Dear All,

I’m Xiaosheng Tan, the Chief Security Officer of Qihoo 360, on the inquiry of 
the disclosure of Wosign deal, we are not obligated to disclose it under the 
SEC regulation, here is the reply from our internal lawyers:

“While we were a public company listed on NYSE, we did not disclose WoSign as 
our subsidiaries as our reporting obligation only requires us to disclose our 
“significant subsidiaries” in SEC filings. The definition of “significant 
subsidiaries” is enclosed below. Since WoSign is not our significant subsidiary 
according to this definition, we are not legally required to disclose it in our 
SEC filings. In general, our reporting obligations follow a “materiality” 
standard under the United States Securities Exchange Act of 1934 and the NYSE 
Listed Company Manuel.
Regulation S-X § 210.1-02
Significant subsidiary. The term significant subsidiary means a subsidiary, 
including its subsidiaries, which meets any of the following conditions:
(1) The registrant's and its other subsidiaries' investments in and advances to 
the subsidiary exceed 10 percent of the total assets of the registrant and its 
subsidiaries consolidated as of the end of the most recently completed fiscal 
year (for a proposed combination between entities under common control, this 
condition is also met when the number of common shares exchanged or to be 
exchanged by the registrant exceeds 10 percent of its total common shares 
outstanding at the date the combination is initiated); or
(2) The registrant's and its other subsidiaries' proportionate share of the 
total assets (after intercompany eliminations) of the subsidiary exceeds 10 
percent of the total assets of the registrants and its subsidiaries 
consolidated as of the end of the most recently completed fiscal year; or
(3) The registrant's and its other subsidiaries' equity in the income from 
continuing operations before income taxes, extraordinary items and cumulative 
effect of a change in accounting principle of the subsidiary exclusive of 
amounts attributable to any noncontrolling interests exceeds 10 percent of such 
income of the registrant and its subsidiaries consolidated for the most 
recently completed fiscal year.
Even Richard is the CEO of Wosign, he is not authorized to do any comments to 
Qihoo 360 legally, thanks for the understanding.

Xiaosheng Tan, Chief Security Officer
Qihoo 360
Web: <>
Address: Bldg 2, 6 Haoyuan, Jiuxianqiao Rd, Chaoyang Dist, Beijing, China 100015

在 16/9/20 下午2:05,“dev-security-policy 代表 
Percy”< 代表> 写入:

    On Monday, September 19, 2016, Richard Wang <> wrote:
    > Thanks for your pointing out one of the very important evidence for the
    > transaction is NOT completed till yesterday that we released the news 
    > it is finished at the first phase. We just finished the UK company
    > investment.
    > For Qihoo 360, I don't know anything and I don’t have the right to do any
    > comment. Sorry.
    Considering that StartCom is hosted by Qihoo 360
    that you're the sole director of StartCom, it's hard for me to believe that
    you "don't know anything" about Qihoo 360.
    > Best Regards,
    > Richard
    > -----Original Message-----
    > From: Peter Bowen [ <javascript:;>]
    > Sent: Tuesday, September 20, 2016 10:18 AM
    > To: Richard Wang < <javascript:;>>
    > Cc: Nick Lamb < <javascript:;>>;
    > <javascript:;>
    > Subject: Re: Incidents involving the CA WoSign
    > Richard,
    > As someone pointed out on Twitter this morning, it seems that the PSC
    > notification for Startcom UK was filed recently:
    > UdxHYAlFj6U9DNs6VBJdnIDv4IQAWd4YKYomMERO_2o/application-pdf
    >  Were you unaware of this filing?
    > Additionally, companies that register to trade on the New York Stock
    > Exchange have to file reports with the US Security and Exchange
    > Commission.  Qihoo 360 filed a report that included a list of their
    > variable interest entities and Qihoo's percent of economic interest in 
    > (
    > 000114420413022823/v341745_20f.htm
    > page F-10).  It also describes all the ways in which Qihoo 360 controls
    > these entities, including assuring that Qihoo has decision making 
    > over the entities.
    > I agree that Mozilla does not require reporting that multiple Root CAs are
    > Affiliates.  Perhaps it should.  However, as you know, the CA/Browser 
    > does require such.  So I don't think it would be a stretch for Mozilla to
    > do so.  It is something that should probably be added to the 2.3 policy
    > discussion.
    > Thanks,
    > Peter
    > On Mon, Sep 19, 2016 at 6:51 PM, Richard Wang <
    > <javascript:;>> wrote:
    > > Thanks for your detail info.
    > > No worry about this, all companies must be complied with local law.
    > >
    > > But I really don't care who is my company's shareholder's shareholder's
    > shareholder, you need to find out this by yourself if you care.
    > >
    > > If you think Mozilla must require this, please add to the Mozilla policy
    > that require all CA disclose its nine generation including all subordinate
    > companies and all parent companies.
    > >
    > >
    > > Best Regards,
    > >
    > > Richard
    > >
    > > -----Original Message-----
    > > From: dev-security-policy
    > > [mailto:dev-security-policy-bounces+richard <javascript:;>
    > > rg] On Behalf Of Nick Lamb
    > > Sent: Tuesday, September 20, 2016 9:06 AM
    > > To: <javascript:;>
    > > Subject: Re: Incidents involving the CA WoSign
    > >
    > > On Tuesday, 20 September 2016 01:25:59 UTC+1, Richard Wang  wrote:
    > >> This case is WoSign problem, you found out all related subordinate
    > companies and all related parent companies that up to nine generations! I
    > think this is NOT the best practice in the modern law-respect society.
    > >
    > > It seems the governments of the European Union countries (including the
    > UK where one of the mentioned companies is located) disagree with you 
    > whether this is best practice.
    > >
    > > Identifying individual human persons behind a company is a key plank of
    > their anti-money laundering and anti-tax evasion policies. To identify
    > these human persons it is necessary to look through any number (even more
    > than nine) of layers of corporate ownership. In the UK the legal term is
    > Persons with Significant Control and PSC registration is mandatory since
    > this summer, a company registered in the UK is obliged to figure out if
    > there are such Persons and if so list them in its routine filings. Failing
    > to properly investigate, or concealing the truth about control of the
    > company is punishable by forfeiture, ie the state would seize the 
    > assets.
    dev-security-policy mailing list

dev-security-policy mailing list

Reply via email to