Capital Markets & Public Companies Quarterly: Expanding Relief under Smaller Reporting Company, Reg A+ and Rule 701, SEC Enforcement of Cybersecurity Disclosures and Other News - McDermott Will & Emery

Capital Markets & Public Companies Quarterly: Expanding Relief under Smaller Reporting Company, Reg A+ and Rule 701, SEC Enforcement of Cybersecurity Disclosures and Other News


During the previous quarter, the SEC acted to expand the number of companies that may rely on the “smaller reporting company” scaled disclosure regime and Congress directed revisions to the Regulation A+ and Rule 701 exemptions. The SEC also took enforcement action on a major cybersecurity breach, reinforcing its recent interpretive guidance on the subject. The director of the SEC Division of Corporation Finance also spoke on how blockchain assets may or may not constitute securities, and the 9th Circuit created a circuit split related to securities litigation after a tender offer.

In Depth

SEC Amends Definition of “Smaller Reporting Company” and Congress Directs Changes to Reg A+ and Rule 701

At its open meeting held on June 28, 2018, the US Securities and Exchange Commission (SEC) adopted amendments to raise the public float and revenue thresholds in the definition of “smaller reporting company” (SRC). Under the amended definition, a company will qualify as an SRC if it maintains a public float of less than $250 million. The amendments also expand the SRC definition to include a company that maintains a public float of less than $700 million and has annual revenues of less than $100 million during its most recently completed fiscal year.

The higher threshold will expand the number of companies that qualify for scaled disclosure accommodations that are available to SRCs. These accommodations include: (1) a shorter period covered by the company’s audited financials and corresponding Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A) disclosure; (2) modified disclosure requirements related to executive compensation; (3) exemption from quantitative or qualitative market risk disclosures; and (4) exemption from determinations on the effectiveness of internal controls over financial reporting.

In addition, on May 24, 2018, S. 2155, known as the “Economic Growth, Regulatory Relief, and Consumer Protection Act,” was signed into law. The law includes provisions that prompt the SEC to enact rulemaking to make certain changes to the Regulation A+ and Rule 701 of the Securities Act of 1933 (the Securities Act) exemptions from registered offerings.

With regard to Regulation A+, the law directs the SEC to remove the requirement that an issuer not be subject to the reporting requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934 (the Exchange Act) in order to rely on that exemption from registration. Such changes would allow publicly listed companies to rely on the less onerous Regulation A+ regime to conduct securities offerings of up to $50 million during a twelve-month period.

In addition, the law directs the SEC to revise Rule 701 to ease the disclosure requirements for private companies that rely on the exemption from registration for issuances of securities to employees. Under the current rule, a private company that exceeds $5 million in securities issued over a 12 month period must provide its employees with certain financial statements of the company and additional disclosure of the risks associated with an investment in the company’s securities. The new law directs the SEC to increase that cap from $5 million to $10 million and further directs the SEC to adjust the cap for inflation every five years. This change appears to be in response to recent enforcement action by the SEC (as covered in our last quarterly update) as well as further indications that the SEC may pursue actions against private companies that fail to provide the disclosure required under Rule 701.

For additional commentary on this topic, see our On the Subject .

SEC Enforcement of Public Company Cybersecurity Disclosures

Following its recent interpretive guidance on public company cybersecurity disclosures (as covered in our last quarterly update), on April 24, 2018, the SEC instituted cease-and-desist proceedings against Altaba Inc. (formerly known as Yahoo!) to settle charges of misleading investors arising from Yahoo’s failure to disclose a late 2014 data breach that led to the theft of personal data on hundreds of millions of user accounts. The order describes the stolen data as Yahoo’s “crown jewels,” that included usernames, email addresses, telephone numbers, birthdates, passwords, and security questions and answers. Yahoo disclosed the breach in September 2016, after it had entered into an acquisition agreement with Verizon Communications, Inc.

The order states that Yahoo violated Sections 17(a)(2) and (3) of the Securities Act, as well as Section 13(a) of the Exchange Act and several regulations thereunder. The stated violations relate to untrue statements or omissions of material fact in the offer or sale of securities, as well as engaging in transactions or practices which operate as frauds upon purchasers. The order states that, although senior management was aware of the breach in late 2014, none of Yahoo’s periodic reports contained disclosure related to the breach until a Form 8-K was filed by the company in September 2016. The order further states that Yahoo’s principal executive officer and principal financial officer had evaluated the effectiveness of its disclosure controls and procedures during the relevant period and had concluded that Yahoo’s disclosure controls and procedures were effective. This determination was later amended in Yahoo’s 2016 Form 10-K to state that the company’s disclosure controls and procedures were not effective during such period. In addition, the order states that Yahoo’s senior management and legal teams prevented a proper assessment of the company’s disclosure obligations by failing to share information about the breach with its auditors or outside counsel. Per the order, Altaba agreed to pay a civil money penalty of $35 million.

The order is a reminder that, while the SEC has stated its unwillingness to second-guess the good faith exercise of judgment in cybersecurity breaches, good faith will not be presumed where a company lacks sufficient procedures for evaluating its disclosure obligations in a timely manner. This order also demonstrates that reporting such incidents to senior management and in-house counsel may not be sufficient to demonstrate adequate consideration of whether the company has an obligation to disclose the breach to the public.

SEC Director of CorpFin Makes Groundbreaking Speech on Blockchain Token Sales

McDermott’s FinTech and Blockchain team’s recent On the Subject discussed a speech by William Hinman (Director Hinman), the SEC’s Director of the Division of Corporation Finance. On June 14, 2018, Director Hinman spoke before the Yahoo Finance All Market Summit: Crypto and offered a fresh take on whether a digital asset offered as a security can, over time, become something other than a security. The key takeaways of Director Hinman’s speech are:

1. A token “all by itself is not a security,” rather, the transactions pursuant to which it is distributed may be securities transactions. The securities law analysis of the transactions may change over time.

2. Currently the Bitcoin and Ether networks are sufficiently decentralized that the disclosure regime of the federal securities laws seems to add little value. Over time, other networks may be sufficiently decentralized such that the tokens that function on them may not need to be regulated as securities.

3. The form of a transaction is less important than the economic reality of the transaction. Where tokens are sold to raise money to fund an enterprise, and where the token purchasers rely on the efforts of someone other than themselves to see a profit, sale of the tokens may be a securities transaction.

4. A non-exclusive list of factors to consider in determining whether third-party activity and the features of a token suggest that the transfer of tokens is a securities transaction. He also acknowledged that the application of securities laws to initial sales of a blockchain token will impact secondary market transactions in the token.

5. The SEC welcomes dialogue with token promoters and their counsel and is prepared to provide more formal interpretations and no-action guidance.

For additional commentary on this topic, you may read the full On the Subject. For additional information on securities laws in token sales, see Compliant Structures for Securities Offerings of Blockchain Tokens. For additional information about McDermott’s FinTech and Blockchain practice, please see the practice group page.

Ninth Circuit Applies a Negligence Standard to Anti-Fraud Provisions for Tender Offers

On April 20, 2018, the US Court of Appeals for the Ninth Circuit released its opinion in Varjabedian v. Emulex Corp. holding that claims brought under Section 14(e) of the Exchange Act require a showing that the alleged violators were negligent in making misrepresentations or omissions in connection with a tender offer. The court’s ruling departs from the rulings of other circuits that apply the stricter requirement that violators have acted with scienter—actual knowledge and intent—which is the standard that is applied to claims brought under the broader anti-fraud provision in Rule 10b-5 promulgated under of the Exchange Act.

The complaint, brought on behalf of former shareholders of Emulex Corporation, alleged that disclosure documents describing the 2015 merger between Emulex and Avago Technologies Wireless Manufacturing, Inc., which was affected through a tender offer made to Emulex shareholders, were misleading in that material information was omitted. The material omission related to a chart comparing merger premiums above market price paid in tender offers for similar businesses. The chart was a part of the fairness opinion received by Emulex’s board of directors but had been excluded from the summary of the fairness opinion that was provided in disclosures to shareholders. The district court dismissed the action holding that the shareholder plaintiffs had failed to adequately plead the defendants acted with scienter.

In overturning the district court, the 9th Circuit noted the similarities and differences between the various anti-fraud provisions provided in the federal securities laws. Citing the US Supreme Court’s decision in Ernst & Ernst v. Hochfelder, 425 US 185, 193 (1976), the 9th Circuit acknowledged that the language of Section 10(b) of the Exchange Act, which allows the SEC to regulate only “manipulative or deceptive device[s]” imposed a requirement that claims brought under Rule 10b-5 demonstrate that violations are committed with scienter. The 9th Circuit contrasted this with the holding in Aaron v. SEC, 446 US 680 (1980), in which the US Supreme Court held that actions brought under Section 17(a)(2) of the Securities Act for offers and sales utilizing “any untrue statement of a material fact or any omission to state a material fact” did not require a showing of scienter. Drawing upon Section 14(e)’s nearly identical wording with Section 17(a)(2) of the Securities Act and noting that both Section 14(e) and Section 17(a)(2) of the Securities Act govern disclosures that are made in connection with an offer of securities, the 9th Circuit concluded that Section 14(e) likewise did not require a showing of scienter.

The 9th Circuit’s ruling in Emulex lowers the burden of proof for anti-fraud claims that may be brought after a tender offer. The circuit split on the appropriate standard under Section 14(e) may lead to review by the US Supreme Court. However, as long as the circuits remain split, it is likely that shareholders of target companies that are the subject of a tender offer may bring their securities claims in the 9th Circuit.