Conflict Minerals…the Legal Saga Continues…

Yesterday, the United States Court of Appeals for the District of Columbia issued its opinion on the conflict minerals legal challenge. (See our earlier blogs regarding the conflict minerals rules and the legal challenge thereto). The ruling rejected a number of the petitioner’s arguments, but agreed with the petitioner’s first amendment challenge. Specifically, the court held that the conflict minerals rules “violate the First Amendment to the extent the statute and rule require regulated entities to report to the Commission and to state on their website that any of their products have ‘not been found to be DRC conflict free.’” Accordingly, the three-judge panel affirmed the district court’s judgment in part and reversed in part and remanded the case back to the district court for further proceedings.

It is not crystal clear what practical effect the Court of Appeal’s decision will have on the conflict minerals rules or what actions the SEC may take in response to such decision. Despite yesterday’s ruling, companies should “keep the course” and continue preparing their initial Form SD which, as of now, is still due on June 2, 2014.

New Conflict Minerals FAQs

I know that many companies are working through their conflict minerals analysis and have begun preparing their initial Form SD which is due June 2nd.  I wanted to make companies aware that the SEC issued new FAQs today clarifying various issues related to conflict minerals due diligence and the conflict minerals report.  Please see the link below:

Have you been a “Bad Actor”? Maybe You Should Just Beg for Forgiveness.

Rule 506 under the Securities Act of 1933 is the most widely used exemption from the registration requirements of the Securities Act. The exemption is used by a wide range of issuers from small, start-up companies to the largest investment and hedge funds. Rule 506 generally permits issuers to sell an unlimited amount of securities to an unlimited number of accredited investors. However, pursuant to Section 926 of the Dodd-Frank Act, the SEC adopted Rule 506(d) disqualifying securities offerings involving certain felons and other “bad actors” from reliance on the Rule 506 exemption. Rule 506(d) became effective on September 23, 2013.  

Rule 506(d)(2)(ii) provides that the disqualification shall not apply “upon a showing of good cause . . . if the Commission determines that it is not necessary under the circumstances that an exemption be denied.” Similar disqualification provisions are applicable to offerings exempt from registration pursuant to Regulation A and Rule 505(b). However, neither Regulation A nor Rule 505 is relied upon nearly as often as Rule 506 because of the inherent limitations of those rules. Therefore, the impact of the bad actor disqualifications under Regulation A and Rule 505 has been somewhat limited. However, given the wide use of the Rule 506 exemption, we can expect many more issuers and others involved in securities offerings to request waivers.    

Since Rule 506(d) became effective, the SEC has granted exemptions to five issuers, four of which are financial institutions. In each case, the “bad act” which led to possible disqualification (I say possible because none of the entities requesting exemption actually admitted to disqualification) was an order or judgment entered with the consent or acquiescence of the financial institution.

Generally, each of the requests for exemption cited the following facts: the bad conduct did not involve the offer or sale of securities pursuant to Regulation A or Regulation D; steps have been taken to address the underlying conduct; and disqualification would have an adverse impact on third parties. In addition, each company requesting the exemption also committed to furnishing to each purchaser in certain exempt offerings disclosure of the “bad acts.”

In each case, the order or judgment giving rise to the disqualification, the letter from the financial institution requesting an exemption from Rule 506(d)’s disqualification provision and the letter from the SEC staff confirming that the exemption had been granted, all bear the same date. Most likely the granting of the exemption was part of the overall settlement of the matters that were the subject of the various orders. The four letters can be found here, here, here and here.

SEC Holds Cybersecurity Roundtable

On March 26, 2014, as we have previously blogged, the SEC hosted a cybersecurity roundtable to address the growing “cyber-threat” faced by public companies and other capital markets participants. The roundtable included four panels that discussed the cybersecurity landscape, public company disclosure, as well as market systems and participants (for an overview of the panels, see

SEC Chair White noted in her introductory remarks to the roundtable that cyber threats pose non-discriminating risks across our economy to all critical infrastructures, including financial markets, banks, intellectual property, and private consumer data (i.e., no company can be immune to such threats). Chair White also pointed out that the current SEC guidance on this topic (CF Disclosure Guidance: Topic No. 2, Cybersecurity) provides that material information concerning cybersecurity risks and cyber incidents must be disclosed in SEC filings.

SEC Commissioner Aguilar noted that the SEC’s informal disclosure guidance regarding cybersecurity helped investors and public companies to assess cybersecurity issues and questioned whether the SEC should be doing more to ensure the proper functioning of the capital markets and the protection of investors. The Commissioner suggested that the SEC should establish a Cybersecurity Task Force composed of representatives from each SEC division that will discuss these issues and advise the SEC as appropriate.

SEC Announces the Agenda of Its Cybersecurity Roundtable; Target Corporation Files Form 10-K Bleeding out Disclosures about Its Data Breach

We have previously blogged about March 26 SEC cybersecurity roundtable and the SEC paying close attention to cybersecurity issues, especially on the heels of the cybersecurity breaches faced by Target and other retailers.  On March 19, 2014, the SEC issued a notice about the coming cybersecurity roundtable shedding light on the topics that will be discussed at the roundtable.

The panelists will have a well-rounded discussion of the cybersecurity issues faced by different constituencies, including:

  • exchanges and other key market systems;
  • broker-dealers;
  • investment advisers;
  • transfer agents; and
  • public companies.

Panelists will also be invited to discuss industry and public-private sector coordination efforts relating to assessing and responding to cybersecurity issues.

This roundtable discussion will be very timely.  On March 14, 2014, Target filed its Annual Report on Form 10-K, which reads as Exhibit A to the SEC’s 2011 guidance on cybersecurity disclosures (CF Disclosure Guidance: Topic No. 2, Cybersecurity).  Among other disclosures, the company beefed up the risk factors to talk about its data breach and included a detailed discussion of the ramifications of this breach into its “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” 

Some details of Target’s disclosure are quite interesting.  As a result of the data breach, Target recorded $61 million of pretax data breach-related expenses, some of which may be offset by its network-security insurance coverage.  Such expenses include costs to investigate the data breach, provide credit-monitoring services to its customers, increase staffing in its call centers, and procure legal and other professional services. More than 80 actions have been filed and other claims may be asserted against Target on behalf of its customers, payment card issuing banks, shareholders or others seeking relief in connection with the data breach. In addition, State Attorneys General, the Federal Trade Commission and the SEC are investigating events related to the data breach. Probably, one of the most important ramifications is the effect of the data breach on sales as Target believes that the data breach adversely affected its fourth quarter U.S. Segment sales.

If Your Loss of a WKSI Status Has a Severe Impact on the Company or the Markets, the SEC May Grant a Waiver

On March 12, 2014, the SEC revised its 2011 statement on well-known seasoned issuer (WKSI) waivers.  In order to qualify as a WKSI, an issuer may not be an “ineligible issuer,” which can be, among other things, an issuer that has, or whose subsidiary has, been convicted of certain securities-related felony or misdemeanor, violated the anti-fraud provisions of the federal securities laws or that is the subject of a judicial or administrative decree or order prohibiting certain conduct or activities involving the anti-fraud provisions of the federal securities laws.  

In its revised statement, the SEC clarified the framework that the SEC will follow in determining whether to grant a waiver of ineligible issuer status.  In making a determination whether to grant a waiver, the Division of Corporation Finance will evaluate the issuer’s ability to produce reliable disclosure and will consider the following factors: 

  • the nature of the violation or conviction and whether it calls into question the ability of the issuer to produce reliable disclosure currently and in the future;
  • whether the conduct involved a criminal conviction or scienter based violation, as opposed to a civil or administrative non-scienter based violation;
  • who was responsible for the misconduct and whether it was known by the WKSI parent (in case of the misconduct at the subsidiary level) or whether personnel at the WKSI parent ignored warning signs regarding the misconduct;
  • whether the individuals responsible for or involved in the misconduct were officers or directors of the WKSI parent, or were lower level employees in the operation of a subsidiary;
  • the duration of the violative conduct (did it last over a period of years or was it an isolated instance);
  • what remedial measures the issuer has taken to address the violative conduct and whether those actions would likely prevent a recurrence of the misconduct and mitigate the possibility of future unreliable disclosure;
  • whether there were key changes in the personnel involved in the violative or criminal conduct; and
  • whether the issuer has taken steps to improve training or made improvements to internal controls and disclosure controls and procedures.

The loss of a WKSI status for a company may have a significant effect on its ability to raise capital, and, in addition to the foregoing factors, the SEC will consider: 

  • severity of the impact on the issuer if the waiver request is denied weighing any such impact against the facts and circumstances relating to the violative or criminal conduct; and
  • effects of the issuer’s loss of WKSI status on the markets as a whole and the investing public, in light of the issuer’s significance to the markets and its connectedness to other market participants.

The SEC does not consider any single factor to be dispositive, and the issuer should submit a request letter that explains, based on the framework outlined above, why a waiver should be granted.

SEC Division of Trading and Markets Issues a No Action Letter Regarding M&A Brokers

Business brokers vary greatly in terms of size, services provided and types of business they target as clients.  Generally, the more sophisticated and larger brokers are referred to as investment bankers.  Whether referred to as a business broker, M&A broker, financial advisor or investment banker (referred to collectively as a “business broker”), they all try to assist either buyers or sellers in the process of selling a business and are often paid on a commission basis based on the purchase price of the business to be sold. 

If a business broker is involved in the sale of a business structured as an asset sale, rather than a sale of stock or other securities, then the business broker is not required to be registered with the SEC as a broker-dealer in connection with that transaction.  However, if the same business is being sold through the sale of the stock of company operating the business or the sale or exchange of other securities, then the business broker would in all likelihood be required to register as a broker-dealer with the SEC.  The SEC has issued a Guide to Broker Dealer Registration discussing these issues.  For most, this is a strange result – same business, same broker and broker-related activities, but whether the business broker is required to be registered with the SEC as a broker-dealer is entirely dependent upon whether the transaction is structured as an asset sale or a stock sale.  Now, thanks to a no-action request letter submitted by lawyers from several different law firms, business brokers have some relief available. 

While there is a lot of detail in the no-action request letter and the SEC staff’s response, in general, the SEC staff stated that the Division of Trading and Markets would not recommend enforcement action to the Commission if an “M&A Broker” were to effect securities transactions in connection with the transfer of ownership of “privately-held companies” under the terms and conditions described in the no-action request letter without registration as a broker-dealer, provided that a host of conditions are satisfied, including:

  • The buyer or group of buyers will, upon completion of the transaction, control and actively operate the business acquired; no passive buyers are permitted;
  • The M&A Broker not having the ability to bind a party to the transaction;
  • Neither the M&A Broker nor any affiliate may provide financing for the transaction;
  • The M&A Broker may not have custody or control of any funds or securities issued or exchanged in the transaction;
  • No public offering may be conducted; and
  • No party to the transaction may be a shell company.

For purposes of the no-action letter:

  • An “M&A Broker” is a person engaged in the business of effecting securities transactions solely in connection with the transfer of ownership and control of a privately-held company through the purchase, sale, exchange, issuance, repurchase, or redemption of, or a business combination involving, securities or assets of the company, to a buyer that will actively operate the company or the business conducted with the assets of the company.  A buyer could actively operate the company through the power to elect executive officers and approve the annual budget or by service as an executive or other executive manager, among other things; and
  • A “privately-held company” is a company that does not have any class of securities registered, or required to be registered, with the SEC under Section 12 of the Exchange Act, or with respect to which the company files, or is required to file, periodic information, documents, or reports under Section 15(d) of the Exchange Act.  Any privately-held company that is the subject of this letter would be an operating company that is a going concern and not a “shell” company.

In addition, under the no-action letter, the M&A Broker could advertise a privately-held company for sale with information such as a description of the business, general location and price range and facilitate transactions of any size. 

With this no-action letter issued by the staff of the Trading and Markets Division, M&A Brokers now have a clear roadmap to guide them in providing their services in connection with the sale of privately-held companies without registering as a broker-dealer pursuant to Section 15(b) of the Exchange Act.

Get Ready…Cause Here They Come…

 The SEC announced today that its Office of Compliance Inspections and Examinations is launching the Never-Before Examined Initiative, an initiative directed at investment advisers that have never been examined.  Such initiative will focus on those advisers that have been registered with the SEC for three or more years.   These examinations will concentrate on the advisers’ compliance programs, filings and disclosure, marketing, portfolio management, and safekeeping of client assets.

SEC Pays Close Attention to Cybersecurity Issues

On February 14, 2014, the SEC announced that it will hold a cybersecurity roundtable on March 26 to discuss the issues and challenges cybersecurity raises for investors and public companies.  The SEC’s roundtable comes on the heels of recent widely publicized security breaches at Target and Neiman Marcus.  As the SEC stated in its press release, “[c]ybersecurity breaches have focused public attention on how public companies disclose cybersecurity threats and incidents.” 

The most recent SEC guidance on cybersecurity disclosures was issued in October 2011 (CF Disclosure Guidance: Topic No. 2, Cybersecurity).  Without creating new obligations, the SEC clarified how its existing rules and regulations provided framework for public company’s disclosure relating to cybersecurity risks and cyber incidents.  After this guidance, cybersecurity related disclosures became mainstream in an annual report on Form 10-K, especially a cybersecurity risk factor.  For example, last year’s Annual Report on Form 10-K of Target Corporation included the following risk factor disclosures:

“… if and our other guest-facing technology systems do not reliably function as designed, we may experience a loss of guest confidence, data security breaches, lost sales or be exposed to fraudulent purchases, which, if significant, could adversely affect our reputation and results of operations.”

“If we experience a significant data security breach or fail to detect and appropriately respond to a significant data security breach, we could be exposed to government enforcement actions and private litigation. In addition, our guests could lose confidence in our ability to protect their personal information, which could cause them to discontinue usage of REDcards, decline to use our pharmacy services, or stop shopping with us altogether.”

“We rely extensively on our computer systems to manage inventory, process guest transactions, service REDcard accounts and summarize and analyze results. Our systems are subject to damage or interruption from power outages, telecommunications failures, computer viruses and malicious attacks, security breaches and catastrophic events. If our systems are damaged or fail to function properly, we may incur substantial costs to repair or replace them, experience loss of critical data and interruptions or delays in our ability to manage inventories or process guest transactions, and encounter a loss of guest confidence which could adversely affect our results of operations.”

However, even well drafted risk factors may not be enough to warn investors of ramifications of significant security breaches.  On January 10, 2014, Target issued a press release that included the following information:

“As part of Target’s ongoing forensic investigation, it has been determined that certain guest information … was taken during the data breach.  … At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.”

Information on the agenda and participants of the SEC’s March 26 roundtable have not been announced yet.  It will be interesting to see whether recent significant breaches and the coming SEC roundtable will lead to the SEC rulemaking or additional guidance in this area.

Snowed In…

As I sit at home working remotely (AGAIN!) due to the latest snowstorm, I am struck by the thought of how paralyzing this winter has been.  Similar to Hurricane Sandy in 2012, this snowy and icy winter is likely to have a material affect on many public companies.    

Companies should consider whether additional disclosure should be added to their earnings releases or periodic filings regarding the potential effects of this winter season.  In particular, companies should consider whether to include disclosure related to this winter season in the following areas:

  • Forward-looking statements –  references to the winter season as one of the risks and uncertainties which could cause actual results to differ materially from those projected;
  • Risk Factors–  risk factor related to the potential impact of this winter season on their results of operations and financial position;
  • MD&A –   disclosure about the effects of this winter season if the report is filed after the winter season affected the company and/or as a known trend, event or uncertainty;
  • Guidance – companies should consider whether guidance given in the past or currently being issued may be affected by the winter season.  Companies should consider whether it is necessary to point out that such guidance did or does not take into account the effects of this winer season or estimates the effects of this winter season.

 Hopefully this winter madness will end soon and we can all get back to our routines as usual.  Stay safe and warm.