On December 19, 2019, the SEC’s Division of Corporation Finance issued CF Disclosure Guidance: Topic No. 8, Intellectual Property and Technology Risks Associated with International Business Operations.

Compliance program requirements

The guidance provides the Division of Corporation Finance (CorpFin) views on disclosure obligations regarding risks related to the potential theft or compromise of data, technology, and intellectual property (IP) within the context of the federal securities laws and the SEC’s principles-based disclosure system, which companies should consider when conducting business in foreign jurisdictions.

Sources of risks

In today’s business environment, companies may be exposed to material risks of theft of proprietary technology and other IP, including technical data, business processes, data sets or other sensitive information. These risks may increase when companies conduct business in certain jurisdictions outside the United States: store technology, data, or intellectual property abroad or license technology to joint ventures with foreign partners. For example, technology, data, or IP may be stolen or compromised through direct intrusions, such as cyber intrusions into a company’s computer systems or physical theft, or through indirect intrusions, such as reverse engineering of products or components.

Further, in order to access or conduct business in certain foreign markets, companies may be required to compromise protections or yield rights to their technology, data or IP. The guidance provides examples of arrangements or requirements that could limit the company’s ability to protect its own technology, data, or IP, which may negatively impact the company’s current and future competitive edge.

Assessing and disclosing risks

The guidance encourages companies to assess the risks of potential theft or compromise of technology, data, or IP in connection with international operations, including how these risks could impact their business, financial condition and results of operations, reputation, stock price, and long-term value. When material to investment and voting decisions, companies should provide tailored disclosures that are specific to a company’s facts and circumstances.

Notably, the guidance indicates that when a company’s technology, data, or IP is or was previously compromised, hypothetical disclosure of potential risks is not sufficient.

In CorpFin’s view, companies should assess the materiality of these risks now and on an ongoing basis and update disclosures accordingly. The guidance includes detailed questions regarding a company’s current and future operations that should be considered to assess risks related to IP and technology and the related disclosure obligations.


Grant Thornton, On the Horizon January 9, 2019.

We are committed to keep you updated of all developments that may affect the way you do business in Puerto Rico.  Please contact us for further assistance in relation to this or any other matter.