With the Illinois Supreme Court’s recent decision in Rosenbach v. Six Flags Entertainment Corp., the floodgates have opened for class actions in Illinois against businesses that collect biometric information from employees or customers. In Rosenbach, the Illinois Supreme Court ruled that alleged procedural violations of Illinois’s Biometric Information Privacy Act (“BIPA”) are enough, without alleging actual injury to an individual, to bring an action under the law. Although the details of that decision can be relevant to specific situations, —you need to know what to do now in light of this new ruling, particularly if your company currently is collecting biometric information from customers or employees, or considering doing so in the near future.

If your company has been collecting biometric data:

• Initiate a rapid internal audit to determine how your company, or any agent or contractor you hire, is using biometric data for any reason (e.g., security for facilities or devices, time clock or other employment verification, or marketing to consumers).
• Once you understand the scope of biometric data collection, implement BIPA’s requirements, which include: (1) informing an individual that his or her biometric information is being collected or stored; (2) informing the individual of the purpose of the collection, storage and/or its use, along with how long such information will be collected, stored, or used; and (3) receiving a written release from the individual to collect the information.

Since the Rosenbach ruling, we have seen a quick and significant increase in the number of BIPA class action lawsuits filed. If your company is currently facing a lawsuit over an alleged BIPA violation, consider taking the following steps: 

• Remove the case to federal court, if possible. Based on Supreme Court precedent and a recent decision from an Illinois federal court, defendants facing these class actions may be able to challenge a plaintiff’s standing to bring suit based solely on a procedural violation of the statute where no actual harm has occurred.

• Identify sources of either express or implied consent for the collection of biometric information. For example, employees may have received notice from an employee handbook about collection of their biometric data.  
• Assert class action defenses related to typicality and commonality. Typicality is meant to ensure that the named plaintiff’s claims have the same essential characteristics as the claims of the entire class. If proof of the named plaintiff’s claims would not necessarily prove all of the proposed class members’ claims, the plaintiff fails the typicality requirement.  Commonality requires plaintiffs to demonstrate that the class members have suffered the same injury, meaning that they were affected by the same violation of the same statute. This emphasis on dissimilarities between plaintiffs will illustrate whether there are any class-wide commonalities.

Finally, companies considering biometric data collection in Illinois should:

• Prepare explicit disclosures and documents for written consent as required by BIPA.
• Determine whether the collection of biometric data is truly necessary for the business, given the strict requirements of BIPA and increase in the number of lawsuits. If this data is necessary, collect as little as possible and consider whether it can be captured and not retained.
• Avoid collection of biometric data in Illinois. Some companies have begun altering their behavior in Illinois to adhere to the law. For example, Nest, a maker of smart thermostats and doorbells, sells a doorbell with a camera that can recognize visitors by their faces. However, Nest does not offer that feature in Illinois because of BIPA.
• Keep an eye on legislative developments. Many other states have considered biometric privacy legislation over the years, but only Texas (in 2009) and Washington (in 2017) have passed such laws. But that may change soon. In the first few weeks of 2019 alone, legislators have already introduced new bills in Arizona, Connecticut, New Hampshire, New Mexico, New York, Oregon, and Washington. These initiatives have the potential to introduce a conflicting national patchwork of regulations.
• In Illinois, there is currently a bill (SB3053) pending before the Illinois legislature to amend BIPA. The bill proposes to exempt private entities from BIPA’s requirements under a number of circumstances, including (1) if the biometric information is used “exclusively for employment, human resources, fraud prevention, or security purposes,” (2) if the company “does not sell, lease, trade or similarly profit” from the biometric information, or (3) if the company protects biometric information at least as securely as it secures other sensitive information.

This article is adapted from the recent Asia Ascending: Insider Strategies for Competing with the Global Colossus, published by the American Bar Association.

President Trump surprised many observers in August 2017 when he abruptly ordered the Office of the United States Trade Representative (USTR) to initiate an in-depth investigation into China and the need for protecting intellectual property (IP). The USTR confirmed that 40 million jobs in America were at risk because they were, either directly or indirectly, attributable to IP industries. The president utilized section 301 of the Trade Act of 1974 as the tool to target what he viewed as China’s unjustified actions harming certain U.S. industries. Interestingly, the president used section 301 in the same way it had been utilized two decades earlier to target Japanese trade practices.

Six months later, after it was announced that China’s 2017 trade deficit with the United States had exceeded $375 billion, the issue came to a very public boil. The trade deficit with China now dwarfs the size of the trade deficit with Japan during the 1990s. The Trump administration’s reaction to the trade deficit was to impose high tariffs on some Chinese goods with the threat of higher tariffs on a broader range of goods if significant changes were not implemented. As we all know, China retaliated.

Although unlikely to resolve quickly, I predict this high-profile clash—“trade war” may be too strong a label—will fizzle out over time. There are two key factors influencing the current trade dispute between the United States and China: economics and politics.

First, consider the economic factors. Although neither China nor the United States is willing to publicly admit it, both countries are so closely intertwined economically that neither can afford to engage in an all-out trade war without triggering severe fiscal consequences on themselves and the overall global economy. Examining the major components that make up China’s $375 billion deficit with the United States, it appears that $77 billion is comprised of Chinese-made computer sales, and another $70 billion comes from the sale of cell phones assembled in China. Although these electronic products are sourced from China, many are sold throughout the United States under product names that are not necessarily recognized by U.S. consumers as originating in China. Add in over $50 billion in shoes and clothing coming from China, and these three categories alone comprise half of the current Chinese trade deficit with the United States. It is difficult to imagine U.S. consumers willingly sacrificing their computers, mobile phones, and inexpensive clothing in exchange for a lower trade deficit with China. Most U.S. consumers do not care about the trade deficit; it just isn’t important to them in their daily lives. However, it is a fact that prices for these goods will skyrocket, and their availability will become a real challenge, if a trade war continues throughout 2019. From China’s perspective, there is no question that losing the U.S. market for just these three categories of products will leave a vast hole in China’s export capacity and harm Chinese manufacturers.

Now look at it from the standpoint of U.S. exporters. Of the $130 billion of U.S. exports sold to China during the same period, $16 billion was for U.S.-built aircraft; $10 billion was for American automobiles; and another $13 billion was for soybeans. Although the Chinese obviously consider all of these U.S.-made products as important and desirable, none are irreplaceable. Airbus SE, Europe’s Aerospace Consortium, would be delighted to dethrone Boeing as an aircraft supplier to China’s growing aviation market. Automobiles coming from the United States could be easily substituted by Japanese and European models. In addition, China blocked imports of U.S. soybeans in retaliation as the trade dispute escalated (although China has since backed off somewhat and promised to buy U.S. soybeans, but this can still change). In short, although the Chinese would definitely be hurt during the first six to twelve months of an escalating trade war, in the end China can and will find alternative purchasers for its exported products, albeit at lower prices. Without question, U.S. companies now exporting to China and with active Chinese operations will continue to feel pressure from Chinese authorities.

Next, think about the implications of the politics of a trade war between China and the United States. Much of the ongoing trade confrontation depends on the political wills of Donald Trump and Xi Jinping. As I describe in my recent book Asia Ascending, Xi Jinping today is the single most powerful political leader in the world. This is due to the unprecedented power and influence Xi has amassed over China during the last half decade. The best way to understand this is to picture China as a three-legged stool: the first leg is the Communist Party, which makes all policy and governmental decisions; the second leg is the centrally controlled Chinese economy; and the third leg is the immensely influential Chinese military. Few Americans understand or appreciate that Xi Jinping is China’s first leader since Mao to have complete mastery of all three legs of the stool. During the 19th Party Congress, Xi extended his existing term for at least another five years. Even more important, Xi has no identified successor(s), and is thus likely to rule over China for a very long time. So although China would definitely suffer during an extended trade war with the United States, Xi Jinping has the ability to sit back and play a long waiting game until a settlement is negotiated. On the other hand, if President Trump expects to run for re-election in 2020, he can expect to encounter significant criticism and political opposition if the current trade war extends beyond the next six months. The president is under tremendous pressure to arrive at an acceptable accommodation with China as he attempts to solidify his political base for re-election.

The bottom line is that because China is truly such a centrally controlled economy, it is in a better position than the United States (with its current highly politicized atmosphere) to hold out during a trade war. In addition, as the owner of almost 20 percent of the U.S. public debt, China can play the “no longer underwriting” card and begin to sell off its current U.S. debt holdings, which would inevitably drive up interest rates and accelerate a downturn in the U.S. economy.

Without question, China presents many serious challenges to the United States that must be proactively addressed. These challenges include China’s efforts to gain or purchase Western intellectual property by any means possible and China’s ongoing manipulation of its currency to its own benefit. These are problems that must be resolved between China and the United States over time. The United States can and should continue to use sections 301 and 201 of the Trade Act of 1974 as one approach to make China more open; however, an all-out trade war is not the right way—at least for now.

In a 64-page settlement agreement with the Department of Justice (DOJ), Skadden, Arps, Slate, Meagher & Flom has agreed to pay more than $4.6 million to the U.S. Treasury and register retroactively as a foreign agent of the Ukrainian government in a case tied to Paul Manafort. Under the Foreign Agents Registration Act (FARA), a U.S. person engaging in political activities on behalf of a foreign principal, which includes a foreign government, is required to register and make a variety of written public disclosures to the DOJ.

DOJ’s January 15 press release asserts that Skadden made false and misleading statements to DOJ’s FARA Registration Unit about the scope of the firm’s work for Ukraine, which began back in 2012. The statements were made to persuade the Registration Unit that Skadden was not required to register as a foreign agent under the statute. Skadden reportedly spent more than a year negotiating with the Registration Unit over whether it had to register as an agent of Ukraine in the matter. As such registration determinations are based on the evidence DOJ receives about whether registration as a foreign agent is required, either DOJ or the FARA Registration Unit may qualify as a “tribunal” under Model Rule 1.0(m). Lawyers are prohibited under Model Rule 3.3 from knowingly making false statements to a tribunal and, more generally under Model Rule 4.1, from knowingly making a false statement of material fact to any third party.

Questions leading to the firm’s settlement with DOJ came to light tangentially out of the Mueller probe. Suspicions apparently arose because the engagement letter provided that Skadden was going to charge the Ukrainian government 100 Ukrainian hryvnia per hour—equivalent to only $12,000. The press release reads that the law firm initially took a $4 million advance from a third party—an unnamed “business person”—before beginning work on the project. By the end of the engagement, Skadden had been paid $5.2 million by the “business person,” largely through Cyprus-based offshore firms controlled by Manafort.

According to the settlement agreement, “Registration under FARA would have required [Skadden] to disclose, among other things, accurate and complete information related to the compensation that it received for preparing the Report on behalf of the [Ukrainian government], and the identity of” the business person who paid for it. The settlement agreement also reads, “Skadden has already taken substantial steps to comply with its terms, and so long as the firm continues to comply with it, the Department will not undertake any action against the firm” related to its conduct in the matter.

Separately, however, the lead partner in the matter, a former Obama White House counsel who left Skadden last April, has reportedly been under investigation by prosecutors for his work on the matter. Another former Skadden lawyer, a Dutch national, pleaded guilty to lying repeatedly to Mueller’s team about the work done for the Ukrainian regime and was deported after serving 30 days in prison.

These facts if admitted or otherwise proved would constitute misconduct under various provisions of Model Rule 8.4 and can result in suspension or disbarment for the lawyers involved. Possible grounds include violating the Rules of Professional Conduct (R. 8.4(a)); committing a criminal act that reflects negatively on a lawyer’s honesty, trustworthiness, or fitness as a lawyer in other respects (R. 8.4(b)); engaging in conduct involving dishonesty, fraud, deceit, or misrepresentation (R. 8.4(c)); and engaging in conduct that is prejudicial to the administration of justice (R. 8.4(d)).

It is a quirk of the Bankruptcy Code that while it expressly allows oversecured creditors’ claims for post-petition contractual attorneys’ fees, it is silent as to the treatment of claims for post-petition contractual attorneys’ fees on unsecured claims. In part because the Supreme Court in Travelers Casualty & Surety Co. of America v. Pacific Gas & Electric Co., 549 U.S. 443 (2007) did not directly address the question whether unsecured creditors can recover post-petition contractual attorneys’ fees as part of their claims, courts continue to reach conflicting decisions. Very recently, in connection with a dispute arising out of the Tribune Company’s 2008 bankruptcy, Delaware District Judge Richard G. Andrews reversed the decision below and interpreted Travelers to mean that unsecured claims for post-petition contractual attorneys’ fees are not barred by Section 506(b) of the Bankruptcy Code. Wilmington Trust Co. v. Tribune Media Co. (In re Tribune Media Co., et al), Case No. 15-01116 9 (RGA), 2018 WL 6167504 (D. Del. Nov. 26, 2018).

Background

Wilmington Trust Company (the “Trustee”) was the trustee under an indenture for certain unsecured notes issued by Tribune Company (“Tribune”). The indenture required Tribune to reimburse the Trustee for the reasonable attorneys’ and other professionals’ fees and expenses incurred by the Trustee as a result of Tribune’s default. The Trustee submitted a claim in the Tribune bankruptcy that included more than $30 million for attorneys’ and other professionals’ fees and expenses incurred during the bankruptcy case (the “Fee Claim”).  

After Tribune objected to the Trustee’s Fee Claim, the mediator appointed by the bankruptcy court recommended that the claim be disallowed in its entirety. The mediator concluded that because Section 506(b) of the Bankruptcy Code addresses only secured creditors’ entitlement to post-petition attorneys’ fees as part of its claim, the expressio unius est exclusio alterius principle of statutory construction applied and precluded recovery of post-petition attorneys’ fees by unsecured creditors. 

The bankruptcy court adopted the mediator’s recommendation and disallowed the Trustee’s Fee Claim. In doing so, the bankruptcy court agreed with the reasoning in the mediator’s report—in particular, “the conclusion that the plain language of §502(b) and §506(b), when read together, indicate that postpetition interest, attorneys’ fees and costs are recoverable only by oversecured creditors”—and rejected the Trustee’s Travelers-based arguments with the explanation that the Travelers Court did not consider whether Section 506(b) of the Bankruptcy Code disallows unsecured claims for post-petition contractual attorneys’ fees.

The District Court’s Ruling

In a three-page memorandum opinion, Judge Andrews briskly dispensed with Tribune’s expressio unius argument and the bankruptcy court’s conclusion that because section 506(b) of the Bankruptcy Code expressly allows the claim of an oversecured creditor for post-petition attorneys’ fees, Congress must have intended to disallow such claims to unsecured creditors. 

First, Judge Andrews characterized the Supreme Court’s Travelers opinion as having “reaffirmed a requirement that claims that are within the scope of Section 502 are allowed unless they are expressly disallowed in the Bankruptcy Code.” Next, while noting that there continue to be reasoned bankruptcy and district court decisions to the contrary, he observed that “[t]he courts of appeals that have considered this issue post-Travelers have unanimously rejected Appellee’s position and have allowed unsecured claims for contractual attorneys’ fees that accrued post-filing of the bankruptcy petition.” Finally, taking the cue from Travelers, he said “I cannot conclude that Section 506(b) ‘expressly’ disallows the claims at issue here. Thus, I agree with the position adopted by every court of appeals faced with the question; Section 506(b) does not limit the allowability of unsecured claims for contractual post-petition attorneys’ fees under Section 502.”

Observations

As Judge Andrews observed, there has never been a nationwide consensus on the allowability of an unsecured creditor’s claim for post-petition contractual attorneys’ fees.  Because Tribune appealed Judge Andrews’ decision, the Third Circuit soon may have an opportunity to decide the issue. Whether it will take that opportunity remains to be seen, however; as of this writing, it has asked the parties to file briefs addressing whether Judge Andrews’ order, which remanded the case to the bankruptcy court for further consideration, is final or otherwise appealable. Putting aside potential jurisdictional defects, it is safe to say that a decision on the merits from another court of appeals—particularly if it joined the other courts of appeals that have considered the issue post-Travelers in allowing unsecured creditors’ claims for post-petition contractual attorneys’ fees—could strongly influence future courts’ decisions on this recurring question.

Competition law, anti-bribery and anti-corruption (ABC), and personal data protection are all essential (but not exclusive) components of a robust legal compliance program. In companies where no such program is in place, employees may nevertheless obtain a general understanding of ABC compliance via mainstream media, and of personal data protection via the numerous GDPR awareness campaigns on social media. Awareness and understanding of competition law, however, is often less robust, and this is especially true outside the United States.

This article provides thoughts, observations, and practical guidance from both the in-house and outside counsel perspectives to help ensure your company practices effective competition law compliance. We know that every company’s in-house legal and/or compliance functions differ in size, scope, and role, but we believe that many of these thoughts and observations are applicable to all.

From the In-House Perspective

Where to Begin

A targeted approach to delivering an effective competition law compliance program (as part of a wider legal compliance program) is vital to ensure that the key messages are absorbed and practiced by all colleagues, including those who have never worked with in-house lawyers. This process can be challenging, especially for the sales and legal teams, because it can reveal cultural differences between in-house lawyers and their nonlegal colleagues. Sales colleagues, for instance, may on occasion push back if they perceive in-house lawyers as blocking essential sales activities; therefore, it is crucial that a competition law program wins credibility by demonstrating added value to commercial activities. When this confidence and trust are established, they can serve to empower a mindset and organizational culture of compliant sales.

Make It Relevant

There is no better way to establish trust than to show colleagues that your role is to support their role and activities. So, treat colleagues as customers, and ensure that you understand the way they do business before advising them on competition law compliance. In practical terms, this means identifying their unique processes in the documents and training materials that you create.

Using templates and one-size-fits-all materials, without tailoring them to the particular issues and business, risks undermining the opportunity to build a relationship of trust. However, working together to create policies, processes, guidelines, and training that support the creation of legally compliant methods can produce significant results. It is also equally important to demonstrate a commitment to supporting commercial activities by being solution-orientated. For example, establishing an ethical wall between purchasing and sales that allows an important activity to take place while ensuring that restricted information flows are not compromised is a common example of a practical solution that also reduces risk.

Make It Understandable

Even lawyers don’t like legalese, so we do not recommend imposing it on your nonlegal colleagues. Instead, draft practical policies and guidelines in plain language and include examples that relate to the business at issue. Remind colleagues from time to time that competition law programs are there to protect the profits of the business by avoiding fines, investigations, and litigation. Compliance programs provide important policies and training that aim to protect the company against revenue loss and reputational damage, and to protect employees from potential personal liability. Periodically, share with business colleagues recent news items relating to other companies in the same (or similar) industry that ran afoul of competition laws. Highlight the impact on both the infringing company’s business and personnel, and consider using these examples as case studies in any future training sessions. These messages, alongside a tailored competition law compliance program, will begin to demonstrate the real added value of the program and help gain the trust of colleagues.

Make It Visible

We recommend that you create and maintain a dedicated and easy-to-locate space on the company intranet to post policies, processes, and guidelines. Promote new policies, processes, and guidelines internally. Don’t overload colleagues with too much information, but create sufficient awareness so that they know how to identify a potential competition law issue and who to contact within the compliance team for inquiries. Then, make yourself approachable and accessible for discussion of these issues with colleagues to enhance their understanding of the law, to troubleshoot, and to find a solution to their situation within the competition law compliance parameters.

All-employee meetings or other large business meetings can be used to deliver presentations that review competition law concepts or introduce new competition law initiatives. Introduce daily reminders—for instance, following a recent meeting, Kyocera Legal provided nonlegal colleagues with a competition law desk card setting out key principles in bullet points. It was a useful and fun takeaway from the meeting, and Kyocera’s nonlegal colleagues are now encouraged to keep these cards on their desks for easy reference. Their presence contributes to creating the mindset and organizational culture of competition law compliance.

We have found that different people learn in different ways, so using varied approaches—for example, formal presentations, informal discussions, and/or daily reminders—will enhance the effectiveness of your competition law compliance program. It is also important to recognize that different personnel come to your company with different knowledge of, and attitudes toward, competition law. Some personnel have worked at organizations where legal compliance and understanding were important values. Others may come from organizations where the law and the legal department were viewed as obstacles to avoid or ignore. The most effective legal compliance leaders will actively seek to identify personnel in this latter group and take steps to educate them, helping them to develop new values that are consistent with their new company’s views on compliance.

Choosing External Competition Law Advisors

The purpose of a competition law program is to support a serious message. Creating an interesting or fun initiative that aims to maximize learning and engagement is important but should not detract from the premise that the legal principles of competition law are non-negotiable. Strengthening this critical message will require expertise on competition law topics in addition to implementing operational activities. It is vital to select external competition law advisors with whom you can effortlessly communicate so that you can absorb the information they provide and, in turn, confidently explain the legal issues to the business.

Supporting as Outside Counsel

Beginning Basics and a Reaffirmed Importance

According to business leaders, competition law is one of the top-three threats to organizations (along with IT and fraud), yet it is not uncommon to see low compliance effectiveness in the competition area. The biggest barrier that we see to effective competition law compliance programs is the traditional attitude of some businesses toward compliance and the way in which compliance teams are kept at arm’s length, separate from key business decisions.

Compliance programs work largely out of sight to protect companies from risk in the form of, among other things, investigations, regulatory violations, and litigation. When they are working well, there is little need for business leaders to consider their function and, as a result, the contribution of compliance is counted in cost rather than in value. Perhaps unfairly, compliance functions are often viewed as the police rather than as partners, and as a hindrance to growth and innovation.

This misconception belies the significant responsibility shouldered by compliance teams in today’s increasingly complex and punitive regulatory environment, and fails to acknowledge the crucial role those teams play in protecting a company’s value and brand. Indeed, research shows that an effective “connected compliance” program has a positive impact on the top, as well as the bottom, line. Strong compliance is not only good practice, it is good business. For instance, an executive’s knowledge of the competition laws can be the difference between breaking the law—and potentially facing a prison sentence—and not.  

Connected Compliance

Connected compliance envisages a fully integrated compliance function that is connected to the business and plays an active role in strategic thinking and growth decisions. It rejects the traditional image of a siloed compliance team, where there is no collaboration among departments and where, to employees, compliance means an annual “tick box” exercise, a multitude of complex policies, and a high degree of self-management based on an employee’s own “moral compass.” Indeed, although we observe that business managers have taken more interest in compliance—as they observe longer jail sentences for antitrust violations in the United States—an overwhelming 60 percent still believe that the compliance team takes sole responsibility for good governance.

It Is Everyone’s Responsibility for a Reason

In effective programs, clear responsibility for compliance is given to specific individuals, or “compliance contacts,” who sit within strategic business lines and are involved in determining a company’s growth plan and risk appetite. Clear, simple policies and procedures are outlined, but most importantly, responsibility for compliance is shared across every business division and every organization. This creates a culture of compliance from the top (i.e., senior-most leadership) down so that compliance becomes everyone’s concern and everyone’s responsibility.

Such compliance integration is not a new concept, but some in the business community have been slow to embrace it. Research shows that companies have made little progress in improving critical connections among different business functions or in addressing gaps in compliance accountability among employees at all levels of the business.

For example, take M&A activity, which is on the rise as companies pursue aggressive growth and innovation. M&A activity necessarily involves high risks, cultural upheaval, and regulatory scrutiny, but we observe that many compliance teams are not consistently included when planning and implementing deals. Research by Baker McKenzie shows that fewer than one in five companies involves compliance “substantively” in planning and implementing M&A deals, whereas almost half bring in compliance when selecting new business partners. More than a quarter of respondents admitted to deliberately keeping compliance out of the loop for fear of issues being uncovered and plans derailed. This has serious consequences: on average, 40 percent of organizations that acquired a new business admitted to uncovering compliance issues within that business only after the acquisition.

Not only does this approach increase a company’s risk exposure, it also negates a company’s opportunity to tackle compliance risks during the deal process and to best negotiate the terms of the deal. In short, it risks undermining the value of the investment the company has just made. Most seriously, legislation empowers authorities to hold companies accountable for failing to prevent noncompliant activity, so the “don’t ask, don’t tell” approach sometimes adopted by companies is an insufficient defense in many circumstances.

What Does It Mean?

Promoting an effective compliance program is not only in a company’s interest in the long term, but is arguably an immediate necessity as well. More than half of respondents to a survey conducted by Baker McKenzie are aware of a hidden compliance breach in their organization that is yet to surface to the regulator or the public. Two-thirds of compliance chiefs expect breaches to rise as regulation becomes more complex, and as agencies and prosecutors promote more aggressive enforcement policies. Such enforcement has been particularly apparent for competition law violations, where recent high-profile, high-penalty cases have raised the perceived risk level. Indeed, leaders view competition law as the number-one threat for business compliance, yet competition law is not a top priority in many strained compliance budgets, which often focus on developing “adequate procedures” as a compliance defense in other legal areas, such as bribery and tax evasion.

In spite of these growing risks, more than a third of companies are planning to reduce the compliance services offered to the business as a way of cutting costs. Although there are strong commercial realities—and we know that in-house legal and compliance departments face significant workloads beyond their “compliance” work—businesses must not lose their focus on compliance. Businesses should and can adapt their compliance functions to match the evolving landscape, much like any other business segment. Developing a compliance program that is agile, collaborative, and above all connected will ensure its effectiveness and protect the company’s brand and value.

Final Words

There are many aspects to developing, implementing, and maintaining a comprehensive compliance program, and this article does not endeavor to cover them all. However, we hope that our observations and practical guidance provide an overview of the importance of developing a comprehensive and dynamic compliance program.

Today’s computer hackers are helping themselves to the privileged information that has been a core covenant of the attorney-client relationship for hundreds of years. Hackers know the value of sensitive information that is exchanged and retained between a business and its law firms. According to the most recent information from the American Bar Association, 23 percent of law firms experienced a cyber attack or data breach in 2018.

There has been widespread response to breaches from the largest businesses and law firms, who were initially hit the hardest; they have been working to lock down their data and information. Small- and mid-sized companies and their law firms have also grown serious about cybersecurity. Cybersecurity has become a top priority for legal departments and their service providers.

To assess progress and continue to find ways to increase security, it is critical to take inventory across the chain of information exchange and storage, ensuring all law firms working for the company, regardless of their size and location, reach consistently high levels of compliance with cybersecurity standards. That is because every link in the chain of information is a potentially vulnerable junction for compromise.

Here are questions to ask to help you better understand the risks and opportunities for strengthening every link in your cybersecurity chain:

Are there consistencies in cybersecurity between large, mid-sized, and small law firms?

Larger law firms assessed their security measures after the now-infamous DLA Piper data breach and subsequent shutdown of the firm in 2017. Clients began to require their firms to complete extensive cybersecurity surveys to demonstrate readiness in the event of a potential hack. Clients wanted to know their exposure given their firms’ cybersecurity sophistication, or lack thereof.

Smaller firms moved into action as well, many working with consultants who assessed their processes and formulated plans to achieve a higher state of security. The partners of small and mid-sized firms have been able to enact change as they have closer management oversight of their IT systems and were likely involved in the development of the IT department and decisions on selected tech programs from the beginning. They have intimate knowledge of their current processes and practices and, in the end, these partners are ultimately responsible for the safeguarding of all client relationships and the sustainability of the firm over the long term, given their names are on the door.

All law firms should now have cybersecurity plans in place. The key indicator to understand, however, is their capacity to take action on the plan to make enhancements as soon as the environment changes. Many times, scaling cybersecurity best practices across smaller firms can happen more quickly. That is not to say that it is easy—the most effective cybersecurity assessment and enhancements should be rigorous for any firm.

Are there cybersecurity variances across law firms in different jurisdictions and geographies?

Data privacy and protection regulations are constantly changing across states and countries. If a company does business across jurisdictions and regions, it is important that its law firms stay current on changes in all of those markets and proactively advise on how they affect the overall cybersecurity of the clients’ information and their legal obligations.

The EU’s recent implementation of the General Data Protection Regulation (GDPR) is only the latest (albeit most sweeping) development in this crucial area of law. Outside the EU, however, there is little uniformity in how different countries protect data.

• For example, personal information protection does not have a long history in the Chinese legal system, but it is now one of the hottest legal topics in China. Chinese legislation contains broad, confusing definitions of protection and involves stringent regulations and severe legal penalties. The Chinese government is still exploring a feasible way to implement the relevant legal requirements. This has delayed the process of issuing the rules.
• In contrast, Taiwan recognized the importance of data protection and put information protections in place more than 20 years ago. The most current personal data protection law in Taiwan was enacted in 2010 and implemented in stages. The law is now fully in effect and, among other changes, removes the data user-registration requirement and expands data protection obligations to all industries in Taiwan and to all methods of processing. All business entities in Taiwan that collect, process, or use data must comply with this law, but it does not extend to non-Taiwan business entities that collect, process, or use data of Taiwan resident “protected parties” outside Taiwan.
• In Singapore, the mandatory protection of personal data came into force only in 2014 and is meant to address growing concerns from individuals about how their personal data is used, maintain the trust of individuals in organizations that manage data, and strengthen Singapore’s position as a trusted business hub.
• Australian privacy law has national significance and contains 13 principles, which have the force of law by virtue of the country’s Privacy Act of 1988. The federal privacy regulator is the Australian Information Commissioner.

These are just a few of the differences that exist by region. If a company does business in multiple jurisdictions, it should expect its law firms to not only intimately understand the data rules of their market, but proactively share their knowledge. An example of this is a recent guide published by a global network of legal firms.

What should the cybersecurity culture be at my law firm(s)?

The cybersecurity culture at your law firm should be proactive and integrated into everyday practice, prioritized and lead by those at the partner level. Cybersecurity should be a top focus of upper management, not relegated to IT staff or firm administration. Many major breeches have occurred because of employee or vendor error, and are not directly controlled by the IT department. Partners should play or share the role of chief compliance officer and chief information security officer to keep cybersecurity at the forefront of their practice.

With what standards should my law firm(s) comply?

Having a current information security plan, and reporting to demonstrate ongoing progress against that plan, are critical indicators of the cybersecurity strength of a law firm. All law firms should be able to report high levels of standards in these areas:

• management’s demonstrative commitment to cybersecurity
• ongoing risk assessments
• technical safeguards
• physical safeguards
• employee training
• third-party risk management
• business continuity
• breach response
• frequent reviews and updates

Significant progress has been made in boosting cybersecurity in the legal industry. In 2018, the American Bar Association reported just a 1 percent increase in law firms that have experienced an attack, much improved over the 8 percent increase from 2016 to 2017. While it will never be possible to completely eliminate breeches, the hard work law firms are doing to reduce the risk is clearly making a difference.

Most public employees in California are eligible to enroll in a state or county retirement system.  These retirement systems are governed by state statutes, known primarily as either the Public Employees’ Retirement Law (“PERL”) or the County Employees’ Retirement Law (“CERL”), depending on the retirement system in question. 

While the legislature enacts statutes to provide benefits in retirement, the California courts have developed what is known as the “California Rule” regarding vesting of these benefits. This judicially created rule states that public employees in California have vested rights in their pension benefits, and therefore begin earning this deferred form of compensation from their very first day of employment. While they may not remain employed long enough to actually receive benefits, as long as they do remain employed, they have the right to keep earning this deferred compensation to be paid after they retire. The courts have held that these pension benefits cannot be modified unless: (1) the modification maintains the integrity of the system; (2) bears some relation to the theory of the pension system; and (3) if the modification results in some disadvantage, it is accompanied by a comparable new advantage. Practically speaking, this makes it difficult for the state legislature to revise pension statutes in order to allow reductions in benefits that had previously been promised to public employees. The result is that promises made years or decades earlier generally cannot be modified despite current exploding costs being absorbed by public employers. 

On September 12, 2012, Governor Jerry Brown signed into law the Public Employees’ Pension Reform Act of 2013 (“PEPRA”) in order to address the looming crisis of increasing pension costs. PEPRA primarily changed the pension benefits that employees hired after its enactment could expect. However, PEPRA also modified some of the pension benefits for existing public employees under both the PERL and CERL. Some of these changes include the discontinuation of the right to purchase service credit not related in any way to prior employment (known as “airtime”), as well as the discontinuation of certain types of compensation in pension calculations, among others. There are currently several cases before the California Supreme Court, which will analyze whether PEPRA changes to existing employees’ pension benefits violated the California Rule. 

On December 5, 2018, the California Supreme Court heard oral argument in Cal Fire Local 2881 v. CalPERS, which it chose to hear first. The state intervened in the case to defend PEPRA. In this case, public employees are challenging PEPRA’s elimination of “airtime.” The appellate court held that employees did not have a vested right to purchase airtime because there was no express language in the statute, or its legislative history, that unambiguously stated an intent by the Legislature to create a vested pension benefit.  Alternatively, the appellate court held that it was permissible to eliminate “airtime” because a pension system was established to compensate for actual work and that, in fact, the option to purchase “airtime” was detrimental to the successful operation of the pension system because it does not relate to any work performed. Finally, the appellate court held that while a comparable new advantage “should” be provided, the term “shall” in prior decisions was not a mandate. If upheld, this decision would mark a serious erosion of California public employee pension vesting principles.  

During oral argument before the California Supreme Court, the justices directed questions at both attorneys to address whether the opportunity to purchase airtime was a vested right. The employees argued that the opportunity to purchase airtime was a vested right upon one’s acceptance of and/or continued employment. The justices challenged this notion because any such rule may be overbroad and may apply to any employment benefit offered to an employee.  Interestingly, the justices did not question either side on whether there needed to be a comparable new advantage provided to employees in exchange for the elimination of the right to purchase “airtime.”

On the other side, the state argued that the legislature never intended for this opportunity be to a vested right, neither expressly nor impliedly. The justices seemed to concede that there was no express language that created a vested right, but questioned whether the legislature could ever create an implied right to a benefit and if so, how. The state responded that there appears to be an implied right to a “substantial, reasonable pension,” but that purchasing “airtime” was not necessary to providing a substantial, reasonable pension.

While it is usually difficult to predict a court’s final ruling based on the questions the justices ask during oral argument, the court could be signaling its direction here given the questions it did not ask. Specifically, the justices did not ask about the heart of the California Rule; whether alternative benefits must be provided whenever a vested right is impaired. Given the other cases pending before the Supreme Court and the nature of the justices’ questions in Cal Fire, the court appeared to signal that it will likely issue a narrow ruling related to airtime itself, allowing major components of the California Rule to be argued in later cases. In any event, even if the Supreme Court overturns the California Rule in full and allows pension benefits to be modified more easily, there is unlikely to be an immediate impact on California public employees nor relief to public employers facing ever-increasing pension costs. Any change to public employee pension benefits must first come from the state legislature. While overturning the California Rule would, in theory, make it easier to modify pension benefits, it would still be up to the state legislature, not individual public employers enrolled in these pension plans, to first make modifications to the state statutes. Absent such statutory change, these benefits will remain largely untouchable, regardless of the court’s ultimate decision.

Partner Steven M. Berliner and Associate Danny Y. Yoo are attorneys with Liebert Cassidy Whitmore, California’s largest education and public sector labor and employment firm. Berliner is the Chair of the firm’s Retirement, Health and Disability Practice Group; he can be reached at [email protected] or 310-981-2000. Yoo represents public agency clients in all facets of labor and employment law; he can be reached at [email protected] or 310-981-2069.

Background

Last year, I authored an article for Business Law Today discussing the ethical obligations of lawyers in connection with potential searches of confidential information on their portable electronic devices by the U.S. Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE)—both agencies within the Department of Homeland Security (DHS).[1] This companion article briefly considers the ethical obligations in this scenario of judges—including business court judges and bankruptcy judges—under the canons of judicial conduct. Like lawyers, judges should consider whether consenting to a device search by a CBP or ICE agent is compatible with their professional responsibilities.

Rather than reiterate information about current CBP and ICE policies as background, the reader should refer to that earlier article.

Sources of Rules and Principles of Judicial Ethics

Judges of the States and U.S. Territories

The responsibilities of a state judge are set forth in the applicable code of judicial conduct (CJC) for the state in which he or she is a judicial officer;[2] guidance and interpretations on the meaning of individual provisions are periodically issued by the appropriate authorities, whether judicial advisory committees or similar bodies, or judicial conduct commissions in connection with disciplinary proceedings, which, if appealed, may also lead to interpretations by the jurisdiction’s court of last resort. In addition, interpretations of the MCJC are periodically issued by the ABA Standing Committee on Ethics and Professional Responsibility. These interpretations, although not binding on judges in any jurisdiction, can be influential for interpretation of identical or substantially identical provisions in the relevant jurisdiction’s CJC.[3]

Part-time judges are also bound by the CJC. To the extent that they are also practicing lawyers, however, they should be aware of pertinent obligations under applicable rules of professional conduct as well. (Although full-time judges are usually members of the bar, they may not practice law (MCJC Rule 3.10), so the latter set of rules are largely inapplicable to them).

Federal Judges

Federal judges are subject to statutory rules of judicial conduct and to the Code of Conduct for United States Judges.[4] Interpretive guidance is also available in the form of advisory opinions issued by the Codes of Conduct Committee of the Judicial Conference of the United States.

Pertinent Principles of Judicial Ethics

Compliance with Law. MCJC Rule 1.1 requires judges to comply with the “law”; the comparable provision in the Federal CJC is Canon 2A. The purpose of these provisions is central to judicial ethics—avoiding both the appearance of impropriety and diminishing public confidence in the judiciary. Assuming, arguendo, that border searches of personal electronic devices are authorized by existing federal statutes,[5] there can be no civil disobedience by a judge of CBP and ICE policies.

Avoiding Abuse of the Prestige of Judicial Office. MCJC Rule 1.3 prohibits judges from using or attempting to use the prestige of judicial office to gain personal advantage of deferential treatment of any kind; the comparable provision of the Federal CJC is Canon 2B.[6] Thus, a judge should avoid any conduct that might be, or be construed as, an attempt to use the cachet of judicial authority to intimidate or cajole a border official wishing to search any of the judge’s electronic devices.[7]

Nonpublic Information. Perhaps the most pertinent provision of the MCJC is Rule 3.5,[8] although its language creates some ambiguity. Like its predecessor, Canon 3(B)12, the rule prohibits intentional disclosure of use of “nonpublic information acquired in a judicial capacity for any purpose unrelated to the judge’s judicial duties.” “Nonpublic information” is a term of art specific to this rule; initially it is defined, somewhat circularly, as “information unavailable to the public,” but the definition goes on to provide a nonexclusive list of examples: “information that is sealed by statute or court order or impounded or communicated in camera, and information offered in grand jury proceedings, presentencing reports, dependency cases, or psychiatric reports.” As electronic filing becomes more ubiquitous, judges are increasingly likely to have these sorts of pleadings or documents on their portable electronic devices.

One might well ask whether a border search of an electronic device qualifies as an “intentional” disclosure of nonpublic information acquired in a judicial capacity. That is certainly an open interpretive question. Given the breadth accorded the concept of “intent” in tort law and criminal law, however, it would be dicey in a disciplinary proceeding to hang one’s hat on such an argument, especially where the expected retort would be that the judge knew or reasonably should have known that his or her electronic devices would potentially be subject to search when traveling abroad, and that such a search would unduly risk the proscribed disclosure.

Some Concluding Observations

The following are worthy considerations by any judge anticipating cross-border travel:

• Consider whether it is necessary to bring with you any electronic device containing confidential or privileged information. (If you’re going on vacation, the foolproof solution is to enjoy yourself and leave the device behind!)
• If you absolutely must bring one or more portable electronic devices along, make sure each one is thoroughly scrubbed of all privileged or confidential information. Note that merely deleting files may not be adequate to remove them completely. Alternatively, consider acquiring an electronic device exclusively for use during foreign travel and avoid, to the maximum extent possible, placing confidential or privileged information thereon.
• Merely encrypting privileged or confidential information on a device is no guarantee of its remaining confidential. Remember that border agents may demand that you provide password or other decrypting information, and failure to do so can lead to your device being seized and detained for a period of time.
• Advise the border agent of the existence of any privileged material on the device in question.
• Finally, be cognizant of the location and content of all privileged and confidential information on each device you bring across the border, and be prepared when advising a federal officer of the existence of privileged or confidential information to identify for the officer specific files or categories of files, and any other information that will help the officer segregate such information.

[1] Also noteworthy are some 2017 reports that the Transportation Security Administration (TSA) is implementing heightened screening procedures with respect to electronic devices for purely domestic flights. See, e.g., Russ Thomas, TSA Implements new screening procedures in Montana, KPAX.com, Dec. 14, 2017; Joel Hruska, TSA Will Now Screen All Electronics ‘Larger Than a Cell Phone’, Extreme Tech, July 26, 2017.

[2] Specific references in this article will be to the ABA Model Code of Judicial Conduct (MCJC). Judges should consult the version adopted in their respective states.

[3] The most recent example is ABA Ethics Committee Formal Op. 478, Independent Factual Research by Judges Via the Internet (Dec. 8, 2017). Shortly thereafter, this opinion was endorsed by the Connecticut Committee on Judicial Ethics in Informal Op. 2018-4 (Feb. 15, 2018). For discussion of the ABA opinion, see Keith R. Fisher, New ABA Ethics Opinion Explores the Prohibition on Independent Fact Research by Judges, NCSC Center for Judicial Ethics (2018).

[4] See Admin. Office of the U.S. Courts, Code of Conduct for United States Judges [hereinafter Federal CJC]. The Federal CJC is applicable to U.S. circuit judges, district judges, Court of International Trade judges, Court of Federal Claims judges, bankruptcy judges, and magistrate judges, and has been adopted by the U.S. Tax Court, the Court of Appeals for Veterans Claims, and the Court of Appeals for the Armed Forces.

[5] Interestingly, the MCJC defines “law” somewhat broadly to include statutes, although not broadly enough expressly to include regulations or agency policy statements. The Federal CJC contains no definition of “law.” The commentary to Canon 2A, which also does not expressly include regulations or agency policy statements, seems more inclusive: “Because it is not practicable to list all prohibited acts, the prohibition [against impropriety and the appearance of impropriety] is necessarily cast in general terms that extend to conduct by judges that is harmful although not specifically mentioned in the Code. Actual improprieties under this standard include violations of law, court rules, or other specific provisions of this Code.” (Emphasis added).

[6] Canon 2B provides in pertinent part: “A judge should [not] lend the prestige of the judicial office to advance the private interests of the judge or others . . . .”

[7] Cf. In re Muller, No. 069351, Presentment (N.J. Sup. Ct. Adv. Comm. Judl. Cond. 2011), Final Order (N.J. 2011) (reprimanding judge who made 9-1-1 call in connection with service of subpoena on her husband in unrelated matter for repeatedly identifying her judicial position when rebuking responding officers); In re Heiple, 97-CC-1 (Ill. Cts. Comm’n 1997) (censuring state chief justice for avoiding speeding tickets by producing judicial identification credential rather than driver’s license when stopped by police on several occasions and saying, “Don’t you know who I am?”).

[8]  The closest analogue in the Federal CJC is found in Canon 4, which relates to extrajudicial activities. Canon 4D(5) provides, “A judge should not disclose or use nonpublic information acquired in a judicial capacity for any purpose unrelated to the judge’s official duties.” This language, in contrast to MCJC Rule 3.5, is not modified by the adjective “intentional.” It is uncertain, however, whether this language, although unambiguous, applies to general disclosures, as it is part of Canon 4D, which is headed “Financial Activities.”

In 2018, the first full year with Chairman Clayton at the helm of the Securities and Exchange Commission (“SEC”), private fund managers continued to receive significant attention from the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) and Division of Enforcement, notwithstanding the SEC’s stated focus on retail investment managers. Highlights of the SEC’s activity in the private fund space and certain other regulatory developments affecting private fund managers are discussed below.

SEC Continues to Bring Significant Enforcement Actions Against Private Fund Managers

In 2018, the SEC continued to bring a significant number of enforcement actions against private fund managers, including the following:

• Allocation of expenses to and fee-sharing arrangements with co-investors. In December 2018, the SEC settled charges with a PE fund manager over its failure to allocate expenses to employee funds and co-investors investing alongside the manager’s flagship funds, noting in the consent order that the flagship funds’ organizational documents failed to disclose that employee funds and co-investors would not bear their proportional share of expenses. Additionally, the manager failed to disclose arrangements it made with co-investors to share portfolio company fees, where such co-investors did not provide services to the portfolio companies and such arrangements resulted in the flagship funds paying higher management fees because fees shared with co-investors did not offset the flagship funds’ management fees. Notably, the SEC acknowledged that the manager, prior to being contacted by the SEC’s Division of Enforcement, had fully reimbursed the misallocated expenses and shared portfolio company fees dating back to 2001 (over a decade after the five-year statute of limitations on the SEC’s disgorgement remedy), yet still ended up settling with the SEC and paying a civil penalty.
• Use of operations groups; in-house charges; service provider conflicts. In December 2018, the SEC settled charges with a PE fund manager whose funds made minority investments in other private fund managers. The consent order noted that the manager allocated the full cost of its “business services platform” (i.e., an operations group), which it created to provide operational consulting services to the alternative investment firms in which its funds invested, to its funds, although a percentage of the operations group employees’ time was spent performing services for the manager instead of the firms the funds invested in (e.g., capital raising and deal sourcing for the manager’s funds). In December 2018, the SEC also settled charges with a PE fund manager for charging the preparation cost of its funds’ tax returns by the manager’s in-house personnel to the funds without specific authorizing disclosure, as well as for failing to adequately track or allocate the expenses of two consulting firms between the manager and its funds (or among its funds). Further, that consent order noted that the manager failed to disclose conflicts related to the manager’s relationship with these consulting firms, resulting in expense allocation decisions that posed actual or potential conflicts of interest, including a (i) personal loan made by the manager’s principal to a consulting firm, secured by money owed by the manager and the funds, which was repaid with consulting fees paid by one of the manager’s funds; and (ii) services relationship between the manager’s principal and a consulting firm that was also providing services to the funds and, while such consulting firm was servicing the funds, the manager’s principal made a personal investment in the firm.
• Preferential arrangement with group purchasing organization. In April 2018, the SEC settled charges with a PE fund manager for failing to disclose conflicts of interest related to its arrangement with a third-party group purchasing organization (“GPO”), a company that aggregates portfolio companies’ spending to obtain volume discounts from participating vendors, where the GPO compensated the manager based on a share of the fees received from vendors in connection with purchases by the funds’ portfolio companies through the GPO.
• Failure to apply fee offsets. The SEC continued its focus on fee and expense practices, settling charges with a private fund manager in June 2018 over its failure to offset consulting fees received from portfolio companies against fund management fees, as required by its funds’ governing documents.
• Accelerated monitoring fees. The SEC continued its focus on accelerated monitoring fees in 2018, bringing its fourth high-profile case in as many years, and continuing to target a lack of specific, pre-commitment disclosure of such fees to all fund investors. Most recently, in June 2018, the SEC settled charges with a PE fund manager despite the manager disclosing its accelerated monitoring fee practices in its funds’ semi-annual financial reports and side letters with many, but not all, investors.
• Failure to disclose material information in connection with purchase of fund interests. The SEC settled charges with a PE fund manager and the manager’s principal in September 2018 in connection with the principal’s purchase of limited partner interests from fund investors based on stale year-end pricing, when the manager and its principal had received financial information indicating a materially higher valuation since year-end.
• General advertising and solicitation. An unregistered private fund manager settled charges with the SEC in September 2018 in connection with, among other things, its failure to comply with Regulation D’s prohibition on general advertising and solicitation when it engaged in general solicitation of a private cryptocurrency fund offering through its website, social media accounts and traditional media outlets. In addition to paying a civil penalty, the manager was required to make a rescission offering to each investor in the fund.
• Political contributions. The SEC settled charges with three investment managers in July 2018 in connection with violations of the SEC’s Political Contributions or “Pay-to-Play” Rule, reflecting the SEC’s ongoing focus on prohibited political contributions.[i] Similar to several earlier Pay-to-Play Rule cases, some of the 2018 cases involved modest contributions that were returned to the donor. Additionally, in June 2018, following a lengthy application process, the SEC granted exemptive relief to a fund manager in connection with its violation of the Pay-to-Play Rule stemming from a $2,700 contribution by an executive of the manager to an incumbent state governor running for President, permitting the manager to retain approximately $37 million in advisory fees that would have been subject to forfeiture absent such relief.[ii]
• Insider trading. The SEC continued its longstanding focus on pursuing insider trading actions, including cases against private fund managers for failing to establish, maintain and enforce policies and procedures to prevent insider trading. In May 2018, the SEC settled charges with a private fund manager after two of its portfolio managers made trades based on material nonpublic information (“MNPI”) received from outside consultants where the manager failed to enforce its insider trading policies regarding the use of, and failed to monitor employees’ communications with, these consultants. Specifically, the consent order noted that the manager failed to ensure employees were following a checklist the manager had adopted for resolving insider trading concerns. In December 2018, the SEC settled charges with a manager to private funds and business development companies (“BDCs”) in connection with its failure to maintain policies and procedures to address its potential use of one of its client’s MNPI for the benefit of another client, noting in the consent order that the manager previously indicated that it seeks to leverage information flow generated by its BDC clients for its private fund clients.[iii]
• “Broken windows” cases. Although the current administration has given some indication it may be shifting away from the prior SEC administration’s touted strategy of pursuing small “broken window” violations, the SEC brought a number of cases in 2018 against private fund managers related to minor and/or technical infractions, including cases involving technical violations of the SEC’s Custody Rule[iv] and the failure to file Form PF.[v]

Update on Impact of Kokesh Five-Year Statute of Limitations on Disgorgement

The Division of Enforcement’s 2018 annual report highlighted the impact of the 2017 unanimous Supreme Court decision in Kokesh v. SEC on the Division’s activity. The report estimated that Kokesh, which generally limits the SEC’s ability to obtain disgorgement more than five years after the underlying violations, resulted in the SEC foregoing approximately $900 million it would have otherwise sought since the Kokesh decision.[vi]

Modest Increase in SEC Exams; Additional Resources Allocated to Oversight of Investment Advisers

As expected, unlike the more than 40% increase in the number of investment adviser examinations in 2017, the SEC’s fiscal year ended September 30, 2018 saw a modest 11% increase in the number of such exams. Additionally, the SEC’s 2019 budget request to Congress sought 13 restored positions that would focus on examinations of investment advisers and investment companies with the stated goal of improving overall examination coverage of investment advisers, including an emphasis on the nearly 35% of advisers who have never been examined, and, similar to its 2018 budget request, more than 50% of the SEC’s 2019 budget plan is allocated to its examination and enforcement programs. We have continued to see private fund registered adviser examinations at approximately the same frequency as prior years.

Other Notable Developments

• Proposed SEC Fiduciary Rule and Regulation Best Interest. In April 2018, the SEC proposed a package of rulemakings and interpretations intended, among other things, to codify and reaffirm (and, in some cases, clarify) the fiduciary duties investment advisers owe their clients under the Advisers Act. Specifically, the proposal highlights: (i) the “duty of care,” which generally requires an adviser to provide advice that is in its clients’ best interest, seek best execution of public securities transactions and to act and provide advice and monitoring over the course of a relationship with a client; and (ii) the “duty of loyalty,” which generally requires an adviser to put its clients’ interests ahead of its own, avoid unfairly favoring one client over another, make full and fair disclosure of material facts and seek to avoid, and otherwise make full and fair disclosure of, material conflicts of interest with clients.  

• Electronic messaging. The SEC showed a focus on advisers’ use of electronic messaging for business purposes and, in December 2018, OCIE issued a risk alert reminding advisers of their obligations when using various forms of electronic messaging (e.g., text messaging, instant messaging, personal and private email, etc.) to conduct business.[vii]

• Advisory fees and expenses. The SEC remains focused on fee and expense practices and, in April 2018, OCIE issued a risk alert detailing frequent advisory fee and expense compliance issues identified in examinations of registered advisers, such as applying incorrect fees (e.g., charging carried interest to investors who were not “qualified clients” under the Advisers Act), omitting credits or rebates or applying discounts incorrectly, and misallocating certain adviser expenses to clients (e.g., regulatory filing fees, certain travel expenses, etc.).[viii]

• EU and State Privacy Laws. The EU’s wide-sweeping General Data Protection Regulation (“GDPR”) became enforceable in May 2018. Notably, GDPR has extra-territorial reach, applying to all “processing” (e.g., collection, recording, use, etc.) of “personal data” (e.g., name, identification number, online identifier, etc.) relating to individuals in the EU regardless of whether processing takes place in the EU. As such, GDPR may reach U.S. private fund managers whose funds include EU-based investors even if a manager maintains no offices or operations in the EU.
     
  Additionally, a new California privacy law enacted in 2018 (effective January 1, 2020) potentially will impact private fund managers (and their portfolio companies) doing business in California with gross revenue in excess of $25 million, including managers not located in California whose funds include California-based investors. Additional changes are likely to be made to the law before its effective date, but the new law generally would require affected managers to update their privacy practices and business processes to accommodate new consumer privacy rights. Notably, a recent amendment to the law exempts most personal information collected and used pursuant to the Gramm-Leach-Bliley Act, which is currently applicable to most private fund managers. It is also worth monitoring whether other states follow California’s lead and enact similarly expansive privacy laws.

• Increase in BDC Leverage Limits. As part of the Consolidated Appropriations Act, 2018, the permitted leverage ratio of total debt to equity for BDCs was increased from one-to-one to two-to-one, a significant development for private equity and private credit managers operating or interested in operating BDCs.   

• Cayman AML. In 2018, the scope of Cayman Islands’ Anti-Money Laundering Regulations (“Cayman AML Regulations”) was expanded to reach private funds, including private equity, venture and real estate funds domiciled in the Cayman Islands that are not registered with the Cayman Islands Monetary Authority. A key component of the updated Cayman AML Regulations included a requirement for Cayman funds to designate, by December 31, 2018, natural persons at a managerial level to serve as: (i) Anti-Money Laundering Compliance Officer; (ii) Money Laundering Reporting Officer; and (iii) Deputy Money Laundering Reporting Officer. Cayman Islands-domiciled private funds also are required to maintain policies and procedures for risk-based due diligence on investors.

[i] See SEC Consent Order, Consent Order and Consent Order.

[ii] See June 28, 2018 Kirkland AIM, “Exemptive Relief Granted Under the Political Contributions Rule After Clearing Significant Procedural Hurdles,” SEC Notice and SEC Exemptive Order.

[iii] See December 11, 2018 Kirkland AIM, “SEC Settles with Investment Adviser Over Expense Allocations, Valuations Issues and Failure to Address the Potential Misuse of Material Non-Public Information between Clients.”

[iv] See SEC Consent Order, Consent Order and Press Release.

[v] See June 8, 2018 KirklandPEN, “SEC Charges 13 Private Fund Advisers for Repeated Filing Failures” and SEC Press Release.

[vi] See November 7, 2018 Kirkland AIM, “SEC’s Division of Enforcement Issues its FY 2018 Results.” For additional detail regarding Kokesh v. SEC, see June 6, 2017 Kirkland AIM, “Supreme Court Limits SEC Disgorgement Remedy to Five Years.”

[vii] See December 20, 2018 Kirkland AIM, “OCIE Risk Alert Relating to Electronic Messaging.”

[viii] See April 13, 2018 Kirkland AIM, “SEC Risk Alert Cites Frequent Advisory Fee and Expense Compliance Issues.”