Disclosure Requirements

Effective May 11, 2018, the U.S. Treasury’s Financial Crimes Enforcement Network (“FinCEN”) implemented a new customer due diligence requirement.  The requirement applies to certain financial institutions, including banks, broker-dealers and mutual funds, at the time each new account is opened.  The rule enhances the information that financial institutions must collect regarding the identity of individuals (i.e., beneficial owners) who own or control their legal entity customers, which includes any corporation, limited liability company or partnership.  Information must be collected for each owner of 25% or more of the equity interests of a legal entity customer.  As a result of the rule’s recent implementation, financial institutions are devoting significant time and resources to modifying their internal systems and to implementing appropriate procedures to ensure compliance with the rule.  Certain entities are excluded from the definition of “legal entity customer.”  For example,  SEC reporting companies are excluded from the rule because they are subject to public disclosure and reporting requirements that provide information similar to what would otherwise be collected under the rule. Companies listed on foreign exchanges are not excluded from the definition of legal entity customer. Such companies may not be subject to the same or similar public disclosure and reporting requirements as companies publicly traded in the United States and, therefore, collecting beneficial ownership information for them is required. Certain institutions are considering revising some standard form agreements, including underwriting agreements and engagement letters, to include ownership certification representations and covenants to ensure compliance.  FinCEN has provided financial institutions with a certification form that may be used to obtain the required beneficial ownership information.  To read FinCEN’s “Frequently Asked Questions” relating to the new rule, please click here, and to read SIFMA’s memorandum relating to the new rule in the context of certain sales of securities, click here (with attachments providing form certifications at the 25% equity ownership threshold and 10% equity ownership threshold).

In a recent paper, authors Onur Bayar, Thomas J. Chemmaur and Paolo Fulghieri consider whether allowing insiders with nonpublic information to disclose such information prior to selling their securities.  The paper discusses the communications prohibitions applicable prior to, and in close proximity to, securities offerings, as well as some communications safe harbors.  The authors set out a model for disclosures at different points in time prior to a securities offering.  The paper concludes that even in the absence of an agency, like the Securities and Exchange Commission, that regulates disclosures, there are incentives for companies to self-regulate resulting in conservative disclosures.  The authors further conclude that whether allowing disclosures prior to an equity offering is desirable depends on the proportion of Institutional investors who are able to verify the information (compared to retail investors that would not be able to test or verify disclosures).  Finally, the authors also consider the nexus to the rules for bringing private securities lawsuits.  Setting aside the authors’ thesis, it would seem prudent in light of the significant advances in technology since 2005 when securities offering reform last revamped the communications rules to revisit the safe harbors available to issuers.

The recently updated Securities and Exchange Commission agenda (see here and here) provides some insight on what to expect in upcoming months.  The amendments to the smaller reporting company definition, which were widely supported when proposed, remain in the “final rule stage.”  Likewise, the amendments to implement the FAST Act report and disclosure update and simplification (to eliminate outdated, redundant and otherwise repetitive requirements) remain in the final rule stage.  It will be interesting to see whether the Commission takes action on these measures before Commissioner Piwowar’s departure.  Consistent with Corporation Finance Division Director Hinman’s recent Congressional testimony about which we previously blogged, the agenda now includes in the “proposed rule stage” extending the test-the-waters provision to non-EGCs.  Also in the proposed rule stage are changes to Industry Guide 3 (disclosures for banks and other financial institutions), disclosure of payments by resource extraction issuers, and additional changes to the Regulation S-K disclosure requirements.  A new item was added that is referenced as “amendments to financial disclosures for registered debt security offerings.”  It is not clear to what this relates.  Sadly, the changes to various communications safe harbors and other Securities Act rules for business development companies are in the “long-term actions” category.  The long-term actions category also includes a number of measures that have been the subject of recommendations by the Commission’s Investor Advisory Committee, such as disclosures regarding board diversity and changes to the accredited investor definition.  Consistent with recent comments by representatives of the Commission, a measure relating to harmonizing private placement rules is added to the long-term actions list.

Recently, the Securities and Exchange Commission (the “SEC”) announced a settlement with a registrant relating to the registrant’s failure to disclose the occurrence of a cyber breach.  The breach occurred in 2014 and was disclosed in 2016.  A later discovered breach that took place in 2013 was disclosed in 2017.  The SEC noted that the company did not fully assess the impact of the breach on its business nor whether the disclosures in its public filings, which addressed potential breaches, were rendered misleading by virtue of the actual breach.  The SEC did note that it would not second-guess judgments regarding disclosures made by registrant’s acting in good faith.

The settlement, taken together with statements made by representatives of the SEC regarding the importance of assessing cyber breaches and related risks, and the recent guidance from the SEC regarding cybersecurity disclosures, serve to emphasize, among other things, the importance of disclosure controls and procedures that take into account cyber disclosures.

The Center for Audit Quality (CAQ) recently published “Non-GAAP Measures: A Roadmap for Audit Committees” (CAQ Roadmap), which examines themes that emerged from a series of 2017 roundtables hosted by CAQ with various stakeholders.  The CAQ publication notes that audit committees have an important responsibility to oversee the financial reporting process and external audit.

The CAQ report notes that the audit committee can act as a bridge between management and investors, assess management’s reasons for presenting non-GAAP measures and evaluate the sufficiency of related disclosures.  It adds that the audit committee can determine whether the measures present a fair and balanced view of company performance.  CAQ lays out a three-fold roadmap for audit committee members: (1) identify key discussion topics with management, counsel and external auditors, (2) understand the external auditor’s role regarding non-GAAP measures and (3) adopt leading practices to support the presentation of high-quality non-GAAP measures.  With respect to item (1), CAQ suggests that audit committee members consider topics for dialogue including: asking management whether it has internal guidelines for determining how non-GAAP measures are generated, calculated and presented; seeking the perspective of counsel on non-GAAP measures; asking the company to benchmark such measures to those of its peers; and finding out what disclosure controls and procedures are in place.  With respect to item (2), while external auditors do not audit non-GAAP measures as part of their financial statement or ICFR audits, audit committees and management may consider external auditors as a resource when evaluating such measures and may ask them to perform certain procedures, such as testing controls related to the preparation and use of such measures in light of management’s polices, and to report such results to them.  Last, the audit committee and management should consider adopting best practices, such as subjecting non-GAAP measures to robust disclosure controls, and adopting guidelines to follow when preparing and presenting non-GAAP measures to stakeholders.

On April 4, 2018, the staff of the SEC’s Division of Corporation Finance (Staff) updated its Compliance & Disclosure Interpretations on the use of non-GAAP financial measures (C&DIs), by issuing two new C&DIs (C&DI 101.02 and C&DI 101.03).  These new C&DIs provide that, under certain conditions, financial measures included in forecasts used in business combination transactions are excluded from the definition of non-GAAP financial measures.

To recall, in October 2017, the Staff clarified in C&DI 101.01 that financial measures provided to a financial advisor would be excluded from the definition of non-GAAP financial measures, and therefore not subject to Item 10(e) of Regulation S-K and Regulation G, if and to the extent: (1) the financial measures are included in forecasts provided to the financial advisor for the purpose of rendering an opinion that is materially related to the business combination transaction; and (2) the forecasts are being disclosed in order to comply with Item 1015 of Regulation M-A or requirements under state or foreign law, including case law, regarding disclosure of the financial advisor’s analyses or substantive work.

New C&DI 101.02 now provides that a registrant can rely on the exemption provided by C&DI 101.01 if the same forecasts provided to its financial advisor are also provided to its board of directors or a board committee.  In addition, new C&DI 101.03 clarifies that financial measures in forecasts provided by a registrant to bidders in business combinations would also be excluded from the definition of non-GAAP financial measures, if a registrant determines that such forecasts are material and that disclosure of such forecasts is required to comply with the anti-fraud and other liability provisions of the federal securities laws.

A copy of the updated C&DIs is available here.

In a wide-ranging speech today, SEC Chief Accountant Wesley Bricker addressed recent changes and forthcoming changes to accounting standards, including the new revenue recognition standard.  He noted the need to continue to focus on the implementation of the lease accounting standard next year and the credit losses standard.  Bricker also commented on accounting for equity investments in other companies.  Bricker touched briefly on non-GAAP financial measures, reminding the audience that reporting companies must have disclosure controls and procedures that address the use of non-GAAP measures.  In this regard, he noted that audit committees have an important role to play in reviewing the presentation of non-GAAP measures, understanding the purpose and integrity of the non-GAAP measures, evaluating whether the measures are consistently prepared and presented period to period, and understanding how corrections of errors in such measures will be presented.  Bricker also noted the importance of the audit committee’s role with respect to the disclosure of market risks.  Bricker mentioned the Commission’s recently proposed rulemaking addressing the auditor independence rules.  He concluded his remarks with observations regarding the importance of independent minded audit committees as one element of a strong corporate governance structure.  The full text of his remarks may be found here.

 

The SEC’s Investor Advisory Committee made a number of recommendations to the Division of Corporation Finance, principally aimed at enhanced disclosure requirements, related to dual class structures.  Specifically, Committee recommends that the Division:

  • Require public companies that have dual class or other entrenching governance structures to prominently and clearly disclose: the numerical relationship between the amount of common equity or its equivalent economic beneficial ownership interest held by any person entitled to control or direct the voting of five percent or more of shares entitled to voting rights in the election of directors or the equivalent body (“ownership interests”), and the amount of voting rights held or controlled by such a person (“voting rights”), which the Committee refers to as “wedge” disclosure risks arising from the dual class structure and the inherent conflicts of interest; and risks arising from the exclusion of the stocks of companies with dual class structures from certain broad-based indices;
  • Monitor shareholder disputes arising out of non-traditional governance structures to identify trends, especially those arising from conflicts of interest; and
  • For issuers of non-voting stock, consider adding disclosure requirements to Form 10-K that would provide all information equivalent to that ordinarily included in a Schedule 14A, to the extent of the Commission’s authority.

In the meantime, the FTSE Russell is once again reviewing the inclusion of non-voting or minority voting shares in its indices.  Voting-based bans from index inclusion have generated some controversy with some, including SEC representatives, suggesting that governance by index rules may itself be problematic.

On March 12, 2018, the Securities and Exchange Commission (“SEC”) ordered a pre-IPO internet-based financial technology company to pay a $160,000 civil money penalty for not complying with the disclosure requirements prescribed in Rule 701(e) of the Securities Act. SEC also ordered the company to cease and desist from committing or causing any violations of the Securities Act.

As a general rule, a company cannot offer or sell securities to the public unless the offering is registered or is exempt from registration. Most private companies rely on Rule 701 for issuance of securities to employees pursuant to stock-based compensation plans, provided that the issuer, among other things, does not offer more than $5 million in securities over a 12-month period. If the offer exceeds this threshold amount, Rule 701(e) of the Securities Act mandates that the company provide its employees certain disclosures, including risk disclosures, within a reasonable time before the Rule 701 issuances.

Credit Karma issued approximately $13.8 million in unregistered stock options to its employees during a twelve-month period from October 1, 2014 to September 30, 2015. According to the SEC, the company violated Rule 701(e) when it failed to deliver financial statements and risk disclosures associated with the securities to its employees within a reasonable time before the employees exercised their stock options.  Given the utility of Rule 701 and the reliance by so many companies, especially companies choosing to remain private longer, on Rule 701 issuances, this enforcement action is notable.  A copy of the cease and desist order is available here.  Various bills have been introduced during this session of Congress that would raise the dollar threshold at which disclosure requirements are triggered; however, to date, these measures have failed to garner sufficient bipartisan approval.