Internet Disclosures Can Cost Your Company

As Dan A. Bailey, a lawyer in Bailey Cavalieri LLC, located in Columbus, OH, and a leading expert on securities compliance matters, has said: 'As information about
companies becomes more readily available over the Internet, and as companies use the Internet for investor communications, traditional notions regarding securities law compliance must evolve to better fit this new paradigm. That evolution will likely take years as regulators and courts struggle with appropriate application of the securities laws to cyberspace. In the meantime, companies and their directors and officers must operate in a world of uncertainty, in which they are subjected to potentially catastrophic liability exposure if their behavior is later found in violation of these ill-defined and evolving rules.'

With securities claims involving improper Internet disclosures on the rise, a company would be wise to institute a review process, carried out by a qualified person (general counsel or compliance officer), to assure that its Internet disclosures are accurate, complete, and appropriate. Following are some questions that should be asked as part of an Internet review, along with suggestions for 'common sense' measures for reducing a company's exposure and keeping pace with Web evolution.

Web Sites

1. How does the company distinguish current information from dated information? A Web site makes information continuously available for as long as the information appears on the site. Thus, stale information can appear to be fresh to someone who accesses the information long after its publication date. When investors or others depend on old information to make decisions that go wrong, they are likely to sue. Suggestions for reducing this risk include:

Make sure the site prominently displays a disclaimer regarding dated information: for example, 'Various items of information speak as to a specific date of issuance and may become outdated.' Any press releases on the site should be included (good news and bad) and maintained identically.

Include a separate, clearly identified 'archive' section for older information, along with an appropriate disclaimer that the content is dated and will not be updated. (Note: Some information is not appropriate for archiving, such as replays or transcripts of analyst conference calls, which should be posted for a short time following the call (eg, 7 to 10 days) and then removed from the site.

Periodically review the Web site to ensure that all information is current and accurate. This should be done by the person responsible for compliance.

Include a 'last updated' date on each section of the Web site.

2. Is someone managing site content? In many companies, numerous departments ' each with a different target audience and a different idea about how to present information on the Web ' contribute content to the corporate Web site. Assign one person to review all of the content being posted. It is best to maintain a separate area of the Web site for investors, and carefully monitor it for accuracy, completeness, and timeliness. As with all company communications, ensure that Web site information is consistent with the disclosures made in your company's SEC filings.

3. Are hyperlinks used? If the company's Web site links to other sources of information, it may be viewed as endorsing that information. The safest practice is to use hyperlinks to other Web sites sparingly, if at all, and never provide links to analyst reports. Yet because analyst reports can be useful, a company can safely refer investors to them by:

Listing all analysts known to follow the company'not just selected analysts'without providing a hyperlink to any of their Web sites or reports.

Listing the analysts in alphabetical or chronological order to avoid the appearance that the company favors one over another. Including a prominent link to the company's own risk disclosures, so that the statutory safe harbor applicable to forward-looking statements arguably applies if the company is deemed to have adopted an analyst's report or estimates.

If a company decides to use hyperlinks to analysts, it should be careful to:

• Provide the links objectively to all analysts reporting on the company without distinguishing between favorable and unfavorable reports.
• Include a disclaimer up front, to be viewed before any reports are viewed, stating that the company does not endorse or adopt third-party statements or forecasts and assumes no responsibility for ensuring that they remain up-to-date and accurate.

Another option, instead of linking direct to analyst reports, is to link to 'consensus estimates' ' Web sites on which the estimates of several analysts are compiled. Consensus estimates reduce a company's liability because they are selected by an independent source; no individual estimate is revealed, only a consensus; and shareholders could obtain this information easily anyway. Remember: Hyperlinks to analyst information are potentially as problematic as direct links to analyst reports. It is best to avoid hyperlinks or, if they must be used, do so with extreme caution.

4. Is the company 'gun-jumping'? The SEC prohibits the release of information that alerts the public to an impending securities offering or arouses investor interest in an offering (also called gun-jumping). Therefore, when preparing for and conducting securities offerings, pay special attention to your company's Web site. The information contained on the site, as well as any links to analyst reports and other information, must be carefully controlled. During this period, avoid any statement regarding the company's financial performance or value. Furthermore, disable any interactive features of the company's Web site until the registration statement with the SEC goes into effect. All company descriptions on the Web site should closely mirror those contained in the registration statement itself.

5. What about disclaimers? Accom-pany most disclosures with an appropriate disclaimer. The disclaimer should appear on the main page of the company's Web site, as well as on any other pages that are intended for investors.

6. Can the site be confused with other sites? It isn't unusual for outsiders to maintain Web sites about a company, and such sites may even look like the company's site. To avoid confusion and trouble, a company's site design should differentiate it from any other site about the company.

7. Is the site secure? Don't overlook the obvious. No one should be able to alter or add information to a company's Web site without the company's knowledge and approval. A security audit, conducted periodically (at least annually) can help protect a company's site by examining Web site practices and determining what, if any, exposures exist.

8. Is SEC-mandated content included? The SEC and the stock exchanges require certain information on company Web sites, such as the company's code of ethics; insider trading and beneficial ownership reports; reports filed with the SEC; and other matters. Take care to ensure that all required information is organized, accessible and updated.

Online Forums

Online forums ' such as chat rooms, bulletin boards and, most recently, blogs ' can create serious securities law exposures for a company. On-line forums often contain unsubstantiated rumors about companies and their securities intermingled with genuine information, with no way for readers to know fact from fiction and no way for companies to control the information disclosed. Since on-line forums are often anonymous, their comments are typically quite critical and frank. Furthermore, the informal nature of on-line forums increases the chance that a disclosure will happen 'by accident,' significantly increasing the risk that a company and its directors and officers will be sued over a seemingly innocent comment by a subordinate that could be construed as illegal insider-trading activity. (Note: Lawsuits against companies and their directors and officers over improper securities disclosures aren't the only risks associated with on-line forums. Stray comments about individuals may also lead to employment-related lawsuits alleging discrimination or harassment, as well.)

Incidentally, the blog ' the newest species of on-line forum ' is an excellent example of how the Internet continues to evolve and why it promises to be an unending source of liability uncertainty in the years ahead. The following questions can help a company ward off on-line forum traps that can significantly increase the danger of securities law violations.

9. Does the company sponsor or link to on-line forums? Any suggestion that a company sponsors investor on-line forums and their content can lead to lawsuits over disclosure matters. Therefore, it is best to maintain a safe distance from on-line forums ' especially those that permit discussions of the company's financial or business performance.

10. What about rumors on cyber space? Even responding selectively can have the unintended effect of confirming or denying certain rumors. An exception can be made should false information that is disseminated on the Internet appear to be attributable to the company. If your company feels compelled to respond, do so only after generating a press release containing a disclaimer of the false information and, if necessary, filing a Form 8-K with the SEC.

11. Do employees participate in on-line forums? Any employee's statement in an on-line forum can be viewed as a disclosure by the company. Therefore, companies should prohibit or discourage employees from participating in forums in which the company is discussed or referenced, or at the very least provide employees with guidelines for participating in such forums, such as prohibiting them from using company computers, identifying themselves as company employees, or discussing confidential business matters.

12. Who monitors online forums to see what is being said about the company? If monitoring forums seems daunting, consider transferring this task to companies that specialize in this service. By understanding what is being said about it, a company will be able to develop appropriate countermeasures.

Benefits of Managing Internet Disclosures

Given the scope of the World Wide Web ' billions of pages on some 75 million sites, with more than 300,000 new sites added every day: What is the probability of the SEC actually coming across a securities violation by a company? After all, how many Internet communications can the SEC's Office of Internet Enforcement realistically monitor?

Remember that many investors and professional plaintiff attorneys may be paying close attention to a specific company, its Web site, and its alleged statements (easily found by means of a search engine). The most likely sources of suits against a company (and its directors and officers) over Internet-related securities violations will be disgruntled investors and professional plaintiff lawyers. To put it another way, it is reasonably likely that any securities violation will be detected and result in an administrative proceeding or lawsuit. The challenge for every company is to be aware of this, to behave in an ethical manner, and to prepare for 'worst case scenarios' ' even those where the allegations against the company are untrue.

A company's securities litigation loss prevention program can help by including measures for managing securities disclosures made over the corporate Web site or on the Internet. A well-designed program, which should also include coverage by a directors and officers liability insurance policy, produces several important benefits for a company:

• It can significantly reduce liability ex-posure by reducing the likelihood and severity of securities litigation.
• It can help reduce penalties impos-ed should the corporation be found guilty of criminal violations.
• It can build credibility ' with share-holders, analysts, and the financial community.
• It can help preserve a company's hard-earned reputation for maintaining the highest legal and ethical standards.

Tony Galban is vice president, Chubb & Son, and underwriting manager for directors and officers liability insurance for Chubb Specialty Insurance (CSI). He is based in Simsbury, CT, and can be contacted at [email protected].

Answer: The Internet and the Sarbanes-Oxley Act of 2002 (SOX). Question: What two powerful forces are generating a whole new world of liability for companies and their directors and officers?

It is unlikely that this answer-and-question combo will ever appear on the popular TV quiz show Jeopardy. But the reality is that as the Internet opens pathways to doing business that could scarcely be imagined a decade ago, it also presents increasing dangers to public companies in the form of new liability risks. The instantaneous nature of the Internet can be both boon and bane to companies seeking to harness it to provide information to, and create goodwill with, shareholders. Not only can information be disseminated over the Net in a fraction of a second for worldwide viewing, but it has become a predominant source of investment news. Financial updates, product developments, information tidbits, even rumors ' all are now posted 24/7 on the Web for consumption by anyone, including investors who are poised to take advantage of the latest intelligence.

It doesn't take much imagination to see how this modern communications wonder spins a web of potential liability for companies, especially in light of SOX. Since information is continuously available for as long as it remains posted on the Internet, the danger that investors will misinterpret outdated information as being current is constant. And since anyone can post corporate information, the truthfulness of that information is hardly guaranteed. Furthermore, like moths to a flame, lawmakers are now directing their attention to the Internet. All of these things, combined with the rapid evolution of securities laws, means companies must work extra hard to keep up and to comply. Those companies that don't keep up may be 'rewarded' with a class-action lawsuit alleging misrepresentation, delayed or misleading disclosures, or other corporate wrongdoings.

As Dan A. Bailey, a lawyer in Bailey Cavalieri LLC, located in Columbus, OH, and a leading expert on securities compliance matters, has said: 'As information about
companies becomes more readily available over the Internet, and as companies use the Internet for investor communications, traditional notions regarding securities law compliance must evolve to better fit this new paradigm. That evolution will likely take years as regulators and courts struggle with appropriate application of the securities laws to cyberspace. In the meantime, companies and their directors and officers must operate in a world of uncertainty, in which they are subjected to potentially catastrophic liability exposure if their behavior is later found in violation of these ill-defined and evolving rules.'

With securities claims involving improper Internet disclosures on the rise, a company would be wise to institute a review process, carried out by a qualified person (general counsel or compliance officer), to assure that its Internet disclosures are accurate, complete, and appropriate. Following are some questions that should be asked as part of an Internet review, along with suggestions for 'common sense' measures for reducing a company's exposure and keeping pace with Web evolution.

Web Sites

1. How does the company distinguish current information from dated information? A Web site makes information continuously available for as long as the information appears on the site. Thus, stale information can appear to be fresh to someone who accesses the information long after its publication date. When investors or others depend on old information to make decisions that go wrong, they are likely to sue. Suggestions for reducing this risk include:

Make sure the site prominently displays a disclaimer regarding dated information: for example, 'Various items of information speak as to a specific date of issuance and may become outdated.' Any press releases on the site should be included (good news and bad) and maintained identically.

Include a separate, clearly identified 'archive' section for older information, along with an appropriate disclaimer that the content is dated and will not be updated. (Note: Some information is not appropriate for archiving, such as replays or transcripts of analyst conference calls, which should be posted for a short time following the call (eg, 7 to 10 days) and then removed from the site.

Periodically review the Web site to ensure that all information is current and accurate. This should be done by the person responsible for compliance.

Include a 'last updated' date on each section of the Web site.

2. Is someone managing site content? In many companies, numerous departments ' each with a different target audience and a different idea about how to present information on the Web ' contribute content to the corporate Web site. Assign one person to review all of the content being posted. It is best to maintain a separate area of the Web site for investors, and carefully monitor it for accuracy, completeness, and timeliness. As with all company communications, ensure that Web site information is consistent with the disclosures made in your company's SEC filings.

3. Are hyperlinks used? If the company's Web site links to other sources of information, it may be viewed as endorsing that information. The safest practice is to use hyperlinks to other Web sites sparingly, if at all, and never provide links to analyst reports. Yet because analyst reports can be useful, a company can safely refer investors to them by:

Listing all analysts known to follow the company'not just selected analysts'without providing a hyperlink to any of their Web sites or reports.

Listing the analysts in alphabetical or chronological order to avoid the appearance that the company favors one over another. Including a prominent link to the company's own risk disclosures, so that the statutory safe harbor applicable to forward-looking statements arguably applies if the company is deemed to have adopted an analyst's report or estimates.

If a company decides to use hyperlinks to analysts, it should be careful to:

• Provide the links objectively to all analysts reporting on the company without distinguishing between favorable and unfavorable reports.
• Include a disclaimer up front, to be viewed before any reports are viewed, stating that the company does not endorse or adopt third-party statements or forecasts and assumes no responsibility for ensuring that they remain up-to-date and accurate.

Another option, instead of linking direct to analyst reports, is to link to 'consensus estimates' ' Web sites on which the estimates of several analysts are compiled. Consensus estimates reduce a company's liability because they are selected by an independent source; no individual estimate is revealed, only a consensus; and shareholders could obtain this information easily anyway. Remember: Hyperlinks to analyst information are potentially as problematic as direct links to analyst reports. It is best to avoid hyperlinks or, if they must be used, do so with extreme caution.

4. Is the company 'gun-jumping'? The SEC prohibits the release of information that alerts the public to an impending securities offering or arouses investor interest in an offering (also called gun-jumping). Therefore, when preparing for and conducting securities offerings, pay special attention to your company's Web site. The information contained on the site, as well as any links to analyst reports and other information, must be carefully controlled. During this period, avoid any statement regarding the company's financial performance or value. Furthermore, disable any interactive features of the company's Web site until the registration statement with the SEC goes into effect. All company descriptions on the Web site should closely mirror those contained in the registration statement itself.

5. What about disclaimers? Accom-pany most disclosures with an appropriate disclaimer. The disclaimer should appear on the main page of the company's Web site, as well as on any other pages that are intended for investors.

6. Can the site be confused with other sites? It isn't unusual for outsiders to maintain Web sites about a company, and such sites may even look like the company's site. To avoid confusion and trouble, a company's site design should differentiate it from any other site about the company.

7. Is the site secure? Don't overlook the obvious. No one should be able to alter or add information to a company's Web site without the company's knowledge and approval. A security audit, conducted periodically (at least annually) can help protect a company's site by examining Web site practices and determining what, if any, exposures exist.

8. Is SEC-mandated content included? The SEC and the stock exchanges require certain information on company Web sites, such as the company's code of ethics; insider trading and beneficial ownership reports; reports filed with the SEC; and other matters. Take care to ensure that all required information is organized, accessible and updated.

Online Forums

Online forums ' such as chat rooms, bulletin boards and, most recently, blogs ' can create serious securities law exposures for a company. On-line forums often contain unsubstantiated rumors about companies and their securities intermingled with genuine information, with no way for readers to know fact from fiction and no way for companies to control the information disclosed. Since on-line forums are often anonymous, their comments are typically quite critical and frank. Furthermore, the informal nature of on-line forums increases the chance that a disclosure will happen 'by accident,' significantly increasing the risk that a company and its directors and officers will be sued over a seemingly innocent comment by a subordinate that could be construed as illegal insider-trading activity. (Note: Lawsuits against companies and their directors and officers over improper securities disclosures aren't the only risks associated with on-line forums. Stray comments about individuals may also lead to employment-related lawsuits alleging discrimination or harassment, as well.)

Incidentally, the blog ' the newest species of on-line forum ' is an excellent example of how the Internet continues to evolve and why it promises to be an unending source of liability uncertainty in the years ahead. The following questions can help a company ward off on-line forum traps that can significantly increase the danger of securities law violations.

9. Does the company sponsor or link to on-line forums? Any suggestion that a company sponsors investor on-line forums and their content can lead to lawsuits over disclosure matters. Therefore, it is best to maintain a safe distance from on-line forums ' especially those that permit discussions of the company's financial or business performance.

10. What about rumors on cyber space? Even responding selectively can have the unintended effect of confirming or denying certain rumors. An exception can be made should false information that is disseminated on the Internet appear to be attributable to the company. If your company feels compelled to respond, do so only after generating a press release containing a disclaimer of the false information and, if necessary, filing a Form 8-K with the SEC.

11. Do employees participate in on-line forums? Any employee's statement in an on-line forum can be viewed as a disclosure by the company. Therefore, companies should prohibit or discourage employees from participating in forums in which the company is discussed or referenced, or at the very least provide employees with guidelines for participating in such forums, such as prohibiting them from using company computers, identifying themselves as company employees, or discussing confidential business matters.

12. Who monitors online forums to see what is being said about the company? If monitoring forums seems daunting, consider transferring this task to companies that specialize in this service. By understanding what is being said about it, a company will be able to develop appropriate countermeasures.

Benefits of Managing Internet Disclosures

Given the scope of the World Wide Web ' billions of pages on some 75 million sites, with more than 300,000 new sites added every day: What is the probability of the SEC actually coming across a securities violation by a company? After all, how many Internet communications can the SEC's Office of Internet Enforcement realistically monitor?

Remember that many investors and professional plaintiff attorneys may be paying close attention to a specific company, its Web site, and its alleged statements (easily found by means of a search engine). The most likely sources of suits against a company (and its directors and officers) over Internet-related securities violations will be disgruntled investors and professional plaintiff lawyers. To put it another way, it is reasonably likely that any securities violation will be detected and result in an administrative proceeding or lawsuit. The challenge for every company is to be aware of this, to behave in an ethical manner, and to prepare for 'worst case scenarios' ' even those where the allegations against the company are untrue.

A company's securities litigation loss prevention program can help by including measures for managing securities disclosures made over the corporate Web site or on the Internet. A well-designed program, which should also include coverage by a directors and officers liability insurance policy, produces several important benefits for a company:

• It can significantly reduce liability ex-posure by reducing the likelihood and severity of securities litigation.
• It can help reduce penalties impos-ed should the corporation be found guilty of criminal violations.
• It can build credibility ' with share-holders, analysts, and the financial community.
• It can help preserve a company's hard-earned reputation for maintaining the highest legal and ethical standards.

Tony Galban is vice president, Chubb & Son, and underwriting manager for directors and officers liability insurance for Chubb Specialty Insurance (CSI). He is based in Simsbury, CT, and can be contacted at [email protected].