SEC reminds you to have a disaster recovery planAlmost 10 months since Superstorm Sandy caused widespread destruction to the northeastern U.S., an area not known for frequent hurricane activity, the people and businesses affected have still not fully recovered. As we now reenter the peak of hurricane season, businesses along the eastern seaboard are probably taking a closer look now than in years past at their disaster preparedness in light of last year’s events. The impact of Hurricane Sandy was certainly not limited to the U.S. In reality, there were global implications as, for example, U.S. equity and options markets were closed for two full trading days following the storm. As a result, the SEC, FINRA and the CFTC undertook a joint review of their individual business continuity and disaster recovery planning. Last week, on August 16, these three regulatory agencies issued a joint release outlining some lessons learned and best practices noted in their investigations and review.

The release focused on a number of specific areas including:

  • Widespread disruption considerations;
  • Alternative locations considerations;
  • Vendor relationships;
  • Telecommunications services and technology considerations;
  • Communication plans;
  • Regulatory and compliance consideration; and
  • Review and testing.

The primary motif in the release was that
Continue Reading Hurricanes, flash freezes and other disasters – plan and disclose accordingly or you may be hearing from the SEC

New platform for private companiesNasdaq OMX Group, Inc. announced today that it will enter into a joint venture with SharesPost, Inc. to form a marketplace for the trading of shares of unlisted companies. This is an interesting and cutting edge move that solves some problems for both Nasdaq and SharesPost. This new marketplace should be very positive for rapidly growing and large private companies which want to allow some trading in their shares but which are not ready to become publicly traded companies. It will also give investors opportunities to buy the shares of large private companies before the shares of these companies become publicly traded. According to a Nasdaq press release issued today this new marketplace, which will be called The Nasdaq Private Market, will “provide improved access to liquidity for early investors, founders and employees while enabling the efficient buying and selling of private company shares”. 

Nasdaq will own the majority of and will control this joint venture, but the joint venture will use SharesPost’s existing trading platforms and infrastructure. The joint venture will be run by SharesPost founder Greg Brogger. Depending on the speed of regulatory approval, this new market for unlisted shares could be operational later this year. 

This move makes good sense for Nasdaq because it should help them to begin to rebuild their credibility with up and coming companies and the technology industry. These market segments have traditionally been Nasdaq’s strength, but Nasdaq has been losing company listings (even from technology companies) to the NYSE and other exchanges. Nasdaq’s problems in attracting new technology company listings may be due to the significant negative issues that occurred in the initial public offering of Facebook’s shares last year. Nasdaq took a huge hit to its credibility as it was roundly blamed and criticized for the technical glitches that occurred with the Facebook offering. Some estimates say that major market makers and broker dealers lost more than $500 million in the Facebook IPO because of Nasdaq’s technical glitches. Nasdaq will also soon feel the economic effects of this matter as it reportedly offered as much as $62 million to settle associated claims and it now faces a possible $5 million fine from the SEC. For a good discussion of the current status of Nasdaq’s Facebook offering woes, see Charlie Osborne’s post on ZDNet

This new relationship should also be very beneficial to SharesPost. SharesPost, which began operations in 2009, experienced substantial success in facilitating trading of shares of unlisted companies. The company provided the platform for trading in unlisted securities of high visibility technology companies such as LinkedIn and Facebook before these companies’ securities became publicly traded. SharesPost eventually encountered regulatory scrutiny, however, and the SEC brought an action against the company for failure
Continue Reading Potential good news for growth companies: Nasdaq to set up new private market for unlisted stocks

Cybersecurity legislationSenator Jay Rockefeller (D., West Virginia), the most vocal proponent of cybersecurity legislation, has renewed his focus on cybersecurity legislation. He has sponsored previous cybersecurity-related legislation, but has been unable to implement any meaningful legislation in this area. His prior sponsorship of the proposed Cybersecurity Act of 2012 initially seemed to draw support in the Senate, but it encountered strong opposition from the United States Chamber of Commerce. The Chamber strongly criticized this proposed legislation and went so far as to state that the Chamber would include senators’ votes on this proposed legislation in its annual “How They Voted” survey. In any case, this proposed legislation was not passed in 2012. 

One of the strongest aspects of the Chamber’s resistance to this proposed legislation was the assertion that American companies would be strongly opposed to the legislation.  To confirm the positions of American companies on this issue, Senator Rockefeller sent a letter to the CEOs of all Fortune 500 companies on September 19, 2012. The Senator’s office has now received responses to this letter and the majority staff summarized them in a January 28, 2013 Memorandum

Approximately 300 companies responded to the Senator’s letter. The companies that responded were predominantly larger members of the Fortune 500. According to the Staff Memorandum, the overall responses of the companies were favorable to potential cybersecurity legislation (with some important caveats). 

Based on the Staff Memorandum, there appears to be general support from the responding companies for a voluntary cybersecurity compliance program. The companies’ main objections appear to be concern about the
Continue Reading Cybersecurity legislation continues to move forward

hacking a computerCybersecurity issues continue to be a hot topic for companies. As discussed in my prior blog posts, “Get ready for increased cybersecurity disclosure requirements” and “SEC pushes for disclosure of hacking incidents”, the SEC continues to focus on cybersecurity and data breach items and has now begun to encourage public companies to disclose them, even in the absence of applicable rules or regulations. The only official guidance from the SEC on cybersecurity disclosure continues to be the disclosure guidelines provided in October, 2011 in CF Disclosure Guidance:  Topic No. 2 – Cybersecurity (the “Release”). 

There has been some important movement on cybersecurity issues outside of the SEC. While this does not directly pertain to disclosure of these items, public companies should pay close attention to these developments since they may provide some valuable guidance in this area. These developments also confirm the importance of cybersecurity issues and support my position that the SEC will probably soon mandate additional disclosure requirements for cybersecurity items. 

On September 19, 2012 Senator John D. Rockefeller IV (D, West Va.) sent a letter to the CEOs of all Fortune 500 companies posing questions about these companies’ cybersecurity policies and related issues. His letter asked these companies to evaluate their roles and responsibilities in connection with cybersecurity legislation and reform and to work with the Federal government to successfully enact cybersecurity legislation. Responses to this letter are voluntary, but it is likely that most of these companies will respond in some fashion. The companies’ responses were requested by October 19, 2012. 

Senator Rockefeller has long been a very strong proponent of cybersecurity legislation, and he is clearly frustrated with the lack of progress in this area. He was instrumental in the introduction of both the Cybersecurity Act of 2010 and the Cybersecurity Act of 2012, both of which failed to gain Senate approval. The proposed Cybersecurity Act of 2012 was defeated by a filibuster in August 2012, and in his letter Senator Rockefeller attributes this filibuster to opposition from business and trade groups, particularly the United States Chamber of Commerce. He has supported President Obama’s proposed use of an executive order to enact cybersecurity protection outside of the legislative process, and he references this in his letter. Based on the language of his letter, however,
Continue Reading Cybersecurity issues continue to draw attention

cybersecurity intrusionA number of well-known companies, including Zappos.com, Google, Quest Diagnostics, Eastman Chemcial and AIG, have recently experienced actual or potential intrusions into their computer systems and related confidential data. Some of these incidents have been active criminal attacks by sophisticated hackers, while others have resulted from situations such as lost or stolen laptops. The frequency and severity of hacking incidents have been steadily increasing.  In fact, virtually all companies today are subject to the risks of such incidents due to the widespread use of Internet and information technology. The advent of a substantial mobile workplace with workers accessing data remotely through smartphones, tablets, laptops and other devices has also multiplied companies’ risks in this area.  

As the risks have increased, the SEC has been recently increasing the pressure on public companies to disclose “hacking” and other cyberintrustion incidents in their regulatory filings. There are still no SEC rules governing such disclosure, but I believe that this has clearly become a high priority disclosure item. I also foresaw these increased cybersecurity disclosure requirements in my prior blog post (“Get Ready for Increased Cybersecurity Disclosure Requirements”). Public companies that experience a hacking or other cyberintrustion incident should carefully review the recent actions taken by the SEC and other public companies that have experienced these incidents.

The SEC took a major step in encouraging disclosure of hacking and other cybersecurity items with its issuance of “2011 CF Disclosure Guidance:  Topic No. 2 (Cybersecurity)” (the “Release”) in October 2011. This Release only provided general guidance on disclosure of cyberincidents. The SEC has not yet developed any rules or regulations on cybersecurity or hacking incident disclosure, although we believe that such rules and regulations will be enacted at some point soon. In any case, based on recent events it appears that the Commission is strongly encouraging such disclosure despite the lack of existing rules and, in some cases, engaging in de facto rulemaking.

Companies tend to resist disclosure of hacking incidents for several
Continue Reading SEC pushes for disclosure of hacking incidents

Following up on my post on the subject, I had the opportunity to speak with Colin O’Keefe of LXBN regarding the Facebook/Instagram deal.  In the brief interview, I explain how things have changed since Facebook’s IPO and what, if anything, that meant for the deal’s fairness review with the California Department of Corporations.

Following up on my post on the subject, I had the opportunity to speak with Colin O’Keefe of LXBN regarding the Facebook/Instagram deal.  In the brief interview, I explain how things have changed since Facebook’s IPO and what, if anything, that meant for the deal’s fairness review with the California Department of Corporations.

California Department of Corporations, One Sansome Street, San Francisco

We previously blogged about the potential liability for Facebook, Inc. directors if the company paid too much for the social media start-up company Instagram. Recall that in April, Facebook agreed to acquire Instagram for, at the time, approximately $1 billion with the consideration payable 30% in cash and 70% in Facebook common stock (now, due to the decrease in Facebook’s share price from the stipulated price of $30 per share, the deal is only worth about $650 million). A recent NY Times Deal Book article points out that if the deal fixed the total purchase price rather than the number of shares to be issued, Instagram would have gotten a much better deal due to the depressed Facebook share price. Given the declining share price of Facebook stock, is Facebook’s reduced consideration still fair to Instagram’s shareholders? This is exactly the question that will be determined by the California Department of Corporations which will be conducting a fairness review of the acquisition this Wednesday.

The purpose of this fairness hearing is to allow Facebook to take advantage of a lesser-known exemption from registration under the Securities Act of 1933 known as the “3(a)(10) exemption.” Because Facebook is issuing securities in connection with the Instagram acquisition, the 23 million shares to be issued are required to either be registered or they must be exempt from the registration requirements of the Securities Act. The 3(a)(10) exemption allows companies to issue securities in an exchange transaction without registration provided that either a court or designated state agency finds that the transaction is fair to the recipients of the new securities. This exemption was popular during the tech boom and has both advantages and disadvantages when compared with the most common exemption provided by Rule 506 of Regulation D promulgated under the Securities Act. 

Most smaller companies tend to offer and sell securities on an exempt basis because of the substantial costs of conducting a registered offering. There are a laundry list of exemptions but only a few are of much practical use. Most exempt offerings are structured to take advantage
Continue Reading Is Facebook’s acquisition of Instagram fair to Instagram shareholders?

More interesting times have arrived for holders of Facebook stock. The stock, which has been brutally beaten down from its IPO price, faces new challenges as the “lockup” restrictions (which have been in place since the IPO) began to expire on August 16. This means that a significant number of Facebook shareholders are now able to sell their shares in the open market, and significant numbers of Facebook shares will be freed from these restrictions over the next few months. The sale of a substantial number of Facebook shares could obviously drive the stock price down even more. The big questions now:  Who will or won’t sell their stock as these restrictions lapse?

This situation is also a great lesson for entrepreneurs who are contemplating the possibility of taking their companies public. Most observers thought that Facebook’s IPO was a certain success, but so far it’s been a very tough road. One big concern here is that the problems that Facebook has faced with its transition to public company status will divert management’s attention from the company’s business tactics and strategy at a very critical time. 

Facebook went public at a price of $38 per share. Many observers felt that this price was too high, and the market apparently agreed. The stock has not been back to its IPO price since the first day of trading, and its closing price on August 17 was $19.05 per share (a 49.9% decline from the IPO price). The stock price went below $19.00, but has since rebounded to close at $19.44 today. In any case the company has lost almost half of its market value since the IPO. Even at this reduced price the stock is still trading at about 30 times projected next years’ earnings. It’s interesting to note that Google and Apple currently trade at 12 to 13 multiples, so Facebook’s stock is still very highly valued even after its decline.

Lockup restrictions on stock sales by insiders and other parties are normally demanded by underwriters as part of the IPO process. These restrictions help to reduce volatility in the market price of a newly public company’s stock, and they help to ensure that existing shareholders
Continue Reading Significant stock price questions loom as Facebook lockup restrictions begin to lapse

It is a basic tenant of corporate law that directors of a corporation are not liable for business decisions as long as the directors acted with a reasonable level of care in making these decisions. This is referred to as “the business judgment rule.” Because directors are not guarantors of corporate success, the business judgment rule specifies that a court will not review the business decisions of directors who performed their duties (1) in good faith; (2) with the care that an ordinarily prudent person in a like position would exercise under similar circumstances; and (3) in a manner the directors reasonably believe to be in the best interests of the corporation. As part of their duty of care, directors have a duty not to waste corporate assets by overpaying for property (e.g., 100% of the stock of a target company in an acquisition) or employment services. The business judgment rule is very difficult to overcome and courts will not disregard it absent, among other things, a showing of fraud or misappropriation of corporate funds.

One of the landmark cases in this area of law was Smith v. Van Gorkam, which was decided by the Delaware Supreme Court in 1985. In that case, the board of directors of TransUnion approved a merger with Marmon Group without consulting outside experts as to the fairness of the price to be paid to TransUnion shareholders, rather, the board relied on the recommendations company’s CEO and CFO, neither of whom made any substantive attempt to determine the actual value of TransUnion. Additionally, the board did not inquire as to the process used by the CEO and CFO in determining the merger consideration. As a result, the Delaware Supreme Court found that the directors of TransUnion were grossly negligent in carrying out their fiduciary duties to the company. Because of this, the board was found not to have satisfied their duty of care and were therefore not entitled to the presumptions and protections of the business judgment rule. Ultimately, the TransUnion board agreed to pay $23.5 million in damages resulting from their fiduciary duty breaches.

The facts of Facebook’s recently announced acquisition of Instagram (as reported by the Wall Street Journal) are strikingly similar to the Van Gorkam case. Allegedly, Facebook’s CEO Mark Zuckerberg and Instagram’s CEO Kevin Systrom worked out the details of the acquisition privately over the course of 3 days at Mr. Zuckerberg’s home. Once the details were finalized for the $1 billion acquisition, the deal was presented, without notice, to the Facebook board of directors who approved the deal, likely without outside expert advice as to the fairness of the transaction. According to several reports, the board vote was largely symbolic because Zuckerberg has control of 57% of the voting power of the company. Facebook directors were likely put in a precarious
Continue Reading Could directors be personally liable if Facebook paid too much for Instagram?