Contact us with your California corporate & securities law questions (949) 353-6347 or Contact us here

Did The SEC Violate The APA In Publishing Its Statement And Guidance on Cybersecurity Disclosures?

The federal Administrative Procedure Act is both straightforward and general.  It defines a "rule" as "the whole or a part of an agency statement of general or particular applicability and future effect designed to implement, interpret, or prescribe law or policy or describing the organization, procedure, or practice requirements of an agency and includes the approval or prescription for the future of rates, wages, corporate or financial structures or reorganizations thereof, prices, facilities, appliances, services or allowances therefor or of valuations, costs, or accounting, or practices bearing on any of the foregoing."  5 U.S.C. § 551(4).  When an agency engages in "rule making" (i.e., formulating, amending or repealing a "rule"), the APA generally requires that the agency provide the public with notice and an opportunity to comment.  5 U.S.C. § 553.

Rule making under the APA, however, can be both difficult and time consuming.  Thus, many agencies try to avoid the process by issuing informal statements or guidance as the SEC did earlier this week when it issued its Statement and Guidance on Public Company Cybersecurity Disclosures.  The APA does explicitly except " interpretative rules, general statements of policy, or rules of agency organization, procedure, or practice".  5 U.S.C. § 553. Thus, the question becomes whether the SEC's statement falls within the statutory exception.  Undoubtedly, the SEC believes that it does.  However, that belief comes with a price that practitioners would do well to remember: "Interpretive rules 'do not have the force and effect of law and are not accorded that weight in the adjudicatory process.'"  Perez v. Mortg. Bankers Ass'n, 135 S. Ct. 1199, 1204 (2015) quoting Shalala v. Guernsey Memorial Hospital, 514 U. S. 87, 99 (1995).

Even if not subject to the APA's notice and comment requirements, the SEC's guidance would appear to be a "rule" as defined in President Trump's 1-for-2 Executive Order.  That executive order defines a "rule" to include, with certain exceptions "an agency statement of general or particular applicability and future effect designed to implement, interpret, or prescribe law or policy or to describe the procedure or practice requirements of an agency".  

The SEC's statement may also be subject to the Congressional Review Act of 1996, which requires all federal agencies, including independent regulatory agencies, to submit a report on each new rule to both Houses of Congress and to the Comptroller General before it can take effect.  The U.S. Government Accountability Office has held that a general statement of policy is a rule under the CRA.  

Share on:

Administrative Procedure Act

ANY QUESTIONS REGARDING CALIFORNIA CORPORATE AND SECURITIES LAW? CONTACT US DIRECTLY

We offer expert advice with the intricacies of California law.

Our years of experience and expertise allow us to help clients navigate the business laws in California.

CONTACT US

Get the latest news and analysis about California Corporate & Securities law. Subscribe to our newsletter today!

We respect your email privacy

ABOUT OUR AUTHOR

30172DBAB0084D3A8F39D7AF0A8E79BC.ashx Keith Paul Bishop
Partner at Allen Matkins
(949) 353-6328
 Contact me
Learn More About Keith

nominee-badge

Get the latest news and analysis about California Corporate & Securities law. Subscribe to our newsletter today!

We respect your email privacy

CATEGORIES

see all

RECOGNITION

YOUTUBE

FACEBOOK