On Friday, June 22, 2018, the Supreme Court issued its much-anticipated opinion in Carpenter v. United States, 585 US. __ (2018), and declared a Fourth Amendment privacy right for cell phone location data. Seeing how “seismic shifts” in technology have altered our conceptions of privacy, the court revised its long-held “reasonable expectation of privacy” test and ruled that police obtaining cell site location information (CLSI) records from a person’s cell phone service provider constitutes a Fourth Amendment “search” requiring a warrant.

The case involved a string of nine robberies in Michigan and Ohio. One man arrested early on for several of these robberies confessed to the crime spree and identified a number of accomplices, giving the police their cell phone numbers. The police then obtained court orders under section 2703(d) of the Stored Communications Act (SCA) to require their cell phone service providers to share historical CLSI records for these cell phones from the four-month period of the robberies. (Section 2703(d) enables the government to seek a court order requiring disclosure of certain “noncontent” business records from an electronic communications service provider upon presenting “specific and articulable facts showing that there are reasonable grounds to believe that . . . the records or other information sought[] are relevant and material to an ongoing criminal investigation.” 18 U.S.C. § 2703(d).) In general, cell phone service providers maintain a vast network of towers with sensors mounted on top (usually three sensors forming a triangle) that send and receive radio signals to and from people’s cell phones when they make or receive calls, text messages, or otherwise transmit data over the cellular network. The providers maintain a record of which tower and sensor—or “cell site”—was used whenever a cell phone makes or receives a call or text message. By analyzing such business records, the police can infer the approximate location of the cell phone at the time of the call or text message. In the Carpenter case, the historical CLSI records obtained by the police indicated that Carpenter’s cell phone was near four of the charged robberies when they were committed. He was convicted of multiple robbery charges following a trial and then appealed.

Writing for the court, Chief Justice Roberts reasoned that CSLI records do not “fit neatly under existing precedents” and instead lie at the “intersection of two lines of cases” about the scope of a person’s reasonable expectation of privacy protected by the Fourth Amendment. Id. at *7. On one hand, there is the third-party doctrine established by Smith v. Maryland, 442 U.S. 735 (1979) (no reasonable expectation of privacy in records of dialed telephone numbers held by a telephone company) and United States v. Miller, 425 U.S. 435 (1976) (no reasonable expectation of privacy in financial records held by a bank). Under that doctrine, “‘a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties,’” id. at *9 (quoting Smith, 442 U.S. at 743–44), and “[t]hat remains true ‘even if the information is revealed on the assumption that it will be used only for a limited purpose,’” id. (quoting Miller, 425 U.S. at 443).

On the other hand, there are the court’s cases about police use of “sophisticated technology” to track the location and movements of a vehicle, including United States v. Knotts, 460 U.S. 276 (1983) (use of a beeper hidden inside a barrel of chemicals sold to the suspect to help police conduct aerial surveillance of his vehicle) and United States v. Jones, 565 U.S. 400 (2012) (covert installation of a GPS tracking device on a suspect’s vehicle that enabled police to remotely monitor its movements for 28 days). These decisions address what Chief Justice Roberts called “a person’s expectation of privacy in his physical location and movements.” Carpenter at *7. Although finding no Fourth Amendment violation in Knotts because generally a vehicle’s public movements implicate no privacy interest, the court specifically reserved the question of whether “different constitutional principles may be applicable” if “twenty-four hour surveillance of any citizen of this country [were] possible.” Knotts, 406 U.S. at 283–84. More recently, although the Fourth Amendment violation found by the Jones decision was premised on the act of trespass when police installed the GPS tracking device, five concurring Justices concluded agreed that “‘longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy’—regardless whether those movements were disclosed to the public at large.” Carpenter at *8 (quoting Jones, 565 U.S. at 430 (Alito, J., concurring); Jones, 656 at 415 (Sotomayor, J., concurring)).

In the face of these two competing lines of cases, the court elected to continue down the path indicated by the Jones concurring opinions, declaring, “[w]hether the Government employs its own surveillance technology as in Jones or leverages the technology of a wireless carrier, we hold that an individual maintains a legitimate expectation of privacy in the record of his physical movements as captured through CSLI.” Carpenter at *11. The court noted that after the Jones decision, five Justices had “already recognized that individuals have a reasonable expectation of privacy in the whole of their physical movements.” Id. at *12. In the Carpenter decision, the court simply adopted their reasoning about long-term GPS monitoring—namely, that such precise and lengthy location monitoring contravenes society’s expectations about the degree of physical surveillance to be expected from law enforcement, and that such comprehensive location records can uncover a person’s most private affairs. “As with GPS information,” the court explained, “the time-stamped [CSLI] data provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.’” Id. at *12 (quoting Jones, 565 U.S. at 415 (Sotomayor, J., concurring)).

Finally, Carpenter distinguished the third-party doctrine from Smith and Miller by emphasizing “the deeply revealing nature of CSLI, its depth, breadth, and comprehensive reach, and the inescapable and automatic nature of its collection.” Id. at *22. On this last point, the court reasoned that CSLI records “[are] not truly ‘shared’ as one normally understands the term” because they are generated “by dint of [the cell phone’s] operation, without any affirmative act on the part of the user beyond powering up,” and now “cell phones and the services they provide are ‘such a pervasive and insistent part of daily life’ that carrying one is indispensable to participation in modern society.” Id. at *17 (quoting Riley v. California, 134 S. Ct. 2473, 2484 (2014)). The court added: “After all, when Smith was decided in 1979, few could have imagined a society in which a phone goes wherever its owner goes, conveying to the wireless carrier not just dialed digits, but a detailed and comprehensive record of the person’s movements.” Id. at *11.

Chief Justice Roberts’s majority opinion claims that “[o]ur decision today is a narrow one” relating only to historical CSLI records. Id. at *17. However, the implications of this decision are manifold and far-reaching. Whereas previously this line of cases consisted of Knotts dicta and Jones concurring opinions, now the court has firmly declared that “individuals have a reasonable expectation of privacy in the whole of their physical movements” that will be protected from police intrusion by the Fourth Amendment. Id. at *12. In addition, whereas the Jones concurrence focused on “longer term GPS monitoring,” the Carpenter decision provided no clear guidance on the duration of the time period of cell phone location data that is protected by this Fourth Amendment right. What is more, the court applied its ruling to historical CSLI records that had been originally collected and maintained by a private company for its own commercial purposes. Before now, private surveillance or data collection (even unlawful wiretapping) that had not been conducted at the government’s behest was considered to be beyond the scope of the Fourth Amendment, which applies only to government searches and seizures. See United States v. Jacobsen, 466 U.S. 109, 113–14 (1984). Thus, Carpenter disrupted more than just the third-party doctrine of Smith and Miller.

Ultimately, Carpenter may have even greater implications for Fourth Amendment jurisprudence. In the seminal decision of Katz v. United States, 389 U.S. 347 (1967), the court overruled earlier case law that limited Fourth Amendment protection to police trespassing upon one’s property, and declared that the Fourth Amendment also protects a person’s reasonable expectation of privacy. In what became settled law, this “expectation of privacy” test required “that a person has exhibited an actual (subjective) expectation of privacy . . . that society is prepared to recognize as ‘reasonable.’” Id. at 361 (Harlan, J., concurring). At a basic level, this involved “draw[ing] a line between what a person keeps to himself and what he shares with others.” Carpenter at *9. Although the Carpenter court invoked the Katz test like always, its decision actually moved away from this classic analysis and embarked upon a different approach to the scope of the Fourth Amendment. Under Carpenter, the test is not “reasonable expectation of privacy” as such, but instead “reasonable expectation of privacy from the Government.” The touchstone is not protecting “what [one] seeks to preserve as private,” Katz, 389 U.S. at 351, but instead “‘plac[ing] obstacles in the way of a too permeating police surveillance.’” Carpenter at *6 (quoting United States v. Di Re, 332 U.S. 581, 595 (1948) Notably, Congress had already drawn a similar line in the SCA, 18 U.S.C. §§ 2701 et seq., which was part of the Electronic Communications Privacy Act of 1986 responding to the Smith decision.  Section 2702(c)(6) expressly authorizes cell phone and other electronic communication service providers to disclose non-content business records such as CSLI “to any person other than a governmental entity,” who alone must obtain court authorization under Section 2703. 18 U.S.C. § 2702(c)(6).  Curiously, when examining the expected privacy of CSLI records, the Carpenter Court did not address Section 2702(c)(6).).

Another key feature of Carpenter is how the court grapples with the technological and social changes of modern society. As observed in Justice Kennedy’s dissenting opinion, “[cell phone service] providers contract with their customers to collect and keep these [CSLI] records because they are valuable to the providers . . . [who] aggregate the records and sell them to third parties along with other information gleaned from cell phone usage.” Id. at *5 (Kennedy, J., dissenting). Likewise, customers routinely agree to share with private companies their GPS location data, web browsing habits, social networking communications, and all manner of sensitive personal data when using online services and connected devices. In such a world where personal information has become a proliferating commodity that is widely shared and utilized in the digital economy, the classic “reasonable expectation of privacy” test requiring actual privacy would, in the end, chip away at the Fourth Amendment as a bulwark against unfettered police surveillance. In this context, the Carpenter decision makes sense and may represent the future of the Fourth Amendment.

The distinction between direct and derivative claims follows necessarily from the concept of a legal person being separate and distinct from its owners, raises and resolves a question of standing, has serious practical consequences in litigation, and is central to the governance of any business entity. In a closely held business, the distinction usually protects the deal the owners have made for themselves. On some occasions, however, the distinction helps shelter a miscreant majority owner who has managed to harm a fellow owner indirectly.

This column will briefly describe the three approaches to the direct-derivative distinction found in the case law, explain why the “direct harm” approach is logically and doctrinally correct, and outline the distinction’s practical consequences. With that information as background, the column will address the issue reflected in the column’s caption—that is, how can a party to a contract lack standing to sue another party for breach?

Courts have considered three different approaches to the direct-derivative distinction: (i) direct harm, (ii) special injury, and (iii) to whom the duty is owed. The last-named approach, which by far has the fewest judicial adherents, makes the distinction by looking at the duty alleged to have been breached and asks, “to whom is that duty owed?” The approach makes no sense either practically or conceptually. As a practical matter, courts frequently refer (imprecisely) to a duty owed to both the entity (e.g., an LLC) and its owners (e.g., members). As to concept, standing is everywhere else an issue of injury rather than duty.

The second-listed approach deems any claim derivative unless the owner asserting the claim can prove a type of injury different than the type of injury suffered by other owners. It is true that an injury suffered by an entity indirectly causes the same type of injury to all the entity’s owners. However, the converse is not necessarily true—that is, suppose this statement is true: if P then Q. The converse, if Q then P, might happen to be true but is not necessarily so. (Logic geeks will recognize “the fallacy of affirming the consequent.”)

Think, for example, of the famous Revlon duty to use appropriate efforts to maximize shareholder benefits when a publicly traded corporation is destined to be sold. Revlon, Inc. v. MacAndrews & Forbes Holdings, Inc., 506, A.2d 173 (Del. 1986). The special injury rule would deem a shareholder’s Revlon claim to be derivative, which makes no sense.

The direct injury approach is both simple and conceptually sound. Has an owner been harmed directly or merely as a result of an injury suffered by the entity? As ULLCA (2103) § 801(b) provides, a claim is derivative unless the member asserting the claim can “plead and prove an actual or threatened injury that is not solely the result of an injury suffered or threatened to be suffered by the limited liability company.” See also Tooley v. Donaldson, Lufkin & Jenrette, Inc., 845 A.2d 1031 (Del. 2004) (abandoning the special-injury approach in favor of the direct-harm analysis).

Whether a claim is direct or derivative has substantial, often dispositive, consequences. First, in almost all jurisdictions, a derivative plaintiff must either: (i) before bringing suit, address the entity’s top-level managers (e.g., a corporate board, the managers of a manager-managed limited liability company) and demand that they address the alleged problem, or (ii) plead (typically with particularity) that demand would be futile. In some jurisdictions, a plaintiff who makes a demand creates almost insurmountable obstacles to bringing a derivative claim if (typically when) the managers reject the demand.

Second, even when demand is excused as futile, a derivative claim may be subject to a “special litigation committee” (SLC) appointed by the top-level managers with the power to investigate and decide whether the entity’s best interests will be served by the claim going forward under the control of the derivative plaintiff, being dismissed, or continuing under the control of the SLC. As a matter of fact, almost all SLCs decide in favor of dismissal (sometimes conditioned on changes in the entity’s policies or practices) and so recommend to the court. If the would-be derivative plaintiff contests the SLC’s recommendations, in most instances the court will adopt the recommendation. No such ADR technique exists for direct claims.

Third, with a direct claim, any recovery comes directly to the plaintiff-owner(s). With a derivative claim, the recovery goes to the entity, with no guarantee that the entity will distribute any of the recovery to the entity’s owners. Wilderman v. Wilderman, 315 A.2d 610, 612 (Del. Ch. 1974), is a classic example. The case involved a corporation in which, as the result of a divorce court’s error in judgment, an ex-husband was the majority shareholder and the ex-wife was the minority shareholder. The ex-wife believed the corporation was paying excess compensation to the ex-husband. She sued derivatively to recover the excessive compensation and directly to have the corporation distribute any recovery to the shareholders. The ex-wife won on the derivative claim but lost on the direct. The court was unwilling to interfere with the discretion of the board of directors regarding dividends, even though the board consisted solely of the ex-husband and one of his hunting buddies.

Against this backdrop, we come now to this question: how can a person (e.g., a member of a limited liability company) be a party to a contract (e.g., the company’s operating agreement) and yet lack standing to sue another party (e.g. a fellow member) for breach of the agreement? Such is the situation. As the Delaware Supreme Court has opined (for example), Delaware law:

does not support the proposition that any claim sounding in contract is direct by default, irrespective of [the direct harm analysis]. Nor does [Delaware law hold that a person’s] status as a limited partner and party to the LPA [limited partnership agreement] enable him to litigate directly every claim arising from the LPA. Such a rule would essentially abrogate [the direct harm analysis] with respect to alternative entities merely because they are creatures of contract.

El Paso Pipeline GP Co., L.L.C. v. Brinckerhoff, 152 A.3d 1248, 1259–60 (Del. 2016) (footnotes omitted).

Similarly, the official comment to ULLCA § 801(b) states that, “[a]lthough in ordinary contractual situations it is axiomatic that each party to a contract has standing to sue for breach of that contract,” the situation is different with an operating agreement.:

A member does not have a direct claim against a manager or another member merely because the manager or other member has breached the operating agreement. . . . To have standing in his, her, or its own right, a member plaintiff must be able to show a harm that occurs independently of the harm caused or threatened to be caused to the limited liability company.

The comment provides several examples, of which the following is a composite:

The manager of a manager-managed LLC engages in grossly negligent conduct, in violation of ULLCA § 409(c) (duty of care) and in breach of an express provision of the operating agreement. As a result, the LLC’s net assets shrink by fifty percent. In turn, and as an indirect result, the value of the membership interest of Member A (who perforce is a party to the operating agreement) shrinks by $3,000,000. Member A has no standing to bring a direct claim—neither on the statute nor on the agreement. Member A’s damages are merely derivative of the damage first suffered by the LLC.

Thus, to paraphrase James Carville’s famous statement about the economy being a key political issue, it’s all about standing.

Our next column will discuss another remedy-related question: What is a charging order and why should a business lawyer care?

Private target M&A agreements often provide for one or more post-closing purchase-price adjustment mechanisms, which may have a material effect on the value of the transaction to a buyer and seller. Indeed, 86 percent of the sampled transactions used in the ABA’s own Private Target Deal Points Study (transactions from 2016 and H1 2017) incorporate post-closing purchase-price adjustments. The most common purchase-price adjustment mechanism is to adjust the purchase price for the target company’s working capital at closing, which we address in this article.

Stepping back to establish a basis for more in-depth discussion, a company’s working capital consists of its current assets, such as accounts receivable and inventory, minus its current liabilities, such as accounts payable. The composition and the amount of working capital is subject to near-continuous change during the course of a company’s operating cycle, and its measurement generally involves many accounting methodology determinations, estimations, and judgments.

In a nutshell, working capital adjustment mechanisms in an M&A transaction work as follows. After the transaction closes, the parties painstakingly determine the amount of working capital, however defined by the parties, that was transferred with the business at the closing. That final working capital amount is then compared to the target working capital agreed to be delivered by the seller to the buyer with the target company. The contractual amount of target working capital is customarily based on the target company’s (normalized) historical working capital needs or reflective of anticipated future needs, but is ultimately a negotiated amount and can be determined however the parties mutually agree for the transaction at hand. Ultimately, the purchase price is adjusted upward or downward to reflect the surplus or shortage of actual working capital at closing relative to the target working capital, and a corresponding true-up payment is made between the parties (net of any preliminary working capital adjustments made at closing).

Defining Working Capital; Establishing the Target Working Capital

Not surprisingly, working capital provisions are often heavily negotiated, beginning with the contractual definition of working capital, closely followed by the determination of the amount of target working capital. Possibly the most significant negotiation point between a buyer and seller is the methodology that is to be used by the parties to measure the amount of working capital at the closing. The parties commonly agree to rely on (i) generally accepted accounting principles (GAAP), (ii) the target company’s historical accounting practices, or (iii) a combination of the foregoing.

When negotiating the measurement of working capital, sellers favor the target company’s historical accounting practices, and buyers prefer to prioritize GAAP. The parties’ respective preferences correspond with their disparate desires to avoid unfavorable post-closing surprises. A seller wants to ensure that the comparison between target working capital and closing working capital is made on an “apples-to-apples” basis in reliance on the target company’s historical accounting practices. A buyer, on the other hand, wants to be able to rely on GAAP to safeguard against non-GAAP errors in the target company’s historical accounting practices, which could otherwise result in overstated working capital. Compare the following examples:

• Example of Seller Preferred Language: “Closing working capital shall be determined in accordance with the target company’s historical accounting practices, including any exclusions or deviations from GAAP incorporated therein, ….”
• Example of Buyer Preferred Language: “Closing working capital shall be determined in accordance with GAAP applied on a basis consistent with the target company’s historical accounting practices. If there is a conflict between GAAP and the target company’s historical accounting practices, GAAP shall prevail….”

In the remainder of this article, we discuss a more customized mechanism for selected working capital accounts in order to minimize undesirable adjustment surprises and post-closing disputes. We specifically highlight revenue recognition issues and the allowance for doubtful accounts, which are commonly disputed and may be ripe for customized solutions. For both items, we provide more seller-friendly and more buyer-friendly approaches, each of which potentially adds to comparability and mitigates uncertainty that can be associated with ambiguous documentation of accounting practices and the existence of multiple GAAP-compliant accounting outcomes. Notably, these discussed approaches in some circumstances may be analogously customized to apply to other potentially problematic elements of working capital. Of course, in discussing a more customized mechanism for selected working capital accounts, we assume that the parties are willing—and the deal circumstances reasonably permit the opportunity—to consider and negotiate the working capital adjustment mechanism on a more granular, tailored basis.

Repeated Errors—Revenue Recognition

Although revenue is reflected on a company’s income statement, the application of accrual accounting and the associated matching of sales to the appropriate accounting period is realized by using balance sheet accounts. For example, a cash receipt for services that have not yet been performed can be booked as a deferred revenue liability on the balance sheet until the service is performed. The balance sheet then also appropriately reflects the company’s obligation to perform the service.

As a result, perhaps counterintuitively, flaws in revenue recognition accounting (i.e., errors in determining what revenue should be included on the current period income statement as opposed to being deferred to a later period) can result in balance sheet errors. These errors may in turn impact the amount of working capital at the closing. In practice, a company may have relied on its original revenue recognition approach through years of growth, overhauls of its products and services mix, and other changes in facts and circumstances, such as technical developments. Combined with complex and changing GAAP guidance, revenue recognition mistakes can result, and the impact of correcting revenue recognition errors may be significant.

A seller’s and buyer’s respective views of revenue recognition flaws, of course, diverge. A buyer desires to avoid owing post-closing performance obligations that it perceives as uncompensated due to past errors in revenue recognition. Accordingly, buyers generally prefer contractually mandated GAAP compliance for purposes of revenue recognition accounting when determining closing working capital. A seller, however, perceives a significant risk of a distinction without a difference that drives a wedge between the target working capital and the closing working capital in the event of GAAP-driven adjustments, i.e. from a seller’s perspective, two wrongs can make a right. Although that seller’s perspective may be directionally true in certain instances, the net effect is uncertain at best, and absent specific circumstances, two wrongs are unlikely to cancel each other.

A possible customized solution would be to provide for true parallel adjustments between the target working capital and closing working capital if revenue recognition errors are discovered. For example, a business that sells annual service contracts may have recognized quarterly revenue in violation of GAAP by accruing revenue for each contract entered into during a quarter from the start of that quarter, effectively recognizing revenue early across its service contracts. As a result of this error, the target company may understate the deferred revenue as of the closing date. Utilizing a parallel adjustment methodology after the transaction closes, the deferred revenue liability included in closing working capital and also included in the target working capital would be recalculated by prorating revenues from service contracts in accordance with GAAP. This approach would prevent both the “apples-to-oranges” comparison dreaded by sellers and the existence of an understated deferred revenue obligation in violation of GAAP, to a buyer’s dismay. Importantly, the parallel adjustment could still result in a purchase price adjustment as a result of changes in the ordinary course of business.

Customized contractual language to implement an agreed upon parallel adjustment approach for revenue recognition can vary, either being more seller or buyer friendly:

• Example—Seller Friendly: “If the target company’s revenue recognition accounting principles are not in accordance with GAAP, those accounting principles shall be modified to comply with GAAP for purposes of calculating both the closing working capital and also the target working capital in a manner that results in the smallest absolute difference between the outcomes of two calculations: (i) the so-adjusted closing working capital minus the so-adjusted target working capital and (ii) the unadjusted closing working capital minus the unadjusted target working capital.”
• Example—Buyer Friendly: “If the application of the company’s revenue recognition accounting principles as of the closing date would result in the recognition of revenue prior to the closing for which not all of the GAAP recognition criteria were met at that time, the buyer may adjust those accounting principles to be in compliance with GAAP and may determine the closing working capital using the adjusted accounting principles; provided, however, that if the buyer elects to make such adjustments to the accounting principles for purposes of determining the closing working capital, it shall also adjust the target working capital calculation using the same adjusted accounting principles to the extent necessary to bring revenue recognition into compliance with GAAP as of the date on which target working capital is determined.”

Both illustrative provisions implement a parallel adjustment methodology, but with potentially significant differences in outcome. The seller-friendly approach minimizes the impact of any GAAP required adjustments to the purchase price adjustment, and the GAAP adjustment could even be in seller’s favor. The buyer-friendly approach is permissive in the discretion of the buyer and allows the buyer to select the GAAP compliant approach to be used in the event of accounting errors (from among the acceptable GAAP compliant accounting treatments, which may vary significantly in outcome), meaning that the seller is highly unlikely to benefit from past revenue recognition errors.

Of course, when implementing parallel adjustments for one or more components of working capital, counsel should carefully consider whether parallel adjustment is practicable for the account at issue. The implementation of a parallel adjustment mechanism assumes that an underlying, granular calculation of the target working capital exists. That may not be the case if it is a negotiated amount or is based on, for example, averages. In addition, a parallel adjustment mechanism is not particularly suitable for accounts that are estimates as of the balance sheet date based on the facts and circumstances at the time, such as the allowance for doubtful accounts, which we discuss next.

Estimations and Judgments—Accounts Receivable and the Allowance for Doubtful Accounts

Companies that sell products or services on credit record an allowance for doubtful accounts for the potentially uncollectable portion of their outstanding accounts receivable as of a balance sheet date. Deriving the appropriate amount for the allowance for doubtful accounts in accordance with GAAP requires estimations and judgments as to collectability. Reasonable minds may differ, and post-closing a buyer’s and seller’s respective estimations and judgments may well diverge, easily escalating into formal disputes.

Buyers don’t want to pay dollar-for-dollar for uncollectable accounts receivable balances. Accordingly, a buyer will likely be reluctant to rely solely on the target company’s historical accounting practices because (i) a seller is incentivized to be unrealistic about the collectability of its accounts receivable in general (resulting in a lower allowance for doubtful accounts and a higher working capital balance in favor of the seller), and (ii) a seller is incentivized to use less stringent credit standards during the period prior to the closing date (also resulting in a higher working capital balance). Further, a target company’s historical estimation and judgment practices may be vague and poorly documented. Accordingly, buyers prefer to rely on the GAAP safeguard for accounts receivable and the corresponding allowance for doubtful accounts.

All else being equal, however, a seller will be concerned that its estimations and judgments may be supplanted after the fact by a buyer’s estimations and judgments based on the buyer’s perceived GAAP noncompliance of the target company’s preclosing accounting practices. Even if facts and circumstances have changed as of the closing date in a manner that requires a change in accounting relative to the target company’s historical estimations, a seller will not want open-ended exposure to a buyer’s potentially very conservative allowance estimate (GAAP allows a range of possible outcomes). A seller will be concerned about comparing apples to oranges at its expense.

A possible customized solution is to retreat from the judgments and estimations involved when applying either GAAP or the target company’s historical accounting practices in favor of a contractually agreed-upon mechanical calculation. For example, the parties may include a provision (and example calculation) that mandates the quantification of the allowance for doubtful accounts based on increasing percentages across accounts receivable aging brackets.

• Example: “The allowance for doubtful accounts shall be calculated as the sum of (i) 25 percent multiplied by the part of the gross accounts receivable balance that is older than 30 days but not older than 60 days, (ii) 50 percent multiplied by the part of the gross accounts receivable balance that is older than 60 days but not older than 90 days, (iii) 75 percent multiplied by the part of the gross accounts receivable balance that is older than 90 days but not older than 120 days, and (iv) 100 percent multiplied by the part of the gross accounts receivable balance that is older than 120 days.”

Of course, a broad range of potential customizations and negotiation points exists when electing this solution. For example, the parties likely will negotiate the allowance percentages for each aging bracket as well as the aging brackets themselves. The parties may also want to customize the provision by including, for example, a cap on the allowance for doubtful accounts and by specifying how write-offs factor into the calculation.

An analogous approach—utilizing an agreed-upon mechanical calculation—may also be negotiated for other accounts that exhibit similar point-in-time estimation issues, such as the inventory allowance. The inventory allowance is used to record the estimated portion of the cost of inventory that exceeds the net realizable value or market value of the inventory reflected on the balance sheet of the target company.

A myriad of other solutions occurs in practice. For example, the allowance for doubtful accounts amount may be frozen (without increase or decrease, or one direction only) for purposes of calculating closing working capital at the amount included in the latest balance sheet that is included in the target company’s financial statement representations and warranties, except for adjustments for actual collections and write-offs following the date of the latest balance sheet. This approach provides rough justice to both a buyer and a seller by not accounting for the passage of time and changes in collectability of accounts receivable from the date of the latest balance sheet to the closing date, but is easily applied and assumes that the allowance for doubtful accounts and accounts receivable remain relatively stable over time. Assuming that post-closing events are an acceptable basis for consideration, the parties also may agree that, utilizing actual post-closing experience, the buyer would receive a repayment from the seller for any accounts receivable that remain outstanding after, for example, the 120th day following the closing date (assuming that the parties can agree on the collection efforts required by the buyer during the post-closing period), and the seller then may be entitled to seek to collect such stale accounts receivable for the seller’s benefit (assuming that the buyer does not mind the seller pursuing collection from the buyer’s continuing customers).

Notably, questions regarding the impact of post-closing events on the determination of the closing working capital—as provided for explicitly in the example in the preceding paragraph—exist more broadly for accounting estimates that are not replaced by another arrangement. This issue of determining the extent to which post-closing events may be considered when performing accounting estimates is an issue with which the parties commonly grapple. For example, should post-closing, actual collection information impact the allowance for doubtful accounts as of the closing date in the absence of a specific provision? If so, through which date should those collections be considered?

GAAP includes guidance on the consideration of subsequent events for purposes of preparing financial statements and distinguishes between types of events. That guidance, however, is tied to the date the financial statements are available to be issued (for non-SEC filers). Assuming the parties are willing to rely on GAAP for purposes of its subsequent event guidance, they could contractually agree to an equivalent date to mitigate post-closing disagreements.

Additional Mitigation Options and Overriding Provisions

In addition to the above approaches, there are a variety of other options to deal with potentially problematic working capital accounts. The parties may afford special treatment to specific items, either excluding particularly problematic items from the transaction economics altogether or excluding items from working capital and relying on other provisions, such as representations and warranties and indemnification rights for breaches thereof, or covenants among the parties (e.g., the tax and indemnification provisions addressing the allocation of pre- and post-closing taxes between the buyer and the seller, rather than addressing taxes in part via the working capital adjustment).

In doing so, the parties should of course be mindful of contractual gaps and overlap, differences between provisions, and potential unintended consequences, avoiding the over- or under-inclusion of the effects of working capital accounts in the determination of the purchase price and components thereof, and in the determination of indemnified losses. Importantly, any departures from the overall working capital adjustment mechanism for specific working capital accounts also should be considered when negotiating the target working capital.

In addition to addressing specific accounts, the parties may also use overriding provisions to mitigate potential working capital issues, including the following:

• The parties may define global working capital terms such as GAAP, which is not static and may change between the date on which target working capital is determined and the closing date, to be as of a specific date so that the same GAAP applies to the determination of target working capital and closing working capital.
• The parties may establish a post-closing true-up process in the purchase agreement that can be objectively applied and that cannot be unduly sabotaged or delayed by one of the parties through, for example, one party’s refusal to agree to and retain a neutral accountant or meet a specified milestone date (e.g., the date on which a buyer is required to deliver its post-closing working capital analysis). This issue could arise if the purchase agreement simply leaves it to the parties to mutually agree (without an objective process for doing so) to a neutral accountant if and when actually needed during the post-closing working capital true-up process, often at a time when the relationship has soured. In addition, in respect of the failure of a party to meet an agreed milestone, this issue could arise if the parties remain silent as to the effect of such a breach of contract (which is commonly the case for a buyer’s failure to timely transmit its proposed final closing working capital statement following the closing), the amount of contractual damages potentially being difficult to determine, and the cost of enforcement being potentially prohibitive.
• The parties may agree to a contractual cap on the post-closing adjustment or utilize a working capital range to only adjust the purchase price for working capital if closing working capital exceeds or falls below target working capital by a specified percentage.

We have highlighted some commonly encountered, often complex problems with working capital true-ups and possible strategies that parties to a purchase agreement may consider to mitigate potential post-closing working capital disputes. In evaluating the options that may be implemented, if any, the parties should of course consider the facts and circumstances of the transaction at issue. In some instances, the working capital and related exposure can be a large component of purchase price, and the additional effort and expense associated with negotiating and incorporating customized solutions in the purchase agreement via the coordinated efforts of the parties and their respective accountants and legal counsel may well be worth it.

The views expressed herein are the authors’ own and are not attributable to their firms, those firms’ members/partners, or their clients. We utilize sample agreement language in this article to highlight some of the issues. Such agreement language is, of course, necessarily abbreviated, incomplete, lacking in defined terms, and for illustrative purposes only.

Board diversity, long a step-child of corporate governance, has assumed growing prominence. According to the EY Center for Board Matters’ 2018 Proxy Season Review of 60 institutional investors managing $32 trillion in assets, 82 percent of respondents indicated that board composition should be a top priority for 2018, with 67 percent noting that they seek diverse director characteristics and backgrounds.

The business case for corporate diversity in general is well documented. Cited most frequently is McKinsey’s study, Diversity Matters, which found a statistically significant correlation between diversity and financial performance. Specifically, companies in the top quartile for gender and racial/ethnic diversity were 15 percent and 35 percent, respectively, more likely to have financial returns above their national industry median. Although McKinsey’s study applied to corporate as opposed to board leadership, the findings are nevertheless incontrovertible. Diversity enhances the decision-making process and the financial bottom line.

With respect to board diversity, MSCI Inc’s 2016 Women on Board’s Report found that U.S. companies that began the five-year period from 2011–2016 with at least three women on its board (deemed the “tipping point” needed for female directors to exert influence on a board) experienced a 10-percent increase in ROE and a 37-percent gain in EPS. In contrast, those without female directors experienced a -1 and -8 percent decline respectively.

Over the past year, momentum in this space has gained traction as a result of three driving forces: (1) asset managers pushing for change, (2) institutional investors calling for accountability and transparency, particularly by pension funds, and (3) regulation mandates.

Asset Managers Take a Stand

Given diversity’s potential impact on financial performance, the issue of board diversity is now viewed through the lens of investment stewardship by asset managers. The asset management industry has recently become a catalyst for change when it comes to board composition, with Blackrock, Vanguard, and State Street leading the way for greater board gender diversity.

BlackRock, the world’s largest asset manager with $6.3 trillion of assets under management, has received the most prominent coverage, generated in large part by its Annual Letter to CEOs. With respect to boards, BlackRock’s CEO Larry Fink announced that Blackrock will continue to emphasize diverse boards, stating that they are “less likely to succumb to groupthink or miss threats to a company’s business model.” Consistent with the letter, BlackRock’s Proxy Guidelines for 2018 stipulate that it “expects to see at least two women directors on every board.”

Unlike BlackRock, Vanguard, with more than $5 billion in assets under management, did not assign a metric, but nevertheless advocated for gender board diversity, noting in its Open Letter to Directors of Public Companies Worldwide that its position on board diversity is “an economic imperative, not an ideological choice.”

Finally, as a result of State Street’s stewardship on board gender diversity, 152 companies added a woman director to their board, and 34 companies agreed to do so in the future. As encouraging as that may be, it regrettably leaves over 600 more companies remaining on State Street’s original list of publicly traded companies with all-male boards. Equally compelling, State Street voted against 511 companies that failed to address the gender diversity issue.

Pension Funds Call for Accountability and Transparency

The second emerging trend is the increasing role of pension funds in driving board diversity. For example, California’s Public Employees Retirement System (CALPERS) now requests that companies disclose their diversity policy. Similarly, the Massachusetts Pension Reserves Investment Management Board’s 2018 proxy guidelines recommend voting against or withholding votes for all board nominees if less than 30 percent of the board is diverse.

New York’s pension funds on the state as well as municipal level have been particularly aggressive in placing public companies on notice that they are not only holding them to a high level of scrutiny, but also holding them accountable for board diversification. In March, the New York State Common Retirement Fund, with $192 billion in assets held in trust and the third largest pension in the country, announced that it would vote against electing all of the directors standing for re-election at the more than 400 companies without women board members in which it holds shares. Moreover, for the more than 700 companies in which the fund holds shares where there is only one female director, the Fund announced that it would vote against the members of the governance committee standing for re-election. In making the announcement, New York State Comptroller Thomas DiNapoli said, “We’re putting all-male boardrooms on notice—diversify your boards to improve your performance.”

Similarly, last year the New York City Comptroller and New York City’s pension funds launched the Boardroom Accountability Project, Version 2.0. In launching the program, New York City Comptroller Scott M. Stringer said, “. . . we’re doubling down and demanding companies embrace accountability and transparency.” Designed to enhance public disclosure reporting, the Comptroller asked 151 companies to disclose the race, gender, and skills of their board members as well as their board refreshment process.

Mandate by Regulation

Further escalating the dialogue on board diversity is state legislation. Although there are a number of states that encourage or urge companies to enhance board diversity, including the Commonwealth of Pennsylvania through Senate Resolution 255 which seeks a gender minimum of 30 percent by 2020, California is the first state to contemplate mandating board diversity. In January 2018, Senate Bill 826 was introduced in California. If the bill is passed as currently drafted, by the end of 2019, all companies with principal executive offices in California must have a minimum of one female director on its board of directors. As a tiered system, by the end of 2021 the minimum would increase to two female directors if the company has a total of five authorized directors, or to three female directors if the company has six or more authorized directors. Under the bill, each director seat not held by a female during a portion of the year counts as a violation. The penalties, as currently structured, are pegged to the board’s compensation schedule with the fine for the first violation equivalent to the average cash compensation for the directors of the company and the second and subsequent violations equivalent to three times the average annual cash compensation for directors.

Notwithstanding these trends, however, the regulatory environment has the capacity to dictate the velocity of momentum in this area, as we have seen with the recent passage of legislation by the House Financial Services Committee. Under H.R. 5756, the voting thresholds for the resubmission of shareholder proposals were raised significantly. In order for a shareholder proposal to be resubmitted, at least six percent of shareholders must have voted in favor of the proposal the previous year, compared to three percent as currently required by the SEC. Similarly, the threshold is raised to 15 percent for the next resubmission and finally 30 percent for a subsequent resubmission, compared to six and 10 percent, respectively, under the current regulatory regime. By raising the thresholds for shareholder support, the potential impact of this legislation on investor activism and board diversity cannot be underestimated.

Supplementing these trends is the emergence of collective advocacy through organizations such as 2020 Women on Boards, 30% Club, Paradigm for Parity, Women in the Boardroom, and others, all of which aim to combat the gender imbalance in corporate and board leadership. They offer resources and guidelines for increasing the number of women on corporate boards over the next few years, which dovetail well with the above-described initiatives.

The dialogue on board diversity continues to be raised nationally and internationally and shows no signs of abatement. According to the Wall Street Journal, ISS Analytics recently released analysis indicate that in the first five months of 2018, women accounted for 248, or 31 percent, of new board directors at the 3,000 largest publicly traded companies—the highest percentage in 10 years. On the horizon, Glass Lewis, a leading proxy service provider, indicated in its 2018 Proxy Policy Guidelines that beginning in 2019 it will generally recommend voting against the nominating chair of boards without female directors as well as potentially other nominating committee members. Although previously shunned, board diversity can no longer be ignored. The failure to diversify boards is more than an issue of optics. Rather, it is a reflection of an organization’s corporate culture and to the extent that it has the potential to negatively impact shareholder value, it is a governance issue and, as Vanguard so aptly observed, an economic imperative.

Since President Trump took office in January 2017, a number of mergers and acquisitions have been challenged, blocked, or abandoned on antitrust grounds in a diverse array of industries, including health insurance, television and media, petroleum storage, and daily fantasy sports, among others. Some of these were large multi-billion dollar transactions, while others were much smaller, under $100 million in size. These antitrust challenges have taken place against the backdrop of an increase in global M&A activity.

This article discusses notable recent developments in antitrust M&A review and practical takeaways for companies looking to do deals.

New Leadership at the Federal Antitrust Agencies

After a lengthy hiatus, there is new leadership in place at both federal antitrust agencies, the Antitrust Division of the U.S. Department of Justice (Antitrust Division or DOJ) and the Federal Trade Commission (FTC).

The Antitrust Division is headed by one Assistant Attorney General (AAG), nominated by the President and confirmed by the U.S. Senate. He or she is the ultimate decision-maker on all antitrust matters, including mergers, that come before the Antitrust Division. The FTC is headed by five Commissioners, also nominated by the President and confirmed by the Senate, who serve staggered 7-year terms, with one Commissioner acting as Chair.  No more than three Commissioners can be of the same political party. Enforcement actions of the FTC require a majority vote. 

While history suggests that a Republican-led Antitrust Division and FTC tend to be somewhat more restrained in antitrust merger enforcement than Democratic-led antitrust agencies, any such expectations (or hopes) that the business community may have had for the Trump Administration have not come to pass. Both the Antitrust Division and the FTC continue to be very active in investigating and challenging M&A transactions on competition grounds. This is not entirely surprising: an aggressive approach to antitrust merger enforcement, which has a primary goal of protecting consumers, is consistent with President Trump’s populist message. Also, the staff attorneys and economists at the agencies who handle the day-to-day investigative work are not political appointees and typically do not move with administrations, providing some degree of continuity.

The main takeaway is that companies doing deals should not expect a free pass from the antitrust agencies under the current administration. Transactions that raise competitive issues will still be carefully reviewed.  Companies and their advisors should continue to build this into their timelines and assessments of completion risk. 

In fact, antitrust authorities may be getting even tougher in some areas of merger enforcement, as discussed below.

Greater Antitrust Risk for Vertical Mergers?

A vertical merger is a combination of businesses operating within the same industry but at different levels of the supply chain, such as a manufacturer of widgets acquiring a distributor of widgets. Unlike a horizontal merger, which directly reduces competition by eliminating a competitor in a particular market, a vertical merger does not combine competitors and can generate valuable cost savings, so its likely impact on competition is more ambiguous and harder to predict. Nevertheless, vertical mergers have attracted greater antitrust scrutiny in recent years, including during the Obama Administration, e.g., Comcast/NBC Universal, Ticketmaster/Live Nation, Google/ITA Software, and General Electric/Avio.

A major change in antitrust policy under the Trump Administration has been a shift in the attitude of the antitrust agencies, especially the Antitrust Division, towards remedies for vertical transactions that raise competitive concerns. Previously, the long-standing policy of the Antitrust Division and the FTC was to resolve concerns in vertical deals with “behavioral” (aka conduct) remedies, which prescribe certain aspects of the merged firm’s post-consummation business conduct. Common behavioral remedies used in numerous vertical transactions included information firewalls, non-discrimination commitments, mandatory licensing, and anti-retaliation provisions. Such remedies were usually not viewed by transaction parties as particularly onerous, hence vertical mergers rarely failed due to antitrust concerns.

However, beginning with a speech on November 16, 2017, and on several occasions thereafter, Makan Delrahim, President Trump’s nominee to head the Antitrust Division who was confirmed last September, has expressed significant skepticism of behavioral remedies for vertical deals, since they often require government oversight for an extended period of time and are difficult to police. Instead, AAG Delrahim has stated a strong preference for structural relief, such as asset divestitures, which historically has been used mostly in horizontal mergers of competitors, and which is much “cleaner” and easier to enforce. 

This shift in approach stems, at least in part, from AAG Delrahim’s view that “antitrust is law enforcement, it’s not regulation,” a statement that has been echoed in recent months by other senior Antitrust Division officials and is consistent with the Trump Administration’s broader goal of reducing regulation. As Delrahim noted in his November 16 remarks: “[A]t times antitrust enforcers have experimented with allowing illegal mergers to proceed subject to certain behavioral commitments. That approach is fundamentally regulatory, imposing ongoing government oversight on what should preferably be a free market.” 

Structural remedies, by contrast, typically do not involve long-term government entanglement in the market at issue. Since Delrahim articulated the Antitrust Division’s current position regarding remedies for vertical mergers, certain FTC officials have made similar remarks, although it is still unclear if all or even a majority of the new Commissioners share Delrahim’s views on this issue.

This policy shift means that companies must now consider the risk of being forced to divest assets as a condition to obtaining antitrust approval for vertical mergers that raise competitive concerns.  Interestingly, the agencies’ resolve on this issue may be tested following DOJ’s recent unsuccessful challenge to AT&T Inc.’s acquisition of Time Warner Inc.

The AT&T/Time Warner Decision

On November 20, 2017, just four days after AAG Delrahim’s first public remarks about remedies in vertical mergers, DOJ sued to block AT&T’s $85 billion acquisition of Time Warner, easily the most high-profile merger challenge since Trump took office. Importantly, this was not a merger of competitors, rather it was a vertical merger of a content creator, Time Warner, which owns a collection of television and film content, and a content distributor, AT&T, which owns satellite pay-TV provider DirecTV. The lawsuit came as a surprise to many and fueled speculation that it was politically motivated, given President Trump’s prior public criticisms of the transaction and his well-known animosity towards CNN, which is owned by Time Warner.

DOJ’s main concern was that the combination would enable AT&T to use its ownership of Time Warner’s “must-have” popular content to increase its bargaining leverage and extract higher fees from traditional video programming distributors such as cable and satellite TV companies, which would be passed on to consumers through higher prices. DOJ also alleged that the proposed combination would slow innovation by giving the merged firm the incentive and ability to impede the growth of online video distribution services, and would allow the parties to restrict competitors’ use of Time Warner’s HBO network as a promotional tool. Reflecting its recent shift in policy towards remedies in vertical mergers, DOJ insisted on a structural remedy that would have required AT&T to divest its entire DirecTV business or Time Warner’s Turner Broadcasting business. AT&T refused, culminating in litigation. 

On June 12, 2018, after a six-week trial, U.S. District Court Judge Richard Leon ruled in favor of the companies. In his 172-page opinion, Judge Leon provided a very fact-specific analysis of how the government failed to meet its burden to show that the combination was likely to substantially lessen competition in violation of Section 7 of the Clayton Act. In so doing, he ruled that DOJ’s evidence fell far short of adequately supporting any of its theories of competitive harm. Judge Leon found that the government’s case depended on a flawed economic model that raised too many questions about the potential price increase to consumers, noting that it lacked “both reliability and factual credibility,” and accepting instead the defendants’ economist’s attacks on the model’s input data and assumptions. Neither was the court persuaded by internal company documents and regulatory filings submitted by DOJ as evidence, nor the testimony of competitor witnesses. Though he accepted DOJ’s contention that Time Warner’s content is valuable and does provide some bargaining leverage, Judge Leon explained that this is already true today, and the government had failed to show how the merger would materially alter the current landscape.

By contrast, the opinion referenced multiple times the changing nature of the industry and the rise in competing internet-based video distribution services, including “virtual” programming distributors such as DISH’s Sling TV, Sony’s Playstation Vue, Google’s YouTube TV, and AT&T’s DirecTV Now, as well as subscription video on demand services such as Netflix, Hulu, and Amazon Prime. Judge Leon also noted a shift from reliance on television advertising to targeted digital advertising and seemed to accept defendants’ position that the combined company would be able to better compete against large technology companies with powerful digital advertising platforms such as Facebook and Google.

Two days after Judge Leon’s decision, AT&T and Time Warner closed their deal, with DOJ announcing that it would not to seek a stay of Judge Leon’s ruling. DOJ agreed to this only after receipt of a letter from AT&T outlining separations that the parties would put in place between Time Warner’s Turner Broadcasting unit and AT&T’s communications business until the earlier of February 2019 or the conclusion of any appeal. On July 12, DOJ announced that it would appeal the district court’s decision.

While the outcome at trial was a blow to the government, Judge Leon’s decision turned on specific facts and evidence and certainly should not be seen as removing all antitrust barriers to vertical mergers. However, it does highlight the difficulties with successfully challenging a vertical merger on competition grounds and will likely give transacting parties more confidence to pursue large vertical tie-ups. It is no coincidence that the day after the AT&T/Time Warner decision, Comcast Corp. made a $65 billion cash offer for 21st Century Fox’s entertainment assets.

Despite the widespread media attention lavished on the AT&T/Time Warner case, companies should also keep in mind that competitors wishing to merge in horizontal combinations will find little or no solace in Judge Leon’s decision. Both federal antitrust agencies have an excellent track record in recent years of successfully challenging problematic horizontal mergers.

More Post-Closing Merger Challenges

Since President Trump’s inauguration, there has been a flurry of antitrust challenges to consummated M&A deals, even more than the annual average under the Obama Administration. These challenges serve as a stark reminder that, first, antitrust enforcers have legal jurisdiction over all M&A transactions that affect U.S. commerce, irrespective of the size of the parties, the transaction, or the markets involved; and second, deals can be challenged anytime, even after closing.

Most of the recent post-closing challenges involved deals that were not reportable under the Hart-Scott-Rodino (HSR) Act, because they fell below the statutory size thresholds that trigger a mandatory HSR notification to the FTC and DOJ. For example, in December 2017 DOJ filed a complaint against TransDigm Group Inc.’s $90 million acquisition of two commercial airplane restraint system businesses from Takata Corporation, a non HSR-reportable deal that had closed in February 2017. DOJ found that the transaction had eliminated TransDigm’s closest (and in some cases, only) competitor in the markets for various types of restraint systems, which was likely to lead to higher prices and less innovation.  To avoid the expense and burden of continued investigation and litigation, TransDigm entered into a settlement with DOJ in which it agreed to divest the airplane restraint system assets it had acquired from Takata, effectively unwinding the acquisition. 

Also in December 2017, the FTC filed an administrative complaint seeking to unwind a merger consummated three months earlier between two manufacturers and suppliers of microprocessor prosthetic knees, Otto Bock HealthCare North America, Inc. and FIH Group Holdings, LLC (aka Freedom Innovations). According to the FTC’s complaint, the transaction eliminated direct and substantial competition between Otto Bock and its most significant and disruptive competitor, Freedom Innovations, further entrenching Otto Bock’s position as the dominant supplier of microprocessor prosthetic knees. After closing the acquisition in September 2017, Otto Bock had already begun to integrate the Freedom Innovations business, but in light of the FTC action and the possibility of a forced divestiture, it agreed to take steps to hold separate and preserve the acquired business until the case is resolved.

We have also seen a rare post-closing challenge to a deal that was HSR-reportable, involving Parker-Hannifin Corporation’s $4.3 billion acquisition of CLARCOR Inc., a manufacturer of filtration products. In an unusual twist, DOJ challenged this transaction in September 2017, nine months after it had allowed the HSR waiting period to expire.  Reportedly, after the transaction received HSR clearance, a third party notified DOJ of a small competitive overlap in aviation fuel filtration systems.  DOJ investigated and found that Parker-Hannifin and CLARCOR were the only two domestic manufacturers of such products.  DOJ filed a lawsuit to force Parker-Hannifin to divest the aviation fuel filtration assets it acquired from CLARCOR, which the company ultimately agreed to do. Notably, the divested business had annual revenues of around $60 million, which accounted for less than half of one percent of the merged companies’ combined annual revenues of over $13 billion, and yet DOJ still expended the time and resources to investigate and bring a challenge.

As these recent cases demonstrate, companies that assume a small deal is safe from antitrust scrutiny do so at their peril, especially if the merging businesses are close competitors in a market with few players. Non HSR-reportable acquisitions involve unique risks and strategic considerations, particularly for the buyer. In addition, the agencies will examine even relatively minor overlaps between large companies.

Uptick in State Antitrust M&A Enforcement

In addition to the federal antitrust agencies, state attorneys general can and do investigate M&A transactions on antitrust grounds, and they can go to court to challenge deals that could harm consumers in a particular state. There is a long history of cooperation between federal and state antitrust enforcers in merger investigations. Several recent merger challenges brought by the Antitrust Division or the FTC were joined by one or more state AGs, including large national mergers such as Anthem/Cigna (eleven states and the District of Columbia) and Aetna/Humana (eight states and the District of Columbia), as well as smaller local transactions such as Sanford Health/Mid-Dakota Clinic (North Dakota).

Before Trump took office, there was speculation that if the Antitrust Division and the FTC became lax and took their foot off the merger enforcement pedal, the states would engage to fill the void. Despite the fact that the federal agencies have remained active, there has nevertheless been a recent increase in state AG merger enforcement, with a number of states, especially those with Democratic attorneys general, seemingly more willing to take the lead on matters or even “go it alone.”

In July 2017, California Attorney General Xavier Becerra sued to block Valero Energy’s proposed acquisition from Plains All American Pipeline of two petroleum storage and distribution terminals in the San Francisco Bay area. Notably, the challenge came after the FTC had already reviewed and cleared the transaction. The companies subsequently abandoned the deal.  In August, Washington State Attorney General Bob Ferguson filed a suit seeking to unwind Franciscan Health System’s consummated 2016 acquisition of WestSound Orthopaedics. That case is currently in litigation. Other Democratic state AGs, such as New York, have publicly stated a willingness to pursue antitrust cases, including merger cases, independently of the federal agencies.

State antitrust involvement is most likely in transactions that impact local geographic markets (e.g., hospitals, funeral homes, waste services, gas stations, grocery stores, other brick & mortar retail), national mergers with the potential to affect a large number of the state’s consumers (e.g., health insurance), and those where the state or its subdivisions are significant purchasers of the merging parties’ products or services.

As the recent cases in California and Washington demonstrate, companies increasingly must consider state reactions to proposed M&A deals and also need to recognize that state concerns do not always replicate federal views. State AGs tend to heavily scrutinize a transaction’s likely impact on local market conditions in their state and will sometimes challenge deals that are cleared by the FTC or DOJ, as in Valero/Plains. States may also influence the scope of remedies required for transaction approval: for example, an investigation by the New York AG’s office (in conjunction with the FTC and several other states) caused retail pharmacy chain Walgreens to restructure its 2017 purchase of almost two thousand Rite Aid stores to acquire 184 fewer Rite Aid stores in New York State than had been identified in its original acquisition proposal. Another important difference between federal and state M&A enforcement stems from the fact that the vast majority of state AGs are publicly elected rather than appointed, resulting in some states including non-antitrust-based concerns, such as job preservation, within the scope of merger investigations.

Conclusion

These recent developments highlight the importance of transacting parties performing antitrust due diligence early and irrespective of deal size. Often, parties will be able to rule out any serious antitrust issues with minimal time and expense. An upfront antitrust risk assessment can ensure companies go into a deal with their eyes wide open and can help avoid unpleasant surprises.

Facts of the LabMD Case

LabMD, Inc. was a cancer diagnostic testing facility that used medical specimen samples and patient information to provide diagnostic information to health care providers. The company was subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and had a HIPAA compliance program in place that prohibited the downloading of peer-to-peer (P2P) file-sharing applications on company computers. LabMD v. FTC, Case No. 16-16270 (11^th Cir. June 6, 2018), at 2. Now defunct as an operating company, LabMD nonetheless exists as a company and continues to protect its information.

In violation of this prohibition, a company billing manager installed LimeWire on a company computer. This P2P software permits users to make computer documents accessible to the larger LimeWire community. The manager made a file containing the personal information of 9,300 consumers (the 1718 File) available to approximately two to five million LimeWire users. The 1718 File included names, dates of birth, Social Security numbers, laboratory diagnostic and testing codes, and for some patients health insurance information.

A data security firm, Triversa Holding Corporation (Triversa), downloaded the 1718 File and contacted LabMD to offer remediation services, which were refused. The LimeWire was deinstalled from the billing manager’s computer. Triversa sent the 1718 File to the FTC.

In its resulting complaint, the FTC alleged a variety of general security failures around LabMD’s policies and procedures that the FTC decided ultimately led to the posting of the 1718 File.

The Eleventh Circuit noted that there was no evidence that any of the 1718 File information was accessed by anyone other than Triversa or that it was otherwise improperly used.

FTC Consent Orders and Reasonable Information Security Programs

The FTC has filed enforcement actions against a variety of companies for security program failures, alleging that such failures constitute an “unfair act or practice” under Section 5(a) of the Federal Trade Commission Act, 15 U.S.C. § 45(a) (the FTC Act or Section 5(a)). The resulting consent orders generally require the defendant companies to implement and maintain information security policies and procedures designed to protect consumer information.

In this manner, the FTC has for years been building a “common law” body of orders intended to require companies to maintain reasonable information security programs. The FTC published in 2015 a guide for companies based on these consent orders, Start with Security, which it updated in 2017 with its “Stick with Security” blog series. These guides are crafted as “lessons-learned” guidance and focus on the following:

1. Security and privacy programs aligned with the following principles: purpose or minimization limitation on the collection of personal information; retention for only as long as necessary; appropriate employee training and education; and consumer choice.
2. Data access controls designed to restrict access to personal information and limit administrative access.
3. Operational access controls, such as passwords and authentication processes.
4. Protection of data in storage and in transit.
5. Network firewalls and monitoring.
6. Remote access controls.
7. Addressing security in the development of new products or services.
8. Vendor management of security risks posed by third-party service providers.
9. Ongoing monitoring and evaluation of security processes.
10. Physical security of storage media.

The enforcement actions tend to arise out of fairly egregious facts and are usually precipitated by a significant data breach. Accordingly, the specific “lessons learned” are often a list of “do-nots.” For example, a do-not of LabMD is “do not allow downloading of P2P (or noncompany) software on company systems.” The FTC has leveraged these specific do-nots into a larger concept of reasonable security. In LabMD, the FTC reasoned that a general laxity of information security policies and procedures led to the installation and failure to detect the presence of the P2P software on the billing manager’s computer.

In its press release regarding its 2017 Annual Privacy and Security Update (the Update), the FTC expressly stated that it “uses a variety of tools to protect consumers’ privacy and personal information including bringing enforcement actions to stop law violations and require companies to take affirmative steps to remediate the unlawful behavior.” The FTC regularly includes comprehensive information security program requirements in its consent orders, attributing identified security lapses or breaches as resulting from weak security generally.

The FTC consent order security programming requirements tend to be: (1) technology-neutral; (2) intended to be evaluated and updated on a regular basis; and (3) focused on the individual company’s risk-management efforts, taking into account the amount of practical risk, costs involved, industry standards, and sensitivity of information, among other factors.

Other Regulatory Approaches to “Reasonable Security”

The FTC’s concept of “reasonable security” is consistent with approaches taken by other laws and regulatory guidance regarding information security programs. The consensus seems to be that as technology and innovation is evolving faster than the law, the applicable laws should focus on security management standards and goals, rather than express prescriptive rules.

For example, the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity https://www.nist.gov/cyberframework/framework (RMF) offers a general set of standards, guidelines, and best practices to manage cybersecurity risk in critical infrastructure. The NIST RMF is neither prescriptive nor specific. Rather, it allows companies to evaluate their security programs in light of “their organizational requirements and objectives, risk appetite, and resources against” certain “core” cybersecurity principles.

Similarly, the Federal Financial Institutions Examination Council (FFIEC) Cyberscurity Assessment Tool (CAT) provides a “repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time.” Like the NIST RMF, the FFIEC CAT offers core principles and goals but relies on the company’s own risk-management assessment and strategies. The FFIEC CAT maturity domains include general statements like, “[d]edicated cybersecurity staff develops, or contributes to developing, integrated enterprise-level security and cyber defense strategies” or “[t]he institution benchmarks its cybersecurity staffing against peers to identify whether its recruitment, retention, and succession planning are commensurate.”

State statutory and regulatory requirements around security programs are also general. For example, the New York State Department of Financial Services Cybersecurity Requirements for Financial Services Companies (the NY Cyber Reg) requires such companies to develop cybersecurity programs based on a risk inventory and assessment process, with the goal of developing a policy that addresses all of the following:

1. information security
2. data governance and classification
3. asset inventory and device management
4. access controls and identity management
5. business continuity and disaster recovery planning and resources
6. systems operations and availability concerns
7. systems and network security
8. systems and network monitoring
9. systems and application development and quality assurance
10. physical security and environmental controls
11. customer data privacy
12. vendor and third-party service provider management
13. risk assessment
14. incident response

Like the NIST RMF and the FFIEC CAT, which address the use of multifactor authentication and penetration testing, as appropriate, the NY Cyber Reg does not require the use of specific technology.

The more comprehensive Massachusetts cybersecurity regulation, Standards for the Protection of Personal Information of Residents of the Commonwealth (the MA Cyber Reg), requires companies to maintain cybersecurity programs that, at a minimum and to the extent technically feasible, should have the following elements:

1. Secure user authentication protocols including:
   (a) control of user IDs and other identifiers;
   (b) a reasonably secure method of assigning and selecting passwords, or use of unique identifier technologies, such as biometrics or token devices;
   (c) control of data security passwords to ensure that such passwords are kept in a location and/or format that does not compromise the security of the data they protect;
   (d) restricting access to active users and active user accounts only; and
   (e) blocking access to user identification after multiple unsuccessful attempts to gain access or the limitation placed on access for the particular system;
2. Secure access control measures that:
   (a) restrict access to records and files containing personal information to those who need such information to perform their job duties; and
   (b) assign unique identifications plus passwords, which are not vendor-supplied default passwords, to each person with computer access, that are reasonably designed to maintain the integrity of the security of the access controls;
3. Encryption of all transmitted records and files containing personal information that will travel across public networks, and encryption of all data containing personal information to be transmitted wirelessly;
4. Reasonable monitoring of systems for unauthorized use of or access to personal information;
5. Encryption of all personal information stored on laptops or other portable devices;
6. For files containing personal information on a system that is connected to the Internet, there must be reasonably up-to-date firewall protection and operating system security patches, reasonably designed to maintain the integrity of the personal information.
7. Reasonably up-to-date versions of system security agent software that must include malware protection and reasonably up-to-date patches and virus definitions, or a version of such software that can still be supported with up-to-date patches and virus definitions, and is set to receive the most current security updates on a regular basis.
8. Education and training of employees on the proper use of the computer security system and the importance of personal information security.

The MA Cyber Reg is technology-neutral, industry standards- and risk-based, and tied to a “reasonableness” concept.

Other state laws are even more broad. The recently enacted Alabama State Data Breach Notification Act (the AL Act) requires companies to maintain “reasonable security measures” to protect personal information. “Reasonable” means “practicable” in relation to a cost-benefit analysis, the type and volume of information involved, and the size of the entity, and with emphasis to be placed on “data security failures that are multiple or systemic” and taking into account consideration of all of the following measures:

1. designation of one or more managers of the security program;
2. risk inventory—both internal and external;
3. vendor management with contractual security obligations;
4. continuous monitoring and evaluation of threats and measures; and
5. board or management oversight.

LabMD Consent Order

The FTC’s consent order in this case, FTC Consent Order In the Matter of LabMD, Inc., Docket No. 9357, at 2–3, imposed security requirements that were commensurate with those imposed by previous consent orders, which required LabMD to:

establish and implement, and thereafter maintain, a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers by respondent or by any corporation, subsidiary, division, website, or other device or affiliate owned or controlled by respondent. Such program, the content and implementation of which must be fully documented in writing, shall contain administrative, technical, and physical safeguards appropriate to respondent’s size and complexity, the nature and scope of respondent’s activities, and the sensitivity of the personal information collected from or about consumers, including:

1. the designation of an employee or employees to coordinate and be accountable for the information security program;
2. the identification of material internal and external risks to the security, confidentiality, and integrity of personal information that could result in the unauthorized disclosure, misuse, loss, alteration, destruction, or other compromise of such information, and assessment of the sufficiency of any safeguards in place to control these risks. At a minimum, this risk assessment should include consideration of risks in each area of relevant operation, including, but not limited to: (1) employee training and management; (2) information systems, including network and software design, information processing, storage, transmission, and disposal; and (3) prevention, detection, and response to attacks, intrusions, or other systems failures;
3. the design and implementation of reasonable safeguards to control the risks identified through risk assessment, and regular testing or monitoring of the effectiveness of the safeguards’ key controls, systems, and procedures;
4. the development and use of reasonable steps to select and retain service providers capable of appropriately safeguarding personal information they receive from respondent, and requiring service providers by contract to implement and maintain appropriate safeguards; and
5. the evaluation and adjustment of respondent’s information security program in light of the results of the testing and monitoring required by [the order], any material changes to respondent’s operations or business arrangements, or any other circumstances that respondent knows or has reason to know may have a material impact on the effectiveness of its information security program.

Eleventh Circuit Holding and Reasoning in LabMD

The Eleventh Circuit held that the LabMD consent order was void for lack of specificity:

In the case at hand, the cease and desist order contains no prohibitions. It does not instruct LabMD to stop committing a specific act or practice. Rather, it commands LabMD to overhaul and replace its data security program to meet an indeterminable standard of reasonableness. This command is unenforceable.

The Eleventh Circuit acknowledged that due to limitations on legislating “an extensive list of unfair acts or practices,” Congress authorized the FTC “to establish unfair acts or practices through case-by-case litigation.” Notably, the court did not squarely address the issue of whether the FTC has data security enforcement authority under section 5(a).

The court focused on the FTC’s own two-prong test to determine whether an act or practice is “unfair” under section 5(a):

1. whether there is a “consumer injury,” which is substantial, not outweighed by a countervailing benefit to the consumer, and not reasonably avoidable by the consumer; and
2. whether the act “offended public policy as established by statute, the common law, or otherwise.”

The court found that “the [FTC’s] complaint alleges no specific unfair acts or practices” by LabMD other than the installation of P2P software on a single LabMD computer. The FTC complaint did not state that the installation of the P2P software violated a specific company policy. The court assumes that LabMD had a policy against the download. The court’s focus appears to be on this single violation, which, according to the court’s reasoning below, would justify an express prohibition in the consent order against policies or procedures permitting such an installation. The court did not discuss the FTC’s more holistic approach in the context of whether the company could have exercised better practices generally in implementing controls to actually prevent the employee from downloading external programs on a company computer, and whether such failure would warrant the imposition of more comprehensive security requirements, as was done in the order.

The opinion, however, assumed arguendo “that LabMD’s negligent failure to design and maintain a reasonable data security program invaded consumers’ right of privacy and thus constituted an unfair act or practice” under section 5(a).

The Eleventh Circuit recognized that although “[n]othing in the FTC Act addresses what content must go into a cease and desist order,” the FTC’s own procedural rule requires that “a complaint must contain a “clear and concise factual statement sufficient to inform each respondent with reasonable definiteness of the type of acts or practices alleged to be in violation of the law.” The court concluded that (1) the complaint must state violations with “reasonable definiteness,” and (2) the remedy (in this case, the requirements of the consent order) “must comport with this requirement of reasonable definiteness.” Accordingly, the opinion states that “the order’s prohibitions must be stated with clarity and precision.”

The opinion further explains how enforcement of FTC consent orders occur procedurally, either with enforcement by the administrative law judge (ALJ) or the district court. These authorities are charged with enforcement of injunctions of specific prohibited conduct enumerated in the consent order. The court concludes that the effect of indefinite requirements would lead to micromanagement in the form of constant interpretation and modification of the order by the ALJ or court.

The opinion holds that the order is void for lack of enforceability in that the order contained no express prohibited acts or practices: “it commands LabMD to overhaul and replace its data security program to meet an indeterminable standard of reasonableness.”

Implications for FTC Cybersecurity Enforcement

The FTC’s consent order in this case included comprehensive but general information security program requirements, which is consistent with its approach in many previous cybersecurity consent orders. The intent of the FTC appears to have been to craft an evolving concept of “reasonable security” and to require companies to monitor and develop their security programs over time. The Eleventh Circuit, however, rejected this approach as lacking in specificity. The implications for the enforceability of existing FTC consent orders is significant. If courts follow the LabMD holding, a domino effect voiding a long line of consent orders may well follow. Moreover, going forward, the FTC must consider including very specific security requirements and prohibitions in its consent orders.

At a recent conference, an FTC attorney advisor, speaking in her “personal capacity” and not on behalf of the agency, indicated in an off-the-cuff remark that they were “considering [their] options” in light of the opinion. Hot Topics in Advertising Law 2018, “FTC Year in Review” Practising Law Institute webinar (Christine DeLorme, 6/26/18).

The Eleventh Circuit emphasized that:

1. the posting of the 1718 File was in direct violation of a specific LabMD policy against downloading P2P software on company systems; and
2. the FTC did not demonstrate that any alleged general laxity in security programming resulted in this specific company policy violation.

Does this mean that if the FTC concludes that a company’s failure to implement adequate cybersecurity programs caused a specific unfair act or practice, the FTC must:

1. limit the remedy in the consent order to the specific act or practice; and/or
2. expressly demonstrate that the specific violation was caused by a broader, but still definite, series of security lapses?

The FTC cybersecurity consent orders generally require a long-term information security program (20 years is typical) that encompasses all of the company’s activities related to consumer information. Does the LabMD decision mean that the order must focus on the specific violation as of a definite point in time?

Consider a company that does not honor consumer choices regarding information offered through its website. For example, the company may not give the opportunity to consent to or opt out of sharing of personal information with unrelated third parties for marketing purposes, or may offer that choice but not honor it. Must the consent order be limited to requiring that consumer choices regarding such sharing of personal information collected via the website for marketing purposes be offered and honored? In that event, would other types of sharing not violate the order, even if consumer choices are offered but not honored? Alternatively, would the same company be liable if it later offered a mobile application and failed to offer or honor the same consumer choices via the app? Would the FTC have to micromanage the company’s information security program through a series of enforcement actions over time?

Conversely, should the FTC focus its efforts on promulgating regulations to require companies to implement reasonable security programs, as has been done with the other laws and regulatory guidance discussed above?

The potential importance of this opinion cannot be overstated, both with respect to its impact on existing FTC consent orders and the FTC’s ability to continue developing a concept of “reasonable security” while prosecuting unfair privacy and security practices on an action-by-action basis.

In principle, every case should be decided according to the facts and the law, no matter who is making the decision or in which forum. In practice, the forum making the decision can make a huge difference. In particular, the differences between litigation in court and arbitration before a private panel can be dispositive because of the differences in procedures, the nature of the forum, opportunities to seek fees and costs, and the opportunities for review after the proceeding is over. Those differences may also be critical regarding certain preliminary aspects of the dispute, such as requests for injunctive relief. Each stage of the process presents different kinds of strategic decisions.

The first question a litigator should ask herself when a dispute arises is where the dispute should be heard. Is there an arbitration clause that might be applicable? If there is, does it in fact apply? To a large extent, whether the clause applies will depend on the language of the clause and how it relates to the facts, although the Eleventh Circuit has cautioned that “‘[t]he case law yields no clear answer’ to the question of how broadly to construe an arbitration clause.” Hemispherx Biopharma, Inc. v. Johannesburg Consol. Invs., 553 F.3d 1351, 1366 (11th Cir. 2008) (quoting Telecom Italia, SpA v. Wholesale Telecom Corp., 248 F.3d 1109, 1114 (11th Cir. 2001)). For example, a clause that required arbitration of disputes that “arise out of or relate to” an agreement settling a dispute did not require arbitration of later conduct similar to what caused the settled dispute because that is a new dispute. Zetor N. Am., Inc. v. Rozeboom, 861 F.3d 807, 810 (8th Cir. 2017). A clause calling for arbitration of “[a]ny dispute arising from the [fundraising] Activity” covered by the contract did require arbitration of a minimum wage claim by a fundraiser. Leonard v. Delaware N. Am. Cos. Sports Serv., Inc., 861 F.3d 727, 729 (8th Cir. 2017). “‘[A]rising under’ language is narrower in scope than language, such as “relating to,” under which a claim may be arbitrable if it has a “significant relationship” to the contract, regardless of whether it arises under the contract itself.” Evans v. Building Materials Corp. of Am., 858 F.3d 1377, 1381 (Fed. Cir. 2017). An arbitration clause covering disputes that “arise out of or in any way relate to” the services provided covers antitrust claims by customers. In re Cox Enters., Inc. Set-top Television Box Antitrust Litig., 835 F.3d 1195, 1202 (10th Cir. 2016).

If the clause arguably does not apply, the attorney should ask herself whether it is worth trying to litigate the case in court. The other side may commence motion practice under section 3 of the Federal Arbitration Act to stay the action and have the dispute referred to arbitration. Even if that motion does not succeed, the exercise may take several months. Is the delay worth it? More to the point, what are the chances the case can stay in the court system? There is a strong policy in pretty much every court system in favor of arbitrating disputes. That means a party resisting arbitration needs a very strong argument as to why an arbitration clause does not apply. See, for example, Chassen v. Fidelity Nat’l Fin., Inc., 836 F.3d 291, 304 (3d Cir. 2016) (“[I]f the language of the contract is ambiguous, the presumption of arbitrability applies because we must resolve any doubts concerning the scope of arbitrable issues in favor of arbitration.” (internal quotations and alterations omitted)).

If there is no arbitration clause, should the parties consider whether to enter into a post-dispute arbitration submission agreement? Certain kinds of disputes might be well-suited for such a submission. For example, if the parties prefer not to have their dispute become a matter of public record, they might prefer to construct an appropriate arbitration procedure and panel for their dispute in order to avoid public scrutiny and press coverage. Alternatively, the nature of the dispute may require that it be heard in a court that is utterly unfamiliar with the type of case at issue; if the parties want a decision maker who has at least some clue about how to think about their dispute, they can agree to have their dispute arbitrated by a credentialed person.

There are limited opportunities to choose your judge if your case is in court. Most courts assign cases out of a wheel or similar random assignment system. It is easier to avoid a disfavored judge (by discontinuing under Rule 41(a)(1) and refiling) than to steer a case to a favored one. Arbitration affords greater opportunities for choosing the decision maker. The American Arbitration Association typically provides lists of proposed arbitrators and invites the parties to strike disfavored names. The arbitration agreement might provide procedures for selecting the arbitrator, set forth minimum qualifications, or name a specific person. In all events, the litigant should think hard about the characteristics of the person she wants deciding the case and plan the strikes and nominations with those goals in mind. One common procedure calls for each side to name one arbitrator and then the two named arbitrators pick the third. For this type procedure it is necessary to consider how persuasive your named arbitrator can be in order to keep the selection of the third arbitrator within acceptable bounds.

Choosing your decision maker should be part of your decision about what your overall approach to the dispute should be. In court the tools are well known: motions to dismiss to narrow the issues, discovery to learn the facts and lock the other side into their story, and motion for summary judgment to win the case or get as much of it decided in your favor as possible ahead of trial. Which tools you use and how, and which grounds you will raise at which stage of the proceeding, will vary from case to case, of course.

Arbitration presents a different set of challenges because you have fewer tools readily available. In most arbitrations, motions to dismiss are not contemplated. Discovery is more limited—typically there are no interrogatories or depositions. Specific types of arbitration might vary, such as FINRA arbitrations, and parties can always agree to additional procedures, but it is never advisable to rely on the other side’s agreeing to your preferred procedure.

In at least some federal courts, there is no third-party discovery in arbitration: third-party evidence either is before the arbitrators or not at all. See, for example, Life Receivables Tr. v. Syndicate 102 at Lloyd’s of London, 549 F.3d 210 (2d Cir. 2008); Hay Group, Inc. f. E.B.S. Acquisition Corp., 360 F.3d 404 (3d Cir. 2004). The Sixth and Eighth Circuits disagree. See In re Sec. Life Ins. Co. of Am., 228 F.3d 865, 870–71 (8th Cir. 2000); American. Fed’n. of Television and Radio Artists, AFL–CIO v. WJBK–TV (New World Commc’ns of Detroit, Inc.), 164 F.3d 1004, 1009 (6th Cir. 1999). This doesn’t necessarily mean the third party has to show up and testify; the arbitrator may and often will facilitate third-party discovery by directing that documents be produced before him or her at an interim hearing called for the sole purpose of having the third party produce documents. Often the adversary will see which way the wind is blowing and consent to having the production done without the arbitrator present. But a good litigator must bear in mind the relative ease of access to third-party proof.

The likelihood in arbitration is that you are going to trial. That means arbitration may provide you with tools that may not be available in court. Bear in mind the grounds on which arbitration awards can be vacated. They are set forth in section 10(a) of the Federal Arbitration Act:

1. where the award was procured by corruption, fraud, or undue means;
2. where there was evident partiality or corruption in the arbitrators, or either of them;
3. where the arbitrators were guilty of misconduct in refusing to postpone the hearing, upon sufficient cause shown, or in refusing to hear evidence pertinent and material to the controversy; or of any other misbehavior by which the rights of any party have been prejudiced; or
4. where the arbitrators exceeded their powers, or so imperfectly executed them that a mutual, final, and definite award upon the subject matter submitted was not made.

Although these grounds are narrow, they are real, and arbitrators don’t like being overturned any more than judges do. So they are likely to run the hearing in a way that will keep them far away from any of these. The ones that give parties the most scope for affecting the proceeding are subsection 3 and 4.

Defendants in particular can—and often do—use the prospect of a post-award vacatur proceeding under subsection 3 as a tool to obtain adjournments and to keep the record open for all kinds of evidence that in court might be viewed as cumulative or of limited probative force or questionable admissibility. Of course, it is possible to overdo it, and a good arbitrator will see through the more egregious misuses of this strategy.

Similarly, the parties may wrangle over the scope of the arbitrator’s power and how it is exercised because subsection 4 permits challenges on those grounds. These arguments will turn on the language of the contract that empowered the arbitrators in the first place (which may or may not be idiosyncratic, unclear, or debatable). In court, though, such issues typically are pitched in terms of jurisdiction, finality, or scope of discretion, and there is usually a wealth of case law to inform the parties’ arguments.

Courts, especially federal courts, have much more rigid guidelines for the procedures to be followed, well-defined evidentiary rules, and, in the main, a case-management ethic that expects judges to keep cases moving along smartly. Although the number of tools is greater (motions, discovery), the opportunities for delay in each part of the proceeding are far fewer. Unlike arbitrators, whose decisions are highly insulated from substantive review, judges can be reversed on appeal. Although appellate courts reverse trial courts in only a small percentage of cases, see, e.g., Just the Facts, (Dec. 20, 2016) (fewer than 9% of federal appeals resulted in reversals in 2015); National Center for State Courts, Caseload Highlights (March 2007) (of appeals prosecuted to decision, 70% were affirmed), the prospect of a reversal on appeal can occasionally be a useful tool for a litigant.

The bottom line: no matter which forum you are in, each stage of the proceeding requires that you keep in mind the rules of the forum so that you can construct your strategy to fit the forum and maximize your client’s chances.

Stuart Riback gratefully acknowledges the assistance and input of Judge Gail Andler (ret.), Peter Valori and Mian Wang.

Two recent decisions from the Delaware Court of Chancery offer new insight into the court’s application of an important exception to the attorney-client privilege in breach of fiduciary duty actions. The Garner exception to the attorney-client privilege, first articulated by the Fifth Circuit Court of Appeals in Garner v. Wolfinbarger, 430 F.2d 1093 (5th Cir. 1970), cert. denied, 401 U.S. 974 (1971), requires fiduciaries defending claims for breaches of fiduciary duty to produce otherwise privileged documents upon a showing of good cause by the party asserting the claims. The Supreme Court of Delaware has emphasized that the exception is “narrow, exacting, and intended to be very difficult to satisfy.” Wal-Mart Stores, Inc. v. Indiana Elec. Workers Pension Trust Fund IBEW, 95 A.3d 1264, 1278 (Del. 2014). Consistent with this view, in Buttonwood Tree Value Partners, L.P. v. R.L. Polk & Co., Inc., 2018 WL 346036 (Del. Ch. Jan. 10, 2018) and Morris v. Spectra Energy Partners (DE) GP, LP, 2018 WL 2095241 (Del. Ch. May 7, 2018), the Court of Chancery found the Garner exception inapplicable while providing new guidance on its limits.

Buttonwood Tree Value Partners, L.P. v. R.L. Polk & Co., Inc.

In this case, former minority stockholders of R.L. Polk & Co., Inc. (Polk) asserted direct breach of fiduciary duty claims against the Polk family, which collectively held approximately 90 percent of Polk common stock, and against directors affiliated with the Polk family. Plaintiffs alleged that these defendants breached their duties of loyalty and care in connection with a self-tender transaction orchestrated by the Polk family. According to plaintiffs, the transaction enriched the Polk family, who afterwards received dividends amounting to one-third of the self-tender price and sold the company for three times the self-tender valuation.

Invoking the Garner exception, plaintiffs moved to compel the production of privileged documents withheld by defendants that related to the sale of the company, the self-tender, and various restructuring options under consideration at the time of the self-tender. The court explained that in evaluating whether a stockholder has established sufficient “good cause” to warrant application of the Garner exception, Delaware courts focus on three of the factors identified by the Fifth Circuit in Garner: “(1) the colorability of the claim; (2) the extent to which the communication is identified versus the extent to which the shareholders are blindly fishing; and (3) the apparent necessity or desirability of shareholders having the information and availability of it from other sources.” In its view, the first and second of these factors act as “gatekeepers” that “strain out frivolous attempts to vitiate the privilege.” The third factor, applicable only when the first two are satisfied, reflects “a balancing test to see whether the interest in discovery, or that of maintaining the privilege, is paramount.” The court noted that Garner “balances the [attorney-client] privilege’s purpose of encouraging open communication between counsel and client against the right of a stockholder to understand what advice was given to fiduciaries who are charged with breaching their duties.” (Quotations and citations omitted.)

The court found that the first factor weighed in favor of disclosure of the privileged documents at issue because the court previously held that the complaint stated claims against the Polk family and its affiliated directors for breaches of fiduciary duty, and therefore the claims were colorable. The court found that the second factor also weighed in favor of disclosure because the documents at issue, although “relatively large” in number (1,200), were tailored to plaintiffs’ allegations, and there was no indication that production of the documents would be overly burdensome.

Having found that plaintiffs “cleared the initial hurdle” imposed by the first two factors, the court turned to the third factor and found that it weighed against disclosure because the plaintiffs had not demonstrated that the information sought was unavailable from other nonprivileged sources. In so finding, the court noted that plaintiffs had yet to depose any witnesses, and there was no reason to believe that depositions would fail to reveal information about the sale of the company, the self-tender, and the restructuring options considered at the time of the self-tender. The court rejected plaintiffs’ argument that the documents at issue were necessary to prepare for the forthcoming depositions or to test the witnesses’ credibility. The court reasoned that such concerns are always present, and if the court were to adopt them as a basis to apply the Garner exception, the scope of the exception “would expand significantly, an outcome contrary to our Supreme Court’s admonition that the exception is ‘narrow, exacting, and intended to be very difficult to satisfy.’” (quoting Wal-Mart, 95 A.3d at 1278). The court emphasized that a stockholder invoking Garner must establish that they “have exhausted every available method of obtaining the information they seek.” Given that plaintiffs did not do so, the court concluded that the balancing test under the third factor “tip[ped] against disclosure of the privileged documents,” and held that the Garner exception did not apply.

Having held that plaintiffs failed to demonstrate that their motion to compel should be granted, the court found it unnecessary to decide whether Garner could apply to the direct, as opposed to derivative, claims in issue. Defendants argued that Garner applies only to derivative claims “where [the] defendant corporate actors assert the privilege on behalf of the very entity that the plaintiffs purport to represent derivatively, in which case the assertion of the privilege on behalf of the corporation and its principals may be inimical to the corporate interest.” Without deciding the issue, the court noted that the Garner exception logically applied in the context of direct claims for breach of fiduciary duty, “but that the nature of the action must be accounted for in the balance of interests that Garner requires.”

Morris v. Spectra Energy Partners (DE) GP, LP

The discovery dispute at issue in this decision arose in the context of a challenge to a transfer of certain assets of Spectra Energy Partners, LP (Spectra LP) to a principal of Spectra LP’s general partner, Spectra Energy Partners (DE) GP, LP (Spectra GP). Spectra LP’s limited partnership agreement (the LPA) eliminated common-law fiduciary duties, but required Spectra GP to act in good faith with respect to such transfers. The plaintiff, a common unitholder of Spectra LP, claimed that Spectra GP breached its duty to act in good faith by knowingly approving a transfer of assets for approximately $500 million less than the assets were purportedly worth.

The plaintiff moved to compel the production of two documents in unredacted form under the Garner exception. In a matter of first impression, the court considered whether the Garner exception applies in circumstances where a limited partnership has eliminated common-law fiduciary duties. Relying on precedent holding that the Garner exception is limited to circumstances where there is a fiduciary relationship between the party challenging the privilege and the party asserting it, the court concluded that the Garner exception does not apply when fiduciary duties are expressly disclaimed.

In so finding, the court emphasized the policy underlying the Garner exception, which rests on the “mutuality of interest” between a stockholder and a fiduciary when the fiduciary seeks legal advice in connection with actions taken or contemplated in his role as a fiduciary. In such circumstances, the court reasoned, the stockholder is “the ultimate beneficiary of legal advice sought by fiduciaries qua fiduciaries,” making it appropriate for the stockholder to view the communications reflecting the advice in certain circumstances. The court recognized that the Garner exception has been applied in situations far removed from stockholder derivative suits (i.e., actions by trust beneficiaries against the trust and trustee, and actions by creditors against a bankruptcy creditor’s committee), but a fiduciary relationship existed in these cases, establishing the requisite mutuality of interest between the parties.

Given that there was no fiduciary relationship between the plaintiff and Spectra GP under the express terms of the LPA, the court concluded that the mutuality of interest underpinning the Garner exception did not exist, and the Garner exception therefore did not apply.

Key Takeaways

Although application of the Garner exception is necessarily a fact-specific inquiry, these recent decisions offer certain key insights for litigants prosecuting or defending breach of fiduciary duty claims in the Delaware Court of Chancery:

• Fiduciary relationship required, and contractual duties are not enough. The court’s decision in Morris makes clear that the Garner exception is unavailable where common-law fiduciary duties are disclaimed by contract and therefore no fiduciary relationship exists. The LPA in Morris replaced common-law fiduciary duties with contractual duties, and although not expressly addressed, the court’s decision appears to render Garner inapplicable to actions involving breaches of contractual duties. Therefore, even if a plaintiff asserting breaches of contractual duties could otherwise satisfy the high burden required for Garner’s application, it is unavailable in that setting.
• Garner likely applies to direct fiduciary breach claims, but the burden of establishing good cause may be higher in that context. Although the court in Buttonwood did not decide the issue, it surmised in dicta that the Garner exception would apply to direct fiduciary duty claims as well as derivative claims. In Garner, where the claims were both direct and derivative, the Fifth Circuit noted that its decision was not dependent on whether the derivative claim was “in the case or out.” Garner, 430 F.2d at 1097 n.11. In Buttonwood, however, the court cautioned that the nature of the claim should be considered when balancing the interests inherent in the attorney-client privilege against the interests of a stockholder seeking to review privileged communications. This suggests that stockholders invoking the Garner exception in the context of direct fiduciary duty claims may face a higher burden of establishing the requisite “good cause” necessary to invoke the exception.
• Garner does not apply if information sought is potentially available through depositions. When evaluating “the apparent necessity or desirability of shareholders having the information and availability of it from other sources,” the court will not likely find sufficient good cause to invoke Garner if the moving stockholder can obtain the information sought through depositions. Similarly, the potential usefulness of otherwise privileged documents to deposition preparation is not enough under Garner. Rather, a stockholder must exhaust other available options, consistent with the Delaware Supreme Court’s expectation that the Garner exception should “be very difficult to satisfy.”