The SEC Issues Guidance On Use Of Public Company Websites Covering Regulation FD, Liability Under Antifraud Provisions, and Disclosure Controls and Procedures
20 August 2008/Jackson Walker
By: Alex Frutos
On August 1, 2008, the SEC published an Interpretive Release, No. 34-58288, entitled, "Commission Guidance on the Use of Company Websites" which, broadly speaking, provides guidance regarding the use of company websites1 under the Securities Exchange Act of 1934, as amended (the Exchange Act), and the antifraud provisions of the federal securities laws.2 The Release reflects a stated SEC goal — to "encourage the continued development of company websites as a significant vehicle for the dissemination to investors of important company information."
Among other things, the Release is significant in that it comes more than eight years since the SEC's last broad guidance on websites.3 The SEC has generally balanced its guidance related to use of the internet and permitting the electronic delivery of documents against the need to protect all investors, including those who do not have access to new technologies. During the past decade, however, publicly held companies have increasingly taken advantage of the power of the Internet as a marketing and information dissemination tool for communication with customers, investors, and other constituencies. In addition, the number of website disclosure requirements imposed by the SEC and the New York Stock Exchange and other exchanges has gradually grown with the wider availability, growing acceptance, and use of the Internet by investors.4 Few would disagree that information and communications technologies are critical to healthy and efficient primary and secondary capital markets. Recognizing this, and consistent with its long standing focus on disclosure and dissemination requirements as fundamental in its approach to protecting investors and promoting fair and orderly capital markets, the SEC has focused recent efforts on technological matters. These efforts are apparent in the eXtensible Business Reporting Language (XBRL) initiative5 and the newly issued e-Proxy rules.6 In a 2008 Progress Report, an SEC Advisory Committee recommended that the SEC provide more guidance as to how companies can use their websites to provide information to investors in compliance with the federal securities laws, particularly with respect to the Exchange Act.7 This was followed, in May 2008, by a speech delivered by Chairman Christopher Cox, who stated:
"The pace of the SEC's transition to the computer age was so languid by today's standards that you could almost sleepwalk through it. This is not the kind of change that will characterize our future — the world of information overload, global investing challenges and opportunities, and rapidly changing financial products and markets. Technology isn't just a luxury for investors seeking to make sense of all of this. It's a necessity. Properly harnessed to the service of investors, technology can be the great simplifier and organizer that allows anyone to get the information they need, instantly — and in a form they can use."
The SEC's recently renewed emphasis on the electronic world stems from the SEC's acknowledgment of two important developments: (1) the vast majority of investors now have much improved access to information through the Internet and (2) such investors use the Internet on a regular basis to access information regarding investments.
It is against this backdrop that the SEC issued the long-awaited August Release.8 Although the Release does not mandate the use of corporate websites or provide a safe harbor or any bright line tests for compliance with Regulation FD and the antifraud provisions of the federal securities laws, the SEC's guidance addresses four aspects of the use of websites:
- how information posted on a company website can be considered "public" and a framework for complying with the information "dissemination" requirements under Regulation FD
- the liability framework for certain types of electronic disclosure, including how companies can minimize the risk of "republication" and "reissuance" in providing access to historical or archived data, the use of hyper-links and summary information and company statements in blogs and electronic shareholder forums
- the application of rules requiring public companies to maintain and assess "disclosure controls and procedures"
- the format of information presented on a company website and a shift to readability from printability
Information Posted on Corporate Websites Could be "Public" and Could Constitute Adequate "Dissemination" for Purposes of Regulation FD
When a company, or a person acting on its behalf, makes a selective disclosure of material nonpublic information to certain persons, such as research analysts, Regulation FD requires that it publicly disclose the information—either simultaneously, in the case of an intentional disclosure, or promptly, in the case of an unintentional disclosure.9 This public disclosure requirement can be satisfied either by filing or furnishing the information in a Current Report on Form 8-K or by disseminating the information through another method of disclosure that is reasonably designed to provide broad, non-exclusionary distribution of the information to the public.10 The SEC stated in its guidance that it now believes that technology has evolved and the use of the Internet has grown such that, for some companies in certain circumstances, posting of the information on the company's website, in and of itself, could be a sufficient method of public disclosure under Rule 101(e) of Regulation FD. However, the guidance stopped short of providing a safe harbor or bright line test, stating that it remains the company's responsibility to evaluate whether a posting on its website would satisfy the public dissemination requirements of Regulation FD.
In its guidance, the SEC provides an analytical framework for companies to assess whether (1) the information is considered public for purposes of determining if later selective disclosures implicate Regulation FD and (2) posting of information on a corporate website can satisfy the Regulation FD requirement that information be adequately disseminated after a selective disclosure has been made. In order to determine whether information on a corporate website is already public for purposes of Regulation FD, a company must consider whether and when:
- the website is a recognized channel of distribution
- posting the information on the company website disseminates the information in a manner making it available to the securities marketplace in general, and
- there has been a reasonable waiting period for investors and the market to react to the posted information
Whether a company's website is a recognized channel of distribution of information for purposes of Regulation FD will depend on the steps that the company has taken to alert the market to its website and its disclosure practices as well as the use by investors and the market of the company's website. In recognizing that a corporate website could provide a medium for adequate dissemination of information for purposes of Regulation FD, the SEC stated that in the context of a company website that is known by investors as a location of company information, the appropriate approach to analyzing the concept of "dissemination" for purposes of the "public" test as it relates to the applicability of Regulation FD to a subsequent disclosure should be to focus on (1) the manner in which information is posted on a company website and (2) the timely and ready accessibility of such information to investors and the markets. In listing the factors that can be used in such an analysis, the SEC warned that smaller public companies with less of a market following, which may include many companies with smaller market capitalizations, may need to take more affirmative steps so that investors and others know that information is or has been posted on the company's website and that they should look at the company website for current information about the company. The Release indicates that one affirmative step would be disclosure of a company's website address in its annual, quarterly, and current reports along with a statement that it routinely posts information to its website. In addition, a pattern of posting such information on a company's website would be an indication of accessibility.
Antifraud Provisions of the Securities Laws
The antifraud provisions of the federal securities laws, including Section 10(b) and Rule 10b-5 of the Exchange Act, apply to company statements made on the Internet just as they apply to any other statement made by, or attributable to, a company. The SEC's guidance addresses the use of historical or archived materials, hyper-links to third-party information, summary information, and blogs and electronic shareholder forums.
Previously Posted Materials or Statements on Company Websites
The guidance provides that the fact that investors can access previously posted materials or statements on a company's website does not in itself mean that such previously posted materials or statements have been "reissued" or "republished" for purposes of the antifraud provisions of the federal securities laws, that the company has made a new statement, or that the company has created a duty to update the materials or statements. Historical or archived materials or statements should be dated, or otherwise separately identified as historical or previously posted materials or statements, and located in a separate section of the website containing previously posted materials or statements. In addition, disclaimers should be used in such portions of the website in identifying such archived materials. However, the SEC noted that disclaimers alone are not sufficient to insulate a company from liability for information that it makes available to investors.
Hyperlinks to Third-Party Information
For antifraud purposes, whether third-party information to which a company hyperlinks from, or republishes on, its website is attributable to the company depends on whether the company has been involved in preparing the information or has explicitly or implicitly endorsed or approved the information.11 An analysis of whether a company has endorsed or adopted information to which it hyperlinks should address the following factors:
- what the company says about the hyperlink or what is implied by the context in which the company places the hyperlink
- the presence or absence of precautions against investor confusion about the source of the information, and
- how the hyperlink is presented graphically on the website, including the layout of the screen containing the hyperlink
Generally, the guidance indicates that a company does endorse the information simply by providing a hyperlink to selected news articles or analysts' reports, but may not if the hyperlinks are broad-based and include both positive and negative items. Hyperlinks to, or reproductions of, third-party information prepared by agents of the company, such as oil and gas reserve engineers' reports, would clearly be company-endorsed information and could lead to anti-fraud liability in the event such a report set forth a materially false or misleading statement.
Companies should consider including "exit notices" or "click-through screens," which pop up when a hyperlink is selected to warn the user that they are leaving the site and have no responsibility for third party content to clearly show that the hyperlink leads to third-party information outside of the company's website. In addition, companies should consider explaining the context of the hyperlink to make explicit why the hyperlink is being provided and properly use carefully drafted disclaimers regarding the hyperlinked information. However, the SEC has warned that a company will not be shielded from antifraud liability for hyperlinking to information it knows, or is reckless in not knowing, is materially false or misleading.
Summary Information
The SEC consistently encourages companies to use summaries of more complete information to assist readers in understanding information. However, summaries or overviews standing alone, which a reasonable person would not perceive as a summary and which do not provide additional information to alert a reader as to where more detailed information is located, could result in investors not necessarily understanding that the statements should be read in the context of the information being summarized. As a result, companies should consider appropriate use of titles, additional explanatory language, use and placement of hyperlinks, and other ways to alert readers to the location of the detailed disclosure from which such summary information is derived or upon which such overview is based as well as to other information about a company on a company's website.
Company-Sponsored Blogs and Electronic Shareholder Forums
All communication made by or on behalf of a company on its website are subject to the antifraud provisions of the federal securities laws. As a result, companies should consider establishing controls and procedures to monitor statements made by or on behalf of the company on interactive portions of their websites, such as blogs and electronic shareholder forums. Employees acting as representatives of the company should be aware of their responsibilities in these forums. However, unless adopted, a company is not responsible for the statements that third parties post on the company website, nor is the company obligated to respond to or correct misstatements made by third parties. Disclaimers for interactive portions of a company's website must be carefully crafted and any waivers of protections under the federal securities laws as a condition to entering or participating in a blog or forum will be ineffective.12 Additionally, companies should consider the interaction between securities compliance and other laws such as the Digital Millennium Copyright Act of 1998.
Disclosure Controls and Procedures and Format of Information and Readability
Rule 13a-15 under the Exchange Act requires public companies to maintain disclosure controls and procedures and Rule 13a-14 under the Exchange Act requires that a company's Chief Executive Officer and Chief Financial Officer certify certain aspects of the company's disclosure controls and procedures.13 Companies are permitted to satisfy certain Exchange Act disclosure obligations by posting that information on their websites as an alternative to providing the information in an Exchange Act report. Whether or not a company elects to satisfy such disclosure obligations by posting the information on its website, disclosure controls and procedures would apply only to such information because it is information required to be disclosed by the company in its Exchange Act reports. The disclosure controls and procedures will not apply to any information on a company's website that is not required disclosure under the Exchange Act.
The SEC does not believe that it is necessary for information appearing on company websites to be printer-friendly, unless SEC rules or regulations explicitly require it. For example, the SEC's notice and access model requires that electronically posted proxy materials be presented in a format convenient for both reading online and printing on paper.
Conclusion and Next Steps
Over the past decade, the number of SEC and exchange website disclosure requirements has gradually grown with the wider availability, growing acceptance, and use of the Internet by investors. Although it has been almost a decade since the SEC issued comprehensive guidance with respect to the use of websites, this Release does not mandate the use of corporate websites beyond the requirements already set out in the securities laws and the rules of certain exchanges. The Release did disappoint in that it does not include any safe harbors or bright line tests for website use in compliance with Regulation FD and the antifraud provisions of the federal securities laws. Companies will continue to have to rely on facts and circumstances based analysis in determining compliance with those laws.
A typical website may include hundreds or even thousands of separate pages, many of which may be subject to being separately, instantaneously, and automatically updated by different people within an organization, many times without adequate centralized control. Companies should conduct periodic website audits to evaluate potential liability risks and develop strategies to mitigate those risks. An audit should include a review of all content posted on a website, including its investor relations pages, license agreements or assignments of intellectual property relating to the site and its development, and terms and conditions and privacy policies applicable to use of the website, intellectual property notices and the policies related, and content of links to third-party sites. Such audits should include checks for compliance with the Securities Act and the disclosure requirements of the Exchange Act, the antifraud provisions of the federal securities laws, and other applicable laws such as federal and state laws against unfair and deceptive trade practices, privacy compliance and other consumer protection laws, and libel and defamation issues. In addition, such audits should review adequate use of disclaimers and limitations of liability as well as assess and address domain name,14 patent, trade secret, trademark, and copyright protection issues. Companies should update their disclosure controls and procedures and other policies and procedures with respect to access to, and the process under which, materials on the website are posted and updated.
If you have questions concerning the new SEC Release or desire assistance in performing a website compliance audit, you can contact Richard Roth, Alex Frutos, Carl Butzer, or Stephanie Chandler or any of the following attorneys:
Austin
Mike Meskill - 512-236-2253 - mmeskill@jw.com
Dallas
Carl Butzer - 214-953-5902 - cbutzer@jw.com
Rick Dahlson - 214-953-5896 - rdahlson@jw.com
Byron Egan - 214-953-5727 - began@jw.com
Alex Frutos - 214-953-6012 - afrutos@jw.com
Jim Ryan - 214-953-5801 - jryan@jw.com
Jeff Sone - 214-953-6107 - jsone@jw.com
Houston
David Deaton - 713-752-4508 - ddeaton@jw.com
Sabrina McTopy - 713-752-4265 - smctopy@jw.com
Richard Roth - 713-752-4209 - rroth@jw.com
San Antonio
Stephanie Chandler - 210-978-7704 - schandler@jw.com
Steve Jacobs - 210-978-7727 - sjacobs@jw.com
1 The Release notes that (1) the term "company website" and the use of the term "website" in the context of companies refer to public (Internet) company sites, and (2) a company website is maintained by or for the company and contains information about the company.
2 The Effective Date of the Release was August 7, 2008. It states that the SEC is soliciting comments on issues relating to company use of technology generally in providing information to investors, and that such comments should be received on or before November 5, 2008.
3 In April 2000, the SEC issued broad interpretive guidance on the use of electronic media by issuers of all types, including operating companies, investment companies and municipal securities issuers, as well as market intermediaries. Use of Electronic Media, Interpretive Release No. 34-42728 (April 28, 2000). The guidance addressed the use of electronic media in three areas: (1) the use of electronic media to deliver documents under the federal securities laws, (2) an issuer's liability for website content, and (3) basic legal principles that issuers and market intermediaries should consider in conducting online offerings. Before that, the SEC issued guidance regarding the use of electronic media for the dissemination of issuer-related information under the federal securities laws and the availability of electronic filings on the SEC's World Wide Web site. Use of Electronic Media for Delivery Purposes, Release No. 33-7289 (May 9, 1996), amending Release No. 33-7233 (October 6, 1995). The SEC based its framework upon a model of notice, access and evidence of delivery.
4 Public companies are currently required to disclose their website addresses in their annual reports on Form 10-K and to state whether the Exchange Act reports are available on their websites. Companies also are required to post on their websites, if they have one, all beneficial ownership reports filed under Section 16(a) of the Exchange Act. In addition, companies may disclose, either on EDGAR or on its corporate website, (1) non-GAAP financial measures and Regulation G reconciliations, (2) board committee charters, (3) material amendments or waiver to its code of ethics and information regarding board member attendance at annual shareholder meetings. The New York Stock Exchange has gone a step further in requiring listed companies to maintain a corporate website and requiring that such websites include printable versions of the applicable charters of the corporation's compensation, nominating and audit committees, as well as its corporate governance guidelines and code of business conduct and ethics. Section 303A.14 of the NYSE Listed Company Manual.
5 The use of XBRL is intended not only to make financial information easier for investors to analyze, but also to assist in automating regulatory filings and business information processing. Under the proposed rule, financial statement information could be downloaded directly into spreadsheets, analyzed in a variety of ways using commercial off-the-shelf software, and used within investment models in other software formats. Interactive Data to Improve Financial Reporting, Proposed Release No. 33-8924 (May 30, 2008).
6 The SEC's e-Proxy rules give stockholders the ability to choose the means by which they access proxy materials by requiring a public company and other soliciting persons to satisfy their proxy statement delivery requirements by posting the materials on a website and sending a notice to stockholders regarding the Internet availability of the materials. Internet Availability of Proxy Materials, Release No. 34-55146 (January 22, 2007); Shareholder Choice Regarding Proxy Materials, Release No. 34-56135 (July 26, 2007).
7 See Progress Report of the SEC Advisory Committee on Improvements to Financial Reporting, Release No. 33-8896 (Feb. 14, 2008), available HERE).
8 Although the SEC stopped short of mandating the use of corporate websites beyond the specific website-posting requirements currently set forth in the securities laws, the SEC states that we have reached a shifting point where the availability of information in electronic form - whether on EDGAR or a company website - is the superior method of providing company information to most investors, as compared to other methods. This is a sign of things to come as the federal securities laws are transformed to address websites.
9 Rule 100(a) of Regulation FD.
10 Rule 101(e) of Regulation FD.
11 Courts have applied the "entanglement" theory and the "adoption" theory in cases involving company liability for statements by third parties such as analysts. The SEC has taken the position that in the case of hyperlinked information, liability under the "entanglement" theory would depend upon a company's level of pre-publication involvement in the preparation of the information and liability under the "adoption" theory would depend upon whether, after its publication, a company, explicitly or implicitly endorses or approves the hyperlinked information. Release No. 34-42728.
12 Section 14 of the Securities Act of 1933, as amended (the Securities Act), and Section 29(a) of the Exchange Act.
13 Byron F. Egan, Major Themes of the Sarbanes-Oxley Act 36-40 (Oct. 29, 2007) (unpublished article, available HERE).
14 Protecting a company's name or brand is crucial, and this includes the development and implementation of a plan for the protection and registration of national and international domain names that relate to the company's trade names and trademarks (including, for example, domain name typos and domain names that might be used to host websites critical of the company). Businesses on Cyberwatch: Protecting a company's name on the Internet is an ongoing battle, the Dallas Business Journal, July 18, 2008.
