From the Regulators

Report flags misleading non-GAAP financial measures, social media and cybersecurity as concerns

By James Langton |

Corporate issuers continue to have trouble fully meeting their disclosure obligations to investors, according to a report from the Ontario Securities Commission's (OSC) corporate finance branch published Thursday.

The Corporate Finance Branch 2016-2017 Annual Report details the outcome of continuous disclosure (CD) reviews, provides compliance guidance to the individuals and entities the OSC oversees, and their advisors, and highlights the branch's policy work in emerging areas.

According to the report, almost all of the CD reviews in the past year required some sort of regulatory response, including 16% of CD reviews that required an issuer to refile documents. The sorts of shortcomings that required firms to refile their disclosure include management discussion and analysis that contains potentially misleading non-GAAP financial measures — an issue that regulators have repeatedly raised.

"We continue to see deficiencies in the quality of issuers' disclosures, and will be actively reviewing the use of non-GAAP financial measures and forward-looking information in the coming fiscal year," says Huston Loke, director of corporate finance at the OSC, in a statement. "We encourage issuers to use this report as a guide to help improve their disclosure in these areas."

Many of the targeted reviews carried out by the OSC last year involved efforts to educate issuers and raised awareness in emerging areas, such as the use of social media, and cybersecurity disclosure.

Issuers generally need to improve the quality of their social media disclosures "to prevent unbalanced, misleading or selective disclosures," the report notes.

In the area of cybersecurity, the report stresses that issuers must provide disclosure on material risks that is "as detailed and entity specific as possible." When companies suffer a breach of cyber security, the report notes, they must determine whether the incident represents a material fact, or a material change, which requires disclosure, under securities law. "This determination is a dynamic process throughout the detection, assessment and remediation phases of a cybersecurity incident, and should consider direct impacts on the business as well as regulatory and reputational matters," it says.

In the exempt market, CD reviews also found instances of inadequate disclosure. OSC staff issued comment letters to issuers for several reasons, the report notes, including failure to comply with the disclosure requirements under the offering memorandum exemption (OM), providing insufficient disclosure about the company's business, and providing out of date disclosure.

In the coming year, the regulator it will continue to focus on distributions made under the OM exemption, the report notes, and it intends to prioritize reviews of distributions in the real estate and mortgage sector, as it takes responsibility for overseeing syndicated mortgage investments from the Financial Services Commission of Ontario.

Additionally, the OSC is already seeing more financings by companies in the marijuana business, according to the report, as the federal government proceeds with plans to legalize recreational marijuana. In particular, the report says that licensed medical marijuana producers are raising capital in order to ramp up production in anticipation that the drug will be legalized for recreational use too. "If issuers publicly state that they are funding construction projects to expand their current production growth facilities in anticipation of the legalization of recreational marijuana in Canada, such disclosure should be qualified, as appropriate, by specific risk factor disclosure," it stresses.

"This emerging industry often requires enhanced disclosure due to regulatory uncertainty, differences in legal and regulatory frameworks across jurisdictions and other novel considerations that should be disclosed to investors," the report says.