Lenders foreclosing FHA-insured mortgages in Ohio often face challenges that contest the lender’s compliance with relevant regulations from the U.S. Department of Housing and Urban Development (HUD). Like most courts throughout the nation, Ohio courts treat HUD regulations as contractual terms incorporated into FHA-insured mortgage loan documents. As Ohio case law on this issue continues to evolve, confusion—and sometimes shock—can arise for out-of-state lenders unfamiliar with the state-specific intricacies of litigating contested foreclosures involving FHA-insured mortgage loans in Ohio.

This article answers some of the questions that most commonly arise, beginning with more basic questions relating to what the relevant HUD regulations are and when the face-to-face meeting is required. The article then moves on to more challenging issues, such as whether compliance is a condition precedent or affirmative defense and why that matters, whether HUD deadlines are mandatory or aspirational, and how lenders should correct compliance errors if discovered after they already started a judicial foreclosure.

What Are the Relevant HUD Regulations?

Most lenders are familiar with the notice provisions governing acceleration in standard mortgages and notes. These provisions typically require lenders to send borrowers notice of their default and the action required to cure the default, provide a deadline not less than 30 days from the notice for the borrower to cure the default, and advise the borrower that failing to cure the default could result in acceleration and foreclosure.

Most mortgages and notes for FHA-insured loans do not expressly include these provisions. Instead, the loan documents allow lenders to accelerate delinquent loans but also acknowledge that HUD regulations will limit the lender’s ability to require immediate payment in the case of payment defaults. The standard FHA-insured mortgage and note both specify that they do not authorize acceleration or foreclosure if not permitted by HUD regulations. Ohio courts interpret these provisions to incorporate HUD regulations into the mortgage and note as additional contract terms. See, e.g., BAC Home Loans Servicing v. Taylor, 2013-Ohio-355, ¶ 14 (9th Dist.).

HUD codified its mortgage servicing regulations at 24 C.F.R. Subpart C. According to the regulations, “no [lender] shall commence foreclosure or acquire title to a property until the requirements . . . have been followed.” 24 C.F.R. § 203.500. “Before initiating foreclosure, the [lender] must ensure that all servicing requirements . . . have been met.” 24 C.F.R. § 203.606(a).

The regulations require lenders to notify borrowers in default “no later than the second month of any delinquency in payments under the mortgage.” 24 C.F.R. § 203.602. Lenders cannot foreclose until the borrower misses three monthly payments, and lenders must “make a reasonable effort to arrange” a face-to-face meeting with the borrower before the borrower misses three monthly payments, unless certain exceptions apply. 24 C.F.R. §§ 203.604, 203.606(a).

The lender must also evaluate the borrower’s account for appropriate loss mitigation actions before the borrower misses four monthly payments. 24 C.F.R. § 203.605(a). Before moving forward with foreclosure, the lender must notify the borrower that he or she is in default and that it intends to foreclose unless he or she cures the default. 24 C.F.R. § 203.606(a).

 Lenders typically comply with most of the regulations governing FHA-insured mortgage loans when following the same procedures developed for non-FHA-insured mortgage loans because most of the requirements substantively parallel other federal regulations and standard mortgage and note obligations. The primary difference is the face-to-face meeting requirement. 

When Is the Face-to-Face Meeting Required (and When Is It Not)?

The most often overlooked—and therefore most commonly litigated—HUD regulation is the face-to-face meeting requirement, which is not required by most traditional mortgages for non-FHA-insured loans. According to the applicable rule, lenders “must have a face-to-face interview with the [borrower], or make a reasonable effort to arrange such a meeting, before three full monthly installments due on the mortgage are unpaid.” 24 C.F.R. § 203.604(b). A “reasonable effort” must include both a certified letter to the borrower attempting to arrange a meeting and at least one trip to see the borrower at the property. 24 C.F.R. § 203.604(d). The trip is not required if the property is more than 200 miles from the lender.

The lender is not required to conduct a face-to-face meeting if the borrower does not reside on the property, has clearly indicated that he or she will not cooperate in the interview, or is making payments on a repayment plan that bring the loan current. 24 C.F.R. §§ 203.604(c)(1), (3), (4). The lender is also relieved of the face-to-face meeting requirement if its reasonable efforts to arrange the meeting were unsuccessful or if the property is more than 200 miles from the lender. 24 C.F.R. §§ 203.604(c)(2), (5). 

Is Compliance a Condition Precedent or an Affirmative Defense?

Ohio courts are split over whether HUD regulations constitute conditions precedent or affirmative defenses to the foreclosure. The majority rule is that they are conditions precedent; however, two appellate districts in the state treat them as affirmative defenses. See, e.g., U.S. Bank Nat’l Ass’n v. Cavanaugh, 2018-Ohio-5365, ¶¶ 15, 20–21 (10th Dist.); see also Wells Fargo Bank v. Goebel, 2014-Ohio-472, ¶ 20 (2d Dist.).

Ohio’s Second District, which includes the city of Dayton, holds that HUD’s face-to-face meeting requirement “creates an affirmative defense” for borrowers challenging foreclosure. Goebel, 2014-Ohio-472, ¶ 20. In Goebel, the lender failed to provide evidence showing it complied with the face-to-face meeting requirement despite the borrower having specifically denied the lender’s compliance in his answer. Nevertheless, the Second District affirmed the trial court’s summary judgment award, finding that the borrower did not present sufficient evidence to create an issue of fact as to whether the lender complied.

Ohio’s Tenth District, which includes the state’s capitol and largest city, also considers HUD regulations affirmative defenses. See GMAC Mortg. of Penn. v. Gray, No. 91AP-650, 1991 Ohio App. LEXIS 6004, 1991 WL 268742 (10th Dist. Dec. 10, 1991). In Gray, a borrower appealed the trial court’s summary judgment entry in a foreclosure action despite the borrower’s contention that the lender failed to comply with various HUD regulations. The appellate court reversed.

Although the parties in Gray do not appear to have raised the condition precedent/affirmative defense distinction, and the court did not specifically address the issue, the court found that “the failure of a mortgagee to adhere to the HUD servicing requirements . . . constitutes an affirmative defense to foreclosure.” The court determined that material facts remained in dispute about the lender’s HUD compliance, and it therefore overruled the trial court’s summary judgment order.

The Tenth District recently reaffirmed that Gray “remains good law,” and it confirmed its holding that HUD regulations constitute an affirmative defense as opposed to a condition precedent. Cavanaugh, 2018-Ohio-5365, ¶ 20. However, the court also recognized that multiple opinions from other Ohio courts “have dramatically changed the legal landscape,” and it advised that “the time may have arrived to revisit [the court’s] holding in Gray.” Nevertheless, the court declined to change course for the time being. 

Why Does the Condition Precedent or Affirmative Defense Distinction Matter?

Realistically, the distinction between a condition precedent and an affirmative defense only matters to save situations where either the lender or the borrower failed to raise the issue or present any evidence at the trial level and the issue arises on appeal. If the borrower properly brings the issue before the trial court, and both parties submit evidentiary quality material at the summary judgment stage, the affirmative defense/condition precedent distinction impacts only the timing of the parties’ submissions. See, e.g., PNC Mortg. v. Garland, 2014-Ohio-1173, ¶¶ 23–24 (7th Dist.).

For example, whether the borrower raises HUD regulations by specifically denying the face-to-face meeting as a condition precedent or challenging HUD compliance as an affirmative defense, he or she will likely submit an affidavit swearing that he or she did not receive the required notice and has no knowledge of any attempts to visit the property. The lender will then provide business records showing that it sent the notice and that a representative visited the property or that it was otherwise excused. The condition precedent/affirmative defense question simply changes who must present their materials first. See, e.g., Cavanaugh, 2018-Ohio-5365, ¶ 17–19; Goebel, 2014-Ohio-472, ¶¶ 18–19.

 More specifically, if compliance is a condition precedent, the lender must submit its evidence of compliance with its motion for summary judgment. See, e.g., Garland, 2014-Ohio-1173, ¶ 23. However, if noncompliance is an affirmative defense, then the lender need not disprove its noncompliance (i.e., the lender does not need to prove its compliance). Instead, the borrower must submit his or her evidence when responding to the lender’s motion for summary judgment or filing his or her own motion. The lender must then refute the borrower’s evidence with the appropriate materials. See Ohio Civ. R. 56(E).

Notably, in either scenario, the lender’s business records should trump the borrower’s unsubstantiated allegations, even at the summary judgment stage. See, e.g., A.J.R. v. Bd. of Educ., 2019-Ohio-3402, ¶ 17 (6th Dist.) (parties “cannot avoid summary judgment by submitting an unsupported, self-serving affidavit”) (internal quotations omitted). This is especially true where the regulation in question requires the lender to prove only that it sent the required notice or made the required visit, not that the borrower received the notice or that its representative actually made contact during the visit. See Goebel, 2014-Ohio-472, ¶ 19 (affidavit that borrower did not recall having a face-to-face meeting would not create fact issue to defeat summary judgment).

Thus, prudent Ohio lenders should submit evidence that they complied with the relevant HUD regulations with their motion for summary judgment regardless of whether the controlling jurisdiction considers it a condition precedent or affirmative defense—at least as to any regulations the borrower alleges the lender failed to follow in its pleadings. Only two appellate districts in the state consider compliance an affirmative defense, and one of those districts specifically advised litigants that it may revisit its ruling if necessary. See Cavanaugh, 2018-Ohio-5365, ¶ 21; Goebel, 2014-Ohio-472, ¶ 20.

Moreover, Ohio’s civil rules do not require defendants to plead affirmative defenses with the same specificity or particularity required when denying conditions precedent, meaning that if the trial court treats compliance as an affirmative defense, then borrowers technically do not need to raise the issue in detail at the pleading stage. Compare Ohio Civ. R. 8(B) with Ohio Civ. R. 9(C). Relatedly, some Ohio courts allow borrowers to raise issues they did not plead when responding to summary judgment motions, at least in some instances. See, e.g., Hillman v. Edwards, 2011-Ohio-2677, ¶¶ 14–18 (10th Dist). But see Nationstar Mortg. v. Young, 2016-Ohio-8287, ¶ 17 (9th Dist.) (assembling cases and discussing contrary rulings).

 Thus, if noncompliance is an affirmative defense, borrowers can potentially spring the issue on the lender at a later, more inconvenient stage of the litigation. For example, if the borrower presents a sworn statement that the lender failed to comply with HUD regulations for the first time when responding to the lender’s summary judgment motion, or if the borrower generally alleges noncompliance as an affirmative defense and then specifically raises an issue the lender did not expect during summary judgment, the lender may find itself scrambling to develop evidence of its own compliance within the ordinarily truncated time period for a reply brief. See Ohio Civ. R. 6(C)(1) (providing only seven days for reply briefs unless otherwise ordered).

In contrast, presenting the evidence upfront even in affirmative defense jurisdictions would demonstrate that the borrower cannot prove an essential element of his or her affirmative defense (noncompliance) because the lender complied. See Dresher v. Burt, 75 Ohio St.3d 280, 293 (1996) (explaining summary judgment procedure when the movant does not bear the burden of proof). It would also guard against late-raised arguments from the borrower and problems presented if the appellate court shifted the legal landscape under the lender’s feet.

Are the HUD Deadlines Mandatory or Aspirational?

Until somewhat recently, the timing requirements in HUD regulations caused the biggest headache for lenders foreclosing FHA-insured mortgage loans. For example, HUD regulations require that the face-to-face meeting occur “before three full monthly installments due on the mortgage are unpaid.” 24 C.F.R. § 203.604(b). The regulation’s timing component necessarily begs the question, “what happens if the lender—or, more often, a prior lender—fails to conduct or attempt to arrange the face-to-face meeting within three months of the borrower’s default?” Does the lender forever lose its right to foreclose?

All Ohio courts to have considered this issue now answer that question in the negative. See, e.g., Wilmington Savings Fund Society v. West, 2019-Ohio-1249, ¶¶ 18–31 (5th Dist.) (compiling and discussing cases). See also Cavanaugh, 2018-Ohio-5365, ¶ 32 (clarifying the Tenth District’s prior ruling in Wells Fargo v. Burd, 2016-Ohio-7706). As Ohio’s Fifth District recently explained, “the obligation to conduct a face to face meeting, or a reasonable attempt to do so is mandatory, but the requirement that the meeting or attempt occur before three full monthly payments are due is aspirational.” West, 2019-Ohio-1249, ¶ 23.

Notably, Ohio’s universal recognition that the timing components for HUD regulations are aspirational in the foreclosure context accords with the state’s standard principles of contract interpretation. The Ohio Supreme Court confirms that “[w]here possible, a court must construe [contracts] to give effect to every provision in the agreement.” In re All Kelly & Ferraro Asbestos Cases, 2014-Ohio-7104, ¶ 29. Courts therefore must “avoid [contract] interpretations that render portions [of the contract] meaningless or unnecessary.” Wohl v. Sweeney, 2008-Ohio-2334, ¶ 22.

 Thus, because courts deem HUD regulations incorporated into the mortgage and note as contract terms, they must construe the regulations in a way that avoids nullifying the parties’ rights and obligations whenever possible. See Asbestos Cases, 2014-Ohio-7104, ¶ 29; Wohl, 2008-Ohio-2334, ¶ 22. Reading a prohibition against correcting loan servicing timing errors into the mortgage and note would necessarily render other portions of those documents meaningless—including the lender’s overall right to payment and to foreclose the security given with the loan if the borrower defaults, which together constitute the entire purpose of the mortgage contract.

Moreover, neither the standard mortgage nor the standard note for FHA-insured loans specifically incorporates all HUD regulations into the agreement’s terms. Instead, the mortgage indicates that the instrument “does not authorize acceleration or foreclosure if not permitted by [HUD] regulations,” and the note specifies that it “does not authorize acceleration when not permitted by [HUD] regulations.” As discussed, courts must construe these provisions to avoid nullifying other contract terms if possible, and nothing in HUD’s regulations suggests that the agency intended to forever prohibit acceleration or foreclosure after the described timelines passed.

In fact, the regulations’ plain language seems to oppose the idea that mistakenly missing a deadline forever bars a lender from foreclosing on FHA-insured mortgages. The relevant regulations all speak in terms of barring foreclosure until the lender complies, not forever barring foreclosure if a lender temporarily fails to comply. See, e.g., 24 C.F.R. §§ 203.500 (No lender “shall commence foreclosure or acquire title to a property until the requirements of this subpart have been followed.”) (emphasis added), 203.606(a) (“Before initiating foreclosure, the [lender] must ensure that all servicing requirements of this subpart have been met.”). This language suggests that lenders need only comply before starting foreclosure proceedings.

Similarly, the regulations specifically outline the consequences of failing to comply. See 24 C.F.R. § 203.500. Those consequences include imposing “a civil money penalty” on the lender or withdrawing “HUD’s approval of a [lender].” They do not include prohibiting the lender from foreclosing the security for an FHA-insured loan. Indeed, “[t]he overall purpose of the FHA mortgage insurance program is to encourage lenders, in exchange for a government guarantee of the loan, to extend mortgages to those carrying higher credit risks.” Goebel, 2014-Ohio-472, ¶ 20 n.3 (quoting Wells Fargo v. Neal, 922 A.2d 538, 546 (Md. App. 2007)). Effectively wiping out mortgage liens for servicing errors hardly furthers that purpose.

How Should Lenders Correct Compliance Errors?

The last remaining—and likely most pressing—question is what a lender should do if it finds itself embroiled in a contested foreclosure without having complied with the relevant HUD regulations before filing its complaint. At least one Ohio appellate court holds that a face-to-face meeting conducted after commencing a failed foreclosure does “not comply with 24 C.F.R. 203.604(b) when the lender based its subsequent action on the same default as the first action.” Cavanaugh, 2018-Ohio-5365, ¶ 31 (discussing Burd, 2016-Ohio-7706). Some attorneys worry that this holding could require lenders to advance the loan’s due date before proceeding with a new foreclosure. However, lenders facing this situation should first consider options for distinguishing their circumstances from these rulings before choosing to credit payments on the loan.

In Burd, a borrower successfully challenged a lender’s foreclosure complaint on the grounds that the lender failed to comply with HUD’s face-to-face meeting requirements. The lender then filed another foreclosure alleging the same default date and contending that it complied with the face-to-face meeting requirement by participating in a court-sponsored mediation during the initial foreclosure. The trial court ruled that the lender again failed to comply with HUD’s face-to-face meeting requirement, and Ohio’s Tenth District affirmed.

The Tenth District rejected the lender’s position that it complied with the face-to-face meeting requirement despite not conducting or attempting a meeting within the first three months of the borrower’s default because the requirement’s specific timing component is aspirational, and it engaged in a court-sponsored mediation during the initial foreclosure. Burd, 2016-Ohio-7706, ¶ 13. The court acknowledged other Ohio courts’ determinations that the timing components are aspirational, but it found that the decisions did not bind its own review. It also distinguished those decisions from the facts at hand.

Noting that the court-sponsored mediation in the first foreclosure necessarily did not occur until after the lender had already filed at least one foreclosure based on the same alleged default in the current foreclosure, the court held that the lender “failed to comply with either the letter or the spirit of the regulation” because the borrower “had no opportunity to avoid foreclosure arising from that alleged default.” The court therefore upheld the trial court’s summary judgment ruling against the lender. It also expressly reserved a question about whether the lender “could demonstrate compliance with the regulatory requirements in another foreclosure action, perhaps based on a different default date.”

In Cavanaugh, the Tenth District later clarified that Burd “did not hold that a lender is barred from seeking foreclosure if it fails to appropriately act within the time period specified in 24 C.F.C. 203.604(b).” Cavanaugh, 2018-Ohio-5365, ¶ 32. Instead, the court confirmed “that a lender complies with 24 C.F.R. 203.604(b) if it conducts a face-to-face meeting, or if it makes reasonable efforts to arrange a force-to-face meeting, before filing its foreclosure.” However, the court reaffirmed its holding that a face-to-face meeting conducted after a failed foreclosure “did not comply with 24 C.F.R. 203.604(b) when the lender based its subsequent action for foreclosure on the same default as the first action.”

Importantly, the Tenth District in Burd indicated the ruling’s fact-specific nature several times. See Burd, 2016-Ohio-7706, ¶ 14 (“[u]nder the circumstances of this case . . .”, “[t[his is not a case where . . .”, “[r]ather, in this case . . .”). The court’s later clarification in Cavanaugh further supports this point. See Cavanaugh, 2018-Ohio-5365, ¶¶ 30–32 (reiterating the facts it found specific to its ruling in Burd). Thus, taken together, the opinions suggest that situations exist when lenders foreclosing in the Tenth District do not need to advance the loan to comply with the face-to-face meeting requirement after a failed foreclosure. However, the question remains exactly what facts the Tenth District would find sufficient to allow foreclosure without adjusting the loan’s due date.

First, once the lender confirms that it cannot demonstrate HUD compliance, it should voluntarily dismiss the foreclosure without prejudice. Proceeding through summary judgment risks an adverse ruling that may implicate res judicata concerns for later foreclosures. Relatedly, if the lender—or a prior lender—has voluntarily dismissed any earlier foreclosures, then it should avoid Ohio’s double dismissal rule by moving to dismiss under Rule 41(A)(2) rather than filing a notice of voluntary dismissal under Rule 41(A)(1)(a). See Olynyk v. Scoles, 2007-Ohio-2878, ¶ 23.

Next, the lender should take—and document—whatever steps are needed to fully comply with the applicable HUD regulations. The appellate court in Burd specifically noted with disapproval that the lender “made no other attempt” to arrange the face-to-face meeting beyond the court-sponsored mediation in its original foreclosure. Burd, 2016-Ohio-7706, ¶ 14 (emphasis added). It also expressly distinguished the case from a situation where a lender “holds a face-to-face meeting a few months after a third payment is missed but prior to filing foreclosure.”

These clarifications suggest that the Burd court may have viewed the situation more favorably had the lender made an effort to comply with the regulation apart from its court-mandated activity during the first failed foreclosure. Thus, taking steps to rectify previous oversights after dismissing the foreclosure may sufficiently comply with the “spirit of the regulation” by allowing the borrower an “opportunity to avoid foreclosure arising from that alleged default,” about which the court in Burd expressed concerns.

Moreover, dismissing the complaint without prejudice returns the parties to their pre-filing positions under long-standing Ohio law. See Denham v. City of New Carlisle, 86 Ohio St. 3d 594, 596 (1999) (“[a] dismissal without prejudice leaves the parties as if no action had been brought at all”) (quoting Deville Photography, Inc. v. Bowers, 169 Ohio St. 267, 272 (1959)). Accordingly, once the lender dismisses its prior complaint without prejudice, the earlier filing should no longer impact its options with respect to complying with conditions precedent for future foreclosures.

Finally, even if a lender chooses to take the conservative approach of advancing the loan’s due date before filing a new foreclosure, crediting the account for a single month—rather than bringing the account current or to within three months of a meeting attempt—should suffice. In Burd, the court posited without ruling that a lender could potentially “demonstrate compliance with the regulatory requirements in another foreclosure action, perhaps based on a different default date.” Burd, 2016-Ohio-7706, ¶ 14 n.2. Later, in Cavanaugh, the court confirmed that HUD’s specific timelines are aspirational, not mandatory. Cavanaugh, 2018-Ohio-5365, ¶ 32.

Reading the two opinions together, even if Burd precludes lenders from suing on the same default for inadvertently filing their complaint before fully complying with HUD—a position not mandated by a careful review of the opinion—moving the borrower’s due date up one month would allow the lender to sue on a different default. The lender could then take the necessary actions before filing its new complaint, thereby meeting its HUD obligations notwithstanding the passing of any aspirational deadlines. See Cavanaugh, 2018-Ohio-5365.

Conclusion

FHA-insured mortgages incorporate HUD regulations as contract terms in the loan documents. Although the specific deadlines are aspirational, lenders must comply with the regulations before foreclosing. When litigating a contested foreclosure where the borrower alleges failure to comply with applicable HUD regulations, lenders should determine as early as possible whether they can demonstrate full compliance. If they cannot, then they should voluntarily dismiss their action without prejudice and take all reasonable steps to comply with the spirit and the letter of the regulations.

The term “whistleblower” was coined over three decades ago by a New York Times reporter and subsequently adopted by Ralph Nader to describe a Washington, D.C. conference wherein numerous papers were presented on the subject. Today, the whistleblower is a well-known term throughout the world; however, industries face new dilemmas as governmental or internal mandates increase the implementation of whistleblower systems for the reporting of misconduct. With the advancement of technology, there are many options, but it is proposed herein that the blockchain protocol is an innovative solution to this directive, given its broad applications to diverse fields and markets. This article provides an overview of blockchain and its defining attributes and a supportive discourse of the blockchain on usage in a whistleblower programs.

I. What Is the Blockchain?

The blockchain platform is a streamline application or software that brings simplicity by decentralizing access to data through peer-to-peer technology so individuals or entities can view information and communicate directly with each other on a distributed database rather than through a centralized server.[1] Hence, no one entity or person has control over the information contained on the blockchain ledger because each computer on the network or “node” contains a copy of every transaction completed on a particular blockchain. These records, or transactions, are grouped together in a structure referred to as a “block” that is labeled with a hash “to the last block so that any attempt to change a prior block has a cascading effect on each subsequent block.”[2] This procedure precludes change to the content stored on block—often referred to as “immutability.” In addition to these attributes, blockchain provides transparency and computational logic regarding the inputted data.[3] Although there are other characteristics of blockchain technology that are relevant, the essential attributes that would assist in reporting of misconduct are the following:irreversibility, or immutability of data, and the distributed ledger. The former characteristic, “immutable,” means that once the informant reports an impropriety, the data cannot be altered[5]; this attribute is secured by computational logic or algorithms that ensure the integrity of the data. The distributed ledger provides that everyone on the blockchain can see changes to the data as well as the data itself.

II. Public Versus Private Public Blockchain

The term “blockchain” is readily associated with the exchange of cryptocurrencies, e.g., bitcoin, to verify the exchange of currencies;[6] however, it is most likely that users selling or buying cryptocurrencies do not understand that the system backing their activity is on the blockchain. Notably, the cryptocurrency bitcoin, the value which is based on supply and demand in contrast to fiat currency, was first introduced and founded on public blockchain technology. Shortly thereafter, it was noted that the underlying technology of bitcoin could be facilitated for other interorganizational cooperation, and a proliferation of other forms of the blockchain were employed.[7] Although this association is correct, this use is referred to as the “public” blockchain. As the term implies, all members can download the application and exchange cryptocurrency. The most profound feature, and one frequently stressed by proponents of the public blockchain, is that the user on the public blockchain is anonymous. Although it is conceptually valid that users are unknown on a public blockchain, there exist various methods in which identities can be known, including, but not limited to, legal discovery procedures.[8] To verify transactions on a public blockchain, each node on a network reaches a consensus on the validity of each transaction. This validation is performed by certain nodes, or “miners,” who apply various algorithms to verify the transactions. Once the miners reach an agreement, the transaction is recorded on the block chain. In exchange for their computation, miners on public blockchains are given a percentage of cryptocurrency.

In contrast to the public blockchain, there is the “private” blockchain. Specific industries have adopted the “private” blockchain,[9] including clinical research,[10] and more recently several state legislatures have implemented blockchain legislations to record data on a blockchain ledger.[11] Unlike public blockchains, where the identity of users is anonymous, a private blockchain is permissible, and only individuals invited on the network have access to the information, but the security and immutability of data still applies. The performance of the miners is provided through permissible access to the blockchain. Hence, both public and private serve as an ideal platform for implementation for a whistleblower program based on the needs of the entity.

III. Online Reporting

Over half of the world’s population is active internet users, with a large percentage of that number from China, India, and the United States.[12] These numbers suggest that a viable way for a company or industry to self-monitor themselves, whether required by law or for internal practices, is to facilitate an online informant program. The use of the internet for said purposes is not new in that numerous governmental agencies have developed online tools for reporting of misconduct. The Security Exchange Commission’s Tips, Complaints, and Referrals Intake and Resolution System (TCR System)[13] serves as an online recipient of all tips and complaints received by the Security Exchange Commission (Commission) and intakes referrals from self-regulatory organizations and other government agencies.[14] Although the Commission has reported an “upward trajectory” in reporting corporate misconduct, it is conclusive that the Commission has annotated that the reporting online is more effective and efficient as the tipper gets an automated response and the inputted information is populated among the staff, and after that distributed according to Commission protocol.[15] The European Commission Anonymous Whistleblower Tool to uncover cartels and other anticompetitive practice[16] and the U.S. Department of Labor’s Occupational Safety and Health Administration Online Whistleblower Protection Program[17] are other programs that have adopted an online reporting system. Although the protocol used for these programs varies, the blockchain platform is an affordable and efficient method, particularly for the private sector.[18]

IV. Whistleblowing Program Based on the Blockchain

The internal development of a whistleblower program as suggested by this article is a private blockchain with the primary establishment of the program itself at the business. It is essential that individuals are made aware of the program and of the reporting protocol. Once the informant is linked onto the protocol, entry of the data is recorded on the blockchain. At this juncture, the option of anonymous reporting can be implemented into the program by a variate in the system. The first block on the block chain is referred to as the genesis block. Once an informant reports information, the data entered cannot be deleted or changed due to the immutability capabilities of the program, and the information can be reviewed by those having access to the private blockchain, including the informant. The blockchain would also be an ideal mechanism for the fulfillment of recording mandates. As a business investigates a complaint, it can invite more people onto the network to partake in the investigation. See Illustration A.

V. Conclusion

The increase of compliance, whether it is medical research misconduct or internal business fraud, warrants exploration of innovative methods to address and resolve these matters. The blockchain protocol is a new mechanism to address these issues while providing transparency in its application. Although the platform does have flaws, given that no technology is without one, when properly implemented with other resources, the blockchain is a valuable source for regulatory issues and should be explored by entities seeking to achieve this outcome.

[1] Marco Iansiti & Karim R. Lakhani, The Truth About Blockchain, Harvard Bus. Rev. (Jan.–Feb. 2017); see also Scott D. Hughes, Cryptocurrency Regulations and Enforcement in the U.S., 45 W. St. L. Rev. 1 (Fall 2017).

[2] Shawn S. Amuial, Josias N. Dewey & Jeffrrey R. Seul, The Blockchain: A Guide for Legal and Business Professionals (Thomas Reuters 2016).

[3] Iansiti & Lakhani, supra note 1.

[4] Iansiti & Lakhani, supra note 1.

[5] While the blockchain provides a high degree of protection, no system is fully guaranteed.

[6] Iansiti & Lakhani, supra note 1.

[7] Vinay Gupta, A History of the Blockchain, Harvard Bus. Rev., Feb, 28, 2017; see also, hyperledger.org for further information.

[8] Notably, a federal court judge in 2016 ordered San Francisco-based Coinbase to comply with a summons that requires it to identify 14,355 accounts, which have accounted for nearly 9 million transactions.

[9] See also IBM website discussion on new commercial uses for blockchain ranging from health care to tracking of commercial shipments.

[10] Uti Tokoni, IBM Partners with Boehringer Ingelheim to Leverage Blockchain Technology for Clinical Testing, BTC Manager, Feb. 14, 2019.

[11] See generally, National Conference of State Legislatures summary of states that have adopted legislation regarding data preservation on the blockchain.

[12] J. Clement, Global Digital Population as of April 2019 (in millions), Statisca.com.

[13] U.S. Securities and Exchange Commission, Office of the Whistleblower; see also, Sarbanes–Oxley Act of 2002, Pub. L. No. 107–204, 116 Stat. 745 (July 30, 2002).

[14] Id.

[15] U.S. Securities and Exchange Commission, 2018 Annual Report to Congress Whistleblower Program, at 7 and 20.

[16] See also Treaty on the Functioning of the European Union and other related laws.

[17] U.S. Department of Labor’s Occupational Safety and Health Administration Online Whistleblower Protection Program; Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, 124 Stat. 1376 (2010).

[18] See hyperledge.org, supra note 6, as to access and development of programs.

If they have not already moved some of their information footprint to the cloud, most companies will soon enough. The cloud market is growing because the cloud provides “infinite” storage space for a company’s rapidly expanding information trove, but there are many compelling economic reasons as well. What is clear, however, is that migrating to the cloud—be it AWS, Google Cloud, or Microsoft Office 365—is replete with issues on which lawyers must weigh. Failure to engage the legal eagles upfront will result in unnecessary risk and exposure.

Microsoft Office 365 (Office 365) cloud is used by many companies the world over, but a company contemplating migrating its data to any cloud storage provider will do well to seek input from its lawyers (and other key stakeholders). Of note is that IT folks generally have two primary issues that make them not want to engage with lawyers. First, they do not like “it depends” type of answers, and second, they do not like to wait for legal advice. IT projects, including migrating to new environments, are generally on tight timeframes, and waiting for legal advice tends to delay implementation. However, migrating to Office 365 presents an organization with some unique opportunities, including cleaning up the current data debris as well as reducing privacy and information security risks associated with retaining unnecessary information. Further, the migration process will allow new policy and data governance rules to be applied to information that could address legal, compliance, regulatory, and privacy issues.

Although Office 365 offers organizations rich features and functionality to better manage its data from a security, discovery, access, and retention standpoint, getting it set up correctly will be hugely valuable during normal business operations as well as when litigation strikes. In addition, getting policies and rules decided upfront will help make the migration process more manageable and valuable.

Here are a few questions lawyers and risk and compliance professionals can answer:

What data should be migrated to Office 365? Most companies have decades of unstructured data and e-mail messages that have minimal value to the business. Such content may not need to be retained for legal or regulatory purposes and could pose an unnecessary risk and cost to the organization if it remains. There are simple rules that can be agreed upon to determine what information should be migrated and what information should be purged. Bringing the necessary stakeholders together with the lawyers can help the organization determine what type of diligence is needed before the content can be legally and defensibly purged. If the information is not needed, there is no good reason to migrate it to the new clean environment.

What happens with stored data from employees who have left the company and that are not on a litigation or preservation hold? Companies often do not have policy or practices that address data created or stored by employees who depart the company, either voluntarily or involuntarily. This lack of policy or practice leaves abandoned data sitting (sometimes forever) and likely unproperly managed. If the data are not on a legal or regulatory hold, then the lawyers can help IT determine what, if any, data should be migrated.

What policies should be developed or augmented to automate information management? Certain cloud providers like Office 365 allow an organization’s information to be managed automatically by pre-established rules. Most organizations probably do not have much, if any, management controls that govern unstructured content (like e-mail message, Word documents, etc.) stored in shared drives, personal drives, hard drives, e-mail, etc. This new functionality will remove the burden on today’s employees while promoting compliance, given that technology is usually better than individual employees at classifying information. Getting this issue right will require lawyers’ involvement. If lawyers understand the available functionality in Office 365, they can assist the organization in modifying policy that can be implemented by the technology. As an example, privacy labels (classification rule) can be put on content that includes personal information. This can limit who gets access to that type of content and can also require that a higher level of security be applied—all automatically.

How will discovery and litigation response be managed? Some of the cloud platforms offer tools that can help with discovery. In that regard, lawyers should also be involved in the technology-vetting process to ensure the organization is buying technology that satisfies its needs. In the case of Office 365, a rich set of tools is available for performing e-discovery, which can conduct searches across Exchange, SharePoint, OneDrive, Teams, etc. Prior to migrating to Office 365, lawyers must understand the new environment’s functionality in order to address issues regarding end user versus system preservation, or how long data will be retained after the end user deletes it, among other things.

How can an organization proactively establish records retention rules to support defensible disposal? Retention policies can be applied in Office 365 that can ensure records are retained for a specified duration and/or purged automatically when the retention period expires. This helps ensure compliance, mitigates risk, and minimizes the expense of storing unnecessary content longer than necessary. Policies can be set up to force labels to be applied to content by end users or can be automatically applied. Retention policies can be created based on the company’s retention schedule or a more simplified and defensible set of rules (i.e., three years for nonrecords). Retention can further be refined automatically for specific sets of data such as sensitive data types (credit-card, Social Security, and passport numbers).

How will event-based retention be managed? Event-based retention (a retention period that begins after some future event happens, such as a contract expiration date, for example) has been and continues to be a major headache for most organizations. If a retention rule for life insurance policies is tied to the death of a person in the future, managing that future event and retention can be a cottage industry for most companies. Similarly, if employees’ personnel records retention is tied to their termination, which is an unknown future date, retention of those records for all employees can be a challenge. Rules within Office 365 can be set up to address these complicated event-based retention periods (like contract expiration, employee termination, etc.).

Which information and e-mails should be encrypted? Cloud environments like Office 365 can tag and therefore protect e-mail by allowing users to select templates such as Encrypt and Do Not Forward when composing or replying to e-mail. Further, system administrators can also set up custom rules to automatically encrypt outgoing messages based on specific business criteria. Lawyers should help determine if automated rules to address content types (trade secret, intellectual property, PII, etc.) are needed and what those rules should be.

What can the company do to automatically protect its information assets? Cloud applications increasingly provide greater tools to help protect company information. Companies are turning to Data Loss Prevention (DLP) technology to automate the protection of information. Office 365 allows for the creation of policies that can alert, encrypt, or even block the transmission of sensitive data as identified based on predefined data types. As with encryption rules, lawyers should provide guidance on what content must be blocked based on the risk it poses to the company. Data theft by employees or outsiders is a real issue today, and lawyers must help define the parameters that would help sniff out and minimize this risk.

When is data removed from the old environment(s) after successful migration? Most business and IT professionals like to keep data “just in case” someone needs it down the road. Lawyers, on the other hand, may want information gone quickly if it does not have business, legal, or regulatory value. Discussing the real business, legal, and regulatory needs with lawyers and other key stakeholders is imperative to delete the data in its original storage location once it is validated that the information in the new environment is accessible and complete.

What other regulatory compliance rules must be proactively managed (GDPR or CCPA)? Lawyers can provide guidance to ensure regulatory compliance is automated as much as possible with the functionality available in Office 365. As regulations are passed, lawyers should work with IT to modify the rules applicable to the company’s data.

Flipping the switches, buttons, and toggles can be done by IT, but getting information management and governance right will require guidance and input from lawyers, compliance and privacy professionals, and business folks. Anything less will result in information not being there when needed or being there forever and creating liability and risk.

The cloud makes great business and technical sense for many companies. It can also be a boon to better information security and privacy management if companies choose wisely. The fact remains that not all clouds are created equal, but the good ones are valuable and even more so when lawyers play their part in making them come to life.

Many believe that blockchain technology is synonymous with cryptocurrencies, such as bitcoin and ethereum, yet cryptocurrency is just one of a multitude of applications of blockchain technology, and there are numerous industries, such as financial services and transportation, that will also benefit from this emerging technology.

Similar to artificial intelligence (AI), blockchain, or “distributed ledger technology” as it is more formally described, also has the potential to revolutionize aspects of the financial services industry as seen through the emergence of a wide range of FinTechs. One such area is structured finance where blockchain technology can be utilized to reduce servicing and reporting costs, create data management efficiencies, and increase transaction transparency throughout the securitization process from asset origination to secondary market trading. This article explores some of the benefits that would be offered from the application of blockchain technology to the securitization industry, thereby further enabling the monetization of otherwise illiquid long-term financial assets.

The Existing Process of Securitization

In the world of structured finance, securitization is the creation of liquid, asset-backed securities from pools of illiquid assets such as mortgages, lease agreements, and credit-card debt. These asset-backed securities are then sold to investors.

Almost any asset that generates a recurring stream of cash flow payments can be securitized if those payments can be used to fund their maintenance in aggregating structures and regular distributions to security holders. A special purpose vehicle (SPV) is typically used to purchase and hold the relevant assets, using the proceeds from the issuance of securities to investors to fund the purchase of these pooled assets. Securitization creates opportunities for both investors and creditors. Investors, in addition to enjoying attractive fixed returns on their equity, enjoy a reduction in risk because the risk is spread over a larger and more diversified basket of assets. Investors can also receive improved returns positively leveraged by debt. Traditional creditors benefit as their capital is freed up, thus increasing the availability of credit and promoting greater liquidity in the marketplace.

For all of its benefits, securitization is a complex process requiring numerous stakeholders relying on different sets of data and information. These stakeholders include legal counsel, accountants, rating agencies, and underwriters. Given that information and data relied on by stakeholders to structure or trade the security is not currently shared among stakeholders, nor in a standardized form, there exists significant inefficiencies that now pervade many aspects of the securitization lifecycle.

A lack of transparency, as well as difficulties in tracing relevant transactions related to the security, creates both reporting and underwriting inefficiencies that lead to increased expense and delay. This lack of transparency can also cause interpretation issues between stakeholders when performing various tasks surrounding the securitization process, such as valuing the assets and calculating the waterfall of payments that must be satisfied by the securitized asset pool.

Permissioned Blockchains

Blockchain technology is rapidly evolving, with many adaptations of this technology already in use. Even so, certain features underpin this technology and exist throughout all its variants. Blockchain technology offers an immutable, secure, transparent, and immediately verifiable method for performing transactions without the requirement for a trusted intermediary to process and report all transactions. The decentralized nature of this technology makes it considerably more secure than a database with only one single authority. It allows for faster transaction processing as the concept of objective “consensus” to the validity and accuracy of the transactions is built into this technology.

As outlined above, there are many adaptations of blockchain technology. One such variant is permissioned (or private) blockchains. Unlike permissionless (public) blockchains, which is the blockchain technology underpinning cryptocurrencies such as bitcoin, permissioned blockchains can restrict a party’s access to the blockchain and also limit such party’s read and write access to the data stored on the blockchain.

Blockchain Applied to Securitization

Administrators of permissoned blockchains can decide what parties may access or write data to the blockchain. This ability to control read/write access offers several advantages over permissionless blockchains in that it allows stakeholders to securely input proprietary information relevant to the transaction and ensure that only the appropriate parties have read access to such information. Permissioned blockchains still allow for data stored on the blockchain to remain auditable and traceable. The ability to restrict the read and write access to permissioned blockchains makes it well suited for securitization. This means that the information available to investors can differ from that available to regulators, investors, creditors, or credit rating agencies. In this example, regulators may be required to receive access to all information stored on the blockchain, whereas investors could be limited to accessing only necessary information. This ability to grant regulators with broader access rights is even more pertinent due to the ever-growing compliance obligations required by regulators in this sector.

Blockchain’s potential to establish a single source of information consistent among all parties will ultimately drastically reduce inefficiencies and costs. This leads to traceable, transparent, and auditable data at all stages in the securitization lifecycle from loan origination to secondary market transactions. In addition to minimizing the risk of fraud or error generally, compliance obligations could be more easily met in that regulators and auditors can use the blockchain to trace the ownership of the underlying securitized assets and any associated transactions. This single source of information reduces information asymmetry and creates a fairer system for all stakeholders, and offers the potential to remove intermediaries, thereby further reducing costs. The information on the blockchain can be used to better understand the available pool of underlying assets, including each asset’s payment history permanently associated with it.

The speed in which blockchain technology can process and record transactions could also reduce inefficiencies relating to trading and servicing the security. Trust in the accuracy and availability of information allows for increased certainty and faster payments and even greater trust in the securitization sector as a whole.

Potential Barriers to Adoption

With all its inherent and potential promise, blockchain technology must overcome several hurdles on the path to adoption in securitization. There must be significant buy-in from all stakeholders due to the upfront costs of developing, testing, and implementing blockchain technology for this industry. Stakeholders must agree on a standard or “protocol” for all data to be added to the blockchain and set up internal processes and procedures to ensure that it meets these standards. Stakeholders must also ensure that their infrastructure can interoperate with blockchain technology.

For securitization transactions, the laws that apply will depend on, and vary in relation to, the underlying assets and the applicable jurisdictions. Due to this complexity, organizations should engage regulators at an early stage to ensure that the technology is compliant with applicable laws. Organizations looking to implement blockchain technology for securitizations should seek advice from legal counsel with an understanding of the technology as well as the relevant applicable legal framework.

Conclusion

Although adoption of blockchain technology for securitization will require a significant concerted effort from and education of all stakeholders, including domestic and international regulatory bodies, the range and scope of benefits that this technology enables are substantial. Reduction in time and cost of securitization activities, coupled with greater transparency generally for all stakeholders, means that blockchain technology could indeed be transformational for securitization, if not altogether revolutionary.

On August 14, 2019, the National Labor Relations Board (the Board) issued a decision in Cordúa Restaurants, Inc. and Steven Ramirez and Rogelio Morales and Shearone Lewis, 368 NLRB No. 43 (2019), that reaffirms the status quo concerning the lawfulness of an employer’s ability to require its employees to waive their option to file or participate in class and collective actions. Relying heavily on Epic Systems Corp. v. Lewis, 138 S. Ct. 1612 (2018), the U.S. Supreme Court decision that held that arbitration agreements with class and collective action waivers in the employment context are generally enforceable, the Board held that employers can lawfully prohibit employees from filing or participating in class or collective actions, including any that are pending, by requiring them to sign arbitration agreements containing class and collective action waivers. In addition, the Board ruled that employers may threaten employees with disciplinary action, including termination, if they fail to sign such agreements, without violating the National Labor Relations Act (the Act).

The Cordúa case arose because in January 2015 seven employees of Cordúa Restaurants (Respondent) filed a collective action in the U.S. District Court for the Southern District of Texas alleging Respondent’s violations of the Fair Labor Standards Act and the Texas Minimum Wage Act. Several months later, approximately 13 employees had joined or opted into the case. Due to the growing number of opt-in plaintiffs, the Respondent issued a modified arbitration agreement that prohibited employees from opting into collective actions, which in effect applied to the pending lawsuit. The revised agreement provided: “I agree that I cannot file or opt-in to a collective action under this Agreement, unless agreed upon by me and the Company in writing.”

The Board grappled with two issues of first impression in this case: (1) whether the Act prohibits employers from promulgating agreements with class and collective action waivers in response to employees opting into a collective action; and (2) whether the Act prohibits employers from threatening to discharge an employee who refuses to sign a mandatory arbitration agreement containing class and collective action waivers. The Board answered both issues in the negative.

With respect to the first issue, the Board reversed the administrative law judge’s finding that the Respondent’s promulgation of the revised arbitration agreement violated section 8(a)(1) of the Act, which makes it an unfair labor practice for an employer “to interfere with, restrain, or coerce employees in the exercise of rights guaranteed in Section 7 of the Act.” The Board reasoned that because an employer can lawfully maintain or enforce class and collective action waivers as a condition of employment without violating the Act per Epic, and because opting in is a procedural step to join a collective action, an arbitration agreement that prohibits employees from opting into a collective action also does not violate the Act. However, the Board seemed to contradict this view that opting in is a mere procedural step by also assuming, without deciding, that opting into a collective action lawsuit is a protected concerted activity under the Act. Despite this, the Board ultimately found that the revised agreement did not restrict the employees’ section 7 rights to participate in concerted activity, which the Board assumed encompassed the right to opt into a collective action, because the agreement’s purpose was not to restrict section 7 rights, but to require employees to resolve employment-related claims through individual arbitration rather than through collective actions.

As for the second issue, the Board held that the assistant manager’s statements in response to employees’ concerns about signing the arbitration agreement did not violate the Act. In Cordúa, the employees’ assistant manager distributed the revised agreement and explained that employees would be removed from the schedule if they declined to sign the agreement. After two employees objected to signing it, the assistant manager warned that he “wouldn’t bite the hand that feeds me” and that he would instead “go ahead and sign it.” The Board reasoned that the assistant manager’s statements were not equivalent to an unlawful threat because per Epic, an employer can lawfully condition employment on the execution of an arbitration agreement with class and collective action waivers. Hence, the Board described the assistant manager’s statements as mere explanation of the “lawful consequences of failing to sign the agreement.”

The Board also adopted the administrative law judge’s finding that the Respondent violated the Act by terminating an employee after he engaged in the protected concerted activity of discussing issues relating to his wages with his co-workers and filing a collective action under the FLSA. Relying on Epic, the Board drew the line between subjecting an employee to disciplinary action for refusing to sign an arbitration agreement with class and collective action waivers, which is lawful, and disciplining, including terminating, an employee after filing a class or collective action, for concerted activity, which is unlawful.

It is surprising that the Board’s adoption of the administrative law judge’s decision was influenced by the Board’s reading of Epic. The Board wrote that nothing in Epic calls into question its longstanding precedent that section 7 protects employees when they pursue legal claims concertedly, thereby implying that filing a collective action is a protected concerted activity under section 7. However, in Epic, the Supreme Court opined that section 7 of the Act did not confer a right to pursue class or collective actions. Hence, the Board’s reliance on Epic as its legal foundation when the Board and the Supreme Court differ significantly on this important point raises more questions than it answers.

In a dissenting opinion, Member Lauren McFerran pointed out that the Board’s decision ignored its longstanding precedents, which have consistently held that an employer’s rule or policy is unlawful when it is promulgated in response to the employees’ protected concerted activity, even if that rule or policy is lawful on its face. Member McFerran reasoned that the Respondent revised the arbitration agreement in response to the employees’ filing and/or subsequently joining the collective action to discourage the employees from engaging in a protected activity, namely opting into the lawsuit. Hence, for Member McFerran, the promulgation of a facially lawful rule or policy in response to a protected activity was sufficient to violate the Act.

Member McFerran also found that the assistant manager’s statements about removal from the job schedule constituted an unlawful threat that violated section 7 of the Act. Member McFerran interpreted the assistant manager’s statements as attempts to silence discussion after the employees exercised their section 7 right by raising concerns and questions about the revised arbitration agreement. Member McFerran explained that a reasonable employee would have understood the assistant manager’s statement as a threat of removal from the schedule and/or discharge for raising concerns about the terms and conditions of their employment.

Despite the lack of clarity in some areas of the Board’s decision, it is undeniable that Cordúa is an addition to an employer’s litigation toolkit that offers legal support to limit or reduce an employer’s financial exposure in wage-and-hour class and collective actions. To be sure, the utilization of these class and collective action waivers in arbitration agreements is not without its limitations. For instance, employers should still be mindful of applicable contract defenses, such as fraud, duress, or unconscionability, that can challenge the validity of these agreements. Moreover, at least in the collective action context, Epic and Cordúa will most likely not disturb the settled law that the existence of arbitration agreements with collective action waivers will not defeat the first stage of conditional certification under the FLSA in that it raises a merit-based determination. Finally, requiring an employee to sign an arbitration agreement and terminating that employee when he or she refuses to do so may be deemed as interference with an employee’s rights or retaliatory under other statutes.[1]

[1] Goldsmith v. Bagby Elevator Co., Inc., 513 F.3d 1261, 1267–68 (11th Cir. 2008) (affirming that employer was not entitled to a judgment as a matter of law against employee’s claim of retaliation under Title VII and 42 U.S.C. § 1981 when employer terminated employee for failing to sign an arbitration agreement that applied to his pending charge with the Equal Employment Opportunity Commission); Bayer v. Neiman Marcus Group, Inc., 2018 WL 2427787, at *11 (N.D. Cal. May 30, 2018) (finding that plaintiff created a triable issue of fact that defendant interfered with plaintiff’s rights under section 503(b) of the Americans with Disabilities Act by threatening to terminate plaintiff if he did not sign the arbitration agreement even after plaintiff explained he did not want to do so because he did not want to be forced to arbitrate the claim raised in his pending EEOC charge); Rightnour v. Tiffany & Co., 239 F. Supp. 3d 744, 754 n.5 (S.D.N.Y. 2017) (“Indeed, Tiffany may have been concerned about the legality of terminating an employee with a pending claim before the EEOC for refusing to agree to arbitration.”).

Introduction

Your pacemaker uses machine learning algorithms to detect irregularities in your breathing and make related predictions about the function of your heart.[1] Although this allows for more precise treatment of your condition, it may take the privacy and security concerns from your smart watch, a mere wearable, and literally implant them into your heart.[2] Surgeons using smart scalpels;[3] dermatologists using AI-assisted research and data-mining tools to assist with difficult diagnoses;[4] radiologists using deep-learning algorithms to read diagnostic imagery with greater precision than human capability;[5] precision AI to detect breast cancer as well as applications in cardiology, pathology, and ophthalmology[6] are only some of the examples of the ever-increasing availability and use of wearable and implantable medical AI.[7] Each such use of medical AI offers potential benefits of greater patient well-being through earlier detection and more effective treatment of disease, but with all technology, the benefits come with trade-offs.

Some of these trade-offs come in the form of legal uncertainty. Indeed, increasing use of medical AI raises a number of legal questions. For example, who is liable if your heart is hacked and damage results?[8] Does available insurance adequately cover the risks?[9] Can patients be expected to understand enough about how a device functions to fully comprehend the scope of potential downstream risk?[10] This article offers a brief introduction to these issues and points out areas that require careful attention by legal scholars and practitioners alike.

A (Very) Brief Introduction to AI

Many misunderstand AI at least in part because of the lack of a generally agreed-upon definition.[11] When speaking in the most general terms, experts explain AI as “a set of techniques aimed at approximating some aspect of human or animal cognition using machines.”[12] Although many view AI as a broad term used to refer to a large set of information sciences, each with its own growing domain of research and application,^[13] advances in computer processing speed and the growth of big data promoted increased interest in a subdiscipline of AI generally referred to as machine learning.[14] Interest in machine learning is so widespread that popular discussion of AI often uses the term “AI” to refer to one or more types of machine learning.[15] Given that machine learning is typically used to make predictions, it often makes up some element of medical AI technologies.[16] As a result, the core issues that exist at the intersection of law and AI are also applicable in the medical AI context.[17] Complicating those already complex issues (because medical AI deals in large amounts of health data), medical AI also raises novel issues at the intersection of privacy law, cybersecurity obligations, and consumer protection.

Legal Issues in Medical AI: Automated Insulin Pumps

To explore the legal issues raised by medical AI, consider a specific use case. Medical professionals increasingly use AI to help treat chronic illnesses such as type 1 diabetes. An autoimmune disease that usually strikes children at the age of 12, medical professionals treat type 1 diabetes through the use of insulin. Insulin can be administered through daily injections or through the use of an insulin pump. Insulin pumps continually infuse insulin through a small catheter placed under the skin, which is changed out every two to three days.[18] The difficulty in treating type 1 diabetes lies in the regulation of blood sugar through this insulin infusion. Almost any external factor, such as food intake, water intake, exercise, temperature, and internal factors such as cortisol output, thyroid function, and other illnesses, can cause blood glucose readings to fluctuate wildly throughout any given day.[19] This fluctuation especially hits extremes in growing children and in those patients in the midst of puberty due to the natural hormone fluctuations that occur during that time.[20] In order to better control these blood sugar fluctuations, insulin pump manufacturers like Medtronic have begun to employ algorithmic and AI technology in their latest generation of insulin pumps.[21]

Medtronic’s 670G insulin pump uses data from a corresponding Continuous Glucose Monitor (CGM) worn by the patient to consistently alter insulin infusion.[22] The data flow supplied by the CGM allows the machine learning algorithm embedded in the insulin pump to automatically give less or more insulin as the patient’s blood glucose trend rises or falls.[23] This technology represents a significant step forward in the treatment of type 1 diabetes, and many view it as the next step forward for researchers working to create an “artificial pancreas,” an external device that would regulate blood sugars autonomously, without numerous interventions from the patient.[24]

Although this new insulin-regulating technology represents a significant step forward for patients and doctors, it highlights some of the key issues in the use of medical AI more broadly. The 670G pump uses “a human in the loop” type of AI[25] which utilizes machine learning but defers to humans for essential decisions.[26] Although this type of system can limit liability for the pump creator, it can impose a higher burden on patients because patients must interact with the pump repeatedly throughout the day and night.[27] Part of the difficulty in using a human-in-the-loop machine learning algorithm for treatment of chronic medical conditions relates to the “long tail problem.”[28] Essentially, a system may never get “smart” enough to truly be autonomous in some contexts because of the large quantity of variables that cannot be anticipated.[29] Wearable technology such as the 670G closed-loop hybrid insulin pump involves a vast number of variables internal and external to the body that greatly affect blood glucose values, and that limit the level of autonomy that can be achieved in this treatment context.[30]

Another set of issues raised by medical AI is cybersecurity and data privacy.[31] In the case of insulin pumps, many users are concerned about the capturing of their data and personal medical information by both insulin pump manufacturers and hackers.[32] This is especially important due to the rise of CGMs, which connect to a patient’s phone and computer automatically.[33] Although this connection can help the patient examine their blood glucose trends, it also makes sensitive medical data available to hackers who could manipulate readings, causing significant harm to the patient.[34] As the use of CGMs continues to rise not only in type 1 diabetics, but also in type 2 diabetics, cybersecurity will only continue to be a greater concern.[35] Notably, CGMS and the 670G pump represent examples of broader industry trends in which wearable medical technology use similar product approaches, triggering similar concerns.

Conclusion

In some medical contexts, AI has already proven itself effective in helping patients and doctors.[36] For example, the technology unquestionably improves diagnosis of diseases in certain contexts because information about diagnosis from imaging can be retrieved from a set of experts and input for evaluation by the computational device.[37] However, as evidenced by the example of the 670G insulin pump, the use of medical AI for ongoing treatment of chronic conditions poses some difficulties. Those difficulties, including heightened burden for patients using products that rely on a human-in-the-loop system, cybersecurity, and data privacy, represent issues that attorneys guiding companies in this context should keep in mind for the purpose of adequately conducting risk assessments and in the interest of serving patients well. If the future of medical AI is to extend beyond medical diagnosis of narrow conditions,[38] the law and lawyers guiding clients through the law as they build products should keep these issues in mind and seek workable solutions. Ultimately, medical AI represents an area to watch in that patients need the ability to make informed decisions about the trade-offs between potentially improved medical care and risks to privacy, security, and available remedies if something goes wrong with the device.

[1] Medtronic, PR Logic Algorithms: Cardiac Device Features.

[2] Neta Alexander, My Pacemaker Is Tracking Me From Inside My Body, The Atlantic (Jan. 27, 2018).

[3] Nat’l Health Service, Smart knife can tell cancer cells from healthy tissue (July 18, 2013).

[4] Esteva A, Kuprel B, Novoa RA, et al., Dermatologist-Level Classification of Skin Cancer with Deep Neural Networks, 542 Nature 115, 115–18 (2017).

[5] J.G. Lee, S. Jun, Y.W. Cho, H. Lee, G.B. Kim, J.B. Seo, N. Kim, Deep Learning in Medical Imaging: General Overview, 18 Korean J. Radiol. 570 (2017).

[6] Adam Conner-Simons & Rachel Gordon, Using AI to Predict Breast Cancer and Personalize Care, MIT News (May 7, 2019).

[7] Changhyun Pang, Chanseok Lee & Kahp-Yang Suh, Recent Advances in Flexible Sensors for Wearable and Implantable Devices, 130 J. App. Polym. Sci. 1429 (2013).

[8] Medtronic, supra note 1.

[9] Id.

[10] Id.

[11] Ryan Calo, Artificial Intelligence Policy: A Primer and Roadmap, 51 U.C. Davis L. Rev. 399, 403 (2017); Matthew U. Scherer, Regulating Artificial Intelligence Systems: Risks, Challenges, Competencies, and Strategies, 29 Hvd. J. L. & Tech. 353, 359 (2016) (“Unfortunately, there does not yet appear to be any widely accepted definition of artificial intelligence even among experts in the field, much less a useful working definition for the purposes of regulation.”).

[12] Calo, supra note 11, at 403.

[13] M. Tim Jones, Artificial Intelligence: A Systems Approach 5 (2007).

[14] Calo, supra note 11, at 403; see also Amanda Levendowski, How Copyright Law Can Fix Artificial Intelligence’s Implicit Bias Problem, 93 Wash. L. Rev. 579, 590 (2018) (“Most AI systems are trained using vast amounts of data and over time hone the ability to suss out patterns that can help humans identify anomalies or make predictions. Most AI needs lots of data exposure to automatically perform a task.”).

[15] Levendowski, supra note 14, at 590 (“When journalists, researchers, and even engineers say ‘AI,’ they tend to be talking about machine learning, a field that blends mathematics, statistics, and computer science to create computer programs with the ability to improve through experience automatically.”). There are several types of machine learning, the details of which are beyond the scope of this short article. For more information, see Stuart J. Russell & Peter Norvig, Artificial Intelligence: A Modern Approach 650 (2d ed. 2009).

[16] A. Michael Froomkin, Ian Kerr & Joelle Pineau, When AIs Outperform Doctors: Confronting the Challenges of a Tort-Induced Over-Reliance on Machine Learning, 61 Ariz. L. Rev. 33, 39–48 (2019).

[17] See generally Harry Surden, Artificial Intelligence and Law: An Overview, 35 Ga. St. U. L. Rev. 1305 (2019) (describing machine learning and expert systems as the two preeminent forms of AI in use today and offering an overview of the current associated legal issues).

[18] See Mayo Clinic, Type 1 diabetes.

[19] Id.

[20] Id.

[21] Id.

[22] See Medtronic, MiniMed 670G Insulin Pump System.

[23] Id.

[24] Id.

[25] Harry Surden, Artificial Intelligence and Law: An Overview, 35 Ga. St. U. L. Rev. 1305 at 1320 (2019).

[26] Id.

[27] Id.

[28] Id.

[29] Id.

[30] Id.

[31] David C Klonoff, Cybersecurity for Connected Diabetes Devices, J. Diabetes Sci. & Tech. (2015); W. Nicholson Price II, Artificial Intelligence in Health Care: Applications and Legal Issues, 14 SciTech Law. 10 (2017).

[32] Klonoff, supra note 31.

[33] Id.

[34] Id.

[35] Id.

[36] Surden, supra note 26, at 1325.

[37] Id.

[38] Id.

In Re PLX Technology Inc. Stockholders Litigation[1] is not just another opinion out of the Delaware Court of Chancery: it is a parable that captures the zeitgeist of our modern activist epoch. The facts (as established by Vice Chancellor Travis Laster[2]) unfold like a morality play with a familiar and colorful cast of characters and caricatures—the opportunistic shareholder activist fixated on wringing out a quick profit, the exhausted board surrendering to the inevitable, the conflicted banker playing both sides, the complicit lawyers covering up bad process, and the powerful but perfunctory proxy advisors acting as kingmakers. As the actors play their parts, they illuminate the practical realities and complexities of corporate America in the age of activism. Although not groundbreaking as a matter of legal precedent, the case offers “teachable moments” for all engaged in corporate governance and M&A.

The Story

PLX was a small cap Delaware corporation that developed and sold high-tech gizmos (more precisely, specialized integrated circuits used in connectivity applications). After a shareholder activist fund pressured the company to sell itself in 2012, it entered into an agreement to be acquired by a competitor, IDT. That deal was shot down in 2013 by the FTC on antitrust grounds, causing PLX’s stock to plummet. At that point, another activist hedge fund, Potomac Capital Partners, led by one Eric Singer and the antagonist in our tale, bought five percent of the company’s shares at the depressed price (later increasing its stake to 10 percent). Singer’s investment thesis was simple: he read in the proxy statement for the doomed IDT deal that another bidder, Avago, had expressed interest in buying PLX during the “go-shop” market testing period, and so he figured that he could force a sale and make a quick profit.

Singer fired off a series of highly critical public letters against PLX’s management and board of directors and bullied his way into meetings with them, demanding that they sell the company forthwith. He threatened to sue them personally and launched a proxy fight. The influential proxy advisory firm Institutional Shareholder Services (ISS), whose support the court acknowledged is the deciding factor in many proxy contests, endorsed Singer and his slate even though his only plan for the company was a quick sale. Singer prevailed and was elected to the board along with his two other nominees. At Singer’s “request” and with ISS’s support, he was made chair of the special committee formed to explore “strategic alternatives” (often, as in this case, a euphemism for an effort to sell the company).

Soon after that, PLX’s financial advisor was told by a representative of Avago (whom that adviser was separately representing in buying another competitor, LSI) that Avago was in the “penalty box” while it was buying LSI, but once that deal was completed, it would be happy to buy PLX as well. In addition, the representative specified the price that Avago was willing to pay—$300 million, about $6.50 per share—which was less than LSI had offered but well above PLX’s then-trading price. The financial advisor shared that information with Singer, but neither told PLX’s management or the other members of its board.

A few months later, shortly after Avago had closed its purchase of LSI, Avago’s representative met with Singer and offered to acquire PLX for $6.25 per share. As chair of the strategic alternatives special committee, Singer managed the negotiation process and led the board in a few short days to agree to a price of $6.50, exactly what Avago had said it wanted to pay a few months earlier (which fact remained concealed from the rest of the board).

One “major problem” for that deal, the court found, was that PLX management’s existing business plan generated a discounted cash flow valuation far higher than the proposed $6.50 price.[3] The special committee and the financial adviser had management prepare a lower set of projections, which happened to place the $6.50 deal price squarely in the middle of the fairness range, and which the financial advisor then used as its “base case” for its fairness opinion. The board accepted the deal price pushed by Singer even though they had not received the explanation they had requested for the changed business plan. The judge found that there had been a coordinated effort after the fact, including finessing board minutes and coaching witnesses, to characterize the original business plan as an “aggressive” upside case (while the buyer, he noted, continued to treat that as their base case and the revised lower set of projections as the “downside case”).

Thus, the deal was announced and the tender offer launched. No higher bidders emerged (although the agreement did not impose any preclusive deal protections), and the transaction closed with each share being converted into $6.50 in cash. The board’s 14D-9 recommendation statement advocating acceptance of that price had not disclosed that Singer and the company’s investment bankers had been told by Avago six months earlier what it would be willing to pay (or that this fact had been concealed from the rest of the board). It also asserted that the new projections on which the board’s approval of the deal price was based had been prepared “in the ordinary course of business.”[4] The court found both the former omission and the latter assertion materially misleading.

The plaintiffs sued the directors for breach of their fiduciary duties in approving the merger and for breaching their duty of disclosure when recommending the deal, and sued Potomac, the investment banker as well as the buyer Avago for aiding and abetting the directors’ breaches. The claims against Avago and some directors were dismissed, and the remaining directors and investment bank settled, leaving only Singer’s activist fund Potomac to defend the aiding and abetting claim at trial.

The Holdings

The court first held that because of the materially misleading public disclosures in the board’s recommendation statement, the directors’ decisions were not entitled to business judgment deference under the Corwin[5] line of cases. The directors’ actions instead would be subjected to the elevated level of judicial scrutiny under the Revlon[6] standard applicable when a board decides to sell the company that obligates them to seek the transaction offering the best value reasonably available to stockholders.

The court found that the company’s directors breached those fiduciary duties to stockholders by engaging in a sale process without knowing critical information in addition to breaching their duty of disclosure. The judge noted, however, that the directors other than Singer (who were no longer defendants because they had settled or been dismissed) could not be blamed in any morally culpable sense, given that they had been misled by Singer and their own financial adviser. Moreover, the judge noted that the sale process conducted by the board in this case would have fallen within in the range of reasonableness called for by Revlon absent the divergent interests of Singer and the financial adviser, which called for skepticism. In Potomac and Singer’s case, the judge noted that although shareholders are generally aligned in seeking higher value, “activist hedge funds are impatient shareholders” who “espouse short-term investment strategies and structure their affairs to benefit economically from those strategies, thereby creating a divergent interest in pursuing short-term performance at the expense of long-term wealth.”[7] The investment adviser’s conflicts derived from their contingent-fee arrangement and their “longstanding and thick relationship with Avago,”[8] both of which were disclosed, although the earlier price tip (which is what “fatally undermined the sale process”[9]) was not. The financial advisor had also settled before the trial, but both sets of divergent interests had “color[ed] the [c]ourt’s assessment of the decisions that the directors made.”[10]

Turning then to Potomac, the court held that the activist fund, acting through its co-manager Singer, had knowingly participated in—indeed caused—the directors’ breaches of duty by withholding material information from the board and by working to engineer the sale that he had wanted from the outset. The villain had been caught with his little red hands in the cookie jar. So far so good in our parable.

However, then came an unexpected plot twist: despite finding that Singer had acted improperly and caused the board to violate its fiduciary and disclosure duties, the court declined to grant any remedy for shareholders or impose any consequences on Singer or Potomac for their wrongful behavior. This is because the court found that the plaintiffs did not prove any causally related damages. The plaintiffs had argued that the company should have remained a standalone entity and, as such, it was worth more than $6.50 per share. The judge held that they failed to prove that point, and determining that on the record the merger consideration exceeded the standalone value of the company at the time it was sold, entered judgment in favor of the wrongdoers: Singer and Potomac could keep their ill-gotten gains.

The parties cross-appealed, the plaintiffs arguing that Vice-Chancellor Laster erred in not finding damages, and Potomac seeking to overturn the fiduciary breach findings. In a three-page opinion issued on May 16, 2019, the Supreme Court of Delaware affirmed the Court of Chancery’s finding that the plaintiffs failed to prove that they suffered damages and therefore did not need to address Potomac’s cross-appeal arguments. In essence, the Supreme Court determined that it had no basis to overturn the lower court’s decision that because the plaintiffs had not proven damages, Potomac could keep its gains whether ill-gotten or not.

The Moral of the Story

There are several morals that can be drawn from this sordid little tale.

One of them is hopefully not that activist stockholders can get away with unlawful and reprehensible behavior. An activist might be forgiven for concluding that, given the same situation, they can do exactly what Singer did because if they did not succeed in getting the company sold, there would be no claim, and if they did get it sold for a premium, a judge would say “no harm, no foul.”[11]

Many commentators on the corporate side of the debate over shareholder activism celebrated the PLX decision, lauding the Chancery Court’s recognition that activist shareholders often have short-term incentives that are not aligned with those of the shareholder body at large. They were also encouraged by the court’s reiteration that directors representing investors cannot cite their obligations to those investors to dilute their fiduciary duties to the company’s shareholders at large, its finding that Singer violated his duties as a director, and its willingness to hold Potomac liable for its representative’s behavior. There is indeed much to commend in this decision that should at least have activist investors considering whether their own self-interested tactics are consistent with the duties they or their board nominees have undertaken. However, the plaintiffs’ failure to convince the court that the wrongdoers did in fact cause harm to the shareholders is unfortunate.

A large part of the Chancery Court’s reasoning in holding that PLX’s shareholders were not harmed by the sale is that it was merely being true to the recent jurisprudence established in the appraisal context, as emphasized by the Delaware Supreme Court in the Dell[12] case. If the (adequately shopped) deal price is good enough to establish the value of the sold company for appraisal purposes, the argument runs, it should be good enough in the post-closing “quasi-appraisal” context as well. There is, however, a fundamental distinction between the PLX situation and the appraisal context. In a typical appraisal case, the board of directors had determined that the time was right to sell the company, and the question at issue is whether the price obtained in the sale was fair value for the challenging shareholder’s interest. In such a case, for all the reasons enunciated in the Dell and DFC[13] line of cases, it makes perfect sense to give great gravitational weight to the negotiated board- and shareholder-approved deal price. In a case like PLX, however, where an activist forced through the sale of the company, the claim that this was not the right time to sell the company, which would have been more valuable on a standalone basis, has more legitimacy. In most cases, activists who “force a sale” do so by obtaining shareholder support using some combination of financial power, stealth accumulation, bullying or bad-mouthing tactics, and open or covert collusion with their fellow travelers (or “wolf pack”). Given that they typically do not owe fiduciary duties to the other shareholders of the target company, these tactics, however disagreeable, do not amount to a fiduciary breach. (The collusion may violate federal securities laws,[14] but that is grist for a different morality play.) In this case, however, Singer added subterfuge to the usual activist arsenal and did so at a time when he was on the company’s board, thus owing duties both to the company’s other directors and to its shareholders, which he breached. Singer and Potomac’s behavior may well have cost PLX shareholders substantial value by causing the company to be sold before the time was right.

This is not just a hypothetical possibility, although the fact pattern is not one that comes up very often. One prominent example of how activist “value creation” by forcing the sale of a company can in fact be value destructive is provided by the case of Actelion Ltd., a Swiss biotech company. In 2011, Paul Singer’s Elliott Management ran a campaign to force “underperforming” Actelion to sell itself for around $10 billion (a seemingly reasonable premium to its then-market cap of around $7 billion).[15] Fortunately, Elliott was defeated (despite ISS having supported three of his candidates). This defeat allowed Actelion to keep building long-term value and sell itself in 2017 to Johnson & Johnson for over $30 billion, more than three times the value Elliott had hoped to yield.[16] Actelion’s shareholders would have forfeited over $20 billion in value if Paul Singer had used the tactics that Eric Singer used and won his bid to sell the company in 2011. PLX may well have been worth far more on a standalone basis, but the plaintiffs were not able to make that case.

Post-closing damages claims (sometimes called “quasi-appraisal” claims) are—and should be—difficult to sustain. As some recent cases have noted,[17] the Revlon test for board conduct in selling a company was designed with pre-closing injunctive relief in mind and is better suited to that equitable remedy than to post-closing damages awards. In general, plaintiffs seeking to assert that the directors did not satisfy their Revlon duties by designing a process to seek the transaction offering the best value reasonably available, or alleging flaws in the disclosure on which the stockholders’ decision is based, should bring those claims before the closing or the shareholder vote, as the case may be. However, in a case like that of PLX where the company’s management and directors were misled and unaware of the facts that “fatally undermined the sales process,” and so could not possibly have addressed them in designing the sale process or disclosed them to shareholders, there is no way the Revlon or disclosure challenges could have been brought in advance. In such a situation, a damages award against the party that tainted the process and caused the disclosure violations may well be warranted.

The lesson that activist nominees should and hopefully will derive from the PLX decision is that when they join a board, they are undertaking strict fiduciary duties to do what is best for all of the company’s shareholders, not just the investor who nominated them. They are now on judicial notice that the Delaware courts understand that activist investors often have a special interest in a short-term profit that diverges from the interests of the shareholders at large. This, of course, also—perhaps especially—holds true for activists nominating themselves. One possible consequence of this decision is that activists may seek fewer board seats for themselves to avoid the uncomfortable position of having to look out for the best interests of someone other than themselves.

The incumbent directors of the company did not escape criticism even though the judge acknowledged that they were not morally culpable. Recognizing that they had been kept in the dark by Singer and their own financial advisers on crucial facts, he nevertheless disparaged them for deferring to Singer and allowing him to control the process, and for being “susceptible to activist pressure,”[18] noting that they “found within themselves a new willingness to support a sale at prices below the values that they had previously rejected.”[19] Alighting on an incumbent director’s testimony that the board was “engaging in the ‘art of the possible,’” the judge perceived this as being in tension with their Revlon duty to seek the best transaction reasonably available.[20]

One can readily derive lessons for corporate directors from this judicial pen-lashing: stay strong; do not give in to activist pressure or defer to activists who join the board; insist on receiving the information you need to make the decisions you are called upon to make; and be vigilant to the possibility that those advising you, whether they be outside advisers, company management, or even other directors, may have conflicting interests that taint their advice. These lessons are important, and many of these critiques may well be applicable to the PLX board; however, anyone who has been in the trenches with a board facing an activist proxy fight can also sympathize to some degree with these incumbent directors.

As much as our corporate governance system in days of yore may have facilitated passive and complacent clubby boards, our current system is stacked against the incumbents. Unless there is a sizable friendly voting bloc in the boardroom, an activist is often able to declare victory as soon as he or she emerges from the shadows. Our securities laws’ early-warning system that was intended to alert the market to impending changes in control is based on half-century-old technology and fails to pick up the range of derivatives and swap transactions used by modern activists engaging in stealth accumulations.[21] Activists are often able to accumulate stakes close to or even over 10 percent of the outstanding shares by the time they have to unveil themselves. The lead activist is often followed by a wolf pack of “me-too” investors with smaller individual stakes that can add up to a sizable supporting bloc. Sometimes these investors are tipped off by the activist about the impending campaign. After the abuses of the 1980s, people like Michael Milken and Ivan Boesky went to jail for “stock parking” violations[22] not all that different to this, but the “group” concept in our securities laws requires an actual “agreement” (even if that can be just an oral understanding).[23] Modern “alpha-wolf” activists and their wolf packs are usually careful not to lay themselves open to allegations that they had agreed to form a group, thus triggering the filing obligation (within the outdated 10-day window), and they do not have to because they can rely on conscious parallelism based on aligned incentives. Often even when there is an acknowledged “13D group” acting in concert with respect to an activist campaign, the timing of the group’s formation is fuzzy, and the SEC has not been particularly aggressive in policing groups, but has allowed the activists to decide for themselves when in the course of their dealings they have reached a sufficient degree of agreement to consider themselves a formal “group.” Adding to the power of the activist, its group members, and its wolf pack, history shows that there is a high likelihood that the proxy advisors, particularly ISS, will throw their substantial weight behind the activist, at least partially. In most companies’ cases, this assures the activist another 10 to 20 percent in support. Moreover, the proxy rules also allow shareholders considerable leeway to communicate among themselves so long as they do not actually solicit proxies.[24] The result of all this is that by the time the activist files its 13D or summons the company’s leadership for a meeting, both sides already know that the activist has a leg up of 25 or 35 percent, if not more, and the activists can often say with some credibility (although they also often exaggerate) that they have spoken with and received support from a majority of the company’s shareholders. Is it at all surprising in this system that the incumbent board will often feel irresistible pressure to accommodate the activist, even if what is being demanded is not what they themselves might feel is the best path for the company?

In recent years, it has become standard operating procedure for a company attacked by an activist to try to reach a quick settlement on suitable terms, usually involving a number of board seats for the activist’s nominees or mutually acceptable third-party candidates, depending on the parties’ relative strength. This practice of settling quickly has in fact also been criticized, including by leaders in the institutional investor community like Larry Fink, CEO of Black Rock.[25] It is a rational response to the situation facing many boards, however, not only because of the likelihood that the activist will win seats anyway (for the reasons described above), but also because the implications of a nasty proxy fight can be devastating for the company and its strategy. The core skill of economic shareholder activists (in addition to their expertise in stealth accumulations) is their ability to drive change to make something happen. Some activists (ValueAct Capital is a leading example) specialize in working behind the scenes as long as possible and taking their fight public only if they believe it necessary to achieve their goals. Others (Carl Icahn and Paul Singer are prime examples) typically come out of the gate swinging, using aggressive tactics such as poison-pen letters and a withering campaign of personal attacks (sometimes with little regard for the veracity of their assertions). Like any other bully, they know that their ability to achieve their desired outcome is proportional to their ability to inflict pain and spread fear. These tactics do not only inflict a heavy personal toll on the directors and executives targeted (something that arguably goes with the territory and may even in some cases be warranted), but they can also jeopardize the company’s ability to succeed in its chosen strategy, sometimes leaving the activist’s plan as the only viable one.

This is not the corporate governance system one would design if one were writing on a blank slate. The PLX parable therefore also offers teachable moments for those who are empowered with the ability to influence our corporate governance system: the SEC, Congress, state legislatures, and judges. They should be aware of the flaws in our system so that they can try to address them.

At the most basic and practical level, companies and boards of directors can learn from PLX that they must remain extremely vigilant against activist investors, especially at moments of vulnerability. Any event that can cause a temporary drop in stock price creates an opportunity for short-term speculators—like Potomac in this case—to buy in and try to orchestrate a quick profit. Losing an announced transaction as PLX did is an obvious situation for such a risk, but unexpected management changes, natural or man-made disasters, legal pronouncements, announcement of some acquisitions, even missing a quarter by a few pennies, could do it too. Vigilance means having contingency plans, knowing what could happen and how you would respond, knowing who your friends and enemies are likely to be, and having a trusted team on deck to deal with any crisis that may arise.

[1] In re PLX Tech. Inc. Stockholders Litig., CA No. 9880-VCL, 2018 WL 5018535 (Del. Ch. Oct. 15, 2018).

[2] The 70-plus pages of factual findings summarized briefly in this article are, as in any case, based on the record before the judge and his determinations of which witnesses were more credible.

[3] In re PLX Tech. Inc. Stockholders Litig., CA No. 9880-VCL, 2018 WL 5018535 at *2 (Del. Ch. Oct. 15, 2018).

[4] Id.

[5] See Corwin v. KKR Fin. Holdings LLC, 125 A.3d 304 (Del. 2015). See also Singh v. Attenborough, 506 A.2d 151 (Del. 2016); In re OM Group, Inc. Stockholders Litig., 2016 Del. Ch. LEXIS 155 (Ch. Oct 12, 2016); In re Volcano Corp. Stockholders Litig., 143 A.3d 727 (Del. Ch. 2016).

[6] Revlon, Inc. v. Macandrews & Forbes Holdings, Inc., 506 A.2d 173 (Del. 1986).

[7] In re PLX Tech. Inc. Stockholders Litig., CA No. 9880-VCL, 2018 WL 5018535 at *41 (Del. Ch. Oct. 15, 2018).

[8] Id. at *43.

[9] Id. at *47.

[10] Id. at *43.

[11] Indeed, at last one article touted this case as a victory for Potomac and activist hedge funds. See Activist Insight, Potomac Capital Scores a Win in Pushing PLX Technology to Sell Itself , ValueWalk, Oct. 19, 2018.

[12] Dell, Inc. v. Magnetar Glob. Event Driven Master Fund Ltd., 177 A.3d 1 (Del. 2017).

[13] DFC Glob. Corp. v. Muirfield Value P’rs., 172 A.3d 346 (Del. 2017).

[14] See, e.g., 17 C.F.R. § 240.13d-102.

[15] See, e.g., Chris V. Nicholson, Investor Urges Shake-Up at Actelion, N.Y. Times, Feb. 4, 2011.

[16] See, e.g., Chad Bray, Johnson & Johnson Bolsters Drug Roster With $30 Billion Actelion Deal, N.Y. Times, Jan. 26, 2017.

[17] See, e.g., Corwin, 125 A.3d at 312 (Del. 2015).

[18] Id. at *45.

[19] Id.

[20] Id.

[21] See, e.g., Wachtell, Lipton, Rosen & Katz, Petition for Rulemaking Under Section 13 of the Securities Exchange Act of 1934 (Mar. 7, 2011).

[22] See, e.g., Steve Coll & David A. Vise, Alleged ‘Parking’ Scheme by Milken, Broker Probed, N.Y. Times, Feb. 25, 1989; David A. Vise & Steve Coll, SEC Charges Boesky Trader With ‘Parking’ Securities, Washington Post, Apr. 8, 1987.

[23] 17 C.F.R. § 240.13d-5(b).

[24] See, e.g., 17 C.F.R. § 240.14a-1(l)(2)(iv).

[25] Matt Turner, Here is the Letter the World’s Largest Investor, BlackRock CEO Larry Fink, Just Sent to CEOs Everywhere, Business Insider, Feb. 2, 2016.

Andrew Pery and Michael Simon have been commissioned by the ABA Business Law Section to write a book on Contract Analytics adoption trends. To that end, they have asked the Business Law Section membership to complete a brief survey about your views and use of Contract Analytics technology. You can access the survey by clicking here.

In his seminal work On Legal AI, Joshua Walker, a pioneer in the application of AI to the practice of law, posited the following rhetorical question relating to the benefits of applying AI to contract analysis: How do we use AI to produce “wise contracts”?

Walker’s predicate for posing this question is based on compelling empirical evidence. The legal profession is using outdated and inefficient practices in contract formation and analysis. As lawyers, we tend to be creatures of habit and, as Walker warns, “include certain vestigial clauses whose original purpose has long been absent and . . . do not necessarily reflect evolving business realities.”

In today’s interdependent and high-velocity business climate, contracts should not be viewed only as legal documents that may be used both as a sword and a shield in the event of breach or noncompliance, but rather as documents that set out a mutually enduring business relationship between the contracting parties. This ambition is far from current practices, however. In a recently published HBR article, A New Approach to Contracts, the authors, David Frydlinger, Oliver Hart, and Kate Vitasek, found that:

“[w]hen contract negotiations begin, they default to an adversarial mindset and a transactional contracting approach . . . used to try to gain the upper hand. However, these tactics not only confer a false sense of security but also foster negative behaviors that undermine the relationship and the contract itself.”

A McKinsey study likewise found that a narrowly focused transactional approach to contracting leads to considerable inefficiencies because such contracts “are lacking basic elements that could enable better vendor performance and cost savings.” Contracts are the engine of a business, with 90 percent of spending and investments governed by terms and conditions embodied in them, yet the McKinsey study found that “suboptimal contract terms and conditions combined with a lack of effective contract management can cause an erosion of value in sourcing equal to 9 percent of annual revenues. For Fortune’s 2016 Global 500 companies, this 9 percent would have equaled $2.5 trillion in value.”

Among the recommendations proposed by the McKinsey study is implementation of more rigorous contract review processes that involve cross-functional collaboration between operations and legal teams in order to achieve “greater visibility into existing contracts to enable the organization to write better contracts going forward. A semiautomated, basic screening process involves scanning contracts for keywords and phrases related to performance, value, and selected cost drivers.”

In the case of investigational contract analytics, contract language is important to surface obligations, potential liabilities, choice of law and forum, and representations and warranties in the event of material breach and penalties. Andrew Bartels, a contract life-cycle expert at the industry analyst giant Forrester, refers to this aspect of contract analytics as “who is responsible or liable when things don’t work as planned.”

According to the Institute for Supply Management, a typical Fortune 1000 company manages anywhere between 20,000 to 40,000 active contracts at any given time, at least 10 percent of which are misplaced, difficult to find, still in paper form, or on a file share somewhere, buried in an e-mail attachment, or otherwise unmanaged or forgotten. Unsurprisingly, the general counsel respondents to a Lexis 2018 study demonstrated that more than half of them—53 percent—spent “too much time on repetitive tasks.”

The pressure to adapt to the demands of high-velocity business transactions coupled with an intensely competitive global business environment is transforming how legal services are consumed and delivered. Richard Susskind, in his book Tomorrow’s Lawyers, referenced a confluence of three market drivers that impact the practice of law:

1. The “more for less challenge.” While legal department’s budgets are cut, the demand for increased output is increasing whereby legal departments are “facing the prospect of an increasing workload and yet diminishing legal resources.”
2. Liberalization of legal services delivery. Several jurisdictions now endorse Alternative Legal Service Providers (ALSPs), which could pose a significant competitive threat to traditional law firms. The ALSP market is pegged at $11 billion.
3. Legal expert systems. New AI systems mimic (even if they cannot replicate) human cognitive intelligence and automate tedious and labor-intensive contract review tasks traditionally performed by an army of over-worked lawyers. By way of illustration, JP Morgan developed an automated commercial credit and contracts review AI-based application that can extract 150 attributes from 12,000 commercial credit agreements and contracts in only a few seconds with a high degree of precision—the equivalent to 360,000 billable hours of legal work by its lawyers.

The level of innovation and its transformative impact on the practice of law is unprecedented. As a recent Yale Journal of Legal Technology article warned: “Technological innovation has accelerated at an exponential pace ushering in an era of unprecedented advancements in algorithms and artificial intelligence technologies . . . . [T]o survive the rise of technology in the legal field, lawyers will need to adapt to a new practice of law.”

Looping back to Joshua Walker’s question—“how do we use AI to produce wise contracts?”—the application of AI to contract formation and analysis is not a panacea. Contrary to the dystopian view that AI will replace lawyers, its likely impact will be as a compliment to good and efficient lawyering. One thing is certain, however: as Joshua Walker observes, “AI is fast. AI is cheap and you [as lawyers] are neither.”

Andrew Pery and Michael Simon have been commissioned by the ABA Business Law Section to write a book on contract analytics adoption trends. Please complete a brief survey about your views and use of contract analytics technology. The survey will take less than 20 minutes to complete. Please don’t miss your chance to tell us how you see the future of contracting.

A. Introduction

M&A deal terms originating from Europe are increasingly found in the United States, particularly in the context of cross-border deals. Transactions featuring these deal terms are not yet common, but with the current deal environment, including the prevalence of auctions and increased sell-side private equity activity (both primary and secondary exits), some of these deal terms may eventually become commonplace in the United States. This article focuses on two emerging trends in the United States: the use of Vendor Due Diligence Reports (VDD) and the locked-box mechanism.

B. Vendor Due Diligence Reports

A VDD is typically found in a competitive auction process or a dual-track process (which involves preparing a company for an initial public offering while simultaneously pursuing a third-party sale). The VDD is not a marketing document and differs from a confidential information memorandum in that it objectively and comprehensively describes the target company’s financial and legal situation and discloses issues and risks. This is particularly useful in complex transactions because it helps accelerate the process by providing prospective buyers with more information at an earlier stage.

Of course, the VDD is not without its drawbacks. First, the exercise of producing a VDD can potentially be a source of tension between the client and its advisors, not unlike the auditors and their client in the context of audited financial statements. Second, although the VDD provides several benefits to the seller, including accelerating the bid timeline and helping foster detailed and high-quality indicative bids, one of the significant drawbacks is that it identifies issues that may result in lower bids. In this regard, VDD proponents argue that by disclosing the issues up front, the seller reduces the likelihood of a bid being lowered at a later stage of the negotiations (the rationale being that a sophisticated buyer would likely identify these issues as part of its due diligence and could then attempt to lower its initial bid). Third, the time saved during the accelerated bid timeline is simply shifted to the preparation phase, and the costs associated with a VDD can be significant. In Europe, the VDD can be provided to the prospective buyer and its lenders on a reliance basis, with the accounting or law firm preparing the VDD capping its liability vis-à-vis these third parties. VDDs are increasingly offered by accounting firms in the United States, but they are issued on a nonreliance basis. U.S. law firms generally would not provide any due diligence materials on a reliance basis, and it is unclear whether a law firm would be able to limit its liability, which is permitted in several European jurisdictions. However, European law firms and clients sometimes ask American law firms to provide a due diligence report on a reliance basis, and it may be helpful for the parties to clarify early in the process what the expectation is on this particular point. Please refer to the Report of the ABA Business Law Section Task Force on Delivery of Document Review Reports to Third Parties (67 Bus. Law. 99 (2011)) for an in-depth discussion on this particular issue.

C. Locked-Box Mechanism

The locked-box mechanism originated from the United Kingdom and has been used for years in M&A transactions across Europe, but many American sellers and buyers are still unfamiliar with it. In a nutshell, the locked-box approach removes price uncertainty associated with a post-closing working capital or other similar post-closing adjustment in that the seller and buyer negotiate a fixed price when signing the purchase agreement based on the agreed upon locked-box balance sheet. The locked-box mechanism forces the parties to focus on items such as normalized working capital before signing. Given that the economic interest passes to the buyer as at the locked-box date, the seller will often charge a per diem or (alternatively) interest on the equity value from the locked-box date until the closing to reflect the fact that the seller did not receive the proceeds from the buyer when the economic interest was passed to the buyer. Although concepts such as normalized working capital also apply to closing accounts, the parties sometimes do not focus on it as much as they should before signing and procrastinate until it is time to prepare the closing balance sheet, only to realize that they had not focused on (or agreed to) specific adjustments or normalizations. This lack of focus often results in disputes between the parties, and any claims resulting therefrom would not be covered by representations and warranties (R&W) insurance. The paradox is that the parties secure R&W insurance to avoid post-closing claims, but according to escrow claim studies, claims relating to purchase price adjustments are among the most frequent claims under a purchase agreement. As a result, one of the most “common” risk is one that is not covered by R&W insurance. Although the locked-box mechanism virtually eliminates purchase price adjustment disputes, it can introduce other issues. For one thing, the parties must agree on what constitutes permitted leakage between the locked-box date and the date of closing. An example of such permitted leakage would be arm’s-length, intra-group payments in the ordinary course. The locked box may not be appropriate in all circumstances: a carve-out transaction where assets from different divisions are sold and where there are no financial statements for the carved-out business would be problematic. Finally, agreeing on the locked-box balance sheet may prove to be more difficult in the context of a highly cyclical business, such as a toy business.

D. Conclusion

Although the deal terms described above remain uncommon in America, they are increasingly seen particularly in the context of cross-border deals with Europe. Some of these trends have already migrated to other parts of the world. Given the predictability of the locked-box mechanism and the fact that it virtually eliminates purchase price adjustment disputes, it seems to be the logical complement to R&W insurance, and it is surprising that this approach is not more common in the United States, especially in transactions involving a private equity seller.

In her chapter titled “Artificial Intelligence and the Work of Visionary Boards” from the ABA’s new book Law of Artificial Intelligence and Smart Machines, Anastassia Lauterbach reports that her research has shown that “traditional boards are not sufficiently prepared to address and fully benefit from AI.” Here are some of her findings from the chapter.

Editor, Ted Claypoole

“Before starting with any AI implementation, directors have to understand three facts:

• It is becoming an increasingly obvious fact that certain mission critical business and compliance problems cannot and will not be properly solved without AI, including notably, cyber-security.
• The regulatory environment around AI is in flux. Technology once again is outpacing and out-flanking the legal and regulatory frameworks, creating confusion as well as opportunity.
• Companies must find talent that understands technology, but also has a keen ability to work cross-functionally. Business development and HR executives should rise to new prominence in companies that embrace emerging technologies such as AI.

. . .

There are several market-related factors boards need to understand in order to consider AI within their operational risk management frameworks and strategy oversight.

Technology leaders expect that within the next ten years AI as a stand-alone theme might disappear. It will get embedded into whatever product, service or process a company is designing and/or implementing. There are several market- and customer-related questions a board can ask to evaluate if a company should add Machine Learning components into its products and services. Some of these questions can also support decision making around AI vendors.

Cost to deploy. How much will it cost your customer not just to purchase your technology but also to change from their current solution to the new one? What is a minimum payback period in years in capital expenditures for a prospective customer, or for your company, if a vendor pitches a new Machine Learning solution?

Added-value beyond cost: What value does your Machine Learning-based software offer beyond labor substitution? Better quality, enhanced customer satisfaction, fewer errors, higher performance or throughput, something else?

Conflicting goals within potential customers: The scale at which AI or ML will eliminate or reduce human labor is likely to be significantly larger than any prior technology, resulting in potentially greater resistance. Will the human teams you are selling to lose their jobs as a result of your technology?

Regulatory/compliance issues: What are the current regulatory constraints that might complicate the adoption of your/the vendor’s offering? Besides technical challenges, humans tend to be more forgiving about mistakes made by humans as opposed to those made by AI, which might increase the liability hurdle on people overseeing automated systems.

Cybersecurity issues: The U.S. intelligence community reports that AI actually works in cybercriminals’ favor.[1] Neural networks can be trained to create spams resembling a real email and become an agent for phishing attacks. Fake audio and video files can mimic voice. CAPTCHA bypassing seems to be very easy, exposing digital sign in.[2] Most passwords can be breached with the brute force of Machine Learning. In 2017, the first publicly known example of AI for malware creation was proposed at Peking University in Beijing, when the authors created a MalGAN network.[3]

Industry readiness: Sometimes an industry is just not ready to adopt a new solution because it is highly risk-averse. This occurs primarily in industries that are focused and incentivized on time-consuming activities rather than efficiency through new business models and technologies. An example of this can be seen in traditional utilities. Artificial Intelligence is sometimes incorrectly thought of as a “plug and play” or “black box” solution, when in fact it is not.[4]

Vendors’ dynamics: Boards need to understand how top Internet brands, Machine Learning startups and traditional enterprise vendors compete. So far there are five full-stack AI companies, and all of them are among the global Fortune 10 list of the most valuable companies. These are Alphabet, Apple, Microsoft, Facebook and Amazon. I call these players “full-stack AI companies” as they control the whole technology stack—from semiconductors to devices—from their own platforms to ensure Machine Learning is utilized at every part of their organizations to build AI-powered consumer and business applications. Alphabet, Microsoft and Amazon are competing for dominance in cloud while constantly adding AI offerings. On the other hand, successful machine learning startups have deep domain expertise, and have concrete suggestions on how to solve their customers’ problems within a given legacy IT environment. Traditional enterprise vendors are jumping on the AI bandwagon, though they still have to demonstrate they can differentiate with their ML offerings.”

[1] James R. Clapper, “Statement for the Record. Worldwide Threat Assessment of the US Intelligence Community”, Senate Armed Services Committee, February 9^th 2016.

[2] Suphannee Sivakorn, Jason Polakis, and Angelos D. Keromytis, “I’m not a Human: Breaking the Googe reCAPTCHA”, Columbia University, NY, 2016.

[3]  “Weiwei Hu, Ying Tan, “Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN”, Peking University, Beijing, 2017, arxiv.org.

[4] Daniel Fagella, “AI Adoption – What it Takes for Industries to Change, HuffPost, August 1st 2017.