January 2012

Earlier this month, the S.E.C. changed its long standing practice of allowing defendants of securities violations to “neither admit nor deny” criminal wrongdoing.  This change is effectively the S.E.C.’s response to critics that say that the agency should not let criminal defendants simply pay a fine and avoid an admission of guilty.  The new policy

Risks of Cyber Attacks

If you are an executive for a public company, new SEC guidance requires you to consider cybersecurity in your ongoing periodic reports.  As evidenced by the barrage of news reports over the past couple of years, cyber incidents have become very significant events for all types of companies.  A recent example was the data breach of Sony Corporation’s Playstation Network.  These cyber incidents can cause companies to spend substantial amounts of money and time to attempt to reduce or correct the associated damage, including significant reputational damage.  All companies must make significant capital investments for systems and measures designed to prevent future cyber incidents or at least mitigate their harmful effects. Unfortunately, the number of cyber incidents will continue to increase, and the tactics used by hackers will become more sophisticated and harder to prevent and control.

Congress Gets Involved

Last year, a group of U.S. senators recognized that cybersecurity incidents and the associated costs were a major risk for many companies and that many public companies were not adequately disclosing these events. The Senators also recognized the growing risks of cybersecurity and cyber incidents, and that there was very little guidance for public companies on their disclosure responsibilities in connection with cybersecurity. These senators wrote a letter to SEC Chairman Shapiro asking for some interpretative guidance on how to address disclosure of cybersecurity and cyber incidents and the associated risks and economic effects.

SEC Sets Expectations

In response to the Senate inquiry, the SEC recently issued CF Disclosure Guidance:  Topic No. 2 (the “Disclosure Guidance”), which set forth the SEC’s expectations of public company cybersecurity disclosure. Public companies of all sizes and industries should
Continue Reading New Cybersecurity Disclosure Obligations for SEC Filings

Last Friday, the SEC’s Division of Corporate Finance issued its fourth topic in its CF Disclosure Series, which periodically provides the SEC’s views on various topics.  This time, the SEC addressed, what it believes to be, inconsistent disclosures on European sovereign debt holdings.  The SEC reminds registrants, particularly bank holding companies, of their obligations to