Time to Revisit Risk Factors in Periodic Reports

Time to Revisit Risk Factors in Periodic Reports

Ninth Circuit Decision Reminds Public Companies to Update Their Risk Factors In an opinion published on June 16, 2021, the Ninth Circuit found that plaintiff shareholders adequately alleged that a major tech company (Company) intentionally made statements on its Forms 10-Q that omitted material fact...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Insights; the Corporate & Securities Law Advisor 2021-10, Vol.35 (10), p.12-14
Hauptverfasser: Stark, Tami, Anagnosti, Era, Diamond, Colin, Gez, Maia
Format: Artikel
Sprache:eng
Schlagworte:
Cybercrime
Cybersecurity
Disclosure
Federal court decisions
Materiality
Public companies
Risk factors
Securities fraud
State court decisions
Violations
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Ninth Circuit Decision Reminds Public Companies to Update Their Risk Factors In an opinion published on June 16, 2021, the Ninth Circuit found that plaintiff shareholders adequately alleged that a major tech company (Company) intentionally made statements on its Forms 10-Q that omitted material facts necessary to make the statements not misleading regarding cybersecurity risks.1 Notably, the panel found that by simply affirming that there were no material changes to its prior 10-K risk factor disclosures and incorporating its prior 10-K disclosures, a reasonable investor reading the Company's Forms 10-Q could have been misled by the Company's representation that there had been "no material changes" in its risk factor disclosures whereas, at the time of the 10-Qs filings, the Company was allegedly aware of a cybersecurity vulnerability.2 Plaintiffs alleged that, in March 2018, senior executives of the Company learned that, since 2015, the company was exposed to cyber security vulnerabilities.3 In April and June 2018, the Company purportedly filed quarterly Form 10-Q reports that incorporated the risk disclosures it already made in its 2017 10-K report that did not reflect the vulnerabilities it discovered in March 2018, and affirmed that there had been no material changes to its risk factors since 2017.4 The Company's publicly traded share price fell after the news broke of these vulnerabilities.5 Three days later, plaintiffs sued the Company and several of their senior executives for securities fraud under Section 10(b) of the Securities Exchange Act of 1934.6 The district court granted the Company's motion to dismiss for failure to state a claim finding that plaintiffs had failed to allege a material misrepresentation or omission and also failed to sufficiently allege scienter. The Ninth Circuit reversed, in part, holding that plaintiffs plausibly alleged that the Company's omission was material given (1) the lack of any new risk disclosures in the Company's 10-Qs following the detection of the vulnerabilities, (2) that the 10-Qs were made after internal deliberation at a senior level to exclude information relating to the vulnerabilities, and (3) the statements were made at the same time as growing scrutiny of tech companies' disclosure of user information following the Cambridge Analytica scandal.7 The Ninth Circuit also relied on SEC guidance issued in 2018 on public company cybersecurity disclosures (SEC Guidance) to support its conclusion that the om
ISSN:0894-3524