US regulators balance principle based disclosure with a greater focus on key disclosure topics
The US capital markets continue to provide a valuable source of funding for Australian companies. Larger Australian IPOs and capital raisings continue to be structured to access US investors and our securities practice has enabled us to act for issuer and underwriter on both the Australian and US law aspects of equity and debt offerings in 2019.
Developments in US federal securities law and regulation and, more generally, the policy direction of US lawmakers and the US Securities and Exchange Commission (the SEC) have significant implications for securities offering execution practices around the world, both in the context of IPOs and other offerings registered with the SEC, as well as offerings exempt from SEC registration undertaken pursuant to Rule 144A and as traditional private placements. All of these offering structures are used by Australian issuers.
The past year has seen the SEC continue its efforts to adopt a more principles based disclosure regime with a focus on certain key disclosure topics:
maintained emphasis on cybersecurity risks, including setting expectations that internal accounting and other controls should take such risks into account, plus new guidance on how to identify cybersecurity and related risks; ongoing modernisation of the disclosure regime under the primary disclosure regulations, Regulation S-K and Regulation S-X; proposals to simplify bank issuers' industry information by rethinking the current Industry Guide 3 information; and generally maintaining a principles based approach for ESG disclosure, albeit against a backdrop of increasing pressure for more prescriptive disclosure from investors and a reminder that material ESG issues must be disclosed. The year has also seen a number of significant developments to promote capital formation, including:
opening "test the waters" communications to all issuers, allowing companies considering a US offering to gauge sophisticated US investor appetite prior to a formal launch of the offering; proposals to consider changes to the definitions of Accredited Investors and Qualified Institutional Buyers, potentially widening the pool of investors available under the most common offering exemptions. In 2020, we expect the SEC to continue its disclosure modernisation efforts and move further towards a principles based disclosure regime. However, the SEC's focus on cybersecurity, intellectual property and ESG disclosure indicates that it will place even greater emphasis on how issuers apply these principles to determine materiality.
Cybersecurity and Intellectual Property Risks: Emphasis on Disclosure and Internal Controls
According to SEC Chairman Jay Clayton in October 2019, cybersecurity issues remain a priority for the SEC as public companies continue to experience damaging attacks to their computer systems and the theft of large amounts of personal information about their customers. In 2019, the SEC concentrated particularly on cyber resiliency, with the release of a report in January 2020 reflecting its latest observations on cybersecurity and resiliency practices. Amongst its key observations, the SEC highlighted the importance of frequent routine testing and monitoring of cybersecurity policies and procedures as well as the need to promptly adapt and update internal procedures to address any gaps or weaknesses in these policies. According to Chairman Clayton, "people need to understand you [referring to companies] are not only trying to protect what you have, but also be in a position that if something happens, you can rebuild it and get back to a functioning mode."
Some corporate governance professionals and investors have been advocating for a requirement that one member of corporate boards be a cybersecurity expert. A subcommittee of the SEC's Investor Advisory Committee discussed about two years ago whether the SEC should require public companies to include information about whether any member of the board has experience, education, or expertise in cybersecurity and if it does not, explain why it believes it is not necessary for the company to adequately manage cybersecurity risks. Given Chairman Clayton's comments, the SEC seems poised to continue reviewing cybersecurity risks.
The SEC also focussed on disclosure obligations that companies should consider relating to intellectual property and technology risks associated with international business operations, particularly in jurisdictions that do not have levels of protection...