I. Introduction

It is a familiar trope from bank heist movies that the robbers gleefully open the bag stuffed with stolen cash in the get-away car, only to have a hidden canister explode and mark all of the proceeds of their crime with indelible ink. For many marijuana-related businesses (MRBs) in the United States, it must seem that the revenues generated by their businesses bear a similar, if invisible, mark of condemnation, as many MRBs have struggled to find a bank willing to provide basic depositary and other financial services to them. This is due to the curious legal status of marijuana as a federally prohibited controlled substance but a legal and highly sought-after commodity under the laws of most U.S. states (currently 33 states and the District of Columbia have legalized marijuana for medical uses, and 11 states plus D.C. have legalized so-called adult-use marijuana, which can be for purely recreational purposes).

This state of legal limbo, which effectively prevents many MRBs from obtaining banking services, greatly increases the risks to which these businesses are exposed in that they must deal with vast amounts of cash, thereby increasing the risk of robbery and making it difficult to render payment to others (including taxing bodies, many of which do not accept cash payments). Moreover, cash businesses are more readily exploited for money laundering and other nefarious purposes, which undermines the public-policy goal of creating legal and regulated markets. Still, a burgeoning reform effort is slowly chipping away at the blanket prohibition of marijuana at the federal level, with multiple legislative initiatives ongoing in the U.S. Congress. Moreover, hemp, marijuana’s first cousin, and hemp-derived consumer products containing cannabidiol (CBD) are now legal under federal law (although some important legal restrictions on CBD products remain). This article will provide an overview of current U.S. federal law as it relates to the provision of banking services to the marijuana and hemp industries, as well as some of the major legislative reform efforts and their potential impact on cannabis banking.

II. Current Federal Law Relating to Marijuana Banking

A. Federal Criminal Law Enforcement Policy

Federal criminal law enforcement policy relating to marijuana offenses has evolved over time. Under the administration of President Barack Obama, the Department of Justice (DoJ) issued guidance commonly referred to as the Cole Memorandum (for its primary author, Deputy Attorney General James Cole) that instructed federal prosecutors to focus their enforcement efforts relating to marijuana on specific enforcement priorities, such as preventing the distribution of marijuana to minors and ensuring that revenues from the sale of marijuana did not flow to criminal enterprises, and ensuring that state-legal marijuana activity was not used as a cover for trafficking of other illegal drugs.[1] Cases that did not implicate these priorities were to be de-emphasized. Although the Cole Memorandum did not change federal law, it was seen as creating a de facto safe harbor from federal prosecution for state-legal marijuana-related activities that avoided the enumerated criteria. Given that the Cole Memorandum was merely an expression of the enforcement priorities of the DoJ at the time of its publication, it was at all times susceptible to revocation if a new administration took a different view. This is precisely what happened in January 2018, when then-Attorney General Jeff Sessions rescinded the Cole Memorandum and instructed federal prosecutors to enforce the federal prohibition on marijuana based on the principles that govern all federal prosecutions.[2] In spite of this new policy, there is little indication that federal prosecutions of MRBs increased noticeably following January 2018, and current Attorney General William Barr has indicated that he does not intend to “go after” companies that operate in compliance with the Cole Memorandum criteria.[3] However, as before, the enforcement policy of the DoJ is subject to change at any time and does not provide MRBs with legal certainty as to the range of permissible activities.

B. Federal Law Relating to Marijuana Banking

MRBs currently have extremely limited access to banking services, as many banks are wary of potentially violating federal anti-money laundering and other laws by engaging in transactions with the proceeds of federally illegal marijuana operations. There have been numerous anecdotal reports of MRBs that are unable to obtain banking services or have had their banking relationships terminated due to their (direct or indirect) involvement in the marijuana industry. Indeed, to our knowledge, none of the major banks in the United States accepts MRBs as customers, despite the fact that state-legal marijuana is rapidly becoming a large and lucrative industry. In terms of hard data, the federal Financial Crimes Enforcement Network (FinCEN)[4] reports that, as of September 30, 2019, 563 banks and 160 credit unions were providing banking services to MRBs.[5] While this number represents a substantial increase from 375 banks and 111 credit unions as of September 30, 2018,[6] these banks and credit unions represent a small minority of the overall U.S. banking industry, and the data confirm that most banks and credit unions are not currently providing banking services to MRBs. Moreover, the data do not indicate the scope or nature of banking services provided by these institutions, and in some cases the reporting could relate simply to a prudential notice of a transaction involving an MRB by a bank that is not actively serving such customers.

In order to address the lack of banking services available to MRBs, some states have studied possible ways to encourage the provision of such services to MRBs within the respective states, but no workable solution has yet been found, and it is difficult to imagine a state-level banking system created to serve the marijuana industry that could both achieve the scale needed to meet the rapidly growing industry’s needs and avoid implicating federal law (as even state-chartered banks are subject to a variety of federal laws and the jurisdiction of one or more federal banking regulators). In light of these challenges, any lasting solution to the dearth of banking services available to MRBs will require federal legislative action.

The primary federal law that affects the provision of banking services to MRBs is the Bank Secrecy Act of 1970 (BSA).[7] Among other things, the BSA requires U.S. financial institutions to help federal government agencies detect and prevent money laundering. To this end, it requires banks to report suspicious activity that might signify money laundering, tax evasion, or other criminal activity. These reports are referred to as “suspicious activity reports” (SARs). The federal anti-money laundering statutes make it a crime to knowingly engage in monetary transactions involving proceeds of certain unlawful activity, including the sale of marijuana.[8] Under these laws, all proceeds generated by MRBs (even if operating in compliance with state law) are unlawful, and financial transactions with such proceeds (including accepting deposits, making loans, and other banking services) may constitute illegal money laundering.

Notwithstanding the federal prohibition on transactions involving the proceeds of marijuana-related operations, FinCEN issued guidance in February 2014 on how banks could do business with MRBs.[9] This guidance was expressly based on the principles set forth in the Cole Memorandum and was accompanied by additional guidance issued by the DoJ on the same day that effectively applied the same enforcement priorities set forth in the DoJ’s prior guidance to the enforcement of the BSA.[10] Despite former Attorney General Sessions’ revocation of the Cole Memorandum, FinCEN has confirmed that its 2014 guidance remains in effect.[11]

Although the FinCEN guidance describes how banks may do business with MRBs without triggering BSA enforcement by FinCEN, it does not legalize such activities, and it does not rule out enforcement actions by federal banking regulators or criminal law enforcement agencies. The guidance primarily requires banks to conduct extensive and ongoing due diligence on any MRBs to which they wish to provide banking services in order to ensure their compliance with the Cole Memorandum principles and applicable state laws, and to file SARs for transactions related to MRBs.[12] The due diligence and ongoing monitoring required under the FinCEN guidance are considerably more far-reaching than the normal due diligence that banks must conduct on their customers. Moreover, the guidance does not contemplate a one-time filing for a bank doing business with an MRB; rather, FinCEN expects banks to file continuing activity reports to update a previously filed SAR if their ongoing monitoring indicates that marijuana-related activity is continuing.

The FinCEN guidance mandates three types of SARs for MRB transactions: (1) marijuana limited SARs for transactions involving an MRB that the bank reasonably believes, based on its review, do not implicate the Cole Memorandum priorities or violate state law, (2) marijuana priority SARs for transactions involving an MRB that the bank reasonably believes, based on its review, implicate the Cole Memorandum priorities or violate state law, and (3) marijuana termination SARs to be used if the bank deems it necessary to terminate its relationship with an MRB in order to maintain an effective anti-money laundering compliance program.[13] FinCEN notes some red flags to distinguish priority SARs, including such things as excessive deposits relative to the scope of the MRB’s permitted activities or to local competitors, rapid movements of funds, a lack of satisfactory documentation to demonstrate compliance with state law, and receipt of cash from outside the state.[14] Although the red flags cited by FinCEN are understandable from a regulator’s perspective as indicators of potential illicit activities, one can imagine that they would be extremely difficult for banks to assess and monitor in practice because they would require a high degree of visibility into customers’ operations as well as reliable information on the markets in which the customers operated (including data on competitors). This may be one reason why very few banks appear to have begun providing banking services to MRBs.

The 2014 guidance issued by the DoJ accompanying the FinCEN guidance emphasized that prosecution of a financial institution under the federal anti-money laundering statutes might be appropriate if the financial institution were to discover that a person to whom it was providing banking services was violating one of the Cole Memorandum priorities, such as by diverting marijuana from a state in which marijuana sales are regulated to ones in which such sales are illegal under state law.[15] Notably, the guidance also provided that prosecution might be appropriate if the financial institution were willfully blind to such illegal activity as a result of a failure to conduct appropriate due diligence of the customer’s activities.[16] Consequently, the guidance places a heavy (and potentially impracticable) burden on banks to effectively ascertain the scope and nature of their customers’ MRB activities and to continually monitor those activities to ensure that they do not implicate any of the Cole Memorandum enforcement priorities.

III. Federal Legalization Efforts

Various bills have been introduced in Congress to legalize marijuana or to provide MRBs with access to essential services. These include, most prominently, the Secure and Fair Enforcement Banking Act of 2019 (SAFE Banking Act), which passed the House of Representatives by a bipartisan vote of 321-103 in September 2019.[17] The SAFE Banking Act remains under consideration by the Senate Banking Committee, where its prospects (once seemingly fairly bright following a public hearing in July 2019) recently dimmed based on a public statement issued by committee chairman Sen. Mike Crapo (R-Idaho). Sen. Crapo had initially indicated that he would hold a committee vote by the end of 2019, but on December 18, 2019, he issued a statement sharply criticizing the bill in its current form and demanding that it be amended to address “the high level potency of marijuana, marketing tactics to children, lack of research on marijuana’s effects, and the need to prevent bad actors and cartels from using the banks to disguise ill-gotten cash to launder money into the financial system.”[18] One particularly controversial element of Sen. Crapo’s comments to the bill is his proposal to introduce a potency limitation of two-percent THC content on all marijuana products, a standard that many products currently on the market in legal states may not meet.[19] Sen. Crapo’s statement did not propose specific textual amendments to the bill and instead requested public comment on the enumerated points, which suggests that his statement may have been a way to avoid, or at least delay, consideration of the bill. In any event, the Senate Banking Committee has yet to take up the bill, and its fate in that committee currently appears to be uncertain at best.

Even if the Senate Banking Committee were to advance the bill, its chances of passage in the full Senate are uncertain, as the bill lacks a champion among Senate Republicans who is willing to drum up support for the bill or press leadership for a floor vote. The financial services industry (including through the American Bankers Association and other industry groups) strongly backs passage of the act,[20] but it appears that action on marijuana banking will have to wait until the SAFE Banking Act is revised to the satisfaction of Sen. Crapo or the balance of power shifts in the Senate following the 2020 elections.

Notwithstanding its currently unclear chances of being enacted into law, the SAFE Banking Act represents an important model of limited legislative action that seeks to facilitate specific commercial activities ancillary to the marijuana industry without addressing the fundamental (and politically more difficult) question of legalization of marijuana itself. The act would prohibit federal banking regulators from taking various punitive measures against a bank (including terminating or limiting deposit insurance) solely because it provides or has provided financial services to a “cannabis-related legitimate business” or service provider.[21] The range of financial services that would be protected under the act is broadly defined, and the term “cannabis-related legitimate business” means any person that participates in any business that is legal under state law that involves cultivating, producing, manufacturing, selling, transporting, displaying, dispensing, distributing, or purchasing cannabis or cannabis products.[22] It is crucial that the act includes protection of service providers, as many businesses that are not directly involved in the marijuana business, such as commercial landlords, construction companies, providers of hydroponic equipment, lighting systems. and the like, are currently at risk of losing access to banking services if it becomes known that MRBs are among their customers.

Additionally, the act would clarify that, for purposes of the federal anti-money laundering statutes, the proceeds of a transaction involving activities of a cannabis-related legitimate business or service provider would not be considered proceeds of an unlawful activity and would provide that a bank or insurer that provides a financial service to a cannabis-related legitimate business or service provider may not be held liable solely for providing such a financial service or for further investing any income derived from such a service.[23]

The act would also provide that a bank that has a legal interest in the collateral for a loan or other financial service to a cannabis-related legitimate business or service provider, or to an owner or operator of real estate or equipment leased or sold to such a business, would not be subject to criminal, civil, or administrative forfeiture of that legal interest pursuant to any federal law for providing such loan or service.[24] Finally, the act would call for FinCEN to issue new guidance for the submission of SARs for transactions with cannabis-related legitimate businesses or service providers that is designed to not significantly inhibit the provision of financial services to such businesses.[25]

The SAFE Banking Act would represent an important milestone in the slow march toward the creation of a legal and regulated nation-wide marijuana market in the United States, but it would not be a panacea for banks or for their customers. Among other issues, since the bill would not decriminalize marijuana under the Controlled Substances Act, MRBs and their officers, directors, and employees could still face federal criminal prosecution for violating federal law. If this were to happen to an MRB served by a bank, it could adversely affect the viability and creditworthiness of the affected MRB; this, in turn, would result in heightened commercial risks for banks that elect to provide financial services to MRBs compared to customers in other industries. Moreover, banks would effectively be responsible for ensuring that their marijuana-industry customers are operating in compliance with all applicable state laws, as state-law compliance is a precondition for the legal protection afforded by the act. As a result, banks’ compliance costs would likely be significantly higher when serving such customers, and this, combined with the heightened commercial risks, may deter many banks from taking advantage of the opportunity that Congress is seeking to create.

In addition to the SAFE Banking Act, several bills have been proposed in Congress that would not merely protect banks and others from criminal enforcement actions for the provision of services to the marijuana industry, rather they would address the federal prohibition itself either by legalizing marijuana at the federal level or by requiring the federal government to abide by any state-level legalization. These bills include most prominently the Marijuana Opportunity Reinvestment and Expungement Act of 2019 (MORE Act) and the Strengthening the Tenth Amendment Through Entrusting States Act (STATES Act).

The MORE Act was introduced by Sen. Kamala Harris (D-California) and Rep. Jerold Nadler (D-New York) and would remove marijuana from Schedule I under the Controlled Substances Act,[26] which would effectively legalize it under federal law.[27] It would also include extensive provisions intended to provide redress for the historically inequitable enforcement of the federal marijuana laws, including by retroactively legalizing marijuana for criminal liability purposes and by providing for various social justice measures to address effects of the so-called War on Drugs, including expungement of many marijuana-related criminal convictions.[28] This bill was voted out of the House Judiciary Committee (with two Republican votes) on November 20, 2019,[29] but it remains subject to the jurisdiction of various other committees, and no floor vote is yet in sight.

The STATES Act was introduced in the Senate by Sens. Elizabeth Warren (D-Massachusetts) and Cory Gardner (R-Colorado) and in the House by Rep. Earl Blumenauer (D-Oregon) and would amend the Controlled Substances Act so that its provisions would no longer apply to any person acting in compliance with state or tribal laws relating to the manufacture, production, possession, distribution, dispensation, administration, or delivery of marijuana.[30] The result of this bill would be that marijuana would remain illegal under federal law in states that have not legalized it (or to the extent that state-level legalization is limited to certain uses or under specific criteria), but it would become legal under federal law in states that have legalized it.

To address financial issues caused by the federal prohibition on marijuana, the STATES Act would provide that state-legal marijuana transactions do not constitute trafficking of illegal substances or result in the proceeds of an unlawful transaction, which should (in theory) remove transactions with the proceeds of marijuana businesses from the scope of the federal anti-money laundering laws and make the provision of banking services to MRBs legal.[31] However, it is unclear how this would work in practice and whether the federal banking regulators would take the view that transactions with the proceeds of state-legal marijuana transactions are, in fact, no longer illicit transactions subject to SAR reporting and other requirements of federal law.

Moreover, the STATES Act would place the entire burden on banks to determine whether their customers (or other entities transacting with their customers) are conducting their marijuana-related operations in compliance with state law. This may prove to be an unreasonable burden that prevents many banks from taking on such customers in that any financial transactions with companies that purport to operate within state law but in fact are not in compliance (even inadvertently) would likely constitute violations of the federal anti-money laundering statutes that would require the submission of SARs under the BSA (subject to any further guidance that FinCEN may issue following passage of such a law) and potentially the termination of the bank’s relationship with such customers. From a banking perspective, the STATES Act is an imperfect approach, but it seems to be an attempt to garner bipartisan support for something that is akin to federal marijuana legalization without requiring members of Congress to vote for full legalization, and it seems designed to have bipartisan appeal by advancing a federalism argument in favor of respecting the decisions of the individual states. It remains unclear whether this approach will gain sufficient support to advance to a floor vote in either house of Congress.

Other efforts to legalize marijuana at the federal level, or to facilitate the provision of banking and other services to MRBs, include the Responsibly Addressing the Marijuana Policy Gap Act of 2019,[32] which would remove state-legal marijuana-related activities from the scope of the Controlled Substances Act and seek to ensure that MRBs have access to banking services, bankruptcy proceedings, and certain tax deductions; the State Cannabis Commerce Act,[33] which would not change marijuana’s status as an illegal controlled substance under federal law, but would prohibit any federal agency from using appropriated funds to prevent any state from implementing any law legalizing the use, distribution, possession, or cultivation of marijuana within that state; and the Marijuana Justice Act of 2019,[34] which would remove marijuana from the purview of the Controlled Substances Act and effect a variety of social justice provisions intended to address the effects of disparate enforcement of the federal drugs laws.

The likelihood of passage of any of these attempts to legalize marijuana federally or to facilitate the provision of services to the marijuana industry under any of the models described above, or of another approach that may emerge, is unclear and may depend to some extent on the results of the 2020 presidential and congressional elections. Although a Democratic takeover of the White House and the Senate (while retaining a majority in the House) would not ensure passage of full federal marijuana legalization, the recent linking of social justice measures with legalization may go a long way to garner broad support among otherwise reluctant Democratic lawmakers.

In the meantime, we might expect that any substantive federal action on marijuana will come piecemeal in the form of amendments to federal appropriations bills. Under one amendment that has been part of appropriations bills since 2014 and that was included in the federal funding bill that was signed into law by President Donald Trump on December 20, 2019, the DoJ is prohibited from using funds appropriated under the law to enforce the federal marijuana prohibition against state-legal medical marijuana businesses and users.[35] President Trump attached a so-called signing statement to the bill that suggested that his DoJ may disregard this rider to the extent that he believes it interferes with his “constitutional responsibility to faithfully execute the laws of the United States,”[36] but the import of this statement is as yet unclear. It is notable that several other marijuana-related riders were included in the House version of the spending bill (including one that would have extended the prohibition on the DoJ’s use of funds to enforce the federal marijuana prohibition beyond medical marijuana to also include state-legal, adult-use marijuana activities), but they were eliminated in the reconciliation of the House and Senate versions and therefore did not make their way into the final legislation.

IV. Hemp Banking

Hemp is a close relative of marijuana in that both plants are varietals of the cannabis sativa L plant, and there is no definitive scientific point of demarcation between hemp and marijuana. Instead, the distinction between hemp and marijuana is primarily a matter of laws that distinguish the two substances based on the percentage content of THC (the primary intoxicating substance in marijuana). The legal distinction between hemp and marijuana is of great significance, as hemp was legalized at the federal level by the Agriculture Improvement Act of 2018 (2018 Farm Bill),[37] whereas marijuana remains illegal under federal law. Under the 2018 Farm Bill, hemp may not have a THC concentration of greater than 0.3 percent on a dry-weight basis,[38] and cannabis or derivative products with THC in excess of this threshold are legally classified as marijuana.

In connection with the legalization of hemp (by removing it from Schedule I under the Controlled Substances Act), the 2018 Farm Bill requires the U.S. Department of Agriculture (USDA) to issue rules governing the industrial cultivation of hemp.[39] Any hemp that is produced in accordance with the 2018 Farm Bill and USDA rules, and products derived therefrom (such as consumer products containing CBD), will not be deemed to be controlled substances under the Controlled Substances Act. Moreover, although the 2018 Farm Bill does not require states to remove any existing legal prohibitions or legal limitations on hemp or its derivative products, the law does prohibit state or tribal constraints on the inter-state movement of hemp, which is essential to facilitating the formation of a nation-wide hemp industry.[40] The 2018 Farm Bill also aims to promote industrial-scale cultivation of hemp by making hemp producers eligible for federal crop insurance programs and USDA grants and development programs.[41]

The USDA issued its interim final rule on October 31, 2019, establishing the initial parameters for commercial hemp production.[42] Although the public comment period was initially scheduled to end on December 30, 2019, the USDA extended that period until Jan. 29, 2020, in order to provide stakeholders with more time to submit comments.[43] To date, over 1,800 comments have been posted.[44] The USDA intends to issue its final rule by late 2021.[45]

Under the interim final rule, states and Indian tribes may submit plans for approval by the USDA for the production of hemp in their respective territories.[46] If a state or tribe declines to submit a plan, or if their plan is not approved by the USDA, then the USDA’s rules will govern hemp production in those states and tribal territories.[47] Any commercial hemp production operations must be approved under a USDA-approved state or tribal licensing regime or directly by the USDA. Licenses for hemp production will be nontransferable and must be renewed every three years, and criminal background checks will be required for all “key participants” in hemp businesses (includes owners of direct or indirect financial interests and senior executives).[48]

The USDA rules contain two provisions that have been the subject of many critical public comments. First, the USDA requires that THC content be measured on the basis of “total potential THC,” which would take into account not only the level of psychoactive Delta-9 THC but also what the USDA refers to as the potential conversion of delta-9-tetrahydrocannabinolic acid (THCA), which in its unconverted form is not intoxicating to humans, into THC.[49] This approach diverges from the widely understood basis for the legal distinction between hemp (containing no more than 0.3 percent THC without counting THCA) and marijuana, and this aspect of the USDA interim final rule appears to have caught many in the industry off-guard. Many of the public comments submitted to the USDA have suggested that requiring hemp to remain within the cap of 0.3 percent THC content based on “total potential THC” will decimate the nascent industry because much of the hemp that is currently produced would not meet this standard (and the risk of inadvertently exceeding the prescribed level of THC content would be unreasonably high).[50] Moreover, many commentators have argued that it is unnecessary to include THCA in the THC content test because THCA is not itself psychoactive (rather it may be converted under specific circumstances into psychoactive THC).[51]

The second part of the USDA interim final rule that has garnered a flood of critical public comments relates to the testing requirements—namely, that the THC-content testing be done in a laboratory that is approved by the Drug Enforcement Agency (DEA) and that the THC content of each lot of hemp be tested not more than 15 days prior to harvesting.[52] Numerous commentators have pointed out that there is a limited number of DEA-approved labs in many parts of the country, and that the 15-day window for testing is impractical, particularly for large producers or ones in remote areas with limited access to approved labs.[53] To date, the USDA has not responded to any of the public comments, and it remains to be seen whether the final rule (which in any event may not be issued until late 2021) will remedy any of these issues. It remains to be seen how hemp producers will work with (or around) these controversial aspects of the USDA rules, but it seems clear that, although federal legalization of hemp is a major and necessary step, the hemp cultivation industry will experience some growing pains along the way to the development of a vibrant, nationwide market.

The consumer-facing side of the hemp industry has grown rapidly since legalization, in particular with a wide range of consumer products containing CBD hitting the market over the past 18 months. However, the legalization of hemp and its derivative products in the 2018 Farm Bill does not mean that the industry is free of federal regulation (beyond the USDA rules for cultivation). Among other regulators, the Federal Trade Commission (FTC) retains the authority under the Federal Trade Commission Act[54] to regulate the manner in which CBD products are marketed and sold, and the Food and Drug Administration (FDA) has the power to regulate the compliance of CBD products with the Federal Food, Drug, and Cosmetic Act,[55] including any potential sales of such products as unapproved drugs or dietary supplements and the use of misleading or impermissible health claims in the marketing of CBD. Both the FTC and FDA have issued warning letters to various companies citing apparent violations of federal law and requiring the recipients to remedy such violations.[56]

Many participants in the nascent hemp industry appear to have taken an aggressive approach to putting products on the market that may not comply with federal law and in making at times expansive claims about the health benefits of their products. On the other hand, federal regulators have been slow to issue guidance on the precise extent of permissible uses and claims relating to CBD products, which has made it difficult for producers to know where the line between permissible marketing and illegal claims lies. Additionally, consumer advocates have reported that quality control in the CBD product space appears to be uneven, with both the CBD content and the THC content in these products in some cases diverging substantially from the levels stated on their labels (which may mean, in the case of a higher-than-stated THC level, that the products may constitute illegal marijuana products instead of legal hemp products). One hopes that regulators will take a constructive approach and work with the industry to formulate clear and practicable rules to facilitate its growth in a manner that promotes public health and safety.

Following hemp legalization in the 2018 Farm Bill, various U.S. senators requested guidance on hemp banking from the Federal Reserve, the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), the National Credit Union Administration (NCUA), and the Farm Credit Administration (FCA).[57] The senators noted that despite hemp legalization, hemp businesses were having difficulty accessing capital and obtaining banking services and urged the federal banking regulators to issue public guidance that would provide banks and credit unions with greater clarity on the scope of permissible banking activities and any specific requirements applicable to such services.[58]

The first federal banking regulator to provide public guidance on hemp banking was the NCUA, which issued a statement in August 2019.[59] The NCUA indicated that credit unions that wish to provide banking services to hemp businesses should implement an anti-money-laundering compliance program that mirrors that contemplated by the 2014 FinCEN guidance, including with respect to filing SARs, but it noted that no SARs will be required for legal hemp-related transactions.[60] Among other things, the NCUA noted that an adequate risk assessment requires credit unions to understand the specific state laws governing each customer’s hemp business.

The Federal Reserve, FDIC, OCC, and FinCEN, in consultation with the Conference of State Bank Supervisors, responded to the senators’ entreaties by issuing a joint statement on December 3, 2019, that took note of hemp legalization and provided guidance for banks to engage in banking relationships with hemp-related businesses.[61] The guidance provided that because hemp is no longer a Schedule I substance under the Controlled Substances Act, banks are not required to file SARs solely because a customer engages in the growth or cultivation of hemp in accordance with applicable laws and regulations.[62] It also stated that banks are expected to follow standard SAR procedures, including by filing a SAR if indicia of suspicious activity warrant, when serving hemp-related customers.[63] The guidance emphasized the importance of banks’ compliance with applicable regulatory requirements for customer identification, suspicious activity reporting, currency transaction reporting, and risk-based customer due diligence, including the collection of beneficial ownership information for customers that are legal entities, when electing to serve hemp-related businesses.[64] Finally, the joint statement indicated that FinCEN will release additional guidance on hemp banking after further review of the USDA hemp regulations and noted that, as before hemp legalization, FinCEN’s 2014 guidance continues to apply to the provision of banking services to MRBs.[65]

Although further legislative action may not be technically required for banks to begin servicing hemp businesses, there have not yet been notable federal legislative efforts to specifically address the difficulty that hemp businesses continue to have in obtaining banking products and services. However, the SAFE Banking Act does make note of this fact and would require federal banking regulators to issue guidance within 90 days of enactment to confirm the legality of providing financial services to hemp businesses and to create best practices for financial institutions to follow. Until the SAFE Banking Act or similar legislation is passed, banks that wish to provide services to hemp businesses must rely on the guidance issued by the federal regulators and the fact that hemp is legal under federal law without further legislative action.

The provision of banking services to hemp businesses requires a carefully calibrated know-your-customer process and ongoing compliance monitoring system that allows banks to identify and limit potential risks and to navigate the many challenges that the industry faces, not least the constraints found in the USDA interim final rule, as well as the risk of FTC and/or FDA enforcement actions. For banks that are willing to invest in creating the necessary policies and structures, however, hemp is a rapidly growing industry with a vast need of capital and financial services that, given its limited access to banking services, offers attractive margins. Moreover, early entrants into the hemp space will be well positioned to quickly and with limited risk enter the much larger and more lucrative, fully legal marijuana market, when and if one comes to pass.

DISCLAIMER: Morrison & Foerster LLP makes available the information in this article for informational purposes only, and it does not constitute legal advice and should not be relied on as such. Morrison & Foerster LLP renders legal advice only after compliance with certain procedures for accepting clients and when it is legally permissible to do so. Readers seeking to act upon any of the information contained in this article are urged to seek their own legal advice.

[1] Memorandum from James M. Cole, Deputy Attorney Gen. to All United States Attorneys Regarding Guidance Regarding Marijuana Enforcement (Aug. 29, 2013).

[2] Memorandum from Jefferson B. Sessions, Attorney Gen. to All United States Attorneys Regarding Marijuana Enforcement (Jan. 4, 2018).

[3] See, e.g., U.S. attorney general nominee will not target law-abiding marijuana businesses, Reuters, Jan. 15, 2019.

[4] FinCEN is a part of the U.S. Treasury Department that is charged with implementing, administering, and enforcing the Bank Secrecy Act of 1970, the main federal anti-money-laundering statute.

[5] Financial Crimes Enforcement Network, Marijuana Banking Update: Depositary Institutions (by type) Providing Banking Services to Marijuana Related Businesses (SARs filed through Sept. 30, 2019).

[6] Financial Crimes Enforcement Network, Marijuana Banking Update: Depositary Institutions (by type) Providing Banking Services to Marijuana Related Businesses (SARs filed through Sept. 30, 2018).

[7] The term “Bank Secrecy Act” is used herein to refer to the Financial Recordkeeping and Reporting of Currency and Foreign Transactions Act of 1970, Pub. L. No. 91-508 (12 U.S.C. §§ 1829b, 1951–59; 31 U.S.C. §§ 5311–32), as well as several subsequent laws that have amended and expanded its scope, including (among others) the Money Laundering Control Act, Pub. L. No. 99-570 (18 U.S.C. §§ 1956 and 1957), and the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA Patriot Act), Pub. L. 107-56, 115 Stat. 272. These laws are also referred to herein generally as the federal anti-money-laundering statutes.

[8] Id.

[9] Financial Crimes Enforcement Network, BSA Expectations Regarding Marijuana-Related Businesses, (Feb. 14, 2014).

[10] Memorandum from James M. Cole, Deputy Attorney Gen. to All United States Attorneys Regarding Guidance Regarding Marijuana Related Financial Crimes (Feb. 14, 2014).

[11] Letter from Drew Maloney, Asst. Secretary of the Treasury for Legislative Affairs to Rep. Denny Heck (Jan. 31, 2018).

[12] Financial Crimes Enforcement Network, supra note 9, at 2-3.

[13] Id. at 3-5.

[14] Id. at 5-7.

[15] Memorandum from James M. Cole, Deputy Attorney Gen. to All United States Attorneys Regarding Guidance Regarding Marijuana Related Financial Crimes (Feb. 14, 2014), at 2.

[16] Id.

[17] H.R. 1595, 116th Cong. (2019); S. 1200, 116th Cong. (2019) (passage through the House).

[18] Press Release, U.S. Senate Committee on Banking, Housing, and Urban Affairs, Chairman Crapo Outlines Concerns with Cannabis Banking Legislation (Dec. 18, 2019).

[19] Id.

[20] See, e.g., American Bankers Assoc, Cannabis Banking: Bridging the Gap between State and Federal Law.

[21] H.R. 1595, 116th Cong. (2019); S. 1200, 116th Cong. (2019) § 2.

[22] Id. § 14(4).

[23]  Id. § 4(a).

[24] Id. § 4(d)(2).

[25] Id. §§ 6, 7.

[26] Comprehensive Drug Abuse Prevention and Control Act of 1970, Pub. L. No. 91-513 (21 U.S.C. §§ 801–904).

[27] H.R. 3884, 116th Cong. (2019); S. 2227, 116th Cong. (2019) § 2.

[28] Id. §§ 5, 9.

[29] Press Release, U.S. House of Representatives Judiciary Committee, House Judiciary Passes MORE Act to Decriminalize Marijuana at Federal Level (Nov. 20, 2019).

[30] H.R. 2093, 116th Cong. (2019); S. 1028, 116th Cong. (2019) § 2.

[31] Id. § 5(b).

[32] H.R. 1119, 116th Cong. (2019); S. 421, 116th Cong. (2019).

[33] H.R. 3546, 116th Cong. (2019); S. 2030, 116th Cong. (2019).

[34] H.R. 1456, 116th Cong. (2019); S. 597, 116th Cong. (2019).

[35] Consolidated Appropriations Act, 2020, H.R. 1158, 116th Cong. (2019), Div. B, § 531.

[36] Statement by President Donald J. Trump (Dec. 20, 2019).

[37] Agriculture Improvement Act of 2018, Pub. L. No. 115-334, § 10113.

[38] Id.

[39]  Id.

[40] Id. §. 10114.

[41]  Id. §. 10113.

[42] U.S. Department of Agriculture Agricultural Marketing Service, Interim Final Rule on Establishment of a Domestic Hemp Production Program (Oct. 31, 2019).

[43] Press Release, U.S. Department of Agriculture Agricultural Marketing Service, USDA Extends U.S. Domestic Hemp Production Program Interim Final Rule Comment Period to January 29 (Dec. 17, 2019).

[44] See comments on the Hemp Farm Bill.

[45] U.S. Department of Agriculture Agricultural Marketing Service, Interim Final Rule on Establishment of a Domestic Hemp Production Program (Oct. 31, 2019).

[46] Id.

[47] Id.

[48] Id.

[49] Id.

[50] See comments on the Hemp Farm Bill.

[51] Id.

[52] U.S. Department of Agriculture Agricultural Marketing Service, Interim Final Rule on Establishment of a Domestic Hemp Production Program (Oct. 31, 2019).

[53] See comments on the Hemp Farm Bill.

[54] 15 U.S.C. §§ 41–58.

[55] 21 U.S.C. §§ 301–392 supp.

[56] See, e.g., Press Release, Federal Trade Commission, FTC Sends Warning Letters to Companies Advertising Their CBD-Infused Products as Treatments for Serious Diseases, Including Cancer, Alzheimer’s, and Multiple Sclerosis (Sept. 10, 2019); Press Release, U.S. Food and Drug Administration, FDA warns 15 companies for illegally selling various products containing cannabidiol as agency details safety concerns (Nov. 25, 2019).

[57] See, e.g., Press Release, Michael Bennet, U.S. Senator for Colorado, Bennet Urges Financial Regulators to Provide Guidance, Certainty for Hemp Farmers and Processors (June 14, 2019); Press Release, Ron Wyden, U.S. Senator for Oregon, Wyden, McConnell Urge Federal Financial Regulators to Prevent Discrimination of Legal Hemp Industry (April 2, 2019).

[58] Id.

[59] National Credit Union Admin., Regulatory Alert to Federally Insured Credit Unions Regarding Serving Hemp Businesses (Aug. 2019).

[60] Id.

[61] Press Release, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Financial Crimes Enforcement Network, Office of the Comptroller of the Currency, Conference of State Bank Supervisors, Agencies Clarify Requirements for Providing Financial Services to Hemp-Related Businesses (Dec. 3, 2019).

[62] Id.

[63] Id.

[64] Id.

[65] Id.

High River Limited Partnership, et al. v. Occidental Petroleum Corporation arises from Occidental Petroleum’s bidding war and high-profile acquisition of Anadarko Petroleum. Plaintiffs bought 26 million shares of Occidental stock worth $1.16 billion after the acquisition was announced. Plaintiffs disagreed with Occidental’s sale of some assets to be acquired in the deal and the price it paid to secure financing through preferred stock to avoid a shareholder vote, among other business decisions. Ten days after sending its demand, plaintiffs filed suit to enforce their demand and launched a proxy fight with intent to obtain consent to elect four members of Occidental’s board of directors, change Occidental’s bylaws, and modify the consent solicitation process. Occidental strongly contested their efforts.

Under case law interpreting title 8, section 220 of the Delaware Code (Section 220), stockholders can demand access to a company’s books and records only if they present a “proper purpose.” Although a court may deem as proper one of several purposes, a well-established proper purpose exists when a stockholder demonstrates a credible basis to suspect that the company has engaged in wrongdoing, such as by breaching its fiduciary duty. The issue lies in the boundaries of proper purposes.

Plaintiffs argued for expanding a proper stockholders’ purpose of communicating with others “in furtherance of a potential” or ongoing “bona fide proxy contest.” The rule would allow stockholders to employ Section 220 to obtain business documents upon showing “a credible basis that the information sought would be material in the prosecution of a proxy contest.” It would open the door for stockholders to inspect books and records regarding directors’ questionable but not actionable business judgment in furtherance of a proxy contest.

Plaintiffs cited Tactron, Inc. v. KDI Corporation and High River Ltd. Partnership v. Forest Labs, Inc., but the court distinguished each case. In Tactron, the court granted a demand for records to aid in a proxy contest, but limited plaintiffs to reviewing only logistical information and not information on business decisions.

The Occidental plaintiffs had already succeeded in similar claims in Forest Labs. The court granted their demand to inspect books and records related to business decisions when the purpose was to prepare a proxy contest, but limited the grant to documents that were “essential and sufficient” for the proxy contest purpose. In Occidental, by contrast, significant information about the underlying acquisition was highly publicized and freely available. Plaintiffs asserted that an information gulf impaired their proxy contest efforts, but the court found that they already had all of the essential information they needed without access to Occidental’s internal documents. Therefore, unlike in Forest Labs, the information plaintiffs sought was not “essential and sufficient.”

Plaintiffs also argued, more traditionally, that their purpose was to investigate corporate mismanagement; however, plaintiffs’ pretrial brief argued that they did not allege intentional breach of fiduciary duty by the board, so the court dismissed this argument summarily. The court declared that disagreement with business judgment is insufficient to establish a credible basis for mismanagement; some allegation of fiduciary breach is required.

The court clarified the proper purpose requirement for a Section 220 demand: (1) various proper purposes include an investigation of wrongdoing or mismanagement beyond a disagreement with business judgment if the stockholders demonstrate a credible basis for their suspicion; and (2) if the purpose propose is to engage in a proxy contest, then any documents requested must be “essential and sufficient” to the proxy contest.

The court left open the possibility that a proxy contest may be a proper purpose in a case with different facts. The court determined that with the right facts, it “might endorse a rule that would allow a stockholder to receive books and records relating to questionable, but not actionable, board-level decisions . . . in aid of a potential proxy contest.” According to the court, information sought through a Section 220 demand would need to be “essential and sufficient” to pursuing a proxy contest to allow stockholders access to the records.

TECHSHOW will take place in Chicago on February 26–29, 2020. As they do each year, attendees from all over North America and overseas will come to see and demonstrate some of the newest advances in law practice technology. TECHSHOW is more than a marketplace for the latest and greatest. It is also an opportunity to learn, network, and discover how to get the best out of legal technology—both what you may want to acquire and what you may already have. In some cases, you might be surprised to learn that your firm’s tech problem is actually more of a people problem. An experience from last year’s show is illustrative.

Top of mind for Glen, an attendee at last year’s show, was to find better time-tracking and billing software for his firm. Two years prior, his partners had purchased a new system that promised easier and more accurate time entry with complete integration with their billing system, but the purchase was a dud according to Glen, and he was looking to replace it with something that worked better.

After spending most of the morning talking to vendors on the show’s expansive EXPO floor, he took a break and attended a talk I was co-presenting entitled The Human Side of Technology Implementation. Glen approached me after the talk and asked if I knew which time-tracking and billing systems were easier to implement than others. I was curious. What were the problems his firm had encountered with their last purchase? What had been difficult?

As Glen answered my questions, it quickly became clear that the problem his firm was having with its new system wasn’t a matter of picking poor, broken, or outdated technology. The features and functionality of the new system were more than adequate for his firm’s needs. Contrary to what he initially thought, their old vendor had not over-promised and under-delivered. The difficulties his firm was experiencing instead came from how the software had been selected and adopted, and how his firm members had been trained to use it.

Two of his firm’s partners had been tasked with interviewing vendors, sampling the software, and making recommendations for acquisition to the firm’s partners. They had done a thorough job of surveying the market and negotiating a competitive deal, but they never asked the firm members who would be the most active users of the software what they thought was important. As we talked, Glen began to see how the announcement of the change to a new time-entry and tracking system came across as a top-down edict from management. He recalled hearing second-hand that some attorneys and staff felt that management didn’t value their opinions and insights.

Significant changes in law firms can cause ripples and turbulence, and changes in technology are no exception. I explained to Glen that firm members felt no ownership of this change and consequently little investment in its successful implementation. Glen hoped their resistance to this change would have been overcome when firm members were trained and saw how useful the new system could be. Unfortunately, adoption of the new system was slow and uneven. A few attorneys simply refused to use it for the first few months, time entry was more error prone than before, and it was taking longer to get bills out to clients.

Glen asked if more training would help. I said it might if he approached things differently. His first inclination was to go to the original vendor’s booth and renegotiate the deal to include more training. I suggested rather than doing that, he should first go back to his firm and ask what kind of training his staff and attorneys thought would be most useful. I told him to pay particular attention to those firm members who were most hands-on in the time-entry process.

I received an e-mail from Glen five months later describing the new training program his firm members had designed with a third-party vendor. Rather than a long, one-day program, they spread multiple training sessions over three months with practice assignments due in between. Training was broken into modules so individual firm members could focus on only those that were most relevant to their jobs. Staff members also volunteered to become go-to persons for helping others with their problems. Glen concluded by saying that “late is better than never” and that his firm’s new system was finally beginning to pay off now that they were paying attention to the people side of introducing new technology.

Excessive executive compensation has come under fire in recent years from a range of commentators,[1] including surprising ones like former Chief Justice of the Delaware Supreme Court Leo Strine.[2] Although generous compensation packages may be justifiable in the case of a healthy company, in the case of a distressed company, they are more difficult to defend—economically and legally. For example, bankrupt OxyContin manufacturer Purdue Pharma recently disclosed that it paid its CEO Craig Landau $9 million in the 12 months before filing and doubled his salary in 2018 after hiring a law firm to provide bankruptcy advice.[3] Admittedly, it is not readily apparent that Landau’s compensation is excessive under current market standards. Even so, it is obvious that executives who receive outsized compensation packages and the board members who approve them are prime targets for dissatisfied corporate constituents, such as unpaid creditors, seeking to recoup value. Fraudulent transfer and fiduciary claims are the traditional tools that creditors use to seek recovery of excessive managerial compensation. However, in certain jurisdictions, creditors may also be able to characterize excessive compensation paid to manager-shareholders as disguised and unlawful dividends. As with other features of corporate law, the applicability and contours of the de facto dividend doctrine vary from jurisdiction to jurisdiction.

Sections 170(a) and 174(a) of the Delaware General Corporation Law (DGCL) make a director liable to the corporation, or its creditors in the event of insolvency, for the full amount of any illegal dividend, including those paid while “the corporation’s capital . . . is less than the capital represented by all outstanding shares having a preference upon the distribution of assets.”[4] In Horbal v. Three Rivers Holdings, Inc., minority shareholders in a health maintenance organization (HMO) sued corporate directors for “siphoning off tens of millions of dollars from the HMO in the form of disguised salaries, bonuses and corporate perquisites,” which the plaintiffs asserted were really “de facto dividends.”[5] Judge Chandler rejected plaintiffs’ theory on the ground that “[n]o Delaware court ha[d] ever recast executive compensation as a constructive dividend[.]”[6] Instead, Judge Chandler found that the plaintiffs’ claim implicated “a classic allegation of self-dealing or waste” subject to attack as a violation of the fiduciary duty of loyalty.[7]

Outside of Delaware, however, a number of courts have been willing to recast inordinate executive compensation as de facto, disguised, or constructive dividends,[8] particularly in the case of closely held corporations.[9] These claims may be brought by creditors or minority shareholders and can be framed as tort or statutory claims.[10] For example, in the recent case of Tisch v. Tisch, the Colorado Court of Appeals found that a controlling shareholder’s use of company funds from a family-owned liquor store for the payment of excessive salary, personal credit cards, and unauthorized loans qualified as disguised dividends supporting minority shareholders’ civil theft claim.[11]

From the perspective of an unpaid creditor, there are several potential advantages to recasting inordinate executive compensation as disguised and unlawful dividends, as opposed to pursuing only fiduciary duty or fraudulent transfer claims. First, as opposed to a fraudulent transfer claim, a director who is not a transferee may be held personally liable for authorizing or acceding to the unlawful dividend. In some jurisdictions, a director’s statutory liability for an unlawful dividend may be based upon mere negligence,[12] and the business judgment rule does not provide a defense.[13] Moreover, in certain jurisdictions, a director cannot assert the use of a special committee or exculpation language in a corporate charter as a defense to liability.[14] Additionally, in most jurisdictions, creditors may recover dividends paid while a company is insolvent from a manager-shareholder who received it with knowledge of the company’s insolvency.[15] Although this may be similar to an avoidable transfer claim, fraudulent transfer and preference defenses are unavailable because the statutory unlawful dividend claim is akin to a “strict liability” claim.[16] Finally, statutory unlawful dividend claims may also allow the plaintiff to recover interest from the date of the distribution.[17] Given these potential advantages over fraudulent transfer and fiduciary claims, practitioners advising boards and representing creditors should be aware of the possibility of courts recasting excessive executive compensation as disguised unlawful dividends in certain jurisdictions.

[1] J. William Boone is a partner at James-Bates-Brannan-Groover-LLP in Atlanta, Georgia, and Matthew M. Graham is a shareholder at Stearns Weaver Miller Weissler Alhadeff & Sitterson, P.A. in Miami, Florida.

[2] Leo E. Strine, Jr., Toward Fair and Sustainable Capitalism, Harvard John M. Olin Discussion Paper Series, Discussion Paper No. 1018 (Sept. 2019).

[3] Geoff Mulvihill & Tom Murphy, Purdue Pharma paid CEO $9M in year before bankruptcy, StarTribune, Oct. 30, 2019; Liz O. Baylen, Purdue Pharma workers can get bonuses, but maybe the CEO shouldn’t, judge decides, L.A. Times, Dec. 4, 2019.

[4] See Del. Code tit. 8, §§ 170(a), 174(a).

[5] CIV.A. 1273-N, 2006 WL 668542, at *1 (Del. Ch. Mar. 10, 2006).

[6] Id. at *3.

[7] Id. at *4; see also Quadrant Structured Prods. Co., Ltd. v. Vertin, 102 A.3d 155, 201 (Del. Ch. 2014).

[8] See, e.g., Tisch v. Tisch, 439 P.3d 89, 105 (Colo. App. 2019); Four Seasons Equip., Inc. v. White (In re White), 429 B.R. 201, 210 (Bankr. S.D. Tex. 2010); Interstate Highway Const., Inc. v. Gigot, 90-1289-K, 1990 WL 235693, at *2 (D. Kan. Dec. 20, 1990); Murphy v. Country House, Inc., 349 N.W.2d 289, 293 (Minn. Ct. App. 1984); Erdman v. Yolles, 233 N.W.2d 667, 669 (Mich. Ct. App. 1975).

[9] See Alaska Plastics, Inc. v. Coppock, 621 P.2d 270, 277 (Ala. 1980).

[10] Compare Interstate Highway Const., Inc., 1990 WL 235693, at *2 (statutory claim by creditor), with Tisch, 439 P.3d at 105 (civil theft claim by minority shareholders).

[11] See Tisch, 439 P.3d at 105 (Colo. App. 2019).

[12] Kan. Stat. § 17-6424; Okla. Stat. § 18-1053.

[13] See In re Musicland Holding Corp., 398 B.R. 761, 785 (Bankr. S.D.N.Y. 2008) (finding that section 174(a) of the DGCL “imposes a form of strict liability without regard to any action or inaction by a particular director” and “the business judgment rule does not apply because the payment of an unlawful dividend is an illegal act”).

[14] See 2 Model Bus. Corp. Act § 8.25 official cmt. (4th ed. 2013 rev.) (stating that “section 8.25(e)(1) generally makes nondelegable the decision whether to authorize or approve distributions, including dividends”); Del. Code tit. 8, § 102(b)(7) (providing that certificate of incorporation may not limit or eliminate a director’s personal liability for unlawful dividends under section 174 of the DGCL).

[15] See 12 Fletcher Cyc. Corp. § 5429 (2019).

[16] See In re Musicland Holding Corp., 398 B.R. at 785.

[17] See, e.g., Cal. Corp. Code § 316(d) (director liable for interest); Cal. Corp. Code § 506(a) (shareholder liable for interest).

IRS Forms 1099 match income and Social Security numbers.[1] Most people pay attention to these forms at tax time, but lawyers and clients alike should pay attention to them the rest of the year as well. Failing to report a Form 1099 is guaranteed to give you an IRS tax notice to pay up. These little forms are a major source of information for the IRS. Copies go to state tax authorities, which are useful in collecting state tax revenues.

Lawyers receive and send more Forms 1099 than most people, in part due to tax laws that single them out. Lawyers make good audit subjects because they often handle client funds. They also tend to have significant income. The IRS has a keen interest in the tax treatment of litigation settlements, judgments, and attorney’s fees. Lawyers are singled out for extra Forms 1099. The tax code requires companies making payments to attorneys to report the payments to the IRS on a Form 1099.

Each person engaged in business and making a payment of $600 or more for services must report it on a Form 1099. The rule is cumulative, so whereas one payment of $500 would not trigger the rule, two payments of $500 to a single payee during the year require a Form 1099 for the full $1,000. Lawyers must issue Forms 1099 to expert witnesses, jury consultants, investigators, and even co-counsel where services are performed and the payment is $600 or more.

A notable exception from the normal $600 rule is payments to corporations. Payments made to a corporation for services are generally exempt; however, an exception applies to payments for legal services. Put another way, the rule that payments to lawyers must be the subject of a Form 1099 trumps the rule that payments to corporation need not be. Thus, any payment for services of $600 or more to a lawyer or law firm must be the subject of a Form 1099, and it does not matter if the law firm is a corporation, LLC, LLP, or general partnership, nor does it matter how large or small the law firm may be. A lawyer or law firm paying fees to co-counsel or a referral fee to a lawyer must issue a Form 1099 regardless of how the lawyer or law firm is organized. Plus, any client paying a law firm more than $600 in a year as part of the client’s business must issue a Form 1099. Forms 1099 are generally issued in January of the year after payment. In general, they must be dispatched to the taxpayer and IRS by the last day of January.

Issuing Forms 1099 to Clients

One confusing tax reporting issue for law firms is whether to issue Forms 1099 to clients. Practice varies considerably, and many firms issue the forms routinely; however, most payments to clients do not actually require the forms. Of course, many lawyers receive funds that they pass along to their clients. That means law firms often cut checks to clients for a share of settlement proceeds. Even so, there is rarely a Form 1099 obligation for such payments. Most lawyers receiving a joint settlement check to resolve a client lawsuit are not considered payors. In fact, the settling defendant is considered the payor, not the law firm. Thus, the defendant generally has the obligation to issue the Forms 1099, not the lawyer.

Example 1: Larry Lawyer earns a contingent fee by helping Cathy Client sue her bank. The settlement check is payable jointly to Larry and Cathy. If the bank doesn’t know the Larry/Cathy split, it must issue two Forms 1099 to both Larry and Cathy, each for the full amount. When Larry cuts Cathy a check for her share, he need not issue a form.

Example 2: Consider the same facts as in Example 1, but assume that Larry tells the bank to issue two checks, one to Larry for 40 percent, and the other to Cathy for 60 percent. Here again, Larry has no obligation to issue a form because Cathy is getting paid by the bank. The bank will issue Larry a Form 1099 for his 40 percent. It will issue Cathy a Form 1099 for 100 percent, including the payment to Larry, even though the bank paid Larry directly. Cathy must find a way to deduct the legal fee.

Physical Injury Payments

One important exception to the rules for Forms 1099 applies to payments for personal physical injuries or physical sickness. Think legal settlements for auto accidents and slip-and-fall injuries. Given that such payments for compensatory damages are generally tax-free to the injured person, no Form 1099 is required.

Example 1: Hal Hurt is in a car crash and receives a $1 million settlement. Defendant Motors issues a joint check to Hal and his lawyer Sue Suits. Defendant is not required to issue a Form 1099 to Hal. Defendant must still issue a Form 1099 to Sue for the full $1 million.

Example 2: Same facts, but assume Sue asks for a $600,000 check issued to Hal (without a Form 1099) and a $400,000 check issued to her (with a Form 1099 to Sue for $400,000). Defendant Motors can agree to this request.

Other Payments to Clients

What about a law firm’s refund of legal fees to clients? Must those payments be reported to the client on Form 1099 issued to the client? If the refund is of monies held in the lawyer’s trust account, no Form 1099 is required; however, if the law firm was previously paid and is refunding an amount from the law firm’s own income, a Form 1099 is needed.

Example: Big Law LLP represents Joe Inventor and is holding $50,000 of Joe’s funds in its trust account. Due to a dispute over the quality of Big Law’s services, it agrees to refund $30,000 of Joe’s deposit. No Form 1099 is required because this was Joe’s money. Big Law also agrees to refund $60,000 of the monies Joe paid for fees over the last three years. Big Law is required to issue a Form 1099 for the $60,000 payment.

The primary area where a lawyer must issue a Form 1099 to a client is where the lawyer performs significant oversight and management functions. The tax regulations are not terribly clear exactly what these management and oversight functions are in many cases, but merely being a plaintiff’s lawyer and handling the settlement monies is not enough.

What if the lawyer is beyond merely receiving the money and dividing the lawyer’s and client’s shares? Under IRS regulations, if lawyers take on too big a role and exercise management and oversight of client monies, they become “payors” and as such are required to issue Forms 1099 when they disburse funds.

Joint Checks

IRS regulations contain extensive provisions governing joint checks and how Form 1099 should be issued in such cases. Most of these rules mean that lawyers will be receiving Forms 1099 when their names are on the settlement checks.

Example 1: Dastardly Defendant settles a case and issues a joint check to Clyde Client and Alice Attorney. Dastardly normally must issue one Form 1099 to Clyde for the full amount and one Form 1099 to Alice also for the full amount. This reality may cause Alice to prefer separate checks, one for the client funds, and one to pay the lawyer directly. That way, Alice may only receive a Form 1099 for her fees, not also for her client’s money.

Example 2: This time Dastardly Defendant issues a check for 60 percent of the settlement to Clyde Client and 40 percent to Alice Attorney. Dastardly issues one Form 1099 to Clyde for 100 percent, and one Form 1099 to Alice for 40 percent. So that Clyde doesn’t pay taxes on the fees paid to Alice for which he received a Form 1099, he will try to deduct the 40 percent on his tax return. Beginning in 2018, though, deductions for legal fees are now much more restricted than in the past. There is still an above-the-line deduction for legal fees in employment, civil rights, and whistleblower cases, but beyond that, many legal fees can no longer be deducted.

Seeking to help their clients avoid receiving Forms 1099, some plaintiff lawyers ask the defendant for one check payable to the “Jones Law Firm Trust Account.” Many defendants are willing to issue a single Form 1099 only to the Jones Law Firm in this situation. Technically, however, Treasury Regulations dictate that you should treat this Jones Law Firm Trust Account check just like a joint check payable to lawyer and client. That means two Forms 1099, each in the full amount, are required.

Judgment Calls and Penalties

Requirements to issue Forms 1099 have existed in the tax code and parallel state law for decades. Still, these requirements have become more rigorous in recent years. Penalty enforcement has also become tougher. More and more reporting is now required, and lawyers and law firms face not only the basic rules, but the special rules targeting legal fees.

Lawyers are not always required to issue Forms 1099, especially to clients. Nevertheless, the IRS is unlikely to criticize anyone for issuing more of the ubiquitous little forms. In fact, in the IRS’s view, the more Forms 1099 the better. Perhaps for that reason, it is becoming common for law firms to issue Forms 1099 to clients even where they are not strictly necessary. Defendants usually have this knee-jerk reaction as well—when in doubt issue the forms. Sometimes, though, both lawyers and defendants go overboard and issue the forms when they really should not.

Most penalties for nonintentional failures to file are modest—as small as $270 per form. This penalty for failure to file Forms 1099 is aimed primarily at large-scale failures, such as where a bank fails to issue thousands of the forms to account holders; however, law firms should be careful about these rules, too.

The distribution of the proceeds of a class action, for example, can trigger large-scale issuances of Forms 1099. In addition to the $270-per-failure penalty, the IRS also may try to deny a deduction for the item that should have been reported on a Form 1099. That means if you fail to issue a form for a $100,000 consulting fee, the IRS could claim it is nondeductible. It is usually possible to defeat this kind of draconian penalty, but the severity of the threat still makes it a potent one.

An often-cited technical danger (but generally not a serious risk) is the penalty for intentional violations. A taxpayer who knows that a Form 1099 is required to be issued and nevertheless ignores that obligation is asking for trouble. The IRS can impose a penalty equal to 10 percent of the amount of the payment.

Example: Larry Lawyer makes a $400,000 payment to co-counsel, but Larry fails to issue a required Form 1099 even though his CPA told him he was required to. In addition to other remedies, the IRS may impose a $40,000 penalty.

Although a 10-percent penalty is high, I have never personally seen this penalty imposed. In fact, I wonder how likely it is even to be proposed, unless the taxpayer has a damning memo in his file that he hands the IRS, making clear that he knew of the Form 1099 obligation and ignored it.

IRS Form W-9

Given that Forms 1099 require taxpayer identification numbers, attorneys are commonly asked to supply payors with their own taxpayer identification numbers and those of their clients. Usually such requests come on IRS Form W-9. If an attorney is requested to provide a taxpayer identification number and fails to provide it to a paying party, he or she is subject to a $50 penalty for each failure to supply that information.

The payments to be made to the attorney also may be subject to back-up withholding. As a practical matter, some defendants may refuse to pay over money without the required taxpayer identification numbers, or will seek to pay the money through a court. It is usually not worth fighting over Forms W-9. If you have negotiated for language in the settlement agreement making clear what Forms 1099 will (or will not) be issued, there should usually be no reason to fight over providing Forms W-9.

Conclusion

Receiving Forms 1099 is not particularly fun, but at least it is a reminder to report the payment on your tax return. Even many issuers of Forms 1099 may not especially like the form. Lawyers must pay special attention to these rules, and not just when they are settling cases or closing real estate deals. More than many other businesses and professionals, lawyers are commonly sending and receiving Forms 1099. Clients care a great deal about these rules as well, especially if they receive a big, fat Form 1099 in the mail that they were not expecting.

[1] Robert W. Wood is a tax lawyer with www.WoodLLP.com and the author of numerous tax books including Taxation of Damage Awards & Settlement Payments (www.TaxInstitute.com). This discussion is not intended as legal advice.

1. INTRODUCTION

In a recent decision, the United States Court of Appeals for the First Circuit (the First Circuit) reversed a lower bankruptcy court decision that absolved a university of fraudulent transfer liability stemming from tuition payments received from a student’s parents.[1] The parents, who pled guilty to orchestrating a Ponzi scheme, were presumed to be insolvent at the time the tuition payments were made.[2] The issue of whether colleges and universities may be sued by bankruptcy trustees to recover tuition payments made by insolvent parents for the benefit of their adult children has divided bankruptcy courts for years. In re Palladino, 942 F. 3d 55 (1^st Cir. 2019), marks the first appellate-level decision to address the issue.

From an objective bankruptcy law perspective, the Palladino case was rightly decided by the First Circuit. Indeed, a fundamental goal of bankruptcy is to ensure that similarly situated creditors are treated alike and share equitably in the distribution of debtor assets. To achieve this goal, title 11 of the United States Code (the Bankruptcy Code) grants a bankruptcy trustee (or debtor-in-possession) several important powers. Chief among the trustee’s powers is the ability to “avoid”[4] transfers and/or transactions as set forth in sections 544 through 549 of the Bankruptcy Code. This article will consider issues prevalent in bankruptcy avoidance actions. However, the central focus of the article is on the intersection between the exercise of avoidance powers against colleges and universities and public policy encouraging parental contributions to higher education.

2. TRUSTEE STRONGARM POWERS AND AVOIDANCE ACTIONS IN BANKRUPTCY

Under state fraudulent transfer statutes,[5] a creditor may seek to avoid a transfer made by a debtor to a third party if under the circumstances, the transfer was adverse to such creditor.[6] In avoiding such transfers, applicable state law allows the creditor to “reach-back” to recover payments made as many as six years prior the bankruptcy filing. The Bankruptcy Code in turn allows trustees standing to pursue such transfers under state law “in the shoes” of the harmed creditor. In addition, the Bankruptcy Code provides the trustee with direct substantive avoidance powers, albeit with a reach-back period generally limited to two years.[7]

The Bankruptcy Code empowers bankruptcy trustees to avoid and recover fraudulent transfers, including those attributed to constructive fraud, from the recipient (in this context, the university). As noted by the United States Supreme Court in Central Bank of Washington v. Hume, 128 U.S. 195, 211 (1888), “debtors must be just before they are generous.” Under section 548(a)(1)(B) of the Bankruptcy Code, a transfer is deemed constructively fraudulent where the insolvent debtor makes a payment (or any other transfer of an interest in property) for which the transferee does not provide “reasonably equivalent value” while the debtor is insolvent. Constructively fraudulent transfers are avoidable and recoverable for the benefit of the bankruptcy estate irrespective of whether, and to what extent, the initial transferee received the payments in good faith. Simply put, absent a showing of “value” provided in exchange for the transfers, it does not matter whether the college or university had knowledge of the parent’s insolvency or fraud or otherwise received the tuition payments in good faith.

It is important to note that the Bankruptcy Code (and comparable state law fraudulent transfer statutes) provide for avoidance of both actual and constructive fraud-based transfers and transactions. Under the actual fraud theory of recovery, the trustee may avoid transfers intended to frustrate current or future creditors’ recovery efforts. Section 548(a)(1)(A) of the Bankruptcy Code provides, in pertinent part—

(a)(1)The trustee may avoid any transfer (including any transfer to or for the benefit of an insider under an employment contract) of an interest of the debtor in property, or any obligation (including any obligation to or for the benefit of an insider under an employment contract) incurred by the debtor, that was made or incurred on or within 2 years before the date of the filing of the petition, if the debtor voluntarily or involuntarily—

(A) made such transfer or incurred such obligation with actual intent to hinder, delay, or defraud any entity to which the debtor was or became, on or after the date that such transfer was made or such obligation was incurred, indebted . . . .

The trustee has the burden of establishing intent.[8] To the extent the intent at issue in a case is to defraud, courts are split on whether the standard of proof is by a preponderance of evidence or by clear and convincing evidence.[9]

In the context of avoidance actions brought against colleges and universities to recover tuition payments, the decisional authority most often turns on analysis of constructive fraud claims. In Palladino, for example, the trustee asserted both actual fraud[10] and constructive fraud claims. However, the First Circuit’s Palladino opinion was based primarily on its finding that the debtor parents received no value in exchange for the payments they made for their daughter’s education. There the court reasoned:

The tuition payments here depleted the estate and furnished nothing of direct value to the creditors who are the central concern of the code provisions at issue. The code recognizes five classes of transactions that confer value: (1) the exchange of property; (2) the satisfaction of a present debt; (3) the satisfaction of an antecedent debt; (4) the securing or collateralizing of a present debt; and (5) the granting of security for the purpose of securing an antecedent debt. 11 U.S.C. § 548(d)(2)(A). None are present here, nor are parents under any legal obligation to pay for college tuition for their adult children.

The First Circuit noted that such payments by an insolvent debtor, irrespective of the noble cause, will be undone by bankruptcy rules allowing trustees to claw back transfers. The First Circuit declined to recognize an exception not enacted by Congress via statute. The bankruptcy court, from which the appeal was taken, had found the Palladinos paid their daughter’s tuition because “they believed that a financially self-sufficient daughter offered them an economic benefit” and as such determined value had been provided.[11] Rejecting this analysis, the First Circuit urged that “value” be considered from the perspective of the creditor, for whose benefit fraudulent transfer laws were established, not the debtor parents.

3. DEFENSES

In defending against claw-back actions, colleges and universities should consider and hold the trustee to her burden of establishing each element of the claim. A trustee may challenge a transaction as constructively fraudulent by establishing:

• A transfer or incurred obligation;[12]
• Of an interest of the debtor;
• For less than reasonably equivalent value; and the debtor
  • was insolvent or became insolvent as a result;
  • was engaged in business or a transaction, or was about to engage in business or a transaction, for which any property remaining with the debtor was an unreasonably small capital;
  • intended to incur, or believed that the debtor would incur, debts that would be beyond the debtor’s ability to pay as such debts matured; or
  • made such transfer to or for the benefit of an insider, or incurred such obligation to or for the benefit of an insider, under an employment contract and not in the ordinary course of business.[13]

Upending any one of the required elements will defeat a fraudulent transfer claim.

Further, at least one court has ruled that the university would be deemed a mere conduit where funds are first deposited into a student controlled account, albeit managed by the institution; the funds are not withdrawn or otherwise under the dominion of the institution until the student enrolls in courses at the institution, and such funds are refundable if the student withdraws from the institution.[14] In Hamadi, the court determined that the university was shielded from liability under section 550(b)(1) of the Bankruptcy Code, which prohibits trustees from “recovering from an immediate transferee of an initial transferee who ‘takes for value, including satisfaction or securing of a present or antecedent debt, in good faith, and without knowledge of the voidability of the transfer avoided[.]’” A key factor in the court’s ruling in favor of the university was that it was deemed an immediate (or subsequent) transferee rather than the initial transferee of the tuition payments. To be clear, the statutory defense is only available to good-faith subsequent transferees.[15] Like the payment structure in Pergament, the shielded University of Connecticut tuition payments came from a student-controlled account funded by the parents and were refundable to the student up until he registered for courses.[16]

4. EXTRAJUDICIAL EFFORTS TO PROTECT EDUCATIONAL INSTITUTIONS

Although the age of majority in most states is 18, society expects and legally presumes that parents will contribute to the higher education costs for children 18 and over. Indeed, as colleges and universities know all too well, a student’s eligibility for need-based financial aid is based on the institution’s “Cost of Attendance” less the “Expected Family Contribution.”[17] The Expected Family Contribution is determined by a federally mandated calculation based on information submitted in the student’s Free Application for Federal Student Aid. As noted by one commentator, “it seems counterintuitive to limit a student’s financial aid award because it is decided his parents can afford to contribute a certain amount to his education and then later call these transfers fraudulent if the parents file for bankruptcy.”[18] Courts have acknowledged this conundrum in ruling on trustee tuition claw-back actions. In In re Oberdick, 490 B.R. at 711–12, the court rejected a trustee’s fraudulent transfer claim after noting the parents testimony that (1) they viewed the college tuition and related educational expenses for their adult children as family obligations, and (2) they were denied state and federal student aid for the adult children because of the “expected family contribution.”

Federal legislators have also recognized the disconnect between federal higher education policy and federal bankruptcy law. In 2015, the Protecting All College Tuition (PACT) Act was introduced by Representative Chris Collins of New York. would be shielded from recovery.[19] The PACT Act of 2015 did not advance out of committee.

5. CONCLUSION

Although Palladino is the first appellate decision to address claw back of tuition payments, it is likely not the last. Unless and until Congress enacts legislation to shield tuition payments from avoidance, colleges, universities, and their counsel must be prepared to defend against fraudulent transfer actions. The strategic offense principle as crystalized in the adage “the best defense is a good offense” comes to mind. As detailed above, some institutions have lodged successful defenses by establishing administrative protocols that distance them (somewhat) from funds received from students’ parents. Others will no doubt be well served to monitor developments in the law and employ a broad-based strategic offense.

[1] Monique D. Hayes is a partner in the law firm Goldstein & McClintock LLLP. She is co-chair of the ABA Business Law Section Young Lawyer Committee and a member of the ABA Business Law Section Business Bankruptcy Committee, serving as co-chair of the Executory Contracts Subcommittee and a member of the Current Developments Task Force.

[2] In 2014, Debtors Steven and Lori Palladino pled guilty to investment fraud in connection with a Ponzi scheme they orchestrated using their family business, Viking Financial Group. Like many Ponzi schemes, the Palladino’s fraud ensnared friends and business associates as well as vulnerable elderly investors. The Palladinos petitioned for chapter 7 bankruptcy relief prior to pleading guilty to the fraud charges. A trustee was appointed to oversee their bankruptcy proceedings. During the bankruptcy case, the trustee uncovered nearly $65,000 in transfers the Palladinos made to Sacred Heart University, Inc. as tuition payments for their legally adult daughter. The bankruptcy trustee sued the university to avoid and recover the tuition payments as fraudulent transfers.

[3] See In re Sterman, 594 B.R. 229 (Bankr. S.D.N.Y. 2018) (finding debtor’s tuition payments on behalf of nondebtor are avoidable and recoverable by a bankruptcy trustee); In re Knight, 2017 WL 4410455 (Bankr. D. Conn. Sept. 29, 2017) (same); Matter of Dunston, 566 B.R. 624 (Bankr. S.D. Ga. 2017) (same); In re Leonard, 454 B.R. 444 (Bankr. E.D. Mich. 2011) (same); In re Lindsay, 2010 WL 1780065 (Bankr. S.D.N.Y. May 4, 2010) (same). Compare In re Adamo, 582 B.R. 267 (Bankr. E.D.N.Y. 2018) (subsequent history omitted); In re Palladino, 556 B.R. 10 (Bankr. D. Mass. 2016); Shearer v. Oberdick (In re Oberdick), 490 B.R. 687 (Bankr. W.D. Pa. 2013); In re Cohen, 2012 WL 5360956 (Bankr. W.D. Pa. Oct. 31, 2012), rev’d in part on other grounds, 487 B.R. 615 (W.D. Pa. 2013); In re Lewis, 2017 WL 1344622 (Bankr. E.D. Pa. Apr. 7, 2017) (declining to allow avoidance and recovery of tuition payments).

[4] A key concept to grasp is the meaning of the term “avoid” as used in the bankruptcy context. It describes the ability of a trustee to set aside, invalidate, nullify, disregard, or unravel a transfer, transaction, or obligation of a debtor in bankruptcy. As detailed herein, the powers afforded under chapter 5 of the Bankruptcy Code allow the trustee to avoid certain liens, set-aside fraudulent transfers (whether granted through actual or constructive fraud), and claw back.

[5] Most states have enacted a version of the Uniform Voidable Transactions Act (formerly the Uniform Fraudulent Transfers Act) approved by the National Conference of Commissioners on Uniform State Laws. To clarify, most states enacted the predecessor statute, the Uniform Fraudulent Transfers Act. The revised and renamed version has been enacted by some, but not a majority of, states.

[6] Consider, by way of example, the Florida Uniform Fraudulent Transfer Act. See Fla. Stat. 726.101 et seq. Specifically, section 726.105 of the Florida statutes provides, in pertinent part, as follows:

(1) A transfer made or obligation incurred by a debtor is fraudulent as to a creditor, whether the creditor’s claim arose before or after the transfer was made or the obligation was incurred, if the debtor made the transfer or incurred the obligation:

• With actual intent to hinder, delay, or defraud any creditor of the debtor; or
• Without receiving a reasonably equivalent value in exchange for the transfer or obligation, and the debtor:

1. Was engaged or was about to engage in a business or a transaction for which the remaining assets of the debtor were unreasonably small in relation to the business or transaction; or

2. Intended to incur, or believed or reasonably should have believed that he or she would incur, debts beyond his or her ability to pay as they became due.

[7] In the case of Mukamal v. Citibank (In re Kipnis), 555 B.R. 877 (Bankr. S.D. Fla. 2016), the bankruptcy court permitted a trustee to reach back 10 years to unwind a fraudulent transfer by grafting the IRS 10-year statute of limitations.

[8] See Jacobs v. Jacobowitz (In re Jacobs), 394 B.R. 646, 661 (Bankr. E.D.N.Y. 2008); MFS/Sun Lift TrustHigh Yield Series v. Van Dusen Airport Servs. Co., 910 F. Supp. 913, 934 (S.D.N.Y. 1995); Glinka v. Bank of Vt. (In re Kelton Motors, Inc.), 130 B.R. 170, 179 (Bankr. D. Vt. 1991).

[9] The decisional split on the standard of proof is beyond the scope of this article but should be noted in examining actual fraud-based avoidance actions. For more on the issue, see Baldi v. Lynch (In re McCook Metals, L.L.C), 319 B.R. 570 (Bankr. N.D. Ill. 2005). Practitioners and thought leaders have tried to reconcile the issue by establishing pleading standards, revising state statutes and commentary, and limiting to use of the term “fraud” as it relates to avoidance actions. See Uniform Voidable Transfers Act, § 4(a), off. cmt. 10.

[10] In cases where the debtor operated a Ponzi scheme, as did the Palladinos, courts have found actual intent to defraud is presumed to the extent the transfers at issue furthered the Ponzi scheme. See, e.g., Gredd v. Bear, Stearns Secs. Corp. (In re Manhattan Inv. Fund, Ltd.), 359 B.R. 510, 517–18 (Bankr. S.D.N.Y. 2007), aff’d in part, rev’d in part, 397 B.R. 1, 22–26 (S.D.N.Y. 2007).

[11] DeGiacomo v. Sacred Heart Univ., Inc. (In re Palladino), 556 B.R. 10, 16 (Bankr. D. Mass. 2016).

[12] Although this article focuses primarily on cash tuition payments as potential fraudulent transfer targets, it is important to note that the applicable statutes allow challenges to debt obligations (i.e., loans, guarantees, etc.) as well. To the extent colleges and universities accept such obligations from parents, they should be prepared to defend the propriety of the transaction in the event of the parents’ insolvency.

[13] See 11 U.S.C. § 548(a)(1)(B); see also UVTA § 4(1)(b).

[14] Pergament v. Hofstra Univ. (In re Adamo), 582 B.R. 267 (Bankr. E.D.N.Y. 2018), vacated and rem’d on other grounds sub nom., Pergament v. Brooklyn Law Sch., 595 B.R. 6 (E.D.N.Y. 2019); see also Mangan v. University of Conn. (In re Hamadi), 597 B.R. 67 (Bankr. D. Conn. Jan. 31, 2019).

[15] See 11 U.S.C. § 550(b)(1).

[16] In re Hamadi, 597 B.R. at 70.

[17] See How Aid Is Calculated?, Federal Student Aid (last visited Dec. 27, 2019).

[18] Jenna C. MacDonald, Out of Reach: Protecting Parental Contributions to Higher Education from Clawback in Bankruptcy, 34-1 Emory Bankr. Dev. J. 264 (2017).

[19] Protecting All College Tuition Act of 2015, H.R. 2267.

If data is the new gold, every company should be setup like Fort Knox, keeping its customer records locked away from malicious actors. As anyone who has been the victim of identity theft will confirm, however, data protection is nowhere near as watertight as it should be.

According to recent research, the cost of cyber attacks will top $2 trillion in 2019, and around 4 million customer records were stolen every single day in 2018. The effects can be devastating for companies hit by attacks. American Medical Collection Agency is just one example of many, with the medical company filing for bankruptcy within a year after thieves targeted its client records.

Against that backdrop, what is in store for 2020 with respect to data breaches, and how can companies and individuals prepare?

Expect Another Record Year for Data Breaches Worldwide

Companies must be aware that we are passing through a historic peak in the number of attacks and successful data extractions by cyber criminals. The year 2019 looks set to break records for the number of data breaches. As Risk Based Security reports, as of September, the total number of attacks increased by 54 percent over 2018’s total, with some 44.1 billion records exposed. That is a significant rise in assaults on databases and a sign that defenses are struggling to cope.

Will 2020 be any quieter? On the one hand, there are signs that companies are recognizing the scale of the problem. In late 2018, 84 percent of C-level security officers surveyed by Thales eSecurity reported that cybersecurity budgets would rise. In addition, capital has been pouring into cybersecurity startups, prompted by concerns from Amazon and Facebook. However, at least 33 percent of small businesses in the UK reportedly have no cybersecurity strategy, and more than 50 percent have no systems in place to understand whether their security measures actually work. Thus, there is a cultural issue that will make life much easier for data thieves.

E-mail Addresses Will Likely Continue to Be Prime Targets

Assuming data breaches continue to increase, what are thieves likely to target the most? In 2019, the major target was personal e-mails, which accounted for around 70 percent of the data extracted. That is no surprise; e-mail addresses are gold dust for phishers and fraudsters, who can use them as leverage to take out credit cards and carry out elaborate identity thefts. They are also handy for phishers who seek to take over contact lists to spam their messages or even to gain access to online banking and social media platforms.

No Sector Will Be Safe From Data Breaches

If 2019’s shocking history of data breaches proved anything, it is that no company is secure from data theft. The news may have been dominated by massive data losses from financial giants like First American Financial (885 million records), or Facebook leaking hundreds of millions of records in two separate incidents, but plenty of less prominent companies have fallen victim.

The year began with a vast Fortnite data breach, when 200 million gamers were affected. After that, all kinds of companies were afflicted. From photo-sharing site 500px and the Family Locator app, to Bodybuilding.com and Canva’s online design tools, thieves are happy to pick a diverse range of targets.

In 2020, any app or small company could become a victim, making it imperative for smaller businesses to take action. Even simple controls like a VPN shield could be the difference between leaking vital customer records and serene, hassle-free operations. Whatever they do, companies cannot fall into complacency. Data leaks are not just about the big boys; they are something about which every business must worry.

Anticipate More Inventive Attacks as 2020 Unfolds

Another key takeaway to prepare for 2020 is that the diversity of data breaches is increasing as hackers find older techniques less effective and resort to more innovative methods. For example, 2019 saw an uptick in Magecart-style attacks, which uses JavaScript injection to hijack online payment portals, extracting credit-card and identity details via a keylogger. In one episode, a group of attackers used Magecart to target 962 online stores in just 24 hours.

Magecart is not alone. Expect credential stuffing attacks to rise in 2020, as attackers use the credentials stolen in previous thefts to brute force other, more lucrative databases. In addition, be alert for new ways of weaponizing .pdf attachments or infecting browser extensions with malware.

Expect Successful Companies to Proactively Tackle Data Breaches

Finally, 2020 will see companies thrive if they take data loss seriously. No company can be totally immune from data thefts, but those that create a culture of security and train staff to avoid human error will have a significant advantage. The same applies for companies that enforce VPN usage for remote workers and use encryption and authentication across the board.

Look out for new analytical tools in 2020, with suppliers offering real-time data theft protection, and pay attention to data-flow mapping tools, which can use AI to map potential vulnerabilities. Both products offer extra reassurance in an increasingly hostile environment.

Act Now to Protect Against 2020’s Worst Data Breaches

Preparation for data breaches is non-negotiable. Companies that fail to prepare can expect significant financial costs, lost customers, legal nightmares, and in many cases, complete failure.

Fortunately, there are a few good ways to minimize the risks of data breaches. First, investing in password security via training and routine use of encrypted password managers is a good idea. Making multifactor authentication mandatory for access to key databases is also advisable, and auditing all hardware for potential vulnerabilities should be carried out on a regular basis.

Additionally, it makes a lot of sense to make VPN usage part of corporate culture. VPNs secure remote devices, which are becoming more and more common in modern companies, and encrypt data passing into and out of servers, making databases harder to access.

Choosing a solid VPN is vital, so take time to assess the pros and cons of leading players like ExpressVPN or NordVPN.

The year 2020 looks set to be another banner year for data breaches, so buckle up, take what precautions you can, and stay tuned for more spectacular attacks as the new year begins.

The Securities and Exchange Commission recently proposed to simplify crucial corporate disclosures regarding legal proceedings and risk factors by moving toward a more principles-based approach; yet, the SEC continues to pursue big-dollar enforcement actions that offer filers little clarity about what precisely constitutes accurate disclosure of their risk factors.

Weighing materiality and the potential for liability are traditionally hazy areas that have tripped up a number of companies, including most recently:

• Mylan NV, which agreed to pay $30 million because it calculated as “remote” rather than “reasonably possible” the likelihood that a government investigation would impose a substantial liability on the company
• Facebook, which in using of the word “may” rather than “have” in its risk-factor disclosures about customer data likely cost the company $100 million
• Altaba Inc. (formerly known as Yahoo!), which reached a $35 million settlement last year with the SEC for its tardy disclosure of a data breach

These settlements all point to a heightened focused on analyses of materiality and probability in SEC risk-factor disclosures, which often hinge on standards that are subject to wide variances of interpretation: Is the risk material? Is the liability probable? Is the fact significant? How is a company supposed to communicate to shareholders about the likelihood of adverse consequences?

Slippery Standards

The SEC offers guidance on disclosure descriptions and best practices in performing analysis, but the way in which courts and the SEC have applied the standards has often confounded filers. It may seem black or white to a class-action plaintiff or the SEC looking in hindsight to determine whether a data breach occurred or whether litigation risk should have been more definitive. However, companies answering these questions in real time must pick through numerous cyber incidents and litigation filings to decide which demand disclosure.

In August, the SEC proposed modernizing risk-factor disclosures with the stated intention of improving information available to investors and simplifying compliance for registrants. If finalized as proposed, the disclosure threshold would change from “most significant” to “material” factors. It is far from certain, though, that the new standard would offer brighter lines to filers assessing whether and how to describe unclear scenarios.

Murky Materiality

The Facebook case is an example of how a materiality analysis can be viewed in one way by the company in real time and another way by a regulator in hindsight. For example, the SEC took issue with a disclosure that read, “our users’ data may be improperly accessed, used or disclosed” (emphasis added). The disclosure continued in the same form even after the company became aware that such a breach had in fact occurred. According to the co-director of the SEC’s enforcement division, that meant the company had “presented the risk of misuse of user data as hypothetical when they knew user data had in fact been misused.” Although the SEC repeatedly emphasized materiality in its announcement of the settlement, the staff did not address the specific data breach considerations that should have resulted in a different materiality call. We also do not know the exact materiality considerations that Facebook went through in determining its disclosures.

Determining whether an “event” is material—and required to be disclosed—typically involves undertaking an analysis under SEC Staff Accounting Bulletin No. 99. This 20-year-old standard requires both quantitative and qualitative considerations. Auditors often use five to ten percent of net income as a rule-of-thumb cutoff for a quantitative materiality threshold. However, even that seemingly straightforward accounting practice is packed with many caveats requiring the consideration of numerous inputs that could potentially nullify the initial conclusion. For example, an initially immaterial netted result could become material when reviewed in isolation, whereas similar reliance on a commonplace accounting precedence or on industry practices could inappropriately mask an otherwise material event.

Qualitative analysis is even more complex. To develop risk factors, public companies must assess a list of considerations that is so extensive that it requires its own chapter in the applicable concept note issued by the Financial Accounting Standards Board. Considerations include a mishmash of terminology: estimate imprecisions, masked trends, analyst expectations, misleading impressions, significant segments, contractual requirements, executive compensation, and lawfulness. Even highly experienced accountants, disclosure counsel, and subject-matter experts struggle to apply theoretical generally accepted accounting principles to practical real-world events.

Despite the imprecision in materiality analysis, companies can put themselves in as defensible a position as possible by ensuring the inclusion of subject-matter experts in drafting and reviewing relevant disclosures. Board members, in-house and outside counsel, and consultants well versed in weighing the appropriate considerations must collaborate with subject matter experts as well, and all participants should be empowered to apply those assessments in an impartial manner.

Probable Probability

The Mylan case is a warning to companies that rely on the uncertainties of litigation and investigation to omit loss disclosures and accruals. In its complaint, the SEC mentioned tolling agreements four times, signaling that in the SEC’s view, entering into a tolling agreement means the company has determined an adverse outcome is no longer just “remote,” but now “reasonably possible and probable.” The SEC’s enforcement division emphasized that it is “critical that public companies accurately disclose material business risks and timely disclose and account for loss contingencies that can materially affect their bottom line.”

Evaluating a loss contingency typically falls under SEC Regulation S-K and its FASB counterpart, Accounting Standards Codification 450 (with roots in FAS 5). This guidance requires that an estimated loss from a contingency be recognized if a liability has been incurred as of the date of the financial statements and the amount can be reasonably estimated. Further complicating matters, companies may still need to disclose loss contingencies that do not meet the recognition criteria.

Public companies often associate this standard with “significant litigation” disclosure obligations. In reality, though, the standard applies more broadly to any loss contingency, including asset impairment, product injury, property damage, asset expropriation, and assessments. A separate test under the same standard applies to less common gain contingencies as well.

Companies then face the daunting task of categorizing pending legal matters, whether litigation or investigations, as remote, reasonably possible, or probable. The harsh reality is that depending on the stage of litigation, none of the descriptions may be completely appropriate. Even during negotiations, the initial gap between settlement offers can range in the tens of millions of dollars, leaving a significant possibility that the matter continues to trial without settling at all. Forcing a disclosure that puts a dollar figure on a specific matter in advance of a settlement also puts the company in a weak negotiating position. In addition, during a government investigation, a company often has an extremely limited view of the outcome the enforcement attorney is seeking, whether it be a settlement, a penalty, or a fine.

To Be Continued . . .

A further word of caution: Disclosure analyses do not end upon arriving at a final materiality or liability disclosure determination. If such evaluations affirm a material risk or reasonably probable liability, simply disclosing it is not always sufficient—the risk must be remediated. In October 2019, the SEC held an administrative proceeding against Northwestern Biotherapeutics for “internal control weaknesses” related to the supervision of accounting operations. The company had concluded that the weaknesses were material and publicly disclosed them in its risk factors, but the SEC found that the company failed to remediate in a timely manner the weaknesses it repeatedly identified in its risk factors.

The SEC’s latest move toward principles-based disclosure notwithstanding, the actual enforcement message to SEC filers on materiality, liability disclosures, and accruals is a fairly ominous one.

As chairs of the ABA’s Private Target Mergers & Acquisitions Deal Points Study (the Private Target Deal Points Study), we are pleased to announce that we published the latest iteration of the study to the ABA’s website in early December 2019.

Congratulations! But Wait. What Exactly Is This Private Target Deal Points Study, Anyway?

The Private Target Deal Points Study is a publication of the Market Trends Subcommittee of the Business Law Section’s M&A Committee. It examines the prevalence of certain provisions in publicly available, private target M&A transactions during a specified time period. The Private Target Deal Points Study is the preeminent study of M&A transactions, widely utilized by practitioners, investment bankers, corporate development teams, and other advisors.

The 2019 iteration of the Private Target Deal Points Study analyzes publicly available definitive acquisition agreements for transactions executed and/or completed either during calendar year 2018 or during the first quarter of calendar year 2019. In each case, the transaction involved a private target acquired by a public buyer, with the acquisition material enough to that public buyer for the Securities and Exchange Commission to require public disclosure of the applicable definitive acquisition agreement.

The final sample examined by the Private Target Deal Points Study is made up of 151 definitive acquisition agreements and excludes agreements for transactions in which the target was in bankruptcy, reverse mergers, divisional sales, and transactions otherwise deemed inappropriate for inclusion.

Although the deals in the Private Target Deal Points Study reflect a broad array of industries, the technology and healthcare sectors together made up approximately 40 percent of the deals. Asset deals comprised 5.3 percent of the study sample, with the remainder either equity purchases or mergers.

Of the Private Target Deal Points Study sample, 34 deals signed and closed simultaneously, whereas the remaining 117 deals had a deferred closing some time after execution of the definitive purchase agreement.

The transactions analyzed in the Private Target Deal Points Study were in the “middle market,” with purchase prices ranging between $30 million and $750 million; purchase prices for most deals in the data pool were below $200 million.

The Private Target Deal Points Study Sounds Great! How Can I Get a Copy?

All members of the M&A Committee of the Business Law Section received an e-mail alert from Jessica Pearlman with a link when the study was published. If you are not currently a member of the M&A Committee but do not want to miss future e-mail alerts, committee membership is free to Business Law Section members, and you can sign up on the M&A Committee’s homepage.

The published 2019 Private Target Deal Points Study is available for download by M&A Committee members from the Market Trends Subcommittee. Also available are the most recently published versions of the other studies published by the Market Trends Subcommittee, including the Canadian Public Target M&A Deal Points Study, Carveout Transactions M&A Deal Points Study, and Strategic Buyer/Public Target M&A Deal Points Study.

How Does the 2019 Private Target Deal Points Study Differ from the Prior Version?

The 2019 version of the Private Target Deal Points Study has a number of features that differentiate it from prior iterations.

• Data in the 2019 version of the Private Target Deal Points Study is more current. The 2019 version of the Private Target Deal Points Study includes not only 2018 transactions, but also transactions from the first quarter of 2019.
• The 2019 version of the Private Target Deal Points Study contains new data points. The 2019 version of the Private Target Deal Points Study includes new data points throughout, including three new representations on #MeToo, data privacy, and cybersecurity. There are other new data points scattered throughout the study with “new data” flags (like the sample shown below) to make them easy to spot:
• The 2019 version of the Private Target Deal Points Study includes more correlations. Representations and warranties insurance (RWI) is changing the M&A game, and we are keeping score. We have added a number of data points to our correlations with deals that reference RWI and deals that do not.

Please join us in extending a hearty thank you to everyone who worked so hard on this study, from leadership to advisors to issue group leaders to the working groups, all of whom are listed in the credits pages.

For more information, register for the In the Know webinar, during which the chairs and issue group leaders will provide analysis and key takeaways from the results of the Private Target M&A Deal Points Study, on April 16, 2020, from 1:00 p.m. to 2:30 p.m. (ET).

The U.S. Supreme Court recently narrowed the circumstances under which a court will defer to an agency’s interpretation of its own regulation. In Kisor v. Wilkie, the Court considered whether to overturn a line of precedent that requires courts to defer to the agency’s interpretation unless it is “plainly erroneous or inconsistent with the regulation.”[1] Although all of the justices agreed to uphold this so-called Auer deference, Kisor may render agencies’ deference “maimed and enfeebled,” at least according to one justice’s concurring opinion. It may also provide banking organizations with new methods to encourage agencies to engage in more open, transparent, and careful decision making.

The Lead-Up to Kisor

History of the Auer Deference

In 1945, the Supreme Court established a fundamental principle of administrative law that, where “the meaning of the words [of an agency’s regulation] is in doubt,” the agency’s interpretation of the regulation “becomes controlling weight unless it is plainly erroneous or inconsistent with the regulation.”[2] The principle came to be applied in a mechanical and highly deferential manner beginning in the 1960s and 1970s with the rise of the administrative state.[3] Although certain Supreme Court justices cast some doubt on its continuing viability in the early 1990s,[4] the Court’s 1997 Auer v. Robbins opinion has generally been seen as reaffirming that an agency’s interpretation should be controlling “unless plainly erroneous or inconsistent with the regulation.”[5]

Significance of Auer Deference through the Years

Auer deference appears to make a difference in outcome. An empirical study of over 1,000 Supreme Court cases found that the Court upheld an agency’s interpretation of its own regulations 91 percent of the time.[6] A similar review of district court and circuit court cases found that the lower courts upheld agency interpretations of agency rules 76 percent of the time.[7] However, the Court in recent years has discussed limits to Auer deference,[8] and more recent empirical analysis has demonstrated a decline in deference to agency interpretations of regulations.[9]

Relevance to Chevron Deference

Auer deference is different and less well-known than “Chevron deference.” In short, application of the doctrines depends on whether the agency interpretation is of a regulation or a statute. Whereas Auer deference may apply to an agency’s interpretation of its own regulations,[10] Chevron deference may apply to an agency’s interpretation of statutes for which it has authority to make rules.[11] Under Chevron, courts will adopt an agency’s interpretation if the statute is ambiguous and the agency’s interpretation is reasonable.[12] Auer and Chevron deference share many similarities; therefore, Kisor could provide insight into the future of Chevron deference. However, Kisor does not purport to directly affect Chevron deference, with two of its concurring opinions explicitly noting that Kisor does not “touch upon” Chevron.[13]

Kisor’s Test

Drawing from the Court’s earlier discussions of the limitations of Auer deference, Kisor sets forth a multifactor test that an agency’s interpretation must pass in order to receive such deference.

• Is the regulation “genuinely ambiguous”? Under Kisor, a court should not apply Auer deference unless a regulation is “genuinely ambiguous.”[14] Although ambiguity has always been a requirement for deference, Kisor provides that a court may make this determination only after exhausting “all the traditional tools of construction,” including the “text, structure, history and purpose of the regulation.”[15] The Court noted that “hard interpretive conundrums, even those related to complex rules, can often be solved” and that a court’s independent, careful consideration of the issue will make Auer deference inappropriate for “many seeming ambiguities.”[16]
• Is the agency’s interpretation reasonable? The interpretation offered by the agency also must fall within the “zone of ambiguity” the court has identified in considering whether the regulation was genuinely ambiguous. In other words, the court’s analysis in the step above not only determines whether a regulation is ambiguous, but also determines the range of reasonable interpretations. Kisor adjures that there should “be no mistake: That is a requirement an agency can fail.”[17]
• Does the “character and context” of the interpretation entitle it to deference? In order to grant Auer deference, the court must also determine that the “character and context” of the interpretation warrants deference. In other words, the court must decide whether is it appropriate to presume that Congress would have wanted the agency to resolve the particular interpretive issue presented.[18] The Court gave “some especially important markers” under this inquiry and noted other considerations could be relevant.[19]
• Was the interpretation actually made by the agency? Kisor explains that the interpretation must be the agency’s “authoritative or official position” in order to receive deference.[20] Although this standard encompasses more than just interpretations directly approved by the head of the agency (g., official staff memoranda published in the Federal Register), it does not include every memorandum, speech, or other pronouncement from agency staff.[21] The interpretation “must at the least emanate from those actors, using those vehicles, understood to make authoritative policy.”[22]
• Does the interpretation implicate the agency’s substantive expertise? The Court explained that, generally, agencies have a nuanced understanding of the regulations they administer, such as when a regulation is technical or implicates policy expertise.[23] However, deference may not be warranted where an interpretive issue “falls more naturally into the judge’s bailiwick,” such as a common law property term or the award of attorney’s fees.[24]
• Does the interpretation reflect the “fair and considered judgment” of the agency? Deference also may not be warranted where the agency interpretation creates “unfair surprise,” such as when the interpretation conflicts with its prior interpretation or imposes retroactive liability for long-standing conduct that the agency had never before addressed.[25] Similarly, agency interpretations that are “post hoc rationalizatio[ns] advanced to defend past agency action” should not be afforded deference.[26]

Kisor’s Potential Implications

Kisor’s effect on banking agencies and banking organizations remains to be seen as few cases have yet applied Kisor’s test to an agency interpretation.[27] It is also unclear whether and to what extent Kisor will affect how agencies interpret their own regulations. On the one hand, the potential additional scrutiny of a court may not deter an agency (or its staff) from making questionable interpretations of regulations simply because of the historically low likelihood of banking organizations challenging these agencies in court.[28] On the other hand, Kisor has the potential to affect the agencies and their interactions with banking organizations in a number of significant ways.

Improve Quality of Agency Interpretations and Regulations

Kisor could improve the quality of agency interpretations of regulations (as well as the regulations themselves) for a number of reasons. First, agencies may be more likely to issue interpretations through the head(s) of the agency or other authoritative or official processes, thereby subjecting them to additional review, so that the interpretation can clearly meet the “authoritative or official position” aspect of the Kisor test. Second, the additional rigor of other aspects of the Kisor test may encourage agencies to more carefully consider their interpretations of regulations. Third, agencies may be more willing to consider banking organizations’ views of the meaning of regulations and their underlying rationale prior to issuing official interpretations (through requests for interpretations or otherwise). Kisor should be seen as giving those outside the agencies a greater role in analyzing interpretive questions; the opinion makes clear that an agency’s views regarding the text, structure, history, and policy of the regulation are not the only ones that matter. Rather, these issues are considered independently—as if there were “no agency to fall back on.”[29] Fourth, an agency may be more reluctant to offer interpretations that are likely to fail the Kisor test, such as those that would “unfair[ly] surprise” banking organizations or for which the agency has no particular expertise. Finally, Kisor also appears to decrease any agency’s incentive to issue open-ended or otherwise ambiguous regulations, as it now should be less likely that the agency would receive Auer deference for its interpretation of such a regulation.[30]

Encouraging Notice and Comment Rulemakings

Kisor also could be seen as further cabining an agency’s ability to create binding requirements outside of the Administrative Procedure Act’s rulemaking process.[31] The banking agencies recently have acknowledged that, although law and regulations have the force and effect of law, “supervisory guidance” does not.[32] In other words, supervisory guidance may not be phrased in terms of binding requirements, and an agency may not treat the guidance as if it were binding.[33] However, agency interpretations, like the regulations they interpret, may be phrased as binding requirements and treated as binding.[34]

Of course, agencies are aware of this distinction and may use it to impose binding requirements on banking organizations, sometimes by characterizing statements that appear to be supervisory guidance as interpretations. For example, in a bank’s appeal of a cease-and-desist order issued by the FDIC, the 9th Circuit disagreed with the bank’s argument that the FFIEC’s BSA/AML Examination Manual[35] could not impose legal obligations on the bank, and found that the manual was an interpretation of the FDIC’s regulations entitled to Auer deference.[36] The Kisor test may have led the 9th Circuit to reach a different outcome because the test would have required the court to engage in a much more careful analysis of this question than the two paragraphs the 9th Circuit afforded it.[37] In other words, Kisor’s additional constraints on deference should make it more difficult for agencies to successfully impose binding requirements by issuing interpretations of regulations or characterizing supervisory guidance as an interpretation of a regulation.

The impact of a new Supreme Court case can be easy to overstate, and Kisor may be no exception to this general rule. However, the Kisor test and the Court’s underlying rationale do at least appear to provide new methods to encourage the banking agencies to engage in more open, transparent, and rigorous consideration of interpretive questions.

[1] Kisor v. Wilkie, 588 U.S. __ (2019); see also Bowles v. Seminole Rock & Sand Co., 325 U.S. 410, 414 (1945).

[2] Seminole Rock, 325 U.S. at 414. Even if the court finds that an agency’s interpretation should not be given controlling weight under Auer (or Chevron, discussed below), a court may nonetheless uphold the agency’s interpretation if it finds the interpretation persuasive. This “power to persuade,” generally referred to as “Skidmore deference,” considers factors such as a thoroughness of the agency’s consideration, the validity of its reasoning, and its consistency with earlier and later pronouncements. See, e.g., Skidmore v. Swift & Co., 323 U.S. 134, 141–42 (1944). Some have argued that this weaker form of deference represents no deference at all. Colin S. Diver, Statutory Interpretation in the Administrative State, 133 U. Pa. L. Rev. 549, 565 (Mar. 1985) (“Of course, the ‘weight’ assigned to any advocate’s position is presumably dependent upon the ‘thoroughness evident in its consideration’ and the ‘validity of its reasoning.’ . . . The argument’s pedigree adds nothing to the persuasive force inherent in its reasoning.”).

[3] See Sanne H. Knudsen & Amy J. Wildermuth, Unearthing the Lost History of Seminole Rock, 65 Emory L.J. 47 (2015).

[4] Thomas Jefferson University v. Shalala, 512 U.S. 504, 525 (Thomas, J., dissenting); Shalala v. Guernsey Memorial Hosp., 514 U.S. 87, 108–09 (1995) (O’Connor, J. dissenting).

[5] See, e.g., Kristen E. Hickman & Richard J. Peirce, Jr., Admin. L. Treatise 353 (6th ed. 2019).

[6] William N. Eskridge, Jr. & Lauren E. Baer, The Continuum of Supreme Court Treatment of Agency Statutory Interpretations from Chevron to Hamdan, 96 Geo. L.J. 1083 (2008).

[7] Richard J. Pierce, Jr. & Joshua Weiss, An Empirical Study of Judicial Review of Agency Interpretations of Agency Rules, 63 Admin. L. Rev. 515 (2011).

[8] See Christopher v. Smithkline Beecham Corp., 567 U.S. 142 (2012); Talk America, Inc. v. Michigan Bell Tel. Co., 564 U.S. 50 (2011).

[9] Cynthia Barmore, Auer in Action: Deference After Talk America, 76 Ohio State L.J. 813 (2015).

[10] Although Auer deference generally does not apply to an agency’s interpretation of another agency’s regulations, the D.C. Circuit has held that Auer deference may apply to one agency’s interpretation of another’s rules if Congress had reassigned responsibility for implementing the statute on which the rule was based from the other agency to the first agency. Amerada Hess Pipeline Corp. v. Fed. Energy Regulatory Comm’n, 117 F.3d 596 (D.C. Cir. 1997).

[11] See, e.g., United States v. Mead Corp., 533 U.S. 218, 231–34 (2001).

[12] Chevron U.S.A. v. Nat. Res. Def. Council, Inc., 468 U.S. 837, 842–43 (1984).

[13] Kisor, slip op. at 2 (Roberts, C.J., concurring in part); id., slip op. at 2 (Kavanaugh. J., concurring in judgment).

[14] Id., slip op. at 13–14.

[15] Id., slip op. at 14.

[16] Id.

[17] Id.

[18] Id., slip op. at 15.

[19] Id.

[20] Id.

[21] Id., slip op. at 16.

[22] Id.

[23] Id., slip op. at 17.

[24] Id.

[25] Id., slip op. at 18.

[26] Id., slip op. at 17.

[27] At least three lower court cases applying the Kisor test do not defer to the agency interpretation in question whereas at least another two cases do. Wolfington v. Reconstructive Orthopaedic Assocs. II PC, 935 F.3d 187 (3d Cir. 2019); Romero v. Barr, 937 F.3d 282 (4th Cir. 2019), reh’g denied (Oct. 29, 2019); Am. Tunaboat Ass’n v. Ross, 391 F. Supp. 3d 98 (D.D.C. 2019);N. Carolina Div. of Servs. for Blind v. United States Dep’t of Educ., No. 1:17CV1058, 2019 WL 3997009 (M.D.N.C. Aug. 23, 2019), report and recommendation adopted sub nom. State of N. Carolina v. United States Dep’t of Educ., Rehab. Servs. Admin., No. 1:17CV1058, 2019 WL 4773496 (M.D.N.C. Sept. 30, 2019); Belt v. P.F. Chang’s China Bistro, Inc., 401 F. Supp. 3d 512 (E.D. Pa. 2019).Of the three cases that do not defer, the agency interpretations most commonly failed the “genuinely ambiguous” and “unfair surprise” inquiries. Courts’ characterizations of the impact of the Kisor test have also been mixed. See, e.g., Spears v. Liberty Life Assurance Co. of Bos., No. 3:11-CV-1807 (VLB), 2019 WL 4766253 (D. Conn. Sept. 30, 2019) (“Kisor did not change anything about Auer, but merely explained its application”); Devon Energy Prod. Co., L.P. v. Gould, No. 16-CV-00161-ABJ, 2019 WL 6257793 (D. Wyo. Sept. 11, 2019) (“The Court [in Kisor] chose to restrict the Auer doctrine rather than abolish it.”).     

[28] Similarly, agencies may choose to cast their interpretations of regulations as interpretations of the underlying statute, which would subject the interpretation to the test for Chevron deference rather than the Kisor test.  As one state supreme court justice recently noted, “Not long ago, the distinction [between Chevron deference and Auer deference] might not matter in a case like this one, because Auer was generally understood to give even more deference to agency interpretations of rules than is accorded to agency interpretations of statutes under Chevron. … The upshot of that shift [due to Kisor] is that while courts previously could have been insensitive to whether the implicit agency interpretation of a statute that they were deferring to under Chevron was actually an implicit interpretation of a rule—because even if it were, deference would be required anyway—accepting that uncertainty is no longer an option. Given that Auer and Chevron have different, non-coextensive limits, it cannot be appropriate to defer to an agency’s implicit interpretation under Chevron unless it is either clear that the agency really is interpreting a statute, or, at a minimum, that the agency’s interpretation would be owed deference under Auer and Kisor even if the agency were interpreting a rule.” E. Or. Mining Ass’n v. Dep’t of Envtl. Quality, 445 P.3d 251, 278 (Or. 2019) (Balmer, J. dissenting).  The justice clarified that “[n]ow, Auer’s own application having been restricted, we should not use Chevron to avoid Kisor’s limitations.”  Id. at 278 fn. 4.

[29] Id., slip op. at 14.

[30] As the Court noted earlier, Auer deference “creates a risk that agencies will promulgate vague and open-ended regulations that they can later interpret as they see fit, thereby frustrat[ing] the notice and predictability purposes of rulemaking.” Christopher, 564 U.S. at 158. In Kisor, Justice Kagan, joined by Justices Ginsburg, Breyer, and Sotomayor, argues that this criticism of Auer has notable empirical and theoretical weaknesses. Kisor, slip op. at 24–25.

[31] See also Gregg Rozansky, SCOTUS Ruling on the Dept. of Veterans Affairs Regulation Has Implications for the Banking Industry and Supervisors, Bank Policy Institute Blog, June 28, 2019.

[32] Interagency Statement Clarifying the Role of Supervisory Guidance (Sept. 11, 2018) [hereinafter Guidance on Guidance).

[33] See, e.g., U.S. Telephone Ass’n v. Fed. Commc’n Comm’n, 28 F.3d 1232 (D.C. Cir. 1994); Community Nutrition Institute v. Young, 818 F.2d 943 (D.C. Cir. 1987); Pac. Gas & Electric Co. v. Federal Power Commission, 506 F.2d 33 (D.C. Cir. 1974).

[34] The ability to bind courts under Auer deference without notice and comment, Justice Gorsuch argues, “subverts the [Administrative Procedure Act]’s design.” Kisor, slip op. at 18 (Gorsuch, J., concurring in judgment).

[35] As noted by the 9th Circuit, the FDIC itself had characterized the manual as containing the agency’s “supervisory expectations.” FDIC, Financial Institution Letter 17-2010 (Apr. 29, 2010); compare Guidance on Guidance, at 1 (“Unlike a law or regulation, supervisory guidance does not have the force and effect of law, and the agencies do not take enforcement actions based on supervisory guidance. Rather, supervisory guidance outlines the agencies’ supervisory expectations or priorities and articulates the agencies’ general views regarding appropriate practices for a given subject area.”) (emphasis added).

[36] Cal. Pac. Bank v. Fed. Deposit Ins. Co., 885 F.3d 560, 573–75 (9th Cir. 2018).

[37] For example, it is not clear that the 9th Circuit would have concluded, based on its independent analysis of the text, structure, history, and purpose of the FDIC’s regulation, that the FFIEC BSA/AML Examination Manual is within the range of reasonable interpretations that the court identified in its analysis, or that the “character and context” of the Manual warranted deference. See, e.g., Kisor, slip op. at 16 (“So the basis for deference ebbs when the subject matter . . . falls within the scope of another agency’s authority.”) (internal quotations omitted).