This is a summary of the Hotshot course “Fraud Carve-Outs,” an introduction to fraud carve-outs and the issues parties consider when defining fraud, such as who’s liable, whose knowledge matters, what types of fraud claims can be brought, and what statements can form the basis for a fraud claim. View the course here.

Explaining Fraud Carve-Outs

• Indemnification rights for breaches of representations and warranties in a private acquisition agreement are typically heavily negotiated. The parties often agree to limit these rights through:
  • Caps, baskets, and loss exclusions; and
  • An Exclusive Remedy provision which says that the rights and remedies in the indemnification section are the only ones available if there’s a breach of the written reps and warranties.
• In addition, when a buyer gets rep & warranty insurance, a seller’s contractual liability for breaches can be eliminated altogether.
• There’s an important exception to these limitations for claims involving fraud that either the parties agree to or that’s imposed by law in many states:
  • If the seller commits fraud when making reps or warranties to the buyer, the buyer wants to be able to bring a claim for that fraud, either as:
    • A tort-based claim; or
    • A contract-based claim that’s not subject to the caps and baskets that otherwise apply to indemnification claims—in this summary, this is referred to as an “uncapped indemnification claim.”
• This exception for fraud is known as a “fraud carve-out,” and when the parties agree to it, it’s usually included in the Exclusive Remedy provision of the acquisition agreement.
• Whether or not to include a fraud carve-out isn’t typically an issue because sellers usually agree to include some form of it.
  • The issue that does arise is whether and how the term “fraud” is defined for purposes of the carve-out.
• While fraud may seem straightforward, it’s actually a complex concept that parties need to define carefully.
  • There are different types and sources of fraud claims as well as different states of mind that could be required to constitute fraud.
  • Depending on how a fraud carve-out is drafted, there are also a number of remedies that could be available as well as various people who could be held responsible for that fraud.
• The parties need to weigh all these considerations and potential outcomes when negotiating a fraud carve-out.
  • Sellers, of course, benefit from a narrow definition of fraud.
    • They want to limit the scope of the fraud carve-out to a defined set of circumstances where the sellers deliberately included a representation in the agreement knowing it was false.
  • Buyers prefer either no definition at all or a broader definition that includes misstatements made both in and outside of the agreement by any one of the sellers or their representatives.
    • They want liability to extend to all sellers, including sellers who may not actually have direct knowledge of the underlying fraud.

Leaving Fraud Undefined

• Many agreements leave fraud undefined, which can cause uncertainty and significant unintended consequences related to:
  • The types of fraud claims that can be brought;
  • The statements that can form the basis of those claims; and
  • The people that could be held liable because of the fraud.
• In M&A agreements, reps are often seen as risk allocation devices—not literal statements of truth.
  • A party may—and often does—make several reps believing them to be true, but without any way of determining (or any evidence supporting) their actual truth.
• If a fraud carve-out doesn’t clarify what counts as fraud, a party could be exposed to uncapped liability for:
  • An innocent or negligent misrepresentation (known as “equitable fraud”); or
  • A reckless misrepresentation (a type of traditional common-law fraud).
• For example:
  • A seller may rep and believe that its business has been in compliance with all laws for the past five years, even though it doesn’t actually know for sure if the statement is true.
  • Similarly, the seller may make a rep based upon information provided by its management team that a member of the management team knew to be false even though the seller itself did not.
  • The seller agrees to make these reps because it’s a fair allocation of risk. And the seller is prepared to indemnify the buyer subject to the contractual caps, even though in both cases the seller has no actual knowledge of the truth or falsity of the reps.
• Even if it’s not the parties’ intention, an undefined fraud carve-out could expose the seller to the following possibilities:
  • The seller could be responsible for recklessly making false reps even if the seller made those reps in a way consistent with industry practice.
  • The seller could be responsible for innocent or negligent misrepresentations in the reps if the applicable jurisdiction allows these types of equitable fraud claims.
  • The seller could be exposed to tort-based fraud claims or uncapped indemnification.
• Defining fraud helps protect against these situations and clarifies when the seller truly has uncapped liability.

Defining Fraud

• A well-defined fraud carve-out explains:
  • The type of fraud that’s covered and the type of knowledge or scienter necessary to establish that fraud;
  • Which statements can form the basis of fraud, meaning those made inside or outside the agreement;
  • Whose knowledge matters;
  • Who’s liable for the fraud; and
  • Whether a party can bring a tort-based claim or an uncapped indemnification claim for the alleged fraud.

Type of Fraud

• There’s no unified definition of fraud across jurisdictions, so when an agreement leaves the term undefined it’s unclear which definition and therefore which type of claim and level of knowledge is intended. For example, there’s:
  • Common-law fraud, which can be based on:
    • A representation that was made even though it was known to be false;
    • A representation that was made recklessly but without sufficient basis to actually know it was true; or
    • Under certain circumstances, even nondisclosures.
  • Equitable fraud, in which a completely innocent or at worst negligent misrepresentation made neither knowingly nor recklessly can constitute fraud; and
  • Promissory fraud, which is a form of common law fraud involving the oral communication of a promise to do something in the future that the promisor allegedly never intended to actually do.
    • This can effectively result in a breach of contract claim being recast as a tort-based fraud claim.
• Most buyers acknowledge that the fraud they have in mind when negotiating the carve-out is specifically when the seller knowingly makes a material false statement of fact that the buyer relies on.
  • So buyers are often willing to include a definition of the term that matches this expectation.
• If the term is undefined, then the parties open up the possibility of any or all of the various types of fraud being included in the carve-out.

Type of Statements

• Parties also consider the type of statements that can form the basis of a potential fraud claim.
• A No-Reliance clause is when the buyer agrees that it’s not relying on any representations or duties to disclose other than those expressly set forth in the acquisition agreement.
  • In most states, if the parties have included a No-Reliance clause in the agreement, only those written reps and warranties can form the basis for a fraud claim.
• When fraud is left undefined in the carve-out, there could be a conflict between the No-Reliance clause and the carve-out.
  • This can raise questions about whether both contractual and extra- contractual representations should be allowed as the basis of a fraud claim.

Whose Knowledge Matters

• In addition, the definition of fraud can specify whose knowledge matters when it comes to fraud that’s based on a knowing misstatement.
• The definition could include a specific set of individuals (like certain named officers) or a larger group of people (like all sellers and the management team).

Who is Liable

• Similarly, parties sometimes specify who can be held liable for fraud.
• A poorly defined fraud carve-out can result in innocent sellers being liable for the fraud of the guilty sellers.
  • If that’s the deal that the parties negotiated, then it’s not a problem.
  • But if it was never discussed, then this could result in an unwelcome surprise to an innocent stockholder.

Type of Fraud Claim

• Finally, whether a party can bring a tort-based claim or an uncapped indemnification claim for alleged fraud has implications on the party’s potential recovery and pool of defendants. For example:
  • An uncapped indemnification claim based on alleged fraud might result in a larger recovery than a simple tort-based claim would in the applicable jurisdiction. The buyer may be able to seek damages from all of the sellers, regardless of whether they committed the alleged fraud.
  • On the other hand, the definition of indemnifiable losses in the agreement might be so limited—for example, if punitive damages are excluded—that the buyer would be better off making a tort-based common law fraud claim even though that type of claim can usually only be brought against the culpable seller.

No-Reliance Clauses and Fraud Carve-Outs

• This summary doesn’t focus on No-Reliance clauses, but it’s important to understand how a fraud carve-out can undermine the efficacy of the provision.
• In most M&A agreements, buyers specifically acknowledge that they’re not relying on any statement made by the sellers or anyone acting on the sellers’ behalf other than the reps in the written acquisition agreement itself.
• The idea is that the parties have carefully negotiated the scope of what the seller agrees to stand behind, and they’ve put that in writing in the acquisition agreement.
  • The seller doesn’t want to find out later that the buyer was instead relying on a statement made in a management presentation or a negotiation session even though those statements weren’t included in the written reps in the agreement.
• Since a required element of common-law fraud is justifiable reliance by the buyer, a No-Reliance clause can prevent any argument that the buyer relied on reps made outside of the contract.
• A fraud carve-out can undermine the efficacy of the No-Reliance clause. For example:
  • Leaving fraud undefined could be interpreted to mean that both types of statements—those in and outside of the agreement—are included, despite a No-Reliance clause.
  • Or if the parties include the fraud carve-out in the No-Reliance clause itself, it could be argued that they intend for both contractual and extra-contractual fraud to be an exception to no-reliance.
• If the express purpose of the No-Reliance clause is to eliminate all fraud claims that are based on extra-contractual statements by expressly disclaiming reliance upon any such statements, it doesn’t make sense to carve out fraud from the reach of the No-Reliance clause.
  • So to avoid this pitfall and any other ambiguity, the parties usually define fraud so that it only includes knowingly false statements of fact set forth in the written reps of the agreement.

Judicially Created Fraud Carve-Outs and State Law

• Many states have laws that address the issue of fraud and No-Reliance clauses in acquisition agreements.
• For example, Delaware law, which is the governing law in most acquisition agreements, imposes a judicially created fraud carve-out in every acquisition agreement, regardless of any other contractually bargained-for carve-outs.
  • So if an agreement governed by Delaware law has no fraud carve-out and a fully effective No-Reliance clause which eliminates all extra-contractual fraud claims, the Exclusive Remedy provision would eliminate all fraud claims based on the written reps.
    • The exception would be when the seller itself knowingly makes a false statement in the agreement’s written representations.
  • In other words, under Delaware law, even if the parties don’t include a fraud carve-out in the exclusive remedies provision, a buyer could still bring a tort- based claim if they believe the seller knowingly lied in the written reps.
• When a fraud carve-out is included in an agreement governed by Delaware law, the seller will want to make sure to include well-defined limits.
  • Otherwise the contractual fraud carve-out could increase the seller’s exposure well beyond the public-policy carve-out and potentially undo the carefully negotiated limitations on liability.
• Other jurisdictions have different views on these issues.
  • In Massachusetts and some other jurisdictions, No-Reliance clauses are ineffective in the face of almost any type of fraud except claims based on negligence.
  • Other jurisdictions have similar limitations on the effectiveness of No- Reliance and exclusive remedy provisions.
• Because state law can impose liability where the parties don’t intend there to be any, it’s important to familiarize yourself with the relevant laws of the governing jurisdiction before negotiating these issues.

The rest of the video includes interviews with ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP.

Download a copy of this summary here.

As artificial intelligence (“AI”) becomes more prevalent in business processes and service delivery across industries, it is increasingly important for M&A buyers to familiarize themselves with the legal nuances associated with the use of AI technologies. In this article, we explore seven key areas of inquiry for an M&A buyer when conducting legal due diligence on a target company that uses AI in its operations.

1. Type of AI used and how the target is using it

AI can be used for a wide variety of functions and applications. At the outset, it is important to understand what types of AI tools, systems, models, and technologies the target company is using, the provenance of such technologies (e.g., are they proprietary or licensed from a third party?), and how they are being used. Are they used internally only or in the delivery of products or services? Will they be business-to-business and/or consumer-facing? The answers to these questions will inform due diligence strategy and assist M&A buyers in assessing the target company’s risk profile.

Further, AI is not one type of technology. Generative AI—AI that creates new synthetic content or data, like text, images, audio, video, and source code, after being trained on large datasets and often using large language models—has caught the attention of the world, but it is only one of many kinds of AI. Deal team members should identify the types of AI being used by the target company and develop a tailored due diligence plan to understand the legal implications of the target’s AI-enabled operations and offerings.

2. How the AI is trained and rights to input data

Most AI technologies (including generative AI) require access to large datasets in order to train the AI’s “foundation models.” If the target company uses AI technology provided by a third-party vendor, the M&A buyer will need to diligence the vendor contract or applicable terms of use to analyze both the commercial arrangement between the target company and vendor and how the vendor’s AI technologies were trained (e.g., using what datasets accessed with which rights). Where the target company is providing protected, confidential, proprietary, or otherwise commercially sensitive information or data (e.g., personal data) to the third party, whether to further train or fine-tune such AI technology or via prompts (i.e., queries), buyers should also assess how the target company has addressed risks associated with this. For example, they should consider how the vendor contract permits the vendor to use such information and data, how the vendor is required to secure and protect the information and data (including retention and deletion obligations), and what guarantees (if any) the target company is making with respect to such inputs. Analyzing the nature and source of the training data (including any associated rights and other disclosures or consents) may also be warranted when the target company is training its own proprietary AI models. As further discussed in Section 6, legal obligations with respect to data protection laws and regulations still apply (despite the evolving regulatory landscape of AI regulation—see Section 7).

3. Rights to the AI-generated output

Where a target uses generative AI to create outputs, the M&A buyer should diligence the materiality of those outputs on the target’s business and whether they can be protected against third-party use. For example, consider whether the AI tool and outputs will be used internally only, whether the target company or possibly even the M&A buyer may wish to incorporate the AI technology or AI-generated outputs into its own products and services, and whether the value of the target company is dependent on having exclusive rights to (or the ability to exclude others from using) the AI-generated output. Moreover, where third-party AI is used by the target company, vendor contracts should also be analyzed to confirm whether the target company has the necessary rights to use the AI technology and its outputs—both pre-acquisition in its current business (e.g., commercially) and post-acquisition as the M&A buyer intends to use them.

Copyright and patent laws in the majority of jurisdictions (including the US, UK, Australia, and Europe) do not currently protect works or inventions created solely by AI. Accordingly, if AI-generated outputs comprise all or a part of any material assets or operations of the target company, it will be important to determine to what extent there was human involvement in their creation, what intellectual property rights the target company may have to them, and what other measures the target company has taken to protect them (e.g., contractual protections). Buyers should also undertake a review of the contractual terms applicable to such outputs (whether under the vendor terms or the commitments the target company itself may be making with respect to the AI-generated outputs).

4. Risk allocation

If the target company uses AI-enabled tools or technologies—whether proprietary or from a third party—on a commercial basis, the M&A buyer should carefully assess the potential risk associated with use of the AI or its outputs, including review of any applicable vendor contract to understand how such risk is allocated.

For example, if the AI model was trained on copyrighted works, the model could reproduce copyrighted material in its output. Many vendors have started providing certain contractual protections and indemnifications in this regard. As another example, if the target company relies on a third-party AI tool to deliver products or services to its customers and the AI tool malfunctions (e.g., hallucinates in a chatbot context), the target company may be in breach of commitments it has made or be liable for any harm or damage resulting from its customers’ use of erroneous outputs. From an M&A buyer’s perspective, it is therefore important to understand the scope of the target’s (and vendor’s, if applicable) warranties, limitations of liability, and indemnification obligations, as well as its creditworthiness. In addition, an M&A buyer should also review insurance policies the target is carrying that could cover potential instances of third-party claims.

5. Protection of proprietary AI technology

If the target company developed the AI tool and it confers a competitive advantage or is otherwise material to the target company’s business, the M&A buyer should seek to understand how the company aims to protect the AI technology from use by others. This inquiry will often be similar to due diligencing other proprietary intellectual property of the target company, including reviewing policies and procedures, employment and contractor agreements, location of development, etc.

Under intellectual property laws in the United States, AI technologies may be protectable through patent, copyright, and trade secret laws. The US Patent and Trademark Office recognizes AI as a class in its patent classification system, but given the nature of AI inventions, there are challenges to satisfying the subject matter eligibility and enablement elements required for patent protection. Copyright protection may be available, but only to certain aspects of the AI model (e.g., original expression of source code), and the visual elements of an AI system may be protectable, but functional aspects (like algorithms) are not. So, often, AI models are best protected as trade secrets. As a result, acquirers should confirm that the target company has taken reasonable measures (including reasonable legal, physical, and technological measures) to protect and maintain the secrecy of its AI models, including maintaining reasonable information security policies and procedures, as well as securing appropriate nondisclosure agreements from personnel and third parties with access to the information. Using reasonable measures to protect the secrecy of a trade secret is not just a legal requirement to maintain a trade secret’s protected status under US law but also an operational safeguard to ensure trade secret information does not (directly or indirectly) fall into the wrong hands.

6. Cybersecurity and data privacy considerations

If personal information or other regulated information is used by the target in connection with its AI technology use, diligence should include a review of at least the following: the target’s data privacy policies and cybersecurity practices; whether the target’s AI technology use is consistent with applicable privacy policies, law, and regulation; where such data or information is stored; the security measures in place to safeguard against breach; and insurance coverage applicable to breaches. In the US, there are many state comprehensive privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act.^[1] In addition to comprehensive privacy laws, there are sectoral laws that are relevant to privacy and AI, including the Biometric Information Privacy Act in Illinois that covers the use of biometrics and has extremely high penalties. The target should be able to describe the nature of the relevant data and how the target obtained it, as well as applicable contracts, user consents, or disclosures governing such data (including compliance with any use restrictions that apply to the data), as applicable.

If the AI technology has been provided by a third party, not only will the target’s practices be relevant, but vendor contracts or applicable terms of use should also be reviewed to ensure there are appropriate vendor obligations addressing data privacy (see Section 2) and cybersecurity.

If the target company operates across different jurisdictions, then inquiries should also be made about the measures the target takes to comply with cross-border data transfer requirements. If the target uses training data sourced from multiple jurisdictions, the M&A buyer should confirm that the cross-border data transfers conformed to established compliance standards and protocols.

7. Compliance support and the changing regulatory landscape

As described above, acquisition of AI-enabled M&A targets involves nuanced legal considerations. In addition, the regulatory landscape with respect to AI is rapidly evolving; for example, Europe reached political agreement on the EU’s AI Act on December 8, 2023, and US President Joseph Biden issued an executive order on “safe, secure and trustworthy” AI use on October 30, 2023. The frameworks, regulations, and legislation being introduced or discussed around the world involve varying approaches, such as differing definitions of AI, targeting slightly different issues, and differing approaches to enforcement and liability. M&A buyers should consider what systems and processes the target company has in place to oversee its use of AI and the challenges posed by such technologies (e.g., systems to identify and minimize bias and to ensure safety, transparency, and human oversight). They should also consider what representations the target company is making about its AI usage.

Some major frontier AI companies have spent tremendous resources and built strong teams to tackle the challenges of compliance with regulatory requirements and to address ethical issues arising from the use and development of AI. Accordingly, it is important to examine the target company’s organizational supports and systems to not only comply with, but also to be able to adapt to, the evolving regulatory landscape, and to address existing and future regulatory compliance.

James Hu is a corporate partner at White & Case LLP, Karl Gao is the Vice President & Global General Counsel of NIO, and Yixin (Yish) Gong is a technology transactions partner at White & Case LLP. Hope Anderson, Burr Eckstut, Arlene Hahn, and Erin Hanson, partners of White & Case LLP, also contributed to this article. Any views expressed in this publication are strictly those of the authors and contributors and should not be attributed in any way to White & Case LLP or NIO.

1. Additional state comprehensive privacy bills have been proposed and others have passed and will be coming into effect. ↑

The November 2023 publication of updated guidance by the International Bar Association on the role of lawyers in promoting businesses’ respect for human rights provides an opportunity to revisit the many ways that business lawyers can and should advise their clients regarding potential adverse human rights impacts of their operations and business relationships.

Lawyers and their law firms are engaged in a wide range of business activities on a day-to-day basis as they provide services and advice to their clients, employ personnel to assist them in their assignments, and purchase goods and services from a variety of vendors. It has always been clear that lawyers are expected to conduct themselves in a manner that aligns with applicable professional codes of conduct and ethics, including obligations to promote justice and prevent injustice. However, law firms, like all other businesses, must also accept and meet responsibilities to respect human rights as provided in the United Nations (“UN”) Guiding Principles on Business and Human Rights (the “Guiding Principles”).^[1] The American Bar Association has acknowledged that the Guiding Principles apply to the professional responsibility of lawyers,^[2] and other national and local bar associations have publicly endorsed the Guiding Principles and issued guidance to their members on assisting their clients.

In November 2023, the International Bar Association (“IBA”), which previously adopted guidelines on business and human rights for lawyers and law firms based on the Guiding Principles,^[3] published an updated guidance note on business and human rights discussing the role of lawyers in the changing environment.^[4]

The IBA noted that clients that seek legal advice solely for technical compliance with laws and regulations, without regard to the potential adverse human rights impacts of their proposed actions, fail to see “the larger picture of business risks of involvement in human rights abuse . . . [including] . . . reputational harm; lost opportunities; reduced access to capital markets; delay costs; high interest or more expensive debt; top management distraction; and reduced ability to hire and retain talent.”^[5] The UN Working Group on Business and Human Rights has identified several challenges that business lawyers often must overcome in providing effective counseling to their clients regarding human rights due diligence:^[6]

• Lack of understanding of human rights law in general and what is meant by “human rights risks” in particular—business lawyers sometimes do not understand that human rights include what are otherwise familiar topics such as environmental and labor rights and standards.
• Failure to appreciate that human rights impacts are legal issues for all companies, not just private security companies and weapons manufacturers.
• Lack of understanding of the links between human rights and legal, commercial, and reputational risks, and failure to realize that even where no material legal risks can be identified, there may still be commercial and reputational consequences from the company’s behavior.
• Failure of lawyers to get involved in addressing actual or potential human rights risks at an early stage before the participants have become embroiled in litigation or another adversarial dispute resolution process.

A growing number of law firms, typically international firms with offices throughout the world, are launching formal practice areas covering business and human rights and corporate social responsibility. Such firms are offering services related to human rights reporting, implementation, and interpretation of the Guiding Principles and other “soft law” standards; human rights policies; managing supply chain risks; human rights due diligence and impact assessments; compliance systems and risk management; human rights and major projects (e.g., finance, mergers and acquisitions, and new facilities in communities where indigenous peoples’ rights may be impacted); and human rights as a defense tool. Lawyers working inside companies are leading new cross-functional working groups to oversee human rights due diligence and integrate appropriate due diligence processes into common business transactions (e.g., mergers and acquisitions), as well as expanding their existing compliance initiatives in related areas such as anti-bribery, data privacy, ethics, and business integrity.

In its recently issued guidance update, the IBA noted the following situations in which those lawyers are and should be integrating counseling on business and human rights:^[7]

• Mandatory Human Rights Due Diligence. Laws and regulations mandating human rights due diligence are increasing, which will require lawyers to work with their clients “to establish and implement appropriate policies, processes and procedures to ensure compliance.”
• Environmental Law. Due diligence relating to environmental matters is expanding to include identification and remediation of potentially severe human rights impacts of environmental harm, climate change, pollution, and loss of diversity, particularly adverse impacts on vulnerable people and communities.
• Corporate Governance. Directors and members of a company’s senior management team must be provided with guidance on how to integrate and embed human rights due diligence into internal governance structure and enterprise risk management, policies, processes, and procedures.^[8]
• Mergers and Acquisitions. Since the UN Guiding Principles require that companies conduct human rights due diligence with respect to the activities of parties with which they intend to form a business relationship, lawyers advising companies on mergers and acquisitions will need expand their traditional due diligence work to include human rights and environmental risks of the operations of the other party to the transaction.
• Finance. Since the UN Guiding Principles hold financial institutions and investment companies accountable for adverse human rights impacts that they cause or contribute to, their attorneys need to advise them about the potential human rights impacts of their investment activities (e.g., use of loans by borrowers to engage in activities that have an adverse impact on the human rights of groups in the communities in which they are operating). Attorneys for such entities also need to assist them in including representations and covenants in transactional documents relating to human rights issues (e.g., covenants from companies receiving investment about diversity and inclusion in their workforces).
• Contracts. The IBA noted that “[l]awyers play a central role in the formation, drafting and enforcement of contracts . . . [which are] . . . a key source of leverage through which a company can incentivize both buyers and suppliers to improve their human rights performance.” Lawyers should be mindful of, and participate in, the various responsible contracting initiatives that have emerged to develop standards for inclusion of human rights due diligence and dispute resolution mechanisms into contracts, particularly contracts with parties in the supply chain.^[9]
• Dispute Resolution. Lawyers will be asked to bring their skills and experience in helping companies manage and resolve disputes that emerge from the growing use and acceptance of human rights due diligence standards. In addition to support in traditional forums such as courts, administrative agencies, and arbitration panels, lawyers will be involved in the development and implementation of the operational-level grievance mechanisms contemplated under the Guiding Principles.
• Reporting and Disclosure. Companies have long relied on lawyers for assistance in fulfilling their reporting and disclosure obligations to regulators. Those skills will be useful in complying with emerging regulations and voluntary standards that impose new expectations on companies to communicate with regulators and stakeholders regarding the actual or potential adverse human rights impacts of their operations and business relationships, as well as steps they are taking to promote human rights. (For example, California is requiring venture capital firms to report on diversity among the leadership teams of their portfolio companies.)

The IBA noted that a law firm’s ability to influence clients to avoid or mitigate the adverse human rights impacts of their operations, transactions, and business relationships turns on whether the firm can credibly demonstrate its competence and experience as a counselor on business and human rights issues. The IBA listed several steps that law firms can take, including developing internal firm capacity on business and human rights; identifying problems that other companies have faced when they ignored human rights issues in similar situations; offering to provide human rights capacity building to clients; providing advice on business and human rights to clients on a pro bono basis; issuing client briefings and alerts; participating in multi-stakeholder dialogues or forums to discuss emerging issues and develop standards for specific issues or industry contexts; and supporting the efforts of bar associations to provide training and guidance.^[10]

Law firms can also establish credibility in the business and human rights arena by taking actions that proactively promote the human rights of various internal and external stakeholders. For example, law firms can take steps to combat discrimination and harassment in their workforce and expand opportunities for historically disadvantaged groups through their recruitment, hiring, training, promotion, and leadership development strategies. Law firms can support the physical and mental health of members of their workforce by expanding caregiving assistance and the availability of paid leave to take care of children and other family members. In addition, law firms can support and promote realization of basic human rights by members of the communities in which they operate through investments in initiatives such as community development, education, and improvement of access to food and healthcare, and through providing employees with opportunities to volunteer with community groups while being paid by the firm. Of course, law firms have long contributed to human rights through pro bono programs that allow people and groups to contest their claims and grievances in the legal system, and in recent years, pro bono work has expanded to assist entrepreneurs from historically underrepresented groups (particularly women and racial and ethnic minorities) in starting their own businesses. Finally, more law firms have introduced sustainability into their day-to-day operational practices, and some firms have sought and achieved “certified B corporation” status to demonstrate adherence to stringent standards of performance and accountability with respect to their sustainable business practices.

The legal profession is much maligned in the business community and in society in general, and many lawyers complain of deep dissatisfaction with their choice of career and the day-to-day tasks associated with their roles in the legal system. Proactively participating in environmental and social responsibility initiatives, either as individual lawyers, as law firm team members, or by assisting clients, is a real opportunity for lawyers to change their lives and the communities in which they practice in a positive manner. Many lawyers entered law school with the goal of acquiring the tools necessary to help those who needed support from others and, in some small way, to “change the world.” For those who may have lost their way, for whatever reason, or are looking for ways to do more, embracing counseling of businesses on their duties to respect human rights is a welcome and promising platform.

***

For further discussion of the role of lawyers and the legal profession in business and human rights, see the author’s chapter on the subject, which is an updated version of work that originally appeared in the author’s book Business and Human Rights: Advising Clients on Respecting and Fulfilling Human Rights (ABA Publishing). The chapter includes practical guidance for lawyers and law firms on business and human rights, a comprehensive list of resources that they can consult, and detailed discussions on law firm human rights policies and statements, client intake procedures, human rights risk management plans, withdrawing from engagements due to concerns about adverse human rights impacts of client activities, evaluation and reporting, governance and management of responsible business activities, building internal capacity and credibility on business and human rights, and the roles of in-house lawyers and the general counsel.

1. See the Guiding Principles, which are sometimes called the “Ruggie Principles” in reference to John Ruggie, the UN Special Representative for Business and Human Rights who first introduced the principles in 2007 and led the efforts that eventually led to the endorsement of the Guiding Principles. ↑

2. John F. Sherman III has pointed out that the ABA’s Human Rights Committee has noted the Guiding Principles “pour content into the independent and candid advice that lawyers must provide to corporate clients under ABA Model Rule 2.1” and that the acknowledgement in the Commentary to Model Rule 2.1 that “moral and ethical factors impinge on most legal questions” is consistent with professional codes of responsibility in other countries that acknowledge that lawyers “must balance their dual roles as guardians and advocates for the interests of their clients, and as gatekeepers for the interests of courts and society.” John F. Sherman III, “Professional Responsibility of Lawyers under the Guiding Principles,” Shift, April 2012. See also John F. Sherman III, “The UN Guiding Principles: Practical Implications for Business Lawyers,” In-House Defense Quarterly (Winter 2013), 50. ↑

3. IBA Practical Guide on Business and Human Rights for Business Lawyers (London: International Bar Association, 2016). See also Reference Annex to the IBA Practical Guide on Business and Human Rights for Business Lawyers (London: International Bar Association, 2016). ↑

4. Updated IBA Guidance Note on Business and Human Rights: The role of lawyers in the changing landscape (London: International Bar Association, 2023), 4. ↑

5. Updated IBA Guidance Note, 4. ↑

6. Companion Note II to the Working Group’s 2018 Report to the General Assembly: “Corporate human rights due diligence—Getting started, emerging practices, tools and resources” (UN Working Group on Business and Human Rights, October 2018), 19. ↑

7. Updated IBA Guidance Note, 4. ↑

8. Business lawyers are also working with clients to form, organize, and operate enterprises based on new corporate governance frameworks created specifically to integrate the responsibilities of businesses for their environmental and social impacts (e.g., benefit corporations). ↑

9. For more resources regarding responsible contracting, see, e.g., Susan A. Maslow and David V. Snyder, eds., Contracts for Responsible and Sustainable Supply Chains: Model Contract Clauses, Legal Analysis, and Practical Perspectives (Chicago: ABA Publishing, 2023); The Working Group to Draft Human Rights Protections in International Supply Contracts (ABA Business Law Section), David V. Snyder, Susan A. Maslow, and Sarah Dadush, “Model Contract Clauses to Protect Workers in International Supply Chains, Version 2.0,” Business Law Today, September 26, 2022. ↑

10. IBA Practical Guide, 36. ↑

Major sneaker brands have capitalized on new trends in technology and social media to publicize sneaker culture. As sneakers become more popular, sneaker collections increase in value, thus increasing financial exposure for collectors and other entities in the sneaker industry. One might first think of theft, authentication, fire, floods, or market valuation as the general risks associated with sneaker collections. But many sneaker companies have made headlines over the past few years with lawsuits against other sneaker companies and entities, with issues ranging from traditional patent battles to exhaustive fights against counterfeiters. Often overlooked by collectors and sneaker companies alike, insurance can be vital to helping both collectors and companies faced with unexpected liability related to sneaker culture.

Given how much money is at stake in the industry—nearly $72.2 billion currently and expected to reach $100 billion by 2026—it should come as no surprise that sneaker companies are using intellectual property (“IP”) law to protect their assets. For example, in early 2022, a large shoe manufacturer sued an online sneaker resale marketplace, asserting claims for trademark infringement of the shoe manufacturer’s non-fungible tokens (“NFTs”), counterfeiting, and false advertising after a sneaker collector and reseller bought thirty-eight pairs of counterfeit sneakers from the resale marketplace. The litigation has likely been costly and damaging for the online reseller because of the extensive discovery process, including a discovery dispute resulting in a court order requiring the online reseller to produce information about the identity of known users who sold counterfeit sneakers through the company’s resale platform. The same large shoe manufacturer also sued a major athletic apparel retailer in January 2023 for alleged infringement of footwear patents.

Sneaker companies and other entities on the receiving end of IP lawsuits—including, for example, third party retailers and online resellers—should be able to leverage their IP or commercial general liability (“CGL”) policies for insurance coverage for defense costs in IP lawsuits related to sneakers and their director’s and officer’s (“D&O”) policies for any downstream lawsuits against executives of sneaker companies.

IP Insurance

IP insurance covers the initiation or defense of claims for IP infringement. This means a sneaker company can leverage IP insurance to enforce its intellectual property rights against suspected infringement and to defend against allegations of infringement. Like many types of coverage, IP policies often cover litigation costs and expenses as well as potential judgments and settlements.

CGL Insurance

While IP insurance, which protects a business from allegations of infringement of another business’s intellectual property, may be the obvious source and first line of defense for coverage for IP claims related to sneakers, coverage may also be available under a CGL policy. Most CGL policies do not explicitly include patent infringement coverage. In fact, most CGL policies include an IP exclusion that expressly excludes patent infringement coverage, but insureds may still be able to secure coverage. Most IP lawsuits are conjoined with other allegations, such as unfair competition, which some courts have found to be fundamentally the same as an asserted trademark infringement claim,^[1] thereby potentially implicating coverage under the CGL policy that the insurer acknowledges and defends. A complaint that alleges infringement of a competitor’s patent may also allege defamation and disparagement of its product. Because claims for defamation and disparagement are typically covered under CGL policies, there may be defense coverage related to those covered claims. Thus, it is crucial to closely review factual allegations in the complaint that might bring the lawsuit within the scope of CGL insurance coverage.

A claim for patent infringement may also be covered under “advertising injury” that falls outside the scope of the policy’s IP exclusion. Some courts have held,^[2] under certain versions of the standard CGL form, that a trademark constitutes an “advertising idea,” meeting the definition of “advertising injury” as that term is typically defined in standard CGL policies. In other words, the misuse of another’s trademark may constitute appropriation of an advertising idea, which falls within the coverage typically provided under a CGL policy form. Willful acts of infringement are generally not covered, though; the infringement must be inadvertent.

There are some CGL policies that provide direct coverage for IP claims and do not include explicit exclusions. For example, the insured may be able to negotiate a CGL policy without an IP exclusion by agreeing to absorb routine defense costs and fees through a self-insured retention, a specific amount that the insured must pay before the insurance policy responds to a loss. A policy that includes a self-insured retention shifts some of the risk from the insurer to the insured, which in some cases allows the insured to negotiate terms that provide direct coverage for IP claims. Sneaker companies, particularly those with significant capital, may want to consider negotiating a self-insured retention in order to procure direct coverage for IP claims under a CGL policy.

D&O Insurance

D&O insurance may also cover claims in sneaker-related lawsuits against individual business leaders, such as directors, officers, or certain company executives, arising from certain actual or alleged acts, such as failing to adhere to state or federal laws, unethical practices, or fiduciary duty mismanagement. Companies within the sneaker industry, for example, may be subject to Securities and Exchange Commission investigations that implicate the sneaker company, as well as its individual officers and directors. A D&O policy typically covers the defense costs and expenses the company incurs during such investigations.

D&O insurance may also protect sneaker companies against lawsuits for theft of intellectual property. This is because IP-related claims often constitute a wrongful act, as that term is defined in the D&O policy, if the directors and officers are named as defendants in the IP lawsuit. If faced with allegations of IP infringement, sneaker companies should consider coverage under D&O policies that may complement any coverage afforded under CGL policies.

Insurance for Collectors

Insurance for sneaker-related claims, however, is not limited to sneaker companies. As sneakers become increasingly valuable, even individual collectors can consider insurance coverage options. Traditional homeowner’s insurance typically covers personal property, including sneakers. But a traditional homeowner policy does not cover authentication issues, such as the counterfeit issue in the lawsuit mentioned earlier, or other risks unique to sneaker collecting and investments. To that end, sneaker insurance for individual sneaker collectors exists, which insures against a broader range of risks than traditional homeowner policies.

While homeowner’s insurance policies often exclude coverage for property damage resulting from or arising out of flooding, sneaker insurance typically provides some coverage for flood damage. Larger collections, in particular, are more vulnerable to potential disasters, making purchasing comprehensive insurance a necessary step in protecting a collector’s investment. Policies tailored for sneaker collections also provide coverage for sneakers lost or stolen during shipping, delivery, and travel—losses that are usually not covered under traditional homeowner policies. Sneaker insurance facilitates collectors’ profiting from their investment through resale while decreasing exposure to the risks of shipping and delivery of valuable sneakers. Another advantage to sneaker insurance is that the sneakers are valued and authenticated during the underwriting process and insured at replacement cost, rather than actual cash value, allowing the collector, in most cases, to avoid incurring a loss because of depreciation or a decline in market value for the sneaker.

Sneaker collectors, however, should understand that sneaker insurance is an emerging market, and options are somewhat limited. This means high premiums for coverage, particularly because insurers in the sneaker industry are likely attuned to the nuances of the sneaker market and may tie premiums to market fluctuations.

Conclusion

Insurance is a great way to mitigate and hedge against the risk of unforeseen losses in the sneaker industry. CGL policies, D&O coverage, and sneaker insurance provide sneaker companies and collectors with various routes to securing coverage when faced with losses, including costly litigation. But the sneaker industry, especially sneaker companies with greater vulnerability to lawsuits, should recognize that insurance policies are often narrowly tailored to exclude the very claims that pose large risks to sneaker companies and collectors alike. Sneaker companies and collectors should consult experienced insurance coverage counsel to carefully consider all insurance options to protect their assets and investments.

1. See, e.g., Land’s End at Sunset Beach Cmty. Ass’n, Inc. v. Aspen Specialty Ins. Co., 745 F. App’x 314, 319–20 (11th Cir. 2018) (finding that the fact allegations in the underlying action for the counterclaims of false designation and unfair competition “require elements of proof beyond [intellectual property] use and [the fact] that those types of claims may exist absent [intellectual property] infringement does not alter the analysis . . . [and] depend on [the insured’s] use of [the intellectual property’”); see also Marvin J. Perry, Inc. v. Hartford Cas. Ins. Co., 412 F. App’x 607, 614 (4th Cir. 2011) (finding that a plaintiff’s claim for unfair competition was based on another’s use of the plaintiff’s trade name, trademark, logo, and website in violation of the plaintiff’s ownership of the trademark). ↑

2. See, e.g., Lebas Fashion Imports of USA, Inc. v. ITT Hartford Ins. Group, 50 Cal. App. 4th 548, 557, 565–66 (2d Dist. 1996) (construing the phrases “advertising idea” and “style of doing business” in a CGL policy broadly to provide coverage for trademark infringement, as “a trademark is but a species of advertising”). ↑

In 2020, approximately forty-six law firm data breaches were reported, according to a recent Law360 Pulse survey. In 2022, that figure more than doubled and exceeded one hundred.

Many midsized firms mistakenly assume that cybersecurity breaches won’t happen to them—that breaches only happen to large firms or that their firm is adequately defended by their current technology systems. Not only is this thinking naive, it is risky.

In 2022, 70 percent of reported breaches occurred at firms with fifty lawyers or less. Research shows that cyberattacks are increasing in size and becoming more sophisticated, occurring through a variety of tactics including social engineering and phishing, which can lead to stolen credentials such as usernames and passwords.

Here are three proactive steps your firm can take to help mitigate both the risk and the potential negative impacts of a data breach.

1. Investigate Your Managed Service Provider (MSP)

Many law firms rely on a third party to provide technology and related services to support firm operations and infrastructure (phone systems, email, video conferencing, document management systems, etc.). However, in addition to supporting law firm technology operations, MSPs are also a primary resource for defending against and mitigating cyber risks. Thus, it makes sense to ensure your MSP is secure.

One way to assess your MSP’s security is to request to see its latest SOC 2 audit. SOC 2 (System and Organization Controls 2) is an audit report that indicates the trustworthiness of the services provided by an MSP and is used to assess the risks associated with third-party service providers that store consumer data online. MSPs are not required to have SOC certifications, but SOC certification has become an industry benchmark for recognizing high security standards; it indicates an added measure of proof that an MSP is secure. An increasing number of businesses, especially those operating in regulated industries such as banking, financial, health care, energy, and retail, only work with law firms that use an MSP that is SOC 2 certified or law firms that have their own SOC 2 certification.

While investigating your MSP’s SOC status, here are additional questions to ask your provider:

• What’s being done to protect my organization from breaches, hacks, and attacks?
• What cybersecurity-related services am I paying for?
• How are these services protecting me? What reporting is available?
• What security awareness training services can you offer my firm?

2. Don’t Lose Sight of Your #1 Risk: Access Points into Your Data through Your Employees

Each individual working at your firm represents a potential entry point for hackers to gain access to your data and client data. It’s also possible to encounter employees who decide to steal or compromise data.

It’s important to note, though, that employees can also be your best protection against cybersecurity breaches. With proper security awareness training and other strategies, law firms can decrease the chances of being breached and defend themselves.

For example, firms can start, increase, and mandate cybersecurity awareness training for employees. Many firms conduct such training on an annual basis, yet given the increased complexity and sophistication of cyberattack methods, this may no longer be frequent enough. Formal cybersecurity awareness training, which includes cybersecurity test-and-learn exercises such as penetration testing and phishing attack simulations, should happen often and at random, to simulate how unexpected a hack attempt can be and reinforce readiness at all times.

Another option to strengthen a firm’s cybersecurity training is the gamification of the training to drive the desired employee behavior. Law firms can create healthy competitions among employees, whereby an award or prize goes to the most vigilant employees for efforts such as detecting and properly reporting the most (simulated) phishing attempts within a given time frame.

Firms that prioritize training create a culture of cybersecurity compliance and a stronger shield from cyberattacks than those firms that are not adopting training, creating awareness, and simulating attack situations. Firms that proactively build, implement, and test (or literally practice) their defense measures will be much better prepared than those that choose to wait and react.

High adoption of security-compliant practices happens when firms make a concerted effort to track and reward participation in cybersecurity training and make it part of the employee evaluation process, building in incentives. This helps the firm identify areas for cybersecurity improvement and employees who pose a cybersecurity risk.

3. Maintain a Robust and Up-to-Date Breach Response Plan

Given the plethora of security and privacy regulations, it is critical that any cyber incident is met with a timely and appropriate response. While no organization wants to experience a breach, for law firms, such incidents invoke a particularly unique ethical obligation. Lawyers have an obligation to protect their client’s information and to disclose any breach.

Rule 1.6 of the ABA Model Rules of Professional Conduct states that lawyers must not disclose information related to the representation of a client. This includes information that is communicated in confidence by the client and any other information related to the representation. The rule also states that lawyers must make reasonable efforts to prevent the unauthorized disclosure of client information.

Notably, the European Union’s General Data Protection Regulation (GDPR) applies to law firms that offer services to clients in the EU, among other circumstances, and if a firm falls under the GDPR’s definition of a controller, it is required to report personal data breaches to the relevant supervisory authority “without undue delay and, where feasible, not later than seventy-two hours after having become aware” of the breach. The notification must include information about the nature and scope of the breach, including the number of data subjects and records involved.

Firms need to follow all legal requirements and should also have their own detailed, formal breach or incident response plan in place. A robust breach response plan should include:

• Incident response team roster with clearly defined roles and responsibilities
• Procedures for monitoring and detecting threats
• A clearly defined process for reporting incidents internally
• Training for all firm personnel on how to detect and respond to cyber threats
• Procedures for handling the discovery, investigation, and containment of threats
• Procedures for correcting any security problems
• Reporting requirements to respective regulatory authorities
• Notifications to affected persons, particularly clients

Review and update your response plan after every incident and note what worked, what didn’t, takeaways, and necessary updates to the plan.

If your firm already has a breach response plan in place, regularly review it. When was the last time it was updated? Perhaps it’s up to date but needs to be tested. Consider implementing simulated breach scenarios to pressure-test your plan, tracking personnel, processes, response times, and other important elements against relevant benchmarks and standards.

The best practices noted in this article are excerpted from Meritas Cybersecurity Standards.

We are pleased to share the new form of the Emerging Business Credit Agreement (EBCA), which is the product of a collaborative project of the Commercial Finance Committee of the American Bar Association (ABA) Business Law Section and the Primary Market Committee of the Loan Syndications and Trading Association (LSTA).

The new EBCA includes three supplements that have been prepared with the agreement: the Security Supplement, the Financial Covenants Supplement, and the Agency Supplement. We worked under the expert guidance of our external counsel, Thomas Mellor and Sean Zoltek of Morgan, Lewis & Bockius LLP, who drafted the EBCA form. They have led us in the production of an excellent form with numerous guideposts and in-depth drafting notes, some of which are highlighted below.

The EBCA is intended to be used for a borrower that is an “emerging business.” For the purposes of this form, the term “emerging business” refers to a borrower that is no longer a new venture but is not yet an established middle market company. The current form is designed to bridge the gap between the “off the shelf” form for new venture companies and the more highly negotiated and tailored agreements of the larger, more established middle market companies. Borrowers using these forms will likely be generating regular and consistent revenue but will often not have consistently positive EBITDA. They will likely desire more flexibility when it comes to running their businesses and making decisions about, for example, investments and distributions. Our goal with this form is to take into account, on the one hand, the interests of the borrowers and their growing businesses, and on the other hand, those of the lenders who are willing to put their money at risk, to create a more balanced form that the parties can use as they start their negotiations.

We anticipate that our form could be useful for loans between $25 million to $100 million; however, parties should note that the size of the loan should not be the sole factor when deciding the form with which to start. When determining where to begin, parties will always need to assess the borrower, the stage of its life cycle, and the parties’ willingness to spend time and money negotiating a credit agreement.

Our form also assumes the borrower is formed in the US with US-based operations and limited, if any, foreign operations or assets located outside the US. If significant activity takes place or material assets are located outside the US, then parties will need to adapt the form and include foreign borrower and/or foreign assets language, as well as considering, among other issues, the local law requirements (especially if there are foreign guarantors) and the taxes clause.

The form of the agreement is governed by New York law. However, because of comments submitted by the ABA’s Commercial Finance Committee shortly before the penultimate turn of the document, we have included provisions specific to credit agreements that are governed by the laws of California, Illinois. or Texas. For example, drafting notes in Annex I highlight language that should be included if the agreement is governed by the laws of California or if the entity has assets (in particular real estate assets) located there. For that state, language has been provided whereby each loan party waives all rights and defenses that they may have if their obligations are secured by real property there.

We have also drafted a security supplement, a financial covenants supplement, and an agency supplement for the EBCA. The terms of a security agreement have been incorporated into the credit agreement itself; this reflects common practice in the venture debt space where the loan is to be secured. This form assumes that subsidiaries of the borrower will become guarantors of the facility irrespective of whether or not the facility is secured. This approach should streamline the process and save the parties both time and expense of negotiating another document. Additionally, because the borrower’s own collateral and structure is typically more straightforward than companies further along in their life cycle, the incorporation of security terms in the credit agreement itself can more easily be achieved. The separate Security Supplement serves this purpose, but, of course, if the parties prefer to use a separate security agreement, the form can easily be adapted for that as well. Parties should note that the security supplement is not exhaustive of all applicable security interest provisions that parties may need for their deal; only the typical ones have been flagged for the draftsperson’s consideration.

Loans extended to emerging businesses often will not include financial or performance covenants. As noted in the covering memo of the Financial Covenants Supplement, because the borrower’s future growth trajectory is uncertain, it may be practically difficult to come up with meaningful metrics at closing that can accurately predict the company’s growth prospects and its ability to comply with financial or maintenance covenants while the loan is outstanding. As such, the parties may agree to include more deal-specific reporting mechanisms for such performance metrics rather than more traditional leverage and fixed charge maintenance covenants. If financial and performance covenants are included, they are expected to be heavily negotiated and well-tailored to the borrower, its business, and the relevant industry.

Because EBCA loans typically have only one lender, we drafted this form as a bilateral credit agreement, thus enabling us to streamline the form further by not including the typical LSTA agency provisions. However, if the deal is being made on a club basis, agency provisions can be included, particularly if the deal is secured or includes more than a small number of non-affiliated lenders. A sample Agency Supplement has been included for cases where the deal requires an agent.

In this market, lenders will often want the borrower to use its or an affiliates’ banking services. This form requires as a closing condition that the borrower shall have arranged for its bank services to be with the lender. Lenders should consider tailoring these services, but they must also bear in mind any applicable anti-tying regulations.

As with all forms of agreements, we have attempted to flag issues and provide a starting point for parties to consider and adapt to the borrower’s business. This is particularly true for the representations and covenants. The parties must of course consider the nature of the representations and covenants that are suitable for the borrower and its business as they determine which ones to include.

Finally, before we were due to publish the EBCA, the Office of the Comptroller of the Currency (OCC) issued detailed guidance on November 1, 2023 (the “Guidance”), to address risk management standards and safe and sound lending practices for venture lending. We reviewed that guidance and added a new note 12 to the cover memo of the form to highlight it to members. Venture lending is defined by the Guidance to include certain characteristics and provides exclusions for certain types of loan products (for example, asset-based lending that meets certain criteria is excluded from the definition of “venture lending”). The OCC seems to be responding to concerns following the recent failures of certain banks active in venture lending, and the Guidance signals that the OCC is more closely considering banks’ standards for evaluating venture lending. The impact of the Guidance on current venture lending structuring and documentation practices remains to be seen. For transactions that fall within the definition of venture lending (as defined by the Guidance), a careful review of the Guidance is advisable.

We would like to thank Thomas Mellor and Sean Zoltek of Morgan, Lewis & Bockius LLP for their excellent drafting and advice on this project. Their extensive knowledge of this market is reflected in the final form.

Handling the sale of a company in financial distress presents a multitude of challenges: preserving the value of the assets; maintaining some level of operations; treating creditors, stakeholders, and employees fairly and legally; and contracting for and effectuating the sale of the business in an orderly fashion. These issues are common to the sale of assets of any distressed company, regardless of where it may be located. However, there are additional complications when the entity or its assets are located outside the United States.

The American Bar Association (ABA) Business Law Section publication Using Legal Project Management in Merger and Acquisition and Joint Venture Transactions included a checklist showcasing important items to consider in connection with the sale of assets of a distressed company pursuant to Section 363 of the U.S. Bankruptcy Code. The Mergers and Acquisitions Committee of the ABA Business Law Section (“M&A Committee”) has undertaken a project to provide country-specific commentary to the original checklist for items to consider in the sale of assets by an international distressed company (collectively, the “Reports”). The authors of these Reports are senior lawyers practicing throughout the world who specialize in mergers and acquisitions and insolvency.

The initial tranche of the Reports provides commentary from multiple regions, including Europe (Germany, Italy, Luxembourg, Netherlands, Spain, and the United Kingdom), North America (Canada, Mexico, and the United States), South America (Brazil), and Asia (India, Japan, and Singapore). It is anticipated that additional Reports spanning other regions will be published in the future. The publication of these Reports is an important addition to the legal literature on mergers and acquisitions. In this global economy, it is important that practitioners have a resource that compares, in outline form, the laws of many countries with respect to asset acquisitions.

Each of these Reports seeks to provide such a resource to readers who come across international acquisitions in §363-type scenarios. Section 363 asset acquisitions are a mix of fields between insolvency and M&A. They also present challenges in other areas of the law, which lawyers involved should be prepared to deal with. The jurisdiction where the company is located and its applicable laws and legal system can have a profound impact on how the sale of the distressed company and its assets is structured and managed. In this regard, each of these Reports is an exercise in comparative law, which requires intellectual rigor and an open mind to be able to conciliate U.S. legal concepts with those of other nations.

The Reports provide a preliminary overview of issues arising under each country’s law and should not serve as a substitute for detailed legal research and advice based upon the facts and circumstances of particular transactions. The material is based upon the laws of each country as of November 2023. It is noteworthy that each author is admitted to the practice of law in his/her respective jurisdiction.

This work product was conceived and coordinated by Agustín Berdeja-Prieto initially under the auspices of the M&A Legal Project Management Task Force and its co-chairs at the time, Dennis J. White and Byron S. Kalogerou. Our gratitude to them for their receptiveness and support. Subsequent efforts were completed with the effective and proactive assistance of current M&A Committee chair Michael G. O’Bryan, M&A Committee Legal Project Management Initiative chair Sachin V. Java, and members of the International M&A Subcommittee. Finally, we acknowledge the very able and timely editing assistance provided by Professor Don De Amicis and Schylar Jacobs of Georgetown Law’s Center on Transnational Business and the Law. We sincerely thank them all.

The United States Supreme Court has granted a petition for certiorari in Coinbase v. Suski to review the question of whether the court or the arbitrator should determine whether an arbitration agreement containing a delegation clause can be narrowed by a subsequent agreement that does not contain clauses addressing arbitration or delegation. There is currently a circuit split as to the enforceability of delegation clauses, which are clauses that dictate the arbitrator is authorized to determine threshold issues regarding the arbitration agreement. Currently the First and Fifth Circuits recognize the enforceability of delegation clauses and would allow an arbitrator to decide whether a subsequent agreement narrows the arbitration agreement in a prior agreement, while the Third and Ninth Circuits refuse to enforce delegation clauses where a second agreement narrows an earlier arbitration agreement.

In this case, users of Coinbase, a cryptocurrency exchange, filed a class action in California claiming that Coinbase had misled them regarding the entry requirements for a sweepstakes in violation of state law. Suski v. Coinbase, Inc., 55 F.4th 1227, 1228 (9th Cir. 2022), cert. granted, Coinbase, Inc. v. Suski, No. 23-3, 2023 WL 7266998 (U.S. Nov. 3, 2023). The suit was filed under California’s False Advertising Law, Unfair Competition Law, and Consumer Legal Remedies Act against Coinbase and Marden-Kane Inc., a company hired by Coinbase to design, market, and execute a sweepstakes that the plaintiffs claimed used deceptive practices. Id. at 1229. When creating their accounts with Coinbase, the plaintiffs had signed Coinbase’s User Agreement, which contains an arbitration provision that specifically provided the arbitrator would decide issues relating to the “scope” of the arbitration provision—i.e., the types of claims it covered, not whether it was superseded by a later agreement between the parties. Id. at 1229. Thereafter, the plaintiffs had opted into a second contract, the Coinbase Sweepstakes’ Official Rules, which included a forum selection clause providing that California courts have exclusive jurisdiction over any controversies regarding the sweepstakes. Id. at 1228–29.

Coinbase moved to compel arbitration in reliance upon the arbitration clauses set forth in the underlying user agreements, and the class plaintiffs opposed arbitration, pointing to provisions contained in the sweepstakes’ rules that were issued subsequent thereto containing contrary forum selection clauses. Id. at 1229. The district court denied the motion to compel arbitration, and the U.S. Court of Appeals for the Ninth Circuit affirmed the district court’s holding. Id. In affirming the district court, the Ninth Circuit made distinctions between the arbitration delegation clause in Coinbase’s User Agreement and the forum selection clause contained in the Sweepstakes’ Official Rules. Id. at 1229–31.

Regarding the delegation clause, which stated that an arbitrator shall decide “disputes arising out of or related to the interpretation or application of the Arbitration Agreement,” Coinbase argued that the issue of any superseding effect of the Sweepstakes’ Official Rules concerned the scope of the arbitration clause and therefore fell within the User Agreement’s delegation clause. Id. at 1229. In denying the motion to compel arbitration, both the district court and the Ninth Circuit determined that the question concerning the “scope of the arbitration agreement” referred to how widely it could be applied, and as such this was an issue for the court to decide. Id. The Ninth Circuit found that “[w]hether the court or the arbitrator decides arbitrability is an issue for judicial determination unless the parties clearly and unmistakably provide otherwise.” Id. (quoting Oracle Am. Inc. v.Myriad Grp. A.G.,724 F.3d1069, 1072 (9th Cir. 2013)). In the Ninth Circuit’s view, the issue of whether the forum selection clause in the Sweepstakes’ Official Rules superseded the arbitration clause in the User Agreement was not delegated to the arbitrator, but rather was for the court to decide. Id.

The Court next looked to whether the forum selection clause in the Sweepstakes’ Official Rules superseded the arbitration clause in the User Agreement. Id. at 1230. The forum selection clause in the Sweepstakes’ Official Rules had provided that the California courts had exclusive jurisdiction over any controversies regarding the sweepstakes. Id. Coinbase argued that the User Agreement contained an integration clause and procedures for amendment of the User Agreement, and therefore the User Agreement could not have been superseded by the Official Rules, which Plaintiff argued exempted the claims from arbitration. Id. at 1231. Coinbase further argued that the Official Rules were focused on a different subject matter from the User Agreement and as such could not be utilized as evidence of the parties’ intent to amend, revise, revoke, or supersede any prior agreement, including the arbitration provision in the User Agreement. Id.

The Ninth Circuit did not agree with Coinbase. Id. Rather, the Court found that under California law, “[t]he general rule is that when parties enter into a second contract dealing with the same subject matter as their first contract without stating whether the second contract operates to discharge or substitute for the first contract, the two contracts must be interpreted together and the latter contract prevails to the extent they are inconsistent.” Id. at 1230 (quoting Capili v. Finish Line, Inc.,116 F. Supp. 3d 1000, 1004 n.1 (N.D. Cal 2015) (quoting 17A C.J.S. Contracts § 574), aff’d, 699 F. Appx. 620 (9th Cir.2017)). The Court acknowledged that Coinbase was correct in stating that the Official Rules contained no language specifically revoking the arbitration agreement contained within the User Agreement, but it found that by including the forum selection clause with the Official Rules, those Rules provided evidence of the parties’ intent not to be governed by the User Agreement’s arbitration clause when addressing controversies concerning the sweepstakes. Id. at 1230–31. As a result, the Ninth Circuit affirmed the district court’s holding that denied Coinbase’s request to compel arbitration. Id. at 1231.

In its petition for a writ of certiorari, Coinbase pointed to Supreme Court precedent requiring the enforcement of delegation clauses in arbitration agreements and argued that absent a meritorious challenge to these provisions, they must be enforced if the subsequent agreement does not alter that provision. Brief for Petitioner at 20–21, Suski v. Coinbase, Inc., 55 F.4th 1227, 1228 (9th Cir. 2022) (No. 22-105), 2022 WL 3107708. Coinbase has also argued that since the subsequent rules did not alter or challenge the prior agreement’s delegation provision, it is for the arbitrator to determine this issue. Id. at 9. On November 3, 2023, the Supreme Court granted the petition for writ of certiorari, and the case is scheduled for argument during the Court’s current term. Coinbase, Inc. v. Suski, No. 23-3, 2023 WL 7266998 (U.S. Nov. 3, 2023).

This will be the second time that a decision rendered concerning this dispute involving Coinbase has appeared on the Supreme Court’s docket; the Court previously determined that an appeal from a denial of a petition to compel arbitration automatically stays the proceedings below. Coinbase, Inc. v. Bielski, 599 U.S. 736, 747 (2023). Further, this is the second arbitration case that the Supreme Court has agreed to hear this term, along with Bissonnette v. LePage Bakeries Park St. LLC, 49 F.4th 655 (2d Cir. 2022), cert. granted, No. 23-51, 2023 WL 6319660 (U.S. Sept. 29, 2023). Once again, issues concerning arbitration appear to remain hot topics before the Supreme Court.

Surprisingly, some loan market participants continue to think that the term “open market purchases” included in many syndicated credit agreements today is intended to require the borrower to buy all the loans of a particular tranche on a pro rata basis, or at least make the offer to all lenders of the associated class. As Serta^[1] and other liability management cases take their twists and turns through the courts, lenders are taking note of how an “open market purchase” provision can be utilized by a dominant class of lenders to subordinate a minority class. Much has been written on the need for “Serta protections” and on liability management transactions, but there has been no attempt to ink a definition for the term “open market purchases” in the credit agreements being drafted today, and there have been few, if any, successful attempts to amend the existing concept to protect against future problems. As recently as the Loan Syndications and Trading Association/Loan Market Association (LSTA/LMA) conference last quarter, when asked whether lawyers were seeing a defined term for “open market purchases,” experts drew a blank. They were not aware of any credit agreements that contained a definition, nor of any real attempts at a definition in the amendment process—shocking.

As lenders open their documents for amendments in the new year for any variety of reasons—e.g., loosening covenants, extensions of payment schedules, and enhancements to the collateral and reporting packages—they should consider amending the documents to delete the “open market purchase” option entirely, or define it as the following:

a purchase of loans that is (i) offered to all lenders on a pro rata basis, (ii) conducted on an arm’s-length basis, (iii) made in cash and at the current trading prices, (iv) subject to no default or event of default, and (iv) structured so that that the purchased debt be canceled.

The definition of “open market purchase” must also be included in the list of sacred voting rights that requires an all affected lender consent, together with the release or subordination of collateral. Otherwise, a dominant class of lenders would be able to amend the definition to delete these conditions in the process of structuring a liability management transaction. This should sufficiently neuter the ability of the borrower to utilize this mechanism to subordinate a group of lenders within the same class and strip covenants as was done in Serta and other transactions. By keeping this mechanic in the document undefined as is the status quo, the risk remains high that a portion of the debt will be subordinated in a liability management transaction. The last thing anyone should have to explain to their credit committee in the new year is why there was an “open market purchase” concept in the document that was not defined.

How Did This Concept Arise?

During the Great Financial Crisis of 2007–2008, “open market purchases” came into vogue to permit the borrower to repurchase loans on a one-off, non–pro rata basis. The concept is typically confined to the syndicated term loan B market. “Open market purchases” differed from “Dutch auctions” (where the borrower specifies a ceiling or a range to lenders and then gives the lenders a period of time to offer the debt for sale) in that they permitted a borrower to purchase loans quickly from any one of its lenders without making the offer to other lenders. This was key. During the Great Financial Crisis, financial sponsors and their borrowers saw this mechanism as an easier and more efficient way to buy back distressed debt without having to go through often lengthy and time-consuming auction procedures. Credit agreements originally permitted these “open market purchases” to be made subject to certain conditions, the most common of which were the following: the absence of a default or event of default, proceeds from the revolver could not be utilized to make these purchases, the borrower had to represent that it was not in possession of any material nonpublic information, and finally, the debt had to be canceled. The cancellation of the debt was critical. The borrower and its affiliates were not entitled to hold those loans and exercise voting rights once the debt was purchased.

A fundamental principle in syndicated credit agreements, however, is that all similarly positioned lenders should be treated equally, or, with respect to distributions, on a “pro rata” basis. This makes a lot of sense; in broadly syndicated loans, and even smaller club loans, lenders extending the credit and agreeing to be part of the syndicate (or the club) do so based on the assumption that they are going to be treated the same as the other lenders in the tranche. It is hard to imagine how a lender group could be put together on any other basis. “Sure, I will lend you money for the secured loan, but you can pay someone else back first, and without telling me,” said no senior secured lender ever. Prior to the Great Financial Crisis, most credit agreements did not even permit the borrower or its affiliates to buy back loans, and the borrower and its affiliates were not permitted assignees of the loans. If anything, the purchase was capped, and there were limitations on voting and information rights, as well as waivers of certain rights in bankruptcy. Even the rights of the borrowers’ “debt fund affiliates” were capped.

There are a number of provisions that give comfort to the fundamental principle that equally positioned lenders should be treated equally. Most credit agreements include a provision that requires any voluntary or mandatory prepayments be made on a pro rata basis to all lenders. Most credit agreements also include some kind of pro rata sharing clause that requires any lender who receives a payment in excess of its proportion to share the excess with the other lenders (either by way of a purchase of an assignment or participation in each of the other lenders’ loans).

A Call to Action

The lack of a definition to the term “open market purchase,” including any detail on the process by which the borrower repurchases the loans through this method, is directly at odds with the other provisions in the credit agreement, so it is not surprising that this mechanic ended up being the gateway to an often-used liability management transaction structure. Now is the time to build in a definition of “open market purchase” that will include appropriate parameters to protect lenders from “lender-on-lender violence” and restore the syndicated lending market to more predictable restructuring outcomes.

1. In re Serta Simmons Bedding, LLC, No. 23-90020, 2023 WL 3855820 (Bankr. S.D. Tex. June 6, 2023). ↑

As chairs of the American Bar Association’s Private Target Mergers & Acquisitions Deal Points Study (the Private Target Deal Points Study), we are pleased to announce that we published the latest iteration of the study to the ABA’s website on December 18, 2023.

Congratulations! But Wait. What Exactly Is This Private Target Deal Points Study, Anyway?

The Private Target Deal Points Study is a publication of the Market Trends Subcommittee of the ABA Business Law Section’s M&A Committee. It examines the prevalence of certain provisions in publicly available private target mergers and acquisitions transactions during a specified time period. The Private Target Deal Points Study is the preeminent study of M&A transactions, widely utilized by practitioners, investment bankers, corporate development teams, and other advisors.

The 2023 iteration of the Private Target Deal Points Study analyzes publicly available definitive acquisition agreements for transactions executed and/or completed either during calendar year 2022 or during the first quarter of calendar year 2023. In each case, the transaction involved a private target acquired by a public buyer, with the acquisition material enough to that public buyer for the Securities and Exchange Commission to require public disclosure of the applicable definitive acquisition agreement.

The final sample examined by the 2023 Private Target Deal Points Study is made up of 108 definitive acquisition agreements and excludes agreements for transactions in which the target was in bankruptcy, reverse mergers, and transactions otherwise deemed inappropriate for inclusion.

Although the deals in the 2023 Private Target Deal Points Study reflect a broad array of industries, the health care and technology sectors together made up nearly one-third of the deals. Asset deals comprised 18% of the study sample, with the remainder either equity purchases or mergers.

Of the 2023 Private Target Deal Points Study sample, 26 deals signed and closed simultaneously, whereas the remaining 82 deals had a deferred closing some time after execution of the definitive acquisition agreement.

The transactions analyzed in the 2023 Private Target Deal Points Study were in the “middle market,” with purchase prices ranging between $30 million and $750 million; purchase prices for most deals in the data pool were below $200 million.

The Private Target Deal Points Study Sounds Great! How Can I Get a Copy?

• All members of the M&A Committee of the Business Law Section received an email alert from Jessica Pearlman with a link when the study was published. If you are not currently a member of the M&A Committee but don’t want to miss future email alerts, committee membership is free to Business Law Section members, and you can sign up on the M&A Committee’s homepage.
• ABA members who are not currently members of the Business Law Section can sign up to join on the Section’s membership webpage.
• The published 2023 Private Target Deal Points Study is available for download by M&A Committee members from the Market Trends Subcommittee’s Deal Points Studies page on the ABA’s website. Also available at that link are the most recently published versions of the other studies published by the Market Trends Subcommittee, including the Canadian Public and Private Target M&A Deal Points Studies, European Private Target M&A Deal Points Study, US Public Target Deal Points Study, and Strategic Buyer/Public Target M&A Deal Points Study.

How Does the 2023 Private Target Deal Points Study Differ from the Prior Version?

The 2023 version of the Private Target Deal Points Study has a number of features that differentiate it from prior iterations.

• A new elegant look and feel. We thought it was time for a refresh on fonts and color scheme, and we utilized gray for prior study data to help current-year data stand out more.
• New data points and correlations. We didn’t think we had enough work on our plates, so we added new data points and correlations throughout. Look for the “new data” flags (see samples below) to make them easy to spot.
  • New Representations and Warranties Insurance (RWI) correlations. We’ve taken a large number of existing data points throughout the study and correlated those points by deals that reference use of reps and warranties insurance, so you can see how that changes things.
  • #MeToo nuances. Based on input from Ally Coll of The Purple Campaign, we have included a more nuanced look at #MeToo representations. 57% of all transactions analyzed in the 2023 Study included a stand-alone #MeToo representation, as compared to 37% of deals in the 2021 Study pool. The new nuanced data points that we added measure whether the representation includes language regarding corrective action (5% of #MeToo representations in our data set do), settlement agreements (74% of #MeToo representations in our data set do, with 11% qualified by the knowledge of the party making the representation), or allegations of sexual harassment (all #MeToo representations in our data set do, with 37% so knowledge-qualified).
  • Closer looks at fraud carve-outs. We wanted to see how often a deal that had an express fraud carve-out to the non-reliance provision also had such a carve-out to the exclusive remedy provision, so we added a new slide exploring just that. Likewise we added a new data point for how often the fraud carve-out to the exclusive remedy provision is limited to fraud as to the reps/transaction documents.
  • Breach of covenants as stand-alone indemnity. We have added to this year’s Study a data point on how often breach of covenants appears as a stand-alone basis for indemnification. Interestingly, not all deals included breach of covenants as a stand-alone indemnity—only 94% had this formulation.
• RWI: The use of RWI decreased for the first time since we have been measuring this data point but maintained a majority position. During the period covered by the 2023 Study, 55% of deals referenced RWI (our proxy for whether a transaction utilized RWI), as compared to 65% of the deals during the period covered by the 2021 Study.
• Earnouts: Earnouts became more prevalent and displayed some buyer-friendly features. Use of earnouts increased significantly—by 30% (i.e., from 20% during the period covered by the 2021 Study to 26% during the period covered by the 2023 Study). Earnouts are often used to address valuation gaps, and this data point suggests growing valuation gaps during the period covered by the 2023 Study (2022 and Q1 2023).
• Anti-Sandbagging: Express anti-sandbagging provisions decreased. The percentage of deals that were silent with respect to sandbagging continued to increase, to 76% in the 2023 study as compared to 68% in the 2021 Study and 59% in the 2019 Study. As a reminder, silence may have a different effect under the laws of different states, so the parties need to consider the effect of being silent under applicable law.

Please join us in extending a huge thank-you to everyone who worked so hard on this study, from leadership to advisors to issue group leaders to the working groups, all of whom are listed in the credits pages.

For more information, there will be an In the Know webinar with the Chairs and Issue Group Leaders providing analysis and key takeaways from the results of the Private Target M&A Deal Points Study—details on time/date to follow.