Internal Control and Reg FD Fails
The Securities and Exchange Commission has fined a Florida pharmaceutical firm $200,000 for violating Regulation Fair Disclosure — an offense we don’t see too often in compliance land, and therefore offers a good glimpse into the control failures that might lead to this sort of trouble.
The company, TherapeuticsMD, develops hormone therapies to help with women’s health issues related to menopause. In 2017, TherapeuticsMD was talking with the Food & Drug Administration to find a path for one of its candidate drugs to secure regulatory approval and begin sale to the public.
The FDA had some questions about whether the drug, TX-004HR, posed risks to users. The company met with FDA regulators on June 14, 2017, to review testing data about the drug, “and ended without the FDA providing a clear path forward for approval,” as the SEC complaint diplomatically phrased it.
Executives at TherapeuticsMD knew that market analysts following the company were bullish on TX-004HR’s prospects. So at a company meeting the following day, executives decided to be bullish about the drug’s prospects, too. One executive then sent an email to six analysts following TherapeuticsMD, describing the FDA meeting as “very positive and productive” and saying the company would be “waiting on meeting minutes to decide on the path forward.”
The analysts loved that news, and published research notes to the same effect, and TherapeuticsMD’s stock jumped 19.4 percent on June 16 One problem: the company never disclosed any news of the FDA meeting to investors generally.
That’s a violation of Regulation FD.
The rule bars selective disclosure of material, nonpublic information. Or, in the event of accidental disclosure, the company must disseminate said material, nonpublic information to the public within 24 hours. TherapeuticsMD said nothing until June 17, 2017, a full two days after the original disclosure.
But wait, it gets better!
In July 2017 the FDA finally passed along its minutes of that June 14 meeting — the one executives had decided to describe as “very positive and productive.” Well, the FDA’s minutes were decidedly less enthusiastic, so on July 17 the company issued a press release blandly stating that the original meeting had “enabled the company to present new information” that could “address concerns raised by the FDA.”
Hmmm, the market said, that doesn’t sound very positive and productive to us. The company’s stock promptly dropped 16 percent in pre-market trading.
That led to a conference call with those six analysts later in the day, where executives mentioned that they had shown the FDA the results of three previous studies, plus results of a fourth study still ongoing. During that call, a TherapeuticsMD executive emailed copies of the three studies, plus another statement from the company’s chief medical officer, to the six analysts.
After that call, the analysts published new research notes that resumed their bullish tone. By the end of that day, July 17, the stock price had rebounded and only closed down 6.6 percent from its open price.
One problem: TherapeuticsMD didn’t tell anyone else about that data it had shared with the FDA, until an earnings call on Aug. 3, 2017. So the company committed a second Regulation FD violation while trying to clean up the mess it made with overly optimistic statements related to the first Reg FD violation.
For the record, TX-004HR ultimately did win FDA approval in 2018, and is now for sale under the name IMVEXXY. We still have internal control lessons to ponder here, so let’s get to it.
Internal Control Failures
What strikes me in the complaint is how TherapeuticsMD responded when regulators contacted the company on June 16, the day of the first Reg FD violation. A market watch official at NYSE called the company that afternoon, noting that share price was up 21 percent on heavy trading volume. Was the company aware of any material information that might be affecting the stock?
From the SEC complaint:
Company executives who responded did not know of the emails sent to analysts the prior day…. They replied that they were not aware of any material information. The executives did not conduct any inquiry to determine the cause of the significant stock price movement, or to assess whether the magnitude of the price movement could be explained by the anticipated volume or possible market volatility that day.
That is not good. Employees responsible for regulatory compliance — including compliance with Reg FD — didn’t know what operating executives were telling analysts; and operating executives didn’t know that what they were telling analysts had implications for regulatory compliance.
That happens when the compliance function is kept at arm’s length from important business debates.
We don’t know whether the compliance function involved in that meeting on June 15, where executives decided to describe an inconclusive meeting with regulators as “very positive.” That meeting, however, was to develop a communications strategy about an event material to the company — so compliance or investor relations should have been there, to warn everyone else that they had to proceed with caution; or at least already assured that those people in the room knew their Reg FD duties.
So, question for a compliance officer to ask: In what councils or deliberations would our company make decisions about public statements? Do I need to be there? Has everyone who does attend those meetings received proper training on Regulation FD? (After all, selective disclosure of material nonpublic information can be a convoluted concept to grasp for the novice.)
Reg FD Policies & Procedures
The root problem for TherapeuticsMD is actually clear: it had no policies and procedures for Reg FD compliance. Hence when NYSE officials called on that June 16 to ask what was going on, nobody could give a coherent answer. The company —
- Had not trained employees on what Reg FD was, or their duties for compliance with it;
- Had no protocols to review external communications about material events before those communications went out the door;
- Had no ability to determine whether employees had sent any material nonpublic information to outsiders, which suggests weaknesses in surveillance of sensitive data and an inability to govern confidential information;
- Had no protocols to rectify inadvertent disclosure — which you can typically do easily, with a quick press release repeating whatever material, nonpublic information had already been shared.
That is a grave inability to fulfill compliance duties. Not just because violations are so easy to commit; but also because such violations undermine the broader ethical environment at the company and in society as a whole. Reg FD was adopted in 2000 specifically because too many investors in the late 1990s believed they were locked out of important information, and that companies stacked the playing field in favor of insiders. Investors were right.
As part of its settlement, TherapeuticsMD has all those policies and procedures in place today. It’s just sad to see a company not have those measures in place already. Reg FD has been around nearly 20 years. Companies have been busted for violating it before, and they will be again. Awareness of Reg FD is a cornerstone of good investor relations.
Anyway, those are all lessons in Reg FD compliance we should disclose from the rooftops.