VIRTUALLY NO LIABILITY?: SECURITIES MARKETS IN AN ELECTRONIC AGE AN ISSUES PAPER
Table of Contents

Chapter 2 - 2

Legal issues

2.62 As noted above, the most observable characteristic of international electronic markets is that trading crosses traditional jurisdictional boundaries, and may take place outside them. To adapt an example frequently given, a company in Antigua may offer securities on an Internet site which could be taken up by investors in Australia without the ASC having any effective jurisdiction over the issuer or the form of the offer. This has implications both for 'legitimate' and 'questionable' offers.

2.63 Most national regulators claim jurisdiction over offers receivable in their jurisdiction. For example, the US SEC claims jurisdiction over all offers accessible in the United States. The ASC similarly claims jurisdiction over offers accessible in Australia. Given that different jurisdictions impose differing requirements on the content of offers, these competing claims of jurisdiction may deter 'legitimate' companies from seeking to access an international capital market.

2.64 While recognising that securities regulation to date had been essentially nationally based, and that the global aspects of electronic commerce might challenge this approach, the ASC noted that developments in electronic commerce had not yet become significant. In response to the global reach of Internet prospectuses, the ASC has recommended that, in order to avoid foreign regulatory problems, all Australian prospectuses on the Internet should contain a jurisdictional clause stating the jurisdictions in which the offer is available. [54] However, some have cast doubt on the adequacy of this approach. One senior lawyer is quoted as advising:

Although the ASC takes the view that a jurisdiction clause will be sufficient to avoid liability for irregular prospectuses, foreign regulators may take a different stand. [55]

2.65 Furthermore, claims of jurisdiction and the enforcement of laws are different matters. As the advice quoted above continues:

It is possible for offerors in jurisdictions with less stringent regulatory regimes to issue prospectuses and hawk securities in Australia which expose investors to risks which are not acceptable under the corporations law, with little scope for the ASC to intervene ...

Under the Corporations Law, every foreign prospectus lodged on the Internet and accessible in Australia must comply with local standards. However, with its restricted extra-territorial jurisdiction, the ASC has limited ability to enforce these provisions ... [56]

2.66 Unresolved legal issues may extend from classes of transaction - such as the rules governing share offers or takeover offers - to the requirements governing an individual transaction - such as finalising the purchase of a particular parcel of shares. Where such a purchase is made electronically, ensuring the identity of a purchaser assumes considerable importance. It has been pointed out that no law currently governs digital signatures. [57] The Wallis Committee recommended "endorsement by industry and government of the Public Key Authentication Framework developed by Standards Australia to enable a reliable system for digital recognition of individuals and entities to be developed". [58] Under such a Framework, each user would have two 'keys' - one public and one private - and a message encoded with one such key could only be decoded using the other key of same person. The effect of such a system when used to 'cash' an 'electronic cheque' was said to be:

If the banks paid out on a genuine but misused digital signature, they would not be liable for paying out on a forgery. Account holders would need to seek compensation, not from the bank, but from those who misused the signature - if they could be found and if they had the money. [59]

2.67 The Wallis Committee also recommended that Australia adopt appropriate internationally recognised standards for electronic commerce, including for electronic transactions over the Internet and the recognition of electronic signatures. [60]

2.68 Another key issue in existing transactions is ensuring the right of a vendor to sell. The risk that a transaction may not be settled, or that funds may be inappropriately dealt with by an intermediary, has seen the inclusion in the Law of provisions covering dealers' trust accounts, stock exchange fidelity funds and the National Guarantee Fund. Transactions undertaken electronically - particularly if real-time settlement systems [61] became available - might minimise these settlement risks, and might reduce the need for such provisions in the Law.

2.69 In summary, the growth of electronic commerce raises a number of specific legal issues for corporations and securities markets. These include:

• determining the applicable statutory requirements that are imposed on transactions - for example, which law governs the content and accuracy of an offer document made available on the Internet; and which law should govern matters such the takeover of an Internet-traded or Internet-listed company, [62] or insider trading in the shares of such a company;
• determining the law that governs the making and execution of a particular transaction - ie, what law governs the basic contractual requirements for a transaction conducted electronically (such as the 'place' in which the transaction is made), or the consequences of a 'failure' of or fraud in such a transaction (which might range from a computer malfunction or a keying error, to the unauthorised use of an investor's account details); [63]
• determining various related legal issues - for example, the jurisdiction in which to bring any legal action; the statutory enforceability of the listing and business rules of a securities exchange (s 777); the statutory power of the ASC to prohibit trading in particular securities (s 775); and the qualified privilege provided under the Law to a securities exchange covering the publication of information provided to the exchange by a listed entity (s 779(5));
• determining the liability of third parties who may be involved in a transaction - for example, what liability, if any, should attach to an Internet service provider for the content of an electronic prospectus made available through that provider, or to the operator of an Internet site for any linked site;
• proving or evidencing an electronic transaction which is called into question, or which may be taxable or dutiable, and establishing an audit trail to enable any regulator to enforce its laws; and
• irrespective of governing law or applicable law, determining how to enforce that law.

Some issues:

• in what circumstances can an electronic transaction be regarded as legally 'completed' in the absence of conventional seals and signatures?;
• how can the content of electronic communications or 'documents' be proved or guaranteed in the absence of a paper copy, or a central register of all such communications?;
• where a securities transaction or conduct in a securities market is potentially subject to the law of a number of jurisdictions, how will the governing law applicable to that transaction or conduct be determined?;
• what law should govern the creation, administration and winding up of a solely Internet-created or Internet-listed company?; and
• are specific statutory provisions needed to deal with the legal liability of third parties who are involved, or who become associated, with an electronic transaction?

Financial, accounting and disclosure issues

2.70 Where securities are traded internationally, there is a clear need for generally applicable accounting standards, common forms for the presentation of financial information, and uniform disclosure requirements. The application of differing standards raises some obvious difficulties for investors including:

• the reporting of different profit figures in different jurisdictions;
• the reporting of more detailed or fuller financial information in some jurisdictions; and
• a refusal to disclose information in some jurisdictions which is mandatory in others.

2.71 Some investors have the resources to gain access to and, where necessary, reinterpret this financial information for themselves. During a recent inquiry, this Committee was told that:

There are a number of large institutions around the world who, prior to purchasing shares in Australia or Indonesia or in some other regime, require restatement of accounts and policies as best possible onto some broadly comparable standard. I just think it is an inevitable part of the evolution of our market. We will not, as Australia, be able to have unique Australian standards if they are inconsistent with what is generally accepted worldwide. [64]

2.72 This view was broadly endorsed by the Wallis Committee, which recommended that the Australian Accounting Standards Board should, where practicable, seek to harmonise Australia's accounting standards with international standards. [65]

2.73 While harmonisation is clearly a desirable long-term goal, it may not be possible with regard to all standards, and it may not be achieved without extensive and time-consuming negotiation. As a first step, in 1996, this Committee recommended that the Corporations Law should require that information disclosed by Australian-listed companies in overseas jurisdictions should be also be provided to Australian investors through the ASX. It may be that other interim measures are warranted while harmonisation is actively pursued.

Some issues:

• what regulatory approach should be adopted where the accounting or disclosure rules in different jurisdictions result in inconsistent disclosure by a company?;
• should different regulatory approaches be adopted in the short and long term?

Security and other technical issues

2.74 Concerns have been expressed about the technology that underpins networks such as the Internet. It is unclear who bears responsibility for setting the technical standards to be met by the Internet, or for its performance. [66] Responsibility for unauthorised access to the system, for breaches of privacy and for other breaches of security is also unclear. [67]

2.75 It is often said that the apparent insecurity of many electronic transactions - particularly Internet transactions - is the most significant deterrent to the growth of electronic commerce. Similar concerns are often expressed about the security of electronically stored information.

2.76 It was recently estimated that, in 1996, American companies spent in the order of US$6 billion on network security. Yet a survey of 400 companies and institutions in March 1996 revealed that more than 40% had reported recent break-ins to their computer networks. Some 30% of all break-ins involving the Internet took place despite the presence of a 'firewall' - a computer equipped with costly software that is supposed to let only legitimate traffic pass. [68] Estimates for financial losses from computer crime are as high as US$10 billion a year, with as many as 95% of break-ins going undetected. [69]

2.77 Network linkages may amplify these security concerns. For example, a hacker might exploit inadequate security measures put in place by one company to invade its network, and then use this to disrupt operations at other companies. Where the resulting damage is substantial, those other companies might attempt to hold the first company liable.

2.78 Attention has been drawn to agreements such as the EDI Council of Australia's "Model Electronic Data Interchange Agreement", published in 1990, as the most appropriate format for conducting aspects of electronic commerce on the Internet. [70]

2.79 The Wallis Committee forecast generally that:

For financial transactions over the Internet, international security standards are being developed by software companies, international credit card associations and third parties such as telecommunications carriers. Given the relatively small size of the Australian market. domestic financial institutions will adopt standards prevailing in larger markets such as the US. There is therefore no requirement for specific government intervention in this area. [71]

2.80 However, simply adopting international standards is not free from difficulty. For example, the international credit card associations Visa and MasterCard, together with many of the world's software companies, have developed the Secure Electronic Transaction (SET) standard:

As well as encrypting any credit-card data sent over the Internet, SET uses cryptography to authenticate all parties to the transaction, including the consumer, merchant and the banks, preventing such things as "man-in-the-middle" and "rogue-merchant" attacks, where people intercept messages and decrypt them before forwarding them on to the intended recipient.

It has the further benefit of not revealing credit-card details to the merchant - which merely passes the transaction to its bank - thus preventing a certain type of credit-card fraud commonly referred to as the "waiter" attack, where the merchant makes a copy of the credit-card number and sells it or re-uses it illegally. [72]

2.81 This standard was supposed to be ready for worldwide implementation at the end of 1996. However, this timetable could not be met because non-American banks expressed concern about the design of SET, the initial versions of which were apparently developed to complement the highly regionalised US banking system. Clearly, standards developed nationally may not necessarily be suitable as international standards.

2.82 Another barrier to secure electronic commerce is represented by strict government controls over the dissemination of encryption products. While US policy in this area is well known, Australian policy is broadly similar. One company apparently affected by this policy was the software firm Nexus Solutions, which developed NTrust - a secure encryption system capable of encrypting files with a key length of 33,344 character-bits:

Nexus Solutions had already lined up a distributor in Europe for NTrust and had the World Health Organisation beta testing the product when it began marketing the system to government organisations and corporates locally. It was quickly told by the Defence Signals Directorate that exporting the product would be illegal.

Sales overseas would only be possible with a separate export licence for each purchaser, and distribution of demonstration versions via the Internet would also be a violation of laws governing the export of munitions. [73]

Some issues:

• who should bear responsibility for setting the various technical standards to be met by the Internet, or other electronic networks, and for their performance?;
• what approach, if any, should Australia take to the adoption of international security standards for electronic commerce?; and
• what policy approach should be taken to dissemination of secure encryption technologies?

Other regulatory issues

2.83 In addition to the regulatory issues canvassed above, two other such issues should also be raised: the possibility that issuers or investors may indulge in "regulatory arbitrage", and the implications of electronic capital raising for Australia's foreign investment policies.

Regulatory arbitrage

2.84 'Regulatory arbitrage' is a term that has been used by a number of commentators, including Mr Richard Humphry, the Chief Executive of the ASX. Where issuers and investors have a choice of markets on which to transact their business, one major factor influencing their choice will be cost, both direct and indirect. Since excessive regulation imposes excessive costs, an over-regulated market will lose business to a market that, while well regulated, is less regulated:

One common, but I suggest erroneous, response to this proposition is that giving in to the force of regulatory arbitrage will necessarily lead to a downward regulatory spiral to the state of the least-regulated competing market. Of course that isn't so, for the simple reason that many investors and issuers don't want to deal on an inadequately regulated market. They want the security of adequate regulation, but they won't put up with the burdens of excessive regulation when they have an alternative.

The existence of regulatory arbitrage means that national governments and regulators are going to have to balance the need for the markets they regulate to be internationally competitive, on the one hand, with their natural desire to apply what they believe to be appropriate regulatory policies domestically, even if they impose greater costs on market users. [74]

2.85 This broad issue was also noted in the Wallis Committee Report, which spoke of the possibility of 'regulatory competition' between competing jurisdictions. That Committee concluded that regulatory competition "could lead to an overall lowering of regulatory standards" but that "the more likely outcome is that regulators will have an incentive to develop a range of regulatory frameworks across jurisdictions which best meet the needs of participants and users in those markets". [75]

Regulation of foreign investment

2.86 Currently, Australia screens foreign investment under the Foreign Acquisitions and Takeovers Act 1975. Among other things, this Act:

• requires foreign persons to notify the Treasurer of certain agreements to acquire substantial shareholdings in Australian corporations; and
• enables the Treasurer to prohibit certain proposed acquisitions or exercises of control by foreign persons where the Treasurer determines that these actions are not in the national interest. [76]

2.87 In exercising these powers, the Treasurer is able to take advice from the Foreign Investment Review Board (FIRB). FIRB also examines certain proposals which are not subject to the Act. These include all proposals for foreign investment in the media sector.

2.88 The Act defines an Australian corporation as "a trading corporation, a financial corporation or a corporation incorporated in a Territory under the Law in force in that Territory relating to companies". [77] An Australian business is defined as "a business that is carried on wholly or partly in Australia in anticipation of profit or gain". [78] It may be that these definitions, and the provisions of the Act or its guidelines, do not fully comprehend the possible effects of global electronic commerce.

Some issues:

• will global electronic capital raising and securities trading involve 'competition' between regulators or the laws they administer, and will any such competition expose Australian investors to unacceptable risk?; and
• what effect, if any, will global electronic capital raising and securities trading have on the exercise of powers under legislation governing foreign acquisitions and takeovers?

 

Footnotes:

[54] 'Lawyers warn of dangers in Internet prospectuses', Australian Financial Review, 3 February 1997, p 4.

[55] 'Lawyers warn of dangers in Internet prospectuses', Australian Financial Review, 3 February 1997, p 4.

[56] 'Lawyers warn of dangers in Internet prospectuses', Australian Financial Review, 3 February 1997, p 4.

[57] 'Dangers of forging ahead with digital signatures', Australian Financial Review,12 May 1997, p 38.

[58] Wallis Committee Report, p 502.

[59] 'Dangers of forging ahead with digital signatures', Australian Financial Review, 12 May 1997, p 39.

[60] Wallis Committee Report, p 503.

[61] Under such a system, a transaction would be instantly verified, paid for and settled. Real-time gross settlement systems are discussed at p 113 of the Wallis Committee Report.

[62] In NCSC v Brierley Investments Ltd (1988) 6 CLC 995 B Ltd, a New Zealand company acquired 30% of the shares in another New Zealand company, thereby acquiring an interest in more than 20% of a company incorporated in NSW, so contravening the NSW takeovers code. A NSW court rejected the argument that it was beyond the power of the NSW Parliament to legislate for the share buying activities of New Zealand companies in New Zealand.

[63] Some recent examples of 'failure' in electronic transactions include: the doubling of all computer -generated credits and debits to 300,000 Commonwealth Bank accounts on 16 April 1997 and the trading of securities using the ASX's CHESS system apparently without authorisation from the owners of those securities: see, generally, The Australian, 17 April 1997, p 1; Australian Financial Review, 28 April 1997, p 1.

[64] Corporations and Securities Committee, Inquiry into the Draft Second Corporate Law Simplification Bill 1996, Committee Hansard, 2 October 1996, p CS 93 (Mr Wozniczka).

[65] Wallis Committee Report, p 271.

[66] Gordon Hughes, 'Nowhere to hide?: Privacy and the Internet', Computers & Law No 29 (June 1996) p 22.

[67] id.

[68] 'Who's Reading Your E-mail', Time, 3 February 1997, p 65.

[69] id.

[70] Gordon Hughes, 'Nowhere to hide?: Privacy and the Internet', Computers & Law, No 29 (June 1996) p 22.

[71] Wallis Committee Report, p 501.

[72] 'Visa claims Net payment first', Australian Financial Review, 30 April 1997, p 30.

[73] 'Making the transition', Australian Personal Computer, February 1997, p 74.

[74] Richard Humphry, 'Impact of Electronic Commerce: The Market's Perspective', a Paper delivered at Regulating the Marketspace, ASC Electronic Commerce Conference, Sydney, 4-5 February 1997, p 2.

[75] Wallis Committee Report, p 153.

[76] Foreign Acquisitions and Takeovers Act 1975 (Cth) ss 18, 19 and 21.

[77] Foreign Acquisitions and Takeovers Act 1975 (Cth) s 5(1).

[78] Foreign Acquisitions and Takeovers Act 1975 (Cth) s 7.