Social Media Disclosures Given Greenlight

This piece was written in April 2013 as part of a series of follow-ups on a paper I wrote in law school discussing the intersection of crowd-funding and securities regulation in the context of independent film finance.

What Happened

On Tuesday of this week the Securities and Exchange Commission (SEC) issued a report making clear that public companies may use social media outlets to announce material information in compliance with Regulation Fair Disclosure (Reg FD), but only if investors have already been given notice as to which social media outlets will be used. The SEC adopted Reg FD on August 15, 2000 in order to address the selective disclosure of information by public companies and other securities issuers. Reg FD says that when a securities issuer discloses material, non-public information to some individuals and/or entities (read: securities industry professionals), that issuer must make broad, public disclosure of such information. The point of the rule is to promote full and fair disclosure of material information to all investors. You can read more about the rule here.

The Background

The SEC report is the result of an investigation launched after a July 3, 2012 post that Netflix CEO Reed Hastings made on his personal Facebook page. Hastings said in the post that, “Netflix monthly viewing exceeded 1 billion hours for the first time ever in June.”

The Facebook post that prompted the SEC investigation.

Because Netflix had not reported this information to investors either through a press release or through a Form 8-K filing with the SEC, and because a press release issued by Netflix later that same day did not include the information, it was questioned whether the post qualified as a selective disclosure in violation of Reg FD. A Form 8-K filing is a report filed with the SEC by public companies to announce unscheduled material events and/or corporate changes that could be of importance to shareholders and/or the SEC.

The Details

Importantly, neither Netflix nor Hastings had ever previously used social media to announce material corporate information, and they had never made efforts to alert investors that social media would (or could) be used in the future to announce such information.

So why does it matter? Remember that the intent of Reg FD is to level the playing field — to prevent selective disclosure by companies that would benefit one group while putting another at a disadvantage. Netflix’s common shares had started to rise before the Facebook post — they increased in value from $70.45 at the time of the Facebook post to $81.72 at the close of the following trading day. The stock market was closed on July 4, 2012.

This chart shows the rise in Netflix common shares at the time of the Facebook post.

If the Facebook post had been the basis of the increase in value in the Netflix common shares, Hastings and Netflix would likely have been in violation of Reg FD. It should be noted, though, that the SEC did not initiate an enforcement action against Hastings and Netflix, nor did it allege any wrongdoing. Instead, in recognition of the uncertainty among public companies as to whether social media was an acceptable medium of disclosure of material corporate information, the SEC sought through the report to clarify guidance it issued in 2008 making clear that company websites could be appropriate places for such disclosure (assuming that investors have been previously put on notice to look for such information there).

Remember: (i) Reg FD only applies to material non-public information; and (ii) Reg FD is intended to prevent selective disclosure.

To the first point, Hastings said in a December 6, 2012 Facebook post that Netflix didn’t believe the “1 billion hours” post was material. Hastings noted that Netflix had posted on its company blog one month prior that they were “serving nearly 1 billion hours per month.” Hastings also noted that Netflix did not issue a press release or file an 8-K with respect to this June 2012 information. Further, Hastings maintained that his July 3, 2012 post was “very public.” At the time of his July 3 Facebook post, Hastings had over 200,000 Facebook subscribers, many of whom, according to Hastings, were “bloggers and reporters.” The second point overlaps with the latter half of the first. Hastings maintained that because many of his subscribers at the time of the July 3 post were bloggers and reporters, and because there was press coverage of his post, that his post could not have qualified as selective disclosure. It’s also important to remember that Netflix shares had already started to rise before the Facebook post. Hastings suggested that this was due to the positive Citigroup research report issued the previous evening.

To anyone who was looking for the SEC to clearly resolve these questions: tough luck. The SEC’s report did not conclusively say whether the “1 billion hours” Facebook post was or wasn’t material, nor did it conclusively say whether the post was or wasn’t public. The report only concludes that social media outlets may be used to disclose corporate information assuming investors have been given adequate notice.

Some Closing Thoughts

The SEC’s report made clear that each case will need to be evaluated on its own facts, which indicates the need for companies to be more disciplined than ever when it comes to implementing and following internal social media policies. Jeremy Mishkin, an attorney focusing on internet privacy at Montgomery McCracken, recently issued some words of caution:

If I’m a CFO, I need to know not just what’s on my companies’ Facebook page or Twitter feeds, but also what my executives’ pages look like, so I don’t have a situation in which a person issues a statement that the SEC might view as a material announcement.

Also of concern are cyber attacks, which seem to be increasing both in frequency and in magnitude. In reference to a March 2013 cyber attack on American Express, Nicole Perlroth for the New York Times said:

“The assault, which took American Express offline for two hours, was the latest in an intensifying campaign of unusually powerful attacks on American financial institutions that began last September and have taken dozens of them offline intermittently, costing millions of dollars.

It remains to be seen whether the SEC backtracks if and when a cyber attack is used against a prominent publicly traded company in order to post information through the company’s social media outlets for purposes of disrupting its stock price. It seems that a large-scale attack of this nature could prove not only disruptive, but destructive. Social media log-in credentials will need to be well protected as part of comprehensive internal social media policies at public companies. Contrast this to the more traditional press release and/or Form 8-K routes, which inherently have a more robust system of checks and balances.

Overall, though, the SEC’s report seems to be viewed as a step in the right direction. Mr. Mishkin said that he thinks it’s positive that the SEC has come to recognize “that social media has become just as valid a channel for corporate communications as any traditional media. An increasing number of people get their information from Twitter feeds and Facebook updates, and the commission’s decision reflects that reality.” Cautious to give the SEC too much credit with respect to finally entering the 21st Century, though, Abram Brown writing for Forbes quipped, “it still took the regulators about 20 minutes to tweet a press release about the regulatory update. So much for simultaneous disclosure.”