On December 4, 2012, the Staff of the Division of Corporation Finance of the Securities and Exchange Commission (the “SEC”) published Compliance and Disclosure Interpretations (“Iran Disclosure Guidance”) on the new disclosure obligations imposed on reporting issuers by Section 219 of the recently enacted Iran Threat Reduction and Syria Human Rights Act of 2012 (“ITRSHRA”).1 While the Iran Disclosure Guidance, which is the first issued by the SEC on the new disclosure obligations, mainly clarifies technical ambiguities, important questions remain unanswered and issuers face compliance challenges as the effective date of the new disclosure obligations approaches.2
Disclosure Obligations Regarding Iran
While ITRSHRA principally served to significantly expand U.S. economic sanctions against persons who deal with Iran,3 it also imposed new obligations on issuers that are required to file annual or quarterly reports with the SEC to disclose certain activities associated with Iran and mandated procedures for a determination by U.S. authorities as to whether sanctions should be imposed stemming from the disclosed activities.
In particular, ITRSHRA Section 219 amended Section 13 of the Securities Exchange Act of 1934 (the “Exchange Act”) by adding subsection (r), which, among other provisions, requires an issuer that is required to file an annual or quarterly report with the SEC pursuant to Section 13(a) under the Exchange Act (i.e., all issuers that have registered a security pursuant to Exchange Act Section 12)4 to disclose in that report certain information about activities it or any of its affiliates engaged in during the period covered by the report that are associated with Iran. The new disclosure obligations apply to, and must be included in, any annual or quarterly report that is required to be filed with the SEC after February 6, 2013. For many reporting companies with calendar year ends, the disclosure obligations will first apply to their Annual Report on Form 10-K, Form 20-F or Form 40-F, as applicable, for the fiscal year ending December 31, 2012. These requirements are intended largely to compel the disclosure of Iran-related activities that could trigger sanctions against the disclosing party or its affiliates, both under ITRSHRA itself and related U.S. sanctions laws.
Summary of the Iran Disclosure Guidance
The Iran Disclosure Guidance, which is in the form of seven questions and answers, provides the following interpretations and clarifications:
- Reports required to be filed after February 6, 2013. The Staff interpreted the reference in ITRSHRA to “reports required to be filed” to include any periodic report with a due date after February 6, 2013 and, accordingly, the requirement to disclose is unrelated to the actual filing date. For example, an issuer with a calendar year end filing its 2012 Annual Report on Form 10- K early, on February 1, 2012, would be required to disclose any Iran-related activities covered by Section 13(r) of the Exchange Act.
- Iran-related activities conducted prior to August 10, 2012. The Staff clarified that issuers are required to disclose any Iran-related activities that occurred during the period covered by the report, even if those activities predated the August 10, 2012 enactment of ITRSHRA. For example, an issuer with a calendar year end filing its 2012 Annual Report on Form 10-K would be required to disclose Iran-related activities conducted between January 1, 2012 and December 31, 2012.
- Clarification of the term “affiliate.” The new disclosure requirements apply to Iran-related activities engaged in or conducted by an issuer “or any affiliate of the issuer.” The Staff clarified that the term “affiliate” used in Exchange Act Section 13(r) is as defined in Exchange Act Rule 12b-2 and means a person that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the issuer.
- Negative reporting not required. The Staff clarified that disclosure is only required if the issuer or any of its affiliates has actually engaged in any Iran-related activities during the period covered by the report and a negative statement to the contrary is not required.
- No exception for activities authorized by a foreign governmental authority. The Staff clarified that the exception contained in Exchange Act Section 13(r)(1)(D)(iii)—permitting issuers to omit disclosure of certain specified activities conducted with the Government of Iran if they were specifically authorized by a federal department or agency—only applies to specific authorizations granted by a U.S. federal department or agency. However, the Staff indicated that issuers could supplement the disclosures required by Exchange Act Section 13(r)(2) with additional information about specific authorizations to engage in activities by a foreign governmental authority to provide appropriate context for the disclosure.
- General licenses issued by OFAC constitute “specific authorization of a Federal department or agency.” The U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”), which is the principal U.S. federal agency that administers and enforces U.S. economic sanctions, issues “general licenses” from time to time that provide blanket authorization for certain narrowly circumscribed activities related to Iran. The Staff clarified that both general licenses, which do not require a specific written authorization issued to a particular person or entity in response to a written application, and specific licenses constitute “specific authorization of a Federal department or agency” and satisfy the exception as long as all conditions of any such license are strictly observed.
- Iran-related disclosures will be made public. The Staff clarified that all periodic reports filed with the SEC are made public automatically upon filing through EDGAR, including any Iran-related disclosures contained in any periodic report. This is in addition to the provisions of Exchange Act Section 13(r) that require (i) the issuer to provide the same information to the SEC in a separate notice concurrently filed with the applicable annual or quarterly report and (ii) the SEC to publicly post this notice on its website.
Questions Remain and Compliance Challenges Emerge
The Iran Disclosure Guidance provides helpful clarity regarding the specific issues described above. However, many interpretive questions remain unanswered. For example, the Staff did not provide guidance in these interpretations on the information required to be disclosed pursuant to Section 13(r)(2) of the Exchange Act, which calls for the issuer to provide a “detailed description” of specified activities, including their “nature and extent.” Furthermore, Section 13(r)(1) of the Exchange Act identifies the specified activities that trigger the disclosure requirements by cross-referencing various U.S. sanctions laws, regulations and executive orders. Even as described in the cross-referenced statutes, regulations and executive orders, several of the specified activities that could trigger the disclosure requirements are based on arguably subjective U.S. foreign policy criteria, such as whether they could directly and significantly contribute to the enhancement of various sectors of the Iranian economy (most notably, the energy sector). We expect that the SEC will decline to provide guidance on such substantive interpretive issues, which are likely to be deemed to be within the province of OFAC, the U.S. State Department, and/or other U.S. government agencies.
Making an informed determination as to whether a particular activity involving Iran could fall within the scope of the activities required to be disclosed may, consequently, require the support of expert legal advisers familiar both with U.S. securities laws and U.S. economic sanctions laws. In addition, questions regarding the substantive criteria for what is required to be disclosed may require consultation with OFAC and other agencies of the U.S. government to avoid reaching an incorrect self-determination.
Practical Suggestions for Compliance
As we discussed in a prior Client Memorandum5 that summarized these new disclosure requirements, issuers should consider implementing some or all of the following procedures and practices to prepare for them:
- Organizational Assessment. We recommend that issuers conduct an appropriate organization-wide analysis to determine whether the issuer or any of its affiliates has engaged in any of the activities described above, thus triggering one or more of the disclosure obligations under new Section 13(r) of the Exchange Act.
- Update and Refine Internal Controls. We recommend that issuers update and refine internal disclosure controls and compliance procedures to reflect the disclosure requirements and establish new internal protocols and checks to monitor all new business dealings that the issuer or any of its affiliates may engage in, so that any activities that may be required to be disclosed are prevented or surfaced promptly. These additional safeguards may include enhanced screening procedures to identify and preclude unauthorized dealings with sanctioned persons appearing on the U.S. Treasury Department's Specially Designated Nationals and Blocked Persons List.
- Extend Compliance Practices to the Edges of the Business. We recommend that issuers systematically extend all updated compliance protocols to affiliates of the issuer.
- Update and Refine Training Protocols. Train relevant compliance and operations personnel, especially those in foreign jurisdictions, on the disclosure requirements.
- Assess the Disclosure Impacts of Corporate Transactions. We recommend that issuers make sure due diligence procedures implemented in connection with corporate transactions, such as M&A activities and joint ventures, effectively identify and elevate to the appropriate personnel within the organization any of the activities described above that a target business, joint venture partner or other third party may have engaged in.
- Consult Prior Public Correspondence of the SEC’s Office of Global Security Risk. In the absence of additional guidance, we recommend that issuers consult prior public company disclosures made in connection with reviews undertaken by the SEC’s Office of Global Security Risk (the “OGSR”) for examples of the style and level of detail that issuers have previously provided concerning activities related to Iran6.
- Other Considerations. To the extent an issuer engages in any activities described above, the issuer should consider, in addition to making the disclosures required by Section 13(r) of the Exchange Act, including disclosure in the form of risk factors or other cautionary disclosure that explains to investors the purpose of the disclosure, the notification process, the mandated regulatory response that will follow and the possible implications of having engaged in the activities (i.e., the imposition of sanctions). Moreover, to the extent that the issuer determines that items required to be disclosed pursuant to Section 219 constitute a substantive violation of law, careful thought needs to be given to the sequencing of disclosures to the SEC and to the substantive regulator, in order to both meet the requirements of Section 219, as well as mitigate underlying enforcement risk.
By using mandatory SEC disclosure requirements to elicit potentially inculpatory information about specified business activities involving Iran, the U.S. government has demonstrated its willingness to force reporting issuers, particularly foreign private issuers whose home jurisdictions do not restrict or prohibit business dealings with Iran, to choose between doing business with Iran or the United States. Companies with activities that could be implicated by these requirements will be presented with significant and potentially complex legal, operational, and financial risks as they strive to comply with the law. And while any clarity on the nature and scope of the Iran disclosure requirements is welcome, the SEC’s Iran Disclosure Guidance merely underscores the challenges presented to multinational public companies that do business with Iran, as well as the need for issuers to modify existing internal controls to ensure compliance with these requirements.