This update is a publication of Stoel Rives LLP for the benefit and information of our clients and friends. This update is not legal advice or a legal opinion on specific facts or circumstances. The contents are intended for informational purposes only. Copyright 2014.

October 15, 2014
 

1. The SEC reminded everyone that, yes, it cares whether you timely file your Section 16 reports, by announcing enforcement actions against 28 Section 16 filers and six public companies here. Some tie the unprecedented enforcement action to SEC Chair White’s “broken window” enforcement strategy (see here), which she described a year ago here. Perhaps most ominously, the SEC’s release notes it used “quantitative analytics” to identify violators, which sounds suspiciously like it is using math to catch scofflaws. And nothing scares people more than the use of math to enforce laws they apparently didn’t think were a big deal.
    
2. The SEC also emphasized that broker-dealers can’t blindly rely on customer orders when selling securities in an unregistered transaction, issuing both an alert, here, and new FAQs, here.
    
3. Cybersecurity will continue to be a hot topic as long as large corporations suffer data breaches (see, e.g., here and here) and, obviously, as long as celebrities’ nude photos are stolen from their phones (see here . . . calm down, it’s a link to a CNBC article). In celebration of National Cyber Security Awareness month (seriously, here), a few recent resources:
   • Verizon’s 2014 Data Breach Investigations Report, which has a goal of presenting actionable information to limit your risks and which also has some punchy writing, is available here.
      
   • A report noting that over 50% of banks don’t disclose cybersecurity risks in their SEC filings is here.
      
   • The Multi-State Information Sharing and Analysis Center, which provides early cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response, and, more significantly, a color-coded threat level (“blue” as of October 15) is here.
      
   • A message to directors, where the proverbial cyber risk oversight buck stops, that should terrify is here.
      
   • Transcripts from a few webcasts from The Corporate Counsel (members only) are here (Cybersecurity Role-Playing: What to Do and Who Does What, When) and here (Cybersecurity: Working the Calm Before the Storm).
      
   • Finally, on a micro-level, expect your next credit card to be a chip and pin card (see here), which, in addition to better security, will allow you to purchase gas in France, if you ever find yourself there and in need of gas. Say, outside of Strasbourg at 11 p.m. With your spouse, two teenage sons and a grumpy four-year old. (Because trust me, your swipe card won’t work.)
      
4. As we await SEC action on a myriad of JOBS Act items (Crowdfunding, Regulation A+, and additional Rule 506 process rules), note that the SEC posted a revised CDI describing how to limit internet communications to permit intrastate offerings, essentially by using in-state IP addresses to ensure out-of-state internet users are excluded. Some see renewed hope for intrastate offerings based on the revisions, see here, and others question whether the CDI provides guidance that can be implemented in a meaningful way, see here.
    
5. In Finnerty v. Stiefel Labs, here, the 11th Circuit Court of Appeals found a corporation had a duty to disclose preliminary sale negotiations to update prior representations that the corporation intended to stay private. Briefly: plaintiff Finnerty put shares back to Stiefel Labs a few months before Stiefel was sold. Had he held his shares, Finnerty would have made about four times as much on his stock sale. Stiefel’s rehearing request, in which it argued that the ruling requires a company to choose between disclosing preliminary sale negotiations and its fiduciary duty to maximize value for shareholders, a commonly cited reason for keeping negotiations confidential, was denied. Commentary is here. The SEC’s amicus brief, in which it argues that misrepresentations can be deceptive whether or not there is a duty to disclose and that the court can rule in plaintiff’s favor without holding that pre-merger discussions are material as a matter of law, is here. (The SEC has been pursuing securities fraud charges relating to Stiefel’s stock valuations and buy-back program since 2011, see here). Almost the inverse of the Finnerty holding, the Ninth Circuit Court of Appeals recently reminded us, here, that Section 10(b) and Rule 10b-5 do not impose a duty to disclose all material information and that “silence, absent a duty to disclose, is not misleading.” The Court continued to hold that a duty to disclose under Item 303 of Regulation S-K does not automatically mean that failing to disclose forms the basis for a 10b-5 claim, since the materiality standards for disclosure under those two rules differ.
    
6. Institutional Shareholder Services posted its policy survey results here. Commentary on the results is here, and commentary about proxy trends and how ISS and Glass Lewis engage with issuers and develop their policies and recommendations is here.
    
7. The blog-o-sphere is abuzz with chatter about the “game-changing” awards to SEC whistleblowers, in one case because of the size of the award ($30 million!) and in another because of the nature of the whistleblower (an internal compliance person at a company that didn’t fix an identified problem). The SEC’s releases on these awards are here and here. Some commentary about the awards is here, here and here. Other whistleblowing items:
   • A discussion of Wall Street whistleblowing, and reporting to the New York AG’s office as an alternative, is here.
      
   • A research paper suggesting whistleblower programs have no measurable impact on the outcome of enforcement actions is here.
      
   • A suggestion that whistleblower bounties under the Financial Institutions Reform, Recovery, and Enforcement Act (FIRREA) may increase above the current $1.6 million cap (chicken feed, we know) is here.
      
8. Plain English is not a new topic, by any means, but we were both amused and chagrined at The Wall Street Journal’s article on SEC “plain English” comments to securities filings, here. Amused because, as drafters of registration statements, we too suffer through drafting sessions where investment bankers vie for who can stuff the most adjectival superlatives into a sentence and bat nary an eye at overusing “innovative” because that is “what The Street expects.” Chagrined because now we’re worried that we come off as poorly as the SEC reviewer who snarkily questioned whether a restaurant’s claim that meals were prepared fresh daily extended to potato chips, which were on the restaurant's menu and which the reviewer also suggested could not possibly reflect “traditional Mediterranean cuisine 100 years ago.” (But which do, at least, merit their own Facebook page, here). Yikes.