This article is adapted from the Fund Director’s Guidebook, Fifth Edition, by the American Bar Association Business Law Section’s Federal Regulation of Securities Committee.
To fulfill their responsibilities, directors or trustees (“directors”) of US investment companies registered under the Investment Company Act of 1940 (“1940 Act”) should have a solid understanding of the robust regulatory structure that the funds they oversee are subject to. The American Bar Association Business Law Section has updated its Fund Director’s Guidebook, a key resource for registered fund directors as a primer on that regulatory regime, directors’ responsibilities, and key areas of oversight. The Fund Director’s Guidebook, Fifth Edition is available for purchase from the ABA.
Many investment companies, including mutual funds, exchange-traded funds, and closed-end funds, are registered with the Securities and Exchange Commission (“SEC”) under the 1940 Act. The 1940 Act mandates compliance with extensive and comprehensive requirements that, for example, govern capital structure, prohibit certain types of investments, restrict transactions with affiliates, and regulate investment advisory and distribution arrangements. Regulation extends to such matters as composition of a fund’s board and election of directors, capital structure and derivatives risk, portfolio transactions, custodial arrangements, fidelity bonding, selection of accountants and auditing standards, compliance programs, valuation and pricing of shares, and portfolio liquidity, among others. Beyond the 1940 Act, the regulatory regime for investment companies also includes the Investment Advisers Act of 1940, the Securities Act of 1933, the Securities Exchange Act of 1934, the Commodity Exchange Act, regulations of the SEC and the Commodity Futures Trading Commission (CFTC), other regulators and self-regulatory organizations, and laws of the states where the funds are organized.
The comprehensive regulatory regime applicable to registered funds—contained in the 1940 Act and the SEC’s rules thereunder in particular—contemplates an important and active role for fund directors. Because of the external management structure typical of most investment companies, the role of the directors of a fund or group of funds differs in important respects from the role of the board of directors of an operating company. The external manager of a fund necessarily operates its business in its own best interests, which may not always be congruent with the best interests of the fund’s shareholders.
For this reason, although fund management and fund shareholders have common interests in many areas, there are actual and potential conflicts of interest between the two. Under the 1940 Act regulatory framework, the directors (particularly the independent directors) are responsible for monitoring potential and existing conflicts and representing the interests of fund shareholders. Although fund directors generally work closely and cooperatively with fund management, the directors—particularly independent directors—must exercise independent judgment. Although the most obvious conflicts overseen by fund directors relate to fees and other expenses paid by, and the quality of services provided to, the fund, there are others as well. Independent directors represent the interests of fund shareholders when those interests might conflict with those of the adviser.
The Fund Director’s Guidebook serves as a convenient resource for directors of mutual funds, exchange-traded funds, and closed-end funds. It provides an overview of the functions, responsibilities, and potential liabilities of fund directors, under both the federal securities laws (including the 1940 Act) and corporate or trust law generally, as well as information about the structure and operations of the board and its relationship to the investment adviser, the distributor, and others important to the fund. The Guidebook is intended to help directors discharge their responsibilities by providing them with practical information and guidance to help them understand their duties and ask the right questions.
It is important to note that the manner and the environment in which funds operate are constantly evolving, as are the regulations governing fund and investment management activities and the industry itself. It is essential that fund directors and management stay abreast of new industry and regulatory developments affecting how business is conducted.
In an attempt to keep up with the pace of the developing industry and its regulatory environment, the Guidebook was initially published in 1996 and was subsequently updated in 2003, 2006, and 2015. The fifth edition reflects a large number of regulatory developments since 2015, covering significant completed and pending rulemakings and other initiatives by the SEC as well as industry developments, including those relating to:
liquidity risk and cybersecurity risk management;
exchange traded funds;
the use by funds of derivatives;
fair valuation;
funds investing in other funds;
money market fund reform;
fund names;
environmental (including climate), social, and governance (ESG) investing;
LIBOR transition;
responses to the COVID-19 pandemic; and
a greater focus on diversity, equity, and inclusion.
The American Bar Association Business Law Section recommends that copies of the Guidebook be shared with fund directors and those that assist fund directors in carrying out their oversight function. Fund advisers, law firms with practices in this area, and other service providers to registered funds will also find the Guidebook to be a helpful resource.
Companies with international product distribution face considerable logistical challenges just getting a product to its intended market. Additionally, that product will likely come back to the United States in the form of unauthorized gray-market goods. The good news is that there are many tools in the legal toolbox for stopping those imports.
In a July 2019 article and a July 2020 article for Business Law Today, we highlighted how to use the US International Trade Commission (ITC) to stop unauthorized imports at the border. But there are many other options that companies can use to police the market and address the shifting realities of the post-COVID-19 economy.
Since the supply chain disruptions caused by the pandemic, companies are seeing counterfeit goods mixed in with gray-market goods (which were already problematic) more and more often. United States trademark, anti-counterfeiting, and anti–unfair competition laws provide private causes of action that companies can use to aggressively shut down unauthorized resellers of gray-market and counterfeit goods. These laws provide for seizures of goods, injunctive relief, and recovery of substantial compensatory, equitable, and punitive monetary damages.
The Problem
In today’s global economy, companies in the United States face unlawful importation of goods from abroad bearing genuine trademarks—referred to as gray-market infringement—as well as the importation and sale of counterfeit goods that can include spurious marks, labels, and paperwork. Even though the height of the COVID-19 pandemic is now behind us, the lingering effects of severe supply chain issues can present ripe opportunities for unauthorized goods to enter the United States via online marketplaces run by bad actors located anywhere.
The Tools
The ITC remains an important venue for stopping unauthorized imports and has the benefit of offering broad injunctive relief in the form of general exclusion orders. However, monetary relief is not available at the ITC.
When the identity of unlawful importers is known and US sales are substantial, actions brought in federal district courts allow companies to seek monetary damages as well as injunctive relief. In our experience, a powerful case against infringers can be built from the multiple available causes of action under federal and state law.
First, claims can be brought under the Lanham Act (15 USC 1051 et seq.) for trademark infringement, false advertising, false designation of origin, and dilution. The pathways available under the Lanham Act for monetary recovery depend on the violations for which the defendant is found liable. It is therefore important to conduct a thorough investigation and marshal the appropriate facts regarding the defendant’s activities so that all potential violations can be pleaded and tried against the defendant.
Second, private claims can be brought under federal and state anti-counterfeiting laws. In our experience, those laws provide strong avenues for investigating and stopping counterfeiting, including ex parte seizures, expedited discovery, asset freezes, and preliminary injunctive relief. These tools can be used in addition to those available for simple gray-market infringement claims. For instance, an unauthorized reseller that engages in both counterfeiting and gray-market infringement of other products beyond the counterfeit products commits multiple violations under the Lanham Act. Besides civil counterfeiting actions, the government can initiate criminal prosecution under US counterfeiting laws that include serious penalties.
Third, plaintiffs can bring suits under various state and common-law unfair competition, unjust enrichment, and deceptive trade practices laws. These laws differ from state to state but mostly track the Lanham Act’s prohibition against false, misleading, or deceptive acts or practices that are likely to confuse consumers, which typically include trademark infringement. One advantage of this approach is that many of these state statutes allow for automatic entitlement to attorney fees, without a need to prove that the case is exceptional as with Lanham Act claims.
State laws governing deceptive trade practices and unfair competition may also be triggered by a broader scope of conduct than claims under the Lanham Act, such as passing off, deceptive representation of geographic origin, selling old products as new, false or misleading advertising, and other specific deceptive practices. These additional causes of action can be powerful tools when companies are faced with an unauthorized reseller engaged in activity that aligns with the language of the relevant statute.
Available Remedies for Gray-Market and Counterfeiting Cases
Claims under the Lanham Act and state law can allow for multiple nonexclusive remedies for trademark infringement arising from the sale of gray-market goods and counterfeiting. These include seizures of goods, injunctive relief, and recovery of substantial compensatory, equitable, and statutory monetary damages as well as attorney fees. State law and common-law claims for unfair competition and deceptive trade practices can also implicate powerful punitive damages.
Injunctive Relief
Under the Lanham Act, a court is authorized to grant an injunction “according to the principles of equity and upon such terms as the court may deem reasonable” in trademark infringement, false advertising, trademark dilution, and cyberpiracy claims brought under Section 43 of the Act. To obtain such relief, the trademark holder must demonstrate a likelihood of success on the merits, irreparable harm, and that a balancing of equities and the public interest favors the entry of an injunction.
Historically, some circuits applied a rebuttable presumption of irreparable harm upon a finding of infringement, while other circuits did not. Some circuits did not apply the presumption for some claims, such as false advertising in cases of implied falsity or when the defendant’s false claims were about its own products. However, the Trademark Modernization Act of 2020 amended Section 34(a) of the Lanham Act to restore a rebuttable presumption of irreparable harm upon a finding of infringement, including causes of action brought under Section 43 of the Lanham Act. Prevailing plaintiffs can now seek injunctive relief with more confidence, including for false advertising claims.
Monetary Relief
The Lanham Act specifies that victorious plaintiffs shall be entitled to recover, subject to the principles of equity: (1) the defendant’s profits; (2) any damages sustained by the plaintiff; and (3) the costs of the action. Under Section 1117(a) of the Lanham Act, courts have great latitude to adjust these profits and damages, including the discretion to enter judgment “for any sum above the amount found as actual damages” according to the circumstances of the case. Under Section 1117(a), courts also may exercise discretion to enter judgment for any “sum as the court shall find to be just” if it finds that the amount of the recovery based on profits is either inadequate or excessive.
The Lanham Act also provides for treble damages for violations involving the intentional use of a counterfeit mark. Moreover, in cases involving the use of a counterfeit mark, at any time before judgment is entered, the plaintiff may elect to recover statutory damages within a prescribed range of $1,000 to $200,000 per counterfeit mark per type of goods or services sold and up to as much as $2 million for willful infringement. The court may award reasonable attorney fees to the prevailing party in exceptional cases.
The rationales behind the Lanham Act’s damages and remedy provisions can be powerful tools for plaintiffs to (1) avoid the defendant’s profiting off its infringement; (2) compensate the plaintiff for damages it sustained; and (3) deter infringement by the defendant or deter others from engaging in similar acts. Plaintiffs should keep these three principles in mind when crafting their damages case to ensure that the court has the necessary evidence to consider each of the rationales in a trademark owner’s favor. For instance, the brazen nature of a willful infringer can help to establish that there is a strong need for deterrence of others that may follow in the infringer’s footsteps for a quick but unlawful profit. While the Lanham Act is not designed to punish infringers, defendants that are found liable under state law and common-law unfair competition claims can be assessed additional punitive damages to punish outrageous conduct that was intentional or reckless.
Split Burden to Show Revenues and Costs
Trademark owners bringing claims against counterfeiters and gray-market infringers often face the difficult task of demonstrating the scope of the wrongdoing. Counterfeiters often take great care to cover their steps or avoid a paper trail. To level the playing field, the Lanham Act includes a burden-shifting framework trademark owners can use to great effect.
In assessing profits under Section 1117(a) of the Lanham Act, the plaintiff “shall be required to prove defendant’s sales only.” The burden flips to the defendant to “prove all elements of cost or deduction claimed,” and the defendant must demonstrate how any alleged deductible cost contributed to the sale of the infringing product. If a defendant is unable or unwilling to meet this burden, courts have discretion to award the entire gross revenue as the defendant’s profit. Moreover, if damages cannot be proven with certainty because of a defendant’s own actions, whether it be through a purposeful lack of recordkeeping or obstruction in discovery, courts can hold the uncertainty against the defendant. The burden-shifting framework can provide a powerful boost to plaintiffs facing uncooperative or sophisticated infringers and counterfeiters.
Conclusion
Companies have many different tools at their disposal to police the market and guard against the unlawful importation of gray-market and counterfeit goods. The ITC presents an important venue for broad injunctive relief. In addition, actions brought in federal district courts can be a powerful option against unlawful importers that allow companies to seek injunctive relief as well as monetary damages. There, companies can seek multiple nonexclusive remedies that include seizures of goods, injunctive relief, and the recovery of compensatory, equitable, and statutory monetary damages as well as attorney fees, along with the potential for punitive damages in certain cases. Companies that are aware of these different tools can take proactive steps to investigate infringers and counterfeiters to prepare for efficient litigation and advantageously leverage these tools to combat unlawful importation and sales.
Impact investing has been gaining new prominence recently to respond to the environmental and social challenges that the traditional frameworks of philanthropy alone could not address. Impact investors generally seek to generate a double or multiple bottom-line, meaning achieving positive social and/or environmental change in addition to securing a financial return. Some examples of impact investors include development finance institutions, banks, impact investing firms, family offices, public charities, and private foundations. These entities usually invest in ventures aligned with their mission, priorities, or sustainable goals (e.g., clean energy, health, education, financial services, sustainable agriculture, gender equality). Many examples of successful impact investments and ventures exist. One such success story is the Patagonia venture fund launched in 2013, known as Tin Shed Ventures, which invests in “innovations that overcome systemic barriers to regenerative agriculture adoption on land and water,” with outcomes including the reduction of waste and the environmental impacts of agriculture.
Innovation in the field of impact investing has translated into creative legal innovation including the evolution of new financing tools, such as the B corporation, revenue-based financing, and recoverable grant and social bond structures. The impact investing industry is also using innovative blended finance structures to more adequately balance impact and financial objectives.
The effectiveness of impact investing implies considering the long-term lasting impact of an investment, including after liquidation. For that reason, achieving a “responsible exit” when divesting is crucial. Exits need to be structured at the outset to ensure that the liquidation of the impact investment is accountable to the communities being served and intentional about continuing the positive impact for society.
I. Considerations at the time and during the life of the investment
Planning for a responsible exit should start long before an actual divestment. To accommodate a responsible exit, when investing, an impact investor can seek to invest in mission-driven founders and should understand the founders’ plans for growth and possible exit scenarios. As a condition to investment, and then during the investment, impact investors should look to design ways to influence policies and achieve certain impact metrics. When considering attracting additional investors, impact investors can also undertake proper due diligence to ensure alignment of any co-investors with the company’s mission, and they should provide for contractual mechanisms to protect the mission of the investment.
Mission-driven leadership. Impact investing also means investing in a team that will embed the mission in the company and its operations. Selecting a founder of the venture and a management team who are aligned with the impact investor’s objectives and deeply committed to the mission is often the best way to create a lasting impact. Founders likely will want to retain a degree of control over the venture company’s mission (e.g., by creating separate classes of voting stock and vesting in the founders certain voting or veto rights over identified decisions affecting the mission).
Effective policies. Impact investors can also lay the groundwork for responsible exits during the life of their investment. The investor can promote effective policies related to Environmental, Social, and Governance (“ESG”) and related issues, and it can make sure those policies are implemented by systematizing reporting requirements, compliance, and audit checks. Good governance and policy implementation should be a key focus of impact investing, and it should never be underestimated when exploring and negotiating the investment. Embedding certain ethical principles and instilling ESG and equivalent policies and practices into the business is essential to a responsible investment, and should be factored into the investment strategy. Depending on the industry, investors can even take additional steps by seeking to ensure that their investments obtain the highest level of third-party certification available in that industry (e.g., B Corp certification, or, in the case of financial institutions, client protection certification from bodies approved by Cerise+SPTF, which provides confidence that a financial service provider adequately follows client protection principles).
Investor alignment and legal protection mechanisms. Structuring the investment with investors sharing a similar philosophy can also influence whether an investment will be able to grow sustainably while also subsequently achieving a responsible exit. Mechanisms should be incorporated in a shareholder’s agreement (or equivalent document) to enshrine the mission consistent with the objectives described above. The impact investor can require that certain impact metrics (such as the number of lives impacted, the progress on gender equality and women and girls’ empowerment, or the alignment with certain United Nations’ Sustainable Development Goals) are met in connection with their investment. A supermajority vote or founder consent may be required for any amendment to the mission statement for mergers, reorganizations, or stock transfer as discussed above. Put option or redemption rights may be available, and in fact, are often requested by impact investors as mechanisms to withdraw from the investment under the occurrence of certain triggering events (e.g., if the company fails to meet or maintain certain impact objectives or results). Such provisions are also used by impact investors to protect against reputational risk if, for example, the company’s activities become misaligned with the investor’s mission, priorities, policies, or regulations.
II. Considerations at the time of exit
When it is time to divest, the ability to achieve a responsible exit may be challenged by several factors. The exiting impact investor and the prospective ideal buyer may not always have the same time horizon, resulting in the need to compromise, depending on availability of adequate buyers. In addition, finding the perfect buyer with an aligned mission can prove to be difficult in some markets. Finally, enshrining mission preservation principles in the legal documentation at exit is at best difficult and at worst impossible.
Timing the exit. In the impact investing space (similar to other types of investments), timing an exit may depend on several factors. The investors may have decided that their mission or impact objectives have been accomplished, and now they need to deploy their capital elsewhere. Additional capital may also be required to further the mission, capital that the current investors may not be willing or able to provide. Scarcity of aligned buyers is another factor in determining the timing and conditions of an exit. For instance, an aligned buyer may want to invest at a specific time when no other aligned buyers are available at that time. This, in turn, forces the divesting impact investors to be more accommodating from a financial (i.e., pricing) perspective if they believe long-term impact may be created. Being flexible in terms of timing may also allow for better, more responsible exits.
Buyer selection and mission alignment. Identifying buyers aligned with the company’s mission is generally the best guarantee that such mission and related impact will be continued. Impact investors should perform a thorough due diligence on the buyer to increase the likelihood of continued impact after exit. In addition to the traditional Know Your Customer searches on the buyer, impact investors should understand the industry reputation of the buyer, along with the prospective buyer’s track record of achieving impact objectives. The buyer should also have the financial capacity to carry the mission forward. One complicating factor, though, is that the impact investors may not have multiple buyers available at a time when they are under financial constraint. Identifying and vetting the right buyer and preserving the financial situation of the investment will also, at times, require a balancing act.
Legal documentation protections. Legally enshrining the mission preservation in the legal documents at the time of exit through various covenants is often challenging and may be subject to difficult negotiations. At the core of preserving the mission is ensuring that the employees of the divested company are protected. Employees who decide to work in impact investing often have made the choice consciously and care deeply about their company’s mission. Once the impact investor has divested, these employees are needed to help carry the mission forward and thus realize its objectives. Hence, protecting the employees at the time of exit should be part of the negotiations both at the time of investment and upon exit. This is particularly important given that covenants in the sales closing documentation requiring new owners to preserve impact post-closing are often difficult to negotiate and most of the time ineffective. It would generally be very difficult for impact investors to ensure compliance post-closing with these conditions, and the likelihood of exited impact investors suing a buyer to enforce these covenants is unlikely in practice.
Conclusion
When companies reach a level of maturity such that a new strategic investor is needed, or when a reallocation of resources is necessary, impact investors may decide to exit responsibly to mitigate any mission drift, and in the hope that their investment will have a lasting impact. Despite its challenges (e.g., lack of appropriate buyers, difficulties in enforcing impact-related covenants), trying to achieve a responsible exit is paramount for impact investors. Put simply, it means caring about the population served and wanting to leave them in a better, more lasting position with new investors who share similar values. Not exiting responsibly can also have severe reputational consequences, which may result in an impact investor being unable to raise future capital or source deals. In some industries, selling to the wrong buyer can also have dire consequences (e.g., in the case of microfinance, selling a company to a predatory lender means negatively impacting the population the impact investor seeks to serve). Careful exit planning throughout the investment, nevertheless, can achieve a responsible and sustainable investment aligned with the original mission.
This is a summary of the Hotshot course “Fraud Carve-Outs: Market Trends,” in which ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP discuss market trends for fraud carve-outs, drawing on data from the ABA M&A Committee’s Private Target Deal Points Study. View the course here.
Fraud Carve-Outs: Market Trends
Market trends indicate that there’s increasing awareness of the importance of defining fraud in acquisition agreements.
According to the 2023 ABA M&A Committee’s Private Target Deal Points Study, fraud was carved out of the Exclusive Remedy provision in 87% of deals in 2022 and the first quarter of 2023. Of these deals:
26% leave fraud undefined;
70% refer to “actual” or “intentional” fraud; and
30% of those refer to different types of fraud, like common law fraud or intentional misrepresentation.
The number of deals that leave fraud undefined has decreased over the years:
74% in 2014;
63% in 2016 to 2017;
39% in 2018 to 2019;
32% in 2020 to 2021; and
26% in 2022 to 2023.
Because the Study only looked at material transactions between public companies and private parties, a substantial number of transactions were excluded.
Anecdotal information is that the vast majority of private equity deals include defined fraud carve-outs that limit fraud to deliberate falsehoods, knowingly made in the written representations and warranties of the acquisition agreement.
This supports the trend shown in the Study away from the use of undefined fraud carve-outs.
The rest of the video includes interviews with ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP.
This is a summary of the Hotshot course “Fraud Carve-Outs: Drafting,” a look at different approaches to drafting a fraud carve-out in an acquisition agreement. The course includes drafting tips and perspectives from ABA M&A Committee members Tali Sealman from White & Case LLP and Glenn West from Weil, Gotshal & Manges LLP. View the course here.
Drafting Fraud Definitions and Carve-Outs
This is a typical undefined fraud carve out to an exclusive remedy provision:
Following the Closing, except in the case of fraud (for which no limitations set forth herein shall be applicable), the sole and exclusive remedy of the parties hereto for monetary damages arising out of, relating to or resulting from any claim for breach of any covenant, agreement, representation or warranty set forth in this Agreement, the Disclosure Schedule, or any certificate delivered by a party with respect hereto will be limited to those contained in this Article IX.
(Emphasis added)
The language in this sample provision says the following:
Except in the case of fraud, a party’s sole remedy for monetary damages arising from a breach of any covenant, agreement, representation, or warranty in the agreement—and related documents—is limited to the indemnification rights provided under the agreement.
The indemnification rights are subject to caps and baskets as well as a limited definition of recoverable losses.
In cases of fraud, none of the limitations provided in the indemnification section will apply.
This is a buyer-friendly approach to a fraud carve-out because it leaves the definition of fraud open to interpretation.
It gives the buyer lots of options when bringing a fraud claim.
However, leaving fraud undefined raises several questions:
What type of fraud is included?
Which statements can form the basis of a fraud claim?
Whose knowledge matters?
Who can be held liable?
What type of claim can be brought for fraud? A tort-based claim or an uncapped indemnification claim?
To avoid the unintended consequences that can occur when the above questions are left unanswered, parties typically define what counts as “fraud.”
This can be done in the carve-out to the Exclusive Remedy provision itself or as a defined term that’s referred to in the carve-out.
Sample Provision Defining “Fraud” in the Exclusive Remedies Provision
Except in the case of claims of intentional common law fraud respecting the express representations and warranties set forth in this Agreement and asserted against the Person who knowingly committed such intentional common law fraud, claims for indemnification brought in accordance with and subject to this Article IX shall be the sole and exclusive remedy of any Indemnitee for Losses from and after the Closing Date with respect to any claim arising from, based upon, or related to this Agreement (whether in contract or tort).
In this example, the type of fraud that’s subject to the carve-out is limited to intentional common law fraud.
So both equitable fraud and common law fraud based on recklessness are not included.
The types of statements that can form the basis of the fraud are only the reps and warranties actually set forth in the written acquisition agreement.
This helps eliminate any conflict between the fraud carve-out in this Exclusive Remedy provision and the No-Reliance clause, which says that the buyer isn’t relying on any representations or duties to disclose other than those expressly set forth in the acquisition agreement.
The provision goes on to specify that only the “Persons”—usually defined as entities or natural persons—who actually committed the fraud can be held liable.
In other words, only the “Persons” who knew the rep was false when made and caused or allowed that rep to be made anyway would have exposure.
So under this provision, innocent sellers are not liable for fraud committed by other sellers.
The provision also limits the carved-out fraud claim to a tort-based claim for common law fraud because it does not expressly preserve an uncapped indemnification claim based on the allegation of fraud.
Sample Provision Where Fraud Is Included in the Definitions Section of the Agreement
“Fraud” shall mean with respect to the Sellers, any intentional common law fraud with respect to the making of the express representations and warranties of the Sellers set forth in Article IV, provided, that any such intentional common law fraud of the Sellers shall only be deemed to exist if any of the individuals identified in the definition of “Knowledge,” as applicable to the Sellers, had actual knowledge (as opposed to imputed or constructive knowledge) that the representations and warranties made by the Sellers in Article IV were actually false when made, with the express intention that Buyers rely thereon to their detriment.
(Emphasis Added)
Like the first example, this definition addresses most of the major concerns that arise when fraud is undefined.
It also limits the type of fraud to only “intentional common law fraud” and restricts the types of statements that can form the basis of a fraud claim to the written reps and warranties in the agreement itself.
In terms of whose knowledge matters, the parties here have specified a “knowledge group.”
So the actions of any one of the named individuals in the group could result in a fraud claim.
The definition goes on to require that the named person had actual knowledge that the reps and warranties were actually false when made.
To understand how this definition works, we have to look at it in the context of the Exclusive Remedy provision. Here’s an example of what that would look like:
Claims for indemnification brought in accordance with and subject to this Article IX shall be the sole and exclusive remedy of any Indemnitee for Losses from and after the Closing Date with respect to any claim arising from, based upon, or related to this Agreement (whether in contract or tort); provided, however that in the case of Fraud, the caps and baskets set forth in this Article IX shall not be applicable.
The Exclusive Remedy provision says that a party’s sole remedy for a breach is the indemnification rights provided under the agreement, except in the case of fraud with a capital F.
Unlike the prior example, this provision expressly maintains the right to bring an indemnification-based claim for “Fraud,” but eliminates the caps and baskets otherwise applicable.
This may or may not be more buyer-friendly depending on the definition of losses and other applicable limitations in the indemnification provision.
But because “Fraud” has been defined so that all of the Sellers are liable for the fraud of any of the Seller’s Knowledge parties, even though other Sellers may have been innocent, this is more buyer-friendly than the first approach.
If there are multiple sellers in a deal (for example, a company with many stockholders), this approach is rare since some sellers may be completely passive and have no way of knowing whether the reps and warranties being made by the knowledge parties are accurate.
This is an example of where the negotiated fraud carve-out, even though well defined, is more expansive than the judicially created, public-policy carve out imposed in many states.
The rest of the video includes interviews with ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP.
This is a summary of the Hotshot course “Fraud Carve-Outs,” an introduction to fraud carve-outs and the issues parties consider when defining fraud, such as who’s liable, whose knowledge matters, what types of fraud claims can be brought, and what statements can form the basis for a fraud claim. View the course here.
Explaining Fraud Carve-Outs
Indemnification rights for breaches of representations and warranties in a private acquisition agreement are typically heavily negotiated. The parties often agree to limit these rights through:
Caps, baskets, and loss exclusions; and
An Exclusive Remedy provision which says that the rights and remedies in the indemnification section are the only ones available if there’s a breach of the written reps and warranties.
In addition, when a buyer gets rep & warranty insurance, a seller’s contractual liability for breaches can be eliminated altogether.
There’s an important exception to these limitations for claims involving fraud that either the parties agree to or that’s imposed by law in many states:
If the seller commits fraud when making reps or warranties to the buyer, the buyer wants to be able to bring a claim for that fraud, either as:
A tort-based claim; or
A contract-based claim that’s not subject to the caps and baskets that otherwise apply to indemnification claims—in this summary, this is referred to as an “uncapped indemnification claim.”
This exception for fraud is known as a “fraud carve-out,” and when the parties agree to it, it’s usually included in the Exclusive Remedy provision of the acquisition agreement.
Whether or not to include a fraud carve-out isn’t typically an issue because sellers usually agree to include some form of it.
The issue that does arise is whether and how the term “fraud” is defined for purposes of the carve-out.
While fraud may seem straightforward, it’s actually a complex concept that parties need to define carefully.
There are different types and sources of fraud claims as well as different states of mind that could be required to constitute fraud.
Depending on how a fraud carve-out is drafted, there are also a number of remedies that could be available as well as various people who could be held responsible for that fraud.
The parties need to weigh all these considerations and potential outcomes when negotiating a fraud carve-out.
Sellers, of course, benefit from a narrow definition of fraud.
They want to limit the scope of the fraud carve-out to a defined set of circumstances where the sellers deliberately included a representation in the agreement knowing it was false.
Buyers prefer either no definition at all or a broader definition that includes misstatements made both in and outside of the agreement by any one of the sellers or their representatives.
They want liability to extend to all sellers, including sellers who may not actually have direct knowledge of the underlying fraud.
Leaving Fraud Undefined
Many agreements leave fraud undefined, which can cause uncertainty and significant unintended consequences related to:
The types of fraud claims that can be brought;
The statements that can form the basis of those claims; and
The people that could be held liable because of the fraud.
In M&A agreements, reps are often seen as risk allocation devices—not literal statements of truth.
A party may—and often does—make several reps believing them to be true, but without any way of determining (or any evidence supporting) their actual truth.
If a fraud carve-out doesn’t clarify what counts as fraud, a party could be exposed to uncapped liability for:
An innocent or negligent misrepresentation (known as “equitable fraud”); or
A reckless misrepresentation (a type of traditional common-law fraud).
For example:
A seller may rep and believe that its business has been in compliance with all laws for the past five years, even though it doesn’t actually know for sure if the statement is true.
Similarly, the seller may make a rep based upon information provided by its management team that a member of the management team knew to be false even though the seller itself did not.
The seller agrees to make these reps because it’s a fair allocation of risk. And the seller is prepared to indemnify the buyer subject to the contractual caps, even though in both cases the seller has no actual knowledge of the truth or falsity of the reps.
Even if it’s not the parties’ intention, an undefined fraud carve-out could expose the seller to the following possibilities:
The seller could be responsible for recklessly making false reps even if the seller made those reps in a way consistent with industry practice.
The seller could be responsible for innocent or negligent misrepresentations in the reps if the applicable jurisdiction allows these types of equitable fraud claims.
The seller could be exposed to tort-based fraud claims or uncapped indemnification.
Defining fraud helps protect against these situations and clarifies when the seller truly has uncapped liability.
Defining Fraud
A well-defined fraud carve-out explains:
The type of fraud that’s covered and the type of knowledge or scienter necessary to establish that fraud;
Which statements can form the basis of fraud, meaning those made inside or outside the agreement;
Whose knowledge matters;
Who’s liable for the fraud; and
Whether a party can bring a tort-based claim or an uncapped indemnification claim for the alleged fraud.
Type of Fraud
There’s no unified definition of fraud across jurisdictions, so when an agreement leaves the term undefined it’s unclear which definition and therefore which type of claim and level of knowledge is intended. For example, there’s:
Common-law fraud, which can be based on:
A representation that was made even though it was known to be false;
A representation that was made recklessly but without sufficient basis to actually know it was true; or
Under certain circumstances, even nondisclosures.
Equitable fraud, in which a completely innocent or at worst negligent misrepresentation made neither knowingly nor recklessly can constitute fraud; and
Promissory fraud, which is a form of common law fraud involving the oral communication of a promise to do something in the future that the promisor allegedly never intended to actually do.
This can effectively result in a breach of contract claim being recast as a tort-based fraud claim.
Most buyers acknowledge that the fraud they have in mind when negotiating the carve-out is specifically when the seller knowingly makes a material false statement of fact that the buyer relies on.
So buyers are often willing to include a definition of the term that matches this expectation.
If the term is undefined, then the parties open up the possibility of any or all of the various types of fraud being included in the carve-out.
Type of Statements
Parties also consider the type of statements that can form the basis of a potential fraud claim.
A No-Reliance clause is when the buyer agrees that it’s not relying on any representations or duties to disclose other than those expressly set forth in the acquisition agreement.
In most states, if the parties have included a No-Reliance clause in the agreement, only those written reps and warranties can form the basis for a fraud claim.
When fraud is left undefined in the carve-out, there could be a conflict between the No-Reliance clause and the carve-out.
This can raise questions about whether both contractual and extra- contractual representations should be allowed as the basis of a fraud claim.
Whose Knowledge Matters
In addition, the definition of fraud can specify whose knowledge matters when it comes to fraud that’s based on a knowing misstatement.
The definition could include a specific set of individuals (like certain named officers) or a larger group of people (like all sellers and the management team).
Who is Liable
Similarly, parties sometimes specify who can be held liable for fraud.
A poorly defined fraud carve-out can result in innocent sellers being liable for the fraud of the guilty sellers.
If that’s the deal that the parties negotiated, then it’s not a problem.
But if it was never discussed, then this could result in an unwelcome surprise to an innocent stockholder.
Type of Fraud Claim
Finally, whether a party can bring a tort-based claim or an uncapped indemnification claim for alleged fraud has implications on the party’s potential recovery and pool of defendants. For example:
An uncapped indemnification claim based on alleged fraud might result in a larger recovery than a simple tort-based claim would in the applicable jurisdiction. The buyer may be able to seek damages from all of the sellers, regardless of whether they committed the alleged fraud.
On the other hand, the definition of indemnifiable losses in the agreement might be so limited—for example, if punitive damages are excluded—that the buyer would be better off making a tort-based common law fraud claim even though that type of claim can usually only be brought against the culpable seller.
No-Reliance Clauses and Fraud Carve-Outs
This summary doesn’t focus on No-Reliance clauses, but it’s important to understand how a fraud carve-out can undermine the efficacy of the provision.
In most M&A agreements, buyers specifically acknowledge that they’re not relying on any statement made by the sellers or anyone acting on the sellers’ behalf other than the reps in the written acquisition agreement itself.
The idea is that the parties have carefully negotiated the scope of what the seller agrees to stand behind, and they’ve put that in writing in the acquisition agreement.
The seller doesn’t want to find out later that the buyer was instead relying on a statement made in a management presentation or a negotiation session even though those statements weren’t included in the written reps in the agreement.
Since a required element of common-law fraud is justifiable reliance by the buyer, a No-Reliance clause can prevent any argument that the buyer relied on reps made outside of the contract.
A fraud carve-out can undermine the efficacy of the No-Reliance clause. For example:
Leaving fraud undefined could be interpreted to mean that both types of statements—those in and outside of the agreement—are included, despite a No-Reliance clause.
Or if the parties include the fraud carve-out in the No-Reliance clause itself, it could be argued that they intend for both contractual and extra-contractual fraud to be an exception to no-reliance.
If the express purpose of the No-Reliance clause is to eliminate all fraud claims that are based on extra-contractual statements by expressly disclaiming reliance upon any such statements, it doesn’t make sense to carve out fraud from the reach of the No-Reliance clause.
So to avoid this pitfall and any other ambiguity, the parties usually define fraud so that it only includes knowingly false statements of fact set forth in the written reps of the agreement.
Judicially Created Fraud Carve-Outs and State Law
Many states have laws that address the issue of fraud and No-Reliance clauses in acquisition agreements.
For example, Delaware law, which is the governing law in most acquisition agreements, imposes a judicially created fraud carve-out in every acquisition agreement, regardless of any other contractually bargained-for carve-outs.
So if an agreement governed by Delaware law has no fraud carve-out and a fully effective No-Reliance clause which eliminates all extra-contractual fraud claims, the Exclusive Remedy provision would eliminate all fraud claims based on the written reps.
The exception would be when the seller itself knowingly makes a false statement in the agreement’s written representations.
In other words, under Delaware law, even if the parties don’t include a fraud carve-out in the exclusive remedies provision, a buyer could still bring a tort- based claim if they believe the seller knowingly lied in the written reps.
When a fraud carve-out is included in an agreement governed by Delaware law, the seller will want to make sure to include well-defined limits.
Otherwise the contractual fraud carve-out could increase the seller’s exposure well beyond the public-policy carve-out and potentially undo the carefully negotiated limitations on liability.
Other jurisdictions have different views on these issues.
In Massachusetts and some other jurisdictions, No-Reliance clauses are ineffective in the face of almost any type of fraud except claims based on negligence.
Other jurisdictions have similar limitations on the effectiveness of No- Reliance and exclusive remedy provisions.
Because state law can impose liability where the parties don’t intend there to be any, it’s important to familiarize yourself with the relevant laws of the governing jurisdiction before negotiating these issues.
The rest of the video includes interviews with ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP.
As artificial intelligence (“AI”) becomes more prevalent in business processes and service delivery across industries, it is increasingly important for M&A buyers to familiarize themselves with the legal nuances associated with the use of AI technologies. In this article, we explore seven key areas of inquiry for an M&A buyer when conducting legal due diligence on a target company that uses AI in its operations.
1. Type of AI used and how the target is using it
AI can be used for a wide variety of functions and applications. At the outset, it is important to understand what types of AI tools, systems, models, and technologies the target company is using, the provenance of such technologies (e.g., are they proprietary or licensed from a third party?), and how they are being used. Are they used internally only or in the delivery of products or services? Will they be business-to-business and/or consumer-facing? The answers to these questions will inform due diligence strategy and assist M&A buyers in assessing the target company’s risk profile.
Further, AI is not one type of technology. Generative AI—AI that creates new synthetic content or data, like text, images, audio, video, and source code, after being trained on large datasets and often using large language models—has caught the attention of the world, but it is only one of many kinds of AI. Deal team members should identify the types of AI being used by the target company and develop a tailored due diligence plan to understand the legal implications of the target’s AI-enabled operations and offerings.
2. How the AI is trained and rights to input data
Most AI technologies (including generative AI) require access to large datasets in order to train the AI’s “foundation models.” If the target company uses AI technology provided by a third-party vendor, the M&A buyer will need to diligence the vendor contract or applicable terms of use to analyze both the commercial arrangement between the target company and vendor and how the vendor’s AI technologies were trained (e.g., using what datasets accessed with which rights). Where the target company is providing protected, confidential, proprietary, or otherwise commercially sensitive information or data (e.g., personal data) to the third party, whether to further train or fine-tune such AI technology or via prompts (i.e., queries), buyers should also assess how the target company has addressed risks associated with this. For example, they should consider how the vendor contract permits the vendor to use such information and data, how the vendor is required to secure and protect the information and data (including retention and deletion obligations), and what guarantees (if any) the target company is making with respect to such inputs. Analyzing the nature and source of the training data (including any associated rights and other disclosures or consents) may also be warranted when the target company is training its own proprietary AI models. As further discussed in Section 6, legal obligations with respect to data protection laws and regulations still apply (despite the evolving regulatory landscape of AI regulation—see Section 7).
3. Rights to the AI-generated output
Where a target uses generative AI to create outputs, the M&A buyer should diligence the materiality of those outputs on the target’s business and whether they can be protected against third-party use. For example, consider whether the AI tool and outputs will be used internally only, whether the target company or possibly even the M&A buyer may wish to incorporate the AI technology or AI-generated outputs into its own products and services, and whether the value of the target company is dependent on having exclusive rights to (or the ability to exclude others from using) the AI-generated output. Moreover, where third-party AI is used by the target company, vendor contracts should also be analyzed to confirm whether the target company has the necessary rights to use the AI technology and its outputs—both pre-acquisition in its current business (e.g., commercially) and post-acquisition as the M&A buyer intends to use them.
Copyright and patent laws in the majority of jurisdictions (including the US, UK, Australia, and Europe) do not currently protect works or inventions created solely by AI. Accordingly, if AI-generated outputs comprise all or a part of any material assets or operations of the target company, it will be important to determine to what extent there was human involvement in their creation, what intellectual property rights the target company may have to them, and what other measures the target company has taken to protect them (e.g., contractual protections). Buyers should also undertake a review of the contractual terms applicable to such outputs (whether under the vendor terms or the commitments the target company itself may be making with respect to the AI-generated outputs).
4. Risk allocation
If the target company uses AI-enabled tools or technologies—whether proprietary or from a third party—on a commercial basis, the M&A buyer should carefully assess the potential risk associated with use of the AI or its outputs, including review of any applicable vendor contract to understand how such risk is allocated.
For example, if the AI model was trained on copyrighted works, the model could reproduce copyrighted material in its output. Many vendors have started providing certain contractual protections and indemnifications in this regard. As another example, if the target company relies on a third-party AI tool to deliver products or services to its customers and the AI tool malfunctions (e.g., hallucinates in a chatbot context), the target company may be in breach of commitments it has made or be liable for any harm or damage resulting from its customers’ use of erroneous outputs. From an M&A buyer’s perspective, it is therefore important to understand the scope of the target’s (and vendor’s, if applicable) warranties, limitations of liability, and indemnification obligations, as well as its creditworthiness. In addition, an M&A buyer should also review insurance policies the target is carrying that could cover potential instances of third-party claims.
5. Protection of proprietary AI technology
If the target company developed the AI tool and it confers a competitive advantage or is otherwise material to the target company’s business, the M&A buyer should seek to understand how the company aims to protect the AI technology from use by others. This inquiry will often be similar to due diligencing other proprietary intellectual property of the target company, including reviewing policies and procedures, employment and contractor agreements, location of development, etc.
Under intellectual property laws in the United States, AI technologies may be protectable through patent, copyright, and trade secret laws. The US Patent and Trademark Office recognizes AI as a class in its patent classification system, but given the nature of AI inventions, there are challenges to satisfying the subject matter eligibility and enablement elements required for patent protection. Copyright protection may be available, but only to certain aspects of the AI model (e.g., original expression of source code), and the visual elements of an AI system may be protectable, but functional aspects (like algorithms) are not. So, often, AI models are best protected as trade secrets. As a result, acquirers should confirm that the target company has taken reasonable measures (including reasonable legal, physical, and technological measures) to protect and maintain the secrecy of its AI models, including maintaining reasonable information security policies and procedures, as well as securing appropriate nondisclosure agreements from personnel and third parties with access to the information. Using reasonable measures to protect the secrecy of a trade secret is not just a legal requirement to maintain a trade secret’s protected status under US law but also an operational safeguard to ensure trade secret information does not (directly or indirectly) fall into the wrong hands.
6. Cybersecurity and data privacy considerations
If personal information or other regulated information is used by the target in connection with its AI technology use, diligence should include a review of at least the following: the target’s data privacy policies and cybersecurity practices; whether the target’s AI technology use is consistent with applicable privacy policies, law, and regulation; where such data or information is stored; the security measures in place to safeguard against breach; and insurance coverage applicable to breaches. In the US, there are many state comprehensive privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act.[1] In addition to comprehensive privacy laws, there are sectoral laws that are relevant to privacy and AI, including the Biometric Information Privacy Act in Illinois that covers the use of biometrics and has extremely high penalties. The target should be able to describe the nature of the relevant data and how the target obtained it, as well as applicable contracts, user consents, or disclosures governing such data (including compliance with any use restrictions that apply to the data), as applicable.
If the AI technology has been provided by a third party, not only will the target’s practices be relevant, but vendor contracts or applicable terms of use should also be reviewed to ensure there are appropriate vendor obligations addressing data privacy (see Section 2) and cybersecurity.
If the target company operates across different jurisdictions, then inquiries should also be made about the measures the target takes to comply with cross-border data transfer requirements. If the target uses training data sourced from multiple jurisdictions, the M&A buyer should confirm that the cross-border data transfers conformed to established compliance standards and protocols.
7. Compliance support and the changing regulatory landscape
As described above, acquisition of AI-enabled M&A targets involves nuanced legal considerations. In addition, the regulatory landscape with respect to AI is rapidly evolving; for example, Europe reached political agreement on the EU’s AI Act on December 8, 2023, and US President Joseph Biden issued an executive order on “safe, secure and trustworthy” AI use on October 30, 2023. The frameworks, regulations, and legislation being introduced or discussed around the world involve varying approaches, such as differing definitions of AI, targeting slightly different issues, and differing approaches to enforcement and liability. M&A buyers should consider what systems and processes the target company has in place to oversee its use of AI and the challenges posed by such technologies (e.g., systems to identify and minimize bias and to ensure safety, transparency, and human oversight). They should also consider what representations the target company is making about its AI usage.
Some major frontier AI companies have spent tremendous resources and built strong teams to tackle the challenges of compliance with regulatory requirements and to address ethical issues arising from the use and development of AI. Accordingly, it is important to examine the target company’s organizational supports and systems to not only comply with, but also to be able to adapt to, the evolving regulatory landscape, and to address existing and future regulatory compliance.
James Hu is a corporate partner at White & Case LLP, Karl Gao is the Vice President & Global General Counsel of NIO, and Yixin (Yish) Gong is a technology transactions partner at White & Case LLP. Hope Anderson, Burr Eckstut, Arlene Hahn, and Erin Hanson, partners of White & Case LLP, also contributed to this article. Any views expressed in this publication are strictly those of the authors and contributors and should not be attributed in any way to White & Case LLP or NIO.
Additional state comprehensive privacy bills have been proposed and others have passed and will be coming into effect. ↑
The November 2023 publication of updated guidance by the International Bar Association on the role of lawyers in promoting businesses’ respect for human rights provides an opportunity to revisit the many ways that business lawyers can and should advise their clients regarding potential adverse human rights impacts of their operations and business relationships.
Lawyers and their law firms are engaged in a wide range of business activities on a day-to-day basis as they provide services and advice to their clients, employ personnel to assist them in their assignments, and purchase goods and services from a variety of vendors. It has always been clear that lawyers are expected to conduct themselves in a manner that aligns with applicable professional codes of conduct and ethics, including obligations to promote justice and prevent injustice. However, law firms, like all other businesses, must also accept and meet responsibilities to respect human rights as provided in the United Nations (“UN”) Guiding Principles on Business and Human Rights (the “Guiding Principles”).[1] The American Bar Association has acknowledged that the Guiding Principles apply to the professional responsibility of lawyers,[2] and other national and local bar associations have publicly endorsed the Guiding Principles and issued guidance to their members on assisting their clients.
In November 2023, the International Bar Association (“IBA”), which previously adopted guidelines on business and human rights for lawyers and law firms based on the Guiding Principles,[3] published an updated guidance note on business and human rights discussing the role of lawyers in the changing environment.[4]
The IBA noted that clients that seek legal advice solely for technical compliance with laws and regulations, without regard to the potential adverse human rights impacts of their proposed actions, fail to see “the larger picture of business risks of involvement in human rights abuse . . . [including] . . . reputational harm; lost opportunities; reduced access to capital markets; delay costs; high interest or more expensive debt; top management distraction; and reduced ability to hire and retain talent.”[5] The UN Working Group on Business and Human Rights has identified several challenges that business lawyers often must overcome in providing effective counseling to their clients regarding human rights due diligence:[6]
Lack of understanding of human rights law in general and what is meant by “human rights risks” in particular—business lawyers sometimes do not understand that human rights include what are otherwise familiar topics such as environmental and labor rights and standards.
Failure to appreciate that human rights impacts are legal issues for all companies, not just private security companies and weapons manufacturers.
Lack of understanding of the links between human rights and legal, commercial, and reputational risks, and failure to realize that even where no material legal risks can be identified, there may still be commercial and reputational consequences from the company’s behavior.
Failure of lawyers to get involved in addressing actual or potential human rights risks at an early stage before the participants have become embroiled in litigation or another adversarial dispute resolution process.
A growing number of law firms, typically international firms with offices throughout the world, are launching formal practice areas covering business and human rights and corporate social responsibility. Such firms are offering services related to human rights reporting, implementation, and interpretation of the Guiding Principles and other “soft law” standards; human rights policies; managing supply chain risks; human rights due diligence and impact assessments; compliance systems and risk management; human rights and major projects (e.g., finance, mergers and acquisitions, and new facilities in communities where indigenous peoples’ rights may be impacted); and human rights as a defense tool. Lawyers working inside companies are leading new cross-functional working groups to oversee human rights due diligence and integrate appropriate due diligence processes into common business transactions (e.g., mergers and acquisitions), as well as expanding their existing compliance initiatives in related areas such as anti-bribery, data privacy, ethics, and business integrity.
In its recently issued guidance update, the IBA noted the following situations in which those lawyers are and should be integrating counseling on business and human rights:[7]
Mandatory Human Rights Due Diligence. Laws and regulations mandating human rights due diligence are increasing, which will require lawyers to work with their clients “to establish and implement appropriate policies, processes and procedures to ensure compliance.”
Environmental Law. Due diligence relating to environmental matters is expanding to include identification and remediation of potentially severe human rights impacts of environmental harm, climate change, pollution, and loss of diversity, particularly adverse impacts on vulnerable people and communities.
Corporate Governance. Directors and members of a company’s senior management team must be provided with guidance on how to integrate and embed human rights due diligence into internal governance structure and enterprise risk management, policies, processes, and procedures.[8]
Mergers and Acquisitions. Since the UN Guiding Principles require that companies conduct human rights due diligence with respect to the activities of parties with which they intend to form a business relationship, lawyers advising companies on mergers and acquisitions will need expand their traditional due diligence work to include human rights and environmental risks of the operations of the other party to the transaction.
Finance. Since the UN Guiding Principles hold financial institutions and investment companies accountable for adverse human rights impacts that they cause or contribute to, their attorneys need to advise them about the potential human rights impacts of their investment activities (e.g., use of loans by borrowers to engage in activities that have an adverse impact on the human rights of groups in the communities in which they are operating). Attorneys for such entities also need to assist them in including representations and covenants in transactional documents relating to human rights issues (e.g., covenants from companies receiving investment about diversity and inclusion in their workforces).
Contracts. The IBA noted that “[l]awyers play a central role in the formation, drafting and enforcement of contracts . . . [which are] . . . a key source of leverage through which a company can incentivize both buyers and suppliers to improve their human rights performance.” Lawyers should be mindful of, and participate in, the various responsible contracting initiatives that have emerged to develop standards for inclusion of human rights due diligence and dispute resolution mechanisms into contracts, particularly contracts with parties in the supply chain.[9]
Dispute Resolution. Lawyers will be asked to bring their skills and experience in helping companies manage and resolve disputes that emerge from the growing use and acceptance of human rights due diligence standards. In addition to support in traditional forums such as courts, administrative agencies, and arbitration panels, lawyers will be involved in the development and implementation of the operational-level grievance mechanisms contemplated under the Guiding Principles.
Reporting and Disclosure. Companies have long relied on lawyers for assistance in fulfilling their reporting and disclosure obligations to regulators. Those skills will be useful in complying with emerging regulations and voluntary standards that impose new expectations on companies to communicate with regulators and stakeholders regarding the actual or potential adverse human rights impacts of their operations and business relationships, as well as steps they are taking to promote human rights. (For example, California is requiring venture capital firms to report on diversity among the leadership teams of their portfolio companies.)
The IBA noted that a law firm’s ability to influence clients to avoid or mitigate the adverse human rights impacts of their operations, transactions, and business relationships turns on whether the firm can credibly demonstrate its competence and experience as a counselor on business and human rights issues. The IBA listed several steps that law firms can take, including developing internal firm capacity on business and human rights; identifying problems that other companies have faced when they ignored human rights issues in similar situations; offering to provide human rights capacity building to clients; providing advice on business and human rights to clients on a pro bono basis; issuing client briefings and alerts; participating in multi-stakeholder dialogues or forums to discuss emerging issues and develop standards for specific issues or industry contexts; and supporting the efforts of bar associations to provide training and guidance.[10]
Law firms can also establish credibility in the business and human rights arena by taking actions that proactively promote the human rights of various internal and external stakeholders. For example, law firms can take steps to combat discrimination and harassment in their workforce and expand opportunities for historically disadvantaged groups through their recruitment, hiring, training, promotion, and leadership development strategies. Law firms can support the physical and mental health of members of their workforce by expanding caregiving assistance and the availability of paid leave to take care of children and other family members. In addition, law firms can support and promote realization of basic human rights by members of the communities in which they operate through investments in initiatives such as community development, education, and improvement of access to food and healthcare, and through providing employees with opportunities to volunteer with community groups while being paid by the firm. Of course, law firms have long contributed to human rights through pro bono programs that allow people and groups to contest their claims and grievances in the legal system, and in recent years, pro bono work has expanded to assist entrepreneurs from historically underrepresented groups (particularly women and racial and ethnic minorities) in starting their own businesses. Finally, more law firms have introduced sustainability into their day-to-day operational practices, and some firms have sought and achieved “certified B corporation” status to demonstrate adherence to stringent standards of performance and accountability with respect to their sustainable business practices.
The legal profession is much maligned in the business community and in society in general, and many lawyers complain of deep dissatisfaction with their choice of career and the day-to-day tasks associated with their roles in the legal system. Proactively participating in environmental and social responsibility initiatives, either as individual lawyers, as law firm team members, or by assisting clients, is a real opportunity for lawyers to change their lives and the communities in which they practice in a positive manner. Many lawyers entered law school with the goal of acquiring the tools necessary to help those who needed support from others and, in some small way, to “change the world.” For those who may have lost their way, for whatever reason, or are looking for ways to do more, embracing counseling of businesses on their duties to respect human rights is a welcome and promising platform.
***
For further discussion of the role of lawyers and the legal profession in business and human rights, see the author’s chapter on the subject, which is an updated version of work that originally appeared in the author’s book Business and Human Rights: Advising Clients on Respecting and Fulfilling Human Rights (ABA Publishing). The chapter includes practical guidance for lawyers and law firms on business and human rights, a comprehensive list of resources that they can consult, and detailed discussions on law firm human rights policies and statements, client intake procedures, human rights risk management plans, withdrawing from engagements due to concerns about adverse human rights impacts of client activities, evaluation and reporting, governance and management of responsible business activities, building internal capacity and credibility on business and human rights, and the roles of in-house lawyers and the general counsel.
See the Guiding Principles, which are sometimes called the “Ruggie Principles” in reference to John Ruggie, the UN Special Representative for Business and Human Rights who first introduced the principles in 2007 and led the efforts that eventually led to the endorsement of the Guiding Principles. ↑
John F. Sherman III has pointed out that the ABA’s Human Rights Committee has noted the Guiding Principles “pour content into the independent and candid advice that lawyers must provide to corporate clients under ABA Model Rule 2.1” and that the acknowledgement in the Commentary to Model Rule 2.1 that “moral and ethical factors impinge on most legal questions” is consistent with professional codes of responsibility in other countries that acknowledge that lawyers “must balance their dual roles as guardians and advocates for the interests of their clients, and as gatekeepers for the interests of courts and society.” John F. Sherman III, “Professional Responsibility of Lawyers under the Guiding Principles,” Shift, April 2012. See also John F. Sherman III, “The UN Guiding Principles: Practical Implications for Business Lawyers,” In-House Defense Quarterly (Winter 2013), 50. ↑
Business lawyers are also working with clients to form, organize, and operate enterprises based on new corporate governance frameworks created specifically to integrate the responsibilities of businesses for their environmental and social impacts (e.g., benefit corporations). ↑
Major sneaker brands have capitalized on new trends in technology and social media to publicize sneaker culture. As sneakers become more popular, sneaker collections increase in value, thus increasing financial exposure for collectors and other entities in the sneaker industry. One might first think of theft, authentication, fire, floods, or market valuation as the general risks associated with sneaker collections. But many sneaker companies have made headlines over the past few years with lawsuits against other sneaker companies and entities, with issues ranging from traditional patent battles to exhaustive fights against counterfeiters. Often overlooked by collectors and sneaker companies alike, insurance can be vital to helping both collectors and companies faced with unexpected liability related to sneaker culture.
Given how much money is at stake in the industry—nearly $72.2 billion currently and expected to reach $100 billion by 2026—it should come as no surprise that sneaker companies are using intellectual property (“IP”) law to protect their assets. For example, in early 2022, a large shoe manufacturer sued an online sneaker resale marketplace, asserting claims for trademark infringement of the shoe manufacturer’s non-fungible tokens (“NFTs”), counterfeiting, and false advertising after a sneaker collector and reseller bought thirty-eight pairs of counterfeit sneakers from the resale marketplace. The litigation has likely been costly and damaging for the online reseller because of the extensive discovery process, including a discovery dispute resulting in a court order requiring the online reseller to produce information about the identity of known users who sold counterfeit sneakers through the company’s resale platform. The same large shoe manufacturer also sued a major athletic apparel retailer in January 2023 for alleged infringement of footwear patents.
Sneaker companies and other entities on the receiving end of IP lawsuits—including, for example, third party retailers and online resellers—should be able to leverage their IP or commercial general liability (“CGL”) policies for insurance coverage for defense costs in IP lawsuits related to sneakers and their director’s and officer’s (“D&O”) policies for any downstream lawsuits against executives of sneaker companies.
IP Insurance
IP insurance covers the initiation or defense of claims for IP infringement. This means a sneaker company can leverage IP insurance to enforce its intellectual property rights against suspected infringement and to defend against allegations of infringement. Like many types of coverage, IP policies often cover litigation costs and expenses as well as potential judgments and settlements.
CGL Insurance
While IP insurance, which protects a business from allegations of infringement of another business’s intellectual property, may be the obvious source and first line of defense for coverage for IP claims related to sneakers, coverage may also be available under a CGL policy. Most CGL policies do not explicitly include patent infringement coverage. In fact, most CGL policies include an IP exclusion that expressly excludes patent infringement coverage, but insureds may still be able to secure coverage. Most IP lawsuits are conjoined with other allegations, such as unfair competition, which some courts have found to be fundamentally the same as an asserted trademark infringement claim,[1] thereby potentially implicating coverage under the CGL policy that the insurer acknowledges and defends. A complaint that alleges infringement of a competitor’s patent may also allege defamation and disparagement of its product. Because claims for defamation and disparagement are typically covered under CGL policies, there may be defense coverage related to those covered claims. Thus, it is crucial to closely review factual allegations in the complaint that might bring the lawsuit within the scope of CGL insurance coverage.
A claim for patent infringement may also be covered under “advertising injury” that falls outside the scope of the policy’s IP exclusion. Some courts have held,[2] under certain versions of the standard CGL form, that a trademark constitutes an “advertising idea,” meeting the definition of “advertising injury” as that term is typically defined in standard CGL policies. In other words, the misuse of another’s trademark may constitute appropriation of an advertising idea, which falls within the coverage typically provided under a CGL policy form. Willful acts of infringement are generally not covered, though; the infringement must be inadvertent.
There are some CGL policies that provide direct coverage for IP claims and do not include explicit exclusions. For example, the insured may be able to negotiate a CGL policy without an IP exclusion by agreeing to absorb routine defense costs and fees through a self-insured retention, a specific amount that the insured must pay before the insurance policy responds to a loss. A policy that includes a self-insured retention shifts some of the risk from the insurer to the insured, which in some cases allows the insured to negotiate terms that provide direct coverage for IP claims. Sneaker companies, particularly those with significant capital, may want to consider negotiating a self-insured retention in order to procure direct coverage for IP claims under a CGL policy.
D&O Insurance
D&O insurance may also cover claims in sneaker-related lawsuits against individual business leaders, such as directors, officers, or certain company executives, arising from certain actual or alleged acts, such as failing to adhere to state or federal laws, unethical practices, or fiduciary duty mismanagement. Companies within the sneaker industry, for example, may be subject to Securities and Exchange Commission investigations that implicate the sneaker company, as well as its individual officers and directors. A D&O policy typically covers the defense costs and expenses the company incurs during such investigations.
D&O insurance may also protect sneaker companies against lawsuits for theft of intellectual property. This is because IP-related claims often constitute a wrongful act, as that term is defined in the D&O policy, if the directors and officers are named as defendants in the IP lawsuit. If faced with allegations of IP infringement, sneaker companies should consider coverage under D&O policies that may complement any coverage afforded under CGL policies.
Insurance for Collectors
Insurance for sneaker-related claims, however, is not limited to sneaker companies. As sneakers become increasingly valuable, even individual collectors can consider insurance coverage options. Traditional homeowner’s insurance typically covers personal property, including sneakers. But a traditional homeowner policy does not cover authentication issues, such as the counterfeit issue in the lawsuit mentioned earlier, or other risks unique to sneaker collecting and investments. To that end, sneaker insurance for individual sneaker collectors exists, which insures against a broader range of risks than traditional homeowner policies.
While homeowner’s insurance policies often exclude coverage for property damage resulting from or arising out of flooding, sneaker insurance typically provides some coverage for flood damage. Larger collections, in particular, are more vulnerable to potential disasters, making purchasing comprehensive insurance a necessary step in protecting a collector’s investment. Policies tailored for sneaker collections also provide coverage for sneakers lost or stolen during shipping, delivery, and travel—losses that are usually not covered under traditional homeowner policies. Sneaker insurance facilitates collectors’ profiting from their investment through resale while decreasing exposure to the risks of shipping and delivery of valuable sneakers. Another advantage to sneaker insurance is that the sneakers are valued and authenticated during the underwriting process and insured at replacement cost, rather than actual cash value, allowing the collector, in most cases, to avoid incurring a loss because of depreciation or a decline in market value for the sneaker.
Sneaker collectors, however, should understand that sneaker insurance is an emerging market, and options are somewhat limited. This means high premiums for coverage, particularly because insurers in the sneaker industry are likely attuned to the nuances of the sneaker market and may tie premiums to market fluctuations.
Conclusion
Insurance is a great way to mitigate and hedge against the risk of unforeseen losses in the sneaker industry. CGL policies, D&O coverage, and sneaker insurance provide sneaker companies and collectors with various routes to securing coverage when faced with losses, including costly litigation. But the sneaker industry, especially sneaker companies with greater vulnerability to lawsuits, should recognize that insurance policies are often narrowly tailored to exclude the very claims that pose large risks to sneaker companies and collectors alike. Sneaker companies and collectors should consult experienced insurance coverage counsel to carefully consider all insurance options to protect their assets and investments.
See, e.g., Land’s End at Sunset Beach Cmty. Ass’n, Inc. v. Aspen Specialty Ins. Co., 745 F. App’x 314, 319–20 (11th Cir. 2018) (finding that the fact allegations in the underlying action for the counterclaims of false designation and unfair competition “require elements of proof beyond [intellectual property] use and [the fact] that those types of claims may exist absent [intellectual property] infringement does not alter the analysis . . . [and] depend on [the insured’s] use of [the intellectual property’”); see alsoMarvin J. Perry, Inc. v. Hartford Cas. Ins. Co., 412 F. App’x 607, 614 (4th Cir. 2011) (finding that a plaintiff’s claim for unfair competition was based on another’s use of the plaintiff’s trade name, trademark, logo, and website in violation of the plaintiff’s ownership of the trademark). ↑
See, e.g., Lebas Fashion Imports of USA, Inc. v. ITT Hartford Ins. Group, 50 Cal. App. 4th 548, 557, 565–66 (2d Dist. 1996) (construing the phrases “advertising idea” and “style of doing business” in a CGL policy broadly to provide coverage for trademark infringement, as “a trademark is but a species of advertising”). ↑
In 2020, approximately forty-six law firm data breaches were reported, according to a recent Law360 Pulse survey. In 2022, that figure more than doubled and exceeded one hundred.
Many midsized firms mistakenly assume that cybersecurity breaches won’t happen to them—that breaches only happen to large firms or that their firm is adequately defended by their current technology systems. Not only is this thinking naive, it is risky.
In 2022, 70 percent of reported breaches occurred at firms with fifty lawyers or less. Research shows that cyberattacks are increasing in size and becoming more sophisticated, occurring through a variety of tactics including social engineering and phishing, which can lead to stolen credentials such as usernames and passwords.
Here are three proactive steps your firm can take to help mitigate both the risk and the potential negative impacts of a data breach.
1. Investigate Your Managed Service Provider (MSP)
Many law firms rely on a third party to provide technology and related services to support firm operations and infrastructure (phone systems, email, video conferencing, document management systems, etc.). However, in addition to supporting law firm technology operations, MSPs are also a primary resource for defending against and mitigating cyber risks. Thus, it makes sense to ensure your MSP is secure.
One way to assess your MSP’s security is to request to see its latest SOC 2 audit. SOC 2 (System and Organization Controls 2) is an audit report that indicates the trustworthiness of the services provided by an MSP and is used to assess the risks associated with third-party service providers that store consumer data online. MSPs are not required to have SOC certifications, but SOC certification has become an industry benchmark for recognizing high security standards; it indicates an added measure of proof that an MSP is secure. An increasing number of businesses, especially those operating in regulated industries such as banking, financial, health care, energy, and retail, only work with law firms that use an MSP that is SOC 2 certified or law firms that have their own SOC 2 certification.
While investigating your MSP’s SOC status, here are additional questions to ask your provider:
What’s being done to protect my organization from breaches, hacks, and attacks?
What cybersecurity-related services am I paying for?
How are these services protecting me? What reporting is available?
What security awareness training services can you offer my firm?
2. Don’t Lose Sight of Your #1 Risk: Access Points into Your Data through Your Employees
Each individual working at your firm represents a potential entry point for hackers to gain access to your data and client data. It’s also possible to encounter employees who decide to steal or compromise data.
It’s important to note, though, that employees can also be your best protection against cybersecurity breaches. With proper security awareness training and other strategies, law firms can decrease the chances of being breached and defend themselves.
For example, firms can start, increase, and mandate cybersecurity awareness training for employees. Many firms conduct such training on an annual basis, yet given the increased complexity and sophistication of cyberattack methods, this may no longer be frequent enough. Formal cybersecurity awareness training, which includes cybersecurity test-and-learn exercises such as penetration testing and phishing attack simulations, should happen often and at random, to simulate how unexpected a hack attempt can be and reinforce readiness at all times.
Another option to strengthen a firm’s cybersecurity training is the gamification of the training to drive the desired employee behavior. Law firms can create healthy competitions among employees, whereby an award or prize goes to the most vigilant employees for efforts such as detecting and properly reporting the most (simulated) phishing attempts within a given time frame.
Firms that prioritize training create a culture of cybersecurity compliance and a stronger shield from cyberattacks than those firms that are not adopting training, creating awareness, and simulating attack situations. Firms that proactively build, implement, and test (or literally practice) their defense measures will be much better prepared than those that choose to wait and react.
High adoption of security-compliant practices happens when firms make a concerted effort to track and reward participation in cybersecurity training and make it part of the employee evaluation process, building in incentives. This helps the firm identify areas for cybersecurity improvement and employees who pose a cybersecurity risk.
3. Maintain a Robust and Up-to-Date Breach Response Plan
Given the plethora of security and privacy regulations, it is critical that any cyber incident is met with a timely and appropriate response. While no organization wants to experience a breach, for law firms, such incidents invoke a particularly unique ethical obligation. Lawyers have an obligation to protect their client’s information and to disclose any breach.
Rule 1.6 of the ABA Model Rules of Professional Conduct states that lawyers must not disclose information related to the representation of a client. This includes information that is communicated in confidence by the client and any other information related to the representation. The rule also states that lawyers must make reasonable efforts to prevent the unauthorized disclosure of client information.
Notably, the European Union’s General Data Protection Regulation (GDPR) applies to law firms that offer services to clients in the EU, among other circumstances, and if a firm falls under the GDPR’s definition of a controller, it is required to report personal data breaches to the relevant supervisory authority “without undue delay and, where feasible, not later than seventy-two hours after having become aware” of the breach. The notification must include information about the nature and scope of the breach, including the number of data subjects and records involved.
Firms need to follow all legal requirements and should also have their own detailed, formal breach or incident response plan in place. A robust breach response plan should include:
Incident response team roster with clearly defined roles and responsibilities
Procedures for monitoring and detecting threats
A clearly defined process for reporting incidents internally
Training for all firm personnel on how to detect and respond to cyber threats
Procedures for handling the discovery, investigation, and containment of threats
Procedures for correcting any security problems
Reporting requirements to respective regulatory authorities
Notifications to affected persons, particularly clients
Review and update your response plan after every incident and note what worked, what didn’t, takeaways, and necessary updates to the plan.
If your firm already has a breach response plan in place, regularly review it. When was the last time it was updated? Perhaps it’s up to date but needs to be tested. Consider implementing simulated breach scenarios to pressure-test your plan, tracking personnel, processes, response times, and other important elements against relevant benchmarks and standards.
The best practices noted in this article are excerpted from Meritas Cybersecurity Standards.
Connect with a global network of over 30,000 business law professionals
