Home » Disclosure

Category: Disclosure

SEC Proposes Changes to Public Company Disclosure Regime

 The SEC has proposed significant changes to the disclosure requirements for public companies, including how a registrant describes its business, its legal proceedings and risk factors.  When describing the business (Item 101), the proposal would move to a more principles-based disclosure regime focused on material information a registrant should disclose rather than a list of topics.  The new disclosures should also include a discussion of how the management of human resources affects the business.  The proposal also would require a narrative about the effect of government regulations on a company’s capital expenditures, earnings and competitive position.  There will be a 60-day comment period following publication.

It’s always good to focus disclosure on the material issues.  However, every SEC administration trumpets a goal of “improving disclosure.”  This effort may be like putting a coat of paint on a structurally defective house to prepare it for sale.  The issue for public companies is not how the lawyers should interpret Item 101, but the onerous compliance and regulatory obligations that may discourage private and non-U.S. companies from accessing the public markets. 

Tech Company Fined $5.1 Billion for Failing to Disclose Customer Data Violations

The SEC fined a large technology company $100 Million for misleading shareholders in public filings about breaches of its policies protecting user information.  The firm was also fined $5 Billion by the FTC.   According to the SEC, the firm knew in 2015 that a researcher had violated its policies by obtaining and transferring confidential user data to a third party research firm.  Regardless, the defendant’s public filings for the next two years presented the risk of misappropriated data as hypothetical even though the researcher had already transferred the data and admitted the scheme to the defendant.  The SEC charged the company with violating the securities laws by issuing several misleading public filings.

Last February the SEC issued cybersecurity guidance to public companies about their obligations to fully disclose cybersecurity risks and incidents.  If public companies didn’t take the SEC seriously then, we expect that the combined $5.1 Billion in fines will garner attention.  For asset managers and broker-dealers, in addition to implementing required customer data protections, they must also consider their disclosures in Form ADV and Form BD as well as any relevant offering documents. 

Federal Court Says that Outside Advice is Not a “Get-Out-of-Jail-Free Card”

The United States Court of Appeals for the D.C. Circuit upheld the SEC’s decision that an investment adviser failed to fully disclose mutual fund revenue sharing even if it sought and relied on the advice of outside compliance consultants. The Court found that the adviser acted negligently by failing to fully disclose the conflict of interest inherent by receiving shareholder servicing payments for investing in certain funds offered by its broker/custodian. Although the record was unclear about whether the adviser sought or relied on an outside compliance consultant’s advice, the Court decided that it didn’t matter because “any reliance on such advice was objectively unreasonable because [the adviser] knew of their fiduciary duty to fully and fairly disclose the potential conflict of interest.” The Court did, however, throw out the SEC’s claim that the adviser intentionally filed a misleading Form ADV, because the SEC failed to show that the adviser acted with the requisite intent to deceive.

As we have previously reported, this case argues in favor of seeking outside advice because it will help defend against the claim that you acted with intent, which would draw more punitive penalties. However, the Court here makes clear that relying on outside advice, even though you (should) know otherwise, will not exonerate you from claims that you acted negligently.

SEC Proposes Streamlining Financial Information for Fund Acquisitions

The SEC has proposed modernizing the financial information for acquisitions and dispositions, including the acquisitions of investment companies. Proposed changes to Regulation S-X and Form N-14 include eliminating certain pro forma financial statement requirements and changing the “significant subsidiary” test. The proposal also includes specific reporting rules for investment companies rather than relying on financial statement requirements generally applicable to the acquisition of operating companies.

Revising the investment company acquisition process should facilitate legitimate transactions while ensuring that shareholders receive relevant, rather than voluminous, financial information.

Hedge Fund Seeding Platform Over-Allocated Internal Expenses

The hedge fund seeding platform created by a large asset manager agreed to pay over $2.7 Million in disgorgement, interest and penalties for over-allocating internal expenses.  The respondent created private equity funds to invest in third party hedge fund managers.  The firm then created an internal group of employees tasked with helping hedge fund managers in which the funds invested to attract new capital, launch products and optimize operations.  Pursuant to their organizational documents, the funds would pay up to 50 basis points for these activities.  The SEC charges that the respondent allocated all the group’s compensation expenses to the funds even though they spent a portion of their time on activities that benefitted the fund sponsor and unrelated to the enumerated activities.   The SEC faults the firm for failing to implement appropriate compliance policies and procedures and for making material misstatements.

Do not charge expenses to managed funds unless the organizational and disclosure documents are absolutely clear that the funds will bear the expenses.  When doing internal expense allocations, always err to the side of benefitting the fund rather than the fund manager. 

RIA Platform Failed to Disclose Mutual Fund Revenue Sharing

 

An investment adviser platform was fined and censured for receiving fund revenue sharing from a custodian and clearing firms it recommended without proper disclosure.  The platform had more than 150 independent investment adviser representatives and 200 registered representatives working out of more than 100 offices.   The SEC criticizes weak disclosure that failed to fully describe the conflict of interest when the firm recommended a custodian that kicked back 2 basis points on assets.  The SEC also maintains that the firm violated disclosure, fiduciary and best execution obligations when it recommended mutual fund share classes that paid back 12b-1 fees to the firm and its reps when lower fee share classes were available.  The firm did not meet its obligations with vague website disclosure that described how the firm “may” receive compensation but failed to fully inform all clients about how fees were paid or calculated.

OUR TAKE: The RIA platform business is extremely competitive, with many firms competing to recruit successful RIA teams.  The real cost of an enforcement action like this is the reputational and competitive threat during the recruiting process.  Also, as platforms compete for business and margins shrink, the incentives to accept (questionable) revenue sharing increases.

Large Asset Manager Pays $97 Million for Over-Relying on Faulty Quant Models

 A large asset manager agreed to pay over $97 Million in disgorgement, fines and interest for over-relying and marketing faulty quantitative models and other portfolio management missteps.  The SEC maintains that the respondents rolled out registered funds and separate accounts based on un-tested quantitative models created by an inexperienced research analysist.  When the models failed to work as described to the Board and investors, the respondents discontinued their use without explanation or disclosure.  The SEC also accuses the firm of declaring dividends without proper disclosure of the percentage attributable to return of capital and for using third party performance data without verification.  The SEC charges violations of the anti-fraud rules, the compliance rule, and Section 15(c) of the Investment Company Act for lying to the funds’ Board.

OUR TAKE: This case reads like a cautionary tale for large firms trying to quickly roll out a product.  It appears that the portfolio management, marketing, legal, operations, and legal functions worked in silos, and, as a result, failed to properly vet or describe the products.  We recommend that firms create a cross-functional product assessment team that can ask the hard questions before launching a product.

Internet Company Pays $35 Million for Failing to Timely Disclose Hack of Customer Info

A large publicly traded internet media company agreed to pay a $35 Million fine and cooperate with investigators for failing to timely disclose a hacker breach of more than 500 million client accounts.  The SEC charges that the respondent waited nearly 2 years before disclosing the breach, during which time it filed misleading annual reports and Form 10-Ks and 10-Qs.  Additionally, the SEC accuses the company with filing a stock purchase agreement (as part of Form 8-K) that included misrepresentations about security breaches, thereby leading to a $350 Million reduction in the purchase price.  A senior SEC official advised: “Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”

OUR TAKE: When it comes to cybersecurity incidents, time is not on your side.  Because of the potential harm to clients and investors, it is better to provide immediate disclosure that will be followed up with additional information rather than waiting and thereby compounding the potential harm.  Hacked firms must move quickly to investigate, assess, and remediate the harm to minimize damages.

 

Fund Manager to Pay $3.6 Million for Failing to Fully Disclose Securities Lending Benefits

 

A large mutual fund manager agreed to pay $3.6 Million in disgorgement, interest, and penalties for failing to disclose that affiliates would receive tax deductions that would deprive fund investors of securities lending income.  The fund manager told investors and the Board that it would engage in discretionary securities lending and told the Board that affiliates could benefit from certain tax deductions.  The SEC faults the respondent for failing to tell either investors or the Board that it might recall securities before the dividend record date, which allowed affiliates to take a dividend received deduction and deprived the fund and its shareholders of additional securities lending revenue.  The SEC cites violations of the Advisers Act’s antifraud rules, acknowledging that proof of intent is not required and that such charges “may rest on a finding of simple negligence.”

OUR TAKE: This type of fraud charge based on simple negligence looks a lot like the type of “broken windows” enforcement cases that former SEC Chairman Mary Jo White championed.  The SEC does not allege that fund investors would have made a different investment decision if it included the SEC’s enhanced disclosure.  The conflict of interest makes the disclosure insufficient notwithstanding any effect on investors.

https://www.sec.gov/litigation/admin/2018/34-82837.pdf

SEC Issues Cybersecurity Compliance and Disclosure Guidance

The SEC has issued cybersecurity guidance that directs public companies to adopt effective disclosure controls and procedures and overhaul their disclosure about incidents and threats.  The SEC believes that public companies should adopt and implement cybersecurity risk management policies and procedures that ensure timely disclosure, internal reporting, processing of risks and incidents, and prevention of insider trading.  The SEC also admonishes public companies to review all public disclosures including the materiality of incidents and security, risk factors, MD&A disclosure, business description, legal proceedings, financial statements, and board risk oversight.  Firms should also consider disclosing past incidents “in order to place discussions of these risks in the appropriate context.”  The SEC believes that “the importance of data management and technology to business is analogous to the importance of electricity and other forms of power in the past century.”  The SEC said that it will be reviewing cybersecurity disclosures.

OUR TAKE: We expect institutional investors will add similar cybersecurity inquiries into their Operational Due Diligence processes before choosing an investment firm.  So, even if you do not work for a public company, you should consider implementing the SEC’s recommendations.