The SEC Division of Corporation Finance provided guidance on issuers' disclosure obligations concerning intellectual property and technology risks related to international business operations.
According to the Division, companies should expand their understanding of disclosure requirements to include risks resulting from compromised or stolen (i) data, (ii) technology, and (iii) intellectual property. The Division noted that although there is no "specific line-item requirement under the federal securities law," the agency still expects companies to make appropriate disclosure of these emerging risks.
The Division outlined potential risks for companies to monitor, including:
- cyberattacks on computer systems;
- physical theft by means of corporate espionage; and
- reserve engineering of products or components.
The Division also advised companies to:
- disclose the risks if material to investment and voting decisions;
- provide disclosures that help investors assess the risks "through the eyes of management";
- align the disclosures to the company's unique facts and circumstances;
- remember that a hypothetical disclosure of potential risk is not sufficient if the issuer's technology, data or intellectual property is or was previously compromised, stolen or illicitly accessed; and
- continue monitoring "this evolving area of risk."
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.