Disclosure Guidance

Various and Sundry From the Last Week

by Vanessa Schoenthaler on January 23, 2012

On Friday the Securities and Exchange Commission released a Small Entity Compliance Guide (as required by the Small Business Regulatory Fairness Act) summarizing and explaining the requirements of the recently finalized Mine Safety Disclosure rules.

Revisions to the Definition of Covered Securities

The Commission also issued a final rule on Friday designating certain securities listed on the BATS Exchange as “covered securities” for purposes of Section 18 of the Securities Act.

Covered securities are exempt from state “blue sky” registration requirements, instead having to comply with the exchange listing standards and federal securities laws, rules and regulations related to the registration and sale of securities.

Once the final rule becomes effective (30 days from its publication in the federal register) the list of covered securities will include those listed, or authorized for listing, on:

  • New York Stock Exchange;
  • NYSE Amex LLC;
  • National Market System of the Nasdaq Stock Market;
  • Tier I of the NYSE Arca, Inc.;
  • Tier I of the Nasdaq OMX PHLX LLC;
  • Chicago Board Options Exchange, Incorporated;
  • Options listed on the International Securities Exchange, LLC;
  • The Nasdaq Capital Market; and
  • Tier I and Tier II of BATS Exchange, Inc.

Nasdaq Updates it Initial Listing Standard

On Tuesday the Commission published notice of a proposed rule change by Nasdaq. The exchange is seeking to adopt a $2 or $3 initial listing bid price as an alternative to the current $4 initial listing bid price on its Nasdaq Capital Market. The change would allow the Nasdaq Capital Market to compete for listings with NYSE Amex, the only other exchange that currently has a $2 or $3 initial listing bid price.

Be the first to comment

The SEC Issues Disclosure Guidance on European Sovereign Debt Exposure

by Vanessa Schoenthaler on January 9, 2012

On Friday the Division of Corporation Finance issued informal disclosure guidance related to financial institutions with direct and indirect exposure to European sovereign debt.

Intending to encourage greater clarity and comparability within and across filings, the guidance makes note of disclosures that the staff found to be inconsistent and of the type of comments issued in response, such as requests that for each country of concern an issuer provide:

  • disclosure of gross sovereign, financial institution and non-financial corporation exposure, separately by county;
  • quantified disclosure explaining how gross exposures are hedged; and
  • disclosure of the circumstances under which losses may not be covered by purchased credit protection.

The guidance also addresses some of the disclosure requirements that may trigger the need to discuss sovereign debt exposure, such as in risk factor and market risk disclosures and in MD&A disclosures regarding known trends, demands or uncertainties that may affect liquidity or results of operations. It also refers to further guidance available in Industry Guide 3, regarding bank holding company disclosure requirements.

In determining which countries the guidance applies to — a determination which is expected to change over time —  issuers are advised to focus on those countries that are “experiencing significant economic, fiscal and/or political strains such that the likelihood of default would be higher than would be anticipated when such factors do not exist” and to disclose the basis of their determination.

The guidance also advises that disclosure “be provided separately by country, segregated between sovereign and non-sovereign exposures, and by financial statement category, to arrive at gross funded exposure, as appropriate.” And, that issuers should “consider separately providing disclosure of the gross unfunded commitments made … [and] provide information regarding hedges in order to present an amount of net funded exposure.”

Finally, the guidance outlines a number of considerations (reproduced below in their entirety) that an issuer should take into account when determining what disclosure is relevant and appropriate.

I. Gross Funded Exposure

a. Countries

i. The basis for the countries selected for disclosure.

ii. The basis for determining the domicile of the exposure.

b. Type of Counterparty

i. Separate categories of exposure to sovereign and non-sovereign counterparties.

1. Sovereign exposures consist of financial instruments entered into with sovereign and local governments.

2. Non-sovereign exposures comprise exposure to corporations and financial institutions. To the extent material, separate disclosure may be required between financial and non-financial institutions.

c. Categories of Financial Instruments

i. Categories to be considered for disclosure include loans and leases, held-to-maturity securities, available-for-sale securities, trading securities, derivatives, and other financial exposures to arrive at a gross funded exposure.

1. For loans and leases, the gross amount prior to the deduction of the impairment provision and the net amount after impairment provision.

2. For held-to-maturity securities, the amortized cost basis and the fair value.

3. For available-for-sale securities, the fair value, and if material, the amortized cost basis.

4. For trading securities, the fair value.

5. For derivative assets, the fair value, except that amount could be offset by the amount of cash collateral applied if separate footnote disclosure quantifying the amount of the offset is provided.

6. For credit default contracts sold, the fair value and notional value of protection sold, along with a description of the events that would trigger payout under the contracts.

7. For other financial exposures, to the extent carried at fair value, the fair value. To the extent carried at amortized cost, the gross amount prior to the deduction of impairment and the net amount after impairment.

II. Unfunded Exposure

a. The amount of unfunded commitments by type of counterparty and by country.

b. The key terms and any potential limitations of the counterparty being able to draw down on the facilities.

III. Total Gross Exposure (Funded and Unfunded)

a. The effect of gross funded exposure and total unfunded exposure should be subtotaled to arrive at total gross exposure as of the balance sheet date, separated between type of counterparty and by country.

b. Appropriate footnote disclosure may be provided highlighting additional key details, such as maturity information for the exposures.

IV. Effects of Credit Default Protection to Arrive at Net Exposure

a. The effects of credit default protection purchased separately by counterparty and country.

b. The fair value and notional value of the purchased credit protection.

c. The nature of payout or trigger events under the purchased credit protection contracts.

d. The types of counterparties that the credit protection was purchased from and an indication of the counterparty’s credit quality.

e. Whether credit protection purchased has a shorter maturity date than the bonds or other exposure against which the protection was purchased. If so, clarifying disclosure about this fact and the risks presented by the mismatch of maturity.

V. Other Risk Management Disclosures

a. How management is monitoring and/or mitigating exposures to the selected countries, including any stress testing performed.

b. How management is monitoring and/or mitigating the effects of indirect exposure in the analysis of risk. Disclosure should explain how the registrant identifies their indirect exposures, examples of the identified indirect exposures, along with the level of the indirect exposures.

c. Current developments (rating downgrades, financial relief plans for impacted countries, widening credit spreads, etc) of the identified countries, and how those developments, or changes to them, could impact the registrant’s financial condition, results of operations, liquidity or capital resources.

VI. Post-Reporting Date Events

a. Significant developments since the reporting date and the effects of those events on the reported amounts.

Be the first to comment

The SEC Issues Disclosure Guidance on RELPs and REITs

by Vanessa Schoenthaler on December 20, 2011

Yesterday the Securities and Exchange Commission’s Office of Investor Education and Advocacy published an Investor Bulletin on real estate investment trusts (REITs) and, at the same time, the Division of Corporation Finance issued informal disclosure guidance detailing the comments it most frequently raises when reviewing sales materials submitted by real estate limited partnerships (RELP) and REITs pursuant to Securities Act Industry Guide 5.

Comments include, among others, the need to:

  • present a balanced discussion of the benefits and risks of an investment, both in terms of the level of disclosure provided and the location and formating of such disclosure;
  • update sales materials that are outdated in comparison to information disclosed in the most recent prospectus, and to consider whether information included in the sales materials should also be disclosed in the prospectus;
  • include disclosures regarding distribution information, such as the regularity and source of distributions;
  • include balanced disclosure regarding affiliates, such as sponsors or managers, and clearly differentiate between the prior performance and other historical information of affiliates and the prior performance, or lack thereof, of the issuer;
  • clarify whether properties depicted in any images used in the sales materials are subject to a mortgage or whether they are owned by the issuer or an affiliate;
  • present balanced disclosure regarding redemption programs, including disclosure concerning redemption history; and
  • comply with the requirements of Regulation G regarding the disclosure of non-GAAP financial measures.

Be the first to comment

The SEC Issues Disclosure Guidance on Cybersecurity

by Vanessa Schoenthaler on October 14, 2011

Yesterday the Division of Corporation Finance issued informal disclosure guidance detailing the staff’s views on disclosure obligations related to cybersecurity risks and cyber incidents.

This, the Division’s second issuance of such informal disclosure guidance, is most likely in response to a letter that Senator Rockefeller penned to Chairman Schapiro back in May. The Senator specifically requested that the Commission issue interpretive guidance on cybersecurity disclosures, and, in her response letter, Chairman Shapiro promised to seriously consider it.

Perhaps coincidentally, the guidance also coincides with President Obama’s proclamation of October 2011 as National Cybersecurity Awareness Month.

Cyber Incidents and Their Effects

Beginning with a general discussion of cyber incidents, the guidance notes that there has been an increase in focus on incidents that include:

  • gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive information, corrupting data and causing operational disruptions (e.g., the recent cyber attacks on EMC Corp.’s RSA unit, which cost the company $66 million in Q2); and
  • denial of service-type attacks (e.g., the Visa and MasterCard denial of services attacks that took place last year).

Among other things, cyber incidents like these have caused companies to incur:

  • remediation costs, including, for example, costs associated with liability for misappropriated assets or information, and costs related to incentives offered to maintain customer or partner relationships;
  • increased cybersecurity costs;
  • revenue losses;
  • litigation costs; and
  • reputational damage.

The Disclosure Guidance

The guidance notes that when assessing whether and to what extent cybersecurity risk and cyber incident disclosures are required, a company should consider both the materiality of the information and the applicability of the antifraud provisions of the federal securities laws.

It then goes on to review existing disclosure requirements that may trigger cybersecurity risk and cyber incident disclosures. It covers risk factors, financial statements and management’s discussion and analysis of financial conditions and results of operations the most extensively, but also touches on disclosure controls and procedures, a company’s description of business and legal proceeding disclosures.

Risk Factors

Beginning with risk factors the guidance reiterates the requirements of Item 503 of Regulation S-K and notes that disclosure of cybersecurity risk is required if cyber incidents are “among the most significant factors that make an investment in the company speculative or risky.” In making such a determination a company should take into consideration all relevant information, including:

  • the occurrence of prior cyber incidents;
  • their severity and frequency;
  • the probability of future cyber incidents;
  • the qualitative and quantitative magnitude of the risk, including, for example, the potential costs and other consequences of misappropriated assets or information, data corruption or operational disruptions; and
  • the adequacy of preventative measures taken to reduce cybersecurity risks in the context of the industry in which the company operates, and any risks to those preventative measures, including threatened attacks.

As with other risk factors, any cybersecurity risk factors should be specifically tailored to the company, detailing the nature of the risk and how it might impact the company. In other words avoid generic or boiler plate disclosure. Among other things such risk factors might include:

  • a discussion of attributes of the company’s business or operations that give rise to material cybersecurity risks;
  • the potential costs and consequences of cybersecurity risks;
  • if a company has outsourced operations and they have material cybersecurity risks, a discussion of those risks and how the company is addressing them;
  • a discussion of any cyber incidents experienced by the company that are individually or in the aggregate material, and a description of the potential costs and other consequences of those incidents;
  • a discussion of risks related to cyber incidents that may remain undetected for an extended period of time; and
  • a description of any relevant insurance coverage.

A company may have to explicitly disclose known or threatened cyber incidents and their potential costs and other consequences to place a discussion of its cybersecurity risks into context. However, the guidance notes that the Division is mindful of concerns that detailed disclosures may compromise security efforts by, among other things, providing would-be attackers with a “road map” through the company’s security system, and emphasizes that disclosure at that level of specificity is not required under the federal securities laws.

Financial Statements

With respect to a company’s financial statements the guidance notes that, based on the nature and severity of an actual or potential cyber incident, disclosure may be required in a number of different areas, for example:

  • prior to a cyber incident costs associated with preventative measures may have to be disclosed, such as cost related to internal use software (ASC 350-40, Internal-Use Software);
  • remediation costs associated with the occurrence of cyber incident may also have to be disclosed, such as incentives offered to maintain customer or partner relationships (ASC 605-50, Customer Payments and Incentives);
  • a cyber incident may also require disclosure of loss contingencies for asserted and unasserted claims, such as claims related to warranties, breach of contract, product recalls and replacements, and indemnification of counterparty losses (ASC 450-20, Loss Contingencies);
  • a cyber incident may result in a company having diminished future cash flows, requiring consideration of impairments to assets, such as goodwill, customer-related intangible assets, trademarks, patents, capitalized software or other long-lived assets associated with software or hardware, and inventory;
  • the impact of a cyber incident may not be immediately known, requiring a company to develop estimates to account for future financial implications, such as estimates of warranty liability, allowances for product returns, capitalized software costs, inventory, litigation and deferred revenue (ASC 275-10, Risks and Uncertainties); and
  • where a cyber incident is discovered after the balance sheet date, a company should consider whether disclosure of  a subsequent event is necessary (ASC 855-10, Subsequent Events).

Management’s Discussion & Analysis (MD&A)

MD&A disclosure may be warranted if the costs or other consequences of a known or potential cyber incident represent a material event, trend or uncertainty that is reasonably likely to have  a material effect on a company’s results of operations, liquidity or financial condition, or would cause the company’s financial information not to be necessarily indicative of future operating results or financial conditions.

Disclosure Controls and Procedures

If a cyber incident poses a risk to a company’s ability to record, process, summarize and report the information required to be disclosed in its filings, the company should consider whether there are deficiencies in its disclosure controls and procedures rendering them ineffective.

Description of Business

Disclosure in a company’s “Description of Business” section may be warranted if a cyber incident materially affect the company’s products, services, customer or supplier relationships, or competitive conditions.

Legal Proceedings

“Legal Proceedings” disclosure may be warranted if a company is party to a material pending legal proceeding that involves a cyber incident.

Current Reports and Road Maps

Finally, the securities laws are designed to “elicit disclosure of timely, comprehensive and accurate information about risks and events that a reasonable investor would consider important to an investment decision.” Accordingly, the guidance notes that a company with an effective shelf registration statement on file should consider whether it needs to disclose a material cyber incident on a Form 8-K (or Form 6-K) in order to maintain the accuracy and completeness of its disclosure information.

2 comments

The SEC Issues Disclosure Guidance on Reverse Merger Forms 8-K

by Vanessa Schoenthaler on September 15, 2011

Yesterday the Division of Corporation Finance issued informal disclosure guidance summarizing some of the more common issues that come up in the Staff’s review of the Forms 8-K filed following a reverse merger or similar change in control transaction with a shell company. This Form 8-K is sometimes referred to informally as a “Super 8-K” because, among other things, it must contain all of the information required in an Exchange Act Form 10 filing, including audited financial statements, and must be filed within the four business day window following the close of a transaction.

Some of the issues touched on in the guidance include:

  • the disclosure requirements in the case of an acquisition of assets, whether structured as a purchase, lease, exchange, merger, consolidation, succession or otherwise;
  • the need for change in control disclosure;
  • historical and pro forma financial statement disclosure;
  • requirements regarding exhibits; and
  • some of the Form 10 disclosure requirements, including past and planned business activities, corporate holding structures, risk factors, MD&A disclosure, director and executive officer disclosure, executive compensation, related party transactions and recent sales of unregistered securities.

2 comments