When the SEC issued new cybersecurity disclosure guidance earlier this year, you just knew that a “message” enforcement action couldn’t be too far behind. Yesterday, the SEC delivered that message to Altaba (f/k/a Yahoo!) – in the form of this consent order & accompanying $35 million civil monetary penalty.
The action focused on alleged disclosure shortcomings associated with the company’s massive 2014 cyber breach. Here’s an excerpt from the SEC’s press release:
The SEC’s order finds that when Yahoo filed several quarterly and annual reports during the two-year period following the breach, the company failed to disclose the breach or its potential business impact and legal implications. Instead, the company’s SEC filings stated that it faced only the risk of, and negative effects that might flow from, data breaches.
In addition, the SEC’s order found that Yahoo did not share information regarding the breach with its auditors or outside counsel in order to assess the company’s disclosure obligations in its public filings. Finally, the SEC’s order finds that Yahoo failed to maintain disclosure controls and procedures designed to ensure that reports from Yahoo’s information security team concerning cyber breaches, or the risk of such breaches, were properly and timely assessed for potential disclosure.
Without admitting or denying the SEC’s allegations, the company consented to an order requiring it to cease and desist from further violations of Sections 17(a)(2) and 17(a)(3) of the Securities Act, Section 13(a) of the Securities Exchange Act of 1934 and Rules 12b-20, 13a-1, 13a-11, 13a-13, and 13a-15.
In addition to alleged shortcomings in Yahoo!’s periodic reports, the order calls out this Form 8-K filing announcing its deal with Verizon as another source of disclosure violations. The order notes that despite the company’s awareness of the breach, the stock purchase agreement filed with that 8-K contained affirmative reps & warranties by Yahoo! denying any significant data breaches.
The SEC’s use of reps & warranties as a premise for disclosure violations hearkens back to the 2005 Titan 21(a) report. After Titan, it became customary to include disclaimers clarifying that reps & warranties weren’t intended to be affirmative statements of fact. Those disclaimers were prominently displayed in Yahoo!’s 8-K, but they didn’t make much of an impression on the Division of Enforcement. We’ll be posting the related memos in our “Cybersecurity” Practice Area as they come in (see this Cooley blog – and D&O Diary blog).
Auditor’s Reports: What Can KAMs Tell Us About CAMs?
As companies & auditors wrestle with the implications of the PCAOB’s new audit report standard, companies in the rest of the world are assessing the early returns from changes to their audit reports that were adopted by the IAASB in 2014.
The IAASB’s new format required auditors to include a discussion of “key audit matters” – known as “KAMs” – in their audit reports. KAMs are matters communicated to those charged with governance that, in the auditor’s professional judgment, were of most significance in the audit. That’s a pretty close analog of the PCAOB’s “critical audit matters” – known as “CAMs” – which are matters communicated to the audit committee that relate to material accounts or disclosures and involve complex auditor judgment.
Concern have been expressed about the PCAOB’s new standard – and the CAMs concept in particular. Most critics have suggested that auditors will result to defensive disclosures of CAMs and will use “boilerplate” to protect themselves. But this recent report from the Association of Chartered Certified Accountants says that these concerns may be overblown. Here’s an except:
While these concerns are reasonable, ACCA’s research and roundtable feedback did not indicate that either of them is actually happening. And while there was evidence of common innovations among audit firm networks, ACCA has not seen widespread sharing of standardised wording. While the US legal environment is distinct from that of other countries, ACCA nevertheless believes that there are grounds to be optimistic about how the publication of critical audit matters will affect the financial reporting supply chain.
Tomorrow’s Webcast: “The Latest on ICOs/Token Deals”
Tune in tomorrow for the webcast – “The Latest on Token Deals” – to hear Pillsbury Winthrop’s Daniel Budofsky, Morrison & Foerster’s Susan Gault-Brown, Hunton Andrews Kurth’s Scott Kimpel and Smith Anderson’s Margaret Rosenfeld review the mechanics of ICOs/token deals as well as the latest trends & developments.
This “Corporate Secretary” article says that – for the first time in a generation – E&S shareholder proposals topped governance proposals during 2017. This excerpt provides some of the details:
In 2017, E&S proposals accounted for 54 percent of all ESG proposals in the US, whereas in 2012 they accounted for 39 percent, according to data ISS Corporate Solutions has shared with Corporate Secretary. The number of E&S proposals has increased by 41 percent during this five-year period, while fewer governance proposals have been filed.
‘The dip in governance resolutions likely reflects the fact that reforms such as proxy access, board declassification and repealing poison pills have taken hold across a wide swath of US companies, and so fewer companies are being targeted for governance reforms,’ Leah Rozin, principal ESG adviser at ISS Corporate Solutions, tells Corporate Secretary. ‘By contrast, environmental and social resolutions continue to climb, and we expect this trend to continue into 2018.’
Interestingly, the article also reports that efforts to engage with proponents may be faltering – for the first time in more than a decade, fewer than 20% of proposals were withdrawn.
NY’s Martin Act in the Crosshairs
I don’t think I’m sticking my neck out when I say that you’d be hard pressed to find a more intimidating statute than New York’s Martin Act. The Martin Act cuts a very wide path. Over the years, it has been used by New York authorities in a number of high profile criminal and civil actions – and was the lever that Eliot Spitzer used to extract the global research settlement from major Wall Street firms.
What makes the statute so intimidating it that it weds severe remedies – including criminal penalties – to very broad “fraud” provisions that don’t require scienter to impose criminal liability (at least in the case of misdemeanors). As a bonus, it’s also one of the most dense & turgid pieces of legislative prose that you’ll find this side of the Tax Code. As the WSJ once observed, the statute’s first sentence laying out the NY AG’s investigative authority is a “40-line, 535-word preamble, sweeping in all manner of fraudulent behavior.”
Now it looks like the Martin Act is drawing fire from some pretty big guns. This NYT article says that – after recently settling his own long-running Martin Act battle with the NY AG – former AIG CEO Hank Greenberg has set his sites on the statute:
“I care about my country and I care about the rule of law,” Mr. Greenberg, a veteran of World War II and the Korean War, said in a feisty interview this past week. “I fought two wars for my country. This is another war.”
The Martin Act, a 1921 New York securities law that predates the creation of the federal Securities and Exchange Commission, grants sweeping powers exceeding even those of Washington. In addition to bringing the case against Mr. Greenberg, the former New York attorney general Eliot Spitzer used the act to force investment banks to curb abuses related to how analysts overhyped stocks and to crack down on illegal trading in the mutual fund industry.
Although there have been attempts to limit the Martin Act in the past, Mr. Greenberg’s bid is gaining traction. He is working alongside a powerful ally, the U.S. Chamber of Commerce, and has the backing of Wall Street Journal editorial page. And he has had a warm relationship with President Trump.
Legislation that would declaw the Martin Act was recently introduced by Rep. Tom MacArthur (R-NJ) – a former AIG exec. His proposed legislation – “The Securities Fraud Act of 2018” – would only apply to listed companies. But the statute would preempt all state civil fraud actions against those companies – and because it would give federal courts exclusive jurisdiction over “securities fraud” claims, it looks like it would also undo the result in the Supreme Court’s recent Cyan decision for listed companies.
ICOs: Speaking of the Martin Act. . .
A few weeks ago, I blogged about how the states were ramping up their enforcement efforts on coin deals. Now this Jenner & Block memo says that New York’s Attorney General has launched a fact-finding inquiry into 13 cryptocurrency exchanges. The AG’s press release says that the inquiry “seeks to increase transparency and accountability as it relates to the platforms retail investors rely on to trade virtual currency, and better inform enforcement agencies, investors, and consumers.”
What was one of the statutes cited by the AG as giving him the authority for this particular fishing expedition? You guessed it – the Martin Act. Sometimes these blogs practically write themselves.
Broc recently blogged about the insider trading case involving an Equifax executive. While it appears on the surface to be pretty plain vanilla, this McGuireWoods blog says that the case may be pushing the envelope when it comes to what “knowledge” is required to support insider trading charges. This excerpt points out what’s unusual about the case:
Both the SEC and DOJ acknowledge in their charging papers that, at the time of his trading, Ying was not “aware” of Experian’s data breach – at least not explicitly. Indeed, when he traded, Equifax had disclosed this information to only a select few insiders, of which Ying was not one. To the contrary, Equifax had explicitly lied to Ying and told him that the data breach he and his team were working on was for an Equifax client.
As one of Equifax’s business lines is assisting clients with data breaches, this explanation seemed plausible. As time went on, however, the behavior of his superiors and colleagues made Ying suspicious that there was no “client” and that it was Equifax that had been breached. Based on his suspicions, Ying exercised his outstanding Equifax options and sold his shares.
But suspicions were all they were – Ying is alleged to have “put 2 and 2 together” according to the SEC’s Complaint. Indeed, Equifax did not reveal to Ying that it was the hacking victim until days later. Nevertheless, notwithstanding his avowed lack of actual knowledge, Ying was charged with criminal insider trading by the DOJ and sued civilly by the SEC.
When you put it that way, this case looks a little more interesting. When you consider that Bloomberg’s Matt Levine recently flagged a 2010 insider trading case involving similar guesswork that the SEC lost – it becomes downright fascinating. Don’t forget our upcoming webcast: “Insider Trading Policies & Rule 10b5-1 Plans.”
Insider Trading: Equifax Highlights Need for “Data Breach” Trading Halts
While we’re on the topic of the Equifax insider trading case, this Patterson Belknap blog says that the case – along with the SEC’s recent cybersecurity disclosure guidance – has at least one important takeaway for public companies:
In updated cybersecurity disclosure guidance issued by the SEC last month, the Commission highlighted the risk posed by insiders who trade securities between the time a breach is discovered and its public disclosure. As we noted in our recent client alert, the Commission “encourages” public companies to implement policies and procedures – including internal controls – to prevent trading on material non-public information relating to cybersecurity risks and incidents.
The guidance should spur companies to revisit their incident response plans, and if appropriate, consider imposing a temporary trading halt for insiders in defined circumstances. Companies would be “well-served,” suggests the SEC, by implementing a trading halt plan while investigating and assessing data breaches.
The trading halt plan should be part of comprehensive efforts to ensure that codes of ethics & internal policies properly anticipate the heightened risk of insider trading during a breach incident. By the way, Mark Borges extensively analyzed Equifax’s proxy statement in his blog over on CompensationStandards.com.
ICOs: This is Why We Can’t Have Nice Things. . .
This DLA Piper memo reviews the whirlwind of enforcement activity currently surrounding the cryptofinance industry. There seem to be a fair number of bad guys out there, but it’s important not to paint everybody with the same brush. For instance, this FT Alphaville story about Savedroid’s ICO & the world’s least funny practical joke shows that not every person involved in a sketchy looking deal is a crook – some are just knuckleheads.
Recently, NIST released an updated cybersecurity framework. This popular framework is entitled “Version 1.1” rather than the “2.0” that some have been calling it (including us) when the proposal was released last year.
The updated Framework, entitled Version 1.1, is intended to clarify and refine (rather than replace) NIST’s original 2014 Cybersecurity Framework, Version 1.0, and builds on the original version’s five core cybersecurity functions—Identify, Protect, Detect, Respond, and Recover—and tiered implementation system. Instead of a “one-size-fits-all” approach, the Framework continues to be a flexible platform that can be customized to address the particular cybersecurity risks faced by any company.
Of broader import, the updated Framework encourages companies to integrate cybersecurity objectives into strategic planning and governance structures and to ensure that cybersecurity is a central part of overall risk management. In terms of other specific changes, Version 1.1 provides new guidance on how to use the Framework to conduct self-assessments of internal and third-party cybersecurity risks and mitigation strategies, includes an expanded discussion of how to manage cyber risks associated with third parties and supply chains, advances new standards for authentication and identity proofing protocols, and addresses how to apply the Framework to a wide range of contexts, such as industrial controls, the use of off-the-shelf software, and the Internet of Things.
Cyber Threats Keeping Investors Up At Night?
Recently, PwC completed its “2018 Global Investor Survey” – reflecting insights from almost 700 investor professionals across the world. PwC’s goal was to compare these views to the results of their earlier CEO survey. One interesting point is that investors don’t seem to share CEO anxiety regarding over-regulation, availability of key skills and tax burdens – but both groups worry about cyber threats & geopolitical uncertainty. Here’s some other key findings:
– Investors are more confident about the global outlook than they were last year: 54% think global economic growth will improve over the next 12 months – versus 45% in 2017. But investors are cautious about the longer term – they think companies should aim to grow organically and reduce costs.
– Geopolitical uncertainty, cyber threats and the speed of technological change are top concerns for investors: Populism and protectionism ranked next among investors’ concerns.
– Investors think the biggest challenge facing companies is the pressure to focus on short term: But investors are also more likely to view “declining trust” as an issue, compared to CEOs.
– Investors think cybersecurity should be a top priority for building trust with customers: 64% of investors think that companies should be investing more heavily in cybersecurity protection.
Despite the SEC’s recent cybersecurity guidance, the creation of its “Cyber Unit” and public statements that more cyber enforcement actions are likely, a new study from NYU & Cornerstone Research found that enforcement activity generally declined last year. This McGuireWoods blog explores this more:
The timing of the decline suggests that the Trump Administration may be reining in regulatory enforcement. However, despite the empirical slow down, Stephanie Avakian and Steven Peikin, the co-directors of the SEC’s enforcement divisions, deny that there has been any directive from the Trump Administration to slow the enforcement arm of the SEC. In fact, during the annual American Bar Association’s white collar conference, the co-directors cautioned that more enforcement actions—especially related to cybersecurity—may be on the horizon. Indeed, the SEC’s new cybersecurity guidelines coupled with the creation of the SEC Cyber Unit at the end of fiscal 2017 will give the SEC new tools to combat cyber related misconduct in 2018.
Farewell to Lynn Stout
I’m sad to note that Professor Lynn Stout has passed away. Here’s a remembrance from Cornell.
Every few years, we survey the practices relating to blackout & window periods (we’ve conducted over a dozen surveys in this area). Here’s the results from our latest one:
1. Does your company ever impose a “blanket blackout period” for all or a large group of employees?
– Regularly before, at, and right after the end of each quarter – 78%
– Only in rare circumstances – 15%
– Never – 7%
2. Does your company allow employees (that are subject to blackout) to gift stock to a charitable, educational or similar institution during a blackout period?
– Yes, but they must preclear the gift first – 47%
– Yes, and they don’t need to preclear the gift – 16%
– No – 30%
– Not sure, it hasn’t come up and it’s not addressed in our insider trading policy – 7%
3. Does your company allow employees (that are subject to blackout) to gift stock to a family member during a blackout period?
– Yes, but they must preclear the gift first – 37%
– Yes, and they don’t need to preclear the gift – 14%
– No – 38%
– Not sure, it hasn’t come up and it’s not addressed in our insider trading policy – 11%
4. Are your company’s outside directors covered by blackout or window periods and preclearance requirements?
– Yes – 100%
– No – 0%
5. Our company’s insider trading policy defines those employees subject to a blackout period by roughly:
– Stating that all Section 16 officers are subject to blackout – 3%
– Stating that all Section 16 officers “and those employees privy to financial information” are subject to blackout – 4%
– Stating that all Section 16 officers “and others as designated by the company” are subject to blackout – 38%
– Stating that all Section 16 officers “and those employees privy to financial information and others as designated by the company” are subject to blackout – 35%
– All employees – 16%
– Some other definition – 4%
– Our company doesn’t have an insider trading policy- 0%
Please take a moment to participate anonymously in these surveys:
This “Harvard Law” blog claims that companies that use the word “stockholder” hold the sinister view that investors are passive and powerless book-entries:
Today, the term “stockholder” gives off a whiff of a Mad Men-era world where investors were bystanders. Nearly all institutional investors have junked “stockholder” for “shareholder” when referring to themselves. They see their roles not as passive holders of electronic notations but as parties sharing responsibilities for performance when they invest in a company.
That’s why Blackrock CEO Larry Fink recently wrote to corporate boards referring to investors conspicuously as “owners”— the word “stockholder” is nowhere to be found.
So, the blog concludes that the move to “shareholder” was caused by greater attention to investor rights and long-term stewardship. Maybe it’s just me – but I think we’re reading too much into this terminology. I interned for a Delaware Justice – we always used “stockholder” since that’s the word used in the DGCL. But I use “shareholder” for companies incorporated in states that follow the Model Business Corporation Act or otherwise use that terminology in their statute. On this site, we almost always use “shareholder” – but we do that because it’s easier, not as a statement on investor rights. This blog might’ve eliminated my last hope that actions matter more than words.
On the other hand, maybe there’s something to it. Keith Bishop pointed out that even though the blog focuses on the “shareholder v. stockholder” distinction – the nomenclature it’s really trying to argue for is “shareowner.” Here’s his note:
It is my understanding that shareholder activists have adopted the term “shareowner” as a way of signaling that they are more than passive investors (i.e., they are owners, not mere holders). CalPERS, for example, refers to itself as a “shareowner”. I haven’t run across any corporate statutes that have adopted the term, however. As for Delaware, the DGCL uses the term “stockholder”. Incongruously, however, Rule 23.1 of the Delaware Court of Chancery Rules refers to “shareholder”.
Poll: “Shareholder” v. “Stockholder”?
Please take our anonymous poll about your views on investor terminology:
You know you’re old when you’re writing a book with career advice. John & I have wrapped up our latest paperback – “101 Pro Tips – Career Advice for the Ages” Paperback. Here’s the “Table of Contents.” It’s free for members of TheCorporateCounsel.net (but it does cost $20 in shipping & handling).
This book is designed for fairly young lawyers – both in law firms and in companies. It’s written in an “easy to read” style, complete with some stories & anecdotes to make it interesting. A fairly unique offering in our field. This is a unique offering – and I’m pretty happy about how it came out. Members can request it now.
A Picture Says a Thousand Words
So this is what John & I feel like giving career advice:
We haven’t heard much about auditor rotation since the PCAOB’s concept release about that topic in 2011. That concept release didn’t go too far due to controversy. But at GE, proxy advisors appear to be taking a closer look at the company’s longstanding relationship with its auditor. Here’s the intro from Cydney Posner’s blog (also see this WSJ article):
It’s certainly a rare event, but both ISS and Glass Lewis have recommended voting against a proposal to ratify the appointment of GE’s auditor, KPMG at the GE annual shareholders meeting. Most often, the issue of auditor ratification is not very controversial—in fact, it’s usually so tame that it’s one of the few matters at annual shareholders meetings considered “routine” (for purposes of allowing brokers to vote without instructions from the beneficial owners of the shares). Are we witnessing the beginning of a new trend?
In its analysis justifying its negative recommendation, ISS observed that the SEC is currently investigating GE’s revenue recognition practices and internal controls related to long-term service agreements, as well as a $9.5 billion increase in future policy benefit reserves for the GE’s insurance operations. ISS also cites commentators who suggested that GE and its auditors “must have or should have been aware of the issues—particularly the increasing insurance liabilities—for years.” These accounting issues, together with KPMG’s issuance of unqualified reports on the financial statements, were the basis of the recommendation by ISS against ratification of the auditors. Not to mention that KPMG has been GE’s auditor for a long time—by a “long time,” I mean 109 years! And notwithstanding major changes in the management team, ISS observed, the board, stressing the benefits of auditor tenure, still reappointed KPMG.
In addition, ISS also saw no discussion in the proxy statement regarding how or whether the board took into account KPMG’s role in GE’s two accounting problems or any other regulatory issues involving KPMG, including auditor independence allegations (which both ISS and GL indicate were alleged to involve GE) that KPMG settled with the SEC in 2014 or the indictments in 2018 of KPMG employees.
Glass Lewis also indicated that it usually supports management’s choice of auditor except when GL believes the auditor’s “independence or audit integrity has been compromised.” In its analysis, GL raised the same concerns as ISS regarding the SEC investigation of GE and problems at KPMG, noting in particular the large increase in fees to KPMG in the prior year, as well as its long tenure as GE’s auditor, which has “thrown KPMG’s effectiveness and relationship with the Company into question.”
Also note this article which highlights how the new changes to the audit report include disclosure of the length of an auditor’s tenure at that company. The article notes: “At the time of writing, 21 of the Dow 30 companies had released their annual reports (those with Dec. 31 year-ends). The average auditor tenure at those companies was 66 years.”
1. Why have audit regulators such as the PCAOB – which has now been in business for 15+ years – been unable to improve the quality of audits to high-quality?
2. Why is the goal to have 71% of audits comply with professional standards? Do investors really have to pay for audits when 29% are found to be defective?
3. Does this system even work? The regulators very rarely fine an auditor for deficient work. And auditors have a conflict of interest since they’re paid by the company being audited.
4. How can the IFIAR manage and inspect for quality – when their report says they’re having a difficult time figuring out how to measure it? Perhaps that’s the reason over one in every four audits is deficient.
The inconsistency among IFIAR member findings is also concerning. Those who conducted fewer inspections were much more likely to find a significant failure to satisfy audit standard requirements. There was a 62% finding rate for members inspecting 20 or fewer audits – a 46% finding rate for members inspecting 21-40 – and a 30% finding rate for members inspecting 41 or more.
The two areas with the highest rate & greatest number of findings were:
– Accounting Estimates: most findings related to failure to assess the reasonableness of assumptions
– Internal Control Testing: most commonly, auditors failed to obtain sufficient persuasive evidence to support reliance on manual controls. The next most common finding was that auditors failed to sufficiently test controls over – or the accuracy & completeness of – data or reports produced by management
“You Get What You Pay For”: Audit Fee Pressure Lowers Audit Quality?
There’s some concern among audit firms that they’re being required to “do more with less.” Rigorous work is required to comply with Sarbanes-Oxley and other regulations – but clients are looking for ways to reduce or maintain fee levels. As a consequence, 80% of firms have seen a reduction in the profitability of audit services.
Studies are starting to show that this fee pressure is negatively impacting audit quality. This latest white paper finds that there’s a higher rate of misstatements among firms that are shifting their focus to more profitable non-audit services. Interestingly, the analysis also shows that the decline in audit quality is more common at large audit offices than small ones.
Some people in our community are wondering whether this information will affect auditor regulations and shareholder ratification votes. I’m not holding my breath – this study just confirms what many people have been observing for decades, and shareholders seem to ignore audit fee info.
Like it did back in 2012, Broadridge recently convened a group of 17 different stakeholders to look at the state of virtual annual meetings – both “virtual only” and hybrid. The end product is this set of “Principles & Best Practices for Virtual Annual Meetings.” Like before, the report’s conclusions are not that profound – but can be useful to help guide those considering virtual meetings (and it includes a useful appendix that summarizes each state’s laws governing electronic participation in shareholder meetings).
Shareholder Nominations: A Second Bite at the Apple?
Now that we are midway into the 2018 proxy season, most deadlines for shareholder submissions of director nominations for upcoming annual meetings have come and gone. Nevertheless, shareholder activists who have missed a nomination deadline for whatever reason should be aware that in certain circumstances they may have a second bite at the apple.
Where a company experiences a material change in circumstances set in motion by its board of directors after the passing of the nomination deadline, the shareholder may have grounds to compel the company to reopen the nomination window if the shareholder can demonstrate that the change in circumstances would have been material to its decision whether or not to nominate directors had it been known at such time. There is already case law in Delaware holding that it is inequitable for directors to refuse to grant a waiver of an advance notice deadline under such circumstances.
In his highly publicized campaign against Xerox, Darwin Deason, the third largest shareholder of Xerox, recently commenced an action in New York State Supreme Court seeking to enjoin Xerox from enforcing its December 11, 2017 nomination deadline based on the Delaware standard on this issue. This Client Alert provides an overview of Deason’s allegations and his legal claim seeking to compel Xerox to reopen the nomination window for him and all shareholders as a matter of New York law. This is a case of first impression in New York and the adoption of the Delaware holding by a New York court would be a major victory for shareholder activists.
However, as a vast majority of corporations are incorporated in Delaware, this Client Alert is also intended to remind shareholder activists who desire to nominate directors after a deadline has passed that material developments triggered by a company’s board that come to light after the deadline may give them grounds to request a waiver of the deadline.
Early Bird Extended to This Friday! Our “Pay Ratio & Proxy Disclosure Conference”
1. The SEC All-Stars: A Frank Conversation
2. Parsing Pay Ratio Disclosures: Year 2
3. Section 162(m) & Tax Reform Changes
4. Pay Ratio: How to Handle PR & Employee Fallout
5. The Investors Speak
6. Navigating ISS & Glass Lewis
7. Proxy Disclosures: The In-House Perspective
8. Clawbacks: What to Do Now
9. Dealing with the Complexities of Perks
10. Disclosure for Shareholder Plan Approval
11. The SEC All-Stars: The Bleeding Edge
12. The Big Kahuna: Your Burning Questions Answered
13. Hot Topics: 50 Practical Nuggets in 60 Minutes
Early Bird Rates – Act by the End of This Friday, April 20th: Huge changes are afoot for executive compensation practices with pay ratio disclosures on the horizon. We are doing our part to help you address all these changes – and avoid costly pitfalls – by offering a special early bird discount rate to help you attend these critical conferences (both of the Conferences are bundled together with a single price). So register by April 20th to take advantage of the 20% discount.
Broc recently blogged about last month’s Rule 701 enforcement proceeding against Credit Karma. As he pointed out, Rule 701 enforcement actions are pretty rare, but this “Compliance Week” article suggests that more may be on the way – thanks to an enforcement “sweep” being conducted out of the SEC’s San Francisco regional office. This excerpt says the sweep’s another reminder that private companies aren’t immune from SEC scrutiny:
“They came out pretty loudly in 2016 and said they had concerns that, as private companies grow ever-larger without going public, the SEC Enforcement Division ought to be paying more attention to those companies,” says Michael Dicke, co-chair of law firm Fenwick & West’s securities enforcement group, formally associate regional director for enforcement in the SEC’s San Francisco regional office.
“Everybody needs to understand that just because you are not a public or publicly reporting company you cannot think that the securities laws don’t apply to you. It doesn’t mean that the SEC cannot investigate you.”
Recently the Enforcement Division conducted a “sweep” through its San Francisco office and sent Rule 701 information requests to large pre-IPO companies.
“When they do a sweep, they are not targeting a particular company—and when they ask for information, they usually have a specific reason to ask for it,” Dicke explains.
The article says that the sweep may have been prompted by employee complaints about companies’ failure to provide the disclosures required under Rule 701.
This “Audit Analytics” blog reports that tax reform’s impact has added complexity to 4th quarter earnings disclosures – and that its effects on earnings will remain a moving target throughout the year:
Although the SEC issued guidance on how companies should explain the Tax Cut and Jobs Act’s impact in their fourth quarter earnings releases, the SEC said companies can use “reasonable estimates” to report charges or benefits now and update those figures later.
From a practical perspective, it means that the numbers may change throughout the year and that we would not understand the full impact of the tax reform until the end of 2018. While the Commission provided a general guideline, certain nuances of the disclosure such as presentation in the non-GAAP section, are out of the scope of the guidance.
In the past few years, aggressive non-GAAP adjustments were criticized more than once for masking significant expenses. Yet, in this case, companies almost have to exclude the one-time tax reform impact from the non-GAAP EPS data during earnings calls to give investors a more-accurate picture of company’s earnings.
The blog notes that 80% of S&P 500 companies adjusted their GAAP EPS for the impact of tax reform. Of those, 72% present the adjustment as a separate line item, while 28% combined it with other tax related items. Audit Analytics says it’s important to differentiate between adjustments related to tax reform & other non-standard tax adjustments, and points out some disclosure practices that it views as potential “red flags.”
Tax Reform: Financial Statement Impact
Tax reform disclosures are challenging because the legislation impacts financial statements in so many ways. Unrepatriated foreign earnings, tax levies, stranded tax effects, valuation allowance and disclosures all need to be addressed in financial reporting. This FEI blog reviews the potential impact of tax reform on each of these matters. Here’s an excerpt addressing stranded tax effects:
The tax effect related to changes in the tax law is always reflected in income tax expense (or benefit) from continuing operations, regardless of where the related tax provision or benefit was previously recorded. For entities that must remeasure for example, their available for sale security deferred tax positions for the new rate change, that may create a mismatch with the remeasured deferred tax position and the contra-AOCI asset or liability embedded in ‘All Other Comprehensive Income.’
Under FASB ASU 2018-02, entities must reclassify the stranded tax effects from AOCI to retained earnings for each period in which the effect of the tax rate change is recorded. The amount of the reclassification would be the difference between (1) the amount initially charged or credited directly to OCI at the previously enacted U.S. federal corporate income tax rate that remains in AOCI, and (2) the amount that would have been charged or credited directly to OCI using the newly enacted 21 percent rate, excluding the effect of any valuation allowance previously charged to income from continuing operations.
We’ve previously blogged about the recent popularity of the “Simple Agreement for Future Tokens” among companies engaging in coin offerings – and noted that questions had been raised about whether it was a viable solution for securities law compliance in token deals. Now, this “Crowdfund Insider” article suggests that Corp Fin may have a problem with the SAFT’s structure.
The issue seems to be whether the structure complies with the requirements of Securities Act CDI 139.01, which relates to registration of convertible securities and says that in the case of securities convertible only at the option of the issuer, the underlying securities must be registered at the time the convertible securities are registered. Here’s an excerpt:
A SAFT sold in a private security sale would give the investor the right to automatically receive tokens once the issuer registers its tokens with the SEC for public sale. Put another way, by using a SAFT an issuer is essentially doing a private pre-sale of its future public securities which is a big no-no in eyes of the SEC.
The above C&DI may not seem readily applicable on its face. However, I am currently working with CERES Coin LLC in connection with its proposed Rule 506(c)/Regulation A+ cryptocurrency offering, and have personally discussed this issue directly with the SEC.
The most important language with respect to the use of SAFTs is the underlined language above. As the SEC sees it, if a SAFT investor will automatically receive tokens in the future when (and if) the tokens are registered, without any other investor involvement, then the tokens need to be registered as of the date the SAFT is sold … period.
This Proskauer blog also suggests that the SAFT structure is under scrutiny by the SEC. Given the SAFT’s apparent popularity, if the concerns reflected in the article represent the Staff’s consensus view, some more formal guidance may be appropriate. Don’t forget our upcoming webcast: “The Latest on ICOs/Token Deals.”
ICOs: Blue Sky Cops Are On the Crypto Beat
This Cleary blog says that it isn’t just the SEC that’s on the prowl for rogue coin deals – the blue sky folks are getting into the game as well. The blog reports that Massachusetts just made a big splash by putting a halt to 5 offerings that failed to comply with state securities registration requirements. Here’s the intro:
On March 27, 2018, Massachusetts Secretary of State William Galvin announced that the state had ordered five firms to halt initial coin offerings (“ICOs”) on the grounds that the ICOs constituted unregistered offerings of securities but made no allegations of fraud. These orders follow a growing line of state enforcement actions aimed at ICOs.
This was not Massachusetts’s first foray into regulating ICOs. On January 17, 2018 the state filed a complaint alleging violations of securities and broker-dealer registration requirements against the company Caviar and its founder for an ICO that sought to create a “pooled investment fund with hedged exposure to crypto-assets and real estate debt.”
As the blog suggests, Massachusetts isn’t alone – other states are applying a gimlet eye to coin offerings in their jurisdictions.
It looks like the message regulators are sending about the applicability of the securities laws to token deals is getting across. For instance, this WSJ article says that cryptocurrency firm Coinbase is exploring the possibility of registering as a broker-dealer.
ICOs: Your Wu-Tang Clan Crypto Update
When we last updated you on the Wu-Tang Clan’s cryptocurrency activities, we reported that Ghostface Killah was planning to launch his own $30 million coin offering. We don’t know whether the current regulatory environment has put a damper on that deal – but this “Coindesk” article says that another person connected to the Wu-Tang Clan is launching an ICO of his own:
The son of ODB, the late hip-hop artist and Wu-Tang Clan member who passed away in 2004, is launching a cryptocurrency.
Young Dirty, real name Bar-Son James, is the face of the appropriately named Dirty Coin, a cryptocurrency being produced in partnership between the estate of Ol’ Dirty and Link Media Partners, an entertainment industry firm. Dirty Coin (ticker symbol ODB) will exist as a token on the TAO blockchain network, and is set to be traded on the AltMarket exchange later this year when the coin goes live.
It’s a notable launch, given last year’s spate of celebrity-endorsed ICOs – and the subsequent warning from the U.S. Securities and Exchange Commission that such endorsements may break “anti-touting” laws.
In the case of Dirty Coin, the project is aimed at both serving as a funding base for an upcoming Young Dirty album, as well as a means for fans to access shows and buy merchandise. The coin will be able to be used to purchase merchandise tied to the late rapper as well.
