I am now past the middle of the semester for the course that I co-teach at Georgetown Law called “Beyond the IPO: Exempt Securities Offerings,” and one of the topics that we spend a good deal of time on in class is the topic of what constitutes a “general solicitation” and how to avoid it when conducting a private placement offering (relying on, e.g., Section 4(a)(2) or Rule 506(b) of Regulation D). With the SEC Staff paying close attention to private placements in recent years, avoiding general solicitation problems has become even more important for companies seeking angel and venture capital. This is an area where companies are not always following the counsel’s guidance, or they are not running communications by their counsel, or counsel is just letting things go that seem to clearly be a general solicitation in connection with private placement transactions.
The consequences of getting a general solicitation issue wrong are what I always tell my class are the reasons why securities lawyers do not sleep well at night. Under Section 12(a)(1) of the Securities Act, if an offering is not registered or exempt from registration, it is illegal and private placement investors could recover their investment in full through a recission right. At the same time, the SEC could bring an action against the company for violating Section 5 of the Securities Act, and against individuals for causing the violation. A company can be disqualified from conducting private placements under Regulation D and relying on other exemptions with bad actor disqualification provisions as a result of an SEC enforcement action.
To make things more challenging, the SEC has never explicitly defined the terms “general solicitation” or “general advertising” in its rules, but we typically think of these terms as relating to communications seeking to generate interest in an offering which is inconsistent with the notion of a private placement. Generally, you look at the medium of dissemination and the number of recipients, as well as the type of information contained in the communication, to determine if it is a general solicitation.
What can issuers seeking angel and venture capital do to avoid having a general solicitation take place in connection with a private placement? Here are my top five suggestions:
1. Do not speak to the press, grant interviews or otherwise provide media with materials relating to the offering, replying with “no comment” if someone form the media asks about the offering;
2. Do not discuss the fact that the company is offering securities at a conference, seminar, or forum where the attendees were invited through a general solicitation;
3. Do not discuss the company’s performance in a public setting in a manner that could be viewed as conditioning the market or hyping up the company for the offering;
4. Do not put out press releases about the offering while it is ongoing, and do not post information about the offering on social media or on a website that is generally available; and
5. Do not contact prospective investors unless the company or its financial intermediary has a substantive, pre-existing relationship with those investors.
It is important to keep in mind that companies can continue to publish regularly released factual business information that would not be deemed an offer of securities during the course of an exempt offering. Perhaps most importantly, communications with prospective investors with which a company (or the company’s financial intermediary) has a substantive pre-existing relationship would not be deemed a general solicitation.
If you have ever tried to communicate these principles to an entrepreneur that is seeking to raise capital for a start-up, you have no doubt received a considerable amount of pushback. I encourage you to stick to your guns, because this is not an area today where you want to blow up a private placement based on a general solicitation issue.
In the latest “Understanding Activism with John & J.T.” podcast, John and Orrick’s J.T. Ho were joined by David Farkas, Head of Shareholder Intelligence in the US for Georgeson, to discuss Schedule 13F filings & stock surveillance services. Topics covered during this 18-minute podcast include:
– Overview of Schedule 13F and why 13F filings aren’t reliable indicators of activity in a company’s stock
– Strategies activists use to avoid tipping their hands through a 13F filing
– The role 13F filings can play in a company’s efforts to identify an activist building a position in its stock
– Additional actions a company can take to determine if an activist is building a position
– The role of stock surveillance services
– Implications of rulemaking petition to amend 13F rules
Our objective with this podcast series is to share perspectives on key issues and developments in shareholder activism from representatives of both public companies and activists. We’re continuing to record new podcasts, and we think you’ll find them filled with practical and engaging insights from true experts – so stay tuned!
Over five years into the requirement to communicate Critical Audit Matters (CAMs) in audit reports (where has the time gone?!?), the Center for Audit Quality sought to better understand how institutional investors use CAMs and how well they understand them. Dan Goelzer’s Audit Update blog on this topic gives this explanation of CAMs as a reminder:
Under the PCAOB’s auditing standards, a CAM is any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee and that: relates to accounts or disclosures that are material to the financial statements and involved especially challenging, subjective, or complex auditor judgment. The audit report must include a description of any CAMs and how the auditor addressed them in the audit.
CAQ engaged KRC Research to run an online survey in July of 100 US institutional investors. All survey respondents were at the director level or higher with at least 5 years of experience and employed at companies with a minimum of $500M in assets under management. The feedback was resoundingly positive.
– Nearly all (93%) investors surveyed indicated that they read the CAMs section in 10-Ks of companies they invest in or are researching, and 78% indicated that they do so often.
– 92% of respondents indicated that they use CAMs in their investment decision-making process.
– 93% said that, considering all the sources of information available to them, CAMs play a very important (53%) or somewhat important (40%) role in their analysis of potential investments.
– Additionally, nine in ten investors stated that they are very satisfied (48%) or somewhat satisfied (42%) with the quality and clarity of CAMs disclosed in most audit reports, with only 2% of respondents expressing dissatisfaction.
The few critics focused on the quality and clarity of CAMs — specifically that the language used to describe CAMs could be clearer. Despite the generally positive feedback, respondents did identify a number of other areas that could be improved:
– More than half (58%) of investors surveyed indicated that they prefer to see more CAMs identified in an auditor’s report; and when asked what changes to CAMs would benefit their investment decisions, approximately half of respondents shared that both increasing the number of CAMs (52%) and increasing the detail provided in CAMs (51%) would be beneficial.
– Twenty-five percent of respondents also felt that requiring CAMs related to specific audit areas would be advantageous, but there was no consensus regarding the specific areas in which required subject matter specific CAMs were desired.
The Wall Street Journal reported this week on a proposed Senate bill that would allow any investor capable of passing an exam to more easily invest in private companies. The legislation from Senate Banking Committee Republicans would allow the SEC or another regulator to write an exam to test “financial sophistication,” with the specifics of the exam left open for the agency to decide. Critics argue that only financial resources protect investors from the losses of risky investments.
The article reviews other attempts to change the rules to focus on knowledge and investing acumen but says this latest proposal is unlikely to get very far unless Republicans win more seats in November. But politicians aren’t the only group that’s pitched this concept in recent months. As a reminder, the Small Business Capital Formation Advisory Committee met to discuss the accredited investor definition (again) last March and voted to approve three recommendations to present to the SEC. One of those recommendations suggested that non-accredited investors be permitted to invest up to 5% of their income or net worth in private offerings annually if they meet certain sophistication criteria or pass a certification exam.
The September-October Issue of the Deal Lawyers newsletter was just sent to the printer. It is also available now online to members of DealLawyers.com who subscribe to the electronic format. This issue’s article “Delaware’s Recent Controlling Stockholder Decisions” discusses recent cases that address:
– Identifying when a transaction involves a controlling stockholder;
– The standards of conduct and review applicable to a controller’s exercise of its voting power;
– The application of the entire fairness standard in transactional and nontransactional settings; and
– The procedural protections necessary to permit a controller transaction to be subject to review under the business judgment rule.
The Deal Lawyers newsletter is always timely & topical – and something you can’t afford to be without to keep up with the rapid-fire developments in the world of M&A. If you don’t subscribe to Deal Lawyers, please email us at sales@ccrcorp.com or call us at 800-737-1271.
I was lucky enough to stay in San Francisco for an extra day after our 2024 Proxy Disclosure & 21st Annual Executive Compensation Conferences to attend some sessions of the National Association of Stock Plan Professionals (NASPP) Annual Conference and Exhibition. During a panel featuring Alan Dye of Hogan Lovells and Section16.net and NASPP’s Executive Director Barbara Baksa on “Section 16 & Insider Compliance Today,” I was reminded of just how many things public companies, investment fund administrators, individuals (Section 16 officers and directors) and filing agents will need to do to prepare for EDGAR Next.
Luckily, shortly after the Conferences, Cooley released this helpful Q&A detailing next steps. After an overview of the changes, which Dave addressed when adopted, the alert dives into key dates:
– Compliance with EDGAR Next will be required on September 15, 2025.
– Starting on March 24, 2025, the EDGAR Filer Management dashboard will go live, and filers may begin to enroll on the dashboard, while still being able to file pursuant to the legacy filing process.
– Legacy filing processes on EDGAR will continue to be available through September 12, 2025.
– Also starting on March 24, 2025, compliance with the amended Form ID, which must be submitted through the dashboard, will be required.
– Filers may continue to enroll in the dashboard until December 19, 2025. Beginning December 22, 2025, filers that have not enrolled in EDGAR Next or received access through submission of an amended Form ID will be required to submit an amended Form ID to request access to their existing accounts. – A beta software environment for filer testing and feedback is open now. The beta includes a new EDGAR Filer Management website, a secure dashboard and beta versions of the APIs.
As you start to consider your 2025 to-do list, here are the alert’s suggestions for what companies should be doing to prepare:
– All individuals who make submissions on behalf of a company or its Section 16 officers and directors, or who manage their SEC codes, should obtain Login.gov account credentials well before March 24, 2025. This most likely will include members of the corporate secretary’s office and the financial reporting team.
– Take advantage of the beta environment to get familiar with the new dashboard. Login.gov credentials are required for access.
– Develop a process by which the company and its Section 16 officers and directors will authorize individuals to serve as account administrators. This could include powers of attorney from Section 16 filers or a less formal form of authorization. Once authorized, account administrators will be able to manage Section 16 filers’ EDGAR account on the dashboard, adding other account administrators, users and technical administrators and delegating authority to file, as needed.
– Update onboarding processes for new Section 16 officers and directors to include designating an account administrator(s) in the amended Form ID. Starting March 24, 2025, the amended Form ID becomes effective and must be submitted by an account administrator through the dashboard.
– Ensure central index keys (CIKs), CIK confirmation codes (CCCs), passphrases and passwords are current for the company and all Section 16 officers and directors. … All EDGAR access codes under legacy EDGAR – including passphrases, passwords and password modification authorization codes – will be deactivated on September 15, 2025. – Determine when the account administrator will enroll the company and Section 16 officers and directors in the new dashboard. For year-end companies, it is suggested to commence enrollment after the year-end reporting cycle is completed, but well before the September 15, 2025, compliance date.
– Determine which account administrator will be responsible for the annual confirmation and add the annual confirmation into year-end reporting processes.
This FCLTGlobal article reports the results of a survey of IR professionals on quarterly guidance practices. It concludes with this advice: “For companies still issuing quarterly guidance, even though it’s not required, nobody truly wants it, and it’s bad for your stock price, it’s time to start considering alternative ways to communicate with your investors.” The survey of US companies found that only 19% continue to provide quarterly guidance.
I don’t think it’s a surprise to our readers that this practice has been trending downward over the years. I was actually surprised at how much quarterly guidance rebounded coming out of 2020, although it just continued a steady decline from there. But the most surprising result to me was that 9% of respondents believe it’s legally required. I guess that shouldn’t come as such a shock; it does seem to be a common misconception that some sort of guidance is required to be provided to the market. The article debunks that and a few other myths about quarterly guidance.
– Myth: It’s Good for the Stock. Research shows that quarterly guidance actually increases volatility and negatively impacts stock price.
– Myth: Investors Want It. Most large institutional investors don’t want quarterly guidance since they are generally holding for 2 to 4 years, not quarters.
– Myth: Everyone Is Doing It. Data (both from this survey and elsewhere) shows quarterly guidance is no longer “in vogue.”
I’m not so sure that the move from quarterly to annual guidance with quarterly updates really does much to move the needle on the age-old issue of short-term focus versus long-term focus. In fact, back in 2021, McKinsey argued that, for most companies, long-term guidance should mean “three-year targets (at a minimum) for revenue growth, margins, and return on capital.”
At our 21st Annual Executive Compensation Conference, Compensia’s Mark Borges discussed how granular SEC disclosure review staff comments have gotten on second-year pay-versus-performance disclosures and walked through some surprising comments where the SEC staff had clearly recalculated numbers and identified errors. I shared lessons from these comment letters on The Advisors’ Blog on CompensationStandards.com in early October. Here are those takeaways:
We knew from Corp Fin staff statements earlier this year that the disclosure review team might take a more detailed approach to reviewing year two PvP disclosures. So we were all warned that 2024 comments may delve into disclosure details and require you to respond with an analysis. We’re now starting to see that play out with new PvP comment letters recently becoming public. Here are some high-level thoughts about the comments and correspondence we’ve seen so far:
– Consistent with recent staff comments, the comment letters clarify that stating that no relationship exists (even if a particular measure is not used in setting compensation) isn’t compliant with Item 402(v)(5)(ii) — especially where a relationship may exist. The staff has stated that graphical depictions are useful. That seems particularly true when a registrant is struggling to provide narrative disclosure.
– The staff is comparing PvP table disclosures with the Tabular List and comparing PvP table components with numbers in the audited financial statements.
Multiple comment letters take issue with companies using the phrase “year-over-year” when describing the adjustment for the fair value of equity awards that vested during the year. In one case, the company was calculating CAP correctly and committed to providing more precise/descriptive headings in the reconciliation tables in footnotes to the PvP table in the future.
In another case, the staff commented on a company’s failure to present CAP calculations in a footnote. The staff could nonetheless tell from the Summary Compensation Table that the company was subtracting “All Other Compensation” from the SCT Total to calculate CAP and reminded the company of the specific adjustments required by the rule (relating to defined benefit and actuarial pension plan and stock and option award amounts).
– The staff is comparing the company’s stock performance graph. They are also reminding registrants of the need to list all the companies comprising the peer group if the company doesn’t use a published industry or line-of-business index.
– In one comment, the staff took the position that companies shouldn’t be taking advantage of Regulation S-K CDI 128D.03 and limiting footnote reconciliation disclosures to the most recent fiscal year if CAP values reported for prior years were revised in the latest proxy statement to correct errors.
Clearly the staff is indeed taking a detailed look at disclosures and diving into the calculations of CAP to confirm adjustments were made appropriately. In some cases, the calculation issues were actually related to transcription or calculation errors — pulling the wrong numbers from the SCT, failing to provide an average or improperly rounding. While Corp Fin didn’t hold up annual meetings and companies have generally committed to changes in future proxy statements (for a notable example, see this cursory response by Berkshire Hathaway), a clear takeaway here is to have your PvP numbers checked and rechecked by folks who know what values the table should be reporting.
Yesterday, the SEC announced charges against four current and former public companies for allegedly making materially misleading disclosures regarding cybersecurity risks and intrusions — all arising from the SEC’s investigation of public companies that were potentially impacted by the compromise of SolarWinds’ Orion software. The companies agreed to pay civil penalties ranging from $990,000 to $4 million. One company was also charged with disclosure controls and procedures violations. Here’s more from the announcement:
According to the SEC’s orders, Unisys, Avaya, and Check Point learned in 2020, and Mimecast learned in 2021, that the threat actor likely behind the SolarWinds Orion hack had accessed their systems without authorization, but each negligently minimized its cybersecurity incident in its public disclosures. The SEC’s order against Unisys finds that the company described its risks from cybersecurity events as hypothetical despite knowing that it had experienced two SolarWinds-related intrusions involving exfiltration of gigabytes of data. The order also finds that these materially misleading disclosures resulted in part from Unisys’ deficient disclosure controls.
The SEC’s order against Avaya finds that it stated that the threat actor had accessed a “limited number of [the] Company’s email messages,” when Avaya knew the threat actor had also accessed at least 145 files in its cloud file sharing environment. The SEC’s order against Check Point finds that it knew of the intrusion but described cyber intrusions and risks from them in generic terms. The order charging Mimecast finds that the company minimized the attack by failing to disclose the nature of the code the threat actor exfiltrated and the quantity of encrypted credentials the threat actor accessed.
Quotes from the SEC staff emphasized the importance of not downplaying the extent of a cybersecurity breach and that corporate victims of cyberattacks must not “further victimize their shareholders or other members of the investing public by providing misleading disclosures.”
The enforcement announcements are clearly still rolling in — in the new fiscal year! — so you won’t want to miss our upcoming webcast “SEC Enforcement: Priorities and Trends” at 2 pm ET on Wednesday, November 13, featuring Hunton’s Scott Kimpel, Locke Lord’s Allison O’Neil and Quinn Emanuel’s Kurt Wolfe. They’ll discuss the following topics, among others:
– SEC Enforcement Activities in 2024 and Priorities for 2025 – Implications of Jarkesy for SEC’s Enforcement Program – Monetary and Non-Monetary Penalties – Accounting and Disclosure Actions – Actions Targeting “Internal Controls” – Self-Reporting and Cooperation Credit – Coordination with DOJ Investigations
Commissioner Peirce and Uyeda’s joint dissenting statement — taking the position that SEC is regulating by enforcement with these settlements and citing immaterial, undisclosed details to support the charges — is worth a standalone blog. First, it thoroughly discusses the disclosures and omissions the SEC considered to be problematic and why the Commissioners don’t believe these altered the ‘total mix’ of information.
With respect to Avaya, the Commission highlights “the likely attribution of the [cyberattack] to a nation-state threat actor” as an example of omitted material information. [I]n its 2023 rulemaking on cybersecurity incident disclosure (the “2023 Cybersecurity Rule”), neither investors nor the Commission expressed a view that the identity of the threat actor is material information … Not a single one of the 150-plus comment letters submitted on the proposal requested disclosure of the identity of the threat actor. …
Although the Form 8-K requirements for disclosing material cybersecurity incidents, which were adopted as part of the 2023 Cybersecurity Rule, did not yet apply to Mimecast, it filed three Form 8-Ks related to the intrusion of the Orion software on its network. In the third Form 8-K, Mimecast filed its three-page incident report for the cyberattack as an exhibit. Mimecast’s efforts to inform its investors would not be rewarded; the Commission finds fault with its disclosures. …
The Commission highlights Mimecast’s failure to disclose that “the threat actor had accessed a database containing encrypted credentials for approximately 31,000 [of 40,000] customers.” … Mimecast disclosed, without providing a percentage or number, that encrypted customer credentials had been accessed. …
With respect to disclosure of exfiltrated source code, Mimecast stated in its incident report that the threat actor had downloaded a “limited number” of its source code repositories but the company believed that the downloaded code was “incomplete and would be insufficient to build and run any aspect of the Mimecast service.” The Commission finds that these statements were materially misleading because Mimecast did not disclose that the threat actor had exfiltrated “58% of its exgestion source code, 50% of its M365 authentication source code, and 76% of its M365 interoperability source code, representing the majority of the source code for those three areas.” … Similar to the Avaya case, such information is “details regarding the incident itself” that do not need to be disclosed.
Next, the dissent highlights how the issues identified in the enforcement action may shape disclosure under Item 1.05 of Form 8-K.
Companies reviewing today’s proceedings reasonably could conclude that the Commission will evaluate their Item 1.05 disclosure with a hunger for details that runs contrary to statements in the adopting release. To avoid being second-guessed by the Commission, companies may fill their Item 1.05 disclosures with immaterial details about an incident, or worse, provide disclosure under the item about immaterial incidents. The Commission staff has already identified the latter practice as an issue, and today’s proceedings may exacerbate the problem.
Finally, do go read the full dissent for its detailed discussion of the enforcement actions involving hypothetical and generic risk factors — drawing parallels to portions of the SolarWinds case that were dismissed and raising concerns that bringing “hypothetical” risk factor charges may result in companies including immaterial, specific disclosures in risk factors just to avoid these types of charges.