This is a summary of the Hotshot course “Fraud Carve-Outs: Market Trends,” in which ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP discuss market trends for fraud carve-outs, drawing on data from the ABA M&A Committee’s Private Target Deal Points Study. View the course here.
Fraud Carve-Outs: Market Trends
Market trends indicate that there’s increasing awareness of the importance of defining fraud in acquisition agreements.
According to the 2023 ABA M&A Committee’s Private Target Deal Points Study, fraud was carved out of the Exclusive Remedy provision in 87% of deals in 2022 and the first quarter of 2023. Of these deals:
26% leave fraud undefined;
70% refer to “actual” or “intentional” fraud; and
30% of those refer to different types of fraud, like common law fraud or intentional misrepresentation.
The number of deals that leave fraud undefined has decreased over the years:
74% in 2014;
63% in 2016 to 2017;
39% in 2018 to 2019;
32% in 2020 to 2021; and
26% in 2022 to 2023.
Because the Study only looked at material transactions between public companies and private parties, a substantial number of transactions were excluded.
Anecdotal information is that the vast majority of private equity deals include defined fraud carve-outs that limit fraud to deliberate falsehoods, knowingly made in the written representations and warranties of the acquisition agreement.
This supports the trend shown in the Study away from the use of undefined fraud carve-outs.
The rest of the video includes interviews with ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP.
This is a summary of the Hotshot course “Fraud Carve-Outs: Drafting,” a look at different approaches to drafting a fraud carve-out in an acquisition agreement. The course includes drafting tips and perspectives from ABA M&A Committee members Tali Sealman from White & Case LLP and Glenn West from Weil, Gotshal & Manges LLP. View the course here.
Drafting Fraud Definitions and Carve-Outs
This is a typical undefined fraud carve out to an exclusive remedy provision:
Following the Closing, except in the case of fraud (for which no limitations set forth herein shall be applicable), the sole and exclusive remedy of the parties hereto for monetary damages arising out of, relating to or resulting from any claim for breach of any covenant, agreement, representation or warranty set forth in this Agreement, the Disclosure Schedule, or any certificate delivered by a party with respect hereto will be limited to those contained in this Article IX.
(Emphasis added)
The language in this sample provision says the following:
Except in the case of fraud, a party’s sole remedy for monetary damages arising from a breach of any covenant, agreement, representation, or warranty in the agreement—and related documents—is limited to the indemnification rights provided under the agreement.
The indemnification rights are subject to caps and baskets as well as a limited definition of recoverable losses.
In cases of fraud, none of the limitations provided in the indemnification section will apply.
This is a buyer-friendly approach to a fraud carve-out because it leaves the definition of fraud open to interpretation.
It gives the buyer lots of options when bringing a fraud claim.
However, leaving fraud undefined raises several questions:
What type of fraud is included?
Which statements can form the basis of a fraud claim?
Whose knowledge matters?
Who can be held liable?
What type of claim can be brought for fraud? A tort-based claim or an uncapped indemnification claim?
To avoid the unintended consequences that can occur when the above questions are left unanswered, parties typically define what counts as “fraud.”
This can be done in the carve-out to the Exclusive Remedy provision itself or as a defined term that’s referred to in the carve-out.
Sample Provision Defining “Fraud” in the Exclusive Remedies Provision
Except in the case of claims of intentional common law fraud respecting the express representations and warranties set forth in this Agreement and asserted against the Person who knowingly committed such intentional common law fraud, claims for indemnification brought in accordance with and subject to this Article IX shall be the sole and exclusive remedy of any Indemnitee for Losses from and after the Closing Date with respect to any claim arising from, based upon, or related to this Agreement (whether in contract or tort).
In this example, the type of fraud that’s subject to the carve-out is limited to intentional common law fraud.
So both equitable fraud and common law fraud based on recklessness are not included.
The types of statements that can form the basis of the fraud are only the reps and warranties actually set forth in the written acquisition agreement.
This helps eliminate any conflict between the fraud carve-out in this Exclusive Remedy provision and the No-Reliance clause, which says that the buyer isn’t relying on any representations or duties to disclose other than those expressly set forth in the acquisition agreement.
The provision goes on to specify that only the “Persons”—usually defined as entities or natural persons—who actually committed the fraud can be held liable.
In other words, only the “Persons” who knew the rep was false when made and caused or allowed that rep to be made anyway would have exposure.
So under this provision, innocent sellers are not liable for fraud committed by other sellers.
The provision also limits the carved-out fraud claim to a tort-based claim for common law fraud because it does not expressly preserve an uncapped indemnification claim based on the allegation of fraud.
Sample Provision Where Fraud Is Included in the Definitions Section of the Agreement
“Fraud” shall mean with respect to the Sellers, any intentional common law fraud with respect to the making of the express representations and warranties of the Sellers set forth in Article IV, provided, that any such intentional common law fraud of the Sellers shall only be deemed to exist if any of the individuals identified in the definition of “Knowledge,” as applicable to the Sellers, had actual knowledge (as opposed to imputed or constructive knowledge) that the representations and warranties made by the Sellers in Article IV were actually false when made, with the express intention that Buyers rely thereon to their detriment.
(Emphasis Added)
Like the first example, this definition addresses most of the major concerns that arise when fraud is undefined.
It also limits the type of fraud to only “intentional common law fraud” and restricts the types of statements that can form the basis of a fraud claim to the written reps and warranties in the agreement itself.
In terms of whose knowledge matters, the parties here have specified a “knowledge group.”
So the actions of any one of the named individuals in the group could result in a fraud claim.
The definition goes on to require that the named person had actual knowledge that the reps and warranties were actually false when made.
To understand how this definition works, we have to look at it in the context of the Exclusive Remedy provision. Here’s an example of what that would look like:
Claims for indemnification brought in accordance with and subject to this Article IX shall be the sole and exclusive remedy of any Indemnitee for Losses from and after the Closing Date with respect to any claim arising from, based upon, or related to this Agreement (whether in contract or tort); provided, however that in the case of Fraud, the caps and baskets set forth in this Article IX shall not be applicable.
The Exclusive Remedy provision says that a party’s sole remedy for a breach is the indemnification rights provided under the agreement, except in the case of fraud with a capital F.
Unlike the prior example, this provision expressly maintains the right to bring an indemnification-based claim for “Fraud,” but eliminates the caps and baskets otherwise applicable.
This may or may not be more buyer-friendly depending on the definition of losses and other applicable limitations in the indemnification provision.
But because “Fraud” has been defined so that all of the Sellers are liable for the fraud of any of the Seller’s Knowledge parties, even though other Sellers may have been innocent, this is more buyer-friendly than the first approach.
If there are multiple sellers in a deal (for example, a company with many stockholders), this approach is rare since some sellers may be completely passive and have no way of knowing whether the reps and warranties being made by the knowledge parties are accurate.
This is an example of where the negotiated fraud carve-out, even though well defined, is more expansive than the judicially created, public-policy carve out imposed in many states.
The rest of the video includes interviews with ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP.
This is a summary of the Hotshot course “Fraud Carve-Outs,” an introduction to fraud carve-outs and the issues parties consider when defining fraud, such as who’s liable, whose knowledge matters, what types of fraud claims can be brought, and what statements can form the basis for a fraud claim. View the course here.
Explaining Fraud Carve-Outs
Indemnification rights for breaches of representations and warranties in a private acquisition agreement are typically heavily negotiated. The parties often agree to limit these rights through:
Caps, baskets, and loss exclusions; and
An Exclusive Remedy provision which says that the rights and remedies in the indemnification section are the only ones available if there’s a breach of the written reps and warranties.
In addition, when a buyer gets rep & warranty insurance, a seller’s contractual liability for breaches can be eliminated altogether.
There’s an important exception to these limitations for claims involving fraud that either the parties agree to or that’s imposed by law in many states:
If the seller commits fraud when making reps or warranties to the buyer, the buyer wants to be able to bring a claim for that fraud, either as:
A tort-based claim; or
A contract-based claim that’s not subject to the caps and baskets that otherwise apply to indemnification claims—in this summary, this is referred to as an “uncapped indemnification claim.”
This exception for fraud is known as a “fraud carve-out,” and when the parties agree to it, it’s usually included in the Exclusive Remedy provision of the acquisition agreement.
Whether or not to include a fraud carve-out isn’t typically an issue because sellers usually agree to include some form of it.
The issue that does arise is whether and how the term “fraud” is defined for purposes of the carve-out.
While fraud may seem straightforward, it’s actually a complex concept that parties need to define carefully.
There are different types and sources of fraud claims as well as different states of mind that could be required to constitute fraud.
Depending on how a fraud carve-out is drafted, there are also a number of remedies that could be available as well as various people who could be held responsible for that fraud.
The parties need to weigh all these considerations and potential outcomes when negotiating a fraud carve-out.
Sellers, of course, benefit from a narrow definition of fraud.
They want to limit the scope of the fraud carve-out to a defined set of circumstances where the sellers deliberately included a representation in the agreement knowing it was false.
Buyers prefer either no definition at all or a broader definition that includes misstatements made both in and outside of the agreement by any one of the sellers or their representatives.
They want liability to extend to all sellers, including sellers who may not actually have direct knowledge of the underlying fraud.
Leaving Fraud Undefined
Many agreements leave fraud undefined, which can cause uncertainty and significant unintended consequences related to:
The types of fraud claims that can be brought;
The statements that can form the basis of those claims; and
The people that could be held liable because of the fraud.
In M&A agreements, reps are often seen as risk allocation devices—not literal statements of truth.
A party may—and often does—make several reps believing them to be true, but without any way of determining (or any evidence supporting) their actual truth.
If a fraud carve-out doesn’t clarify what counts as fraud, a party could be exposed to uncapped liability for:
An innocent or negligent misrepresentation (known as “equitable fraud”); or
A reckless misrepresentation (a type of traditional common-law fraud).
For example:
A seller may rep and believe that its business has been in compliance with all laws for the past five years, even though it doesn’t actually know for sure if the statement is true.
Similarly, the seller may make a rep based upon information provided by its management team that a member of the management team knew to be false even though the seller itself did not.
The seller agrees to make these reps because it’s a fair allocation of risk. And the seller is prepared to indemnify the buyer subject to the contractual caps, even though in both cases the seller has no actual knowledge of the truth or falsity of the reps.
Even if it’s not the parties’ intention, an undefined fraud carve-out could expose the seller to the following possibilities:
The seller could be responsible for recklessly making false reps even if the seller made those reps in a way consistent with industry practice.
The seller could be responsible for innocent or negligent misrepresentations in the reps if the applicable jurisdiction allows these types of equitable fraud claims.
The seller could be exposed to tort-based fraud claims or uncapped indemnification.
Defining fraud helps protect against these situations and clarifies when the seller truly has uncapped liability.
Defining Fraud
A well-defined fraud carve-out explains:
The type of fraud that’s covered and the type of knowledge or scienter necessary to establish that fraud;
Which statements can form the basis of fraud, meaning those made inside or outside the agreement;
Whose knowledge matters;
Who’s liable for the fraud; and
Whether a party can bring a tort-based claim or an uncapped indemnification claim for the alleged fraud.
Type of Fraud
There’s no unified definition of fraud across jurisdictions, so when an agreement leaves the term undefined it’s unclear which definition and therefore which type of claim and level of knowledge is intended. For example, there’s:
Common-law fraud, which can be based on:
A representation that was made even though it was known to be false;
A representation that was made recklessly but without sufficient basis to actually know it was true; or
Under certain circumstances, even nondisclosures.
Equitable fraud, in which a completely innocent or at worst negligent misrepresentation made neither knowingly nor recklessly can constitute fraud; and
Promissory fraud, which is a form of common law fraud involving the oral communication of a promise to do something in the future that the promisor allegedly never intended to actually do.
This can effectively result in a breach of contract claim being recast as a tort-based fraud claim.
Most buyers acknowledge that the fraud they have in mind when negotiating the carve-out is specifically when the seller knowingly makes a material false statement of fact that the buyer relies on.
So buyers are often willing to include a definition of the term that matches this expectation.
If the term is undefined, then the parties open up the possibility of any or all of the various types of fraud being included in the carve-out.
Type of Statements
Parties also consider the type of statements that can form the basis of a potential fraud claim.
A No-Reliance clause is when the buyer agrees that it’s not relying on any representations or duties to disclose other than those expressly set forth in the acquisition agreement.
In most states, if the parties have included a No-Reliance clause in the agreement, only those written reps and warranties can form the basis for a fraud claim.
When fraud is left undefined in the carve-out, there could be a conflict between the No-Reliance clause and the carve-out.
This can raise questions about whether both contractual and extra- contractual representations should be allowed as the basis of a fraud claim.
Whose Knowledge Matters
In addition, the definition of fraud can specify whose knowledge matters when it comes to fraud that’s based on a knowing misstatement.
The definition could include a specific set of individuals (like certain named officers) or a larger group of people (like all sellers and the management team).
Who is Liable
Similarly, parties sometimes specify who can be held liable for fraud.
A poorly defined fraud carve-out can result in innocent sellers being liable for the fraud of the guilty sellers.
If that’s the deal that the parties negotiated, then it’s not a problem.
But if it was never discussed, then this could result in an unwelcome surprise to an innocent stockholder.
Type of Fraud Claim
Finally, whether a party can bring a tort-based claim or an uncapped indemnification claim for alleged fraud has implications on the party’s potential recovery and pool of defendants. For example:
An uncapped indemnification claim based on alleged fraud might result in a larger recovery than a simple tort-based claim would in the applicable jurisdiction. The buyer may be able to seek damages from all of the sellers, regardless of whether they committed the alleged fraud.
On the other hand, the definition of indemnifiable losses in the agreement might be so limited—for example, if punitive damages are excluded—that the buyer would be better off making a tort-based common law fraud claim even though that type of claim can usually only be brought against the culpable seller.
No-Reliance Clauses and Fraud Carve-Outs
This summary doesn’t focus on No-Reliance clauses, but it’s important to understand how a fraud carve-out can undermine the efficacy of the provision.
In most M&A agreements, buyers specifically acknowledge that they’re not relying on any statement made by the sellers or anyone acting on the sellers’ behalf other than the reps in the written acquisition agreement itself.
The idea is that the parties have carefully negotiated the scope of what the seller agrees to stand behind, and they’ve put that in writing in the acquisition agreement.
The seller doesn’t want to find out later that the buyer was instead relying on a statement made in a management presentation or a negotiation session even though those statements weren’t included in the written reps in the agreement.
Since a required element of common-law fraud is justifiable reliance by the buyer, a No-Reliance clause can prevent any argument that the buyer relied on reps made outside of the contract.
A fraud carve-out can undermine the efficacy of the No-Reliance clause. For example:
Leaving fraud undefined could be interpreted to mean that both types of statements—those in and outside of the agreement—are included, despite a No-Reliance clause.
Or if the parties include the fraud carve-out in the No-Reliance clause itself, it could be argued that they intend for both contractual and extra-contractual fraud to be an exception to no-reliance.
If the express purpose of the No-Reliance clause is to eliminate all fraud claims that are based on extra-contractual statements by expressly disclaiming reliance upon any such statements, it doesn’t make sense to carve out fraud from the reach of the No-Reliance clause.
So to avoid this pitfall and any other ambiguity, the parties usually define fraud so that it only includes knowingly false statements of fact set forth in the written reps of the agreement.
Judicially Created Fraud Carve-Outs and State Law
Many states have laws that address the issue of fraud and No-Reliance clauses in acquisition agreements.
For example, Delaware law, which is the governing law in most acquisition agreements, imposes a judicially created fraud carve-out in every acquisition agreement, regardless of any other contractually bargained-for carve-outs.
So if an agreement governed by Delaware law has no fraud carve-out and a fully effective No-Reliance clause which eliminates all extra-contractual fraud claims, the Exclusive Remedy provision would eliminate all fraud claims based on the written reps.
The exception would be when the seller itself knowingly makes a false statement in the agreement’s written representations.
In other words, under Delaware law, even if the parties don’t include a fraud carve-out in the exclusive remedies provision, a buyer could still bring a tort- based claim if they believe the seller knowingly lied in the written reps.
When a fraud carve-out is included in an agreement governed by Delaware law, the seller will want to make sure to include well-defined limits.
Otherwise the contractual fraud carve-out could increase the seller’s exposure well beyond the public-policy carve-out and potentially undo the carefully negotiated limitations on liability.
Other jurisdictions have different views on these issues.
In Massachusetts and some other jurisdictions, No-Reliance clauses are ineffective in the face of almost any type of fraud except claims based on negligence.
Other jurisdictions have similar limitations on the effectiveness of No- Reliance and exclusive remedy provisions.
Because state law can impose liability where the parties don’t intend there to be any, it’s important to familiarize yourself with the relevant laws of the governing jurisdiction before negotiating these issues.
The rest of the video includes interviews with ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP.
As artificial intelligence (“AI”) becomes more prevalent in business processes and service delivery across industries, it is increasingly important for M&A buyers to familiarize themselves with the legal nuances associated with the use of AI technologies. In this article, we explore seven key areas of inquiry for an M&A buyer when conducting legal due diligence on a target company that uses AI in its operations.
1. Type of AI used and how the target is using it
AI can be used for a wide variety of functions and applications. At the outset, it is important to understand what types of AI tools, systems, models, and technologies the target company is using, the provenance of such technologies (e.g., are they proprietary or licensed from a third party?), and how they are being used. Are they used internally only or in the delivery of products or services? Will they be business-to-business and/or consumer-facing? The answers to these questions will inform due diligence strategy and assist M&A buyers in assessing the target company’s risk profile.
Further, AI is not one type of technology. Generative AI—AI that creates new synthetic content or data, like text, images, audio, video, and source code, after being trained on large datasets and often using large language models—has caught the attention of the world, but it is only one of many kinds of AI. Deal team members should identify the types of AI being used by the target company and develop a tailored due diligence plan to understand the legal implications of the target’s AI-enabled operations and offerings.
2. How the AI is trained and rights to input data
Most AI technologies (including generative AI) require access to large datasets in order to train the AI’s “foundation models.” If the target company uses AI technology provided by a third-party vendor, the M&A buyer will need to diligence the vendor contract or applicable terms of use to analyze both the commercial arrangement between the target company and vendor and how the vendor’s AI technologies were trained (e.g., using what datasets accessed with which rights). Where the target company is providing protected, confidential, proprietary, or otherwise commercially sensitive information or data (e.g., personal data) to the third party, whether to further train or fine-tune such AI technology or via prompts (i.e., queries), buyers should also assess how the target company has addressed risks associated with this. For example, they should consider how the vendor contract permits the vendor to use such information and data, how the vendor is required to secure and protect the information and data (including retention and deletion obligations), and what guarantees (if any) the target company is making with respect to such inputs. Analyzing the nature and source of the training data (including any associated rights and other disclosures or consents) may also be warranted when the target company is training its own proprietary AI models. As further discussed in Section 6, legal obligations with respect to data protection laws and regulations still apply (despite the evolving regulatory landscape of AI regulation—see Section 7).
3. Rights to the AI-generated output
Where a target uses generative AI to create outputs, the M&A buyer should diligence the materiality of those outputs on the target’s business and whether they can be protected against third-party use. For example, consider whether the AI tool and outputs will be used internally only, whether the target company or possibly even the M&A buyer may wish to incorporate the AI technology or AI-generated outputs into its own products and services, and whether the value of the target company is dependent on having exclusive rights to (or the ability to exclude others from using) the AI-generated output. Moreover, where third-party AI is used by the target company, vendor contracts should also be analyzed to confirm whether the target company has the necessary rights to use the AI technology and its outputs—both pre-acquisition in its current business (e.g., commercially) and post-acquisition as the M&A buyer intends to use them.
Copyright and patent laws in the majority of jurisdictions (including the US, UK, Australia, and Europe) do not currently protect works or inventions created solely by AI. Accordingly, if AI-generated outputs comprise all or a part of any material assets or operations of the target company, it will be important to determine to what extent there was human involvement in their creation, what intellectual property rights the target company may have to them, and what other measures the target company has taken to protect them (e.g., contractual protections). Buyers should also undertake a review of the contractual terms applicable to such outputs (whether under the vendor terms or the commitments the target company itself may be making with respect to the AI-generated outputs).
4. Risk allocation
If the target company uses AI-enabled tools or technologies—whether proprietary or from a third party—on a commercial basis, the M&A buyer should carefully assess the potential risk associated with use of the AI or its outputs, including review of any applicable vendor contract to understand how such risk is allocated.
For example, if the AI model was trained on copyrighted works, the model could reproduce copyrighted material in its output. Many vendors have started providing certain contractual protections and indemnifications in this regard. As another example, if the target company relies on a third-party AI tool to deliver products or services to its customers and the AI tool malfunctions (e.g., hallucinates in a chatbot context), the target company may be in breach of commitments it has made or be liable for any harm or damage resulting from its customers’ use of erroneous outputs. From an M&A buyer’s perspective, it is therefore important to understand the scope of the target’s (and vendor’s, if applicable) warranties, limitations of liability, and indemnification obligations, as well as its creditworthiness. In addition, an M&A buyer should also review insurance policies the target is carrying that could cover potential instances of third-party claims.
5. Protection of proprietary AI technology
If the target company developed the AI tool and it confers a competitive advantage or is otherwise material to the target company’s business, the M&A buyer should seek to understand how the company aims to protect the AI technology from use by others. This inquiry will often be similar to due diligencing other proprietary intellectual property of the target company, including reviewing policies and procedures, employment and contractor agreements, location of development, etc.
Under intellectual property laws in the United States, AI technologies may be protectable through patent, copyright, and trade secret laws. The US Patent and Trademark Office recognizes AI as a class in its patent classification system, but given the nature of AI inventions, there are challenges to satisfying the subject matter eligibility and enablement elements required for patent protection. Copyright protection may be available, but only to certain aspects of the AI model (e.g., original expression of source code), and the visual elements of an AI system may be protectable, but functional aspects (like algorithms) are not. So, often, AI models are best protected as trade secrets. As a result, acquirers should confirm that the target company has taken reasonable measures (including reasonable legal, physical, and technological measures) to protect and maintain the secrecy of its AI models, including maintaining reasonable information security policies and procedures, as well as securing appropriate nondisclosure agreements from personnel and third parties with access to the information. Using reasonable measures to protect the secrecy of a trade secret is not just a legal requirement to maintain a trade secret’s protected status under US law but also an operational safeguard to ensure trade secret information does not (directly or indirectly) fall into the wrong hands.
6. Cybersecurity and data privacy considerations
If personal information or other regulated information is used by the target in connection with its AI technology use, diligence should include a review of at least the following: the target’s data privacy policies and cybersecurity practices; whether the target’s AI technology use is consistent with applicable privacy policies, law, and regulation; where such data or information is stored; the security measures in place to safeguard against breach; and insurance coverage applicable to breaches. In the US, there are many state comprehensive privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act.[1] In addition to comprehensive privacy laws, there are sectoral laws that are relevant to privacy and AI, including the Biometric Information Privacy Act in Illinois that covers the use of biometrics and has extremely high penalties. The target should be able to describe the nature of the relevant data and how the target obtained it, as well as applicable contracts, user consents, or disclosures governing such data (including compliance with any use restrictions that apply to the data), as applicable.
If the AI technology has been provided by a third party, not only will the target’s practices be relevant, but vendor contracts or applicable terms of use should also be reviewed to ensure there are appropriate vendor obligations addressing data privacy (see Section 2) and cybersecurity.
If the target company operates across different jurisdictions, then inquiries should also be made about the measures the target takes to comply with cross-border data transfer requirements. If the target uses training data sourced from multiple jurisdictions, the M&A buyer should confirm that the cross-border data transfers conformed to established compliance standards and protocols.
7. Compliance support and the changing regulatory landscape
As described above, acquisition of AI-enabled M&A targets involves nuanced legal considerations. In addition, the regulatory landscape with respect to AI is rapidly evolving; for example, Europe reached political agreement on the EU’s AI Act on December 8, 2023, and US President Joseph Biden issued an executive order on “safe, secure and trustworthy” AI use on October 30, 2023. The frameworks, regulations, and legislation being introduced or discussed around the world involve varying approaches, such as differing definitions of AI, targeting slightly different issues, and differing approaches to enforcement and liability. M&A buyers should consider what systems and processes the target company has in place to oversee its use of AI and the challenges posed by such technologies (e.g., systems to identify and minimize bias and to ensure safety, transparency, and human oversight). They should also consider what representations the target company is making about its AI usage.
Some major frontier AI companies have spent tremendous resources and built strong teams to tackle the challenges of compliance with regulatory requirements and to address ethical issues arising from the use and development of AI. Accordingly, it is important to examine the target company’s organizational supports and systems to not only comply with, but also to be able to adapt to, the evolving regulatory landscape, and to address existing and future regulatory compliance.
James Hu is a corporate partner at White & Case LLP, Karl Gao is the Vice President & Global General Counsel of NIO, and Yixin (Yish) Gong is a technology transactions partner at White & Case LLP. Hope Anderson, Burr Eckstut, Arlene Hahn, and Erin Hanson, partners of White & Case LLP, also contributed to this article. Any views expressed in this publication are strictly those of the authors and contributors and should not be attributed in any way to White & Case LLP or NIO.
Additional state comprehensive privacy bills have been proposed and others have passed and will be coming into effect. ↑
The November 2023 publication of updated guidance by the International Bar Association on the role of lawyers in promoting businesses’ respect for human rights provides an opportunity to revisit the many ways that business lawyers can and should advise their clients regarding potential adverse human rights impacts of their operations and business relationships.
Lawyers and their law firms are engaged in a wide range of business activities on a day-to-day basis as they provide services and advice to their clients, employ personnel to assist them in their assignments, and purchase goods and services from a variety of vendors. It has always been clear that lawyers are expected to conduct themselves in a manner that aligns with applicable professional codes of conduct and ethics, including obligations to promote justice and prevent injustice. However, law firms, like all other businesses, must also accept and meet responsibilities to respect human rights as provided in the United Nations (“UN”) Guiding Principles on Business and Human Rights (the “Guiding Principles”).[1] The American Bar Association has acknowledged that the Guiding Principles apply to the professional responsibility of lawyers,[2] and other national and local bar associations have publicly endorsed the Guiding Principles and issued guidance to their members on assisting their clients.
In November 2023, the International Bar Association (“IBA”), which previously adopted guidelines on business and human rights for lawyers and law firms based on the Guiding Principles,[3] published an updated guidance note on business and human rights discussing the role of lawyers in the changing environment.[4]
The IBA noted that clients that seek legal advice solely for technical compliance with laws and regulations, without regard to the potential adverse human rights impacts of their proposed actions, fail to see “the larger picture of business risks of involvement in human rights abuse . . . [including] . . . reputational harm; lost opportunities; reduced access to capital markets; delay costs; high interest or more expensive debt; top management distraction; and reduced ability to hire and retain talent.”[5] The UN Working Group on Business and Human Rights has identified several challenges that business lawyers often must overcome in providing effective counseling to their clients regarding human rights due diligence:[6]
Lack of understanding of human rights law in general and what is meant by “human rights risks” in particular—business lawyers sometimes do not understand that human rights include what are otherwise familiar topics such as environmental and labor rights and standards.
Failure to appreciate that human rights impacts are legal issues for all companies, not just private security companies and weapons manufacturers.
Lack of understanding of the links between human rights and legal, commercial, and reputational risks, and failure to realize that even where no material legal risks can be identified, there may still be commercial and reputational consequences from the company’s behavior.
Failure of lawyers to get involved in addressing actual or potential human rights risks at an early stage before the participants have become embroiled in litigation or another adversarial dispute resolution process.
A growing number of law firms, typically international firms with offices throughout the world, are launching formal practice areas covering business and human rights and corporate social responsibility. Such firms are offering services related to human rights reporting, implementation, and interpretation of the Guiding Principles and other “soft law” standards; human rights policies; managing supply chain risks; human rights due diligence and impact assessments; compliance systems and risk management; human rights and major projects (e.g., finance, mergers and acquisitions, and new facilities in communities where indigenous peoples’ rights may be impacted); and human rights as a defense tool. Lawyers working inside companies are leading new cross-functional working groups to oversee human rights due diligence and integrate appropriate due diligence processes into common business transactions (e.g., mergers and acquisitions), as well as expanding their existing compliance initiatives in related areas such as anti-bribery, data privacy, ethics, and business integrity.
In its recently issued guidance update, the IBA noted the following situations in which those lawyers are and should be integrating counseling on business and human rights:[7]
Mandatory Human Rights Due Diligence. Laws and regulations mandating human rights due diligence are increasing, which will require lawyers to work with their clients “to establish and implement appropriate policies, processes and procedures to ensure compliance.”
Environmental Law. Due diligence relating to environmental matters is expanding to include identification and remediation of potentially severe human rights impacts of environmental harm, climate change, pollution, and loss of diversity, particularly adverse impacts on vulnerable people and communities.
Corporate Governance. Directors and members of a company’s senior management team must be provided with guidance on how to integrate and embed human rights due diligence into internal governance structure and enterprise risk management, policies, processes, and procedures.[8]
Mergers and Acquisitions. Since the UN Guiding Principles require that companies conduct human rights due diligence with respect to the activities of parties with which they intend to form a business relationship, lawyers advising companies on mergers and acquisitions will need expand their traditional due diligence work to include human rights and environmental risks of the operations of the other party to the transaction.
Finance. Since the UN Guiding Principles hold financial institutions and investment companies accountable for adverse human rights impacts that they cause or contribute to, their attorneys need to advise them about the potential human rights impacts of their investment activities (e.g., use of loans by borrowers to engage in activities that have an adverse impact on the human rights of groups in the communities in which they are operating). Attorneys for such entities also need to assist them in including representations and covenants in transactional documents relating to human rights issues (e.g., covenants from companies receiving investment about diversity and inclusion in their workforces).
Contracts. The IBA noted that “[l]awyers play a central role in the formation, drafting and enforcement of contracts . . . [which are] . . . a key source of leverage through which a company can incentivize both buyers and suppliers to improve their human rights performance.” Lawyers should be mindful of, and participate in, the various responsible contracting initiatives that have emerged to develop standards for inclusion of human rights due diligence and dispute resolution mechanisms into contracts, particularly contracts with parties in the supply chain.[9]
Dispute Resolution. Lawyers will be asked to bring their skills and experience in helping companies manage and resolve disputes that emerge from the growing use and acceptance of human rights due diligence standards. In addition to support in traditional forums such as courts, administrative agencies, and arbitration panels, lawyers will be involved in the development and implementation of the operational-level grievance mechanisms contemplated under the Guiding Principles.
Reporting and Disclosure. Companies have long relied on lawyers for assistance in fulfilling their reporting and disclosure obligations to regulators. Those skills will be useful in complying with emerging regulations and voluntary standards that impose new expectations on companies to communicate with regulators and stakeholders regarding the actual or potential adverse human rights impacts of their operations and business relationships, as well as steps they are taking to promote human rights. (For example, California is requiring venture capital firms to report on diversity among the leadership teams of their portfolio companies.)
The IBA noted that a law firm’s ability to influence clients to avoid or mitigate the adverse human rights impacts of their operations, transactions, and business relationships turns on whether the firm can credibly demonstrate its competence and experience as a counselor on business and human rights issues. The IBA listed several steps that law firms can take, including developing internal firm capacity on business and human rights; identifying problems that other companies have faced when they ignored human rights issues in similar situations; offering to provide human rights capacity building to clients; providing advice on business and human rights to clients on a pro bono basis; issuing client briefings and alerts; participating in multi-stakeholder dialogues or forums to discuss emerging issues and develop standards for specific issues or industry contexts; and supporting the efforts of bar associations to provide training and guidance.[10]
Law firms can also establish credibility in the business and human rights arena by taking actions that proactively promote the human rights of various internal and external stakeholders. For example, law firms can take steps to combat discrimination and harassment in their workforce and expand opportunities for historically disadvantaged groups through their recruitment, hiring, training, promotion, and leadership development strategies. Law firms can support the physical and mental health of members of their workforce by expanding caregiving assistance and the availability of paid leave to take care of children and other family members. In addition, law firms can support and promote realization of basic human rights by members of the communities in which they operate through investments in initiatives such as community development, education, and improvement of access to food and healthcare, and through providing employees with opportunities to volunteer with community groups while being paid by the firm. Of course, law firms have long contributed to human rights through pro bono programs that allow people and groups to contest their claims and grievances in the legal system, and in recent years, pro bono work has expanded to assist entrepreneurs from historically underrepresented groups (particularly women and racial and ethnic minorities) in starting their own businesses. Finally, more law firms have introduced sustainability into their day-to-day operational practices, and some firms have sought and achieved “certified B corporation” status to demonstrate adherence to stringent standards of performance and accountability with respect to their sustainable business practices.
The legal profession is much maligned in the business community and in society in general, and many lawyers complain of deep dissatisfaction with their choice of career and the day-to-day tasks associated with their roles in the legal system. Proactively participating in environmental and social responsibility initiatives, either as individual lawyers, as law firm team members, or by assisting clients, is a real opportunity for lawyers to change their lives and the communities in which they practice in a positive manner. Many lawyers entered law school with the goal of acquiring the tools necessary to help those who needed support from others and, in some small way, to “change the world.” For those who may have lost their way, for whatever reason, or are looking for ways to do more, embracing counseling of businesses on their duties to respect human rights is a welcome and promising platform.
***
For further discussion of the role of lawyers and the legal profession in business and human rights, see the author’s chapter on the subject, which is an updated version of work that originally appeared in the author’s book Business and Human Rights: Advising Clients on Respecting and Fulfilling Human Rights (ABA Publishing). The chapter includes practical guidance for lawyers and law firms on business and human rights, a comprehensive list of resources that they can consult, and detailed discussions on law firm human rights policies and statements, client intake procedures, human rights risk management plans, withdrawing from engagements due to concerns about adverse human rights impacts of client activities, evaluation and reporting, governance and management of responsible business activities, building internal capacity and credibility on business and human rights, and the roles of in-house lawyers and the general counsel.
See the Guiding Principles, which are sometimes called the “Ruggie Principles” in reference to John Ruggie, the UN Special Representative for Business and Human Rights who first introduced the principles in 2007 and led the efforts that eventually led to the endorsement of the Guiding Principles. ↑
John F. Sherman III has pointed out that the ABA’s Human Rights Committee has noted the Guiding Principles “pour content into the independent and candid advice that lawyers must provide to corporate clients under ABA Model Rule 2.1” and that the acknowledgement in the Commentary to Model Rule 2.1 that “moral and ethical factors impinge on most legal questions” is consistent with professional codes of responsibility in other countries that acknowledge that lawyers “must balance their dual roles as guardians and advocates for the interests of their clients, and as gatekeepers for the interests of courts and society.” John F. Sherman III, “Professional Responsibility of Lawyers under the Guiding Principles,” Shift, April 2012. See also John F. Sherman III, “The UN Guiding Principles: Practical Implications for Business Lawyers,” In-House Defense Quarterly (Winter 2013), 50. ↑
Business lawyers are also working with clients to form, organize, and operate enterprises based on new corporate governance frameworks created specifically to integrate the responsibilities of businesses for their environmental and social impacts (e.g., benefit corporations). ↑
Major sneaker brands have capitalized on new trends in technology and social media to publicize sneaker culture. As sneakers become more popular, sneaker collections increase in value, thus increasing financial exposure for collectors and other entities in the sneaker industry. One might first think of theft, authentication, fire, floods, or market valuation as the general risks associated with sneaker collections. But many sneaker companies have made headlines over the past few years with lawsuits against other sneaker companies and entities, with issues ranging from traditional patent battles to exhaustive fights against counterfeiters. Often overlooked by collectors and sneaker companies alike, insurance can be vital to helping both collectors and companies faced with unexpected liability related to sneaker culture.
Given how much money is at stake in the industry—nearly $72.2 billion currently and expected to reach $100 billion by 2026—it should come as no surprise that sneaker companies are using intellectual property (“IP”) law to protect their assets. For example, in early 2022, a large shoe manufacturer sued an online sneaker resale marketplace, asserting claims for trademark infringement of the shoe manufacturer’s non-fungible tokens (“NFTs”), counterfeiting, and false advertising after a sneaker collector and reseller bought thirty-eight pairs of counterfeit sneakers from the resale marketplace. The litigation has likely been costly and damaging for the online reseller because of the extensive discovery process, including a discovery dispute resulting in a court order requiring the online reseller to produce information about the identity of known users who sold counterfeit sneakers through the company’s resale platform. The same large shoe manufacturer also sued a major athletic apparel retailer in January 2023 for alleged infringement of footwear patents.
Sneaker companies and other entities on the receiving end of IP lawsuits—including, for example, third party retailers and online resellers—should be able to leverage their IP or commercial general liability (“CGL”) policies for insurance coverage for defense costs in IP lawsuits related to sneakers and their director’s and officer’s (“D&O”) policies for any downstream lawsuits against executives of sneaker companies.
IP Insurance
IP insurance covers the initiation or defense of claims for IP infringement. This means a sneaker company can leverage IP insurance to enforce its intellectual property rights against suspected infringement and to defend against allegations of infringement. Like many types of coverage, IP policies often cover litigation costs and expenses as well as potential judgments and settlements.
CGL Insurance
While IP insurance, which protects a business from allegations of infringement of another business’s intellectual property, may be the obvious source and first line of defense for coverage for IP claims related to sneakers, coverage may also be available under a CGL policy. Most CGL policies do not explicitly include patent infringement coverage. In fact, most CGL policies include an IP exclusion that expressly excludes patent infringement coverage, but insureds may still be able to secure coverage. Most IP lawsuits are conjoined with other allegations, such as unfair competition, which some courts have found to be fundamentally the same as an asserted trademark infringement claim,[1] thereby potentially implicating coverage under the CGL policy that the insurer acknowledges and defends. A complaint that alleges infringement of a competitor’s patent may also allege defamation and disparagement of its product. Because claims for defamation and disparagement are typically covered under CGL policies, there may be defense coverage related to those covered claims. Thus, it is crucial to closely review factual allegations in the complaint that might bring the lawsuit within the scope of CGL insurance coverage.
A claim for patent infringement may also be covered under “advertising injury” that falls outside the scope of the policy’s IP exclusion. Some courts have held,[2] under certain versions of the standard CGL form, that a trademark constitutes an “advertising idea,” meeting the definition of “advertising injury” as that term is typically defined in standard CGL policies. In other words, the misuse of another’s trademark may constitute appropriation of an advertising idea, which falls within the coverage typically provided under a CGL policy form. Willful acts of infringement are generally not covered, though; the infringement must be inadvertent.
There are some CGL policies that provide direct coverage for IP claims and do not include explicit exclusions. For example, the insured may be able to negotiate a CGL policy without an IP exclusion by agreeing to absorb routine defense costs and fees through a self-insured retention, a specific amount that the insured must pay before the insurance policy responds to a loss. A policy that includes a self-insured retention shifts some of the risk from the insurer to the insured, which in some cases allows the insured to negotiate terms that provide direct coverage for IP claims. Sneaker companies, particularly those with significant capital, may want to consider negotiating a self-insured retention in order to procure direct coverage for IP claims under a CGL policy.
D&O Insurance
D&O insurance may also cover claims in sneaker-related lawsuits against individual business leaders, such as directors, officers, or certain company executives, arising from certain actual or alleged acts, such as failing to adhere to state or federal laws, unethical practices, or fiduciary duty mismanagement. Companies within the sneaker industry, for example, may be subject to Securities and Exchange Commission investigations that implicate the sneaker company, as well as its individual officers and directors. A D&O policy typically covers the defense costs and expenses the company incurs during such investigations.
D&O insurance may also protect sneaker companies against lawsuits for theft of intellectual property. This is because IP-related claims often constitute a wrongful act, as that term is defined in the D&O policy, if the directors and officers are named as defendants in the IP lawsuit. If faced with allegations of IP infringement, sneaker companies should consider coverage under D&O policies that may complement any coverage afforded under CGL policies.
Insurance for Collectors
Insurance for sneaker-related claims, however, is not limited to sneaker companies. As sneakers become increasingly valuable, even individual collectors can consider insurance coverage options. Traditional homeowner’s insurance typically covers personal property, including sneakers. But a traditional homeowner policy does not cover authentication issues, such as the counterfeit issue in the lawsuit mentioned earlier, or other risks unique to sneaker collecting and investments. To that end, sneaker insurance for individual sneaker collectors exists, which insures against a broader range of risks than traditional homeowner policies.
While homeowner’s insurance policies often exclude coverage for property damage resulting from or arising out of flooding, sneaker insurance typically provides some coverage for flood damage. Larger collections, in particular, are more vulnerable to potential disasters, making purchasing comprehensive insurance a necessary step in protecting a collector’s investment. Policies tailored for sneaker collections also provide coverage for sneakers lost or stolen during shipping, delivery, and travel—losses that are usually not covered under traditional homeowner policies. Sneaker insurance facilitates collectors’ profiting from their investment through resale while decreasing exposure to the risks of shipping and delivery of valuable sneakers. Another advantage to sneaker insurance is that the sneakers are valued and authenticated during the underwriting process and insured at replacement cost, rather than actual cash value, allowing the collector, in most cases, to avoid incurring a loss because of depreciation or a decline in market value for the sneaker.
Sneaker collectors, however, should understand that sneaker insurance is an emerging market, and options are somewhat limited. This means high premiums for coverage, particularly because insurers in the sneaker industry are likely attuned to the nuances of the sneaker market and may tie premiums to market fluctuations.
Conclusion
Insurance is a great way to mitigate and hedge against the risk of unforeseen losses in the sneaker industry. CGL policies, D&O coverage, and sneaker insurance provide sneaker companies and collectors with various routes to securing coverage when faced with losses, including costly litigation. But the sneaker industry, especially sneaker companies with greater vulnerability to lawsuits, should recognize that insurance policies are often narrowly tailored to exclude the very claims that pose large risks to sneaker companies and collectors alike. Sneaker companies and collectors should consult experienced insurance coverage counsel to carefully consider all insurance options to protect their assets and investments.
See, e.g., Land’s End at Sunset Beach Cmty. Ass’n, Inc. v. Aspen Specialty Ins. Co., 745 F. App’x 314, 319–20 (11th Cir. 2018) (finding that the fact allegations in the underlying action for the counterclaims of false designation and unfair competition “require elements of proof beyond [intellectual property] use and [the fact] that those types of claims may exist absent [intellectual property] infringement does not alter the analysis . . . [and] depend on [the insured’s] use of [the intellectual property’”); see alsoMarvin J. Perry, Inc. v. Hartford Cas. Ins. Co., 412 F. App’x 607, 614 (4th Cir. 2011) (finding that a plaintiff’s claim for unfair competition was based on another’s use of the plaintiff’s trade name, trademark, logo, and website in violation of the plaintiff’s ownership of the trademark). ↑
See, e.g., Lebas Fashion Imports of USA, Inc. v. ITT Hartford Ins. Group, 50 Cal. App. 4th 548, 557, 565–66 (2d Dist. 1996) (construing the phrases “advertising idea” and “style of doing business” in a CGL policy broadly to provide coverage for trademark infringement, as “a trademark is but a species of advertising”). ↑
In 2020, approximately forty-six law firm data breaches were reported, according to a recent Law360 Pulse survey. In 2022, that figure more than doubled and exceeded one hundred.
Many midsized firms mistakenly assume that cybersecurity breaches won’t happen to them—that breaches only happen to large firms or that their firm is adequately defended by their current technology systems. Not only is this thinking naive, it is risky.
In 2022, 70 percent of reported breaches occurred at firms with fifty lawyers or less. Research shows that cyberattacks are increasing in size and becoming more sophisticated, occurring through a variety of tactics including social engineering and phishing, which can lead to stolen credentials such as usernames and passwords.
Here are three proactive steps your firm can take to help mitigate both the risk and the potential negative impacts of a data breach.
1. Investigate Your Managed Service Provider (MSP)
Many law firms rely on a third party to provide technology and related services to support firm operations and infrastructure (phone systems, email, video conferencing, document management systems, etc.). However, in addition to supporting law firm technology operations, MSPs are also a primary resource for defending against and mitigating cyber risks. Thus, it makes sense to ensure your MSP is secure.
One way to assess your MSP’s security is to request to see its latest SOC 2 audit. SOC 2 (System and Organization Controls 2) is an audit report that indicates the trustworthiness of the services provided by an MSP and is used to assess the risks associated with third-party service providers that store consumer data online. MSPs are not required to have SOC certifications, but SOC certification has become an industry benchmark for recognizing high security standards; it indicates an added measure of proof that an MSP is secure. An increasing number of businesses, especially those operating in regulated industries such as banking, financial, health care, energy, and retail, only work with law firms that use an MSP that is SOC 2 certified or law firms that have their own SOC 2 certification.
While investigating your MSP’s SOC status, here are additional questions to ask your provider:
What’s being done to protect my organization from breaches, hacks, and attacks?
What cybersecurity-related services am I paying for?
How are these services protecting me? What reporting is available?
What security awareness training services can you offer my firm?
2. Don’t Lose Sight of Your #1 Risk: Access Points into Your Data through Your Employees
Each individual working at your firm represents a potential entry point for hackers to gain access to your data and client data. It’s also possible to encounter employees who decide to steal or compromise data.
It’s important to note, though, that employees can also be your best protection against cybersecurity breaches. With proper security awareness training and other strategies, law firms can decrease the chances of being breached and defend themselves.
For example, firms can start, increase, and mandate cybersecurity awareness training for employees. Many firms conduct such training on an annual basis, yet given the increased complexity and sophistication of cyberattack methods, this may no longer be frequent enough. Formal cybersecurity awareness training, which includes cybersecurity test-and-learn exercises such as penetration testing and phishing attack simulations, should happen often and at random, to simulate how unexpected a hack attempt can be and reinforce readiness at all times.
Another option to strengthen a firm’s cybersecurity training is the gamification of the training to drive the desired employee behavior. Law firms can create healthy competitions among employees, whereby an award or prize goes to the most vigilant employees for efforts such as detecting and properly reporting the most (simulated) phishing attempts within a given time frame.
Firms that prioritize training create a culture of cybersecurity compliance and a stronger shield from cyberattacks than those firms that are not adopting training, creating awareness, and simulating attack situations. Firms that proactively build, implement, and test (or literally practice) their defense measures will be much better prepared than those that choose to wait and react.
High adoption of security-compliant practices happens when firms make a concerted effort to track and reward participation in cybersecurity training and make it part of the employee evaluation process, building in incentives. This helps the firm identify areas for cybersecurity improvement and employees who pose a cybersecurity risk.
3. Maintain a Robust and Up-to-Date Breach Response Plan
Given the plethora of security and privacy regulations, it is critical that any cyber incident is met with a timely and appropriate response. While no organization wants to experience a breach, for law firms, such incidents invoke a particularly unique ethical obligation. Lawyers have an obligation to protect their client’s information and to disclose any breach.
Rule 1.6 of the ABA Model Rules of Professional Conduct states that lawyers must not disclose information related to the representation of a client. This includes information that is communicated in confidence by the client and any other information related to the representation. The rule also states that lawyers must make reasonable efforts to prevent the unauthorized disclosure of client information.
Notably, the European Union’s General Data Protection Regulation (GDPR) applies to law firms that offer services to clients in the EU, among other circumstances, and if a firm falls under the GDPR’s definition of a controller, it is required to report personal data breaches to the relevant supervisory authority “without undue delay and, where feasible, not later than seventy-two hours after having become aware” of the breach. The notification must include information about the nature and scope of the breach, including the number of data subjects and records involved.
Firms need to follow all legal requirements and should also have their own detailed, formal breach or incident response plan in place. A robust breach response plan should include:
Incident response team roster with clearly defined roles and responsibilities
Procedures for monitoring and detecting threats
A clearly defined process for reporting incidents internally
Training for all firm personnel on how to detect and respond to cyber threats
Procedures for handling the discovery, investigation, and containment of threats
Procedures for correcting any security problems
Reporting requirements to respective regulatory authorities
Notifications to affected persons, particularly clients
Review and update your response plan after every incident and note what worked, what didn’t, takeaways, and necessary updates to the plan.
If your firm already has a breach response plan in place, regularly review it. When was the last time it was updated? Perhaps it’s up to date but needs to be tested. Consider implementing simulated breach scenarios to pressure-test your plan, tracking personnel, processes, response times, and other important elements against relevant benchmarks and standards.
The best practices noted in this article are excerpted from Meritas Cybersecurity Standards.
We are pleased to share the new form of the Emerging Business Credit Agreement (EBCA), which is the product of a collaborative project of the Commercial Finance Committee of the American Bar Association (ABA) Business Law Section and the Primary Market Committee of the Loan Syndications and Trading Association (LSTA).
The new EBCA includes three supplements that have been prepared with the agreement: the Security Supplement, the Financial Covenants Supplement, and the Agency Supplement. We worked under the expert guidance of our external counsel, Thomas Mellor and Sean Zoltek of Morgan, Lewis & Bockius LLP, who drafted the EBCA form. They have led us in the production of an excellent form with numerous guideposts and in-depth drafting notes, some of which are highlighted below.
The EBCA is intended to be used for a borrower that is an “emerging business.” For the purposes of this form, the term “emerging business” refers to a borrower that is no longer a new venture but is not yet an established middle market company. The current form is designed to bridge the gap between the “off the shelf” form for new venture companies and the more highly negotiated and tailored agreements of the larger, more established middle market companies. Borrowers using these forms will likely be generating regular and consistent revenue but will often not have consistently positive EBITDA. They will likely desire more flexibility when it comes to running their businesses and making decisions about, for example, investments and distributions. Our goal with this form is to take into account, on the one hand, the interests of the borrowers and their growing businesses, and on the other hand, those of the lenders who are willing to put their money at risk, to create a more balanced form that the parties can use as they start their negotiations.
We anticipate that our form could be useful for loans between $25 million to $100 million; however, parties should note that the size of the loan should not be the sole factor when deciding the form with which to start. When determining where to begin, parties will always need to assess the borrower, the stage of its life cycle, and the parties’ willingness to spend time and money negotiating a credit agreement.
Our form also assumes the borrower is formed in the US with US-based operations and limited, if any, foreign operations or assets located outside the US. If significant activity takes place or material assets are located outside the US, then parties will need to adapt the form and include foreign borrower and/or foreign assets language, as well as considering, among other issues, the local law requirements (especially if there are foreign guarantors) and the taxes clause.
The form of the agreement is governed by New York law. However, because of comments submitted by the ABA’s Commercial Finance Committee shortly before the penultimate turn of the document, we have included provisions specific to credit agreements that are governed by the laws of California, Illinois. or Texas. For example, drafting notes in Annex I highlight language that should be included if the agreement is governed by the laws of California or if the entity has assets (in particular real estate assets) located there. For that state, language has been provided whereby each loan party waives all rights and defenses that they may have if their obligations are secured by real property there.
We have also drafted a security supplement, a financial covenants supplement, and an agency supplement for the EBCA. The terms of a security agreement have been incorporated into the credit agreement itself; this reflects common practice in the venture debt space where the loan is to be secured. This form assumes that subsidiaries of the borrower will become guarantors of the facility irrespective of whether or not the facility is secured. This approach should streamline the process and save the parties both time and expense of negotiating another document. Additionally, because the borrower’s own collateral and structure is typically more straightforward than companies further along in their life cycle, the incorporation of security terms in the credit agreement itself can more easily be achieved. The separate Security Supplement serves this purpose, but, of course, if the parties prefer to use a separate security agreement, the form can easily be adapted for that as well. Parties should note that the security supplement is not exhaustive of all applicable security interest provisions that parties may need for their deal; only the typical ones have been flagged for the draftsperson’s consideration.
Loans extended to emerging businesses often will not include financial or performance covenants. As noted in the covering memo of the Financial Covenants Supplement, because the borrower’s future growth trajectory is uncertain, it may be practically difficult to come up with meaningful metrics at closing that can accurately predict the company’s growth prospects and its ability to comply with financial or maintenance covenants while the loan is outstanding. As such, the parties may agree to include more deal-specific reporting mechanisms for such performance metrics rather than more traditional leverage and fixed charge maintenance covenants. If financial and performance covenants are included, they are expected to be heavily negotiated and well-tailored to the borrower, its business, and the relevant industry.
Because EBCA loans typically have only one lender, we drafted this form as a bilateral credit agreement, thus enabling us to streamline the form further by not including the typical LSTA agency provisions. However, if the deal is being made on a club basis, agency provisions can be included, particularly if the deal is secured or includes more than a small number of non-affiliated lenders. A sample Agency Supplement has been included for cases where the deal requires an agent.
In this market, lenders will often want the borrower to use its or an affiliates’ banking services. This form requires as a closing condition that the borrower shall have arranged for its bank services to be with the lender. Lenders should consider tailoring these services, but they must also bear in mind any applicable anti-tying regulations.
As with all forms of agreements, we have attempted to flag issues and provide a starting point for parties to consider and adapt to the borrower’s business. This is particularly true for the representations and covenants. The parties must of course consider the nature of the representations and covenants that are suitable for the borrower and its business as they determine which ones to include.
Finally, before we were due to publish the EBCA, the Office of the Comptroller of the Currency (OCC) issued detailed guidance on November 1, 2023 (the “Guidance”), to address risk management standards and safe and sound lending practices for venture lending. We reviewed that guidance and added a new note 12 to the cover memo of the form to highlight it to members. Venture lending is defined by the Guidance to include certain characteristics and provides exclusions for certain types of loan products (for example, asset-based lending that meets certain criteria is excluded from the definition of “venture lending”). The OCC seems to be responding to concerns following the recent failures of certain banks active in venture lending, and the Guidance signals that the OCC is more closely considering banks’ standards for evaluating venture lending. The impact of the Guidance on current venture lending structuring and documentation practices remains to be seen. For transactions that fall within the definition of venture lending (as defined by the Guidance), a careful review of the Guidance is advisable.
We would like to thank Thomas Mellor and Sean Zoltek of Morgan, Lewis & Bockius LLP for their excellent drafting and advice on this project. Their extensive knowledge of this market is reflected in the final form.
Handling the sale of a company in financial distress presents a multitude of challenges: preserving the value of the assets; maintaining some level of operations; treating creditors, stakeholders, and employees fairly and legally; and contracting for and effectuating the sale of the business in an orderly fashion. These issues are common to the sale of assets of any distressed company, regardless of where it may be located. However, there are additional complications when the entity or its assets are located outside the United States.
The American Bar Association (ABA) Business Law Section publication Using Legal Project Management in Merger and Acquisition and Joint Venture Transactions included a checklist showcasing important items to consider in connection with the sale of assets of a distressed company pursuant to Section 363 of the U.S. Bankruptcy Code. The Mergers and Acquisitions Committee of the ABA Business Law Section (“M&A Committee”) has undertaken a project to provide country-specific commentary to the original checklist for items to consider in the sale of assets by an international distressed company (collectively, the “Reports”). The authors of these Reports are senior lawyers practicing throughout the world who specialize in mergers and acquisitions and insolvency.
The initial tranche of the Reports provides commentary from multiple regions, including Europe (Germany, Italy, Luxembourg, Netherlands, Spain, and the United Kingdom), North America (Canada, Mexico, and the United States), South America (Brazil), and Asia (India, Japan, and Singapore). It is anticipated that additional Reports spanning other regions will be published in the future. The publication of these Reports is an important addition to the legal literature on mergers and acquisitions. In this global economy, it is important that practitioners have a resource that compares, in outline form, the laws of many countries with respect to asset acquisitions.
Each of these Reports seeks to provide such a resource to readers who come across international acquisitions in §363-type scenarios. Section 363 asset acquisitions are a mix of fields between insolvency and M&A. They also present challenges in other areas of the law, which lawyers involved should be prepared to deal with. The jurisdiction where the company is located and its applicable laws and legal system can have a profound impact on how the sale of the distressed company and its assets is structured and managed. In this regard, each of these Reports is an exercise in comparative law, which requires intellectual rigor and an open mind to be able to conciliate U.S. legal concepts with those of other nations.
The Reports provide a preliminary overview of issues arising under each country’s law and should not serve as a substitute for detailed legal research and advice based upon the facts and circumstances of particular transactions. The material is based upon the laws of each country as of November 2023. It is noteworthy that each author is admitted to the practice of law in his/her respective jurisdiction.
This work product was conceived and coordinated by Agustín Berdeja-Prieto initially under the auspices of the M&A Legal Project Management Task Force and its co-chairs at the time, Dennis J. White and Byron S. Kalogerou. Our gratitude to them for their receptiveness and support. Subsequent efforts were completed with the effective and proactive assistance of current M&A Committee chair Michael G. O’Bryan, M&A Committee Legal Project Management Initiative chair Sachin V. Java, and members of the International M&A Subcommittee. Finally, we acknowledge the very able and timely editing assistance provided by Professor Don De Amicis and Schylar Jacobs of Georgetown Law’s Center on Transnational Business and the Law. We sincerely thank them all.
The United States Supreme Court has granted a petition for certiorari in Coinbase v. Suski to review the question of whether the court or the arbitrator should determine whether an arbitration agreement containing a delegation clause can be narrowed by a subsequent agreement that does not contain clauses addressing arbitration or delegation. There is currently a circuit split as to the enforceability of delegation clauses, which are clauses that dictate the arbitrator is authorized to determine threshold issues regarding the arbitration agreement. Currently the First and Fifth Circuits recognize the enforceability of delegation clauses and would allow an arbitrator to decide whether a subsequent agreement narrows the arbitration agreement in a prior agreement, while the Third and Ninth Circuits refuse to enforce delegation clauses where a second agreement narrows an earlier arbitration agreement.
In this case, users of Coinbase, a cryptocurrency exchange, filed a class action in California claiming that Coinbase had misled them regarding the entry requirements for a sweepstakes in violation of state law. Suski v. Coinbase, Inc., 55 F.4th 1227, 1228 (9th Cir. 2022), cert. granted, Coinbase, Inc. v. Suski, No. 23-3, 2023 WL 7266998 (U.S. Nov. 3, 2023). The suit was filed under California’s False Advertising Law, Unfair Competition Law, and Consumer Legal Remedies Act against Coinbase and Marden-Kane Inc., a company hired by Coinbase to design, market, and execute a sweepstakes that the plaintiffs claimed used deceptive practices. Id. at 1229. When creating their accounts with Coinbase, the plaintiffs had signed Coinbase’s User Agreement, which contains an arbitration provision that specifically provided the arbitrator would decide issues relating to the “scope” of the arbitration provision—i.e., the types of claims it covered, not whether it was superseded by a later agreement between the parties. Id. at 1229. Thereafter, the plaintiffs had opted into a second contract, the Coinbase Sweepstakes’ Official Rules, which included a forum selection clause providing that California courts have exclusive jurisdiction over any controversies regarding the sweepstakes. Id. at 1228–29.
Coinbase moved to compel arbitration in reliance upon the arbitration clauses set forth in the underlying user agreements, and the class plaintiffs opposed arbitration, pointing to provisions contained in the sweepstakes’ rules that were issued subsequent thereto containing contrary forum selection clauses. Id. at 1229. The district court denied the motion to compel arbitration, and the U.S. Court of Appeals for the Ninth Circuit affirmed the district court’s holding. Id. In affirming the district court, the Ninth Circuit made distinctions between the arbitration delegation clause in Coinbase’s User Agreement and the forum selection clause contained in the Sweepstakes’ Official Rules. Id. at 1229–31.
Regarding the delegation clause, which stated that an arbitrator shall decide “disputes arising out of or related to the interpretation or application of the Arbitration Agreement,” Coinbase argued that the issue of any superseding effect of the Sweepstakes’ Official Rules concerned the scope of the arbitration clause and therefore fell within the User Agreement’s delegation clause. Id. at 1229. In denying the motion to compel arbitration, both the district court and the Ninth Circuit determined that the question concerning the “scope of the arbitration agreement” referred to how widely it could be applied, and as such this was an issue for the court to decide. Id. The Ninth Circuit found that “[w]hether the court or the arbitrator decides arbitrability is an issue for judicial determination unless the parties clearly and unmistakably provide otherwise.” Id. (quoting Oracle Am. Inc. v.Myriad Grp. A.G.,724 F.3d1069, 1072 (9th Cir. 2013)). In the Ninth Circuit’s view, the issue of whether the forum selection clause in the Sweepstakes’ Official Rules superseded the arbitration clause in the User Agreement was not delegated to the arbitrator, but rather was for the court to decide. Id.
The Court next looked to whether the forum selection clause in the Sweepstakes’ Official Rules superseded the arbitration clause in the User Agreement. Id. at 1230. The forum selection clause in the Sweepstakes’ Official Rules had provided that the California courts had exclusive jurisdiction over any controversies regarding the sweepstakes. Id. Coinbase argued that the User Agreement contained an integration clause and procedures for amendment of the User Agreement, and therefore the User Agreement could not have been superseded by the Official Rules, which Plaintiff argued exempted the claims from arbitration. Id. at 1231. Coinbase further argued that the Official Rules were focused on a different subject matter from the User Agreement and as such could not be utilized as evidence of the parties’ intent to amend, revise, revoke, or supersede any prior agreement, including the arbitration provision in the User Agreement. Id.
The Ninth Circuit did not agree with Coinbase. Id. Rather, the Court found that under California law, “[t]he general rule is that when parties enter into a second contract dealing with the same subject matter as their first contract without stating whether the second contract operates to discharge or substitute for the first contract, the two contracts must be interpreted together and the latter contract prevails to the extent they are inconsistent.” Id. at 1230 (quoting Capili v. Finish Line, Inc.,116 F. Supp. 3d 1000, 1004 n.1 (N.D. Cal 2015) (quoting 17A C.J.S. Contracts § 574), aff’d, 699 F. Appx. 620 (9th Cir.2017)). The Court acknowledged that Coinbase was correct in stating that the Official Rules contained no language specifically revoking the arbitration agreement contained within the User Agreement, but it found that by including the forum selection clause with the Official Rules, those Rules provided evidence of the parties’ intent not to be governed by the User Agreement’s arbitration clause when addressing controversies concerning the sweepstakes. Id. at 1230–31. As a result, the Ninth Circuit affirmed the district court’s holding that denied Coinbase’s request to compel arbitration. Id. at 1231.
In its petition for a writ of certiorari, Coinbase pointed to Supreme Court precedent requiring the enforcement of delegation clauses in arbitration agreements and argued that absent a meritorious challenge to these provisions, they must be enforced if the subsequent agreement does not alter that provision. Brief for Petitioner at 20–21, Suski v. Coinbase, Inc., 55 F.4th 1227, 1228 (9th Cir. 2022) (No. 22-105), 2022 WL 3107708. Coinbase has also argued that since the subsequent rules did not alter or challenge the prior agreement’s delegation provision, it is for the arbitrator to determine this issue. Id. at 9. On November 3, 2023, the Supreme Court granted the petition for writ of certiorari, and the case is scheduled for argument during the Court’s current term. Coinbase, Inc. v. Suski, No. 23-3, 2023 WL 7266998 (U.S. Nov. 3, 2023).
This will be the second time that a decision rendered concerning this dispute involving Coinbase has appeared on the Supreme Court’s docket; the Court previously determined that an appeal from a denial of a petition to compel arbitration automatically stays the proceedings below. Coinbase, Inc. v. Bielski, 599 U.S. 736, 747 (2023). Further, this is the second arbitration case that the Supreme Court has agreed to hear this term, along with Bissonnette v. LePage Bakeries Park St. LLC, 49 F.4th 655 (2d Cir. 2022), cert. granted, No. 23-51, 2023 WL 6319660 (U.S. Sept. 29, 2023). Once again, issues concerning arbitration appear to remain hot topics before the Supreme Court.
Connect with a global network of over 30,000 business law professionals
