This is the first installment in the Year in Governance Series from the In-House Subcommittee of the ABA Business Law Section’s Corporate Governance Committee. Each month, the series will share key tips on a different corporate governance topic. To get involved in the Corporate Governance Committee, please visit the committee’s webpage.

“As Chair of the Corporate Governance Committee, I would like to extend my sincere appreciation to the authors for this publication.  The Corporate Governance Committee has ongoing opportunities for writing and volunteering with various projects whether it’s an article you want to publish or a CLE that you want to present. Our Committee is dedicated to helping you promote informative resources for corporate governance practitioners.  You may contact me, Kathy Jaffari, at [email protected] to get involved.”

Board meeting minutes establish the record of matters considered and actions taken by the board. They are evidence of compliance with legal and regulatory requirements and of directors’ discharging their fiduciary duties. Minutes are often the first thing a plaintiff’s lawyer wants to see when challenging the company, and they can determine whether the challenge is limited to the company or whether the plaintiff can take action against board members personally. Draft them with this in mind.

1. Pre-draft the minutes.
   Use the board meeting agenda and presentation materials as a guide. Having a good starting point frees up the drafter to listen to the dialogue and capture questions and actions for follow-up. The pre-draft of the minutes should capture essential information such as where and when the meeting takes place, whether it is a regular or a special meeting, attendance, quorum, and what presentations were given and by whom. If an item is presented in response to a prior request from the board, the minutes should reflect that, particularly if the request was documented in prior meeting minutes.
2. Be consistent.
   If you note “unanimous” approval for some resolutions or “extensive” discussion for some topics, but don’t use those descriptors for others, this opens an avenue of inquiry that might otherwise be avoided. The same is true for being detailed in your notes about some topics but high-level for others. Think through whether you record time for each agenda item, ending time for the meeting, and whether and when various people enter and depart the meeting, including in executive session. Practices differ on these matters, but be consistent in your approach.
3. Be objective.
   Minutes should not reflect emotion, color commentary, or value judgments. They should simply and clearly identify topics discussed, actions taken, and follow-up requested. To this end, avoid jargon, make sure code names can be decoded, and keep the tone professional.
4. Be mindful in describing specific board action.
   The board should consider “approving” corporate actions but only “concurring” with significant actions taken by subsidiaries, to best protect corporate separateness. Use words like “agreement” and “support” if a formal approval is not required and you want to evidence alignment. Document a formal resolution if there might be a need for a certified copy of a board resolution later.
5. Avoid attributing questions or comments to particular directors.
   Doing so can provide a roadmap for plaintiffs’ lawyers seeking to drive a wedge between directors. The board acts as a body, and minutes themselves should align with this concept. Exceptions apply where directors must recuse themselves from a vote, and in the rare instance where a director wants their dissent recorded in the minutes.
6. Special situations require special attention.
   Privileged discussions between counsel and the board should be described as privileged. Consider not including privileged substance in the minutes, as minutes are generally not privileged. If a director has a conflict on a matter being discussed, the conflict should be disclosed and documented (further measures like recusal might also be appropriate).
7. Manage drafts.
   Ideally only the final approved minutes are retained, and all drafts are destroyed. This helps ensure there is only one record of the meeting—the right one. For this reason, it is risky to make an audio or video recording of meetings. If minutes are redacted for an intended purpose, ensure the unredacted version is saved appropriately.
8. Be timely in drafting and reviewing minutes.
   Memories fade. It is best to draft the minutes immediately so they can go through the review cycle while participants have a strong recollection of what happened. Draft minutes should be reviewed by the general counsel, the chairman/lead director, and perhaps presenters, then presented to the full board/board committee for approval at the next regular meeting of the board/board committee.
9. Manage access to minutes.
   Although minutes might not be protected by privilege, they should be treated as confidential. They should be accessible on a need-to-know basis by staff. Agree with auditors on terms by which auditors can review minutes, and redact anything protected by privilege. Auditors should not have access to drafts that have not yet been approved by the board.
10. Note only the essential in executive session.
    Generally, minutes are not taken in executive session, so as to encourage directors to speak freely. However, it is important to capture any formal action taken or resolutions passed in executive session, e.g., setting of CEO pay.

The views expressed in this article are solely those of the authors and not their respective employers, firms or clients.

This article aims to highlight the key legal considerations and gating requirements to be assessed by global investors undertaking big-ticket mergers and acquisitions (M&A) deals arising out of the acquisition of a majority shareholding or control of an entity not incorporated in India that has a direct or indirect subsidiary in India (“India Co”), leading to an indirect change of control of such India Co (“Indirect Acquisition”).

Approvals Under Foreign Exchange Regulations

The extant foreign exchange regulations in India provide, inter alia, the permissible entry routes (i.e., approval route, where approval from the government of India (“GOI”) is required, including in certain sensitive sectors such as pharmaceuticals, defense, etc.; and automatic route, where no such prior approval is required); sectoral caps; and other conditionalities that are applicable to investments by nonresidents. If the India Co operates in a sector falling under the approval route or a sector that prescribes any sectoral caps or conditionalities, the respective approval requirement or sectoral caps or conditionalities would be triggered in the case of Indirect Acquisitions as well.

On April 17, 2020, the GOI issued Press Note 3 of 2020 (“PN-3”), which provides that prior GOI approval needs to be obtained in cases where the beneficial owner of any investment in India (direct or indirect) is situated in or is a citizen of any country that shares land borders with India. While PN-3 does not prescribe any thresholds for determination of beneficial ownership, the prevalent market view is that if beneficial ownership of investments, whether direct or indirect, from land-bordering countries is less than 10 percent of the share capital of the acquirer, then no approval would be required under PN-3. The process for seeking approval under PN-3 can typically take up to fourteen weeks, and the approvals can take between nine and twelve months, based on the sector in which the India Co operates.

Obligations Under (Indian) Companies Act, 2013

Reconstitution of Board of Directors

The (Indian) Companies Act, 2013 read with rules framed thereunder, as amended from time to time (“Companies Act”), prescribes the minimum number of directors for a private company (two directors) and a public company (three directors). An Indirect Acquisition typically necessitates a reconstitution of the board of directors, wherein nominees of the acquirer are appointed as directors of the India Co. Furthermore, the Companies Act also prescribes that at least one director on the board of directors must be an Indian resident (someone who must have resided in India for a minimum of 182 days during the past financial year). Lastly, if any director is a citizen of any country that shares land borders with India, prior GOI approval would be required for their appointment. Under the Companies Act, a person has to obtain certain registrations to be eligible for appointment as a director, which can take up to two weeks from the date of submission of requisite documents, among other requirements.

Change in Nominee Shareholders

Under the Companies Act, a private company is required to have a minimum of two shareholders, and a public company is required to have a minimum of seven shareholders. Typically, in the case of an Indirect Acquisition, to meet the minimum shareholders requirement, group entities or individuals from the acquirer group hold at least one share of the India Co as nominee(s) and legal owner(s), with the acquirer holding beneficial ownership over such shares held by the nominee(s). The Companies Act also requires certain filings to be undertaken by the India Co to announce the change in nominee shareholders.

Change in Significant Beneficial Ownership

Under the Companies Act, an individual who holds a beneficial interest is required to make a declaration in connection with such beneficial interest. Individuals with a beneficial interest include those (a) who hold indirectly, or together with any direct holdings, not less than 10 percent of shares or voting rights in an Indian company; (b) who have the right to receive or participate in not less than 10 percent of the distributable dividend or any other distribution in a financial year through indirect holdings alone, or together with any direct holdings; or (c) who have the right to, or actually exercise, significant influence or control in any manner other than through direct holdings alone.

The Companies Act further clarifies that if the holding company of the India Co is a body corporate, the individual holding more than 50 percent of the share capital of the holding company will be the significant beneficial owner (“SBO”). However, if the holding company of India Co is a pooled investment fund (“PIF”) or an entity controlled by a PIF, the SBO could be either the general partner of the PIF or the investment manager of the PIF.

Since an Indirect Acquisition may trigger a change in the significant beneficial ownership of the India Co, the acquirer should take steps to identify such changes and, if applicable, cause the new SBO to make the necessary declarations. The India Co will also be required to maintain and update registers and make filings owing to the change in the SBO.

Obligations Under Charter Documents

All charter documents and material agreements affecting the structure and governance of the India Co should be reviewed to assess if any consent is required for undertaking the Indirect Acquisition or if the Indirect Acquisition triggers the exercise of any specific rights available to shareholders under such documents.

Dematerialization of Securities

Pursuant to a recent amendment to the Companies Act, all private companies (except small companies and government companies) in India (hereinafter “Covered Companies”) are now required to facilitate the dematerialization of their existing securities, and all fresh issuances are to be in dematerialized form. Earlier, this requirement only extended to public companies. This may have implications for Indirect Acquisitions if they involve either a pre-closing restructuring involving transfer of securities of a Covered Company or a change of the nominee shareholder, given that a security holder will be impeded from transferring the securities of a Covered Company that have not been dematerialized. Similarly, the person or entity that will become a security holder in the Covered Company will need to have a demat account in India. These requirements may have an impact on the timing of deal closing of such Indirect Acquisition.

Approval/Notification Under Antitrust Laws

The Competition Act, 2002 (“Competition Act”) sets out the thresholds for approval requirements for global M&A deals. The Competition Act exempts acquisitions, mergers, and amalgamations from the requirement of seeking approval from the Competition Commission of India (“CCI”) where the value of the assets of the target entity in India is less than INR 4.5 billion (approximately USD 53.80 million) or the turnover is less than INR 12.5 billion (approximately USD 149 million) (“De Minimis Exemption”). In the event that the De Minimis Exemption is not available to the parties, approval is required from the CCI based on the prescribed jurisdictional thresholds.

Recently, an additional threshold was introduced based on the global deal value (effective date September 10, 2024). An approval requirement is triggered when the global deal value exceeds INR 20 billion (approximately USD 242 million) and the target enterprise has substantial business operations in India (“Deal Value Threshold”). The parties/groups involved will no longer be able to avail themselves of the De Minimis Exemption if the Deal Value Threshold is breached. Accordingly, the parties will need to assess whether the Indirect Acquisition will exceed any of the thresholds above, triggering an approval/notification requirement from the CCI.

Tax Implications

Under the Indian income tax law (“IT Act”), an Indirect Acquisition may result in taxability of capital gains in the hands of the seller and corresponding liability of the acquirer for withholding taxes (subject to the provisions of any applicable double-taxation avoidance agreements). Indian tax laws deem the shares or interest of a nonresident entity to be capital assets situated in India if the shares of the nonresident target entity derive substantial value from assets located in India. Shares of a nonresident entity are considered to substantially derive their value from assets located in India if the value of such assets (a) exceeds INR 100 million (approximately USD 1.2 million) and (b) represents at least 50 percent of the value of all the assets owned by the acquirer.

If the capital gains are taxable in the hands of the seller, there will be a corresponding liability of the acquirer for deducting tax at source while remitting the sale consideration and for paying the same to the GOI within the prescribed timelines. For deducting tax at source, the acquirer would be required to obtain certain tax registrations. Obtaining such tax registrations can take up to four weeks from the date of application. Furthermore, if the nonresident seller does not have the requisite tax registrations in place, it could result in deduction at a higher rate. It is therefore important for the parties to examine at the outset the tax-related implications emanating from the Indirect Acquisition.

Other Points for Consideration

Sector-Specific Regulatory Approvals

Depending on the sector in which the India Co operates, the Indirect Acquisition may trigger a requirement to seek approval from the relevant regulatory body. For instance, any Indirect Acquisition involving a banking company in India would trigger the requirement to seek approval from the Reserve Bank of India (the central bank of India). It is important, therefore, for the parties to assess this requirement with respect to an Indirect Acquisition.

Treatment of Employee Stock Options

India’s foreign exchange laws allow a nonresident entity to issue employee stock options to employees of its Indian subsidiary if, inter alia, such stock options are offered globally on a uniform basis and the Indian subsidiary undertakes certain regulatory filings in connection with such issuance. Typically, the documents governing an Indirect Acquisition provide for cancellation, rollover, or swap of such global stock options. It is important for the parties to analyze the treatment of such global stock options pursuant to the Indirect Acquisition, as there could be implications under the foreign exchange laws.

Other Due Diligence Items

Other issues that emanate out of due diligence exercises, such as prior consents or notification requirements under material contracts, or lender consents getting triggered by an indirect change of control, will also have to be identified and addressed to ensure a seamless transition after the Indirect Acquisition.

Conclusion

While the issues discussed above are some of the common issues typically encountered in an Indirect Acquisition, the acquirer should undertake exhaustive legal due diligence from an Indian perspective to account for any other issue that may impact the Indirect Acquisition. Early identification of such issues is critical to ensure adherence to overall deal timelines.

Bid me run, and I will strive with things impossible.

—William Shakespeare, Julius Caesar, Act II, Scene 1

The Corporate Transparency Act (“CTA”)^[1] requires almost every small organization to promptly report information (including copies of certain identifying documents) to the Financial Crimes Enforcement Network (“FinCEN”) with respect to itself and its direct and indirect individual principal constituents, and it imposes civil and criminal penalties on the organization and some of its individual constituents for the organization’s willful failure to timely file the required information. While it is the organization charged with filing the reports, compliance with the CTA requires the cooperation of the individuals who are listed on the report. What happens if the organization—as a result of the recalcitrance, unavailability, or disagreement of the individuals from whom the information must be obtained^[2]—is unable to obtain the required information promptly enough to comply with the requirements of the CTA? While FinCEN is aware of the problem, it has nevertheless decided to resolve it by assuming that it does not exist. This very real problem subjects the organization, as well as the constituents responsible for compliance, to penalties for violations over which they may have no control.

An Entirely Complete BOIR

The CTA requires each organization that is a reporting company (“reporting company”)^[3] to file a beneficial ownership information report (“BOIR”)^[4] with FinCEN in accordance with regulations issued by FinCEN. The regulations promulgated by FinCEN (collectively, the “Reporting Rules”)^[5] mandate that the BOIR contain “true, correct, and complete” information and copies of identifying documents^[6] about the reporting company and each individual who is a beneficial owner (“beneficial owner”)^[7] or a company applicant (“company applicant”).^[8] The Reporting Rules require that a reporting company file a BOIR (“initial BOIR”)^[9] shortly after^[10] its creation or registration. Further, if and when any of the previously reported information with respect to the reporting company or its beneficial owners (but not company applicants) changes, the reporting company must file an update (“updated BOIR”).^[11]

Willful failure to comply with these requirements will subject the reporting company and individuals meeting the definition of senior officer^[12] to civil and criminal penalties.^[13] In addition, the CTA permits FinCEN to assess civil and criminal penalties on any individual who is a beneficial owner or company applicant who prevents the reporting company from filing a complete and accurate BOIR.^[14]

As discussed below, FinCEN has assured the public that these rules are not intended to provide a “gotcha” for the tens of millions of reporting companies and their senior officers, beneficial owners, and company applicants subject to these rules, but in its formal guidance, FinCEN has largely described its rules as absolute and intractable—guidance that is especially troubling when considering the penal nature of the CTA.

In a regulatory release dated September 29, 2023,^[15] FinCEN published a document titled “Agency Information Collection Activities; Submission for OMB Review; Comment Request; Beneficial Ownership Information Reports” (“2023 Notice”).^[16] Therein, FinCEN, based upon what it described as a “significant number of commenters” who were “uniformly critical” of any provision that would allow reporting companies to file reports indicating that information about a beneficial owner was “unknown,” declined to adopt “unknown checkboxes” that would allow organizations to file partially completed BOIRs and thereby give FinCEN notice of the organization’s inability to obtain the beneficial ownership information (“BOI”) required to complete the BOIR.^[17]

In the 2023 Notice, FinCEN acknowledged that reporting companies “could face difficulties in obtaining information promptly,” but having consulted with “behavioral scientists at the General Services Administration, technology experts at the Department of the Treasury, and various others throughout the U.S. Government (USG) who have expertise around these issues,” FinCEN stated:

The consultations highlighted potential, though not inevitable, pitfalls in not providing an explanatory mechanism in the BOIR Form when a filer is unable to obtain certain required information. This might inadvertently discourage reporting companies from filing in a timely manner (or filing at all) because they do not have sufficient information. It may also incentivize reporting companies to file meaningless or untruthful information in certain fields to make a deadline. These difficulties also have the potential to significantly increase the volume of inquiries to FinCEN’s Contact Center from reporting companies that seek clarification of the filing requirements when they are unable to obtain BOI.^[18]

In other words, FinCEN acknowledged that some reporting companies will not be able to comply with the system as it currently exists.

Mindful of this, the 2023 Notice proposed a potential alternative option (“drop-down option”) that would allow reporting companies to temporarily supply the BOI that they have available and the reasons why they are temporarily unable to provide BOI with respect to some beneficial owners (this would not be available with respect to the provisions of the BOIR applicable to the reporting company itself or the company applicants), thereby providing current BOI that is available. The drop-down option would not excuse the reporting companies of their reporting obligations, and the BOIR would not be considered complete until the missing BOI has been submitted. The drop-down option is still unimplemented.

Thus, it is clear that, under the current regime, both FinCEN and the supporters of the BOIR form do not wish the BOIR to be filed unless it is entirely complete. This is reflected in the 2023 Notice and the current BOIR reporting form, which precludes indicating that any BOI is unavailable.^[19]

Notwithstanding this position, in response to another common situation in which a BOIR may not be timely filed as a result of circumstances beyond the control of the reporting company—that is, when the reporting company has not received its taxpayer identification number (“TIN”)—FinCEN in its Frequently Asked Questions (“FAQs”)^[20] expressly provides that the BOIR should not be filed until the TIN is obtained but that the reporting company would be advised to document its reasonable efforts to obtain the TIN.^[21]

The Horns of the Dilemma

It is impossible to comply with current BOIR reporting requirements if the reporting company is unable to obtain the necessary BOI from a beneficial owner or company applicant. The horns of this dilemma^[22] are to not file and in so doing breach the filing deadlines or, in the alternative, to file an incomplete report in opposition to the requirement to not only file a complete report but also to certify it to be true and complete.^[23] So, which (if either) of the following is a better alternative?

1. Filing a BOIR that is not entirely true, correct, and complete (perhaps attempting to provide additional notification as to the BOI that is not included)
2. Following the procedure established in FAQ G.3 with respect to TINs discussed above—that is, delaying the filing of the BOIR until the necessary BOI is provided while documenting the reasonable efforts to obtain the same from the beneficial owner at issue^[24]

As to the additional notification, we have heard suggestions about various ways in which reporting companies might use additional communications with FinCEN to address the missing BOI:

1. through use of a pdf filing with an additional explanation attached;
2. through a notice to FinCEN via its email or telephonic helpline^[25] or the chat function;^[26] or
3. by preparing a notice and uploading it at one of the “identifying document image” portals^[27] in lieu of an image of an identifying document.

The efficacy of any of these approaches in communicating with FinCEN is uncertain. On the one hand, the reporting company may profess that it has done all it can and has afforded FinCEN with not only all the available BOI but also (presumably) evidence of its efforts to collect the missing BOI. That assessment must, however, be balanced against FinCEN’s rejection of an option to file an incomplete report to the effect that the filing of a BOIR that is not true, correct, and complete is not acceptable. Perhaps rendering these additional notification options unavailable is that an incomplete filing would contradict the statement required to complete the filing: “I further certify, on behalf of the reporting company, that the BOI contained in this BOIR is true, correct, and complete.”^[28]

This is unfortunate because the alternative discussed in the 2023 Notice—allowing a filing with an opportunity to provide notification of the BOI not supplied—would be similar to the method used by the Internal Revenue Service in permitting notification of inconsistent positions (Form 8082) and would provide FinCEN with notification of the BOI not supplied in a manner that would clearly associate the absence of the BOI with the BOIR to which it applies.

It is worth noting in this context that in many business organizations, particularly those organized before the CTA was adopted, the organization may have no legal right to demand BOI from its beneficial owners and company applicants in general and especially those individuals who are indirect beneficial owners.^[29] As discussed below, the CTA as interpreted in the Reporting Rules imposes criminal and civil penalties on those beneficial owners and company applicants who fail to provide their BOI and documentation, but, in a catch-22 for the twenty-first century, it is FinCEN, not the reporting company, that can assess those penalties—and it is FinCEN that has explicitly denied the reporting companies any way for to communicate those individuals’ failures to it.

The CTA includes both civil and criminal penalties,^[30] and as a penal statute it should be strictly construed and construed with lenity.^[31] In its public pronouncements, FinCEN has indicated that it is mindful of the penalties and will not apply them arbitrarily.^[32] As noted above, while the CTA requires filing by the reporting company and imposes civil and criminal penalties on persons who willfully provide false information or fail to provide information to FinCEN, the Reporting Rules interpret the civil and criminal penalties as applying to beneficial owners and company applicants who fail to provide their BOI and documentation to the reporting company.^[33] Even in the absence of the rule of statutory construction, it is difficult to understand how failing to take an action that, as noted in the 2023 Notice, is impossible to accomplish could be categorized as a willful violation.^[34]

Less-Than-Perfect Choices

Of the two realistic options available to FinCEN discussed above—(i) providing a method, whether in the form of a drop-down option or otherwise, to inform FinCEN of unattainable BOI (as discussed in the 2023 Notice); or (ii) deferring the obligation to file the BOIR until the filer believes it has all of the BOI necessary (as provided for TINs in FAQ G.3), in either case including a requirement that the reporting company diligently pursue obtaining the missing BOI—it would appear that the most useful would be for FinCEN to adopt a program similar to that described in the 2023 Notice, with an orderly regimen for filing and notifying FinCEN of the problem (and potentially identifying recalcitrant owners for FinCEN to contact). Unless and until FinCEN provides a workable alternative that takes account of the real problems faced by real reporting companies, however, probably the better approach is for the reporting company to continue with well-documented efforts to collect the required BOI and to defer filing the BOIR until it is satisfied that the information in the BOIR is “true, correct, and complete,” rather than to file a BOIR known to be less than “true, correct, and complete.”^[35]

Robert Keatinge is of counsel to Holland & Hart LLP in Denver, Colorado. Thomas E. Rutledge is a member of Stoll Keenon Ogden PLLC in Louisville, Kentucky. They are both coauthors of Larry E. Ribstein, Robert R. Keatinge & Thomas E. Rutledge, Ribstein and Keatinge on Limited Liability Companies (Thomson Reuters, updated Nov. 2024), and Robert R. Keatinge, Ann Conaway & Thomas E. Rutledge, Ribstein and Keatinge on Limited Liability Companies (Thomson Reuters, updated Nov. 2024). The opinions expressed in this article are solely those of the authors and not of any other person.

1. See 31 U.S.C. § 5336. For a review of the CTA generally, see Larry E. Ribstein, Robert R. Keatinge & Thomas E. Rutledge, Ribstein and Keatinge on Limited Liability Companies, at ch. 4A (Nov. 2024). ↑

2. It is important to recognize that it is the reporting company, and not the affected individual, that will make the determination that the affected individual is a beneficial owner and, if applicable, a company applicant. See Beneficial Ownership Information Reporting Requirements, 87 Fed. Reg., infra note 5, at 59514 (“The fundamental premise of the CTA is that the reporting company is responsible for identifying and reporting its beneficial owners and applicants.”(citing 31 U.S.C.A. § 5336(b)(1)(A))); id. at 59515 (“Given that the CTA places the responsibility on reporting companies to identify their beneficial owners, . . .”); FinCEN FAQ K.4 (Dec. 12, 2023). This is a two-edged sword. Initially, an individual not advised that they are, as to a particular reporting company, a beneficial owner should have no exposure for not being included in that company’s BOIR. But then a reporting company’s determination that an individual is a beneficial owner is arguably final and conclusive (presuming that it was made in good faith) as to that person, and they are obligated to provide either their identifying information or FinCEN ID. There is no mechanism by which a person may object to FinCEN or another body that “I don’t care what they say—I’m not a beneficial owner.” ↑

3. See 31 U.S.C. § 5336(a). ↑

4. See id. § 5336(b)(1); see also 31 C.F.R. § 1010.380(b) (effective Jan. 1, 2024). ↑

5. See 31 C.F.R. § 1010.380 (effective Jan. 1, 2024). The reporting regulations appear at 31 C.F.R. §§ 1010.380(a)(1) et seq. The “final” beneficial ownership reporting regulations were released in Beneficial Ownership Information Reporting Requirements, 87 Fed. Reg. 59498 (Sept. 30, 2022). The final rules followed from a notice of proposed rulemaking, Beneficial Ownership Information Reporting Requirements, 86 Fed. Reg. 69920 (Dec. 8, 2021), which itself followed from the advance notice of proposed rulemaking set forth in Beneficial Ownership Information Reporting Requirements, 86 Fed. Reg. 17557 (Apr. 5, 2021). Those “final” regulations related to certain due dates amended by Beneficial Ownership Information Reporting Deadline Extension for Reporting Companies Created or Registered in 2024, 88 Fed. Reg. 66730 (Sept. 28, 2023), supplemented as to the use of FinCEN identifiers by the release of Use of FinCEN Identifiers for Reporting Beneficial Ownership Information of Entities, 88 Fed. Reg. 76995 (Nov. 8, 2023), and expanded as to the exemption for public utilities (31 C.F.R. § 1010.380(c)(2)(xvi)) in Update of the Public Utility Exemption Under the Beneficial Ownership Information Reporting Rules, 89 Fed. Reg. 83782 (Oct. 18, 2024) (collectively, “Reporting Rules”). ↑

6. See 31 C.F.R. § 1010.380(b) (“Each [BOIR] shall be filed with FinCEN in the form and manner that FinCEN shall prescribe in the forms and instructions for such report or application, and each person filing such report or application shall certify that the report or application is true, correct, and complete.” (emphasis added)). ↑

7. See 31 U.S.C. § 5336(b)(3); 31 C.F.R. § 1010.380(d). ↑

8. See 31 U.S.C. § 5336(b)(2) (describing this individual simply as “applicant”); 31 C.F.R. § 1010.380(e). ↑

9. See 31 U.S.C. §§ 5336(b)(1)(A), (B), (C); see also 31 C.F.R. § 1010.380(e). ↑

10. See 31 U.S.C. § 5336(b)(1)(A) (providing that each reporting company created after the effective date of FinCEN regulations shall file an initial BOIR). As originally adopted, 31 C.F.R. § 1010.380(a)(1) required entities formed or registered on or after January 1, 2024, to file their initial BOIRs within thirty calendar days of creation or registration; and any entity created or registered before January 1, 2024, to file its initial BOIR no later than January 1, 2025. This rule was amended by RIN 1506-AB62, Beneficial Ownership Information Reporting Deadline Extension for Reporting Companies Created or Registered in 2024, 88 Fed. Reg. at 66732, to extend the BOIR filing deadline from thirty days to ninety days for entities created or registered on or after January 1, 2024, and before January 1, 2025. Effective for organizations created or registered on or after January 1, 2025, the initial BOIR is due within thirty days of formation. ↑

11. See 31 U.S.C. § 5336(b)(1)(D); 31 C.F.R. § 1010.380(a)(2). If, post-filing, it is determined that any submitted information was inaccurate, a corrected report may be filed. If the information concerning the company applicant changes, no updated BOIR need be filed. See 31 C.F.R. § 1010.380(a)(2). ↑

12. See 31 C.F.R. § 1010.380(f)(8). This term does not appear in the CTA. ↑

13. See 31 U.S.C. § 5336(h)(1); 31 C.F.R. § 1010.380(g) (discussed below). ↑

14. 31 U.S.C. § 5336(h)(1); 31 C.F.R. § 1010.380(g). ↑

15. This release postdated the release of the Reporting Rules by just more than a year and predated the initial effective date of the Reporting Rules by just more than three months. ↑

16. See Agency Information Collection Activities; Submission for OMB Review; Comment Request; Beneficial Ownership Information Reports, 88 Fed. Reg. 67443 (Sept. 29, 2023). ↑

17. See id. at 67444:

    Consistent with the requirements of the PRA, FinCEN carefully considered the comments received in response to the 60-day notice that proposed the BOIR Form for public comment. Notably, commenters were uniformly critical of the checkboxes that would allow a reporting company to indicate if certain information about a beneficial owner or company applicant is “unknown,” or if the reporting company is unable to identify information about a beneficial owner or company applicant. Commenters referred to these checkboxes as the “unknown checkboxes.” A significant number of these comments expressed concern that the checkboxes would incorrectly suggest to filers that it is optional to report required information, and that reporting companies need not conduct a diligent inquiry to comply with their reporting obligations. These commenters requested that FinCEN remove all such checkboxes.

    In response to the comments, FinCEN is pursuing a revised approach to the BOIR Form that will not contain unknown checkboxes. This approach will consist of a first implementation [that] will be used starting January 1, 2024, and a potential alternative implementation, which may be adopted [at] a later date following feedback from filers, law enforcement agencies, and other key stakeholders. In the first implementation, it will require every field to be completed (i.e., have responses entered in text boxes), and the BOIR Form can only be submitted once each required field has been filled out. Any field left blank, whether intentionally or accidentally, will prevent the filer from submitting their BOIR Form. It is our hope that filers will find the filing process to be seamless, users of the database will determine that the information collected is accurate, and all stakeholders, including law enforcement, will find this implementation to be sufficiently straightforward, transparent, and efficient. Throughout the months after this approach is implemented, FinCEN will seek continual feedback from filers and database users.

    See also Letter from the Independent Community Bankers of America to FinCEN (Oct. 30, 2023) (approving FinCEN’s removal of all “unknown checkboxes” from its BOIR form and stating, “ICBA appreciates FinCEN’s careful consideration to remove all 29 ‘unknown’ checkboxes. In its new approach, FinCEN will require every field to be completed (i.e., have responses entered in text boxes), and the BOIR form can only be submitted once each required field has been filled out. Any field left blank, whether intentionally or accidentally, will prevent the filer from submitting their BOIR form. ICBA fully supports this new approach and believes the spirit of the CTA would be fulfilled under this process.”); ICBA: Additional Beneficial Ownership Reporting Changes Needed, Indep. Cmty. Bankers of Am. (last visited Dec. 11, 2024). ↑

18. 88 Fed. Reg. 67443. “BOI” refers to the personal identifying information that a reporting company must include in its BOIR to identify each company applicant or beneficial owner. See also 31 C.F.R. § 1010.380(b)(1)(ii). ↑

19. See Fin. Crimes Enf’t Network, Beneficial Ownership Information Report: Filing Instructions (Jan. 2024) (stating, at page 3, that the information on the BOIR must be “true, correct, and complete”; at page 6, that “BOIRs must be complete before they can be filed with FinCEN. FinCEN will not accept a BOIR if any items marked with a red asterisk (*) are blank”; and, at page 9, that the terms none, not applicable, and unknown may not be used on the BOIR form). ↑

20. Beneficial Ownership Information: Frequently Asked Questions, Fin. Crimes Enf’t Network (last visited Dec. 11, 2024). ↑

21. See FinCEN FAQ G.3 (July 24, 2024):

    A reporting company must report its tax identification number when reporting beneficial ownership information to FinCEN and, indeed, will be unable to submit its BOI report without including a tax identification number. In such circumstances, in addition to making all reasonable efforts to file its BOI report in a timely manner (including requesting all necessary information as early as practicable), the reporting company should file its report as soon as it receives its EIN. As a best practice, the reporting company may consider retaining documentation associated with its efforts to comply with the BOI reporting requirements in a timely manner. ↑

22. See Be on the Horns of a Dilemma, Cambridge Dictionary (last visited Dec. 12, 2024) (“to be unable to decide which of two things to do because either could have bad results”). ↑

23. See 31 C.F.R. § 1010.380(b) (effective Jan. 1, 2024). ↑

24. What would be those reasonable efforts is a topic beyond the scope of this discussion, and will necessarily depend upon the nature of the beneficial owner. The communications to a corporation or an LLC that is an owner of the reporting company will be different from the communications to a distant relative who by inheritance is an owner. ↑

25. Need Help? Contact Us, Fin. Crimes Enf’t Network (last visited Dec. 12, 2024). ↑

26. BOI: Beneficial Ownership Information, Fin. Crimes Enf’t Network (last visited Dec. 12, 2024). ↑

27. Fin. Crimes Enf’t Network, OMB No. 1506-0076, Beneficial Ownership Information Report (May 29, 2024), Questions 33 and 51. ↑

28. Although an individual may submit the certification on behalf of a reporting company as its agent, that may be little comfort in a future FinCEN enforcement action. See also Beneficial Ownership Information Reporting Requirements, 87 Fed. Reg. 59498, 59514 (Sept. 30, 2022):

    While an individual may file a report on behalf of a reporting company, the reporting company is ultimately responsible for the filing. The same is true of the certification. The reporting company will be required to make the certification, and any individual who files the report as an agent of the reporting company will certify on the reporting company’s behalf. ↑

29. It bears noting that neither the CTA nor the Reporting Rules provide for a cause of action by the reporting company against a beneficial owner or company applicant who refuses to provide BOI or who otherwise interferes with the efforts of a reporting company to comply with the law. ↑

30. See 31 U.S.C. § 5336(h)(1) (making it unlawful to “(A) willfully provide, or attempt to provide, false or fraudulent beneficial ownership information, including a false or fraudulent identifying photograph or document, to FinCEN in accordance with subsection (b); or (B) willfully fail to report complete or updated beneficial ownership information to FinCEN in accordance with subsection (b)”); id. § 5336(3)(A) (imposing civil and criminal penalties of $500 per day plus fines of not more than $10,000 and imprisonment of not more than two years or both for violating the reporting requirements); see also 31 U.S.C. § 5336(h)(6) (“In this subsection, the term ‘willfully’ means the voluntary, intentional violation of a known legal duty.”) The $500 per diem is adjusted for inflation. See Federal Civil Monetary Penalties Inflation Adjustment Act of 1990, Pub. L. No. 101-410 (as revised by section 701 of the Bipartisan Budget Act of 2015, Pub. L. No. 114-74 (Nov. 2, 2015)). As of this writing, the per diem rate has increased to $591. See also FinCEN FAQ K.2 (Apr. 18, 2024). ↑

31. See Ladner v. United States, 358 U.S. 169, 79 S. Ct. 209, 3 L. Ed. 2d 199 (1958). ↑

32. See, e.g., Andrea Gacki, Dir., Prepared Remarks of FinCEN Director Andrea Gacki During Beneficial Ownership Information Reporting Event in Media, Pennsylvania (Sept. 16, 2024) (“But let me be clear. Small business owners doing their best to comply with the law should not lose sleep over these new reporting requirements. The CTA penalizes willful violations of the law, and this is where we plan to focus our enforcement actions. It’s not a ‘gotcha’ exercise, and we’re not looking to needlessly burden America’s thriving small business community.”). ↑

33. 31 C.F.R. § 1010.380(g) (effective Jan. 1, 2024):

    Reporting violations. It shall be unlawful for any person to willfully provide, or attempt to provide, false or fraudulent beneficial ownership information, including a false or fraudulent identifying photograph or document, to FinCEN in accordance with this section, or to willfully fail to report complete or updated beneficial ownership information to FinCEN in accordance with this section. For purposes of this paragraph (g):

    1. 1. 1. The term “person” includes any individual, reporting company, or other entity.
          2. The term “beneficial ownership information” includes any information provided to FinCEN under this section.
          3. A person provides or attempts to provide beneficial ownership information to FinCEN if such person does so directly or indirectly, including by providing such information to another person for purposes of a report or application under this section.
          4. A person fails to report complete or updated beneficial ownership information to FinCEN if, with respect to an entity:
             1. such entity is required, pursuant to title 31, United States Code, section 5336, or its implementing regulations, to report information to FinCEN;
             2. the reporting company fails to report such information to FinCEN; and
             3. such person either causes the failure, or is a senior officer of the entity at the time of the failure. ↑

34. See supra note 30. ↑

35. On December 3, 2024, in a case styled Texas Top Cop Shop, Inc. v. Garland, a nationwide preliminary injunction was issued against the enforcement of both the CTA and the Reporting Rules. No. 4:24-cv-478, 2024 WL 4953814, 2024 U.S. Dist. LEXIS 218924 (E.D. Tex. Dec. 3, 2024, amended Dec. 5, 2024). That decision is currently on appeal to the U.S. Court of Appeals for the Fifth Circuit as Case No. 24-40792. Whether the preliminary injunction will be affirmed, restricted in its scope, or reversed is as of this date unknown. ↑

“Dear Alex,” a column created by the ABA Business Law Section’s Diversity, Equity, and Inclusion (DE&I) Committee, is the reader’s chance to ask all about DE&I anonymously. Think of it like the old “Dear Abby” columns, but for DE&I. In each column, the Dear Alex team answers a question related to DE&I. These questions can be interpersonal or even professional, like how to convince senior partners at your firm that investing in DE&I can be a competitive advantage. If you’ve ever had a DE&I question that you have been afraid or otherwise unable to ask, now is your chance to ask “Alex.” Questions can be submitted at the form linked here.

Dear Alex,

One of the lawyers I work with accidentally mentioned that another colleague has started their gender transition even though they had requested that be kept confidential. I want to ensure our colleague feels supported at work, especially since our firm is not very accepting. Should I approach them?

Sincerely,

Confidentiality Conundrum

Dear Confidentiality Conundrum,

This is a delicate situation. First, I commend you for wanting to be a supportive ally—simply asking this question indicates you’re already on the right path. Here’s the key point: if your colleague has requested confidentiality, the first rule of Ally Club would be not to discuss this without their permission. Respecting their privacy is essential.

Instead of directly approaching them, focus on creating a more inclusive work environment. Show your support in subtle but meaningful ways. For instance, use inclusive language in emails or meetings, advocate for policies promoting diversity, or participate in events celebrating LGBTQ+ identity and rights. These actions will signal to your colleague (and others) that you are a safe person to talk to if they wish to confide in you, and they’ll contribute to shifting the environment in your office for the better.

If the opportunity arises naturally, such as when your colleague chooses to mention their transition within the firm more broadly, then be there to listen and offer support. Just remember not to create unnecessary drama in the office by saying you already know about them being trans. In the meantime, make your less accepting workplace more open, one step at a time.

* * *

Dear Alex,

I want to understand more about microaggressions so I don’t unintentionally make anyone uncomfortable. What are some examples, and how can I avoid them?

Sincerely,

Looking to Learn

Dear Looking,

Microaggressions are sneaky little gremlins of everyday interactions—those subtle comments or actions that might seem harmless on the surface but can pack a punch to someone else’s identity or experiences. Think of it like accidentally stepping on someone’s toes. Sure, you didn’t mean to, but it still hurts!

Here are some examples: Saying “Wow, you’re so articulate” to someone from a marginalized group can imply surprise at their competence (which is not great). Asking “Where are you really from?” might seem like innocent curiosity, but it can feel invalidating to the person being asked, as it may come across as making assumptions about their background and treating them as an outsider. Microaggressions can also be nonverbal or involve things you don’t say, such as clutching your bag when someone walks by or ignoring someone’s ideas in a meeting but celebrating the same idea when someone else presents it.

To avoid microaggressions, start by listening and reflecting. Challenge your assumptions and biases (everyone has them; the key is managing them). A suggestion would be to refrain from complimenting or questioning someone if you are unsure how it might be received.

If you catch yourself committing microaggressions, be mindful of people’s feelings: If they say they are hurt, do not question them or try to explain what you “actually meant.” Just apologize and learn from the experience. If you witness others making microaggressive comments, use your voice to educate them or gently redirect the conversation. The secret is to be mindful, open to feedback, and willing to grow.

Dear Alex contributors from the BLS Diversity, Equity, and Inclusion Committee rotate and include David Burick, Daniel Roman, and Michael Sabella, among others.

The increasingly unstable political situation in Venezuela, exacerbated by the exile of opposition candidate Edmundo González following disputed presidential election results, compels U.S. financial services companies, including insurers, to more closely monitor evolving legislation impacting cross-border operations and in-country activities in Venezuela. In this context, U.S. anti-corruption and sanctions laws, coupled with Venezuelan law regulating the sale of insurance in the context of cross-border/international life and health insurance, become particularly relevant.

U.S. Sanctions and Anti-Corruption Laws

U.S. economic sanctions laws impact doing business in Venezuela and complicate foreign transactions and investments there, including with respect to sale of insurance. The U.S. legal framework for sanctions is designed to further specific foreign policy or national security goals. The U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) administers and enforces sanctions programs and maintains a list of sanctioned countries, individuals, and entities. Sanctions can be imposed to prohibit U.S. persons from engaging in transactions involving a specific country, as would be the case with North Korea, for example. Targeted sanctions also serve to block the property of sanctioned individuals within a certain country, as is the case with individual Russian oligarchs, and to freeze the assets of sanctioned individuals. Additionally, OFAC maintains a Specially Designated Nationals List (“SDN List”) of individuals and companies of targeted countries whose assets are blocked and/or frozen in the U.S.

Almost twenty years ago, the U.S. began imposing sanctions on Venezuelan individuals and entities that engaged in criminal, antidemocratic, or corrupt actions. Beginning in 2013, imposition of sanctions was expanded in response to President Nicolás Maduro’s rise to power and his increasing human rights violations. Persons under U.S. jurisdiction—both U.S. citizens and U.S.-incorporated businesses—are subject to this sanctions regime. In addition, non-U.S. persons who engage in transactions involving U.S. dollars are subject to the same sanctions.

In response to developments in Venezuela in the past several years, including this year’s election, sanctions were imposed on certain Venezuelan individuals—including government officials—and entities (i.e., where a sanctioned party has 50 percent or greater ownership interest in the Venezuelan company.)^[1] For example, OFAC designated the Venezuelan government-run oil company Petróleos de Venezuela, S.A. (“PdVSA”) as a sanctioned entity on its SDN List, and entities in which PdVSA owns 50 percent or greater interest may also be sanctioned by OFAC.

Most recently, in November 2024, the U.S. government officially recognized Venezuela’s opposition leader, Edmundo González, as the country’s legitimate president-elect after the July 2024 elections in which President Nicolás Maduro declared victory, further magnifying political uncertainty.^[2] In light of these developments, OFAC designated additional Venezuelan officials as SDNs.^[3] Consequently, any transaction, including the sale of life insurance, or any attempt to do business with Venezuelan nationals or entities needs to be thoroughly vetted to ensure compliance with U.S. sanctions laws. As noted below, the attempted sale of a life insurance policy to a Venezuelan national who is listed on an SDN list at the time of sale, or who subsequently becomes listed, could contravene these sanctions laws.

In addition to sanctions laws, U.S. companies transacting insurance business in Venezuela need to consider the implications of the Foreign Corrupt Practices Act (“FCPA”).^[4] The FCPA prohibits U.S. persons or businesses from offering, paying, or promising to pay money or anything of value to any foreign official for the purpose of obtaining or retaining business. This prohibition could be applicable to the payment of money to a Venezuelan official to secure a contract to sell insurance. Enforcement of the FCPA by the U.S. Department of Justice (“DOJ”) in recent years has resulted in prosecution of numerous Venezuelan nationals for engaging in schemes that involved bribing foreign officials and defrauding foreign financial institutions. The U.S. Securities and Exchange Commission (“SEC”) is tasked with the civil enforcement of the FCPA with respect to public companies and their officers, directors, employees, agents, or stockholders acting on behalf of the companies. A public company’s violation of the FCPA can be detected by the SEC when the company shields its accounting records or financial information, or otherwise maintains inaccurate bookkeeping, potentially concealing bribes—in which case, the SEC may bring a civil enforcement action against the company.

Besides complying with the FCPA in the foreign bribery context, U.S. individuals and businesses seeking to engage in business in Venezuela or with Venezuelan nationals also need to comply with a recently adopted U.S. anti-corruption law, the Foreign Extortion Prevention Act (“FEPA”),^[5] which is enforced by the DOJ. FEPA focuses on foreign government officials who demand or accept bribes from any U.S. persons or companies. Although FEPA may prove more challenging for the DOJ to enforce, an investigation under the FCPA of a foreign official might also yield evidence of FEPA violations.

In connection with transacting insurance business with Venezuelan nationals, U.S. companies need to take both the FCPA and FEPA into consideration, recognizing that these laws could be implicated in cross-border life insurance activities to the extent that the activity involves a Venezuelan state-run business seeking to insure its employees or affiliates. For example, a U.S. life insurance company potentially triggers application of the FCPA if it seeks to obtain or retain insurance business with a Venezuelan state-run company. Therefore, in a cross-border life insurance transaction where foreign officials may be involved, it is critical to conduct due diligence to accommodate FCPA and FEPA compliance.

Venezuela’s Amended Insurance Law

In addition to the foregoing regulatory compliance considerations, U.S. life and health insurers need to accommodate Venezuela’s recently amended insurance law regulating the sale of insurance. The new law, entitled Reform Law of the Decree with Rank, Value and Force of Law of the Insurance Activity, or Ley de Reforma del Decreto con Rango, Valor y Fuerza de Ley de la Actividad Aseguradora^[6] (herein referred to as the “New Insurance Law”) took effect on March 29, 2024. As was the case with the previous law, the New Insurance Law provides that the Superintendent of Insurance Activity (Superintendencia de la Actividad Aseguradora, or “SUDEASEG”) must preapprove and authorize entities that seek to carry out insurance activity in Venezuela, including insurance and reinsurance companies, intermediaries, and representative offices or branches of foreign reinsurance companies. Thus, insurers are required to be authorized to engage in insurance business in Venezuela.

As related to life and health insurance contracts in particular, Article 17 of the New Insurance Law (excerpted below with a courtesy translation), similar to the Venezuela insurance law it amended, could be interpreted as regulating the purchase by Venezuelan residents of life and health insurance in transactions undertaken and entered into outside Venezuela:

No serán válidos los contratos de seguros o de medicina prepagada celebrados con empresas extranjeras cuando el riesgo esté ubicado en el territorio nacional, ni las operaciones de reaseguro realizadas con empresas del exterior no inscritas en el registro correspondiente, salvo las previstas en los acuerdos internacionales válidamente suscritos y ratificados por la República.

El Ministro o Ministra con competencia en materia de finanzas, previa opinión de la Superintendencia de la Actividad Aseguradora, por razones de oportunidad y de interés del Estado, fijará los casos y las condiciones en los cuales se podrá autorizar el aseguramiento en el exterior de riesgos ubicados en el territorio nacional, que no sea posible asegurar con empresas establecidas en el país, siempre que esa imposibilidad haya sido demostrada fehacientemente.

Insurance contracts or prepaid medical plans entered into with foreign entities shall not be valid in cases where the risk is located within the national territory, nor shall reinsurance activity with foreign companies that are not authorized in Venezuela be valid, with the exception of contracts sanctioned by international agreements signed and ratified by Venezuela.

SUDEASEG will be responsible for determining the cases and conditions under which it will authorize the foreign insurance of risks in the national territory for which there is no similar insurance available in Venezuela, as long as it is sufficiently proven that there is no national alternative available.

New Insurance Law, Article 17 (courtesy translation)

Because Article 17 of the New Insurance Law treats as “invalid” insurance contracts entered into with foreign insurers (i.e., not authorized in Venezuela) when the risk (i.e., person insured) is located in Venezuela, the offer and sale of life insurance to persons resident in Venezuela by U.S. companies needs to be analyzed on a case-by-case basis.

This conclusion is arguably reinforced under Article 17 of the New Insurance Law, given that foreign insurers not authorized to transact insurance business in Venezuela can nonetheless obtain permission from SUDEASEG to sell insurance in Venezuela if the type of insurance to be sold is not available from authorized insurers in Venezuela.

Conclusion

The political and business landscape in Venezuela is ever changing. Companies must be mindful of the applicable regulatory environment when engaging in the cross-border sale of insurance with Venezuelan residents. This is especially true at present given the New Insurance Law’s effect on the sale of life and health insurance on a cross-border basis, and also given the current impact of U.S. sanctions and anti-corruption laws on transaction of insurance business in Venezuela.

1. 31 C.F.R. § 591.406 (2024). ↑

2. Regina Garcia & Jorge Rueda, US Recognizes Venezuela’s Opposition Candidate as President-Elect Months After the Disputed Election, Associated Press (Nov. 19, 2024). ↑

3. Notice of OFAC Sanctions Actions, 89 Fed. Reg. 76915 (Sep. 19, 2024). ↑

4. 15 U.S.C. §§ 78dd-1, et seq. ↑

5. 18 U.S.C. § 201. ↑

6. Ley de Reforma del Decreto con Rango, Valor y Fuerza de Ley de la Actividad Aseguradora [Reform Law of the Decree with Rank, Value and Force of Law of the Insurance Activity], Gaceta Oficial No. 6,770, Nov. 29, 2023 (Venez.). ↑

To the uninitiated, the combination of patent and US Food and Drug Administration (FDA) law applicable to life sciences deals may seem needlessly technical and perhaps a subject best glazed over. What could go wrong? A lot. Consider the saga of the heart drug Angiomax. After the product was approved, the owner sought to extend the term of its patent by four years. Two months later, its lawyer prepared and filed the papers—seemingly within the statutory deadline of sixty days from drug approval. A year later, the US Patent and Trademark Office (USPTO) denied the four-year extension on the grounds that the filing was just one day late according to its rules for calculating time. The owner of Angiomax now stood to lose rights worth hundreds of millions of dollars based on a seemingly trivial one-day miscalculation.

Would a corporate lawyer conducting due diligence on a deal concerning a drug like Angiomax have flagged this issue? Would they know that the highly technical patent and FDA rules can require counting calendar days in a certain manner, and that not following these rules could lead to a very costly mistake? That is probably unlikely.

Corporate transactional lawyers and other life sciences dealmakers know how to get a deal done. They know corporate law and understand the importance of conducting diligence investigations to identify and manage business risks.

Yet corporate lawyers for life sciences transactions might benefit from consulting with an IP specialist when it comes to intellectual property (IP) diligence. IP diligence will identify and manage IP risks before the deal closes, especially patent and FDA risks that directly implicate the period of market exclusivity the product may enjoy and hence the value of the deal.

Patent lawyers can contribute a better understanding of important, but opaque, patent and IP concepts and thus improve the deal. Here are some of the most important IP concepts that may not be fully appreciated by corporate practitioners.

1. Groundbreaking Compound Patents Are Not the Key to Extending Market Exclusivity

If you develop a new therapy to cure cancer, you might win a Nobel Prize and earn a patent, too. But surprisingly, that patent may not be valuable to protect your product in the marketplace.

Developing a drug or biologic and obtaining regulatory approval is expensive and takes a long time—often ten years or longer. A drug developer will almost always patent its new therapeutic molecule during the preclinical stage, prior to starting clinical trials to obtain FDA approval. By the time the product is approved, the patent claiming the therapeutic molecule may only have a few useful years left before it expires—hardly enough exclusivity to justify the massive costs of drug development.

To protect future markets, developers invest in later-filed and later-expiring “secondary” patents that are narrower in scope. For example, drug developers will seek patents directed to methods of treating particular medical diseases or specific groups of patients for which the drug or biologic is used, as well as delivery devices and formulations for the drug. Drug developers may also seek to patent new and useful physical forms of the drug, such as salts and polymorphs (crystallized chemical forms of a drug that can be important for drug stability), and effective combination therapies in which the drug is used. In the realm of biologics, companies often patent the highly complex scientific processes required for making the drug.

These secondary patents often get far less attention than patents for pioneering chemical compounds, yet they are the workhorses that deliver the economic value necessary to make the therapeutic development process viable. Make sure that these secondary patents receive prime attention when performing diligence and are adequately addressed in your deal documents.

2. Sure, Patents Protect Your Market, but FDA Rights Can Block the Competition

Patents block competitors from making a direct or close copy of the patent owner’s invention and provide market exclusivity for a product. However, because patents can be avoided in many ways, innovators seek additional forms of market protection. The FDA offers a number of statutory exclusivities specifically for drugs, biologics, and medical devices that effectively block competitors from joining the market for critical periods of time. Likewise, the USPTO also offers drug, biologic, and device makers ways to extend the useful life of their patents to compensate for lost patent enforcement time from FDA delays in granting approvals.

The FDA provides exclusivity rights that grant drug developers the right to block competitors from obtaining competing approvals for effectively seven and a half years if the original drug is considered an orphan drug, or five years if the drug is considered to be a new chemical entity (as opposed to a new molecular entity). Some drugs may also qualify for pediatric exclusivity, which extends a product’s market exclusivity for six months in exchange for the drug developer conducting studies of its drug on pediatric patient populations. Even prospective exclusivity rights expected to be awarded to a generic first filer can stall market entry by other generic makers for years and benefit the developer of the original drug. There are several other kinds of exclusivity rights available for pharmaceuticals, biologics, medical devices, and diagnostics equipment.

Aspects of the FDA’s review processes also can result in unofficial “soft” exclusivities that protect against competition, such as stringent bioequivalent, biosimilar, and other approval standards required to obtain approval of closely similar versions of a drug, biologic, or medical device. For drugs and biologics in the form of liquids, nasal sprays, and topical ointments, the FDA often tightens the approval standards for competing generic products, making it harder to get a generic competitor’s product approved.

There are similar hurdles for medical products that operate using AI. For example, a buyer seeking to purchase a company that makes a medical device employing AI to guide surgery would need to make sure that the training dataset and other data used by the AI device’s software are owned by or licensed to the developer. Without exclusive rights to use the key data or exclusive AI software, the AI device will not have market exclusivity.

These exclusivity rights and stringent approval standards for similar products are intellectual property rights that can be just as important as patent rights in protecting the product market. The product developer must be careful in seeking and using these forms of market exclusivity.

It is important for deal documents to fully identify all the rights that protect the investment and add value to the deal. These would include traditional market exclusivity rights such as patents but should also include other lesser-known rights such as FDA exclusivity and approval standards. Ownership of these critical rights must be investigated and verified. Representations and warranties in the deal should confirm the key features of the exclusivity rights, including statements that the party owns these rights, the rights were obtained correctly, and the rights are being used properly to protect the market of interest. These non-patent rights are not vague theoretical rights but instead property rights that must be fully documented in the deal documents like other property rights.

3. Muddled IP Reps and Warranties Don’t Work

Clarity and candor are the keys to successfully completing a deal involving patents and exclusivity rights. During the diligence process, there will be many issues that cannot be immediately resolved, such as inventorship and prior art issues. Representations and warranties are the tools deal lawyers use to manage risks arising from murky patent and exclusivity issues, and they need to be as clear as possible.

Representations and warranties about patents in deal documents must reflect the issues at hand correctly and must be written with precision. For example, a representation should not comingle technical (and often confusing) concepts about patent validity with issues concerning patent inventorship, maintenance fees, ownership, or patent infringement. To make useful and effective representations, it is necessary to understand the patent processes that are the subject of the representations—which is where the assistance and advice of a patent lawyer may be useful.

4. USPTO Rules Can Void Your Security Interest in Patent Collateral

Patents are a common form of collateral in a corporate transaction and are secured by the grant of a security interest, such as interests evidenced by a UCC-1 filing. The granting of a security interest in a patent can only be validly made by the patent owner, and not a closely related company such as a parent corporation.

Verifying valid ownership can be tricky and may involve reviewing years of transfer records to establish a chain of title. To be the owner, the company must be the recipient of a written assignment of full ownership in its favor signed by the prior owner, and every link in the chain of title from the inventor to the present owner must be in place. If one of the links in the chain fails, so does the claim of ownership.

Unlike most forms of personal property, the transfer and ownership of patents is governed by federal law. US patent law requires that the transfer be in writing and then (to achieve full rights) recorded with the USPTO’s assignment division. The assignment must be made by the current owner and not a closely related party. For example, a parent corporation that fully owns a subsidiary cannot transfer ownership of patent rights owned by the subsidiary. Such a transaction would be a nullity and would create a break in the chain of ownership. Missing or defective links in the chain of title may seem like a minor issue, but they are not. If the ownership chain cannot be fully documented, ownership issues will remain unsettled and uncertain.

Thus, in a complex corporate transaction, the bona fides of every assignment in the chain of title must be examined to make sure title has properly passed to the present owner before a new transfer is made.

5. Although You Earned a Patent, You May Not Be Able to Use Your Own Invention

A common misconception about patents is the belief that a patent gives the patent owner, or patentee, the right to freely make and use the patented invention. After all, since the USPTO granted a patent that provides a right to exclude others from using the invention, why shouldn’t the patentee be able to use the invention claimed in the patent? A patent does not actually give the patent owner the right to use the patented invention. Restated in lawyerly terms, obtaining a patent does not give the patent owner freedom to operate (“FTO”). It only gives the patent owner the right to block others from making, selling, using, and importing the patented invention.

Often, a product developer will be confronted with a broader patent owned by another party that precludes the developer from practicing its own closely related invention. For example, suppose a pharmaceutical company patented a new groundbreaking therapeutic compound intended to treat a particular disease, but the compound was not approved by the FDA for lack of a suitable pharmaceutical formulation for the drug. A competitor overcomes this problem by developing an innovative new way to formulate that compound so that it is safe and effective and meets FDA standards. Even if the competitor obtains its own patent covering its formulation, it cannot make or use the formulation because doing so will infringe claims in the other company’s broader compound patent. Likewise, the original pharmaceutical company would too be precluded from practicing the competitor’s patented formulation.

Thus, it is important to understand that a patent does not give the owner the right to practice the invention. To answer that question, the diligence investigator must consider the more complex and different question of FTO.

Conclusion

Patent law presents difficult and, at times, unpredictable issues. In the worst case, the haze created by the interplay of patent and FDA statutes and regulations can cause practitioners to make simple, but devastating errors like miscounting calendar dates. Corporate practitioners should consider seeking complementary patent expertise for deals that involve patents, other IP, and related market exclusivity rights.

In the past year, following the U.S. Supreme Court’s decision in Students for Fair Admissions, Inc. v. President & Fellows of Harvard College (“Harvard/UNC”),^[1] a number of trends have emerged in the diversity, equity, and inclusion (“DEI”) legal landscape, including an increase in Section 1981 claims, suits against corporate DEI initiatives, challenges related to DEI programs based on the First Amendment, and actions involving scholarships in higher education. Although many of the DEI-related lawsuits and developments have not involved employers or the workplace directly, the cases and developments hold lessons for employers regarding best practices for their own DEI initiatives and programs. The proverbial dust has not yet settled, so employers should expect even more legal developments in the DEI arena in the years to come.

Increase in Section 1981 Litigation

Over the past year, there has been an increase in so-called reverse discrimination suits filed under Section 1981 of the Civil Rights Act of 1866. Section 1981 provides “all persons within the jurisdiction of the United States” the “same right in every State and Territory to make and enforce contracts.”^[2] The Civil Rights Act of 1866 was discussed and analyzed at length in Harvard/UNC. The majority noted that “the Act did not single out a group of citizens for special treatment—rather, all citizens were meant to be treated the same as those who, at the time, had the full rights of citizenship.”^[3]

Case precedent unique to Section 1981 further demonstrates that Section 1981 protects racial-ethnic nonminority groups and minority groups alike. For example, in McDonald v. Santa Fe Trail Transportation Company,^[4] the U.S. Supreme Court was asked to decide whether Section 1981 applied to racial discrimination against members of all races. The Court considered the plain language of the statute, examined the legislative history surrounding the Civil Rights Act of 1866, and considered other evidence regarding congressional intent. Ultimately, the Supreme Court held that the statute was clearly designed to protect citizens of every race.^[5]

The recent increase in suits filed under Section 1981 is most likely connected to the differences in how Section 1981 claims proceed as compared to claims under Title VII of the Civil Rights Act of 1964. First, a plaintiff can bring a Section 1981 claim more quickly than a Title VII claim because, unlike a Title VII claim, a Section 1981 claim does not require that the plaintiff first file a charge with the U.S. Equal Employment Opportunity Commission (“EEOC”) and exhaust its administrative remedies.^[6] Second, unlike Title VII, a Section 1981 claim is not subject to a damages cap. These two key differences make a Section 1981 claim more attractive to a plaintiff looking to challenge DEI-related policies and practices.

Increase in Organizations Filing Suits Against Corporate DEI Programs

Following the Harvard/UNC decision, there has been an increase in suits filed by organizations challenging corporate DEI programs. Similar to how Students for Fair Admissions sought action on behalf of its members in Harvard/UNC, other organizations have initiated lawsuits challenging DEI programs on behalf of their members. Two of the most active organizations engaged in this litigation in the past year include American Alliance for Equal Rights (“AAER”) and America First Legal Foundation.

However, thus far, many of these suits have been dismissed due to a lack of standing. For example, earlier this year, the organization Do No Harm filed suit against Pfizer, Inc., alleging that its collegiate summer internship program violated Section 1981 because it allegedly excluded applicants on the basis of race.^[7] Pfizer challenged Do No Harm’s standing to bring the suit. Though Do No Harm claimed that it had identifiable candidates who wished to apply and met all of the requirements for the fellowship except for the racial requirement, the organization did not provide specific names of the individuals allegedly harmed.^[8] As a result, the U.S. Court of Appeals for the Second Circuit affirmed the district court’s dismissal of the lawsuit and held that “an association that relies on injuries to individual members to establish its standing must name at least one injured member.”^[9]

First Amendment Concerns Related to DEI Initiatives

Recent DEI-related cases have also discussed First Amendment issues related to DEI programs, initiatives, and legislation. For example, AAER filed suit against a venture capital firm, Fearless Fund Management LLC, alleging that the firm’s grant contest violated Section 1981.^[10] The contest provided grants to small businesses that were at least 51 percent owned by Black women.^[11] AAER alleged that the contest discriminated against other small business owners.^[12] Fearless, in turn, argued that the First Amendment “protect[ed] [its] contest as a form of expressive conduct” and further argued that its contest was designed to demonstrate “its ‘commitment’ to the ‘[b]lack women-owned’ business community.”^[13] The U.S. Court of Appeals for the Eleventh Circuit, however, disagreed and found that “if that refusal were deemed sufficiently ‘expressive’ to warrant protection under the Free Speech Clause, then so would be every act of race discrimination.”^[14]

In Honeyfund.com Inc. v. Governor of Florida, the Eleventh Circuit addressed a slightly different free speech concern in connection with a legal challenge to Florida’s Individual Freedom Act.^[15] This law, also known as the “Stop WOKE Act,” banned certain mandatory workplace trainings.^[16] Florida argued that the act lawfully prevented employers from mandating that their employees listen to “dangerous and offensive speech.”^[17] On the other hand, plaintiffs Honeyfund and Primo Tampa argued that “the Act prohibits them from sharing their viewpoints.”^[18] Ultimately, the Eleventh Circuit held that the statute unlawfully regulated speech because it was the content of the speech at the meetings that the state was attempting to regulate.^[19]

Impact on Scholarships and Fellowships

Another area that has been impacted by the Harvard/UNC decision is educational scholarships and fellowships.

Following the decision, some states instructed their educational institutions to make changes to their scholarship programs. For example, Missouri’s attorney general, Andrew Bailey, instructed all educational institutions in Missouri subject to Title VI of the Civil Rights Act of 1964 to “identify all policies that give preference to individuals on the basis of race and immediately halt the implementation of such policies.”^[20] He also specifically instructed that scholarships “must immediately adopt race-blind standards.”^[21] As a result, the University of Missouri informed its donors that scholarships from the university would be awarded on a race-neutral basis. Some donors were upset that their scholarships could no longer be given to individuals of a specified race, which was their intent when making the donation. As a result, litigation may be looming with respect to how universities use charitable gifts with specific intentions.^[22]

Additionally, educational institutions offering scholarships with race-specific application criteria could face investigation by the Department of Education’s Office for Civil Rights (“OCR”). For example, the Equal Protection Project filed a complaint with the OCR alleging that five scholarships offered by Minnesota State University Moorhead were discriminatory because the scholarship conditioned eligibility on a student’s race.^[23] The same organization filed a complaint with the OCR regarding Western Kentucky University scholarships that restricted eligibility based on race.^[24] The OCR opened an investigation into the scholarships, and Western Kentucky University has since removed the scholarship offerings from its website.^[25]

In the Harvard/UNC decision, the Supreme Court focused on the constitutionality of affirmative action with respect to race, but it did not extend its analysis to gender. It’s possible that this is because Title IX has historically regulated gender equality in educational settings. Thus, while Section 1981 claims have become increasingly popular for challenging racial inequalities in educational settings, Title IX likely remains the only avenue for gender inequality claims in educational settings.

Changes to DEI Departments

In response to the Harvard/UNC decision, many educational institutions have made adjustments to their DEI departments and programs in the past year. In February 2024, the University of Florida closed its diversity department and terminated all DEI staff.^[26] In May 2024, the board of trustees of the University of North Carolina at Chapel Hill voted to redirect funding from diversity initiatives to campus safety and policing.^[27] Similarly, in response to state legislative actions, the University of Wyoming closed its DEI office.^[28] The University of Iowa restructured its DEI office and renamed it the “Division of Access, Opportunity, and Diversity.”^[29] The Massachusetts Institute of Technology eliminated diversity statements from its faculty hiring process,^[30] and Harvard has eliminated DEI statements as a requirement for tenure-track job applications.^[31]

Takeaways for Employers

In this new era of increased DEI-related litigation, the importance of lawful and thoughtful DEI programs remains for employers. One key to a successful program is effectively training employees and communicating the intention of the program to them. In other words, it is important for employers to know the why behind their DEI initiatives and programs. And effectively communicating the rationale behind DEI policies and initiatives is also key to demonstrating a lack of discriminatory intent. Employers cannot make employment-related decisions based on race, sex, or any other protected trait. Moreover, employers should not financially incentivize managers or leaders to meet related diversity goals because EEOC representatives have publicly stated that such incentives can be evidence of discriminatory intent.

At the end of the day, employers should remember that they should always hire or promote the most qualified candidate and treat employees and candidates as individuals and not as representatives of their respective demographic groups. By focusing their efforts on removing barriers to inclusion (as opposed to creating quotas or targets for racial or gender balancing), employers can manage workplace policies and standards universally across all employees while still capturing the essence of DEI.

1. Students for Fair Admissions, Inc. v. President & Fellows of Harvard Coll. (Harvard/UNC), 600 U.S. 181 (2023). ↑

2. 42 U.S.C. § 1981. ↑

3. Harvard/UNC, 600 U.S. at 250. ↑

4. McDonald v. Santa Fe Trail Transp. Co., 427 U.S. 273 (1976). ↑

5. Id. at 295. ↑

6. Riddhi Setty & Tatyana Monnay, Conservative Duo Fights Against DEI One Bias Claim at a Time (1), Bloomberg L. (June 5, 2024). ↑

7. Do No Harm v. Pfizer Inc., 96 F.4th 106 (2d Cir. 2024). ↑

8. Id. at 108–09. ↑

9. Id. at 109, 120–21. ↑

10. Am. All. for Equal Rts. v. Fearless Fund Mgmt., LLC, 103 F.4th 765 (11th Cir. 2024). ↑

11. Id. at 769–70. ↑

12. Id. ↑

13. Id. at 777, 779. ↑

14. Id. at 779. ↑

15. Honeyfund.com Inc. v. Governor of Fla., 94 F.4th 1272 (11th Cir. 2024). ↑

16. Id. at 1275–76. ↑

17. Id. at 1276. ↑

18. Id. ↑

19. Id. at 1283. ↑

20. Letter from Andrew Bailey, Att’y Gen. of Missouri (June 29, 2023). ↑

21. Id. ↑

22. Liam Knox, Affirmative Action Fallout Sours Donor Relations, Inside Higher Ed (June 13, 2024). ↑

23. Stephen Montemayor, Race-Based Scholarships at Minnesota State University Moorhead Subject of New Civil Rights Complaint, Minn. Star Trib. (June 11, 2024). ↑

24. Equal Protection Project v. Western Kentucky University (Two Scholarships Restricting Eligibility Based on Race Challenged), Equal Protection Project (last visited Nov. 22, 2024). ↑

25. Id. ↑

26. Caroline Downey, University of Florida Closes Diversity Department, Fires All DEI Staff, Nat’l Rev. (Mar. 1, 2024). ↑

27. Caroline Downey, University of North Carolina Board Slashes DEI Funding, Diverts Money to Campus Police, Nat’l Rev. (May 13, 2024). ↑

28. UW Makes Changes in Response to Legislative Actions on DEI, Univ. of Wyo. (May 10, 2024). ↑

29. Univ. of Iowa Off. of Strategic Commc’n, UI Makes Progress Implementing Iowa Board of Regents DEI Directives, Iowa Now (May 30, 2024). ↑

30. James Lynch, MIT Scraps Diversity Statements in Faculty-Hiring Process After Discovering “They Don’t Work,” Nat’l Rev. (May 10, 2024). ↑

31. Josh Moody, Harvard’s Largest Division Drops DEI Hiring Statements, Inside Higher Ed (June 5, 2024). ↑

In an era of increasing data breaches and cyberattacks, businesses face mounting risks that can lead to financial, reputational, and operational damage. The cost of a data breach reached an average of $4.88 million in 2024, a 10 percent increase from the previous year. And with companies increasingly relying on artificial intelligence (AI) for decision-making and operations, they must navigate additional risks and legal challenges as AI’s transformative power introduces opportunities and significant exposures.

In this context, cyber insurance is a comforting safety net, helping businesses manage and mitigate the impact of cybersecurity incidents, including those driven by AI technology. AI’s evolving landscape also creates new challenges, such as algorithmic biases, unpredictable outputs, and the potential for “black box errors”—AI errors with unclear causes—that may result in uninsured exposure if not properly accounted for in insurance policies. Knowing that such a safety net exists can provide a sense of reassurance in the face of these evolving risks.

Even with strong cybersecurity, systems can be breached. Cyber insurance can help cover costs from data breaches, ransomware, and AI risks, though AI-specific coverage is still developing. Many policies offer some AI protection, but specialized coverage for algorithmic bias, large language model (LLM) hallucinations, and regulatory issues is emerging, often with broader protection than traditional policies.

However, expect high premiums and low limits, much like early cyber insurance. Insurers may also exclude losses from intentional AI misuse, standard software failures, and breaches not covered in existing policies. Exclusions for noncompliance with data privacy laws may also appear as regulations evolve.

Given the increasingly sophisticated nature of cyber and AI-related threats, the importance of cyber insurance cannot be overstated. AI creates unique vulnerabilities, from algorithmic decision-making errors to data privacy violations. Without adequate cyber insurance, businesses risk financial devastation and legal exposure in the event of AI system malfunctions or cybersecurity breaches.

Types of Cyber Insurance Coverage

Insurance policies generally provide two categories of coverage: first-party and third-party. With AI becoming integral to business processes, understanding these coverage types and how they apply to AI-specific risks is essential for selecting the right policies. 

First-Party Coverage

First-party coverage addresses direct financial losses from a cyberattack or AI-related incident. An AI-related incident includes malfunctions, errors, or unforeseen consequences from AI systems, such as algorithmic biases, black box errors, security breaches, or data mishandling. As AI becomes integral to operations, these risks increase, potentially falling outside traditional insurance policies. Critical areas of coverage, often focusing on intangible losses like data breaches and cyber extortion and offering specialized services such as breach response and reputation management, include:

• Data recovery: Covers the cost of recovering lost or compromised data after a cyber or AI-related incident.
• Business interruption: Provides compensation for income lost due to a cyber event, such as a malfunctioning AI system that disrupts business operations.
• Cyber extortion: Covers payments made in response to ransomware or AI-related extortion schemes.
• Reputational harm: Addresses costs related to damage to your company’s reputation following a cyber or AI-related incident.
• Notification costs: Pays for notifying affected individuals, clients, and regulators about a data breach or AI system failure.
• Regulatory fines: Provides coverage for penalties imposed by regulatory bodies for noncompliance with data protection and AI-related laws​.

Third-Party Coverage

Third-party coverage focuses on liabilities your business might face from external parties due to a cyber or AI-related incident. Areas it covers include:

• Liability from data breaches: Protects against claims from customers or clients whose personal data was compromised by a security breach or AI malfunction that exposes data.
• Network security failures: Provides coverage for claims arising from network security failures, including AI-related security failures, such as unauthorized access or data loss.
• Privacy violations: Covers legal actions related to violations of privacy laws caused by mishandling sensitive data, including sensitive data mishandled in connection with AI systems.

The Cyber Insurance Procurement Process

Due to AI developments, securing the right cyber insurance policy has become more complex. Businesses must adopt a comprehensive approach that ensures their insurance policies cover both traditional cybersecurity threats and emerging AI-related liabilities.

Step 1: Assess Cybersecurity and AI Risks

Before pursuing a cyber insurance policy, it’s not just important to conduct a thorough risk assessment, particularly concerning AI usage; it’s essential. This assessment helps identify vulnerabilities in your information and AI systems and data protection strategies, ensuring your business is prepared for AI-related and traditional cyber threats. Being prepared with a thorough risk assessment can provide a sense of readiness in the face of these risks.

Step 2: Gather Information

Underwriters require detailed information about your business’s cybersecurity and AI protocols. Be prepared to provide details on the following:

• existing cybersecurity and AI governance policies
• security measures, such as multi-factor authentication and data encryption, as well as monitoring of AI systems
• incident response plans that account for AI-related failures
• records of employee training on both cybersecurity and AI risk management​

Step 3: Compare Policies

When comparing policies, consider both traditional and AI-related risks. Key factors include:

• Coverage limits: Ensure the policies provide adequate coverage for AI-related incidents, including algorithmic errors and business interruptions caused by AI​.
• Exclusions: Be mindful of exclusions related to AI, such as liability for black box errors, biased algorithms, or failures caused by poorly trained AI models.

Step 4: Negotiate Terms

Negotiating AI-specific terms is crucial to ensure your policy provides the necessary protection. Areas to negotiate include:

• extending coverage to include AI-driven business interruption losses
• ensuring the inclusion of legal costs related to AI-generated data breaches and privacy violations
• clarifying what constitutes an “AI-related event” in the policy

Step 5: Understand Policy Exclusions and Limitations

With the rapid adoption of AI, businesses should pay particular attention to policy exclusions related to AI use. Standard exclusions might include:

• Black box errors: Many policies exclude coverage for AI decisions that cannot be explained or justified​.
• Acts of war or terrorism: Some policies exclude cyberattacks involving AI systems attributed to state actors or terrorist organizations​.
• Preexisting conditions: Coverage may be denied for vulnerabilities or issues that existed before the policy’s inception​.

Step 6: Regularly Review and Update Your Policy

Regularly reviewing and updating your business insurance policies as cyber risks and AI technology evolve ensures that your coverage remains adequate to address new AI-related dangers and vulnerabilities. AI systems are continuously improving; your insurance must keep pace with these changes.

Best Practices for Managing AI-Related Cybersecurity Risks

AI introduces significant new risks, from algorithmic biases to unforeseen system failures. However, strong governance and cybersecurity measures can minimize the likelihood of AI-related incidents. Here are several best practices to mitigate AI risks and improve cybersecurity posture:

• Develop and implement a written information security program (WISP): Ensure your business has a comprehensive security program in place, as required by various regulatory frameworks, including the Gramm-Leach-Bliley Act and the Federal Trade Commission Red Flags Rule.
• Implement strong governance and oversight policies for AI: Ensure your organization generally has a comprehensive AI risk management policy that includes regular risk assessments and mitigation strategies; in some instances AI policies specific to cybersecurity issues may be appropriate.
• Implement strong access controls for data: Restrict access to sensitive data and ensure multifactor authentication is used to mitigate unauthorized access.
• Monitor systems continuously: Continuous monitoring is essential to ensure cyber and AI systems function as designed and meet performance expectations.
• Conduct regular cybersecurity audits: Regular audits of your systems and third-party vendors will help identify vulnerabilities before they are exploited.
• Train employees on risk: Regularly educate employees on cybersecurity and AI-related risks, ensuring they have a sufficient understanding of how AI works and the potential vulnerabilities it introduces.
• Test incident response plans: AI-driven incidents can be more complex than traditional cyberattacks. Regularly test your WISP and incident response plans to address traditional cyber threats and AI-specific failures.

Cyber insurance is crucial for managing cyberattack fallout, but with AI’s rise, all businesses must understand their insurance coverage and how they mitigate cyber and AI-specific risks. Businesses should consider AI-specific coverage, regularly review regulatory and risk management guidelines for their industry, especially those issued by regulators, and prepare for policy renewals by outlining their AI strategies, uses, and compliance measures. Understanding AI technology and articulating risk management is crucial in insurance negotiations. Thorough risk assessments, strong AI governance, and regular policy updates will mitigate cyber and AI risks in our complex digital world.

Today, technical, legal, and business risks associated with generative AI (GenAI) are widely publicized to most legal professionals. AI hallucinations, privacy issues, infringement of third-party intellectual property rights, possible antitrust issues, leak of confidential information, poisoning of training datasets, and theft of proprietary technology are just a few to name. However, the AI governance strategies of many US law firms either are still in a nascent stage of conceptualization or early implementation, or don’t exist at all. This article discusses key steps lawyers and law firms should consider to preserve confidentiality of client data as this always-important goal faces further challenges in the turbulent era of automation and GenAI.

While cybersecurity is increasingly a top priority of large and medium-sized law firms, the rise of AI has increased the incentives to obtain firms’ data, frequently by improper or illicit means. For instance, creating competitive and trustworthy LegalTech AI solutions requires high-quality training data—including sensitive, privileged, and confidential legal documents. Now, not only sophisticated cybercrime actors and malicious insiders, but also numerous technology startups and large tech vendors actively seek to get access to law firms’ data, albeit for different purposes.

In this context, the (oftentimes clandestine or stealthy) integration of GenAI into numerous platforms, tools, and technologies used by lawyers on a daily basis, and the potential for data exposure this poses, deserves special attention. Lawyers need to attend to the risks that arise when implementing new technology, and risks related to unauthorized information disclosure to legitimate third parties are widely unidentified or underestimated.

This year, July 29 was marked with the release of a long-awaited and much-needed ethics opinion from the American Bar Association on generative artificial intelligence tools, Formal Opinion 512. Section B of the Opinion’s discussion is dedicated to the duty of confidentiality, elaborating on the protection of prospective, current, and former clients’ data from unauthorized use and access both within and outside of a law firm. Several state and local bars have also released their own guidelines on use of GenAI in legal practice, many of which, like those of the California State Bar and the New York City Bar Association, similarly include significant discussion of confidentiality issues.

It is important to note that data risks are not limited to GenAI: Other types of architectures and AI models usually share the same or similar risks. High-quality training data is the precious fuel of any contemporary AI technology; without it, even the most powerful and wealthy AI tech giants will be technically unable to innovate. The legal industry is as affected by this as any other, with the mushrooming of AI-enabled legal software for both lawyers and nonlawyers, ranging from e-discovery triage tools and contract review assistants to more complex systems that may predict the outcome of a trial based on underlying facts and relevant case law. As a result, demand for legal data—including memos, briefs, lawsuits, motions, depositions, contracts and settlements—is surging amid modest supply.

Despite these challenges, a proper implementation of well-established and time-tested data protection best practices will address many AI-related risks and threats.

First, lawyers should bear in mind that even if their law firm does not use specific GenAI tools or solutions, their data—including work product and privileged and confidential client data—may be stealthily utilized by third parties for unauthorized or unexpected purposes, such as commercial large language model (LLM) training. (In simple terms, an LLM is the “brain” of GenAI technology, trained on huge amounts of human-created and other data.) Some vendors, desperate for high-quality AI training data, creatively update their terms of service by playing with semantics to make their terms as unsuspiciously broad or ambiguous as possible to eventually extrapolate the permitted use of customer data for training of proprietary LLM models. Less scrupulous vendors simply update their terms with immediate or even retroactive effect to allow use of customer data for AI training, and then send an unobtrusive notice to customers, for instance, concealed inside a monthly newsletter to distract attention from the perilous change.

Therefore, in the era of AI, it is indispensable to have a comprehensive and up-to-date inventory of technology vendors with access to law firm data and their current terms of service. Importantly, this list of vendors should also encompass the numerous online and software-as-a-service (SaaS) solutions the firm uses, spanning from Google Workspace, which is often favored by solo practitioners and small firms, to complex customer relationship management (CRM) or enterprise resource planning (ERP) platforms tailored for Big Law firms. Even tools like Google Translate or online grammar correction software, which can seem safe and innocent at first glance, may pose a hidden risk if used by law firm employees or external consultants, such as expert witnesses, to process legal or judicial documents, as their content may end up in a place where it should never be. To prevent such incidents, law firms should consider implementing and enforcing a written policy to address permitted use of their data, expressly prohibiting all tools and services that are not present in the list of authorized solutions.

Firm-wide data minimization, or limiting collection and retention of data to the minimum needed for a specific purpose, is arguably even more crucial to reduce a wide spectrum of cybersecurity and privacy risks, including those related to GenAI. If data does not exist, it simply cannot be misappropriated even in the case of the most sophisticated data breach or flagrant human error. Moreover, data minimization is the cornerstone of many emerging privacy laws and regulations. Data minimization is, however, virtually impossible without having a clear understanding of data inventory and data flows in the first place. Thus, the very first step is to document what data a law firm stores and processes, for what purposes, and where, and how that information can be captured in a corporate data management program. Once a firm’s data is mapped and underlying data flows are identified, data minimization can be thoroughly and thoughtfully implemented.

Data minimization strategies help ensure that all data necessary for business, as well as documents that must be preserved as a matter of law, will be duly safeguarded and readily available, while also enabling and facilitating secure deletion of obsolete or redundant data. Data minimization also drives operational costs down by optimizing data storage, processing, and backup bills. Additionally, any data that must be preserved but is not required in daily operations may be securely sent to so-called cold storage, from where it can later be retrieved if necessary. Cold storage facilities are remarkably cost-efficient and are usually beyond the reach of malicious insiders, disgruntled employees, or external cybercriminals. In sum, data minimization is a cybersecurity principle that has been known for decades, and it continues to be a potent tool to reliably address risks when interacting with emerging technology such as AI.

Another business-critical best practice to maintain data privacy is to establish separate data protection agreements with all external parties that may have access to a firm’s data, explicitly prohibiting any unauthorized use of the data. The agreement should have a conspicuous clause that in case of any conflict with clickwrap agreements or similar terms of service from a vendor, the agreement shall always prevail. Notably, data protection agreements are needed not only with those vendors that by design ingest a law firm’s data for storage or processing but with all vendors that may occasionally or tangentially have access to the data or any part of it. For instance, cybersecurity vendors that scan a firm’s laptops, servers, or emails for malware may legitimately send suspicious files to their cloud for further analysis unbeknownst to the law firm. Solo practitioners and boutique law firms, which typically cannot afford to invest many resources in a comprehensive vendor management program, may at least minimize their number of third-party data processing vendors and carefully review the terms of service of those that remain, as well as minimize or anonymize any data that they submit for external processing. Paradigmatically, legal professionals should remember that lack of time or budget is virtually never a valid excuse for breach of ethical or fiduciary duties related to use of AI or any other technologies.

Use of public cloud providers, such as Amazon Web Services (AWS) or Microsoft Azure, deserves a dedicated mention within the context of law firm cybersecurity. According to Gartner, through 2025, 99 percent of cloud security incidents will be the fault of the customer, caused by human error or misconfiguration of cloud services. Unsurprisingly, cybercriminals and unscrupulous data brokers vigorously go after misconfigured cloud storage to access exposed data without any hacking and sometimes, debatably, without even breaking the law. Such carelessly exposed data may be exploited for all imaginable and unimaginable nefarious purposes, including LLM training by unprincipled tech vendors or even sovereign states amid the global race for AI supremacy. To avoid falling victim to a cloud data breach, law firms should maintain a comprehensive inventory of their cloud-stored data and cloud resources and have those resources regularly tested by specialized cloud security providers for possible misconfigurations, vulnerabilities, and weaknesses.

Notably, all of the abovementioned challenges to data confidentiality also silently reside at law firms’ trusted third parties that have legitimate access to firms’ data under a proper data protection agreement. To illustrate this convoluted problem, consider a law firm with an affiliated law firm that uses a cloud backup service provider. Despite a properly implemented data protection agreement between the two law firms, the cloud provider may share, sell, or otherwise exploit the backup data unbeknownst to both law firms. Worse, this practice is not necessarily illegal: For example, the affiliated law firm could simply overlook a tiny clause in its contract with the vendor authorizing use of backup data for LLM training.

Because of the potential for data breaches via trusted third parties, law firms should consider implementing a comprehensive and risk-based third-party risk management (TPRM) program. One of the key purposes of a modern-day TPRM program is to assess, understand, and monitor how trusted third parties protect themselves and data in their possession. Whenever sharing sensitive data with third parties, preference will be given to entities with mature data protection and information security management programs. The strength of such programs can be evidenced and partially validated by conformity with global technical standards and frameworks like ISO 27001 or SOC 2. A truly robust TPRM program should, however, go beyond superficial examination of entities’ certifications, instead meticulously inspecting their risk catalogues and cybersecurity policies and procedures, as well as auditing their compliance with these policies, and regularly reviewing a list of security incidents (including those that may not reach the level of a reportable data breach) with documentation of their aftermath and the response by the third party. Holistic implementation of TPRM will not only help mitigate AI-specific risks but also reduce a broad spectrum of technical risks and threats stemming from more conventional IT tools and solutions.

Another class of high-frequency and high-impact data risk for law firms is human error while using AI. According to Verizon’s 2024 Data Breach Investigations Report, as many as 68 percent of data breaches involved a nonmalicious human error. The current situation in the realm of AI is analogous: Many legal professionals working in law firms are still unaware of the broad and continually growing spectrum of risks created in their office environment by AI technologies. For instance, a paralegal may see nothing wrong in submitting a highly confidential memo to an online chat for a quick spell-check, trying to produce an impeccable document. Likewise, a busy associate may innocently upload a confidential brief to an online platform to get a cogent summary of the brief, trying to accomplish long list of tasks in a timely manner. This is why it is crucial to create, promulgate, and enforce a firm-wide AI use policy, which would specify permitted and prohibited ways to utilize AI in the workplace. Last but not least, ongoing training on risks, threats, and benefits of AI can serve as a powerful enhancement of such policy, which otherwise may simply gather dust on a bookshelf.

Another GenAI-related concern is that even publicly accessible data may be misused by GenAI vendors or their suppliers of training data. Some law firms generously share their expert knowledge, unique know-how, and analytical insights on corporate websites and blogs, providing high-quality articles or presentations on recent developments in the law. For legal technology AI vendors, such data is gold. Obviously, few authors would consent to have their work ingested by an LLM to be later exploited as part of a commercial product without any compensation or credit to the original content creator. However, valuable data can be vacuumed from trustworthy websites without notice through the common method of data scraping. The author has elaborated elsewhere on techniques for investigating and proving unauthorized data scraping in court, but prevention tends to be a better solution than an after-the-fact response.

Reviewing a law firm website’s terms of use is a sound starting point, as increasingly AI vendors—partially due to better self-regulation and partially due to emerging AI legislation, namely the EU AI Act and US state laws on AI—are starting to pay attention to terms of service. With the exception of some “good bots” like Google, automated scanning and crawling of the firm’s website should be prohibited, expressly banning data scraping for AI training. It may also be a good idea to add a liquidated damages clause if enforceable under applicable law. Next, a modern anti-bot protection, such as Cloudflare or a comprehensive web application firewall (WAF), can help protect the website from being crawled by malicious automated bots while ensuring a smooth experience for human visitors.

To summarize, though law firms face substantial risks to their data as technology evolves, protection of a law firm’s data in the GenAI era is not rocket science. While many of the foregoing challenges are bolstered by the rise of GenAI, ongoing attention to data risk management best practices provides corresponding solutions. Law firms should consider implementing and continuously improving the following instruments discussed above as part of a comprehensive and firm-wide data protection program:

• Data inventory program
• Data minimization strategy
• Third-party risk management policy (TPRM)
• Inventory of third parties with access to firm’s data
• Inventory of third-party terms of service and data protection agreements
• Cloud security and authorized cloud use policies
• Authorized use of AI tools and solutions policy
• Technical controls protecting firm’s public data
• Terms of use protecting firm’s public data

This article is Part IV of the Musings on Contracts series by Glenn D. West, which explores the unique contract law issues the author has been contemplating, some focused on the specifics of M&A practice, and some just random.

A recent decision in the English High Court of Justice, BM Brazil I Fundo de Investimento em Participações Multistrategia v. Sibanye BM Brazil (Pty.) Ltd.,^[1] is the latest judicial pronouncement by a common-law court on the meaning and effect of a material adverse effect (“MAE”) clause. In BM Brazil, Mr. Justice Butcher determined that a “geotechnical event” (basically a landslide), which occurred at a mine owned by the target company between the signing and closing of a Sale and Purchase Agreement (“SPA”), did not constitute an MAE permitting the buyer to terminate the SPA. And the MAE definition included in the SPA looked like it had been cut and pasted from a standard US acquisition agreement.

The Pattern of an MAE Definition

According to Professor Robert T. Miller, one of the oft-cited academics in MAE jurisprudence, including in BM Brazil,^[2] almost all MAE definitions follow a similar pattern.^[3] First, there is the “Base Definition,” which consists of (a) a listing of the “Underlying Predicate Events” (“events, acts, occurrences”), followed by (b) an “Expectation Metric” (“has, or would/could reasonably be expected to have”), followed by (c) an “Undefined Term” (“material adverse effect on”), followed by (d) the “MAE Objects” (“business, financial condition, results of operation”). Second, there is a list of “MAE Exceptions,” which eliminate the realization of certain generalized risks so that even if they occur and have a material adverse effect on the target, no MAE has occurred. And last, there is a “Disproportionality Exclusion,” which adds back to the MAE definition some or all of the MAE Exceptions to the extent that their occurrence has disproportionally caused harm to the target compared to a specified group of similarly situated companies.^[4] The MAE definition under consideration in BM Brazil followed this common pattern.

Finding That an MAE Has Occurred Continues to Be a Rarity

That the judge determined that there had not been an MAE should surprise no one, even without knowing the facts. Judicial determinations that an MAE has occurred are exceedingly rare.

Indeed, in Delaware there has only been one such judicial determination, Akorn, Inc. v. Fresenius Kabi, AG.^[5] In Akorn, Vice Chancellor Laster, in concluding that an MAE had occurred because of the “sudden and sustained drop in Akorn’s business performance,”^[6] examined a number of metrics regarding the target’s performance following the signing of the merger agreement. This drop in performance was determined by making “period-to-period comparisons [that] . . . involved extremely large declines, with EBITDA always declining more than 50 percent.”^[7]

Importantly, however, Vice Chancellor Laster separately concluded that an MAE-qualified “bring down” of a regulatory representation had also been breached where the cost of remediating the regulatory violation exceeded 20 percent of the target’s equity valuation. While that 20 percent did not necessarily establish a bright line, it has been viewed by many in the deal community that a 20 percent value decline is as good a benchmark of what will be deemed an MAE as any.^[8]

The English Court Looks to Delaware Cases

Given the relative dearth of English cases discussing MAEs, Mr. Justice Butcher relied upon the more substantial body of cases from Delaware to guide his decision, taking a cue from a pandemic-era English MAE case, Travelport Ltd. v. WEX Inc.^[9] In that case, Mrs. Justice Cockerill had noted that

[Delaware has a] better developed body of case law [on MAE clauses] . . . [and] to ignore the thinking of the leading forum for consideration of these clauses, a forum which is both sophisticated and a common law jurisdiction, would plainly be imprudent. . . . The same goes for the academic learning which is often cited in the Delaware Court.^[10]

So, turning to that US authority, Mr. Justice Butcher looked first to the oft-quoted statement of then–Vice Chancellor Strine, in In re IBP, Inc. Shareholder’s Litigation,^[11] as to the “strong showing” required to invoke an MAE termination condition:

[E]ven where a Material Adverse Effect condition is as broadly written as the one in the Merger Agreement, that provision is best read as a backstop protecting the acquiror from the occurrence of unknown events that substantially threaten the overall earnings potential of the target in a durationally-significant manner. A short-term hiccup in the earnings should not suffice; rather the Material Adverse Effect should be material when viewed from the longer-term perspective of a reasonable acquiror.^[12]

Mr. Justice Butcher then took a trip through the other Delaware authorities that have addressed MAE conditions since IBP, quoting or paraphrasing these authorities for a number of different propositions, including the following:

• “[D]efining a ‘Material Adverse Effect’ as a ‘material adverse effect’ [as nearly all MAE clauses do] is not especially helpful.’”^[13]
• Use of the word would in the phrase “would not reasonably be expected to have [an MAE]” suggests “a greater degree (although quantification is difficult) of likelihood than ‘could’ or ‘might,’ which would have suggested a stronger degree of speculation (or a lesser probability of adverse consequences[)].”^[14]
• “[T]he burden of proving that a MAE had occurred lay on the buyer, irrespective of the form in which the MAE clause was drafted (ie whether as a representation, warranty or condition to closing), absent clear wording to the contrary.”^[15]
• “There is no ‘bright-line test’ for evaluating whether an event has caused a material adverse effect. To assess whether a financial decline has had or would reasonably be expected to have a sufficiently material effect, this court will look to ‘whether there has been an adverse change to the target’s business that is consequential to the company’s long-term earnings power over a commercially reasonable period.’”^[16]

Mr. Justice Butcher also noted that, while the US case decisions indicated that the determination of whether an MAE has occurred “has both quantitative and qualitative aspects,” he was inclined to the view (consistent with the view of Miller) that “if there is no significant impact in financial, or ‘quantitative’, terms on the Group Companies or their business, then it is difficult to see that such ‘qualitative’ matters could on their own mean that the ‘change, event or effect’ was ‘material and adverse’.”^[17]

Finally, Mr. Justice Butcher also agreed with Miller that the numerous MAE Objects listed in an MAE definition are not necessarily measuring anything substantively different from each other—and the MAE Objects listed appear to all be simply measuring whether there has been an MAE on the target company.^[18]

The Losses Arising from the Landslide Did Not Result in an MAE

Noting Vice Chancellor Laster’s suggestion that a 20 percent decline in equity value would be sufficient to constitute an MAE (without intending thereby to suggest that a “reduction in the equity value of the target of anything less than 20% would necessarily not have been material”), Mr. Justice Butcher agreed that “in the present case . . . a reduction in equity value of 20% or more would indeed be material, but that a somewhat lesser reduction might also be material.”^[19] And he was inclined to view 15 percent as the right number for this case. But to cover his bases, he then viewed the evidence presented (expert testimony, for the most part) about the significance of the geotechnical event from the standpoint that even a 10 percent reduction might be sufficient.^[20]

In reviewing the evidence, however, he concluded that even at this lower level, no MAE had occurred (it would appear that credible expert testimony is critical in these cases, as well as establishing that invoking the MAE clause has not simply been a means to get out of a deal that has not fared as well as one might have hoped^[21]).

A Preexisting Condition Is Not a “Change, Event or Effect”

There have been a number of recent MAE decisions that have focused less on the Base Definition and more on the existence of MAE Exceptions and whether the Disproportionality Exclusion applied.^[22] And those decisions have raised questions about how the wording of the lead-in to the MAE Exceptions, which includes “arising from or related to,” may expand the exceptions to include unexcepted matters.^[23] Those issues did not figure prominently in Mr. Justice Butcher’s decision in BM Brazil, so I will not delve into those matters here but simply refer the reader to footnote 23.

But one of the more interesting aspects of the BM Brazil decision was Mr. Justice Butcher’s discussion of whether a material adverse condition that is “revealed” as the result of a change, event, or effect after signing and before closing, but that in fact existed prior to signing (even though it was unknown), could constitute an MAE. One of the contentions made by the sellers was that the buyers were including in the material adverse effects of the geotechnical event not just the direct effects of the geotechnical event but also the alleged problems with the “underlying geology” that had been revealed by the geotechnical event. According to the sellers, any problems and costs associated with the underlying geology that had been revealed by the geotechnical event could not be included in any determination of whether an MAE had occurred—only the direct effects of the geotechnical event itself could be included. Mr. Justice Butcher agreed with the sellers on this point, even though he went on to decide the case as if everything were included. Regardless, I think this revelatory issue needs to be thought about more.

The argument that Mr. Justice Butcher was persuaded was correct was as follows:

The Claimants emphasised that the terms of the MAE definition looked to whether the “change, event or effect” itself “is or would reasonably be expected to be material and adverse”. They argued that, unlike the exceptions part of the MAE definition, the general part does not direct any enquiry into the causes of the relevant “change, event or effect”; rather that part directs enquiry to, and only to, the characteristics of the relevant “change, event or effect” itself: is it material and adverse? It would be an abuse of language to say that a “change, event or effect” occurring between signing and closing was “material and adverse” because it reveals some other problem or issue. And further, to construe the clause as meaning that revelatory events may be MAEs would enable the temporal requirement of the clause to be circumvented, in that it would allow a party to identify a relevant “change, event or effect” within the period between signing and closing even though the problem or issue predated the contract, and would or could have been picked up by the buyer’s due diligence, and the risk of which will have been assumed by the seller to the extent of the representations and warranties given, but which are otherwise for the buyer’s account. In the present case, the Claimants pointed out, the representations and warranties in Article 3 of the SPAs are exhaustive and do not include any relating to the geotechnical situation at, or the suitability of the mine design of, the Santa Rita Mine, or any general representations or warranties about the costs of, or operations at, the Mine.^[24]

In other words, an MAE condition cannot save you from the failure to obtain a representation and warranty about any existing issue—MAEs focus on future occurrences, not existing facts. In this case, the underlying geological condition “had existed for millennia.”^[25] And “[n]o ‘change, event or effect’ had occurred in [that underlying geological condition] by the happening of the [geotechnical event—i.e., the landslide].”^[26]

One could imagine a situation where there is a boiler explosion that causes damages to a manufacturing plant after signing and before closing. But assume that those damages are insufficient in themselves to constitute an MAE. Nevertheless, assume that in reviewing the damages caused by the explosion, the buyer discovers other, more serious issues that relate to the plant’s equipment and the costs of deferred maintenance, etc. Can those costs be included in assessing whether there has been an MAE? Probably not.

According to Mr. Justice Butcher, Underlying Predicate Events in the Base Definition of MAE focus on what happened, not on what caused it to happen or the reason it happened. There is nothing in a typical MAE clause that would actually expand an Underlying Predicate Event such that it would include some preexisting condition that may have actually caused it (or is likely to cause future similar events) to occur.

And there you have it.

1. [2024] EWHC 2566 (Comm). ↑

2. See Robert T. Miller, A New Theory of Material Adverse Effects, 76 Bus. Law. 749 (2021). ↑

3. This familiar pattern has previously been likened to the consistent ingredients of a McDonald’s “Big Mac.” See Glenn D. West & S. Scott Parel, Revisiting Material Adverse Change Clauses, Corp. Couns. Bus. J. (Sept. 1, 2006). ↑

4. Miller, supra note 2, at 755–57. ↑

5. No. 2018-0300-JTL, 2018 WL 4719347 (Del. Ch. Oct. 1, 2018). ↑

6. Id. at *47, discussed in Glenn D. West, A Delaware Case Has Finally Determined That There Is Such a Thing as a “Material Adverse Effect,” Weil’s Glob. Priv. Equity Watch (Oct. 8, 2018). ↑

7. Miller, supra note 2, at 775. ↑

8. See Glenn West, Richard Slack & Joshua M. Glasser, Just Because a Really Bad Thing Happens Does Not Mean a Material Adverse Effect Has Occurred: Assessing the Latest Delaware MAE Decision, Weil Sec. Litig. Alert 2 (Dec. 24, 2019). ↑

9. [2020] EWHC 2670 (Comm). ↑

10. Id. at paras. 175–76. ↑

11. 789 A.2d 14 (Del. Ch. 2001). ↑

12. Id. at 30–31. ↑

13. BM Brazil I Fundo de Investimento em Participações Multistrategia v. Sibanye BM Brazil (Pty.) Ltd., [2024] EWHC 2566 (Comm), at para. 196 (quoting Frontier Oil Corp. v. Holly Corp.). ↑

14. Id. (quoting Frontier Oil Corp.). ↑

15. Id. at 199 (quoting Hexion Specialty Chems. v. Huntsman Corp.). ↑

16. Id. at para. 203 (quoting Snow Phipps Grp. LLC v. KCake Acquisition Inc.). ↑

17. Id. at para. 222. ↑

18. Id. at para. 204. ↑

19. Id. at para. 253. ↑

20. Id. at para. 252. ↑

21. See Akorn, Inc. v. Fresenius Kabi, AG, No. 2018-0300-JTL, 2018 WL 4719347, at *3 (Del. Ch. Oct. 1, 2018). (“In prior cases, this court has correctly criticized buyers who agreed to acquisitions, only to have second thoughts after cyclical trends or industrywide effects negatively impacted their own businesses, and who then filed litigation in an effort to escape their agreements without consulting with the sellers. In these cases, the buyers claimed that the sellers had suffered contractually defined material adverse effects under circumstances where the buyers themselves did not seem to believe their assertions.”). ↑

22. See Glenn D. West, The MAE Clause, Mrs. Palsgraf and Events “Arising from or Related to” MAE Exceptions, Weil’s Glob. Priv. Equity Watch (May 11, 2021). ↑

23. See id.; see also Robert T. Miller, What Do Exceptions in MAE Definitions Except?, Bus. L. Today (May 20, 2021). ↑

24. BM Brazil, [2024] EWHC 2566 (Comm), at para. 230. ↑

25. Id. at para. 229. ↑

26. Id. ↑