On March 27, 2020, President Trump signed into law the Coronavirus Aid, Relief, and Economic Security Act (the CARES Act).[1]  In section 1102 of the CARES Act, Congress established the Paycheck Protection Program (PPP), which provides for hundreds of billions of dollars’ worth of loans under section 7(a) of the Small Business Act (SBA)[2] to borrowers that consist of, among others, eligible small businesses.

In applying for an SBA section 7(a) loan under the PPP (a PPP loan), eligible applicants must, among other requirements, be able to make a good-faith certification that the uncertainty of current economic conditions makes the PPP loan request “necessary” to support the ongoing operations of that eligible applicant (a “necessity” certification). However, further complicating the analysis, section 1102(I) of the CARES Act suspends the ordinary requirement that an applicant for a section 7(a) loan be unable to obtain “credit elsewhere”, which is defined in section 3(h) of the SBA[3] to mean the ability to obtain credit from non-federal sources on reasonable terms and conditions, taking into consideration the prevailing rates and terms in the community in or near where the borrower transacts business, for similar purposes and periods of time. Unlike a borrower for a traditional section 7(a) loan, under the CARES Act, an applicant for a PPP loan is not required to certify that it is unable to obtain credit elsewhere. Instead, PPP loan applicants must consider alternate sources of liquidity in connection with their PPP loan application to assess whether the current economic uncertainty makes its PPP loan request necessary to support its ongoing operations.

On April 23, 2020, the SBA issued updated FAQs[4] (SBA FAQs) addressing the “necessity” certification in the PPP loan application but failing to provide any specific standard or quantitative metrics for defining the applicant’s need for the PPP loan. The SBA FAQs did, however, make clear that:

• applicants must make a reasonable, good-faith determination of need
• applicants must assess their ability to access other sources of liquidity sufficient to support their ongoing operations in a manner that is not significantly detrimental to the business
• applicants that receive a PPP loan should maintain records supporting their determination of need and be ready to demonstrate to a federal regulator the basis for having made their certification

Fortunately, for smaller borrowers—for these purposes, these are borrowers that, together with their affiliates, receive or have received PPP loans in an original, aggregate principal amount of less than $2 million (a Micro-Borrower)—the SBA, in consultation with the U.S. Department of the Treasury, just amended the SBA FAQs to include a safe harbor for Micro-Borrower’s making the “necessity” certification.[5] Under the new safe harbor, Micro-Borrowers will be deemed to have made the “necessity” certification in good faith.

As a consequence of the new safe harbor, the focus on the “necessity” certification has shifted to borrowers that, together with their affiliates, receive or had received PPP loans in an original, aggregate principal amount of $2 million or more (Significant Borrowers); borrowers unable to rely on the safe harbor described above for Micro-Borrowers. Best exemplifying this risk, especially for the larger borrower, is the first official action taken by the Select Subcommittee on the Coronavirus Crisis (the Subcommittee), which is a special investigatory subcommittee established by the U.S. House of Representatives under the House Oversight Committee empowered to oversee that the funds for the PPP loans are used effectively and not subjected to fraud or waste.

On May 8, 2020, the Subcommittee delivered letters to five large, public corporations demanding that they immediately return the PPP loan proceeds that they had received, funds that Congress had intended for small businesses struggling to survive during the coronavirus crisis.[6] These letters were sent to public companies with market capitalization of more than $25 million and 600 employees, PPP loan applicants that sought and received “small business” loans of $10 million or more.  The Subcommittee instructed each of these companies to respond by May 11^th as to whether they would return their PPP loan funds; otherwise, the Subcommittee gave them until May 15^th to produce all documents and communications (1) between that borrower and the SBA and the Department of the Treasury relating to its PPP loan, and (2) between that borrower and any financial institution relating to its PPP loan, including all applications for a PPP loan. Thus, in its first official action, the Subcommittee sent a clear signal of the real risk that a borrower unable to rely on the Micro-Borrower safe harbor incurs in making the “necessity” certification. Where the Subcommittee will eventually draw the line on sending out similar demands to Significant Borrowers is anyone’s guess. Time, as always, will provide that answer.

What are Significant Borrowers to do in the interim? Unfortunately, the good-faith certification as to the necessity for the PPP loan by the applicant still leaves unanswered questions such as: “How do you define good faith?” “How do you truly determine whether the PPP loan is necessary?” “What law or rule governs these definitions?”

Many commentators have spoken critically about these issues and the ambiguity of these terms. For example, in discussing the process of applying for a PPP loan, Don McGahn, former White House counsel from 2017–18 and now a partner at a large, private law firm, opined in the Wall Street Journal on April 27, 2020,[7] that:

To get a loan, a business must certify that “current economic uncertainty makes this loan request necessary to support the ongoing operations of the Applicant.”

A lax standard, to be sure. But is anyone really going to question that there is “current economic uncertainty”? And that such uncertainty makes a loan request “necessary” to support operations? There is no statutory requirement that a company would go under but for the loan, or that it must, with any degree of certainty, prove need in a detailed way. Hotels and restaurants were given additional statutory leeway: a per location size standard. Regardless of what the goal-post movers now claim they intended, the Cares Act says what it says, and its loose language was sold as a feature, not a bug.

Thus, Mr. McGahn makes the case that every qualified business applying for a PPP loan is capable of making this “necessity” certification in good faith.

However, in the Wall Street Journal the following day,[8] Paul S. Atkins, a former Commissioner with the Securities and Exchange Commission and now CEO of Patomak Global Partners, stirred the pot further by cautioning businesses about taking federal money:

But borrower beware! Businesses with flexibility should seriously consider to what extent accepting the terms of federal loans or other support may be a Faustian bargain. The ultimate cost may dramatically outweigh the temporary gain.

Through the congressional oversight commission established under the Cares Act, the new Special Inspector General for Pandemic Recovery, and numerous other freshly funded inspectors general, the groundwork is already laid for aggressive investigation and review of which businesses received—and how they spent—federal emergency funds.


Thus, if a Delaware corporation is applying for a PPP loan, would Delaware General Corporation Law determine whether that entity (and its board of directors) had acted in “good faith” in making its “necessity” certification for a PPP loan? Is not every decision of the board of directors of a Delaware corporation required to be taken in good faith? Remember, section 102(b)(7) of the Delaware General Corporation Law expressly provides that directors cannot be shielded from liability for actions not taken in good faith or breaches of the duty of loyalty.

Moreover, the duty of good faith under Delaware law falls under the protection of the business judgment rule. In Cede & Co. v. Technicolor, Inc., 634 A.2d 345, 360–61 (1993) (citations omitted), the Delaware Supreme Court stated that:

The [business judgment] rule operates as both a procedural guide for litigants and a substantive rule of law. As a rule of evidence, it creates a ‘presumption that in making a business decision, the directors of a corporation acted on an informed basis [i.e., with due care], in good faith and in the honest belief that the action taken was in the best interest of the company.’ The presumption initially attaches to a director-approved transaction within a board’s conferred or apparent authority in the absence of any evidence of ‘fraud, bad faith, or self-dealing in the usual sense of personal profit or betterment.

. . . To rebut the [business judgment] rule, a shareholder plaintiff assumes the burden of providing evidence that directors, in reaching their challenged decision, breached any one of the triads of their fiduciary duty—good faith, loyalty or due care.

If a shareholder plaintiff fails to meet this evidentiary burden, the business judgment rule attaches to protect corporate officers and directors and the decisions they make, and our courts will not second-guess these business judgments.

Thus, an applicant for a PPP loan could argue that its good-faith determination was subject to the business judgment rule, which protects directors from second guessing if they can demonstrate that they have fulfilled their fiduciary duties: the duty of loyalty and duty of care. If the board of directors can demonstrate that its members made a good faith determination, then the directors should be protected by the business judgment rule. After all, the business judgment rule dictates that courts defer to decisions taken by the board of directors if the directors acted in good faith and in what they reasonably believed to be in the best interest of the corporation after the exercise of due care. The duty of loyalty, which means that a director must act in good faith and free from any conflict of interest, should not be an issue with respect to a PPP loan. The second component of the director’s fiduciary duty is the duty of care, which requires, first, that directors inform themselves of all material information reasonably available to them prior to making a business decision on behalf of the corporation; and then, after becoming appropriately informed, the directors must act with requisite care in the discharge of their duties. Although the duty of care can be in play with respect to a PPP loan, it is not relevant for determining whether a PPP loan applicant’s “necessity” certification was done in good faith. If that were the case, then the new federal-level Special Inspector General for Pandemic Recovery would, for example, be obliged to look at how each of the states have interpreted the term “good faith,” applying principles of state law (corporation, limited liability company, or limited partnership law, as applicable), in order to determine whether an applicant from that state which applied for a PPP loan satisfied its obligation to make a “necessity” certification in good faith. You know that will not be the case.

The CARES Act is not governed by notions of corporate law because section 7(a) loans involve a federal statutory duty or obligation, which is outside the purview of the Delaware General Corporation Law. The CARES Act is federal law and unfortunately does not include definitions of “necessary,” “necessity,” or “good faith.” So, what are applicants for PPP loans of $2 million or more to do? A good first step is to determine whether there are any SBA rules and interpretations regarding section 7(a) loans that offer guidance in construing these terms.

One SBA publication does in fact shed light on the definition of “good faith”—publication SBA SOP 50 57 from the Office of Capital Access, Small Business Administration, dated March 1, 2013, titled “7(a) Loan Servicing and Liquidation.” Item 16 on page 12 of publication SBA SOP 50 57 provides the following definition of “good faith”:

Good Faith, whether capitalized or not, means the absence of any intention to seek an unfair advantage or to defraud another party; i.e., an honest and sincere intention to fulfill one’s obligations in the conduct or transaction concerned.

Thus, the SBA itself defines “good faith” to include “an honest and sincere intention” and an “absence of any intention to defraud . . . [or to] seek an unfair advantage.” These are helpful standards that businesses can utilize to reduce risks associated with any lack of good faith in applying for a PPP loan.

Also helpful to PPP loan applicants are a question and a comment buried inside a PPP loan guide prepared by the U.S. Senate Committee on Small Business and Entrepreneurship titled, “The Small Business Owner’s Guide to the CARES Act” (the SBA Guide. Taken together, they illustrate the purpose and intent of the CARES Act (italics added):

[Do you need c]apital to cover the cost of retaining employees?

The program would provide cash-flow assistance through 100 percent federally guaranteed loans to employers who maintain their payroll during this emergency.

The SBA Guide therefore makes clear that the primary aim of the PPP is to protect workers and help maintain their jobs; thus, applicants interested in protecting their workers and maintaining their payrolls should apply for a PPP loan, in good faith, especially during this unprecedented time.

Facts and circumstances are paramount. Each business applying for a PPP loan should carefully consider and reasonably document its determinations and considerations of issues such as:

• whether it is subject to any risk of losing employees because of the economic uncertainty caused by the COVID-19 pandemic
• whether the PPP loan may help the applicant maintain its payroll during this emergency
• whether alternative sources of liquidity are available
• the terms of any alternative source of liquidity, including repayment terms, if any
• the likelihood and timing of closing on those alternative sources of liquidity
• whether any additional preference overhang might be created by such alternative sources of liquidity
• the dilutive effect upon existing owners of pursuing alternative sources of liquidity

So, rather than “borrower beware,” we say, “Significant Borrowers, don’t worry, just act in good faith and be sure to document your determinations!”

[1] The full text of the CARES Act can be found at this link: https://www.govinfo.gov/content/pkg/BILLS-116hr748enr/pdf/BILLS-116hr748enr.pdf.

[2] Section 7(a) of the Small Business Act can be found at this link: https://www.sba.gov/sites/default/files/Small%20Business%20Act_0.pdf

[3] See https://www.sba.gov/sites/default/files/Small%20Business%20Act_0.pdf.

[4] full text of the updated the Paycheck Protection Program Loans – Frequently Asked Questions (FAQ) can be found at this link: https://www.sba.gov/sites/default/files/2020-05/Paycheck-Protection-Program-Frequently-Asked-Questions_05%2013%2020.pdf.

[5] See question 46 of the Paycheck Protection Program Loans – Frequently Asked Questions (FAQ), dated May 13, 2020.

[6] See https://oversight.house.gov/news/press-releases/in-first-official-action-house-coronavirus-panel-demands-that-large-public.

[7] Opinion piece in the Wall Street Journal, dated April 27, 2020, by Don McGahn, titled “The Cares Act Game Begins”, posted at this link: https://www.wsj.com/articles/the-cares-act-blame-game-begins-11588026158.

[8] Opinion piece in the Wall Street Journal, dated April 28, 2020, by Paul S. Atkins, titled “Borrower Beware: Cares Loans Carry a Steep Cost”, posted at this link: https://www.wsj.com/articles/borrower-beware-cares-loans-carry-a-steep-cost-11588113575.

In today’s global economy, cross-border lending activity is on the rise, with an increase in both the number of loans made to foreign borrowers and the number of participating foreign jurisdictions. A secured lender in the United States entering into a transaction with one or more foreign obligors must comply with the complex provisions of the Uniform Commercial Code (UCC) in order to perfect or crystalize its security interests in the assets of foreign obligors that are pledged as collateral. This article provides a brief guide to applicable UCC provisions and highlights some of the other enforcement and conflict-of-laws challenges lenders should understand when structuring and evaluating the merits of a proposed cross-border secured transaction.

Under UCC Section 9-301, the “location” of an obligor determines the proper place for filing a UCC-1 financing statement to perfect a security interest in personal property. Section 9-307 sets out the rules for determining the “location” of U.S. and foreign obligors based on entity type, jurisdiction of formation, and place of business. As a general rule under section 9-307(b), for purposes of filing a UCC-1 financing statement, an obligor that is an organization with only one place of business is located at its place of business, and an obligor that is an organization with more than one place of business is located at its chief executive office.

However, section 9-307(e) provides an exception to this general rule for organizations formed under the laws of the United States. U.S. organizations are deemed to be “located” in the state in which they are formed. Accordingly, U.S. secured creditors file UCC financing statements in the state of formation of domestic obligors in order to perfect their security interests in such obligors’ collateral.

Section 9-307(c) provides another exception to the general rule of section 9-307(b) for certain foreign obligors. It limits the applicability of section 9-307(b) to foreign obligors with a place of business or chief executive office “located” in a jurisdiction with a UCC-style public recordation system for tracking security interests and establishing priority against other secured parties. Foreign obligors whose place of business or chief executive office is not “located” in a jurisdiction with a UCC-style public recordation system are deemed to be “located” in Washington, D.C. Two key policy considerations underlying this section 9-307(c) exception for foreign obligors are: (1) an interest in providing a reliable and streamlined framework for U.S. secured parties to search, perfect, and protect the priority of their security interests in collateral of foreign obligors; and (2) facilitating lower transactional costs for borrowers and U.S. lenders.

A few hypotheticals are useful to understand the filing rules for foreign obligors:

In the first hypothetical, the obligor is a Canadian company with its chief executive office in Toronto, Ontario. Given that Ontario has a UCC-style public recordation system, a U.S. lender making a loan secured by the assets of such Canadian obligor would file a financing statement in Ontario to perfect its security interest in such assets. As a precautionary measure, the U.S. lender may also choose to file a financing statement with the Recorder of Deeds in Washington, D.C., although such filing technically would not be required.

In the second hypothetical, the obligor is a Spanish company with its sole place of business or chief executive office in Spain. Assuming Spain does not have a UCC-style public recordation system, a U.S. lender making a loan secured by the assets of such Spanish obligor would file a financing statement in Washington, D.C. to perfect its security interest in such assets.

The analysis becomes more complex with hypotheticals involving foreign obligors with offices in the United States. In the third hypothetical, the obligor is a Canadian company organized under the laws of Toronto, Ontario, with its sole place of business in New York or with more than one place of business and its chief executive office in New York. Under section 9-307(b), for purposes of the UCC, the Canadian obligor would be deemed to be “located” in New York—the location of its sole place of business or chief executive office—and the exception set forth in section 9-307(c) for a filing in Washington, D.C. would not apply. A U.S. lender making a loan secured by the assets of such Canadian obligor would file a financing statement in New York to perfect its security interests in such obligor’s assets. The lender may also want to file a financing statement in Washington, D.C. as a precautionary measure, although such filing technically would not be required under either U.S. law or Ontario law.

In the fourth hypothetical, the obligor is a Spanish company with its sole place of business or chief executive office in New York. Under section 9-307(b), the Spanish obligor would be deemed to be “located” in New York, the location of its sole place of business or chief executive office. Given that New York, as the location of the obligor, has a UCC-style public recordation system, the exception set forth in section 9-307(c) for filing in Washington, D.C. would not apply regardless of whether Spain, as the obligor’s home country, has a UCC-style public recordation system. A U.S. lender making a loan secured by the assets of such Spanish obligor would file a financing statement in New York to perfect its security interests in such obligor’s assets. Again, the lender may also want to file a financing statement in Washington, D.C. as a precautionary measure, although such filing technically would not be required.

How does a U.S. secured lender determine whether a foreign jurisdiction has a UCC-style public recordation system? Some questions to consider are as follows: Does the foreign jurisdiction have a filing, recordation, or registration system for nonpossessory security interests in personal property? Does the foreign jurisdiction generally require filing in its registration system to achieve priority over competing lien creditors? Is filing information in the foreign jurisdiction’s system available to third-party searchers? Although there is no definitive list of jurisdictions with UCC-style public recordation systems, it is generally accepted and understood that such a list includes Canada, Australia, and New Zealand. For some foreign jurisdictions, the analysis may not be straightforward due to the limited scope of collateral covered, an inability to establish or determine priorities among competing secured creditors, or an inability to perform lien searches.

In addition to the UCC analysis regarding rules for perfecting security interests in foreign obligors’ assets, U.S. secured lenders in cross-border transactions should also consider, among other matters, potential enforcement risks and conflict-of-laws issues. A U.S. secured lender cannot assume that a foreign court would recognize the validity or priority of a security interest created under the UCC and perfected by filing in Washington, D.C. or in another U.S. jurisdiction. In addition, under applicable conflict-of-laws principles for most tangible collateral, the “location of the debtor” rule only governs perfection and not the effect of perfection or nonperfection, or the priority of security interests. If a security interest in inventory of a foreign obligor is perfected by a UCC filing in Washington, D.C., but the inventory is located in the foreign country of the obligor’s formation, priority would be governed by applicable foreign law and not the Washington, D.C. UCC. For most intangible collateral of such a foreign obligor, the Washington, D.C. UCC would determine whether a security interest is properly perfected and whether it has priority over other security interests, but there still may be potential enforceability issues in the foreign obligor’s jurisdiction of formation. Accordingly, when structuring cross-border loans to foreign obligors with collateral located outside the United States, U.S. lenders should engage external counsel in the jurisdiction where the foreign collateral is located, in addition to following UCC requirements.

As we hunker down in our home offices and endeavour to protect ourselves and our communities from the ravages of COVID-19, it is worth remembering that in addition to the threats posed by the virus, we are also increasingly at risk from scammers and hackers seeking to exploit existing cybersecurity gaps (and our general sense of panic) through various phishing efforts, spear phishing campaigns, and malware scams.

Preying on users’ cybersecurity weaknesses is not new. What’s different now is that many employees are novice remote workers who may not have had the time or ability to secure their at-home work environment. In our haste to obey mandatory municipal, provincial, state, and federal self-isolation or stay-at-home requirements, some companies have scrambled to provide their workers with adequate and necessary hardware, but may not have had the opportunity to carefully consider and protect against security threats, i.e. ensuring critical systems and corporate software have been fully updated and patched. Employees were not provided with supplementary security training. In some instances, the need for speed – to ensure business continuity and the ongoing ability to service clients – has resulted in poor cyber-hygiene, even as workers scramble to make do with a combination of work-provided and unvetted personal devices and vulnerable WiFi networks.

It’s also not terribly surprising that stressed employees are far more likely to fall victim to cyber criminals. Tensions are high, anxiety is elevated, and workers are trying to focus while surrounded by their equally concerned families, creating a pressure-cooked environment where bad judgment can ensue. Employees who are trying to show their companies that they are still being diligent workers can easily be misled by hackers pretending to be their boss or co-workers sending them authentic looking but fake emails from alleged ‘personal accounts’ asking them to do something, like providing critical network credentials or confidential/private information. Caught up in the moment, these emails can dupe unsuspecting employees, particularly those that are using new or unfamiliar technology, like laptops with smaller screens.

So far, much of nefarious online COVID-19 activity has involved phishing, spear phishing and the introduction of malware. “Phishing”—defined by the Canadian Centre for Cybersecurity (CCC)—as attempts by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing, a specific, usually well-known brand, usually for financial gain- typically involves attempts to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which the tricksters may then use to commit fraudulent acts. By contrast, “spear phishing” involves the use of spoofed emails to persuade people within an organization to reveal their usernames or passwords. Unlike phishing, which involves mass mailing, spear phishing is small-scale and targeted. Hackers also use email to deliver “malware,” malicious software designed to infiltrate or damage a computer system, without the owner’s consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware.

To date, there have been myriad examples of scammers trying to trick the unsuspecting public through the use of phishing, spear phishing and malware. As recently reported by the CBC on March 30, virtual private network provider Atlas VPN has determined that the number of active websites used for phishing has increased by 350 percent between January and March, just as the COVID-19 crisis erupted. Barracuda Networks, based in California, has reported a 667 percent spike in phishing emails from the end of February until late March.

Canada’s Communications Security Establishment (CSE), the parent agency of the CCC, has been kept busy identifying and taking down malicious websites spoofing Government of Canada websites (i.e., the Public Health Agency of Canada and the Canada Revenue Agency) that were spreading COVID-19 misinformation. The CSE has also reported cases of COVID-19 maps that infected devices with malware, phishing emails with malicious links and attachments, and spoofed COVID-19 websites. The CSE’s March 23^rd Alert has noted several examples of these COVID-19 phishing attempts, with such tantalizing emails subjects as:

Cancel shipment due to corona virus _ New shipping schedule details

Corona is spinning out of control

Feeling helpless against Corona?

Military source exposes shocking TRUTH about Coronavirus

Corona virus is here, are you ready? (Learn how to survive)

Get your coronavirus supplies while they last

Canadians are encouraged to take some simple steps to protect themselves, not just during the COVID-19 isolation period, but at all times.

Security firm Forcepoint has recently noted that fake coronavirus spam tries to induce individuals to click on links to shady websites and fraudulent services or encourage people to buy a specific (fake) product which is supposed to help protect against COVID-19. Recently, some individuals received email supposedly from the World Health Organization (WHO) with information containing a recording that described necessary precautions against COVID-19. This email actually contained a small HTML file that directed users to a spoofed Microsoft Outlook login page, where they were prompted to log in to access the recording. Of course, hackers would then harvest the users’ passwords. Another fake WHO email from Italy was a “malware dropper” designed to avoid security software by not carrying any malware itself but instead containing a simple script that ran on victims’ computers for the purpose of installing other malware.

What steps can companies take to ensure that their workers are better protected from these cyber-hackers? And how can individual employees protect themselves?Some recommendations are below:

Companies should ensure that their employees use company devices (not their own!) that access company networks using secured VPNs (virtual private networks) or other secure portals. Company networks should only be accessible using multi-factor authentication. Organizations should promptly deploy all required security patches and updates to their critical enterprise software as well as implement current anti-virus or anti-malware software on computers/networks. Computers, router firmware, and web browser software should be kept up-to-date and legacy software should be replaced with currently supported versions. Consider using software that scans emails for malicious links and attachments. Companies should ensure that access to sensitive documentation is limited to those who especially require access, and all employees should receive basic cybersecurity training, reinforced through internal policies and periodic testing. Companies should advise their employees not to download confidential proprietary documents onto their personal devices and employees should be required to use sophisticated passwords (not “Password!”) that are different from their home accounts. As busy as they are trying to keep the lights on, companies should periodically remind their employees about increased risks during this pandemic, including being on the lookout for not-so-obvious phishing attempts.

Individual employees should wake up and recognize that they have a personal responsibility to be especially vigilant now, given the incredible increase in coronavirus scams. As recommended by the CCC, to protect against malicious email, users should make sure the address or attachment is relevant to the content of the email. It’s critical to take the time to make sure that you actually know the sender of the email and that the email is legitimate – typos are a dead give-away that they are not. No one should open email attachments that come from sources they are unsure of.

To protect against malicious attachments, employees should ensure that the sender’s email address has a valid username and domain name, and should be extra cautious if the tone of the email seems “urgent” or is otherwise off. It doesn’t hurt to verify an unexpected email with an attachment by calling the supposed sender. Remember that so-called critical information that comes via attachments may also be scams—most legitimate emails put critical information in the main body of the message.

To protect against malicious websites, make sure that the proffered URLs are spelled correctly. It’s safer to directly type the URL in the search bar instead of clicking a provided link just to be certain. If you must click on a hyperlink, hover your mouse over the link to check if it directs to the right website and try to avoid clicking on links in email addresses that direct you to log into a website. Take the time to search and find the login page yourself using your own web browser and log in that way.

Never just “take the bait”—if you intuitively think there’s a reason to question the legitimacy of a message that you receive, it’s better to simply ignore it and try to contact the sender to verify it. Do not respond to any requests for sensitive information, even if it’s supposedly to update payment information with an account.

Lastly, if you make a mistake and fall for these scams, remember you are only human. However, if your errors have resulted in the unauthorized disclosure of personal information or confidential information, you (or your organization) may have triggered various mandatory data breach reporting requirements under various state and federal laws as well as other regulatory reporting requirements. It’s best to alert your company as soon as possible so it can work quickly to remediate the situation. Be careful out there and stay safe!

Lisa R. Lifshitz

The Telephone Consumer Protection Act (TCPA, or the Act) has limited telephone calls that can be placed using certain automated equipment since 1991. However, since passage of the Act, there has been considerable debate about the type of automated equipment subject to the Act’s restrictions. The TCPA specifically restricts the use of any “automated telephone dialing system” (ATDS). The statute defines ATDS as “equipment which has the capacity—(A) to store or produce telephone numbers to be called using a random or sequential number generator; and (B) to dial such numbers.” 47 U.S.C. § 227(a)(1).

In 1991, the use of “random or sequential” number-generating equipment was a big problem. The TCPA specifically took aim at telemarketers, who had no care for who received their calls, only that the recipient was a potential buyer for their good or service. Automated equipment gave these telemarketers the ability to place random or sequential calls very quickly, increasing the number of contacts they could make in a short period of time.

After passage of the TCPA, and with the introduction of newer and smarter lead-generation technology and telephony equipment, telemarketers soon realized it was more efficient and cost-effective to target specific customers and use technology that dialed from a list of numbers. Thus, telemarketers began using the same types of equipment used by creditors to contact their delinquent customers: predictive dialers.

Predictive dialers utilize technology that quickly dials from a list of numbers, identifies when a call recipient picks up a call, and routes that call to a live agent. For unanswered calls, which constitute the large majority of calls placed, the predictive dialer never sends that call to a human being, thus saving considerable resources for the calling party.

The Federal Communications Commission (FCC) is tasked with rulemaking and enforcement of the TCPA. In 2003, the FCC realized it had a problem. With telemarketers abandoning equipment that dialed in a “random or sequential” fashion, it needed a fix to ensure that the TCPA still provided protection to those seeking to avoid unwanted telemarketing calls. Thus, in 2003 the FCC issued a Band-Aid in the form of a new Report and Recommendation. See In re TCPA Rules & Regulations, 18 FCC Rcd. 14014, 14091 (2003) (2003 Order). The 2003 Order interpreted the term “ATDS” to include equipment that merely dialed numbers “from a database of numbers,” like a predictive dialer. Id.

Since 2003, federal courts and the FCC have grappled with how predictive dialers could constitute an ATDS when they seem to fall outside language of the statutory definition. In 2008, and again in 2015, the FCC reiterated that predictive dialers are, in fact, an ATDS. In 2018, the D.C. Circuit issued an opinion in ACA Int’l v. FCC, 885 F.3d 687, 702–03 (D.C. Circ. 2018), finding that the FCC’s prior broad interpretations of ATDS included more equipment than Congress intended (including smartphones) and would create unjust results. However, the D.C. Circuit did not specifically state that it invalidated all prior FCC rulings on the status of predictive dialers.

Later in 2018, the Ninth Circuit Court of Appeals issued a decision ignoring the FCC’s prior proclamations, but endorsing perhaps one of the broadest interpretations of the Act ever advanced by litigants. See Marks v. Crunch San Diego, LLC, 904 F.3d 1041, 1049 (9th Cir. 2018). The Marks court construed section 227 to cover devices with the capacity to automatically dial telephone numbers from a stored list or to dial telephone numbers produced from a random or sequential number generator.

As of Monday, January 27, 2020, this is where we stood. The Ninth Circuit, which has jurisdiction over territory that contains 20 percent of the U.S. population, had determined that TCPA lawsuits against callers using predictive dialers were permissible. The rest of the country faced the impossible task of interpreting a hodgepodge of different federal court decisions trying to harmonize the FCC’s prior guidance and the D.C. Circuit’s decision in ACA Int’l. Commentators wondered whether other federal circuit courts would now side with the Ninth Circuit in Marks, eliminating the need to review prior FCC orders and cleanly interpreting the statute favorably for consumers. However, the Eleventh Circuit had plans of its own.

In Melanie Glasser v. Hilton Grand Vacations Company, LLC, No. 18-14499 (11th Cir. Jan. 27, 2020), the Eleventh Circuit directly addressed the definition of “ATDS.” The Glasser case involved two plaintiffs. The first received 13 calls from Hilton, a timeshare marketer, about vacation opportunities. The second received 35 calls from a creditor about unpaid student loans. Both plaintiffs alleged they received calls from the defendant companies using an ATDS. In both cases, the companies used equipment that dialed numbers automatically from a list of telephone numbers.

The Glasser court was clear that the outcome of the case was dependent upon the interpretation of ATDS and took a shot at Congress, stating: “Clarity, we lament, does not leap off this page of the U.S. Code.” Id. at 6–7. Thus, both plaintiffs and defendants advanced their own interpretations of the statute, as follows:

After a painstakingly thorough review of the statutory language and analysis using a variety of principles of statutory interpretation, as well as conventional rules of grammar and punctuation, the court held in a 2-1 decision that the correct interpretation was that set forth by the defendants. The court advanced the following arguments in support of its conclusion:

• Conjoined verbs sharing a direct object. When two conjoined verbs (“to store or produce”) share a direct object (“telephone numbers to be called”), a modifier following that object (“using a random or sequential number generator”) customarily modifies both verbs.
• Placement of the comma. The comma separating the phrase “to store or produce telephone numbers to be called” from the phrase “using a random or sequential number generator” also indicated that the clause modifies both “store” and “produce.”
• Content of the words. Under the plaintiffs’ approach, the key modifier (“using a random or sequential number generator”) would rarely, if ever, make a difference. An interpretation in which a device is an ATDS merely by storing and dialing numbers, as the plaintiffs advocated, would include almost all dialing technology and make the modifier superfluous.
• Historical use of autodialing equipment. The regulatory record confirmed that, at the time of enactment, devices existed that could randomly or sequentially create numbers and (1) make them available for immediate dialing or (2) make them available for later dialing. Sometimes storage would happen; sometimes it would not.
• Context. The TCPA made it illegal to call “any 911 line” using an ATDS. The court stated that “[i]t suspends belief” to think that Congress passed the law to stop telemarketers from intentionally calling 911. Instead, the court concluded that Congress passed the law to prevent callers from accidentally reaching 911 lines by dialing randomly or sequentially generated telephone numbers.
• Contemporaneous understanding. In the first 12 years after enactment, it was generally understood that the TCPA did not apply to predictive dialers, but in 2003 the FCC determined that predictive dialers were subject to the statute. The court stated that the only changes during this time were technology and marketing strategies and that the FCC was trying to “pour new wine” into an “old skin” by making the ATDS definition cover predictive dialers. The court stated that Congress drafted the 1991 law for the moment but not for the duration, and that although the TCPA was successful in eliminating one pernicious form of telemarketing, it failed to account for how business needs and technology would evolve.
• Constitutional avoidance principles. The plaintiffs’ interpretation would mean that the TCPA restricts using cell phones to call other cell phones, which the court considered “a bridge too far.”
• The D.C. Circuit invalidated the FCC’s prior rulings. The D.C. Circuit invalidated the FCC’s prior rulings in ACA Int’l when it found that those orders were “inconsistent with reasoned decisionmaking.”

In addition, the court also addressed Hilton’s “Intelligent Mobile Connect” system, which requires significant human intervention in the form of programming from Hilton employees before placing calls. The court stated that even if it adopted the plaintiffs’ interpretation of ATDS, Hilton’s system still required enough human intervention to remove it from the definition of ATDS.

It is worth noting that in a lengthy dissent, Judge Martin disagreed with the interpretation set forth by the majority and sided instead with the statutory reading advanced by the Ninth Circuit in Marks. Judge Martin wrote that, in her opinion, “a machine may qualify as an autodialer based solely on its ability to store numbers.”

Following Glasser, it is clear that the Ninth Circuit and Eleventh Circuit are directly at odds. Now, with two circuit courts advancing diametrically opposed statutory interpretations, the remaining circuits will likely have to line up and pick sides.

On June 30, 2020, registered securities broker-dealers must begin their compliance with the new SEC Regulation Best Interest and Form CRS Relationship Summary/Form ADV Part 3,† which were announced by the Securities and Exchange Commission on June 5, 2019.[1] These new regulations were promulgated under authority given to the SEC by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. Regulation Best Interest has four components: (1) the disclosure obligation; (2) the care obligation; (3) the conflicts-of-interest obligation; and (4) the compliance obligation. The Form CRS Relationship Summary/Form ADV Part 3 imposes an obligation on both broker-dealers and investment advisers to provide a “Customer Relationship Summary” to retail investors. For broker-dealers, this form is called Form CRS; for investment advisers this form is Form ADV Part 3. This article provides basic preliminary guidance on how broker-dealers and investment advisers can prepare for the June 30 compliance date.

Before getting into the weeds, we should note that according to the SEC, the purpose of its adoption of the rule package consisting of Regulation Best Interest and Form CRS is to enhance protections and preserve choice for retail investors in their relationship with their financial professionals by bringing the legal requirements and mandated disclosures for both broker-dealers and investment advisers in line with reasonable investor expectations. The intent is to preserve access and choice in: (1) the type of professional with whom they work (i.e., broker-dealer and/or investment adviser); (2) the services they receive (transaction based or ongoing monitoring); and (3) how they pay for these services (commissions or fees).

In order to accomplish this goal, the SEC adopted Regulation Best Interest to apply only to retail customers of broker-dealers and not to investment advisers, who are already subject to the fiduciary standard of the 1940 Investment Advisers Act.[2] Reg. BI, as it is colloquially called, does not apply to institutional or other nonretail accounts, which remain subject to FINRA’s Suitability Rule 2111. Reg. BI imposes a heightened standard of care at the time of a recommendation to a retail customer and does not impose an ongoing duty to monitor existing accounts, thereby contrasting it with the fiduciary duties of investment advisers. The new regulations require a broker-dealer to act in the retail customer’s best interest and not place its own interest ahead of the customer’s interest. This obligation is akin but not identical to the fiduciary obligations imposed upon investment advisers.

Duty of Disclosure

First and foremost for broker-dealers scrambling to meet the June 30 deadline is the duty of disclosure. Some helpful guidance in this regard is provided by the Financial Industry Regulatory Authority (FINRA), which has published a Reg. BI and Form CRS firm checklist on its web page. Although the SEC regulations have prescribed the overall contents and format of the new disclosures required by Form CRS, they have not prescribed the format of the written disclosures required by Reg. BI. Under the Reg. BI disclosure obligation, a broker-dealer and registered representative are required, prior to or at the time of the recommendation, to provide the retail customer, in writing, with a full and fair disclosure of all material facts related to the scope and terms of the firm-customer relationship, and all material facts relating to conflicts of interest that are associated with the recommendation. At a minimum, the following disclosures are required: (1) all material facts relating to the scope and terms of the relationship with the retail customer, including: (a) that the broker-dealer and registered representative are acting as a broker, dealer, or associated person of a broker-dealer with respect to the recommendation; (b) the material fees and costs that apply to the retail customer’s transactions, holdings, and accounts; (c) the type and scope of services provided to the retail customer, including any material limitations on the securities or investment strategies involving securities that may be recommended to the retail customer; and (2) all material facts relating to conflicts of interest that are associated with the recommendation.

The regulations leave it to each individual firm to prepare its own Reg. BI written disclosure form and Form CRS/ADV Part 3. In other words, these are do-it-yourself forms, with some guidance in the form of a prescribed format and “conversation starters” required for Form CRS/ADV Part 3. Form CRS/ADV Part 3 may be no more than two pages for broker-dealers and investment advisers, whereas dual registrants are encouraged to combine their disclosures in a four-page document. Helpful guidance is provided in the instructions to Form CRS/ADV Part 3 and the FINRA Reg. BI checklist.[3] Among other things, Form CRS should have a basic introduction to the firm, a description of fees and costs generally, and a disclosure of any relevant disciplinary history of the firm and its principals. Although Regulation Best Interest does not by its terms apply to investment advisers, registered investment advisers are required to prepare and provide to clients a Form ADV Part 3, which must have the same information as Form CRS.

When should customers receive their new Form CRS? According to the SEC, the form should be completed and delivered to the customer at the time a new customer account is opened, or at the time of recommendation for an existing customer.[4] Although the new Form CRS may be delivered in paper or electronic format, it should be done prominently and must be the first document if provided with other materials.

In addition, it is incumbent upon the firm to explain to the customer the nature of the relationship and whether it is advisory or that of a broker. Under the new regulations, the moniker “adviser” can be used only by investment advisers and may not be used by registered representatives who are not dually registered. Thus, firms should, prior to June 30, undertake to review their brokers’ business cards, office signage, websites, and promotional material to ensure that the use of the word “adviser” is limited to registered investment advisors.

Some firms are undertaking firm-wide initiatives designed to encourage all brokers to become dually registered, which will certainly help simplify determining the applicable standard of care.

Duty of Care

The duty of care imposed on broker-dealers is one of the central pillars of the new regulations and imposes a heightened standard of care at the time of a recommendation akin to the fiduciary standard imposed on investment advisers under the 1940 Investment Advisers Act. Under the current FINRA suitability rule, a registered representative or broker-dealer must make a reasonable recommendation to buy or sell a security based upon the customer’s investment objectives, risk tolerance, investment time horizon, and other securities holdings as disclosed to the firm.[5] The care obligation of Reg. BI requires that when making a recommendation to a retail client, a registered representative must exercise reasonable diligence, care, and skill to: (1) understand the potential risks, rewards, and costs associated with the recommendation and to have a reasonable basis to believe that the recommendation could be in the best interest of at least some retail customers; (2) have a reasonable basis to believe that the recommendation is in the best interest of a particular customer based on the retail customer’s investment profile and the potential risks, rewards, and costs associated with the recommendation, and to not place the financial interests of the broker-dealer or registered representatives ahead of the interests of the customer; and (3) have a reasonable basis to believe that a series of recommended transactions, even if in the customer’s best interest when viewed in isolation, is not excessive and is in the customer’s best interest when taken together in light of the customer’s investment profile, and does not place the financial interests of the broker-dealer or registered representatives ahead of the interests of the customer.

Although the care obligation requires broker-dealers and registered representatives to consider and disclose to their customers the fees and costs involved, this is not the only criterion. The SEC recognizes that the cheapest product is not always the best product.

In addition, Reg. BI specifically applies not only to the recommendation of an individual security, but to the selection of an account as well. As the SEC has announced, Reg. BI is relevant to “whether clients were put in the right kind of accounts—brokerage or advisory—and whether they received sound advice on rolling over retirement funds from a 401K to an individual retirement account.”[6] Thus, a broker who recommends that a customer open an advisory account, as opposed to a brokerage account (or vice-versa), should be able to articulate how that choice of account benefits the customer. This is important for long-term buy-and-hold customers, who might not benefit from an advisory account, which would typically be charged an annual management fee of a percentage of assets under management. For example, imagine a hypothetical customer with a buy-and-hold investment strategy who is charged an annual management fee of one percent in an account that has no transactions of any nature for a period of five years. In this example, charging a customer an annual fee for reviewing and monitoring an account that sees little or no activity might be tantamount to “reverse churning” and might not pass muster under Reg. BI or, for that matter, the 1940 Act. The firm should be able to document and defend the reasonableness of its account selection recommendations.

Conflicts of Interest

Under Reg. BI, conflicts of interest must be disclosed and, if possible, mitigated. Thus, sales contests and quotas pegged to individual products or house products are unlikely to pass regulatory muster and could invite arbitration claims under the new regime. The whole purpose of Reg. BI of course is to place the customer’s interest above that of the broker, so registered representatives should be mindful of the obligation to place the customers’ interest above their own and to document and mitigate any potential conflicts. As mentioned, this principle should apply to sales quotas, sales contests, sales of proprietary products, and any consideration, such as bonuses or trips, offered by product issuers or underwriters.

Although disclosure of specific compensation amounts is not required, full and fair disclosure may require disclosure of the general magnitude of the compensation with respect to conflicts of interest. In this regard, a firm should consider whether to disclose its promissory notes to brokers and whether those promissory notes contain performance standards or “bogeys” that could also contribute to conflicts of interest. In addition, the firm should be able to show that it considered reasonably available alternatives to the products that were actually recommended, and that it can document that these alternatives were considered.

Compliance Obligations

FINRA member firms will be tested upon their compliance with the new regulations, especially in the first months. Firms should promptly begin preparing their Reg. BI written disclosure document and Form CRS/ADV 3 and educating their brokers on how and when to make disclosures to customers. In addition, FINRA member firms should write and implement policies and procedures and sales practice and supervisory manuals designed to ensure compliance with the regulations, and reach out to brokers in the field to educate them on the new requirements. Showing that their field brokers have been educated on the new regulations will help show the firms’ good-faith compliance.

Roadmap for Claimant’s Counsel?

Will the new requirements of Regulation Best Interest and Form CRS serve as a roadmap for claimants’ lawyers looking to bring additional arbitration claims? The answer is probably “yes.” No individual or organization is perfect, and imposing additional regulatory requirements on broker-dealers simply increases the risk that the firm will make one or more mistakes. Under the current suitability rule, claimants’ lawyers are already looking for conflicts of interest and failures to disclose, which they are more than happy to bring to the attention of regulators or arbitrators. Under the new regulations, these arguments will have the force and weight of law.

In many of the securities arbitrations we have seen, the claimants’ lawyers spend a lot of time and energy arguing that the respondent broker should be subject to a fiduciary standard. Those fights will be largely but not entirely obviated by Reg. BI. Now, the existing regulations effectively place the burden upon the broker to articulate why the recommendation was in the customers’ best interest. Moreover, the regulations expressly require the firm to consider other reasonable alternative investments that were available at the time of the recommendation. This will also increase the burden on the firm to justify the reasonableness of its recommendations. Although new Regulation Best Interest has increased the burden on registered broker-dealers, the new burden is not insurmountable. Rather, with thoughtfulness, compliance, and adequate education of their brokers, broker-dealers can bring their registered representatives into compliance with the new regulation. Under Reg. BI, it is important for brokers to contemporaneously document the reasons for their recommendations, the alternatives they considered, and why their recommendations serve the customers’ best interests.

† Barry R. Temkin is a partner at Mound Cotton Wollan & Greengrass LLP, with offices in New York, New Jersey, Florida, Texas, and California. He is also an adjunct professor of law at Fordham University School of Law, where he teaches courses on securities regulation and broker-dealer regulation. Cynthia L. King is a principal of the Law Offices of the Cynthia L. King, and former regional counsel for NASD District 3 in Denver, a position she held for 10 years. Mitchell Markarian is an attorney admitted to practice in New York, a graduate of New York Law School, and a claims professional at OneBeacon Insurance. The views expressed in this article are those of the authors alone, and not those of Mound Cotton, Fordham, OneBeacon, or FINRA.

[1] See Regulation Best Interest: The Broker Dealer Standard of Conduct, 84 Fed. Reg. 33, 318, 17 C.F.R. §240.

[2] 15 U.S.C. § 80b.1 et seq. (1990).

[3] See FINRA Reg. BI Form CRS Firm Checklist.

[4] Id.

[5] See FINRA Rule 2111, “Suitability.”

[6] Mark Schoeff, Jr., Reg. BI Test: Reasonableness, Investment News, Jan. 6, 2020, at 18.

Canadian entrepreneurs often look to the United States for the future financial prospects of their startups, primarily through development funding from angel investors and venture capitalists or a transformative exit deal with a larger acquirer. This reality raises the stakes on a key initial corporate decision of where to start their company, and can cause Canadian entrepreneurs to wonder whether they are better off incorporating in the United States.

On one hand, nine of the 10 largest Canadian venture capital financings in 2018 included direct investments from one or more U.S. venture capitalists, indicating that jurisdiction of incorporation does not impede the northbound flow of capital. Canada also offers attractive personal and corporate tax benefits to Canadian technology startups and their resident shareholders, the most notable of which are refundable tax credits for research and development activities that can be critical to a company in its initial development stages.

On the other hand, founders and early-stage investors are sometimes concerned that incorporating in Canada carries a negative perception bias in the U.S. market and that tax issues may limit opportunities for future cross-border financings or exits. Even if a founder is comfortable that a certain structure works in a tax-efficient way today, the rules could (and often do) change, rendering an established structure ineffective or inefficient.

Although any potential deal drag from an initial Canadian incorporation can generally be overcome (for example, by setting up a U.S. subsidiary, establishing sister companies on both sides of the border, or implementing an exchangeable share structure), the available solutions may be viewed by Canadian founders and shareholders, as well as U.S. investors and acquirers, as too complex and costly to implement or too likely to cause unwanted distraction or diversion of focus. The ultimate question here is: will the generous but likely short-term tax benefits available from the Canadian government frustrate a subsequently successful startup’s ability to fund its longer-term future growth?

We discuss the potential upside and downside of these choices. Is it ever in a founder’s interest to forgo “free money” in the form of refundable tax credits in Canada in hopes of facilitating smoother access to the U.S. capital and exit markets? Or is the Canadian tax regime for technology startups just too tempting to pass up? 

Upside Benefits

1. Canadian-Controlled Private Corporations

The principal advantage of incorporating in Canada are the incentives offered by the Canadian government to Canadian-controlled private corporations (CCPCs) for scientific research and experimental development (SR&ED) activities. Under the Canadian federal SR&ED program, CCPCs are eligible to receive refundable income tax credits at a 35-percent rate on qualified SR&ED expenditures, up to a maximum expenditure limit of C$3 million. In certain circumstances, qualifying SR&ED expenditures could be higher than the amount actually incurred for the purposes of the income tax credit. For example, a C$100 qualifying expenditure could be considered a qualifying expenditure of C$155 for the purposes of the federal tax credit, which would allow the corporation to benefit from a credit of approximately C$55 (or 35 percent of C$155). Where the refundable income tax credits exceed the taxes payable for the year, a qualifying CCPC is entitled to receive a cash refund from the Canadian government. As such, the cost of carrying on SR&ED activity in Canada could be significantly reduced by the SR&ED income tax credit incentives.

Key threshold questions for any founder, then, are whether the company is a CCPC and whether it qualifies for the SR&ED credit.

A CCPC is a corporation incorporated provincially or federally in Canada that is not “controlled” (in law or in fact) by one or more nonresidents of Canada or public companies. Practically speaking, and absent extenuating circumstances, startup technology companies with a majority of Canadian resident founders will have CCPC status.

Qualifying SR&ED expenditures include basic and applied research and experimental development costs for technological advancement for the purpose of creating new or improving existing materials, devices, products, or processes. For qualifying companies with a low amount of revenue and research and development expenses, these benefits can significantly aid in the viability of a company, particularly in its initial stages.

In considering the value of this benefit, founders and investors should be mindful that company growth can impair the availability of the SR&ED credit. Generally, taxable income above C$500,000 and taxable capital above C$10 million in a prior year can begin to reduce the availability of enhanced and refundable SR&ED credits available to a company.

Other benefits to qualifying as a CCPC include:

• Lower corporate tax rates on the first C$500,000 of active business income.
• Beneficial tax treatment for Canadian resident shareholders on the sale of shares of certain CCPCs, including (i) a one-time capital gains exemption (C$883,384 for 2020); and (ii) deferral of capital gains realized if the proceeds from the sale are reinvested in another CCPC, in each case, provided certain conditions are met.
• Beneficial tax treatment for certain Canadian resident arm’s-length employees on the exercise of options, including (i) a tax deferral until the employee disposes of the underlying shares (in contrast to non-CCPC options where the taxable benefit is realized at the time of exercise); and (ii) a deduction representing 50 percent of the benefit derived from the options on the sale of the underlying shares (even if the options were not granted at fair market value), provided the employee has held the shares for at least two years from the date of exercise (in contrast to non-CCPC options, which would only be eligible for the 50-percent deduction where the options were awarded with a fair market value exercise price).

As a result of these benefits, CCPC eligibility may well be the determining factor on where to establish the company. In fact, U.S. investors that are aware of these benefits may expect that any Canadian tech startup in which they are investing take advantage of, and maintain, CCPC eligibility as long as possible. Further, where Canadian resident founders have made the initial decision to incorporate their company in the United States, but come to realize that many of their R&D activities would be “SR&ED eligible,” it is not uncommon for such companies to look at options for reorganizing into a Canadian-based structure; however, these cross-border reorganizations involve additional cost and complexity, as explored further below.

2. Foreign Investment

The tax efficiency of investing in Canada has been made all the more important since tax barriers formerly placed on nonresident investors were removed. Previously, U.S. investors were subject to significant impediments to disposing of a cross-border investment by the Canadian tax regime, primarily in the form of requirements to apply for and obtain clearance certificates from the Canadian tax authorities, failing which large withholding requirements would be imposed on buyers. These barriers meant that most foreign investment (i) was done either through tax-favorable jurisdictions or countries that had entered into tax treaties with Canada to facilitate obtaining tax clearance certificates; or (ii) required the Canadian target to implement a share exchange structure (discussed below) or reorganize as a U.S. corporation. The removal of these barriers, which was brought about largely through advocacy efforts by U.S. investors, has made it much easier for Canadian startups to attract U.S. capital. This has permitted founders to focus on CCPC eligibility as the key determining factor on where to incorporate.

3. NVCA Documents

Practice has evolved over the past 10 years such that emerging companies in Canada are now commonly implementing National Venture Capital Association (NVCA)-style documents with which U.S. investors are familiar, but which have been modified to work in Canadian jurisdictions. This change has effectively eliminated a legal distinction that had given some U.S. investors pause when they considered investing in Canadian startups.

As a baseline, the corporate statutes in most Canadian jurisdictions, and certainly federally and in Ontario, are “modern” corporate statutes that reflect Delaware corporate law principles. Nevertheless, there are certain differences, such as the scope of fiduciary duties of the board, changes triggering class votes, shareholder consent requirements, and the availability of the oppression remedy that continue to distinguish the jurisdictions. The Canadian NVCA-styled documents are designed to harmonize the differences between Canadian corporate law and Delaware corporate law through contractual agreement. For example, many Canadian technology companies will provide for unanimous shareholder consent on written instruments and enumerate certain changes triggering class votes. They also address U.S. tax considerations that arise in connection with the ownership of a foreign corporation (e.g., PFIC and CFC rules). U.S. investors are familiar with and understand these documents, which leads to increased confidence and streamlined processes when looking for potential investments in Canada.

Downside Risks

Given the compelling CCPC benefits, what might make a forward-thinking or risk-averse founder consider incorporating in the United States?

1. Uncertain Withholding Regime?

First and foremost, any cross-border investment is inherently complex and comes with certain risks. This is because any investor or acquirer of a foreign business must first ask, “Can I get my investment back in a way that is tax efficient?” For example, will that investor be able to receive dividends or distributions from its investment without large withholding requirements? Will a non-U.S. acquirer be able to successfully integrate cash flows and efficiently manage the target in its existing structure? Are the entities able to share intellectual property and other facilities across the border? If the value created from the investment or acquisition cannot be taken out of the target company’s home jurisdiction in a meaningful way, the transaction may not be worth doing. This risk is amplified by the fact that most potential tax impediments apply when the foreign party is exiting from the investment (e.g., on sale of the shares), rather than at the time that the investment is made. This means that both the company and the investors must have confidence in the future tax regime between the applicable jurisdictions.

Canada and the United States are no exception to this. As mentioned above, prior to 2010, certain barriers were imposed on foreign investors of Canadian companies that resulted in many investors investing through other jurisdictions or not at all. Although these barriers have since been removed, there is no guarantee that the more tax-efficient regime will be permanent or that similarly efficient rules will stay in place. For example, U.S. tax reform (which occurred in late 2017) injected a great deal of uncertainty into the market for U.S. venture capital and private equity investment in non-U.S. portfolio companies when, as part of that overhaul, the U.S. government introduced the novel Global Intangible Low-Taxed Income (GILTI) tax regime. The GILTI rules, as enacted in the Internal Revenue Code, would have had a materially negative and disruptive impact on the U.S. taxation treatment of foreign investment by certain U.S. investors by effectively accelerating the taxation of foreign income and thereby creating a new and pervasive form of “phantom” income. Fortunately, the scope of the GILTI rules was substantially scaled back by Treasury Regulation issued in June 2019, but for this largely unanticipated and unexpected regulatory restraint imposed on the GILTI rules, the GILTI regime would have created significant issues for U.S. investors in foreign corporations, and Canadian startups would have certainly felt that effect. Thus, although current tax regimes support foreign investment in Canadian corporations, these recent tax considerations demonstrate that it is possible this may not be the case in the future.

2. Lack of Rollover Treatment

For forward-thinking founders, another consideration is the tax issues that can arise when a Canadian company is acquired by a foreign corporation. This is predominantly relevant where an acquirer wants to satisfy part (or in some cases, all) of the purchase price with its own shares—a common acquisition structure for technology companies. In Canada, shareholders of a target company are entitled to defer the taxes owing on consideration shares in a stock-for-stock deal until those shares are sold. This rollover treatment is not available, however, where the shares of a Canadian target are exchanged for shares of a foreign company.

This means that in cross-border, stock-for-stock deals, Canadian shareholders can be left with a tax bill without having received any cash to pay it. This can be particularly problematic for Canadian residents who have material accrued gains on their shares. Alternatively, in the face of objections from the Canadian shareholders to what is effectively a lower net-per-share price, the acquirer may not be able to use its equity for all or a portion of the purchase price, which could limit the universe of potential buyers to those who can pay with cash.

This risk to the buyer pool leads founders and investors to consider the longer-term impact on the location of incorporation of a company. To avoid the risk of impairing an exit deal with a U.S. buyer offering shares as consideration, or having no deal at all due to a diminished buyer pool, a founder may consider starting as a U.S. entity.

3. Is An Exchangeable Share Structure the Solution?

One thing to bear in mind when considering the above-noted exit risk (i.e., the risk that a startup’s Canadian shareholder base will object to a share-for-share exit deal involving a buyer’s U.S. shares due to lack of rollover treatment) is the complexity of the common “fix” to this risk. In what is often referred to as an “exchangeable share” structure, the U.S. acquirer will set up a Canadian corporation and authorize a class of exchangeable shares to be issued as consideration to the Canadian holders of the target shares. The exchangeable shares are meant to replicate the rights of the shares of the U.S. acquirer as much as possible, including the right to receive dividend payments in the same amount declared on the acquirer shares, the rights to receive acquirer shares on certain liquidity events, and the right to exchange the Canadian shares for acquirer shares on demand.

Although this is an effective and somewhat commonly used solution in a deal that would otherwise not result in rollover treatment for Canadian resident shareholders, it is complex and costly to implement. Furthermore, the lack of understanding of these structures by the companies involved, as well as by their shareholders and counsel, can lead to confusion during and after the acquisition. This typically arises when the shareholders attempt to sell or exercise other rights with respect to their exchangeable shares. Unfortunately, this means that the common fix is not always an effective solution.

4. Other Issues

Finally, a company may want to consider other factors, such as government grants that are only available to companies incorporated in the United States (e.g., the Small Business Innovation Research and Small Business Technology Transfer programs offered by the U.S. government); the location of its employees, customers, and suppliers; and whether the company intends to eventually move operations to the United States. Although each of these factors may not carry sufficient weight to give up tax benefits offered to CCPCs, particularly at the incorporation stage, they are worthwhile considerations at the outset given the difficulty, or in certain cases impossibility, of changing the jurisdiction of a company down the line.

5. Alternative Startup Structure

An alternative, which may be more appropriate where the startup is likely to have SR&ED-qualifying expenses but may not be or remain controlled by Canadians, is to implement what is known as a “SR&ED structure.”

A SR&ED structure is used where the operations of a business are run out of the United States, but the research and development activities are carried out in Canada by a corporation that qualifies as a CCPC. Various considerations between the relevant stakeholders must be carefully considered in these arrangements, including putting in place the requisite corporate and commercial protections.

In the appropriate circumstances, this type of dual arrangement can allow investors in a U.S. startup to benefit from Canada’s favorable SR&ED incentives, but these structures are complex and costly to implement and administer (e.g., consultation with legal and tax advisors is essential), which in some cases means these structures may not be a viable option for a startup without significant resources.

6. Corporate Migration Across the Canada-U.S. Border by a Continuance Can Be Complicated

An entity that wishes to migrate across the border can effect that change through a corporate restructuring or through the option of transferring its jurisdiction (known as a “continuance” under Delaware law) from Canada to the United States (or vice versa). Founders should be mindful, however, that a continuance can result in significant tax consequences in both Canada and the United States. Specifically, for Canadian tax purposes, the company continuing from Canada to the United States will be deemed to have disposed of all of its property at fair market value and will be required to pay income tax on the portion of its income and capital gain that is deemed to have been realized thereunder. In addition, the company must pay branch taxes equal to 25 percent of the excess of the fair market value of its assets over the total of the paid-up capital of its shares and outstanding debts. In addition, U.S. shareholders of the migrating Canadian company may be subject to current U.S. taxation in connection with the continuance (which is particularly unattractive, given that there is frequently no liquidity in connection with a continuance transaction).

In the other direction, when a U.S. corporation engages in a corporate law continuance out of the United States and into Canada, there is an important threshold question of whether that migration will accomplish any U.S. tax effect at all. More particularly, the U.S. anti-inversion rules are designed with the specific purpose of preventing corporate expatriation out of the United States. When applicable, these rules can apply to treat the continued corporation as if it remained a U.S. corporation for all U.S. federal income tax purposes (even though, as a corporate law matter, the redomiciled entity is a Canadian corporation). The anti-inversion rules are notoriously complex and, by way of summary, make it difficult for a U.S. corporation to successfully expatriate to a non-U.S. jurisdiction, unless the corporation has “substantial business activities” (i.e., substantial income, assets, and employees) in the new foreign jurisdiction. If the U.S. corporation expatriating to Canada falls victim to the U.S. anti-inversion rules, it will be in the unenviable situation of concurrently being treated as a U.S. corporate taxpayer for U.S. tax purposes and a Canadian corporate taxpayer for Canadian tax purposes. For some corporations, this dual status can be managed, but for many others it is unworkable.

Even if the expatriating U.S. corporation is able to avoid the application of the anti-inversion rules, the continuance itself may carry hefty U.S. taxation. In particular, the continuance: (i) is likely to trigger corporate-level tax for the U.S. corporation (i.e., the continued U.S. corporation would be subject to U.S. federal income tax, currently at a rate of 21 percent, on the built-in gain (if any) in its assets at the time of continuance); and (ii) is generally taxable for U.S. shareholders of the continuing corporation if they have built-in gain in their shares of the U.S. corporation at the time of the continuance. In some cases, these issues can be managed through structuring or otherwise, but the process of systematically identifying and addressing the relevant tax issues can make the migration a complicated (and costly) undertaking.

Conclusion

For Canadian startup companies with anticipated research and development expenses, particularly in its initial years, incorporating in Canada to take advantage of the tax advantages offered by the Canadian government makes a lot of sense.

Alternatively, if an entrepreneur with sufficient resources for legal costs anticipates both operating in the United States and qualifying for CCPC status, it may be worth considering alternate arrangements that can still preserve certain benefits of Canada’s SR&ED regime.

On the other hand, even though the tax regimes in Canada and the United States have been supportive of cross-border investment over the past decade, an entrepreneur who anticipates acquisition by a U.S. company, particularly in the near term, may choose a different path. The entrepreneur may choose to forego the potential upfront tax incentives offered by the Canadian government’s SR&ED credits and proceed by incorporating in the United States in a bid to ensure the widest universe of potential buyers and eliminate the possible need to rely on complex exit mechanics, such as exchangeable share structures, which might impair an otherwise smooth exit transaction.

Incorporating in Canada is a viable and often compelling option, but there is no “one size fits all” solution, and savvy founders are advised to consider the issues so that they can make an informed decision.

The Fair and Accurate Credit Transactions Act (FACTA), 15 U.S.C. § 1681 et seq., prohibits merchants from including, among other information, credit- and debit-card expiration dates on printed receipts.* See 15 U.S.C. § 1681c(g)(1). After this provision originally became effective in 2004, plaintiff class-action firms flooded courts with expiration date lawsuits, which courts and others “met with varying degrees of contempt.” Sieber v. Havana Harry’s, 604 F. Supp. 2d 1368, 1369 (S.D. Fla. 2009).

Congress eventually amended FACTA in 2008 to include findings that the presence of credit- and debit-card expiration dates on printed receipts does not increase a consumer’s risk of identity theft. See Pub. L. No. 110-241, § 2(a)(6). Due in large part to Congress’s 2008 clarification, most federal circuits now hold that FACTA expiration date claims fail to allege the bare minimum injury in fact needed for federal courts to exercise jurisdiction. See, e.g., Meyers v. Nicolet Rest. of De Pere, 843 F.3d 724, 727–28 (7th Cir. 2016). Nevertheless, plaintiffs continue to file these claims in state court to avoid this federal jurisdictional bar. Although some question whether Congress can allow plaintiffs to bring federal claims in state court that they could not bring in federal court, most FACTA expiration date claims should in any event fail on the merits.

If a FACTA plaintiff suffers no actual damages, then he or she must demonstrate willful noncompliance to recover statutory or punitive damages, which entitles his or her attorneys to recover their reasonable fees. See, e.g., 15 U.S.C. §§ 1681o, 1681n. Willfulness under FACTA requires either known or reckless misconduct. See, e.g., Safeco v. Burr, 551 U.S. 47, 57 (2007). Given that few, if any, merchants would truncate the card number but leave the expiration date just to flout the will of Congress, most FACTA expiration date claims do not implicate the voluntary, intentional, or deliberate misconduct needed to show known violations. See, e.g., Howard v. Hooters, No. H-07-3399, 2008 U.S. Dist. LEXIS 30776 *3 (S.D. Tex. Apr. 5, 2008). Thus, liability typically hinges on whether the merchant’s noncompliance can qualify as reckless, i.e., whether the merchant disregarded an unjustifiably high risk of harm to the consumer. See Vidoni v. Acadia, No. 11-cv-448, 2012 U.S. Dist. LEXIS 59967 *6–*16, 2012 WL 1565128 (D. Maine Apr. 27, 2012).

Plaintiffs cannot as a matter of law demonstrate that a merchant’s alleged FACTA violation disregarded an unjustifiably high risk of harming consumers if Congress specifically found that the alleged violation by itself does not increase the risk of harm to consumers. See, e.g., Vidoni, 2012 U.S. Dist. LEXIS 58867, *15. Accordingly, where a plaintiff can only allege that the merchant included a credit- or debit-card expiration date on a printed receipt, without more, courts should dismiss willful noncompliance claims under FACTA with prejudice at the pleading stage.

FACTA and the Clarification Act

In 2003, Congress enacted FACTA as an amendment to the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq., “in response to what it considered to be the increasing threat of identity theft.” Meyers, 843 F.3d at 725. FACTA requires merchants to truncate all but the last five digits of a consumer’s credit or debit card on electronically printed receipts. See 15 U.S.C. § 1681c(g)(1). The merchant must also truncate the card’s expiration date. Id. Negligent noncompliance allows consumers to recover actual damages. See 15 U.S.C. § 1681o. If consumers do not suffer actual damages, then they must show willful noncompliance to recover statutory or punitive damages. See 15 U.S.C. § 1681n.

Congress provided merchants a safe-harbor period to comply with FACTA’s requirements, setting December 4, 2004, as the earliest possible date the act would subject merchants to potential liability. See, e.g., 15 U.S.C. § 1681n(g)(3). “Almost immediately after Congress’ deadline for compliance with FACTA’s substantive provisions, scores of class action lawsuits were filed—many against small businesses.” Sieber, 604 F. Supp. 2d at 1369. “These suits were met with varying degrees of contempt from district courts, the national business lobby, and Congress.” Federal courts “bemoan[ed] the destructive effects” of these types of claims, and they “characteriz[ed] the many FACTA class actions as a great waste of judicial time and effort.” (Quotations omitted.)

Notably, all federal circuits to have expressly considered the issue now refuse to even hear class-action lawsuits alleging that merchants printed credit- and debit-card expiration dates on receipts, without more, because they find the allegations insufficient to establish the bare minimum injury needed to give federal courts standing to consider the dispute. See, e.g., Jeffries v. Volume Servs. Am., 928 F.3d 1059, 1066 (D.C. Cir. 2019) (circuit courts “have unanimously concluded that a FACTA violation based solely on a failure to truncate an expiration date does not qualify as a concrete injury in fact”). Accordingly, some plaintiff class-action firms are bringing these “great waste[s] of judicial time and effort” to state courts instead.

In 2008, responding to “a spate of lawsuits against merchants who printed receipts showing credit card expiration dates,” Congress passed the Credit and Debit Card Receipt Clarification Act (Clarification Act). Basset v. ABM Parking, 883 F.3d 776, 778 (9th Cir. 2017). The Clarification Act found that “[e]xperts in the field agree that proper truncation of the card number, by itself . . . regardless of the inclusion of the expiration date, prevents a potential fraudster from perpetrating identity theft or credit card fraud.” Pub. L. No. 110-241, § 2(a)(6). It therefore amended FACTA “to ensure that consumers suffering from any actual harm to their credit or identity are protected while simultaneously limiting abusive lawsuits that do not protect consumers but only result in cost to business and potentially increased prices to consumers.” Id. § 2(b).

More specifically, Congress added the following provision to the section governing civil liability for willful noncompliance:

For the purposes of this section, any person who printed an expiration date on any receipt provided to a consumer cardholder at a point of sale or transaction between December 4, 2004, and June 3, 2008, but otherwise complied with the requirements of section 1681c(g) of this title for such receipt shall not be in willful noncompliance with section 1681c(g) of this title by reason of printing such expiration date on the receipt.

15 U.S.C. § 1681n(d). Congress did not amend the substantive language governing FACTA’s truncation requirements for electronically printed receipts. See 15 U.S.C. § 1681c(g).

Congress Amended FACTA to Limit Abusive Lawsuits and Protect Small Businesses

The Clarification Act did not remove FACTA’s requirement that merchants redact credit- and debit-card expiration dates. See 15 U.S.C. § 1681c(g)(1). When passing the bill, individual members of Congress confirmed that the Clarification Act “does not eliminate a business’s obligation to . . . redact the expiration dates from its receipts” and “[g]oing forward, companies will still have to meet the same strict rules Congress originally passed.” 154 Cong. Rec. E925, 925 (May 14, 2008); 154 Cong. Rec. S4439, 4440 (May 20, 2008). Nevertheless, the Clarification Act’s express findings cast substantial doubt on whether printing expiration dates alone can constitute willful misconduct. See Pub. L. No. 110-241, § 2(a)(6).

As one federal court explained: “the Clarification Act reflects Congress’ view that FACTA went too far in subjecting small businesses to potentially crippling class action lawsuits where only an expiration date was printed on an otherwise redacted credit card receipt.” Sieber, 604 F. Supp. 2d at 1371. Thus, as another federal court recognized, “the statute changed the type of relief one can obtain when a merchant fails to redact the expiration date from a credit card receipt but otherwise complies with FACTA.” Barbieri, 2009 U.S. Dist. LEXIS 9309, *14. “Before the Clarification Act, the failure to redact the expiration date could constitute a willful violation; however, after the Clarification Act, it cannot (provided that the other provisions of FACTA are followed).” Id. at *10.

Some federal district courts construe the Clarification Act’s date ranges to suggest that Congress only meant to extend its original safe-harbor period to June 3, 2008, meaning that failing to truncate the expiration date after June 3, 2008, can still possibly constitute willfulness under FACTA. See, e.g., Hepokoski v. Brickwall of Chicago, No. 09 C 611, 2009 U.S. Dist. LEXIS 122389 *8, 2009 WL 5214311 (Sept. 22, 2009). They find that any reading extending the Clarification Act’s amendment beyond June 3, 2008, renders inclusion of the June 3, 2008 date superfluous. Id. Importantly, however, these interpretations ignore the impact of the Clarification Act’s findings and stated purpose, and many state courts do not consider district court opinions controlling, even on matters of federal law. See, e.g., State v. Burnett, 93 Ohio St. 3d 419, 424 (2001); Pacific Shore Funding v. Lozo, 138 Cal. App. 4th 1342, 1352 (2d Dist. 2006).

As noted, Congress amended FACTA to protect small businesses from “potentially crippling class action lawsuits where only an expiration date was printed.” Sieber, 604 F. Supp. 2d at 1371. It seems unlikely that Congress intended the Clarification Act to merely delay abusive lawsuits from crippling small businesses until after the amendment went into effect. It more likely intended the opposite. If Congress meant for the Clarification Act to continue allowing FACTA plaintiffs to cripple small businesses that only printed an expiration date, then it would not have specified that “[t]he purpose of this Act is to ensure that consumers suffering from any actual harm to their credit or identity are protected while simultaneously limiting abusive lawsuits that do not protect consumers but only result in increased cost to business.” Pub. L. No. 110-241, § 2(b).

Relatedly, FACTA specifically allows federal regulatory agencies and state attorneys general to enforce the statute outside the civil liability provisions for private litigants. See 15 U.S.C. § 1681s. In other words, Congress’s decision to protect merchants from expansive liability for conduct creating no risk to consumers does not relieve merchants from their obligation to redact expiration dates. Rather, it prevents consumers never exposed to even a possible risk of harm from initiating private litigation to recover small awards for statutory damages so their attorneys can seek large awards for fees. Nothing in FACTA indicates that Congress intended the statute as a fund-raising mechanism for private attorneys. See Batra v. RLS Supermarkets, No. 16-cv-2874-B, 2017 U.S. Dist. LEXIS 125877 *10, 2017 WL 3421073 (N.D. Tex. Aug. 9, 2017) (“While Congress undoubtedly hoped that FACTA would reduce identity theft, it does not follow that Congress contemplated private actions by individuals who have not sustained any actual harm.”) (internal quotations omitted).

Typical Allegations in Expiration Date Claims Cannot Constitute Willfulness

FACTA expiration date claims typically include mostly the same allegations: (1) that merchants had substantial time to comply with the requirements after the act’s effective date; (2) that FACTA’s obligations received widespread public attention, including through guidance issued by regulatory agencies, trade associations, and similar organizations; (3) that major credit-card companies ordinarily incorporate FACTA’s requirements into their contracts with merchants; and (4) that most businesses know about and follow the law. See, e.g., Vidoni, 2012 U.S. Dist. LEXIS 58867, *4–*5; Seo v. CC CJV Am. Holdings, No. CV 11-05031, 2011 U.S. Dist. LEXIS 120246 *4–*5, 2011 WL 4946507 (C.D. Cal. Oct. 18, 2011); Gardner v. Appleton Baseball Club, Inc., No. 09-C-705, 2010 U.S. Dist. LEXIS 31653 *9, 2010 WL 1368663 (E.D. Wis. Mar. 31, 2018); Rosenthal v. Longchamp Coral Gables, 603 F. Supp. 2d 1359, 1361 (S.D. Fla. 2009).

Before most circuits confirmed that FACTA expiration date claims do not allege sufficient injury to implicate Article III jurisdiction, district courts split on whether these allegations alone could withstand motions to dismiss. Compare Komorowski v. All-American Indoor Sports, No. 13-2177, 2013 U.S. Dist. LEXIS 125747, 2013 WL 4766800 (D. Kan. Sept. 4, 2013) with Lavery v. Radioshack, No. 13-cv-5818, 2014 U.S. Dist. LEXIS 85190, 2014 WL 2819037 (N.D. Ill. June 23, 2014). However, a careful reading of the Clarification Act, along with Congress’s express findings and statement of purpose, suggests that electronically printing expiration dates on credit- and debit-card receipts cannot, by itself, constitute willfulness as a matter of law.

Knowing Violations Require Voluntary, Intentional, or Deliberate Conduct

Willfulness under FACTA requires not only that the merchant knew about the act, but that it “voluntarily or intentionally violated it.” Vidoni, 2012 U.S. Dist. LEXIS 59967, *9. “Merely being aware of a statute [ ] is insufficient to state a claim for willfulness.” Id. *11. Plaintiffs must also allege “a voluntary, deliberate, or intentional violation.” Id. See also Howard, 2008 U.S. Dist. LEXIS 30776, *2 (“To have willfully violated the statute, [the defendant] must have knowingly or recklessly disregarded it, purposefully exposing its customers to identity theft.”).

The typical FACTA expiration date allegations cannot support the voluntary, deliberate, or intentional misconduct required for knowing violations. Some courts have found knowing violations based on additional allegations, such as: (1) the merchant disregarding recommendations from a third-party contractor hired to ensure FACTA compliance; (2) the merchant choosing not to update its systems to avoid incurring the additional expense of reprogramming its machines; and (3) the merchant having been named in previous FACTA lawsuits alleging the same violations. Bouton v. Ocean Props., 201 F. Supp. 3d 1341, 1350 (S.D. Fla. 2016); Zaun v. Tuttle, No. 10-2191, 2011 U.S. Dist. LEXIS 47916 *5–*6, 2011 WL 1741912 (D. Minn. May 4, 2011); Steinberg v. Stitch & Craft, No. 09-60660, 2009 U.S. Dist. LEXIS 72908 *6–*7, 2009 WL 2589142 (S.D. Fla. Aug. 18, 2009). However, most plaintiffs bringing FACTA expiration date claims must rely on the merchant’s alleged recklessness to establish willfulness.

Recklessness Requires Risk of Harm

“To sustain a claim for recklessness [under FACTA], the Plaintiff is required to allege that the Defendant disregarded an ‘unjustifiably high risk of harm’ to its customers by failing to omit expiration dates from its receipts.” Vidoni, 2012 U.S. Dist. LEXIS 59967, *15 (quoting Safeco, 551 U.S. at 68). Multiple federal courts to have examined the issue conclude that a merchant cannot disregard an unjustifiably high risk of harm by printing expiration dates on its receipts because Congress specifically found that printing the expiration date, without more, creates no risk of harm, much less an unjustifiably high one. Id. See also, e.g., Gardner, 2010 U.S. Dist. LEXIS 31653, *17 (noting based on the Clarification Act that “it is far more likely that the violation was merely negligent, if even that”); Rosenthal, 603 F. Supp. 2d at 1362 (agreeing with argument that “the mere allegation that Defendant failed to delete the expiration date cannot by itself establish a willful reckless violation of the statute”).

Federal courts mostly agree that FACTA can create liability for willful violations even where no actual harm occurs. See, e.g., Ramirez v. Midwest Airlines, 537 F. Supp. 2d 1161, 1168 (D. Kan. 2008). Nonetheless, the U.S. Supreme Court confirms that recklessness requires “an unjustifiably high risk of harm that is either known or so obvious that it should be known.” Safeco, 551 U.S. at 68 (emphasis added). See also Gardner, 2010 U.S. Dist. LEXIS 31653 *17 (“given the fact that no additional protection of the consumer is achieved by deleting the expiration date, it can hardly be said that its action ‘entail[ed] an unjustifiably high risk of harm that is either known or so obvious that it should be known’”) (quoting Safeco).

Thus, the issue is not whether printing the expiration date actually harms the consumer; Congress itself confirmed that it cannot. See Pub. L. No. 110-241, § 2(a)(6). The issue is whether printing expiration dates creates even the possibility of harm to the consumer, i.e., whether the merchant ignores an unjustifiably high risk of known or obvious harm. See, e.g., Safeco, 551 U.S. at 68. It does not. See, e.g., Vidoni, 2012 U.S. Dist. LEXIS 59967, *15; Gardner, 2010 U.S. Dist. LEXIS 31653 *17; Rosenthal, 603 F. Supp. 2d at 1362.

FACTA’s Statutory Structure Requires a Risk of Harm

Some federal courts have rejected the risk of harm component of recklessness under FACTA. See, e.g., Ramirez, 537 F. Supp. 2d at 1169. For example, before Congress enacted the Clarification Act, at least one district court determined that “it is the reckless disregard of statutory duties (not harm) that makes a violation willful.” Id. However, such opinions improperly ignore FACTA’s statutory structure for civil liability. See 15 U.S.C. §§ 1681n, 1681o.

Under FACTA, negligently failing to comply with statutory requirements subjects an actor to liability for a consumer’s actual damages. See 15 U.S.C. § 1681o. In contrast, willfully failing to comply can subject the actor to liability for statutory and punitive damages even without actual damages. See 15 U.S.C. § 1681n. This statutory structure makes rational sense when viewed in the context of the act’s purpose to mitigate the risk of identity theft and credit-card fraud. See Pub. L. No. 110-241, § 2(a)(1) (FCRA’s purpose is to restrict “access to consumers’ private financial and credit information in order to reduce identity theft and credit card fraud.”).

For instance, if an actor negligently violates a statutory duty under FACTA in a way that could pose a risk to a consumer (i.e., unreasonably creates a risk of identity theft or credit-card fraud) then the statute makes the actor liable for the actual damages from any harm caused to the consumer. See, e.g., 15 U.S.C. § 1681o. If an actor willfully violates a statutory duty in a way that could pose a risk of harm to a consumer (i.e., knowingly or recklessly creates an unjustifiably high risk of identity theft or credit-card fraud), then the statute makes the actor liable for statutory and punitive damages regardless of whether the consumer suffered any actual injury. See, e.g., 15 U.S.C. § 1681n. This system of increasing civil liability makes intuitive sense.

However, if the analysis removes the requirement for some degree of consumer risk, the system no longer makes intuitive sense. Without consumer risk of harm, technical statutory violations that do not create any risk and cannot cause any harm, but are deemed “willful,” would expose small businesses to liability for statutory and even potentially punitive damages while more serious substantive violations that cause harm, but are deemed merely “negligent,” would expose the same businesses to liability for only actual damages. See 15 U.S.C. §§ 1681n, 1681o. Courts should not interpret consumer protection statutes such as FACTA to compel such an absurd result. See, e.g., Jerman v. Carlisle, McNellie, Rini, Kramer & Ulrich, 559 U.S. 573, 600 (2010).

Relatedly, as discussed above, Congress amended FACTA’s civil liability provisions “to ensure that consumers suffering from any actual harm to their credit or identity are protected while simultaneously limiting abusive lawsuits that do not protect consumers.” Pub. L. No. 110-241, § 2(b). FACTA accomplishes this objective in part by increasing the level of liability for conduct based on different degrees of consumer risk. See 15 U.S.C. §§ 1681o, 1681n. Under an analysis that did not consider consumer risk, courts would determine liability, regardless of whether the lawsuit protects consumers, based solely on whether the merchant “willfully” created no threat of harm to consumers or just “negligently” created no threat of harm to consumers. Again, courts should not interpret consumer protection statutes like FACTA to compel absurd results. See Jerman, 559 U.S. at 600.

Put differently, even if the court asks whether the merchant recklessly disregarded “statutory duties (not harm),” as some courts may consider appropriate (see, e.g., Ramirez, 537 F. Supp. 2d at 1169), that question lacks any meaning without considering risk. What qualifies as “recklessly” disregarding a statutory duty to protect consumers if it does not require disregarding an unjustifiably high risk of harming consumers? Federal courts are clear that a merchant who implements an objectively reasonable policy that still fails to comply with the law only negligently violates the statute. See, e.g., Long v. Tommy Hilfiger, 671 F.3d 371, 376–77 (3d Cir. 2012). Thus, only an objectively unreasonable policy recklessly violates the statute. Id. See also Safeco, 551 U.S. at 69. So what constitutes an objectively unreasonable policy for truncating expiration dates?

In the context of FACTA expiration date claims, the merchant: (1) knows about expiration date truncation requirement and intentionally ignores it for some financial motive; (2) knows about the requirement and attempts to truncate the expiration date but fails; or (3) does not know about the requirement. No other possibilities exist.

Some courts consider the first situation, knowing about the truncation requirements and intentionally ignoring them for financial gain, to constitute a knowing violation. See, e.g., Zaun, 2011 U.S. Dist. LEXIS 47916, *5–*6 (denying motion for judgment on pleadings where defendant allegedly fired third-party compliance administrator who warned it to upgrade systems to comply with FACTA to save money). The second situation, knowing about the truncation requirement and attempting but failing to comply, would presumably constitute at most a negligent violation. See, e.g., Long, 671 F.3d at 377.

That leaves only the third situation, not knowing about the truncation requirement, to potentially qualify as reckless. However, a merchant who fails to implement a policy to truncate expiration dates because it did not know about the requirement necessarily does not implement an objectively unreasonable policy. It does not implement any policy at all.

Relatedly, if not knowing about the requirement qualified as reckless by itself, then a merchant’s potential liability would nonsensically bounce back and forth from liability for not knowing about its statutory duties, to effectively no liability for inadvertently failing to comply with known statutory duties, and then back to liability for intentionally ignoring known statutory duties. See, e.g., 15 U.S.C. §§ 1681n, 1681o. This ping-pong effect on potential liability lacks the same intuitive sense accompanying an interpretation that recognizes risk of harm as a component of recklessness.

Congress Did Not Create Civil Liability for All FACTA Violations

Moreover, removing consumer risk of harm from the willfulness analysis improperly imposes civil liability on merchants for all FACTA expiration date violations, despite Congress specifically limiting civil liability to only negligent or willful noncompliance. See 15 U.S.C. §§ 1681n, 1618o. See, e.g., Gardner, 2010 U.S. Dist. LEXIS 31653, *15 (if printing expiration dates alone constituted willfulness, then “every violation of the statute would be willful simply because it was a violation”) (emphasis in original).

As discussed above, FACTA expiration-date claims can only involve three possible scenarios: (1) the merchant knows about the expiration date truncation requirement and intentionally ignores it; (2) the merchant knows about the requirement and attempts to truncate the expiration date but fails; or (3) merchant does not know about the requirement. If the third scenario qualifies as reckless, then all expiration date violations invoke civil liability regardless of whether they are negligent or willful, directly contradicting FACTA’s plain statutory language.

Had Congress intended to impose civil liability for all FACTA violations in this way, it would not have specified different standards for negligent and willful noncompliance. See, e.g., Duncan v. Walker, 533 U.S. 167, 174 (2001) (court must “give effect, if possible, to every clause and word of a statute”). Instead, it would have just created civil liability for noncompliance and increased the potential damages for willful noncompliance. See Fish v. Kobach, 840 F.3d 710, 740 (8th Cir. 2016) (“When Congress knows how to achieve a specific statutory effect, its failure to do so evinces an intent not to do so.”) (emphasis in original). Ignoring consumer risk improperly abrogates Congress’s clear statutory intent that civil liability only extends to either negligent or willful violations. See, e.g., 15 U.S.C. §§ 1681n, 1681o.

Conclusion

FACTA requires merchants to redact expiration dates from electronically printed receipts, and it provides enforcement mechanisms allowing the appropriate agencies and state actors to ensure that merchants comply. See 15 U.S.C. §§ 1681c(g)(1), 1681s. Congress never intended these requirements to expose merchants to crippling class-action liability for noncompliance that creates no possible risk of harm. See, e.g., Pub. L. No. 110-241, § 2(b); Sieber, 604 F. Supp. 2d at 1371. A merchant who violates FACTA in a way that Congress specifically found does not increase the risk of identity theft cannot have recklessly disregarded the nonexistent risk, and it therefore cannot have willfully failed to comply with the act. See, e.g., Vidoni, 2012 U.S. Dist. LEXIS, *15–*16. State courts forced to hear expiration date claims because federal courts will not exercise jurisdiction over them should dismiss the claims with prejudice at the pleading stage.

*  Kevin M. Hudspeth serves as of counsel to Maurice Wutscher LLP, a national financial services law firm, where he practices in the appellate, consumer credit, and regulatory compliance groups. He has extensive experience with litigation at all levels in federal and state courts across the country, including appeals, class-action lawsuits, and matters involving complicated facts and complex legal issues. He is actively litigating the issues discussed in this article.

Although most of the nation has been anxiously watching the stock market and daily coronavirus updates from White House officials, some business owners have been sidetracked with captive insurance issues. For many business owners who participate in micro-captive insurance programs, and as highlighted in the March 20th issue of the New York Times, the recent cessation of business has prompted a review of captive coverages to determine whether relief can be provided in the form of a claim for business interruption.[1]

However, news coverage of micro-captives was almost immediately followed by the receipt of IRS Letter 6336 (the Micro-Captive Soft Letter) by many captive owners and their insureds. Similar to the up and down of the stock market, micro-captive owners and insureds are now wondering whether they can seek monetary relief for business interruption through their micro-captives, but are at the same time confused as to their exposure for federal and state income tax liabilities. The current environment for micro-captive owners requires examining micro-captive policies to not only determine whether relief is available, but also to avoid losing sight of any potential tax issues, including reporting requirements.[2]

Potential for Abuse. Tax law generally allows businesses to create “captive” insurance companies to cover certain risks that are otherwise unavailable or expensive to cover in the commercial market. The insured company benefits by obtaining the additional coverage and deducting the premiums paid to the captive insurer. Upon making an election under section 831(b) of the Internal Revenue Code, the captive insurer may exclude the premiums from income.

According to the IRS, in abusive micro-captive insurance structures, the relationship might lack the attributes of genuine insurance. For example, coverages might insure implausible risks, fail to match genuine business needs, or duplicate the taxpayer’s commercial coverages. Premium amounts might be unsupported by actuarial analysis or geared toward a desired deduction amount, and policies might contain vague and ambiguous terms, or otherwise fail to meet industry standards. Further, premiums for policies that do not result in claims, but generate income tax deductions (at ordinary income tax rates to the insured), and are accumulated for future distribution (at capital gain rates) to family members or trusts created for their benefit, entirely sidestepping transfer taxes in the process, have also been identified by the IRS as potentially abusive.[3]

Continuing IRS Pressure. The soft letters recently issued are one tool the IRS uses to obtain information from taxpayers as well as advisors. The IRS has previously indicated that soft letters might be used as a tool for enforcement, and has recently used soft letters as an enforcement tool in its cryptocurrency campaign. Other methods of enforcement utilized in IRS campaigns include issue-based exams as well as practitioner outreach.

Micro-Captive Soft Letter. The Micro-Captive Soft Letter puts the taxpayer on notice that (a) the taxpayer has been identified as participating in a micro-captive; (b) several consecutive tax court rulings have issued in favor of the IRS; and (c) the IRS is increasing enforcement activity, which will entail opening additional examinations. The Micro-Captive Soft Letter then requests that if the taxpayer is “no longer claiming a deduction or other tax benefit for any micro-captive,” the taxpayer “must” sign a statement under the penalties of perjury indicating whether the taxpayer is still “participating” in a captive and the year the taxpayer last took a deduction or other “tax benefit” associated with the captive.

If the taxpayer is continuing to participate in a micro-captive, the Micro-Captive Soft Letter reminds the taxpayer to continue to disclose participation in the transaction on Form 8886. Additionally, it recommends that the taxpayer seek independent, competent counsel prior to filing 2019 tax returns, and to consult on whether the taxpayer should amend prior-year returns for improper deductions or tax benefits.

The IRS informs the taxpayer that complying with the terms of the letter will be considered in any future enforcement action. When filing amended returns, the IRS requests the taxpayer to write “Micro-captive” on the top of the amended tax return. The IRS closes its letter by stating that if prior years are amended, such amendments could be qualified amended returns (QAR). The IRS states that the Micro-Captive Soft Letter does not constitute an examination for purposes of the rule negating a QAR if the taxpayer has already been contacted by the IRS concerning any exam with respect to the tax return. This means the IRS will not seek penalties (under the first-contact exception to the QAR rules) if the IRS subsequently opens such years for exam. This benefit can be incredibly helpful in that the IRS has been seeking a 20-percent penalty and up to a 40-percent (nondisclosure of noneconomic substance) penalty for understatements resulting from denied micro-captive deductions. It is also worth noting that a transaction lacking economic substance carries with it strict liability for such penalties, notwithstanding an advisor’s opinion letter.

Micro-Captive Soft Letter Side Effects. The recent developments described above could have various impacts on the micro-captive industry. First, the soft letters might have a psychological effect making micro-captives and the associated management fees that go along with it seem decidedly less attractive. This in turn might impact revenue for those that rely primarily on the tax election as a source of business. See Endeavor Partners Fund, LLC v. Comm’r of Internal Revenue, 115 T.C.M. (CCH) 1540 (T.C. 2018), aff’d, 943 F.3d 464 (D.C. Cir. 2019) (“Recognizing that the IRS notices accurately described POPS and PICO, Bricolage advised its clients that the notices were only a statement of the IRS’ position, not a change in law. But the notices effectively eliminated demand for Bricolage products, forcing it to abandon many planned transactions. Bricolage accordingly began to wind down its activities.”). Second, some taxpayers might follow the IRS’s advice and seek independent counsel, who might suggest filing amended returns. This advice could be completely at odds with the advice that might be provided by a captive management company, thereby creating a quandary for the taxpayer as to who to trust. Further, conflicted advisors who are contacted by taxpayers might assist in procuring “independent” counsel, subject to the conflicted advisor’s “vetting process.” However, these advisors may not be viewed by the court as being truly independent, weakening the taxpayer’s defense against penalties. Consequently, it is likely that the industry will be divided into camps, where some will advise taxpayers to seek independent advice, and others, such as some promoters, will advise taxpayers that the latest IRS letter is a nothing more than the same IRS bullying. Their advice may be to ignore the letter and “wait it out,” given that the IRS has limited resources. Notwithstanding limited resources, LBI memo 4 14 2020 provided the campaign against micro-captives will continue, including opening new audits, despite the general postponement of new returns examinations until July 15, 2020.[4]

Signing under Penalty of Perjury. This particular signature carries with it important ramifications. In addition to perjury statutes of general applicability, an IRS-specific perjury statute, 26 U.S.C. § 7206(1), subjects false sworn statements to the IRS to fines of up to $100,000 ($500,000 in the case of a corporation) and imprisonment for up to three years. Consequently, any prevarication concerning continued participation in or tax benefits received from a micro-captive program could subject a taxpayer to criminal penalties, even if the program is otherwise defensible.

Parallel Investigations. The potential for criminal exposure provides further reason to heed the IRS’s advice and consult knowledgeable and experienced independent counsel. Indeed, unbeknownst to soft letter recipients, if the IRS suspects fraud, a criminal investigation could be proceeding in the background. The IRS routinely conducts such simultaneous civil and criminal investigations. Such parallel investigations are conducted separately, but whereas IRS policy forbids criminal investigators from directing actions in the civil investigation, the civil and criminal functions conduct regular “coordination meetings” to “facilitate sharing important case developments.”[5] IRS policy dictates that “[s]haring information between revenue officers and government attorneys assigned to the case is a key ingredient in developing civil and criminal cases simultaneously and efficiently.”[6] Therefore, in deciding whether and how to respond to the soft letter, counsel should consider the potential for criminal exposure, and in particular, whether to inquire about the existence of a criminal investigation, given that IRS policy forbids revenue officers from misleading taxpayers in this regard—though, a word to the wise, it also essentially directs revenue officers to avoid giving a straight answer to such an inquiry.[7]

Next Steps. Micro-captive owners should engage in a cost-benefit analysis with respect to the execution of the Micro-Captive Soft Letter. Although the response date is May 4^th, the IRS recently informed the press that the response date has been automatically extended to June 4^th, an extension that has also been confirmed by revenue agents working the Micro-Captive Soft Letter hotline. (According to hotline agents, this extension should be posted to the IRS website soon.)  The micro-captive owner must consider whether to respond because submitting the letter technically is not required. Additionally, the micro-captive owners should consider their exposure if audited and penalties are imposed, in addition to exposure to criminal penalties. All of this should be considered in light of the micro-captive owner’s particular facts and circumstances and the established precedent of the recent tax court opinions that found in favor of the IRS. Although one tax court opinion is currently being appealed, holding out hope for a favorable appeal does not help now, nor does it guarantee that a favorable ruling will be applicable to every micro-captive’s unique facts and circumstances.

[1] The New York Times, March 20, 2020.

[2] The United States Supreme Court accepted review of the Sixth Circuit’s divided decision in favor of the IRS and its reporting requirements under Notice 2016-66.  See CIC Services, LLC v. Internal Revenue Service, et.al., 19-930.

[3] I.R.S. Info. Rel. 2019-47, Mar. 19, 2019.

[4] Memo from LB&I Commissioner to all LB&I employees regarding “LB&I Compliance Priorities During the COVID-19 Pandemic” dated April 14, 2020.

[5] IRM §§ 5.1.5.2 (Parallel Investigations) (12-16-2014), 5.1.5.6 (Coordination Meetings) (08-03-2009).

[6] IRM § 5.1.5.9 (Information Sharing) (08-03-2009).

[7] IRM § 5.1.5.7(3) (Interviews) (08-03-2009).

A new opinion provides insight into the SEC’s regulation-through-enforcement approach toward ICOs.[1] Digging into the facts of a potentially billion-dollar cryptocurrency raises questions, and provides a few answers, about cryptocurrency sales.

In SEC v. Telegram Group Inc. & TON Issuer Inc., 19-cv-9439 (PKC) (S.D.N.Y. Mar. 24, 2020), the district court ruled in favor of the SEC in a motion for preliminary injunction against the issuance of a new cryptocurrency by Telegram Group Inc. (Telegram). The court found that the SEC showed a substantial likelihood of success in proving that Telegram’s plan to distribute the cryptocurrency would be an offering of securities to which no exemption applies. Telegram’s cryptocurrency would have been one of the most important in the industry, and the court’s ruling provides insight into the legal treatment of cryptocurrency, in particular the nature of decentralization and blockchain governance.

Telegram runs a messaging service (Messenger) popular in cryptocurrency circles due to its heavy encryption and distributed server network. It is used worldwide and claims a user base of 300 million. The company runs largely without charging fees or displaying advertisements and is funded from the founders’ personal wealth. In 2017, the company began to develop a blockchain and a digital asset—the TON (Telegram Open Network) Blockchain and Grams, respectively, to be integrated with Messenger. The distribution of the Grams is the focus of the SEC’s enforcement action.

Grams Token Distribution Plan

The initial supply of Grams was intended to be limited to five billion, all of which would be initially held by Telegram. Telegram intended to distribute the Grams in several rounds.

Initial Purchasers. Round one consisted of the sale of 2.25 billion Grams to 81 purchasers (Round 1 Purchasers) for $850 million, or approximately $0.38 per Gram. Round 1 Purchasers were subject to a staged lockup period, ending three, six, twelve, and eighteen months after launch of the TON Blockchain. In round two, Telegram sold 700 million Grams to 94 purchasers (Round 2 Purchasers, and together with the Round 1 Purchasers, the Initial Purchasers) for $850 million, or approximately $1.33 per Gram. In total, the Initial Purchasers would hold 58 percent of the Grams upon launch of the network. Telegram filed Form Ds for the sales to Initial Purchasers and claimed an exemption under Rule 506(c).

Incentive Reserve. According to promotional materials, Telegram intended to retain four percent of the Grams for Telegram developers building the TON Blockchain, including one percent for each of the two founders. Further, Telegram stated that 10 percent of Grams would be reserved for incentive programs, such as distributions to Messenger users.

TON Foundation. The remaining unallocated Grams, about 28 percent, were intended to be transferred to a to-be-created nonprofit, the TON Foundation. The TON Foundation would be tasked with control of such reserve and maintaining governance functions for the TON Blockchain. The TON Foundation would be controlled by a board, including the Telegram founders. If the TON Foundation is not established, then the reserve would be locked indefinitely.

The SEC’s Preliminary Injunction

Prior to the establishment of the TON Blockchain and distribution of the Grams, the SEC filed for a preliminary injunction in the Southern District of New York. The SEC claimed that such distribution would constitute an unregistered offering of securities under section 5 of the Securities Act of 1933 (the Securities Act). On March 24, 2020, the court granted the SEC’s motion for a preliminary injunction and found that the SEC showed a substantial likelihood of success in proving that the sales to the Initial Purchasers are part of a larger scheme to distribute those Grams into a secondary public market. In essence, the Initial Purchasers are “underwriters” under the Securities Act; therefore, Telegram is not entitled to rely on the exemption under Rule 506(c) of Regulation D.

Howey Analysis. Section 2(a)(1) of the Securities Act defines a “security” to include an “investment contract.” In turn, under the Howey test, the Supreme Court defined an “investment contract” as “a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party.” S.E.C. v. W.J. Howey Co., 328 U.S. 293, 298–99 (1946). Essentially, there are four prongs to the test: (1) investment of money, (2) common enterprise, (3) expectation of profit, and (4) efforts of another.

Two factors were key to the court’s finding that the distribution of Grams constituted an offering of securities. One, the success and continued development of the TON Blockchain, and therefore the functionality and usability of the Grams, was tied directly to Telegram’s operations and support. The proceeds from the sales to the Initial Purchasers was used to cover Telegram’s expenses, and the reserve would provide price support. Further, the success of the project depended on Messenger’s popularity among a large user base. Two, the Initial Purchasers did not seek to obtain the Grams for consumption, but for resale to the general public. Despite representations in the purchase agreements to the contrary, the court found that the economic incentives of the transaction evidenced an investment intent and expectation of profit.

Telegram argued that even if the sale to the Initial Purchasers was a security offering, once the Grams are available upon launch of the TON Blockchain, they would be commodities with a consumptive purpose, not securities.[2] The court disagreed and found that the initial contracts must be considered along with all related expectations and understandings, including subsequent distribution of the Grams. Viewed as a whole, the sale to the Initial Purchasers was with the purpose of a sale in the public market. Therefore, the court found the transaction to be “a disguised public distribution” and not eligible for exemption from registration under section 4(a)(2).

Key Takeaways

Endorsement of Decentralization Defense. Without citation, the court stated that “[i]n the abstract, an investment of money in a cryptocurrency utilized by members of a decentralized community connected via blockchain technology, which itself is administered by this community of users rather than by a common enterprise, is not likely to be deemed a security under the familiar test laid out in [the Howey test].” This is a seeming endorsement of the SEC’s position that a cryptocurrency on a “sufficiently decentralized” blockchain would not be considered a security.

William Hinman, Director of the SEC’s Division of Corporate Finance, has stated that:

If the network on which the token or coin is to function is sufficiently decentralized—where purchasers would no longer reasonably expect a person or group to carry out essential managerial or entrepreneurial efforts—the assets may not represent an investment contract. Moreover, when the efforts of the third party are no longer a key factor for determining the enterprise’s success, material information asymmetries recede. As a network becomes truly decentralized, the ability to identify an issuer or promoter to make the requisite disclosures becomes difficult, and less meaningful.[3]

If a cryptocurrency is decentralized, the last prong of Howey, whether the expectation of profit stems from the efforts of others presumably would not be satisfied. Although there is no accepted definition of “sufficient decentralization,” the court in the Telegram case suggests a test: whether the cryptocurrency would have the same “mass adoption, vibrancy and utility” that would enable the expected profits even if the issuer moved offshore and ceased operations. In the court’s opinion, the TON Blockchain failed this test.

The test as stated leaves something to be desired; it is vague and may not be reasonably attainable. Establishing a decentralized network would take time before there was sufficient adoption in the developer community to ensure such a test could be met. Even in the cases of Bitcoin and Ethereum (which are generally accepted as decentralized), the networks likely would have failed this test initially. Further, one could imagine an open-source protocol where the initial development team is unable to enact unilateral changes, either due to legal or technology restrictions, and there is involvement by a wider developer community, yet the cryptocurrency still relies on the initial team for its “vibrancy.”

Importance of Token Governance. In considering the “common enterprise” prong of the Howey test, one factor was that Telegram intended for the Gram reserve to be held by a to-be-established TON Foundation. Such foundation would hold the reserve—in effect providing monetary policy for the token—and hold governance responsibility for the TON Blockchain. The court found fault with this plan, however. One, Telegram was under no legal obligation to create the TON Foundation or transfer the Gram reserve if created. Two, even if the TON Foundation was created and the reserve transferred, there was no requirement that Telegram appoint an independent board.

Establishing a foundation to manage blockchain governance can help ensure the independence and integrity of the blockchain and related tokens. As with the Ethereum Foundation, a foundation can promote and support a cryptocurrency that is otherwise fully decentralized. Yet, as the court points out, there is a risk of capture by the token issuer if governance roles and rules are not established and enforceable prior to issuance. Further, if the foundation is responsible for sale of the token, there is a risk that it would find itself liable for violation of the securities laws. Nevertheless, a legally existing and independent foundation with established rules could weaken an argument that a cryptocurrency is an investment in a common enterprise.

Evaluate Distribution Scheme Based on Economic Reality. Finally, it is important to note that the court focused much more on the economic reality of the token distribution than the terms of the purchase agreements. In particular, the court found that economic incentives, such as discounts and lockup periods, were intended to ensure the resale and wider public distribution of the Grams—“a disguised public distribution.” Further, the nature of the sales displayed an investment intent, including the fact that the initial purchasers were professional investors, such as VC firms, that bought large numbers of Grams. This is despite inclusion of appropriate legal representations in the purchase agreements.

The opinion was well-reasoned and should be influential either on appeal or in future ICO cases. In the face of the preliminary injunction, Telegram is already considering appealing the decision[4] or selling the Grams solely to non-U.S. purchasers.[5] Although the future of the TON Blockchain is unclear, this ruling should provide insight for legal practitioners and developers of future cryptocurrencies.

[1] Alex Fader is the Chief Legal Officer, Salt Blockchain Inc., and Chair, Corporate Counsel Subcommittee of the CBA Business Law Section ([email protected]). The views expressed in this article reflect the author’s own and do not reflect the views of Salt Blockchain Inc.

[2] Notably, the CFTC weighed in on the commodity versus security question as well. In a February 18, 2020 letter to the judge in this case, the CFTC stated:

Digital currency is a commodity. See, e.g., CFTC v. My Big Coin Pay, Inc., 334 F. Supp. 3d 492, 495-98 (D. Mass. 2018) (citing cases); In re BFXNA Inc. d/b/a Bitfinex, CFTC Dkt. No. 16-19, 2016 WL 3137612, at *5 (CFTC June 2, 2016) (“Bitcoin and other virtual currencies are … properly defined as commodities.”). However, the Commodity Exchange Act (“CEA”), 7 U.S.C. §§ 1-26, provides that many securities are commodities to which the securities laws apply. Thus, any given digital asset may or may not be subject to the securities laws, but that does not depend on whether the asset is a commodity. It depends on whether the asset is a “security” within the meaning of the ’33 Act itself.

Robert A. Schwartz, Deputy General Counsel, Litigation, Enforcement & Adjudication, CFTC, Letter to Judge Castel, Re: SEC v. Telegram Group, Inc., et al., No. 1:19-cv-09439 (PKC) (Feb. 18, 2020).

[3] William Hinman, Dir., Div. of Corp. Fin., SEC, Remarks at the Yahoo Finance All Markets Summit: Crypto: Digital Asset Transactions: When Howey Met Gary (Plastic) (June 14, 2018).

[4] Nikhilesh De, Telegram Appeals Court Ruling Barring Gram Token Distribution, CoinDesk (Mar. 25, 2020).

[5] Anna Baydakova, Telegram Hopes It Can Still Sell Tokens to Non-US Investors After Court Ruling, Yahoo Fin. (Mar. 30, 2020).