Securities Loss Prevention: Selective Disclosures and Internet Disclosures


The single greatest exposure for directors and officers of public companies is under the federal securities laws. Any effective D&O loss prevention program must focus to a large extent on minimizing that exposure. The following discussion addresses D&O loss prevention opportunities in two areas which are rapidly changing and therefore require updated and new loss prevention practices.

A. Selective Disclosure

Selective disclosure is the practice of disclosing information to one or more third parties prior to full dissemination of that information to the marketplace through press releases or other public disclosures. Typically, selective disclosure situations arise when D&Os discuss corporate information with analysts and institutional investors before the information is released generally to the investing public. For example, it has become commonplace for companies to conduct periodic closed conference calls with securities analysts to discuss company performance, prospects and other important information. There are strong and legitimate business reasons for these practices, which tend to nourish a symbiotic relationship between the company and the analysts that follow the company, thereby allowing the analysts to better serve their clients through access to information and an enhanced understanding of the company.

Generally speaking, the practice of selective disclosure is justified on the theory that only immaterial or insignificant information is being provided to analysts and other insiders. However, because the notion of materiality is rather vague, any disclosure with analysts that is not clearly within the realm of information publicly available runs the risk of violating securities laws.

Selective disclosure of material nonpublic information can create liability for the participating directors and officers under several theories, including illegal insider trading and illegal manipulative conduct in connection with the purchase or sale of securities. Little authority currently exists directly addressing liability exposures for selective disclosures. Some of the critical facts which will affect the D&O's potential liability are: to whom the information is selectively disclosed (i.e., whether it is reasonable to assume that the recipient of such information will use it for personal or client gain); what is disclosed (i.e., the materiality of the information and the degree to which it is considered "hard" factual information versus "soft" qualitative comments); and when the information is disclosed (i.e., the proximity and time between the selective disclosure and the full public disclosure by the company).

On August 10, 2000, the SEC adopted Regulation FD (for "fair disclosure"), with an October 23, 2000 effective date. This ground-breaking Regulation is intended to eliminate selective disclosure by requiring that whenever a company or certain persons acting on its behalf (including its senior management) discloses material non-public information to securities market professionals or holders of the company's securities who could be reasonably expected to trade on that information, the company must:

  • Simultaneously provide such information to the general public if the disclosure was intentional; or

  • Promptly provide such information to the general public if the disclosure was unintentional.

    The new Regulation applies to disclosures by a company's senior management, its investor relations professionals and others who regularly communicate with market professionals and security holders on behalf of the company. In addition, the Regulation only applies to disclosures to securities professionals (such as broker-dealers, investment advisors, certain institutional investment managers, investment companies, hedge funds and their affiliated persons) and shareholders of the company to the extent it is reasonably foreseeable that such persons will trade on the information. The Regulation does not apply to communications with the media generally, other insiders or communications with customers or suppliers in the ordinary course of business. In addition, the Regulation expressly excludes communications with the following groups of persons:

  • temporary insiders who owe the company a duty of trust or confidence, such as attorneys, accountants or investment bankers;

  • any person who expressly agrees to maintain the information in confidence; and

  • any entity whose primary business is the issuance of credit ratings, provided the information is disclosed solely for the purpose of developing a credit rating and the company's ratings are publicly available.

    For unintentional selective disclosures, the Regulation states that the "prompt" subsequent disclosure to the general public must occur within 24 hours after the unintentional disclosure or before commencement of the next day's trading on the New York Stock Exchange (whether or not the stock is actually traded on the NYSE), whichever is later. For example, if a senior official discovers an unintentional selective disclosure of material non-public information after the close of markets on Friday, the company will have until the beginning of trading on the NYSE on Monday to widely disseminate that information to the general public.

    If public dissemination of information is required, the Regulation permits public disclosure by issuing a news release, by filing the information with the SEC or by other methods that are reasonably designed to provide broad public access without excluding members of the public. A Website posting, without more, is unlikely to be sufficient, at least for now.

    Importantly, Regulation FD does not provide a private right of action to shareholders or others if it is violated. However, the SEC can bring an administrative, civil or enforcement action alleging violation of the Regulation. In addition, violations of the Regulation presumably can be used by plaintiffs in class actions as evidence of the defendants' allegedly manipulative conduct in connection with the disclosure of material information about the company.

    As a result of this new Regulation, companies must significantly change their practices regarding communications with analysts, including analyst conference calls. Now, material information disclosed in those analysts communications must be simultaneously disclosed to the public. The SEC offers the following as a model for companies to follow:

  • First, issue a press release, distributed through regular channels, containing the information. If a company is not widely followed, management should also file a Form 8-K to ensure public dissemination.

  • Second, provide adequate public notice, by a press release and/or Website posting, of a scheduled conference call to discuss the announced results, giving investors both the time and date of the conference call, and instructions on how to access the call.

  • Third, hold the conference call in an open manner, permitting investors to listen either by telephonic means or through Internet webcasting. The SEC suggests that issuers should consider providing a means of making the information available for "a reasonable period of time" after the meeting. In many cases, a transcript or audio replay of the conference is included on the company's Website for this purpose.

    In addition, senior management who participate in the conference call should be well informed regarding the nature and extent of information already disclosed to the public and should not disclose additional material information in the analysts' conference call. Instead, those calls should now be limited to explaining and putting into context the publicly disclosed information, rather than disclosing new material information.

    B. Internet Disclosures

    Like virtually all other aspects of business, the Internet is creating difficult issues in the context of securities law compliance. As information about companies becomes more readily available over the Internet and as companies use the Internet for communications with investors, traditional notions regarding securities law compliance must evolve to better fit this new paradigm. That process will likely take years as regulators and courts struggle with appropriate application of the securities laws to cyberspace. Unfortunately, while that evolution occurs, companies and their directors and officers must operate in a world of uncertainty, thereby subjecting themselves to potentially catastrophic liability exposure if their behavior is later found in violation of these ill-defined and evolving rules.

    The SEC has been active in policing securities violations through use of the Internet. The SEC's Office of Internet Enforcement reportedly has more than 800 enforcement personnel nationwide and more than 120 persons in a "cyberforce" who actively scan the Internet to identify securities violations. As a result of this policing effort and complaints from the public, the SEC has brought numerous Internet-related enforcement actions in recent months. These proceedings allege a variety of securities law violations, including insider trading based on sharing material non-public information among chat room friends, disseminating on the Internet false reports or information (either positive or negative) about a company, and purchasing or selling securities through the Internet without proper registration and disclosure.

    Although these enforcement efforts by the SEC are significant, as a practical matter the SEC can monitor only a small portion of the endless communications occurring daily on the Internet. Thus, the public users of the Internet (including professional plaintiff lawyers and disgruntled investors) are the most likely source of allegations against a company and its D&Os for Internet-related securities violations. Stated differently, despite the enormity of the Internet, if a securities violation occurs, it is reasonably likely that someone will detect the violation and cause the filing of either an administrative proceeding or a private lawsuit.

    To some extent, securities loss prevention concepts regarding the Internet are not new. Companies and their D&O's should treat any communication through the Internet, whether via a Web page, an on-line forum, e-mails or otherwise, the same as they would treat "paper" communications. The same caution and loss prevention concepts which are well recognized and frequently followed by companies traditionally continue to apply in the Internet context.

    However, two areas which present new and troubling securities exposures and thus demand specialized loss prevention practices are use of the company's Website and on-line forums such as chat rooms and message boards. Both are discussed below.

    1. Websites.

    Home websites present both opportunities and challenges for companies in creating positive relationships with, and communicating timely information to, shareholders. The following procedures should minimize the risk of securities law violations through use of a company Website.

    a. Current Information. Unlike press releases, which are generally considered to be current for only a short time period after the release date, a Website continuously makes information available to investors and others as long as the information is on the Website. Thus, stale information that has been on the Website for some time may be considered fresh, current information by a shareholder who accesses the information at a time when it is outdated and misleading. To reduce the risks associated with the continuous publication of stale information on a Website, a company should follow the following practices. First, the Website should include a prominent disclaimer to the effect that various information speaks as to a specific date of issuance and may become outdated. Second, to the extent any press releases are included on the site, all press releases (good or bad) should be included and maintained identically. Third, older information which remains on the Website should be placed in a separate section clearly identified as an "archive" which contains an appropriate disclaimer that the information is dated and will not be updated. Not all information should be archived, though. For example, a company should permit shareholder access to replays or transcripts of analyst conference calls for only a short period of time after the conference call (e.g., 7-10 days). Fourth, a designated compliance officer should periodically review the entire Website to ensure that all information remains current and accurate. Fifth, each section of the Website should contain an indication of when that section was last updated.

    b. Manage Content. Website content is often prepared by different company departments, each trying to communicate to a different target audience. All information and statements on the Website should be ultimately subject to an internal review and approval by a qualified compliance officer to assure that all disclosures included on the site are accurate, complete and appropriate, much like the pre-approval for any company press release. With respect to information intended primarily for investors, a separate section of the Website should be developed, so labeled and carefully monitored for accuracy, completeness and timeliness.

    c. Hyperlinks. By linking to other sources of information, a company's Website may be deemed to be adopting or endorsing the content of that other information and thus the company and its D&O's may become liable for misrepresentations in those other materials. The safest practice is not to provide links to any other materials, particularly analyst reports. If some reference to analyst reports is strongly desired, the company Website could provide a list of the names of all analysts known to follow the company, without providing a hyperlink to the analyst's Website or reports. If links to the analysts are deemed necessary, the link should be provided in an objective fashion without drawing distinctions between favorable and unfavorable reports and should be accompanied by a disclaimer pursuant to which the company does not endorse or adopt third-party statements or forecasts and assumes no responsibility for ensuring that they remain up-to-date and accurate. The disclaimer should be located such that it will be seen before the analysts reports are viewed. In any event, any identification of analysts should reference all analysts that publish reports on the company and should be listed in alphabetical or chronological order in order to avoid the appearance that the company favors any of the analysts over others. Any identification of analysts should also include a prominent link to the company's own risk disclosures, so that the statutory safe harbor applicable to forward-looking statements arguably applies if and to the extent the company is deemed to have adopted the analyst's report or estimates.

    To reduce concerns arising from links to analyst reports, some companies link to "consensus estimates," which are Websites maintained by outside service providers that compile the estimates of several analysts. Arguably, this practice reduces liability exposure because (1) the estimates revealed are selected by an independent source, (2) no individual estimate is revealed, only a consensus, and (3) shareholders, who demand this type of information, could obtain it easily anyway. However, hyperlinks of this nature still present many of the problems potentially applicable to direct links to analyst reports and therefore should either be avoided or used with the same precautions discussed above.

    d. Gun-Jumping. Companies are prohibited from offering to sell securities before a registration statement has been filed with the SEC. A company may not prime the market for an impending securities offering by releasing information that alerts the public to the possibility of a securities offering or otherwise arouse investor interest in a prospective offering ("gun-jumping"). As a result, information contained in a company's Website and any links to analysts' reports and other information must be very carefully controlled while a company is preparing and conducting a securities offering. It is customary for the SEC to review a company's Website in connection with its review of the registration statement. Although the company may continue its customary disclosure of company news and developments during that time period if the information is unrelated to the offering, statements regarding the financial performance of the company or the value of the company should be avoided during this period. Furthermore, to the extent that a company's Website contains an interactive feature permitting, for instance, customers to pose questions directly to a senior member of the company, the company should disable this feature until the registration statement becomes effective.

    e. Link to Disclaimer. For several reasons, companies should accompany most disclosures with an appropriate disclaimer. For example, disclosures of forward-looking statements should be accompanied by meaningful cautionary statements in order to qualify for the safe harbor under the Private Securities Litigation Reform Act. It is unclear whether a link to a disclaimer page is sufficient for this purpose. Preferably, the disclaimer should appear on the main page of the company's Website as well as on any sections of the Website that are intended primarily for investors, thus assuring that the investor will see the disclaimer.

    f. Protect Oral Transcripts. If a company elects to include a transcript of oral statements (such as analyst conference calls) on its Website, links to appropriate risk disclosures should be included so that the written transcript arguably is accompanied by appropriate cautionary language for purposes of the statutory safe harbor for forward-looking statements.

    g. Differentiate from Other Sites. A company should design its Website to create a common appearance that differentiates it from any other Internet site about the company that is maintained by others. A notice can appear when a user leaves the Website (by hyperlink or otherwise) thanking the user for visiting site and disclaiming responsibility for information in any other site.

    h. Security. A company should implement security protections for its Website to ensure that information displayed on the Website cannot be altered and additional information cannot be included without the company's knowledge and approval.

    2. On-line Forums

    Chat rooms, bulletin boards and other on-line forums create increasing potential problems for companies from a securities law standpoint. These sites publish anonymous communications about companies and their securities with no control over the accuracy of the information disclosed. Because the statements are anonymous, they are frequently quite critical and frank. The following summarizes several suggestions for minimizing the risk of securities violations relating to these forums:

    a. Sponsorship and Hyperlinks. Companies should not sponsor or host their own on-line interactive forum or include in its Website a link to chat rooms or bulletin boards, thereby suggesting that the company endorses or is entangled with those forums and their content.

    b. Responding to Rumors. Because companies are generally not required to respond to rumors in the market, companies should generally refrain from responding to cyber gossip in any way. That position should be consistently maintained regardless of the rumor. Otherwise, selective responses may effectively confirm or deny certain rumors. One exception to this blanket policy would be if a third party widely disseminates on the Internet false information that appears to be issued by or attributable to the company. Because these types of communications appear to be coming from the company, an immediate disclaimer by the company of the false information is appropriate. In those rare cases where the company feels compelled to respond to Internet rumors (either for business reasons or because it has arguably become entangled with the statement made), it should do so only after widely disseminating a press release and, if necessary, filing a Form 8-K with the SEC.

    c. Employee Participation. Any statement made in these forums by someone from a company could be viewed as a disclosure by the company. Therefore, companies should implement policies that prohibit its employees from participating in forums that discuss or reference the company or at least prohibit use of company computers and identification of the employee's affiliation with the company when participating. A message sent from a company's e-mail address or from a person identified as an employee may appear to be a communication on behalf of the company. If an absolute prohibition is culturally unacceptable or impractical to enforce, employees should at a minimum be given clear guidelines that proscribe discussions of internal corporate matters, company business, client information or other confidential business information in such forums.

    Even if not attributable to the company, participation in these forums by an employee or other insider creates the risk that the employee or insider will either intentionally or unintentionally disclose material non-public information in violation of the insider trading laws. Because companies and their D&Os can be liable for the illegal insider trading of subordinates, companies should re-double their efforts to periodically inform all employees and insiders of the insider trading prohibitions and to implement appropriate compliance procedures.

    d. Monitor. Companies should monitor Internet chat rooms, message boards and other sites mentioning the company. Certain service companies sell this service to public companies. Only by knowing the nature and severity of the rumors can a company create an appropriate counter-strategy.