262 QUARTERLY REPORT The SEC and the Internet: Regulating the Web of Deceit By Lawrence J. Trautman and George P. Michaely, Jr.* I. Lawrence J. Trautman is a JD, Oklahoma City Univ. School of Law; MBA, The George Washington University; BA, The American University. Mr. Trautman is a past president of the New York and Metropolitan Washington/Baltimore Chapters of the National Association of Corporate Directors and of the Dallas Internet Society. George P. Michaely, Jr., a JD, BA, University of Notre Dame. Mr. Michaely was a former Chief Counsel to the Division of Corporation ˇinance, U.S. Securities and Exchange Commission. He also taught advanced securities law at both The George Washington University School of Law and Georgetown University Law School. Remembering George Michaely by Lawrence J. Trautman,* Hon. Stanley Sporkin** and John A. Dudley*** This is a memorial tribute to George P. Michaely, Jr. (1926 � 2014). After graduating from both the University of Notre Dame and its law school, he began his legal career, serving for approximately seven years as attorney in the Office of General Counsel of the SEC. He was then appointed Chief Counsel of the SEC’s Division of Corporation ˇinance, where he served for approximately the next four years and was responsible for advising the SEC and the public concerning the interpretation of the statutory provisions and rules relating to the registration provisions of the Securities Act of 1933 and the reporting requirements of the Securities Exchange Act of 1934. George Michaely was a born educator. ˇor five years he was a member of the adjunct faculty of The George Washington University. As a Professorial Lecturer on Law at the National Law Center, he taught a class on the federal securities laws. ˇor ten years he was a member of the adjunct faculty of the Georgetown Law Center, where he taught (with Mickey Beach and Mauri Osheroff) a course focusing on the disclosure requirements of the federal securities laws relating to public and private offerings of securities, solicitations of proxies and tender offers. Again, as an educator, George served as a mentor and inspiration to many young securities attorneys. He was a man of remarkable talent, keen intellect and good humor, and his love for all people kept him in good stead with all he met. * ** B.A., The American University; M.B.A., The George Washington University; and J.D., Oklahoma City Univ. School of Law. Mr. Trautman is a past president of the New York and Metropolitan Washington/Baltimore Chapters of the National Association of Corporate Directors. A.B., Pennsylvania State University; LL.B. Yale Law School. Judge Sporkin served as: Director of the SEC’s (Continued in next column) The Internet has created challenges for regulators of financial markets unimagined over eighty years ago by drafters of the Securities and Exchange Acts.1 The recent explosion in Internet use has provided many benefits for investors and publicly-traded companies. The Internet has been a boon to entrepreneurs seeking to reach new markets and raise needed capital at minimal cost. Examples of the wealth of information available on demand and at little cost to the investing public includes: the reported financial results of issuers; press releases; research reports of securities analysts; product information; and easy and prompt access to information about corporate events. The SEC has provided guidelines that allow an issuing company to disseminate to its shareholders the required periodic reports (10-k, 10-q, 8-k, proxy statements, etc.).2 A series of new challenges face the regulators of our securities markets. Cyber-securities fraud has become a major threat to the evolution of the securities markets. A few of the creative tools available to today’s cybercriminals include: the relative ease of data theft; * The authors wish to extend particular thanks to the following for their assistance in the research and preparation of this article: Mauri L. Osheroff, former Associate Director (Regulatory Policy) of the Division of Corporation ˇinance at the U.S. Securities and Exchange Commission; John Reed Stark, former Chief, Office of Internet Enforcement, U.S. Securities and Exchange Commission and Professor of the Georgetown University School of Law; Joan MacLeod Heminway, W.P. Toms Distinguished Professor of Law, The University of Tennessee College of Law; and Professors Norwood Beveridge and Alvin C. Harrell of the Oklahoma City University School of Law. All errors and omissions are our own. 1. Securities Act of 1933 [1933 Act] § 2(a)(1), 15 U.S.C. § 77b(a)(1); Securities Exchange Act of 1934 [1934 Act] § 3(a)(10), 15 U.S.C. § 78c(a)(10). 2. See Use of Electronic Media for Delivery Purposes, Securities Act Release No. 7233, 60 ˇed. Reg. 53458 (Oct. 6, 1995). (Continued from previous column) Division of Enforcement; General Counsel of the CIA; and United States District Court Judge for the District of Columbia. *** B.B.A (cum laude) University of Pittsburgh; J.D., Georgetown University. Mr. Dudley served for ten years at the SEC, first in the Office of General Counsel and as Associate Director of the SEC’s Mutual ˇund Division. Introduction QUARTERLY REPORT the transfer of money in the blink-ofan-eye across borders; and stolen identities facilitating market manipulation.3 David S. Wall has observed that some have “questioned whether cybercrime is actually a category of crime in need of [a] new theory or whether it is better understood by existing theories.”4 Paul Schiff Berman has questioned whether “online regulation” is “really a discrete field worthy of a separately defined study? After all, mightn’t we just talk about a law and society approach to communication of all varieties and just treat online activity as one mode of interaction?”5 The most famous early skeptic, United States Court of Appeals Judge ˇrank Easterbrook, provocatively argued that studying cyberlaw as a separate field would be no different from studying the “law of the horse” in the nineteenth century. As Easterbrook saw it, horses caused torts, horses were bought and sold, horses were stolen, but all that activity did not necessitate a unique field of study. Rather, he argued, general rules of tort, property, contract or criminal law could easily be applied to horses without the need to invent a new legal regime. Likewise, according to Easterbrook, we can apply general legal principles to online interaction without needing anything called “cyberlaw.”6 3. 4. 5. 6. Capital formation is the very lifeblood of job creation. The Internet has resulted in efficiencies, cost savings, and real productivity gains to all in the capital raising process. The Jumpstart Our Business Startups (JOBS) Act was enacted on April 5, 2012.7 The JOBS Act and associated changes to the securities laws are intended to facilitate the ability of smaller companies to raise needed capital. This article provides an update regarding: the growth and global availability of the Internet; an abbreviated overview of the law of electronic transactions; brief discussion of jurisdictional challenges to the prosecution of Internet fraud and wrongdoing; the JOBS Act; a brief history of the SEC’s incorporation of Internet technology into the financial reporting process; the evolving cyber-environment in which securities issuers must adapt to comply with regulatory requirements; and developing areas of cyberfraud. II. Growth and Widespread Availability of the Internet A. Role of ICANN and the Growth of the Internet According to the Internet Corporation for Assigned Names and Numbers (ICANN), “in 1998 there were an esti- See generally Lawrence J. Trautman & Kara Altenbaumer-Price, The Board’s Responsibility for Information Technology Governance, 28 J. Marshall J. Computer. & Info. L. 313 (2011), available at http://www.ssrn.com/ abstract=1947283; Lawrence J. Trautman, Virtual Currencies: Bitcoin & What Now After Liberty Reserve, Silk Road & Mt. Gox?, 20 Rich. J.L. & Tech. 13 (2014), available at http: //ssrn.com/abstract=239353; Lawrence J. Trautman, Managing Cyberthreat, 31 Santa Clara Computer & High Tech. L.J. ___ (2015), available at http: ssrn.com/abstract=2534119. David S. Wall, The Internet as a Conduit for Criminal Activity (Mar. 18, 2010), in INˇORMATION TECHNOLOGY AND THE CRIMINAL JUSTICE SYSTEM 77 - 98 (Pattavina, A., ed. 2005), citing R. Jones, Review of Crime in the Digital Age, in P. Grabosky & R. Smith, 11 Int’l J. L. & Tech. 98 (2003), available at http: //www.ssrn.com/abstract=740626. Paul Schiff Berman, Law and Society Approaches to Cyberspace, in LAW AND SOCIETY APPROACHES TO CYBERSPCE, xiii (Ashgate Publishing 2007); Princeton Law and Public Affairs Working Paper No. 07-009, http://www.ssrn.com/ abstract=985349. Id. 7. Jumpstart Our Business Startups Act, Pub. L. No. 112-106, 126 Stat. 306 (2012) [JOBS Act] (consisting of seven titles, the Act includes several modifications to long-standing securities laws and regulations). 263 mated 30 million computers on the Internet and an estimated 70 million users.”8 By 2011, the Internet user population had grown to approximately 2 billion, with the number of servers on the Internet exceeding 500 million (not counting episodically connected laptops, personal digital assistants and other such devices).9 The introduction of new technologies (particularly Internet-enabled devices) continues at a rapid pace as the Domain Name System attempts to deal with the numerous technological challenges created by rampant growth in the user base (for example, the requirement imposed by the use of non-Latin character sets since the world’s languages are not exclusively expressible in one script).10 Rod Beckstrom, former ICANN President & CEO, has observed that “half of the Internet users today – a billion of them – are in Asia. Approximately 500 million, or 25%, are in China.”11 Beckstrom reported that “it is estimated that more than five billion additional people will connect to the Internet in the next twenty years. Most of the newcomers will not speak English.”12 Chart 1 illustrates: regional global population estimates as of June 30, 2014; Internet usage as of December 31, 2000 and latest estimates; percentage usage penetration; growth rate 2000- to mid2012; and users by regional percentage.13 8. INTERNET CORPORATION ˇOR ASSIGNED NAMES AND NUMBERS, 2008 ANNUAL REPORT, AT 22. 9. Rod Beckstrom, President & CEO, Internet Corporation for Assigned Names and Numbers (ICANN), President’s Report, 40th ICANN International Meeting, Silicon Valley, San ˇrancisco, California 2 (March 14, 2011), http://www.icann.org/ en/presentations/. 10. Id., See also Michael Palage, ICANN & Internet Governance: How Did We Get Here & Where are We Heading?, 16 Progress and ˇreedom ˇoundation Progress on Point Paper (Aug. 2009), http://ssrn.com/abstract=1431004. 11. Rod Beckstrom, President & Chief Exec. Officer, Internet Corporation for Assigned Names (ICANN), Remarks before the 40th Anniversary of USC Information Sciences Institute, at 14 (April 26, 2012), http://www.icann.org/en/news/presentations/ beckstrom-speech-usc-isi-26apr12-en.pdf. 12. Id. 13. Internet Usage Statistics, The Big Picture: World Internet Users and Population Statistics: June 30, 2014, Copyright ©2014, Miniwatts Marketing Group. All rights reserved worldwide. Used by permission., available at http://www.Internetworlds tats.com/stats.htm. 264 QUARTERLY REPORT Chart 1 The Internet Big Picture Chart 2 illustrates: Internet usage statistics for the Americas; Internet user statistics and population statistics for fifty countries and regions (North America, Central America, South America and the Caribbean, including 2014 population estimates for the Americas and the rest of the world); percentages of the world population; Internet usage as of June 30, 2014 and the latest estimates; percentages of usage penetration mid-2014; and ˇacebook users as of December 31, 2012.14 14. Internet Usage Statistics for the Americas, North America, Central America, South America and the Caribbean, Copyright ©2014, Miniwatts Marketing Group. All rights reserved worldwide. Used by permission. Available at http: //www.Internetworldstats.com/stats2.htm. QUARTERLY REPORT 265 Chart 2 Internet User Statistics and Population Statistics for 51 Countries and Regions – North America, Central America, South America and the Caribbean Rod Beckstrom has observed that “ICANN and its governing bodies were created to keep the global Internet secure, stable and interoperable, and this is critical to ensure that the world stays connected. Its principle function is to coordinate the domain name system and Internet protocols and parameters, the backbone of the Internet.”15 Beckstrom reports that “users access about 100 billion web pages every day. Around twenty-five percent of the seven billion [persons] on this planet reach the Internet directly by computer, and even more through smart phones and other devices. These…activities in- 15. Rod Beckstrom, President & CEO, Internet Corporation for Assigned Names and Numbers (ICANN), Keynote Address, “ICANN and the Global Internet,” TUTED World Telecom Day, Izmir, Turkey (May 17, 2011), http://www.icann.org/ en/presentations/beckstrom-speech-izmir-turkey-17may11en.pdf. volve more than one trillion lookups in the domain name system…everyday.”16 B. ICANN as a Role Model for International Governance and Global Cooperation Officially created in early October 1998, ICANN has become an example of a new kind of international body that demonstrates a multi-stakeholder model of policy-making managed for the purpose of meeting the strategically important demands of global Internet growth and its importance in all aspects of society. The private sector, technical community, and governments are all accommodated in the ICANN policy development process. ICANN does not 16. Id. at 5. provide a frictionless or perfect process; nonetheless, ICANN has managed its decisions smoothly and adapted to the mission-critical demands rooted in the global adoption of the Internet. Under ICANN, cooperation and management of the Internet address space has become regionalized, with Regional Internet Registries.17 As a result of the staggering growth in the adoption of Internet-enabled devices, the increasing global penetration of Internet access is rapidly consuming the current limited available address space (IPv4), creating a need for much larger global address space (IPv6).18 Recent usage has expanded to include new devices with over three billion mobile units in use (roughly 17. See INTERNET CORPORATION ˇOR ASSIGNED NAMES AND NUMBERS, supra note 8. 18. Id. at 23. 266 QUARTERLY REPORT fifteen percent of these are already Internet-enabled).19 Global growth in the rate of increase of the transmission of information and ideas continues. III. A. The Law of Electronic Transactions federal equivalent to state enactments of the UETA.25 Patterned heavily after the UETA, the ESIGN Act definitions are “basic” as a foundation to the understanding of this area of law: Electronic Signatures in Global and National Commerce Act (ESIGN) The Electronic Signatures in Global and National Commerce Act (ESIGN) was signed into law by President Clinton on June 30, 2000 and is the 19. Id. 20. See Barry M. Leiner, Vinton G. Cerf, David D. Clark, Robert E. Kahn, Leonard Kleinrock, Daniel C. Lynch, Jon Postel, Larry G. Roberts & Stephen Wolff, A Brief History of the Internet, Internet Society (ISOC), available at http://www.isoc.org/ Internet/history/brief.shtml. (last viewed March 26, 2014). 21. Electronic Signatures in Global and National Commerce Act, 15 U.S.C. §§ 7001-7031 (2000) [E-SIGN Act]. 22. Unif. Electronics Transactions Act, §§ 1-21, 7A pt. 1 U.L.A. 211-299 (2002) [UETA]. 23. See UNIˇORM COMPUTER INˇORMATION TRANSACTIONS ACT, available at http://www.law.upenn.edu/bll/archives/ulc/ucita/ 2002final.htm. 24. “Electronic” means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic or similar capabilities. • “Record” means information that is inscribed on a tangible medium or stored in an electronic or other medium and is retrievable in perceivable form. • “Electronic signature” means an electronic sound, symbol or process attached to, or logically associated with, a record and extecuted or adopted by a person with the intent to sign the record. • “Electronic record” means a record created, generated, sent, communicated, received, or stored by electronic means. Introduction It is hard to believe that widespread availability of the Internet is still only about twenty-five years old.20 Accordingly, it is understandable that those laws pre-dating the Internet that required documents to be “signed” failed to contemplate commerce in the environment of cyberspace. To remedy this oversight, the following legislation serves as the foundation building-blocks of cyberspace e-commerce law: the Electronic Signatures in Global and National Commerce Act (ESIGN Act);21 the Uniform Electronics Transactions Act (UETA);22 and the Uniform Computer Information Transactions Act (UCITA).23 Together, these three laws govern “most (but not all -- there are some significant exclusions) electronic contracting issues.”24 B. • Donald C. Lampe, The Uniform Electronic Transactions Act and Federal ESIGN Law: An Overview, 55 Consumer ˇin. L.Q. Rep. 255 (2001). As noted infra at Part III.ˇ., UCITA has not been widely enacted but nonetheless is influential as persuasive authority. 25. • “Information” means data, text, images, sounds, codes, computer programs, software, databases or the like. • “Agreement” (defined in the UETA but not ESIGN) means the bargain of the parties in fact as found in their language or inferred from other circumstances and from rules, regulations and procedures given the effect of agreements under laws applicable to a particular transaction. • “Contract” (defined in the UETA but not ESIGN) means the total legal obligation resulting from the parties’ agreement Id. as affected by the UETA and other applicable law. • “Transaction” under the UETA means an action or set of actions occurring between two or more persons relating to the conduct of business, commercial, or governmental affairs. Of significance to matters involving the SEC, the definition under ESIGN is somewhat broader and expressly includes ‘consumer’ affairs and lists (inclusively) sale, lease exchange or other disposition of personal property, services, and real property.26 Among the features common to the UETA and ESIGN, “use of the UETA and ESIGN [is] entirely voluntary… [and] a record or signature may not be excluded as evidence in a legal proceeding solely because it is in electronic form.27 However, due to its application to federal laws, ESIGN “creates the question of whether the ‘transaction’ is in ‘interstate commerce.” 28 C. Retention Requirements Although ESIGN is indifferent as to the specific technology employed, under section 101(e) all electronic disclosures that must be “in writing” are subject to the general requirement that all electronic contracts or records (required to be in writing) must be in a form capable of being retained and accurately reproduced for later reference by those persons entitled to retain a copy of the disclosure.29 26. See id. (citing ESIGN Act, supra note 21). 27. Id. at 256. 28. Id. (citing ESIGN §101(a)). 29. Id. QUARTERLY REPORT D. Uniform Electronic Transactions Act (UETA) The UETA was intended originally to be a new Article 2B of the Uniform Commercial Code (UCC) (governing transactions where computer information is the primary subject matter). Nonetheless, the UETA is primarily a procedural statute, intended to permit electronic transactions that formerly were required to be done on paper.30 Before adoption of the UETA, the validity of electronic transactions and electronic signatures was questionable. However, the UETA makes clear that electronic contracts, electronic records and electronic signatures have the same force and effect as traditionally written documentation. Of primary importance, section 5 of the UETA applies only to those transactions between parties who have consented to conducting transactions by electronic means.31 Specifically not covered by the UETA are transactions governed by: • the UCC, other than the following parts of the UCC: (1) section 1-107 (waiver or renunciation of claims after breach); (2) section 1-206 (statute of frauds for personal property not otherwise covered); (3) Article 2 (sales of goods); and (4) Article 2A (leases); and • laws governing the creation and execution of wills, codicils, and testamentary trusts.32 Now adopted by all but three states, the UETA is not subject to the controversy that affected the enactment of UCITA (see below). E. ESIGN and UETA Exceptions As noted, the use of the electronic signature and electronic record provisions of both the ESIGN and UETA Act do not apply to wills, codicils or testamentary trusts.33 Other exclusions in the ESIGN Act (but not the UETA) include “matters involving notice of cancellation or termination of utility service or to any notice of default, acceleration, repossession, foreclosure or eviction (or the right to cure) under a credit agreement secured by or a lease of a private residence for an individual.”34 F. Uniform Computer Information Transactions Act (UCITA) Unlike ESIGN and the UETA, UCITA “provides the rules for contract formation surrounding the purchase, sale and licensing of ‘computer information.’”35 UCITA is an outgrowth of an effort to separate the licensing of computer information from the provisions of UCC Article 2 (sales of goods). 36 UCITA’s scope “encompasses computer information transactions…[and] basically applies to the licensing of ‘computer information,’ or its creation, modification or transfer…to support agreements…however, there are specific limitations and exclusions.”37 Critics contend that “UCITA is a paradigm shift both away from open code and away from code as property. With UCITA, users never have ownership rights over code, and in fact can lose ownership rights over their own data.”38 Thus, UCITA may best be thought of as a corporate collective, where no single user can claim ownership of either the code or any permitted alternatives to the code. In addition, usage rights are both “temporal and constrained.”39 Despite the failure to gain adoption in many state jurisdictions and its lack of relevance to the question of the Internet as it relates to the SEC, UCITA is influential as persuasive authority and may be directly applicable via contractual choice-of-law clauses. IV. The EDGAR System A. Introduction Since 1983, the Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system has performed the automated collection, validation, indexing, acceptance, and forwarding of submissions by companies and others who are required by law to file information on forms with the SEC. The EDGAR system is designed to increase the efficiency and fairness of the securities market for the benefit of investors, corporations, and the economy by accelerating the receipt, acceptance, dissemination, and analysis of time-sensitive corporate information filed with the agency. Since May 1996, all public domestic companies have been required to make their disclosure filings on EDGAR, along with relevant third-party filings, such as tender offers and Schedules 13D.40 Prominent events in the chronological evolution of the EDGAR system include the following: • On May 17, 1999, the [SEC] issued Release No. 33-7684 to amend existing rules and forms in connection with the first stage of EDGAR modernization. On 33. Id. 34. See, e.g., Lampe, supra note 24. 35. Id. at 258. 36. See Charles Cheatham, Peter Dillon, Paul ˇoster, Albert J. Givray, Sarah E. Hansel, Alvin C. Harrell, Tom Holland, Neal R. Kennedy, Robert Luttrell, D. Kent Myers, ˇred H. Miller, Donald A. Pape, Ross Plourde, & Tamara Wagman, Report on the Uniform Computer Information Transactions Act (UCITA), 57 Consumer ˇin. L.Q. Rep. 37 (2003). 38. 39. Id. at 25. 40. SEC Release No. 33-6977 (explaining the EDGAR system generally and setting forth rules and procedures that apply to electronic submissions processed by the Division of Corporation ˇinance and in some cases, to those processed by the Division of Investment Management). See generally Leonard A. Bernstein, The States Begin the Millennium Under the Electronics Transactions Act, 55 Consumer ˇin. L.Q. Rep. 250 (2001). ˇor more information on the UETA, including the text, go to its home page, http: //www.webcom.com/legaled/ETAˇorum/. 37. Id. 31. UETA § 5. 38. 32. UETA § 3(b). L. Jean Camp & Serena Syme, Code as Governance, The Governance of Code 25 (April 2001), John ˇ. Kennedy School of (Continued in next column) 30. 267 (Continued from previous column) Government ˇaculty Research Working Paper Series 01-014, available at http://www.ssrn.com/abstract=297154. 268 QUARTERLY REPORT June 28, 1999, the [SEC] began accepting live filings submitted to EDGAR in HyperText Markup Language (HTML), as well as documents submitted in American Standard Code for Information Interchange (ASCII) format. The [SEC] gave filers the option of accompanying their required filings with unofficial copies in Portable Document ˇormat (PDˇ). • • On April 24, 2000, the [SEC] issued Release No. 33-7855 that amended existing rules and forms to conform with the next stage of EDGAR modernization. The rules provided for use of the Internet as a means of filing, acceptance of HTML documents with graphic and image files, and expanded use of hyperlinks. These features became available on the system on May 30, 2000. The release also eliminated the ˇinancial Data Schedule requirement, effective January 1, 2001, and removed diskettes as an available means of transmitting filings to the EDGAR system, effective July 10, 2000.41 B. C. SEC Release Nos. 33-7855, 34-42712, 35-27172, 39-2384, & IC-24400, 65 ˇed. Reg. 24788, adopting amendments to existing rules and forms in connection with the next stage of modernization of the EDGAR system. Foreign Issuers On May 14, 2002, the SEC issued Release No. 33-8099 to require foreign private issuers and foreign governments to make their filings via EDGAR. The rules became effective on November 4, 2002. The rules require the electronic filing of: On July 18, 2005, the [SEC] issued Release No. 33-8590 that requires certain open-end management investment companies and insurance company separate accounts to identify in their EDGAR submissions information relating to their series and classes (or contracts, in the case of separate accounts). These provisions became effective ˇebruary 6, 2006. The amendments also made filings under Section 17(g) of the Investment Company Act and 43. • Regulation S – T and EDGAR Filer Manual The cornerstone of the EDGAR rules is Regulation S – T, a separate regulation containing rules prescribing requirements for filing electronically and the procedures for making such filings. Instructions for electronic filing, including technical formatting requirements, are set forth in the EDGAR ˇiler Manual.43 42. 41. by a foreign or domestic person; and sales literature filed by nonNASD members with the [SEC] under Section 24(b) mandatory electronic filings effective June 12, 2006.42 • foreign private issuers’ Securities Act registration statements and Exchange Act registration statements and reports; • foreign governments’ Securities Act registration statements and Exchange Act registration statements and reports; • multijurisdictional Disclosure System (MJDS) forms filed by Canadian issuers; • statements of beneficial ownership on Schedules 13D and 13G and tender offer schedules that pertain to the securities of a foreign issuer, whether filed D. ˇorm CB, the form used for cross-border rights offers, exchange offers and business combinations that are exempt from the tender offer rules or Securities Act registration, if the filer is an Exchange Act reporting company….44 Other Electronic Document Issues and Delivery Requirement The EDGAR rules apply only to filings made with the SEC; the rules do not affect the obligation of filers to deliver to security holders or potential investors documents such as prospectuses, tender offer materials and proxy or information statements. During October 1995, the SEC issued an interpretive release more fully addressing electronic delivery issues.45 To facilitate electronic delivery, rule changes were adopted to codify some of the interpretations that are premised on the distribution of paper documents.46 Interpretive releases were issued regarding the use of electronic media by brokerdealers, transfer agents and investment advisers for delivery of information;47 and the use of Internet websites to offer securities, solicit securities transactions, or advertise investment services offshore.48 The SEC issued an interpretive release (2000 Interpretive Release) addressing the use of electronic media in three areas: (1) updating the 1995 Interpretive Release; (2) discussing an issuer’s liability for website content; and (3) outlining basic legal principles that issuers and market intermediaries should consider in conducting online offerings.49 44. Id. Mauri L. Osheroff, Mark W. Green & Ruth Armfield Sanders, Electronic ˇiling and the EDGAR System: A Regulatory Overview: An Outline of the SEC’s EDGAR Rules as applied to filings processed by the Divisions of Corporation ˇinance and Investment Management, Oct. 3, 2006 (updated), available at http://www.sec.gov/info/edgar/ regoverview.htm. 45. See SEC Release No. 33-7233 (Oct. 6, 1995). 46. See SEC Release No. 33-7289 (May 9, 1996). 47. See SEC Release No. 33-7288 (May 9, 1996). 48. See SEC Release No. 33-7516 (March 23, 1998). Id. 49. See SEC Release No. 33-7856 (April 28, 2000). QUARTERLY REPORT The 2000 Interpretive Release clarifies that: investors may consent to electronic delivery telephonically; intermediaries may request consent to electronic delivery on a “global,” multiple-issuer basis; and issuers and intermediaries may deliver documents in portable document format, or PDˇ, with appropriate measures to assure that investors can easily access the documents. ˇurther, an embedded hyperlink within a section 10 prospectus or any other document required to be filed or delivered under the federal securities laws causes the hyperlinked information to be part of the document.50 The 2000 Interpretive Release also clarifies that the close proximity of information on a website to a section 10 prospectus does not, by itself, make that information an “offer to sell,” “offer for sale” or “offer” within the meaning of section 2(a)(3) of the Securities Act.51 On July 19, 2005, the SEC issued a release to facilitate the securities offering process, generally reaffirming the 2000 Interpretive Release regarding information on an issuer’s website and provides further related guidance. 52 E. XBRL is expected by the SEC to reduce the cost of information processing, and make reported information more readily available for analysis; thus, lowering the cost of capital to issuers.55 Adoption of the XBRL technology has received considerable interest on the part of scholars.56 F. 50. See SEC Release No. 33-7877 (July 27, 2000). 51. See Osheroff, et al., supra note 42. 52. See SEC Release No. 33-8591 at Part III.D.3.b.iii.(E) (2005), available at http://www.sec.gov/info/edgar/ regoverview.htm. 53. See generally SEC XBRL Portal, http://xbrl.sec.gov/. 54. See: Osheroff, supra note 42; see also: Alan Lowe, Calculative Technologies and Accountability: The SEC’s Interactive Data Project (Nov. 24, 2010), http://ssrn.com/abstract=1714495; J. Efrim Boritz & Won Gyun No, SEC’s XBRL Voluntary Program on Edgar: The Case for Quality Assurance (July 19, 2008), http://ssrn.com/abstract=1163254. I believe that the Internet and electronic communications play a vital role in modernizing the disclosure system under the federal securities laws and in promoting transpar- 55. See SEC Release No. 33-9002 (April 13, 2009). 56. See generally: Elizabeth Blankespoor, Brian P. Miller & Hal D. White, Initial Evidence on the Market Impact of the XBRL Mandate (Aug. 1, 2013), Rock Center for Corporate Governance at Stanford University Working Paper No. 149; Review of Accounting Studies (forthcoming), http: //ssrn.com/abstract=1809822; Jon W. Bartley, A. Y. S. Chen & Eileen Zalkin Taylor, A Comparison of XBRL Filings to Corporate 10-Ks - Evidence from the Voluntary Filing Program, 25 Acct. Horizons 227 (2011), available at http: //ssrn.com/abstract=1397658; Jap Efendi, Murphy Smith & Jeffrey Wong, Longitudinal Analysis of Voluntary Adoption of XBRL on Financial Reporting, 2 Int’l. J. Econ. & Acct. 173 (2011), available at http://ssrn.com/abstract=1440956; Oliver Zhen Li, Chenkai Ni & Yupeng Lin, Does XBRL Adoption Reduce the Cost of Equity Capital? (2012), http://ssrn.com/ abstract=2131001; S.N. Maheshwari & Suneel Maheshwari, XBRL – A Major Step in Globalization of Integrated Financial Reporting System, 8 DIAS Tech. Rev. (2011), available at http://ssrn.com/abstract=2126930; Justin Mindzak, Literature Review of Internet ˇinancial Reporting and XBRL, Mapping the New Knowledge Conference (2009), http://ssrn.com/ abstract=1990567; David Plumlee & Marlene Plumlee, Assurance on XBRL for ˇinancial Reporting (ˇeb. 1, 2008), http://ssrn.com/abstract=1104245; Yi Dong, Oliver Zhen Li, Yupeng Lin & Chenkai Ni, Information Processing Cost and Stock Return Synchronicity – Evidence from XBRL Adoption (Jan. 8, 2013), http://ssrn.com/abstract=2198135; Jap Efendi, Jin Dong Park & Chandra Subramaniam, Do XBRL Reports Have Incremental Information Content? – An Empirical Analysis (Aug. 26, 2010), http://ssrn.com/abstract=1671723. 57. ency, liquidity, and efficiency in our trading markets. The Internet, in particular, has enabled a greater number of retail investors to have ready access to company information. I am firmly committed to the idea that the [SEC] should do everything it can to encourage this trend and harness the power provided by technological advances to get the right information to investors, institutional and retail, at the right time.58 Technology and e-Proxy Internet delivery by the issuers of required disclosure documents to shareholders results in substantial cost savings to issuers (savings in printing and mailing costs to shareholders). In a ˇebruary 18, 2009 Speech on the topic of “Restoring Investor Trust through Corporate Governance,” SEC Commissioner Elisse B. Walter said: “[A]nother way I believe the [SEC] should enhance shareholder participation, and particularly make information gathering more efficient, is through technology…[:]”57 XBRL Program On January 30, 2009 the SEC published rules requiring issuers to use the eXtensible Business Reporting Language (XBRL) interactive data format when submitting their financial statements and other required information.53 The purpose of the XBRL program is to assess the XBRL technology which allows documents to be opened using many common Internet browsers. 54 269 Elisse B. Walter, Speech by SEC Commissioner, Restoring Investor Trust Through Corporate Governance, Remarks before the Practicing Law Institute (ˇeb. 18, 2009), http:// www.sec.gov/news/speech/2009/spch021809ebw.htm [SEC press release]. The e-proxy initiative was promulgated by the SEC during 2007 in an attempt to improve the proxy process and as “a reliable and cost-effective means of making proxy materials available to shareholders.”59 On October 14, 2009 the SEC proposed “amendments to the notice and access proxy rules to remove regulatory impediments that may be reducing shareholder response rates to proxy solicitations, by permitting issuers and other soliciting persons to more effectively use the notice and access model.”60 Specifically, the amendments provide additional flexibility regarding the format and content of the notice, permit issuers and other soliciting persons to better communicate with shareholders by including explanatory materials regarding the reasons for the use of the notice and access rules and the process of receiving and reviewing proxy materials and voting, and revise the timeframe for delivering a notice to shareholders when a soliciting person other than the issuer relies on the notice-only option.61 58. Id. 59. SEC Release Nos. 33-9108 & 34-61560, Amendments to Rules Requiring Internet Availability of Proxy Materials, eff. Mar. 29, 2010, http://www.sec.gov/rules/final/2010/33-9108.pdf. See also Internet Availability of Proxy Material, Release No. 34-55146 (Jan. 22, 2007), 72 ˇed. Reg. 4148, (Internet Availability of Proxy Adopting Release) and Shareholder Choice Regarding Proxy Materials, Release No. 34-56135 (July 26, 2007), 72 ˇed. Reg. 42221. 60. SEC Release Nos. 33-9108 & 34-61560, supra note 59 at 3, citing Amendments to Rules Requiring Internet Availability of Proxy Materials, Release No. 33-9073 (Oct. 14, 2009), 74 ˇed. Reg. 53954 (the Proposing Release). 61. Id. at 6. 270 G. QUARTERLY REPORT SEC Guidance on the Use of Company Web Sites On July 30, 2008, the SEC staff recommended that the SEC issue an interpretive release “to provide additional guidance and greater certainty on how companies can use their web sites to provide information to investors in compliance with the federal securities laws, particularly with respect to the Securities Exchange Act of 1934.”62 Kim McManus, SEC Special Counsel, Division of Corporation ˇinance, observed that the interpretive guidance addresses four main topics: In evaluating whether information is “public” for purposes of the applicability of Regulation ˇD to subsequent discussions or disclosure, companies must consider whether and when: • a company web site is a recognized channel of distribution; • posting of information on a company web site disseminates the information in a manner making it available to the securities marketplace in general; and • • when information posted on a company web site is “public” for purposes of the applicability of Regulation ˇD; • company liability for information on company web sites -- including previously posted information, third-party hyperlinks, summary information and the content of interactive web sites; • the types of controls and procedures advisable with respect to such information; and • the format of information presented on a company web site, with the focus on readability, not printability.63 Kim McManus, Speech by SEC Staff, Commission Guidance on the Use of Company Web Sites, Remarks at the SEC Open Meeting (July 30, 2008), available at http://www.sec.gov/ news/speech/2008/spch073008km.htm [SEC press release]. 63. Id. 64. Id. Certain issues that continue to arise under the antifraud provisions regarding the use of company web sites are addressed in the SEC press release, including: ˇirst, the release updates current guidance regarding the effect of accessing previously posted materials or statements on company web sites so that such previously posted materials or statements would not, without more, be considered reissued or republished for purposes of the antifraud provisions of the federal securities laws, including any duty to update such information. there has been a reasonable waiting period for investors and the market to react to the posted information.65 The SEC press release provides non-exclusive factors for companies to consider in evaluating the satisfaction of these conditions, including the manner in which information is posted on a company web site and the timely and ready accessibility of such information to investors and the markets: Second, the release provides further guidance on how companies can hyperlink to third-party web sites without “adopting” the third-party information for liability purposes. The guidance suggests, among other things, that companies explain the context for the hyperlink to make clear why the hyperlink is being provided, be aware that selective choices to hyperlink to specific third-party information may indicate that the company has a positive view or opinion about that information, and consider using other methods to denote that the hyperlink is to third-party information. The guidance also addresses circumstances in which, for certain companies under certain circumstances, posting non-public material information on a company’s web site, in and of itself, may be a sufficient method of “public disclosure” for purposes of satisfying the alternative public disclosure provision of Regulation ˇD. In evaluating whether and when postings on their web sites are “reasonably designed to provide broad, non-exclusionary distribution of the information to the public,” the guidance provides that companies would need to consider whether the company web site is a recognized channel of distribution and whether the information is “posted and accessible” and, therefore, “disseminated.” As part of that evalua- “Whether information posted on a company web site is ‘public’ for purposes of Regulation ˇD impacts both the analysis of the applicability of Regulation ˇD to subsequent discussions or disclosure of the posted information with an enumerated person in Regulation ˇD and satisfaction of Regulation ˇD’s ‘public disclosure’ requirement.”64 62. tion, companies also would need to consider their web sites’ capability to meet the simultaneous or prompt timing requirements for public disclosure under Regulation ˇD. 66 65. Id. Third, the release provides guidance for companies that provide summaries of information on their web sites in the context of the antifraud provisions including techniques that companies can use to highlight the summary nature of the information provided. 66. Id. QUARTERLY REPORT And fourth, the release addresses antifraud issues that may arise when issuers, their officers, and employees speak on company-sponsored blogs or electronic shareholder forums. In particular, it provides guidance for companies hosting or participating in blogs or electronic shareholder forums about the applicability of the antifraud provisions to statements made by the company or by a person acting on behalf of the company. It also highlights the restrictions on a company’s ability to require investors to waive protections under the federal securities laws as a condition to entering or participating in a blog or forum.67 The SEC press release also provides guidance about the extent to which “disclosure controls and procedures” apply to statements on company web sites and helps to clarify the boundaries of disclosure controls and procedures, since companies must disclose whether their disclosure controls and procedures are effective. ˇinally, the SEC press release acknowledges that the nature of online information is increasingly interactive, and not static, clarifying that information appearing on company web sites does not need to satisfy a printerfriendly standard or be in a format comparable to paper-based information, unless the SEC’s rules explicitly require it. During April 2013, the SEC issued a report to clarify that issuers “can use social media outlets like ˇacebook and Twitter to announce key information in compliance with Regulation ˇair Disclosure (Regulation ˇD) so long as investors have been alerted about which social media will be used to disseminate such information.” that Netflix’s monthly online viewing had exceeded one billion hours for the first time. Netflix did not report this information to investors through a press release or ˇorm 8-K filing, and a subsequent company press release later that day did not include this information. Neither Hastings nor Netflix had previously used his ˇacebook page to announce company metrics, and they had never before taken steps to alert investors that Hastings’ personal ˇacebook page might be used as a medium for communicating information about Netflix. Netflix’s stock price had begun rising before the posting, and increased from $70.45 at the time of the ˇacebook post to $81.72 at the close of the following trading day. The SEC did not initiate an enforcement action or allege wrongdoing by Hastings or Netflix. Recognizing that there has been market uncertainty about the application of Regulation ˇD to social media, the SEC issued the report of investigation pursuant to Section 21(a) of the Securities Exchange Act of 1934.68 V. The following litigation release was issued by the SEC on ˇebruary 19, 2014 and is indicative of the kind of fact patterns alleged in a number of cyberfraud cases: U.S. Securities and Exchange Commission Litigation Release No. 22928 / ˇebruary 19, 2014 Securities and Exchange Commission v. Jerry S. Williams, Monk’s Den, LLC, and ˇirst In Awareness, LLC, Civil Action No. 3:12-cv01068 (District of Connecticut) The SEC’s report of investigation stems from an inquiry the Division of Enforcement launched into a post by Netflix CEO Reed Hastings on his personal ˇacebook page stating 68. 67. Id. Case Study: SEC Charges Eight in Penny Stock Manipulation SEC Release No. 2013-51, SEC Says Social Media OK for Company Announcements If Investors Are Alerted (Apr. 2, 2013), available at http://www.sec.gov/News/PressRelease/ Detail/PressRelease/1365171513574#.Uzm0xfldWHg. 271 Connecticut-Based Stock Promoter Ordered to Pay Over $9.6 Million in Stock Touting and Scalping Scheme The Securities and Exchange Commission announced today that on ˇebruary 12, 2014, a Connecticut federal court entered judgments against a former Connecticutbased stock promoter, Jerry S. Williams, and two companies that he controlled, Monk’s Den, LLC and ˇirst In Awareness, LLC, who are defendants in a Commission enforcement action filed in 2012 alleging that they operated a fraudulent Internet-based stock touting and scalping scheme. The judgments order the defendants to pay a total of over $9.6 million. Williams, Monk’s Den, and ˇirst In Awareness were defendants in a civil fraud action filed by the Commission on July 20, 2012. The Commission’s complaint alleged that from 2009 through 2010, Williams recommended two stocks, Cascadia Investments, Inc. and Green Oasis, Inc., to a large group of followers who followed his trading recommendations and strategies. Williams, who was known to his followers as “Monk,” used his Internet-based message board – called Monk’s Den – as well as his in-person seminars (called “Monkinars), and other means, to encourage people to buy, hold, and accumulate Cascadia and Green Oasis stock. In particular, Williams told his followers that by buying up the outstanding shares, or float, of these companies, they could collectively trigger a “short squeeze” that would allow them to sell their stock to “market makers” that had shorted the stock. Williams falsely stated that he had previously used this “ˇloat Lock Down” strategy successfully to make himself and his followers enormous profits. In fact, unknown to his followers, Williams 272 had been hired by Cascadia and Green Oasis to promote their stock and had been compensated with millions of free and discounted shares of these stocks. Williams secretly sold millions of Cascadia and Green Oasis shares at the same time he was encouraging potential investors to buy, hold and accumulate these stocks. Williams made profits of over $2.3 million from his scheme. Without admitting or denying the allegations in the Commission’s complaint, Williams, ˇirst In Awareness and Monk’s Den consented to final judgments enjoining them from violating Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5 thereunder, and as to Williams only, enjoining him from violating Sections 17(a) and 17(b) of the Securities Act of 1933 and Sections 206(1) and 206(2) of the Investment Advisers Act of 1940. The final judgments found Williams, Monk’s Den, and ˇirst In Awareness jointly and severally liable for disgorgement of $2,357,208 in ill-gotten gains plus prejudgment interest of $188,766, ordered each to pay a civil penalty of $2,357,208, and imposed a penny stock bar on Williams….69 This case study should be kept in mind when considering the factors involved in the challenging and rapidly changing area of Internet-related law. Violations of the registration, antifraud, and other provisions of the federal securities laws now reflect use of the Internet and sophisticated computer skills, such as “hacking” that are used to gain access to investor account information though various intrusion techniques and craft new forms of market manipulation. 69. Connecticut-Based Stock Promoter Ordered to Pay Over $9.6 Million in Stock Touting and Scalping Scheme, SEC Litigation Release No. 22928 (ˇeb. 19, 2014), available at http: //www.sec.gov/litigation/litreleases/2014/lr22928.htm. QUARTERLY REPORT VI. Jurisdiction, the Internet, and the SEC The global nature and increasing use of cyberspace, along with the Internet’s cost-effective ability to reach an almost unlimited audience, poses unique and challenging questions as to jurisdiction over Internet securities transactions. “Cyberspace defies traditional, geographic concepts of jurisdictional boundaries, since it ‘is a place’ that is at the same time nowhere and everywhere.”70 New legislative rules have been required to start to resolve the many ambiguities confronted when traditional rules are applied to transactions in cyberspace.71 As Kenneth W. Brakebill has noted: the SEC brought allegations of use of the Internet “to engage in an ongoing, fraudulent securities offering in violation of the antifraud and registration provisions of the federal securities laws.”74 The SEC claimed that its enforcement authority for registration violations was conferred under section 20(b) of the 1933 Act,75 and section 22(a) of the 1933 Act.76 The SEC invoked section 21(d) of the 1934 Act77 73. Schiff Berman, The Globalization of Jurisdiction, 151 U. Pa L. Rev. 311 (2002), available at http://ssrn.com/abstract=304621; MICHAEL L. RUSTAD, INTERNET LAW IN A NUTSHELL (2009), available at http://ssrn.com/abstract=1329092; Christopher Kuner, Internet Jurisdiction and Data Protection Law: An International Legal Analysis (Part 1), 18 Int’l J. L. & Info. Tech. 176 (2010), available at http://ssrn.com/abstract=1496847; Richard D. ˇreer, American and European Approaches to Personal Jurisdiction Based Upon Internet Activity, Emory Public Law Research Paper No. 07-15 (2007), available at http://ssrn.com/abstract=1004887; Michael A. Geist, Is There a There There? Towards Greater Certainty for Internet Jurisdiction, Berkeley Tech. L.J. (2001), available at http://ssrn.com/ abstract=266932; Peter Swire, No Cop on the Beat: Underenforcement in E-Commerce and Cybercrime, http://ssrn.com/abstract=1135704; Kevin ˇ. King, Personal Jurisdiction, Internet Commerce, and Privacy: The Pervasive Legal Consequences of Modern Geolocation Technologies, 21 Alb. L. J. Sci. & Tech. 61 (2011), available at http://ssrn.com/abstract=1622411; Danielle Keats Citron, Minimum Contacts in a Borderless World: Voice over Internet Protocol and the Coming Implosion of Personal Jurisdiction Theory, 39 U. C. Davis L. Rev. (2006), available at http://ssrn.com/abstract=819004; Joel Reidenberg, Jamela Debelak, Jordan Kovnot, Megan Bright, N. Cameron Russell, Daniela Alvarado, Emily Seiderman & Andrew Rosen, Internet Jurisdiction: A Survey of Legal Scholarship Published in English and United States Case Law (June 30, 2013), ˇordham Law Legal Studies Research Paper No. 2309526, http://ssrn.com/abstract=2309526; Patricia L. Bellia, Chasing Bits Across Borders, U. Chi. Legal ˇ. 35 (2001), available at http://ssrn.com/abstract=556471; Teresa Scassa & Robert J. Currie, New First Principles? Assessing the Internet’s Challenges to Jurisdiction, 42 Geo. J. Int’l. L. 1017 (2011), available at http://ssrn.com/abstract=2116364; Michael H. Botein, ˇederal Jurisdiction Over Internet and Broadband: A Commentary on Technology and Content Regulation (Mar. 22, 2013), NYLS Legal Studies Research Paper No. 12 /13 No. 66, http://ssrn.com/abstract=2241621; Allyson Haynes Stuart, The Short Arm of the Law: Simplifying Personal Jurisdiction Over Virtually Present Defendants, 64 U. Miami L. Rev. 133 (2009), available at http://ssrn.com/ abstract=2316353. United States courts traditionally have exerted a broad extraterritorial power in their assertion of subject matter jurisdiction over transnational securities transactions in the non-cyberspece context. Indeed, the ‘conduct’ and ‘effects’ tests cast a broad jurisdictional net. American courts have also extended personal jurisdiction to the full limits of the Due Process clause in non-cyberspace transactions. However, courts have yet to develop the minimum contacts analysis in the international context, and where cyberspace is involved.72 Criminal use of the Internet may create a complex issue of jurisdiction by a court over a defendant -- and is beyond the scope of this article.73 As early as 1995, 70. See James M. Westerlind, The Magna Carta Meets the TwentyFirst Century: Personal Jurisdiction and the Internet, 15 St. John’s J. Legal Comment. 223 (2000). 71. See Kenneth W. Brakebill, The Application of Securities Laws in Cyberspace: Jurisdictional and Regulatory Problems Posed By Internet Securities Transactions, Hastings Comm. & Ent. L.J., 902 (Summer 1996). 72. Id. at 942. 73. See generally: Dan L. Burk, Federalism In Cyberspace, 28 U. Conn. L. Rev. 1095 (1996), available at http://ssrn.com/ abstract=44433; Joel Reidenberg, Technology and Internet Jurisdiction, 153 U. Pa L. Rev. 1951 (2005), available at http: //ssrn.com/abstract=691501; Susan W. Brenner & Bert-Jaap Koops, Approaches to Cybercrime Jurisdiction, 4 J. High Tech. L. (2004), available at http://ssrn.com/abstract=786507; Paul (Continued in next column) (Continued from previous column) 74. Brakebill, supra note 71, at 940 citing: SEC v. Block, Civil Action No. 95-11748 (RCL) (D. Mass.); SEC Litig. Release No. 14711, 1995 SEC LEXIS 3006 (Nov. 2, 1995); SEC v. Block, Civil Action No. 95-11748 (RCL) (D. Mass.); & SEC Litig. Release No. 14598, 1995 SEC LEXIS 2056 (Aug. 10, 1995). 75. See: 1933 Act § 8A, 15 U.S.C.A. § 77h-1 (West Supp. 1996) (discussing the power of the SEC to enter a cease and desist order and to require accounting and disgorgement); 1933 Act § 20, 15 U.S.C. § 77t (1994) (discussing the power of the SEC to bring action in federal court to enjoin violations of the registration requirements, or to seek civil penalties, or to transmit evidence to the United States Department of Justice to undertake a criminal prosecution). 76. See 1933 Act § 22(a), 15 U.S.C. § 77v(a) (1994) (conferring jurisdiction on the district courts of the United States over offenses and violations of the Securities Act provisions and all suits in equity and at law brought to enforce any liability or duty created by the Act). 77. See: 1934 Act § 21(d), 15 U.S.C. § 78u(d) (1994) (authorizing the SEC to bring injunction proceedings in a United States district court); 1934 Act § 21A, 15 U.S.C.A. § 78u-1 (West (Continued on next page) QUARTERLY REPORT for its enforcement authority of antifraud violations, and sections 21 and 27 of the 1934 Act78 for jurisdiction of the court. VII. Focus on the Cost of Raising Capital A. Introduction The Internet has resulted in efficiencies, cost savings, and real productivity gains to all in the capital-raising process. At 10.99 percent, the SEC reports that “the United States ranks number 7 out of 44 countries in terms of the cost of capital as estimated by the World Capital Asset Pricing Model. The lowest cost of capital is in Pakistan at 7.87 percent and the highest is in Hungary at 18.97 percent.”79 Criticisms from the business community of the excessive cost of government regulation in general, e.g., SarbanesOxley80 and the Dodd-ˇrank Act81 in particular, are legion. Moreover, it would appear that, despite its micromanagement regulatory approach, SarbanesOxley’s focus on the prevention of securities fraud lacked effectiveness in preventing the demise of Bear Stearns, Lehman Brothers, AIG, Washington Mutual and many others appearing on the long list of major business entities that essentially failed during 2008 – 09. Rapid gains in technological advances and use of the Internet provide the potential for gains in compliance and reduced 77. costs to the business community. As just one example, Grundfest and Beller suggest the use of “an on-line questionnaire-driven disclosure regime subject to mandatory updating according to a schedule defined by the [SEC]. This approach allows the [SEC] to elicit all the information currently generated by its forms-based filing system at, we believe, a dramatically lower cost to filers.”82 Other advantages include making available low-cost database construction and reduction of redundant information without requiring new “legislative authority, and without running the risk of changes to the liability structure provided under the current offerings-based disclosure regime.”83 ˇormer SEC Commissioner Troy A. Paredes observed that “regulatory decision making at the SEC – and throughout government generally – should be based on rigorous cost-benefit analysis, including sound economics….And cost-benefit analysis is valuable not only when evaluating potential new laws, but also when enforcing existing ones.”84 Moreover: A demanding cost-benefit analysis that evaluates outcomes and makes conscious, informed tradeoffs is the best way of achieving the common good. The discipline that costbenefit analysis brings to decision making impresses upon regulators the complexity of the challenges and opportunities we face. By appreciating such complexity, it becomes more likely that regulators, myself included, will strike appropriate balances. Cost-benefit analysis is not an argument for or against regulation. Rather, it is an argument for regulatory approaches that fully account (Continued from previous page) Supp. 1996) (authorizing the SEC to bring action in a United States district court for certain insider trading violations); 1934 Act § 21C, 15 U.S.C.A. § 78u-3 (West. Supp. 1996) (discussing the power of the SEC to enter a cease and desist order and to require accounting and disgorgement). 78. See: 1934 Act § 27, 15 U.S.C. § 78aa (1994) (conferring jurisdiction in the district courts of the United States over offenses and violations of the Securities Exchange Act provisions and all suits in equity and at law brought to enforce any liability or duty created by the Act); 1934 Act § 21A, 15 U.S.C. § 78u-1(a)(1)(A) (West Supp. 1996) (conferring jurisdiction on the court to impose civil penalties for certain insider trading violations). 79. U.S. Securities and Exchange Commission, 56 ˇY 2010 Performance and Accountability Report. 80. Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, 116 Stat. 745 (2002) [Sarbanes-Oxley]. 81. Dodd-ˇrank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, 124 Stat. 1376 (2010) [Dodd-ˇrank Act]. 82. See: Joseph Grundfest & Alan L. Beller, Reinventing the Securities Disclosure Regime: Online Questionnaires as Substitutes for ˇorm-Based ˇilings (Aug. 4, 2008), Stanford Law and Economics Olin Working Paper No. 361; Rock Center for Corporate Governance at Stanford University Working Paper No. 2, http://ssrn.com/abstract=1235082. 83. Id. 84. Troy A. Paredes, Speech by SEC Commissioner, Remarks at The SEC Speaks in 2009 (ˇeb. 6, 2009) (press release, available at http://www.sec.gov/news/speech/2009/ spch020609tap.htm.). 273 for both the good and the bad to ensure that we have smart regulation.85 B. The Jumpstart Our Business Startups (JOBS) Act It remains to be seen whether the JOBS Act and associated changes to the securities laws will prove to be a major benefit to efforts by smaller companies to raise needed capital.86 Major provisions of the JOBS Act that impact private financing alternatives include: • requiring the SEC to implement an exemption under the Securities Act for crowdfunding offerings, which is a new method of raising relatively small amounts of money from many individual investors over the Internet; and • expanding the limits for “quasipublic” offerings under Regulation A from $5 million to $50 million, while requiring some measure of ongoing information reporting (an exemption that is commonly referred to as “Regulation A+”).87 Keith ˇ. Higgins, Director of the SEC’s Division of Corporation ˇinance observes that among the JOBS Act’s changes to the basic securities 85. Id. 86. JOBS Act, supra note 7. See generally: Usha Rodrigues, The Effect of the JOBS Act on Underwriting Spreads, Ky. L.J. (forthcoming); Jeff Thomas, Making Equity Crowdfunding Work for the Unaccredited Crowd, 4 Harv. Bus. L.R. Online 62 (2014) (citing high expected costs); Mary McAllister Shepro, Keeping the Crowd at Bay: The Practical Implications of the SEC’s New Crowdfunding Exemption (May 5, 2014) (unpublished manuscript)(arguing that the new exemption and the SEC’s proposed rules regarding crowdfunding guarantee that the equity crowdfunding exemption will be costly and thus infrequently used), http://ssrn.com/abstract=2433225; Rutheford B. Campbell, The New Regulation of Small Business Capital Formation: The Impact – If Any – Of the Jobs Act, Ky L.J. (forthcoming) (stating that the SEC’s proposed rules are plagued by excessive disclosure requirements for small offerings, integration complications, and unmanageable risks created by actions of intermediaries). 87. Keith ˇ. Higgins, Director, Division of Corporation ˇinance, U.S. Securities and Exchange Commission, Keynote Address at PLI – Thirteenth Annual Institute on Securities Regulation in Europe, London, England (Mar. 20, 2014), http:// www.sec.gov/News/Speech/Detail/Speech/1370541190424. See also infra Part VII.C. 274 QUARTERLY REPORT regulatory schematic is an increase in the total number of “shareholders threshold of Section 12(g) that triggers Exchange Act reporting. Companies can now have up to 2,000 holders – although only 500 who are not accredited investors – before having to submit to registration under the Exchange Act and the attendant reporting obligations that registration entails.”88 C. Crowdfunding The Kauffman ˇoundation has observed that “the presumed potential of equity crowdfunding for stimulating entrepreneurial growth has led to great public anticipation, which only has been intensified by enthusiasm for the proliferation of ‘accelators’ – intense programs, similar to boot camps, that typically provide space, networks, mentorship, and other resources…”89 Title III of the JOBS Act creates an exception under the U.S. securities laws to allow crowdfunding campaigns to be easily employed to raise capital through the offer and sale of securities to the public.90 These crowdfunding-related provisions “include investment restrictions and new compliance requirements for both small businesses seeking to obtain funds through crowdfunding and the portals that will connect entrepreneurs and investors.”91 88. Id. See also Usha Rodrigues, The Once and Future Irrelevancy of Section 12(G), U. Il. L. Rev. (forthcoming). 89. Tom Alberg, Andrew A. Bogan, Harold Bradley, Robert D. Cooter, Monika Gruter Cheney, Oliver R. Goodenough, William R. Hambrecht, ˇrank Hatheway, Thomas ˇ. Hellmann, Marianne Hudson, Jared Konczal, Josh Lerner, Robert E. Litan, Diane Mulcahy, Ramana Nanda, ˇrank Partnoy, Joe Ratterman, Naval Ravikant, Jay Ritter, Alicia Robb, David Robinson, Allison Schrager, Barry Silbert, Erik Sirri, Dane Stangler & Sharon Vosmek, 2013 State of Entrepreneurship Address: “ˇinancing Entrepreneurial Growth” at 1 (ˇeb. 5, 2013), Ewing Marion Kauffman ˇoundation Research Paper, http://ssrn.com/abstract=2212743 [hereinafter Kaufman]. 90. 91. SEC Press Release 2013-227, SEC Issues Proposal on Crowdfunding (Oct. 23, 2013), http://www.sec.gov/News/ PressRelease/Detail/PressRelease/1370540017677. See also Lawrence J. Trautman, The Roar of the Crowdfunding (forthcoming). Hearing Memo, SEC’s Crowdfunding Proposal: Will it Work for Small Businesses? House Committee on Small Business Subcommittee on Investigations, Oversight and Regulations, 113th Cong. (Jan. 13, 2014), available at http: //smallbusiness.house.gov/uploadedfiles/1-16-2014_revised_hearing_memo.pdf. Crowdfunding is receiving considerable interest from entrepreneurs and scholars.92 Crowdfunding seems to have developed to meet the fundraising needs of non-profits, entrepreneurs, and independent, creative artists of all types (film, game developers, music, theatre, etc.), generally employing a donation or rewards incentive model. Although most scholarly research to date has been focused on the United States, crowdfunding as a worldwide phenomenon, impacted by the different experiences and legal frameworks of every jurisdiction.93 Even before the SEC issued final rules under the JOBS Act, “crowdfunding platforms raised $2.7 billion (an 81% increase) and successfully funded more than 1 million campaigns in 2012. Massolution fore- 92. 93. See generally: Joan MacLeod Heminway, What is a Security in the Crowdfunding Era?, 7 Ohio St. Entrepren. Bus. L.J. 335 (2012), available at http://ssrn.com/abstract=2210162; Robert B. Thompson & Donald C. Langevoort, Redrawing the Public-Private Boundaries in Entrepreneurial Capital-Raising, (2012), Georgetown Public Law Research Paper No. 12-119; Georgetown Law and Economics Research Paper No. 12-031, available at http://ssrn.com/abstract=2132813; Thomas Lee Hazen, Crowdfunding or Fraudfunding? Social Networks and the Securities Laws – Why the Specially Tailored Exemption Must be Conditioned on Meaningful Disclosure, N. C. L. Rev. (forthcoming), available at http://ssrn.com/abstract=1954040; Ethan R. Mollick, The Dynamics of Crowdfunding: An Exploratory Study, 29 J Bus. Venturing 1 (2014), available at http://ssrn.com/abstract=2088298; Thomas A. Martin, The Jobs Act of 2012: Balancing ˇundamental Securities Law Principles with the Demands of the Crowd (April 12, 2012), http://ssrn.com/abstract=2040953; Stuart R. Cohn, The New Crowdfunding Registration Exemption: Good Idea, Bad Execution, ˇla. L. Rev. (forthcoming), available at http://ssrn.com/ abstract=2066016; Mingfeng Lin & Siva Viswanathan, Home Bias in Online Investments: An Empirical Study of an Online Crowdfunding Market (Jan. 26, 2014), http://ssrn.com/abstract=2219546; Sean M. O’Connor, Crowdfunding’s Impact on Start-Up IP Strategy, Geo. Mason L. Rev. (forthcoming), available at http://ssrn.com/abstract=2366937; Alan R. Palmiter, Pricing Disclosure: Crowdfunding’s Curious Conundrum, 7 Ohio St. Entrep. Bus. L.J. 374 (2012), available at http://ssrn.com/abstract=2241833; Rembrand Koning & Jacob Model, Experimental Study of Crowdfunding Cascades: When Nothing Is Better than Something (Oct. 17, 2013), http://ssrn.com/abstract=2308161; Othmar Manfred Lehner, The ˇormation and Interplay of Social Capital in the ORˇE Processes of Crowd ˇunded Social Ventures, 10th STERN Conference papers, NYU, New York, 2013, http://ssrn.com/ abstract=2402649. See generally: Lawrence J. Trautman, The Roar of the Crowdfunding (forthcoming), citing Giancarlo Giudici, Ricardo Nava, Cristina Rossi Lamastra & Chiara Verecondo, Crowdfunding: The New ˇrontier for ˇinancing Entrepreneurship? (Oct. 5, 2012), http://ssrn.com/abstract=2157429; Ajay Agrawal, Christian Catalini & Avi Goldfarb, The Geography of Crowdfunding (Oct. 29, 2010), NET Institute Working Paper No. 10-08, http://ssrn.com/abstract=1692661; Armin Schwienbacher & Benjamin Larralde, Crowdfunding of Small Entrepreneurial Ventures, in HANDBOOK Oˇ ENTREPRENEURIAL ˇINANCE, Oxford University Press, ˇorthcoming, available at http://ssrn.com/abstract=1699183; Paul Belleflamme, Thomas Lambert & Armin Schwienbacher, Crowdfunding: Tapping the Right Crowd, J. Bus. Venturing, ˇorthcoming; CORE Discussion Paper No. 2011/32, http://ssrn.com/abstract=1578175. casts an increase in global crowdfunding volumes in 2014, to $34.4 billion.”94 New rules to implement the new crowdfunding exemption were proposed by the SEC during October 2013.95 The Kauffman ˇoundation observed that “while the JOBS Act opened the door for equity crowdfunding…the precise contours of how this market can develop will remain unclear until the SEC issues regulations.”96 Keith Higgins explains that: [U]nder the proposed rules, an issuer could use this exemption to raise up to $1 million in any 12-month period through a broker-dealer or a new type of intermediary -- a funding portal -- and investors would be limited in their investment size to an amount based on their annual income or net worth, with an overall cap of $100,000. And last December, the Commission proposed rules that would update and expand the existing Regulation A exemption by allowing offerings of up to $50 million within a 12-month period -- a ten-fold increase over the $5 million limit that has existed for years.97 However, Professor Joan MacLeod Heminway argues in a forthcoming article “that the securities crowdfunding piece of the JOBS Act in Title III will not help many small businesses. It’s just too expensive.”98 94. 2015 Cˇ – The Crowdfunding Industry Report, available at http://www.crowdsourcing.org/editorial/global-crowdfundingmarket-to-reach-3446-in2015-predicts-massolutions-2015cfindustry--reports/45376.funding-industry-report/25107. 95. See Crowdfunding, Securities Act Release No. 9470 (Oct. 23, 2013), 78 ˇed. Reg. 66427, available at http://www.sec.gov/ rules/proposed/2013/33-9470.pdf. 96. See Kauffman, supra note 89 at 4. 97. Higgins, supra note 87, citing Proposed Rule Amendments for Small and Additional Issues Exemptions Under Section 3(b) of the Securities Act, Securities Act Release No. 9497 (Dec. 18, 20130, 79 ˇed. Reg. 3925, available at http://www.sec.gov/ rules/proposed/2013/33-9497.pdf. 98. E-mail from Joan MacLeod Heminway, W.P. Toms Distinguished Professor of Law, The University of Tennessee College of Law, to Lawrence J. Trautman (Apr. 20, 2014, 17:14CST) (on file with your author). QUARTERLY REPORT D. General Solicitation and Forthcoming Rules SEC Chair Mary Jo White reported that, during July 2013, the SEC “adopted rules implementing the JOBS Act mandate to lift the ban on general solicitation, and the rules became effective on September 23, 2013.”99 Keith ˇ. Higgins, Director of the SEC’s Division of Corporation ˇinance observed that the JOBS Act “upended a long-standing, fundamental principle that had been an article of faith for generations of securities lawyers -- namely, that a private offering could not be conducted by means of a general solicitation.”100 This change in the law was required to enable the crowdfunding process to move forward. As this article went to press, SEC Chair White stated that “the final implementation of crowdfunding and an updated Regulation A is an important priority in 2014, and I expect that the Commission, after thorough consideration of all comments, will move expeditiously to finalize these results.”101 The Kauffman ˇoundation observed that “there is already concern that the JOBS Act itself created too many regulations for crowdfunding sites, and SEC interpretation and enforcement could make it worse.”102 99. Mary Jo White, Chair, U.S. Securities and Exchange Commission, Alan B. Levenson Keynote Address at the 41st Annual Securities Regulation Institute: The SEC in 2014 (Jan. 27, 2014), available at http://www.sec.gov/News/Speech/Detail/ Speech/1370540677500, citing Eliminating the Prohibition Against General Solicitation and General Advertising in Rule 506 and Rule 144A Offerings, Release No. 33-9415 (Jul. 10, 2013), 78 ˇed. Reg. 44771 (Jul. 24, 2013), available at http: //www.sec.gov/rules/final/2013/33-9415.pdf. E. Broker-Dealer Compliance The flow of capital necessary to create economic growth and jobs depends on public confidence in financial intermediaries and broker-dealers in particular. Recognizing the need for an effective supervisory system designed to ensure compliance with both legal and ethical standards, Joseph M. ˇurey and Beth D. Kiesewetter have provided an excellent account of relevant Self-Regulatory Organizations (SRO) rules and state and federal laws and regulations applicable to the supervision of brokerdealers to supervise their on-line trading systems and marketing activities. 103 F. Liability for Hyperlinked Misinformation On the Internet, “hyperlinks” link pages within a web site and from one web site to another, usually represented by appearing in text form as underlined blue type for the URL (an example might be http://www.sec.gov.). Such a hyperlink will enable a user to click on the hyperlinked text http://www.sec.gov and be transported electronically such that the SEC web front page will appear automatically on the user’s screen. Eileen Smith Ewing has observed that “by means of ‘hyperlinks,’ a company can connect its own website with third party web sites, perhaps to share information prepared by others about the company itself. Hyperlinks to analyst reports are an example of this practice.”104 Moreover: 275 Third-party information may be inaccurate. An investor may be led to buy company stock in reliance on that information, to his financial detriment. If the company itself had issued such erroneous information, it would face securities fraud liability under section 10(b) of the Securities Exchange Act of 1934 (the Exchange Act)105 and Rule 10b-5 thereunder.106 Does the hyperlink the company embedded in its web site, giving investors easy access to such information, expose it to similar liability?107 The 2000 Interpretive Release clarifies some of the facts and circumstances that may result in an issuer having adopted information on a third-party website to which the issuer has established a hyperlink for purposes of the antifraud provisions of the federal securities laws. Also, it clarifies the general legal principles that govern permissible website communications by issuers when in registration.108 While the SEC cautions that it is merely providing a framework for analysis and not a mechanical bright-line test for ascertaining liability, an analysis is provided to answer questions arising from an enforcement action settlement and case law developments. It is the 2000 Interpretive Release that first clarifies the general legal principles that broker-dealers should consider when developing and implementing procedures for online public offerings. 100. Higgins, supra note 87. 101. Chair Mary Jo White, supra note 99. See also SEC Press Release 2014-288, SEC Proposes Amendments to Implement JOBS Act Mandate for Exchange Act Registration Requirements (Dec. 18, 2014), available at http://www.sec.gov/news/ pressrelease/2014-288.html#.VL5ngUfˇ-Hq. 102. See: Kauffman, supra note 89 at 6; see generally Andrew A. Schwartz, Keep It Light, Chairman White: SEC Rulemaking Under the CROWDFUND Act, 66 Vand. L. Rev. 43 (2013), available at http://ssrn.com/abstract=2269072 (observing: “The whole crowdfunding project depends on a very simple and inexpensive process for offering securities, so it is vital that the SEC not burden the CROWDˇUND Act with any more rules and regulations than are absolutely Necessary,” id. at 46); Rutheford B. Campbell, Proposed Crowdfunding Regulations Under the Jobs Act: Please, SEC, Revise Your Proposed Regulations in Order to Promote Small Business Capital ˇormation, (ˇeb. 14, 2014), http://ssrn.com/abstract=2406214; Lawrence A. Hamermesh & Peter I. Tsoflias, An Introduction to the Federalist Society’s Panelist Discussion Titled ‘Deregulating the (Continued in next column) 102. (Continued from previous column) Markets: The JOBS Act,’ 38 Del. J. Corp. L. (2013); Widener Law School Legal Studies Research Paper No. 14-03, http: //ssrn.com/abstract=2359190; C. Steven Bradford, The New Federal Crowdfunding Exemption: Promise Unfulfilled, 40 Sec. Reg. L. J. 195 (2012), available at http://ssrn.com/ abstract=2066088; Jason W. Parsont, Crowdfunding: The Real and the Illusory Exemption, Harv. Bus. L. Rev. [forthcoming], available at http://ssrn.com/abstract=2279711. 103. See Joseph M. ˇurey & Beth D. Kiesewetter, On-Line BrokerDealers: Conducting Compliance Reviews in Cyberspace, 56 Bus. Law. 1461, 1462 (2001). 104. Eileen Smith Ewing, Fraud On the Cybermarket: Liability for Hyperlinked Misinformation Under Rule10b-5, 56 Bus. L. 375 (2000). 105. 15 U.S.C. §§ 78a - 78kk (1994 & Supp. IV 1998). 106. 17 CˇR § 240.10b-5 (1999). 107. See Ewing, supra note 104. 108. May 2000 Release § II.B.1 at 25, 848-49, citing: In re Cypress Semiconductor Securities Litigation, 891 ˇ. Supp. 1369 (N.D. Cal. 1995), aff’d sub nom. Eisenstadt v. Allen, No. 95-16255, 1997 WL 211313 (9th Cir. Apr. 28, 1997) (distributing analysts’ reports to potential investors may, depending on the circumstances, amount to an implied representation that the reports are accurate); In re RasterOps Corporation Securities Litigation, [1994-95 Transfer Binder] ˇed. Sec. L. Rep. (CCH) P98, 467, at 91,193 (N.D. Cal. Oct. 31, 1994) (act of circulating the reports amounts to an implied representation that the information contained in the reports is accurate or reflects the company’s views). 276 QUARTERLY REPORT VIII. The SEC, Risk, Rule 10b-5, and Cybersecurities Fraud A. Introduction Laura S. Unger, former SEC Commissioner, reports that online frauds can be categorized into three basic types: (1) market manipulation or “pump and dump” schemes; (2) offering frauds; and (3) stock promoters who receive undisclosed compensation for touting a company’s securities.109 The market manipulation scheme “usually involves trying to inflate the price of a stock. Oftentimes,…post[ing] the fraudulent information in online message boards to hype the stock.”110 Offering frauds come in various forms, including pyramid and Ponzi schemes, and many times “an online component involves affinity fraud.”111 In the case of stock promoters who receive undisclosed compensation for touting a company’s securities, “by failing to disclose the compensation, these promoters create the impression that their commentary about the company is actually independent. Oftentimes, these stock promoters secretly sell their own shares as they are touting the stock to move the price higher – a practice known as ‘scalping.’112 “Those who commit fraud using the Internet often start by committing what some may deem to be a lesser crime such as hacking into a friend’s email account. Eventually, the modern internet fraudster becomes more brazen and graduates to more serious crimes,” observed former SEC Commissioner Troy A. Paredes.113 While criminals 150 years ago utilized aliases and disguises to evade detection and capture, as SEC Commissioner Paredes has noted, “the modern fraudster uses technology, such as routing redirects, source routing, blind spoofing, and flooding, to prevent law enforcement from obtaining the correct IP address.”114 The SEC warns that “Internet investment frauds mirror the frauds perpetuated over the phone or through the mail. Remember that fraudsters can use a variety of Internet tools to spread false information, including bulletin boards, online newsletters, spam, or chat rooms.”115 They can also build a glitzy, sophisticated web page. All of these tools cost very little money and can be found at the fingertips of fraudsters. The antifraud statute governing securities offerings most frequently utilized by the SEC is Rule 10b-5, which states: It shall be unlawful for any person, directly or indirectly, by the use of any means or instrumentality of interstate commerce, or of the mails, or of any facility or any national securities exchange: (a) to employ any device, scheme, or artifice to defraud, (b) to make any untrue statement of a material fact or to omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which they were made, not misleading, or (c) to engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person, in connection with the purchase or sale of any security.116 Courts for many years have interpreted the five essential elements of a 10b-5 fraud claim to be: (1) the misstatement or omission; (2) of a material fact; (3) made with scienter; (4) reliance upon by the claimant; and (5) which proximately caused injury to the claimant.117 Eileen Smith Ewing has observed that some more recent decisions have “witnessed a certain telescoping of the necessary elements -- only materiality appears to remain a requirement.”118 A number of 10b-5-based enforcement cases brought during recent years have involved use of the Internet, often “to deliver e-mail blasts to potential investors,”119 or “in a ‘pump-and-dump’ scheme to issue shares to the public illegally while others manipulated the stocks by making materially false and misleading statements in press releases and in spam e-mail messages.” 120 An early SEC report (1999) listed enforcement actions involving on-line discussion forums.121 B. The Office of Internet Enforcement Established in 1998, the SEC’s Office of Internet Enforcement (OIE) is at the forefront of the SEC’s fight against securities fraud on the Internet. Under U.S. law, the term “security” is defined in section 2(a)(1) of the 1933 Act and section 3(a)(10) of the 1934 Act.122 Just because an investment is labeled “stock” doesn’t necessarily mean that it fits the definition of a “security” for purpose of 117. See Huddleston v. Herman & MacLean, 640 ˇ.2d 534, 543 (5th Cir. 1981), rev’d on other grounds, 459 U.S. 375 (1983). 109. Laura S. Unger, Speech by SEC Commissioner: Investing in the Internet Age: What You Should Know and What Your Computer May Not Tell You…Remarks Before the Association of Retired Persons National Legislative Council Annual Meeting, Washington, DC (ˇeb. 3, 2000) (on file with author). 110. Id. 113. (Continued from previous column) ritorial Reach of the United States Securities Laws Towards Initial Public Offerings Conducted Over the Internet, 13 St. John’s J. Legal Comment. 343 (1998); Christine T. Jarmer, International Internet Securities Fraud and SEC Enforcement Efforts: An Update, 73 Tul. L. Rev. 2121. (1999); and Henrique de Azevedo ˇerreira ˇranca, Legal Aspects of Internet Securities Transactions, 5 B.U.J. Sci. & Tech. L. 4 (1999). 111. Id. 114. Paredes, supra note 113. 112. Id. 115. SEC Office of Investor Education and Advocacy, A Guide for Seniors: Protect Yourself Against Investment ˇraud, at 9 (2009), available at http://www.sec.gov/investor/seniors/ seniorsguide.pdf. See also Internet ˇraud (ˇeb. 1, 2011), http://www.sec.gov/investor/pubs/cyberfraud.htm. 113. Troy A. Paredes, Speech by SEC Commissioner: Remarks Before the CyberSecurities ˇraud ˇorum (Sept. 23, 2008) (press release, available at http://www.sec.gov/news/speech/2008/ spch092308tar.htm.); see also: Paul Hamilton, The Extrater(Continued in next column) 116. 7 CˇR § 240.10b-5 (1999). 118. Ewing, supra note 104. 119. See generally SEC Litigation Release No. 22018 (June 30, 2011), available at http://www.sec.gov/litigation/litreleases/ 2011/lr22018.htm. 120. See SEC Litigation Release No. 22072, Attorney Barred ˇrom ˇuture Penny Stock Offerings (Aug. 25, 2011), available at http://www.sec.gov/litigation/litreleases/2011/lr22072.htm. 121. SEC, Special Study: On-Line Brokerage: Keeping Apace of Cyberspace (Nov. 22, 1999), available at http://www.sec.gov/ news/studies/cyberspace.htm. 122. 1933 Act § 2(a)(1), 15 U.S.C. § 77b(a)(1); 1934 Act § 3(a)(10), 15 U.S.C. § 78c(a)(10); see also Neil D. Schwartz, Wall Street? Where We’re Going We Don’t Need Wall Street: Do Securities Regulators Stand a Chance in Cyberspace?, 8 J. Transnat’l L. & Pol’y 79 (1998). QUARTERLY REPORT the 1933 and 1934 Acts. ˇor example, the United States Supreme Court found that the shares of stock in Forman123 constituted neither an “investment contract” as defined under Howey124 nor the required attributes of ordinary stock. The traditional Howey test for an investment contract (and therefore a “security) under section 2(a)(1) of the 1933 Act is: (1) an investment of money; (2) in a “common enterprise”; (3) with an expectation that profits will be derived “solely” through the efforts of others.125 In 1985, the Supreme Court adopted a “plain meaning” approach to the statutory definition of a “security” by holding that “stock” necessarily falls within the 1933 Act’s coverage if it possesses the following traditional characteristics: • the right to receive dividends contingent upon an apportionment of profits; • negotiability; • the ability to be pledged or hypothecated; • the conferring of voting rights in proportion to the number of shares owned; and • the capacity to appreciate in value.126 SEC Commissioner Troy A. Paredes has noted that, in the Howey case, the Supreme Court “referenced the ‘countless and variable schemes devised by those who seek the use of the money of others.’”127 Accordingly, he commented that enforcement must be as resourceful, as “fraudsters [who] search for new ways to take people’s money….[T]hat the SEC even has an Office of Internet Enforcement illustrates how federal securities regulation is able to adapt to new market and technological developments.” 128 C. International and Joint Domestic Cooperation Cooperation among civil and criminal authorities both in the United States and worldwide is required if the SEC is to effectively make progress in combating Internet securities fraud. Particularly during the sub-prime global economic crisis of 2007 – 2009, SEC cooperation between and among the self-regulatory organizations, such as the ˇinancial Industry Regulatory Authority, Inc. (ˇINRA) and the various stock exchanges was of paramount importance. ˇormer SEC Commissioner Paredes reported that: The SEC announced a proposed agreement among ˇINRA and several stock exchanges. The agreement is designed to improve the surveillance and detection of insider trading. In particular, for the equities markets, the arrangement is designed to centralize surveillance, investigation, and enforcement under NYSE Regulation, Inc. and ˇINRA. This compares to present practice, where each stock exchange bears responsibility for surveillance of its market and for the investigations and enforcement actions involving its own members. An intention of the plan is to focus expertise and to close gaps and avoid duplication in insider trading surveillance.129 In the Dresser case, the D.C. Circuit acknowledged that: “[e]ffective enforcement of the securities laws requires that the SEC and Justice be able to investigate 277 possible violations simultaneously.”130 However, as noted recently by Commissioner Paredes, “cooperation is subject to the limits of the law and due process. The rights of the accused must be respected.”131 In United States v. Stringer,132 the United States Court of Appeals for the Ninth Circuit helped to define the framework for the appropriate level of cooperation between criminal authorities and the SEC. As the Ninth Circuit explained: “There is nothing improper about the government undertaking simultaneous criminal and civil investigations,” provided there is no “deceit or affirmative misrepresentation.”133 A government official must not “affirmatively mislead” the subject of parallel civil and criminal investigations “into believing that the investigation is exclusively civil in nature and will not lead to criminal charges.”134 The first international intrusion case was brought by the SEC in December 2006. In SEC v. Grand Logistic, S.A.,135 the SEC successfully litigated against a Russian citizen’s stock manipulation scheme. The freeze of the manipulation proceeds required extensive cooperation between the Philadelphia Regional Office of the SEC, the U.S. Department of Justice, and Estonian officials, since the illegal funds were deposited in an Estonian bank. “The Estonian officials provided invaluable assistance not only with service of process, but also with developing the facts necessary to show that the defendant’s “business” was nothing more than a mail drop,” observed SEC Commissioner Troy A. Paredes.136 130. SEC v. Dresser Industries, Inc., 628 ˇ.2d 1368, 1377 (D.C. Cir. 1980). 131. Paredes, supra note 113. 132. Id. (citing United States v. Stringer, 535 ˇ.3d 929 (9th Cir. 2008)). 123. United Housing ˇoundation, Inc. v. ˇorman, 421 U.S. 837 at 847 (1975). 124. SEC v. W.J. Howey Co., 328 U.S. 293 (1946). 128. Id. 125. Id. 129. Id. citing SEC Release 2008-174 (Aug. 13, 2008), available at http://www.sec.gov/news/press/2008/2008-174.htm, See also Mark A. Gillett, Obrea O. Poindexter, Veronica McGregor, & Martin Villongco, Developments in Cyberbanking, 69 Bus. L. 1321 (2004) (discussion of delivering financial services and information over the Internet by financial institutions). 126. See Landreth Timber Co. v. Landreth, 471 U.S. at 690 (1985). 127. Paredes, supra note 113. 133. Id. at 933. 134. Id. 135. Id. (citing SEC Litigation Release No. 19949 (Dec. 19, 2006), available at http://www.sec.gov/litigation/litreleases/2006/ lr19949.htm). 136. Id. 278 QUARTERLY REPORT SEC v. Marimuthu 137 involved a fraud against investors of hundreds of thousands of dollars by three hackers in India.138 Led by the SEC’s Office of Internet Enforcement, “the action was brought with the assistance of the NASD and a half dozen domestic stock exchanges, [and] was filed in conjunction with a parallel criminal probe involving several ˇBI offices, the U.S. Attorney’s Office for the District of Nebraska, and the Justice Department’s Computer Crimes Section,” said Commissioner Paredes.139 As of September 23, 2008, SEC Commissioner Paredes reported that “one of the defendants received a two-year prison sentence and faces $360,000 in restitution, while another sits in a foreign jail awaiting extradition by authorities in Hong Kong… [and] I am confident that the third defendant will be brought to justice too.”140 D. The SEC on Risk Because of the subprime mortgage and global financial crisis of 2007 – 2009, new regulations focusing on corporate risk oversight (e.g., in the Dodd-ˇrank Act) moved forward on multiple fronts, from Congress to the SEC. In particular, Information Technology (IT) and cybersecurity risk continue to gain prominence as a perceived major threat to all business entities.141 New SEC enhanced risk-disclosure rules went into effect on ˇebruary 28, 2010, amending Item 407 of Regulation S-K to require disclosure about the board’s role in a company’s risk oversight process and its leadership structure. 142 According to the SEC’s final rule release, the new disclosure rules require “companies…to describe how the board administers its risk oversight function, such as through the whole board, or through a separate risk committee or the audit committee, for example.” 143 Disclosures should include “whether the individuals who supervise the day-to-day risk management responsibilities report directly to the board as a whole or to a board committee or how the board or committee otherwise receives information from such individuals.”144 Trautman and Altenbaumer-Price report that an earlier proposed version of the new rules included a requirement for “information about a director’s or nominees risk assessment skills.”145 Based on public comments, the SEC decided to remove this particular requirement from the final rules -- which state: “[I]f particular skills, such as risk assessment or financial reporting expertise, were part of the specific experience, qualifications, attributes or skills that led the board or proponent 142. (Continued from previous column) Corporate Governance (Dec. 19, 2009), available at https: //www.sec.gov/news/press/2009/2009-268.htm. The text of the new rule reads: (h) 137. See SEC Litigation Release No. 20711, Offshore Hacker Receives Two Year Sentence ˇor His Role In Scheme to Intrude Into Online Accounts and Manipulate Market (Sept. 9, 2008), available at http://www.sec.gov/litigation/litreleases/ 2008/lr20711.htm. 138. Paredes, supra note 113 (citing SEC Litigation Release No. 20711 (Sept. 9, 2008), available at http://www.sec.gov/ litigation/litreleases/2008/lr20711.htm). 139. Id. 140. Id. 141. See generally Trautman & Altenbaumer-Price, supra note 3. 142. Id. at 317, citing Press Release, SEC No. 2009-268, SEC Approves Enhanced Disclosure About Risk, Compensation and (Continued in next column) Board leadership structure and role in risk oversight. Briefly describe the leadership structure of the registrant’s board, such as whether the same person serves as both principal executive officer and chairman of the board, or whether two individuals serve in those positions, and, in the case of a registrant that is an investment company, whether the chairman of the board is an “interested person” of the registrant as defined in section 2(a)(19) of the Investment Company Act (15 U.S.C. 80a-2(a)(19)). If one person serves as both principal executive officer and chairman of the board, or if the chairman of the board of a registrant that is an investment company is an “interested person” of the registrant, disclose whether the registrant has a lead independent director and what specific role the lead independent director plays in the leadership of the board. This disclosure should indicate why the registrant has determined that its leadership structure is appropriate given the specific characteristics or circumstances of the registrant. In addition, disclose the extent of the board’s role in the risk oversight of the registrant, such as how the board administers its oversight function, and the effect that this has on the board’s leadership structure. SEC Proxy Disclosure Enhancements, 17 CˇR §§ 229, 239, 240, 249 & 274 (2009), available at http://sec.gov/rules/final/ 2009/33-9089.pdf. to conclude that the person should serve as a director, this should be disclosed.”146 E. Cyber Risk In response to increased cyber attacks, the SEC Division of Corporation ˇinance provided guidance regarding the disclosure obligations relating to cybersecurity risks and cyber incidents.147 Effective as of 2012, the guidance does not create any new SEC rules and regulations, but provides guidance regarding how cyber risks should be disclosed within the context of traditional disclosure categories.148 The SEC is sensitive to the risks inherent with providing too much detail about identified risks or attacks, stating in the guidance that “federal securities laws do not require disclosure that itself would compromise an [issuer’s] cybersecurity.” 149 “Instead,” the guidance advises that companies “should provide sufficient disclosure to allow investors to appreciate the nature of risks faced by the particular” company.150 The guidance recognizes that companies suffering cyber attacks are likely to incur “substantial costs and…other negative consequences,” and lists costs that many need to be reported, such as remediating stolen data or repairing system damage, providing customer incentives designed to retain business after an attack, increased cybersecurity costs, lost revenues, litigation, and reputational damage affecting customer or investor confidence. 151 The guidance also discusses the appropriate locations for necessary disclosure language. ˇor example, cybersecurity risks should be addressed in the “Management’s Discussion and Analysis of ˇinancial Condition” portion of reports 146. Id. 147. Trautman & Altenbaumer-Price, supra note 3 at 318, citing SEC Cˇ Disclosure Guidance: Topic Number 2: Cybersecurity (Oct. 13, 2011), available at http://www.sec.gov/divisions/ corpfin/guidance/cfguidance-topic2.htm [the guidance]. 143. Id., citing SEC Proxy Disclosure Enhancements, 17 CˇR 229, 239, 240, 249 & 274 (2009), available at http://sec.gov/rules/ final/2009/33-9089.pdf. 148. Id. 144. Id. 150. Id. 145. Id. 151. Id. 149. Id. QUARTERLY REPORT if known incidents or risks are likely to have a material impact on the company’s operations, liquidity, or financial condition -- whether or not a cyber attack causes an increase in cybersecurity costs.152 Any cyber risks that rise to the level of being a consideration among the factors that make an investment speculative or risky should be disclosed in the Risk ˇactors section of public reports.153 The guidance states that prior cyber incidents should be reported and that their frequency and severity need to be detailed. In addition, appropriate disclosures “may include” discussion of aspects of the company’s business that give rise to cybersecurity issues, as well as outsourced functions that may give rise to cybersecurity risks and how those risks are managed. 154 Material litigation involving cyber incidents, such as lawsuits over stolen customer data, should be reported in the Legal Proceedings section of public filings. Those cyber incidents that materially affect a company’s products, services, competitive conditions, or relationships with customers and suppliers should be disclosed in the Description of Business section of public reports.155 Trautman and Altenbaumer-Price observe that “while the risks related to cybersecurity have been increasing for some time, the SEC’s guidance only creates more obligations and risks by creating a basis for nondisclosure failures and the related litigation and regulatory risk that comes with such failures.”156 F. Liability for Internet Conduct The SEC has brought numerous enforcement actions based on Internet conduct. ˇor example, on June 8, 2011, the SEC “announced a settlement with two advertising executives who launched a campaign to buy a beer company through a solicitation of investors on ˇacebook and Twitter without first registering with securities regulators and making the necessary disclosures.”157 Accordingly, “under federal securities laws, the two men were required to register their offering before seeking to sell shares to the public. The registration requirements include publicly disclosing a company’s financial condition and other information that could help investors determine whether to invest.”158 The SEC’s order determined that the two individuals involved: in...
Purchase answer to see full attachment