What Counsel in Public Companies want from Outside Counsel

You are in-house general counsel to a public company.  What are your greatest concerns?  How do you feel about your “outside” lawyers?  The November 7th segment of Practicing Law Institute’s annual securities law conference discussed these issues in its morning session in New York. 

What do you expect from outside counsel?  Inside lawyers want somebody to “get in the boat with me” and understand business risks, and not merely outline those risks but also make recommendations they will stand behind, quantifying that risk and explaining what risks cannot be mediated. 

Have the say-on-pay rules changed corporate practice?  The Dodd-Frank Act requires periodic non-binding shareholder votes on whether compensation programs of public companies are acceptable to the shareholders.  Although statistics would suggest that this review is a non-event (only 1% of the Fortune 500 failed such votes), inside counsel see it differently.  Behind the statistics, operational changes have been made in compensation programs and in proxy statements.  Compensation programs now are specifically designed to meet the proxy advisor (ISS and Glass Lewis) mantra: pay must track performance.  The key metric: are C-level executives being compensated based upon their success in obtaining total shareholder return?  General counsel now have the job of orchestrating the proxy statement as the vehicle to explain the business and compensation strategy of the company and set the stage for a favorable “say-on-pay” vote. 

What about the risk of cyber-attacks on your company?  No company is safe, a task force which dry runs crisis scenarios is desirable, and high tech hacking should not cause a lack of focus on “low tech risk” (the lost laptop, the careless employee, the law firm or vendor whose computer system houses company trade secrets). 

As a matter of corporate governance, general counsel should report with granularity to the board (someone mentioned “at every meeting” although I do not believe this is standard practice), or least to the risk committee, the nature of the risk and those parts of the computer system that by definition cannot be kept safe from intrusion.  General counsel also noted there is an SEC obligation for risk disclosure in the cyber-attack area. 

Government prosecutions of Foreign Corrupt Practices Act claims have declined for the last couple of years; is the FCPA problem solved?  Not by a long shot.  The Department of Justice has announced that Foreign Corrupt Practices Act enforcement has become a permanent part of its focus.  The Resource Guide promulgated jointly by the SEC and the DOJ in November, 2012 gives guidelines for corporate compliance to avoid serious enforcement actions.  A counterpoint: the Resource Guide trumpets early self-disclosure as a primary example of how companies can avoid government ire, but about 50% of recent FCPA enforcement cases involved situations which commenced with the very corporate self-disclosure which is trumpeted as a defense.

Proposed Limitations on Public Solicitation in Private Placements

After the SECs adoption of amended Rule 506(c) permitting general solicitation to accredited investors in private placements, the SEC has proposed (but not yet adopted) another rule-making foray designed to protect investors in such transactions.  These protections were discussed at Practicing Law’s 45th Annual Institute on Securities Regulation, which concludes in New York today. 

The first proposed protection is to require an SEC filing of an expanded Form D, providing details of the offering and copies of disclosure documents, at least fifteen days prior to commencement the offering. 

But the most controversial protection would be to disqualify from 506(c) offerings any company that within the prior five years was noncompliant in its Form D filings (for prior placements).  Although the present Regulation D exemption “requires” the filing of the present iteration of Form D (which provides certain basic information concerning a completed private placement), the failure to make such a filing does not in and of itself disqualify a traditional 506 private placement. 

Apparently many commentators have objected to denial of 506(c) just because a company failed to file its Form D in a prior offering.  Is such a disqualification too Draconian?  Particularly since the present Regulation D exemption itself is not voided by such failure to file? 

And if failure to file a prior Form D is to be a disqualification, is not five years too long?  Should it not be, say, a one year prohibition? 

The SEC staff noted that, in fact, it badly needs the information contained in a Form D to discharge its regulatory functions and to understand the capital markets; and, it noted rather plaintively, the filing of a Form D is in fact contemplated and required by the express terms of the Regulation D exemption. 

Interestingly, if the disqualification from utilizing 506(c) survives the pending public comment period and becomes an SEC regulation, this will trigger a substantial change in the practice of many private placements; there will be a real penalty to not in fact file the Form D.  Should this disqualification apply only prospectively, that is to say only to failures to file Form D for offerings after the new protections are enacted?  Otherwise, a prior failure to file a Form D, thought at the time to be benign at the bottom line, may become a substantial denial of access to capital markets on an ex post facto basis?

Private Placement Developments

At this week’s  Practicing Law Institute annual conference on securities regulation, there was extensive discussion of changes in the regulatory scheme for private placements. 

There are three major moving parts to 2012 JOBS Act reforms loosening up the private placement market:

  • The JOBS Act requires the SEC to revise the provisions of SEC so-called Regulation A, an abbreviated registration procedure historically processed through regional SEC offices rather than through Washington; the SEC shortly is expected to propose regulations permitting such offerings in amounts up to $50,000,000. 
  • The JOBS Act mandates crowd-funding regulations, which just the other day were promulgated by the SEC (although subject to a lengthy public comment period; much commentary is anticipated). 
  • The SEC a couple of months ago promulgated changes to Regulation D, adding subsection 506(c) which permits public solicitation in private offerings (if directed only to accredited investors, with reasonable steps to verify that status). 

The marketplace is just finding its way in terms of how bold it will permit itself to be in the nature of general solicitation.  The conference panel noted that once general solicitation is undertaken, and it is thereafter decided to move to a full registered public offering or into a traditional Regulation D offering (which might include up to thirty-five unaccredited investors), substantial practical problems are encountered.  Most notably, having undertaken general solicitation you have a problem effecting a traditional placement under Rule 506(b) wherein you are permitted non-accredited investors but are prohibited from general solicitation. 

What constitutes reasonable steps to verify accredited status?  There are no specific guidelines, only guiding principles provided by the SEC.  Would it not be better to have a specific safe harbor?  Some commentators suggested not; if you have a specific safe harbor, and it provides for example that you must verify status every six months, what happens if you verify status every seven, eight or nine months?  Does the non-exclusive safe harbor become a de facto exclusive articulation?

The IPO Market

 

This Fall has seen a resurgence of IPOs, and radical changes in the law of private placements.  Both the IPO and the private placement markets remain in unclear regulatory territory, however; this is the teaching of the Practicing Law Institute’s Annual Institute on Securities Regulation, a three-day law-fest being held this week in New York City for this, the 45th consecutive year. 

This post focuses on IPO practice. 

October, 2013 saw thirty-three public offerings, the strongest month monetarily since May, 2012 (which in turn was dominated by a single offering, that of Facebook).  Sixteen IPOs also were pricing this current week, the most in a given week since November, 2007. 

The JOBS Act, enacted April 1, 2012, defined broadly a class of “emerging” companies as those with sales less than $1,000,000,000 per annum.  These companies receive certain accommodations in the going public process:

  • They need only provide two years of audited financials rather than three; many companies continue to include three years of audits, although certain companies not being sold on past performance (such as emerging bio techs) have indeed cut back to two years. 
  • The SEC now permits confidential initial submissions of registration statements, which has become the market norm for initial filings. 
  • The ability to “test the waters” to determine the salability of an IPO, both prior to and during the filing period for these emerging companies, is being used extensively; it was originally thought that this process would narrow the pricing range, but in fact it is primarily used to explain a complicated story to investors, particularly in the life sciences. 
  • The JOBS Act also reduced the reporting obligations of emerging companies for a period of time following their IPO, notably relief from the requirement that auditors pass on the adequacy of internal financial controls; interestingly, CEOs who must certify as to the adequacy of such controls nonetheless often are insisting upon obtaining the comfort of auditor signoff. 

Foreign Corrupt Practices Act and Private Equity

I see lots of recent literature about aggressive SEC and DOJ enforcement of the FCPA.  Traditionally, easy targets were the medical and energy sectors; the statute prohibits improper payments to overseas government officials, and these industries feature deep governmental ownership.

Last year, the DOJ and SEC jointly published a Resource Guide to help US businesses understand their duties of diligence and compliance under the FCPA.  Coupled with recent active investigations, this Guide suggests diligence requirements on the part of PE firms buying any company with overseas sales.

The concept is easy: if a PE firm invests in a portfolio company it must diligently search for risks under the FCPA.  Once invested, the PE firm should monitor that risk.  Failure to discern and remediate noncompliance, even if arising pre-investment, can create liability directly on the PE firm as major or controlling stockholder. 

While generally shareholders are passive and have no liability for the acts of their portfolio companies, PE firms undertake diligence as a matter of course and thus become tainted with putative knowledge of FCPA risk.  PE firms also sometimes obtain various control rights, not to mention functional voting control, relative to target operations.  PE involvement is heightened when board seats are taken.

PE firms also just look like good targets for the government to deliver the FCPA message; and, they are deep pockets to boot.  It is unsettling to think that a PE firm, putting down its money to make an acquisition and itself being misled into buying a target that is in violation of FCPA, could further be found to be itself directly liable.  All part of the continuing trend to make third parties the policemen in our capital markets.

Coupled with a recent suggestion that PE firms may suffer liability under ERISA with respect to portfolio companies, FCPA presents yet another operational risk and yet another possible risk disclosure obligation to LPs.

Report on Medical Device Industry — Mass Medic Conference

Where is the MedTech industry going? A brief report from the MassMedic conference held Friday, November 1 at UMass Boston, follows:

The top ten segments for device development over the next 5 years will not change; the leaders are in vitro diagnostics, cardio, diagnostic imaging, ortho.

R&D is predicted to grow at an annual rate of 3.9%, remaining on average at about 6% of sales; but the top twenty companies will spend at a higher rate.

M&A deals are way off during the first half of 2013; the vast majority of medical device deals still happen in the US.

Similarly, medtech financing is constricted, with a smaller number of smaller deals. There were eight medtech  IPOs world-wide, 6 in the US, in 2013 to date, dwarfed by the number of biotech deals. Leading states for financings: California, followed by Massachusetts (but following pretty far behind).

Seventeen emerging companies pitched to the assembled hoard of investors, entrepreneurs and service providers, at all stages of development. Fields included: regeneration of damaged body parts; software for patient monitoring; imaging, cancer treatment, various diagnostic technologies, orthopedics.

Compared to last year, presenters have learned their lessons: all came prepared to discuss reimbursement and time-lines. Less whining about FDA delays. Reimbursement codes and pricing models to appeal to doctors and to fit into insurance regimes were discussed prominently, along with (of course) focus on patient outcomes.

Wachtell Lipton Firm Takes Some Lumps

Without question one of the premier lawfirms in the United States, Wachtell Lipton long has represented, and spoken for, “larger corporate interests.”  Today’s news brings us two factoids suggesting that it is not always easy being Wachtell.

First, the Shareholder Rights Project at Harvard Law School (SRP) announced that its efforts  have led to a decrease in classified (staggered) boards among the S&P 500 to less than 10% (considering the Project’s negotiating 99 contracts with companies which have agreed to bring management proposals to declassify).  The SRP then endorses the virtue of declassification as increasing board responsiveness, and cross-links to its prior article entitled “Why Wachtell Lipton was Wrong about the SRP.”  Classified boards used to be favored as a fundamental corporate protector; many of us were taught that you classified your board to make sure management was not sandbagged by those error-prone shareholders.     Wachtell long has been understood (at least in my mind) to favor protections of corporate status quo through board controls (staggered boards, poison pills, etc.) as fundamental to sound management.  How times have changed.

And speaking of poison pills, CVR Energy has just sued the Wachtell firm (and two partners) for malpractice.  Seems that last year Wachtell allegedly advised CVR in the face of Carl Icahn’s takeover bid, and at one point Wachtell allegedly advised accepting an agreement to set aside the CVR pill.  Then Icahn successfully took control.  Now in charge of CVR, Icahn claims that Wachtell hid from the board an agreement that doubled the fees of CVR’s advisers (Deutsche Bank and Goldman Sachs) if Icahn were successful.  So Icahn wins, walks in and find that “his” new company has a $36 Million obligation that (he claims) was hidden from the board of CVR.  It is a strange suit as the malpractice allegedly occurred prior to the time Icahn owned CVR and also facilitated Icahn’s success,  but, of course, it is a corporate debt and he inherits it (the bankers have sued CVR for their fees, claiming they were earned in connection with the May 2012 stock sale to Icahn).

Most of us lawyers recognize Wachtell as a legal powerhouse and a leader in corporate thought and practice.  It seems that not everyone agrees with that perception, however….

FCPA Again

Today’s email basket contains an SEC announcement of its settlement of Foreign Corrupt Practices Act charges against medical equipment seller Stryker Corporation, involving world-wide corrupt payments to foreign government individuals in an effort to garner business contracts. 

The tab?  About $13.2M in fines including interest of more than $2M!  And some of the matters complained of date back to 2003; the SEC has a long memory.

I have written before about intense SEC and DOJ interest in bribes of offshore government employees to gain business, noting it is a slippery slope.  Many overseas companies are indeed government-owned one way or another, and “grease payments” to individuals affiliated with these companies constitute government bribes.  This is particularly sensitive in, and less obvious in, the life science area where overseas hospitals, for example, are often government institutions.

That said, it is hard to imagine a more uninspired set of alleged facts.  In one Strkyer episode, a payment allegedly was laundered through an offshore lawfirm, booked as a legal fee although no services were provided, and the law firm just forwarded the money.  In another case, a $200,000 donation allegedly was made to a public university in Greece to fund a lab for a public hospital doctor.

My favorite: Stryker allegedly sent a director of a public Polish hospital on a paid business trip– with spouse –including 6 days in New York City, two Boradway shows and five days in that vertibable hub of life science deals:  Aruba.

Stryker’s profits on these deals were about $7.5M.  The net: negative almost $6M, and on top of that all those legal fees….

Women for style (and profit)

Women have a drive for style and uniqueness, expressed in clothing, jewelry and home goods.  (Men, not so much.)  How do you build a $1,000,000,000 business around this concept? 

The answer is by operating the category leader in internet home goods sales, says Wayfair CEO Naraj Shah, speaking to the ACG-Boston  Breakfast Meeting this morning. 

Targeting the women of  middle market households with incomes of $60,000 to $250,000 per year, and driving flow to its website by aggressive television advertising, Wayfair has an annual order run rate of $1,000,000,000.  Shah expects online orders for home goods to grow to 22% of all sales by 2019. 

Why do people shop on line?  You can do it any time, delivery is automatic and you have a broader selection.  If you are interested in wide selections of styles, shopping on the internet is much more convenient than going to dozens of stores.  Wayfair offers over 7,000,000 items for the home market; examples: 8,000 table lamps, 4,000 bar stools. 

Having so many different items reflects the diversity of the home goods market.  Take for example a comparison of the United States sales of paper goods such as towels, and of lighting.  Each is a $7,000,000,000 annual market.  Paper has about 50 SKUs.  Lighting has about  500,000 SKUs.  Only on-line marketing can capture this product diversity. 

To which factors does Shah attribute the growth of his company?  First, he picked a very large market so  he could continue to compound growth.  Second, he took no outside capital until he had $500,000,000 of sales, allowing him to focus on customer needs rather than on financial targets driven by investor requirements.  Third, he focused first on efficacy of his technology so as to make the online shopping experience simple (“we are a technology company that happens to focus on home goods”). 

Certain elements of the business are intuitively evident: Wayfair does not carry much inventory, using a network of vender fulfillment companies covering 12,000 brands.  One thing that seems counter-intuitive but relates to customer satisfaction: Wayfair takes charge of the entire delivery process, picking up the product, consolidating it and shipping to the customer themselves from various warehouse locations. 

Is there room for growth?  Not only is the market large, but also as of now only about 1% of visitors to the website actually place an order.  Even a modest increase in the sales rate could drive great expansion. 

Finally, what about the high end of the market place?  Wayfair at present has not significantly addressed this market.  But looking at the demographics, the middle market alone is certainly big enough to accommodate growth in  the current business model for a long time.

Board Role in Cyber Security

 Yesterday’s post outlined  some major issues in cyber security.  From a governance standpoint, in the face of heightened cyber risk, what are the obligations of a board of directors? 

  • Make sure that management develops a “breach plan” that identifies the level of cyber risk you are willing to undertake, and that outlines your legal, contractual and regulatory obligations if a breach occurs.  Identify your legal and public relations team. Determine insurance coverage.  Do you have a plan as to what to say to your customers? 
  • Do not automatically turn over cyber security to your CIO; they are generally not prepared.  If you are large enough, consider establishing a new position of CISO (“Chief Information Security Officer”). 
  • Identify your key protectable elements of information, the “crown jewels, ” and focus on protecting those;  it is not possible to protect everything (there are too many devices plugged into the internet and too many unknown portals into your company). 
  • Apply a goodly portion of your IT budget to both defense against hacks and, perhaps more importantly, immediately discovering hacks so they can be contained. 

Setting up such a system requires a deep dive by the board, initially, in order to establish preparedness.  For ongoing monitoring, consider establishing a risk management committee chaired by in-house counsel, reporting through the CEO to the board.  Arrange for quarterly reports, and deal with cyber security risks as part of enterprise-wide risk management.