January 2012

Earlier this month, the S.E.C. changed its long standing practice of allowing defendants of securities violations to “neither admit nor deny” criminal wrongdoing.  This change is effectively the S.E.C.’s response to critics that say that the agency should not let criminal defendants simply pay a fine and avoid an admission of guilty.  The new policy will generally require that defendants having a parallel criminal conviction, entering into a non-prosecution agreement or signing a deferred prosecution agreement no longer be allowed to sidestep admitting their guilt in a settlement with the S.E.C.

While this change seems more just, it is limited to only a small number of cases.  Thus, the change should help ease the concerns of the critics, but will not change S.E.C. policy for most situations.  This will help the S.E.C. look more tough on certain securities violations while still allowing the agency to negotiate settlements by allowing defendants to “neither admit nor deny” wrongdoing in most situations.  It remains to be seen whether the new policy will provide the right balance between the benefit of more easily negotiating settlements without requiring an admission of guilt and punishing criminals to the satisfaction of the critics.

See the recent article in the New York Times

Risks of Cyber Attacks

If you are an executive for a public company, new SEC guidance requires you to consider cybersecurity in your ongoing periodic reports.  As evidenced by the barrage of news reports over the past couple of years, cyber incidents have become very significant events for all types of companies.  A recent example was the data breach of Sony Corporation’s Playstation Network.  These cyber incidents can cause companies to spend substantial amounts of money and time to attempt to reduce or correct the associated damage, including significant reputational damage.  All companies must make significant capital investments for systems and measures designed to prevent future cyber incidents or at least mitigate their harmful effects. Unfortunately, the number of cyber incidents will continue to increase, and the tactics used by hackers will become more sophisticated and harder to prevent and control.

Congress Gets Involved

Last year, a group of U.S. senators recognized that cybersecurity incidents and the associated costs were a major risk for many companies and that many public companies were not adequately disclosing these events. The Senators also recognized the growing risks of cybersecurity and cyber incidents, and that there was very little guidance for public companies on their disclosure responsibilities in connection with cybersecurity. These senators wrote a letter to SEC Chairman Shapiro asking for some interpretative guidance on how to address disclosure of cybersecurity and cyber incidents and the associated risks and economic effects.

SEC Sets Expectations

In response to the Senate inquiry, the SEC recently issued CF Disclosure Guidance:  Topic No. 2 (the “Disclosure Guidance”), which set forth the SEC’s expectations of public company cybersecurity disclosure. Public companies of all sizes and industries should Continue Reading New Cybersecurity Disclosure Obligations for SEC Filings

Last Friday, the SEC’s Division of Corporate Finance issued its fourth topic in its CF Disclosure Series, which periodically provides the SEC’s views on various topics.  This time, the SEC addressed, what it believes to be, inconsistent disclosures on European sovereign debt holdings.  The SEC reminds registrants, particularly bank holding companies, of their obligations to identify known trends or known demands, commitments, events, or uncertainties in their MD&A.  Generally, the SEC expects supplemental disclosure to be provided by country, segregated between sovereign and non-sovereign exposure, and financial statement category.  Registrants must focus on countries that are “experiencing significant economic, fiscal and/or political strains such that the likelihood of default would be higher than would be anticipated when such factors do no exist.”  In addition, the SEC expects to see additional risk factors addressing European sovereign debt exposure and heightened disclosures in the market risk discussion.

For a more detailed outline of what disclosure is relevant and appropriate, click here to view the SEC’s complete guidance.