A plaintiff is seeking class-action status in his lawsuit against Square, the electronics payments company. The facts as alleged are that the plaintiff received treatment from a medical provider who used Square to execute a credit-card payment for the medical service. Inexplicably thereafter, “Square allegedly sent a text message linking to a digital invoice with information about the treatment he received to a friend (of the patient allegedly without authorization).”
I know nothing about what happened with the Square technology, what information to which Square had access from the patient’s credit card, how Square uses the information it garners, or whether Square has access to user’s personal contacts, including their phone numbers. What I do know is that Square most assuredly did not want the alleged event to form the basis of a lawsuit and did not want negative coverage from the news outlets. Worse, as reported in the Wall Street Journal on July 2, 2019, “misfired receipts issued by Square have ruined surprise gifts, spilled secrets, informed spouses of the spending habits of their significant other and unnerved consumers who wonder how stores got their contact information when they don’t remember providing it . . . .”
Self-preservation and stock valuations would seem to dictate that these news reports and lawsuits are not good for business. I believe Square is a good corporate citizen. I also believe Square, like so many other businesses, do not actually know how they handle all of the information to which they have access in every given situation. It is easy to be critical of Square’s alleged failure but much more difficult to be perfect when managing information today because there is so much of it, and it is moving at the speed of light through networks the company does not necessarily own or control.
Most companies are at a tipping point as they collect, grab, mismanage, misdirect, expose, lose, and improperly share electronic information day in and day out with greater downside, and they are not fixing the problem because most businesses do not have a good sense of the electronic information assets in their “care, custody or control.” However, there are constructive measures that businesses can take that won’t break the bank, can add value, and can even be accretive to the bottom line.
This article is meant for every business because every business has information, and every business could be doing a better job at wrangling it.
Why Every Company Should Know More About Its Information
Like any company asset, the company and its executives are remiss if they mismanage any company information asset. That is why every container moving through the global shipping network is tagged, monitored, and essentially babysat so that the owner of the container or its contents—or the truck, train, or ship on which the container sits—know its whereabouts at all times. Similarly, produce growers who sell their products through a major retailer, for example, are using blockchain technology to create an immutable record that travels with the plant from sprout to plate to document provenance and safety. Such technology would allow immediate recall if claims of product adulteration are alleged. Payments to vendors above a certain amount require the approval of higher-level executives who are specifically tasked with managing company assets. Company inventories are generally tightly controlled with sophisticated barcoding and GPS because loss or pilferage impacts the bottom line.
When it comes to managing information assets, however, most companies are not managing information like other company assets, and that must change. After all, information allows the company to better respond to customer needs, plan for the future, and generally advance business while protecting legal interests. That is just the beginning: information is increasingly a commodity that is sold, traded, and transformative for a business. That is certainly worth protecting, but information is still the often-discussed valuable “step-child” to whom companies do not show nearly enough real love.
What Is “Care, Custody, and Control” in 2020?
In the old days before the widespread use of computers, having control over company information was not really an issue. Information existed in paper form at employees’ desks or in banker’s boxes at a storage facility. The proliferation of information was limited to the copy machine, and companies did not really have to worry much about having their information exposed or stolen in wholesale form.
Then came the roaring 1990s with the growth of the internet, e-mail, and networked systems that changed the calculus completely. Information became transportable and easily misdirected or misappropriated. Controlling information was a completely new paradigm. Further confounding matters was that more business processes were outsourced, which meant that third parties working on behalf of companies arguably now had “care, custody, and control” over company information and may have believed that the information was theirs. The move to the Cloud complicated things still further as more and more company information was stored in another company’s servers, and doing business in social media environments meant that evidence of those transactions was “trapped” in someone else’s software and/or hardware. In other words, in this brave new information world, knowing what information is yours, where it is, who else has access to it, and what contracts give others rights to use it has created a completely new challenge.
Six Steps to Take Stock
Not surprisingly, getting a handle on your information assets to take back control is essential, but is not so simple. Businesses should take the following six steps to better control their electronic information.
1. Take an Inventory
The only way to know what information resources a company possesses is by looking. That doesn’t mean that the company can inventory each and every file, but rather use tools (some of which the company likely already owns) to understand what information exists, the business units to which it relates, and the storage locations and servers on which it is parked, etc. What is in the structured databases, and what information resides in unstructured share drive environments? What is the aging and continued use of the data? Do records retention rules allow the information to be disposed? This can do several valuable things. Knowing where your information lives will promote a methodical and less burdensome litigation response and discovery process. Assessing content using analytics tools can help unearth trade secrets and personally identifiable information (PII) that is stored in locations that pose a greater risk of exposure. Mostly, however, knowing what information assets the company possesses and where the information is promotes a better business in various ways.
2. Understand What Contracts Dictate
Every business unit likely has various business relationships with partners and third parties working on behalf of the company. Those relationships likely have been memorialized in contracts, which may delineate who owns the information, what rules apply to it, who can use it and how and with whom it can be shared, what happens when litigation arises, etc. The company should develop a process to understand what contracts exist that implicate company information. Thereafter, the company should develop standardized language for contracts that deal with all relevant information issues, such as access, ownership, responsibilities, and costs in responding to requests for information and so on. Building consistency in contracts through proactive, well-thought-out, boilerplate language will begin to build a better information ecosystem.
There is another contract activity that should be undertaken as well. Companies should know what “agreements” exist between the company and customers or potential customers. If a company tells employees information will not be shared, then the company must comply. Saying the company is complying and making sure everyone is actually complying is a different story. Conduct routine audits to ensure the company and all of its movable parts are following suit. One last thing is that contract language telling nonlawyers about what the company may do with information should be devoid of legalese and should be brain-dead simple. In this environment, saying the customer “waived” his or her right to object to the company selling information because the customer could have reviewed the linked legal language (which is multiple pages of lawyerly drivel) is not prudent.
3. Assess Third-Party Actions
Separate but related to step two is getting a handle on what is being done with your information. Beyond contract language, what third parties have access to or use of your company information? Once it is determined who, it’s important to understand what others are doing with that information. The Facebook/Cambridge Analytica fiasco is a good reminder of why it is important to understand not only what your employees are doing, but also what others may be doing as well.
Additionally, your company should understand what its own employees are doing with other companies’ or individuals’ information inside your company. If a business unit shares information from a partner it did not realize should not be shared, there could be substantial consequences. In other words, your company should be on top of where its information comes from and where it goes at a macro level to help promote less information chaos, mitigate liability, and better its business.
4. Assess What Employees Do in the Company’s Name in the Social World
If your company is like most today, multiple business units are doing real business in various social network or media environments. Maybe it is looking for new hires or marketing products and doing competitive analysis. That is great for business, but invariably the company is parking company information in an environment that is outside its control. The social environments are not inclined to accommodate your information needs and apply your information rules, even if you are paying for their service.
5. Understand Where Employees Park Company Information
With the proliferation of cloud computing and working from home came the reality that company information moves to myriad places without the company knowing. With data loss prevention (DLP) tools and similar monitoring applications, companies increasingly can watch and stop the movement of data leaving it, but the reality is that more and more information is parked outside a company computer by more and more employees for various reasons. Efforts should be undertaken to reign that in through policy and technology to monitor and audit the flow of information.
6. Understand Information Created by IoT Devices
Increasingly, noncomputing devices that assess, collect, or distribute information in many business processes (commonly referred to as IoT) are being added to companies usually without much thought about the information output created. Companies must assess each and every business process that is using an IoT device or appliance and determine what information is collected, by whom, where the information is stored, and who has access to and use of it.
Create an Information Asset Register
Whether it is inventorying databases, understanding what third-party applications are used to conduct business, or applying IoT devices likely transforming your business, keeping track of this organically growing and morphing ecosystem of information is increasingly complex and begs for management. One of the concrete steps companies can take to address the chaos is to centralize the process of sizing up all the information inputs and outflows in an Information Asset Register (IAR). This process will routinize the collection of information, and the IAR will provide a centralized view of all things information that can drive business efficiency and mitigate risk.
Avoiding Things That Explode
The information landscape of most companies looks like the data equivalent of a “yard sale”—stuff everywhere without rhyme or reason; chaos that does not reflect the true value of the objects. What we have learned from so many horror stories is that every company is on the brink of disaster if it does not get its informational act together. Put another way, mismanagement has no upside, loads of downside, and there are ample horror stories to prove it.
For example, Facebook regularly graces the front cover of many news outlets with yet another story of how it is “breaching the public trust” or exposing, selling, or otherwise misusing personal information. Because of prior issues, Facebook must now deal with a steady diet of U.S. and foreign regulators seeking to ensure it is following past agreements and not running afoul of the law anew.
Whether it is a litigation headache with a cloud provider who does not have the technical personnel available to accommodate helping with discovery requests on your tight timeframe, or the inability to find the final contract documenting in an important transaction, information mismanagement is bountiful, inconvenient, and expensive.
The Tale of Two Companies
A client recently realized that it had tens of thousands of information storage tapes on which it had never conducted discovery despite the fact that the company has hundreds of active lawsuits at any given time. That’s a company problem waiting to explode. As the head of an information governance consultancy, we have helped many companies clean up their information chaos, sometimes reactively and sometimes proactively. In the process, we have learned that being proactive is much less costly and painful.
Another client is migrating to Office 365 and rather than move outdated digital data detritus, we helped them clean out the crud. That’s a company taking stock now so that it doesn’t explode later. That same client just finished a project to crawl their share drive environments and e-mail to find and lock down all PII. Although this client used our help, great companies have great employees who can get a lot accomplished with thought, planning, and guidance from their lawyers. In other words, just because cleaning up the past is tough doesn’t mean you can’t or shouldn’t do it.
Conclusion—The Gift That Keeps Giving
If you have had any bad information event, what you quickly realize is that problems tend to be more painful than originally expected. For example, a west coast gas and electric company penalized by the state for failing to properly manage records now has a regulator routinely in the company’s “shorts,” ensuring it takes the necessary corrective action for years to come. Additionally, an attack on the way your company managed information on one occasion can be extrapolated to all situations if the same process and technology is always used. Finally, Facebook is a reminder that breaching the trust of users or customers comes with a heavy price. The court of public opinion is difficult to change, and the last thing your company wants to lose is its customers. Information flows and customers vote with their feet. Take stock now.
Randolph Kahn’s forthcoming book The Executive’s Guide to Navigating the Information Universe will help companies understand the opportunities and risks presented by harnessing and harvesting information.
The Equal Credit Opportunity Act (ECOA) was one[1] of the seminal anti-discrimination standards set in the lending/credit industry. It set the standard for preventing discrimination in lending. When it was enacted, ECOA was meant to offer similarly qualified borrowers equity in lending transactions regardless of race, color, marital status, age, religion, sex, or national origin. Before ECOA, lenders, who held the reigns on financing, could easily turn away a black family or an unmarried woman simply because they wanted to.
Today, we might be surprised if a lender were openly violating ECOA. Or not.
Despite the longevity of the lending discrimination laws, traditional lenders have had trouble discerning when something is a reasonable and lawful lending criterion and when it is not. For example, a large national bank entered into a $5 million dollar settlement with a federal regulatory authority when it denied loans to pregnant women.[2] Another paid $54 million for charging black and Hispanic borrowers higher fees than similarly situated white borrowers.[3]
Some businesses have taken a different approach to lending. Instead of relying solely on traditional lending and risk characteristics, these lenders consider traditional lending criteria such as income and credit scores, nontraditional criteria like college attended, or some mixture of the two, using machine learning techniques to correlate these criteria with lending risk. The trend has caught on and more and more fintech lenders and fintech partnerships are entering the market each year.
And why not? If traditional lenders, with years of experience in underwriting and with rigorous compliance controls, sometimes fail at complying with fair lending standards, might there be another way? Perhaps.
One of the most discussed impacts of fintech has been on who is able to receive credit. Unburdened by the many risk requirements of traditional lenders, fintech companies and partnerships are able to extend credit to a wider variety of people, offering credit access to the underbanked[6] and creating opportunities for profit in markets that may not be accessible to other financial institutions.[7]
Although the possibilities for reaching a greater diversity of customers seems limitless, financial institutions and credit providers that use complementary data and artificial intelligence (AI) must consider state and federal consumer protection laws when they use novel technologies and criteria for lending.
AI and Lending
In particular, using alternative criteria and AI for credit decisions can violate fair lending laws, even when the criteria used in the credit decision is not based on a protected class, such as race, gender, religion, or marital status. Federal regulators have been honing in on instances of discriminatory lending based on alternative lending criteria and unconventional lending programs, exposing organizations to systemic operational changes and substantial regulatory costs.
There are ways to avoid regulatory risk and still reach underserved markets when using alternative lending models; however, it helps to understand how they work in order to craft salient, useful questions when working with a client’s computing and data professionals. Understanding machine bias and how AI can go wrong is the first step. Understanding what regulators are looking for when considering alternative data is the second. This information, taken together, will assist attorneys who advise lenders that are using expanded data and/or machine learning to make credit decisions.
What Is Bias, Anyway?
Data scientists use the term “bias” or “prediction bias” to refer to a program’s inability to accurately reflect the reality that it is supposed to measure.[8] When financial regulators refer to bias caused by AI systems, the term refers to results prejudiced against a protected group.[9] The concept of prediction bias, which refers to the way a program works, and of discriminatory bias are somewhat linked, and in many cases have similar causes, but prediction bias is morally neutral, whereas discriminatory bias is not.
A machine learning model is the way certain computer programs seek to categorize and connect things. A model can be used to determine the risk of flooding in a Florida city or the likelihood that a borrower will pay back a loan. The things that models seek to categorize are called “examples,” and models categorize the differences between examples based on the relationships between known characteristics called “features” and unknown characteristics called “labels.”
For instance, if we want to build a machine learning model to help us decide whether to advance funds to a borrower based on the borrower’s income, address, and FICO score, the borrower is the “example”; the income, address, and FICO score are the “features”; and the likelihood that the borrower is an acceptable credit risk is the “label.” The model created will provide a representation of the relationships between the features and the labels based on the data it has, but that representation will not necessarily create accurate predictions when presented with new information.
A model can fail in one of two ways. A model with high “variance” is a model that captures the relationships in training data rather well, but fails to translate that knowledge to new information. A model with high “bias” is one that fails to do a good job of capturing the relationships at all. In general, a high bias model results from using the wrong programming technique for the specific task, but can also be caused by poor data selection. Poor data selection also leads to models with high variance.
It’s All about Data and Critical Thinking
When data scientists are talking about “data bias,” they are talking about errors in selecting data that lead to both high bias and high variance models. The data scientists are focused on selecting the appropriate data in order to obtain more accurate results from the models.
When regulators are discussing bias, they are concerned with preventing models from making decisions based on the protected characteristics of the people involved. From a fair lending perspective, a machine learning model that causes a bank to deny loans to more women than men would be improperly biased, whereas a model that denies loans equally to both groups, but does an equally poor job for both groups, is not.
When working with organizations that use data and AI in lending, it’s important to connect the dots that the data set might not. This is the time to use both common sense and critical thinking to consider what relationships might not be apparent to a model. This is especially important as data sets expand beyond the traditional income, debt-to-income ratio, and credit scoring systems on which many institutions have relied for years.
The FDIC recently commissioned a paper on the use of digital footprints in lending determinations, and the CFPB issued a set of “principles” meant to ensure that consumers remain protected as AI and the data it uses becomes more commonplace. Both of these publications show that regulators have a keen interest in continuing to ensure that lending remains fair without regard to the data used to make lending decisions. More aggressively, the state of New York has introduced a bill that specifically prohibits the use of certain types of data in lending models.[10]
As we have noted above, data bias and discriminatory bias are usually caused by poor data selection. As an advisor to organizations that use data, the best counsel that you can offer is to connect the relationships that your programming team may not be able to from the data alone. Below, we discuss steps for advising AI lenders how to overcome common data issues that can lead to fair lending problems.
Again, in most cases, discrimination in a model is caused by problems in data collection and “feature” selection (picking the types of information that will go into a model). In other words, avoiding discriminatory bias requires an understanding of the processes used to avoid data bias in building machine learning models.
The following four data collection problems can impact a lender’s model: use of a prohibited feature, use of correlated features, selection bias, and imbalanced data sets. To illustrate the manner in which these issues can arise, let us visit our fictional lending organization: XYZ Online Loans. XYZ wants to use information about potential borrowers to decide whether to extend credit.
Data Problem 1: The Use of Prohibited Features. A bank is prohibited from making a decision about whether to extend credit based on the borrower’s sex, so the borrower’s sex is a prohibited feature.
Lawyer Answer: Sex is obviously only one protected characteristic under U.S. fair lending laws. Ensure that those programming or writing machine learning models understand that features that implicate sex or any other protected characteristic should not be used in the model itself. It is not as simple as “sex” or “race.” Consider the Department of Housing and Urban Development’s (HUD) recent suit against Facebook, where organizations could market ads that avoided people with an interest in childcare. HUD charged that this was discrimination on the basis of familial status. In addition, consider a model that uses higher education as the basis for determining borrower risk and whether higher education may ultimately exclude borrowers unfairly based on age, race, or national origin.
Data Problem 2: Correlated Features. XYZ’s model has analyzed borrower loan histories and discovered that borrowers with long hair have a .1 percent default rate, whereas those with short hair have a .2 percent default rate. However, 70 percent of the borrowers with short hair are male. Hair length correlates with sex, the prohibited feature.
Lawyer Answer: Identifying the features that actually cause defaults and using those features to build models will generate better models. When a potentially usable feature correlates to sex, using that feature can improperly bias the model based on sex. Even though hair length might be a potential feature from a purely statistical point of view, sex remains a prohibited feature. Correlation, which occurs when one measure changes value in step with another measure, does not imply causation. Unless a causal connection between hair length and default rates can be established, the feature should not be used for analysis purposes. Even if some causal relationship exists, care should be taken to normalize the data to avoid indirectly making credit decisions based on sex.
Data Problem 3: Selection Bias. Selection bias occurs when insufficient attention has been paid to the sources of data. Selection bias is a term that encompasses a number of potential errors.
Assume, for example, that a lender is building a machine learning model based on historical information showing the results of prior lending decisions. The bank has two branches. One branch services a neighborhood where many of the residents are single. The second branch services a neighborhood where many of the residents are married, but the loan officers at that branch tended to reject most loan applications from married applicants. A machine learning model built on this data may, in considering borrower location, discriminate against married applicants because it will embed in its decision structure the prior biases of the loan officers. This is selection bias.
Similarly, consider a lender that builds a model based solely on data collected about users through the bank’s app. If members of a particular age group are more likely to bank in person at a branch, rather than use the app, the model will not reflect their behavior accurately and might discriminate against them. This is also selection bias.
Lawyer Answer: Consider the source! Selection bias is avoided primarily by spending additional time and effort reviewing the sources of data used to build the model, analyzing that data for inherent bias, and understanding the business processes used to create that data. Advising your client to include various business departments and a diverse selection of individuals when reviewing the data set will help identify potential issues. This is also an excellent time to review the testing, policies, and practices used in underwriting decisions to ensure that your client is not building on a shaky or discriminatory lending foundation.
Data Problem 4: Imbalanced Data Sets. Imbalanced data sets occur when machine learning models lack a complete data set. For a successful model, there must be a large amount of data. When a certain group is underrepresented in the sample, predictions relating to that group will be less accurate. If a model is built on a dataset that contains little information about people who are Asian American, the resulting model will do a poor job of decision making when a potential borrower is Asian American. A lender using a model built with insufficient information about Asian American borrowers will end up denying them loans when they would have received a loan had they belonged to another race.
Lawyer Answer: Dataset imbalance is addressed by identifying the important categories of data within the set and remedying the imbalance by collecting additional data so that all groups are well represented, or building out synthetic data to help the model generate better results. When advising your client, take the time to ensure that they are holistically considering the content of the data. If the data cannot be found with features that include all potential borrowers, it’s time to pause and consider why and what that might mean about the quality of the data.
Ultimately, the best way to advise your fintech and AI clients is to understand where the processes begin. They begin with data. A model is only as useful as its data. Whether you are serving the underbanked or trying to open up to borrowers working in a gig-economy, the quality of the data and an understanding of relationships will be key. Advising clients on relationships and counseling them toward more thorough and complete data sets is one of the best ways to counsel them for the future of fair lending.
[1] For a more in-depth discussion of other applicable fair lending laws, like the FCRA and the Civil Rights Act of 1964, read this FTC report.
[4] A brief discussion of the ways that data is being used in lending. We are not discussing the types of data used here, however, we’re offering tips for advising organizations that DO use these types of data. https://www.npr.org/sections/alltechconsidered/2017/03/31/521946210/will-using-artificial-intelligence-to-make-loans-trade-one-kind-of-bias-for-anot
[5] Upstart, a fintech lender based in California, successfully received a “no-action letter” from the CFPB in exchange for providing the regulator with ongoing information about its AI/ML loans.
[6]The CFPB’s Office of Research conducted a study of how many Americans were underbanked and unbanked, calling such people “credit invisibles.” These demographics are often correlated to age and race, which is useful to remember when considering how to structure data sets for marketing to these communities.
[7] A discussion of the underbanked and underwriting in China and beyond can be found here.
In June 2019, Canada’s Standing Senate Committee on Banking, Trade and Commerce (the Committee) released its report on open banking, entitled “Open Banking: What it Means for You” (the Report). Open banking has gained popularity in several countries in recent years, including the United Kingdom and Australia, yet Canada has lagged behind.
The purpose of the Report was to analyze the benefits and issues surrounding open banking for Canada and how the Canadian federal government should regulate open banking. The Report calls for, among other things, swift action on the part of the Canadian federal government to advance a secure open banking framework.
What Is Open Banking?
Open banking is a framework that gives individuals control over, and access to, their financial data. The Report notes that in most countries, open banking consists of two elements: (1) financial data portability (the ability of consumers to direct that their personal financial information be shared with another organization); and (2) payments initiation (the enabling of payments directly from a bank account using a smartphone app as an alternative to credit- and debit-card payments).
Open banking allows individuals to securely and easily transfer and share data held by their financial institutions with third parties, such as other financial institutions and fintech companies. These third parties can then use this information in the provision of its services to that individual. This ability to easily transfer financial information among entities means that consumers can easily move from one financial institution to another. In addition to this, open banking removes some of the friction surrounding mortgage applications or loans, allowing an individual to instantaneously grant a lender temporary access to specific financial information about her or him that is relevant to the mortgage/loan application.
A formal review of open banking was announced by the Canadian federal government in the 2018 federal budget, and an advisory committee was established by the Minister of Finance in September 2018. A consultation paper was released in early 2019 based on some submissions to the advisory committee, and a more formal report is anticipated this year.
The Report and Recommendations
In the Report, the Senate found that individuals presently face significant difficulty in accessing and sharing their financial data and have little control over this data. The Report also found that the rapid adoption by Canadian consumers of new banking technologies (e.g., roboadvisors) has created an impetus for fintechs to be able to access consumer data “easily and seamlessly”.
The Report commented on current practices used by an individual to grant financial services providers access to his or her financial information and the associated privacy risks. One such practice for facilitating data sharing is “screen scraping.” This requires users to provide third-party financial service providers with login credentials for the user’s online banking platform. This allows these third-party service providers with access to extract user transactional and financial information. This approach is fraught with risks for the consumer, however, including the inability to limit further access to user’s financial information and identity fraud and cybersecurity risks. Open banking would be able to overcome this in that the individual can limit the amount and types of financial information to only what is needed to provide the relevant services.
To address the above concerns and to address the need for a strong open banking framework, the Committee makes ten recommendations. These recommendations include:
Fund consumer research. The Committee recognized that although benefits to consumers were discussed, scant research on consumer attitudes toward open banking has been conducted. A key recommendation is to fund consumer advocacy groups for this purpose.
Name an interim oversight body. The report recommends that the Financial Consumer Agency of Canada (FCAC) be named an interim oversight body to monitor screen scraping and open banking in Canada.
Develop a framework for regulation. Led by industry and based on guiding principles, a framework to regulate open banking should be developed to govern the implementation of open banking.
Develop an accreditation system. Provide registration for third-party providers and tools for innovation for those providers to develop technology.
Reform privacy laws. The report recommends reforming the Personal Information Protection and Document Act to become more closely aligned with global standards of privacy.
Payments modernization. As the open banking framework is developed, the government should work with industry experts in payment modernization.
Conclusion
The Report is a call for clear, decisive action toward open banking in Canada. Although some of the recommendations are long-term in nature, the need to protect people’s privacy is pressing, and the problem is clearly defined.
With the upcoming federal election in October 2019, open banking is unlikely to be implemented rapidly, but with attention on the issue from both Houses of Parliament, there is reason to be optimistic that change is around the corner.
Insurance coverage is an important, but sometimes overlooked, component of any M&A transaction. Many deal lawyers have a working knowledge of directors and officers insurance and how to protect businesses and decision makers in the event of a claim, but oftentimes insurance issues take a back seat to other aspects of transactions. As In re Glasshouse Technologies, Inc and other cases show, however, the devil is in the (insurance) details, and companies should not assume that the status quo will be preserved or that existing policies will offer adequate protection for current or future liabilities after closing. This article presents a brief overview of key insurance coverage issues to consider when structuring M&A deals to mitigate risk and maximize short- and long-term recoveries should a claim arise.
1. Change in Control
One of the first insurance questions to ask is whether the particular deal or financial restructuring triggers a “change in control” under the company’s current D&O policy, which typically includes an acquisition, merger, consolidation, or sale of more than 50 percent of assets. Whether this provision is triggered and, if so, when the change in control occurs matters because D&O policies will provide coverage only for wrongful acts that occur before the change in control occurs.
The change in control provision may also include conditions requiring that the company provide notice to the insurer within a certain amount of time to preserve coverage for the restructured entity. As with most insurance issues, the question of change in control is highly fact-specific and depends on the policy language and the details of the deal. For example, a series of sales to different entities may trigger a change in control if the buyers are acting in concert, even where no transaction involves more than 50 percent of the company’s assets. Parties also may assume that if the reorganization or asset sale takes place as part of bankruptcy proceedings (typically Chapter 11), then the change in control provision is automatically triggered. However, some policies turn on whether there is an appointment of a trustee, receiver, or similar entity, which does not always occur.
2. “Runoff” and “Tail” Coverage
Deals often involve runoff and tail coverage, which depend on the policy’s change in control provision and the effective date of the deal. If a change in control provision is triggered, it typically converts the existing D&O coverage to “runoff,” which means that claims based on conduct after the change in control are no longer covered and that claims based on pretransaction conduct are covered through the end of the policy period. “Tail” coverage extends coverage for claims based on pretransaction conduct, usually for several years, and is available through endorsement (either automatically or by request, typically subject to payment of an additional premium).
Runoff and tail coverage terms generally turn on whether the claims are based on conduct before or after the transaction’s effective date, but as the GlassHouse Technologies case shows, policyholders should not assume that the terms and conditions of those coverages will remain the same. The dispute in GlassHouseTechnologies involved a broker’s alleged errors in procuring tail coverage in connection with sale of GlassHouse’s U.S. consulting business, which the broker viewed as potentially triggering the change in control provision in GlassHouse’s existing D&O policy. To avoid any gap in coverage for pretransaction conduct, GlassHouse purchased tail coverage by endorsing the policy, but as GlassHouse later learned, the tail coverage endorsement not only extended the reporting period for several years, it also reduced the limits for the remainder of the initial policy period from $15 to $5 million. As a result, when one of GlassHouse’s creditors asserted claims against the company’s directors and officers shortly after closing during the initial policy period, those claims were subject to substantially reduced limits. The parties became embroiled in litigation regarding the actions of the broker in modifying the existing limits as part of the tail coverage endorsement.
3. Preserve Existing Insurance Assets
A surviving entity might not assume all existing liabilities of the company it is acquiring. In structuring M&A deals, buyers and sellers alike should be aware of the potential adverse impact limited transfer of liability (or assets) may have on the surviving entity’s ability to access historic insurance assets or trigger coverage for legacy liabilities arising from pretransaction conduct. The right to claim coverage under legacy insurance policies may be extinguished if the liabilities of the policyholder were extinguished in a merger or acquisition.
The BCB Bancorp v. Progressive Casualty Insurance case illustrates this problem. In BCB, an insurance carrier withdrew its defense of a bank’s premerger shareholder class-action lawsuit on the grounds that the directors’ and officers’ rights under the policy terminated when the policyholder dissolved and was consolidated with the surviving entity via a statutory merger under New Jersey law. The court rejected the insurer’s argument based on the lack of an exclusion in the policy preventing transfer of rights to a surviving entity under the New Jersey merger statute. As the BCB case shows, the potential impact of M&A deals on D&O insurance depends not only on the policy language and terms and structure of the deal, but also on applicable state law. Another related issue is whether the insurance assets necessary to respond to a current or future claim were transferred in the deal.
4. Coverage for the Deal
Parties must assess a deal’s impact on existing and future insurance policies, but there also may be ways to mitigate risk by purchasing insurance coverage for the deal itself. The most common example of this is representation and warranty (R&W) insurance, which protects a buyer or seller from losses arising from inaccurate representations or warranties made by the seller or target companies during the merger, acquisition, asset sale, or other transaction. A buyer-side R&W insurance policy, for example, protects the purchaser by paying losses if the target company presents inaccurate information, such as by misrepresenting or failing to adequately disclose a particular liability. These protections can often fill in the gaps if a seller offers little or no seller indemnity in the deal and provide a useful alternative to the traditional indemnity protections. Other types of deal-specific insurance (such as an environmental policy for a particular liability) may be available to mitigate risk.
Takeaways
With all of these issues, the particular risks and potential protections afforded by D&O and other insurance policies are dependent on the terms of the deal, the existing or contemplated policy language, the type of claims giving rise to coverage, and numerous other individualized issues (e.g., financial resources, risk appetite, business needs, applicable state law, etc.). As the GlassHouse and BCB cases show, there is no one-size-fits-all approach or foolproof checklist when it comes to M&A deals and insurance. Involving experienced coverage counsel, however, can help address important insurance issues, mitigate risk, and maximize potential recoveries. The time to do that is early in the deal process before due diligence concludes, the parties become entrenched, and the pressure to close increases.
Under 42 U.S.C. § 405(h), no plaintiff may bring a claim arising under the Social Security Act under 28 U.S.C. §§ 1331 and 1346 until they have exhausted administrative appeal remedies (the Exhaustion Requirement). The latter provisions provide federal jurisdiction for district courts related to federal questions and contract claims against the United States, respectively. But bankruptcy courts exercise federal jurisdiction under 28 U.S.C. § 1334. Thus, relying on the plain text of section 405(h) in a bankruptcy adversary proceeding, the Fifth Circuit held that bankruptcy courts are not barred from exercising their jurisdiction under section 1334 to hear Social Security claims. Benjamin v. United States (In re Benjamin), No. 18-20185, 2019 WL 3334653 (5th Cir. July 25, 2019). Given that this bar applies to healthcare companies operating in the Medicare Program pursuant to 42 U.S.C. § 1395ii, the In re Benjamin decision is important for healthcare entities filing for bankruptcy protection.
Benjamin’s Adversary Proceeding Against the Social Security Administration in Bankruptcy Court
The SSA determined that it had overpaid Benjamin by nearly $20,000 and was withholding $536 per month from Benjamin’s Social Security check. Benjamin filed for chapter 7 bankruptcy. To demand the return of money that the SSA collected from him, Benjamin initiated an adversary proceeding against the SSA. The bankruptcy court granted the SSA’s motion to dismiss, however, and the district court affirmed. On appeal to the Fifth Circuit, the sole issue was whether the bankruptcy court had jurisdiction to hear Benjamin’s claims.
Circuit Split: 3d/5th/9th Versus 11th
Courts of appeals are split on whether section 405(h) bars bankruptcy jurisdiction under section 1334. When enacted in 1939, section 405(h) referred to 28 U.S.C. § 41, which contained virtually all jurisdiction for federal courts, but Congress later adopted revised language that refers to only two kinds of jurisdiction for federal courts. In a neighboring section to the revised section 405(h), Congress characterized the changes as “technical.”
In addressing bankruptcy jurisdiction in this context, the Eleventh Circuit followed the reasoning of the courts of appeals that have held that the Exhaustion Requirement applies in diversity jurisdiction cases (which arise under 28 U.S.C. § 1332), which is also not expressly mentioned in section 405(h). Fla. Agency for Health Care Admin. v. Bayou Shores SNF, LLC (In re Bayou Shores SNF, LLC), 828 F.3d 1297 (11th Cir. 2016) (citing Midland Psychiatric Assocs. v. United States, 145 F.3d 1000 (8th Cir. 1998); Bodimetric Health Servs., Inc. v. Aetna Life & Casualty, 903 F.2d 480 (7th Cir. 1990)). In Bayou Shores, the Eleventh Circuit explained that it relied on the recodification canon to hold that the Exhaustion Requirement also applies to bankruptcy jurisdiction. Courts will not presume, under this canon, that Congress intended a substantive change without a clear indication otherwise. To that end, the Eleventh Circuit found that Congress did not intend to alter the substantive scope of section 405(h).
Two circuits have more complicated precedent related to the Exhaustion Requirement. The Third Circuit has held that the Exhaustion Requirement applies to diversity jurisdiction, see Nichole Med. Equip. & Supply, Inc. v. TriCenturion, Inc., 694 F.3d 340 (3d Cir. 2012), but does not apply to bankruptcy jurisdiction, see Univ. Med. Ctr. v. Sullivan (In re Univ. Med. Ctr.), 973 F.2d 1065 (3d Cir. 1992) (“Thus we agree with the Ninth Circuit that ‘where there is an independent basis for bankruptcy court jurisdiction, exhaustion of administrative remedies pursuant to other jurisdictional statutes is not required.’”).
The Ninth Circuit has also held that the Exhaustion Requirement applies to diversity jurisdiction, see Kaiser v. Blue Cross of Cal., 347 F.3d 1107 (9th Cir. 2003), but does not apply to bankruptcy jurisdiction, see Sullivan v. Town & Country Home Nursing Servs., Inc. (In re Town & Country Home Nursing Servs., Inc.), 963 F.2d 1146 (9th Cir. 1991). Unlike the Third Circuit, the Ninth Circuit has recognized this inconsistency and explained that it is because bankruptcy jurisdiction is unique. SeeDo Sung Uhm v. Humana, Inc., 620 F.3d 1134 (9th Cir. 2010) (“But upon closer reading, Kaiser and In re Town & Country can be reconciled. In re Town & Country’s reasoning relies almost exclusively on the special status of § 1334’s “broad jurisdictional grant over all matters conceivably having an effect on the bankruptcy estate. . . .” Thus, its reading of 42 U.S.C. § 405(h) can reasonably be understood to apply only to actions brought under § 1334, while not bearing on the relationship between § 405(h) and other jurisdictional provisions such as § 1332.” (citations omitted)).
The Fifth Circuit relied on the plain reading of section 405(h) to reach the conclusion that the Exhaustion Requirement does not apply in bankruptcy courts. The Fifth Circuit concluded that the intent of Congress may be found in places other than a neighboring section in the Statutes at Large. Indeed, the Fifth Circuit contended that the actual words of the new provision are the most obvious source of congressional intent. And given that the statutory text failed to mention a bar against bankruptcy courts from exercising jurisdiction to hear Social Security claims, the Fifth Circuit refused to find that such a bar existed.
Conclusion
The Fifth Circuit joins the Third and Ninth Circuit to deepen the circuit split over whether bankruptcy courts have jurisdiction over Social Security and Medicare claims. For a more in-depth discussion, see Samuel R. Maizel & Michael B. Potere, Killing the Patient to Cure the Disease: Medicare’s Jurisdictional Bar Does Not Apply to Bankruptcy Courts, 32 Emory Bankr. Dev. J. 19 (2015).
After months of speculation, California’s largest utility, Pacific Gas and Electricity Corporation (PG&E), filed for protection under chapter 11 of the U.S. Bankruptcy Code on January 29, 2019. In the papers filed by the debtors, the affidavit in support of the filing, sworn out by Chief Financial Officer Jason P. Wells, aptly captured the reasons the company had given for the exigent filing: “[t]he chapter 11 filings were necessitated by a confluence of factors resulting from the catastrophic and tragic wildfires that occurred in Northern California in 2017 and 2018, and PG&E’s potential liability . . . made it abundantly clear that PG&E could not continue to address . . . claims and potential liabilities in the California state court system, continue to deliver safe and reliable service to its 16 million customers, and remain economically viable.”[1] The estimates for PG&E liability due to the wildfires, as reported by the company to the Securities and Exchange Commission through its January 14, 2019 Form 8-K, could exceed $39 billion.[2] California state fire investigators reported on January 20, 2019, that the devastating Sonoma county 2017 wildfire, known as the Tubbs fire, originated from a private electrical system and not by PG&E.[3] That brief respite was not enough to turn the tide, as a combination of heavy criticism from the public, regulators, the state’s newly sworn in governor, and the specter of liability from the other wildfires that had plagued the utility, buoyed the decision of PG&E to seek bankruptcy protection.
Since the filing, the utility has been connected with devastating fires in Northern California in 2015, 2016, 2017, and 2018, and the 2016 Ghost Ship Fire in Oakland.[4] Federal District Court Judge William Alsup has authority over PG&E, resulting from a 2016 felony jury conviction of the company that arose out of the San Bruno explosion of a PG&E gas pipeline, which killed eight people and destroyed 38 homes.[5] Judge Alsup recently ruled that the utility follow new safety standards in the wildfire mitigation plan submitted by PG&E to state regulators.[6] He had issued an earlier order to show cause requesting that the utility demonstrate why its conditions of probation should not be modified and much stricter standards imposed.[7] Several official committees authorized by 11 U.S.C. § 1102(a) have been appointed in the bankruptcy case,[8] including an official committee of unsecured creditors[9] and an official committee of tort claimants,[10] the latter to protect the rights of the victims of the wildfires.
Equity Holders Unconvinced
Not everyone was enthusiastic about the filing. Hedge fund BlueMountain Capital Management LLC, which holds a significant position in the utility, challenged the company’s decision to file for chapter 11 protection in two very public letters primarily on the grounds that the company was solvent. In the second letter, the hedge fund, which holds up to 11 million shares of the total 528 million PG&E shares, noted that “[y]ou have publicly stated that bankruptcy is in the best interests of all stakeholders. But you have failed to articulate a single cogent reason for why it is beneficial to any stakeholder.”[11] BlueMountain, undeterred by the pending chapter 11 filing, sent a letter to shareholders on January 24, 2019, announcing that it would be putting forth a completely new slate of directors to oust the current board.[12] The fund punctuated its sentiment toward the current PG&E leadership in the letter, stating, “[t]he Current Board has not only failed the Company and its shareholders; it has failed its customers; it has failed its employees; and, it has failed the people of California.” BlueMountain followed up with a March 1, 2019 statement that it selected 13 new board candidates from which it would ask other shareholders to elect as the new PG&E board at the company’s May 21 annual meeting.[14] PG&E has responded by announcing it will put forward five new board members and that the majority of its board would be independent directors by the date of the annual meeting.[15]
California State Government Response
California Governor Gavin Newsom was sworn in to office on January 7, 2019, and was immediately thrown into the PG&E crisis.[16] On February 12, 2019, Governor Newsom created a “strike team” of advisors, including bankruptcy lawyers and financial advisors.[17] The governor has given the strike team 60 days to provide a strategic plan to ensure continued and interrupted service, provide for the victims of the wildfires, protect workers, and protect consumers.[18] In late August 2018, the California legislature passed Senate Bill 901 (SB 901), and Governor Brown signed the bill into law on September 21, 2018.[19] SB 901 was part of a broader proposal that was intended to prevent PG&E’s bankruptcy filing. Although the legislation allowed for several reforms that were designed to alleviate some of the pressure on investor-owned utilities, the biggest and most controversial measure was to eliminate strict liability for utilities for fires caused by the equipment of investor-owned utilities. The elimination of strict liability, known as reverse condemnation, was dropped from the bill. SB 901 was signed with provisions allowing investor-owned utilities like PG&E to file with the California Public Utilities Commission to recover costs retroactively from the 2017 wildfires; establishing a new standard for determining costs that investor-owned utilities can recover beginning in 2019 for wildfire liabilities; and expanding requirements for wildfire mitigation plans. However, these measures were not enough to deter the PG&E decision to file chapter 11. On January 22, 2019, PG&E announced it had secured $5.5 billion in debtor-in-possession financing consisting of a $3.5 billion revolving credit facility, a $1.5 billion term loan, and a $500 million delayed draw term loan facility.[20]
The Star Crossed Universes of Bankruptcy Law and Energy Regulation
In the midst of this crisis, there is a complex intersection of the objectives of the reorganization of the utility and a web of regulators with different, and potentially contravening, policy objectives. PG&E is regulated by both the California Public Utility Commission (CPUC) and the Federal Energy Regulatory Commission (FERC). Many of the state issues revolve around the passing on of the utility’s liability to consumers, as well as particular renewable policy objectives of the State of California. The fight in the bankruptcy court to relieve the debtor of some of its regulatory burden also pits the less stringent standard of the debtors’ business judgment against the standard used by FERC regulators, which determines whether the requested regulatory action is in the public good.
As noted above, one of the biggest state regulatory issues is inverse condemnation. Inverse condemnation is the application of strict liability, imposition of liability for damages, whether the company acted negligently or not, if the utilities equipment causes damage, like the damages resulting from the California wildfires. Thus, if investigators find that a utility’s equipment, such as PG&E’s, was responsible for the havoc wreaked by the wildfires, that liability is passed directly onto consumers in the form of higher rates. This is not the first time consumers have borne the brunt of the utilities’ operations and legal troubles. PG&E previously filed for chapter 11 protection in 2001 due to the energy crisis, and their bankruptcy was the third-largest chapter 11 in U.S. history at the time.[21] PG&E exited chapter 11 three years later,[22] with customers paying higher rates to help repay $13 billion owed to creditors estimated at around $1,300 to $1,700 per customer.[23] SB 901’s mechanism for recovery of the costs of the earlier wildfires is to pass those costs on to customers through bonds. The law does not allow the bonds to be used to address liability post the 2017 wildfires. The camp fire, which killed 86 people, caused damages estimated between $10 billion to $16 billion and surpassed the damages from the 2017 Tubbs Fire, [24]would not be covered by SB 901’s bond relief provisions.[25]
The State of California also has a renewable energy initiative which has impacted PG&E through power purchase agreements and other state policy initiatives. A power purchase agreement (PPA) is a legal contract between an electricity generator (provider) and a power purchaser (buyer, typically a utility or large power buyer/trader). Contractual terms may last anywhere between five and 20 years, during which time the power purchaser buys energy, capacity, and/or ancillary services, from the electricity generator. The debtors have reported that they have PPAs in the aggregate amount of $42 billion.[26] The utility also reported that their PPA obligations are three times the 2017 gross revenues of PG&E and are the total undiscounted future obligations under PPAs approved by the CPUC.[27] The majority of the energy purchase obligations are tied to renewable energy requirements set by the State of California.[28] The debtor has been working with the CPUC to reduce its obligations under various aspects of the state’s regulatory regime, including requirements under the state’s Renewables Portfolio Standard Program, which requires a certain level of renewable energy purchases. [29] The state also requires PG&E to enter into energy storage contracts to further California’s renewable energy policy initiatives, and the utility has financed the construction of thousands of renewable energy generation resources.[30] The debtors have complained that many of the PPAs are at above-market rates and because of the tremendous investment by PG&E in the renewable energy market, their competitors both receive the advantage of lower rates resulting from that investment and PG&E is shut out from the market rates because of the state mandated PPAs.[31] The utility has been working with the CPUC toward relief from the regulator’s requirements in light of its current liabilities and chapter 11 filing.[32]
NextEra Energy, among other renewable energy companies, has several subsidiaries selling renewable power to the debtor and has asserted their rights in both bankruptcy court and through filings with the FERC, beginning with a request on January 18, 2019, to block the utility from amending or rejecting their PPAs with the debtor.[33] On January 25, 2019, the FERC held, “[w]e conclude that this Commission and the bankruptcy courts have concurrent jurisdiction to review and address the disposition of wholesale power contracts sought to be rejected through bankruptcy.”[34] The debtor has filed an adversary proceeding complaint in the bankruptcy court seeking to determine through a declaratory judgment (i) that the bankruptcy court has exclusive jurisdiction over the debtor’s rights to reject certain executory PPAs or other FERC regulated agreements, (ii) that the FERC does not have concurrent, or any, jurisdiction over the PPAs, and (iii) that either the automatic stay under section 362 of the U.S. Bankruptcy Code applies, or that the court enter into a preliminary and then permanent injunction to enjoin any action before the FERC related to the debtor’s ability under the Bankruptcy Code to eliminate their obligations under the PPAs through its power to assume or reject executory contracts under section 365.[35] On February 15, 2019, the FERC filed Defendant Federal Energy Regulatory Commission’s Response In Opposition To Debtors’ Motion for a Preliminary Injunction and Motion to Dismiss in which it strongly reasserted its sole jurisdiction over the debtors’ PPAs.[36] FERC has argued that once a rate, in this case the PPAs, has been approved by the commission, the terms, particularly the rates, are not private contracts, but creatures of the commission’s authority and can only be modified by petitioning FERC.[37] The court has scheduled a hearing on the preliminary injunction for April 10, 2019.[38] This is unlikely to be the last dispute, jurisdictional or otherwise, between the desire of the debtor to reorganize under chapter 11 and the varied constituencies with a keen interest in the fate of the utility.
[1]See Doc. No. 263, p. 3 of 166, Amended Declaration of Jason P. Wells in support of First Day Motions and Related Relief.
[5]See Doc. No. 961, Order to Show Cause, United States of America v. PG&E, No. CR 14-0175 WHA (N.D. Cal. 2019). PG&E was convicted for six felony counts of knowingly and willfully violating safety standards and obstructing an investigation by the National Transportation Security Board.
[6]See Doc. Nos. 975 and 976, Response to Order to Show Cause, United States of America v. PG&E, No. CR 14-0175 WHA (N.D. Cal. 2019).
[7]See Doc. No. 992, Order to Show Cause, United States of America v. PG&E, No. CR 14-0175 WHA (N.D. Cal. 2019).
[8] A motion to appoint a committee of public entities, such as cities and counties, was filed, but the relief requested was denied by the court. See Doc. Nos. 720, 803, 820, 823, and 884.
[9]See Doc. Nos. 409 and 962, Notices of Appointment of Creditors’ Committee Amended Appointment of the Official Committee of Unsecured Creditors.
[10]See Doc. No. 453, Notice Regarding Appointment of the Official Committee of Tort Claimants.
[33] See 166 FERC ¶ 61,049, Order Petition for Declaratory Order and Complaint ¶ No. 1; see also Exelon Corporation, Petition for Declaratory Order and Complaint, Docket No. EL19-36-000 (filed Jan. 22, 2019).
Traditionally, a U.S. patent could only be enforced against activities occurring within the U.S. The globalization of industries and markets over the past 50 years has brought down trade and communication barriers and integrated markets across the world. This has changed many companies from local or regional concerns into global players in the international supply chain. These changes have created conflict with existing U.S. patent law, in some cases allowing companies with infringing products to avoid liability by, for example, manufacturing the infringing product outside of the U.S. U.S. patent law has expanded over the last half century to address these loopholes. Many foreign activities that U.S. patent law traditionally carved out are now subject to liability, and the pace of change appears to be quickening. Although U.S. courts still discuss the traditional presumption against extraterritorial application of patent law,[1] in reality there are many exceptions to this presumption that allow enforcement of U.S. patents for activities occurring outside of the U.S.
Congress has repeatedly revised the patent infringement statute, 35 U.S.C. §271, to address foreign companies trying to skirt U.S. patent laws. For example, in Deepsouth Packing Co. v. Laitram Corp.,[2] the defendant manufactured components of an infringing product in the U.S. and then exported those components outside the U.S. for assembly into the infringing product. Applying the law at the time, the Supreme Court held that the defendant had not infringed the plaintiff’s patent because the assembly and sale of the infringing product occurred outside of the U.S., and it was “not an infringement to make or use a patented product outside of the United States.”[3] Congress enacted §271(f) in 1984 to address this gap by “expand[ing] the definition of infringement to include supplying from the U.S. a patented invention’s components” for assembly outside the U.S.[4] Four years later, Congress added §271(g) to the statute, which expanded liability for infringement for the importation, sale, or use in the United States of a product made abroad by a process patented in the United States. This closed the loophole for method claims of simply off-shoring manufacturing facilities (and then importing the manufactured product) to escape infringement liability. Similarly, in 1996, Congress added liability for the importation into the U.S. of infringing articles to the direct infringement subsection, §271(a).
These amendments can be applied broadly, especially alongside induced infringement under 35 U.S.C. § 271(b). §271(b) provides that “[w]hoever actively induces infringement of a patent shall be liable as an infringer.” For example, not only can a foreign manufacturer be liable for infringement under §271(g) for using a patented product to manufacture an infringing article outside of the U.S. (even if the article is ultimately imported into the U.S. by another entity), but in many cases the foreign manufacturer may also be liable for inducing its customers to import the infringing products under §271(b), even where the manufacturer has no direct link to the U.S. market. In Global-Tech Appliances, Inc. v. SEB S.A., the accused infringer, Pentalpha—located in Hong Kong—purchased one of SEB’s deep fryers in Hong Kong, manufactured its own copies of the fryer, and sold them to customers in Asia. [5] These customers independently imported the fryers into the United States.[6] Pentalpha was found liable for having induced infringement by manufacturing and selling the fryers in Hong Kong for their customers to import into the United States.[7]
The Federal Circuit has held consistently under similar facts. In O2 Micro Int’l Ltd. v. Beyond Innovation Tech. Co., the Court of Appeals of the Federal Circuit affirmed induced infringement by an Asian defendant even though the directly-infringing U.S. sales were made by a customer several rungs down the supply chain.[8] Similarly, in Power Integrations, Inc. v. Fairchild Semiconductor Int’l, Inc., the defendant’s knowledge of the likelihood that the product could be imported into the U.S. by downstream customers was enough to find inducement. In Power Integrations, even though the defendant did not actually know whether its customers were importing the infringing chips into the U.S., the evidence was sufficient to find inducement: designing chips to meet United States energy standards, providing demonstration boards containing the infringing chips to potential U.S. customers, and maintaining a technical support center in the United States.[9] Thus, a foreign business that runs a facially geographically-neutral operation can nevertheless be liable for induced infringement if its activities are directed at least in part to the United States. “[H]ard proof that any individual third-party direct infringer was actually persuaded to infringe” is not required.[10]
The district court opinion in Kaneka Corp. v. SKC Kolon PI, Inc., further illustrates this trend. In Kaneka, there were three degrees of separation between the accused induced infringer and the infringing act. The defendant’s polyimide film was sold to laminate manufacturers (layer 1), who sold laminates to manufacturers of circuit boards (layer 2), who then sold these circuit boards to the final “set-makers,” such as Samsung and LG (layer 3), who incorporated these circuit boards into mobile phones and imported them into the U.S.[11] Inducement was found because the defendant knew its film infringed plaintiff’s patents and that it actively and intentionally sold this film knowing that it would be incorporated into Samsung and LG phones, which would be imported into the United States.[12]
The geographic scope of patent damages has also been steadily expanding. For example, in 2018’s WesternGeco LLC v. ION Geophysical Corp,[13] the issue was whether a patent owner could recover lost foreign profits for infringement under §271(f). The dispute involved two competitors manufacturing sea-floor surveying technology.[14] The defendant manufactured components of its system and shipped them to other companies abroad who would then combine them to create a surveying system that infringed the plaintiff’s patent.[15] The court upheld the lower court award of lost profit damages based, in part, on purely foreign contracts (i.e. contracts for sales of the infringing product outside of the U.S.).[16] Several questions remain unanswered by this case, including whether such damages are limited to infringement under §271(f) and to “lost profits.” These issues are currently on appeal in Power Integrations,[17] where the plaintiffs argue that the analysis of WesternGeco would also permit recovery of damages for direct infringement under § 271(a) and both reasonable royalties as well as lost profits.[18]
With global commerce now being the norm rather than an exception, even purely foreign activities can create significant liability in the U.S. for patent infringement. This long-term trend toward an expansion of liability shows no signs of slowing down. Companies selling products into the international stream of commerce should be aware that significant U.S. liability may exist even where a company has no direct connection with U.S. markets.
[1]See Microsoft Corp. v. AT&T Corp., 550 U.S. 437, 454-455 (2007) (“The presumption that United States law governs domestically but does not rule the world applies with particular force in patent law”); Deepsouth Packing Co. v. Laitram Corp., 406 U.S. 518, 531 (1972) (“Our patent system makes no claim to extraterritorial effect.”).
[17]See, e.g., Power Integrations, Inc. v. Fairchild Semiconductor Intl., No. 19-1246 (Fed. Cir. Dec. 3, 2018).
[18] Power Integrations Opening Brief at 34, Power Integrations, Inc. v. Fairchild Semiconductor Intl., No. 19-1246 (Fed. Cir. Apr. 12, 2019) (Dkt. No. 32.)
Reading poetry, or any fictional text, is a mental dialogue between author and reader. Each of us is free to bring our own life experience and emotional reaction to how we interpret the text. The precise words, the author’s intent, and whether those words exist within the poem or commentary around it matter less than our reactions. Reading the law of the modern regulatory state is fundamentally different. It is not like reading fiction, or even the news, because the legal framework of the regulatory state is about the power of the government over the governed. The legal texts set the limits of the power of those who govern us. The words of the legal framework create the tools by which the three branches of government exercise that power. So, the words matter, the intent matters, and where in the hierarchy of power—and by whom—the words have been written matter. Given that it is about the power of the state, legal reading is constrained by its own norms and principles. It is not ordinary reading.
In today’s world, trained lawyers are not the only readers and interpreters of the legal framework and its legal texts.[1] There are many others with specialized knowledge or expertise who I call “regulatory readers.” The supervisors at the banking agencies are among the most important regulatory readers. In the private sector, one finds them in risk management, compliance, finance, and in policy positions in government and regulatory affairs. For many regulatory readers, interpreting the legal framework is core to their job responsibilities, and in our republic, there have always been citizen readers of the law. All this is as it should be. Yet in the post-New Deal construct, the full nature of the legal framework through which the regulatory state exercises its power has not been made as clear as needed.
It is, in my view, not taught well enough in most law schools with their continued overemphasis on case law. I realize that many top law schools have moved to remedy this problem with first-year courses that teach the post-New Deal administrative state. Years of teaching financial regulation as an adjunct at both Columbia and Harvard as well as training young lawyers at Davis Polk have led me to the view that even the brightest law students have not been given the proper grounding in how the regulatory state really works. The training of regulatory readers is a catch-as-catch-can, haphazard mess in urgent need of improvement.[2] It is fair to question how much training on the legal framework of the regulatory state the resource-constrained banking agencies have been able to give their supervisory staff.[3] Just a comparison of the number of lawyers to the number of examination staff at each of the agencies tells us that deep training on the law, legal interpretation, and the legal framework has not been possible.[4] And yet, since the early 2000s, which ushered in a new era of anti-money laundering compliance, and as accelerated after the financial crisis with its increased emphasis on governance, legal risk, and compliance, supervision has become much more legally infused. In the private sector, some compliance officers initially train as lawyers but may or may not have had training in the regulatory state. Many in compliance and risk officers have had no training at all in the legal framework.
This article aims to demystify the legal framework and legal interpretation for the newly minted, digital-native lawyer and for the curious regulatory reader, using the banking sector as a case study. It begins with a discussion of the legal framework and its hierarchy as it actually exists in the banking sector—not as it may have been taught theoretically in law school for young lawyers or ignored in compliance with law training for regulatory readers. It moves on to a discussion of the traps that await the unwary who rely solely on the banking agency websites for their sources of legal texts. It then seeks to explain why reading legal texts is not as unconstrained as reading poetry and other nonlegal texts. Finally, the article concludes by observing that a deeper understanding of these points is critical as we stand on the cusp of moving from the age of internet searching to the age of augmented machine reasoning in legal interpretation.
The Legal Framework and Its Hierarchy
At the top of the hierarchy is the U.S. Constitution, followed by federal statutes and regulations, as well as applicable state statutes and regulations, agency consent orders, public written guidance, and private written and oral guidance, which may or may not be preempted and which interact with federal law and regulations in complex ways. Each banking organization will have its own policies, some of which go beyond the legal framework. Judicial case law and canons of statutory and regulatory interpretation also must be considered. The graphic below sets out the structure. Although this explanation may be basic to more experienced regulatory lawyers, it is not widely understood by many regulatory readers, and as Chief Justice Strine of the Delaware Supreme Court has noted, not even to some of the younger digital-native lawyers.[6]
One key difference in how this article and the graphic below explain the legal framework and its hierarchy is that they take into account both the formal legal structure (constitutions, statutes, regulations, and case law) and the supervisory structure (agency examinations and guidance, only part of which is public). Law schools classically teach only formal regulation but not supervision.[7] By sharp contrast, the training of examiners, risk professionals, and compliance professionals is overweighted in supervision and guidance and underweighted in statutes, regulations, and case law.
The Legal Framework
When interpreting a legal text, it is critical to know where it sits in the hierarchy. If there is an inconsistency among principles or text, the text higher in the hierarchy wins. The U.S. Constitution trumps a statute, which trumps a regulation, which trumps guidance. The interaction between federal and state law is more complex, especially in the banking context. Of course, the U.S. Constitution always trumps a state law. The interaction of federal and state law, however, will depend upon whether the federal government has decided to preempt or coordinate with state law. In the banking sector, it is every which way.
What happens more often is that the lower-level text must be read in light of the higher-level text. It is a common error in the internet search era to rely on the most detailed text that appears to most precisely answer the question without looking to see where it fits in the hierarchy. No text is an island and should not be read as such. Part of the reason for this misunderstanding is the blessing and curse of our ability to Google up answers. We may think that our search has found the right result because detailed and precise text appears on our screen, but unless we position it within its proper place in the legal framework and check that it is still valid, it is easy to become confused. Digital searching can also sometimes lead to confusion between proposed and final texts. Proposed texts are not binding, although during the time they are proposed they can sometimes influence interpretation. After there is a new final text, however, the proposed text cannot be relied upon.
Statutes, Regulations, and Agency Documents
The U.S. Constitution. The U.S. Constitution, as the highest legal document of our republic, governs everything. It may seem like it does not come up, as a practical matter, in the daily life of legal interpretation and regulatory reading, but it does. For example, under the U.S. Constitution, no federal agency has “inherent powers.” There is no such thing. The U.S. Constitution, as ratified, delegates specified powers to the federal government. Under the separation of powers among the three branches of the federal government, a federal banking agency has only the powers that Congress has delegated to it and no more. These are broad powers, but they are not limitless. Two concrete examples might help. The banking agencies have often asserted in multiple fora their authority to regulate banking organizations for safety and soundness. That power exists but is not part of any “inherent authority,” as has apparently mistakenly been taught to a generation of examiners. Rather, it comes from a Congressional statutory delegation of authority and is limited by the words contained in, and the Congressional intent behind, that authority.[8] Another recent example is the criticism and pushback from some examiners on lobbying by banking organizations. As Vice Chairman for Supervision Quarles expressed in a surprised and shocked response to a Congressional question, such behavior, if it happened, would be a clear violation of First Amendment rights to free speech and to petition the government for the redress of grievances.[9] Both examples illustrate more than anything else flaws in training and education at the agencies, which in many respects may stem from a shortage of lawyers at those agencies as well as a lack of adequate resources given to the legal budget within the agencies.
Federal Statutes and Federal Regulations. Federal statutes and regulations are key to any legal interpretation. Statutes are bound by the limits of the U.S. Constitution. In addition, regulations cannot go beyond the authority granted by the relevant statute and must be interpreted in light of the applicable grounding statute (typically title 12 in the banking context), other applicable statutes (most commonly the Administrative Procedure Act and the Freedom of Information Act, but many others also apply), and any court cases interpreting the regulatory text or similar regulatory text from another context. Many regulations do not repeat the entire statutory text, and both must be mastered and read together in order to interpret a regulation. A good example is Regulation W in which certain defined terms are found only in section 23A or 23B of the Federal Reserve Act, so reading the regulation alone is misleading and incomplete. Regulations are issued under the notice and comment procedures of the Administration Procedure Act and are legally binding upon both the banking agency and the banking organization. Astoundingly, confusion has arisen among some risk and compliance professionals who claim that the “law” is for the lawyers, and “regulations” are for risk and compliance. This confusion is an unintended and unfortunate misunderstanding of the agencies’ admirable use of the simplified phrase “law and regulations.” A more precise, technical wording would be “the Constitution, all applicable statutes whether federal or state, all relevant judicial interpretations, and regulations.” We can all agree that “laws and regulations” is a more elegant and simplified phrase, but it does not change the fact that regulations are part of the law—that is, the legal framework. No one should be confused that regulations are not part of the law or think that they are separate from the hierarchical legal framework.
Federal Consent Orders. Federal consent orders are binding on an individual banking organization and thus form a type of binding contractual obligation that is legally enforceable in a court. Many large banking organizations have at least one active consent order outstanding. Before giving any legal advice to a banking organization, it is necessary to confirm there is no relevant outstanding consent order. Consent orders of one banking organization are not binding on any other banking organization. Remediation plans under a consent order, once accepted by the banking agency, form part of that binding contractual obligation and are typically not public.[10]
Federal Public Written Guidance. There has been much discussion lately about federal public written guidance, which encompasses those public agency writings that are labeled as “guidance” as well as supervisory letters, examinations manuals, and FAQs—essentially any public writing by the regulatory agency staff.[11] Banking organizations, like other regulated entities, actively seek public written guidance. Most guidance is not legally binding and is not enforceable against the agency staff or banking organizations, although in practice, many agency staff and banking organizations have, until recently, treated guidance as if it were binding.[12] Under title 12, there is also an unusual category of “enforceable guidance” or “standards” that are permitted under the statutory safety and soundness authority.[13] The OCC’s risk management guidelines fall into this category.
There has been some confusion by certain regulatory readers asserting that guidance is not part of the legal framework and therefore does not involve legal interpretation. An understanding of the full legal framework shows this view to be deeply mistaken. The interpretation of public written guidance is part of the legal framework even if written by the agencies’ supervisory staffs, and even if it is legally nonbinding. It must be interpreted in light of the Constitution, statutes, regulations, and case law that sit above it and either infuse the interpretation or limit its applicability. Public written guidance is especially sensitive because it is explicitly meant not to apply to all situations at all times. The tyranny of the spreadsheet checklist within most banking organizations has meant that this important fact is easily lost in the realm of project management implementation.[14] It is also the situation, due to constraints of budget, resources, and stature within the agency, that public written guidance, especially the types that are published without notice and comment review, have not been truly vetted by the agency legal staffs. As a result, there is a higher incidence of errors under the legal framework in such guidance.[15] This lack of internal vetting by agency legal staff does not, however, render public written guidance as not part of the overall legal framework.[16]
Federal nonpublic guidance and secret lore. Federal nonpublic guidance and secret lore comes in multiple forms, none of which are legally binding but which nonetheless impact the behavior of banking organizations. Much of this guidance is written, but some of it is oral. Some of this nonpublic guidance applies, like a consent order, only to a single banking organization. For example, examinations, feedback letters, MRAs, and MRIAs are all written and have the imprimatur of having been vetted by the higher levels within the banking agency.[17] Each one of these, however, to the extent it is legally infused, such as supervisory views on whether the banking organization is complying with the legal framework, in practice requires the backdrop of the legal framework of laws, regulations, and public guidance and must be read against those authorities. To complicate matters further, some examinations, consent order feedback letters, and MRAs are done on a horizontal basis across all or a subset of banking organizations.
Banking organizations also receive nonpublic oral guidance, sometimes from individual agency staff. Much but not all of this nonpublic guidance is legally infused. An oral tradition, often called “lore” of how the legal staffs of the banking agencies interpret a certain statute or regulation, often also impacts its interpretation, especially at the Federal Reserve. This lore can change when personnel changes but has traditionally been taken quite seriously by bank regulatory lawyers when it comes from, or is attributed to, the general counsel. An example is the so-called teardown rules created by the Federal Reserve legal staff for the breaking of a controlling influence as an investment is sold. These are not “rules” at all but a series of oral principles, not made public nor written down, but which reflect the views of some legal staff at a moment in time. It is also often the case that individuals in the supervisory staff sometimes engage in interpretations of the legal framework on an oral basis. Nonpublic written guidance must be interpreted in light of the statutes and regulations that govern it. Secret lore and oral guidance that is legally infused has a troublesome placement in the legal framework because the concept of secret law in a democracy is on shaky ground. Moreover, to the extent it comes from individual conversations with individual supervisory staff and is not applied horizontally across multiple banking organizations, it may or may not have been vetted or approved by senior supervisory staff or agency lawyers.[18]
Banking Organization Policies. Banking organizations have many policies. Some of these policies reflect the requirements of the legal framework, but many are designed to go above and beyond the requirements of the legal framework and impose a higher standard. Whether they reflect the legal framework or go beyond it, policies must be interpreted in light of the legal framework and updated when the legal framework changes.
The legal framework and its hierarchy are a core knowledge base in the interpretation of any regulatory text, be it a statute, a court case, a regulation, or other agency document. Without a firm grasp of exactly how it applies in any situation requiring interpretation of the text, an accurate interpretation cannot be certain.
Agency Websites and What Is Law?
Now that the hierarchy of the legal framework has been explained, where and how does one find valid textual sources of the legal framework? This article is too short for an explanation of which statute and regulation sits where and with what agency, especially since many excellent explanations exist.[19] Instead, this article will deal with the use and misuse of banking agency websites, which in today’s world of easy internet access is the first stop for many. As internet use has expanded, the federal banking agencies have expanded the quality and quantity of what they label in simplified English shorthand to be the “laws and regulations” that are posted and updated on their websites. This expansion of website access is deeply admirable and has vastly expanded public access to the legal framework. The author relies upon them with gratitude nearly every day; there are, however, some tricks and traps in relying solely on banking agency websites that can make them either highly misleading or incomplete in some crucial areas.
The first misleading element is the short-hand and lovely simplified phrase, “laws and regulations,” which is widely used on banking agency websites and in consent orders. As noted above, the phrase has led some to mistakenly believe that “regulations” are somehow separate from “law” and that the interpretation of regulations does not involve legal interpretation. Nothing could be further from the truth. Regulations are binding law and part of the legal framework. Those who have come to believe that they are somehow not legal or not law need to change their mindset.
The content of the agency websites has also led to some confusion about what the “law” is that might apply to banking organizations because the websites often do not include the grounding statutes upon which the regulations, guidance, and supervisory letters are based. Only the FDIC to its immense credit posts the federal banking statutes on its website. But the reader must beware that sometimes the statutes are incomplete.[20] The Federal Reserve, the OCC, and the CFPB post only their own regulations, guidance, and supervisory letters but, quite amazingly, skip the foundational banking statutes on which their regulations, guidance, and supervisory letters are grounded. Only the FDIC posts the Administrative Procedure Act and the federal criminal laws applicable to banking organizations on its website. Other applicable federal statutes, or even the fact that they might exist, are absent from the other banking agencies’ websites. None of the federal banking agencies post or refer to the Congressional Review Act or to the recent OMB memorandum.[21] There is an easy fix to this misleading element, which is that the other banking agencies could follow the FDIC’s lead and also include their grounding statutes on their websites, as well as links or references to other applicable federal statutes.
The second misleading element is that the structuring of the topics on the agency websites also lends itself to confusion about the hierarchy of the legal framework. Here are some random examples. On the FDIC website, the statutes are treated as a subtopic of “policy,” and enforcement orders are a subtopic of “examinations.” The Federal Reserve’s website on the Volcker Rule mentions the statute, not the regulations, and the materials under the Volcker Rule topic do not contain a link to either the statutory text or the Federal Reserve’s own implementing regulations of the statutory text.[22] The OCC categorizes its handbook for recovery under the “Laws & Regulations” section of its “Publications” topic when recovery planning comes from guidance, and a handbook cannot be a law or a regulation. The CFPB categorizes rulemaking and enforcement under the topic of “Policy and Compliance.” It is no wonder that young, digital-native lawyers and regulatory readers become confused about the hierarchy of the legal framework.
The third misleading element is that the federal banking agencies’ websites are not updated for statutory changes or judicial decisions that can change the reading of the regulation dramatically. For example, the Economic Growth, Regulatory Relief, and Consumer Protection Act[23] changed the statutory text of the Volcker Rule. The Volcker Rule implementing regulations, even in their newly proposed form, do not take into account any of the statutory changes that are immediately effective. As another example, the CFPB’s website is silent about the developing circuit split around its constitutionality. The OCC website topic on “Legislation of Interest” has not been updated since 2010. The websites are also unclear about when state law might apply.[24] Finally, many older interpretations are still not available on the websites, and it remains necessary to consult with old-fashioned paper files, some of which are nonpublic or quasi-public. Determining when state law is preempted by federal law is driven by case law as well as statutory law and regulations, and is often not made obvious on the agency website.
Some of these misleading elements could be fixed by changes to the websites, but some are harder, indeed very difficult, to change by simple and sustainable improvements to the agency websites. Instead, lawyers and regulatory readers will have to remain alert to the broader context when relying upon agency websites for their work. It is also important to understand that agency websites are not neutral; their mission is to reflect the views of the agency and, just like newspapers, they are slanted in that direction by what they choose to cover and by what they choose not to cover. The agency websites are wonderful tools and destined to get better over time,[25] but as the preceding discussion makes clear, naive internet searching on an agency website or elsewhere cannot be the end of the task. It is still necessary to determine where the text fits within the hierarchy of the legal framework, whether it is still valid, and whether sources outside of the agency websites might also influence the reading.
Legal Reading Is Not Ordinary Reading
The final way in which young, digital-native lawyers and regulatory readers can be tricked is that legal interpretation is not like ordinary reading. The federal banking agency websites do not contain any of the principles of legal interpretation that make the reading of legal texts different from reading nonlegal texts. There is no mention of the canons of statutory or regulatory construction[26] and no mention of the different levels of deference to be paid to different types of agency documents. Many young lawyers and regulatory readers are unaware, for example, that statutes and regulations must be read structurally as a whole; that regulations issued under the Administrative Procedure Act, and some interpretations where the agency has special expertise, get a high level of deference under the judicial Chevron doctrine;[27] but that many other agency documents, such as guidance, FAQs, exam manuals, and supervisory letters are subject to a much lower level of deference under another doctrine, as discussed in more detail below.[28] The agency websites do not contain the basic elements of legal interpretation because no one could have anticipated when they were first created that these websites would become the first stop for those seeking to understand laws, regulations, and guidance. It is a common error of regulatory readers and young lawyers to read from the bottom up—that is, to begin with the guidance, then move to the regulation, and then to the statute. In reality, the reading should be top down, beginning with the statute and then moving to any regulation or guidance. Those who have had no training in the legal framework often mistakenly believe that reading the guidance is sufficient. Although trained lawyers should already know these principles, it is important to communicate the existence of these principles to the many regulator readers using agency websites, and even some lawyers.
The graphic below sets out the many ways in which the reading of a legal text is different from nonlegal text. One begins, of course, with the words and their plain meaning,[29] but it is never quite that easy in the legal framework of the regulatory state, which is not known for its use of plain English. To be sure, many legal interpretations are basic and simple, and the words on the page are enough. Some of these form the large areas of settled law that will, in the next few years, become more and more automated.[30] Examples of clear or settled areas ripe for automation are calculations of the days when reports are due, most of the elements of standard reports, or other repeatable events.[31] There remain, however, many areas of ambiguity, gaps, and unsettled interpretation where there is limited or no plain meaning in the text. The arena of ambiguity is quite large in the regulatory state. For that, ordinary reading is not sufficient; other tools must come into play. For example, what is “material” under the securities laws, and how does that compare to “material” under the living wills regulation? Should the same word be given similar meanings in statutory frameworks with very different goals? What is “reasonable” under “reasonably expected near term demand” under the Volcker Rule? What is “abusive” under unfair, deceptive, or abusive acts and practices (UDAAP) statutes?[32] In these areas, the tools of statutory and regulatory construction, which turn legal interpretation away from ordinary reading, must be used. There are canons of statutory construction, many of which apply in the regulatory context. This article is too short to lay them all out, but they are admirably described in excellent secondary sources.[33] The graphic below sets forth how legal interpretation differs structurally from ordinary reading.
Interpretation of a Legal Text—Not Ordinary Reading
Even language-based plain reading of a legal text, which has had more primacy in recent years than legislative history, is not identical to reading a nonlegal text. The words may be defined in the statute or regulation, or they may be defined elsewhere in other statutes and regulations and not defined in the current statute or regulation.[34] The words may be interpreted differently depending upon whether they are general or specific words, or whether they are words that appear in a list and therefore should be limited by the concepts in the list.[35] Justice Scalia has described textual analysis as “a holistic endeavor. A provision that may seem ambiguous in isolation is often clarified by the remainder of the statutory scheme—because the same terminology is used elsewhere in a context that makes its meaning clear, or because only one of the permissible meanings produces a substantive effect that is compatible with the rest of the law.”[36]
Today, these principles matter more than ever due to the cultural shift toward PowerPoint and similar applications as the dominant tool in business communications, which has led to a cultural split between those who spend their working life reading texts and those who spend their life in PowerPoint.[37] Because most official documents from regulators remain in legal or legally infused text, rather than PowerPoint, a cultural shift must sometimes be made even before engaging with the fact that reading a legal text is not like ordinary reading by the digital native.
Agency interpretations and deference are a key part of the interpretation of any legal text in the legal framework that applies to the banking sector. The banking agencies interpret the statutory text, implement the statutory text through regulations, and apply the statutes and regulations through their guidance, FAQs, supervisory letters, general counsel opinions, secret lore, and supervision. In the administrative state, the agencies have become the most important arbiters of the legal framework in most circumstances. Under various judicial doctrines, different types of agency interpretations benefit from different levels of judicial deference. These principles of deference matter, even when no judge is involved, because they inform how the legal text is read.
Under the Chevron doctrine as currently construed by the Supreme Court, when agency interpretations of statutes are made under a formal process, such as notice-and-comment rulemaking, courts defer to any reasonable agency interpretation of ambiguous statutory language.[38] When interpreting regulations, an agency’s interpretation of its own properly issued regulation is given deference unless it is “plainly erroneous or inconsistent with the regulation.”[39] For agency judgments or decisions made without a formal process, the Skidmore doctrine applies, under which courts give less deference than under Chevron, and the deference to an agency interpretation or decision in a particular case “will depend upon the thoroughness evident in its consideration, the validity of its reasoning, its consistency with earlier and later pronouncements, and all those factors which give it power to persuade.”[40] The judicial concept of different levels of deference explains, in part, why lawyers, risk managers, compliance professionals, and sometimes supervisors can talk past one another when guidance is the topic. For the trained lawyer, guidance is read with a lower level of deference, and it is not binding. For the regulatory reader, using the tools of ordinary reading with the added dollop of the tyranny of the spreadsheet of project management, it becomes literal and binding.
Conclusion
When the author began the practice of law in the late 1980s, statutes, regulations, and judicial opinions were available only in paper format. Agency interpretations were closely held secrets, often available only by FOIA requests that were routinely filed by all of the law firms with a major bank regulatory practice. Commercial, subscription-based databases became available by the mid-1990s to those lawyers at law firms willing to pay for them. Since the invention of the smartphone, however, we have lived in the era of easy internet access. Statutes, regulations, and judicial opinions can be accessed, often free of charge, by anyone from anywhere. The agencies have vastly expanded the information available on their websites, and most formal written guidance is no longer secret.[41] The age of internet access has democratized access to the legal framework so that it is no longer a small elite of regulatory lawyers who guard its gates. The pool of regulatory readers has vastly expanded. At the same time, the legal framework has become more complex, and the role of compliance with law examinations by supervisors has expanded. The rise of operational risk management in banking organizations, including within its purview operational and legal risk, along with the rise of compliance as a division separate from the legal department, have also complicated how banking organizations interpret the legal framework, sometimes leading to multiple competing poles of interpretation within the organization. At its best, the training for young lawyers on the realities of the regulatory legal framework is not core to legal education and at its worst, it is not done. For the regulatory readers, training is haphazard. The problem is exacerbated by professional silos and corporate hierarchies both within the agencies and the banking organizations. The democratization of the age of internet access has brought us many benefits, and the presence of more and better regulatory readers is a welcome development, but the haphazard and chaotic atmosphere of the internet age is not going to serve us well in the coming age of augmented intelligence. We have to get our act together if we are to find a way to appropriately train the natural-language artificial intelligence that will make the practice of law, operational risk management, and compliance work better in the coming digital age.
*Margaret E. Tahyar is a partner in Davis Polk’s Financial Institutions Group. The author wishes to thank all of her many colleagues who have commented on this article, most especially the young, digitally native lawyers and, in particular, Tyler Senackerib, who helped with the research for this piece, and Alba Baze, who helped with the research on a companion article published in January, Margaret E. Tahyar, Are Banking Regulators Special? (Jan. 1, 2018), as well as on a related comment letter to the FDIC. Comment Letter in Response to Request for Information on FDIC Communication and Transparency from Margaret E. Tahyar, Davis Polk & Wardwell LLP (Dec. 4, 2018). This article reflects the views of the author and does not necessarily reflect the views of Davis Polk & Wardwell LLP.
[1] In a companion article to be published later, I will discuss the relationship between trained lawyers and regulatory readers in the agency and corporate setting.
[2] My testimony before the Senate Banking Committee makes some suggestions for better training of the supervisory staff. Guidance, Supervisory Expectations, and the Rule of Law: How Do the Banking Agencies Regulate and Supervise Institutions?: Hearing Before the United States Senate Committee on Banking, Housing, and Urban Affairs (Apr. 30, 2019) (statement of Margaret E. Tahyar).
[3] A recent memo written by two former Federal Reserve staffers has pointed out that training on the legal framework has been delegated to the regions. Richard K. Kim, Patricia A. Robinson & Amanda K. Allexon, Financial Institutions Developments: Revamping the Regulatory Examination Process, Wachtell, Lipton, Rosen & Katz (Nov. 26, 2018).
[4] The banking agencies have long been understood to be monitor- or examiner-dominated in their personnel. Based on research by an academic, some of which is estimated, the Federal Reserve is 95-percent monitor staff, the OCC is 93-percent monitor staff, and the FDIC is 86-percent monitor staff. Rory Van Loo, Regulatory Monitors, 119 Columbia L. Rev. 369, 438–39 (2019). The higher proportion of lawyers at the FDIC is likely linked to its work as the deposit insurer and bank failures. There are simply not enough lawyers at the agencies, in comparison with the supervisory staff, for either deep training to have occurred or for there to be a thick enough pool of talent to deal with the many legally infused questions that must arise in the context of supervisory activities.
[5] The article is meant as a fill-in to some common gaps in the knowledge base of newly minted, digital lawyers and experienced regulatory readers that I have observed in my work as a part-time adjunct professor and regulatory lawyer. It is not meant to be an overall basic training, which is beyond the scope of this short piece.
[6] Leo E. Strine, Jr., Keynote Dialogue: “Old School” Law School’s Continuing Relevance for Business Lawyers in the New Global Economy: How a Renewed Commitment to Old School Rigor and the Law as a Professional and Academic Discipline Can Produce Better Business Lawyers, 17 Chapman L. Rev. 137, 150–51 (2013).
[7] For an excellent academic piece describing the role of supervision in the regulatory state, see Rory Van Loo, Regulatory Monitors, 119 Columbia L. Rev. 369 (2019).
[9]Semi-Annual Testimony on the Federal Reserve’s Supervision and Regulation of the Financial System, 115 Cong. 86 (2018) (statement of Randal K. Quarles, Vice Chairman for Supervision). “Congress shall make no law . . . abridging the freedom of speech . . . or the right of the people . . . to petition the government for a redress of grievances.” U.S. Const. amend. I.
[10] There are also sometimes nonpublic memoranda of understanding, board resolutions, and agreements under section 4(m) of the BHCA that would govern the behavior of a banking organization but which remain confidential supervisory information.
[11] Speeches and papers by individual agency principals or staff or congressional testimony can also inform a legal interpretation but must be treated with caution. They are not legally binding, and they may reflect a political agenda, the need for diplomatic silences in a certain political moment, or may not reflect the views of the agency as a whole, as agency principals and staff so often appropriately tell us. On the other hand, they may indeed reflect a considered legal interpretation. In my years of teaching, one of the clues that law schools are not yet effective in teaching how to interpret the legal framework of the regulatory state is the tendency of law students to be too credulous in their willingness to suspend disbelief around speeches and testimony. Read and interpret with caution.
[12] There are also many open questions at the moment about which guidance is effective if it falls into the category of guidance that ought to have been sent to Congress under the Congressional Review Act but was not.
[14] One side effect of relying too heavily on regulatory readers, combined with checklist spreadsheets, is that banking organizations are sometimes pushed to do more than necessary because the nuances of guidance are lost.
[15]See Semi-Annual Testimony on the Federal Reserve’s Supervision and Regulation of the Financial System, 115 Cong. 86 (2018) (statement of Randal K. Quarles, Vice Chairman for Supervision) (“And with respect to our guidance, I think that we can be [more accountable for guidance] . . . , which sometimes in the past—that is less than the case of the recent past, but sometimes in the past has—has just gone out to the examiners and the banks.”).
[16] This lack of vetting is likely the result of a shortage of lawyers on the staffs of the agencies as compared to their supervisory staffs. See Rory Van Loo, Regulatory Monitors, 119 Columbia L. Rev. 369, 438–39 (2019) (Lawyers make up 7 percent, 14 percent, and 5 percent of the staffs of the OCC, FDIC, and Federal Reserve, respectively).
[17] MRAs are “Matters Requiring Attention,” and MRIAs are “Matters Requiring Immediate Attention.” They are nonpublic supervisory findings that arise from examinations. Some of them will be legally infused (for example, those that arise from compliance-with-law examinations), but many will not be (for example, those that arise from credit quality concerns).
[18] My testimony before the Senate Banking Committee includes further discussion of the increasing scope of guidance and secret lore. Guidance, Supervisory Expectations, and the Rule of Law: How Do the Banking Agencies Regulate and Supervise Institutions?: Hearing Before the United States Senate Committee on Banking, Housing, and Urban Affairs (April 30, 2019) (statement of Margaret E. Tahyar).
[19] The best short treatment in banking law is the American Bar Association published book, The Keys to Banking Law: A Handbook for Lawyers (Second Edition) by Karol K. Sparks, which has a handy key for which statutes and regulations apply to which agency and lists the applicable statutes. Of course, I cannot also help but plug Financial Regulation: Law and Policy (Second Edition 2018), a textbook that I co-wrote with Michael Barr and Howell Jackson. It has been deliberately written for both law students and regulatory readers.
[20] For example, the Volcker rule statute on the FDIC website references some key definitions that appear in other statutes that do not appear on the FDIC website.
[21] Guidance on Compliance with the Congressional Review Act, M-19-14, Office of Management and Budget (April 11, 2019).
[22] The author, having lived through the implementation of the Volcker Rule (statute and regulations, together) is immensely grateful that the Federal Reserve has a separate topic heading on its website for its supervisory guidance under the Volcker Rule and uses it often. Given how the Volcker Rule developed, it is completely understandable. The point here, however, is that the lack of attention to the hierarchy of the legal framework is a structural problem on the agency websites and leads to confusion among regulatory readers and the digitally native lawyers.
[23] The Economic Growth, Regulatory Relief, and Consumer Protection Act of 2018, Pub. L. No. 115-174.
[24] Banking organizations are also subject to state laws in various ways. A state-chartered bank is governed by the state law of its chartering authority, but even national banks are subject to many state laws. State trust law, for example, is embedded into the trust powers of national banks. State law is also applicable under many consumer protection statutes.
[25]See, e.g.,Request for Information on FDIC Communication and Transparency, 83 Fed. Reg. 50,369 (Oct. 5, 2018).
[26] Larry M. Eig, Statutory Interpretation: General Principles and Recent Trends, The Congressional Research Service (Sept. 24, 2014). See also Antonin Scalia & Bryan A. Garner, Reading Law: The Interpretation of Legal Texts (2012); William Eskridge, Legislation and Statutory Interpretation (2007).
[27] Chevron U.S.A., Inc. v. NRDC, 467 U.S. 837 (1984). With changes in the Supreme Court, the Chevron doctrine is coming under question and may change.
[28]See Skidmore v. Swift & Co., 323 U.S. 123 (1994).
[29]See Moskal v. United States, 498 U.S. 103, 108 (1990) (“In determining the scope of a statute, we look first to its language, giving the words used their ordinary meaning” (internal quotations omitted)).
[30] There is also settled law via judicial interpretation where the plain meaning of the text is not enough.
[31] My assertion is not that they are perfectly clear, but that many are clear enough and could soon be automated or partly automated.
[33] Larry M. Eig, Statutory Interpretation: General Principles and Recent Trends, The Congressional Research Service (Sept. 24, 2014). See also, Antonin Scalia & Bryan A. Garner, Reading Law: The Interpretation of Legal Texts (2012); William Eskridge, Legislation and Statutory Interpretation (2007).
[34] The Volcker rule regulations are an example. The concept of “debt previously contracted” appears in the National Bank Act and has a long history of public written interpretation by the OCC and, to a lesser extent, the Federal Reserve. It is not defined in the Volcker Rule regulations. Likewise, the term “investment adviser” appears in the Volcker Rule regulations. It is defined in the 1940 Act, but there is no cross-reference in the Volcker Rule regulations to its similar usage. Another example is the SEC’s proposed rules for segregation of collateral for security-based swaps. Although the proposed regulations for segregation will contain some of the technical segregation requirements, the basic requirements are found only in the Exchange Act, including for example, a reporting requirement that is mentioned nowhere in the proposed regulations.
[35] “Where general words follow an enumeration of specific items, the general words are read as applying only to other items akin to those specifically enumerated.” Harrison v. PPG Indus., Inc., 446 U.S. 578, 588 (1980). For example, if the term “fruit” is defined as “apples, bananas, oranges, or similar foods,” one could reasonably consider pears a fruit that is a “similar food” but not pizza. The question of whether a tomato, which scientists classify as a fruit but most people view as a vegetable, would fall within the “or similar foods” category would depend upon the overall context and intent.
[36] United Savings Ass’n v. Timbers of Inwood Forest Associates, 484 U.S. 365, 371 (1988) (citations omitted).
[37] PowerPoint, with its ability to communicate with visual tools, is a wonderful medium. Davis Polk’s Financial Institutions Group uses it frequently.
[38] Chevron U.S.A., Inc. v. NRDC, 467 U.S. 837 (1984); Christensen v. Harris County, 529 U.S. 576 (2000); United States v. Mead Corp., 533 U.S. 218 (2001).
[39] Auer v. Robbins, 519 U.S. 452, 461 (1997) (quoting Bowles v. Seminole Rock & Sand Co., 325 U.S. 410, 414 (1945)).
[40] Skidmore v. Swift & Co., 323 U.S. 134 (1944).
[41] There still exists a wide realm of secret lore and, as I have argued elsewhere, too wide a realm of confidential supervisory information. Margaret E. Tahyar, Are Banking Regulators Special? (Jan. 1, 2018); see also, Guidance, Supervisory Expectations, and the Rule of Law: How Do the Banking Agencies Regulate and Supervise Institutions?: Hearing Before the United States Senate Committee on Banking, Housing, and Urban Affairs (April 30, 2019) (statement of Margaret E. Tahyar).
The laws impacting cannabis and marijuana-related businesses (MRBs) have been an evolving landscape in both the United States and Canada. The U.S. landscape for MRBs has been difficult to navigate in that there are a number of inconsistencies between federal and state laws that make it increasingly difficult for stakeholders in MRBs to determine what is legal. Twenty-nine states plus the District of Columbia have legalized marijuana for medical purposes; six states have legalized marijuana for recreational use; and Maine and Massachusetts have approved legalization measures that have not yet taken effect.
Under the Controlled Substances Act (CSA), U.S. federal law prohibits the manufacture, possession, or use of marijuana for any purpose, even in states where recreational or medical marijuana sales are legal. The Money Laundering Control Act under U.S. federal law also prohibits knowingly conducting a financial transaction that involves the proceeds of unlawful activity, which includes violations of narcotics laws. However, there is an exclusion from violation of the CSA where the underlying activity is not an offense in the foreign country.
Recent U.S. laws are giving hope to the cannabis industry that the tide in the United States toward MRBs is changing. On December 12, 2018, the U.S. Congress passed the Agriculture Improvement Act of 2018 (also called the Farm Bill). The Farm Bill finally makes a distinction between hemp and other cannabis plants, and makes “industrial hemp” exempt from the CSA, which essentially means hemp is legal with restrictions. The Farm Bill also allows for interstate sales of hemp products. In March 2019, the House Financial Services Committee voted to approve the Secure and Faire Enforcement (SAFE) Banking Act, which has 152 cosponsors, twelve of which are Republicans. The SAFE Act would permit MRBs to access banking services by protecting banks and other financial institutions from federal prosecution when working with MRBs that are operating in compliance with state laws. The law would also provide safe haven for ancillary businesses that work with MRBs from being charged with money laundering and other financial crimes. The next step is for the SAFE Act to go to the U.S. Senate.
Financial institutions in the United States are grappling to obtain a clear understanding of what activities they may currently undertake vis-à-vis marijuana-related businesses. The central question is, what kind of activity by a financial institution would constitute a violation of the CSA and the Money Laundering Control Act? Based on the exclusion from the CSA discussed above, many financial institutions have been able to get comfortable with providing financial services to an MRB located in a jurisdiction where marijuana is legal, where their operations are solely in that country. Even where it is legally permissible, financial institutions often must also deal with certain ethical or reputational risk issues, given the U.S. federal law prohibition and the prohibition under laws around the world.
There are also questions without clear answers around what types of products and services a financial institution can provide a company that derives revenue from an MRB and how far down the chain of suppliers to and service companies for MRBs also may be prohibited from dealing with financial institutions. For example, will a financial institution bank with a state or municipality that derives revenue from marijuana-related businesses, or an accountant who does the taxes of MRBs? Due to this confusing and contradictory environment in the United States, the majority of MRBs have no access to services of financial institutions, such as obtaining loans, opening bank accounts, accepting credit and debit cards, and using electronic payroll services.
In contrast, Canada became the first major world economy to legalize recreational marijuana in October of 2018. The Cannabis Act and accompanying regulations in Canada establish a licensing regime governing cultivation, processing, testing, drug products, and research. There are strict rules governing operations of cannabis businesses in Canada, and each province creates its own regulatory regime governing MRBs. Certain provinces permit privately owned stores and online sales (Saskatchewan and Manitoba); some permit privately owned stores with publicly managed online sales (Alberta, Ontario); others allow both private and publicly owned stores (British Columbia, Newfoundland, Yukon, and Nunavut); and the largest subset permit only publicly owned stores (Quebec, New Brunswick, Nova Scotia, Prince Edward Island, and the Northwest Territories).
Companies in Canada are certainly accessing the financial markets. Canopy Growth Corporation, the world’s largest legal cannabis company by market share and also publicly traded on the New York Stock Exchange, recently closed the second syndicated financing of a cannabis company. Cannabis businesses have grown at record speed as an industry in Canada—Canopy Growth Corporation grew from 700 to 2,700 employees in less than a year. Canopy Growth Corporation also exports overseas, recently obtained a license to produce hemp in New York State, and is moving toward increased international operations.
Businesses in the United States and Canada have varied experiences in starting up and operating MRBs; however, generally there are far less rules and regulations on MRBs in Canada. The operational barriers for MRBs in the United States range from difficulty leasing property to inability to access the banking market to struggling to find investors willing to go into the space given the complicated legal environment, all of which impact growth potential. Fortunately, certain credit unions have opened their doors, and now bank MRBs and, accordingly, some businesses have been able to obtain financing and other traditional banking services. However, the majority of owners of MRBs are forced to operate cash-only businesses, which makes them targets for crime. As a result of all of these factors, some MRBs are going to Canada for investment, and MRBs also understand that they must own properties where they operate their businesses because they cannot risk leasing issues.
MRBs in the United States have been waiting for the financial markets to allow them to access traditional banking services and wider investment options, such as those available in Canada. New laws, such as the Farm Bill and the Safe Act, provide hope that real cannabis reform in the United States may be entering a new era.
The thoughts and opinions in this article do not reflect the any positions taken by MUFG Union Bank, N.A.
Why LLCs Can Be Problematic for Removal Based on Diversity Jurisdiction
When a party wants to remove a case based on federal diversity jurisdiction, 28 U.S.C. § 1332 requires that: (1) the amount in controversy exceeds $75,000; and (2) the parties’ citizenship is completely diverse (i.e., no plaintiff is a citizen of any state where a defendant is a citizen). The party removing a case to federal court has the burden to demonstrate diversity of citizenship.
The burden to prove complete diversity may become complicated when an LLC is a party. To determine the citizenship of an LLC (or other unincorporated entity), a party must look to the citizenship of each member of the LLC. LLC member information and/or citizenship often is not set forth in initial pleadings, however. To make matters more complicated, this information may also not be publicly available. Therefore, a removing party is often faced with the prospect of filing removal papers without complete knowledge of the citizenship and diversity of the other parties, even though it is the removing party’s duty to demonstrate complete diversity.
There are three main steps you can take to demonstrate to the court that you have performed due diligence and attempted to discern the LLC members and their citizenship.
Step 1: Reach Out to Opposing Counsel
When you receive the initial pleadings, and they do not allege LLC members or their citizenship, the first thing you can do is reach out to opposing counsel. You can send a quick e-mail that requests information about each LLC member and their citizenship.
You might not receive a response to this e-mail or might not receive a complete response within the timeframe you have allotted prior to the removal deadline, but this demonstrates to the court that you reached out to opposing counsel and sought this information, and it was not provided to you prior to removal.
Step 2: Research Publicly Available Information
Next, you should conduct a wide search of publicly available information and include a summary of this research in your removal papers. For example, you might be able to locate the Articles of Organization for the LLC. The Articles of Organization might not list the members of the LLC, but you can attach that to an affidavit with your removal papers to demonstrate that you have looked at all the publicly available information you could find and still could not determine the member information.
Step 3: Plead “Upon Information and Belief”
In your removal papers, after the above background research, you can now allege that “upon information and belief,” the LLC members are not citizens of the states in which the removing party is a citizen. Given that it is the removing party’s duty to demonstrate citizenship, and you still do not know the members or their citizenship for certain, this will at least demonstrate to the court that you have done all you could to locate the LLC members’ citizenship prior to removal.
Lastly, this is an area of law that is ever-changing. It is always good to perform an updated search on this issue in case there is a more specific approach preferred in your jurisdiction.
Connect with a global network of over 30,000 business law professionals
