On Dec. 19, 2019, the SEC’s Division of Corporation Finance (CorpFin) issued CF Disclosure Guidance: Topic No. 8, Intellectual Property and Technology Risks Associated with International Business Operations
The guidance provides CorpFin’s views on disclosure obligations regarding risks related to the potential theft or compromise of data, technology, and intellectual property (IP) within the context of the federal securities laws and the SEC’s principles-based disclosure system, which companies should consider when conducting business in foreign jurisdictions.
Sources of risks
In today’s business environment, companies may
be exposed to material risks of theft of proprietary technology and other IP, including technical data, business processes, data sets or other sensitive information. These risks may increase when companies conduct business in certain jurisdictions outside the United States: store technology, data,
or intellectual property abroad or license technology
to joint ventures with foreign partners. For example, technology, data, or IP may be stolen or compromised through direct intrusions, such as cyber intrusions
into a company’s computer systems or physical theft, or through indirect intrusions, such as reverse engineering of products or components.
Further, in order to access or conduct business in certain foreign markets, companies may be required
to compromise protections or yield rights to their technology, data or IP. The guidance provides examples of arrangements or requirements that
could limit the company’s ability to protect its own technology, data, or IP, which may negatively impact the company’s current and future competitive edge.
Assessing and disclosing risks
Currently, companies may have general disclosure in risk factors about how technology and IP could impact their businesses. Where material, these disclosures may be required in management’s discussion and analysis, the business section, legal proceedings, disclosure controls and procedures or in the financial statements.
The guidance encourages companies to assess the risks of potential theft or compromise of technology, data, or IP in connection with international operations, including how these risks could impact their business, financial condition and results of operations, reputation, stock price, and long-term value. When material to investment and voting decisions, companies should provide tailored disclosures that are specific to a company’s facts and circumstances.
Notably, the guidance indicates that when a
company’s technology, data, or IP is or was previously compromised, hypothetical disclosure of potential
risks is not sufficient.
In CorpFin’s view, companies should assess the materiality of these risks now and on an ongoing
basis and update disclosures accordingly. The guidance includes detailed questions regarding a company’s current and future operations that should
be considered to assess risks related to IP and technology and the related disclosure obligations.
SEC Regulatory Matters
+1 202 521 1530
SEC Regulatory Matters
+1 202 861 4110
© 2020 Grant Thornton LLP, U.S. member firm of Grant Thornton International Ltd. All rights reserved.
This Grant Thornton LLP bulletin provides information and comments on SEC reporting issues and developments. It is not a comprehensive analysis of the subject matter covered and is not intended to provide accounting or other advice or guidance with respect to the matters addressed in the bulletin. All relevant facts and circumstances, including the pertinent authoritative literature, need to be considered to arrive at conclusions that comply with matters addressed in this bulletin.
For additional information on topics covered in this bulletin, contact your Grant Thornton LLP professional.