The “Risk Factors” section of any disclosure document is vital to the protection of the issuer. Generations of securities lawyers and accountants have worked into the night to develop lists of risks that would make any sane potential investor run away screaming. Most of us have seen innumerable examples of conventional risk factors like competition, legal and regulatory changes, impact of the loss of key personnel and others. Many of these risk factors are virtually identical regardless of the issuer’s industry space, and it’s doubtful that many readers of disclosure materials pay much attention to these risk factors.
The new breed of public technology companies, however, present some novel and interesting risks. The disclosure of these risks still strives to protect the issuer and give the potential purchaser the relevant information necessary to make an informed investment decision, but they focus on areas that are quite different from the disclosures used by more conventional companies. These technology company disclosure documents still contain many conventional risk factors, but it’s interesting to see the new areas that are considered material risks for these companies.
Here are several of the key items that been used as material risk factors in recent technology company disclosure documents filed by prominent technology companies:
Data Security. This is a very hot issue for most technology companies these days, especially in the social media space. Facebook is a great example, as it has data from close to 900 million users. LinkedIn has similar dynamics and issues on a smaller scale. A data breach for any of these companies would have huge legal ramifications, as state, Federal and international regulatory authorities and private plaintiffs would quickly react. LinkedIn recently experienced these negative ramifications first hand as it was sued for $5 million in connection with its recent data breach. The potential damage to a company’s brand and credibility could also be significant. Click here for language from the Facebook prospectus and the LinkedIn prospectus as good examples. The SEC also offered some guidance on this topic in “CF Disclosure Guidance Topic No. 2 – Cybersecurity”.
Changes in Laws. This is a prominent risk factor in any disclosure document, but it has a new face in technology disclosure. The applicable laws and regulations that govern technology companies are very new and are constantly evolving, and their potential effects are difficult to gauge. It is challenging to predict how laws will change or what new laws may be enacted to govern the novel situations that technology companies regularly encounter. Such areas as data security, user privacy, consumer protection, taxation, protection of minors and online payment activities are all areas of significant potential risk for technology companies. Facebook and Zynga have good risk factors here and here.
Intellectual Property Lawsuits. All companies are subject to claims and litigation regarding their use of intellectual property, but technology companies encounter some very challenging and critical situations. When a business depends heavily (or entirely) on certain technologies for its business operations and its tactical and strategic advantages, any such challenge strikes at the heart of the viability of the business. The recent rise of “patent trolls” and other parties that attempt to purchase and hold intellectual property purely as a negotiation (some would say extortion) advantage has made this situation much worse. The language used by Zynga, LinkedIn and Facebook are good examples of how companies are handling this situation.
Liability from User-Generated Content. This is an interesting and novel risk area that hits social media companies very hard. Potential areas of liability here include defamation, infringement on intellectual property and violation of privacy rights. Any social media company relies heavily on content generated by its users. In Facebook’s case, this means that at any one time almost 900 million users could be generating their own content on a regular basis (some will do this more than others, of course). While social media sites attempt to control and police this content, it is impossible to completely regulate it. In any case, many of a company’s remedies here can only be used after the content is already posted and the damage is done. There are certain immunities available that offer some protection for this user-generated content, but risks are still present. Even if the company avoids legal problems and liability, substantial costs will still be incurred. The Facebook prospectus discusses these risks and specifically identifies international venues as a concern. Groupon also identified this area as a risk.
Use of Mobile Platforms and Other Forms of Access. The ways in which users access technology company sites has created significant challenges for these companies. This has been especially challenging to social media companies such as Facebook and LinkedIn. There has been a rapid and substantial movement by consumers to use mobile devices, such as smartphones and tablets, to access these social media sites. Since many of these companies use advertising as a primary source of revenue, they have been forced to quickly develop ways in which their advertising models can be viable and effective when used on these mobile devices. This has not worked well for many of these companies, and Facebook in particular has been hit with substantial criticism for its failure to develop a plan to successfully develop a mobile advertising strategy. Click here and here for a discussion of these risks for Facebook and Zynga.
Changes in Search Engine Methodologies. Many technology companies depend to some degree on the results of searches on such search engines as Google and Bing to drive traffic to their websites. Companies expend significant amounts of time and money to maintain high positions in any such search results. Any change or modification in these search methodologies could have a quick and dramatic effect on the number of visitors to a website. LinkedIn identified this as a particular concern.
Credible Measurement of Performance Metrics. Many social media companies such as Facebook rely heavily on advertising as a revenue source. As with any business that depends on the sale of advertising, advertisers will demand detailed metrics and analytical data that demonstrate the effectiveness of the potential advertising. Collecting these metrics and demonstrating their credibility is often difficult for technology companies because of the nature of their user bases – the people who access these sites are spread out over a wide network of computers and mobile devices. Facebookidentified this as a significant risk in connection with its advertising revenue.
Inability to Successfully Scale Business Operations. The continued viability of many technology companies largely depends on their ability to quickly increase their business operations in a variety of markets. This is easier in some ways for technology companies because they don’t have to make the large brick and mortar investments that an expanding conventional company would encounter, but this is also a potential problem. The technology that is vital to these new companies’ operations has proven to be difficult to scale in some situations, thus impairing the companies’ ability to achieve rapid growth. LinkedIn identified this as a risk factor here. Management of rapid growth is also a potential problem as identified by Zynga.