US DEVELOPMENTS

SEC and NYSE/Nasdaq Developments

SEC Adopts Interpretive Guidance on Cybersecurity Disclosures

On 21 February 2018, the Securities and Exchange Commission (SEC) released new interpretive guidance on public company disclosures regarding cybersecurity risks and incidents. The new interpretive guidance, which reinforces and expands the guidance provided by the staff of the Division of Corporation Finance of the SEC on 13 October 2011, outlines the SEC's views regarding disclosures by public companies relating to cybersecurity risks, events and incidents under existing securities laws. It also outlines the SEC's views regarding the importance of appropriate disclosure controls and procedures, insider trading policies and selective disclosure safeguards in the context of cybersecurity incidents.

Although the interpretive guidance makes clear that the SEC views cybersecurity as a key disclosure matter, it does little to provide public companies with specific guidance on SEC expectations for what is required to be disclosed and when. The interpretive guidance does, however, present the following views of the SEC:

  • Public companies should be describing the role that boards of directors have in cybersecurity-related risk management to the extent those risks are material to their businesses.
  • Public companies should maintain adequate disclosure controls and procedures so that individuals responsible for disclosures are promptly alerted of cybersecurity incidents and a timely materiality and disclosure assessment can be made. Existing controls and procedures should be revisited to confirm their adequacy, and officers preparing certifications of periodic reports should consider the adequacy when providing such certifications.
  • Public companies should have policies and procedures that restrict the ability of officers, directors and other insiders from trading before a decision has been made regarding the materiality and the disclosure necessary for a cyber incident.

The interpretive guidance does not provide any specific disclosure requirements that explicitly refer to cybersecurity matters. The guidance instead reiterates that the disclosure requirements related to cybersecurity risks and incidents are based on the relevant disclosure considerations that arise in connection with any business risk. It may be appropriate to provide disclosure regarding cybersecurity in the context of the following:

  • risk factors;
  • operating and financial review and prospects (OFR);
  • description of the business;
  • legal proceedings;
  • financial statements; and
  • disclosures of boards of directors' role in risk management.

Companies are not required to make disclosures that compromise their own cybersecurity efforts or those of law enforcement. However, companies must disclose cybersecurity risks and incidents that are material to investors in a timely manner. Companies may, in certain circumstances, be required to disclose such risks and incidents even before the completion of an internal investigation. In addition to making new disclosures, companies may have to amend or update prior disclosures

In light of the guidance, companies should also consider the following:

  • reviewing risk factor disclosures to ensure that the disclosures do not give the impression that the company has never been the target of, or subject to, a cybersecurity threat;
  • disclosing any material ongoing cybersecurity spending, whether defensive or responsive to an actual incident, in the OFR; and
  • engaging with the board regarding cybersecurity issues, specifically by reviewing with the board a summary of the interpretive guidance and reviewing the board's role in the oversight of cybersecurity matters.

While not expressly stating so, the interpretive guidance indicates that the SEC may be considering the following:

  • new rules that specifically mandate the content and the timing of cybersecurity-related disclosures; and
  • bringing the first enforcement cases against public companies related to inadequate cybersecurity disclosures or ineffective disclosure controls and procedures.

The SEC's interpretive guidance is available at:

Our related client publication is available at:

NYSE Introduces New Rules for Direct Listings

On 2 February 2018, the SEC approved the New York Stock Exchange's (NYSE) proposed rule amendments to facilitate non-IPO share offerings, or "direct listings," benefitting companies that wish to become public but do not need to raise capital.

A direct listing is an alternative to a traditional initial public offering (IPO). In a traditional IPO, the issuer engages one or more financial institutions to underwrite the offering and to assist the issuer in procuring purchasers for the shares and in pricing the offering. In a direct listing, however, shares are listed directly on an exchange without the involvement of underwriters.

Under the old rules, a company could directly list its shares on the NYSE only if the market value of the company's publicly held shares was at least $100 million based on an independent third-party valuation and the most recent trading price for the company's shares in a trading system for unregistered securities (the "Private Placement Market").

The amended rule eliminates the requirement that a company have common stock trading on a Private Placement Market. Instead, a company can now directly list on the NYSE if an independent third-party valuation determines that the market value of the company's publicly held shares is at least $250 million. The company must have an effective registration statement on file with the SEC and comply with other applicable NYSE listing requirements.

The new rules also:

  • provide standards to determine whether the third party providing the valuation is independent;
  • specify designated market-making requirements for directly listed shares in the event that the shares do not have a history of Private Placement Market trading;
  • provide for a reference price for directly listed shares; and
  • authorise the NYSE to declare a regulatory halt in securities that are the subject of an initial pricing on the NYSE and have been neither traded on an exchange or in an over-the-counter market immediately before pricing.

On 28 February 2018, Spotify Technology S.A. ("Spotify"), best known for its music streaming service, filed a Form F-1 in reliance on the new direct listing rules. Spotify has chosen to forego a traditional IPO despite the risks associated with a direct listing. These risks include an increased possibility of volatile early trading resulting from the lack of price discovery due to the fact that there are no underwriters to step in and stabilise the price. Spotify's direct listing will be a bellwether for whether direct listings can be a viable alternative to traditional IPOs.

The rule change is available at:

The NYSE information memorandum describing the rule change is available at:

PCAOB and Accounting Firm Employees Charged with Misuse of Confidential Data to Improve Firm's Inspection Results

On 22 January 2018, the SEC announced civil charges against six certified public accountants for their role in an alleged scheme to misappropriate confidential information from the Public Company Accounting Oversight Board (PCAOB) relating to the PCAOB's planned inspections of an accounting firm, so that the firm could use the confidential information to help it avoid poor inspections.

On the same day, the United States Attorney's Office for the Southern District of New York announced the unsealing of an indictment charging five of the six defendants in the SEC action with conspiracy and wire fraud for their participation in the alleged scheme. The sixth SEC defendant had previously pleaded guilty (and had agreed to settle the SEC's claims) and is cooperating with the Government's investigation.

Three of the defendants are former PCAOB employees. These defendants shared confidential information from the PCAOB with the other three defendants, who were employees of the accounting firm. The defendants who worked for the accounting firm used the confidential inspection information to adjust the results of audits that were set for inspection by the PCAOB with a view to obtaining favourable inspection results.

Our related client publication is available at:

SEC No-Action Letter Clarifies Securities Act Registration Exemption for Conversion to an SE

On 7 February 2018, the staff of the SEC's Division of Corporation Finance ("Staff") issued a no-action letter in connection with Constellium N.V.'s ("Constellium") proposed conversion to a European company (Societas Europaea, or SE). The no-action letter confirmed that the SEC would not recommend enforcement action if Constellium undertook the conversion without registration under the Securities Act of 1933 ("Securities Act"), in reliance on Securities Act Rule 145(a)(2).

Constellium's conversion to an SE would comprise oftwo steps:

  • First, Constellium would convert from a Dutch public company with its registered office in the Netherlands, to an SE governed by the laws of the Netherlands with its registered office in the Netherlands, pursuant to the European Council Regulation No. 2157/2001 ("Conversion"). The Conversion would require shareholder approval.
  • Second, Constellium would transfer its registered office from the Netherlands to France ("Transfer"). The Transfer, like the Conversion, would require shareholder approval.

Constellium acknowledged that both the Conversion and the Transfer trigger the registration requirements of the Securities Act. Under Securities Act Rule 145(a), an "offer, offer to sell, offer for sale, or sale" of securities occurs, thereby triggering the registration requirements, when "pursuant to statutory provisions of the jurisdiction under which [a] corporation . . . is organized, or pursuant to provisions contained in its certificate of incorporation or similar controlling instruments, or otherwise, there is submitted for the vote or consent of [the] security holders a plan or agreement for" a reclassification.

While Constellium intended to register the Transfer under the Securities Act, it sought no-action relief that the Conversion would not require Securities Act registration, on the basis that Securities Act Rule 145(a)(2) provides that registration is not required when "the sole purpose of the transaction is to change an issuer's domicile solely within the United States." Constellium pointed to a 2006 no-action letter, wherein the Staff found that the Rule 145(a)(2) exception applied when a German stock corporation organised under the laws of the Federal Republic of Germany converted to an SE.

The Staff agreed with Constellium's argument that the Conversion falls within the Rule 145(a)(2) exception and therefore does not require Securities Act registration. The Staff pointed to the following four facts in explaining its decision:

  • after the Conversion, Constellium will remain a public limited company, and its registered office will remain in the Netherlands;
  • the laws of the Netherlands will continue to apply to Constellium;
  • the Conversion does not effect a change in national jurisdiction or a change of Constellium's registered office or seat from one EU Member State to another; and
  • Constellium will register the Transfer on Form F-4.

The no-action letter is available at:

Nasdaq Proposes to Modify Shareholder Approval Rule

On 30 January 2018, the Nasdaq Stock Market ("Nasdaq") filed notice with the SEC proposing to amend Rule 5635(d) regarding shareholder approval for certain securities issuances. The current Nasdaq shareholder approval requirements were adopted in 1990, and the rule generally requires shareholder approval when a listed company seeks to issue common stock equal to 20% or more of its outstanding common stock or voting power in a private placement (i.e., a transaction other than a public offering) at a price less than the greater of book or market value.

Nasdaq Rule 5005 currently defines "market value" as the closing bid price. Due to a number of complaints made by investors that this figure is not transparent and does not always reflect the actual price at which a security has traded, the proposed change would modify the measure of market value to the lower of "(i) the closing price (as reflected on Nasdaq.com) or (ii) the average closing price of the common stock (as reflected on ) the closing price (as reflected on Nasdaq.com) or (ii) the average closing price of the common stock (as reflected on Nasdaq.com) for the five trading days immediately preceding the signing of the binding agreement." Furthermore, the proposed change would delete the reference to "book value" in response to comments that book value is an accounting measure based on the historical costs of assets, as opposed to current value, and therefore not an appropriate measure of the dilutive effect of a potential transaction.

The text of the proposed rule change is available on the Nasdaq's website at:

SEC Holds Its Annual SEC Speaks Conference

On 23 and 24 February 2018, the SEC held its annual SEC Speaks conference in Washington, D.C. This year's conference was centred around the key themes of accessibility, flexibility and transparency. Senior SEC leadership provided remarks illustrating the SEC's 2017 accomplishments and priorities for 2018 and beyond.

Chairman Jay Clayton delivered opening remarks and reflected on his first year leading the SEC. He emphasised a need to focus on financial institutions as a means of protecting the long-term investments of "main street investors." This year's highlights also included remarks from Division of Enforcement officials, who discussed recent cases as well as priorities for 2018, which are largely concentrated around the areas of cybersecurity, cryptocurrency and retail investment. Robert Cohen, chief of the SEC's new Cyber Unit, described the unit's priorities as well as early success indicators.

New Commissioners Jackson and Peirce described their regulatory approach, with Commissioner Peirce placing a strong emphasis on economic analysis and Commissioner Jackson expressing the importance of melding law and finance together in order to prevent another financial crisis. The Divisions of Corporation Finance and Investment Management discussed the current issues on their radars, both placing an emphasis on cryptocurrencies and block chain technology. The Chief Accountant for the SEC, Wesley Bricker, reported on the effects of the Tax Cuts and Jobs Act of 2017. Acknowledging the uncertainty likely to be faced by companies with regard to their financial disclosures, he recommended a "triage" approach for reporting, by identifying (1) the effects that have taken place, (2) the effects that are likely to occur and (3) those that have been assessed but not yet quantified.

The speech transcripts are available at:

To view the full article click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.