Pro bono work is about more than giving back to the community or meeting a lawyer’s professional obligation to do so. For law firms, it can also make good business sense, prompting a positive domino effect for themselves, the clients they serve, and minority- and women-owned business enterprises (M/WBEs) striving for success in their communities.

Indeed, legal services are a major expense for many small businesses, including M/WBEs. Further, legal services for small businesses can span areas ranging from corporate, employment, and real estate to intellectual property, data privacy and security, and other practice areas in which owners may not even be aware they need assistance. Considering both this reality and the American Bar Association’s Model Rule 6.1 noting that “every lawyer has a professional responsibility to provide legal services to those unable to pay,” it is incumbent on law firms to assist small businesses—particularly those owned by women and minorities, who continue to face systemic challenges in securing loans and other funding and accessing critical services to launch and grow their operations. Equally important for law firms to understand is that providing pro bono services can be beneficial to their own operations, with the potential for pro bono M/WBE clients to become future billable clients. In providing pro bono corporate counseling to early-stage, scalable M/WBEs (for example, preparing for and helping them acquire seed and venture capital investments), law firms eliminate an economic barrier for such businesses. In the event these M/WBEs receive such capital financing, they would likely have the appropriate amount of funding to scale their businesses and possibly become future billable clients of the law firms that initially provided pro bono legal services to them.

Pro bono legal services for small businesses have been especially valuable in the wake of the COVID-19 pandemic, with countless startups and even established small businesses struggling to stay afloat. In 2020, our firm (Gibbons P.C.) was approached by a nonprofit, the Institute for Entrepreneurial Leadership (IFEL), to partner on one of its new initiatives, “Small Businesses Need Us” (SBNU), created to provide free legal counsel and other business services to M/WBEs impacted by the pandemic. Gibbons attorneys have since donated hundreds of hours to SBNU to clients ranging from a STEM enrichment program for students, to an event management company, to a life and business empowerment coach.

Our partnership with IFEL has been so successful that IFEL has since become a billable client of the firm. The organization devotes much of its effort to connecting small businesses with investors and other financing channels—an essential endeavor, given the World Economic Forum report that, in 2021, “Black woman start-up founders received just 0.34% percent of the total venture capital spent in the U.S.”^[1] IFEL is in the process of purchasing a for-profit group of diverse women angel investors, with Gibbons as its legal counsel.

One of IFEL’s business cohorts is OneKIN, a fintech company that builds software solutions to help small businesses compete in the digital landscape. Gibbons has assisted OneKIN for the past two years through IFEL’s SBNU program. Our pro bono work for OneKIN involved restructuring its ownership and cleaning up its capitalization table, as well as negotiating the buyout of certain founders. Since we began our engagement with OneKIN, the company has been accepted into MasterCard’s Start Path Program, designed to accelerate companies and set them up for future Mastercard acquisition. Gibbons continues to provide pro bono legal services to OneKIN by (i) reviewing/drafting a MasterCard accelerator agreement; (ii) drafting an Intellectual Property Assignment Agreement between founders of the company; and (iii) reviewing a Statement of Work and Master Services Agreement for product sales overseas. OneKIN now has plans to expand its business with the launch of an AI-powered livestream shopping app and has positioned itself to become a billable client of the firm.

During the COVID pandemic, Gibbons also partnered with the African American Chamber of Commerce of New Jersey (AACCNJ) and its M/WBE members. With many small businesses, M/WBEs in particular, finding it difficult to secure Paycheck Protection Program (PPP) loans during the initial phase of the pandemic, Gibbons connected the AACCNJ with one of our longtime clients—New Jersey Community Capital, a large, regional, community development financial institution—in order for the two organizations to partner for a joint venture called the Equitable Small Business Initiative (ESBI). ESBI is well-supported by large financial institutions, enabling it to facilitate access to critical capital by New Jersey’s Black business enterprises and provide them with hands-on, customized support and pandemic relief loans. After Gibbons structured this joint venture, the AACCNJ not only became a billable client of the firm, but also asked the firm to partner on the AACCNJ Pro Bono Alliance, a joint initiative whereby Gibbons supports AACCNJ member companies, on a pro bono basis, in launching, sustaining, or advancing their businesses.

While certain types of pro bono matters have the potential to become billable matters for law firms, pro bono work can also attract other clients or individuals who look for firms with a demonstrated commitment to pro bono representation. Pro bono work can generate cost savings as well, through its inherent offering of critical training and professional development to attorneys, particularly associates. Attorneys who provide pro bono services gain a valuable, firsthand view of the tangible ways their knowledge and experience are assisting small businesses, which leads to better client service overall. Gibbons regularly holds pro bono clinics for its attorneys, with incentives for reaching a certain numbers of hours per year.

Here at Gibbons, our philosophy is “doing good while doing well.” Without a doubt, establishing and building pro bono relationships has been both rewarding and profitable. Pro bono work should be an economic incentive for all law firms, one that can lead to a win for all parties involved.

1. World Economic Forum, “Black women lack access to VC funding. Here’s what we can do.” March 27, 2023. ↑

With SPAC IPOs virtually gone but SPAC mergers (aka de-SPACs) continuing at a steady pace since the beginning of the year, the questions around getting a deal done boil down to the following:

• How and where can companies get financing now that the PIPE (private investment in public equity) market has dried up?
• How long will it really take to get the deal closed, now that target companies are not easy to come by and every deal seems to need an extension?
• How can the current litigation and regulatory risks be avoided, or at least minimized?

In this article, we’ll focus on the third question, examining how the litigation and regulatory risk for SPACs has shifted since our 2022 year-end report.

SPAC Litigation by the Numbers

Through June 15, 2023, five SPAC-related securities class actions (SCAs) have been filed so far this year. That is not a high number. With 33 total SCAs filed in 2021 and 24 in 2022, we are at a slower pace for securities class actions this year than in the previous two years.

Filed SPAC/de-SPAC Securities Class Actions.

Examining the data between January 1, 2021, and June 15, 2023, it takes, on average, 12.82 months after the merger (aka de-SPAC) for an SCA to be filed. Except for a handful of cases, most lawsuits are filed after the de-SPAC has been completed. Considering that there were 199 de-SPACs in 2021, 102 in 2022, and 35 as of June 15, 2023, the downward progression of the number of SCAs this year tied to the downward progression of de-SPACs is not surprising. But that downward progression is somewhat deceptive.

Number of Suits vs. Number of Closed de-SPACs.

Direct Cases Picking Up Steam in Delaware

What the SCA data does not show is the growing number of direct-action breach of fiduciary duty suits being brought in Delaware. These suits are a progeny of the MultiPlan case in which the Delaware Chancery Court denied the defendants’ motion to dismiss. The parties subsequently settled for $33.75 million in November 2022, and no one in the SPAC world was surprised to see plaintiffs in other cases, including at least three so far in 2023, take a similar route.

Direct cases like MultiPlan and a few news-making examples below are easier to bring because, unlike derivative cases, they do not need to go through an extra step of satisfying demand futility requirements. It is no wonder then that, spurred by several denials of the defendants’ motions to dismiss and an easier procedural hurdle, plaintiffs’ attorneys are trading their SCA strategies for direct fiduciary suits against Delaware SPACs.

Examples of Direct Breach of Fiduciary Duty Suits

Source: Woodruff Sawyer

From the perspective of directors and officers (D&O) insurance coverage, claims from direct suits, while typically indemnifiable, are not covered by “Side A only” D&O coverage. Many SPAC D&O insurance programs are structured as traditional “ABC” programs that would offer coverage for claims coming out of a direct suit. However, some SPAC teams, as a cost-saving alternative at the peak of the SPAC craze in 2021, when D&O insurance prices were astronomical, chose to structure their programs as Side A only. To the extent that a SPAC purchased a Side A–only policy and the lawsuit is determined, like in MultiPlan, to be a direct one, there may be no D&O insurance response for a settlement (outside of a corporate bankruptcy).

Whose Money Is It Anyway?

Another interesting trend continuing this year is the series of termination fee cases. In the first of these, the FAST Acquisition Corp. lawsuit from August 2022, the plaintiff investors objected to the SPAC team keeping the entire termination fee it had negotiated without sharing it with its investors. Other similar suits, with a few examples noted below, followed shortly after.

Examples of Termination Fee Suits.

The interesting element of these suits is that they would likely not have been filed had the SPAC team been able to complete a subsequent acquisition. But because the SPAC team failed to do so and had liquidated instead, the plaintiff investors naturally were not pleased to have been left out of the so-called termination spoils.

Considering the recent spike in liquidations as presented in the graph below, it is likely we will see more of these termination fee cases as more SPACs continue to liquidate—that is, unless the SPAC teams take note of this development and start approaching the apportionment of the termination fee differently.

SPAC Liquidations.

SPAC Wins

Not all SPAC-related cases came out on the side of the plaintiffs. There are several notable and interesting SPAC “wins”—decisions that went in the defendant’s favor. A few examples are:

• Diamond Eagle Acquisition Corp/DraftKings: In January 2023, the United States District Court for the Southern District of New York (SDNY) granted the defendants’ motion to dismiss this SCA. The court held that the plaintiffs’ suit relied entirely on a short seller report with unknown sources, the claims in which were not adequately supported by independent research. As a result, plaintiffs failed to sufficiently allege that (1) any violations or material misstatements were made by the defendants and (2) any defendant acted with scienter as required under the law.

As a side note, about 35% of all SPAC-related securities lawsuits involve allegations from a previously published short-seller report.

• Churchill Capital Acquisition Corporation IV/Lucid Motors: In January 2023, the Northern District of California granted the dismissal of the SCA on the grounds that the plaintiffs failed to plead materiality because they had no reason to know in early 2021 that the SPAC would merge with Lucid, as the parties were not engaged in merger discussions.
• CarLotz: In March 2023, the SDNY dismissed the SCA assertion against CarLotz and certain directors and officers for plaintiffs’ lack of standing related to allegations of pre-merger statements. The court held that the investor plaintiffs failed to allege that they purchased shares traceable to the registration for the merger transaction.

Settlements

Let’s turn from lawsuits to settlements. There have been very few publicly disclosed settlements, so it is difficult to draw conclusions about trends. The ones that made the news are listed in the graph below.

Of particular interest are the amounts of some of those settlements that were covered by D&O insurance policies. Insurance coverage information is rarely publicly available, so it is possible, and even likely, that other settlements noted in the chart were also at least partially backed by D&O insurance payouts.

Litigation Settlements.

It’s worth remembering that outside of the actual settlement amounts, the defendants also had to pay substantial attorney fees. When deciding on the limit of a D&O policy, it’s worth factoring in the potential costs of the attorney fees, which will be due whether the lawsuit ends up being frivolous or ultimately gets dismissed.

Regulatory Enforcement Actions

Regulatory enforcement actions and investigations are, of course, the other piece of the risk puzzle. With the Securities and Exchange Commission (SEC) taking an openly hostile stance towards SPACs, many of us expected to see a barrage of SPAC-related investigations and enforcement actions. That expectation continues to be unrealized. While rumors are that the SEC is quite busy launching SPAC-related investigations, only several have been publicly reported, and we have seen only a handful of enforcements. Here are some examples that made the headlines:

Regulatory Enforcement Settlements and Fines.

Some additional details on the settlements and fines listed above are as follows:

• Gordon: Administrative charges settled against CEO in January 2019 for $100,000. The SEC charged Benjamin Gordon, the former CEO of Cambridge Capital Acquisition Corporation, a SPAC, with failing to conduct appropriate due diligence to ensure that the SPAC’s shareholders voting on the merger were provided with accurate information concerning the target’s business prospects.
• Momentus: Settlement total of $8.04 million in July 2021. The SEC alleged that Momentus and the founder misled Stable Road, the SPAC with which it planned to merge, about its technology and national security issues and that Stable Road had failed to perform its due diligence to identify those issues.
• Nikola: Settlement total of $125 million in December 2021. The enforcement was preceded by a short seller report and an SCA and centered around misleading statements about Nikola’s products, technical advancements, and commercial prospects.
• Perceptive Advisors: Settlement of $1.5 million in September 2022. This case was the SEC’s first enforcement action against an investment adviser. The SEC charged the adviser with violating the Investment Advisers Act in connection with its involvement with SPACs.
• Morgenthau: Forfeiture of $5.1 million, restitution of $5.1 million, and 36 months in prison for the SPAC’s former CFO in April 2023. In January 2023, the SEC brought fraud charges against Cooper J. Morgenthau, the former CFO of African Gold Acquisition Corp., a SPAC. The charges revolved around Morgenthau orchestrating a scheme in which he stole more than $5 million from the company and from investors in two other SPACs that he incorporated.
• Corvex: Settlement of $1 million in April 2023. The SEC charged investment adviser Corvex Management LP with failing to disclose conflicts of interest regarding its personnel’s ownership of sponsors of several SPACs into which Corvex advised its clients to invest. Corvex also agreed to a cease-and-desist order and a censure.

Update on the D&O Insurance Market and Rates

Market Conditions

The above data and trends have real implications on the risk and risk mitigation decisions that SPAC sponsors, their target companies, investors, and deal teams make. Higher risk of litigation or enforcement, for example, yields lower availability of D&O insurance coverage and higher premiums. Overall insurance market trends also dictate the kind of coverage and costs a team should expect.

As we noted at the end of 2022, the impossibly hard SPAC D&O market started to turn. In just a few months since the beginning of the year, we witnessed one of the fastest adjustments in the wider public company D&O market ever recorded.

Many new insurers have joined the ranks and now, with an oversupply of insurance capacity and very few IPOs, insurers are competing for public D&O new and renewal business, driving rates and retentions down for almost all companies. Mature public companies are experiencing significant rate relief, and newly public companies are seeing significant rate decreases due to higher starting premiums.

What This Market Means for SPAC D&O Insurance Rates

The pressure on carriers in the overall public D&O insurance market is good news for SPACs. We are seeing more carriers interested or willing to take a second look at SPAC tails, extensions, and new go-forward programs. Competition is driving premiums down. Self-insured retention benchmarks are also dropping. More carriers are willing to be flexible on the structuring of the coverage.

However, the likelihood of a SPAC-related company getting sued continues to be higher than that of a traditional IPO or a mature public company. Carriers are continuing to keep a very close eye on each new court decision and enforcement action. For example, a recent decision from Delaware led to many carriers being unwilling to renegotiate tail pricing on the SPAC IPO policy or imposing coverage exclusions. Many are still wary of granting long extensions or reducing premium pricing on those extensions.

Our Predictions

As we predicted at the end of 2022, SPACs have enjoyed a period of reasonable D&O insurance pricing so far in 2023, and that will likely continue into 2024. However, SPAC teams and their target companies will need to make some program restructuring decisions (with the help of their insurance brokers) to adjust for the new trends in the direct fiduciary duty cases and other court decisions as they affect D&O carriers’ obligations.

An earlier version of this article appeared in the Woodruff Sawyer SPAC Notebook.

In June 2022, the Canadian Parliament enacted amendments to the Competition Act (the Act) intended to prohibit agreements between unaffiliated employers to fix wages or terms or conditions of employment (Wage-Fixing Agreements) or not to solicit or hire each other’s employees (No-Poaching Agreements).

The amendments come into force on June 23, 2023, as subsection 45(1.1) of the criminal conspiracy provision in section 45 of the Act.

Once this occurs, any new Wage-Fixing Agreements or No-Poaching Agreements will be per se unlawful and expose the parties to those agreements to significant criminal penalties (i.e., prison sentences of up to fourteen years and/or fines with no statutory limit), as well as to potential civil liability, including by way of class actions for damages.

On January 18, 2023, the Canadian Competition Bureau (the Bureau), the law enforcement agency that administers and enforces the Act, released draft guidelines for public consultation describing its intended approach to enforcing the new criminal prohibitions (the Draft Guidelines).

On May 30, 2023, the Bureau published its final wage-fixing and no-poaching enforcement guidelines (the Final Guidelines). As detailed below, while the Final Guidelines are hardly a model of transparency or clarity, they provide the business community with some comfort with respect to the scope and application of the new prohibitions.

Final Enforcement Guidelines

The key takeaways for business lawyers and their clients from the Final Guidelines are these:

• “Wage-Fixing” Is a Misnomer: The wage-fixing prohibition deals with more than just salaries and wages, also making it an offense for unaffiliated employers to enter into agreements to fix, maintain, decrease, or control “terms and conditions of employment.”
• “One Way” No-Poaching Agreements Not Prohibited: The no-poaching prohibition applies only to agreements between unaffiliated employers that are reciprocal or mutual in nature.
• Reasonable Clauses in Certain Categories of Business Agreements or Arrangements Should (Generally) Not Raise Concerns: The Final Guidelines confirm that the Bureau will “generally not” pursue a criminal investigation with respect to wage-fixing and no-poaching clauses that are ancillary to merger transactions, joint ventures, strategic alliances, franchise agreements, or staffing or IT service contracts, unless the wage-fixing or no-poaching clause in question is “clearly broader than necessary in terms of duration or affected employees, or where the business agreement or arrangement is a sham.” While the Final Guidelines offer some comfort, it is clear from certain statements in the Final Guidelines that the Bureau is prepared to second-guess the parties’ business judgement regarding the reasonable necessity of a given restraint and to take enforcement action to the extent that the Bureau concludes that an impugned restraint is “clearly” broader than reasonably necessary.
• Ancillary Restraints Defence May be Available: Outside of the categories of business agreements and arrangements enumerated above, the so-called “ancillary restraints defence” will be available in any case where the parties to the impugned Wage-Fixing Agreement or No-Poaching Agreement (the Restraint) can show that:
  1. the Restraint is ancillary to, or flows from, a broader or separate agreement that includes the same parties;
  2. the Restraint is directly related to and reasonably necessary for achieving the objective of the broader or separate agreement referred to in (a) above; and
  3. the broader or separate agreement referred to in (a) above, when considered without the Restraint, does not violate subsection 45(1.1).

• New and Ongoing Agreements Captured: The new prohibitions will only apply to new agreements entered into on or after June 23, 2023, except where the parties to agreements entered into before that date engage in conduct that reaffirms or implements those older agreements. Usefully, the Final Guidelines clarify that “at least two parties must reaffirm or implement the restraint for the Bureau to establish the […] consensus or ‘meeting of the minds’” required to ground liability.

  Accordingly, existing agreements need not be formally terminated in order to avoid criminal liability under the Act, but employers should be careful to avoid any conduct that could be seen as reaffirming or giving effect to agreements that precede June 23, 2023. The Final Guidelines also suggest that “employers may wish to update pre-existing company records and agreements, as they arise in the ordinary course, to ensure they accurately reflect its policies and intentions, and avoid unnecessary confusion.”

  Employers should also be mindful that they can be found liable even if their “agreement” was informal, verbal only, or entirely unspoken (e.g., a “wink” or a “nod”). Moreover, the existence of an “agreement” can be established based on circumstantial evidence, with or without direct evidence of communication between or among the alleged parties to it.

  We recommend that clients review all existing agreements with wage-fixing and no-poaching provisions with counsel in order to ensure that existing practices comply with the new prohibitions.

• Employers Need Not Be Competitors: The new prohibitions apply to Wage-Fixing Agreements and No-Poaching Agreements between unaffiliated employers but do not apply to such agreements between affiliated employers.^[1] By way of example, the Bureau states that agreements between two or more corporate entities that are controlled by the same parent company do not violate the new prohibitions.

  The new prohibitions apply regardless of whether unaffiliated employers are competitors in the supply of a product (although the Bureau notes that it will prioritize its enforcement on Wage-Fixing Agreements and No-Poaching Agreements between employers that would otherwise compete in the purchase of labor).

• “Employer” Broadly Defined: The definition of “employer” is broad and includes directors and officers, as well as agents or employees, such as human resources professionals. As a result, corporations may be vulnerable to liability if an offending agreement is entered into between an officer of one corporation and a director of the other, for example.
• “Employee” Relationship to Be Evaluated on Case-by-Case Basis: Whether an individual is characterized as an “employee” for the purposes of the new prohibitions will be evaluated on a case-by-case basis and will depend on the laws and circumstances under which the relationship with that “employee” or “independent contractor” was entered into. Accordingly, the common law tests on whether a person is properly characterized as an employee or independent contractor may be relevant in considering whether the new prohibitions apply. The Final Guidelines include a reminder to employers that “depending on applicable legislation, their relationship with independent contractors could evolve over time. For example, if an employer treats an independent contractor as an employee, the business contract between them could transform into an employment relationship.”
• Conscious Parallelism Not Prohibited: “Conscious parallelism” on its own will not be a violation of subsection 45(1.1). According to the Bureau, “conscious parallelism” occurs “when a business acts independently with awareness of the likely response of its competitors or in response to the conduct of its competitors.” However, the Bureau also cautions that parallel conduct coupled with facilitating practices (for example, sharing commercially sensitive employment information, such as employment terms) may be sufficient to prove that an illegal agreement was concluded.

Implications of the New No-Poaching and Wage-Fixing Prohibitions for Business Lawyers and Their Clients

1) No-Poaching Agreements

In section 2.2 of the Final Guidelines, the Bureau confirms that the no-poaching prohibition is limited to instances where unaffiliated employers agree not to poach “each other’s” employees. Therefore, as noted above, agreements must be reciprocal or mutual in nature in order to violate the no-poaching prohibition. “One-sided” or “one-way” agreements, where only one party agrees not to poach another’s employees, will not be an offense.

Importantly, this means that customary one-sided no-poaching/non-solicitation clauses in confidentiality and non-disclosure agreements commonly used in the diligence phase of merger transactions, joint ventures, and strategic alliances will not be subject to enforcement action by the Bureau. It bears noting, however, that the Bureau’s interpretation of the Act is not binding on the courts, and private plaintiffs (including class action plaintiffs’ lawyers) may still seek to bring damages claims with respect to one-way agreements. In this regard, the Final Guidelines note that “[t]he courts are responsible for the final interpretation of the law.”

Further, the Bureau cautions that “separate agreements between two or more employers that result in reciprocating promises not to poach each other’s employees” may trigger liability.

2) Wage-Fixing Agreements

The new prohibitions also criminalize so-called “wage-fixing.” As noted above, the prohibition makes it an offense for unaffiliated employers to enter into agreements to fix, maintain, decrease, or control not only wages and salaries but also “terms and conditions of employment.”

In its Draft Guidelines, the Bureau specified that “‘terms and conditions’ include the responsibilities, benefits and policies associated with a job. This may include job descriptions, allowances such as per diem and mileage reimbursements, non-monetary compensation, working hours, location and non-compete clauses, or other directives that may restrict an individual’s job opportunities” but then unhelpfully undercut this guidance by adding that “[t]he Bureau’s enforcement generally is limited to those ‘terms and conditions’ that could affect a person’s decision to enter into or remain in an employment contract” (emphasis added). Despite extensive criticism of the overbreadth and unhelpfulness of this guidance, no clarification was provided in the Final Guidelines.

Wages, salaries, and other terms and conditions of employment should therefore be treated as competitively sensitive information (CSI) in M&A diligence processes and in developing and implementing appropriate safeguards against the disclosure of CSI in the context of joint ventures, strategic alliances, and other commercial collaborations. Guidance should be sought in advance of providing due diligence information in order to ensure that CSI is not disclosed and that only “clean teams” gain access to CSI.

In the preface to the Final Guidelines, the Bureau states that it “may revisit these Guidelines in the future in light of experience, changing circumstances and legal developments.” As time passes and experience with the new prohibitions grows, one may hope that the Bureau will indeed revisit its enforcement approach vis-à-vis merger transactions, joint ventures, strategic alliances, franchise agreements, and staffing and IT service contracts and, consistent with the economic and procompetitive benefits generated by such business agreements and arrangements, will limit the application of the no-poaching and wage-fixing prohibitions exclusively to circumstances where the broader (or separate) agreement between the parties is a sham.

1. Under subsection 2(2) of the Act, affiliation is defined with reference to control. When two employers are controlled by the same parent company or individual, they are said to be affiliated. ↑

Diversity, equity, and inclusion (DE&I) is ever evolving, and the right answer on many DE&I issues is not always immediately evident. People have questions that they may or may not be afraid to ask. “Dear Alex,” a new column created by the ABA Business Law Section’s Diversity, Equity, and Inclusion Committee, is the reader’s chance to ask all about DE&I anonymously. Think of it like the old “Dear Abby” columns, but for DE&I. In each column, the Dear Alex team will answer a question related to DE&I. These questions can be interpersonal, like how to respectfully address a colleague who is transitioning from one gender to another, or even professional, like how to convince senior partners at your firm that investing in DE&I can be a competitive advantage. If you’ve ever had a DE&I question that you have been afraid or otherwise unable to ask, now is your chance to ask “Alex.” Questions can be submitted at the form linked here.

***

Dear Alex,

Another associate at my firm told me that he’s transitioning. He’s the first trans person I’ve met, and I do not want to accidentally offend him. How do I approach this?

Sincerely,

Cis and Confused

Dear Cis and Confused,

Your coworker confiding in you is indicative of the trust between you two.

To respectfully approach this, we recommend a follow-up with your coworker over coffee, lunch, or whatever makes sense for your working relationship. Thank them for being open and trusting you. They might’ve chosen new ways to identify themselves, so ask what pronouns and name they prefer you use when referring to them privately and publicly. Ask how private this matter is. You may be the first person at the firm they’ve told, and you never want to out someone without their explicit prior consent; their transition is not your story to tell. Finally, ask what else you can do to support them. Moving forward, honor their wishes and continue business as usual. Be mindful that as your coworker continues their journey, they may change their name, pronouns, or gender presentation one or more times. They’re exploring their identity. It is your job to affirm them at every step.

Transitioning can involve different things for different people, and, importantly, there is no “correct” way. One aspect is internal transition, which is the understanding your coworker did to realize their identity. Another is social transition, or the “coming out” aspect of your coworker changing how they present themselves to others, which may involve changing their name and pronouns. Transitioning can also involve legal processes, such as updating documents with a chosen name, and gender-affirming medical care. But, as we noted, there is no one way to transition. Your coworker may never change their name or pronouns but may change the way they dress. They may choose some types of medical care but not others. All means of transitioning or not are valid, and choosing one type of transition but not another doesn’t make them any less trans.

Importantly, it is up to your coworker to share with you, if they want, any details about their transition. They do not have to tell you, and you should respect their privacy and boundaries.

We want to circle back to pronouns. We noted that your coworker’s pronouns may change as they explore their identity. We’ve been referring to your coworker using “they,” and you used “he” in your question. We aren’t certain if “he” is your coworker’s old pronoun or new since they just came out to you. When unsure, we at Dear Alex opt for gender-neutral pronouns. The follow-up conversation we recommend will allow for the dialogue between you and your coworker and a chance to learn what pronouns to use with your coworker moving forward.

We think a discussion of pronouns may help. As an initial point, people whose gender matches the one they were assigned at birth are referred to as “cisgender,” and like everyone, they have particular sets of pronouns they are or are not comfortable using. For example, if you’re a cisgender man (i.e., you grew up being called a boy, felt affirmed by and comfortable with that, and still identify as a man today), you likely use the pronouns he/him/his. Trans people may switch from one set of gendered pronouns to another (e.g., he/him/his to she/her/hers). On the other hand, they might opt for gender-neutral pronouns like they/them/theirs^[1] or xe/xem/xyr.

For both trans and cis people, using the correct pronouns is the only respectful thing to do; for your trans colleague, it’s far from the only way to show you support them, but it’s a starting point. But what if you accidentally use the wrong pronouns or “misgender” them? It can happen, and the important thing is to give a quick apology using your coworker’s correct name and/or pronouns and then, throughout the rest of the conversation, use their correct name and/or pronouns. Don’t ask for forgiveness or get emotional—then you’re making it about you and not them. By correcting yourself and striving to correctly identify them, it will show them the effort you’re making. If your coworker pulls you aside and explains a mistake you made, thank them for telling you, apologize briefly, say you’ll do better, and then do better. Remember when a trans person tells you that you made a mistake, they’re saying, “I value our relationship despite mistakes you might’ve made. My correcting you is a way to preserve it.”

We gave you lots of information. Thankfully, it boils down to this: when your trans coworker tells you how to respect them, do what they ask. We’re excited for you both and hope this information will help you do right by your coworker.

Sincerely,

Alex

Dear Alex,

My company just hosted a great information session on neurodiversity. I learned a lot, and I now suspect one of my colleagues might have a neurodivergent condition. How do I ask them about it?

Sincerely,

I just want everyone to feel supported

Dear Supporter,

The answer to your question is very simple: you don’t. Neurodivergent conditions like autism and Tourette’s syndrome are, at the end of the day, medical diagnoses. There is no respectful way to ask a colleague if they have a medical condition, and that is none of your business, no matter your intention. The best way you can support your colleague is to continue being kind and respectful. If your colleague does have a neurodivergent condition, they might decide to tell you at some point. It is their choice.

If you are a manager and suspect one of your direct reports may be neurodivergent, it is still their choice whether to tell you. In the meantime, be a good manager—someone your team can trust and come to when they have an issue. Make it clear to your reports that you are on their side and that they can come to you about anything, substantive or otherwise. Create that environment for them. Then, if a neurodivergent direct report or colleague feels like you need to know about their condition, they’ll tell you and let you know how you can specifically support them.

We understand this may not be the answer you were hoping for, but it’s the correct one. Some of us here at Dear Alex are neurodivergent and have had our boundaries crossed, and we hope this helps you to avoid such a scenario.

Sincerely,

Alex

Dear Alex contributors from the BLS Diversity, Equity, and Inclusion Committee rotate and include David Burick and Michael Sabella, among others.

1. We aren’t going to get into a grammatical discussion of the singular “they,” as it has been in use in written English for over 600 years (see, e.g., the works of William Shakespeare and Geoffrey Chaucer). ↑

Corporate counsel and other business attorneys may be most familiar with insurance companies in the context of a specific coverage issue or filing a claim. The CFO, risk manager, and others of similar training are often the ones assigned to explore the nuances of the financial aspects of renewing insurance coverage and negotiating with various brokers and prospective insurance carriers. Therefore, a business attorney asked to assist in the formation of a new entity in the corporate family—a licensed insurance company no less—may feel at a bit of a loss as to how to proceed. This article provides an introduction to the formation of a captive insurance company for business attorneys.

Captive Insurance Companies: The Basics

A captive insurance company is, at its center, an insurance company. It assumes risks from a policyholder and becomes responsible for paying out claims and other costs in accordance with the contract of insurance. In exchange, it receives a premium payment. What makes a captive insurance company unique is that its policyholder is usually also its owner. This makes a captive a formalized form of self-insurance. However, unlike regular self-insurance, where funds are stored on the company’s balance sheet, a captive holds its accounts separately from the parent.

The motivation to form a captive can include a necessity to streamline the company’s balance sheet so that held reserves don’t look like the management is just sitting on cash. A captive insurance company can potentially write independently verifiable contracts of insurance, which may be statutorily or contractually required. In certain cases, a captive can write a contract of insurance to a related third party. This can ultimately generate third-party income for the captive insurance company itself.

A captive insurance company is established by forming a company in one of the over thirty US states or territories, or one of many foreign countries such as Bermuda or the Cayman Islands, that authorize the formation of captive insurance companies. The new entity is then licensed by that domicile’s insurance regulator as an insurance company once all local requirements have been met.

Early in the formation process, the prospective captive owner will obtain a feasibility study that will explore the risks to be insured and make recommendations on the appropriateness of a captive, possible lines of insurance coverage and their relation to existing traditional commercial insurance coverage, and estimates on premiums and overhead expenses. This study is typically led either by a full-service insurance broker or an independent captive manager, with input from other experts such as risk management professionals, accountants, actuaries, and attorneys.

Typically, prospective captive owners will have specific risk exposures in mind before considering forming a captive. Volatile high-severity but low-frequency risks such as extreme weather events, cyber-attacks, or key product liability risks are but several types of risk that may be good candidates to partially or fully cover in a captive insurance program. It can be very difficult to obtain insurance coverage for these risks in the traditional commercial marketplace.

Risks for Starting a Captive

A company seeking to self-insure through a captive must consider all scenarios. An ill-timed adverse event may place both the captive and its parent company in dire circumstances. A new captive will not start out with ample capital on hand to deal with one or more serious casualties; in fact, it may take many years for a captive to build up such capital.

Taxation Issues

Any insurance company, from the perspective of the Internal Revenue Service (IRS), basically collects premiums on one day and holds them for an indeterminate time until they are paid as a claim; used toward overhead; or, in most circumstances, held as taxable income.

The IRS has for more than a decade highlighted potential risks of unlawful tax evasion through the use of captives. A poorly designed captive and one not carefully monitored can bring down significant tax penalties for both itself and its parent.

Certain captive insurance companies, electing a provision under I.R.C. § 831(b) as long as their premiums don’t exceed $2.65 million in 2023, will not pay any tax on any underwriting income but also will not gain any deduction if there is an underwriting loss. The problem with this “micro-captive insurance company” arrangement, from the IRS’s perspective, is that if the insurer-owned insurance company could all but guarantee that no claims would be filed, the taxpayer could defer its tax obligations indefinitely. Aggressive captive insurance promoters can entice business owners with the prospect of substantial indefinite tax deferral utilizing an 831(b) election. Businesses can then fall into the difficult circumstances outlined in Avrahami v. Commissioner, 149 T.C. 144 (2017), where the U.S. Tax Court found that the taxpayer’s wholly owned captive was not bona fide insurance, disallowing deductions for premiums paid into the captive and imposing substantial penalties.

Properly designed captives avoid forcing captive owners to take aggressive tax positions. However, the IRS has been less than clear in providing guidelines to aid business owners who legitimately desire to efficiently use a captive for risk management and risk financing purposes. It is essential for corporate attorneys to temper the enthusiasm of business owners for taking overly aggressive tax positions that may end up doing long-term harm. Corporate attorneys should further encourage business owners to make reasoned decisions about a captive insurance program after receiving quality, independent tax, legal, and accounting advice.

Solutions for Problematic Situations

A captive insurance company can provide a unique solution to what would otherwise be an intractable problem. For example, a corporate acquisition may be at an impasse over the status of a preexisting lawsuit against the target company. A captive insurance company may be able to write a specialty line of insurance, ride out the issue at hand, and help facilitate the transaction.

Public companies also can look to a captive to help facilitate a self-insurance strategy. Businesses that value steady and predictable earnings and expenses sometimes shy away from self-insurance solutions where large, expected losses incurred at inconvenient times can wreck an otherwise attractive balance sheet. By transferring those risks to a captive insurance company, the business can appropriately and steadily account for the costs associated with that risk.

Captive insurance can be an effective risk management and risk financing tool. Companies can use a captive to reap the benefit of better-than-peer risk mitigation efforts. Captives can help smooth out the peaks and valleys of a company’s balance sheet. As captive insurance becomes more regularly utilized by businesses large and small, corporate attorneys are increasingly likely to be called upon to opine on the merits of a captive insurance program. Helping a company form a captive for the right reasons and utilizing best business practices can provide a real long-term benefit.

This article is based on a CLE program that took place during the ABA Business Law Section’s 2022 Hybrid Annual Meeting. To learn more about this topic, view the program as on-demand CLE, free for members.

In 2015, Forbes published a report that ranked Grand Rapids, Michigan, fifty-first out of fifty-two markets in the United States where African Americans were doing the best economically. In other words, Grand Rapids^[1] was the second worst market in the country for African Americans to experience economic prosperity.^[2] Eric K. Foster has cited this report as one of the key catalysts for the formation of Rende Progress Capital (RPC), a Community Development Financial Institution (CDFI) committed to racial equity in lending and economic prosperity.

After connecting through the W.K. Kellogg Foundation Fellows program, Foster and co-founder Cuong Q. Huynh launched RPC in 2018 to support “Excluded Entrepreneurs of Color”^[3] with small business loans and business technical support. During the four-plus years following its formation, a period overlapping with the worst of the public health and economic havoc of the COVID-19 pandemic, RPC made more than forty loans in both its Standard/Growth Loan Product and the RACE4Progress COVID Loan to companies owned by Excluded Entrepreneurs of Color. Most of those companies remain in business and are actually growing despite the challenges of the last several years. Underscoring the funding gap that RPC seeks to close, 70% of the enterprises in its loan portfolio are owned by entrepreneurs who had never secured a business loan from any source of debt financing prior to working with RPC.

Miller Johnson is a Michigan-based law firm, with more than 125 attorneys working from offices in Grand Rapids, Kalamazoo, and Detroit. In late 2020 and early 2021, RPC and Miller Johnson developed a pro bono legal services offering for RPC borrowers. The guiding principle of this offering has been for RPC borrowers to receive pro bono legal services, and for Miller Johnson attorneys to provide those services, in substantially the same way that non–pro bono clients interact with their counsel. For example, RPC and Miller Johnson intentionally omitted any kind of hard billable hours cap on client services, and the core team of attorneys working on these matters represented all of the essential competencies of a full-service, mid-size law firm (e.g., corporate, employment, real estate, intellectual property, tax, and so on). Importantly, the team of attorneys working with RPC’s borrowers was also diverse in race and other characteristics. Miller Johnson also modified its timekeeping and accounting systems so timekeepers (including all paralegals, associates, and partners) would receive billable credit (both hours and “phantom” revenue) based on their time commitment and value added to this program.

In the following Q&A, Eric K. Foster (EKF) shares with Erik R. Daly (ERD) of Miller Johnson some of his insights in forming RPC, the choice of a CDFI structure, and making the most of community partnerships, with an emphasis on pro bono legal services offerings.^[4]

* * * * * *

ERD: Did you consider structures for funding Excluded Entrepreneurs besides a CDFI? Why did you ultimately decide to form a CDFI instead of another option?

EKF: In forming RPC, we knew our structure needed to match the market we sought to serve. A CDFI loan fund made more sense for our target communities of “Excluded Entrepreneurs of Color” than, say, a venture capital approach, which would have taken ownership away from our entrepreneur customers. We could have pursued a fintech model, but the costs of the technology platform would have been prohibitive at the time. We also would not have had the same level of engagement or trust with the communities of color with which we wanted to work.

A bank would have been too expensive due to regulatory costs and would have been misaligned with our objectives. The CDFI structure allowed for more consideration of subjective criteria in the funding process. It also helps potential customers to understand barriers and access technical assistance better. That said, a CDFI may sound like a simple “capital in, capital out model,” but it is more challenging than it may initially appear. What makes it challenging is also what makes it rewarding, though.

ERD: How did you define the “Excluded Entrepreneur of Color” concept? Were any of the decisions impacted by using a CDFI structure?

EKF: From day one, everything about setting up our racial equity loan fund was focused on “disinvested communities”—particularly at the time of founding in West Michigan. The target market was never in question. The specific terminology developed alongside the structuring in our pre-launch phase.

In market research, the word “excluded” came up very frequently as a barrier to small business financing in our region. Many target customers expressed an experience of “exclusion” from their local economy, funding opportunities, and the marketplace in general. One person stated they felt “isolated from capitalism.” So, our community’s needs pointed us toward a CDFI, not the other way around.

ERD: Can you discuss your approach to partnering with various community organizations to launch and sustain RPC (e.g., funders, directors, advisors)?

EKF: Three philosophical principles drive our approach to partnerships.

First, a partner must demonstrate an understanding of and practiced ability to embrace racial equity (as opposed to “mere” diversity and inclusion). That means all partners (capital or non-capital) must demonstrate an embrace of racial equity. By “racial equity,” we mean “arriving at a condition where one’s racial identity—in a statistical sense—no longer determines how one fares in life.” We partner with those who practice or demonstrably take efforts to understand racial equity, as so defined. We have declined partnerships with organizations that reject this definition of racial equity or that have undertaken no efforts to better understand racial inequity in our communities.

Second, there must be a non-superficial reason for the partnership. We are not interested in working with people who only want to do so for marketing or goodwill reasons. There needs to be a motivating reason beyond public relations. Capital partners need to help grow and sustain returns for investors through operational support or otherwise. Non-capital partners need to be able to provide social capital or in-kind services that would otherwise be a large expense and/or inaccessible for the communities we serve.

Third, we use a partnership agreement to create alignment and understanding across specified key areas of partnership. The partnership agreement helps make sure everybody is aligned in RPC’s racial equity definition and ensures clarity and transparency in a number of critical areas, such as the diversity of our partner’s project/engagement team, racial equity training, nondiscriminatory practices, and related issues. The partnership agreement also helps RPC and its partner define mutual goals and periodically assess how well the arrangement is proceeding.

ERD: What types of attributes do you look for in partners, advisors, and board members?

EKF: First, it is important to reemphasize that racial equity and diversity, equity, and inclusion (DE&I) are distinct tactical goals. So, we may partner with those on the DE&I journey even if they have not yet achieved or fully embraced our definition of racial equity. At a minimum, though, our partners must understand the concept of racial equity, since this will allow them to begin to appreciate where our customers are situated in the broader economic and social environment. Second, they need to have a certain level of understanding and empathy as a basis for engagement with our customers. The ability to listen to clients without making assumptions is critical.

For advisors and board members, we seek out exemplars in the practice of racial equity and/or evidence of willingness to learn about and implement racial equity practices. Of course, we also require proficient knowledge and expertise, together with real world applications in the areas of business, finance, economics, and/or investments. There is absolutely no “tokenism.” There are plenty of extremely competent professionals who qualify as potential advisors and board members. For our loan committee, we require a majority of the members to be people who are representative of our target markets.

ERD: Relatedly, can you discuss your process for achieving alignment with partner organizations through written agreements? As a legal partner, we found the partnership agreement process very helpful in ensuring mission and values alignment.

EKF: Our partnership agreement helps ensure alignment between organizations based on the process of responding to the questions and prompts and, as importantly, discussing those responses. Unfortunately, we have declined to partner with some organizations that did not have any genuine reflective experience or understanding to achieve basic concepts of DE&I, let alone an understanding or embrace of racial equity ideas. Some responses demonstrated a lack of cultural competencies. We have even turned away potential capital partners, and some capital partners have decided against partnering, because of our unequivocal stance on Excluded Entrepreneurs of Color and definition of racial equity. Some were not ready to agree with the notion that certain communities had been denied capital based on racial criteria.

ERD: Do you expect or require your borrowers to clear certain legal hurdles before qualifying for a loan?

EKF: Yes, we require all borrowers to have properly formed their business entities with appropriate governing documents and federal tax ID numbers (EINs). Our Race for Progress loans are also flexible enough for us to consider other factors for those individuals with non-legal status, such as certain immigrants. We also require proof of appropriate and sufficient insurance. While insurance is not necessarily required at the early stage of a business, there needs to be a very good explanation or compelling reason why no insurance needs to be in place at that time. Much of the remaining information required is financial.

ERD: Did your borrowers ask RPC for advice on legal issues or referrals for legal counsel before RPC and Miller Johnson partnered on the pro bono legal service program? Do you know if they were receiving legal advice at all?

EKF: Prior to our partnership with Miller Johnson, RPC did not get many specific requests for referrals for the broader suite of services that a law firm is able to offer. Sometimes, there would be a reactive issue that a borrower brought up, such as contract or collections disputes with customers. For example, timeliness of payment on invoices may be different and also other lessons learned on contract terms. However, borrowers often expressed legal issues as “frustrations,” rather than legitimate grievances that somebody could help them respond to or for which they could obtain a remedy.

During the first two years of the pandemic, we also received a number of inquiries and questions about COVID-related issues, such as small business grants, loans (PPP and EIDL), and state/local regulations.

ERD: What factors were/are important to RPC in establishing and sustaining a legal services partner for your borrowers/customers?

EKF: A key benefit of partnership has been providing a constructive forum for our borrowers to discuss their businesses with professionals who maintain confidence, identify risks and opportunities, and take action zealously to advance their interests. Putting issues out on the table as legal issues—as opposed to simply frustrations—opened up conversations and opportunities for confidentiality, attorney-client privilege, and other topics. Most borrowers were expressing frustration, but not really accessing legal advice outside of the minimum hurdles we require to obtain a loan. It’s very likely that some borrowers would have just tried to persist through a legal issue rather than pursue a legal ally and advocate.

Also, working with pro bono clients in the same fashion as billable clients was a very important factor. For example, working with a borrower/client on cross-disciplinary issues and identifying, not just legal challenges, but opportunities proactively, has been a big benefit to our borrowers. Some “pre-packaged” or standardized legal services can be helpful very early on, but customizing the client relationship and thinking about the client as a longer-term relationship was an important distinction.

ERD: What issues did you observe in your borrowers accessing COVID-related loans, grants, and other financial assistance in the 2020–2022 timeframe?

EKF: Many borrowers (or potential borrowers) came to RPC for our COVID relief loan product, which we call the “Race for Progress COVID Relief Loan.” Our community partners encouraged us to provide this loan product, especially for those businesses that were unable to take full advantage of PPP loans and/or employee retention tax credits. RPC was also able to provide a longer-term financial foundation and partnership as opposed to a one-off grant or tax credit.

Tragically, we also saw authentic business harm and intimate stories of very difficult choices between personal and family health issues and supporting businesses financially. Specifically, we saw businesses having to choose between investing in their commercial survival versus providing financial support to family members (or survivors of those lost to COVID).

ERD: Has the COVID experience significantly impacted your approach to lending and/or technical support?

EKF: We provided some new loan products, as mentioned previously, but also now provide different technical support. To that end, during the COVID experience, we observed more tangibly the latent risks that businesses face. We are still seeing the impacts of COVID on general economic conditions, as our borrowers continue to dig out and recover. We try to be patient and creative in offering workout plans with those borrowers hit hardest.

ERD: You hold a stakeholder conference at least once a year. Can you describe the goals of the stakeholder summit?

EKF: The main goals are providing transparency in our progress toward stated goals and accountability toward mutually agreed upon desired outcomes. The summits are also opportunities to solicit dialogue among RPC and our stakeholders to explore new ideas and opportunities. We try to create a shared space for the community of partners to collaborate and share best practices.

ERD: Do you have any advice to share with other CDFIs or law firms thinking of forming partnerships to provide pro bono support to CDFI borrowers?

EKF: For CDFIs, I would say, “Do it!” Referring borrowers to law firm partners helps manage the latent risk factors I mentioned earlier. These partnerships also enhance borrowers’ social capital and open up opportunities for firms to provide technical assistance about legal service providers. Even though the pro bono relationship may not last indefinitely, participation can help our borrowers become savvier about using lawyers in the future.

At a recent CDFI conference, during a seminar on “best practices” for risk management, we shared our experience working with your pro bono program. Our peers’ eyes opened wide. We realized and shared with our colleagues that it is beneficial to both the borrower and to the CDFI itself to form these partnerships. It’s not just a “nice thing” for your borrowers to be able to access but can enhance the CDFI’s revenue and manage risk in the long term. It’s also a great way for law firms, such as Miller Johnson, to make sure they are consciously thinking about “blind spots” in their communities and working toward racial justice and racial equity.

This article is related to a CLE program that took place during the ABA Business Law Section’s 2023 Hybrid Spring Meeting. All CLE programs were recorded live and will be available to view free for Business Law Section members.

1. Grand Rapids, Michigan, is located in Western Michigan. Detroit is approximately 160 miles east of Grand Rapids, and Chicago is roughly 180 miles southwest. Other Michigan locations within a roughly one-hour drive from Grand Rapids include Lansing, Kalamazoo, Muskegon, Grand Haven, and Holland (among others). ↑

2. Other “Rust Belt” cities toward the bottom of this 2015 list included Milwaukee, WI; Cincinnati, OH; Pittsburgh, PA; and Cleveland, OH. Worth noting, though, is that a number of prosperous West Coast hubs (at least, prosperous for some people) were also included in the bottom half of the list, including San Francisco-Oakland, CA; Los Angeles, CA; and Seattle, WA. ↑

3. RPC defines “Excluded Entrepreneurs” to encompass “African-American, Asian, Latino, Native American, and Immigrant business owners facing racial bias and exclusion in some traditional lending.” ↑

4. Following is the Mission Statement created jointly by the core team of Miller Johnson attorneys that worked with Rende Progress Capital to launch this pro bono legal services partnership: “Our mission is to provide high caliber, no cost pro bono legal services and value to Michigan’s African-American, Asian, Hispanic/Latino, Native American and Immigrant business owners of color through professional services with a personal touch, while seeking opportunities to engage and network with Excluded Entrepreneurs for mutual growth, ally ship and opportunity.” ↑

The responsibility to create diverse and inclusive environments is part of a business’s success.^[1] Not only is it a moral obligation, but also it brings a range of benefits. This responsibility can also be seen as part of a business’s adherence to the rule of law, particularly when connected to its legal obligations to avoid discrimination. Further, the rule of law is enhanced by including many perspectives in the legal system. For an enterprise to reflect its customers and employees, it must include people with disabilities.

People with disabilities represent 27.2 percent of people living in the United States according to a November 2018 report of the US Census Bureau, and yet employers have much to do to improve their inclusion in organizations, the economy, and our societies.^[2]

The legal profession is no exception to this: it needs to do a better job of employing and including all professionals with disabilities. In fact, as Michelle DeVos of Holland & Knight wrote in an October 2020 piece about the need to break down more barriers for attorneys with disabilities, “The legal profession is one of the least diverse professions in the nation.”

The National Association for Law Placement (NALP) published research in December 2022 indicating that law firms consisted only of 1.2% of lawyers with disabilities in 2021. The NALP piece also notes that law school graduates with disabilities were more likely to hold some other marginalized identities.^[3] As it’s Pride Month, it’s worth noting that graduates with disabilities from the Class of 2021 were more than twice as likely to identify as LGBTQ compared to the class overall; people with disabilities can experience the workplace and discrimination in it differently depending on other aspects of their identities. In its 2019 Report on Diversity in U.S. Law Firms, NALP also reported: “Just under half of one percent of partners (0.46%) self-reported as having a disability in 2019, down slightly from 0.52% in 2018.”^[4]

Employing people with disabilities is a rule of law issue. The World Justice Project’s Rule of Law Index, which evaluates the rule of law in countries around the world on an annual basis, includes absence of employment discrimination within its measurements. As part of evaluating whether the rule of law in a country is strong enough to deliver fundamental human rights, sub-factor 4.1, “Equal treatment and absence of discrimination,” measures “whether individuals are free from discrimination… with respect to public services, employment, court proceedings, and the justice system.”

Hiring people with disabilities is not only the right thing to do from a moral and rule of law standpoint, but it can also provide a range of benefits to the enterprise. First, hiring people with disabilities can improve an employer’s reputation and public image. In today’s society, consumers are increasingly looking for providers that are committed to diversity and inclusion, and hiring people with disabilities can help the employer stand out positively.

Second, hiring people with disabilities can bring a unique perspective and set of skills to the organization. People with disabilities often have to overcome challenges and develop creative solutions. They may also have expertise in areas related to disability law, such as special education or accessibility laws. Accordingly, they are excellent members of a legal team that is focused on offering creative solutions and can have a piece of deep knowledge about problems the project can face.

Third, hiring people with disabilities can help an employer comply with various laws. For example, the Americans with Disabilities Act (ADA) requires employers to provide reasonable accommodations to employees with disabilities, and the failure to do so can result in legal consequences. By hiring and appropriately providing accommodations to people with disabilities, an employer can proactively meet one aspect of its obligations under the ADA and avoid potential legal issues. The ADA served as inspiration for the later framework developed by Mexico and other countries in enacting the United Nations’ Convention on Rights of Persons with Disabilities (CRPD).

The work to be inclusive and equitable doesn’t stop at hiring. One international investment bank includes employees and allies of people with disabilities by creating an employee resource group. (Notably, one of the group’s founders, Meg Cimino, is an American lawyer who has spoken to the American Bar Association Business Law Section.)

Further, the UK government recently funded a report through its organization DRILL (Disability Research on Independent Living & Learning) to learn more about career experiences of disabled people in the legal profession. It shows that lawyers with disabilities face bias and makes detailed recommendations to employers and the profession at large to address issues in hiring and in the workplace. Even though the recommendations were made in the UK context, they would also help employers in other jurisdictions. In one example, the recommendations supported efforts by professional associations to support lawyers with disabilities through organizations like the ABA Commission on Disability Rights in the United States. (In one illustration of the support businesses can have for disability inclusion when working with professional organizations, the ABA partnered with a major international business to support law students with disabilities through a summer internship program.)

Employers internationally should ensure disability is part of their DEI efforts. Consideration of ability status belongs alongside thoughtful attention to race, gender, sexual orientation, and religion in both social and corporate legal environments. As part of that, not only organizations’ work environments but also their digital offerings, websites, and mobile apps should be accessible to and usable for people of all abilities. As the AccessAbility Works podcast says, in addition to “the value of true inclusion,” “maximizing the full use and functionality of digital platforms and technologies makes good business sense.”

To hire effectively and support people with disabilities (whether employees or customers), employers should take a few fundamental steps. First, they should make sure their physical space is accessible, with features such as ramps and accessible bathrooms. They should also provide any necessary accommodations, such as assistive technology or modified work schedules. Additionally, employers should provide training to their staff on disability awareness and inclusion. This can help ensure that people with disabilities are treated with respect and given the support they need to thrive.

In conclusion, hiring people with disabilities is not only the right thing to do, but it can also bring a range of benefits to an employer. By creating an inclusive and diverse work environment, a business can improve its reputation, bring unique perspectives and skills to its team, and comply with the law.

Employers can play a key role in promoting inclusion, diversity, equity, and access (IDEA) in their organizations and creating a more inclusive legal profession. All employers need to prioritize the hiring, retention, and promotion of people with disabilities to create a more diverse and inclusive workplace.

1. Note that the term employer follows the broad practice of the American Bar Association Business Law Section and does not refer to the work environment. The work environment can be a government entity, a company, a nonprofit organization, a law firm, etc. ↑

2. See also the US Census Bureau’s webpage collecting data and publications related to disability. ↑

3. Earlier NALP publications on attorneys with disabilities can be found within NALP’s Research & Statistics resources. ↑

4. Table 11 in the report (“Lawyers with Disabilities — 2019,” page 30) provides more details. ↑

Introduction

The floating lien is a cornerstone of commercial finance. Whether it be retail merchants, grocery stores, or auto dealers, this security device underpins the transactions through which most businesses manage and fund their operations. The primary assets encumbered by a floating lien are a business’s inventory and accounts receivable, as they constitute the “immediate core of a commercial debtor’s enterprise.”^[1] Indeed, a significant motivation behind the eventual drafting of Article 9 of the Uniform Commercial Code was a desire both to explicitly allow and also to simplify the creation of a floating security interest capable of encumbering all present and after-acquired personal property of a debtor to secure all present and future obligations owed to a secured creditor.

As almost everyone is now aware, the Uniform Commercial Code was recently amended (henceforth, the 2022 UCC Amendments) to take into account emerging technologies, such as certain kinds of digital assets. Specifically, the new Article 12 creates the concept of a controllable electronic record (CER), creates the associated notion of control, and provides a regime under which a purchaser can acquire these digital assets free from competing claims or defenses (the so-called take free rules). Coextensively, amended provisions of Article 9 provide that CERs can be used as collateral, that a security interest in these assets can be perfected both by filing and control, and that security interests in CERs perfected by control have priority over those perfected by filing. In this article, we explain how the new 2022 UCC Amendments can be used to create a floating lien—not just over traditional tangible goods and their related receivables, but also over CERs.

The NFTs Market

Imagine a firm that is in the business of “minting” and selling non-fungible tokens (NFTs), such as Dapper Labs or Yuga Labs. Though there is no universally accepted definition of NFTs, they can be broadly described as digital assets that are uniquely identifiable and one of a kind within a specific system. NFTs are widespread in distributed ledger technology (DLT) networks, such as Ethereum, Solana, Avalanche, and many others.

NFTs have found broad adoption in a variety of business endeavors. The prevailing use case for NFTs is associated with the concept of tokenization.^[2] This is the process whereby a person creates an NFT and asserts that it represents specific tangible or intangible property, such as a painting, a rare car, a digital image, or an ownership interest in a company. Alternatively, the NFT can be presented as entitling its holder with the right to receive a service, such as access to a concert or other event. In principle, the innovative commercial proposition is that the NFT acts as unique digital indicator and identifier for property or services to which it is purportedly linked.

There are presently two primary models for tokenizations: intermediated and disintermediated.^[3]

Intermediated Tokenization

Intermediated tokenization is prevalent in the high-volume, low-value NFT market. Under this model, individuals create and sell NFTs relying on online platforms such as Rarible, SuperRare, Foundation, or Mintable. It’s a process that involves several steps, which can be delineated as described below.

First, an individual establishes an account on a minting platform and links it to the individual’s digital wallet, enabling the transmission and receipt of funds for NFT minting and subsequent sales. Leveraging the interface of the minting platform, the individual uploads a digital image, text, or musical composition that purportedly will be linked to the individual’s soon-to-be-minted NFT. At this stage, the individual also selects a preferred method of monetizing the NFT, typically via a direct sale or an auction.

Second, the platform executes two core functions: minting the NFT and generating a dedicated web page devoted to this token. To accomplish the former, the minting platform typically relies on a smart contract^[4] executed on a DLT network of choice. The web page showcases the uploaded content—i.e., the digital image, text, or music—alongside any other information provided by the individual creating the NFT.

Third, both the minting platform and the NFT originator actively endeavor to attract prospective purchasers through various means, including targeted advertising via social media and other relevant channels. Once a buyer emerges, the minting platform assumes the role of an intermediary, facilitating payment processing and effectuating the transfer of the NFT. The material execution of this final step might differ depending on the technological structure adopted by the platform.

In most cases, the NFT will be transferred to a wallet cryptographically controlled by the buyer. Alternatively, the NFT might remain in an omnibus wallet controlled by the platform if both the creator and buyer of the NFT have accounts on the platform itself. This is not dissimilar to how banks manage fund transfers when counterparties both have accounts at that institution.

Disintermediated Tokenization

The other tokenization model is disintermediated. This approach has been utilized by notable artists and corporate issuers—including Pak^[5] (Merger NFT), Beeple^[6] (Everydays: the First 5000 days), Yuga Labs^[7] (Bored Apes), and Dapper Labs^[8] (Top Shot)—particularly in high-value NFT transactions. Under this model, the issuer directly mints the NFT by executing a smart contract either on a major public DLT system, such as Ethereum, or a private one under its control, such as Dapper Labs’ Flow Blockchain. Subsequently, each NFT is associated with a specific asset, typically a creative work in digital format such as an image, video, or music file. The connection between each NFT and its corresponding creative work usually involves storing the relevant digital content on internet-connected servers and then hyperlinking each NFT to a specific creative work.^[9]

Once minted, the NFTs are offered to the buying public either by the issuer or through specialized intermediaries, including renowned auction houses such as Christie’s, Sotheby’s, and Phillips.^[10] In addition to the NFT itself, the issuer may offer supplementary services or accompanying assets. For example, regarding the Bored Apes NFT collection, Yuga Labs granted the original purchasers and subsequent buyers a worldwide license to utilize the images connected to their token.^[11] However, it is noteworthy that artists such as Beeple have successfully auctioned their NFTs while neither granting to purchasers a license to the specific creative work in question nor transferring the relevant copyrights.^[12]

With that background, let us focus on the disintermediated tokenization model. For corporate issuers utilizing this approach, NFTs may very well be the principal means by which they generate earnings. The question then becomes this: how might a lender go about obtaining a floating lien over this crypto inventory?

Crypto Inventory Financing

Assume that a corporate issuer of NFTs wishes to use these digital items as collateral. These businesses hold NFTs out for sale. In a practical sense, these assets are the issuer’s inventory. Under Article 9, however, inventory is a defined term that only encompasses “goods” and other tangible movables held out by a person for sale or to be furnished as a service.^[13] As NFTs are intangible personal property, Article 9 classifies them as general intangibles.^[14] As we explain below, the 2022 UCC Amendments reshape the regime to create a floating lien over crypto inventory.

NFTs as Controllable Electronic Records

The 2022 UCC Amendments create a new collateral subcategory under the UCC’s definition of general intangible: the controllable electronic record (CER).^[15]

A CER is “information that is stored in an electronic or other medium and is retrievable in perceivable form” and that is susceptible to control. Importantly, the definition is based on the ability to take control of the record.^[16] Control entails satisfaction of a three-part test: the person claiming control must have the power to (i) enjoy “substantially all the benefit” of the CER, (ii) prevent others from enjoying “substantially all the benefit,” and (iii) transfer control to another.^[17] Lastly, the person claiming such control must be able to demonstrate to a third person that all three parts of the test are met.^[18]

As generally implemented in prominent DLT networks, such as Ethereum, Solana, and Avalanche, NFTs meet the definition of a CER. In these systems, NFTs are data entries stored in a distributed database and, thus, constitute “information that is stored in an electronic or other medium and is retrievable in perceivable form” in the eyes of the UCC. Moreover, the cryptographic infrastructure implemented in DLT networks enables a person to have dominion over and dispose of NFTs in a manner that satisfies the “control” requirements. For example, on Ethereum, a person can control an NFT thanks to the public/private key cryptography adopted by this network. Through their private key, an individual has the power to interact with an NFT, enjoying all of its benefits (whatever those might be), and to prevent all others from interfering. This same technology also enables that individual to completely divest themselves of those powers by transferring them to someone else. Finally, public/private key cryptography also enables an individual to identify themselves as being in control of a determinate NFT through their digital signature.^[19]

Creating and Perfecting a Floating Lien over Crypto Inventory

Creation

The 2022 UCC Amendments forge a new framework for taking security in CERs, including crypto inventory. Regarding attachment, prospective secured lenders have two avenues when using crypto inventory as collateral.

First, as CERs are a subset of general intangibles, a security interest that is enforceable between the parties can be created with a “signed” agreement that adequately describes the collateral.^[20] Notably, the 2022 UCC Amendments have moved past the word authenticated. For NFTs, a clause stating that the collateral comprises “all debtor’s present and future general intangibles” or “all debtor’s present and future CERs” would be effective; there would also be no obstacle to a narrower description focused on the tokens in question, such as “all NFTs minted by the debtor,” and possibly also specifying the relevant DLT network, smart contract, and cryptographic identifiers.

The second avenue to create a security interest in crypto inventory leverages the concept of control. Dispensing with the requirement of a signed security agreement, the 2022 UCC Amendments provide that a security agreement can be created between a debtor and creditor if “the collateral is . . . controllable electronic records . . . and the secured party has control under Section . . . [12-105] . . . pursuant to the debtor’s security agreement.” Extending to CERs the rules previously available for deposit accounts, electronic chattel paper, investment property, and letter-of-credit rights, the 2022 UCC Amendments recognize that taking control of CERs adequately evidences what collateral the parties objectively intended to encumber.

Perfection

The 2022 UCC Amendments also introduce a novel regime for the perfection of security interests in CERs that further cements the prominent role of control. As with all types of collateral,^[21] a creditor can perfect a security interest in crypto inventory by filing a financing statement in the relevant registry, just as it could before the new rules came into effect.^[22] However, the 2022 UCC Amendments also provide that a creditor can perfect a security interest in CERs by taking control of these assets.^[23] A creditor can also obtain control through a third party who acknowledges that it has or will obtain control on the creditor’s behalf.^[24]

For example, a creditor could perfect a security interest in an NFT by having the debtor transfer the NFT to the creditor. This can occur by associating the NFT on the relevant blockchain with the creditor’s public key, rather than the debtor’s key. Other methods are also available, such as using specific NFT metadata configurations or escrow-like software structures (often referred to as multisignature smart contracts) that require the creditor to consent using its own private cryptographic key prior to the NFT being transferred by the debtor. The broad, functional character and flexibility of the notion of control is one of the most significant value-adds of the standards-based framework erected by the 2022 UCC Amendments: it allows parties to deploy whatever technology might be available at a given point in time to achieve control. This approach reflects the explicit intent of the UCC drafters to be technologically neutral and to accommodate future types of CERs.

Lien Priority and “Take Free” Considerations

Crypto financiers will likely want to achieve perfection by control for yet two more reasons.

First, the 2022 UCC Amendments introduce a non-temporal priority rule to rank competing security interests over CERs. Specifically, a secured creditor who perfects by control “has priority over conflicting security interests held by a secured party that does not have control.”^[25] Adopting the same approach historically adopted by the UCC for the priority regime applicable to deposit accounts and investment property, the 2022 UCC Amendments recognize a preference for secured creditors who have direct dominion over the encumbered collateral.

The second reason why crypto financiers will want to take control of encumbered CERs stems from the “take free” regime introduced by the 2022 UCC Amendments for these assets.^[26] Under these rules, a person who acquires a CER for value, in good faith and without notice of any conflicting property claims, is deemed a “qualifying purchaser” and, as such, takes it free from any preexisting property claims.^[27] The 2022 UCC Amendments draw heavily from the UCC Article 3 provisions for negotiable instruments, and these provisions have the effect of making CERs negotiable.^[28] It follows that if a secured creditor obtained a security interest in CER inventory and only perfected by filing, that creditor would be at risk of the debtor disposing of the collateral and transferring control to a qualifying purchaser that would take it free from any competing claim.

The Mechanics of Controlling Crypto Inventory

With that foundation, now consider how a floating lien under Articles 9 and 12 could be achieved over all of a debtor’s crypto inventory. Recall that our debtor is a corporate issuer of NFTs who routinely creates and then sells NFTs to the public. Attachment could be achieved through a security agreement describing the collateral as either the debtor’s general intangibles (taking a broad approach) or all of the debtor’s NFTs in a determinate DLT network (being more specific). The security agreement could also include an after-acquired property clause so as to encumber preexisting NFTs and those that would be minted in the future, as well as a present and future indebtedness clause when describing the secured obligation.

As to perfection, the creditor should file in the relevant registry but also take control of the collateral. There are a few different ways control could be achieved, but here we describe the two simplest ways. The corporate issuer and the creditor would agree that all newly minted NFTs should be immediately associated with the creditor’s public cryptographic keys on the relevant blockchain—not those of the debtor. In other words, all new NFTs should be held in the creditor’s digital wallet, not the debtor’s. Alternatively, the creditor and the debtor could agree that all newly minted NFTs should be held through a multisig smart contract that would be directly or indirectly governed by the secured creditor, in a manner that satisfies the statutory requirements for control.

This transactional structure would create a floating lien over all of the debtor’s crypto inventory. Whenever the debtor desires to sell an NFT, the creditor would have to approve the transfer. In turn, the debtor would transfer to the creditor whatever portion of the funds received from the sale that the parties had agreed to. This arrangement would, of course, involve some monitoring costs, but such expenses would be significantly lower than those associated with traditional inventory financing (i.e., tangible personal property). Typically, a creditor with security in inventory has to arrange for inspectors that examine the state, quantity, and quality of the collateral; the premises where it is held; the manner in which it is offered to the public; and many other similar matters. By contrast, a creditor who has taken security in crypto inventory and perfected by control would only have to approve of any sale of the assets in question and surveil that the debtor does not secretly mint NFTs without duly transferring control. Finally, any minting of an NFT by the debtor that does not immediately appear in the creditor’s digital wallet or in the designated multisig smart contract should be deemed an event of default in the security agreement.

Conclusion

In constructing the transaction as we describe here, the creditor would have created a floating lien on digital assets of the debtor—specifically, crypto assets in the form of NFTs—using UCC Articles 12 and 9. The lien would both float and provide preferential priority through control. For more on this topic and the transactional structure we set forth above, see our essay Floating Liens Over Crypto-in-Commerce, forthcoming in the Indiana Law Journal.^[29]

Christopher K. Odinet is the Josephine R. Witte Professor of Law and an affiliate professor of finance at the University of Iowa. Andrea Tosato is an associate professor in commercial law at the University of Nottingham (United Kingdom) and a visiting associate professor at the University of Pennsylvania Carey Law School. Jordan Jenquin is a rising 3L at the University of Iowa College of Law and a 2023 summer associate at Sidley Austin LLP in Chicago, Illinois.

1. 3 Commercial Asset-Based Financing § 18:1 (2023 ed.). ↑

2. Juliet Moringiello & Christopher K. Odinet, The Property Law of Tokens, 74 Fla. L. Rev. 607, 609 (2022). ↑

3. Christopher K. Odinet & Andrea Tosato, The Intersection of NFTs and Structured Finance, B.U. L. Rev. (forthcoming 2023) (manuscript at 5–6). ↑

4. Nick Szabo, Smart Contracts: Building Blocks for Digital Markets (1996). ↑

5. Merge by Pak, Nifty Gateway (last visited Feb. 6, 2023). ↑

6. Beeple (last visited Feb. 6, 2023). ↑

7. Yuga Labs (last visited Feb. 6, 2023). ↑

8. Dapper Labs (last visited Feb. 6, 2023). ↑

9. Joshua A.T. Fairfield, Tokenized: The Law of Non-Fungible Tokens and Unique Digital Property, 97 Ind. L.J. 1261, 1296 (2022). ↑

10. NFT Art Auction Department, Sotheby’s (last visited Feb. 6, 2023); Christie’s NFT, Christie’s (last visited Feb. 6, 2023). ↑

11. See Juliet M. Moringiello & Christopher K. Odinet, NFTs in Commercial Transactions, in Cambridge Handbook on Emerging Issues at the Intersection of Commercial Law and Technology (Nancy Kim & Stacy-Ann Elvy eds., forthcoming 2023). ↑

12. Taylor Locke, Millionaire Artist Beeple: This is the Very Important Thing ‘I Think People Don’t Understand’ About Buying NFTs, CNBC (Mar. 29, 2021). ↑

13. U.C.C. § 9-102(a)(44), (48). ↑

14. Id. § 9-102(a)(42). ↑

15. Id. § 12-102(a)(1). ↑

16. Id. § 12-105(a). ↑

17. Id. § 12-105(a)(1)(A), (B). ↑

18. Id. § 12-105(a)(2). ↑

19. Understanding Digital Signatures, Cybersec. & Infrastructure Sec. Agency (Feb. 1, 2021). ↑

20. U.C.C. § 9-203. ↑

21. Note the exception of a security interest in money, which can only be perfected by possession. See id. § 9-313(a). ↑

22. Id. § 9-312(a). ↑

23. Id. § 9-314(a). ↑

24. Id. § 9-307. ↑

25. Id. § 9-326A. ↑

26. Id. § 9-317(h). ↑

27. Id. §§ 9-317(h), 12-102(a)(2), 12-104(e). ↑

28. Edwin Smith & Steven O. Weise, The Proposed 2022 Amendments to the Uniform Commercial Code: Digital Assets, Bus. L. Today (Mar. 25, 2023). ↑

29. Christopher K. Odinet & Andrea Tosato, Floating Liens over Crypto-in-Commerce, Ind. L.J. (forthcoming). ↑

The American Bar Association Business Law Section is proud of its library of quality legal titles that serve the business law community. However, there are a handful of BLS titles that are true “classics”—that is, they are the go-to sources for the legal practitioner; they strengthen their branding with each new edition; and they sell in the thousands.

A prime example of a “classic” is A Manual of Style for Contract Drafting, Fifth Edition by Kenneth A. Adams.

“The fifth edition was published in February 2023,” said Collin Cooper, chair of the BLS Publications Board. “Sales usually drop off with each new edition of a legal text, yet with each new edition of MSCD, its sales have exceeded sales of the previous edition. Based on the first three months, it looks like that will apply to the fifth edition, too.”

There is a simple reason for the book’s success: Each new edition has been a worthy upgrade.

“The fifth edition, weighing in at 667 pages, contains 70 pages of new material, and the rest of the text reflects many adjustments,” said Cooper. “Ken remains without equal as an authority on the building blocks of contract language. No one writes on his subject as extensively or with as much originality and scholarship.”

To understand the value of this book, featured below is the section on the words “setoff” and “offset.” This brand-new content explains why readers eagerly anticipate the publication of a new Manual of Style edition.

***

SETOFF, OFFSET

13.763 The nouns setoff and offset mean the same thing; so do the corresponding verbs. Pick whichever noun you prefer and stick with it, be consistent in how you spell it, and use the corresponding verb.

13.764 Black’s Law Dictionary gives as a definition of the noun setoff “A debtor’s right to reduce the amount of a debt by any sum the creditor owes the debtor; the counterbalancing sum owed by the creditor.” It’s easy to find the variant spellings set-off and set off, but use setoff.

13.765 The noun offset is used in the United States to mean the same thing. Garner’s Dictionary of Legal Usage, at 631, says the noun offset “is perfectly acceptable in American legal writing.” See, e.g., Citizens Bank of Maryland v. Strumpf, 516 U.S. 16, 18 (1995) (“The right of setoff (also called ‘offset’) allows entities that owe each other money to apply their mutual debts against each other … .”).

13.766 Garner’s Dictionary of Legal Usage, at 812, says the verb form of setoff “is written as two words—e.g.: ‘on the other hand, a subsequent agreement between the parties to set-off [read set off] a claim of the buyer in satisfaction of part of the purchase price may satisfy the statute.’”

13.767 Regarding use of offset as a verb, Garner’s Dictionary of Legal Usage, at 631, waffles in saying that it “might be considered inferior to set off, although it cannot rightly be condemned as an error.” An example offered in Garner’s Dictionary of Legal Usage is “The division of property was, or will be, approximately equal and the two amounts would offset each other.” Welsh v. Welsh, 869 S.W.2d 802 (Mo. Ct. App. 1994). If the noun offset is acceptable in the United States, it would be precious to object to the verb offset. Searches of to set off and to offset on the U.S. Securities and Exchange Commission’s EDGAR system suggest that the verbs set off and offset are used about as often.

The marketing team wants to use ChatGPT to generate marketing collateral. Yet, the law department worries about copyrighted content used to train the model forming the basis of an intellectual property lawsuit and inadvertently “giving” OpenAI the right to use certain protected content. Underwriting wants to let artificial intelligence (“AI”) tools “underwrite” insurance policies, but the compliance team worries about the computer application “learning” to discriminate. Business planning professionals wish to extend the life of relevant information, but European Union (“EU”) privacy lawyers say that will run afoul of the General Data Protection Regulation (“GDPR”).

One person’s hot is another person’s cold. One person’s trash is another person’s treasure. You get the idea. And that idea has taken center stage in the world of corporate information. At a time when professionals across industries and fields who are using AI want as much information as possible to predict business trends, for example, information security risk mitigation militates in favor of retaining less information for shorter periods: “AI is heavily reliant on large quantities of data, and without proper controls, data can be corrupted.”^[1] Furthermore, “[a]ddressing privacy concerns while leveraging large datasets is also a challenge.”^[2] While business folks want to keep content in collaboration environments forever for future reference, privacy and security professionals push back on growing the information footprint because more information creates greater privacy risk and more data to protect.

We live in interesting times, in which one side of the business wants to keep all information forever and another wants it gone yesterday. And there are myriad other perspectives between the two extremes, depending on your job within the company. So how do businesses navigate and negotiate an ever-increasingly competitive and conflicting information-intensive business environment?

No one wants to peer into a volcano, especially one that could blow at any time. Yet, a lawyer’s job is, in part, helping the lawyer’s company or clients navigate the risks and potential liabilities of our new, ever-expanding information economy. Further, most large companies today have a host of complex and competing information needs and requirements that scream for legal guidance, whether the lawyers know it or not. And as corporations’ information assets grow in volume and value, these issues won’t go away anytime soon.

In this article, we will provide five steps for lawyers and others with information management obligations to more effectively manage their corporation’s information footprint, negotiate competing and conflicting business and regulatory requirements, and simplify the rules to help harness the value of information while making sure that companies comply with the expanding information volumes and the laws and regulations that mandate how information must be managed.

Step 1: Size Up Your Information Footprint

Understand What Your Business Does for a Living

To figure out how best to address the expanding universe of information, it is first essential to understand the company’s mission as that will inform what data it has and the laws and regulations guiding its management. In other words, the first step should be to assess what information a company has, what obligations exist with that information, how long to retain it for legal or business reasons, who should have access to it, etc.

While the executives of all companies generally understand what business activities they are engaged in, they rely on their leadership team to help them understand all the different business initiatives, relationships, contractual obligations, projects, and potential sources of revenue and risks across their company. This activity details how the organization accomplishes its mission and the information needed for execution. After all, it is essential to understand how the organization creates information and what information it creates, as well as when it needs it given its business activities, in order to manage the information footprint.

Understand How Activities Are Conducted

Given today’s complex technologies such as AI, IoT (“Internet of Things”) devices, pixel tags, etc., and the new ways that business is conducted, the task of identifying how business activities are conducted is challenging. The way that many businesses function or carry out their business activities has changed in recent years.

Third parties may now be in the “care, custody, control” of “your” information, and contracts may dictate that they can package it up and resell the information or not. The fact that a third party is creating and utilizing your company information may create new information security and privacy challenges that may need to be addressed via both contract and technology. Furthermore, the application of IoT devices means that a third-party smartish piece of technology is grabbing and transmitting data behind the scenes, perhaps without the company’s knowledge—which may be to the company’s detriment.

There are many ways to glean a deeper insight into company business activities to understand how they are conducted. It might be helpful to analyze the company’s annual report, external website, marketing materials, operational processes, workflows, and standard operating procedures (“SOPs”) and talk to the corporate secretary about external partnerships, collaborations, or joint ventures involving the company. Reviewing the company’s annual reports, financial statements, and corporate filings may disclose new sources of revenue, among other things. Additionally, interviews or surveys with key stakeholders can be beneficial to provide a deeper understanding of the various company initiatives and activities. For example, a recent conversation with a client’s general counsel unearthed a new business direction of packaging biometric data and selling it as a revenue stream.

Key business and legal stakeholders might not be aware that a particular business initiative is underway, but they need to be aware in order to properly assess the risk and liability. Advancing such initiatives without proper management and liability assessment can explode in the face of executives and impact company valuations and the court of public opinion. And these types of initiatives are part of the new corporate information volcano that can create seismic ripples through the business.

Inventory Information Assets

For every business activity, there is informational output. That informational output may be a record or a non-record. It may or may not contain a specific class of data, such as biometric data, personally identifiable information (“PII”), trade secrets, intellectual property, Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) data (protected health information (“PHI”)), or other sensitive data types.

For every record and specific data category, myriad laws and regulations will dictate how that information can be used, shared, stored, retained, and managed throughout its life cycle. Additionally, for each, there will be business folks who will only sometimes agree with the laws and regulations because those laws and regulations don’t allow them to garner the total value of the information.

For every non-record, rules should dictate how long to retain the information and when to dispose of it. For many corporations, a large percentage of their data doesn’t rise to a record level, and the noise it causes can be costly. Additionally, non-records can pose the same risk to the corporation as a record because they can contain sensitive information that could be damaging if exposed.

Regardless of whether something is a record or a non-record, getting a handle on the company’s information footprint is essential. Unsurprisingly, most companies need to know what information they have, where to locate it, and who has access to it. Information sprawl happens because more systems create information, more applications use information, and more employees access the information. Outsourced data warehouses collect data from many sources and combine them for insights. IoT devices collect and transmit data, and more third parties utilize or create company information on your behalf. What action can you take?

Conduct and document an inventory of supporting information assets created, used, sold, shared, relied upon, and received for each business activity identified. The inventory should determine where the information is stored; who has access to it; who has responsibility for it; what actions people take with it, e.g., selling or sharing the data; and what data classification (e.g., PII, PHI) and security classification (e.g., confidential, restricted) apply. This inventory will help inform the next step of knowing what laws and regulations must be considered. The greater the understanding of the information footprint, the more effective your program will be.

Step 2: Unearth and Understand Regulatory, Governance, and Business Requirements

Collect All Laws and Regulations That Impact the Business

Once you have compiled a comprehensive list of the company’s business activities and inventoried the types of information generated, used, sold, shared, relied upon, and received, you can then research the relevant laws, regulations, and industry rules that govern the management, protection, transmission, retention, and disposal of each category of the information. For most large businesses today, there will likely be hundreds, if not thousands, of laws and regulations that apply to the various types of information used by the business in the various jurisdictions in which the company does business. It’s key to look outside of the jurisdiction of incorporation to find all of the laws and regulations required to get information management right.

For each business activity, the company should document all jurisdictions that apply to it. This is often called a business profile. For example, product manufacturers should document the countries and states with manufacturing facilities. Later in the process, jurisdictions will inform what laws and regulations will apply based on where the organization performs certain business activities. Many laws and regulations that impact manufacturing facilities will be at a state or country level, so there is no need to include states or countries without manufacturing facilities. Similarly, if, as discussed above, the company is engaging in new activities—such as selling data as a revenue stream, implementing customer interactions, using sensors on products, conducting AI activities, exploring blockchain and cryptocurrency activities, handling privacy and biometric data, developing virtual and augmented reality technologies, or building autonomous products—those activities will dictate the laws and jurisdictions that must be considered.

Understand Business Needs

As the company evaluates and collects all of the legal requirements with which it must comply, assessing its business needs for the various types of information across the enterprise is also beneficial. This step is where the company should methodically collect the need for each data category and how long a particular business unit needs it. This step should involve “governance” business stakeholders such as privacy, records management, legal, cybersecurity, and other teams as necessary.

During this phase, it will become evident that different business units within the company will have different information needs. The marketing department may want ten years of past sales to unearth trends to improve future forecasting of raw materials for next year’s products. However, EU privacy staff may feel that the organization should only retain that information for a short time. This conflict can be solved by agreeing upon a period of time to retain the personal data, when it should be anonymized, and when the anonymized information needs to be disposed of. (We will return to this conflict issue in the next section.) In any event, creating a useful dashboard of inputs so that the company can see how information is being used and by whom will be very useful in determining the final company rules to manage information assets better.

Step 3: Harmonize Governance and Legal Requirements

As was alluded to in the previous section, gathering all the legal, regulatory, and governance requirements and various business needs related to each category of information helps the company develop rules that address all the inputs. One caveat: Making sausage is ugly. But developing information policy for large companies can make sausage making look attractive and seem easy. Given information volumes and the disparate uses of information in today’s corporate information ecosystem, making sense of and harmonizing the many inputs can be challenging.

Consider how different the EU privacy policy is from how Arkansas privacy laws expect organizations to manage PII. Or consider how contract retention requirements vary from state to state. Now add all the types of information, all the legal requirements in all the relevant jurisdictions (state, federal, foreign, etc.), and the business needs for the data. Now make a policy that addresses all the inputs.

Corporations that operate in a global environment must comply with legal and governance requirements across multiple jurisdictions. Corporations must take a harmonized approach to information governance, developing policies and procedures consistent across all jurisdictions unless there is a unique situation that doesn’t allow for it. As one such example, China’s laws for certain categories of information require permanent data retention. The company may carve out Chinese retention rules from the “harmonized” company-wide rules in such a case.

One often-used approach to harmonizing legal requirements in the privacy context is to gather all the high-level requirements of the various privacy laws and regulations from the various jurisdictions and develop a policy incorporating the letter and the spirit of the multiple requirements into one policy directive. Again, it is complex, but it is essential as the list of legal requirements mandating how organizations must manage information grows yearly.

To deal with the ever-evolving information legal landscape and advancing business practices, companies should have a process in place to monitor changes to ensure that they stay current with laws and regulations and business activities. As an example, a company could form a governance body made up of legal, governance, compliance, business, and operations representatives tasked with the responsibility of advancing the initiative.

Step 4: Simplify Rules for Employees and Technology

Corporations should develop clear policies, procedures, and rules that are easy for employees and technology to understand and follow. One way to simplify is to create one set of standard policies and procedures that can apply across the organization.

Recently, a company asked Kahn Consulting to harmonize the company’s multiple privacy and security directives. There were many competing directives, and the organization didn’t clarify the guidance as to which policies applied to each business unit. The employees didn’t follow any policies because they couldn’t determine which ones applied to their work.

Employees don’t have time to figure out what policy to follow, so make it brain-dead simple. In addition to fewer policy documents, the company should strive for shorter directives without complex legal language that may confuse the average employee. Furthermore, the simplification process will help technology seamlessly apply the rule without employee intervention (see Step 5). Employees have enough to worry about in their daily work without having to stop to consider legal policies. Also, technology is better and faster at applying rules to information at an application level, behind the scenes, so build a compliance process to let employees focus on their day job.

Additionally, organizations should eliminate rules that create complexity in their understanding and application. For example, applying “event triggers” to start the retention clock can create a challenge to determine when the clock begins to run on retention. Therefore, it can make applying the rule to relevant records nearly impossible. So, if you can get rid of complex rules, do it.

Finally, build “imperfect” rules that work with your technology rather than creating “perfect” rules that can’t realistically apply to actual business processes. In other words, strive for reasonable rules that work given technological realities and the company’s needs.

Step 5: Automate Policies and Procedures

Corporations can further simplify information governance by automating the application of company policy directives related to ownership, access, privacy, security, retention, disposition, litigation response, and other governance tasks. Advances in AI and machine learning give organizations the horsepower needed for such automation.

This approach means using technology to enforce policies and procedures rather than expecting employees to do the heavy lifting. For example, corporations can use automated data classification tools to classify data according to its sensitivity level. This automation can help ensure that sensitive data is protected appropriately and can reduce the risk of a damaging security event. Automate wherever possible, and use technology that makes your company rules workable, given the application’s functionality.

Conclusion

Managing information in today’s complex information ecosystem is a monumental challenge. One bad hack and the resulting information security breach could be that seismic event impacting valuation and reputation that every lawyer, privacy and compliance officer, and C-suite executive prays will not happen on their watch. Effective information governance is essential for corporations to protect their valuable information assets and comply with legal and regulatory requirements. And that starts with understanding what business activities a company performs, what information a company has, what obligations exist for each class of information, how long to retain the information for legal or business reasons, what management governance rules apply to it, who should have access to it, and where it is stored. Companies will be well served by thinking outside the volcano and anticipating the potential liability and risk associated with the explosion of information and the transformation regarding how business is done. This is a process, not a project, and lawyers and other stakeholders must be engaged in an ongoing basis. The information ecosystem is organically growing and expanding, and vigilance is necessary to stay on top of it.

1. AI in Capital Markets, RBC Capital Markets (last visited May 27, 2023). ↑

2. Id. ↑