U.S. patent laws bar patentability of an invention if it was “on sale” more than one year before a patent application is filed, but what if the invention was on sale in a nonpublic way? For decades, courts have held that even so-called secret sales of an invention may still trigger a bar to patentability. In 2011, however, the American Invents Act (AIA) modified patent laws in a way that many argued precluded secret sales from serving as a bar to patentability.
In May 2017, the Federal Circuit partly addressed this dispute in Helsinn Healthcare S.A. v Teva Pharmaceuticals USA, Inc., concluding that even after the enactment of the AIA, if the existence of the sale is public, the details of the invention need not be publicly disclosed in the terms of sale for the sale to bar patentability. In other words, the Federal Circuit determined that the AIA did not change how secret sales are evaluated as bars to patentability. Helsinn petitioned the Federal Circuit for a rehearing of the issue, but it denied Helsinn’s request on January 16 of this year. Helsinn must now petition for review by the U.S. Supreme Court if it wishes to further challenge the ruling.
The January 16 denial of rehearing was accompanied by a concurring opinion from Judge Kathleen O’Malley, which addressed what she considered “mischaracterizations” in Helsinn’s petition and in amici briefs. Judge O’Malley rejected the contention that the Federal Circuit concluded that all public sales will trigger the on-sale bar: “All that our panel opinion held was that the particular agreement at issue triggered the on-sale bar, in part—but not exclusively—because it was made public.” Judge O’Malley also noted that although the court concluded that the particular transaction in Helsinn triggered an on-sale bar, it did not hold that all supply-side arrangements for future sales will trigger a bar. Judge O’Malley also rejected Helsinn’s legislative-interpretation argument that the AIA changed decades of law regarding on-sale bars.
Although the Federal Circuit has ruled that secret sales may still trigger an on-sale bar, an open question remains whether an entirely secret sale, the existence of which is not even public, can trigger an on-sale bar. Moreover, if Congress intended for the AIA to change the law surrounding secret sales, as some argue, then either the Supreme Court must intervene, or Congress must modify the statute.
Companies both large and small enter new ventures all the time. Netflix was originally a DVD delivery service, Amazon sold only books until 1998, and Pixar Animation was only a computer engineering and special-effects company for more than a decade. When businesses diversify, they may seek to insulate an established line of business from the liabilities of a new venture by forming separate, wholly owned subsidiaries. Nearly all of us assume that the enterprise will be responsible for the obligations of a single subsidiary only under the most extraordinary circumstances.
Successful actions against a parent for the obligations of a subsidiary, so-called veil piercing, are relatively rare due to the high bar required by most jurisdictions. In a seminal case on the matter, Pauley Petroleum Inc. v. Continental Oil Co., the Delaware Supreme Court rejected an argument that Continental Oil, a Delaware corporation, and its Mexican subsidiary should be treated as the same legal entity:
There is, of course, no doubt that upon a proper showing corporate entities as between parent and subsidiary may be disregarded and the ultimate party in interest, the parent, be regarded in law and fact as the sole party in a particular transaction. This, however, may not be done in all cases. It may be done only in the interest of justice, when such matters as fraud, contravention of law or contract, public wrong, or where equitable consideration among members of the corporation require it, are involved.
239 A.2d 629, 633 (Del. 1968). The Delaware Supreme Court did more than announce Delaware’s high standard for veil-piercing claims, however. It applied Delaware law to the question of whether a shareholder would be responsible for the obligations of a Mexican entity with statutory limited liability.
This may surprise transactional lawyers, most of whom assume, as they were likely taught in law school, that the law of the jurisdiction in which an entity is formed (or whose “corporate veil” is to be pierced) governs a veil-piercing action. This is commonly referred to as the “internal affairs” doctrine, recognized by the Supreme Court in CTS Corp. v. Dynamics Corp. of America, 481 U.S. 69 (1987), and cited in the Restatement (Second) of Conflict of Laws. Under the internal affairs doctrine, Delaware law would apply to the determination of whether to “pierce the veil” of a wholly owned subsidiary formed in Delaware, but Mexican law would apply to the potential liability of an equity owner of a business entity organized in Mexico.
Judicial consideration of choice of law is rare in veil-piercing cases, but a brief survey leads to the discovery that state courts often apply their own local laws, regardless of where the subject entities are formed. For example, the Court of Appeals of Maryland (where the authors of this article practice) applied Maryland law, without discussion, to analyze whether to pierce the veil of a New Jersey corporation in Hildreth v. Tidewater Equipment Co., Inc., 838 A.2d 1204 (Md. 2003). In addition, the California Court of Appeal, Second District, applied California law in a veil-piercing claim involving a Delaware parent and two foreign, wholly owned subsidiaries (one formed in the Netherlands, and the other in Bermuda) in Toho-Towa Co., Ltd. v. Morgan Creek Productions, Inc., 159 Cal. Rptr. 3d 469 (Cal. Ct. App. 2013).
Although apparently briefed on the choice of law, the U.S. District Court for the District of Delaware in Mobil Oil Corp. v. Linear Films, Inc. declined to “launch into a protracted choice of law analysis” and decided to analyze the applicable veil-piercing claims under Delaware law (the parent’s state of incorporation), rather than Oklahoma law (the subsidiary’s state of incorporation). 718 F. Supp. 260, 268 (D. Del. 1989). Moreover, the Delaware District Court has determined that Delaware courts considering a parent entity’s liability for the actions of its subsidiary entity “have applied Delaware law, even in the case of foreign subsidiaries.” Japan Petroleum Co. (Nigeria) Ltd. v. Ashland Oil, Inc., 456 F. Supp. 831, 840 n.17 (D. Del. 1978). In Ademiluyi v. PennyMac Mortgage Investment Trust Holdings I, LLC, after raising the choice of law issue without briefing from the parties, the U.S. District Court for the District of Maryland concluded that Maryland law applies to veil-piercing cases brought in Maryland courts, regardless of the jurisdiction of formation of any of the entities in question. 929 F. Supp. 2d 502 (D. Md. 2013).
Although many courts and practitioners assume that choice of law is unimportant because the standard for veil piercing is relatively uniform across U.S. jurisdictions, this assumption may lead to unpleasant surprises. Delaware courts generally require plaintiffs to establish fraud, injustice, or a public wrong. Texas, which has adopted a statutory standard for veil piercing for limited liability companies, requires “actual fraud” and a “direct personal benefit” to the member of a limited liability company. Maryland is even more difficult: in at least one case, a court applying Maryland law refused to disregard the corporate separateness of an entity whose only corporate formality was filing articles of incorporation. Gordon v. SS Vedalin, 346 F. Supp. 1178 (D. Md. 1972).
Other states, such as California, impose lower burdens on plaintiffs seeking recovery from a corporate parent, applying an “alter ego” analysis of elements such as capitalization of the entity, its failure to follow corporate formalities, and the overlapping of corporate records or personnel. Indeed, Stephen B. Presser, a professor at Northwestern University School of Law, has described the veil-piercing process under California law in section 2:5 of his book Piercing the Corporate Veil as “relatively easy . . . particularly in the case of individually-owned corporations.”
This means that businesses relying on the legal separateness of a wholly owned subsidiary to limit intracompany liabilities should be formed and operated in an effort to limit the potential for veil piercing not only in the state of formation, but also in the jurisdictions in which the subsidiary may become subject to claims. If a subsidiary is potentially subject to claims in a state such as California that imposes an “alter ego” or “instrumentality” theory of veil piercing, it should have a legal right to use the assets utilized in its business, enter into agreements in its own name, and observe all (or at least most) organizational formalities. In addition, parent entities may want to consider taking steps such as entering into shared services agreements regarding enterprise-wide tasks (such as human resources, accounting, or IT); accounting for enterprise-wide cash management with appropriate credits and debits between parent and subsidiary; and ensuring that the subsidiary is adequately capitalized against foreseeable liabilities, including being a named insured on the enterprise’s general liability policies. Where an enterprise has extreme liability concerns, avoiding structures such as member-managed LLCs may be advisable to minimize the appearance that a subsidiary is a mere instrumentality of its parent.
Lawyers and their clients are constantly working together to ensure that risks are predictable and manageable. Veil-piercing claims are never the first item on a client’s mind when discussing a new venture, but where separate subsidiaries are formed with the goal of minimizing risk, parties should consider the laws of jurisdictions where the subsidiary may be subject to claims in addition to where it is organized. With proper planning, wholly owned subsidiaries and their parents should be able to rebuff veil-piercing claims in even the most hostile legal environments.
Early into the Obama Administration, the U.S. Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE)—both agencies within the Department of Homeland Security (DHS)—adopted policies to search, sometimes seize, and review the content of electronic devices at U.S. border crossings. Since the inception of the program, the numbers of these searches have steadily increased from approximately 8,500 in 2015; 19,000 in 2016; and 30,000 in 2017. To put these numbers into context, however, even this dramatic increase accounts for only 0.007 percent of the 397 million travelers (including both U.S. and foreign nationals) who crossed the border during the 12-month period ending September 30, 2017, according to a recent article. As reported elsewhere, over 80 percent of devices searched belonged to foreigners or legal permanent residents.
These searches and seizures are carried out without a warrant or any individualized suspicion—much less probable cause—that a traveler has done anything wrong. On the other hand, these searches have been instituted to vindicate national security concerns. Thence arises the delicate constitutional question of balancing that governmental interest against individual rights. Some courts have permitted routine border searches of travelers’ computers and other electronic devices as an exception to the Fourth Amendment prohibition against warrantless searches without probable cause. See, e.g., United States v. Cotterman, 709 F.3d 952, 960–61 (9th Cir. 2013) (en banc); Abidor v. Napolitano, 990 F. Supp. 2d 260, 277–82 (E.D.N.Y. 2013). Nevertheless, even in Cotterman, the Ninth Circuit concluded, en banc, that an intrusive forensic search of a computer hard drive is not “routine” and therefore requires reasonable suspicion to be constitutionally permissible. 709 F.3d at 960–68.
Electronic devices belonging to lawyers raise additional concerns—namely, the attorney-client privilege, the work product doctrine, and the confidentiality of lawyer and client communications (as required by Model Rule of Professional Conduct 1.6) to the extent that any information protected by any or all of these is maintained on any such electronic devices.
Recent Litigation Challenging Border Searches
On September 13, 2017, a lawsuit was filed in Boston against the federal government nominally on behalf of 11 travelers whose smartphones and other electronic devices were searched without a warrant at the U.S. border. The real proponents of the litigation, as made clear on the website of the American Civil Liberties Union (ACLU), are the ACLU, the Electronic Frontier Foundation, and the ACLU of Massachusetts. The named plaintiffs are 10 U.S. citizens and one permanent resident who come from different geographic locations and disparate backgrounds. Defendants are the leaders of DHS, CBP, and ICE. Alasaad v. Duke, No. 1:17-cv-11730-DJC (D. Mass., filed Sept. 13, 2017).
The case seeks to expand into the realm of border searches in the Supreme Court’s ruling in Riley v. California, 134 S. Ct. 2473 (2014), which recognized a significant privacy interest in digital data and held that police may not conduct warrantless searches of the cell phones of the people they arrest. The complaint in Alasaad also challenges prolonged confiscations—which sometimes last for weeks or months at a time—of travelers’ electronic devices without probable cause.
On December 15, the government moved to dismiss the complaint for lack of standing. The argument is that plaintiffs assert merely a general risk of injury from the remote possibility that their electronic devices may be searched in the future, and that the assertion that the government has retained information from electronic devices is conclusory and based on no factual allegations in the complaint that would support such a conclusion. Opposing the motion in a January 26 filing, plaintiffs argue that they have standing because of the substantial risk of future injury, and independently that standing exists to seek “expungement” of information retained by the government from prior unlawful searches. As of this writing, no decision on the motion has yet been issued.
Recent Revisions to CBP Policy
On January 4, 2018, CBP issued a revised policy governing border searches of electronic devices. As it affects issues of privilege, section 5.2 of the new policy represents a distinct improvement over the previous policy (though probably not yet sufficient to be completely satisfactory to the ABA):
When examining data on a device, CBP officers are now required by section 5.1.2 of the new policy to avoid accessing data stored remotely (e.g., in the Cloud) when they conduct device searches. To accomplish this, that section provides that the officers will either request that the traveler disable connectivity to any network (e.g., by placing the device in airplane mode), or they will themselves disable network connectivity where warranted by national security, law enforcement, officer safety, or other operational considerations. Note also that if a device is encrypted, section 5.3.1 of the revised policy requires travelers to unlock or decrypt their electronic devices and/or provide their device passwords to border agents.
CBP officers must now consult with the CBP Associate/Assistant Chief Counsel’s Office before searching devices allegedly containing privileged or work product protected information. (Section 5.2.1 of the prior policy required such consultation only when (A) the devices contained materials that appeared to be “legal in nature” or that were claimed to be protected by the privilege or work product and (B) the border officer suspected that the material “may constitute evidence of a crime or otherwise pertain to a determination within the jurisdiction of CBP.”).
CBP officers and lawyers are now required to seek clarification from the individual asserting the privilege as to the specific files, attorney or client names, or other particulars that may assist the agency in identifying the privileged information, and requires CBP to segregate the privileged materials from the other materials on the device and ensure the privileged materials are handled appropriately, all through the use of a filter team consisting of legal and operational representatives of the agency.
Any privileged materials that are copied by CBP must be destroyed at the end of the review process, unless the materials indicate an imminent threat to homeland security, or copies of the materials are needed to comply with a litigation hold or other requirement of law.
The new policy distinguishes a “basic search” of an electronic device, which may be conducted with or without suspicion, from an “advanced search” (defined as one in which an officer connects the device to external equipment to review, copy, and/or analyze its contents), which may only be conducted if there is reasonable suspicion of unlawful activity or a national security concern. Although not explicit in the new policy, this particular requirement may be a reaction to federal court decisions such as Cotterman, holding that an intrusive “forensic search” of a computer hard drive is not “routine” and requires reasonable suspicion to be constitutionally permissible.
Note that CBP’s revised policy (section 2.7) expressly does not apply to searches by ICE, even when CBP transfers devices to ICE for a search.
As of this writing, ICE has not revised its own policy, so its prior policy remains in force. ICE’s policy authorizes searches of electronic devices with or without individualized suspicion and, unlike CBP’s revised policy, does not contain enhanced protection or consultation procedures for information claimed to be privileged or confidential and does not prohibit Cloud searches.
Pertinent Ethical Obligations
Lawyers should consider whether consenting to a device search by a CBP or ICE agent is compatible with their professional responsibilities. Obviously, a lawyer must advise such agents of the existence of any privileged material on the device in question. In addition, key provisions of the Model Rules of Professional Conduct are summarized below in chronological order. Be sure to consult the versions of these rules in each jurisdiction in which you are admitted to practice.
Competence. Model Rule 1.1 imposes the requirement of competence. Comment [8] adjures lawyers to “keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology . . . .” Moreover, a 2011 formal opinion of the Standing Committee on Ethics and Professional Responsibility (the Ethics Committee) observes that implicit in the obligation of competence is acting “competently to protect the confidentiality of clients’ information . . . .”
Communicating with Clients. As a general proposition, Model Rule 1.4 requires a lawyer to keep clients informed about the status of their matters, as well as about any matters as to which informed consent (as defined in Model Rule 1.0(e)) is required. Explaining to clients the risks of search of electronic devices containing their confidential or privileged information and obtaining informed consent in advance is, for a lawyer planning cross-border travel, a possible solution. It is not necessarily a reliable solution, however, because some clients might not consent and, even for those that do, questions could arise later about the adequacy of the lawyer’s explanation of the risks involved. In the absence of any such client consent, if information relating to a representation is disclosed during a border search, the lawyer should ascertain whether the rules in the jurisdictions where the lawyer is admitted require advising the affected client. Note in this regard a 2017 opinion of the New York City Bar Association (the NYCBA Opinion), which concludes that the lawyer must inform affected clients about such disclosures.
Confidentiality. Model Rule 1.6 is the most important ethical requirement in this context. Paragraph (a) prohibits revealing “information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted by paragraph (b).” We have already discussed informed consent, and it’s extremely unlikely that border inspection disclosures would ever be “impliedly authorized” within the contemplation of the rule. Paragraph (b) does permit (but does not mandate) disclosure “to the extent the lawyer reasonably believes necessary” under specified circumstances, including (b)(6), “to comply with other law.” The phrase “other law” generally refers to statutory or regulatory requirements, such as the requirement of the Internal Revenue Code that cash transactions over $10,000 be reported to the I.R.S.
Comment [12] tells us, somewhat unhelpfully, that whether such “[other] law supersedes Rule 1.6 is a question of law beyond the scope of these Rules.” Regulations and official policies of a federal agency normally preempt inconsistent state law, so the odds are that the border search policies of CBP and ICE do, in fact, supersede Rule 1.6(a), but no ethics opinion has as yet so concluded, and no court has as yet so ruled. Comment [12] goes on to say that when disclosure is required by “other law,” “the lawyer must discuss the matter with the client to the extent required by Rule 1.4.” That is fine in the context of a court order or a subpoena, where there is time and opportunity for such consultation, but barring advance consent under Rule 1.4, it is unlikely as a practical matter that the lawyer whose electronic devices are searched or impounded at the border will be able to consult any client. A 2016 Ethics Committee opinion deals with disclosure under Model Rule 1.6(b)(6) in the context of a subpoena or court order and takes the position that when a client is not available for consultation, a lawyer must (i) assert all reasonable claims against disclosure and seek to limit the subpoena or other initial demand on any reasonable ground, and (ii) consistent with the language in the chapeau of 1.6(b), reveal information only to the extent reasonably necessary.
More specific advice is provided in the border search setting by the NYCBA Opinion. Acknowledging that Rule 1.6(b)(6) “permits a lawyer to comply with a border agent’s demand, under claim of lawful authority, for an electronic device containing confidential information during a border search,” including a demand that the attorney unlock the device to facilitate such a search, the opinion cautions that “compliance is not ‘reasonably necessary’ unless and until an attorney undertakes reasonable efforts to dissuade border agents from reviewing clients’ confidential information or to persuade them to limit the extent of their review.” If confidential client information is, in fact, disclosed during a border search, the NYCBA Opinion requires that “the attorney must inform affected clients about such disclosures pursuant to Rule 1.4.”
Rule 1.6(c) applies to “inadvertent or unauthorized disclosure of, or unauthorized access to” confidential client information. Given the requirements of competence in Model Rule 1.1, disclosure to border agents pursuant to established CBP and ICE policies cannot be regarded as “inadvertent” but will almost always be “unauthorized” by the client. Comment [18] says these kinds of disclosures are not a violation of 1.6(c) “if the lawyer has made reasonable efforts to prevent the access or disclosure.” What constitutes reasonable efforts in this unusual, compulsory context is not completely clear, but Comment [18] identifies certain factors to be considered:
the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).
As food for thought, note also that certain clients, particularly sophisticated clients, may require their lawyers to employ special security measures beyond what the rule itself would require.
Supervisory Responsibilities. Even law firm partners who are not crossing borders with electronic devices are not off the hook. For lawyers who exercise, either individually or together with law firm colleagues, managerial authority in the firm, Model Rule 5.1 requires them to “make reasonable efforts to ensure” that supervised lawyers “conform to the Rules.” Model Rule 5.3 contains similar requirements with respect to employed, retained, or associated nonlawyers (e.g., paralegals). Taken together, these provisions suggest that law firms put in place policies addressing the efforts junior lawyers and nonlawyer legal professionals working for the firm should make to preserve client confidential information when traveling with electronic devices.
Some Concluding Observations
Uncertainties abound here. For one thing, the statistics at the beginning of this article show that the likelihood a lawyer’s electronic devices will be searched or seized is quite low. (Recall that Comment [18] to Rule 1.6 identified as a factor in assessing the reasonableness of safeguards the likelihood of disclosure if those safeguards are not employed). For another, it is entirely possible—at least under the recently revised CBP policy—that advising a border agent of the existence of confidential or privileged information on a device will be sufficient to cause them to segregate any such information from examination.
Pace such palliatives, the cost of additional safeguards is quite low (another factor identified in Comment [18]), and it is important for a lawyer to be fully prepared for such searches. The following are worthy considerations by any lawyer anticipating cross-border travel:
Consider whether it is necessary to bring with you any electronic device containing confidential or privileged information. (If you’re going on vacation, stop being a workaholic automaton and leave the device behind).
If you must bring one or more portable electronic devices along, make sure each one is thoroughly scrubbed of all privileged or confidential information. Merely deleting files may not be adequate to remove them completely. The device will still enable you to work on affected matters because it may be used from abroad to access confidential information remotely that is maintained on law office e-mail, databases, or in the Cloud without having the actual files stored on the device.
Consider acquiring an electronic device exclusively for use during foreign travel and avoid, to the maximum extent possible, placing confidential or privileged information thereon.
Merely encrypting privileged or confidential information on a device is no guarantee of its remaining confidential. Remember that border agents may demand that you provide password or other decrypting information, and failure to do so can lead to your device being seized and detained for a period of time.
Familiarize yourself in advance with the pertinent ethics rules and opinions of each jurisdiction in which you are admitted in order to ascertain whether you may ethically consent to a request (or demand) to inspect your device(s) and, if a device is inspected, whether you are required to advise each client whose information was subject to inspection.
If your client or any jurisdiction in which you are admitted requires you to take extra steps to safeguard the confidentiality of information on a portable electronic device, be sure you have fully complied with those requirements in advance of travel.
Finally, be cognizant of the location and content of all privileged and confidential information on each device you bring across the border, and be prepared when advising a CBP or ICE officer of the existence of privileged or confidential information to identify for the officer specific files or categories of files, names, phone numbers (in the case of a mobile phone), and e-mail addresses of clients or lawyers associated with confidential or privileged information on the device, and any other information that will help the officer segregate such information.
In addition to serving as BLT’s managing editor for Ethics & Professional Responsibility, the author is the Business Law Section’s liaison to the ABA Border Search Task Force that was organized in 2017 by former ABA President Linda Klein. He also currently serves on the Standing Committee on Ethics and Professional Responsibility. The views expressed herein are, however, entirely the author’s own.
The term “legacy systems” plays an increasing role in business risk management. Legacy systems commonly refer to outdated computer systems, networks, programming languages, or software. The definition of “legacy system” is subjective because these systems may vary in outdatedness. For example, hardware has age limits, and software ceases to be updated and becomes incompatible with new operating systems. Computer systems are often acquired, built, and implemented at various points throughout a company’s history. Furthermore, changes in business practices may render once acceptable systems obsolete by demanding new abilities from unchangeable software.
Regardless of their limitations, legacy systems continue to play a key role in companies of all sizes. Dealing with legacy systems is about balancing business goals, legal liabilities, technology, and user needs. Although some believe that IT staff should be responsible for this balancing act, lawyers play a crucial role because technology issues affect a company’s overall risk management. This article aims to provide guidance for lawyers in assessing risks associated with legacy systems.
Identify the System
The initial consideration with any legacy system is to identify the type of system a company utilizes:
Is the system a commercial, off-the-shelf solution?
Is it a custom-built solution?
What type of code is utilized in the system?
Who originally built the system, and are they still in existence?
Determining the type of system used will provide key information to assess whether that system is still viable, and what risks exist in the current network infrastructure.
Identify Roles and Responsibilities
Next, the contracts that govern the use and maintenance of the system should be located and reviewed to understand the responsibilities of the parties. It may be difficult at times to locate these documents, especially for a system that may be decades old. Furthermore, maintenance of a system should be assessed from both a technological and contractual perspective. Who is responsible for ensuring that updates, patches, and any other changes are implemented in a timely manner?
The Equifax breach exemplifies the importance of system patches. Access to Equifax’s systems and the data of approximately half the U.S. population resulted from Equifax’s failure to implement a patch that was available two months before the infiltration. Another example is The Royal Bank of Scotland and the NatWest system failure in 2013. Customers were unable to access accounts, use debit or credit cards, or make online payments on Cyber Monday—a failure that RBS officials admittedwas a result of decades-old systems and a failure to maintain those systems.
Keep It or Replace It
In some cases, the original designers of these systems have either moved on to other companies or retired from the workforce, without leaving sufficient documentation to provide guidance to those that remain. If your IT team does not understand a system, how can it protect and evolve it to meet the needs of the business? This inevitably begs the question: Is the system so old that it cannot even be maintained?
Legacy systems may incorporate old code and software that a modern workforce is unable to support. In some instances, the coding language is so archaic that it is no longer taught in school. For example, COBOL, a programming language used in many legacy mainframe systems including that of the banking industry, is used only to maintain existing applications and is not commonly taught anymore. These systems can become so outdated that they are unable to scale to encompass new tasks and technologies, which in turn becomes an inhibitor to innovation and evolution within a company.
The Importance of System Architecture
Many companies rely on multiple systems that are cobbled together without a clear system architecture. To resolve operational issues that may arise, IT might develop patchwork solutions that inadvertently create security vulnerabilities and further add layers of complexity. The pitfalls of complexity are exemplified by the cyber attacks on the U.S. Office of Personnel Management (OPM). OPM was infiltrated in two separate incidents: (1) the hackers gained access to OPM’s system for almost two years before OPM became aware; and (2) the second incident lasted for approximately one year before becoming known. OPM’s complex structure, combined with poor cyber hygiene and outdated security technology, contributed to the delay in realizing the unauthorized access.
System complexity creates issues with system recovery and redundancy. These incremental enhancements balloon into a nightmare that traps companies as prisoners in their own legacy systems. IT management quickly morphs into risk management, continually requiring that the company maintain a record of these risks and develop internal solutions to minimize those risks.
Even if these systems are not complex, they still suffer from a lack of developer familiarity with the system as well as a lack of documentation regarding the overall software architecture. Without continuity in the workforce to provide for an exchange of information as new employees take over management of these operations, there is little to no guidance available to keep these systems running.
Cybersecurity Risks
All these factors contribute to growing vulnerabilities associated with legacy systems from a legal, technological, and operational perspective. Given that systems integrate with interdependent systems, it is challenging to create automatic protections from new threats. Furthermore, patching is more difficult because it is not simply pushing a patch out to one system. If the technology team does not or cannot understand a network’s infrastructure, it is difficult to implement a patch to the system. In some cases, system developers do not provide continued maintenance and support, so patches are not even available to fix known security or design flaws. For example, Microsoft announced in 2016 that it would no longer support Windows XP. Security protocols should be uniform and integrated across all systems, but with no clear system architecture, this task can become seemingly impossible.
In certain industries, the risks may be even higher. Two recent regulatory changes that may impact the use of legacy systems are the New York Department of Financial Services Cybersecurity Regulation, 23 NYCRR 500 (DFS Regulation), and the forthcoming European Union’s General Data Protection Regulation (GDPR). Both regulations demand higher standards for data protection and security, requiring that companies not only understand their systems, but in some cases proactively redesign those systems if they don’t comply.
In the United States alone, numerous states are considering changes to cybersecurity and data privacy laws that will strain these legacy systems even further beyond their capabilities. Many states, including Delaware, South Dakota, and Colorado, have proposed legislation in the last six months (in response to the Equifax breach) that would shorten the timeframe for notifying citizens of data breaches and expand the definition of what constitutes a breach that requires notification. These proposed regulatory changes would necessitate that companies have a strong knowledge of their systems, the data maintained in those systems, and system access points in order to efficiently determine whether unauthorized access occurred. Legacy systems pose significant hurdles to compliance because of their complex structure, which may make complying with these proposed regulations more difficult.
The Growing Role of a Lawyer
As these legacy systems continue to hit boundaries, and maintenance becomes harder because of age and the lack of an informed workforce to maintain these systems, companies must critically assess next steps. Companies should begin by creating a comprehensive plan of action. They must bring together an interdisciplinary team to assess the legacy system’s long-term viability, the company’s need for the system, and the appropriate plan of action to address the vulnerabilities and risks within that system. Input should be received from all sectors of an organization (legal, IT, marketing, security, privacy, financial, etc.) throughout the entire process.
The legal liabilities play a pivotal role in that analysis: if the creator of a legacy system is no longer in existence or has strategically decided not to maintain a system, what happens in the event of a breach? Who is held responsible for a system vulnerability? It is important that the contractual relationships among the system providers, either in a legacy system or newer systems, are clearly understood and considered in the plan of action.
Legacy systems play a pivotal role in business. Migrating these legacy systems to newer technologies involves a delicate balance between an expensive overhaul of an entire system and incremental fixes. Ultimately, a company must assess its current environment to determine whether the vulnerabilities and risks, to the extent they are even known or can be discovered, can be sustained by the company or whether the technology’s lifecycle has run its course. Technology continues to evolve at an unprecedented rate, and companies must critically assess their situation. Lawyers must be prepared to delve deeply into these issues with their clients to understand both the legal liabilities that attach to these legacy systems and the risks associated with migrating to new systems.
I would like to thank Conor Gilsenan for reviewing and providing insight into this article.
In a rare loss by an audit firm in a case involving financial-crisis-era fraud, an Alabama federal court recently held accounting giant PricewaterhouseCoopers (PWC) liable to the Federal Deposit Insurance Corporation (FDIC) for its failure to detect a $2 billion fraud. Judge Barbara Jacobs Rothstein’s December 28, 2017 liability opinion in The Colonial Bancgroup, Inc., et al. v. PricewaterhouseCoopers LLP, et al. departed from the typical rule that because receivers like the FDIC stand in the shoes of their debtors, they can only recover where the debtor itself could recover—which excludes cases where the debtor has “unclean hands.” Instead, and despite undisputed evidence of Colonial Bancgroup’s fraud, the court applied Alabama state law to view the FDIC, a government entity, as different from a normal successor-in-interest, and granted the receiver’s claim.
Since the U.S. Supreme Court’s decision in O’Melveny & Myers v. FDIC, 512 U.S. 79, 114 S. Ct. 2048 (1994), there has been no question that state law governs claims brought by the FDIC as a receiver. In light of this fact, the decision in Colonial Bancgroup is instructive. It shows that this area of law is unsettled, and that auditors may face greater potential liability in states like Alabama, where friendly state laws could allow courts to permit the FDIC (and its sister entity, the National Credit Union Administration) to pursue lawsuits against them related to failed banks and credit unions.
Suing Auditors Is Often a Losing Proposition
The law generally insulates auditors from civil liability for losses stemming from their alleged failure to detect frauds committed by their clients, including financial institutions.
First, under the law of many states, privity requires that a third-party plaintiff have more than de minimis direct contact with the auditor as a precondition to recovery.[1] Given that this rarely occurs, the doctrine of privity generally functions as a bar to suits by third parties against auditors for professional negligence before even reaching the question of whether the auditor’s failure to exercise due care caused significant injury to the putative plaintiffs.[2] Whether the third-party plaintiff is a shareholder in a bankrupt company, an investor who entrusted that company with his or her funds, or an unrelated victim of the underlying fraud, those parties rarely will be permitted to pursue the auditor for its negligence.
Second, even when a company itself is badly damaged (or even bankrupted) by a fraud, courts will bar a suit by the company itself against the auditors under the doctrine of in pari delicto (literally, “in equal fault,” such that the position of the defending party is the stronger one)[3] because a fraud committed by the company’s own management or employees is imputed to the company. The theory, to put it simply, is that a company that destroys itself through fraud should not be permitted to lay the burden of that misconduct on a third party.[4]
These rules form a formidable pair of obstacles that seemingly foreclose any such claims against an auditor whose negligence fails to discover devastating fraud. Third parties without a direct relationship with the auditor (and whose reliance is not foreseeable by the auditor) may not assert such a claim due to lack of privity, but the auditor’s client—the company—is barred from the claim because of its own imputed participation in the fraud.
The Colonial Bancgroup Litigation
Notwithstanding this legal backdrop, the Colonial Bancgroup litigation demonstrates that auditors are not entirely immune from civil liability, particularly in situations where there have been substantial losses to the public at large.
The Colonial Bancgroup litigation arose from a massive fraud that led to the failing of Colonial, a national bank that was a fully owned subsidiary of the Colonial Bancgroup (CBG).[5] When the FBI raided Colonial in August 2009, it was one of the 25 largest banks in the United States. Ten days later, Alabama banking regulatory authorities closed Colonial and appointed the FDIC as its receiver. CBG filed for Chapter 11 bankruptcy protection 11 days later.
Colonial’s failure was the result of a fraud perpetrated by Taylor, Bean & Whitaker Mortgage Corporation (TBW), the largest customer of Colonial’s Mortgage Warehouse Lending Division (MWLD), and several of Colonial’s employees. Colonial’s MWLD provided short-term funding to mortgage originators like TBW to enable such companies to originate and fund mortgage loans until those loans could be sold to third-party investors such as Freddie Mac and Ginnie Mae. Between 2002 and 2009, TBW and some of Colonial’s employees engaged in a multifaceted fraud that disguised TBW’s failure to repay Colonial’s short-term funding. By the time the fraud was discovered in 2009, it had grown to $2.3 billion.
During this period, PWC acted as outside auditor for CBG and because it performed the audit on a consolidated basis, that audit included Colonial.
The Colonial failure cost the FDIC’s deposit insurance fund $2.3 billion, and the FDIC was appointed receiver for the bank.[6] CBG and the FDIC each sued PWC, alleging that PWC breached the professional and contractual duties it owed CBG and Colonial, thereby allowing the fraud to go undetected. Both lawsuits also state claims against Crowe Horwath LLP, who acted as CBG’s internal auditor during the years that Colonial was victimized by the fraud and who also failed to detect the fraud. CBG’s and the FDIC’s claims against PWC and Crowe were consolidated, and the parties proceeded through discovery and pretrial motions. Ultimately, the claims against PWC and against Crowe were bifurcated, and the case was also bifurcated with respect to liability and damages.
Following the liability portion of the PWC bench trial,[7] the district court issued its findings and rulings on December 28, 2017. In a lengthy written decision, the court found that CBG could not hold PWC liable because the wrongful conduct of Colonial’s employees was imputed to Colonial and then to CBG based on its control over Colonial. On the other hand, the court found that PWC was liable to the FDIC for its negligence in failing to detect the massive, long-running fraud. In other words, the FDIC was treated differently than Colonial (and CBG), even though the FDIC (as a receiver) was stepping into the shoes of Colonial.
The court found that under Alabama law, PWC owed a duty to both CBG and Colonial to exercise reasonable care in performing its audits of CBG—a proposition that PWC did not dispute. The court then found that PWC breached those professional obligations by failing to plan and perform its audit to detect fraud, and by failing to obtain sufficient audit evidence regarding the particular types of transactions through which the fraud was executed.
In the bench trial, PWC witnesses acknowledged that PWC had an obligation to design its audits to detect fraud, and the court noted that in deposition testimony in the case brought by TBW’s trustee, PWC engagement partners, audit managers, and audit staff repeatedly admitted that PWC did not design its audit procedures to do so. Based on that testimony, the court concluded that PWC had failed to design its audits to detect fraud, and that PWC thereby violated applicable auditing standards.
The court also credited the plaintiffs’ assertion that PWC should have—but failed to—physically inspect the mortgage loan documents that were associated with the bank’s transactions with TBW, and which were supposed to be held by Colonial until it was paid its interest in the transaction. In doing so, it rejected PWC’s argument that even if it had attempted to inspect the underlying loan documents, it would not have uncovered the fraud because the fraudsters would have created fake documents. “This, of course, is something that we will never know,” the court observed. “However, what we do know is that . . . one of the key fraudsters . . . testified that if PWC had asked to see even just ten loan files, ‘[t]he jig would be up.’” In addition, PWC’s comparison of different management reports—to make sure the numbers matched—reflected insufficient “professional skepticism,” and PWC had missed certain red flags (like transaction dates that were illogical) that should have alerted it to the need to physically inspect the underlying documents. To the court, PWC’s decision to base its conclusions on TBW’s representations about the underlying assets instead of conducting its own investigation was “quintessentially the same as asking the fox to report on the condition of the hen house.”[8]
Why the FDIC Could Assert Colonial’s Claim
The FDIC faced legal hurdles in attempting to assert claims against PWC because it was stepping into the shoes of parties that would presumably be barred from asserting such claims. If the FDIC were viewed as asserting Colonial’s claims against its auditor, the doctrine of in pari delicto would presumably bar the claims because Colonial’s management and employees were complicit with (or even responsible for) the fraud. In addition, if the FDIC were viewed as asserting claims on behalf of the bank’s depositors (whom it has made whole through its insurance function), the depositors’ lack of privity with PWC would operate as a bar to the claims.
Nevertheless, the district court reached a different conclusion.[9] The starting point for the court’s analysis was that receiverships are governed by state law, and that Alabama law generally does not permit receivers to stand in a better position than the failed institutions they represent. In finding that the FDIC should not be so limited, the court relied in part on a 1991 Alabama Supreme Court case holding that the Resolution Trust Corporation—a federal receiver with substantive duties that mirror those of the FDIC—was not subject to punitive damages based on the misdeeds of the failed institution it inherited. There, the state high court reasoned that the imputation of wrongdoing to receivers is tempered by equitable principles:
A receiver operates for the benefit of creditors, unsecured depositors and the federal tax payer. However, punitive damages are imposed to punish the wrongdoer and to deter others. Where the wrongful party is in receivership and the damages are to be paid by innocent creditors, punitive damages create an inequitable result and are therefore improper. [The bank] no longer exists and cannot be punished. . . . Imposing punitive damages against RTC would not accomplish the purposes which punitive damages are meant to serve.[10]
According to Judge Rothstein, the same logic compelled a liability finding in Colonial Bancgroup. The court found that the purpose of in pari delicto would not be served by using it to bar claims by the FDIC. To further buttress this conclusion, the court relied on a Ninth Circuit decision involving the FDIC that helps to differentiate the FDIC from Colonial itself:
A receiver . . . does not voluntarily step into the shoes of the bank; it is thrust into those shoes. It was neither a party to the original inequitable conduct nor is it in a position to take action prior to assuming the bank’s assets to cure any associated defects or force the bank to pay for incurable defects. This places the receiver in stark contrast to the normal successor in interest who voluntarily purchases a bank or its assets and can adjust the purchase price for the diminished value of the bank’s assets due to their associated equitable defenses. In such cases, the bank receives less consideration for its assets because of its inequitable conduct, thus bearing the cost of its own wrong.[11]
What Comes Next?
Although Judge Rothstein’s opinion was limited to Alabama law and her prediction of how the state’s supreme court would view cases brought by the FDIC, it was also motivated by public-policy concerns that could have broader application. It is difficult to predict whether the decision and those public-policy issues will encourage other courts to permit the FDIC to assert claims against auditors.
One reason for this is that there are significant differences among how states treat receivers.[12] Consider as an example how Colonial Bancgroup might have been decided if the audit had taken place in New York. As in Alabama, the general rule under New York law is that the “liquidator . . . ‘stands in the shoes’ of the insolvent, gaining no greater rights than the insolvent had.”[13] For this reason, under New York law, the receiver of a bankrupt corporation can be barred by the in pari delicto doctrine from bringing claims against service providers to the corporation.[14]
In the past, some New York trial courts refused to impute knowledge of corporate wrongdoing to court-appointed receivers who are “innocent successors” to the corporation. These decisions draw upon federal cases, and the same public policy rationales that motivated the decision in Colonial Bancgroup.[15] Consistent with this line of cases, in a 1996 decision, a federal district court interpreting New York law found that the FDIC was not subject to an in pari delicto defense that could have been raised against the failed bank.[16]
However, those decisions pre-date the most recent New York Court of Appeals decision on imputation and inpari delecto: Kirschner v. KPMG LLP, 15 N.Y.3d 446, 938 N.E.2d 941 (2010). In that case, the court found that the primary, and arguably lone, exception to the general rule imputing an agent’s knowledge to his principal is the “adverse interest” exception, which applies only when the agent has “totally abandoned his principal’s interests” and is “acting entirely for his own or another’s purposes.” Where both the agent/employee and the corporation benefit, the exception does not apply.[17] In reaching this decision, the court reasoned that public-policy goals would not be served by exposing corporate auditors to additional liability:
The derivative plaintiffs caution against dealing accounting firms a “get-out-of-jail-free” card. But as any former partner at Arthur Andersen LLP—once one of the “Big Five” accounting firms—could attest, an outside professional (and especially an auditor) whose corporate client experiences a rapid or disastrous decline in fortune precipitated by insider fraud does not skate away unscathed. In short, outside professionals—underwriters, law firms and especially accounting firms—already are at risk for large settlements and judgments in the litigation that inevitably follows the collapse of an Enron, or a Worldcom or a Refco or an AIG-type scandal. . . . It is not evident that expanding the adverse interest exception or loosening imputation principles under New York law would result in any greater disincentive for professional malfeasance or negligence than already exists. Yet the approach advocated by the Litigation Trustee and the derivative plaintiffs would allow the creditors and shareholders of the company that employs miscreant agents to enjoy the benefit of their misconduct without suffering the harm.[18]
Although the decision does not directly apply to the FDIC, the court’s public-policy analysis differs significantly from that of Judge Rothstein. The Kirschner court’s skepticism that frauds can be deterred by expanding civil liability for auditors suggests that Colonial Bancgroup may have been decided differently if New York law had governed the FDIC’s claims against PWC.
Conclusion
The decision in Colonial Bancgroup demonstrates that auditors face difficulties in evaluating their potential liability for audits of banks and credit unions. In the event that a bank or credit union fails, and the auditor was unable to detect the underlying fraud for some period of time, that auditor may be held responsible for a massive amount of losses. Ultimately, the auditor’s liability in such a situation may turn on the vagaries of state laws governing receivership and how courts view the costs and benefits of holding auditors accountable for frauds perpetrated by others.
[1] There are circumstances in which an auditor may be liable to a third party when it has conducted work specifically for the benefit of that third party, but there are few cases finding a factual basis for such liability. Instead, the requirement of privity otherwise generally bars such claims. See, e.g. CRT Inves., Ltd. v. BDO Seidman, LLP, 85 A.D.3d 470, 472, 925 N.Y.S.2d 439 (1st Dep’t 2011) (finding complaint failed to plead claim for negligence) (citing Sec. Pac. Bus. Credit v. Peat Marwick Main & Co., 79 N.Y.2d 695, 706, 586 N.Y.S.2d 87 (1992)).
[2]See, e.g., In re Adelphia Commc’ns Corp. Secs. & Derivative Litig., slip op., 2014 WL 6982140, at *9 (S.D.N.Y. Dec. 10, 2014) (barring claim for negligence against auditor in absence of privity) (citing Guy v. Liederbach, 501 Pa. 47, 459 A.2d 744, 750 (Pa. 1983)); In re MF Global Holdings Ltd. Inv. Litig., 998 F. Supp. 2d 157, 187–88 (S.D.N.Y. 2014) (holding negligence claim requires under New York law showing of “near privity”) (citing Credit Alliance Corp. v. Arthur Andersen Co., 65 N.Y.2d 536, 493 N.Y.S.2d 435 (1985)); Bily v. Arthur Young & Co., 3 Cal. 4th 370, 406, 834 P.2d 745, 767 (1992) (barring investors claims for negligence against auditor of bankrupted company).
[3] The leading case on the doctrine is Cenco, Inc. v. Seidman & Seidman, 686 F.2d 449 (7th Cir.), cert. denied, 459 U.S. 880 (1982).
[4] For example, in Colonial Bancgroup, the bankruptcy trustee for the failed bank’s parent company sought to recover damages from PricewaterhouseCoopers for its negligence but was barred from doing so under the in pari delicto doctrine. See Colonial Bancgroup, Case No. 2:11-cv-00746-BJR-TFM, Order on the Liability Phase of the PWC Bench Trial, Doc. 798 (M.D. Ala. Dec. 28, 2017).
[5] This description of the facts is taken from the court’s findings issued following the liability phase of the bench trial in that case. See id.
[6] The court’s ultimate decision reduced the potential damages to an estimated $1.4 billion after determining that a related breach by Bank of America of its custodial obligations to Colonial Bank was not foreseeable by the auditor.
[7] Certain of the claims for which the plaintiffs had the right to a jury trial are to be tried separately to a jury. The Crowe bench trial was scheduled to commence after the conclusion of the PWC bench trial, although it was subsequently rescheduled for later in the proceedings.
[8] The court was also critical of PWC for failing to understand how certain of the transactions were supposed to work. One PWC auditor admitted that understanding these transactions was “above his paygrade,” and PWC ultimately assigned the evaluation of these transactions (a $589 million asset) to a college intern. PWC’s failure to understand this class of transactions was compounded by its failure to examine physically the actual documentation that underlay each transaction and constituted the collateral at issue. “Instead,” the court noted, “PWC chose to rely on . . . the college intern[‘s] assessment that it was not necessary to inspect the . . . collateral because ‘PWC feels that the collateral for these [transactions] is adequate.’”
[9] This issue was addressed in the context of the FDIC’s motion for partial summary judgment on the defendants’ affirmative defenses. See generally Colonial Bancgroup, Case No. 2:11-cv-00746-BJR-TFM, Order Granting in Part and Denying in Part FDIC’s Motion for Partial Summary Judgment on Defendants’ Affirmative Defenses, Doc. 720 (M.D. Ala. Aug. 18, 2017).
[10]Id. at 7–8 (quoting Resolution Tr. Corp. v. Mooney, 592 So. 2d 186, 190 (Ala. 1991)).
[11]Id. at 10–11 (quoting FDIC v. O’Melveny & Myers, 969 F.2d 744, 751–52 (9th Cir. 1995)).
[12] Judge Rothstein recognized as much in her opinion, in which she stated that there are countervailing opinions from other jurisdictions, but she was not persuaded by the reasoning of these courts. Id. at 11, n.2.
[13]In the Matter of Liquidation of Union Indem. Ins. Co. of N.Y., 89 N.Y.2d 94, 109, 651 N.Y.S.2d 383, 674 N.E.2d 313 (1996) (quoting Stephens v. Am. Home Assurance Co., 811 F. Supp. 937, 947 (S.D.N.Y.1993), vacated & rem’d on other grounds, 70 F. 3d 10 (2d Cir.1995).
[14]See, e.g., Cobalt Multifamily Inv’rs I, LLC v. Shapiro, 857 F. Supp. 2d 419, 431 (S.D.N.Y. 2012).
[16] FDIC v. Abel, 1996 WL 520906, at *1 (S.D.N.Y. Sept. 12, 1996) (“Because the FDIC is acting on behalf of the depositors and creditors . . . that defense cannot succeed.”).
Partnerships between banks and fintech companies are a staple of the modern credit industry and have fueled significant growth in the online lending space. A lack of regulatory consistency and predictability, however, arguably hinders growth and innovation in such partnerships. Congress is now poised to lend stability to this market segment with two bills currently pending before it.
Applying varying standards, several courts have concluded that the nonbank partner is the true lender in a bank partnership, and that the nonbank partner must comply with state lender licensing requirements and rate limitations. Likewise, the Second Circuit decision in Madden v. Midland created uncertainty as to whether a nonbank assignee of a loan is permitted to enforce rates contracted for by the originating bank. Two bills currently progressing through Congress address these issues.
The Modernizing Credit Opportunities Act of 2017 (H.R. 4439) (True Lender Bill), introduced to the House of Representatives and referred to the House Financial Services Committee (HFSC) on November 16, 2017, creates statutory guidelines for when a financial institution may be considered the “true lender” to a transaction. No vote has yet been scheduled, but the bill was discussed during a HFSC subcommittee hearing entitled “Examining Opportunities and Challenges in the Financial Technology (Fintech) Marketplace” on January 30, 2018.
The Protecting Consumers’ Access to Credit Act of 2017 (H.R. 3299) (Madden Bill) would overrule the controversial Second Circuit decision in Madden v. Midland and codify the valid-when-made doctrine. The HFSC approved the bill, sending it to the floor of the House on January 30, 2018, and the House voted favorably on the bill on February 14, 2018.
The True Lender Bill’s stated intention is to “clarify that the role of the insured depository institution as lender and the location of an insured depository institution under applicable law are not affected by any contract between the institution and a third-party service provider.” The True Lender Bill adds provisions to the Bank Service Company Act and the Home Owners’ Loan Act that expressly provide that the determination of the location of an insured depository institution or savings association will not be affected by the geographic location of a service provider or the existence of an economic relationship with another person.
The True Lender Bill also states the intention to “clarify that Federal preemption of State usury laws applies to any loan to which an insured depository institution is the party to which the debt is initially owed according to its terms, and for other purposes.” To that effect, the True Lender Bill adds the following statement to section 85 of the National Bank Act, and analogous statements to the rate exportation provisions of the Home Owners’ Loan Act and the Federal Deposit Insurance Act:
A loan, discount, note, bill of exchange, or other debt is made by an association, and subject to [rate exportation] where the association is the party to which the debt is owed according to the terms of the loan, discount, note, bill of exchange, or other debt, regardless of any later assignment. The existence of a service or economic relationship between an association and another person shall not affect the application of this section to the rate of interest upon the loan or discount made, or the note, bill, or other evidence of debt or the identity of the association as the lender under the agreement.
The Madden Bill would amend section 85 of the National Bank Act as well as the Home Owners’ Loan Act, the Federal Credit Union Act, and the Federal Deposit Insurance Act to provide that a loan that is valid when made as to its maximum rate of interest in accordance with this section shall remain valid with respect to such rate regardless of whether the loan is subsequently sold, assigned, or otherwise transferred to a third party, and may be enforced by such third party notwithstanding any state law to the contrary.
The Madden Bill seeks to contextualize Madden as anomalous and justify the valid-when-made doctrine on public policy grounds. The Congressional Findings section of the bill notes the long history of the valid-when-made doctrine. The section also highlights that the doctrine “bring(s) certainty to the legal treatment of all valid loans that are transferred, greatly enhances liquidity in the credit markets by widening the potential pool of loan buyers and reduc(es) the cost of credit to borrowers at the time of origination . . .” The section also cites studies that claim that Madden v. Midland “has already disproportionately affected low- and moderate-income individuals in the United States with lower FICO scores.”
Passage of these bills would lend regulatory stability to an area of the law plagued recently with uncertainty. With certainty, we would expect to see activity in this space to increase, resulting in competition and, most likely, lower-cost loans to consumers.
“Don’t ever say anything you don’t want played back to you someday.” This famous quote from Mafioso John Gotti is not the most likely advice that we would think to give to our clients. After all, law school and years of practice have taught us to counsel them on the need for good record-keeping practices to aid in prosecuting a lawsuit or ensuring a meaningful defense. We, especially those who are in-house counsel, are also likely to dispense advice regarding how to avoid litigation altogether by creating processes and providing training to ensure that clients and their employees are aware of their contractual obligations and comply with them. Although these tasks are still the linchpin of sound lawyering, a new area of concern has emerged.
We would be remiss if we did not counsel our clients on the impact of virtual assistants like Amazon’s Alexa, Apple’s Siri, Google’s Assistant or Microsoft’s Cortana, who rely on speech-recognition technology to listen and record our every word. When it comes to the impact of recorded statements, Gotti may be an expert, and his advice is perhaps some of the best that we can give to our clients. In some respects, these devices closely mimic wiretapping and may be used both intentionally and unintentionally to this end.
Although the term “speech recognition” sounds complex, it refers simply to what these virtual assistants do to understand our commands to call our friends, play music, or add events to our calendars. Those in the technology sector define it as “the ability to speak naturally and contextually with a computer system in order to execute commands or dictate language.” At this point, most of this technology has become so precise that a simple command, or “wake word” (i.e., “Alexa?!”), allows us to ask our virtual assistants a myriad of questions from “how long is my commute to the office?” to “when is President’s day this year?” In fact, reviewers of Alexa and her technological siblings (Siri and Cortana) distinguish them from first-generation voice assistants because of this “responsiveness.” They praise the technology for doing away with an “activation button,” which, as a result, allows users to “simply say the trigger word (either “Alexa,” “Echo,” “Amazon,” or “Computer”) followed by what you want to happen.” Our ability to speak to Alexa, which is essentially a hands-free speaker you control with your voice, is what we as users find both novel and convenient. It is what allows us to play music while typing an e-mail, or add an appointment to our calendars without opening Outlook.
Amazon.com, Alexa’s creator, boasts that the Alexa Voice Service, which is integrated into the Echo (the “smart speaker” that allows users to connect to Alexa) is “always getting smarter.” When you interact with Alexa, the Echo streams audio to the Cloud. Amazon’s Terms of Use for the Echo duly notifies users that “Alexa processes and retains your Alexa Interactions, such as your voice inputs, music playlists, and your Alexa to-do and shopping lists, and in the cloud to provide and improve our services.” Cloud storage of Alexa’s audio raises a host of privacy concerns that have been best highlighted by the recent Arkansas trial of James Bates for the murder of his friend, Victor Collins, who was found dead, floating face-up in Mr. Bates’ bathtub. Specifically, in the Bates case, the prosecution asked Amazon to disclose recordings from Mr. Bates’ Amazon Echo. Amazon refused, citing privacy concerns. Ultimately, the constitutional issue of whether Amazon may use the First Amendment’s protection of free speech to refuse to disclose the recordings gathered by our Amazon Echoes went unresolved, without addressing Amazon’s position regarding privacy concerns, because Mr. Bates voluntarily turned over the recordings. The case remains important, however, because it makes clear that users have access to their recordings and can therefore willingly disclose them. Amazon confirms such access, stating on its website that Amazon’s Alexa app keeps a history of the voice commands that follow the wake word (“Alexa!”). Specifically, Amazon’s response to whether users can review what they have asked Alexa is, “Yes, you can review voice interactions with Alexa by visiting History in Settings in the Alexa App. Your interactions are grouped by question or request. Tap an entry to see more detail, provide feedback, or listen to audio sent to the Cloud for that entry by tapping the play icon.” Accordingly, it is clear that data stored to the Cloud may allow Alexa to function more seamlessly and “get smarter,” but it does so at the cost of storing information that many users may have considered unattainable and private.
Not surprisingly, as Alexa and other virtual assistants continue to increase in popularity, we are beginning to see them in both homes and businesses. If a virtual assistant is a luxury at home, then certainly it is a necessity at work. In fact, on November 30, 2017, Amazon introduced “Alexa for Business,” which is a set of tools specifically designed to
give [business customers] the tools [they] need to manage Alexa-enabled devices, enroll [their] users, and assign skills at scale. [They] can build your own custom voice skills using the Alexa Skills Kit and the Alexa for Business APIs, and [they] can make these available as private skills for [their] organization[s].
In rolling out this new platform for Alexa, Amazon.com advertises that “Alexa helps you at your desk,” “Alexa simplifies your conference rooms,” and “Alexa helps you around the workplace.” So, if we use Alexa the way that Amazon.com hopes, Alexa will be in every office, conference room, and even the hallway of our workplaces. We won’t have to undergo the mundane task of dialing into a conference call. Instead, we can just use our voice to allow it to commence. According to Amazon.com, Alexa can also “find an open meeting room, order new supplies, report building problems, or notify IT of an equipment issue.” Gone are the days when you have to walk around the office in search of an empty conference room, but also gone are the days when you have any privacy in a closed office or conference room.
In most offices, it is common to hear a topic raised in the hallway, only to be abruptly halted by one party asking for the conversation to continue in his or her office. Other times, a conversation that began in e-mail will be postponed until the parties have the ability to talk in person. The obvious reason for these conversations to take place in person, behind closed doors, is to avoid creating a record or to avoid being overheard. With the advent of virtual assistants in the workplace, however, closing the door to talk privately may actually ensure that you are allowing your virtual assistant the ability to listen to your conversation with unfiltered access, and thus creating a potentially discoverable and admissible record. In this environment, Gotti’s advice, “Don’t ever say anything you don’t want played back to you someday,” is perhaps the best that we can offer our clients. At a minimum, they should be aware that a “closed-door conversation” is more a term of art than a certainty and definitely not a given simply because the door is in fact closed. Instead, if the room contains Alexa or another type of device, one’s conversation can be recorded, especially if the parties are using the assistant to obtain answers to search inquires or to complete tasks.
With respect to the admissibility of the recordings of virtual assistants like Alexa, we must question whether they can actually be used during litigation. The simple answer is that it depends, and there currently are no laws on the books that specifically address how courts will treat statements recorded by virtual assistants. If they are treated like other recorded statements, including those obtained during wiretapping, then the jurisdiction where the communication took place will dictate whether they can be introduced into evidence.
States typically fall into one of two categories: those that require “one-party consent” or those states that require “two-party consent.” Federal law follows the one-party consent doctrine, which allows the recording of telephone calls and in-person conversations with the consent of at least one of the parties. Under one-party consent law, you can record a phone call or conversation so long as you are a party to the conversation. New York, New Jersey, and Indiana have adopted the one-party consent doctrine. New York, which follows this law, makes it a crime to record or eavesdrop on an in-person or telephone conversation unless one party to the conversation consents. Other states, like Massachusetts and California, require two-party consent. This means that it is a crime to secretly record a conversation, whether the conversation is in-person or taking place by telephone or another medium, like Alexa. However, the information recorded from Alexa and other virtual assistants, including transcribed search terms, may be treated differently because they are more akin to data from a computer, not wiretapping. Given that this is a new area of law, attorneys will play a critical role in helping to put these issues before the courts, which may create an entirely new body of law.
*The authors would like to thank paralegal Megan Kessig as well as Alexa, Bixby, Siri, Google’s Assistant, and Cortana for their assistance. For further reference, see Robert D. Lang & Lenore E. Benessere, Alex, Siri, Bixby, Google’s Assistant and Cortana Testifying in Court, 99 N.Y. State Bar J. 9 (Nov./Dec. 2017).
My previous column in Business Law Today explained how, “Like Great Britain, a Limited Liability Company May Have an Oral Constitution” and noted some of the resulting dangers. This column shifts focus and provides practical steps toward protecting a written operating agreement from claims of oral or implied-in-fact modification. Such claims undercut the purpose of “reducing the agreement to writing,” replacing definiteness with uncertainty and substituting swearing matches for the written word. See, e.g., Laurel Hill Advisory Grp., LLC v. Am. Stock Transfer & Tr. Co., LLC, 112 A.D.3d 486, 486, 977 N.Y.S.2d 213, 214–15 (2013) (“The dispute over the validity of the written agreement and the inconsistent terms between that agreement and the alleged oral agreement raise factual issues that cannot be resolved at this juncture [on a motion to dismiss]”).
Understanding the Context—Governing Law and Contract Law
The Three Bulwarks from Contract Law: SOF, PER, NOM
Contract law provides three principal bulwarks to protect written agreements: statutes of frauds, “no oral modification” provisions, and the parol evidence rule. As you will recall, a statute of frauds specifies a type of contract (e.g., “a contract for the sale of goods for the price of $500 or more,” U.C.C. § 2-201) and makes unenforceable an oral agreement of the specified type. For example, Filippi v. Filippi, 818 A.2d 608, 618 (R.I. 2003), applied the statute of frauds to an alleged oral agreement to transfer land owned by a limited partnership to one of its partners. Equally important, in most instances and jurisdictions, if a contract is subject to a statute of frauds, the statute will preclude an oral modification unless the modification takes the contract out of statute. Restatement (Second) of Contracts § 149. But see Grp. Hosp. Servs., Inc. v. One & Two Brookriver Ctr., 704 S.W.2d 886, 890 (Tex. App. 1986) (“Not every oral modification to a contract within the Statute of Frauds is barred. The critical determination is whether the modification materially effects [sic] the obligations in the underlying agreements.”) (Emphasis in the original). Judge-made law and some statutes provide exceptions to some statutes of frauds; in most instances reliance is a necessary (though not sufficient) element.
A “no oral modification” (NOM) provision amounts to a statute of frauds adopted by private agreement. Both the phrase and its acronym are misnomers; if the provision is properly drafted, it precludes implied-in-fact modification as well. A better acronym would be WMO—written modifications only.
In any event, “as a general rule, no-oral-modification clauses are disfavored in the law.” Bank of Am., N.A. v. Corporex Realty & Inv., LLC, 875 F. Supp. 2d 689, 701 (E.D. Ky. 2012). In the words of Justice Cardozo, “Those who make a contract may unmake it. The clause which forbids a change may be changed like any other. The prohibition of oral waiver may itself be waived.” Beatty v. Guggenheim Expl. Co., 225 N.Y. 380, 387, 122 N.E. 378, 381 (1919) (superseded by statute). We will revisit this disfavor below.
Although the statute of frauds (when applied to modifications) and NOM/WMO provisions both aim at post-formation claims, the parol evidence rule addresses the contract formation process. If a written agreement fully integrates the parties’ deal, the rule bars evidence of prior agreements, statements, understandings, etc. if the evidence is offered to vary or contradict the writing.
Choosing the Governing Law
Choosing the jurisdiction of formation for a limited liability company chooses the governing law for the internal affairs of the company, and that law includes not only the jurisdiction’s LLC statute, but also the jurisdiction’s law of contracts. Some LLC statutes are better than others with regard to protecting written operating agreements. The same is true with regard to the common law of contracts. Thus, protecting the operating agreement begins with choosing the jurisdiction of formation.
The most important criterion is the LLC statute’s approach to NOM/WMO provisions. Some statutes seek to supersede the judicial disfavor. For example, the Uniform Limited Liability Company Act (2006) (Last Amended 2013) supports NOM/WMO provisions in two separate sections. Section 105(a)(4) states that “the operating agreement governs . . . the means and conditions for amending the operating agreement.” Section 107(a) states in relevant part: “An operating agreement may specify that its amendment requires . . . the satisfaction of a condition. An amendment is ineffective if its adoption does not . . . satisfy the specified condition.” An official comment notes, “Because ‘[a]n operating agreement may specify that its amendment requires . . . the satisfaction of a condition,’ an operating agreement can require that any amendment be made through a writing or a record signed by each member.” The Delaware LLC statute has a similar provision. Del. Code Ann. tit. 6, § 18-302(c).
A related criterion is whether the LLC statute ousts the statute of frauds. To the surprise of many practitioners (especially those who “dabble in Delaware”), the Delaware statute does exactly that: “A limited liability company agreement is not subject to any statute of frauds . . . .” Del. Code Ann. tit. 6, § 18-101(7). It is thus theoretically possible for a Delaware limited liability company to assert that under an oral term of the company’s operating agreement, a member has transferred to the company title to land, or vice versa. (Delaware enacted this statute to negate a decision of the Delaware Supreme Court applying the one-year provision of the statute of frauds to operating agreements. Olson v. Halvorsen, 986 A.2d 1150, 1161 (Del. 2009). However, a good NOM/WMO provision should cover this problem.)
As to the law of contracts, the most important criterion is whether the jurisdiction follows Williston or Corbin on the parol evidence rule:
Under the restrictive ‘plain meaning’ view [advanced by Williston] of the parol evidence rule, evidence of prior negotiations may be used for interpretation only upon a finding that some language in the contract is unclear, ambiguous, or vague. . . . . Under the view embraced by Professor Corbin and the Second Restatement [of Contracts], there is no need to make a preliminary finding of ambiguity before the judge considers extrinsic evidence.
Taylor v. State Farm Mut. Auto. Ins. Co., 175 Ariz. 148, 152, 854 P.2d 1134, 1138 (1993). Clearly, transactional lawyers wish to party down with Williston, not Corbin.
Secondary criteria include:
the strength of the judicial antipathy to NOM/OWM provisions and what the law requires to establish waiver in the face of a no-waiver provision. See EWB-I, LLC v. PlazAmericas Mall Texas, LLC, 527 S.W.3d 447, 468 (Tex. App. 2017) (noting the “general view . . . that [a] party to written contract can waive [a] contract provision by conduct despite existence of antiwaiver or failure-to-enforce clause in [the] contract”); and
whether the jurisdiction treats merger clauses as dispositive.
Drafting Techniques
The Duty to Scriven with Precision
Clear, comprehensive drafting is important in every term of a written contract, and “the [lawyer’s] duty to scriven with precision,” is enhanced when he or she drafts provisions disfavored by the courts. Willie Gary LLC v. James & Jackson LLC, No. CIV.A. 1781, 2006 WL 75309, at *2 (Del. Ch. Jan. 10, 2006), aff’d, 906 A.2d 76 (Del. 2006). For example, in EWB-I, LLC v. PlazAmericas Mall Texas, LLC, 527 S.W.3d 447, 468 (Tex. App. 2017), the court considered the following nonwaiver provision:
No delay or omission by any Party hereto in exercising any right or power accruing upon the non-compliance or failure of performance by any other Party under the provisions of this Agreement shall impair any such right or power or be construed to be a waiver thereof. A waiver by any Party of any of the covenants, conditions or agreements herein to be performed by any other Party shall not be construed to be a waiver of any subsequent breach or of any other covenant, condition or agreement herein contained.
(Emphasis added by the court.) Noting that “[t]his nonwaiver clause addresses waiver premised on inaction—the failure to demand that another party comply with contractual requirements”—and that the claim of waiver rested in part on action taken by the other party, the court reversed a summary judgment based on the nonwaiver clause. Id.
In contrast, the Maine Supreme Court approved the following language as sufficient to protect a written lease from parol evidence:
[S]ection 17.06 of the lease addresses integration, providing that “[n]o oral statement or prior written matter shall have any force or effect. [Tenant] agrees that it is not relying on any representations or agreements other than those contained in this Lease. This Lease shall not be modified or cancelled except by writing subscribed by all parties.” Through this unambiguous integration clause, the parties clearly expressed their intention to treat the lease as the complete integration of their agreement. The court therefore correctly concluded that it could not consider evidence extrinsic to that clause in deciding whether the contract was integrated.
Handy Boat Serv., Inc. v. Prof’l Servs., Inc., 1998 ME 134, ¶ 12, 711 A.2d 1306, 1309.
Do We Really Want to Exclude Evidence of Course of Dealing/Performance and Usage of Trade?
When writing a NOM/WMO provision, it is worthwhile to consider what to say about course of performance, course of dealing, and usage of trade. A comment to U.C.C. Section 1-303 provides the best explanation for allowing these constructs to affect the words of a contract, no matter how carefully scrivened:
The Uniform Commercial Code rejects both the “lay-dictionary” and the “conveyancer’s” reading of a commercial agreement. Instead the meaning of the agreement of the parties is to be determined by the language used by them and by their action, read and interpreted in the light of commercial practices and other surrounding circumstances. The measure and background for interpretation are set by the commercial context, which may explain and supplement even the language of a formal or final writing.
U.C.C. § 1-303. Course of Performance, Course of Dealing, and Usage of Trade., cmt. 1.
However, in the context of an operating agreement, course of dealing and performance are prime targets for a well-drafted NOM/WMO provision. As for usage of trade, the concept is a nonsequitur in a business organization. In a commercial transaction, it makes sense to look at any “practice or method of dealing having such regularity of observance in a place, vocation, or trade as to justify an expectation that it will be observed with respect to the transaction in question,” U.C.C. § 1-303(c). But relations among members of a limited liability company are sui generis—whatever vocation or trade the company pursues.
Think of the Operating Agreement as the Owners’ Manual and Draft Accordingly—in Plain English
Oliver Wendell Holmes taught us that “The life of the law has not been logic; it has been experience.” Oliver Wendell Holmes, Jr., The Common Law (Boston, 1881). Similarly, if experience (conduct) suggests one rule and a writing states another, the deviation threatens the writing. But how often do clients think of an operating agreement (or any other contract) as the relevant rules of the game?
In my experience, seldom. The problem comes from lawyer’s language (and byzantine formulations) that are incomprehensible and therefore alienating to business people. How can a lawyer expect such language to be the ready reference for LLC managers and members?
The solution is to draft operating agreements in language the members can understand and live by. Granted, if the deal is complex, its expression will probably be complex, but business people can understand complex concepts. For example, the business analysis of whether and how to terminate a manufacturing company’s highest volume dealer is as complex as any legal rule (except perhaps for the rule against perpetuities, the rule of 78s, and the Treasury Regulations sections on “substantial economic effect”). In addition, keep in mind the background and training of those who will be reading the language if the operating agreement later becomes an issue in litigation.
Assuming the language of the operating agreement is accessible to the members whose deal it expresses and governs, it is important to teach the client(s) the importance of conforming conduct to language or vice versa. A longstanding deviation evidences a modification implied in fact or a waiver. A good NOM/WMO provision will refer to and reject claims of “agreements implied in fact, whether labeled course of performance, course of dealing, usage of trade, or otherwise, or not labeled at all.” (drafted by the author)
Nonetheless, a sustained, substantial deviation between word and deed invites a court to reject even a well-written NOM/WMO provision. Moreover, the deviation raises the specter of waiver, which is perhaps the most difficult assertion to negate early on in litigation.
Shift the Burden
Finally, in addition to a merger provision (parol evidence rule) and a NOM/WMO provision, consider obliging members to speak up before relying on either alleged conversations or patterns of conduct. I offer the following suggestion, based on a model operating agreement drafted some 20+ years ago for the first edition of Bishop & Kleinberger, Limited Liability Companies: Tax and Business Law. The language presupposes a well-written merger provision (i.e., “entire agreement” for PER purposes) and an equally well written NOM/WMO provision.
SECTION 3.03.Invalidity and Unreasonableness of Expectations Not Included in This Agreement
(A) The Members fear the uncertainty and the potential for discord that would exist if:
(1) the unstated expectation, expectancy, understanding, or other belief (“expectation of belief”) of one or more Members can be used to gain advantage through litigation; or
(2) an expectation or belief stated or expressed outside the confines of this Agreement can become actionable even though not all Members agree with the expectation or belief or have assented to them and even though some Members have expressed or may harbor conflicting expectations or beliefs.
(B) The Members therefore agree that:
(1) it is unreasonable for any Member to have or rely on an expectation or belief that is not reflected in this Agreement;
(2) any Member who has or develops an expectation or belief contrary to or in addition to the contents of this Agreement has a duty to:
(a) immediately inform [the Managers and] all other Members; and
(b) promptly seek to have this Agreement amended to reflect the expectation or belief;
(3) if a Member who has or develops an expectation or belief contrary to or in addition to the contents of this Agreement neglects or fails to obtain an amendment of this Agreement as provided in Section 3.03(B)(2)(b):
(a) is evidence that the expectation or belief was not reasonable; and
(b) bars the Member from asserting that expectation or belief as a basis for any claim against the Company or any other Member;
(4) no Member has a duty to agree to an amendment proposed under Section 3.03(B)(2)(b) if the Member:
(a) holds an inconsistent expectation or belief, regardless of whether the expectation or belief:
(i) is reasonable; or
(ii) has been previously expressed to the Company or any other member of the Company; or
(b) believes that the amendment is not in the best interests of the Company or is contrary to the legitimate self-interests of the Member, regardless of whether the belief is reasonable.
In the next column, we change gears and consider Remedies – Beginning with the Distinction between Direct and Derivative Claims.
How does one commemorate a career full of content and commitment?
On January 11, 2018, the Professional Responsibility Committee, the Business Law Section as a whole, and indeed the entire American legal community lost a good friend. Geoffrey C. Hazard, Jr., Professor Emeritus, prolific author, distinguished scholar, former executive director of the American Law Institute, and former Business Law Advisor, passed away at the age of 88.
Geoff’s was a storied teaching career, spanning over 50 years. He grew up in Kirkwood, Missouri and graduated from Swarthmore College and Columbia Law School. He taught law at Yale, the University of Chicago, the University of California at Berkeley, the University of Pennsylvania, and the University of California, Hastings, from which he retired in 2013. Though his interests in the law were wide-ranging (he once taught at course entitled “Western Moral Concepts”), his principal areas of academic interest were civil procedure and legal ethics.
His choice of these areas of concentration, as he recounted in a 2014 interview with Business Law Today, was not deliberate but purely adventitious. Originally slated to teach torts at Boalt Hall in the 1950s, he switched to civil procedure when a staffing problem created a need in that discipline. “It was a lucky break for me,” he said. He never looked back.
Similarly, an accident of fate led him to the field of legal ethics. Concurrently with a move in 1964 to teach at the University of Chicago, Geoff became executive director of the American Bar Foundation, which led to involvement in the drafting of the Model Code of Professional Responsibility. He went on to be the principal draftsman of the Model Code of Judicial Conduct in 1972 and the reporter for the Model Rules of Professional Conduct in 1983.
It is well known that all of us take a professional responsibility course in law school as a mandatory prerequisite to the awarding of a law degree. Ethics credit is also a mainstay of many states’ mandatory continuing legal education (CLE) requirements. What is less well known is that inclusion of ethics in the core curriculum and in CLE is due to Geoff’s efforts to gain widespread recognition of the central importance of this subject.
The list of influential treatises and casebooks co-authored by Professor Hazard is impressive. Prominent among them are The Law of Lawyering (4th ed. 2015) with W. William Hodes and Peter R. Jarvis; The Law of Ethics of Lawyering (6th ed. 2017) with Susan P. Koniak, Roger C. Cramton, George M. Cohen, and W. Bradley Wendel; and Legal Ethics: A Comparative Study (2004) with Angelo Dondi. Also of particular interest to our Section’s readership, and exemplary of the breadth of Geoff’s interests, is Board Games: The Changing Shape of Corporate Power (1988) with Arthur Fleisher, Jr. and Miriam Z. Klipper, a book that examined the transformation of industry, finance, and corporate governance by the M&A wave of the 1980s.
Characteristic of Geoff’s collaborative nature was this marked preference for co-authorship. As he explained in his 2014 Business Law Today interview, “[Y]ou have to talk about your ideas with your colleague. Typically, that results in seeing things that you wouldn’t have seen if you didn’t have the conversation.”
Collaborative efforts were also, of course, at the heart of his work when he succeeded Herbert Wechsler as the fourth executive director of ALI. Serving for 15 years in that capacity, Geoff’s stewardship saw the completion of many important projects, including the Principles of Corporate Governance and the Restatement (Third) of Foreign Relations Law, and the initiation of new or updated Restatement projects in a host of areas, including Agency, The Law Governing Lawyers, Property, Restitution, Suretyship, Torts, Trusts, and Unfair Competition. He was also involved in the parturition (and increasing globalization) of several Principles of the Law projects, including Family Dissolution, Transnational Civil Procedure, and Transnational Insolvency.
For all his immense learning, Geoff was a quiet and reserved member of the Professional Responsibility Committee, but he was a reliable participant. Even when age, infirmity, or the press of other commitments prevented him from attending meetings in person, he regularly communicated his thoughts and was tremendously helpful to me during my tenure as chair of that committee. He was invariably supportive of our efforts and complimentary of the work we did when advising the Section on resolutions proposed for consideration by the House of Delegates.
Geoff Hazard’s imprint on legal ethics, and on the American legal system in general, is immanent. He was a gentleman, a scholar, a mentor, a counselor, and a friend. He will be sorely missed.
The Business Law Section’s Legal Opinions Committee was not formed until 1989. By then the TriBar Opinion Committee (TriBar, formed in 1974 and originally comprised of members of the County, City and State Bars of New York) and the California Bar Business Law Section Corporations Committee (CalBar) were six years into a dispute about the proper approach to the remedies opinion.
TriBar’s 1979 report stated that the remedies opinion covered “each and every” undertaking of the Company in the agreement that was the subject of the opinion. CalBar’s approach was that only “essential” undertakings in the agreement were covered by the remedies opinion. As a result of the dispute, the recipient of a remedies opinion could not be certain which meaning the opinion giver intended.
Early in 1988, the section’s leadership was enlisted to try to resolve this unhappy situation by James Fuld, a New York lawyer who had been instrumental in the formation of TriBar. He had authored what continues to be regarded as the seminal article on legal opinion practice (Legal Opinions in Business Transactions, 28 Bus. Law. 915 (1973)).
A number of those in section leadership positions had extensive experience with third-party legal opinion practice (opinion practice). A planning committee with geographically dispersed membership was appointed, consisting of Brad Clark (Calif.), Dick Deer (Ind.), Pat Garrett (Tex.), Joe Hinsey (Mass.), Herb Wander (Ill.), and Arthur Field (N.Y.) with Henry Wheeler (Mass.) as chair. Rather than merely seeking to resolve the NY-California dispute over the remedies opinion, the planning committee decided to call a national conference on opinion practice as the first step in an effort to move toward a national consensus. More than a year went into the planning of what has come to be referred to as the Silverado Conference. Articles on a variety of opinion subjects were prepared to guide the discussion at the conference.
The conference was held in 1989 in California. Those interested in opinion practice from across the country met and worked together, often for the first time. Attendee discussions established that there was a national consensus on most opinion practice issues. The idea of a section-sponsored comprehensive opinion practice statement gained broad support, but the attendees made no progress in resolving the NY-California remedies opinion dispute (which was not resolved until a 2004 CalBar Report which stated that the diligence involved in the two approaches did not vary significantly. See 60 Bus. Law. 907).
At the end of the conference, all attendees were invited to join a new Section Legal Opinions Committee (chaired by Henry Wheeler). Most of the 72 attendees did so. Fuld did not participate in Silverado or the work of the committee directly, but his influence was nonetheless significant in these efforts.
In order to educate the bar on legal opinion practice, a National Institute on Third-Party Legal Opinions was organized under the chairmanship of (now Judge) Tom Ambro and Truman Bidwell. The Institute was held in Chicago, New York, and San Francisco in 1990. Materials prepared for the Silverado Conference were used for the National Institute. Interest in what had been discussed at the Silverado Conference was high across the country.
Joe Hinsey, who had practiced law in New York but by then was teaching at the Harvard Business School, took the leadership role in the proposed report. After considering a number of possible formats, the committee adopted a novel approach. The report was not to be a statement of customary opinion practice. Instead, it was to present an alternative to customary opinion practice. The alternative was a contract-based approach that came to be called the Legal Opinion Accord (the Accord). In arguing for the Accord approach, Hinsey maintained that customary opinion practice was a “slippery slope” that would defeat all efforts to achieve the precision required for an effective opinion practice.
The drafting effort for the Accord was intensive. A drafting committee of 18, functioning under the direction of Hinsey, prepared materials for committee review. Work on the Accord was completed in just two years. The strength of the Accord was that it provided a common starting point for opinions. It did so by incorporating the Accord document by reference in opinion letters. That was intended to allow the opinion giver and recipient’s attorney to limit their opinion negotiations to divergences from the Accord document. Material divergences were to be specified in the opinion letter.
The text of the Accord was circulated as an “exposure draft” in The Business Lawyer in February 1991. Many comments were received. The final version of the Accord was published as part of a report of the committee in the November 1991 issue of The Business Lawyer. The Accord was 47 pages long. Mastery of the Accord document by both opinion giver and recipient’s attorney was required to use it effectively. The Accord did not purport to be a statement of customary practice. It resolved uncertainty on a variety of legal opinion questions and followed established custom when that was clear.
Quite a number of attorneys began to use the Accord and expressed satisfaction with its approach, but there was also sustained and significant criticism of the Accord approach. Some attorneys regarded the Accord document as unfairly favoring the opinion giver. Others were not interested in “fixing” what they saw as a well-functioning system. Many opinion preparers and recipient’s attorneys declined to master the Accord document for a variety of reasons. Accord opinions were not accepted by many institutional lenders. In the end, Accord usage was diminished, and the Accord was not utilized to any significant extent in major transactions.
We think of the Accord as one of those remarkably intelligent efforts we see from time to time that are influential because of their ideas, but are not widely used for their intended purpose. The Accord helped to advance a national consensus on opinion practice, although it provided an alternative to customary opinion practice. Many attorneys concerned with opinion practice keep a copy of the Accord on their bookshelf for reference.
As part of the 1991 Legal Opinions Committee report that included the Accord, the Guidelines (fully titled Certain Guidelines for the Negotiation and Preparation of Third-Party Legal Opinions) were also issued. The Guidelines dealt with topics that did not seem to the drafting committee to “fit” into the Accord. They were less than 10 pages long and were stated to be applicable whether an Accord or customary practice opinion was given. This project of the committee proceeded at the same time the Accord was prepared by the committee. (The Guidelines were updated in 2002 by Guidelines II, with Steve Weise as the reporter. See 57 Bus. Law. 875.) The Guidelines and Guidelines II have achieved broad acceptance.
In a remarkable burst of energy, in the four years 1988–1991, the committee was formed and made a lasting contribution to opinion practice. It held the only national conference ever on opinion practice. It followed up with a National Institute on Third Party Legal Opinions in three cities across the country, and it issued both the Accord and Guidelines. After more than 25 years, both of them still have significance in opinion practice.
The year 2018 marks the 30th anniversary of the first efforts of the Business Law Section regarding opinion practice. These early efforts have been continued and expanded under the leadership of the committee chairs. Steve Weise succeeded Henry Wheeler as chair; thereafter the following served as chair: (now Judge) Tom Ambro; Don Glazer; Arthur Field; Carolan Berkley; John Power; Stan Keller; Tim Hoxie; and the current chair, Ettore Santucci.
Connect with a global network of over 30,000 business law professionals
