Dear All, I’m Xiaosheng Tan, the Chief Security Officer of Qihoo 360, on the inquiry of the disclosure of Wosign deal, we are not obligated to disclose it under the SEC regulation, here is the reply from our internal lawyers:
“While we were a public company listed on NYSE, we did not disclose WoSign as our subsidiaries as our reporting obligation only requires us to disclose our “significant subsidiaries” in SEC filings. The definition of “significant subsidiaries” is enclosed below. Since WoSign is not our significant subsidiary according to this definition, we are not legally required to disclose it in our SEC filings. In general, our reporting obligations follow a “materiality” standard under the United States Securities Exchange Act of 1934 and the NYSE Listed Company Manuel. Regulation S-X § 210.1-02 Significant subsidiary. The term significant subsidiary means a subsidiary, including its subsidiaries, which meets any of the following conditions: (1) The registrant's and its other subsidiaries' investments in and advances to the subsidiary exceed 10 percent of the total assets of the registrant and its subsidiaries consolidated as of the end of the most recently completed fiscal year (for a proposed combination between entities under common control, this condition is also met when the number of common shares exchanged or to be exchanged by the registrant exceeds 10 percent of its total common shares outstanding at the date the combination is initiated); or (2) The registrant's and its other subsidiaries' proportionate share of the total assets (after intercompany eliminations) of the subsidiary exceeds 10 percent of the total assets of the registrants and its subsidiaries consolidated as of the end of the most recently completed fiscal year; or (3) The registrant's and its other subsidiaries' equity in the income from continuing operations before income taxes, extraordinary items and cumulative effect of a change in accounting principle of the subsidiary exclusive of amounts attributable to any noncontrolling interests exceeds 10 percent of such income of the registrant and its subsidiaries consolidated for the most recently completed fiscal year. “ Even Richard is the CEO of Wosign, he is not authorized to do any comments to Qihoo 360 legally, thanks for the understanding. Thanks, Xiaosheng Xiaosheng Tan, Chief Security Officer Qihoo 360 E-Mail: tanxiaosh...@360.cn Web: www.360.cn <http://www.360.cn/> Address: Bldg 2, 6 Haoyuan, Jiuxianqiao Rd, Chaoyang Dist, Beijing, China 100015 在 16/9/20 下午2:05,“dev-security-policy 代表 Percy”<dev-security-policy-bounces+tanxiaosheng=360...@lists.mozilla.org 代表 percyal...@gmail.com> 写入: On Monday, September 19, 2016, Richard Wang <rich...@wosign.com> wrote: > Thanks for your pointing out one of the very important evidence for the > transaction is NOT completed till yesterday that we released the news after > it is finished at the first phase. We just finished the UK company > investment. > > For Qihoo 360, I don't know anything and I don’t have the right to do any > comment. Sorry. Considering that StartCom is hosted by Qihoo 360 https://pierrekim.github.io/blog/2016-02-16-why-i-stopped-using-startssl-because-of-qihoo-360.html and that you're the sole director of StartCom, it's hard for me to believe that you "don't know anything" about Qihoo 360. > > Best Regards, > > Richard > > -----Original Message----- > From: Peter Bowen [mailto:pzbo...@gmail.com <javascript:;>] > Sent: Tuesday, September 20, 2016 10:18 AM > To: Richard Wang <rich...@wosign.com <javascript:;>> > Cc: Nick Lamb <tialara...@gmail.com <javascript:;>>; > mozilla-dev-security-pol...@lists.mozilla.org <javascript:;> > Subject: Re: Incidents involving the CA WoSign > > Richard, > > As someone pointed out on Twitter this morning, it seems that the PSC > notification for Startcom UK was filed recently: > https://s3-eu-west-1.amazonaws.com/document-api-images-prod/docs/ > UdxHYAlFj6U9DNs6VBJdnIDv4IQAWd4YKYomMERO_2o/application-pdf > Were you unaware of this filing? > > Additionally, companies that register to trade on the New York Stock > Exchange have to file reports with the US Security and Exchange > Commission. Qihoo 360 filed a report that included a list of their > variable interest entities and Qihoo's percent of economic interest in each > (https://www.sec.gov/Archives/edgar/data/1508913/ > 000114420413022823/v341745_20f.htm > page F-10). It also describes all the ways in which Qihoo 360 controls > these entities, including assuring that Qihoo has decision making authority > over the entities. > > I agree that Mozilla does not require reporting that multiple Root CAs are > Affiliates. Perhaps it should. However, as you know, the CA/Browser Forum > does require such. So I don't think it would be a stretch for Mozilla to > do so. It is something that should probably be added to the 2.3 policy > discussion. > > Thanks, > Peter > > > On Mon, Sep 19, 2016 at 6:51 PM, Richard Wang <rich...@wosign.com > <javascript:;>> wrote: > > Thanks for your detail info. > > No worry about this, all companies must be complied with local law. > > > > But I really don't care who is my company's shareholder's shareholder's > shareholder, you need to find out this by yourself if you care. > > > > If you think Mozilla must require this, please add to the Mozilla policy > that require all CA disclose its nine generation including all subordinate > companies and all parent companies. > > > > > > Best Regards, > > > > Richard > > > > -----Original Message----- > > From: dev-security-policy > > [mailto:dev-security-policy-bounces+richard <javascript:;> > =wosign.com@lists.mozilla.o > > rg] On Behalf Of Nick Lamb > > Sent: Tuesday, September 20, 2016 9:06 AM > > To: mozilla-dev-security-pol...@lists.mozilla.org <javascript:;> > > Subject: Re: Incidents involving the CA WoSign > > > > On Tuesday, 20 September 2016 01:25:59 UTC+1, Richard Wang wrote: > >> This case is WoSign problem, you found out all related subordinate > companies and all related parent companies that up to nine generations! I > think this is NOT the best practice in the modern law-respect society. > > > > It seems the governments of the European Union countries (including the > UK where one of the mentioned companies is located) disagree with you about > whether this is best practice. > > > > Identifying individual human persons behind a company is a key plank of > their anti-money laundering and anti-tax evasion policies. To identify > these human persons it is necessary to look through any number (even more > than nine) of layers of corporate ownership. In the UK the legal term is > Persons with Significant Control and PSC registration is mandatory since > this summer, a company registered in the UK is obliged to figure out if > there are such Persons and if so list them in its routine filings. Failing > to properly investigate, or concealing the truth about control of the > company is punishable by forfeiture, ie the state would seize the company's > assets. > -- _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy