Connect with us

Latest

Proposed Amendments To Rule 144 – Corporate / Commercial Law – United States

Mish Boyka

Published

on

To print this article, all you need is to be registered or login on Mondaq.com.

In its 2019 Concept Release on Harmonization of Securities Offerings,1 the US Securities and Exchange Commission (SEC) included a section requesting comment regarding resale exemptions, including Rule 144. While the SEC addressed a number of the key issues relating to the exempt offering framework that were first identified in the Concept Release in a rulemaking earlier this year,2 the SEC had not until recently addressed any of the resale exemptions. On December 22, 2020, the SEC proposed amendments to Rule 144 and Form 144 (the Proposing Release).3 In the Proposing Release, the SEC is proposing to amend Rule 144, Form 144, Form 4, Form 5 and Rule 101 of Regulation ST. We summarize below the principal aspects of the proposed amendments.

The Rule 144 Holding Period Requirement in the Case of Certain MarketAdjustable Securities

The SEC proposes to amend Rule 144 (d) (3) (ii) in order to revise the holding period for securities that are acquired upon the conversion or exchange of certain market-adjustable securities of an issuer that does not have a class of securities listed, or approved to be listed, on a national securities exchange (referred to as an “unlisted issuer”). The holding period would not begin until the conversion or exchange, so there would be no “tacking” back to the date of acquisition of the convertible or exchangeable security for marketadjustable securities. Market-adjustable securities are those that have a conversion rate or conversion price that offsets in whole or in part declines in the value of the underlying security that may occur prior to conversion or exchange. The Proposing Release states that the change is being contemplated to mitigate the risk of unregistered distributions in connection with the sale of these securities. Effectively, this change, if adopted would bring back the concept of “tolling” the holding period under Rule 144 — reintroducing the concept of tolling the holding period under Rule 144 has been considered at various times and rejected.

In the Proposing Release, the SEC draws distinctions between typical convertible securities and marketjustable securities. According to the Proposing Release, a holder of a typical convertible security is at substantial economic risk upon conversion with respect to the underlying security if the underlying security files to appreciate or declines in value. The Proposing Release distinguishes this from market-adjustable securities transactions wherein the conversion or exchange price and / or the amount of securities received on conversion are not fixed at the time of the initial transaction. The Proposing Release goes on to note that initial purchasers or subsequent holders have an incentive to purchase market-adjustable securities with a view to distribution of the underlying securities following conversion in order to capture the difference between the built-in discount and the market value of the underlying securities. As a result, the holder may be purchasing with a view to a distribution and acting as an “underwriter” and therefore should be unable to rely on the Section 4 (a) (1) exemption from registration.

The SEC proposes to amend Rule 144 (d) (3) (ii) to provide that the holding period for the securities acquired upon conversion or exchange of certain market-adjustable securities issued by unlisted issuers would not begin until conversion or exchange. The proposed amendment is limited to unlisted issuers, according to the Proposing Release, because the securities exchanges have already addressed this issue through their shareholder approval rules for listed companies.

All in all, in our view, this seems like a problematic approach. The securities exchanges have indeed addressed the issues posed by the dilutive effect of future-priced securities through their shareholder approval rules. While the shareholder approval rule addresses dilution, it does not address whether a purported purchaser in a private placement has investment intent at the time of purchase manifested by the assumption of risk. The purpose of the shareholder approval rule is not to determine whether there is a valid private placement, or whether instead the purchaser should be viewed as an “underwriter” because the purchaser never took the risk of ownership of the security. Shouldn’t there be a consistent approach to the issue regardless of whether the securities exchanges have tackled the dilution issue?

The Proposing Release does not question whether there was a valid private placement if one were to conclude that the purchaser lacked investment intent and was acting as an underwriter. Nor does the Proposing Release consider any of the issues that were raised when the SEC previously considered tolling the Rule 144 holding period in other instances, including where a holder that purchased in a valid private placement and with no view to effecting a distribution had entered into countervailing hedging arrangements. In the case of a death spiral convertible (where a bond converts into a set value paid in shares, causing share price to drop as more bonds convert), there might be an enforcement solution to the problem, rather than reopening the Rule 144 tolling debate . For instance, the SEC has the ability to bring a claim of market manipulation if the facts support it. In addition, where there appears to be an abuse of the Rule 144 safe harbor such that the purchaser is technically in compliance with the Rule, but appears to be engaged in the business of buying and selling securities, the SEC could bring an action against the purchaser for filing to register as a broker or dealer under the Securities Exchange Act of 1934 (Exchange Act). Mitigating the risk of unregistered distributions is a valid public policy objective. However, tackling the problem with this proposed amendment muddies the approach to the Rule 144 holding period and raises fundamental issues that were asked and answered in connection with prior amendments to Rule 144.4 Moreover, the SEC Staff has provided guidance on equity line of credit arrangements, which often involve market-adjustable securities, and could have addressed these issues in that context.5

Proposed Amendments to the Form 144 Filing Requirements

Proposed amendments to Rule 101 would mandate electronic filing of all Form 144 notices for Rule 144 resales of the securities of issuers that are subject to the reporting requirements of Section 13 or Section 15 (d) of the Exchange Act, and eliminate the paper filing option . (Although some filers may miss the flexibility to make paper Form 144 filings, EDGAR filers have the advantage of being allowed to use the SEC’s recent electronic signatures procedures).

A Form 144 filer who has not previously made an electronic filing on EDGAR would need to apply for EDGAR access in order to make Form 144 filings in the future. However, the proposed amendments would eliminate the filing requirement for Form 144 notices for resale of securities by affiliates of issuers that are not subject to Exchange Act reporting requirements.

Rule 144 (h) (1) would also be amended to delete the requirement that an affiliate send one copy of the Form 144 notice to the principal exchange, if any, on which the restricted securities are admitted to trading.

In addition, the proposed amendments would eliminate two unnecessary data fields and create an online fillable document for entering the information required by Form 144.

The amendments also are intended to streamline the electronic filing process for those filing both a Form 144 and a Form 4 to report the same sale of equity securities. The Form 144 filing deadline would be amended to coincide with the Form 4 filing deadline. Rule 144 (h) (2) would be revised to require that a Form 144 be filed before the end of the second business day following the day on which the sale of securities has been executed or the deemed date of execution rather than have it due concurrently with either the placing of an order with a broker to execute the sale or the execution of a sale directly with a market maker, as currently required. The proposed amendment to the Form 144 filing deadline would facilitate this new filing process. This filing deadline would apply to all Forms 144, regardless of whether a Form 4 also needs to be filed for the same transaction. The proposal therefore would provide all Form 144 filers more time to file the form.

Finally, the SEC proposes to allow Form 4 and Form 5 filers, at their discretion, to include a check box to indicate that a sale or purchase of securities was made pursuant to Rule 10b5-1 (c).

The proposed amendments are subject to a 60-day comment period following publication of the Proposing Release in the Federal Register.

Footnotes

1 https://www.sec.gov/rules/concept/2019/33-10649.pdf.

2 https://www.sec.gov/rules/final/2020/33-10844.pdf.

3 https://www.sec.gov/rules/proposed/2020/33-10911.pdf.

4 In 1990, the SEC amended Rule 144 and eliminated the tolling of the holding period if the holder had engaged in short sales, puts or other options to sell securities, which transactions had raised questions regarding whether the holder had requisite investment intent in respect of the restricted securities it held as it was attempting to mitigate the market risk associated with such securities. In 1995 and again in 1997, the SEC solicited comments in connection with proposed amendments to Rule 144 as to whether to reintroduce tolling of the Rule 144 holding period in connection with hedging transactions or other similar transactions that were intended to mitigate the market risk associated with holding a restricted stock position. The SEC, responding to comments, and considering the proliferation of hedging techniques and the desire to simplify and modernize Rule 144, decided against reintroducing the tolling concept. Instead, the SEC determined that it would watch for abusive or manipulative practices and address these particular problematic practices.

5 See, for example, in the context of equity lines of credit, Compliance and Disclosure Interpretations, Securities Act Sections, 139.12, 139.13, 139.14, and 139.21-24, available at https://www.sec.gov/corpfin/securities-act-sections#139-13.

Latest

Vermont Health Connect had 10 data breaches last winter

Avatar

Published

on

By

Vermont Health Connect had 10 data breaches last winter
Vermont Health Connect has set up a special enrollment period in response to the coronavirus outbreak. VHC photo

In mid-December, a Vermont Health Connect user was logging in when the names of two strangers popped up in the newly created account.

The individual, who was trying to sign up for health insurance, deleted the information that had suddenly appeared.

“It was super unsettling to think that someone is filing in my account with my information,” the person, whose name is redacted in records, wrote in a complaint to the Department of Vermont Health Access. “Just seems like the whole thing needs a big overhaul.”

It was one of 10 instances between November and February when Vermont Health Connect users reported logging to find someone else’s information on their account.

The data breaches included names of other applicants and, in some cases, their children’s names, birth dates, citizenship information, annual income, health care plans, and once, the last four digits of a Social Security number, according to nearly 900 pages of public records obtained by VTDigger. On Dec. 22, the department’s staff shut down the site to try to diagnose the problem.

While officials say the glitches have been resolved, it’s the most recent mishap for a system that has historically been plagued by security and technical issues. The breaches could be even more widespread: Administrators of Vermont Health Connect can’t tell if other, similar breaches went unreported.

“We don’t know what we don’t know,” said Jon Rajewski, a managing director at the cybersecurity response company Stroz Friedberg. Regardless of whether there are legal ramifications for the incidents, they should be taken “very seriously,” he said.

“If my data was being stored on a website that was personal, — maybe it contains names or my Social Security number, like my status of insurance… — I would expect that website to secure it and keep it safe,” he said.

“I wouldn’t want someone else to access my personal information.”

Andrea De La Bruere, executive director of the Agency of Human Services, called the data breaches “unfortunate.” But she downplayed the severity of the issues. Between November and December, 75,000 people visited the Vermont Health Connect website for a total of 330,000 page views, she said. The 10 incidents? “It’s a very uncommon thing to have happen,” she said.

De La Bruere said the issue was fixed on Feb. 17, and users had reported no similar problems since. The information that was shared was not protected health information, she added, and the breaches didn’t violate the Health Insurance Portability and Accountability Act, or HIPAA.

“No matter what the law says technically, whether it’s HIPAA-related or just one’s personal information, it’s really concerning,” said Health Care Advocate Mike Fisher.

The timing of the issue is less than ideal, he added. Thousands of Vermonters will be logging into Vermont Health Connect in the coming weeks to take advantage of discounts granted by the American Rescue Plan. “It’s super important that people can access the system, and that it’s safe and secure,” Fisher said.

A ‘major issue

The issues first arose on Nov, 12, when at least two Vermonters logged in and found information about another user, according to records obtained by VTDigger.

Department of Vermont Health Access workers flagged it as a “major issue” for their boss, Kristine Fortier, a business application support specialist for the department.

Similar incidents also occurred on Nov. 17 and 18, and later on multiple days in December.

Department of Vermont Health Access staff members appeared alarmed at the issues, and IT staff escalated the tickets to “URGENT.”

“YIKES,” wrote a staff member Brittney Richardson. While the people affected were notified, the data breaches were never made public.

State workers pressed OptumInsights, a national health care tech company that hosts and manages Vermont Health Connect, for answers. The state has contracted with the company since 2014. It has paid about $11 million a year for the past four years for maintenance and operations, with more added in “discretionary funds.”

Optum appeared unable to figure out the glitch. “It is hard to find root cause of issue,” wrote Yogi Singh, service delivery manager for Optum on Dec. 10. Optum representatives referred comments on the issues to the state.

By Dec. 14, Grant Steffens, IT manager for the department, raised the alarm. “I’m concerned on the growing number of these reports,” he wrote in an email to Optum.

The company halted the creation of new accounts on Dec, 14, and shut down the site entirely on Dec, 22 to install a temporary fix. “It’s a very complex interplay of many many pieces of software on the back end,” said Darin Prail, agency director of digital services. The complexity made it challenging to identify the problem, and to fix it without introducing any new issues, he said.

In spite of the fixes, a caller reported a similar incident on Jan. 13.

On Feb. 8, a mother logged in to find that she could see her daughter’s information. When she logged into her daughter’s account, the insurance information had been replaced by her own.

“Very weird,” the mother wrote in an emailed complaint.

Optum completed a permanent fix on Feb. 17, according to Prail. Vermont Health Connect has not had a problem since, he said.

Prail said the state had reported the issues to the Centers for Medicaid and Medicare Services as required, and had undergone a regular audit in February that had no findings. The state “persistently pressured Optum to determine the root cause and correct the issue expeditiously but at the same time, cautiously, so as to not introduce additional issues/problems,” he wrote in an email to VTDigger.

“We take reported issues like this very seriously,” he said.

A history of glitches

The state’s health exchange has been replete with problems, including significant security issues and privacy violations, since it was built in 2012 at a cost of $200 million.

The state fired its first contractor, CGI Technology Systems, in 2014. A subcontractor, Exeter, went out of business in 2015. Optum took over for CGI, and continued to provide maintenance and tech support for the system.

Don Turner
Don Turner, right, then the House minority leader, speaks in 2016 about the need to fix the state’s glitch-ridden Vermont Health Connect website. With him are Phil Scott, left, then the lieutenant governor, and Sen. Joe Benning. Photo by Erin Mansfield/VTDigger

In 2018, when Vermont Health Connect was less than 6 years old, a report dubbed the exchange outdated and “obsolete.”

Officials reported similar privacy breaches in 2013, when Vermonters saw other people’s information.

An auditor’s report in 2016 found a slew of cybersecurity flaws, and officials raised concerns again during a  2018 email breach.

It wasn’t the first time that Vermont Health Connect users had been able to view other people’s personal information. Three times since October 2019, individuals had logged in to see another individual’s insurance documents. Prail attributed those incidents to human error, not to system glitch; a staff member uploaded documents to the wrong site, he said.

In spite of the issues, Prail said he and other state officials have been happy with Optum. After years of technical challenges with Vermont Health Connect, “Optum has really picked up the ball and improved it and been running it pretty well,” he said.

Glitches are inevitable, he added, and Optum has addressed them quickly. “They took a really difficult-to-manage site and made it work pretty well,” he said. “Optum is generally quite responsive to any issues we have.”

“I find any privacy breach to be concerning,” said Scott Carbee, chief information security officer for the state. He noted that the state uses “hundreds of software systems.” “While the scope of the breaches can be mitigated, true prevention is a difficult task,” he wrote in an email to VTDigger.

Optum spokesperson Gwen Moore Holliday referred comments to the state, but said the company was “honored” to work with Vermont Health Connect “to support the health care needs of Vermont residents.”

Prail said the Agency of Human Services had no plans to halt its contract with the company. “I don’t have a complaint about Optum,” he said. “They took a really difficult-to-manage site and made it work pretty well.”

Don’t miss a thing. Sign up here to get VTDigger’s weekly email on Vermont hospitals, health care trends, insurance and state health care policy.

Help us get halfway to our Spring Drive goal. When we reach 1,5000 members, we will unlock a $10,000 match, plus 1,500 Vermont kids get a new book!

Filed under:

Health Care

Tags: data breaches, Optum, Vermont Health Connect

Katie Jickling

About Katie

Katie Jickling covers health care for VTDigger. She previously reported on Burlington city politics for Seven Days. She has freelanced and interned for half a dozen news organizations, including Vermont Public Radio, the Valley News, Northern Woodlands, Eating Well magazine and the Herald of Randolph. She is a graduate of Hamilton College and a native of Brookfield.