tailored to the specific circumstances of a company and can address a number of topics, including applicable environmental regulations and the impact of climate change on a company’s business, such as risks of increased costs or reduced demand for products, carbon asset risk, risks due to severe weather events, and management of greenhouse gas emissions, among other environmental issues. In 2019, Corp Fin director Bill Hinman specifically encouraged companies “to consider their disclosure on all emerging issues, including risks that may affect their long-term sustainability” and “whether their disclosure is sufficiently detailed to provide insight as to how management plans to mitigate material risks.”17
    • Human Capital Management: Companies should assess whether they have material risks associated with human capital management. In a recent rule proposal the SEC queried whether Form 10-K should be amended to require a company to include, to the extent material, a description of the company’s human capital resources, including any human capital measures or objectives that management focuses on in managing the business.18 Although these are only proposed rules at this stage, and the proposed rules would only apply to US registrants and FPIs that have elected to file on domestic forms, there is heightened focus on this issue from the SEC and investors, and accordingly, companies should be assessing what—if any—material issues they are facing with respect to human capital management and considering any appropriate updates to risk factor disclosure.
    • Industry Specific Risks: Each company needs to identify its specific material risks, and many risk factor trends are industry specific. For example, certain companies in the health or pharmaceutical industry have included disclosure regarding risks related to the health crisis involving opioid abuse, while several companies, mainly in the retail industry, have added risk factors related to the potential impact of gun violence on their businesses.
  4. Critical Audit Matters (“CAMs”):19 Under the Public Company Accounting Oversight Board’s (“PCAOB”) new auditing standard, AS 3101, subject to transition periods, an auditor’s report in a Form 20-F must disclose any CAMs arising from the current period’s audit, or state that the auditor determined there were no CAMs for that period.20 Large accelerated filers are now subject to the CAM requirements (large accelerated filers with June 30, 2019 fiscal year ends were the first companies required to disclose CAMs). Accelerated filers and non-accelerated filers will be subject to the CAM requirements for audits of fiscal years ending on or after December 15, 2020.

    For any CAM, the auditor must disclose the principal considerations that led the auditor to determine that the matter is a CAM and how the CAM was addressed in the audit, among other items. A CAM is any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee and that: (i) relates to accounts or disclosures that are material to the financial statements and (ii) involved especially challenging, subjective or complex auditor judgment. The PCAOB’s standard also provides a non-exclusive list of factors to be considered by an auditor to determine whether a matter is a CAM, including risks of material misstatement, the extent of audit effort and subjectivity required, and the degree of judgment involving estimates with significant measurement uncertainty.

    It is important for a company to engage with its auditor early and on a regular basis regarding potential CAM disclosure. The PCAOB recently noted that some audit teams began the process to determine CAMs as early as the second or third quarter of the fiscal year and that starting early provided ample time to identify CAMs and draft disclosure.21 The most frequently communicated CAMs have so far related to goodwill and other intangible assets; revenue recognition; taxes; and business combinations.22

  5. Non-GAAP Financial Measures: The SEC continues to focus on non-GAAP measures, so it is important to pay careful attention to the use and disclosure of such measures, including:

    • Ensuring that when a non-GAAP measure is used in a Form 20-F, the comparable IFRS or GAAP measure is disclosed with equal or greater prominence, and a reconciliation of the two measures is provided. Unlike US issuers, FPIs do not file quarterly Form 10-Qs. Instead, FPIs typically disclose quarterly results via earnings releases furnished on Form 6-K. Although as a technical matter those disclosures are not subject to the requirements of Item 10(e) of Regulation S-K (because they are not “filed”), including the requirement to present GAAP financial information with equal or greater prominence when non-GAAP financial measures are presented, FPIs generally follow the equal or greater prominence presentation format in such earnings releases as a matter of best practice, in addition to including the relevant non-GAAP reconciliations as required under Regulation G;23
    • Maintaining consistent treatment of items year over year; and
    • Following the guidance for adjustments for significant financing components under IFRS 15. The SEC has requested that companies remove adjustments that substitute individually tailored recognition and measurement methods for those of GAAP from the relevant non-GAAP measure, or explain why they are necessary. This includes the reversal in non-GAAP measures of the significant financing component calculated and reported outside revenue under IFRS 15.

    Moreover, the SEC staff’s Compliance & Disclosure Interpretation (“C&DI”) 100.01 reminds companies that some adjustments may be prohibited because they result in a non-GAAP presentation that is misleading. The example provided in the C&DI—that a performance measure excluding normal, recurring, cash operating expenses necessary to operate a registrants business could be misleading—is the basis for a number of recent SEC staff comments. Accordingly, a company should not only assess its compliance with non-GAAP disclosure requirements, but should also assess whether a non-GAAP measure itself may be misleading.

  6. XBRL Changes and Hyperlinking
    • Tagging of Cover Page in Inline XBRL: As a result of the FAST Act rule changes, subject to the transition periods described below, all of the information on the cover page of the Form 20-F must be tagged in Inline XBRL, which embeds XBRL data directly into an HTML document.24 FPIs are required to comply with these requirements based on their filer status and basis of accounting. FPIs that are Large Accelerated Filers that prepare their financial statements in accordance with US GAAP were the first filers required to begin tagging cover pages in Inline XBRL (with their first fiscal periods ending on or after June 15, 2019). Accelerated Filers that prepare their financial statements in accordance with US GAAP will be required to tag cover pages in Inline XBRL for fiscal periods ending on or after June 15, 2020. All other filers, including FPIs that prepare their financial statements in accordance with IFRS, will be required to comply in reports for fiscal periods ending on or after June 15, 2021. These dates are identical to the mandatory compliance dates for the tagging of financial statement information in Inline XBRL elsewhere in SEC reports.25
    • New Exhibit for Cover Page Inline XBRL Data: “Instructions as to Exhibits” section for Form 20-F now requires companies tagging cover page data in Inline XBRL (as described above) to file a “Cover Page Interactive Data File” with the Form 20-F and to list new Exhibit 104 in the exhibit index of their Form 20-F.26 New Exhibit 104 should include the word “Inline” within the title description and should cross-reference the Interactive Data Files submitted under Exhibit 101.27 In addition, companies subject to Inline XBRL requirements should also update Exhibit 101, including by adding the word “Inline” to their title descriptions.28
    • Hyperlinking: As a result of the FAST Act rule changes, the SEC now requires an active hyperlink to information incorporated by reference from another SEC filing. Accordingly, to the extent a company’s Form 20-F incorporates by reference information from a prior SEC filing, it will need to include an active hyperlink to the prior filing. With respect to a company’s financial statements, however, the SEC now explicitly prohibits incorporating by reference to (or cross-referencing to) information outside of the financial statements, unless otherwise specifically permitted or required by SEC rules, US GAAP or IFRS, as applicable.
  7. Disclosure of Dealings in Countries Designated as “State Sponsors of Terrorism” or Countries Subject to US Sanctions

    In 2019, the SEC increased the number of comment letters it sent to public companies seeking more detail about their disclosures related to dealings in countries that are considered state sponsors of terrorism29 or the subject of US sanctions enforced by the Treasury Department’s Office of Foreign Assets Control (“OFAC”).30 These comment letters often request information regarding the nature and extent of any past, current and anticipated contacts with these countries, such as any services, products, information or technology provided to, and direct or indirect agreements, commercial arrangements or other contacts with, the governments of those countries or any entities that might be controlled by those governments. FPIs should ensure they are compliant with current US law, as the countries and entities included on either list may change periodically, and, to the extent they are doing business in sanctioned countries (even if in compliance with applicable US law), should consider whether disclosure of such activities is appropriate.31


1 Referred to herein as the FAST Act rule changes. For more information, see our prior alert, “SEC Adopts Amendments to Modernize and Simplify Disclosure Requirements.”
2 These changes included the removal of language on “posting” the company’s Interactive Data Files on its corporate website and the removal of language next to the non-accelerated filer checkbox that companies “not check” the box if they are a smaller reporting company.
3 The SEC website generally provides a current version of the SEC’s forms, available here.
4 The SEC’s adopting release on the FAST rule changes, available here, states: “We continue to encourage registrants to take the opportunity to reevaluate their disclosure in light of these amendments and determine whether a discussion of the earliest year’s information remains material.”
5 The term is defined in Instruction 1 to paragraph (b)(10) of Item 601 and includes companies that are not subject to Exchange Act reporting obligations and certain shell companies.
6 For more information on the procedures for exhibit redactions, as well as information on SEC staff reviews of redacted exhibits, see SEC staff guidance, available here.
7 See SEC staff guidance, available here. Also see prior SEC staff guidance on extensions available here.
8 The short-form application provides a streamlined process to file an application to extend the time for which confidential treatment has been granted, but may only be used if the confidential material is the subject of an unexpired order granting confidential treatment. See SEC staff guidance, available here.
9 Companies that omit schedules must provide a list in the filed exhibit that briefly identifies the contents of all omitted schedules; however, companies “need not prepare a separate list of omitted information if such information is already included within the exhibit in a manner that conveys the subject matter of the omitted schedules and attachments.”
10 In February 2018, the SEC published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents, available here.
11 With respect to cybersecurity, the SEC found that Yahoo’s risk factor disclosures in its annual and quarterly reports were materially misleading in that they claimed the company only faced the “risk of potential future data breaches” that might expose the company to loss and liability “without disclosing that a massive data breach had in fact already occurred.” The SEC’s action is available here. For more information, see our prior alert, “SEC Fines Yahoo $35 Million for Failure to Timely Disclose a Cyber Breach.”
12 For example, the Yahoo case focused on disclosure of “possible” data breaches when the company had already experienced such a breach.
13 The guidance is available here.
14 See “SEC Rulemaking Over the Past Year, the Road Ahead and Challenges Posed by Brexit, LIBOR Transition and Cybersecurity Risks” (December 6, 2018), available here; see also “Applying a Principles-Based Approach to Disclosing Complex, Uncertain and Evolving Risks” (March 15, 2019), available here.
15 LIBOR is an indicative measure of the average interest rate at which major global banks could borrow from one another and is quoted for multiple currencies and time frames. It is used extensively in the US and globally as a “benchmark” or “reference rate” for various commercial and financial contracts. See SEC guidance available here.
16 Available here.
17 See “Applying a Principles-Based Approach to Disclosing Complex, Uncertain and Evolving Risks” (March 15, 2019), available here.
18 See “SEC Proposes Amendments to Modernize Disclosures; Considers Requiring Human Capital Resources Disclosure” (August 12, 2019), available here.
19 For more information, see our prior alert, “SEC Approves PCAOB’s New Audit Report Standard to Enhance the Relevance of the Auditor’s Report to Investors and Other Market Participants.” Also see AS 3101, available here.
20 Does not apply to audit reports of emerging growth companies, certain brokers and dealers, investment companies other than business development companies and benefit plans.
21 See Critical Audit Matters Spotlight, available on the PCAOB website here.
22 As of November 30, 2019. See Critical Audit Matters Spotlight, available on the PCAOB website here.
23 Subject to limited exemptions, FPIs are required to comply with Regulation G with respect to any public announcements of material information that contain non-GAAP financial measures and are subject to the requirements of Item 10(e) of Regulation S-K with respect to any filings under the Securities Act, such as registration statements on Form F-1 or F-3, and the Exchange Act, such as annual reports on Form 20-F. Because reports of FPIs on a Form 6-K are generally "furnished" rather than "filed" with the SEC, unless a Form 6-K is expressly designated as being "filed" or is incorporated by reference into any filing under the Securities Act (such as a Form F-3 or a Form S-8 registration statement) or the Exchange Act (such as an annual report on Form 20-F), Form 6-Ks are not subject to the Item 10(e) "equal prominence" requirements or the related SEC guidance thereon.
24 See the FAST Act rule changes adopting release, available here. Also see newly adopted Rule 406 of Regulation S-T.
25 Under SEC rules adopted in 2018, public companies are required, subject to transition periods, to submit financial statement information using the Inline XBRL format. The adopted rules also eliminated the requirements for filers to post Interactive Data Files on their websites. See Inline XBRL Filing of Tagged Data, Release No. 33-10514 (June 28, 2018), available here.
26 See Item 601(b)(104) to Regulation S-K, Rule 406 of Regulation S-T, and Question 101.04 of the Interactive Data C&DIs, available here.
27 See Question 101.01 of the Interactive Data C&DIs, available here. Also see Section 6.3.2 of the Edgar Filer Manual.
28  See Question 101.01 of the Interactive Data C&DIs, available here. Also see Section 5.2.5 of the Edgar Filer Manual.
29 This list currently includes Iran, North Korea, Sudan and Syria.
30 OFAC continues to administer and enforce comprehensive sanctions with respect to Cuba, Iran, North Korea, Syria and the Crimea region of Ukraine, as well as against targeted individuals and entities, including those involved in narcotics trafficking, terrorism/terrorist financing, international crime, proliferation of weapons of mass destruction, malicious cyber activities and election interference, corruption and human rights abuses.
31 Separately, Section 13(r) of the Exchange Act requires companies to disclose in Form 20-F if they or any of their affiliates knowingly engaged in specified activities relating to Iran, terrorism or the proliferation of weapons of mass destruction. All transactions, even those the company considers de minimis, are required to be reported

This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2020 White & Case LLP