SEC Tightens Scrutiny on M&A Disclosures
Recent guidance indicates the SEC is tightening its requirements for narrative disclosures around material transactions like acquisitions and divestitures. A new framework, referenced as "HARBOR," appears to push for more granular detail on strategic rationale and risk factors in MD&A sections of public filings.
The SEC's focus on Management's Discussion and Analysis (MD&A) is not new, but recent comment letters show an intensified demand for specifics. Regulators are pushing back against boilerplate language, particularly concerning the rationale for acquisitions and the specific factors underlying projections and synergy estimates. This aligns with amendments to Regulation S-K, which aim to modernize and enhance MD&A disclosures to provide a clearer view from management's perspective. This heightened scrutiny extends beyond financial metrics to include a more robust discussion of internal controls post-merger. Recent enforcement actions highlight the SEC's focus on the integration of internal controls at acquired entities, penalizing companies for failing to adequately assess and remediate deficiencies in a timely manner. The consequences of such failures can range from financial restatements to delisting from an exchange. The Department of Justice (DOJ) has also introduced a new M&A Safe Harbor Policy, creating a presumption of declination for criminal conduct uncovered at an acquired company if it is voluntarily self-disclosed within six months of closing and remediated within one year. This policy incentivizes thorough pre- and post-acquisition due diligence to identify and report misconduct. For manufacturers, this regulatory shift intersects with increasing supply chain complexity and geopolitical risks. The SEC expects disclosures to address how factors like tariffs, trade policy, and sanctions could materially impact the financial performance of a newly combined entity. A failure to adequately disclose these risks can attract regulatory attention. This emphasis on detailed, forward-looking disclosures is also evident in the SEC's new cybersecurity rules. Companies are now required to report material cyber incidents within four business days of determining materiality and to annually disclose their cybersecurity risk management and governance strategies. For manufacturing companies involved in M&A, this means assessing and disclosing the cybersecurity posture of the target company. Ultimately, the SEC is pushing for a narrative in the MD&A that connects the dots for investors, explaining not just what happened, but why it happened and what the anticipated future impact will be. This requires a deeper level of analysis and a willingness to provide more granular detail about the strategic thinking behind major transactions. The era of generic M&A disclosure is clearly drawing to a close.
