Private companies granting share-based compensation to their employees often will rely on Rule 701 under the Securities Act of 1933 (the “Securities Act”), particularly if the employees being granted options or restricted stock units (or other forms of compensation that otherwise would implicate the registration requirements of Section 5 of the Securities Act) do not qualify as “accredited investors.” Rule 701(e) requires an issuer to deliver, a reasonable period prior to the date of sale, financial statements, among other things, to all employees in the United States to whom the issuer sells securities in reliance on Rule 701 if the issuer sells securities in excess of $5 million in a 12-month period under Rule 701. For private companies, this delivery requirement can raise concerns that their financial information may become widely disseminated (or at least obtainable by competitors). On November 6, the SEC Staff published a Compliance & Disclosure Interpretation (C&DI 271.25) setting forth additional guidance that can mitigate the effect of the delivery requirement.
A private company may have any number of reasons why it does not want financial information to be widely disseminated, and until it undertakes its initial public offering or otherwise accesses the capital markets (for example, through an offering of high yield bonds) it should be able to maintain the confidentiality of its financial statements. However, with companies staying private longer, and with valuations increasing in certain sectors, a private company may find that it triggers information delivery obligations under Rule 701(e).
The SEC has recognized competitive and other concerns that issuers may have in providing financial information to employees that is not otherwise publicly available. In addressing these concerns, the SEC noted in 1999 (when it amended Rule 701 to lift a $5 million cap on Rule 701 issuances but imposed the disclosure requirement as the price for doing so) that “[i]n view of the substantial amounts of securities that may now be issued under Rule 701, we believe that a minimal level of disclosure consisting of risk factors and Regulation A unaudited financial statements is essential to meet even the lower level of information needed to inform compensatory-type investors such as employees and consultants.” The SEC also noted that “[p]rivate issuers can use certain mechanisms, such as confidentiality agreements, to protect competitive information. Alternatively, an issuer could elect to stay below the $5 million threshold to avoid these disclosure obligations.”
Mechanisms that issuers typically use to maintain confidentiality of the financial information provided pursuant to Rule 701(e) include confidentiality provisions to which the employees are subject and password-protected websites to provide access to employees. The evolution of technology, together with the heightened concerns about risks to competitive positions posed by “leaks” of financial information, has focused greater attention on mechanisms to better ensure that financial information in fact remains confidential. These mechanisms, while borrowing from SEC views on “access equals delivery” concepts, nonetheless must remain within the scope of what the SEC would consider as adequate “delivery” for Rule 701(e) purposes.
Simply put, widely available technology embedded in smartphones – namely digital cameras – means that financial information made available online can be easily be republished. This then calls into question reliance on data room-style safeguards and has prompted some to consider low-tech solutions, such as making financial statements available in dedicated, monitored physical locations. C&DI 271.25 confirms that issuers may rely on additional safeguards in circumstances that follow the spirit of the guidance and still fit within Rule 701(e).
C&DI 271.25 reads as follows:
Question: To protect against the unauthorized disclosure of Rule 701(e) information, may companies that are using electronic delivery to satisfy Rule 701(e) disclosure requirements implement safeguards with respect to electronic access to Rule 701(e) information?
Answer: We understand that some companies satisfying their Rule 701(e) delivery obligations electronically have concerns about the potential disclosure of sensitive company information. Standard electronic safeguards, such as user-specific login requirements and related measures, are permissible. The use of a particular electronic disclosure medium either alone or in combination with other safeguards, such as the use of dedicated physical disclosure rooms that house the medium used to convey the information required to be disclosed, should not be so burdensome that intended recipients cannot effectively access the required disclosures. For example, we would expect that physical disclosure rooms would be accessible during ordinary business hours upon reasonable notice. Once access to the required information has been granted, however, the medium used to communicate the required disclosure should provide the opportunity to retain the information or have ongoing access substantially equivalent to personal retention.
Issuers making financial statements available in view-only mode in dedicated physical locations must ensure that the dedicated site is easily accessible. This may not be the case, for example, if employees are working remotely or if the dedicated site is at corporate headquarters and the relevant employees are working at other locations. Effective access also means that the site should be accessible during normal business hours, and employees would need to be provided with sufficient advance notice that the financial statements are available. Since the issuer would not be sending copies of the financial statements directly to employees, grants could be conditioned on employees viewing the financial statements at least once prior to the relevant date of sale. Employees should be able to have additional access to those financial statements, though within limits designed to maintain the confidential nature of the information.
C&DI 271.25 provides helpful confirmation that issuers may satisfy the delivery requirement under Rule 701 by making information available in monitored premises with safeguards against unauthorized copying or dissemination, provided that access is provided on a convenient and ongoing basis. It also evidences a willingness on the part of the SEC Staff to consider pragmatic approaches to securities law requirements that pre-date significant technological shifts in the way information is handled and transmitted.