The evolution of Environmental, Social and Governance (ESG) concerns in the market — from an abstract concept bandied about in white papers a decade ago to over $1.6 trillion in 2021 global bond and loan originations^[1] — has demonstrated the increasing viability and mainstream adoption of these specialized financial products. But how exactly are financial products tied to ESG metrics? Do regulators intend to standardize performance measures? Will the EU, with its sustained focus on climate change and related initiatives, offer a blueprint for future domestic regulatory endeavors? Finally, as practitioners consider how to translate these concepts into credible contractual rights, what nuances should they be aware of to perfect collateral securing ESG debt issuances?

ESG Trends in Debt Capital Markets & Heightened Regulatory Oversight

The volume of high-yield bond issuances and sustainability-linked loan originations continue to set records globally. For instance, the volume of these ESG products in 2021 was more than double the total volume of 2020.^[2] Furthermore, such growth has not been limited to certain sectors or jurisdictions. 2021 global ESG bond issuances reached a new threshold of over $948 billion, with sizeable volume from the EMEA region, followed by the Americas and Asia Pacific (excluding Central Asia).^[3] While the tech and financial services industries accounted for a majority of these 2021 issuances and originations, it should be noted that energy and power, and oil and gas companies, also availed themselves of these products to a not-insignificant degree.^[4]

Investor demand appears to be accelerating in tandem with regulatory scrutiny. As ESG products become more sophisticated, they are becoming subject to heightened oversight from the U.S. Securities and Exchange Commission (SEC). In fact, in July 2021, SEC Chairman Gary Gensler stated that the agency planned to propose rules by the end of 2021 to mandate that publicly traded companies disclose the risks they face from climate change. Proposed rules were issued by the SEC on March 21, 2022.

Accordingly, as a practical matter, it would be prudent for borrowers and issuers to verify any climate and other ESG data they are disclosing to the public or utilizing as metrics when accessing ESG credit. Additionally, use of proceeds provisions in ESG credit agreements and offering memorandums should be narrowly tailored to reflect a borrower’s or issuer’s verifiable activities rather than aspirational goals. Finally, another emerging structural trend in ESG financial products is the increasing use of racial equity and diversity and inclusion data when drafting use of proceeds provisions and formulating key performance metrics. As the use of D&I data in ESG products becomes more prevalent, companies should consult with counsel on data collection methods and review disclosure standards in their industry when making representations and warranties in credit documents based on such data.

Given the anticipated regulations, investors are being compelled to move from mere awareness into a more proactive posture. Asset management firms, proxy advisors, and ratings agencies are purchasing and partnering with climate data firms. Market participants are also incorporating climate-related information into assessment platforms. Certain activist investors are committing to vote against boards of directors that don’t address climate change and are requiring companies to disclose and make tangible commitments. Banks are also changing lending policies and reporting on their own climate impacts.

As the U.S. financial markets continue to digest the impact of the churning ESG regulatory environment, it is helpful to look to Europe, with its more established climate action framework, as a possible precursor for how regulations will develop and be implemented domestically.

EU Update

In 2021, the European Union further accelerated its completion of the legislative edifice of sustainable finance. Notably, the European Union adopted the implementing legislation that allows it to put into practice the extraordinarily ambitious EU Taxonomy for sustainable activities adopted in June 2020.^[5] The EU Taxonomy covers the sustainability (or not) of all activities in all sectors of the EU economy by reference to the six EU environmental objectives: 1) climate change mitigation, 2) climate change adaptation, 3) protection of waters and marine resources, 4) the circular economy, 5) pollution prevention and 6) protection of biodiversity and ecosystems.

In order to be sustainable, economic activities must contribute to one or more of these six objectives (or to transitioning towards them) without causing significant harm to one or more of the other objectives. In addition, they must be compliant with social and governance protocols in accordance with strict, detailed criteria, which grants a full ESG dimension to the EU Taxonomy.

While the initial purpose of the EU Taxonomy was to determine the sustainability of investments by reference to the economic activities that they finance, the focus on the activities themselves has elevated the Taxonomy to a sort of overarching guide for the EU sustainability agenda. The more the EU economy will steer itself towards the Taxonomy, the more it will reach the EU environmental objectives, including climate change mitigation.

Hence, the Taxonomy plays a role in public policy (EU investment programs such as the COVID-19-pandemic-responsive Next Generation EU^[6]) and in finance policy; the ongoing EU green bond standard,^[7] for instance, will demand alignment with the EU Taxonomy of the green bonds issued in the EU.

The Taxonomy is science-based (technical screening criteria are developed for each activity) and hence subject to evolution, but it is also a legislative democratic process with opposing views within the EU legislative bodies (Commission, Parliament and Council (Member States)) when it comes to sensitive areas such as nuclear energy and natural gas. In February 2022, the EU addressed the taxonomy treatment of these last two areas of activity, which were still pending for the overall completion of the EU Taxonomy. The outcome, which attracted strong public attention, is that nuclear and gas-related activities are considered as EU Taxonomy-compliant under certain quality conditions.

The EU is also establishing clearer sustainability reporting obligations for all large companies, including financial companies, and all publicly traded companies, with the overall purpose of elevating sustainability reporting to the level of financial reporting. The revised Corporate Sustainability Reporting Directive,^[8] whose adoption is expected in Q2 2022, will establish clear and exhaustive sustainability reporting obligations for nearly 50,000 companies in the EU, compared with the current 11,000 companies subject to the previous, less demanding reporting requirements. The new EU sustainability reporting standards will be a “one-stop-shop,” providing companies with a single solution for the information needs of investors and stakeholders.

Also, the EU bank regulator (EBA) and the EU bank supervisor (ECB) are increasing the demands on banks concerning sustainability. On 24 January 2022, the EBA adopted its binding implementing technical standards (ITS) on ESG reporting covering Pillar 3 disclosures^[9]: how climate change may exacerbate other risks within institutions’ balance sheets, how institutions are mitigating those risks, and their ratios, including the Green Asset Ratio, on exposures financing Taxonomy-aligned activities and those consistent with the Paris Agreement goals. The EBA’s ITS has built on the Financial Stability Board Task Force on Climate-related Financial Disclosures (FSB-TCFD) recommendations, the European Commission’s non-binding guidelines on climate change reporting, and the EU Taxonomy.

The ECB will apply the EBA’s ITS. Since November 2020 the ECB was already applying supervisory expectations relating to risk management and disclosure.^[10] On 27 January 2022, the ECB also launched a supervisory climate risk stress test to assess banks’ preparedness for financial and economic shocks stemming from climate risk. The exercise will be conducted in the first half of 2022 after which the ECB will publish aggregate results.^[11]

Finally, the ECB’s fundamental climate-friendly monetary policy is being established. On 8 July 2021 the ECB adopted its action plan to include climate change considerations in its monetary policy strategy, covering, among others: implications of climate change for monetary policy transmission; disclosures as a requirement for eligibility of assets as collateral and for purchase programs; and climate change risks in the collateral and corporate sector asset purchase frameworks. With milestones in 2022 and 2023, the ECB sustainable monetary policy will be finalized in 2024.^[12]

UCC Issues for ESG Collateral

Finally, as the market adoption of ESG financial products continues to accelerate and regulatory disclosure standards continue to evolve in the U.S. and globally, practitioners need to confirm certain basic information to ensure that a security interest in any ESG collateral is properly created and perfected under the Uniform Commercial Code. The first consideration is whether the proposed collateral, such as carbon credits, can be made the subject of a security interest under UCC Article 9. ESG collateral is often in the nature of a government benefit. There may be statutory or regulatory limits on the ability of the holder of that benefit to transfer it, including creating a security interest in it. Next, counsel needs to determine how to perfect a security interest in the collateral. Again, statutes or regulations may displace the usual approach under the UCC of filing a financing statement. Finally, they need to examine how the security interest is enforced and whether a secured party or a buyer at a foreclosure sale can make use of the ESG collateral.

1. Source: Refinitiv Loan Connector ↑

2. Id. ↑

3. Refinitiv Loan Connector ↑

4. Refinitiv LPC, Refinitiv Loan Connector ↑

5. Available at: https://ec.europa.eu/info/business-economy-euro/banking-and-finance/sustainable-finance/eu-taxonomy-sustainable-activities_en. ↑

6. See: https://ec.europa.eu/info/strategy/recovery-plan-europe_en. ↑

7. See: https://ec.europa.eu/info/business-economy-euro/banking-and-finance/sustainable-finance/european-green-bond-standard_en. ↑

8. Available at: https://ec.europa.eu/info/business-economy-euro/company-reporting-and-auditing/company-reporting/corporate-sustainability-reporting_en. ↑

9. Available at: https://www.eba.europa.eu/eba-publishes-binding-standards-pillar-3-disclosures-esg-risks. ↑

10. Available at: https://www.bankingsupervision.europa.eu/ecb/pub/pdf/ssm.202011finalguideonclimate-relatedandenvironmentalrisks~58213f6564.en.pdf. ↑

11. Available at: https://www.bankingsupervision.europa.eu/press/pr/date/2022/html/ssm.pr220127~bd20df4d3a.en.html. ↑

12. See: https://www.ecb.europa.eu/press/pr/date/2021/html/ecb.pr210708_1~f104919225.en.html. ↑

The views expressed in this article are those of the authors, and they do not necessarily represent the views of their institutions.

In 2014, Dr. Eddie Moore, Jr. developed a revolutionary change to the typical “one and done” or annual one-to-two-hour training on diversity, equity, and inclusion. Dr. Moore’s system, the 21-Day Racial Equity Habit-Building Challenge©, is appealing as it flows from the thought that it takes 21 days to develop lasting habits. For those who like challenges, especially self-challenges, Dr. Moore’s system intrigues. The purpose of the 21-Day Racial Equity Habit-Building Challenge© is to advance deeper understanding of the intersections of race, power, privilege, supremacy, and oppression. Participants in a Challenge complete a syllabus of 21 relatively short “assignments” (typically taking 15–30 minutes) over 21 consecutive days, that includes reading articles, poems, and other written material; watching videos; and listening to podcasts. The Challenge is enhanced when self-reflection is paired with participants sharing their observations and experiences.

In June 2020, the ABA Section of Labor and Employment Law stepped up to inspire meaningful and lasting action, given the global reckoning on racial equity prompted by the murder of George Floyd, and created a syllabus for a Racial Equity Habit-Building Challenge, adopting Dr. Moore’s approach. The Challenge focused on racism toward and the experience of the Black community. It was intended to be responsive to the need for allies to learn about racism in all its forms and develop the tools to be anti-racist without further burdening those who have been subject to such inequities by having them relive or explain the devastating impact of racial injustice. Though the Black community is not monolithic and the Challenge could not possibly highlight all of the diversity of experiences and opinions within a particular race, much less substitute for learning about the experiences of any other race, the syllabus served as an introduction for those seeking to learn more and to attempt to be effective anti-racist allies. The goal was to provide participants with the knowledge and tools to look at their and their organizations and communities’ actions through a racial equity lens and make meaningful change to address the inequities that exist in our organizations and society as a whole.

With a similar goal, and after receiving positive and supportive feedback from those participating in the original Challenge, the ABA Diversity & Inclusion Advisory Council created a 21-Day Challenge Committee to create more Challenges and expand the reach of anti-racist education. The Council decided to create new Challenges to coincide with the commemoration of several heritage months and, with the support of ABA volunteer attorneys and staff, created syllabi in honor of Black History Month, Asian American and Pacific Islander Heritage Month, Hispanic Heritage Month, and Native American Heritage Month, which also highlighted intersectionality. The Council also sought to expand the Equity Habit-Building Challenges beyond race and ethnicity and, working with the ABA Commission on Sexual Orientation and Gender Identity, created a Challenge in honor of LGBT Pride Month as well. It is currently collaborating with the ABA Commission on Disability Rights on a Challenge in honor of Disability Pride Month in July.

Many individuals and organizations have contacted the ABA to express their gratitude to us for creating syllabi for and promoting the Equity Habit-Building Challenges. Indeed, law firms, companies, courts, bar associations, universities, hospitals, and the like have all written to the ABA to let us know that they are participating in the Challenges and how profoundly impacted they have been by the assignments of the Challenge. The response from the legal and other communities has been gratifying to us as members of leadership in the ABA. Dr. Moore has also been thrilled with the increased focus the ABA has brought to his 21-Day Racial Equity Habit-Building Challenge concept and our expansion of the Challenges beyond racial equity.

The ABA serves to advance the interests of justice and to provide examples of practicing law with integrity. Attorneys, in particular, can be forceful and mindful agents for change within our organizations, the broader legal community, and society in general. As employment attorneys who advise clients on diversity, equity, and inclusion and seek to promote DEI in our profession and communities, we recognize that we will all still make mistakes in our interactions, but we strive for greater understanding. Participants in the Challenge have told us that they feel more mindful, and more equipped to be supportive allies and have much needed, though sometimes difficult, conversations in the workplace and our broader communities.

Because the Challenge is intended to be adapted for specific audiences, it is an ideal project to be implemented in organizations of any size. Given we are in the middle of Asian-American and Pacific Islander Heritage Month, we want to encourage you to consider participating in the Challenge focused on the AAPI communities, available at this link: May ABA-Wide 21-Day Racial Equity Habit-Building Challenge © AAPI Heritage Month. The Challenges do not solve the systemic problem of racism and other “isms” in our society. In becoming more educated and mindful, however, we sincerely believe that the Challenge can affect meaningful and long-term change in minds, if not hearts, too.

The 21-Day Racial Equity Habit-Building Challenge© is the registered copyright of America & Moore, LLC, 2014.

Samantha C. Grant is a partner of Sheppard, Mullin, Richter & Hampton LLP in the Labor and Employment Practice Group. She is Chair of the ABA Diversity & Inclusion Advisory Council’s 21-Day Challenge Committee and Immediate Past Chair of the ABA Section of Labor and Employment Law. She also serves as Vice-Chair of the Minority Corporate Counsel Association’s Advisory Board.

Vanessa Kelly is a partner of Clark Hill in the Labor and Employment Practice Group. She is Co-Chair of the Women’s Affinity Group of the ABA Section of Labor and Employment Law and past Chair of the ABA Section of Labor and Employment Law’s Annual Legal Conference.

Artificial intelligence (AI) technologies are reshaping the way the legal industry operates. They are shifting focus from time-consuming and expensive workflows to efficient investigation of data and proactive ways to prevent emerging problems from spreading. More generally, use of AI is making legal services more accessible and providing lawyers with more powerful tools to find evidence and resolve cases in a fair and comprehensive way.

Use of AI Is Improving the Legal Industry in Three Main Ways:

• AI can make the process of analyzing large volumes of data more efficient and effective. AI models analyze combinations of large numbers of features to prioritize documents for analysis and review, extracting patterns from the data that can be hard to spot during a linear document review process. They can detect content too complex for keyword searches, such as emotions and conceptual relatedness. 
• AI can shift focus from document review to investigative data analysis. AI technologies may allow users to find evidence directly, for example through identifying anomalies in communication behavior or analyzing named entities, thus reducing the need for time-consuming and expensive linear review. 
• Pre-trained AI model libraries reduce cost and streamline workflows. They make it possible to transfer knowledge and expertise gained on previous cases to jump-start work on new cases that are related. They can also create innovative solutions tuned to the specific expertise of a particular law firm or legal service provider, including new legal workflows such as proactive investigations. 

AI Isn’t Replacing Lawyers—It’s Giving Them Superpowers

AI is reshaping the way legal professionals gain fast and powerful insights into data to uncover evidence. As lawyers and other legal professionals continue to adopt AI for use in their everyday activities and workflows, they can extend their abilities far beyond what can be achieved today. Leaning on AI to tap into enormous reservoirs of data and find potentially meaningful patterns, users can enhance how they perform every task they take on. By providing opportunities to extract valuable information from the data that can be further combined to uncover facts, events and stories and not merely find documents, AI has the potential to amplify legal minds and empower them with the information they need to make better fact-driven case decisions.

AI can also serve as a great equalizer and component to facilitating the rule of law. If effective deployment of AI can help legal professionals more quickly and cost-efficiently uncover critical information as they develop case strategy, it can help them better comply with obligations for proportionality and fairness and expand access to justice.

But, while AI will continue to play an increasingly important, it will not (and should not) eliminate or change the most fundamental parts of the legal process. AI should supercharge legal minds, but not seek to replace them.

AI in Action

While organizations all over the world have leveraged the power of AI, shedding light on just a couple of examples can make the case for the tremendous advantages it offers to investigations and legal teams.

In one instance, an international government investigation needed to organize a review of 12.5 million documents that included multiple languages on a tight production deadline. By using Reveal-Brainspace’s Continuous Multimodal Learning (CMML), the client was able to significantly reduce the review population from 1.8 million to 280,000 documents, an 85% reduction in review volume. In the end, the savings on this case totaled approximately 19,000 hours of review time and more than $750,000.

In another example, the investigations team at a major tech company used an AI model framework to build and train predictive risk models from previous investigation experiences. Previous case experiences, data models, and intellectual property were packaged into the Reveal “Model Library,” where the technology was deployed globally for repeatable and scalable risk testing. The use of the advanced AI platform increased the team’s audit capacity by an estimated 400%.

AI Adoption Requires Changing the Status Quo

As with each new technology, the biggest barrier preventing AI from improving the legal industry is the power of the status quo. The legal industry broadly, and individual organizations and professionals, are going to change their ways only if they perceive that the likely gain is significant enough to warrant the costs associated with changing.

Despite the massive time and cost savings that properly applied legal AI affords practitioners, many organizations still find that legal practitioners are hesitant to fully embrace the technology. However, as more and more large and reputable firms, legal service providers, and in-house legal teams adopt AI and tout its transformational power, others will have to take notice or find themselves at a massive competitive disadvantage.

Legal AI as a Force Multiplier in the Digital Age

It’s an exciting time to be working at the intersection of AI and the legal profession, as the last eighteen months have served as a tipping point for legal AI adoption. The work-from-home revolution has precipitated the largest legal shift to the cloud, and as a result, opened up an immense number of possibilities for cloud-native AI. The cloud has enabled many organizations to have greater access to legal AI and this shift, combined with the explosion in both variety and volume of data, has created a perfect storm to entice even the most tech-wary to start embracing legal AI.

In my work as a business development coach and trainer, many of my experienced attorney clients have been complaining to me that they are struggling to incorporate business development activities into an already active practice inundated with client demands. Top that with record high numbers of associates quitting (more than one in four in 2021 according to the ABA Journal), and investing in genuine and meaningful relationships with the associates in your firm has never been more important. 

Good associates help you provide your clients with high-quality work, allow you to scale your practice, and can alleviate you from performing mundane tasks, thus providing you with newly found time to be intentional and proactive about the kind of work you want more of. A focus on associate development can be directly related to your future success as a partner. And with both the shift to remote and hybrid work arrangements and the cultural changes in expectations around work among younger generations, there are new challenges and considerations attorneys need to think about while working with junior colleagues.

To create a climate of inclusion that generates loyalty from your associates, expands your book of business, and ultimately improves your firm, consider these steps:

• Meet with associates regularly to connect on non-client/matter related topics. Find out what their goals are. Are they interested in partnership? What kind of work is most interesting to them? What kind of clients are they hoping to work with? A real estate partner we work with blocks out breakfast on the first Friday of every month to meet in person with one of the associates in his department. A partner at a boutique intellectual property firm has a regular reminder in her calendar to schedule a quarterly Zoom “coffee meeting” with each of her associates.
• Whenever possible, provide associates with opportunities on matters that are in line with their individual goals. Do your best to help associates connect the dots between the matter and their career objectives. 
• Include the associate working on your matter(s) in as much of the process as you can: client strategy meetings, calls and emails. Invest extra time providing associates with your insights and a window into your thinking and problem solving.
• Encourage your associate to focus on their professional reputation. Consider collaborating with an associate on a thought leadership piece in line with their ideal career trajectory. An entertainment law partner client recently worked with an associate interested in NFTs on an article about the inclusion of NFTs in talent contracts, ultimately raising the associate’s visibility and credibility in the space along with the partner’s.
• Offer guidance and provide constructive criticism. Help the associates you work with improve and grow as legal practitioners and business developers. Be respectful, truthful, and candid.
• Use the technology available to the firm that your associates are using, whether that is Microsoft Teams, Slack, or something else. You need to meet the associate where they are if you want to foster a successful connection and the most effective working relationship.
• When an associate is working with you on a matter, reach out regularly, checking in to see if they have any questions or if they want to run a thought or strategy by you. Your proactive and supportive approach in helping the associate raise their game as a practitioner will go a long way.
• Acknowledge your colleagues’ value and accomplishments. One of the reasons associates leave firms is because they don’t feel appreciated. Public recognition is a good way to celebrate a success or achievement that has broader business impact. A post on LinkedIn about a positive result highlighting the work of an associate not only ups visibility and extends praise to the individual, but it can also serve as an opportunity to inform the entire firm of the value of the work.
• Be a kind and decent person. Follow the platinum rule: treat people the way they want to be treated, not the way you want to be treated… and most definitely not the way you were mistreated earlier in your career. Offer praise for a job well done. Act with humility, and acknowledge your mistakes or shortcomings.
• Talk about setting work boundaries and then respect them. Perhaps your associate would appreciate the productivity that comes out of a “no meeting Wednesday” rule, or maybe they don’t want to work on Mondays after 5 p.m. so they can make a commitment to themselves or their family. Then make sure you honor that request. This will build trust and show that you care about their well-being.
• Set fair and realistic time expectations. Little is more disheartening than when a partner makes an urgent request, and an associate works all night to get the work product on the partner’s desk first thing in the morning only to watch it sit untouched for three days. Delegate tasks as soon as you can, and do not set false urgent deadlines.
• Do what you can to advocate for your associates. Make introductions, give public praise, vouch for them when opportunities arise, and seek out growth opportunities for those who have proven themselves to be highly capable.

Investing in your relationships with associates is key to the long-term growth of your practice and is essential to the health of your firm. If a relationship with you leads to a genuine bond and real professional growth, the associates at your firm will be excited to work with you. Not only will you and your clients benefit from your improved relationships with your junior colleagues, but it is also likely you will find that helping others to develop and excel is highly gratifying.

On Friday, April 1, 2022, the House of Representatives passed the Marijuana Opportunity, Reinvestment, and Expungement (MORE) Act for the second time in two years, with 220 votes in favor and 204 votes in opposition. The MORE Act is one of at least three pieces of offered legislation that legalizes, or partially legalizes, marijuana at the federal level. After an hour of debate, the House also adopted two amendments aimed at assuaging Republican concerns about impaired driving and workplace safety. All three proposed laws expressly address some financial institutions’ ability to operate in this emerging market.

The MORE Act would not only remove marijuana from Schedule I under the Controlled Substances Act (CSA), but it would usher in a regulatory framework for taxing the sale of cannabis products and using the tax receipts to fund a number of equity and economic programs for those adversely impacted by the War on Drugs. The MORE ACT also will authorize expansive research on cannabis and the impact of the War on Drugs, and it will create a process for expungements of nonviolent federal marijuana convictions across the country.

Related Legislation

The Senate must now decide whether to adopt the MORE Act or one of the other two bills: the Cannabis Administration and Opportunity Act (CAOA), proposed, but not yet filed, by Sen. Chuck Schumer (D-NY), and Rep. Ed Perlmutter’s (D-CO) Secure and Fair Enforcement Banking (SAFE Banking) Act, which was most recently passed by the House in 2021.

The CAOA is expected to have many of the same features as the MORE Act, including (most fundamentally) delisting marijuana from Schedule I under the CSA. It is also expected to:

• transfer jurisdiction over cannabis to the Food and Drug Administration (FDA), the Alcohol and Tobacco Tax and Trade Bureau (TTB) and the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) within the Department of Justice (giving cannabis a status similar to alcohol and tobacco);
• introduce a federal regulatory apparatus;
• direct proceeds of a new federal excise tax to individuals and communities most affected by the War on Drugs;
• provide for expungement of federal nonviolent marijuana convictions; and
• provide for reforms to the treatment of marijuana-related activities or convictions in federal immigration policy.

Unlike the MORE Act or CAOA, the SAFE Banking Act does not remove marijuana from CSA’s Schedule I. While the MORE Act and CAOA focus on comprehensive legislation, the SAFE Act is a more modest and more focused piece of legislation, which aims to protect banking institutions—as well as their insurers—that choose to offer services to a legitimate cannabis-related business operating in accordance with its respective state laws. The bill generally offers protection from penalties of a federal banking regulator against a depository institution for offering services to cannabis-related businesses. Transactions involving activities with a legitimate cannabis-related business would no longer be considered as generating proceeds from unlawful activities, and depository institutions would no longer be liable or subject to any federal law or regulation for providing services to the cannabis industry.

Schedule I Classification

Removing marijuana from the CSA’s list of dangerous “drugs with no currently accepted medical use and a high potential for abuse” would almost certainly lead to an exponential increase of commerce in the cannabis space. It would allow depository institutions to take deposits from cannabis-related businesses, allow payment processors and credit card companies to engage in marijuana-related transactions, encourage the development of more reliable insurance coverage for cannabis-related businesses, and permit financial institutions to more easily loan money—including loans secured by marijuana intellectual property, lines of credit, agricultural loans, and most other commercial lending products available to growers, processors, manufacturers, and retailers of more traditional products—to marijuana-related businesses. Consumers would also benefit from a predictable, safe, and enforceable payment system. That is all to say nothing of the cascading effects such legalization would have on job creation, tax collections, and public health as the black market is (perhaps slowly) replaced with regulated commercial activity.

The Political Horizon

It is not clear whether Sen. Schumer has the votes necessary to carry the CAOA through the Senate; at least one or two Democratic votes against passage (based on the breadth and scope of the legislation, as well as taxation and disposition of funds in “equitable” ways) are likely, and might be enough to offset the handful of Republican Senators who may vote for passage.

While passage of the MORE Act or CAOA in the Senate before the November general election is uncertain, the Senate does appear to have enough votes to pass the SAFE Act, due to strong support throughout the financial services industry and on both sides of the aisle. One potential issue with the SAFE Act—at least for lenders—is that while it expressly permits depository institutions to accept deposits from marijuana-related businesses, it does not necessarily cure some of the problems that limit commercial lending activity. For example, it does not carve marijuana out of the CSA’s list of dangerous drugs. This circumstance means, among other things, that bankruptcy protection will remain unavailable to marijuana-related borrowers. Mastering fifty state law alternatives to a debtor’s bankruptcy might therefore weigh against a lender’s decision to enter into a national market.

That said, the cannabis industry itself, along with the finance industry and powerful corporate interests (such as retailer Amazon) have lined up behind the SAFE Act. The consensus seems that industry does not wish a search for the perfect solution (i.e., full-scale decriminalization and regulation) to get in the way of the good (i.e., allowing a fuller range of financial services for marijuana-related businesses). While passage of the SAFE Act seems increasingly likely as a middle ground between current policy and the aims of the MORE Act and CAOA, Congress may still iron out some of the defective limitations in the SAFE Act through the reconciliation process.

Tax returns and return information generally are protected from disclosure by Section 6103 of the Internal Revenue Code, and unauthorized disclosure can result in penalties. Certain disclosures are permitted, but what happens when a person properly receiving return information “rediscloses” that information?

The IRS recently addressed this question regarding certain redisclosures in Revenue Ruling 2022-7.

Before Section 6103 was enacted in 1976, the confidentiality of tax returns and return information was debated for years. Among the many revelations during the Watergate investigations of President Nixon’s administration was President Nixon’s use of the Internal Revenue Service to go after his political enemies. This use of the IRS as a weapon was considered unacceptable and contributed to Congress’s enactment of Section 6103.

Exceptions to the Rule

Generally, Section 6103 provides that tax returns and return information are confidential and may not be disclosed except as expressly authorized by the Internal Revenue Code. While this general prohibition against disclosure is straightforward, the exceptions in Section 6103 are extensive and complicated, and significantly curtail the broad application of the general rule. Among the exceptions for situations in which it is necessary for tax returns or return information to be disclosed are:

• disclosure with the consent of the taxpayer (Section 6103(c));
• disclosure to a person having a material interest (Section 6103(e), but not under Section 6103(e)(1)(D)(iii) relating to disclosures to certain shareholders); and
• disclosure for investigative purposes (Section 6103(k)(6)).

The Taxpayer First Act (TFA), enacted in 2019, amended Section 6103(a)(3) and (c) to limit redisclosures and uses of return information received pursuant to the taxpayer consent exception. Section 6103(c), as amended by the TFA, explicitly prohibits designees from using return information for any reason other than the express purpose for which the taxpayer granted consent and from redisclosing return information without the taxpayer’s express permission or request. Section 6103(a)(3), as amended by the TFA, imposes disclosure restrictions on all recipients of return information under the taxpayer consent exception (Section 6103(c)). The TFA did not amend the material interest exception (Section 6103(e)) or the investigative disclosure exception (Section 6103(k)(6)), or Section 6103(a) regarding disclosures under those subsections.

What happens when a redisclosure is made?

Given these amendments, what happens when a person who receives return information under one of the Section 6103 exceptions rediscloses the information? Does it make a difference if the person redisclosing is a federal, state, or local government official or employee? Revenue Ruling 2022-7 addresses these questions in seven factual situations.

Redisclosure of employee tax noncompliance is permitted

Three situations (Situations 3, 4, and 5 in the Revenue Ruling) involve employers that have a policy of taking disciplinary action against employees who do not properly fulfill their tax obligations. In each situation, the IRS serves a notice of levy with respect to an employee’s tax liability on the payroll department of the employer. The payroll department then notifies management of the employee’s tax delinquency to enable the employer to take appropriate action consistent with its policy. The only difference in the three situations is the status of the employer: the employer is a law firm in Situation 3, a state agency in Situation 4, and a federal agency in Situation 5.

Rationale: By its terms, Section 6103(a) does not regulate or control the use of returns and return information received under the material interest or investigative disclosure exceptions. Moreover, in situations in which redisclosure is permitted, but subject to limitations, the Revenue Ruling says that “requirements for accountings and safeguards that typically apply” to the material interest or investigative disclosure exemptions do not apply to these exceptions. The Revenue Ruling makes clear that persons are not barred because of their status as government employees from redisclosing returns and return information received pursuant to the material interest exception or the investigative disclosure exception. Thus, there are no statutory or regulatory restrictions on the redisclosures of return information made by the payroll employee who works for the law firm, nor for the payroll employees who work for the state and federal agencies.

Redisclosure by guardian of minor’s estate is permitted

The redisclosure of a daughter’s return information by her father is not prohibited when the father is the guardian of the daughter’s estate. In Revenue Ruling Situation 6, G is the father of five-year-old film star H. H’s mother signs H’s return as the parent of a minor child and dies shortly thereafter. G is the guardian of H’s estate under applicable state law. G receives notice that H’s return is under examination by IRS. G does not have a copy of H’s return because it was filed by H’s mother, so G obtains the return and return information from the IRS. When subsequently asked by a news reporter how much income H reported on the return, G replies “three million dollars.”

Rationale: Although the revenue ruling does not state the basis upon which the father received the daughter’s tax return and return information, presumably it is because the father’s status as the daughter’s guardian makes him, by law, entitled to receive the daughter’s tax return and return information. As a minor, the daughter cannot consent to her father receiving her tax return and return information, so the taxpayer consent exception is inapplicable. Redisclosures are prohibited under the taxpayer consent exception (without the taxpayer’s consent to redisclose), but because this exception does not apply, there are no statutory or regulatory restrictions on the redisclosure of the return information.

Redisclosure is prohibited under taxpayer consent exception

In Situation 1, A requests the assistance of a friend, B, with respect to a federal tax matter. A also requests that the IRS provide A’s returns and return information to B. B subsequently discloses return information obtained as a result of A’s request to a third party. In Situation 2, the facts are the same, except that B happens to be a government employee. The Revenue Ruling concludes that B is prohibited from redisclosing A’s return information in both situations because A did not authorize B to further disclose A’s return information.

Rationale: Section 6103(c), as amended by the TFA, explicitly prohibits designees from using return information for any reason other than the express purpose for which the taxpayer grants consent and from redisclosing return information without the taxpayer’s express permission or request. Section 6103(a)(3), as amended by the TFA, imposes disclosure restrictions on all recipients of return information under 6103(c). Whether B is a government employee or not does not change this.

Comment: When a taxpayer needs help from a tax practitioner (lawyer, certified public accountant, or enrolled agent) to deal with the IRS, the taxpayer often files IRS Form 2848, Power of Attorney and Declaration of Representative, to request that the IRS provide the taxpayer’s return information to the tax practitioner. The tax practitioner is prohibited from redisclosing tax return information obtained this way.

Prohibitions and penalties

Although the amendments to Section 6103(a)(3) and 6103(c) prohibit redisclosures by a person who receives return information with the taxpayer’s consent, there was no corresponding amendment to impose a penalty for making an unauthorized disclosure. Section 7213 of the Internal Revenue Code makes an unauthorized disclosure of a tax return or return information by a federal officer or employee and certain other persons a felony punishable by up to five years in prison and a fine not exceeding $5,000. However, TFA did not amend Section 7213 to impose a penalty on the redisclosure by a person who receives return information with the taxpayer’s consent, resulting in a prohibition without a penalty.

But a person who engages in such authorized redisclosure is not free of risk. Section 7431 gives the taxpayer whose return information was redisclosed without the taxpayer’s consent a civil cause of action against the person who knowingly or negligently redisclosed the return information.

For someone who practices before the IRS, such as a lawyer, certified public accountant, or enrolled agent, an unauthorized disclosure would raise concerns about sanctions by the IRS Office of Professional Responsibility. Whether the Office of Professional Responsibility would have the authority to act in such a case is unclear, but the concern exists.

It should also be noted that willfully printing or publishing return information that is obtained in an unauthorized matter is a felony punishable by up to five years in prison and a fine not exceeding $5,000 under Section 7213(a)(3). ProPublica’s publication of “The Secret IRS Files: Trove of Never-Before-Seen Records Reveal How the Wealthiest Avoid Income Tax” last year raises questions about whether ProPublica violated Section 7213(a)(3). Whether ProPublica acted “willfully,” or if the First Amendment trumps Section 7213(a)(3), are discussions for others, but it is obvious that Congress does not want return information that is obtained in an unauthorized manner printed or published, and doing so comes with a high level of risk.

Wading into the murky waters of the exceptions to nondisclosure under Section 6103 is challenging. Possessing another taxpayer’s tax returns and return information brings with it a duty to prevent an unauthorized disclosure. While disclosing tax returns and return information is permitted in certain situations, it is critical to ensure the requirements for a permitted disclosure are met.

Lawyers wear two types of leadership hats. First, they often exercise leadership skills, including people skills, in law practice when working with clients and colleagues. As noted in the 2017 report “Defining Key Competencies for Business Lawyers,” prepared by a task force of the ABA Business Law Section’s Business Law Education Committee, “the lawyers who become the managing partners and some of the best client rainmakers are those with excellent people skills—usually equaling and sometimes surpassing their technical skills.”

Second, lawyers are often tapped for leadership positions in business and nonprofit organizations. Given the skill set necessary for the practice of law, the increasing number of leaders holding JD degrees in large companies is not surprising. An empirical study of Fortune 50 companies (forthcoming in the Tulane Law Review) concluded that over the past three decades, the number of senior executives holding JD degrees increased by eighty-nine percent!

Using leadership skills in a law firm and other organizations often requires lawyers to play a teaching role. For example, the task force report noted that even in a one-time transaction, “a good business lawyer will be a useful resource in teaching the client about options and alternatives.” More generally, management experts have concluded that the ability to teach is an attribute of successful leadership. The title of a 2018 Harvard Business Review article by Sydney Finkelstein says it all: “The Best Leaders Are Great Teachers.” After studying world-class leaders for over a decade, he concluded, “If you’re not teaching, you’re not really leading.”

What can lawyers learn about teaching from award-winning business school professors? I considered this question when conducting field research for Seven Essentials for Business Success: Lessons from Legendary Professors (Routledge, 2022). The book describes the methods used by seven MBA teaching legends, each representing a different business function (including the legal function, with a section on the role of Apple’s general counsel as a member of the senior leadership team).

In addition to their MBA teaching, these professors are involved in projects that have a positive impact on organizations and society. For example, University of Chicago Professor Steven Kaplan, who teaches “Corporate and Entrepreneurial Finance” at the University of Chicago Law School in addition to his MBA teaching, started a new venture program that has resulted in the formation of more than 370 companies, the creation of thousands of jobs, $1.2 billion in funds raised, and $8.5 billion in mergers and exits.

Through interviews and in-class observations of these high-impact professors, I discovered they use a variety of teaching practices that enable them to move beyond what Harvard strategy professor Jan Rivkin calls “lean back” teaching—the traditional lecture in which students are passive recipients of information. He contrasts this approach with a “lean forward” model where learners are actively engaged in the learning process.

In a law firm or business setting, “lean forward” teaching reshapes a traditional presentation or meeting to an active learning experience. Lawyers who embrace the lean forward model have an opportunity to encourage discussions about new opportunities as well as future challenges faced by their clients and firms.

The legendary professors I studied use a number of practices that lawyers can adopt to encourage clients and colleagues to lean forward. Here are three examples.

Use stories. You can enhance the learning experience through frequent use of stories. The professors emphasize this aspect of the teaching process. The book describes a disciplined approach Northwestern marketing professor Florian Zettelmeyer learned when working for McKinsey. As he emphasized in a commencement address: “Great communication is always built around a story…. I literally mean that everything you communicate has to take the form of a story. Every presentation, every speech, every memo, every pitch you make has to be a story in which your key ideas are embedded.”

Because Stanford accounting professor Charles Lee feels that stories bring concepts to life, he devotes lots of time to finding good illustrations. In his words, “I lovingly collect them.” Professor Richard Shell, who teaches the business law core course at Wharton, adds that “nobody learns anything except on the foundation of what they already know. So your selection of examples, images, stories, and metaphors is crucial.”

The professors often use examples to emphasize the practical value of their teaching. When University of Michigan management professor Gretchen Spreitzer discusses the power of gratitude in the workplace, she introduces a tool called a gratitude journal. To illustrate, she describes a retreat her colleagues conducted for the university’s basketball players at the beginning of a season in which the team reached the national championship game. Following the retreat, coach John Beilein decided to keep a gratitude journal, and she shows her class a film clip of him expressing gratitude to the team and staff.

Balance the big picture with simplification. Your ability to achieve an appropriate balance between the big picture and details is an important aspect of teaching in a law firm or as a leader in a company setting. The seven professors frequently remind students of the big picture—their overarching goal and why it is important.

They complement the big picture with evidence-based details. Their challenge, familiar to lawyers attempting to explain complex legal requirements to clients, is to simplify the details enough to make them digestible. MIT operations professor Georgia Perakis teaches a course titled “Data, Models, and Decisions” that is considered one of the most rigorous courses in the MIT Executive MBA program. Given the complexity of the material, her goal is “to try to see how I can go from the complex model to a simple model. If it’s too simple, I will not capture the real complex problem, so I have to find where to be in the middle.” Stanford’s Professor Lee cited Oliver Wendell Holmes, who referred to this goal as “simplicity that lies on the other side of complexity.” “This is a simplicity,” Lee explained, “that arises from understanding the material so completely that you are able to simplify it for others to learn.”

Be yourself. Being yourself is perhaps the most important lesson from the professors because it provides the authenticity necessary to become a successful leader and teacher. According to profound educator Parker Palmer in his essay “The Heart of a Teacher,” this is the “secret hidden in plain sight: good teaching cannot be reduced to technique; good teaching comes from the identity and integrity of the teacher” (his emphasis). Two of the professors received inspiration from Steve Jobs, who noted that “your time is limited, so don’t waste it living someone else’s life…. Don’t let the noise of others’ opinions drown out your own inner voice. And most importantly, have the courage to follow your heart.”

The ability to be yourself, combined with other practices used by legendary professors, enables you to exercise the teaching skills that are necessary for effective leadership in your law practice and when leading other organizations. In the words of noted Harvard Business School professor Chris Christensen, your teaching experience “allows you to combine the momentary and the infinite” by addressing immediate concerns while also laying a foundation for the future.

Longtime ABA member George Siedel is the Thurnau Professor Emeritus of Business Law and the Williamson Professor Emeritus of Business Administration Emeritus at the University of Michigan’s Ross School of Business. This article is adapted from his book Seven Essentials for Business Success: Lessons from Legendary Professors (Routledge, 2022).

On April 4, 2022, Ontario became the first province in Canada to regulate online gambling, legalizing what was previously a grey market in this space. The following are five critical things to know about this new regime.

Dual Track Process. Any company that wishes to become an approved Operator of an online gaming site in Ontario must meet the separate requirements imposed by both (A) the Alcohol and Gaming Commission of Ontario (“AGCO”), the Regulator of Ontario’s regulated iGaming market, and (B) iGaming Ontario® (“iGO”), which is a subsidiary corporation of AGCO responsible for conducting and managing iGaming when provided through private Operators. Both of these entities have different responsibilities and impose specific requirements on prospective Operators. For example, as a first step, prospective Operators must sign a non-disclosure agreement with iGO to get a copy of the mandatory Operating Agreement and Letter of Agreement, followed by other mandatory operating requirements (i.e., completing anti-money laundering submissions, setting up secure data exchange services, etc.). At the same time, prospective Operators must undertake a parallel process with AGCO (i.e., seeking Independent Testing Laboratory (“ITL”) certification for the company’s online games and critical gaming systems, registering as an Internet Gaming Operator, implementing various control activities/measures in order to comply with the requirements of the Gaming Control Act, 1992 and the Registrar’s Standards for Internet Gaming, ensuring staff training, etc.). IGO’s website advises that Operators should expect a minimum of ninety (90) days to complete the steps required to become registered by the AGCO and execute an Operating Agreement with iGO, but there are no timing guarantees. Ultimately, approved iGaming Operators are listed on the igamingontario.ca website.

Detailed Regulations. The Registrar’s Standards for Internet Gaming (“Standards”) is a forty (40) plus page detailed document that sets out the Standards and Requirements made by the Registrar under the Gaming Control Act, 1992 applicable to regulated internet gaming sites in Ontario. These “Standards and Requirements” are divided into the six identified risk themes, under which theme-specific Standards and Requirements are provided. These risk themes include: (1) Entity Level; (2) Responsible Gambling; (3) Prohibiting Access to Designated Groups and Player Account Management; (4) Ensuring Game Integrity and Player Awareness; (5) Information Security and Protection of Assets; and (6) Minimizing Unlawful Activity Relating to Gaming. Each of the “themes” above contain further sub-subsections and requirements that impose detailed obligations upon Operators that must be translated into specific action items. (For example, “Entity Level” requirements including creating codes of conduct, creating and documenting formal control activities to achieve specific regulatory outcomes, implementing personnel screening processes, ensuring senior-level oversight, and audit requirements, just to name a few.)

Operators are also responsible for the actions of third parties with whom they contract for the provision of any aspect of the Operator’s business related to gaming in Ontario and must require the third party to conduct themselves on behalf of the Operator as if they were bound by the same laws, regulations and standards. There are very detailed requirements regarding responsible gambling, controls on marketing, advertising and promotional activities to avoid targeting high-risk, underage or self-excluded persons (individuals who wish to exclude themselves from gaming sites), ensuring that Operators provide assistance for players who may be experiencing harms from gaming is readily available and systematically provided, for example. No one said that AGCO is making it easy!

It’s not just about the Operators. It is worth noting that many of the detailed rules and regulations described above in the Standards apply not just to Operators but also to “gaming-related suppliers” (as defined under the Ontario Regulation 78/12 made under the Gaming Control Act, 1992). These include persons (entities) who manufacture, provide, install, test, maintain or repair gaming equipment or who provides consulting or similar services directly related to the playing of a lottery scheme or the operation of a gaming site. These entities must be registered with AGCO and, as noted above, must comply with many of the (flagged) requirements set out in the Standards. AGCO notes that various ancillary providers may fall into this category and require registration, including platform providers, suppliers that manufacture, develop, provide and/or run games and game systems, customer electronic wallet providers, odds makers, sports integrity monitoring organizations and independent test labs. Gaming-related suppliers also have very detailed requirements to meet pursuant to ACGO’s Internet Gaming Go-Live Compliance Guide available at https://www.agco.ca/lottery-and-gaming/guides/internet-gaming-go-live-compliance-guide.

There are no Canadian residency requirement or language requirements. Operators are not required to have a business established in Canada, and foreign companies can apply to become licensed Operators. Additionally, Operator websites are not required to be offered in the French language. However, as part of the customer service requirements set out in the Standards, player complaints and disputes must be resolved under Ontario and Canadian law.

Very detailed Information Technology, Security Management and Data Governance/Protection Standards. In order to validate minimum age and other requirements, Operators must collect detailed personal information from players which must be saved upon registration before a player account is created. This personal information includes name, date of birth, address, method of identification for subsequent log on (such as user name), player contact information, and information required by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) and the regulations under it.

Not surprisingly, the Standards also contain detailed Information Technology requirements to ensure core assets (gaming equipment and systems, including hardware, software, applications, and all associated components of gaming equipment and the technology environment) are protected and that customer information and funds are adequately safeguarded. For example, Operators must ensure that access privileges to gaming systems are granted, modified and revoked based on employment status/job requirements and all activities associated with these actions are logged and traceable to specific individuals. Connections/interfaces to gaming systems must be monitored, hardened and assessed to protect against security threats and vulnerabilities and disaster recovery sites must be put in place.

Operators and gaming related suppliers have ongoing obligations to keep current on current security threats and risks to the security, integrity and availability of their gaming technology and related components that they operate or supply. All “Sensitive Data” (defined under the Standards as including, but not limited to, player information and data relevant to determining game outcomes), must be secured and protected from unauthorized access or use at all times and data must be backed up in a manner to ensure that it be completely and accurately restored. Data collection and protection requirements for player personal information must meet the requirements set out in Ontario’s Freedom of Information and Protection of Privacy Act, the provincial public sector statute that applies to AGCO.

The Standards also include detailed architecture and infrastructure, data and information management, and system account management requirements. There is also a separate set of minimum standards for software used in gaming systems (including modified commercial off the self software, proprietary developed software and software specifically developed by iGO or the Ontario Lottery and Gaming Commission) which reflect best practices for software development and ongoing management lifecycles, including testing, patching/upgrades, change management.

In addition to the Standards and as mentioned above, AGCO requires that any games and supporting critical gaming systems must be certified by an ITL that is registered with the AGCO before the systems are made available for play in Ontario. Within the AGCO, the Technology Regulation and iGaming Compliance Branch is responsible for ensuring that Operators and gaming-related suppliers meet specific go-live compliance measures as set out in AGCO’s Internet Gaming Go-Live Compliance Guide (see https://www.agco.ca/lottery-and-gaming/guides/internet-gaming-go-live-compliance-guide).

The Guide sets out in detail other technology requirements that must be met before the Operator can be approved, including the requirements for each operator and gaming-related supplier who runs critical gaming systems to (i) provide a Technology Compliance Confirmation for review by the AGCO; (ii) develop a Control Activity Matrix (“CAM”)and for operators to submit their CAMs for review by the AGCO; (iii) ensure that ITL certifications are in place before going live; and (iv) meet the requirements related to the AGCO Internet Gaming Notification Matrix and AGCO Secure Data Exchange.

While there is no question that many in Ontario welcome the idea of an online gaming market that will operate lawfully in Ontario (and generate new tax revenues for the Province’s coffers), it remains to be seen whether the initial strict and complex compliance requirements for such operators and gaming related suppliers imposed by ACGO and iGO will be sufficient to mitigate certain concerns, including those related to increased access to gaming and problematic gambling, or whether additional changes will be required.

Lisa R. Lifshitz

1. Introduction

According to the 2021 ABA Private Target Mergers Acquisitions Deal Points Study,^{[1], [2]} 99% of the acquisition agreements studied included a “compliance with all laws” (Compliance) representation and warranty (RW). Within those RWs reviewed, 82% included some RW on whether the target received notice of a violation or law, 30% included some RW on whether the target received notice of an investigation of a violation of law, 19% were RWs that covered past and present compliance, and 2% included some type of knowledge qualifier. While the study includes health care deals (the largest portion of the deals, at 15.4%), it also included approximately 14 other industry sectors.^[3]

It isn’t surprising to see such a high level of Compliance RW inclusion in transaction documents. In fact, it would seem odd not to expect a seller or borrower to agree to the most basic of RWs, which often can be as simple as:

Compliance with Law. Seller has, since X, complied, in all material respects, with all provisions of all foreign, federal, state and local laws and regulations relating to Sellers and the Company’s business, including, but not limited to, those relating to Seller’s ownership of real or personal property, the conduct and licensing of the Company’s business, and all environmental matters.

However, there are significant reasons why, despite the generality and wide scope of most Compliance RWs, that such an RW just isn’t enough in a health care transaction.

The U.S. health care industry represents a significant portion of the U.S. economy. It is one of the largest portions of U.S. gross domestic product (GDP). The U.S. Centers for Medicare and Medicaid Services (CMS) reported that in 2020, the overall share of U.S. GDP related to health care spending was 19.7%. That figure is now likely a bit of an outlier because, according to Health Affairs, “[US] health care spending increased 9.7 percent to reach $4.1 trillion in 2020, a much faster rate than the 4.3 percent increase experienced in 2019.”^[4] The significant increase from 2019 to 2020 was the result of federal expenditures for health care that were mostly in response to the COVID-19 pandemic.^[5] However, while that 19.7% share may shrink a bit in the coming years to 18% or so, its still expected to come back to that level by 2030.^[6] All in all, the health care industry is a large portion of the U.S. economy and is steadily growing. Health care transactions continue to grow in number and size each year.

While health care is a large business in the United States, it is also personal; life and limb are literally at stake. In that respect, as the number of practitioners and treatment providers grew and as technology changed how care can be and is provided, government-imposed guard rails (i.e., regulation) grew and became more prevalent. Depending on what data is being used and the source of the data, the U.S. health care industry is the most, the second-most, or at least in the top 10 of the most regulated industries in the country. Often that estimation of how highly regulated the industry is includes the regulation of health care providers and suppliers and manufacturers of supplies, drugs, and medical devices.

While we address broader issues relating to the need for robust industry-specific RWs in health care–related transactions in this article, it’s important to note at the outset the two large issues that make transactions involving health care businesses different from, for example, the sale of a paper mill. First, as we’ve mentioned, health care involves life and limb, and most, if not all, health care businesses carry some level of special risk to the clients, consumers, patients, etc. associated with that business. Second, the significant regulation in the industry and risks relating to non-compliance call for different treatment of the promises and expectations agreed to between buyer and seller or lender and borrower.

2. Material Risks in a Highly Regulated Industry^[7]

A comprehensive discussion of every liability risk that could be present in a health care transaction is well beyond the scope of this article. However, an overview of some of the material risks that exist in health care transactions is important to understanding the need for robust industry-specific RWs. These material risks include government reimbursement, fraud and abuse, licensure, excluded parties, and health care privacy-related issues.

a. Government Reimbursement

To participate in federal health care programs (FHCPs),^[8] health care businesses agree to comply with a significant regulatory framework, mostly in the form of requirements for participation and specific requirements relating to the submission of claims for services or supplies provided.

Material liability risks for health care businesses can arise from a failure to meet one of the applicable regulatory requirements relating to participation in a FHCP or claims submissions. Citations for a failure to meet participation requirements can result in civil fines, which in some cases can be astronomical. A failure to pay civil fines may also result in termination of participation in one or more FHCPs. Non-compliance with claims submission requirements can also be serious. Non-compliance can result in demands for recoupment, allegations of overpayment, and in some cases federal False Claims Act (FCA) liability. Penalty multipliers built into enforcement statutes, such as the FCA, can turn an underlying $100,000 liability into a $20,000,000 obligation.

b. Fraud and Abuse

Fraud and abuse in FHCPs have been a concern since the enactment of major federal and state programs. Major fraud and abuse laws include the federal Anti-Kickback Statute (AKS), 42 U.S.C. §1320a-7b(b); the Physician Self-Referral Prohibition (the Stark Law), 42 U.S.C. §1395nn; and the Criminal and Civil False Claims Acts, 18 U.S.C. §287 and 31 U.S.C. §3729. These laws prohibit certain business practices and provide for penalties relating to fraudulent claims to FHCPs. Depending on the conduct involved, liability can be civil and/or criminal. Like the FCA liability described above, penalties and penalty multipliers built into these statutes can result in significant obligations and termination from one or more FHCPs. Moreover, actual or potential fraud and abuse liability is rarely immaterial to a transaction unless its civil and the target involved is so large that the liability is immaterial to its business operations.

c. Licensure

Practically all health care businesses require some type of license or permit to do what they do. Acquiring and maintaining those licenses and permits requires compliance with certain statutory and regulatory obligations. Material risks exist for an acquirer relating to permits and licenses when a target has either engaged in serious non-compliance or been the subject of multiple instances of immaterial non-compliance that in the aggregate become serious. Either scenario might result in possible suspension or revocation of a license or permit, an outcome that can wipe out a business’s value overnight.

d. Excluded Parties

Excluded parties are basically persons or entities that have been excluded from, directly or indirectly, doing business with the federal government. The U.S. Department of Health and Human Services Office of Inspector General (OIG) has the authority to exclude individuals and entities from participating in FHCPs. Exclusion in its most basic sense means that no payment can be made for any items or services furnished, ordered, or prescribed by an excluded individual or entity. In addition to OIG exclusions, the U.S. General Services Administration maintains a comprehensive list of individuals and entities that have been excluded from participation in federal contracts. A target that employs (or previously employed) an excluded individual or has (or previously had) a contract with an excluded party can have material risks associated with it. In addition to a possible repayment of the dollars connected to the excluded person, there are civil penalties that may also be assessed that can become significant.

e. Health Care Privacy Issues

In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). HIPAA establishes national privacy standards to protect individuals’ medical records and other personal health information (PHI). It also establishes physical and electronic security standards for PHI. Compliance responsibilities are primarily on “Covered Entities”^[9] under the law, but they also extend to a covered entity’s business associates.^[10] Enforcement relating to violations of HIPAA has grown exponentially since it was first enacted. HIPAA violations can result in civil or criminal liability, depending on the nature and extent of the violation. The civil penalties can end up being quite costly; with inflationary adjustments the numbers now range from $120 to $60,226 per violation. Additionally, Covered Entities must provide notification of a privacy breach to affected individuals, the secretary of HHS, and, in some circumstances, the media. The notification costs relating to a significant breach could be in the millions of dollars.

3. “All Laws” vs. Necessary Risk Allocation and Due Diligence in a Highly Regulated Industry

Industry-specific RWs are the norm in the market, especially where the industry is highly regulated. There are sellers and borrowers that might argue that a buyer or lender should be comfortable with a standard Compliance RW qualified by materiality and knowledge. However, as we discuss below, such a standard RW (particularly with qualifications) is simply not enough to adequately allocate risk between buyer and seller or lender and borrower on many issues involving health care businesses, especially the material issues outlined above. There are three major reasons for incorporating detailed industry-specific RWs in transactions documents: (1) attracting the attention of the seller or borrower to material issues; (2) ensuring the proper risk allocation between the parties; and (3) buyer or lender diligence.

a. Attracting the Attention of a Seller or Borrower

RWs are often heavily negotiated aspects of transaction documents. Detailed industry-specific RWs in the health care context are frequently designed to ensure that a seller or borrower is expected to focus on the material issues that are significant to the buyer or lender in consummating a deal in a highly regulated industry. While the review of general RWs may be given a quick glance by a seller or borrower and their counsel, pages of detailed RWs on specific topics relating to health care compliance are unlikely to go unnoticed. Sellers and borrowers often spend significant time reviewing and negotiating the “Health Care Matters” RW and its related subsections. As a result, detailed RWs on health care compliance topics provide some comfort to a buyer or lender that the seller or borrower has considered its past and current compliance and the promises it is making in relation thereto.

Additionally, should pre-closing termination or post-closing indemnification rights be triggered, there is specificity surrounding what the trigger was. The parties don’t get that same type of specificity with a general Compliance RW. The lack of specificity could lead to legal wrangling over whether a particular matter was meant to be covered by the Compliance RW, despite the fact that such an RW is often drafted broadly.

b. Risk allocation

Detailed industry-specific RWs in the health care context, even if redundant with the Compliance RW, provide for issue-by-issue specificity and clarify the importance of which party has accepted risk on certain material compliance issues. The detail provided in a “Health Care Matters” RW will often draw out any issues during negotiations between the parties. For example, there is very little ambiguity as to risk allocation when a seller or borrower makes an RW that “in the last 6 years it has not had, nor is it currently subject to, any adverse criminal or civil settlements or civil monetary penalties.” If a seller or borrower objects to the RW as a whole or to some specific issue covered by it, a buyer or lender may take that as a red flag. The red flag may lead to the negotiation of an issue-specific indemnity, a change in the indemnity and survival of RWs as a whole, or, in the worst case, a termination of the transaction. Additionally, as discussed a bit further below, the red flag can also signal that additional diligence is needed.

c. Due Diligence

Detailed industry-specific RWs serve a very important diligence function in transactions involving highly regulated industries. Often RWs will call out specific conduct, reference compliance with statutory or regulatory requirements, detail licenses held and compliance with licensure requirements, and address a host of other industry issues.

The diligence process for a buyer or lender can go only so far. The detail provided in a “Health Care Matters” RW and its related subsections serves as an additional backstop against matters that may not have been adequately disclosed or addressed in the diligence process. While they certainly need to be transaction-specific, most “Health Care Matters” RWs at least cover the following issues:

• General compliance with health care laws (usually a defined term in the transaction document);
• compliance with government programs and claim-filing obligations;
• specific compliance with major federal and state fraud and abuse prohibitions;
• the absence of any material overpayment or claim-filing repayment obligations;
• the absence of affirmative inappropriate or illegal conduct;
• the absence of adverse criminal or civil settlements or civil monetary penalties;
• the absence of any threatened or current civil or criminal litigation relating to fraud and abuse matters;
• affirmative statement that the seller has all of its required licenses;
• affirmative statement that none of those required licenses have been subject to suspension, revocation, or termination; and
• affirmative statement there is no current action to suspend, revoke, or terminate a required license.

As mentioned, if a seller or borrower objects to the RW as a whole or to some specific issue covered by it, a buyer or lender may take that as a red flag. The red flag may at the very least signal that additional diligence is needed.

4. Conclusion

The health care industry is a significant portion of the economy, and there are ever increasing numbers of transactions and increasingly high dollar amounts involved in those transactions. The federal government is the largest payer for healthcare. Healthcare is personal, because risk to life and limb is involved. As a result, we have an industry that is highly regulated and involves significant risks. General Compliance RWs aren’t enough to address the material risks that are present. Detailed industry-specific RWs serve very strategic and important risk allocation and diligence functions to ensure that buyers and lenders adequately achieve what they expect of the bargain.

1. The study includes publicly available acquisition agreements for transactions for which definitive agreements were executed and/or completed in 2020 and the first quarter of 2021 that involved private targets being acquired by public companies. ↑

2. Note that the 2021 ABA US Public Target Deal Points Study does not include similar information on the existence of “compliance with laws” RWs. ↑

3. Industry sectors in the 2021 ABA Private Target Mergers Acquisitions Deal Points Study included Aerospace & Defense, Auto & Parts, Chemicals & Basic (Natural) Resources, Construction & Materials, Financial Services, Food & Beverage, Health Care, Industrial Goods & Services, Media, Personal & Household, Goods, Oil & Gas, Retail, Technology, Telecom, and Travel & Leisure. ↑

4. Micah Hartman, Anne B. Martin, Benjamin Washington, Aaron Catlin, and The National Health Expenditure Accounts Team, “National Health Care Spending in 2020: Growth Driven by Federal Spending in Response to the COVID-19 Pandemic,” Health Affairs 41:1, 13-25, 2022. ↑

5. Ibid. ↑

6. John A. Poisal, Andrea M. Sisko, Gigi A. Cuckler, Sheila D. Smith, Sean P. Keehan, Jacqueline A. Fiore, Andrew J. Madison, and Kathryn E. Rennie, “National Health Expenditure Projections, 2021–30: Growth to Moderate as COVID-19 Impacts Wane,” Health Affairs 41:4, 474-486, 2022. ↑

7. Portions of Section 2 of this article were adapted from a previous article written by Ari J. Markenson and Cynthia Suarez in the ABA Business Law Section, Business Law Today, published on June 3, 2020. See https://businesslawtoday.org/2020/06/material-regulatory-risks-healthcare-services-acquisitions/ ↑

8. Federal health care programs defined in 42 U.S.C. §1320a–7b(f). ↑

9. See 45 C.F.R. §160.103 ↑

10. Ibid. ↑

Personal data is being used by a broader range of entities for a broader range of purposes every day. Privacy and data security issues are constantly evolving, with developments due to technology, public policy, and breaking news. These issues now impact virtually every company in every industry, both in the United States and around the world. As a consequence of the Internet of Things, smart phones, and the ability to collect data from almost anywhere, more and more companies are gathering and using personal data. Increasingly, privacy and data security law can tell you how your company can in fact use and protect this valuable asset.

These issues affect a broad range of critical topics for all companies, including start-ups and fully established companies, ranging from business partnerships to overall business plan issues, broad compliance challenges, contracting issues, market opportunities and, of course, realistic acquisition opportunities. Lawyers in an increasingly broad variety of fields therefore must understand the key principles surrounding the use and disclosure of personal data when providing virtually all aspects of legal advice to companies, in both regulated and unregulated industries, including compliance, mergers and acquisitions, litigation, and the full range of specific privacy and data security laws and regulations. This means that business lawyers need a basic understanding of privacy and data security law, at least at the level of understanding what issues are relevant for a company and why these issues matter. For some companies, particularly start-ups, if you are not thinking about these issues from the beginning, you may find that your start-up or more established company is missing opportunities and reducing its chances for future success.

A Brief History

Privacy used to be only a constitutional law issue in law and in law schools, with limited implications for businesses and law firms. It dealt primarily with abortion, birth control, search and seizure, and whether you had to disclose your membership in the Communist party (along with some common law torts). Privacy was not really a significant issue for corporate America.

Privacy law started to become an issue for companies involving personal data and consumers/individuals and their relationship to companies in the mid-1990s. From tentative and narrow beginnings, privacy law is now an enormous compliance and regulatory issue across the country and the world, for companies in virtually all industries. It is relevant if you have data about employees, customers, consumers, or anyone else. It is front-page news today on a regular basis, leading to highly publicized concerns about artificial intelligence, big data, discrimination, security breaches, and a broad variety of privacy concerns. It is a top of mind issue for consumer advocates, regulators, and legislators around the country.

Overall US Privacy Approach

The overall approach to privacy in the US consists of a large (and growing) number of laws and regulations, at state, federal, and international levels. These laws have (to date) been (1) specific by industry segment (e.g., health care, banking); (2) specific by practice (e.g., telemarketing); or (3) specific to particular data categories (biometrics, genetic information, facial recognition).

Today, there is no generally applicable US privacy law at the federal level covering all industries and all data (although that may be changing), but there is increasing complexity in the regulatory environment.

We are starting to see state-level laws (such as the California Consumer Privacy Act) that apply across industries. We also are seeing a new set of “specialty” privacy laws that deal with emerging technologies such as facial recognition and location data.

US law at both the state and federal level also includes data security obligations for any company that collects personal information. These requirements generally create compliance obligations for “reasonable and appropriate” security, with varying levels of additional detail depending on the specific law.

Outside the US

There are separate privacy and security rules related to data used in and coming from foreign countries. Where these laws exist (and they exist in a growing number of countries), the rules usually are tougher in other countries beyond the US, meaning that those countries are more protective of individual privacy.

Many of these laws apply to US companies, either because those companies have a presence in these countries of because of the “extra-territorial reach” of those laws (such as the European Union’s General Data Protection Regulation (GDPR)). Moreover, there are increasing pressures related to the transfer of persona data from these countries, particularly the transfer of data from the European Union to the US.

Going Forward

These issues are affecting a broad range of company operations, including core corporate strategy issues. For example, because US privacy law currently is primarily sectoral, determining where your company fits into these sectors is crucial. In the health care space, if your business model is direct to consumer, you typically have modest explicit legal obligations today (although regulators are watching you in any event). If you partner with health insurers or hospitals, in many cases you may become subject to the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules as a service provider to these entities.

Thinking about where your business operates also matters (especially in evaluating if you are subject to laws in other countries or state-specific laws). These principles now matter for overall compliance, product design, customer and vendor relationships, marketing opportunities and, critically, mergers and acquisition activity, as purchasers now are drilling down into data assets, data rights and privacy and security compliance. For the foreseeable future, these issues will become increasingly important and complicated, across virtually all segments of corporate America.