The SEC Division of Corporation Finance provided guidance to on issuers' disclosure obligations as to intellectual property and technology risks related to international business operations.
According to the Division, companies should expand their understanding of disclosure requirements to include risks resulting from compromised or stolen (i) data, (ii) technology, and (iii) intellectual property. The Division noted that although there is no "specific line-item requirement under the federal securities law," the agency still expects companies to make appropriate disclosure of these emerging risks.
The Division outlined potential risks for companies to monitor, including:
- cyber-attacks on computer systems;
- physical theft by means of corporate espionage; and
- reserve engineering of products or components.
The Division advised companies to:
- disclose the risk if material to investment and voting decisions;
- provide disclosures that help investors assess the risks "through the eyes of management";
- align the disclosures to the company's unique facts and circumstances;
- remember that a hypothetical disclosure of potential risk is not sufficient if the issuer's technology, data or intellectual property is or was previously compromised, stolen or illicitly accessed; and
- continue monitoring "this evolving area of risk."