A recent decision from the United States District Court for the District of Columbia emphasized that neither attorney-client privilege nor work product protection will shield a report provided by a third party retained by counsel where the report provides non-legal advice.** 

Guo Wengui v. Clark Hill, PLC,[1] arose from the cybersecurity breach of a law firm’s database on September 12, 2017.  After confidential information about him was publicly disseminated, a client (Wengui) sued the law firm (Clark Hill) claiming that it failed to take sufficient precautions to protect his data.  Immediately after learning about the breach, Clark Hill ordered an investigation into what had occurred.  It employed its regular cyber security provider, eSentire, to investigate and remediate, as appropriate.  The purported purpose of eSentire’s work was for “business continuity.”[2] 

Two days later, on September 14, 2017, while the breach may still have been ongoing, Clark Hill hired a law firm, Musick, Peeler & Garrett (“MP&G”), to provide legal advice relating to the incident.  MP&G hired an independent cyber security firm, Duff & Phelps, to assist MP&G in providing legal advice to Clark Hill and to prepare for anticipated litigation.  Duff & Phelps went on site on September 14, 2017.[3]  It ultimately produced a full investigative report which included “specific remediation advice.”[4]  The General Counsel of Clark Hill, Edward Hood, reviewed the report.  Hood then shared the report with “select members of the leadership and IT team” at Clark Hill.[5] Clark Hill also shared the report with the Federal Bureau of Investigation (“FBI”) in connection with the FBI’s investigation of the incident.[6]

Litigation was, in fact, filed in September 2019.  During the course of discovery, the client requested “all reports of [Clark Hills’s] forensic investigation into the cyberattack.”[7] The client also served interrogatories asking Clark Hill to state the facts or reasons why the attack occurred.[8]  Clark Hill responded to the document production requests by providing (among other things) documents from eSentire.  Notably, the partial production did not include any formal report or any specific findings from eSentire on the cause of the breach.[9] 

Clark Hill objected to producing other responsive documents and to answering the interrogatories, claiming that the information from Duff & Phelps was protected by the attorney-client privilege and work product protection.  It maintained that its understanding of the cause of the attack came solely from the investigation performed by Duff & Phelps, which was ordered by MP&G to provide legal advice and in anticipation of litigation.[10] 

Plaintiff disagreed and filed a motion for sanctions.  On January 21, 2021, the court granted the motion for sanctions, finding that the attorney-client privilege and the work product protection doctrine did not apply to the requested information.

Attorney-client privilege

Generally, the attorney-client privilege applies to “a confidential communication between attorney and client if that communication was made for the purpose of obtaining or providing legal advice to the client.”[11]  The Duff & Phelps report was not a communication between attorney and client.  Courts have recognized, however, that certain documents prepared by third parties may be covered by the privilege if the document was prepared to help facilitate the provision of legal advice by, for example, explaining technical materials or acting in the capacity of a translator.[12]  The courts have cautioned that this principle must be narrowly applied – if the advice sought by the client is really the advice of the third party, and not the lawyer, no privilege would exist.[13]

The Wengui court readily concluded that the advice in the Duff & Phelps report was cybersecurity advice, and not legal advice, and therefore not protected by the attorney-client privilege.[14]

Work Product Doctrine

In federal court, the work product protection doctrine shields from discovery certain materials prepared in anticipation of litigation.  Under Federal Rule of Civil Procedure 26(b), “[o]rdinarily, a party may not discover documents and tangible things that are prepared in anticipation of litigation . . . by or for another party or its representative (including the other party’s attorney, consultant, . . . or agent).”[15]  The Wengui court then applied the “because of” standard in order to determine whether a document was “prepared in anticipation of litigation.”  The “because of” test asks “whether, in light of the nature of the document and the factual situation in the particular case, the document can fairly be said to have been prepared or obtained because of the prospect of litigation.”[16]  As the court further explained, “[w]here a document would have been created ‘in substantially similar form’ regardless of the litigation,” it fails that test, meaning that “work product protection is not available.”[17]    

The Wengui court found it “highly likely” that Clark Hill would have investigated the cause of the cybersecurity breach and steps to remediate it whether or not the firm was anticipating litigation.  The court favorably cited other decisions which held that investigating a cyber breach is a necessary business function.  After the court’s in camera review of the report, the court concluded that “substantially the same” document would have been prepared in the normal course of business.[18] 

Key Case Clearly Distinguishable

Clark Hill primarily relied on the case of In re Target Corp. Customer Data Sec. Breach Litig.[19] to support both theories to shield production of the information.  The court easily distinguished the facts in Wengui from the Target case in connection with both arguments. 

With respect to the work product doctrine, the court rejected Clark Hill’s view that there were two tracks to the investigation which led to the protection of the Duff & Phelps report:  1) the eSentire track allegedly being the one conducted in the normal course; and 2) the Duff & Phelps report supposedly being prepared solely to assist in the legal representation.  The court found that the Duff & Phelps report was prepared instead of, rather than in addition to, the work performed by eSentire.[20]  Indeed, Duff & Phelps began its work within days of Clark Hill discovering the breach, while the breach was ongoing.  eSentire never produced a report or any findings about the cause of the breach.  The General Counsel of Clark Hill shared the report with a broad audience, including in-house leadership, IT and Clark Hill also shared it with the FBI in connection with the FBI’s investigation.  The court concluded that these non-litigation uses of the report demonstrated that the report was not prepared “because of” litigation.  Merely “paper[ing]” the report through attorneys did not shield it from disclosure.[21]

As for the attorney-client privilege, there were three distinguishing facts in Target.  First, Target established that it took the “two track” approach.  Second, the report that was shielded from disclosure by the court in that case was not shared with a wide audience.  Third, the Target report, unlike the Duff & Phelps report, did not include specific suggestions for remediation.[22] 

What about In re Kellogg Brown & Root, Inc.?[23]

Although the court cited In re Kellogg Brown & Root, Inc.,[24] the court did not apply its holding even though it appears directly applicable to Clark Hill’s case.  The In re Kellogg Brown & Root, Inc., court addressed the standard to apply in determining whether an investigative report was protected by the attorney-client privilege.  There, the appellate court rejected the “but for” test in favor of “a primary purpose” test.

Kellogg Brown & Root (“KBR”) received an employee tip about potential misconduct in connection with administering government contracts – specifically, inflating costs and accepting kickbacks.[25]  KBR initiated an internal investigation, led by its Law Department, as required by its Code of Business Conduct.[26]  Some, but not all, of the interviews were conducted by in-house attorneys, others were conducted by investigators at the direction of counsel.  No outside counsel was retained.[27]  A report of the investigation was prepared.  A KBR employee then filed a whistleblower complaint relating to the same conduct.

The plaintiff/employee sought the production of documents related to KBR’s internal investigation.  KBR objected on the basis of the attorney-client privilege.  The lower court ordered production of the documents, but the Court of Appeals reversed.  The Court of Appeals ruled that often there is not one primary purpose – legal and/or business – for a communication.  The test is, rather, whether “obtaining or providing legal advice” was “a primary purpose of the communication.”[28]  The Appeals Court found that the privilege applies even though interviews may be conducted by non-attorneys, if they are conducted at the direction of attorneys, and therefore by non-lawyers acting as legal agents.

Had the court in Wengui held that the report at issue included some legal advice, and applied the standard from In re Kellogg Brown & Root, would the decision have been different?  Probably not.  The investigation by KBR clearly was controlled by the Law Department to gain facts in order to provide advice to the company.  Those interviewed were told about the purpose of the investigation and that the information would be held in confidence.  The information was not shared beyond those with a need to know, and certainly not with any outside agency.  And, based on the facts found by the Wengui court, learning what happened in the cybersecurity breach in order to properly remediate it was the only real purpose of the Duff & Phelps report.  eSentire, the normal service provider, was not the entity tasked with determining the required remediation procedures.

Lessons Learned

Wengui emphasizes the following principles:

• The mere fact that communication is made to an attorney does not mean the communication is privileged; and
• Materials are not automatically protected by the privilege merely because they are provided to or prepared by an attorney.[29]

Building upon those principles, here are some steps counsel can take to preserve privilege protection for investigation materials, whether prepared by counsel or a third party at the direction of counsel:

• Clearly communicate that the investigation is being performed in order to secure legal advice;
• Prepare an investigation plan;
• Perform the interviews or create the template for questions to be asked;
• Schedule regular briefings as the investigation proceeds;
• Provide analyses of the information gleaned during the investigation;
• Provide recommendations of legal steps to take as a result; and
• Limit distribution of any report to those who actually need the information as part of their job responsibilities in connection with the investigation.

**  Hope A. Comisky is a member of Griesing Law, LLC. Hope A. Comisky is a Member of Griesing Law, LLC and Chair of the Firm’s Employment and Ethics & Professional Responsibility practice groups. She is a top-ranked employment attorney and an experienced arbiter with over thirty-five years of employment and litigation experience. She counsels clients on employment and professional responsibility issues, provides training and offers strategic advice on employment litigation matters and professional responsibility initiatives. Hope is also a frequent lecturer and author on employment law and professional responsibility topics. She received her B.A. from Cornell University and J.D. from the University of Pennsylvania Law School. She can be reached at [email protected].

[1] No. 19-3195, 2021 WL 106417 (D.D.C. January 12, 2021).

[2] 2021 WL 106417, at *3.

[3] 2021 WL 106417, at *4.

[4] 2021 WL 106417, at *6.

[5] 2021 WL 106417, at *5.

[6] Wengui is a Chinese fugitive who is a target for the Chinese Communist Party (CCP) and often referred to as an activist or dissident.  https://foreignpolicy.com/2020/08/26/guo-wengui-chinese-billionaire-emigre-links-steve-bannon/

[7] 2021 WL 106417, at *1.

[8] 2021 WL 106417, at *1.

[9] 2021 WL 106417, at *4.

[10] 2021 WL 106417, at *1.

[11] In re Kellogg Brown & Root, Inc., 756 F.3d 754, 757 (D.C. Cir. 2014). 

[12] See, the leading case of United States v. Kovel, 296 F.2d 918, 921-22 (2d Cir. 1961).

[13] 296 F.2d at 922-23.

[14] 2021 WL 106417, at *6.

[15] Fed R. Civ. P. 26(b)(3)(A).  

[16] 2021 WL 106417, at *2, citing United States v. Deloitte LLP, 610 F.3d 129, 137 (D.C. Cir. 2010) (citations omitted).

[17] 2021 WL 106417, at *2, citing FTC v. BoehringerIngelheim Pharms., Inc., 778 F.3d 142, 149 (D.C. Cir. 2015) (quoting Deloitte, 610 F.3d at 138). 

[18] 2021 WL 106417, at *2.

[19]  In re Target Corp. Customer Data Sec. Breach Litig., MDL No. 14-2522, 2015 WL 6777384 (D. Minn. Oct. 23, 2015).

[20] 2021 WL 106417, at *4.

[21] 2021 WL 106417, at *4.

[22] See, In re Target Corp. Customer Data Sec. Breach Litig., 2015 WL 6777384, at *2-*3.

[23] 756 F.3d 754, 757 (D.C. Cir. 2014).

[24] 756 F.3d at 759-760.

[25] 756 F.3d at 756.

[26] 756 F.3d at 756.

[27] 756 F.3d at 757-58.

[28] 756 F.3d at 760 (emphasis added).  

[29] Although outside the scope of this article, the court also addressed a third argument with respect to the request by Wengui for production of “[a]ll documents reflecting that the ‘hacking’ . . . resulted in a third party’s obtaining . . . information, data, or material regarding any Clark Hill client other than or in addition to plaintiff.”  The court granted the motion to compel stating that any confidentiality concerns could be remedied by redacting the clients’ names.  2021 WL 106417, at *1, *6-*7.

Special Purpose Acquisition Company (SPAC) transactions have experienced a meteoric rise in the capital markets.  In 2019, there were 59 SPAC Initial Public Offerings (IPOs) with gross proceeds of approximately $14 billion.  In 2020, there were 248 SPAC IPOs with gross proceeds of approximately $83 billion[1] – an astronomical  320% increase in the number of SPAC IPOs and 500% year-to-year increase in gross proceeds.  Generally, SPACs have maintained a similar structure.  However, a recent SPAC, Pershing Square Tontine Holdings, Ltd., in conjunction with fundamental M&A law, might have unleashed market forces that will fundamentally transform the prevailing structure of SPACs.

A SPAC is a publicly-traded blank check company created to take a private company public through a merger.[2]  In a SPAC IPO, a SPAC generally offers units, each consisting of one share of common stock and a warrant to purchase a fraction of common stock at a set price.  Subject to the terms in the prospectus, the common stock and warrants from the units become separately and freely transferable after the IPO.  A SPAC typically has two years to identify a target company and complete the business combination, often referred to as a “de-SPAC” transaction, or liquidate and return the proceeds from the IPO to the shareholders.  Additionally, when a SPAC proposes a merger, the shareholders have the option to participate in the merger or redeem their shares at the initial IPO price with accrued interest. 

Benefits of SPAC Transactions

SPACs have several benefits from a transactional engineering standpoint.  Primarily, SPACs provide private companies an avenue to go public with less liability exposure from federal securities laws, and provide flexibility in M&A transactions.  In a recently published article, I surmised that “the only significant liability distinction between public and private securities is the heightened pleading standard of scienter-based causes of action” associated with private securities.  Stated succinctly, IPO issuers have exposure to the strict liability causes of action in §§ 11 and 12 of the Securities Act.  Conversely, plaintiffs in causes of actions stemming from private securities are relegated to § 10(b) of the Exchange Act, which requires a showing of scienter; and scienter has become increasingly difficult to establish since the Supreme Court added a plausibility standard to pleading requirements. In effect, SPACs reduce §§ 11 and 12 liability significantly for private companies looking to go public.

Additionally, M&A lawyers often herald SPACs’ advantages over conventional IPOs and M&A transactions.  These advantages include a SPAC’s potential to improve the conventional IPO process by reducing information asymmetry, increasing price and deal certainty, improving efficiency, and providing the potential for flexible deal terms.[4] From a policy perspective, proponents of SPACs argue that SPACs democratize investing and allow non-accredited investors to invest alongside private equity and hedge fund managers in potentially lucrative deals. 

Downside of SPAC Transactions

Critics of SPACs argue that the investment structure is extremely and unnecessarily dilutive.  The dilution stems from the compensation sponsors receive in the form of a sponsor’s “promote” (typically 20% of the post-IPO equity); underwriting fees (typically 5% of the IPO proceeds); and SPAC warrants and rights.  Inevitably, the non-redeeming SPAC shareholders and/or the target company shareholders absorb the dilution inherent in conventional SPAC structures.[5]  Additionally, because the sponsor’s promote and associated rights partially protect sponsors from the downside of a de-SPAC transaction, traditional SPAC structures have the potential to create a moral hazard problem, and may lead to conflicts of interests between the sponsors and SPAC shareholders.  On December 22, 2020, the SEC issued a CF Disclosure Guidance highlighting this issue.[6]

The Pershing Square Tontine SPAC Model

The Pershing Square Tontine Holdings, Ltd. (PSTH) SPAC features numerous provisions that set it apart from conventional SPAC structures.[7]  Of particular note:

• The PSTH sponsors will not receive the traditional 20% promote of the post-IPO common stock for a nominal price. Instead, the sponsors will purchase Sponsor Warrants at fair market value, with an exercise price of $24.00 per share.
• PSTH Sponsor Warrants are generally not transferable or exercisable until three years after a de-SPAC transaction.
• PSTH Sponsor Warrants are not exercisable until the common stock value is at least 20% higher than the IPO price.
• The fractional warrants associated with the PSTH SPAC units are considerably lower than conventional SPAC warrants. The terms of the warrants are engineered to reward non-redeeming shareholders and minimize gains for short-term investors.

PSTH’s structure mitigates several of the structural concerns of SPACs, which might give the PSTH structure a competitive advantage over conventional SPACs in the capital market, and perhaps more importantly, in the market for suitable acquisition targets.  The PSTH model is less dilutive than conventional SPAC models; additionally, the warrant structure of the PSTH model aligns the downside for sponsors with its common stock shareholders and target companies’ shareholders.

As it relates to the capital market, the PSTH model might be more attractive to some investors and less so to others.  Investors who are inclined to divest their shares before the consummations of the de-SPAC transaction will be less attracted to the redemption and warrant rights of the PSTH model.  However, the PSTH model might be able to offset the loss of capital from short-term investors with that from traditional institutional investors.  To the extent the PSTH model transforms the compensation to SPAC sponsors to align sponsors’ interest with that of SPAC shareholders and create a fee structure that resembles conventional hedge funds and private equity funds, SPACs that use the PSTH model might become more attractive to institutional investors.  Additionally, the PSTH model might help assuage regulators’ and policymakers’ concerns as retail investors participate in investment activities traditionally relegated to accredited investors through SPACs, while the debate over the proper balance between investor protection and democratizing finance unfolds.

Of particular note, fundamental M&A law might give the PSTH model a competitive advantage when bidding for a suitable acquisition target.  Under Delaware law and many other jurisdictions, a target company’s board has a fiduciary duty to “seek the best transaction for shareholders reasonably available” if the company decides to merge.[8]  The PSTH model has embedded structural advantages that will help sponsors structure deals that are deemed best transactions in bids for target companies.  As stated above, conventional SPAC models are fundamentally dilutive.  To the extent that a target company has to bear part of the dilution cost, or the PSTH structure helps create a superior bid for a target company, the target company’s board will have a fiduciary duty to accept the bid from the PSTH structure.

Conclusion

As SPACs continue to evolve and gain prominence as part of the toolkit for private companies to obtain liquidity, competition for capital and attractive companies to take public will intensify.  Additionally, capital from SPAC IPOs allocated for deals will start to accumulate.  Contemporaneously, M&A fiduciary laws and market forces will start to affect the evolution of SPAC transactions.  As SPACs with a similar structure to the PSTH model start to win competitive bids for attractive target companies because their structure helps create the best transaction, market forces will pressure market participants to adapt.  The composition of SPAC investors might also evolve with a change of SPACs’ structure.  Specifically, as short-term investors begin to exit the market, institutional investors looking to capitalize on the transactional and regulatory benefits of SPACs over IPOs and conventional M&A transactions might increase their SPAC investment allocation.

[1] See, SPACInsider, https://spacinsider.com/stats/.

[2] See, Investor Bulletin: What You Need to Know About SPACs, available at: https://www.sec.gov/oiea/investor-alerts-and-bulletins/what-you-need-know-about-spacs-investor-bulletin.

[3] See, Frantz Jacques, Securities Law and Digital Asset Products, Bloomberg Law (January 22, 2021).

[4] See, Skadden, Arps, Slate, Meagher & Flom LLP, The Year of the SPAC: Insights, available at: https://www.skadden.com/insights/publications/2021/01/2021-insights/corporate/the-year-of-the-spac.

[5] See, Michael Klausner, Michael Ohlrogge, and Emily Ruan, A Sober Look at SPACs, available at: https://corpgov.law.harvard.edu/2020/11/19/a-sober-look-at-spacs/.

[6] See, Special Purpose Acquisition Companies, available at: https://www.sec.gov/corpfin/disclosure-special-purpose-acquisition-companies.

[7] The PSTH Registration Statement is available at: https://www.sec.gov/Archives/edgar/data/1811882/000119312520175042/d930055ds1.htm.

[8] See, Ann Beth Stebbins & Tom Kennedy, the U.S. chapter of The International Comparative Legal Guide to: Mergers & Acquisitions 2019. 

An earlier article, Choice of Law/Forum and Waiving the Right to a Jury Trial: California Court Holds That the Former Cannot Do the Latter,[1] reviewed the William West v. Access Control Related Enterprises, LLC decision in which a California court held that a California citizen could not be required to litigate an action involving a Delaware LLC in the Delaware Chancery Court because that forum does not provide for jury trials. In a subsequent addition to the choice of law battle between California and Delaware, the Delaware Chancery Court in JUUL Labs, Inc. v. Grove held that the inspection of books and records of a Delaware corporation is governed by Delaware law notwithstanding a California statute to the contrary.[2]

Daniel Grove was a shareholder and employee of JUUL Labs, Inc. This corporation is organized in Delaware, but its principal place of business is in San Francisco. Grove demanded to inspect JUUL’s books and records under Section 1601 of the California Corporations Code, indicating that if he did not receive the requested books and records he would bring suit in California to compel inspection under California law. The California Corporations Code, at section 1601(a), purports to apply not only to corporations incorporated in California but also to “any foreign corporation keeping such records in this state or having its principal executive office in this state.” JUUL, in response, filed this action in the Delaware Chancery Court, seeking among other relief a declaration that it is Delaware, not California, law that governs Grove’s rights to inspect JUUL’s books and records. It sought further relief in the form of an injunction against Grove to prevent him from attempting to circumvent certain contractual limitations on his ability to inspect books and records. Thereafter, Grove filed an action in the Superior Court of California for the County of San Francisco seeking relief under California Corporations Code Section 1601. That action, Grove v. Adam Bowen,[3] was stayed by the California court.

The Chancery Court, after disposing of arguments that Grove had, by contract, waived his right to bring an action under California Section 1601, turned to the (frankly more interesting) question of the Internal Affairs Doctrine. That analysis began with a quotation from the decision of the United States Supreme Court, Edgar v. MITE Corp., namely:

The internal affairs doctrine is a conflict of laws principles which recognizes that only one State should have the authority to regulate a corporation’s internal affairs—matters particular to the relationships among or between the corporation and its current officers, directors, and shareholders—because otherwise a corporation could be faced with conflicting demands.[4]  

From there the court cited a number of Delaware decisions holding that the Internal Affairs Doctrine protects rights that arise under the Due Process Clause, the Full Faith and Credit Clause, and the Commerce Clause,[5] all of which may be well and good, but to this point still beg the question of exactly what actions and activities constitute “internal affairs.” It was to that question that the court next turned its attention. For the Delaware Chancery Court, it was not a close question. Rather, “Stockholder inspection rights are a core matter of internal corporate affairs.”[6] Turning its attention to the analysis previously set forth in Salzberg v. Sciavacucchi,[7] the court reviewed that decision and determined that inspection of books and records is a core internal affair.

The Chancery Court went on to compare section 1600 of the California Corporations Code, which affords access to the shareholder list, with section 220 of the Delaware General Corporation Law (DGCL), finding the California statute to be broader than that of Delaware. Likewise, the comparison of California Corporations Code section 1602, governing the inspection rights of directors, was made against DGCL section 220(d), with another determination being made that the rights under California law are broader than they are under Delaware law ultimately:

Generally speaking, the California inspection regime is not radically different from the Delaware regime, but it is not the same either. California’s precious balancing of the competing interests between stockholders and the Corporation differ from Delaware’s.[8]

Drawing a line in the sand, the JUUL court wrote:

Under constitutional principles outlined by the Supreme Court of the United States and under Delaware Supreme Court precedent, stockholder inspection rights are a matter of internal affairs. Grove’s rights as a stockholder are governed by Delaware law, not by California law. Grove therefore cannot seek an inspection under [California Corporate Code] section 1601.[9]

JUUL’s Amended and Restated Certificate of Incorporation contains an exclusive jurisdiction clause requiring that “the Court of Chancery in the state of Delaware shall be the sole and exclusive forum for any stockholder (including a beneficial owner) to bring . . . (iv) any action asserting a claim against the Corporation, its directors, officers, employees or stockholders governed by the Internal Affairs Doctrine.” On that basis, and citing Boilermakers Local 145 Ret. Fund v. Chevron Corp.,[10] it was held that the inspection of records could be brought only in the Delaware Chancery Court.[11]

So there you have it; unsurprisingly, the Delaware Chancery Court has held that the right of inspection of corporate books and records is soundly within the scope of the “internal affairs” of the Corporation, and therefore governed by the law of the jurisdiction of organization, and that a provision in the certificate of incorporation vesting exclusive jurisdiction to hear disputes with respect to internal affairs in the Delaware Chancery Court will likewise be enforced. The question the JUUL court did not resolve was whether contractual waivers of the right to inspect books and records will, when properly presented to the court, be enforced.[12] But again, that determination should be made under the Internal Affairs Doctrine.

Procedurally, Delaware courts will continue to apply its broad interpretation of “internal affairs,” and as long as exclusive jurisdiction provisions of certificates and by-laws are enforced by Delaware courts,[13] and there is no reason to think to the contrary, we could end up in a situation in which companies as a matter of ordinary course include (i) exclusive jurisdiction clauses that expressly encompass inspection of books and records and (ii) waivers of the right to inspect, whether under DGCL § 220, under the law of any other jurisdiction, or under common law. Ergo, “it would mean that 220 inspection rights could be left a functional dead letter.”[14] The question will then arise as to whether the courts of California or another state will disagree that (a) the Delaware courts have exclusive jurisdiction or (b) that inspection rights are subject to waiver, thereby setting up a true conflict as to choice of law.

Another interesting interface of a potential elimination of inspection rights will be upon the standards to bring a derivative action. Currently, Delaware imposes a high threshold for bringing a derivative action, cautioning that plaintiffs should avail themselves of DGCL § 220 inspection rights in order to plead the prospective case with the necessary degree of specificity. If by private ordering the shareholders’ right of inspection has been restricted or eliminated, will the enhanced standards for bringing a derivative action be necessarily reduced?[16] 

[1] Business Law Today (Sept. 2020).

[2] 238 A.3d 904 (Del. Ch. 2020).

[3] Superior Court of California, CGC20582059.

[4] 457 U.S. 624, 645 (1982) (citing Restatement (Second) of Conflict of Laws § 302 cmt. b. (1971)).

[5] 238 A.3d at 914.

[6] 238 A.3d at 915.

[7] 227 A.3d 102 (Del. 2020).

[8] 238 A.3d at 917.

[9] 238 A.3d at 918.

[10] 73 A.3d 934, 963 (Del. Ch. 2013).

[11] 238 A.3d at 919.

[12] 238 A.3d at 919-20.

[13] See Salzberg v. Sciabacucci, 227 A.3d 102 (2020); see also Gabriel K. Gillett, Michael F. Linden, and Howard S. Suskin, Delaware Supreme Court Declares Federal Forum Provisions in Corporate Charters Are “Facially Valid,” Business Law Today (April 2, 2020).

[14] See Professor Ann Lipton (Tulane Law) in a posting on the Business Law Prof Blog on August 15, 2020, titled The United States of Delaware.

[15] See AmerisourceBergen Corporation v. Lebanon County Employees’ Retirement Fund, 243 A.3d 417 (Del. 2020) (“For over a quarter-century, this Court has repeatedly encouraged stockholders suspicious of a corporation’s management or operations to exercise this right to obtain the information necessary to meet the particularization requirements that are applicable in derivative litigation.”); Id. collecting case at note 33.

[16] While this is not the place for a full exploration thereof, there exists a significant policy question with respect to whether, particularly in closely held ventures, limitations on inspection of books and records should be permitted. While it is necessary to balance the need of the corporation or other legal entity to operate in accordance with the directions of its management, eliminating access to books and records allows those fiduciaries the benefit of operating without oversight. See also Thomas E. Rutledge, Who Will Watch the Watchers?: Derivative Actions in Nonprofit Corporations, 103 Kentucky Law Journal Online 31 (2015). The hazard is obvious.

The economic impact of COVID-19 has been almost universal, yet some economies appear to be recovering more quickly than others. Comparing some of the major components of select stimulus programs in Germany, Singapore, and the United Kingdom in response to the economic downturn may help explain the different economic recovery rates. Yet, despite huge variations in legal systems, population, geography, and culture in the countries analyzed, we found significant uniformity in the programs implemented, with the contrasts akin to variations on a theme. 

Early Responses

Each country under review announced large stimulus packages between February and May 2020. Germany adopted a $844 billion[1] package comprised of a $175 billion stimulus program and $675 billion worth of loans and loan guarantees to struggling companies. The UK’s response, announced on March 17, 2020, also included large loan guarantee schemes, including two parallel programs: one for large companies (the “CLBILS”) and one targeting small and medium-sized enterprises (the “CBILS”). Singapore implemented five separate stimulus packages between February 18 and May 26, 2020, totaling approximately $71.8 billion. 

All three countries quickly instituted wage subsidy programs, with the German government providing a minimum of 60 percent of employee salaries, Singapore providing 50 percent (later increased to 75 percent), and the UK providing 80 percent of furloughed employees’ salaries. As of early July 2020, the UK’s furlough program had supplemented 9 million employees’ wages while another program supported an additional 2.7 million self-employed persons. Singapore also instituted a Wage Credit Scheme to provide government funding for employee wage increases given in 2019 or early 2020. These programs assuaged some of the economic pain caused by huge spikes in unemployment as lockdowns took effect in the second quarter of 2020. (See the representative graphs here for Germany, here  for Singapore, and here for the UK.)

In addition, Germany announced a three-month payment moratorium on consumer loans issued prior to March 15, 2020 for households financially impacted by the pandemic. Singapore provided individuals and businesses with assistance to make insurance premium payments, and the UK Financial Conduct Authority requested that firms freeze payments on loans and credit cards for up to three months in April 2020. 

Summer 2020 Packages

Generalized worker and company support programs

On June 29, 2020, the German Parliament passed a $146 billion package establishing and funding a number of programs designed to support workers and prop up struggling companies. The package provided families with an approximate $350 per child payment, doubled the single-parent income tax allowance to $4,500, and extended access to basic income support through the balance of 2020. On July 8, 2020, Germany provided $28 billion in bridging grants to companies to cover fixed operating costs. Companies with more than 10 employees could obtain grants capped at $169,000 depending on how steeply the company’s sales revenue had declined.

On July 8, 2020, the UK announced a “Plan for Jobs” estimated to cost up to $37.5 billion. Similar to Germany’s June 2020 stimulus package, the UK Plan included a number of programs designed to support workers and companies. The Plan extended some programs and established others, including the “Kickstart Scheme,” which provided $2.5 billion to create hundreds of thousands of six-month work placements for those aged 16 to 24 and deemed to be at risk of long-term unemployment, and the Job Retention Bonus, which provided a one-off payment of approximately $1,250 to UK employers for every furloughed employee who remained continuously employed through January 2021. 

Singapore’s Summer 2020 efforts largely extended and supplemented already established programs. Eligibility for the Workfare Special Payment, a grant to low-wage workers, was widened, and the Job Support Scheme was extended to cover employee wages until March 2021. The COVID-19 Support Grant, introduced in May 2020 to provide grants to unemployed applicants that demonstrate job search or training efforts, was also extended. In August 2020, Singapore announced the Jobs Growth Incentive (JGI), a $718 million program to encourage firms to increase their headcount of local workers, reallocating funding chiefly from development expenditures delayed due to the pandemic.   

Targeted programs

Each country targeted specific portions of their Summer 2020 stimulus programs to assisting particularly hard-hit sectors of the economy, as well as investing significant chunks to upgrade infrastructure and support industries of the future.

To shore up restaurants and pubs, the UK created the “Eat Out to Help Out” program, which provided diners with a 50% discount on meals and non-alcoholic drinks purchased at eateries during August 2020. The government also reduced the VAT rate from 20% to 5% at restaurants, hotels, and tourist attractions. Singapore provided its highest level of wage subsidies to employees working in the hardest-hit sectors, namely aerospace, aviation, and tourism. Singapore also provided a standalone relief package for airlines and their employees, and $230 million in vouchers to Singaporeans for use at local attractions, to offset the loss of dollars from now-nonexistent foreign tourists.

The stimulus programs also focused on technology, digitalization and sustainability. Germany’s June 2020 stimulus featured a $56 billion “future investment package” that included a doubling of the electric car buyer rebate to $6,750, $2.8 billion in e-charging facility upgrades, electric-powered bus and truck purchases, and battery cell production, $5.6 billion to the railway company Deutsche Bahn to support modernization, expansion, and electrification of the railway system, and $10 billion to research and develop hydrogen fuel technology with the hope of becoming a world leader in the space. Billions more were invested to retrofit buildings, build out 5G infrastructure, research artificial intelligence, and build “at least two” quantum computers.

The UK introduced a $2.5 billion Green Homes Grant, providing $2 for every $1 spent on home energy efficiency upgrades. The Plan for Jobs established and funded more environmental programs to promote decarbonization of public buildings, to support environmental charities, to promote direct air capture of CO2, and to develop the next generation of clean automotive technology.  The UK also announced $6.25 billion put toward the acceleration of certain infrastructure projects to support both the economy and the transformation of the nation’s infrastructure.

Fall 2020 Stimulus

In October 2020, Singapore announced a six-month extension of its Enhanced Training Support Program for the hardest-hit sectors and expanded it to provide benefits to companies and workers in the marine and offshore sector. Eligibility for Singapore’s JGI was widened to provide 50% wage support for all new hires with disabilities. The Temporary Bridging Loan Program, providing companies access to low interest, government-guaranteed loans of up to $718,000, was extended six months. The government also provided grocery vouchers to individuals, extended COVID-19 Support Grants for the unemployed, and established a new “baby bonus” to encourage families to have children. 

Similarly, the UK abandoned plans to end several stimulus programs in late Fall 2020, extending wage subsidies and grants to the self-employed and reducing VAT rates. The Bank of England continued its quantitative easing program, agreeing on November 5, 2020 to purchase $187 billion of government bonds to promote lowered borrowing costs for consumers and businesses. The Bank also maintained the benchmark interest rate at 0.1%. In November 2020, Germany extended the enhanced electric vehicle subsidy to 2025. It also provided an additional $16 billion to cover fixed costs of companies and solo entrepreneurs affected by the lockdown re-imposed in November, capped at $225,000 and $5,625 respectively.

The Fall 2020 stimulus packages again emphasized investments in infrastructure and the future.  Singapore funded upgrades at the Changi Air Hub, a major driver of the nation’s economy.  Singapore also dedicated funds to the development of the Tuas Port, with the first berths scheduled to be operational in 2021. When fully completed in 2040, the Tuas Port will be the world’s largest fully automated terminal. 

On November 15, 2020, UK Prime Minister Johnson announced his $15 billion “Ten Point Plan for a Green Industrial Revolution.” The plan called for funding of hydrogen fuel technology, a quadrupling of offshore wind power by 2030, and investments in small, advanced nuclear reactors. Its proposal to ban sales of new gasoline and diesel cars by 2030 grabbed the media’s attention. On November 25, 2020, a $125 billion National Infrastructure Plan was announced as part of the annual Spending Review. The plan seeks to upgrade the nation’s roadways, railways, and develop a network of fiber broadband cables. A billion pounds were set aside for building retrofits, and another billion to “future-proof” the electricity grid along motorways and to support the installation of high-powered charging hubs at motorway service areas by 2023.

Recent Stimulus

Stimulus efforts continued in December 2020 and into 2021. Germany announced a $12.3 billion package to support companies impacted by the shutdown over the 2020 Christmas season, and Chancellor Merkel stated additional “large sums” could be deployed in 2021. Singapore moved into Phase 3 of its reopening plan on December 28, 2020, and has not reported more than one new case of locally transmitted COVID-19 in a single day since February 13, 2021. The country continues to seek ways to reopen to international travel, including constructing the Connect@Changi bubble to permit international business travelers to meet in Singapore. It also implemented new support measures for the finance industry and the local construction industry. The UK extended the furlough and business loan schemes, announced new grant programs, including a $1,250 Christmas grant for pubs, and announced new rounds of funding for Scotland, Wales, and Northern Ireland, which can be spent on business support and COVID-19 medical response efforts, among other things. 

Conclusion

Each country is projected to bounce back to positive growth in 2021, with the IMF projecting annual GDP growth rates of 3.5%, 4.5%, and 5% for Germany, the UK, and Singapore respectively. There is, of course, a good deal of uncertainty regarding those projections with so much still unknown regarding the efficacy, manufacture, and distribution of vaccines, whether the emergence of new virus variants will slow down containment, and whether governments will continue to spend to support their respective economies. One thing that looks increasingly clear, however, is that the multitude of programs discussed above cushioned the economic blow dealt by the virus, and provided some much-needed breathing space (literally and figuratively) as well as a platform for a hoped-for economic resurgence in 2021 and beyond. 

[1] For ease of comparison, all currencies have been converted to US dollars.  The exchange rates were taken as of July 1, 2020, and are as follows: $1 = €0.889 = £0.801 = S$1.394. 

While some forms of payments fraud have existed for centuries (like forged checks), others have emerged more recently. And as banking technology and payment methods evolve, fraudsters are doing their part to keep pace, including by updating classic payment fraud schemes to take advantage of the COVID-19 pandemic. Payments fraud generally falls into two categories:

• unauthorized payments – such as unauthorized ACH debits, altered or forged checks, or transactions initiated after an account takeover; and
• scams – such as fraudulently induced payments, “bad check” scams, and revocable payment fraud.

Some of these traditional fraud schemes have been tailored to take advantage of the pandemic situation by targeting vulnerable consumers (e.g., through imposter or work-from-home scams) and state unemployment agencies, which are defrauded when criminals use consumers’ stolen personally identifiable information (PII) to fraudulently apply for unemployment insurance in the victim’s name, then transfer funds through a “money mule” account.

 A variety of different laws, regulations, and payment system rules are relevant to payments fraud, and different rules apply based on the type of transaction and nature of the fraud.

Core laws applicable to payments fraud include:

• For check transactions: UCC Article 3 – Negotiable Instruments[1], and Article 4 – Bank Deposits and Collections[2];
• For consumer electronic fund transfers: the Electronic Fund Transfer Act[3] and its implementing regulation, Regulation E[4]; and
• For commercial funds transfers: UCC Article 4A – Funds Transfers.

Other laws may also have relevance, such as the various prohibitions on unfair, deceptive and abusive acts or practices (UDAAP), anti-money laundering requirements under the Bank Secrecy Act[5] (BSA), and the privacy and data security requirements for financial institutions under the Gramm-Leach-Bliley Act[6] (GLBA). Further, private sector payment system rules, such as the NACHA Operating Rules for ACH[7], may also apply, particularly with respect to the allocation of loss between financial institutions. Which laws apply, and how, may depend on characteristics of the transaction, including the payment channel, whether the payment was unauthorized or resulted from a scam, and whether it is a consumer or commercial transaction.

Check Fraud

Traditional types of check fraud include check alteration (e.g. changes to the payee or amount of a check), check forgery (a forged drawer’s signature), counterfeit checks, and bad check scams (where a consumer receives a bad check, deposits it, and is asked to send some or all of the provisionally credited funds to a third party).

The UCC generally requires a paying bank to recredit its customer’s account when it pays an unauthorized check, which provides customers protection against checks that are not properly payable. In addition, transfer and presentment warranties determine the allocation of loss between the depositary bank and the paying bank.[8] Whereas, in a bad check scam, the loss is likely to fall on the consumer who deposited the bad check when the check is returned unpaid by the paying bank. In these bad check schemes, fraudsters take advantage of a victim’s lack of understanding of payment system functionality and applicable legal framework by instructing the victim to transfer funds through an irrevocable payment channel (wire transfer) or a method that is difficult to trace and recover (purchasing and mailing a prepaid card) once the depositary bank provisionally credits the funds.

Wire Transfer Scams

Business email compromise (BEC) is a sophisticated form of payments fraud that has emerged in recent years. BEC targets businesses in which employees are tricked into sending funds to a fraudster (typically by wire transfer, but sometimes an ACH credit transfer). BEC is carried out through the compromise of legitimate email accounts and social engineering. Many large banks have taken action to try and prevent their customers from falling victim to BEC, including extensive education campaigns.

For commercial transactions, the allocation of loss that results from a BEC scam between the commercial customer and the bank is determined by Article 4A’s security procedure framework. In particular, the commercial customer (Sender) is not liable to the Sending Bank for a funds transfer that was not authorized. However, the transfer can be deemed “authorized” if the Sending Bank verified the authenticity of the instruction using a mutually agreed upon “security procedure,” the security procedure is commercially reasonable, and the bank accepted the payment order in “good faith” and in compliance with the security procedure.

COVID-19 Scams

Fraudsters have taken advantage of the COVID-19 pandemic to target vulnerable consumers, such as the elderly and unemployed. These scams provide a new twist on classic payment fraud schemes, and have taken various forms, including:

• those involving government impersonators;
• fraudulent cures, medical equipment or charities;
• work-from-home fraud;
• contact tracing scams; and
• scams relating to the CARES Act Economic Impact Payments.

These criminal acts may involve an “imposter scam” scenario, or utilize the “bad check” or fraudulently induced wire transfer schemes, with legal responsibility for the loss determined by existing payment laws and regulations as applicable.

Fraudsters have also targeted state unemployment agencies with scams in which a criminal submits fraudulent unemployment insurance claims using consumers’ stolen personally identifiable information (PII), and instructs payments to accounts controlled by money mules (generally by ACH), who themselves may be either witting or unwitting participants and may be lured to participate through good-Samaritan, romance, and work-from-home schemes. This type of fraud has been facilitated by recent large scale data breaches that led to widespread access to consumer PII that can be used to perpetrate payments fraud and for other illicit purposes, such as identity theft.

Notably, FinCEN has released advisories providing financial institutions guidance on potential red flags of such schemes for purposes of Suspicious Activity Reporting obligations under the Bank Secrecy Act, including where a customer receives multiple state unemployment insurance payments to their account within the same disbursement timeframe from one or multiple states, or receives an unemployment insurance payment from a different state from where the customer lives or works.[9]

Policy Considerations

As banks undertake more measures to help customers avoid becoming victims of payments fraud schemes, it is important to consider whether by doing so they are altering the “delicate balance” of interests contemplated under existing loss allocation rules for fraudulent payments and, if so, how that may impact the availability and pricing of certain types of payments in the future.

[1] UCC §§ 3-101 et seq.

[2] UCC §§ 4-101 et seq.

[3] 15 USC §§ 1693 et seq.

[4] 12 CFR Part 1005

[5] 31 USC §§ 5311 et seq.

[6] 15 USC §§ 6801 et seq.

[7] See https://www.nacha.org/rules/operating-rules.

[8] For example, under the UCC, the depositary bank generally bears the loss for improper endorsements and alterations, while the paying bank generally bears the loss for a forged drawer’s signature or a counterfeit check. These UCC provisions reflect the long-standing rule from Price v. Neal, 3 Burr. 1354, 97 Eng. Rep. 872 (KB. 1763).

[9] FIN-2020-A003, 2020 Advisory on Imposter Scams and Money Mule Schemes Related to Coronavirus Disease 2019 (COVID-19) (July 7, 2020), available at: https://www.fincen.gov/sites/default/files/advisory/2020-07-07/Advisory_%20Imposter_and_Money_Mule_COVID_19_508_FINAL.pdf.

Most-Favored Nations (MFN) clauses (also known as antidiscrimination clauses or most-favored customer clauses) are common in business today. These provisions require that the supplier will treat a particular customer no worse than all other customers (and sometimes even better).  They are often coupled with some sort of monitoring mechanism, such as the power to audit the supplier.  For example, imagine a flour mill signs a requirements contract with Bakery A that contains an MFN clause.  The mill cannot then turn to Bakery B and offer the flour at a lower price without either a) offering the same to Bakery A or b) breaching the requirements contract.  These clauses can extend beyond price to other contractual terms and conditions (e.g., product release dates, promotional prices, or product offerings).

Common as they may be, a series of lawsuits out of New York and California will subject those very clauses to scrutiny under U.S. antitrust law.  First, a class action suit against Amazon and the five largest book publishers in the United States—Hachette Book Group, HarperCollins Publishers, Macmillan Publishing Group, Penguin Random House, and Simon & Schuster (the “Big Five”)—alleges that MFN clauses in ebooks agency contracts amount to an illegal price-fixing agreement.[1]  The suit echoes a 2012 suit against Apple and the Big Five that culminated in a consent decree restricting the use of MFN clauses that prevented ebook retailers from adding their own discounts. 

The second class action accuses Valve, Inc. of using MFN clauses in its contracts with game developers—both big (Ubisoft) and small (Rust)—to maintain its monopoly in personal computer video game sales through its online marketplace Steam as well as stifle competition more generally.  The complaint alleges that the MFN clauses cause game prices across online marketplaces to be the same even though stores like the Epic Games Store take a smaller commission than Valve.  Rather than pass those savings on to the consumer, the developers must maintain higher prices to remain profitable on Steam. 

While the suits target different markets, they boil down to the same issue: when do MFN clauses become anticompetitive?  As the panels to a day-long public workshop on these types of clauses by the 2012 Department of Justice and Federal Trade Commission indicate, it depends on the market at issue, the contracting parties, and the effect on that market.  On the one hand, MFN clauses are practical and advantageous in that they eliminate the purchaser’s risk in negotiating a bad deal under unstable pricing conditions, reduce transaction costs in re-negotiating agreements upon discovery of lower prices, and are generally benign when market power is absent.  On the other hand, MFN clauses as a price-monitoring mechanism can be used to facilitate collusion amongst competitors; discounts to the purchaser’s competitors and new market entrants, regardless of their size, are effectively foreclosed, resulting in increased prices overall.  For these reasons and more, MFN clauses alone are subject to the rule of reason—a lenient standard that requires a rigorous market analysis.

So, what made Amazon and Valve targets for these suits? Market power.  Amazon was public enemy number two (second only to Google) in the House Judiciary Committee’s antitrust report on competition in digital markets, which denounced Amazon’s impact on small- and medium-sized enterprises dependent on the monopolist’s platform.  A humble bookseller no more, the class action alleges that Amazon now enjoys a stunning 90% of the ebook market.  As for Valve, European antitrust regulators recently fined them 1.6 million euros (approx. $2 million) for the practice of restricting access to games based on physical location, which the European Commission deemed an illegal partition of the Digital Single Market. And U.S. regulators may turn towards Valve if the class action is correct in asserting that 75% of all PC games sold in the United States are through Steam.  Both companies have inordinate market share for online sales at a time when antitrust enforcement is experiencing a renaissance and the digital economy is subject to exacting scrutiny. 

The suits should not be a cause for alarm for most companies using MFN clauses.  After all, when small purchasers in unconcentrated markets use MFN clauses to reduce price fluctuations or to commit to a long-term business relationship, courts should recognize that the economic efficiencies outweigh the anticompetitive effects.  But when big tech closes off competition by maverick firms, keeps a watchful eye on its supplier through auditing rights or algorithmic pricing, and guarantees dominance over an extended period of time, it is no surprise that consumers, competitors, and Congress cry foul.  MFN clauses have a time and a place, but it is not at the top.

The United Kingdom Government introduced a National Security and Investment Bill (the “Bill”) to Parliament in November 2020. It passed the House of Commons on 20 January 2021 and will now make its way through the House of Lords. When enacted, the Bill will give the Government unprecedented new powers to investigate and block corporate deals that it suspects might threaten the security of the UK, with potentially thousands of deals having to be pre-notified and cleared by the Government each year. While it is not limited to foreign investment, non-UK investors may attract additional scrutiny. Deal-makers will therefore now need to navigate a new regulatory regime that is much more onerous than the current limited national security intervention powers, and in addition to the usual UK merger control rules.

This piece looks at the background to the Bill, the mandatory notification procedure it will introduce,  the Government’s powers to ‘call-in’ other deals for review, how it will assess national security risks and the potential implications of the Bill for investors.

The Bill a Government white paper, a Parliamentary Select Committee inquiry, and various interim measures stemming from concern over foreign investment in UK assets, including Chinese investment in the Hinkley Point nuclear power plant and Huawei’s involvement in the UK 5G network. There have also been allegations of ‘aggressive acquisitions’ during the COVID-19 pandemic, with the Government giving itself new intervention powers to protect the UK’s capability to combat public health emergencies. There was therefore little surprise when the Government announced a new framework to allow further scrutiny of transactions and investments. At present, the UK Government can only intervene in a transaction on national security grounds where the deal meets the thresholds for UK merger control. The bar for that has recently been lowered for targets with potential national security implications in order to facilitate more Government intervention, but the Bill will replace that regime with a greatly expanded role for the State.

First, the Bill will introduce a pre-closing notification obligation for certain deals, which the Government estimates will catch over 1,000 transactions per year. Second, it will empower the Government to ‘call-in’ acquisitions it considers may give rise to a national security risk, up to five years after the deal has completed. As an anti-avoidance measure, the latter power will apply to any deal completed on or after 12 November 2020 (the day after the Bill was introduced to Parliament).

Mandatory Notification

Scope

The obligation to notify the of a deal will arise where an investor acquires a right or interest in a “qualifying entity” that participates in particular activities within certain key sectors. A qualifying entity can be any form of legal entity (e.g. a company, partnership or trust) and includes non-UK entities that carry on activities in the UK or supply goods or services to persons in the UK. The Bill gives the Government wide powers to make regulations specifying the sectors of the economy and the types of transaction and activity that will engage the notification obligation.

The Government launched a public consultation on the sectors and deals it proposes should be covered, which closed in early January. The results have not yet been announced so it remains to be seen whether the responses will affect the Government’s plans, but the consultation identified 17 sectors as raising potential concerns. These include not only the most obvious candidates but also broad categories that may not have immediately obvious national security implications. The proposed sectors are:

• Advanced Materials
• Advanced Robotics
• Artificial Intelligence
• Civil Nuclear
• Communications
• Computing Hardware
• Critical Suppliers to Government
• Critical Suppliers to the Emergency Services
• Cryptographic Authentication
• Data Infrastructure
• Defence
• Energy
• Engineering Biology
• Military and Dual-Use Technologies
• Quantum Technologies
• Satellite and Space Technologies
• Transport

There is no minimum target turnover or deal value threshold for the notification obligation to apply, and it will catch deals involving non-UK entities that are active in the UK.

Level of Control

A “notifiable acquisition” will arise where the transaction results in the acquiring person either acquiring a right or interest equivalent to at least 15% of the shares or voting rights in the target, or gaining control over the target. Gaining control of an entity means acquiring either:

• more than 25% of the shares or voting rights, with a new notifiable acquisition if an existing shareholder passes thresholds of 50% or 75%; or
• voting rights that enable the acquirer to ensure or prevent the passage of any class of resolution.

Consequences

The Bill provides that a notifiable acquisition will be void if it completes without Government approval. It is not clear what that will mean in practice. Most obviously, it would mean that the terms of the deal would be legally unenforceable. If the parties were content to implement the deal regardless, the Government would have the same powers to unwind a non-notified deal as it has under the voluntary regime (see below).

There will also be very significant corporate and personal consequences for failing to clear a notifiable acquisition. A person who completes such a deal (including any director, manager etc. of a body corporate) risks a criminal conviction with up to five years imprisonment, an unlimited fine, or both. Alternatively, the Government will be able to impose civil penalties of up to the greater of 5% of turnover or £10 million.

Unlike the voluntary regime, the mandatory notification obligation will not have effect so will not affect deals closed prior to the Bill becoming law. However, investors in UK businesses (and businesses with UK interests) should follow the Bill with keen interest, in anticipation of being faced with a significant new regulatory hurdle in 2021.

The ‘Call-in’ Regime and Voluntary Notification

The Bill does not just create risk for deals that qualify as notifiable acquisitions; it also empowers the Government to ‘call-in’ non-notifiable deals for review where it perceives national security concerns.

Scope

This power will exist where a “trigger event” takes place in relation to a “qualifying entity” (see above) or a “qualifying asset”, and the Government thinks the deal could create a national security risk.

The term “qualifying asset” covers a very broad range of assets, including land and corporeal moveable property as well as “ideas, information or techniques which have industrial, commercial or other economic value” (the Bill gives the examples of trade secrets, databases, source code, algorithms, formulae, designs, software, and plans, drawings and specifications). In each case, the asset must be either within the UK or its territorial sea (in the case of land or corporeal property), or otherwise used in connection with activities carried on in the UK or the supply of goods and services to persons in the UK.

A “trigger event” will occur where a person gains control of a qualifying entity or asset. Control of an entity is defined as explained above (and so the 15% threshold does not apply to the call-in power), or where the acquirer gains material influence over the target’s policy (reminiscent of the ‘control’ test in UK merger control). For an asset, gaining control means a person acquiring a right or interest in, or in relation to, the asset that makes them able to use the asset or direct or control how it is used (or able to use it / direct its use to a greater extent). There is, again, no minimum turnover or deal value threshold.

These very broad definitions will give the Government a call-in power over essentially any type of deal where a national security risk might be identified.

Timings

The call-in power can be invoked within six months of the Government becoming aware of the trigger event, up to a maximum of five years after the trigger event. This extremely long window is intended to ensure no transactions slip through the net, either by accident or by design.

This lengthy risk period can be avoided by voluntarily sending notification of the relevant transaction (either before or after completion) to a new Investment Security Unit under the remit of the Business Secretary. As with merger control, it will be for the Government to decide whether the notification contains sufficient information, which means it will control the clock. Once the Government accepts the notification it will have 30 working days to decide whether to call-in the deal for further investigation over an additional 30 working day period (extendible to 75 working days).

A key point to note is that all deals completed after 12 November 2020 will come within the scope of the call-in regime, with the six month / five year periods only commencing when the relevant provisions of the Bill take effect. This anti-avoidance measure means the Bill must already be factored into deals that might raise UK national security considerations, particularly because the process to have a deal cleared via voluntary notification will not even become available until the Bill is fully enacted and in force. In the interim period, parties will have no option but to decide whether to proceed at risk.

Consequences

Where the Government identifies a risk to national security it can impose remedies to prevent, remedy or mitigate that risk. The Bill gives a wide discretion on the remedies that can be imposed, but options are likely to include:

• unwinding a completed deal (e.g. by divestment of the relevant entity or asset);
• prohibiting a deal that has not yet been completed;
• requiring the business to appoint someone to supervise and potentially control any activities that would cause a national security concern; and
• operational restrictions, such as making UK security clearance a condition of a person accessing particular information, working at a particular site, taking part in certain operations, or even holding a management role in the organisation.

If a completed deal is called-in or notified, the Government will be able to impose interim orders to prevent the review process being frustrated, most obviously by prohibiting the acquirer from integrating the acquired business or asset into its own operations. Such orders are routinely made in merger control cases, but may well be even stricter in the national security context.

In a further parallel with UK merger control (also, in principle, a voluntary regime), the potential consequences of completing a deal only for it to be called-in for review – including the administrative and financial burden of complying with an interim order, as well as the substantive risk of a forced sale of the entity or asset purchased – mean that buyers and investors are likely to err on the side of caution and try to make any deal that might have national security implications conditional on Government clearance.

Interestingly (and very much unlike merger control), the Bill confers a power on the Government to give financial assistance to an entity in consequence of an order. That perhaps reflects a principle that the State should meet at least part of any additional cost incurred by a private entity as a result of measures imposed on national security grounds.

How Will National Security Risks Be Assessed?

The Bill does not define potential risks to national security in any meaningful sense. However, the Government has published a draft ‘Statement of Policy Intent’ describing how it expects to use the call-in power.

The Government expects to consider three risk factors:

1. Target risk: the entity or asset subject to the trigger event could be used to undermine UK national security (e.g. the entity or asset plays a key role in national security matters or could, simply because of its nature, put national security at risk if it fell into the ‘wrong’ hands – there is likely to be significant overlap here with the sectors identified for mandatory notification);
2. Trigger event risk: the acquisition itself could undermine national security (e.g. because it could facilitate unauthorised access to sensitive information, or give a hostile actor leverage over the UK in other matters); and
3. Acquirer risk: the identity of the acquirer would give rise to national security concerns.

On the latter risk, a range of factors would need to be considered on a case-by-case basis, but the nationality of the acquirer – while not formally part of any test under the Bill – will surely be a key issue. However, concerns will not necessarily be limited to nationals of hostile states: in 2019 the UK Government intervened in the acquisition of the British satellite telecommunications company Inmarsat plc by Connect Bidco, a US-UK-Canadian joint venture, obtaining undertakings to ensure the maintenance of strategic services and prevent unauthorised access to sensitive information.

The various risks will be considered in combination – for example, the draft Statement of Policy Intent notes that a pension fund investing in UK infrastructure would involve a target risk but no acquirer risk.

Use and Application

At this point, it is only possible to speculate as to how strictly the Government will apply the powers in the Bill and, in particular, how many deals will need to be notified pursuant to the Bill. By the Government’s own estimate, however, mandatory filings alone will result in between 1,000 and 1,830 notifications per year.

For the voluntary regime, and notwithstanding that the draft Statement and other guidance documents give some indication of how risks will be assessed, it will take time to build up a body of precedent that will allow buyers to consider when to notify. Even that may be complicated by the need for confidential decisions in light of the obvious sensitivities. Buyers are therefore likely to err on the side of caution for some time, in which case the Government should also expect to receive a large number of voluntary notifications.

There will therefore be an enormous increase in the number of cases dealt with compared to the current public interest intervention regime, under which only 12 transactions have been reviewed on national security grounds since 2003 (albeit with a recent uptick following reductions to the applicable turnover thresholds, including the frustration of Chinese-backed Gardner Aerospace Holdings’ proposed acquisition of Impcross, a UK manufacturer of aerospace components).

The Bill will impose a strict and wide-ranging new regime that has the potential to cause significant disruption to deals and investments. It is essential that investors, sellers and advisers are aware of the risks involved, including for any deal completed after 12 November 2020, and plan their transactions accordingly.

On January 19, 2021, the American Bar Association (ABA) Derivatives and Futures Law Committee’s Innovative Digital Products and Processes Subcommittee (IDPPS) Jurisdiction Working Group released an update to its comprehensive white paper addressing jurisdictional issues associated with digital products, including cryptocurrencies and other digital assets, and digital processes, such as blockchain.[1]

The updated white paper gives an in depth analysis of several current issues in the cryptocurrency and digital asset space that have developed since the March 2019 publication of the first white paper, including:

• rapid development of Stablecoins;
• growth of the decentralized finance movement and the increasing number of state central banks exploring the creation of virtual currencies;
• 2020 guidance from the CFTC concerning “actual delivery” of digital assets and related litigation;
• The SEC’s Digital Asset Framework, its first issuance of digital asset-related no-action letters, and further developments in its key enforcement actions targeting significant digital asset projects;
• SEC staff guidance on the custody of digital asset securities under the rules applicable to broker-dealers;
• Recent case law developments in certain CFTC enforcement actions involving digital assets;
• New developments regarding the Travel Rule’s application to virtual asset service providers;
• FinCEN’s first assessment of civil money penalties against a peer-to-peer virtual currency exchanger; and
• International developments, including the EU’s recent approval of the Sixth Anti-Money-Laundering Directive.

The need for this update reflects the rapid evolution of the digital asset and cryptocurrency space.  As regulators worldwide endeavor to keep pace with this ever-developing industry, it is imperative that market participants continue to keep themselves informed of the applicable legal and regulatory landscape, as detailed in this update.  Several key developments merit further discussion below, as we expect that regulators will focus on these areas in the coming years.

A. Stablecoins

Stablecoins were developed in response to the price volatility of bitcoin and other cryptocurrencies.[2]  As their name suggests, Stablecoins aim to “increase price stability,” given that their value is tied to fiat currencies, which typically are “stable and liquid.”[3]  The stability of Stablecoins should increase their market acceptance, particularly for payment purposes.[4]   

In 2019, the Swiss Financial Market Supervisory Authority (FINMA) released Stablecoin guidelines.[5]  This guidance noted that while Swiss law lacks specific provisions to regulate Stablecoins, they would be treated the same as any other blockchain-based tokens.  The specific characteristics of Stablecoins can influence which financial laws apply.  For example, if a token is linked to a particular fiat currency, it likely would be categorized as a deposit under the banking laws.  The updated white paper explores FINMA’s and other regulators’ evolving approaches to Stablecoins in more depth.

B. Actual Delivery

The Commodity Exchange Act (CEA) provides that agreements, contracts, or transactions in commodities—other than foreign currencies or securities—entered into by or offered to retail customers on a leveraged, margined, or financed basis must be regulated as or “as if” they were futures, unless covered by an exemption.[6]  This effectively means that a non-exempt transaction may be executed only on or subject to the rules of a CFTC-regulated exchange, and persons providing services in connection with nonexempt transactions may be covered by one of the CEA’s registration categories for professionals.

One oft-discussed exception to this requirement is for contracts for commodity sales that result in actual delivery of the commodity within 28 days.  The CFTC has been grappling for years with its interpretation of the term “actual delivery.”[7]  The need to clarify the meaning of actual delivery in virtual currency transactions became more pronounced in 2016, when the CFTC brought its first enforcement action against a trading platform that offered retail commodity transactions in virtual currency without registering with the CFTC.[8]  In its settlement order against that platform, Bitfinex, the CFTC took the position that delivery of bitcoin purchased with borrowed funds to a private, omnibus settlement wallet where the coins were held for the benefit of the buyer but also as collateral for the loan did not constitute actual delivery, because the buyer did not have any rights to access or use the purchased bitcoin until released by Bitfinex following satisfaction of the loan.  In March 2020, the CFTC addressed the uncertainty surrounding the concept of “actual delivery” in the context of digital asset transactions by issuing an interpretation that aligns with the approach it employed in Bitfinex.  This guidance provides, in part, that the actual delivery exception applies only when a customer secures possession and control of, and has the ability to use freely in commerce, the entire quantity of the digital asset no later than 28 days from the date of the transaction, rendering any lien on the digital asset as a means to secure repayment incompatible with actual delivery.[9]  The updated white paper examines the CFTC’s actions in this area in greater depth.

C. SEC Digital Asset Framework and Other Enforcement Issues

In April 2019, the SEC’s Strategic Hub for Innovation and Financial Technology (FinHub) published the Digital Asset Framework,[10] which provides guidance regarding FinHub’s view as to whether a given digital asset would be considered a security—and thus subject to SEC regulation—under the test set forth in SEC v. W.J. Howey Co.[11]  The SEC staff also recently issued its first digital-asset-related no-action letters, confirming that two digital assets that essentially function as stored-value cards would not be deemed securities.  The Framework and other developments concerning the SEC’s regulation of digital assets are discussed in detail in the updated white paper. 

The white paper also addresses the regulatory uncertainty attending digital assets, which could potentially frustrate law enforcement and innovation.  The CFTC and the SEC appear to be coordinating in combatting perceived fraudulent activity involving cash market transactions in digital assets, but their coordination does not necessarily mean that where only one agency initiates an action, only that agency has jurisdiction.  One legislative attempt to address this regulatory uncertainty is the Digital Commodity Exchange Act of 2020 (DCEA), which was introduced to fill regulatory gaps that exist between the CFTC and the SEC and to provide a clear means by which market participants could ensure that their transactions in digital assets comply with the law.  The updated white paper includes more detailed discussion of the DCEA.

D. Travel Rule

FinCEN’s Travel Rule has been a recent focus of international attention, with the Financial Action Task Force (FATF) adopting an interpretive note in June 2019 confirming that countries should apply provisions similar to the Travel Rule to virtual asset services providers.[12]  In the United States, FinCEN has confirmed that the Travel Rule is the most commonly cited violation by the IRS against money services businesses engaged in virtual currency money transmission.[13]  The updated white paper expands on this topic in detail. 

[1] By Michael Spafford and Katherine Berris of Paul Hastings, Jonathan Marcus of Skadden, and Daren Stanaway of Interactive Brokers.

[2] Tim Swanson, Why Bitcoin Needs Fiat (And This Won’t Change in 2018), Coindesk (Jan. 4, 2018), https://www.coindesk.com/bitcoin-still-needs-fiat-currency-wont-change-2018/.

[3] Id.

[4] FINMA, Supplement to the Guidelines for Enquiries Regarding the Regulatory Framework for Initial Coin Offerings (ICOS) (2019), https://www.finma.ch/en/news/2019/09/20190911-mm-stable-coins/.

[5] Id.

[6]  7 U.S.C. § 2(c)(2)(D)(iii).

[7] American Bar Association Derivatives and Futures Law Committee Innovative Digital Products and Processes Subcommittee Jurisdiction Working Group, Digital and Digitized Assets: Federal and State Jurisdiction Issues 61 (2020), https://www.americanbar.org/content/dam/aba/administrative/business_law/buslaw/committees/CL620000pub/digital_assets.pdf.

[8] See In re BFXNA Inc., CFTC No. 16-19 [2016-2017 Transfer Binder] Comm. Fut. L. Rep. (CCH) ¶ 33,766 (June 2, 2016).

[9] Retail Commodity Transactions involving Certain Digital Assets, 85 Fed. Reg. 37,734, 37,742–43 (June 24, 2020).

[10] SEC, Strategic Hub for Innovation and Financial Technology, Framework for “Investment Contract” Analysis of Digital Assets (Apr. 3, 2019), https://www.sec.gov/corpfin/framework-investment-contract-analysis-digital-assets.

[11] SEC v. W.J. Howey Co., 328 U.S. 293 (1946).

[12] See FATF, Outcomes FATF Plenary, 16-21 June 2019 (June 21, 2019), https://www.fatfgafi.org/publications/fatfgeneral/documents/outcomes-plenary-june-2019.html. FinCEN subsequently “applauded” FATF’s interpretation. See FinCEN, Prepared Remarks of FinCEN Director Kenneth A. Blanco at Chainalysis Blockchain Symposium (May 13, 2020), https://www.fincen.gov/news/speeches/prepared-remarks-fincen-directorkenneth-blanco-delivered-consensus-blockchainsymposium.

[13] See FinCEN, Prepared Remarks of FinCEN Director Kenneth A. Blanco at Chainalysis Blockchain Symposium (Nov. 15, 2019), https://www.fincen.gov/news/speeches/prepared-remarks-fincen-director-kenneth-blancochainalysis-blockchain-symposium.

Buried in the $740.5 billion National Defense Authorization Act for 2021[1] (“NDAA”) are numerous provisions that affect financial services law.  Although the news media directed most of their coverage to Congress’s override of President Trump’s veto of the massive bill[2], this article discusses a few of the provisions that should be of interest to the financial services bar. 

Disgorgement Authority

Of major significance is a provision that enhances the Securities and Exchange Commission’s (“SEC”) authority to seek disgorgement remedies in conjunction with an enforcement action.[3]  The provision addresses a limitation on the SEC’s authority to seek equitable remedies against bad actors.  In Kokesh v. SEC, the U.S. Supreme Court held that the five-year statute of limitations in 28 USC § 2462 applies when the SEC seeks disgorgement from those who have wrongfully enriched themselves. The court held that “disgorgement, as it is applied in SEC enforcement proceedings, operates as a penalty under § 2462.  Accordingly, any claim for disgorgement in an SEC enforcement action must be commenced within five years of the date the claim accrued.”[4]  In testimony before the U.S. Senate Committee on Banking, Housing, and Urban Affairs, SEC Chairman Jay Clayton asserted that the Kokesh decision has had the

anomalous effect of allowing the most “successful” perpetrators of fraud—those whose frauds are well-concealed and stretch beyond the five-year limitations period—to keep their ill-gotten gains.  Since Kokesh was decided, an estimated $1.1 billion in ill-gotten gains has been unavailable for possible distribution to harmed investors, much of which is tied to losses by investors.[5]

Chairman Clayton further noted:

I greatly appreciate the bipartisan, bicameral work underway to address this issue, and I welcome the opportunity to continue to work with Congress to ensure the Commission is able to seek recoveries in cases of well-concealed, long-running frauds so that defrauded retail investors can get their investment dollars back while remaining true to the principles embedded in statutes of limitations.[6]

Apparently, those efforts bore fruit in the NDAA.  The legislation amends Section 21(d) of the Securities Exchange Act of 1934 (“Exchange Act”), granting the SEC the authority to seek disgorgement against the person who received “unjust enrichment.”  Congress included a statute of limitations of ten years for equitable remedies in most instances.  The statute of limitations “clock” does continue to run during any time that the bad actor is outside of the United States.

I have prepared a mark-up showing how Congress amended Section 21 of the Exchange Act (in “Hill-speak” a “Ramseyer”).  I have struck through deletions and marked the legislative changes in italics.  It appears below:

H.R. 6395

The “William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021”

******

Amendments of Title LXV – Miscellaneous

******

SEC. 6501. INVESTIGATIONS AND PROSECUTION OF OFFENSES FOR VIOLATIONS OF THE SECURITIES LAWS

[Page 1238]

(a) IN GENERAL. —Section 21(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78u(d)) is amended —

(3) CIVIL MONEY PENALTIES IN CIVIL ACTIONS.— AND AUTHORITY TO SEEK DISGORGEMENT

(A) AUTHORITY OF COMMISSION.—Whenever it shall appear to the Commission that any person has violated any provision of this title, the rules or regulations thereunder, or a cease and-desist order entered by the Commission pursuant to section 21C of this title, other than by committing a violation subject to a penalty pursuant to section 21A, the Commission may bring an action in a United States district court to seek, and the court shall have jurisdiction to impose, upon a proper showing, a civil penalty to be paid by the person who committed such violation. “jurisdiction to—

“(i) impose, upon a proper showing, a civil penalty to be paid by the person who committed such violation; and

“(ii) require disgorgement under paragraph (7) of any unjust enrichment by the person who received such unjust enrichment as a result of such violation.”

(B) AMOUNT OF PENALTY. — 

(i) FIRST TIER. — The amount of the penalty a civil penalty imposed under subparagraph (A)(i) shall be determined by the court in light of the facts and circumstances. For each violation, the amount of the penalty shall not exceed the greater of (I) $5,000 for a natural person or $50,000 for any other person, or (II) the gross amount of pecuniary gain to such defendant as a result of the violation.

(ii) SECOND TIER. — Notwithstanding clause (i), the amount of penalty amount of a civil penalty imposed under subparagraph (A)(i) for each such violation shall not exceed the greater of (I) $50,000 for a natural person or $250,000 for any other person, or (II) the gross amount of pecuniary gain to such defendant as a result of the violation, if the violation described in subparagraph (A) involved fraud, deceit, manipulation, or deliberate or reckless disregard of a regulatory requirement.

(iii) THIRD TIER.—Notwithstanding clauses (i) and (ii), the amount of penalty for each such violation amount of a civil penalty imposed under subparagraph (A)(i) for each violation described in that subparagraph shall not exceed the greater of (I) $100,000 for a natural person or $500,000 for any other person, or (II) the gross amount of pecuniary gain to such defendant as a result of the violation, if— (aa) the violation described in subparagraph (A) involved fraud, deceit, manipulation, or deliberate or reckless disregard of a regulatory requirement; and (bb) such violation directly or indirectly resulted in substantial losses or created a significant risk of substantial losses to other persons.

(C) PROCEDURES FOR COLLECTION. — [No change.]

* * * * *

(D) SPECIAL PROVISIONS RELATING TO A VIOLATION OF A

CEASE-AND-DESIST ORDER.  [No change.]

* * * * *

(4)  PROHIBITION OF ATTORNEYS’ FEES PAID FROM COMMISSION DISGORGEMENT FUNDS.—Except as otherwise ordered by the court upon motion by the Commission, or, in the case of an administrative action, as otherwise ordered by the Commission, funds disgorged under paragraph (7) as the result of an action brought by the Commission in Federal court, or as a result of any Commission administrative action, shall not be distributed as payment for attorneys’ fees or expenses incurred by private parties seeking distribution of the disgorged funds.

(5) EQUITABLE RELIEF [No change.]

* * * * *

(6) AUTHORITY OF A COURT TO PROHIBIT PERSONS FROM PARTICIPATING IN AN OFFERING OF PENNY STOCK [No change.]

* * * * *

(7) DISGORGEMENT. — In any action or proceeding brought by the Commission under any provision of the securities laws, the Commission may seek, and any Federal court may order, disgorgement.

(8) LIMITATIONS PERIODS.  —

(A) DISGORGEMENT. — The Commission may bring a claim for disgorgement under paragraph (7)—

(i) not later than 5 years after the latest date of the violation that gives rise to the action or proceeding in which the Commission seeks the claim occurs; or

(ii) not later than 10 years after the latest date of the violation that gives rise to the action or proceeding in which the Commission seeks the claim if the violation involves conduct that violates —  

(I) section 10(b);

(II) section 17(a)(1) of the Securities Act of 1933 (15 U.S.C. 77q(a)(1));

(III) section 206(1) of the Investment Advisers Act of 1940 (15 U.S.C. 80b–6(1)); or

(IV) any other provision of the securities laws for which scienter must be established.

(B) EQUITABLE REMEDIES. —The Commission may seek a claim for any equitable remedy, including for an injunction or for a bar, suspension, or cease and desist order, not later than 10 years after the latest date on which a violation that gives rise to the claim occurs.

(C) CALCULATION. — For the purposes of calculating any limitations period under this paragraph with respect to an action or claim, any time in which the person against which the action or claim, as applicable, is brought is outside of the United States shall not count towards the accrual of that period.

(9) RULE OF CONSTRUCTION. — Nothing in paragraph (7) may be construed as altering any right that any private party may have to maintain a suit for a violation of this Act.” 

***** 

(b) APPLICABILITY— The amendments made by subsection (a) [i.e., of this amendment] shall apply with respect to any action or proceeding that is pending on, or commenced on or after, the date of enactment of this Act.[7]

Anti-Money Laundering Provisions

Protection of Algorithms

The NDAA includes a remarkable provision to protect the privacy of algorithms that financial institutions use for their anti-money laundering (“AML”) compliance programs.  Division F of the NDAA includes many amendments to the Bank Secrecy Act (“BSA”), including provisions that expand the scope of the BSA to “value that substitutes for currency,”[8] presumably referring to cryptocurrency.  Other provisions strengthen the Financial Crimes Enforcement Network (“FinCEN”) by establishing a FinCEN exchange to facilitate voluntary public-private sharing of information[9] and increase technical assistance for international cooperation.[10]  This article does not attempt to discuss all of those provisions on a comprehensive basis. However, I will focus on one provision that may have implications beyond AML compliance, and will make a recommendation with respect to AML rules.  

The NDAA amends the Bank Secrecy Act to protect the confidentiality of algorithms that financial institutions use for their AML efforts.  Section 6209 amends 31 USC § 5318(o)(3) to provide that if a financial institution discloses to its regulator information about an algorithm that the institution uses in conjunction with its AML program, the regulator must not disclose that information to the public. 

Hedge fund managers have had legitimate concerns about revealing the details of their trading algorithms to regulators for fear of public disclosure.  Managers appreciate the need for regulatory oversight, but preferred that regulators look at actual trading patterns, rather than the algorithms, during examinations.  Managers only wished to release information about the algorithms themselves after regulators have examined other, less proprietary data, but still have regulatory concerns.

This amendment to the Bank Secrecy Act protects the confidentiality of the algorithms that financial institutions use for AML purposes, i.e., a public purpose, rather than trading algorithms.  Nonetheless, the provision demonstrates the sensitivity of algorithms and the need for confidentiality, at least in some settings.

Perhaps this amendment to the Bank Secrecy Act will validate hedge fund managers’ concerns about keeping their trading algorithms confidential unless regulators cannot reasonably discharge their oversight responsibility in any other way.

Recommendation to FinCEN

The author suggests that the Treasury Department and FinCEN should re-propose and adopt final AML rules for investment advisers.  Remarkably, FinCEN has never adopted final rules subjecting investment advisers to AML requirements.  Prior administrations have proposed rules, but never adopted them.  

The FinCEN 2015 Proposal[11] reviewed the history of the proposal and I have summarized it below:

• On September 26, 2002, FinCEN proposed rules requiring that unregistered investment companies establish AML programs (“Proposed Unregistered Investment Companies Rule”).[12] 
• On May 5, 2003, FinCEN proposed requiring that certain investment advisers establish AML programs (“First Proposed Investment Adviser Rule”).[13]
• In June 2007, FinCEN announced that it was reconsidering both the Proposed Unregistered Investment Companies Rule and the First Proposed Investment Adviser Rule, and subsequently withdrew them.[14]
• After Congress passed the Dodd Frank Act,[15] FinCEN decided to propose new AML rules for investment advisers. The proposal notes that the Dodd Frank Act required most investment advisers to be registered with the SEC.  “Accordingly, FinCEN believes the two-pronged approach of the prior proposals is no longer necessary to address the money laundering and terrorist financing risks presented by SEC registered investment adviser clients and the unregistered investment companies that are managed by such advisers.”

  Briefly, the proposal would have amended 31 CFR § 1010 to add a new subsection 100(nnn), defining an investment adviser as “[a]ny person who is registered or required to register with the SEC under section 203 of the Investment Advisers Act of 1940….”  As a result, the proposal would have made such investment advisers subject to the AML requirements.  Of course, the proposal included numerous other requirements.[16]  For whatever reason, the Obama Administration never adopted a final rule requiring that investment advisers have AML rules. 

On September 14, 2020, FinCEN published an advanced notice of rulemaking (“ANPRM”), seeking comments on ways to improve the current AML requirements.  The proposal notes that “any such amendments would be expected to further clarify that such a program assesses and manages risk as informed by a financial institution’s risk assessment, including consideration of anti-money laundering priorities to be issued by FinCEN.”[17]  The ANPRM does not include any reference to the 2015 Proposal.  The Trump Administration did not otherwise pursue the issue of applying AML requirements to investment advisers. 

In my view, the Biden Administration should re-propose rules subjecting investment advisers to AML rules.  I cannot point to a specific regulatory failure to justify my suggestion.  Nonetheless, I believe that it is time for FinCEN to adopt such requirements for the following reasons:

• Investment advisers, particularly hedge funds, have AML programs. It would be foolish indeed for any investment manager not to have a program and wittingly or unwittingly to take “dirty” money.  Any manager that accepted tainted money would face extreme reputational risk and probably would violate other statutes, depending on the circumstances. 
• In some circumstances, it may be wise to adopt rules in the absence of a crisis. As President Kennedy said, “the time to repair the roof is when the sun is shining.”[18]  I suggest that FinCEN should propose and adopt new rules in an environment that would permit thoughtful consideration of a proposal and comments rather than hastily adopting ill-conceived rules in a crisis environment.  The NRPRM noted above might inform such a proposal.
• FinCEN’s rules should reflect the existing course of business that investment managers have with other, regulated financial institutions. AML rules for investment managers should integrate with the existing regulatory framework.
• If FinCEN adopted AML rules that differ from existing practice, managers would have an opportunity to comply.

Thoughtful rules would help investment advisers do a better job of supporting the existing AML infrastructure.  Establishing clear rules for investment advisers that complement existing rules and practices would benefit everyone.

© Stuart J. Kaswell 2021, who has granted permission to the ABA to publish this article in accordance with the ABA’s release, a copy of which is incorporated by reference. Stuart Kaswell is an experienced financial services lawyer. He has worked at the Securities and Exchange Commission, as securities counsel to the Committee on Energy and Commerce of the U.S. House of Representatives (when it had securities jurisdiction), and has been a partner at two law firms and general counsel of two financial trade associations.

[1]  The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, H.R. 6395, 116^th Cong., 2d. Sess. (2021).  The bill is 1,480 pages long.

[2] The House voted to override the veto on Dec. 28, 2020; the Senate voted to override on Jan. 1, 2021. See also WSJ, Jan. 1. 2021

[3] Section 6501 of the NDAA.  See also A. Frankel, Congress hid a big gift to the SEC in defense spending bill awaiting Trump’s signature, Reuters, Dec. 23, 2020.

[4] 581 US ___ slip op. at 11 (2017).

[5] Testimony of the Honorable Jay Clayton, Dec. 10, 2019 at text accompanying footnote 76.  The Supreme Court subsequently upheld the SEC’s authority to seek disgorgement “an antecedent question” that Kokesh left unanswered. Liu v. SEC, 591 US ____ (2020), at slip op. 1.

[6] Id at text accompanying note 81.

[7] Compared to Exchange Act version dated October 2, 2019 available on the SEC’s website at https://www.govinfo.gov/content/pkg/COMPS-1885/pdf/COMPS-1885.pdf,As amended Through P.L. 115-141, Enacted March 23, 2018.

[8] Section 6102(c) of the NDAA.

[9] Section 6103 of the NDAA.

[10] Section 6111 of the NDAA.

[11] Department of the Treasury, FinCEN, RIN 1506-AB10, August 24, 2015, 80 FR 52680 (Sept. 1, 2015).

[12] Anti-Money Laundering Programs for Unregistered Investment Companies, 67 FR 60617 (Sept. 26, 2002).

[13] Anti-Money Laundering Programs for Investment Advisers, 68 FR 23646 (May 5, 2003).

[14] Withdrawal of the Notice of Proposed Rulemaking; Anti-Money Laundering Programs for Unregistered Investment Companies, 73 FR 65569 (Nov. 4, 2008); and Withdrawal of the Notice of Proposed Rulemaking; Anti-Money Laundering Programs for Investment Advisers, 73 FR 65568 (Nov. 4, 2008).

[15]  The Wall Street Reform and Consumer Protection Act (“Dodd Frank Act”), Public Law 111–203, 124, Stat. 1376 (2010).

[16] FinCEN, Department of the Treasury, RIN 1506-AB10, (Aug. 15, 2015); 80 FR 52680 (Sept. 1, 2015)

[17] Docket No. FinCEN-2020-0011, 85 FR 58023 (Sept. 17, 2020).

[18] President John F. Kennedy, Jan. 11 1962, State of the Union Address.