xavGE
xavGE
xavGE
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Obligations of a public company<br />
Securities acquired by a nonaffiliate in a<br />
private transaction are also considered<br />
restricted securities for a period of up to<br />
one year.<br />
Rule 144 under the Securities Act is a<br />
common exemption used by affiliates to<br />
resell their company securities, with the<br />
following requirements:<br />
• Holding period—The affiliate must<br />
hold the shares for at least six months<br />
before resale. One exception is for<br />
shares obtained pursuant to a written<br />
compensatory plan or contract. In that<br />
case, Rule 701 under the Securities<br />
Act allows resale under Rule 144<br />
without any holding period. This resale<br />
must occur at least 90 days after the<br />
effective date of the IPO.<br />
• Volume limitation—In any three-month<br />
period, sales by the affiliate may<br />
not exceed the greater of 1% of the<br />
company’s total outstanding shares or<br />
the average weekly reported volume<br />
in the securities on the exchange during<br />
the four weeks preceding the sale.<br />
• Current public information—The<br />
company must have filed all required<br />
reports with the SEC on time.<br />
• Manner of sale—The sale must be<br />
made through a broker-dealer or in<br />
certain other specified transactions<br />
through a stock exchange.<br />
In some cases when using Rule 144,<br />
an affiliate must file Form 144 with the<br />
SEC and the stock exchange on which the<br />
securities trade.<br />
6.4 Ongoing compliance obligations<br />
NYSE Governance Services<br />
The IPO is not the end of the story with<br />
respect to ethics and compliance—in<br />
fact, it is only the beginning. Once listed,<br />
a company will experience far greater<br />
public scrutiny and will have a range of<br />
continuing obligations with which to<br />
comply. Any weakness in its systems<br />
or failure to comply with regulations<br />
could cause public embarrassment to<br />
management, reputational damage and<br />
potential fines for the company and<br />
individuals involved in the failure.<br />
During the last two decades, the<br />
role that directors play with respect<br />
to oversight of a company’s ethics and<br />
compliance program has expanded. The<br />
expansion of director responsibility<br />
has arisen from several key events,<br />
including the enactment of the FSG. The<br />
implementation of the FSG, however, was<br />
only the start of the rapid development of<br />
director oversight responsibility of<br />
ethics and compliance programs. The<br />
decisions in In re Caremark International<br />
Inc. Derivative Litigation 1 and Stone v.<br />
Ritter, 2 two rounds of amendments to<br />
the FSG, the widespread acceptance and<br />
application of Department of Justice<br />
(DOJ) guidance for the prosecution of<br />
organizations and expanded application of<br />
the responsible corporate officer doctrine<br />
all provide that directors must now<br />
exercise greater oversight and control of<br />
compliance than ever before.<br />
Despite these fundamental changes,<br />
organizations often fail to adequately<br />
support directors with the vital resources<br />
and expertise they need to exercise<br />
effective, ongoing oversight of an ethics<br />
and compliance program. Even if an<br />
organization has robust ethics and<br />
compliance practices below the director<br />
level, failure to retain directors who are<br />
knowledgeable about the content of the<br />
program, and who exercise reasonable<br />
oversight of the implementation and<br />
effectiveness of the program, will render<br />
the program “ineffective” in the eyes<br />
of regulators, prosecutors and federal<br />
judges.<br />
Boards should periodically receive<br />
information about:<br />
• the structure and resourcing of the<br />
compliance program and whether<br />
the compliance officer has sufficient<br />
authority to implement the program;<br />
• the structure of the company’s<br />
reporting system and the company’s<br />
policies regarding responding to<br />
suspected misconduct;<br />
• the types of compliance training that<br />
employees and others are required to<br />
complete and any modifications to<br />
those training requirements;<br />
• the company’s risk assessment<br />
process and results and the methods<br />
developed by the company to<br />
prioritize and address the risks<br />
identified therein;<br />
1<br />
698 A 2d 959 (Del. Ch. 1996).<br />
2<br />
911 A.2d 362 (Del. 2006).<br />
• the way in which the company audits<br />
for implementation of the compliance<br />
program and for substantive violations,<br />
especially in high-risk areas; and<br />
• employees’ perception of the company’s<br />
culture of compliance, including fear<br />
of retaliation for reporting suspected<br />
misconduct, and whether employees<br />
believe that management is committed<br />
to compliance.<br />
Just as vital is providing adequate<br />
resources and authority to the person or<br />
persons responsible for the day-to-day<br />
operations of the program. While the FSG<br />
and general best practices do not dictate<br />
a particular structure or level of authority<br />
for the person or persons responsible<br />
for compliance, at a minimum such<br />
individuals must have access to the board<br />
of directors and be of sufficient rank to<br />
effectively carry out their duties.<br />
An organization’s code of conduct is<br />
the cornerstone of any successful program.<br />
But the code, along with any stand-alone<br />
compliance policies, is a living document<br />
that must be regularly reviewed and<br />
periodically updated. The code must speak<br />
to the culture of the organization and be<br />
accessible to all employees in their native<br />
language and at their appropriate reading<br />
level.<br />
The FSG state that an effective<br />
compliance and ethics program should<br />
take reasonable steps to periodically<br />
communicate its standards, procedures<br />
and other guidelines by utilizing<br />
thorough training programs and other<br />
communication tools. Efficient, yet<br />
comprehensive, training is essential for<br />
any ethics and compliance program and is<br />
the most effective way for organizations<br />
to ensure their employees understand<br />
the standards to which they are held.<br />
Training must be periodically evaluated<br />
and reviewed to ensure the content and<br />
presentation is accurate and produces<br />
results. Organizations must establish<br />
comprehensive, risk-based training<br />
plans that take into account changing<br />
demographics and operational and<br />
legal factors. It is equally essential that<br />
organizations regularly communicate<br />
a message of ethics and compliance to<br />
employees at all levels of the organization.<br />
Employees take their cues on culture<br />
and compliance from their managers, so<br />
NYSE IPO Guide<br />
71