Haben Girma shows what an attorney with a disability can accomplish. She’s both deaf and blind, and her new memoir, Haben: The Deafblind Woman Who Conquered Harvard Law, has many stories about her facing challenges, and showing the world that her challenges didn’t limit her. As she writes in the introduction, “This book takes readers on a quest for connection across the world, including building a school under the scorching Malian sun, climbing icebergs in Alaska, training with a guide dog in New Jersey, studying law at Harvard, and sharing a magical moment with President Obama at the White House.”
Haben Girma is the daughter of parents from two different African countries; her father is from Ethiopia, and her mother is from Eritrea. Although Haben herself was born and grew up in California, that perspective influences how she takes on the world. The memoir opens with a harrowing story of her father being taken off an airplane by Ethiopian soldiers during her childhood. In reference to her background, this memoir discusses the complicated and historic relationship between the people of Ethiopia and Eritrea.
She also discusses the reality of growing up as a child with a disability in the United States and going to a mainstream school. She shows that these challenges can be confronted head-on and handled with attention and care (as well as reasonable accommodations), not by ignoring them and pretending they don’t exist. A theme running through the memoir is the importance of independence and obliterating misconceptions about what people with disabilities can and cannot do. The data clearly shows that the vast majority of disabilities are invisible and people often hide a key aspect of him or herself.
Like many children with disabilities, she challenges her parents to allow her to do things, such as travel. She also faces colleagues and mentors who underestimate and look down on her. Throughout the story, she endeavors to break down the myths of what she unable to accomplish, while never falling into the untrue and damaging myth of “overcoming” disability. As research shows, disability inclusion provides an advantage for those organizations that work to include people with disabilities, such as Accenture, Microsoft, and Sidley Austin (all three have been recognized by the ABA for including attorneys with disabilities).
In Haben’s case, she is a Harvard Law School graduate with international experience. She writes that society treats “people with disabilities as incapable of contributing, and yet these kids [in Eritrea] treat me like someone with gifts to share and lessons to teach.” In her discussion of her experience at Harvard Law School, she explained that she used communication devices to interact with other students, professors, and people at networking events. In particular, she discussed using her Braille computer to network. (“Tactical sign language is our backup plan” was decided during a strategy meeting.)
Dancing salsa allows her to use her sense of touch to manage her lack of vision and lack of hearing a beat. She describes using the skills she has to manage the senses she doesn’t have. For example,she also describes using her sense of touch to volunteer to build houses in Mali. Building houses helped prove that she could still make a worthwhile contribution and have a disability at the same time. Her disability allows her to perceive problems that others don’t even notice.
The memoir also makes clear that a disability rights legal practice also provides her with great legal training. For example, she discussed an attorney with a disability that was the best litigator she’s ever witnessed: “Disability Rights hero Daniel Goldstein grips the court’s attention. He stands at the lectern before Judge William K. Sessions, III, in the district court for the district of Vermont.”
As a Skadden fellow after law school, she operated a disability rights practice. As discussed above, the disability rights legal practice helped develop her legal skills and gave her front line access to top lawyers.
“As a public service lawyer, my salary is far below what a Harvard Law graduate would typically make, but still exceeds the average income for blind Americans, 70 percent of whom struggle with unemployment,” writes Haben. The memoir then explains that disability rights are civil rights, and she shows that the ADA is federal legislation that offers protections that help businesses reach a “giant” market.
In conclusion, this is a worthwhile book that you should read to better understand the challenges of the disabled. Haben gives concrete examples of her youth, her perspective, and the excellent legal training she received. The book discusses the value for business organizations and law firms to include people with disabilities; her unique voice brings us just a glimpse into how disabilities can be an asset to businesses. The memoir shows the level of talent and size of the potential market that businesses could reach by including persons with disabilities.
A new California law related to the processing of personal data will go into effect in July 2020. The California Consumer Privacy Act (CCPA) (California Civil Code §§ 1798.100 to 1798.199) is currently the most comprehensive privacy legislation in the United States, with extensive new compliance requirements and liabilities. Although the law was drafted with threshold requirements for application, it will have significant reach given California’s undeniably large global economic impact. If you are a for-profit business doing business in California or you are collecting California consumers’ personal information, this is one law you cannot ignore.
In short, the CCPA grants California residents new rights with respect to the collection of their personal information, including, among other things, the right to be forgotten (deletion of information), the right to opt-out of the sale of their personal information, and the right to know what information a business collects about them. All of this creates new operational challenges for businesses that must be addressed in advance of the law taking effect. To further complicate matters, there are several open questions about the law, including the application of several amendments recently passed by the California state legislature, and whether preemptive federal legislation may be passed. In the meantime, companies should prepare themselves for the most monumental shift in domestic privacy legislation in decades.
Background of the Passage of the CCPA
General elections in California often include voting on legislative ballot initiatives, some of which are drafted and proposed by California citizens. Prior to the passage of the CCPA, real estate developer Alastair Mactaggart set out to place an initiative on the ballot regulating the collection of personal information by businesses. The idea quickly gained steam, and within a few months a consumer-friendly privacy initiative co-drafted and funded by Mactaggart gathered what appeared to be more preliminary signatures than necessary to qualify for the November 2018 statewide ballot. Initiatives that pass via the ballot process are notoriously more difficult to amend, modify, or repeal, typically requiring another initiative or a 70-percent majority in the California legislature. In order to avoid the passage of a law that would have been immensely difficult to change, the California legislature brokered a deal with Mactaggart and his team and hastily passed Assembly Bill 375, now known as the CCPA. The proposed legislation, although in the works for some time, reportedly received only a few days of debate and virtually no input from industry before it was passed and signed into law. As a result of the deal and signed legislation, Mactaggart agreed to withdraw his ballot initiative only hours before the final deadline to withdraw.
Not surprisingly, this unusually swift process resulted in drafting errors, inconsistencies, ambiguities, and confusion as to the law’s potential reach and application. Indeed, several weeks after its initial passage, the legislature amended the new law with the passage of SB 1121. Intended to correct certain drafting errors and clarify certain provisions, the amendment still left several glaring inconsistencies and ambiguities. Several additional amendments have passed through the legislature and are currently pending before Governor Newsom. It is anticipated that there may be additional amendments proposed after the CCPA takes effect in 2020.
Threshold Application of the CCPA
The CCPA applies generally to for-profit businesses and sets threshold requirements for its application. The CCPA will apply to businesses around the world if they exceed one of the following thresholds:
annual gross revenues of $25 million;
annually buy, sell, receive, or share for commercial purposes the personal information of 50,000 or more consumers, households, or devices; or
derive 50 percent or more of its annual revenues from selling consumers’ personal information.
Notably, parent companies and subsidiaries sharing the same branding must also comply even if they themselves do not exceed the applicable thresholds.
At this point, there are some ambiguities as to how the thresholds can be met. For example, a common question is whether the $25 million limit for annual gross revenues is met with California revenue alone or if it is met with global revenue. The answer to this question is unclear and may or may not be resolved before the law goes into effect, meaning that, ultimately, the courts may be the ones to resolve this issue.
Who Is Affected and What Is Protected?
Under the CCPA, consumers can exercise their rights with respect to any information that relates to them and that is held by a business. The term “consumer” is broadly defined to include any California resident (see Cal. Civ. Code § 1798.140(g) (defining “consumer” as any “natural person who is a California resident”)). An amendment known as AB 25 currently on the governor’s desk would redefine “consumers” to omit employee personal information to the extent the person’s personal information is collected and used only by the business in that context. The provision will sunset after one year.
A consumer’s “personal information” is broadly defined to include information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly to a particular consumer or household. As the law exists currently, personal information includes, but is not limited to, the following:
identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, e-mail address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers;
characteristics of protected classifications under California or federal law;
commercial information, including records of personal property; products or services purchased, obtained, or considered; or other purchasing or consuming histories or tendencies;
biometric information;
internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet web site, application, or advertisement;
geolocation data;
audio, electronic, visual, thermal, olfactory, or similar information;
professional or employment-related information;
education information;
inferences drawn from any of the information collected to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Specifically excluded from the definition of “personal information” is any information publicly available, meaning any information that is lawfully made available from state, federal, or local government records. “Publicly available” does not mean biometric information collected by a business about a consumer without the consumer’s knowledge.
How Will the CCPA Be Enforced?
Under the CCPA, the California attorney general can bring civil actions for injunctions or civil penalties of $2,500 per violation under the statute and up to $7,500 for any intentional violation. A business is in violation of the statute if it fails to cure an alleged violation within 30 days after being notified of alleged noncompliance.
The CCPA also includes a limited private right of action for consumers for violations of the statute’s data security requirements. Specifically, a consumer can institute a civil action if nonencrypted or nonredacted personal information (as defined under California’s data breach notification statute, California Civil Code, § 1798.81.5(d)(1)) is subject to unauthorized access and exfiltration, theft, or disclosure as a result of a business’s failure to maintain reasonable security procedures.
The security provision refers to a business’s “duty to implement and maintain reasonable security procedures and practices.” Although “reasonable security” is not defined in the statute, it is worth noting that in February 2016 the California attorney general released the California Data Breach Report, which makes five recommendations regarding data security, including an explicit endorsement of the Center for Internet Security’s Critical Security Controls as a minimum threshold for reasonable security. It is also worth noting that the CCPA’s security provision does include a proportionality element providing that it is the duty of the business to maintain reasonable security procedures and practices “appropriate to the nature of the information.”
In an interesting twist, another proposed amendment to the CCPA, SB 561, which would expand the private right of action to any violation of the CCPA and remove the ability to cure within 30 days of notification, was killed during the recent legislative session. The bill had the backing of Attorney General Xavier Becerra, but on April 29, 2019, the California Senate Appropriations Committee placed this bill on the “suspense file,” which is a way to consider the fiscal impact of the bill to the state. Shortly thereafter, the bill was taken under submission, which means it was blocked and is effectively dead. Given that the legislative session in California has ended, it appears that there will not be an expansion of the private right of action this year. California has a two-year legislative session, however, so this bill can be raised again next year without the need to be reintroduced.
How Does the CCPA Compare to the GDPR?
You may have heard of Europe’s General Data Protection Regulation (GDPR) and wonder how it compares to the CCPA. Notably, it is difficult to make generalities about the differences or similarities between the laws because some provisions in the laws closely align, whereas others do not.
Both laws are generally intended to provide privacy protections to individuals by granting them control and access to their personal information. Additionally, both the GDPR and CCPA focus on transparency obligations. To achieve their objectives, each requires contracts between businesses and service providers, detailed privacy notices, and similar grants to individuals with respect to the control over their information. The devil, as they say, is in the details in that each law sets out different compliance and applicability requirements.
Fundamentally, the GDPR and CCPA also differ in many aspects, including that the GDPR anchors itself with the concept that a business must have a “legal basis” to process personal information, otherwise the processing is not permitted. The CCPA has no such requirement and instead creates a mechanism for consumers to opt-out of the sale and disclosure of their information or to request deletion.
The CCPA also explicitly excludes from its scope certain broad categories of personal information altogether, including medical information covered by the Confidentiality of Medical Information Act and the Health Insurance Portability and Accountability Act and personal information under the Gramm-Leach-Bliley Act. The GDPR excludes no specific categories of information from its scope.
What Must Your Business Do Now?
Review Your Data Privacy Practices. It is always a good starting point to take stock of your data. Determine what data (including personal information and sensitive or confidential information) your business is collecting, what you are doing with the data (including with whom it is being shared), and where the data resides. The CCPA gives consumers new rights over their information and, as a result, organizations must be prepared to comply with requests that may come from consumers beginning January 1, 2020. The new rights include the right to request from a business:
categories and specific pieces of personal information collected;
categories of sources from which the personal information is collected;
the business or commercial purpose for collecting or selling the personal information;
categories of third parties with whom the business shares personal information; and
deletion of personal information about the consumer that the business has collected, subject to some important exceptions.
The information must be delivered free of charge to the consumer, in a format that is portable, and typically within 45 days. The first step to complying with any requests from consumers is understanding your current data practices.
Review Your Policies. If you have a privacy policy in place, it will likely need updating before January 1, 2020, even if you prepared for the GDPR. The CCPA provides for new disclosure requirements that must be included in a privacy policy or notice. At or before the time of collection, a business must disclose the categories of personal information to be collected and the purpose for which the information is used. The notice must also separately list the categories of personal information collected, sold, or disclosed for a business purpose in the preceding year and explicitly state if the personal information has not been sold or disclosed. The new disclosures can be made part of an existing privacy policy, or a separate policy can be maintained for California residents.
Businesses should also analyze whether they are “selling” personal information to third parties. Where a consumer’s personal information is sold as defined by the statute, the consumer has the right to opt-out of the sale of their personal information. A clear and conspicuous link on the business’s internet homepage, titled “Do Not Sell My Personal Information,” must be made available, and the link must enable consumers to opt-out of the sale of their personal information. The business must wait at least 12 months before requesting to sell the personal information of any consumer who has opted out.
Review Third-Party Agreements. Take the time to identify vendors or third parties that receive personal information from your business. Once identified, consider adding appropriate contract terms to address the CCPA, including terms regarding the use or disclosure of personal information received from your business, to clarify that you are not “selling” personal information to vendors, or to increase transparency with regard to the privacy and data security practices of your vendors.
Conclusion
Business leaders can anticipate that the CCPA will continue to evolve over the coming year, and that this will not be the end of data privacy regulation in California or the United States. Indeed, several states are currently considering their own privacy regulations. Given that regulatory change in this area will be ongoing for some time, it is best to build a flexible, dynamic privacy program that can adapt to changes as they occur.
In Mission Product Holdings, Inc. v. Tempnology, LLC, 139 S. Ct. 1652 (2019), the U.S. Supreme Court answered what has been called the most important unresolved question in trademark licensing and resolved a decades-long division among the lower courts on a foundational question of bankruptcy law. Specifically, Mission held that when the licensor of a trademark files for bankruptcy, its “rejection” of the trademark license agreement under section 365 of the Bankruptcy Code does not terminate the licensee’s rights in the mark.
Mission is a critically important decision for trademark licensing, and practitioners in that area have welcomed it, because it makes clear that a licensee’s rights will not evaporate if the licensor files for bankruptcy and rejects the parties’ license agreement. That greater certainty will affect the negotiation and terms of trademark licenses because it makes trademark rights more valuable to the licensee (and, as a corollary, makes licenses more profitable for the licensor). It is also a highly significant decision for the bankruptcy bench and bar because it clarifies long-standing confusion regarding one of the Bankruptcy Code’s central concepts: the concept of rejection.
By way of background, section 365 of the Bankruptcy Code permits a trustee or debtor-in-possession in bankruptcy to “assume or reject any executory contract”—that is, any contract the debtor entered before bankruptcy in which each party still owes a duty of performance to the other. 11 U.S.C. §365(a). Briefly, section 365 permits the bankruptcy estate to assume an executory contract and perform the debtor’s future obligations under that contract if doing so will be profitable for the estate, and to reject the contract if performing would not be profitable. Mission, 139 S. Ct. at 1658. The Bankruptcy Code provides that rejection “constitutes a breach” of the rejected contract that is deemed to have occurred before bankruptcy, 11 U.S.C. §365(g), entitling the counterparty to a claim in the bankruptcy case (which will typically be paid at cents on the dollar) for damages stemming from the debtor’s failure to perform. However, courts have not always agreed on the precise consequences of rejection. Is rejection merely the equivalent of a breach of contract outside bankruptcy, or does it terminate all the counterparty’s rights? That was the core question in Mission.
The seeds for Mission were sown in 1985 when the Fourth Circuit addressed the same question in the context of a patent license. Lubrizol Enters. v. Richmond Metal Finishers, Inc., 756 F.2d 1043 (4th Cir. 1985). Lubrizol held that the debtor-licensor’s rejection of the license agreement enabled the estate to take back the patent rights the debtor had granted to the licensee before bankruptcy and sell or license those rights to a third party. See id. at 1047-48. In response, Congress amended section 365 by adding a new provision governing rejection of licenses of “intellectual property,” which provided that licensees could choose either to treat such licenses as terminated or to retain their rights (and obligations) under the licenses. 11 U.S.C. §365(n). Congress defined “intellectual property” to include patents, copyrights, and trade secrets, id. §101(35A), but omitted trademarks, meaning that section 365(n), by its terms, does not apply to trademark licenses. After section 365(n) was enacted, courts divided over whether Lubrizol was still good law for trademark licenses. Some lower courts concluded that the omission of trademark licenses from section 365(n) meant that Congress had implicitly endorsed Lubrizol’s reasoning in the trademark licensing context. In 2012, however, the Seventh Circuit held to the contrary, reasoning that under section 365, rejection is simply a breach and, like a breach outside bankruptcy, cannot take away the licensee’s rights in the mark. See Sunbeam Prods., Inc. v. Chicago Am. Mfg., LLC, 686 F.3d 372 (7th Cir. 2012).
That was where matters stood when the Mission case originated. Tempnology had developed a patented technology for cooling fabric to be used in sportswear, towels, and the like, marketed under the COOLCORE trademark. In 2012, it licensed its patents and trademark to Mission, granting Mission the exclusive right to distribute certain COOLCORE products in the United States. In 2014, Tempnology filed a Chapter 11 petition and rejected the license agreement with Mission, contending that rejection terminated Mission’s right to use the trademark. Ultimately, the First Circuit agreed with Tempnology and split with the Seventh Circuit’s decision in Sunbeam, reasoning that allowing Mission to continue using the mark would be too burdensome for Tempnology and could impair its ability to reorganize. The Supreme Court granted Mission’s petition for certiorari to resolve the circuit split. Mission, 139 S. Ct. at 1658-60.
After rejecting Tempnology’s argument that the case was moot, see id. at 1660-61, the Court turned to the fundamental question presented: “What is the effect of a debtor’s . . . rejection of a contract under Section 365 of the Bankruptcy Code?” Id. at 1661. The Court’s answer was unequivocal: “Rejection of a contract—any contract—in bankruptcy operates not as a rescission but as a breach.” Id. Accordingly, rejection “leave[s] intact the rights the counterparty has received under the contract.” Id. “Both Section 365’s text and fundamental principles of bankruptcy law command [that] approach.” Id.
Beginning with the text, the Court observed that section 365 provides that rejection “‘constitutes a breach’” of the rejected contract. Id. Outside bankruptcy, one party’s breach of contract does not terminate the other party’s rights. The Court used the example of a contract in which a dealer leases a photocopier to a law firm and agrees to service the copier monthly. If the dealer stops servicing the machine, materially breaching the contract, the law firm may choose to terminate the contract, but the dealer cannot do so. “The contract gave the law firm continuing rights in the copier, which the dealer cannot unilaterally revoke.” Id. at 1662. Rejection in bankruptcy works the same way, for a trademark license as well as a photocopier lease: “The debtor can stop performing its remaining obligations under the agreement. But the debtor cannot rescind the license already conveyed. So the licensee can continue to do whatever the license authorizes.” Id. at 1662-63. That reading of section 365, the Court explained, “reflects a general bankruptcy rule: The estate cannot possess anything more than the debtor itself did outside bankruptcy,” at least absent a successful preference or fraudulent conveyance action by the trustee. Id. at 1663.
The Court found Tempnology’s contrary arguments unpersuasive. Tempnology had contended that because section 365(n) specifies that counterparties may retain their rights after rejection, one should draw the negative inference that “the ordinary consequence of rejection” is termination of those rights. Id. at 1663. After examining the history and context of section 365(n), however, the Court concluded that “no negative inference arises.” Id. at 1665. “Congress did nothing in adding Section 365(n) to alter the natural reading of Section 365(g)—that rejection and breach have the same results.” Id. Rather, section 365(g) could be read to “reinforce or clarify the general rule that contractual rights survive rejection.” Id. at 1664.
Finally, the Court dismissed Tempnology’s contention that if trademark licensees retained their rights after rejection, the debtor’s ability to reorganize would be impeded because the debtor would need to continue to exercise quality control over the goods bearing the mark or else risk losing the mark. See id. at 1665. As an initial matter, the Court noted that there was no support in the text of the Bankruptcy Code for a trademark-specific rule of rejection. Id. Moreover, Tempnology’s argument proved too much: The Code “aims to make reorganizations possible,” “[b]ut it does not permit anything and everything that might advance that goal.” Id.
The Mission decision has many significant aspects, three of which are noted here. First, as the Court expressly stated, its holding—that rejection has the same consequences as breach—is not limited to trademark licenses, but applies to all executory contracts. Mission thus has the potential to simplify what has become an extraordinarily complex and confused area of the law. Courts often conduct lengthy analyses of whether a particular contract is executory, at times seemingly doing so to avoid the draconian consequences that rejection would have if it terminated the counterparty’s rights. See, e.g., In re Exide Technologies, 607 F.3d 957 (3d Cir. 2010) (holding that trademark license agreement was not executory, and licensor therefore could not reject it and terminate licensee’s right to use the mark); id. at 967-68 (Ambro, J., concurring) (noting the inequity of using rejection “to let a licensor take back trademark rights it bargained away”); see generally Michael T. Andrews, Executory Contracts in Bankruptcy: Understanding ‘Rejection,’ 59 U. Colo. L. Rev. 845 (1988). Once rejection is correctly understood as the bankruptcy analogue of breach, and not as a special power to terminate the other party’s rights under a contract, courts should no longer need to rely on the highly malleable test for executoriness to ensure a just result.
Second, Mission reaffirms that in deciding any question arising under the Bankruptcy Code, the Code’s language comes first, but Mission approaches that language contextually. As the Court observed, section 365’s statement that rejection “constitutes a breach” “does much of the work” in the Court’s analysis. Mission, 139 S. Ct. at 1661. That is not surprising. As Justice Kagan, who wrote the Court’s opinion, said in another context, “We’re all textualists now.” SeeThe Scalia Lecture: A Dialogue with Justice Elena Kagan on the Reading of Statutes (Nov. 17, 2015). Significantly, however, the Court did not limit its inquiry to the text of section 365 considered in isolation, as it has at times in past bankruptcy cases. See, e.g., RadLAX Gateway Hotel, LLC v. Amalgamated Bank, 566 U.S. 639, 645-49 (2012). Rather, it also relied on the “fundamental principle[]” that the estate has no greater rights in property than the debtor had before bankruptcy—a principle reflected in the overarching structure of the Code and its various provisions governing the estate and its property—to confirm its interpretation. Mission, 139 S. Ct. at 1661; see id. at 1663. That willingness to grapple with the overall architecture of the Code—also reflected in the Court’s decision two years ago in Czyzewski v. Jevic Holding Corp., 137 S. Ct. 973 (2017)—is a promising sign for the Court’s bankruptcy jurisprudence.
Finally, Mission once again confirms that to understand the workings of the Bankruptcy Code, one must start with the parties’ rights and obligations outside bankruptcy. To be sure, the Code can and sometimes does alter those rights and obligations, but the Court will not be quick to jump to the conclusion that Congress intended such an alteration unless the Code clearly indicates it. Likewise, the interpretation of the Code that best promotes reorganization will not always be the correct interpretation; the Code carefully balances the interests of different constituencies, and courts must respect the balance Congress struck. In short, as the Court has now held repeatedly in various contexts, the Bankruptcy Code gives debtors specific tools that can be used to maximize the value of the estate, but it does not grant either the debtor or the bankruptcy court any general power to alter the parties’ background entitlements in the service of reorganization or of an equitable resolution more broadly. See, e.g., Czyzewski, 137 S. Ct. 973 (when dismissing a Chapter 11 case, bankruptcy courts lack the power to order a distribution of estate assets that would violate the priority scheme applicable to a Chapter 11 plan). Although the Court’s view of the bankruptcy power as tied closely to the provisions of the Code may be more constrained than some bankruptcy practitioners would prefer, the Court has now made that view inescapably clear.
This article explores certain potential effects on a letter of credit transaction of the applicant for the credit becoming the subject of a bankruptcy proceeding under the United States Bankruptcy Code (Title 11 of the United States Code). [1]
What Is a Letter of Credit?
A letter of credit (LC) is an undertaking by an issuer, typically a bank (Issuer), at the request or for the account of its customer (Applicant) or, in rare cases, for itself, to a beneficiary (Beneficiary), to pay or otherwise honor a documentary presentation made by the Beneficiary (Uniform Commercial Code (UCC) § 5-102(a)(10)). A classic use of an LC is for a buyer of goods to pay the purchase price for the goods by arranging for its bank to issue an LC to the seller, payable against the seller’s presentation to the bank of a copy of the seller’s invoice for the goods and an original or copy of the transport document covering the shipment of the goods to the buyer. In this example, the buyer would be the Applicant, the bank would be the Issuer, and the seller would be the Beneficiary. Another common use of an LC is as a standby in case of a default in payment or performance of an obligation, such as an LC payable against the Beneficiary’s statement that the Applicant has defaulted in performing a specified obligation to the Beneficiary.
It is important to note two key features of LCs. First, although an LC can serve the same purpose as an ordinary guaranty in assuring a Beneficiary of payment, an LC is not a secondary obligation like a guaranty or other suretyship undertaking. It is an independent obligation of the Issuer to the Beneficiary separate from the arrangements relating to it, such as the reimbursement arrangement between the Applicant and the Issuer and the underlying purchase and sale transaction between the Applicant and Beneficiary (UCC § 5-103(d)). Second, an LC is a documentary undertaking. The Issuer’s obligation to honor is triggered by the presentation of one or more documents that appear on their face strictly to comply with the terms and conditions of the LC (UCC § 5-108(a)). In our first example above, the Issuer’s payment obligation would be triggered by the Beneficiary’s presentation of its invoice and the requisite transport document; payment would not be triggered by the fact that the Beneficiary had shipped the goods to the Applicant. The Issuer checks the presented documents, not whether the Beneficiary actually shipped the goods; neither is the Issuer responsible for any breach of contract by the Beneficiary (UCC § 5-108(f)).
Applicant’s Bankruptcy
U.S. courts have overwhelmingly held that an LC and its proceeds are not property of the Applicant’s bankruptcy estate within the meaning of 11 U.S.C. § 541. Thus, neither the Beneficiary’s presentation of drawing documents under the LC nor the Issuer’s payment of the LC would violate the automatic stay under 11 U.S.C. § 362 that prohibits, among other things, taking the property of or enforcing claims against the bankrupt. E.g., Elegant Merch., Inc. v. Republic Natl. Bank (In re Elegant Merch., Inc.), 41 B.R. 398, 399 (Bankr. S.D.N.Y. 1984). An LC is an independent undertaking running from the Issuer to the Beneficiary; the payment of the LC is by the Issuer, not by the bankrupt Applicant.
Practice tip: If the Beneficiary wants to make sure it can draw on the LC in the event of the Applicant’s bankruptcy, the LC should avoid specifying any drawing conditions that require taking action against the bankrupt or its property (e.g., do not require presentation of a statement that the Beneficiary has demanded payment from the bankrupt).
While the Applicant’s bankruptcy will not, in and of itself, prevent the Beneficiary from drawing on the LC and being paid in the first instance, will the Beneficiary be entitled to keep the LC payment? In most cases, the Beneficiary will be entitled to keep the LC payment, and whether or not the Applicant reimburses the Issuer will be the Issuer’s problem. However, there are bankruptcy scenarios in which the Beneficiary will not be allowed to keep the LC proceeds. These scenarios typically involve LCs supporting an antecedent debt owed to the Beneficiary by the Applicant, and the Issuer’s issuing the LC to the Beneficiary within the 90-day (one year in the case of an insider) bankruptcy preference period (see 11 U.S.C. § 547(b)). The following are two leading cases in which payment of an LC was seen as a preference and could be recovered by the bankruptcy estate from the Beneficiary:
Kellogg v. Blue Quail Energy, Inc. (In re Compton Corp.), 831 F.2d 586 (5th Cir. 1987), modified, 835 F.2d 584 (5th Cir. 1988) (LC issued just prior to bankruptcy to support unsecured antecedent debt of Applicant to Beneficiary, where Issuer had long ago perfected a security interest in Applicant’s assets to secure future advances; court viewed Beneficiary as an indirect transferee of that security interest granted by Applicant to Issuer and, arguably, in effect transferred to Beneficiary when Issuer issued the LC; indirect preference may be recovered from Beneficiary).
Bank v. Leasing Servs. Corp. (In re Air Conditioning, Inc. of Stuart), 845 F.2d 293, 298 (11th Cir. 1988) (Beneficiary can be subject to preference “clawback” where Applicant granted a security interest to Issuer contemporaneously with issuance of an LC to support antecedent debt of Applicant to Beneficiary).
The Beneficiary is not the only party worried about whether it can keep a payment when the Applicant becomes bankrupt. An Issuer would want to know whether it can be reimbursed and keep the reimbursement if the Applicant becomes bankrupt. In this regard, an Issuer that has paid an LC drawing is much like a lender that has made a loan to the Applicant and wants to be repaid—if the Issuer was unsecured or undersecured, and then reimbursed by the Applicant during the preference period, that reimbursement may be a preference. Similarly, if the Issuer issued an LC and later (non-contemporaneously) obtained collateral from the Applicant during the preference period, that transfer may be a preference. See, e.g., Luring v. Miami Citizens Nat’l Bank (In re Val Decker Packing Co.), 61 B.R. 831, 841-43 (Bankr. S.D. Ohio 1986).
Novices to this area often assume that the Beneficiary is better off if the Applicant pays its debts to the Beneficiary rather than defaults; however, that is not always the case. As the court said in Comm. of Unsecured Creditors v. Koch Oil Co. (In re Powerine Oil Co.), “Can an unsecured creditor be better off when the debtor defaults rather than paying off the debt? Yes. Law can be stranger than fiction in the Preference Zone.” 59 F.3d 969, 971 (9th Cir. 1995) (Payment by Applicant to Beneficiary could be preferential even though Beneficiary would have been able to draw on the LC and be paid in full had Applicant failed to pay Beneficiary.)
Practice tip: There are at least two ways for the Beneficiary to structure its transaction to avoid the Powerine trap of being unable to draw on its LC: (i) use a direct-draw or direct-pay LC (where drawing on the LC is the intended payment mechanism rather than the LC standing by to be drawn on only if the Applicant defaults), or (ii) use a standby LC that permits a drawing if the Applicant becomes bankrupt within 90 days (one year in the case of an insider) after making a payment to Beneficiary (but this can be a costly option, as it requires keeping the LC outstanding for a longer period after the date on which payment is due from the Applicant to the Beneficiary).
This brief article is only an introduction to a complicated subject. If you find the subject interesting and want to learn more, feel free to check out the American Bar Association Business Law Section’s March 29, 2019, CLE Program “Letters of Credit & Applicant Bankruptcy: U.S. & Canadian Bankruptcy Provisions and Cases for Beneficiaries, Issuers, Applicants & Others,” presented by Michael Evan Avidon (Moses & Singer LLP), Mark N. Parry (Moses & Singer LLP), Patricia A. Redmond (Stearns Weaver Miller Weissler Alhadeff & Sitterson P.A.), and Natalie E. Levine (Cassels Brock & Blackwell LLP).
With the proliferation of YouTube TV, Apple TV, and Amazon Prime Video, one might think competition in the streaming television market is flourishing. However, the major television networks continue to block competition, and legal barriers to entry have stifled competition among would-be market players not sponsored by the world’s largest multimedia companies—companies that already have millions of eyeballs before they launch television services. The outdated and uncertain legal landscape forces courts to determine the legality of many innovative services. But the high costs associated with such litigation can be prohibitive, particularly for emerging technology companies. The net result of outdated law governing constantly evolving technology is a reduction in competition and fewer choices for consumers, who are also essentially forced to pay higher fees as companies pass on legal costs.
The Copyright Act
The legal architecture that governs the delivery of broadcast television in particular is sorely out of date and goes back more than four decades to the last major overhaul of the Copyright Act in 1976. At that time, “community antennas”—large hilltop antennas connecting rural communities by dedicated physical cables and wires—were new and disruptive technology. With the 1976 amendment, Congress created a statutory license for certain secondary transmissions made by “cable systems.”
In drafting the 1976 Act, Congress recognized that “technical advances have generated new industries and new methods for the reproduction and dissemination of copyrighted works” and that there are “promises [of] even greater changes in the future.”[1] For this reason, Congress attempted to use technology-neutral language and defined the term “cable system” to allow for future advancements in the delivery of broadcast television, regardless of whether the system uses “wires, cables, microwave, or other communications channels[.]”[2]
In the 43 years since the Act’s last general update, television delivery methods have expanded to include cable, microwave, satellite, and now the internet. Typically, in response to court rulings, Congress has enacted limited updates to address specific technologies. For example, in 1988 Congress created a separate license for satellite providers.[3] And in 1994, Congress amended the definition of a “cable system” in the Copyright Act to expressly include “microwave” transmissions, another early form of wireless transmission.[4]
But none of these “band-aids” provides a comprehensive framework for market competition of constantly evolving technology. Since 1994, Congress has not modified the Copyright Act’s statutory definition of a cable system. As a result, the task of interpreting outdated statutes and regulations has been left to the courts, which do not offer an efficient solution.
The Courts
In 2014, the U.S. Supreme Court issued its decision in American Broad. Cos. v. Aereo, Inc.,[5] finding it engaged in public performance. At the time, certain amici argued Aereo met the Act’s definition of cable system. Although Aereo declined to pursue that argument, the Court seemed to embrace its logic, reasoning that Aereo is “substantially similar to” and “is for all practical purposes a traditional cable system[.]”[6]
In 2016, FilmOn X, LLC v. Fox Television Stations, Inc.[7] (FilmOn) was argued before the D.C. Federal Circuit Court of Appeals. FilmOn urged the court to find that companies providing film and television content over the internet (over-the-top or OTT) were within the Act’s definition of a “cable system.” The FilmOn case settled shortly after the two-hour argument, and another opportunity for the courts update the interpretation of outdated legislation passed.
On July 31, 2019, the major broadcast networks filed a copyright infringement lawsuit in the Southern District of New York[8] to shut down yet another new streaming service, “Locast.” Locast asserts that it fits within another statutory license for nonprofits that provide a public service by retransmitting broadcast television for free or at cost and without any commercial purpose.[9] Although the outcome of the Locast litigation is uncertain, it is certain that Locast must now bear the heavy expense of defending its model in court based on severely outdated law.
Conclusion
Unlike the Apples and Googles of the world, smaller emerging technology companies lack the established consumer bases and market power necessary to leverage their own content deals in the context of today’s outdated law. In the absence of legislative action, and in today’s chilled regulatory environment, the courts are left to interpret existing law in a fair, technologically neutral fashion. The right government action will provide consumers more choice, as well as more control over the content they receive and how they receive it.
The legal industry is getting with the program, so to speak. Like many industries before it—including technology, financial services, and manufacturing—a large part of the legal industry now recognizes that data is a strategic asset. Further, modern law firms are now striving to build data-driven cultures enabled by emerging and innovative technologies like artificial intelligence (AI), cloud computing, and blockchain.
Progress has been made on this front, but it is still early in the new technology adoption curve for the legal industry. Despite the fact that law firms possess significant amounts and types of data, it is often fragmented by lawyer or practice silos.
Siloed data makes it impossible to derive the necessary insights and collaborate effectively. In addition, most of the centralized systems and processes that do exist are legacy systems, e.g., spreadsheets, generic , and SharePoint, that are incompatible with the rest of the firm’s technology and workflow processes. The result is missed business opportunities as the complexity of engagements continues to increase and lost market share to competitors that take a more modern approach to data. This dynamic has become a major issue facing law firms in the client-empowered era that exists today with more discerning, price-sensitive clients and leaner margins.
Although the top one percent of global firms will be insulated from profitability concerns for the foreseeable future, the other 99 percent must take action based on data-driven decisions in collaboration with institutional knowledge.
The CMO’s Dilemma
Although the scenario above applies to all functional areas of a law firm, the problem is particularly acute with marketing.
Rather than delivering proactive client insights that inform new business opportunities, many law firm marketing departments remain mired in administrative work due to the heavy responsibility of manual data gathering. In a 2018 Bloomberg Law study, legal marketeers cited “lack of time” as their primary challenge.
Eliminating the manual data gathering tasks to free up time for strategic consultation is critical. CMOs in particular cannot discuss strategy with lawyers and identify new business opportunities without the necessary insights that come from client data and relationship knowledge.
The Modern Law Firm and Technology Innovation Are Inextricably Connected
When people ask me what being a “modern” law firm entails, I tell them it means employing strategies, initiatives, and investments that enable the firm to keep pace with rapidly changing client demands, market conditions, and new technologies. These modernization initiatives typically involve unifying people, processes, and data.
The most successful firms are those that transition their organizations from a reactive to an insights-based posture. Making this transition accelerates a firm’s ability to win business with both new and existing clients. The key is unifying data across the entire client lifecycle so the people who need it are able to easily access it. Data that flows with limited friction throughout a firm—where and when it is needed—delivers insight and value.
So how do these modern firms make the transition? The highest-impact move is to replace legacy systems with a robust, full client lifecycle platform that facilitates key client planning (the “80-20 rule,” where 80 percent of an organization’s profits come from 20 percent of its customers, is just as true in the legal industry) to better positioning themselves for growth.
Specific to marketing, a unified system powered by modern technologies like AI and cloud computing eliminates “random acts of marketing” and allows CMOs to spend more time, energy, and discipline on enhancing the client experience.
By the same token, lawyers can use the best possible and most up-to-date data to make decisions, increasing their chances of exceeding client expectations and keeping retention rates high.
The net-net: by making the move to a modern, unified platform, firms gain the ability to use their data to seize nearly every opportunity for growth as opposed to not having the data they need and missing opportunities.
Data may or may not be the “new oil,” as the (now clichéd) maxim goes, but it’s pretty clear that every business operates in what is now a data economy. Thus, it’s not surprising that, armed with the right data at the right time in the hands of the right people, law firms can extract insights that drive better decision-making, and better decisions are every firm’s best fuel source for revenue growth and continued profitability.
Wyoming has taken the lead in updating its version of Article 9 of the Uniform Commercial Code to provide new commercial law for blockchain technology and virtual currency. Wyoming’s approach offers benefits to market participants looking to perfect a security interest in assets created through blockchain technology, but its revisions are far from comprehensive and do not integrate into existing commercial law norms with respect to the perfection and priority of security interests. This article will provide a brief overview and analysis of the amendments to Article 9 of the Wyoming Uniform Commercial Code with respect to perfection and priority and will highlight issues market participants may wish to consider prior to taking advantage of the Wyoming amendments.
In February 2019, the Wyoming legislature passed Senate File No. SF0125 (SF0125). Effective July 1, 2019, SF0125 amended Article 9 of the Wyoming Uniform Commercial Code (WY-UCC) to: (1) define digital assets that utilize blockchain and distributed ledger technology (such assets Blockchain Assets, and such technology Blockchain Technology); (2) classify Blockchain Assets under the perfection and priority regime; (3) establish special rules for perfection and priority with respect to such Blockchain Assets; and (4) provide a framework for banks to act as custodians with respect to Blockchain Assets (Blockchain Custodians).[2]
The Wyoming legislature has recognized the importance of Blockchain Technology and the need to adapt existing commercial law to these new technological developments. Blockchain Technology is revolutionizing the financial services industry in many ways, affecting the issuance and exchange of digital securities and the transfer and maintenance of virtual currency, as well as recording evidences of indebtedness and the use of electronic documents of title. Wyoming is not alone in embracing new developments in Blockchain Technology; for example, Delaware and Maryland have recently amended both their general corporation laws and limited liability company laws to provide for the creation and maintenance of corporate and company records with respect to equity interests using Blockchain Technology, and financial institutions have begun negotiating and syndicating loans using Blockchain Technology.[3] Wyoming is leading the way, however, in addressing Blockchain Technology’s impact on the attachment, perfection, and priority rules of Article 9 of the Official Text of the Uniform Commercial Code (UCC).[4]
Overview of SF0125 with Respect to WY-UCC Article 9
SFR0125 amends the WY-UCC to provide four key elements: (1) a baseline set of definitions for Blockchain Assets; (2) classifications of Blockchain Assets as property under the WY-UCC; (3) rules outlining how perfection and priority of security interests under WY-UCC Articles 8 and 9 apply to Blockchain Assets; and (4) rules treating Blockchain Custodians as securities intermediaries under WY-UCC Article 8.[5]
(a) Baseline Definitions with Respect to Blockchain Assets
SFR0125 creates a new defined term for Blockchain Assets called “digital assets,”[6] which term is further divided into three subtypes: “digital security,” “virtual currency,” and “digital consumer asset.” “Digital security” means a digital asset which constitutes a security under Wyoming Statute section 17-4-102(a)(xxviii),[7] but excludes virtual currencies and digital consumer assets.[8] “Virtual currency” means a digital asset that is (1) used as a medium of exchange, unit of account, or store of value, and (2) not recognized as legal tender by the U.S. government.[9] “Digital consumer asset” is a catch-all provision that includes a digital asset that is used or bought primarily for consumptive, personal, or household purposes and includes Blockchain Assets that would be “an open blockchain token constituting personal property” and any other digital asset that is not a digital security or a virtual currency.[10] SFR0125 further provides that the terms “digital consumer asset,” “digital security,” and “virtual currency” are mutually exclusive.[11]
(b) Classifications of Blockchain Assets as Property with Respect to WY-UCC
After providing baseline definitions for Blockchain Assets, SF0125 § 29-102(b) provides the general rule as to how the different types of Blockchain Assets are to be treated under WY-UCC Articles 8 and 9:
(1) Virtual currencies are considered money, notwithstanding the definition of “money” under WY-UCC Article 1, but only for the purposes of WY-UCC Article 9.
(2) Digital consumer assets are considered “general intangibles” under WY-UCC Article 9, but only for the purposes of WY-UCC Article 9.
(3) Digital securities are considered “securities” as defined in WY-UCC Article 8 and “investment property” as defined in WY-UCC Article 9, but only for purposes of WY-UCC Articles 8 and 9. [12]
Section 29-102(b) then provides for an opt-in provision (Opt-In) for financial asset treatment under WY-UCC Article 8 with respect to Blockchain Assets under the WY-UCC.[13] A Blockchain Asset (note that this can be a digital consumer asset, a virtual currency or a digital security) may be treated as a “financial asset” as defined under Article 8 of the WY-UCC pursuant to a written agreement with the owner of the Blockchain Asset. If treated as a financial asset, the Blockchain Asset shall remain an “intangible personal property.”[14]
In addition, SF0125 provides that a Blockchain Custodian meeting the requirements of section 29-104 is considered to be a “securities intermediary” as defined in WY-UCC Article 8.[15]
(c) Perfection and Priority Rules with Respect to Blockchain Assets
In addition to providing property classifications for Blockchain Assets, SF0125 creates an overlay to the existing perfection and priority scheme under WY-UCC Article 9 with respect to Blockchain Assets, including, among others, the following provisions:
(1) Perfection of a security interest in a Blockchain Asset may be achieved through a new form of control pursuant to section 29-103(e)(i). A security interest in a Blockchain Asset perfected by control has priority over a security interest that is not perfected by control.[16]
(2) Before a secured party may take control of a digital asset, it shall enter into a control agreement with the debtor.[17]
(3) A secured party may file a financing statement with the secretary of state to perfect a security interest in a Blockchain Asset, including to perfect a security interest in proceeds from such Blockchain Asset pursuant to WY-UCC § 9-315(d) (continuation of perfection in proceeds).[18]
(4) With respect to a security interest in Blockchain Assets perfected by a method other than control, a transferee takes a Blockchain Asset free of such security interest two years after such transferee takes the asset for value and does not have actual notice of an adverse claim during the two-year window.[19]
(5) Pursuant to section 29-103(e)(i), “control” of a Blockchain Asset means:
(a) a secured party, agent, custodian, fiduciary, or trustee of the party has the exclusive legal authority to conduct a transaction relating to a Blockchain Asset including by means of a private key or the use of a multi-signature arrangement authorized by the secured party; or[20]
(b) a smart contract[21] created by a secured party which has the exclusive authority to conduct a transaction relating to a Blockchain Asset.
(6) Pursuant to section 29-103(f), “control” of a Blockchain Asset is equivalent to the term “possession” of a tangible asset and, pursuant to section 29-103(f), perfection of a Blockchain Asset by control creates a possessory security interest and does not require physical possession.[22]
(7) A Blockchain Asset is located in Wyoming if the asset is held by a Wyoming custodian, the debtor or secured party is physically located in Wyoming, or the debtor or secured party is incorporated or organized in Wyoming.[23]
Analysis of SF0125 with Respect to Perfection and Priority Rules under WY-UCC Article 9
SF0125 provides generally that a secured party may perfect its security interest in a Blockchain Asset by properly filing a financing statement or by control. Control is achieved by the debtor and secured party entering into a control agreement (Blockchain Control Agreement), and the secured party then taking control of the Blockchain Asset pursuant to section 29-103(e)(i) (Blockchain Control).[24] A secured party perfected by Blockchain Control has priority over a secured party that does not have Blockchain Control, and the secured party perfected by Blockchain Control is deemed to have a possessory security interest. A Blockchain Asset subject to a security interest perfected by filing (but not control) is “taken free” of any security interest in such Blockchain Asset by a transferee (a Blockchain Transferee) after two years if such Blockchain Transferee does not have actual, as opposed to constructive, notice of an adverse claim during such two-year window (Two-Year Rule). Additionally, a Blockchain Asset may be treated as a “financial asset” under WY-UCC Article 8 pursuant to an agreement between the owner of the Blockchain Asset and a securities intermediary, at which point the perfection and priority rules governing security entitlements in a securities account would apply (without reference to the new rules regarding Blockchain Assets) and perfection may be achieved through a traditional tri-party control agreement.[25]
(a) Perfection in Blockchain Assets as “Digital Assets”
SF0125 implicitly contemplates the default UCC rule that a secured party may perfect its security interest in most types of personal property, including those types of which Blockchain Assets are comprised, by filing a financing statement, although it contains no special discussion of financing statement rules related to Blockchain Assets. The treatment of digital consumer assets as general intangibles and digital securities as securities under WY-UCC Article 8 (which are categorized as investment property under WY-UCC Article 9) leads to the interpretive conclusion that perfection may be achieved by properly filing a financing statement.[26] One of the benefits of the perfection by filing system is that secured parties can rely on a filing regime to put third parties on notice of their secured claims without having to monitor subsequent transfers of a debtor’s assets.[27] Under the Two-Year Rule, however, a Blockchain Transferee needs actual notice, as opposed to constructive notice (by UCC filing or otherwise), to avoid the two-year filing priority lapse. Therefore, if a secured party perfected solely by filing is unaware that a Blockchain Asset subject to its security interest has been subsequently transferred, then it runs the risk of becoming second in priority or even losing its security interest in such Blockchain Asset entirely. The Two-Year Rule is a new facet to the WY-UCC that has no analog elsewhere in Article 9 of the UCC, and the harshness of this rule incentivizes secured parties to perfect by control in order to protect against third-party claims to Blockchain Assets.
As discussed above, a secured party may perfect its security interest in Blockchain Assets by Blockchain Control. Section 29-103(f) provides that Blockchain Control creates a possessory security interest in a Blockchain Asset.[28] Although SF0125 does not explicitly so state, it is reasonable to conclude that the intent of SF0125 is to provide that a security interest in Blockchain Assets perfected by Blockchain Control is to be governed by the sections of WY-UCC Article 9 that pertain to possessory security interests. As such, a secured party perfected by Blockchain Control:
(2) is perfected if a person, other than the secured party, has Blockchain Control and that person authenticates a record acknowledging that it holds the Blockchain Asset for the secured party’s benefit;[30]
(3) remains unaffected by a buyer of such Blockchain Asset purchased in the ordinary course of business, so long as Blockchain Control is maintained by the secured party or its agent;[31]
(4) may be governed by consignment rules of section 9-319;[32] and
(5) is governed by the law where the collateral is located with respect to perfection, the effect of perfection or nonperfection, and the priority of such collateral.[33]
Pursuant to WY-UCC § 9-207, a secured party perfected by Blockchain Control will also be required to exercise reasonable care with respect to such Blockchain Asset (among other duties as specified in WY-UCC § 9-207).[34]
As stated previously, the Two-Year Rule incentivizes secured parties to perfect their security interests in Blockchain Assets by Blockchain Control. However, because Blockchain Control creates duties of reasonable care on the part of a secured party exercising Blockchain Control, which could impose additional liability on a secured party, secured parties may want to take the additional step of utilizing a Blockchain Custodian to achieve Blockchain Control. A bank meeting the Blockchain Custodian requirements of WY-UCC § 29-104 will also meet the requirements of the definition of a securities intermediary, thereby gaining the benefits afforded to a securities intermediary under WY-UCC Article 8.[35] A bank, excluding national banks, having a place of business in Wyoming and offering custodial services under WY-UCC § 29-104, is subject to specified custodial requirements with respect to maintaining Blockchain Assets.[36] Those custodial requirements include obligations to accounting and internal control standards in accordance with applicable state or federal law; an obligation to maintain best practices relating to Blockchain Assets; and obligations to comply with anti-money laundering and beneficial ownership requirements.[37] In addition, a bank acting as a Blockchain Custodian is required to submit to independent audits conforming to 17 C.F.R. § 275.206(4) regarding the Blockchain Assets in its custody and to maintain control over such Blockchain Assets while in its custody as a bailment.[38] Therefore, a secured party that has perfected its security interest through a Blockchain Custodian would have the benefit of a regulatory framework that both provides technological standards a Blockchain Custodian is required to maintain and clarifies the legal relationship between a Blockchain Custodian and the owner of such Blockchain Assets.
(b) Opt-In
Pursuant to SF0125 § 29-102(b), and consistent with UCC norms, parties may agree to treat a Blockchain Asset as a financial asset as defined in WY-UCC Article 8 (Opt-In).[39] This section is most likely intended to preserve the existing UCC constraint that allows debtors and secured parties to opt into the securities intermediation regime under WY-UCC Article 8, Part 5, whereby the debtor would be the entitlement holder of a security entitlement maintained in a securities account by a securities intermediary.
Perfection of security interest in a security entitlement may be achieved by filing or control pursuant to WY-UCC §§ 9-312(a) and 9-106, respectively.[40] Perfection by control under WY-UCC § 9-106 is in turn governed by WY-UCC § 8-106, pursuant to which the financial asset is treated as an indirectly held security entitlement in a securities account through a securities account control agreement.[41] If a secured party perfects by control, then its security interest has priority over security interests perfected by filing, and the collateral is taken clear of any adverse claims without notice.[42] So long as the owner of the Blockchain Asset agrees, the Opt-In would apply to all Blockchain Assets, including digital securities, digital consumer assets and virtual currencies, effectively collapsing the three subtypes of Blockchain Assets into the single term “financial asset,” as well as removing the requirement for a separate Blockchain Control Agreement.[43]
However, the unamended WY-UCC and UCC already allow for secured parties to opt-in to security entitlement treatment. The securities intermediary concept is well established under UCC Article 8 and is functionally similar to a deposit account bank. A debtor credits its financial asset to a securities account maintained with a securities intermediary, and the debtor and the secured party enter into a securities account control agreement whereby the securities intermediary agrees to comply with the entitlement orders of the secured party without further consent of the debtor.[44] When the debtor credits its financial assets to a securities account with a securities intermediary, the financial assets become “security entitlements” and the debtor an “entitlement holder.”[45] The securities intermediary concept reflects the commercial realities that financial assets are often held not by the owners themselves, but by intermediaries and clearing entities in order to reduce administrative burdens and create liquidity by increasing the efficiency of transfers in such assets.[46] Like money held in a deposit account, the security entitlement is not the property right in specific financial assets, but rather the rights in the account of fungible assets maintained by the securities intermediary. As such, if the Blockchain Asset is a security entitlement, then control is achieved pursuant to the rules set forth in WY-UCC § 8-106(d)—the same rules that apply to any other financial asset that is a security entitlement.[47] As outlined above, because debtors and secured parties can rely upon an existing control regime under the WY-UCC in place prior to SF0125, and because the rules governing Blockchain Custodians refer back to that same regime, the Opt-In provision appears unnecessary.
(c) Choice-of-Law Considerations for Secured Parties
SF0125 § 29-105 provides that the courts of Wyoming shall have jurisdiction to hear claims in both law and equity relating to Blockchain Assets, including those arising from the WY-UCC.[48] Further, section 29-103(f) provides that a Blockchain Asset is located in Wyoming if the Blockchain Asset “is held by a Wyoming custodian, the debtor or secured party is physically located in Wyoming or the debtor or secured party is incorporated or organized in Wyoming.”[49] These two provisions offer a jurisdictional hook in which secured parties may avail themselves of the WY-UCC, as amended by SF0125. If the Blockchain Asset is held by a custodian located in Wyoming, or either the secured party or the debtor is located or organized in Wyoming, then a secured party could avail itself of the benefits of the WY-UCC (as amended by SF0125) in a Wyoming court. However, regardless of the jurisdictional provisions in SF0125, courts, located in Wyoming or otherwise, may be unwilling to apply the WY-UCC as amended by SF0125 when adjudicating claims because of the choice of law rules found in the WY-UCC and UCC.[50] For example, a judge in another state such as New York would begin a choice of law analysis by opening the New York version of the UCC, not the Wyoming version of the UCC. Further, a court may be subject to the mandatory choice of law rules in the UCC designed to protect third-party interests. As a result, secured parties may find their security interests in Blockchain Assets unperfected if a court does not apply Wyoming law.
The UCC, including the WY-UCC, has its own intricate choice-of-law rules, and the presence of a non-uniform provision in one jurisdiction does not require courts to recognize or defer to it. Section 9-301 of the UCC and WY-UCC provides that “except as otherwise provided in this section, while a debtor is located in a jurisdiction, the local law of that jurisdiction governs perfection, the effect of perfection or nonperfection, and the priority of a security interest in collateral.”[51] When determining the location of a debtor, the UCC provides that:
(1) a debtor that is organized under the law of a state is located in that state (e.g., a Delaware limited liability company is located in Delaware);[52]
(2) a debtor that is an individual is located at its principal place of residence; and
(3) a debtor that is an organization that is not registered is located at its place of business or, if it has more than one place of business, its chief executive office.[53]
Therefore, when adjudicating a claim involving a debtor located in Delaware, for example, a court would look to the UCC in effect in Delaware, and not the WY-UCC.[54] In applying the Delaware version of the UCC, a court would not apply the SF0125 provisions governing Blockchain Assets because no such provisions exist. If the secured party did not file a financing statement, then its security interest may be unperfected.[55] A secured party located in Wyoming may argue that Blockchain Control (either its own or through a Wyoming Blockchain Custodian) creates a possessory security interest, and that UCC § 9-301(2), which provides that the law where the collateral is located governs, would apply. However, if the debtor is not located in Wyoming, then courts may find such argument unpersuasive pursuant to section 9-301(1).[56] If the secured party has Opted-In with a properly executed securities account control agreement, and the security intermediary is located in Wyoming, then the WY-UCC may govern pursuant to section 9-305(a)(3),[57] but as discussed above, secured parties can already opt-in to UCC Article 8 with respect to security entitlements under UCC Article 8.
Conclusion
The Wyoming legislature correctly recognizes the revolutionary aspects of Blockchain Technology and is a first-mover in modernizing commercial law for Blockchain Assets. Although Wyoming deserves praise for addressing transactions dealing with Blockchain Assets, in many ways their amendments fall short. SF0125 deviates from UCC norms with respect to control and perfection-by-filing, and highlights unresolved policy considerations with respect to the application of commercial law to Blockchain Assets. Ambiguities in the control-related provisions of SF0125 raise questions of how much “control” a secured party must have over a Blockchain Asset to call its security interest perfected. The Two-Year Rule attempts to balance the rights of a Blockchain Transferee and a secured party, but strips the effectiveness of a financing statement in ways that will trouble a typical commercial law practitioner. The end result of SF0125 is a Blockchain Asset overlay that may create ambiguities within the existing UCC perfection and priority regime. Further, because the Wyoming legislature has enacted a non-uniform UCC, there are legitimate questions as to whether other jurisdictions will recognize any Wyoming claims or even apply the WY-UCC when determining perfection and priority. As a result, rather than creating a forward-looking system, the Wyoming legislature has created a perfection and priority scheme in which secured parties may prefer to rely on the oldest form of perfection—a possessory pledge—or the very institutions that blockchain advocates seek to eliminate—intermediaries.
[1] The views expressed in this article are exclusively those of the author and do not necessarily reflect those of Sidley Austin LLP and its partners. This article has been prepared for informational purposes only and does not constitute legal advice. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking advice from professional advisers. The author thanks Teresa Harmon, T.J. Gordon, and Lilya Tessler of Sidley Austin LLP for their review and comments. The author also thanks Carter Isham for her help proofing and many read-throughs.
[4] This article will primarily focus on the amendments to WY-UCC Article 9. At times it will be beneficial to compare the WY-UCC to the Official Text of the Uniform Commercial Code. When referring to the Official Text of the Uniform Commercial Code, this article will use the designation “UCC”.
[5] SF0125 § 29-102(c). SF0125 provides extensive definitional language for what constitutes a Blockchain Asset and Blockchain Technology in general. This article will focus on the implications of amendments to the Article 9 perfection and priority regime. The definitional language with respect to Blockchain Technology will be addressed in a separate article at a later time.
[6] SF0125 § 29-101(a): “‘Digital Asset’ means a representation of economic, proprietary or access rights that is stored in a computer readable format, and includes digital consumer assets, digital securities and virtual currency.” The definitional and classification scheme of SF0125 leverages defined terms from different statutory regimes (e.g., the Wyoming Uniform Securities Act as discussed below) that do not readily fit into WY-UCC Articles 8 and 9. The definitional and classification scheme of SF0125 also raises statutory interpretation questions (e.g., whether the use of “includes” in the definition of digital asset should be read to mean that digital securities, virtual currencies, and digital consumer assets are the exclusive subcategories of digital assets or is meant to be exemplary).
[7]See Wyo. Stat. § 17-4-102(a)(xxviii) (Wyoming Uniform Securities Act) (definition of “security” includes, among other things, certificated and uncertificated securities, evidence of indebtedness, “investment contracts,” or “an interest or instrument commonly known as a ‘security’”, but pursuant to the recently passed Wyoming Utility Token Act (H.B. Wyo. Leg. No. 0062 (Feb. 2019) (Wyoming Utility Token Act)), effective July 1, 2019, does not include utility tokens (tokens maintained on an open blockchain whose predominant purpose is consumptive and not marketed to initial buyers as a financial investment)).
[9]Id. § 29-101(a)(iv) (emphasis added). Note that WY-UCC Article 9 and UCC Article 9 define money as “a medium of exchange currently authorized or adopted by a domestic or foreign government. The term includes a monetary unit of account established by an intergovernmental organization or by agreement between two or more countries.” See WY-UCC § 9-102(24) and U.C.C. § 9-102(24).
[12]Id. § 29-102(a). A token that is a security under the Wyoming Uniform Securities Act may not necessarily be a security under WY-UCC Article 8 (see WY-UCC §§ 8-102(15)(ii) & (iii)). Given that the definition of “security” under Article 8 is not co-extensive with the definition found in the Wyoming Uniform Securities Act, there is a potential gap of how to treat digital securities that are not “securities” under WY-UCC Article 8. SF0125 § 29-103(a)(ii) bridges this gap by providing that digital securities that are “securities” under the Wyoming Uniform Securities Act are classified as a “security” under WY-UCC Article 8 and “investment property” as defined in WY-UCC Article 9 “only for purposes of Articles 8 and 9 of the [WY-UCC]” (emphasis added).
[13] As discussed in more detail below, U.C.C. § 8-102(a)(9) (and the WY-UCC) already allows for debtors and secured parties to opt into Article 8 financial asset treatment without having to rely on the amendments provided for in SF0125.
[14] SF0125 § 29-102(b). Since “intangible personal property” is not a definition in the UCC, the term is presumably meant to conform to terminology used in the Wyoming Utility Token Act to make clear that digital consumer assets that are conducted on an open blockchain are non-physical personal property and not securities as defined in the Wyoming Uniform Securities Act.
[17]Id. § 29-103. A control agreement may include terms under which a secured party may pledge its security interest in the Blockchain Asset as collateral for another transaction. Note that the language contemplates a bilateral control arrangement between the secured party and the debtor. Control arrangements in deposit accounts and security entitlements contemplate tripartite agreements (see U.C.C. §§ 9-104, 9-106).
[20] Note that SF0125 § 29-103(e)(i) is missing a conjunction between subclauses (A) and (B). Thus, it is unclear if a smart contract is a necessary and sufficient factor or merely a necessary factor in establishing control. Judging from context, it is reasonable to conclude that SF0125 intended control to be attainable through “exclusive authority” or a smart contract.
[21]See SF0125, which also provides definitions with respect to a “smart contract,” “multi-signature arrangement,” and “private key,” an analysis of which is beyond the scope of this article.
[24] The bilateral control agreement concept is a departure from previous UCC Article 8 and 9 securities and account control agreements which contemplate a tri-party agreement involving the debtor, secured party and an intermediary with respect to assets held in an account. See U.C.C. §§ 9-104(a)(2) and 8-106(d)(2).
[25] As discussed below, this is most likely meant to clarify that WY-UCC Article 8, Part 5, which in part covers indirectly held intermediated securities and financial assets, may be applied to Blockchain Assets.
[26]See WY-UCC §§ 9-312(B)(3), 9-313. This issue is discussed further below. Omitting any specific guidance for perfection-by-filing leaves the status of virtual currency in doubt, given that particular digital asset is treated as money under Article 9, which may mean that perfection can only be achieved by possession.
[27] Note that purchasers of chattel paper and other instruments may have priority over secured parties perfected by filing pursuant to section 9-330 of the UCC. (See U.C.C. § 9-330.)
[31]Id. § 9-320(e). An example of a purchaser of Blockchain Assets who would not have Blockchain Control would be a seller who executes a bill of sale for assets outside of the blockchain system to a purchaser.
[32]Id. § 9-319. To the extent that a Blockchain Asset becomes characterized as a “good.”
[34]Id. §§ 9-207(a), (b) (e.g., the secured party shall keep collateral identifiable).
[35] SF0125 § 9-102(c). For example, section 8-509(b) provides that: “to the extent that specific standards for the performance of the duties of a securities intermediary or the exercise of the rights of an entitlement holder are not specified by other statute, regulation, or rule or by agreement between the securities intermediary and entitlement holder, the securities intermediary shall perform its duties and the entitlement holder shall exercise its rights in a commercially reasonable manner.”
[36]Id. §§ 9-104(a), (b). Pursuant to section 9-104(p), “‘Bank’ has the meaning ascribed to it in W.S. 13-1-101(a)(i). W.S. 13-1-101(a)(i) (Banks, Banking and Finance) in turn provides that a “‘Bank’ means any corporation, excluding national banks, having a place of business within this state which engages in banking business.”
[37] SF0125 § 9-104(b). While SF0125 § 29-102(b) references the entire definition of “financial asset,” it is reasonable to conclude that Opt-In treatment means Blockchain Assets would be treated as security entitlements pursuant to section 8-102(9)(iii) of the WY-UCC. See WY-UCC § 8-102(a)(9)(iii): “any property that is held by a securities intermediary for another person in a securities account if the securities intermediary has expressly agreed with the other person that the property is to be treated as a financial asset under this Article [8].”
[39] Such agreement, even though it only requires that the owner of the Blockchain Asset be a party, would, for practical reasons, be a tripartite arrangement between the debtor, the secured party, and a securities intermediary.
[40] Sections 9-312(a) & 9-106 govern rules for investment property, which includes securities entitlements and securities accounts. See WY-UCC § 9-102(a)(49). “Investment Property” means security entitlement and securities account.
[41] WY-UCC § 9-106(a): “a person has control of a . . . security entitlement as provided in Section 8-106.”
[43] A security agreement granting a security interest in such Blockchain Asset and a securities account control agreement will still be required.
[44]See WY-UCC § 8-106(d) (“the securities intermediary has agreed that it will comply with entitlement orders originated by the purchaser without further consent by the entitlement holder”).
[45]See U.C.C. § 8-102 cmt. 17 (“A securities entitlement means the rights and property interest of a person who holds securities or other financial assets through a securities intermediary”) and § 8-102 cmt. 7 (an entitlement holder is the person who holds the security entitlement).
[49]See id. § 29-103(f). “Wyoming custodian” is not defined, but it is not unreasonable to conclude that it would include both Blockchain Custodians and Wyoming entities that have not opted into the Blockchain Custodian framework provided by SF0125.
[50] A court may be unwilling to apply the WY-UCC for public policy reasons as well.
[54]See Arrow Oil & Gas, Inc. v. J. Aron & Co. (In re SemCrude L.P.), 864 F.3d 280, 291–92 (3d Cir. 2017) (determining that, under UCC § 9-301(1), because debtors were organized in Delaware and Oklahoma, the UCC in effect in Delaware and Oklahoma applied and therefore the security interest in the collateral at issue was unperfected, notwithstanding automatic perfection provisions under Texas and Kansas versions of the UCC).
A secured party and debtor may agree by contract in the security agreement to have the WY-UCC be the governing law; however, such agreement does not insulate them from third-party claims that the laws of a different jurisdiction would apply.
[55] A Blockchain Asset would most likely be characterized as a general intangible, the catch-all definition under UCC Article 9. See U.C.C. § 9-102(a)(42).
[56] Despite the qualifying lead-in language “except as otherwise provided in this section” found in UCC § 9-301(1), unless a court is already using the WY-UCC to conduct its choice of law analysis, such court with a non-Wyoming debtor may conclude that the UCC in effect in the debtor’s location would apply, and not the WY-UCC. As discussed above, the Blockchain Asset definitions and related possessory security interests rules governing Blockchain Assets provided in the WY-UCC (as amended by SF0125) currently only exist in the WY-UCC. A court using the UCC of any other state would most likely categorize a Blockchain Asset as a “general intangible” for which perfection is achieved only by filing and not by possession. Accordingly, UCC § 9-301(1) (location of debtor) and not UCC § 9-301(2) (location of collateral) would govern the choice of law analysis of a court. See In re SemCrude, 864 F.3d at 291-292.
[57]See U.C.C. § 9-305(a)(3) (providing that the local laws of the securities intermediary’s jurisdiction govern perfection and priority of a security interest in a security entitlement or securities account).
This article is based on the chapter entitled “Customer Health and Safety, Marketing and Labeling, and Customer Privacy” written by the authors in the forthcoming ABA Deskbook on CSR. Authors of a companion chapter in the book have written on CSR and cybersecurity.
Product responsibility and customer care are core issues when discussing corporate social responsibility. Good corporate citizens must acknowledge, understand, and incorporate appropriate compliance on issues related to a company’s main business purpose: to sell goods or services to customers. That means that for companies that sell products, those products must be safe and must inform and sometimes warn customers of any potential issues with such products. Additionally, marketing and advertising for goods and services should also reflect the overall CSR policies of a corporate entity, including truthfulness and fairness of such materials. Finally, companies should also plan for and acknowledge potential or possible privacy issues when it comes to their customers’ data.
Corporate social responsibility is, at least in name, a relatively new phenomenon, although for lawyers it has always been a “thing.” Traditionally, members of the bar were expected to support their associations and their communities by contributing pro bono time and services. This can involve providing representation to indigent clients accused of crimes; assisting persons at or near the poverty line with no-cost legal assistance pertaining to credit, housing, or employment matters; or serving on, or advising, the boards of nonprofit organizations established to support need-based, educational, religious, or other assistance to the communities they have been established to serve. Viewed through this lens, corporate social responsibility has been, in a real sense, a long-standing component of law practice in the United States.[1]
The history of corporate social responsibility is generally seen as a product of the later 20th century,[2] but actions taken by corporations as early as the mid-19th century already demonstrated a desire by some companies to address criticisms of the new British factory system by supporting employee-oriented concerns.[3] Questions of motivations (whether employers were truly concerned with employee welfare, or had in mind business considerations such as enhanced employee productivity) and even legality aside (whether a corporation could properly discharge its duties to shareholders by expending sums for the benefit of employees), the arguments of reformers and the responses of some business owners at that time mark even those early dates as an arguable beginning for a kind of corporate social responsibility.
If an early vision of such a corporate social responsibility encompassing employee welfare became evident in the mid-19th century, it took longer before there was widespread recognition that customers at large should have some expectation of health and safety with regard to products now mass-produced by industrialized businesses. The development of product liability law in a modern sense can be traced to MacPherson v. Buick Motor Co.,[4] in which Benjamin Cardozo, then Chief Judge of the New York Court of Appeals, wrote a decision that dispensed with the doctrine of privity in negligence cases. Previously, the requirement that there be contractual privity between an injured party and the party which it sued had forced those injured by faulty products to sue parties which were usually distributors but not the manufacturers or parties ultimately responsible for the defect. Cardozo’s decision made it possible for a plaintiff to pursue the manufacturer because, with the requirement for privity removed, the harm from a defective item was now the responsibility of the manufacturer.[5]
Still, although McPherson eliminated one hurdle, others remained in place, including the ongoing difficulties of proving a close causal connection between the manufacturer and the injured party, the prevalence of a narrow view of the concept of product defects, and a somewhat welcoming view of defenses based on plaintiff misconduct or assumption of risk.[6]
It was not until later, during the 1960s, that a broader conception of products liability was realized. Many commentators[7] point to two prominent cases, Henningsen v. Bloomfield Motors, Inc.[8] and Greenman v. Yuba Power Products, Inc.,[9] and the final approval of Restatement (Second) of Torts § 402A,[10] as marking the arrival of a “modern” era in strict products liability law.
In Henningsen, the New Jersey Supreme Court struck down the notion put forward by the defendant manufacturer that it should benefit from private limitations on warranties. In Henningsen, the conclusion reached was that these sorts of limitations were not in the public interest; thus, manufacturers should not be shielded by such limitations from the harms caused by the products they had sold into the marketplace.[11]
In Greenman, the California Supreme Court embraced the theory that recovery for products liability, without regard for fault, should be grounded in tort law, not contract law.[12]
With the formal approval of section 402(A) of the Restatement in 1964 by the American Law Institute, there came into existence a set of fundamental rules to address the issue of strict products liability in tort.[13]
Although we now take these developments for granted, it has been only a little more than 50 years since these developments redefined issues of product safety and liability for corporations engaged in manufacturing goods.
Today, it is likely that notions of product liability or responsibility can be found as one of the component pieces of a large company’s statement of policy or commitment to “product responsibility,”[14] “extended producer responsibility,”[15] or “product stewardship.”[16] What originally began as a fundamental but relatively straightforward treatment of risk allocation and responsibility questions with regard to manufactured products is now evolved to a more nuanced and comprehensive approach to reducing health, safety, and environmental risks associated with consumer products. CSR can even be found in the impulse of some companies to take a lifecycle approach to these problems, which focuses not only on sustainable end-of-life management, but also incorporates waste management solutions that are the result of product design innovations and negotiations among multiple stakeholders.[17]
With regard to voluntary efforts at CSR, nonprofit organizations are at the forefront of some of the initiatives in this area and work closely with member corporations and governments to develop not only voluntary initiatives, but also recommendations about legislative solutions to issues related to product or producer responsibility.[18]
In the area of compulsory extended producer responsibility (EPR), the lead generally has been taken up by U.S. states, given that Congress has not been particularly active in this area.[19] Certainly, lawyers for corporate clients, regardless of whether working in-house or for external law firms, will already be aware of the growth of these initiatives and the need to be prepared to provide detailed feedback on existing legal requirements[20] as well as creative inputs when assisting their clients with the design and implementation of voluntary EPR programs.
Given that CSR can also be extremely contextual, lawyers have to understand the specific legal and regulatory environments which impact their clients’ businesses. For example, a lawyer representing an oil and gas company may have a different kind of marketing and labeling focus than a lawyer representing a food company, even while both are working to understand laws and regulations which are oriented around a focus on safety. In the same way, it is also possible that a lawyer working for or representing a company in one industry may be faced with a host of CSR-related questions and issues that are quite different from those coming across the desk of a colleague who works for or represents a corporate client in a different industry. Using the same examples noted above, a lawyer for an energy company may find that her client will benefit that company’s CSR programs account for and respond to current environmental concerns, whereas a retail food company lawyer might be more focused on issues relating to the safe sourcing or production of food in its stores, or on community-based initiatives related to the neighborhoods where its stores are located.
Another issue for lawyers to consider is that notions of what is voluntary or required are constantly evolving. In the case of food labels, the U.S. government has stipulated certain minimum requirements familiar to anyone checking a label for fat, sugar, or protein content, or parents looking to see which is the proper dosage of a children’s cough medicine, and these mandatory (regulatory) requirements are part of the cost of doing business in that particular industry. Separately, however, some companies have been able to differentiate themselves by going beyond what is required and using the platform of a label as a chance to essentially advertise the extra “goodness” of their product, either because of the quality or source of ingredients or other variables. However, consumers may also have something to say about whether a type of labeling should be mandatory. In this context, consider the example of the rejection by voters of Proposition 37 in California, which would have required, among other things, the labeling on raw or processed food offered for sale to consumers if the food was made from plants or animals whose specific genetic material had been altered in specific ways, and which would have prohibited the labeling of any such items as “natural.”[21]
With regard to voluntary actions, lawyers of a certain age will remember the Tylenol poisoning murders in the Chicago area in 1982, which resulted from drug and package tampering. All of the victims thought they were taking Tylenol, but actually died from ingesting tablets laced with potassium cyanide. Johnson & Johnson mobilized a comprehensive response that included introducing tamper-proof packaging to help restore customer confidence in the product. However, this was a classic case of a reactive solution to a problem that (at least in hindsight) was foreseeable. In the wake of the revelations following the Cambridge Analytica and 2016 election scandal that have enveloped Facebook, it is worth considering that a proactive approach may still benefit corporations focused on CSR and consumer safety and customer privacy. The fact that laws and regulations, such as product labeling requirements, become necessary in certain cases where voluntary self-regulation or self-assessment is absent or has failed, seems a cautionary tale. Corporations willing to embrace a CSR outlook and to view proactive efforts to enhance customer safety and privacy as opportunities for market differentiation and innovation may find that they are able to benefit from investing to prevent problems rather than waiting to find out the cost of solving or settling problems later if customer safety and privacy issues are not prioritized.
[1] Indeed, the history of the development of professional standards for lawyers in the United States can be traced back to at least 1836, when David Hoffman developed “50 Resolutions in Regard to Professional Deportment” and published them in a book entitled A Course of Legal Study.
[2] Archie B. Carroll, “A History of Corporate Social Responsibility: Concepts and Practices” in Andrew Crane, Abigail McWilliams, Dirk Matten, Jeremy Moon & Donald Siegel, eds., The Oxford Handbook of Corporate Social Responsibility 19–46 (Oxford University Press 2008).
[12] Graham, supra note 7, at 556; Greenman, 59 Cal. 2d at 61, 377 P.2d at 901, 27 Cal. Rptr. at 701.
[13] Restatement (Second) of Torts § 402A (1965) (although approved in 1964, section 402A was not formally published until 1965); Graham, supra note 7, at 556.
The rise of powerful digital platforms like Google, Facebook, and Amazon in the new global economy has sparked an increasingly public debate worldwide. Politicians across the political spectrum have for the first time brought calls for enforcement and regulation of digital platforms into regular discourse in popular politics. Although some continue to caution against interference that could chill innovation, there is an increasing sentiment consistent with broader enforcement trends that more must be done from an antitrust perspective to address the ability of these established platforms to reduce competition. Despite a history of enforcement around innovative technologies, some have questioned whether the unique features of digital platform markets require a corresponding revolution in the established antitrust enforcement framework.
Within a broader global trend toward more proactive antitrust enforcement, antitrust authorities around the world have begun to focus particularly on the potential for these platforms to entrench their positions by effectively excluding or buying up potential new competitors to the detriment of consumers. The European Commission and member states in Europe have arguably taken the lead in heightened antitrust enforcement, but other regions are following suit with the recent ramp up of enforcement in North America. These developments are also being closely watched across Asia-Pacific, including signs of enforcement in China, where the authorities have traditionally supported the development of strong domestic platform providers.
Policy Initiatives
To date, most of the efforts invested in targeting digital platforms have been at the policy level to understand the key features of digital platforms and the existing enforcement framework. Several antitrust enforcers have actively conducted policy studies on these issues, including holding hearings and issuing policy reports with their findings. In the United States, antitrust enforcers at the Federal Trade Commission (FTC) and Department of Justice (DOJ) have hosted a series of workshops to give a range of stakeholders an opportunity to be heard. The Congressional committees tasked with oversight of antitrust enforcement have also held hearings and taken testimony from the providers. Australia has recently completed a broad market study on the direction of the government on digital platforms, focusing on media, journalism, and advertising services. Several European member states have also conducted similar initiatives, including the Digital Markets Strategy by the UK Competition & Markets Authority (CMA) and a two-year inquiry into online advertising by the French Competition Authority. Authorities in other jurisdictions have hired third-party thought leaders from major universities to prepare reports on digital platform markets, including, for example, the European Commission and the UK Parliament. Competition authorities in Asia, particularly Japan and Korea, have also clearly taken notice and announced their own policy initiatives.
Although each of these policy initiatives has a distinct focus and market context, there are several key themes that have arisen which the authorities are working through:
How should market power be assessed for dynamic platform markets where services are usually offered for free to many user groups?
How does a platform’s collection, use, and storage of user data impact competition? When does a platform’s stockpile of data create a barrier to entry of new platforms?
When is a platform’s leveraging of its own service offerings and exclusion of potential competitors sufficient to sustain an antitrust challenge?
Does traditional merger analysis underestimate the competitive significance of startups and technology innovators acquired by more established competitors?
How should antitrust enforcement standards balance potential risks of over- versus under-enforcement? What are the relative harms for competition and innovation?
Although a recurring theme is that traditional antitrust principles are sufficient to address the unique features of the digital platform markets, these initiatives have given the authorities an opportunity to develop more detailed frameworks for assessing issues that will be tested in enforcement. These efforts have also given rise to recommendations on regulatory or legislative changes that could help promote competition and facilitate more effective enforcement going forward.
Enforcement Initiatives
Following these initiatives, there is an inevitable pressure on competition authorities to put their learning to work. The European authorities have been most active in their enforcement measures so far, in part due to enforcement standards perceived to be more favorable than their counterparts in the United States. The European Commission, for example, has imposed a series of high-profile fines on Google over the past three years for abuse of dominance based on exclusionary practices involving its Android operating system, comparison shopping services, and online search advertising intermediation platform AdSense. The European Commission has recently opened up a high-profile formal investigation into Amazon’s use of sales data to compete with third parties. The European member states have also been active in expanding their enforcement role in these markets, including the German competition authority’s high-profile challenge to Facebook’s data privacy terms, which continues to tests the bounds of traditional antitrust law on appeal after being overturned by an initial appellate decision in Germany. In the United States, enforcement efforts are just beginning to show signs of ramping up. In February, the FTC announced a Technology Task Force to focus on special enforcement efforts targeted at technology markets. More recently, the DOJ has announced a wide-ranging investigation into market-leading online platforms for search, social media, and some retail services online. Both still appear to be in the relatively early fact-gathering stages of their investigations and are actively working with market participants to better assess potential theories of harm under U.S. laws.
Merger enforcement is likely to be an initial enforcement focus, particularly in the United States. Although there have been no significant challenges to date, statements by the authorities have considered the issues identified in the policy initiatives in extended reviews of several high-profile transactions. Investigations going forward will likely place a greater focus the importance of different types of data, the assessment of nonprice competition on innovation and privacy terms, and the competitive position of nascent competitors. The authorities are also expected to revisit consummated transactions that may have previously avoided scrutiny, including deals such as Facebook/Instagram and Google/Waze identified in the UK Digital Markets Strategy. To circumvent the traditional evidentiary challenges of proving competitive harm, the DOJ has outlined a new approach to challenging patterns of prior acquisitions of small potential competitors that may have been used to create or strengthen a platform provider’s monopoly.
Another area of continued enforcement focus globally will be on different forms of exclusionary conduct by dominant or monopolistic platforms. Explicit exclusivity arrangements, loyalty discounts, and other de facto exclusionary vertical arrangements aimed at blocking competitors from the market are likely to come into particular focus in the United States. Global enforcers are also likely to delve into other forms of self-preferencing or leveraging conduct similar to the conduct underpinning the investigations into Google, Amazon, and Apple in Europe, particularly conduct intended to expand market power into related markets or defend existing positions. Given that many platform providers are funded primarily with advertising revenues, digital advertising is becoming an increasing priority. For example, concerns have been raised about how platforms preference their own advertising services above those of rivals (e.g., on search results or social media feeds), exclude rival advertisers from other products or access to data, or introduce technical specifications that favor their own advertising services to the detriment of competitors. Jurisdictions in Europe may also be receptive to more novel remedies to the challenged harm, including, for example, mandating nondiscriminatory access to certain forms of data.
Regulation and Legislation
In addition to these enforcement initiatives, a range of regulatory and legislative measures may be implemented to address the challenges identified. Proposals span a range of issues with varying degrees of intervention, from transparency measures supporting enforcement to direct regulation. Proposals offered by politicians and regulators worldwide include, for example:
requiring new reporting obligations for certain acquisitions by digital platform providers;
shifting burdens in favor of competition authorities to allow for more effective enforcement where legal or evidentiary standards have posed challenges for enforcement;
requiring providers to allow access to competing platforms, in some cases with data portability between different platforms to reduce barriers to customers switching; and
mandating break-up of the existing large platform providers and direct regulation of certain functions as a public utility, similar to historical regulation of the telecom sector.
Although the more transformative proposals would have been unlikely to get traction historically, support appears to be growing across the political spectrum.
Conclusion
A true revolution in competition enforcement involving digital platforms is unlikely, but a further evolution of antitrust enforcement to meet the challenges of the digital economy is virtually assured. Even though much of the enforcement rhetoric is focused on a small number of platform providers, the impact will clearly be felt more broadly in the business community. Businesses should at a minimum be mindful of the potential for heightened scrutiny by authorities anytime transactions or investments implicate digital platforms or other sensitive technology markets, recognizing the unique issues that may arise and the importance of internal documents in assessing competitive effects. Businesses impacted by the conduct of large digital platform providers should also be conscious of the opportunity to be heard in ongoing investigations and market studies into these markets, where the authorities are proactively seeking the input of all stakeholders. Finally, there is a common thread of assessment of these global markets across jurisdictions that must be managed carefully where issues do arise.
The first thing we do, let’s kill all the lawyers.
-Dick the Butcher in Shakespeare’s Henry the VI
(Dick the Butcher was a follower of the rebel Jack Cade who thought that if he disturbed law and order he could become king.)
Introduction
The independence and role of the legal department within regulated banking organizations has come under pressure in recent years. This pressure has been exacerbated by a clash of professional silos among legal, risk, and compliance with a thumb on the scale inserted into the mix by the banking supervisors’ mistrust of lawyers and the in-house legal function. It is far beyond the business-as-usual, healthy tension over legal costs. The result is a push by some to contain in-house lawyers and the legal function away from a trusted advisor role into a smaller role and to exclude them from supervisory meetings and management committees. The main drivers of this push have been bank examiners, senior supervisory staff, and economists at the banking agencies, as well as risk-management professionals consisting largely of former examiners, supervisory staff, and economists from banking agencies.[1] By sharp contrast, the trend outside of the banking sector is exactly the opposite—that is, an increased trusted advisory and strategic role for the general counsel and the legal department in large, complex organizations.[2] Given the extraordinarily important role that the general counsel and in-house lawyers play as trusted advisors to senior management and in managing the legal risk of the banking organization, as well as their beneficial impact on corporate culture and reputational risk, this push is dangerous and should be halted. The appropriate role for the general counsel and in-house legal department in the banking organization should be reaffirmed by boards, senior management, and banking supervisors.
Part of the trouble stems from a misunderstanding among the professional silos of the bar, the examination staff at the banking agencies, risk-management professionals, and compliance professionals. A peace treaty, including each professional silo gaining a greater understanding of the professional roles and ethical codes of the other, needs to be struck as soon as possible.
It is critical to fix this situation now, before the transformative changes in the digital age, because if we continue down the current path, there is a danger that the tools of the digital age will not be appropriately programmed or trained with the legal framework embedded within them or take into account the professional ethics applicable to lawyering. We risk coding the mistakes and bias of the present into the more digital future.
Part I of this article explains how the federal banking supervisors have, by focusing on risk management and separating compliance from the legal department, both accidentally and deliberately contributed to the diminishment of the in-house legal function at banking organizations.[3] Since the financial crisis, an unfortunate culture of strong mistrust of lawyers by the supervisory staff has taken hold. At the same time, the concept of the three lines of defense, the inclusion of legal risk into the operational risk component of capital, and the banking regulators’ unusual attitude toward attorney-client privilege have also contributed, as has the traditional senior management view of in-house legal departments as more about managing the costs of legal services as opposed to managing legal risk.
Part II of this article argues that this situation has become dangerous for banking organizations and the rule of law. The strains on the budget and resources of the in-house legal department, tolerating multiple poles of legal interpretation and judgement within the banking organizations, a narrow view of the role of lawyers, and a misunderstanding of the attorney-client privilege in permitting candid internal conversations are all elements that should be reconsidered.
Part III of this article offers some suggestions to improve the situation. Boards of directors, senior managers, general counsels, in-house lawyers, and banking supervisors all have a role to play. It is time for a peace treaty. Working across professional silos and better training in the basics of other professional silos is key to a better path forward to overcome the misunderstandings of the recent past.
Part I: How We Got Here
The Three Lines of Defense
The aftermath of the financial crisis created a paradigm shift in the legal framework that applies to the banking sector.[4] Moreover, it was widely acknowledged that corporate governance in the banking sector had somehow failed. Both board level and internal corporate governance norms were changed as a result of changes in the legal framework or under discreet supervisory pressure.[5] Regulations and guidance were revised to require an independent CRO, making it explicit that this senior manager must report to a board committee as well as to the CEO.[6] In addition, banking organizations have been strongly encouraged to have independent CCOs, both by supervisory guidance and examination staff, as well as by the DOJ’s compliance standards.[7] The supervisory approach also underwent a paradigm shift deeply influenced by the concept of the three lines of defense: first line business, second line risk management, and third line internal audit.[8] A fatal flaw in the original three lines of defense was that it forgot about the legal department and the role of lawyers.
When originally developed in the United Kingdom, the three lines of defense concept was completely unknown in the U.S. legal and regulatory framework for the banking sector until the OCC, under the Obama administration, proposed to place it into its risk-management guidelines. These guidelines are the only place that the concept is used in the U.S. legal and regulatory framework. The Federal Reserve, in its later proposed governance guidelines for board effectiveness and risk management, refused to employ the concept.[9] To the shock of many in the bar, in 2014 the OCC proposed guidelines placed the legal department in the first line of defense, treating it as the equivalent to a revenue-producing line of business.[10] The view, apparently, was that the legal department created risk. Not surprisingly, the American Bankers Association as well as many other lawyers commented on the proposed guidelines, and this characterization was withdrawn.[11] The final OCC guidelines acknowledged that the legal department is not, with rare exceptions, part of the first line of defense.
Where Does the Legal Department Fit In?
Given its creation by the auditing profession, it is unsurprising that legal departments and general counsels, which have existed at most banking organizations since the New Deal, do not fit neatly into the new, post-financial crisis concept of the three lines of defense.[12] Within the bar, there is a well-developed understanding of the need for the independence of the general counsel and the legal department, as well as the fact that the general counsel reports to the board as well as the CEO.[13] It is also unsurprising that, in the immediate aftermath of the financial crisis, the federal banking supervisors would not feel the need to directly comment on or regulate the organizational or reporting line relationship of the general counsel in the same way they would the CRO or the CCO. Unlike CROs and CCOs, in-house lawyers are already regulated by their state bar associations. They are licensed members of a bar association with requirements to pass exams, follow binding ethics rules, and complete continuing education requirements. The ethics rules are not voluntary guidance, as is the case with risk and compliance professionals, but are binding requirements, supervised by an independent force; in the United States, in-house lawyers can be disbarred or sanctioned by their state bars. The regulatory structure around lawyers is ancient and largely applies at the state level. Federal agencies have largely stayed out of the business of regulating the legal profession.[14]
By sharp contrast, the professional roles of the CRO and CCO are relatively new. There are no licensing standards for entry into the profession, and there is not a long history of independence or reporting to the board.[15] Ethics rules are voluntary and come after taking an online course. The fact that the banking supervisors did not assign the general counsel a board committee or did not state that the legal department is an independent function does not take away the pre-existing nature of the general counsel’s relationship with the CEO and the board and the legal department’s role within the enterprise, which are driven by the ethics rules and the nature of the practice of law.[16] In essence, the best way to think about it is that the banking supervisors were bringing risk management up to the independence of the legal department.
The adoption of the three lines of defense within banking organizations, along with the enhanced intensity of supervision and the spate of large fines and enforcement orders, some of them criminal, on banking organizations, has quite appropriately led to a sharp increase in risk management and compliance professionals at banking organizations.[17] By comparison, there has been a limited increase in the number of in-house lawyers. Quality public figures for the personnel of the banking agencies are hard to come by, but it is apparent that there has been a larger increase in supervisory staff at the banking agencies, while the banking agency legal departments have grown only slightly. At the same time, the banking supervisors have pushed for compliance to be moved out of the legal department at banking organizations and into the newly expanded risk-management departments. This pressure has happened behind closed doors, without any public notice and comment, with little to no active oversight by agency principals and without any meaningful transparency or public accountability, which is essential to the proper functioning of any democratic system of government.[18] Today, almost all of the large banking organizations have placed compliance within risk, while most of the smaller banking organizations keep it within legal.
Professional Silos and Cultural Mistrust
There is a cultural problem of professional silos that has led to mistrust and misunderstandings as one silo looks askance at the work of the other silo. The mistrust begins within the supervisory staff at the banking agencies. The Federal Reserve and the OCC have long been understood to be economist-dominated organizations with relatively small legal staffs of their own. In sharp contrast, the DOJ and the SEC have long been understood to be lawyer-dominated organizations.[19] At some of the banking agencies, there has long been a view by the supervisory staff that their own legal departments should not be involved in policy decisions. Some have taken the view that the agency legal department works for the supervisory staff. There has also been a practice at some of the banking agencies, until recently, that guidance and supervisory letters are published without the agency lawyers commenting on them before publication. This scarcity of lawyers within the banking agencies, and the relative lack of authority and independence of some of the legal departments, is an attitude that former supervisory staff take with them to the private sector when they take jobs in risk, compliance, and audit, as well as in consulting.
Outside counsel have long been scorned by the supervisory staff and deliberately excluded from calls and meetings except in the limited arenas of enforcement.[20] A relatively new trend is agency supervisory staff insisting upon the exclusion of in-house lawyers from supervisory meetings. Another new trend is for compliance or regulatory affairs (when it does not report into the general counsel) to negotiate memoranda of understanding or enforcement orders without bringing in the in-house legal function or the agency legal staff until late in the process.[21]
Since the financial crisis, there has been a growth in the mutual mistrust across professional silos. The supervisory staff view lawyers as withholding of facts, engaging in unsupported defense of the organization’s conduct without regard to the overall situation, overusing attorney-client privilege, careless about conflicts, and weak on pushing back on the business.[22] The bar views the supervisory staff as having forgotten that we live in a constitutional democracy with the rule of law and limited powers of agency staff. There is a deep concern in the bar about the overuse of confidential supervisory information and supervisory discretion. It is not uncommon to hear in-house lawyers speak of Kafka,[23] the Star Chamber,[24] or living under a dictatorship. The cross-cultural mistrust is not healthy.
Part II: The Dangers of the Current Path
The current path is a dangerous one for the ability of banking organizations to be effectively counseled and advised on the law at a time of increasing complexity in the legal framework. The path is also unwise for the banking agencies themselves, where the balance between safety and soundness and prudential regulation on the one hand, and the rule of law on the other, has gone askew. A generation of the supervisory staff has been wrongly trained to believe that safety and soundness transcends the legal framework and that they have the ability to act under their “inherent power,” without limits on their individual discretion. Sometimes, senior supervisory staff told examination staff that they “own” any business problems. Lawyers know that no agency of the federal government has any power that is not given to it by an enabling statute; indeed, safety and soundness itself derives from a statute and is part of the law, not outside of it. In our constitutional separation of powers, there is no such thing as a federal agency with “inherent powers.” The fault here lies not with the examiners but with an almost negligent lack of training of the examiners by agency principals and senior supervisory and legal staff. One first place to begin is to provide training on the rule of law, which is not about imposing court-like hearings on every supervisory decision. It is about regaining the understanding that we are governed by a public set of rules that apply equally to all in a process that is fully transparent and therefore accountable to the public, not by ad hoc standards that can be determined by individual discretion behind closed doors without any meaningful transparency or accountability to the public.
As Shakespeare’s advice teaches us, and as experience has shown time and again, killing the lawyers is the crucial first step of any dictator. In today’s environment, an authoritarian can rule a fiefdom within the corporate structure or within the agency. The relatively bloodless modern corporate and supervisory variant on killing all the lawyers is to exclude or diminish the role of lawyers and the rule of law, both within the banking agencies and within the banking organization itself. In good times, business leaders, risk-management professionals, and supervisory staff may wish to do without the lawyers who, in their view, get in the way of swift decisions and who have a troublesome tendency to remind both their corporate bosses and supervisory staff when they are operating outside the bounds of the law or too near the fuzzy boundaries of the complex legal framework. In bad times, however, those same people suddenly realize that they need a strong legal team and the rule of law.[25] In fact, the path to safety and soundness is best achieved by strengthening the legal department within the agencies and within the banking organizations—not by containing the legal function into a smaller space.
At the moment, there are four main methods by which the independence and stature of legal departments is threatened with diminishment: (1) limiting the budget and resources available to the legal department, (2) narrowing the view of the role of lawyers, including regional banking supervisors pushing to exclude in-house lawyers from supervisory meetings or examination responses, (3) tolerating multiple poles of legal interpretation and judgement within the banking organizations, and (4) profoundly misunderstanding the role of the attorney-client privilege in permitting candid conversations.
Limits on Budget and Resources
Restraints on the budget and resources of the legal department, beyond that which is imposed on other enterprise functions, is one way to limit the role of in-house lawyers. Lawyers are visibly expensive in-house talent, and the outdated view of the legal department as largely serving to cut costs incurred by outside law firms has made it easy to limit the budget and resources of the legal department. At the same time, the recent cycle has seen a major increase in the budget and resources of the risk-management and compliance functions.[26] Imagine three nearly identical houses in a small-town neighborhood. Two of the houses, risk and compliance, have benefited from a regulatory command to increase their budgets, resources, and independence. The houses have had major additions, they have been updated for technology, the kitchens have been modernized, and there is a shiny new car in the driveway. In contrast, the legal department house has been lived in by an elderly couple on a fixed income who have been forced by their lack of resources to do only the minimum of upkeep. The underinvestment in technology for in-house legal departments is the most fundamentally striking aspect, especially in light of the massive amounts spent on digital transformation elsewhere in the organization.[27]
There is also a misunderstanding by some of what costs should be genuinely attributed to legal departments. If, as a result of actions in a business line, a reserve must be taken or a large fine or settlement paid, that is not a cost of the legal department. It is a cost created by the business line. Many in-house budgets make this distinction, but its nuance is lost in the media and in the minds of many not familiar with the management of legal risk. Another element that is lost is the use of consultants by risk and compliance as a substitute for legal advice. Many times these services are, in fact, the unauthorized practice of law without the guardrails imposed by legal ethics or the knowledge of how to interpret the hierarchy of the legal framework. As I have written elsewhere, I am not a purist in the unauthorized practice of law.[28] Substituted legal advice by consultants, however, which is neither tracked as part of the legal spend since the hiring is done by risk and compliance nor, more importantly, supervised by any internal lawyers, distorts both the legal spend and the quality tracking of legal advice that is implemented throughout the organization by policy or otherwise. Oftentimes, this substituted legal advice is marketed as “regulatory advice.” Regulations and guidance are not distinguishable from law; they are part of the law. As I have acknowledged elsewhere, there is a clear benefit to having regulatory readers, but the near complete lack of supervision by any lawyers risks compliance violations within the banking organizations. These compliance violations exist both due to the misreading of the legal framework, and due to the banking organizations and the banking agencies permitting the unauthorized practice of law by nonlawyer supervisors and consultants.
Tolerate Multiple Poles of Legal Interpretation and Judgment within the Organization
Most banking organizations have a clear policy that lawyers and the legal department should own the ultimate legal judgment and interpretation for the banking organization, but in practice, multiple competing poles of legal interpretation and judgment have been permitted to flourish within the organization in recent times. The separation of legal and compliance has led to confusion by many within the organization about the interpretations of the legal framework. For many, the former lawyers or nonlawyers in compliance are a source of legal judgement, and any tension or distance between legal and compliance creates an arbitrage opportunity for forum shopping for a more business-friendly answer (if sought by the business) or a less business-friendly answer (if sought by risk or audit).[29] There has also been an unfortunate tendency of some in the newly formed compliance profession to increase their own professional standing by advocating for oddly limited roles for lawyers.
The increase in the complexity of the legal framework has also led to an increase in sophisticated regulatory readers: those within the organization such as in Treasury, regulatory relations, and the risk function who must read the legal framework as a core part of their job. The fundamental tension between the bar and the regulatory readers is that lawyers read the legal framework from the top down, beginning with the statute, moving to the regulation, then guidance, with analysis infused by important principles of legal interpretation. Regulatory readers, by contrast, read the legal framework from the bottom up, beginning with guidance, moving to regulations, and then looking at the statute and using the practical tools of normal reading, even though they are often inapplicable in the legal framework. Combined with the tendency to look up answers by unreliable googling, these different ways of reading encourage multiple competing interpretations within the banking organization. Legal interpretation is not like ordinary reading, and regulatory readers need basic training on the difference.[30] I have written in detail about this cultural mismatch elsewhere.[31] Finally, the growth of the consultant-industrial complex and the large budgets that have been given to the risk function and the compliance function over the last 10 years has led to a situation where many consultants are, in effect, giving untrained legal advice under the guise of “regulatory advice.” That advice impacts risk decisions and technology without any oversight by the legal department or any trained lawyers.
Narrow View of the Role of Lawyers
Another dangerous tendency is to take a narrow view of the role of lawyers and exclude them from meetings or decision making. Part of this may be driven by the shortage of trained and experienced in-house lawyers in the financial regulatory space, but this narrow view is also driven by other root causes, some of which are barely appropriate in a constitutional democracy. There has been a recent push by some regional banking supervisors across a range of sizes of banking organizations to deliberately and loudly exclude in-house lawyers from supervisory meetings and to narrow the role of the in-house legal department to one of pure advocacy. The view of in-house lawyers as solely about advocacy is fundamentally mistaken. The result is to diminish the stature and independence of the legal department vis-à-vis the risk-management function, the compliance function, and regulatory relations (to the extent it does not report to legal). There is a lot of jostling at the top for the role of trusted advisor, and many within a large organization have their own institutional or self-interested reasons for excluding the lawyers from the room.
Suspicious View of Attorney-Client Privilege and Constraints on Candid Conversations
Another way to narrow the scope of legal representation is to narrow the scope of attorney-client privilege or to otherwise limit candid conversations within the banking organization. In the banking sector, the agencies, with the agreement of their general counsels, have long taken the view that attorney-client privilege does not apply in the supervisory context. In this view, they are at odds with other agencies such as the DOJ and the SEC. As a memo from multiple law firms has argued, the statutory basis for this claim is shaky at best. In reality, the legal departments of most banking organizations appropriately waive attorney-client privilege in the supervisory context for good and valid reasons.[32] In response to that memorandum, the OCC revised its examination handbook to make it easier for examiners to overcome attorney-client privilege.[33] The cultural mismatch and mistrust is real. There has, however, grown to be a critical cultural point. Regulatory readers and banking supervisors have been under-briefed on the role of the attorney-client privilege in a constitutional democracy. As a result, in these days of competing poles of legal interpretations within banking organizations, some outside of the legal department may have been misusing the concept of attorney-client privilege because of their confusion about its role and nature. It is important to reset these misunderstandings. A major reason for the confidentiality of the supervisory relationship is to encourage candid conversations. The attorney-client privilege serves the same goal.
There are other constraints developing on candid conversations within the banking organization. It has long been understood that all e-mails are subject to being read by the banking supervisors. What is not so widely understood is a push to keep change logs of drafts of materials created within the banking organizations. In a world of track changes and multiple comments by rushed people who are multitasking, it may come as a surprise that comments on drafts are being kept just in case the banking supervisors might want to view them. This is happening both in consent order remediation and otherwise, and both in an attorney-client privileged environment and otherwise. It seems to be happening without much forethought.
Part III: A Path to a More Stable Solution
The current path of mistrust and misunderstanding is a poor way to manage legal risks in the banking sector, and it could become much worse with the digital transformation. There should be a rethink within the banking agencies and banking organizations about the role of the legal department and lawyers. There also must be a truce between banking supervisors and risk-management professionals on the one hand, and the legal profession on the other, which will require openness to understanding each other’s professional silos on both sides. In this section of the article, I set forth some recommendations for a more stable equilibrium and a better path to the digital transformation. I will suggest best practices and actions within the banking organizations and by banking supervisors as well as some ways to foster better working relationships among the professional silos. We should also be conscious that there are no innocents here. The organized bar and lawyers have been both too self-protective and asleep at the switch. Risk-management and compliance professionals have been aggressively engaging in the unauthorized practice of law. Supervisory staff have been poorly trained about our constitutional form of government and the rule of law and are happy to exclude those who might challenge their position of “inherent authority.” Risk and compliance professionals have their own institutional or self-interested incentives to limit the role of in-house lawyers both at meetings and in legal interpretation. Agency principals have not, until recently, been paying enough attention to the links among transparency, public accountability, democracy, and the role of lawyers for many years. It is not enough for agency principals to assert that they have really smart people working for them, which is certainly true, and therefore these really smart people will know to do the right thing, which history tells us is very much not true.
Within the Banking Organization
1. Independent Legal Department and General Counsel Reporting Lines
There should be a recommitment to an independent and well-resourced legal department, with an explicit general counsel reporting line to the board as well as the CEO. There should be a clear tone from the top that the general counsel and the legal department have the appropriate stature, budget, and resources. It has long been accepted as a best practice, at least in theory, that the general counsel reports directly to the CEO and to the board, and that the legal department is an independent control function. In the United States, in-house lawyers are full members of the bar, have passed at least one bar exam, are regulated and licensed by the appropriate state bar, and subject to ethics obligations. In practice, however, it is easy to fall into a path of passively undermining the independence of the legal department and the general counsel by viewing it primarily as a cost center and not as the manager of legal risk, and by limiting its technological resources and budget. Moreover, the stature of the legal department is passively undermined when it is not made clear that the general counsel has a dotted reporting line to the board and that she and her delegates are solely responsible for the reporting on legal risks to the board. It is not appropriate, for example, for other functions to report on legal risk to the board. It is an unintended consequence of the federal banking regulators’ focus on the independence, stature, and budget of the risk function and the separate compliance function that legal departments, by comparison, have been diminished. It would be better if boards made this clear as part of their oversight of risk governance.
2. Tighter Coordination Among Risk, Legal, and Compliance
There should also be a renewed commitment to tighter coordination among legal, risk, and compliance functions, with a clear view that although there may be many regulatory readers, only the legal department and the general counsel can make the ultimate legal judgements.[34] This tighter coordination should also involve more legal oversight and supervision of outside consultants and technology vendors hired by risk and compliance, who are providing advice that is mischaracterized as “regulatory advice” but which actually involves legal interpretation and judgment not supervised by lawyers. A new equilibrium should be established that acknowledges the existence of multiple regulatory readers but that also makes clear that there are not coequal, multiple poles of legal interpreters within the organization. The right answer for complex legal risk and legally infused reputational risks is not that any person who can read and Google can assess legal risk. Another path to a solution is tighter coordination among legal, risk, and compliance both on the alignment of interpretive views as well as the hiring of outside vendors and consultants who are regulatory readers. There should be a reaffirmation of the important principle that although there quite appropriately may be many regulatory readers, only the legal department and the GC can make the ultimate legal judgments. This tighter coordination also should involve more legal department input, and sometimes supervision of, the “regulatory advice” that is infused with legal interpretations and provided by outside consultants and vendors to risk and compliance, and greater coordination of the budgets so that outside consultants and vendors are not duplicating work by internal legal and outside lawyers.
Within the Banking Supervisors
The supervisory staff at the banking agencies have grown to mistrust and dislike lawyers and the in-house legal function, whether at a banking organization or within their own agency. With the increase in the complexity and intensity of the legal framework, the move to compliance with law examinations, and the coming wave of digital transformation, a reset is necessary. Many of the banking supervisors’ concerns are mitigated by strengthening, not weakening, the banking organization and agency in-house legal department.
1. Tone at the Top
The principals of the banking agencies should communicate a clearer tone from the top about the rule of law, due process, and data-driven evidence. Many of the current principals are both lawyers and banking supervisors and are in an excellent position to help bridge the professional and cultural silos that have developed.
2. Strengthen the Agency Legal Divisions
The critical shortage of lawyers within the banking agencies as well as the relative lack of budget and resources for the agency legal departments has exacerbated the problem of mistrusting lawyers. Wherever the happy medium between the lawyer-driven and economist-driven agencies should be, there is no doubt that the banking agencies suffer from a shortage of legal services. A side effect of this internal shortage of legal staff is that the supervisory staff has no choice but to publish guidance and take decisions about compliance with law examinations or matters requiring attention without sufficient access to their own legal advice.[35]
Better Communication and Training
Another side effect is the lack of training for supervisory staff on the legal framework. Training on the legal framework has been nonexistent or devolved to the regions.[36] As set forth below, cross-professional silo training is a key to finding a solution. I have previously written about how the hierarchy of the legal framework can be misunderstood by the many regulatory readers and even some digital native lawyers.[37] There should be a commitment to appropriately train all nonlawyer personnel, vendors, and consultants who are regulatory readers.[38] Basic training should be implemented to help regulatory readers understand the hierarchy of authority within the legal framework, the basic legal interpretive principles, the risks associated with free internet legal sources, including material available on agency websites, and when to consult an experienced lawyer. It does not take three years of law school to get the basics.[39] The medical profession has long accepted the need for nurses and other assistants. The key difference is that when the nurse gives us an injection, we know that he has been trained to do so. In the clash of the silos among risk, compliance, supervisory, consultants, and legal professionals, however, that lesson has been lost. Legal interpretation is not like normal reading, and knowing how to read is not enough to interpret the law. A clear understanding of the hierarchy of the legal framework and the basics of legal interpretive canons is needed. There is no reason not to widely share this knowledge. The rise of risk management and compliance has even led to college majors in this area. Strikingly, descriptions of college majors in compliance mention accounting, economics, and statistics but nothing about the law. Popular trade association certifications for risk and compliance professionals contain little or minimal training on the law.[40]
The legal profession has not helped itself by its lack of focus on basic legal training for nonlawyers. Just as lawyers who enter the corporate world need basic training in accounting without becoming CFAs, those who work in risk and compliance need a better understanding of the legal framework. More cross-silo training is urgent for the digital transformation. Many nonlawyers believe that if only the legal rules were clearly known, all will be well in transforming them into augmented intelligence. That will be true for those legal rules that are clear, but for the many legal norms that are deliberately ambiguous and which balance social and economic trade-offs, natural language and augmented intelligence will not be the advance that so many believe.
By the Legal Profession
Recalling the SEC’s appearing and practicing rules, and even worse, the OTS’s early 1990s aggressive foray against Kaye Scholer, many lawyers take the view that it is better that the federal banking regulators do not, as they do with risk and compliance, attempt any direct regulation of legal departments.[41] It is also the case that lawyers, at least in the United States, are directly regulated by state bar requirements with binding professional ethics obligations and do not need an additional federal regulatory overlay. There is a naivety in this belief, and lawyers, including the organized bar, must be aware that continuing to ignore the growing regulatory trends is hurting them rather than helping them.[42] If in-house lawyers do not define themselves, they will be defined by others in the organization who have every incentive to push the contradictory lines that “lawyers are not special” or that lawyers are limited to advocacy. In reality, the exercise of legal judgement is special, and lawyers are not limited to advocacy. That said, the argument that lawyers are “special” can be taken too far.
Conclusion: Toward a Peace Treaty
The current situation of mutual mistrust, diminishment of the in-house legal function, silence by the organized bar, and lack of training in the legal framework for supervisory staff as well as lack of understanding of the basic principles in risk management by lawyers must stop. It is time for a peace treaty. That means more cross-training, more conversations to understand the other professional silos, and more working together within the organization, not less. The time to do so is now because the next step is augmenting basic legal interpretation by algorithms. If we are not doing it properly in human brains, how will the algorithms know, and who will train them? We need to fix the situation now.
* Margaret E. Tahyar is a partner in Davis Polk’s Financial Institutions Group. The author wishes to thank all of her many colleagues who have commented on this article, most especially the in-house lawyers and agency and supervisory staff, in particular Tyler X. Senackerib, who helped with the research for this piece. This article reflects the views of the author and does not necessarily reflect the views of Davis Polk & Wardwell LLP. All errors and any sentences that cause any person to take offense are solely the fault of the author.
[1]See Thomas C. Baxter, Jr., The Rise of Risk Management in Financial Institutions and a Potential Unintended Consequence—The Diminution of the Legal Function, Bus. L. Today, Apr. 2, 2019.
[2] Emma Cueto, ‘Age of the CLO’ Sees Counsel’s Influence Expand: Report, Law360, Jan. 30, 2019.
[3] Tom Baxter has also made this point. See Baxter, supra note 1.
[4] Michael Barr, Howell Jackson, & Margaret Tahyar, Financial Regulation: Law and Policy Ch. 1, 8 (2d ed. 2018).
[5] Office of the Comptroller of the Currency, Comptroller’s Handbook: Corporate and Risk Governance (July 2016); Proposed Guidance on Supervisory Expectation for Boards of Directors, 82 Fed. Reg. 37,219 (Aug. 9, 2017).
[7]See, e.g., U.S. Department of Justice, Criminal Division, Evaluation of Corporate Compliance Programs (Apr. 2019); Office of the Comptroller of the Currency, Comptroller’s Handbook: Consumer Compliance (June 2018); Consumer Compliance Examinations—Compliance Management System, FDIC Consumer Compliance Examination Manual (June 2019).
[8] The three lines of defense was created by the U.K. auditing profession and designed to bolster the role and independence of internal auditors. Soon after the financial crisis, it was adopted by the U.K. supervisors and enthusiastically embraced by internal auditors, risk management, and others outside of the legal profession who were, quite understandably, trying to enhance the reputation and professionalism of their skillsets.
[9] Proposed Guidance on Supervisory Expectation for Boards of Directors, 82 Fed. Reg. 37,219 (Aug. 9, 2017).
[10] OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches; Integration and Regulations, 79 Fed. Reg. 4,282, 4285 (Jan. 27, 2014).
[11]Comment Letter in Response to OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches; Integration and Regulations, American Bankers Association, Financial Services Roundtable, SIFMA and the Institute of International Bankers (Mar. 24, 2014).
[12] Indeed, some have begun to question the utility of the lines of defense, and there is now a greater reliance on the senior management regime. IIA Launches Global Review of ‘Three Lines of Defense,’ The Institute of Internal Auditors (Dec. 5, 2018). The Federal Reserve’s more recent proposed management effectiveness guidelines, which do not use the three lines of defense, illustrate this trend. Proposed Guidance on Supervisory Expectation for Boards of Directors, 82 Fed. Reg. 37,219 (Aug. 9, 2017).
[13] The literature is vast. Two of the very best are: Ben Heineman, The Inside Counsel Revolution: Resolving the Partner-guardian Tension (2016); Thomas C. Baxter, Jr. & Won B. Chai, Enterprise Risk Management Where Is Legal and Compliance?, The Banking L. J. (Jan. 2016).
[14] Lawyers are by and large still a self-regulated profession, although there are some federal agencies that regulate lawyers in limited ways. For example, the SEC implemented regulations governing the professional conduct of attorneys who appear and practice before the agency. 17 C.F.R. § 205 et seq. In contrast, accountants are regulated in many ways by the SEC through its oversight of the Financial Standards Accounting Board, which promulgates U.S. generally accepted accounting principles, and the Public Company Accounting Oversight Board, which oversees the audits of public companies.
[15] A hodgepodge of certifications are available for compliance and risk professionals, most of which are offered by for-profit industry trade groups. Although there are a few exceptions, the certifications are generally based on past work experience and passing a multiple-choice exam that is often based on online study materials without any live instruction or training. Many of the programs attempt to describe the relevant laws and regulations, but they provide light to nonexistent training on the overall legal framework or legal reading. Margaret E. Tahyar, Legal Interpretation is Not Like Reading Poetry—How to Let Go of Ordinary Reading and Interpret the Legal Framework of the Regulatory State (2019).
[16] There is vast, confusing, and irrelevant literature comparing the in-house legal function to that of outside law firms. The role of independent outside counsel does not mean that the internal legal department does not play a role within the corporation as independent as that of the risk function and the compliance function.
[17] Even in 2018, around 61 percent of financial institutions reported plans to increase their compliance budget, and 46 percent of large banks planned to grow the size of their compliance staff. Beecher Tuttle, Compliance Hiring and Pay to Increase, but Not Everyone Will be Winning, eFinancial Careers, June 29, 2018. This increase seems to have swung too far, and many banking organizations are now looking to automate many of these processes in the coming years.
[18]See Randall D. Guynn, A Case for Full Model, Scenario and Results Transparency in the Federal Reserve’s Stress Testing Process, Presentation at Stress Testing: A Discussion and Review, Federal Reserve Bank of Boston (July 9, 2019).
[19] Rory Van Loo, Regulatory Monitors, 119 Columbia L. Rev. 369 (2019).
[20]See William H. Simon, The Kaye Scholer Affair: The Lawyer’s Duty of Candor and the Bar’s Temptations of Evasion and Apology, 23 L. & Soc. Inquiry 243 (1998). As a result, there is a body of consultants, many of them former supervisors, who advise banking organizations on examination responses.
[21] On both the agency and banking organization sides, this trend raises serious compliance issues due to the unauthorized practice of law.
[22] To be fair, some of these complaints, such as those relating to conflicts, should be leveled solely at outside counsel, not the agency lawyers or in-house counsel who have only one client.
[23] Franz Kafka’s writings, such as The Castle, in which a man attempts to establish residency and work in a village only to be subject to a barrage of mysterious and impenetrable administrative decisions by the bureaucrats in the local castle, have given rise to the use of the phrase “Kafkaesque” to describe bureaucracies that are labyrinthine in their processes and unpredictable and incomprehensible in their decision-making.
[24] The Star Chamber was a court established in 15th-century England. By the time of its abolition in 1641, the Star Chamber had become infamous as a tool of political oppression and deeply arbitrary decisions.
[25] David Brooks, The Lawyers Who Did Not Break, N.Y. Times, Feb. 21, 2019.
[26] Some of that increase in budget and resources is not called into question, but fundamentally what is happening is a recalibration and automation. Legal department budget and resources are still far behind risk management and compliance.
[27] The legal trade press is full of articles by in-house counsel calling upon law firms, themselves thinly capitalized, to develop legal technology, but the technology needed by an in-house legal department and that used by a law firm to provide more efficient advice to a company would be different. The technology budget at J.P. Morgan is approximately $11.4 billion. Michelle Davis, Dimon Sounds a Cautious Note as JPMorgan Prepares for Recession, Bloomberg, Feb. 26, 2019. The largest law firm in the United States had revenues of $3.76 billion in 2018. Ben Seal, The 2019 Am Law 100: Gross Revenue, Am. Law., Apr. 23, 2019. This mismatch speaks volumes about the false consciousness of the legal trade press. Its call is more a result of the lack of appropriate resources for the legal department than any realistic hope that law firms will create the technology.
[28] Margaret E. Tahyar, Legal Interpretation is Not Like Reading Poetry—How to Let Go of Ordinary Reading and Interpret the Legal Framework of the Regulatory State, Bus. L. Today, July 24, 2019.
[29] One area of concern is the maintenance of a regulatory inventory or regulatory change management. In some banking organizations, it is run by compliance, and lawyers play a secondary role, if they are involved at all. The wiser banking organizations have created structures where legal and compliance collaborate.
[32]Memorandum regarding Bank Regulators’ Legal Authority to Compel the Production of Material That Is Protected by Attorney-Client Privilege, Cleary Gottlieb Steen & Hamilton LLP; Covington & Burling LLP; Davis Polk & Wardwell LLP et al. (May 16, 2018).
[33] Office of the Comptroller of the Currency, Comptroller’s Handbook: Litigation and Other Legal Matters (Version 1.1, Dec. 2018).
[35] Former banking agency staff have informed the author that supervisory guidance in the last few years has frequently been issued with no review by agency lawyers.
[36] Richard K. Kim, Patricia A. Robinson & Amanda K. Allexon, Financial Institutions Developments: Revamping the Regulatory Examination Process, Wachtell, Lipton, Rosen & Katz (Nov. 26, 2018).
[37] Tahyar, Legal Interpretation is Not Like Reading Poetry—How to Let Go of Ordinary Reading and Interpret the Legal Framework of the Regulatory State, Bus. L. Today, July 24, 2019.
[38]See Guidance, Supervisory Expectations, and the Rule of Law: How Do the Banking Agencies Regulate and Supervise Institutions?, Hearing Before the United States Senate Committee on Banking, Housing, and Urban Affairs, Statement of Margaret E. Tahyar (April 30, 2019).
[39]See id. The author began her legal career as a paralegal after taking a paralegal certificate course of several weeks.
[40] For example, the American Bankers Association Certified AML and Fraud Professional requirements do not cover basic understanding of the legal framework or legal reading. The materials for the privacy specialist certification are a jumble on the legal framework.
[41] In the early 1990s, the then-OTS froze the assets of Kaye Scholer after a disagreement about advocacy in the examination context. Michael Barr, Howell Jackson & Margaret Tahyar, Financial Regulation: Law and Policy Ch. 8 (2d ed. 2018).
[42] Thomas C. Baxter, Jr., The Rise of Risk Management in Financial Institutions and a Potential Unintended Consequence—The Diminution of the Legal Function, Bus. L. Today, Apr. 2, 2019.
Connect with a global network of over 30,000 business law professionals
