Picture this: You’re standing at the edge of Wall Street, the air thick with the buzz of deals and the frenetic energy of the financial world. In one hand, you hold a briefcase full of your company’s secrets; in the other, a megaphone that reaches every investor in America. What do you say? What must you say?
This, dear reader, is the crux of the materiality standard in securities law – a concept as crucial as it is complex.
The Birth of a Standard
Our story begins in 1976, in the halls of the highest court in the land. The United States Supreme Court (SCOTUS), in its wisdom, tackled this very question in the landmark case of TSC Industries Inc. v. Northway Inc., 426 U.S. 438 (1976).
The venerable Justice Thurgood Marshall, speaking for a unanimous court, laid down a principle that would echo through the canons of Wall Street for decades to come:
“An omitted fact is material if there is a substantial likelihood that a reasonable shareholder would consider it important in deciding how to vote.”
TSC Indus. Inc., 426 US 438 at 449
Simple words, you might think. But like the best legal principles, these words contain multitudes.
Unpacking the Standard
Let’s break it down, shall we?
- Substantial Likelihood: We’re not dealing in certainties here. SCOTUS recognized that the future is always cloudy, especially in the world of finance. But if there’s a real, tangible chance that the information would matter? That’s our first clue.
- Reasonable Shareholder: Ah, our old friend, the reasonable person! But this time, they’re wearing a shareholder’s hat. We’re not talking about the day trader glued to their screens, nor the billionaire who treats million-dollar losses like pocket change. We’re talking about the average, prudent investor.
- Consider it Important: Here’s where it gets interesting. The information doesn’t need to be the deciding factor. It just needs to be something that would feature significantly in the investor’s decision-making process.
The Plot Thickens
But wait! SCOTUS wasn’t done. They added another layer to this legal lasagna:
“Put another way, there must be a substantial likelihood that the disclosure of the omitted fact would have been viewed by the reasonable investor as having significantly altered the “total mix” of information made available.”
TSC Indus. Inc., 426 US 438 at 449
“Total mix,” they say. It’s like trying to solve a jigsaw puzzle. Each piece of information is part of a larger picture. The question isn’t whether this one piece completes the puzzle, but whether it significantly changes what the puzzle looks like.
Real-World Ramifications
Now, let’s bring this from the lofty heights of legal theory down to the gritty sidewalks of reality.
Imagine you’re the CEO of Quantum Disclosure, Inc., a cutting-edge firm on the verge of a breakthrough in quantum computing. Your lead scientist has just told you that there’s a 30% chance the technology won’t work as intended. Do you disclose?
According to the materiality standard, you’d better believe you do. A reasonable shareholder would absolutely want to know about a 30% chance of failure in the company’s flagship product.
But what if it’s a 5% chance? Or 1%? The line gets blurrier, doesn’t it?
The Ongoing Saga
The beauty – and the challenge – of the materiality standard is its flexibility. It evolves with the markets, with technology, with the very nature of information itself. Crucial to this flexibility is whether the truth of such information can measured by objective means. Even “opinions” can be misleading: SCOTUS has ruled that a registrant company’s statement of an opinion in a registration statement could be actionable if there are material facts that establish the “opinion” was misleading when made (see Omnicare Inc. v. Laborers Dist. Council Constr. Indus. Pension Fund, 575 U.S. 175, 188 (2015)).
In the age of social media, when a single tweet can send stocks soaring or plummeting, the question of what constitutes material information becomes ever more complex. The Securities and Exchange Commission (SEC) grapples with these issues daily, issuing guidance and enforcing the standard in an ever-changing landscape. For example, on June 24, 2024, the SEC issued the following disclosure guidance for companies that suffered a ransomware attack1.
The Moral of the Story
At its heart, the materiality standard is about fairness. It’s about ensuring that when investors step into the marketplace, they’re not walking into a trap laid by those with privileged information.
It’s a reminder that in the high-stakes world of securities, knowledge isn’t just power – it’s a responsibility. A responsibility to share, to disclose, to level the playing field.
So the next time you find yourself with that briefcase of secrets and that metaphorical megaphone, remember the words of Justice Marshall. Remember the reasonable shareholder. And remember that in the grand theater of the markets, everyone deserves to know what play they’re really watching.
After all, in the world of securities law, the most valuable commodity isn’t gold or stocks or bonds. It’s trust. Contact Burrell Law to see if we can help your company build trust with investors. You can use the form below or email info@burrell-law.com and one of our team members will get back to you.
Footnotes
1SEC guidance regarding disclosure of ransomware attacks
Question 104B.05
Question: A registrant experiences a cybersecurity incident involving a ransomware attack. The ransomware attack results in a disruption in operations or the exfiltration of data. After discovering the incident but before determining whether the incident is material, the registrant makes a ransomware payment, and the threat actor that caused the incident ends the disruption of operations or returns the data. Is the registrant still required to make a materiality determination regarding the incident?
Answer: Yes. Item 1.05 of Form 8-K requires a registrant that experiences a cybersecurity incident to determine whether that incident is material. The cessation or apparent cessation of the incident prior to the materiality determination, including as a result of the registrant making a ransomware payment, does not relieve the registrant of the requirement to make such materiality determination.
Further, in making the required materiality determination, the registrant cannot necessarily conclude that the incident is not material simply because of the prior cessation or apparent cessation of the incident. Instead, in assessing the materiality of the incident, the registrant should, as the Commission noted in the adopting release for Item 1.05 of Form 8-K, determine “if there is a substantial likelihood that a reasonable shareholder would consider it important in making an investment decision, or if it would have significantly altered the total mix of information made available,” notwithstanding the fact that the incident may have already been resolved. Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, Release Nos. 33-11216; 34-97989 (July 26, 2023) [88 FR 51896, 51917 (Aug. 4, 2023)] (quoting Matrixx Initiatives v. Siracusano, 563 U.S. 27, 38-40 (2011); Basic Inc. v. Levinson, 485 U.S. 224, 240 (1988); TSC Indus. v. Northway, 426 U.S. 438, 449 (1976)) (internal quotation marks omitted). [June 24, 2024]
Question 104B.06
Question: A registrant experiences a cybersecurity incident that it determines to be material. That incident involves a ransomware attack that results in a disruption in operations or the exfiltration of data and has a material impact or is reasonably likely to have a material impact on the registrant, including its financial condition and results of operations. Subsequently, the registrant makes a ransomware payment, and the threat actor that caused the incident ends the disruption of operations or returns the data. If the registrant has not reported the incident pursuant to Item 1.05 of Form 8-K before it made the ransomware payment and the threat actor has ended the disruption of operations or returned the data before the Form 8-K Item 1.05 filing deadline, does the registrant still need to disclose the incident pursuant to Item 1.05 of Form 8-K?
Answer: Yes. Because the registrant experienced a cybersecurity incident that it determined to be material, the subsequent ransomware payment and cessation or apparent cessation of the incident does not relieve the registrant of the requirement to report the incident under Item 1.05 of Form 8-K within four business days after the registrant determines that it has experienced a material cybersecurity incident. [June 24, 2024]