SEC Focus for 2019

The SEC today released their list of matters which they will be most focused upon in the coming year.

Matters relating to advisers are these: protection of retail investors, including seniors and those saving for retirement.  Clarity of disclosure of fees and expenses, supervision of representatives selling product, and brokers holding customer assets are specifically listed.  The focus on protecting seniors is not surprising, as many of the abuses noted in SEC actions this current year have involved duping retirees and near-retirees.

The SEC also says they will focus on cybersecurity (now so prevalent that it is expressed as a single word), particularly “proper configuration of network storage devices, information security governance, and policies and procedures related to retail trading information security.”

There is also focus on matters affecting the markets generally, monitoring market infrastructure, FINRA and money laundering.  Nothing directly related to reporting requirements for registered companies, something of a surprise.

 

Virtual Money and the SEC

It has been a while since my last post but end of year is pretty busy for attorneys.  I have been collecting items about which I want to share my views, however, and this is the first of a brief series of posts which caught my attention as matters of general interest.

Everyone reads almost daily that the SEC has shut down some virtual currency deal as involving the illegal sale of unregistered securities.  Yet Bitcoin and Ether are still around, which means they are not perceived to involve a security.  Why is that?  Both use block-chain and are distributed ledgers.  Both contemplate so-called smart contracts.  Both purport to be a currency but are highly volatile.

Let us go back to the seminal Supreme Court case defining a security, Howey, in the mid-40s.  A security is an investment utilized to finance an enterprise of some sort wherein the investor expects to make a profit from the efforts of others.  The ’33 Act has specific  examples, including stocks and notes, but Howey found a security existed in a management contract to run orange groves that the investor purchased.  (Another side-light: although the Act declares that notes are securities, court cases have decided that some notes are commercial instruments and not investments intended to be covered, for example the note you sign when you take out a house mortgage.)

Applying the common sense approach of what an investment actually is, in June the head of the SEC’s Division of Corporate Finance suggested that Ether fulfills a commercial function. There is no central “issuer” who takes the money and promises a return.  Control is decentralized.  Ether is a method of payment.

Enter the Commodity Futures Trading Commission, addressing futures contracts and options on Bitcoin and Ether.  This month the CFTC, in an effort better to understand Ether, posed the following questions:

How is ether being used?  How many transactions before we can be sure that transactions do not end up on an invalid block?  How do we know Ether can support smart contracts?  When will Ether move from  a “proof of work” standard where miners are rewarded for processing transactions to a “proof of stake” where control falls to users of the system as currency, or for contracting, or as an open ledger?  How is the network governed (is it liable to splinter apart due to disagreements)? Will there be negative impact if there is a derivative market for Ether?  What is status of cyber security?

Interestingly, the SEC is of the view that digital currency that once was marketing generally or to the public with speculative aspects might have been a security at the time but, by substantive use in real transactions, may morph out of being a security.  Implicit in this observation is the likely result that the SEC is not going backwards to punish what might once have been a violation; indeed, whom would they be punishing at this point?

 

 

Care and Feeding of Millennials

In dealing with Millennial employees, it seems that some of the old rules of compensation are not effective.  In a recent breakfast meeting of the New England Chapter of the National Association of Corporate Directors, directors serving on corporate compensation committees discussed the need to educate management on the care and feeding of young, mobile millennial employees.

Millennial employees are not “career-oriented” in the sense that they do not see themselves as lifetime or long term employees of the place in which they happen to be working.  This fact challenges fundamental corporate thinking about compensation: that we should reward employees with stock options or other incentives which will become valuable over a period of time if the enterprise in fact achieves its business goals.  Such thinking may well be appropriate for senior executives in charge of navigating the business to the promised land, but doesn’t particularly work for millennials who do not affirmatively expect to be around for ultimate corporate success.

How about paying top dollar?  Well, there is an immediate problem in some markets (think biotech in Cambridge) because the competition for talent is so intense that the cost of labor naturally escalates.  However, there is a range.  Is it desirable to pay at the top of the range?  The expert panel thought that being somewhere in the middle was a better economic strategy, as it would leave enough money on the table in order to provide millennials what they really want.

So here is a list of those things recommended for the attraction and retention of mobile millennials:

Robust paternal and maternal leave

  • Robust parental leave and other Work/Life balance accommodations
  • Obtain feedback on how meaningful the job feels (one company does this every two weeks!)
  • Learning programs for all employees
  • 360⁰ ratings of coworkers and bosses twice a year
  • 100% commitment to philanthropy
  • 100% commitment to corporate citizenship
  • Requirement of volunteerism
  • Celebrate all minorities, but do not limit activities just to the members of that group
  • Be specific about volunteer opportunities for schools, civic organizations
  • A clean workplace with plants, chairs, attention to ergonomics
  • Make the millennials’ lives easier: food onsite, concierge services, how can you help the millennial inside and beyond the office?

I have considered returning to earth as a millennial.  Meanwhile, I leave you with a question for corporate directors: does your Board monitor your Company’s strategic plan as it relates to Human Resources?

 

Tesla Pleads its Case

Regulation D, as I fully expect most readers know, is the typical (though not exclusive) way to raise business capital without SEC registration; it permits issuers to sell securities to wealthy investors with minimal formal disclosure requirements.  But lurking in Reg D is a “bad boy” disqualification for companies and people who do bad things.

Recently Tesla and Elon Musk pleaded to a $20M fine (each) for Elon’s loose talk about having lined up financing to go private.  Some elements of that settlement, restricting Elon’s actions and his agreement not to “do it again,” seemingly triggered the “bad boy” provisions that would eliminate Tesla’s use of Reg D.  Off to the SEC scurried the Tesla lawyers to ask for a waiver so Tesla could indeed use Reg D for private financing.

The SEC granted the waiver in a No Action Letter dated October 16, on condition that Elon indeed complied in the future with the SEC orders against him; this waiver is not in and of itself extra-ordinary, and indeed SEC regulations contemplate the possibility where there is showing of good cause, but the need for asking the SEC for No Action highlights the wide repercussions of loose talk by executives and board members.

Leaving the interesting question of why Reg D availability is so important to Tesla; assuming they would go to capital markets for financing, one would assume they would be looking for big dollars from big players, as to which other exemptions from registration would be available.  Maybe Musk will tell us some day  — or not.

Boards and Blockchains

 

What do boards have to know about blockchain to discharge their fiduciary obligation to oversee their companies?  On October 16, the National Association of Corporate Directors (New England) presented a program both explaining blockchain technology and addressing the function of boards.

Everyone knows the standard blockchain mantra:  blockchain is a database controlled by no intermediary, visible to all parties, protected by deep encryption, an unchangeable distributed ledger, with multiple copies stored across many servers.

We also have a growing series of “use cases” where the technology is utilized to record changes in stockholdings, process transactions in cryptocurrency, facilitate supply chains, handle proxies, and form a new kind of contract entered into without lawyers which can be automatically performed (computers can tell us when goods are delivered and release payment automatically).

The key  for boards is not to ask only technical questions but, also, questions concerning “governance” over the blockchain itself.  Who controls the algorithms and rules of that particular blockchain?  Since no central source controls the blockchain, but rather all the users are in a way owners of it, who can make changes in the blockchain that could imperil a company?  The panel recommends you ask the questions that directors asked when it was first proposed to place company data in the cloud.  What are the security parameters, what are the protections from people accessing the data, is the data backed up, who are the parties that set up the particular blockchain, what is the governance over that system?  To create trust without a middle man to provide that protective function (for example, when banks transfer money between each other, they trust the Fed system as the middle man), and since most rules changes will be controlled by a majority of users, questions should be asked with respect to the nature of the blockchain itself.

An IBM representative noted there is an IBM founders’ handbook discussing governance of blockchains, setting forth options in order to reach a consensus as to rules changes.

The key to hacking blockchain is your private encryption key, and boards also should determine who has access to that key, and whether multiple people are needed in order to access the blockchain.

Some companies are setting up their own “centers of blockchain excellence,” and boards were admonished not to place control of the company’s relationship with the blockchain in the hands of one single person.  The vulnerability of blockchain technology is not that someone can hack into it, but rather that somebody can steal your private key or access the end proceeds of a transaction once in the hands of the company, and after blockchain has done its work.

The NACD generated materials for attendees of the October 16 session, which suggest a further set of director questions:  how is your particular business likely to be impacted (see Jennifer Wolfe’s recent book Blockchain in the Boardroom), examine what competitors are doing, perhaps make minority investments in early and late stage startups in the space, build up internal employee knowledge, ask how blockchain fits into the company’s broad digital strategy, and decide whether you want to add tech-savvy C-level executives (or directors).

Additionally, it seems to me that directors need to assign blockchain responsibility specifically (is it for the audit committee, the risk committee, an ad hoc committee) and empower that group to gather information, command internal attention and have budget for needed technical advice.

The Red Sox Today

In a best-of-five series, the Sox and NY Yankees are tied one game apiece with two of the next three games played in Yankee Stadium, a park uniquely constructed to allow Yankee players to hit an inordinate number of home runs and thus obtain a “structural advantage.”  Today, Red Sox fans are in agony at the prospect that they will yield to their arch-rivals after winning 108 games (best in the Majors) and beating the Yankees in league standings by eight games.  And it may be that the Yankees, a formidable team with 100 wins itself, will prevail; they ain’t chopped liver and they have a couple of spectacular rookie players to augment their already-robust lineup.

What interests me is the vehemence of the Yankee friends I know.  (I admit this post is based on a tiny sample, in part because I don’t know many Yankee fans, but as to that small cohort my data is 100% accurate.

One “friend” showed up at my Boston office for lunch wearing a Yankee shirt.  I ask you: is this proper business attire anywhere, let alone in downtown Beantown?  Could he be reacting to the broom I gave him earlier in the season when Boston took four straight games from the Yanks?  I think rather it is just the Yankee habit of entitlement.  Having won so many Series in a prior century, they just get this super-aggressive mind-set.  Like the cartoon character of my youth, Crusader Rabbit, they will don their cape and fly through the air and proclaim to one and all that they will surely win, as it is in their DNA (the strands of which have been unfurled into the straight lines of the Pinstripe uniforms no doubt).

Then there is an old friend of mine, now in France, who texted me condolences when the Yanks won the second game.  From France!!  (I didn’t even know you could get the baseball scores over there.) Always slightly off center, this good dear friend, growing up a Yankees fan in Brooklyn during the great rivalries of the ’40s and ’50s, he now lives in (get this) Cincinnati (did I even spell the name of that backwater correctly?) but seems wholly invested in a Yankee victory without regard for the sensibilities of one of his closest friends, here in Boston.  Does he really have a horse in this race?  Well, perhaps the hind end of one.

Which brings me to why I care at all, seeing as how I grew up rooting for a team that no longer exists (you can take the team out of Brooklyn but that surely takes the Brooklyn out of the team), that Boston should beat the Yankees.  I grew up during the true “fan-bonding years” (aged 5-15) as an avid Dodger fan and thus a true Yankee hater.  I suffered through the years that the Yankees beat the Dodgers in the Series (1947, 1949, 1952, 1953) and those years when the Yankees took the Series even when the Dodgers failed to even compete in it.

I was so rabid that I even argued that Duke Snyder was a better center fielder than Mickey Mantle (sure they are both in the Hall, but Mantle in his prime was unbelievable and with all five tools).  (We all missed that the other NY center fielder, Willie Mays, proved in many ways better than both of them.)

So, I have no ill will for my friends the Yankee fans.  They are entitled.  It is only a game, fer Godzake.  I say, just let the better team win.

You know.  The team with 108 regular season victories.

Government in the Board Room

Recent news items: the SEC bars Elon Musk from board chairmanship for three years and fines each of Musk and Tesla $20M; California passes a law requiring public companies headquartered there to have at least one woman director, and in the future multiple women for larger boards.

It has been a long time since internal board governance became “news” but there is much imprecise thinking (to my mind) swirling around these news items.

First, as to Musk, the day his comments hit the news it was clear to SEC lawyers there was an issue.  He was hung out to dry based on established law, nothing new.  Commentary suggests that the fact that the board was static (mostly the same folks serving since the 2010 IPO) constitutes an argument for board renewal.  But any board, even long-serving in a company owned 22% by its founder, needs to institute control of the flow of news; board management 101.  This is the same problem the current Federal administration enjoys.  But in a public company, the SEC is there to enforce the need for accuracy and evidence.

As to California, the idea that you need one woman is in conflict with my understanding of the evidence, which is that one woman does not make much of a difference, you need multiple women to create an atmosphere where woman are active (and then the statistics show that performance improves).  Then also, it may well be that California is constitutionally not able to regulate management of an entity formed in another state (think Delaware for most public companies).  Corporate governance issues are driven by state of formation of an entity, not where it builds its shiny home office building.

The question of women on boards has triggered a broader discussion, however: the intrusion of government into the board room.  Today’s Boston Business Journal argues against Massachusetts following the California lead, even though only 19.2% of board members of the largest Massachusetts companies (public and private) are women.

It is interesting that there is resistance to government sticking their noses into board rooms, since nose-sticking is fundamental to the way in which US corporations operate.  Major examples: the SEC requires public companies to have independent key committees and in most cases an independent board majority; State statutes and courts impose substantial fiduciary duties on boards, sometimes by complex and arcane analysis of whether boards have properly authorized certain action involving risk of majority abuse of minority interests.  So governmental interference with the board room is pervasive, substantial, and well-established.  (I do not suggest disagreement with these “intrusions” but only note they are robust and firmly established.)

Since academic analysis demonstrates the superiority of gender-mixed board management, why the resistance to legislation in the gender/board discussion?  There is something different, as we have recently learned in the Federal setting, about issues perceived as gender-driven.  I do not dare take a dive into the basis for this difference or the appropriate way to address it as to matters of policy, except to say that the issue in the governance area should not be avoided by legislative bodies on the grounds that it constitutes inappropriate governmental impact on board governance; the train of governments messing with boards left the station, and at high speed, a very long time ago.

Cyber in M&A: Controlling Risk

When you are acquiring a company, what sort of steps should you take to limit cyber risk within your target?  What do the big boys do?

Lawyers always will insert warranties, representations and indemnities in acquisition agreements but, on the ground, what should a business do?  This issue was addressed at the September 27 ACG Boston breakfast, where Kevin Neifert, Raytheon’s CIO, described how Raytheon protects itself in its numerous acquisitions.

Statistically, smaller companies (prone to being acquisition targets) are also prone to cyber-attack; 58% of all cyber breaches last year occurred in the category of “small businesses,” according to the industry-valued Verizon Report.

Raytheon has a rigid M&A policy (not an IT policy).  IT gets involved at an early stage and doesn’t wait for the deal to become firm.  Further, Raytheon specifically admonishes its people not to tell an acquisition target that “we will leave you alone.”  In fact, Raytheon acquisitions will be entirely integrated, from a cyber-standpoint as well as an operational standpoint, according to a rigid 18-month policy requirement.  During the acquisition process, Raytheon will undertake a standard security check according to their own internal checklist.  What happens as soon as a deal closes?  Even before the press release, Raytheon descends on the executives of the target because, apparently, hackers believe that the best way to be able to infiltrate the acquirer is through the busy and unsuspecting executive level of the target.

What does cyber integration mean?  If there is any thought that hacking has occurred, key data will be extracted from the target equipment, and installed on Raytheon equipment and the target equipment will be jettisoned.  It means that all personal computers will be replaced.  It means that in-person training is given to all target employees, because most problems arise through email staff not dealing appropriately with email content.

What about the cloud?  It seems that Raytheon, and apparently other larger companies, are getting more and more comfortable in placing everything on the cloud.  Because of the scale of what appears on the cloud, the most robust and updated protections for data security will be constantly applied, and being in the cloud is just going to be safer than what any given single company is likely to be able to achieve.

Are not mobile devices the biggest risk?  The answer for Raytheon is “no” because by “mobile device management” it is possible to wipe clean the contents of cell phones and iPads.  The computers are the problem, and that is why all target computers are discarded upon acquisition.  (When travelling abroad, Raytheon people are given a clean PC with the data they need for their particular trip encrypted on a thumb drive; nothing is connected back to Raytheon.)

Great question from the floor: what are the two biggest vulnerabilities of smaller companies?  Answer: first, employees must be trained not to click through on any links because you cannot be sure who sent them, even if they appear to be internal; and second, take a look at the gear that is utilized within your company because most of it is likely accessed through the original default user name and password; apparently things like routers are given a user name that is “user name” and a password “password” as default settings and these devices need to be updated immediately.

Trends in Life Science

Everyone knows that greater Boston is “what’s happening” in the science and business of life science and biotech.  On September 20, 2018, the Boston Bar Association brought together lawyers and scientists in an effort to educate lawyers as to trends in the science, and for lawyers to share business practices that the science is driving.

A quick summary of some of the high points follows.

Big data is coming, which should be no surprise, but at Mass General the application of machine learning and clinical genomics are being regularly used to provide targeted therapies to cancer treatment.  No longer do doctors look through a microscope to look at cancerous cells.  Rather, originally informed by biomarkers which can be harvested onsite (for example through blood analysis), the General compares these biomarkers through millions of items of data from other tumors.  Machine learning improves accuracy of analysis.  The genes involved in the tumor are located.  Specifically focused treatment follows.

Further, big data is being utilized to test the effect of combining various drugs with disease models to identify possible palliatives.  The effort that used to take place in the laboratory, over a long period of time at great expense, to test the effect of possible treatments now can be jump-started by conducting experiments, using big data, right within the computer.  One company suggested that its automated biology platform could “conduct” more than 100,000 experiments every week in order to identify likely efficacious treatments.

The conference also addressed the business side of bio and life science.  Highlights included: speculation on how best to protect, through patent or trade secret, new modalities of technology; what do you do with the science that permits the printing, by computer, of DNA (did I hear that one correctly?)?  How do you protect the AI/big data set, which is typically subject to a software patent which may well be difficult to defend in litigation?

Finally, prospects for raising capital for bio were explored at some length.  Major takeaways included:

There is a “raging bull market” to finance promising A rounds.  The slowdown in private capital formation seems to be the C round and the D round.  This may have ramifications for who makes these kinds of investments; with very long lead times to bring a product to market, even if successful, investment funds with a fixed term of life may not be the best choice of investor.  Perhaps strategic investors are better.  Also, funds may have a tendency to invest in companies that have benefited from being incubated in incubators in places like Boston, San Francisco, San Diego, etc., in order to shorten the timeline.

Valuations for A rounds and B rounds are creeping up.  This may be one reason why there are problems at the C round and D round level.  Overpricing the early rounds make subsequent rounds difficult.  In 2017 eighty percent of later rounds were “up rounds” while current experience is that up rounds are only at about the seventy percent level.

In terms of financing through public offerings, there were fifty life science IPOs in the first half of 2018 of which eighteen were in biotech.  Sixteen of these offerings came out of California and thirteen out of Massachusetts; the source of others were scattered.  The pipeline seems full for the second half of 2018.

 

Trending Public CEO Issues

Tariffs.  Business Cycles.  Immigration Policy.  Infrastructure.  Cost of Health Care.  These are the issues that were on the minds of senior CEOs convened for a Boston breakfast meeting on September 20, 2018 by the National Association of Corporate Directors-New England Chapter.

Most interesting was the broad philosophical view of CEO participants to the open question:  what are you worried about?  Thoughtful, policy-oriented responses over broad areas were voiced by Jeff Leiden (CEO of Vertex), Roger Crandall (CEO of MassMutual) and Sheila Marcelo (CEO of Care.com, a public company dedicated to providing home care).

No one liked tariffs.  The concern was that over the long run they would increase the cost of goods sold to the U.S. consumer and, in the near term, cost jobs.  Further, interference with complex supply chains, worked out over long periods of time, would materially disrupt efficiency of American businesses.  Not a good word could be found in favor of the current tariff regime undertaken by the administration.

Next, on the tenth anniversary of the Lehman collapse, did these business leaders foresee the continued bull market?  That depends on how you read their tea leaves.  There are lots of risks out there (some of them are set forth in other sections of this post).  The world is cyclical and the cycle must cut in at some time.  We have been at strong growth for a very long time.  The economy may be strong but history tells us that readjustments will come.  Isn’t it anomalous that interest rates are not higher?  What about the risk of the strengthening U.S. dollar; other countries have borrowed huge sums denominated in dollars, and as their currencies deteriorate they are going to have failures in repayment.  In the words of one: “the party has gone on too long.”  Further, a widening gulf, between those people benefiting from the innovation economy and those people suffering a widening wealth gulf because they do not participate, is increasing in the United States, leading us to look much like Europe (which was described as “flat” in terms of entrepreneurship and invention).  Not good signs for the future.

Immigration:  We need it to provide low-end support for critical industries such as home care.  We need it because we need more people as our population ages.  We need it because we are shipping back to our competitor countries the innovators we are assiduously training.  By the way, we are also wasting the lives of an overly numerous cadre of incarcerated people, who according to our system are rendered substantially unemployable and un-promotable.

It is not news to learn that the lack of support for infrastructure was roundly decried.  Broadband 5G will develop very slowly outside of urban centers.  Roads and bridges are a mess.  Traffic is terrible.  Education is the key to many things in the future, and it is being short-shrifted.  “Our social policy is not congruent with our economy.”

Finally, cost of healthcare.  Healthcare really is not that expensive in absolute terms given the lives that are being saved and the quality of life being generated.  But in absolute dollars, it is increasing substantially and adds to societal burdens.  The focus of proposed government intervention is wrongminded.  The governmental attack mostly is on the cost of pharmaceuticals.  Pharmaceuticals only constitute 10% to 12% of our healthcare costs, and with a profit margin of 2.3%, which is below the inflation rate, if you were to cause drugs to be distributed within the society at bare cost, with no profit whatsoever (which would squelch innovation), you would only reduce healthcare costs minimally.  The areas that should be attacked: the systemic misuse of emergency room services by people without adequate access to far less expensive healthcare through distributed healthcare vendors now available in much of the economy; addressing long-term care costs for Alzheimer patients (the Vertex CEO seemed to allege that by the year 2050, the long-term care costs of Alzheimer patients will not only bankrupt the healthcare system but also will exceed the gross domestic product of the entire country); support for innovation which will allow the diagnosis of medical conditions from remote locations, including online from the home.

Overall, a unifying theme was the awareness of these CEOs that the future of their companies is entwined with the health of the economic, political and social fabric within which they function.