Corporate Governance and Information Gaps: Importance of Internal Reporting for Board Oversight

Posted on January 15, 2018 by - Uncategorized

Introduction

The evolution of corporate governance and board of directors’ responsibilities continues. Recent years’ actions of shareowner activist groups and securities regulators—and reports of shareowner votes in corporate annual meetings thus far in 2017—provide many indications of ongoing growth in public expectations for the roles and performance of corporate boards of directors.

The existence and responsibilities of specialized committees on boards of directors have also continued to evolve. In addition to long-established types of board committees such as the audit, finance, compensation, risk management, and nominating and governance committees, we now see committees being formed to address such issues as science, technology and innovation, cybersecurity, health, safety and security, environment and sustainability, regulatory compliance and public policy, and other contemporary concerns. While these topics are all valid issues to consider in the oversight of today’s corporations, one wonders how many committees one board of directors can effectively administer and support. And how can numerous board committees successfully monitor corporate issues and developments and report on these matters in periodic board meetings?

In the face of growing expectations, further questions arise regarding whether boards today are receiving and utilizing adequate information and support to address their oversight responsibilities. It seems that nearly every week brings another news report about a breakdown in corporate ethics and controls as well as performance failures across a wide range of industries.

Recent events at Volkswagen and the public blowup at a well-known and seemingly successful “new economy” company, Uber, leading to the resignation of its co-founder and CEO, are two notable examples. The total fallout and remedies for these and other performance and governance failures are yet to be fully determined.

Upon reading about each new incident, one is prompted to ask, how could the directors in these companies not have been aware of serious problems? Did something go wrong in communications and information flows that let this happen?

Somehow, somewhere, it seems evident that there must have been some serious gaps in information supplied to the board, or possibly in board understanding and reactions to such information.

A deficiency in information supplied to boards calls into question whether boards today are in fact able to serve as an effective check and balance in the governance of public corporations.

Over the years, courts and eminent legal authorities have repeatedly emphasized the significant responsibilities of boards for oversight of the management of public companies. In the words of former Delaware Supreme Court Chief Justice E. Norman Veasey, stockholders should have the right to expect that “the board of directors will actually direct and monitor the management of the company, including strategic business and fundamental structural changes.”

Delaware Supreme Court Chancellor William B. Chandler also noted the significant oversight role of the board in his widely publicized opinion in the Disney Corporation Shareowner derivative suit concerning the hiring, compensation, and firing of Michael Ovitz. Chandler stated, “Delaware law is clear that the business and affairs of a corporation are managed by or under the direction of its board of directors. The business judgment rule serves to protect and promote the role of the board as the ultimate manager of the corporation.”

The “ultimate manager of the corporationthose are very strong words. Some might debate the terminology, preferring instead a phrase like “the ultimate overseer of the corporation.” But whether one uses “ultimate manager” or “ultimate overseer” as a designation, it is clear that a board of directors has significant responsibilities for the welfare of the corporation and its stakeholders.

Serving as an “ultimate manager” or “ultimate overseer” requires appropriate information flows to support that role. While there are different types of information flows, this article will focus on financial information supplied to boards of directors. We will also discuss two types of information gaps —quantity and quality—that can make it difficult for board members to carry out their oversight responsibilities.

Quantity of Information—How much is the right amount? Who decides?

In considering quantity, we must first ask these questions: how much information is needed for an oversight body to perform its functions, especially for a board or a board committee with a critical role in ensuring the welfare of the corporation and the interests of its shareholders? How much information is it realistic to expect a part-time body composed mostly of people from a range of industries, institutions, and professions, that typically meets four to six times a year, to absorb and act upon?

Who decides what data elements will be in the directors’ regular information package supplied for the board’s periodic meetings? And who decides when special circumstances warrant additional information, and what that information should be? How involved are board members in determining and specifying how much information they will receive for various purposes, when, and in what form?

Commonly, when a company is established, the founders and sponsors will work with the initial senior management to lay out a proposed structure for its board, including the board committees that will exist therein and the charters for those committees. The company’s management will develop and offer up what they believe to be an appropriate information package for periodic board meetings. Then as time progresses, board members and board committees will ask for whatever else they think they need to carry out effective oversight.

Issues that may subsequently arise include situations in which different directors may have different views on the amount of information they should receive, creating a need for agenda management, customized information support, or other measures. And changing circumstances, special events, and unexpected conditions may suddenly create a change in the quantity of information needed—as in the case of an unexpected (and possibly unwelcome) tender offer for the company’s stock, or when an unexpected corporate crisis occurs.

A sizeable amount of routine and ongoing financial information to be supplied to boards is mandated by regulators of public companies such as the Securities and Exchange Commission and the stock exchanges. Beyond these mandates, the issue of optimum quantity and optimum design of board information is to be determined by each organization. In answering the question, board committees today often utilize the services of outside counsel and other advisors to identify the information that they should be requesting to support their oversight obligations. They may also use external service providers to assist in performing assessments of internal board processes on a periodic basis.

Quality of Information Supplied to the Board—Issues in Measuring Financial Performance

A next question is “what kind of information is needed?” In regard to quality of information, one must consider the nature of the information being supplied, what matters are covered, and how understandable the information is. The timeliness of information is also important. On one hand, board members will want to receive information sufficiently in advance of a meeting to review and absorb it properly. On the other hand, sometimes last-minute developments can affect information previously provided, and there will be a need to ensure that directors receive up-to-date information.

Common components of board information include information about an organization’s market and business strategy, risk management, measures of financial and operational performance, control structures, management processes, and human resources issues. All of these components of information are important. In particular, providing the right kind of financial information is an essential part of overseeing a company’s performance and prospects.

The design and use of financial and operational measures can be complex. For a publicly held company, a first obvious requirement for financial information to be supplied to the board is the company’s external financial statements and disclosures reported to investors, for which board review is mandated by securities regulators. These financial statements and disclosures are prepared in accordance with generally accepted accounting principles (GAAP) and supplemented by additional information required by regulators. The information mandated by GAAP and regulators is both voluminous and complex.

GAAP financial statements are widely used, important, and necessary, but they are not sufficient to oversee and manage a specific business effectively.

GAAP financial statements are the end product of elaborate and lengthy national and international standards-setting processes that are designed to achieve consensus among professional accountants, investors, and other stakeholders on how best to portray the value and performance of reporting entities across companies and industries. The resulting body of knowledge utilizes a very broad spectrum of concepts, principles, and rules.

GAAP accounting standards represent the eminent thinking and careful deliberation of many experts. The standards are important for broad cross-company use, as they seek to provide a uniform benchmark for external comparisons by investors. Yet despite the rigor underlying their preparation, GAAP financial statements are inadequate for understanding and running a particular business at a particular point in time, because they are static and often complex and inflexible.

Economic theory tells us that the division of labor is specific to an organization at a point in time. Similarly, corporate governance structures and processes, and operational needs and priorities, are specific to a firm at a point in time. The oversight responsibilities of boards of directors constitute an important check and balance in an organization’s ongoing governance structure and operational control system, and such a control system must consider more than GAAP financial statements. Boards require information that is relevant to addressing their oversight responsibilities, and information that is clear and understandable.

Boards regularly receive information provided to them by management. If this information primarily takes the form of GAAP financial data, it is likely that they are not obtaining a full picture of the business. In order to oversee, understand, and run a business effectively, one needs to look at performance measures in addition to GAAP. This need has led to custom-tailored internal financial reporting measures used by management and directors of an enterprise. Such internal reporting can be a flexible system, portraying not only standard recurring measures used by management but also selected aspects of operations of particular importance at one time or another. Internal reporting can make certain adjustments to results to consider unit-controllable results and thereby provide additional context and insight into the performance of both business units and the total company. Internal unit reporting may focus on actual versus budgeted cash flows more than unit gross profit or accounting net income.

Non-GAAP Measures in External Reporting

Because adjusted “Non-GAAP” results can be illuminating and useful to management and directors, some measures may be reported externally to the public and investors, as well as inside the business. However, Non-GAAP measures used in external reporting have at times been challenged by regulators as misleading to investors, on the basis that such measures were portraying only “good news” and/or were obscuring less favorable performance. There is a substantial body of information from the U.S. Securities and Exchange Commission providing guidance on proper use of Non-GAAP measures in external reporting and also describing SEC enforcement actions for misuse. On the international front, the International Organization of Securities Commissions, a worldwide body of securities regulators in both developed and emerging markets, has also issued pronouncements about Non-GAAP reporting. Entry of “Non-GAAP” in the search boxes on these organization’s websites, www.sec.gov and www.iosco.org, will bring up a host of documents providing guidance about what is and is not considered acceptable for public reporting of such measures.

This article will not attempt to cover the subject on Non-GAAP further beyond making these two statements: (1) Non-GAAP measures have a useful and legitimate place in reporting about a business, both internally and externally, but care must be taken so they do not mislead investors and other users. (2) A company’s board of directors would be well-advised to understand how a company’s Non-GAAP measures are developed and used, and why they are viewed as meaningful in assessing corporate performance. In particular, it is advisable for a board to understand any corporate use of measures that have been challenged by regulators, such as “free cash flow” or “net income excluding the effect of one-time charges,” when used in external reporting to investors. The latter has at times been challenged because the label “one-time” is debatable if such charges have occurred repeatedly, as is sometimes the case with restructuring charges.

Using Internal Reporting Design and Cash Flow Monitoring to Understand and Manage Effectively

Ideally, an organization’s internal reporting should identify and illuminate the relevant elements of financial and operational performance that are important to the company’s success. A good design for internal reporting can also be used to encourage the behaviors and actions that contribute to company success. However, there is an important caveat to be observed when using internal reporting for performance incentive purposes: a design for internal reporting and incentives that fails to consider risks that exist and controls that need to be present can have disastrous consequences.

The design of a company’s internal reporting system to managers and directors is inherently unique to each company. Guidance can be gleaned from benchmarking and understanding the approaches used in peer companies and others and from business publications, but ultimately each company must find its own best design to assess and understand performance. And a best design often needs revision over time, in light of changing needs and circumstances.

Cash Flow Monitoring—A Key Measure of Performance

An important part of performance measurement that sometimes receives insufficient attention in internal reporting to a company’s board of directors is cash flow monitoring. Cash flows are the lifeblood of a business. Not for nothing do we often hear the phrase “cash is king.”

Understanding how to interpret cash flows and monitoring cash closely is essential for overseeing and managing a business. Whether a business is a large, multinational, mega-billion-dollar corporation, a mid-size public or private company or partnership, or a small owner and founder-run enterprise, failure to track and manage cash flows effectively can seriously disrupt or even bankrupt a company. Cash flows can be effectively measured in a timely manner, and a comparison of budgeted to actual receipts and disbursements can often give a much clearer financial picture than reported revenues and expenses and net income on a GAAP income statement. Discussions on the causes of cash flow variances can uncover problems and opportunities without need for approximations or adjustments. The cash flows either did or did not occur within the particular time period.

Operational and capital cash flows are concrete results not easily subject to manipulation. Thus, they can serve as a safeguard against efforts to manipulate income through revisions in accruals or reclassifications of operating expenses to capital expenditures. They also can avoid misunderstanding of results that include unbudgeted one-time charges or have been adjusted to exclude such charges. Accurate cash flow information can also help to highlight possible weaknesses in controls and negative developments not readily apparent in income statement measures, as in a case where a strong corporate emphasis on customer sales growth, combined with a relaxing of the company’s product financing and credit-granting controls, may be increasing risk to an unacceptable level, for example.

Company CFOs, treasurers and controllers should work together to devise appropriate internal processes and teams for budgeting and measuring cash flows and analyzing anomalies – and for explaining cash flow information to the board in an understandable manner. Relevant board committees such as the Finance Committee, Audit Committee, and Nominating and Governance Committee will have a significant interest in receiving such information in their check-and-balance and governance roles. Internal audit and the external auditor may also provide input to enhance controls and accuracy.

Cash flow information can be very complex; for example, the Statement of Cash Flows that is presented in GAAP is viewed by some as arcane and difficult to understand. However, through effective internal measurement and reporting, companies can develop effective methods for presenting cash flow data and interpreting it for the board. For a more detailed discussion on cash flow monitoring and reporting, including a model for presenting such data, the reader is referred to an earlier article on this subject by one of the authors—see “Cash Flow Monitoring as a Governance Tool” in THE CORPORATE BOARD, March/April 2010.

Corporate and Director Obligations for Public Reporting and Disclosure

Since the passage of the Sarbanes-Oxley Act and the later Dodd-Frank Act, many obligations have been created for public company reporting to investors, and also for board of directors’ review of such reporting. Extensive and explicit documentation of such requirements exists in regulatory pronouncements and business and professional publications. Less explicitly defined are the requirements pertaining to board review of financial information that could influence an investor’s decision to buy or sell stock in a company—what is termed “material information” by the SEC and other regulators– as that information arises. For example, what are the obligations of a director who becomes aware of material information in board meeting discussions that the company’s executives do not feel is yet ready to be disclosed to the public? Consultation with corporate counsel may be needed in such situations.

Appropriate and timely reporting to investors is the direct obligation of a public company’s management. However, board oversight of this important obligation also requires a degree of knowledge about what should be done and when. A detailed discussion of this subject is beyond the scope of this article; however, it is a matter for which directors can request explanations from a company’s CFO, auditors, and general counsel.

Conclusion

Today’s boards of directors live in a time of growing oversight responsibilities and expectations. The likelihood of meeting these expectations can be enhanced if board members have a clear understanding of a company and its financial performance, cash flows, and prospects. Gaps in financial information can undermine a board’s ability to perform its role as an important check and balance in the governance and operation of the company. A well-designed internal reporting system for measuring and reporting financial performance, coupled with vigilant and active board interest, supports board effectiveness in carrying out oversight responsibilities. Well-designed internal financial reporting processes and cash-flow monitoring are important components of an effective board information system.

Spotlight on In re Fair Finance Co., 834 F.3d 651 (6th Cir. 2016)

Posted on January 15, 2018 by - Uncategorized

When the parties to a contract agree to alter the contract’s terms, the common law sometimes needs to classify the change as either an amendment or a novation, and this classification depends heavily on the intent of the parties. In this case, a trustee in bankruptcy convinced an appellate panel to indulge in unwarranted speculation about the parties’ possible intent to novate, thereby forcing a lender through a trial on the merits on whether its security interest should be avoided.

Textron Financial Corp. was the lender to Fair Finance Company, which turned out to be the operator of a Ponzi scheme. The lending transaction involved two sequential sets of loan documents: the first was executed in 2002, and the second—describing itself as an amendment and restatement of the first—was executed in 2004. During the interim, Textron had become aware of at least some of Fair Finance’s misdeeds, and after 2004 Textron was paid off in full. Later, as part of an involuntary bankruptcy proceeding, the trustee argued that the security interest provided by the 2004 loan documents was an actual fraudulent transfer. (The statute of limitations for a constructive fraudulent transfer cause of action had already passed, held the court, in a departure from other recent rulings.) To prevent the collateral from being held excluded from the UFTA’s definition of an “asset” that is subject to “transfer,” the trustee argued that the 2004 documents were a novation of the 2002 documents, rather than a mere amendment thereof, meaning that the collateral was not already encumbered by the lien of the 2002 documents. Textron moved to dismiss the trustee’s claim, and the district court (acting on a withdrawal of the reference) granted Textron’s motion, holding that the 2004 documents were an amendment rather than a novation as a matter of law. The Sixth Circuit reversed, finding a triable issue of fact on the parties’ intent to novate.

The grounds upon which the Sixth Circuit found this a triable issue of fact were weak. First, the 2004 documents provided that they constituted “the entire agreement of [the parties] relative to subject matter hereof.” This clause is a routine measure to prevent the undermining of the agreements by parol evidence, and accordingly should not be considered evidence of a terminating of the 2002 documents. Next, the 2004 documents included their own promissory note and personal guarantees rather than relying on the ones from 2002. But this appears to have been an instance of careful although duplicative documentation, engaged in to avoid interpretive questions that otherwise might have arisen about the continued efficacy of the 2002 note and guarantees. And third, and relatedly, the court found it potentially probative of novation that the 2004 documents were entered into on the very date that the 2002 documents expired. Yet this fact more readily supports – if anything – an intent to amend rather than an intent to novate: after all, with the 2002 documents coming to an end under their own terms, the parties had no need to terminate them.

The Sixth Circuit also faulted Textron’s lawyers for, in effect, not using both a belt and suspenders. The district court, in its opinion below, had found some support in a Florida case, In re TOUSA, Inc., 2011 WL 1627129 (S.D. Fla. March 4, 2011), in which a second set of documents had explicitly recited the parties’ intent that the lien of a first set would remain in full force and effect. By contrast, noted the Sixth Circuit here, the 2004 documents in this case had no such clause. It is troubling that the court found fault with the documentation for omitting this single clause (which concededly would have been a helpful inclusion), while at the same time misunderstanding the clauses that the documentation did carefully include. More fundamentally, avoidance-of-doubt clauses like the one in TOUSA are called “belt and suspenders” for a good reason: the extra clause, like the extra clothing device, is there to make sure that even if one or the other somehow doesn’t do its job, the pants will still stay up.

The point of a novation is typically to substitute one party for another. (For example, an obligee may agree to a novation in which an original obligor is discharged and a delegate commits to perform instead.) In this two-party setting there is no apparent reason why Textron, which clearly benefited from good legal advice and would have appreciated the importance of a continuing security interest, would have actually intended to novate rather than amend. Moreover, as a matter of sound jurisprudence, the distinction between novation and amendment should probably be ignored altogether on facts like these, for even if it is possible to conceptualize an instant of time elapsing between the discharge of one security interest and the attachment of the second, a technicality such as that is not a reason for judicially triggering momentous substantive consequences. Of course, the Sixth Circuit might have wanted to keep an arguably tainted lender from propping up a Ponzi scheme and then walking away from all of the losses; but other viable causes of action in this case, including civil conspiracy and equitable subordination, would have been much more appropriate vehicles for imposing losses on Textron. Perhaps, on remand, the district court would stick with its initial finding that the parties intended to amend rather than novate; but even in that event, this Sixth Circuit precedent will cast an unnecessary shadow over future perfectly sound transactions.

Why Blockchain Is More Important to Lawyers Than They Probably Understand

Posted on January 15, 2018 by - Uncategorized

Introduction

Laws in the United States have evolved to be technologically neutral, so that laws won’t dictate what technology to use, but rather mandate the attainment of a legal “end state.” In other words, laws will make clear that chain of custody, authenticity, completeness, immutability, veracity, privacy, and security are vital to compliance, but they won’t dictate how to attain it. That way, companies and individuals are free to buy or build whatever technology makes business sense and aren’t trapped into using a technology as it becomes obsolete. For example, the Health Insurance Portability and Accountability Act (HIPAA) Security Rule’s major goal “is to protect the privacy of individuals’ health information while allowing covered entities to adopt innovative technologies to improve the quality and efficiency of patient care.”

While laws won’t tell organizations what to buy, there are technologies that are worth exploring by lawyers because it helps attain authenticity, integrity, completeness, transparency, etc. One such technology is blockchain. Before I tell you why it holds so much promise for lawyers and others as well, it’s worth revisiting what it is and what it isn’t.

What is Blockchain?

For starters, blockchain is a technically complex system based on math, algorithms, and encryption. “The blockchain uses public key cryptography to create an append-only, immutable, timestamped chain of content.” (IEEE. A Case Study for Blockchain in Healthcare: “MedRec” prototype for electronic health records and medical research data. August 2016.) In contrast, the explanation that follows is simple and will likely make you want to learn more and at a deeper level. If you have heard about blockchain, it may be in the context of Bitcoin, but they are not synonymous. While blockchain is the technology behind many cryptocurrencies, like Bitcoin, blockchain technology holds promise for many other applications including real estate deals, portable secure health records, and financial transactions.

According to Gartner, technology analyst firm, “Blockchain is a type of distributed ledger in which value exchange transactions (in bitcoin or other token) are sequentially grouped into blocks. Each block is chained to the previous block and immutably recorded across a peer-to-peer network, using cryptographic trust and assurance mechanisms.”   

How Does Blockchain Technology Work?

Unlike a traditional clearinghouse, a blockchain implementation does not depend on just one entity to maintain the ledger of transactions. Blockchain depends on many independent third parties—miners—who compete to both verify each transaction and be the first to solve a math problem in exchange for payment. It is each miner’s responsibility to maintain an independent, often public memorialization of the transaction on the ledger of the chain (“block”) of transactions. The verified chain of transactions is derived when a majority of the thousands of anonymous, independent ledgers match. The use of distributed, anonymous, self-interested arrays of verifiers helps make bitcoin very hard to subvert. It would require collusion between 51 percent of miners, who likely don’t know each other, to perpetrate a fraud.

Transactions are executed within the blockchain environment and thereafter are aggregated in blocks, which are retained forever and are constantly revalidated with new transactions memorialized in new blocks. Similarly, there is a third-party retention of salient evidence of transactions, and validation of transactions. The chain of blocks, all verified, connected with hashes, and time-stamped accordingly, show the exact time the transaction took place, as well as the time of each subsequent verification. All this adds integrity to the blockchain process.

Like any technology, however, blockchain is not without its technical limitations. First, the database for “public” blockchain transactions, in which all transactions are stored, is public and not “owned” by an individual to the transaction. Private blockchains do exist but have limited personal use. When using a public blockchain, only the individuals involved in a transaction have access to all the information, including certain private information about the transaction, but the transaction and select information related to it is available to the public. Another issue is the need to rely on a third-party computer and entities to document transactions. Normally, business between two parties is limited to the systems controlled and used by the parties to the transaction. These uninterested, anonymous third parties have no stake in altering or hacking information; in fact, it is in their best interest to validate only real transactions in order to receive the transaction fee. Errors in effectuating and validating transactions will happen, though given the algorithmic nature of the process, they should be very limited.

Future Use That Should Matter to Lawyers

Blockchain is a transformative technology that is possibly revolutionizing various industries and business processes. Beyond its potential for securely transacting business and transferring money, there are many other business activities that would benefit from its use.

For example, “[t]he Pentagon and U.S. NATO allies have been moving discreetly but aggressively in recent months to develop military-related apps exploiting the capabilities of blockchain. NATO is considering the technology to improve efficiencies across such traditional processes as logistics, procurement and finance . . . if ‘significant portions of the [Defense Department] back-office infrastructure can be decentralized,’ DARPA wrote, “‘smart documents and contracts’ can be instantly and securely sent and received, thereby reducing exposure to hackers and reducing needless delays in DoD back-office correspondence” (Washington Times, 2017). The reason lawyers care is that the various uses of blockchain make better business evidence, promote the discovery process, and provide a risk-mitigated way to execute various types of business.

Help with Ownership

Blockchain can be useful for transactions involving proof and chain of title, ownership of property, or identity of a person. Because the ledger is an ongoing, validated, and secure log of all things that have happened, perhaps going all the way back, ownership can be known with exactitude.

Help with Secure Life-long Medical Records

Blockchain records similarly hold promise for the medical industry as Personal Identifiable Information that could be properly encrypted and securely stored in the Cloud for long-term access by authorized medical professionals and the patient alike. According to Brian Forde, editor of MIT Media Lab Digital Currency Initiative, “By putting your health records into a blockchain-managed system, you and your doctor should not only be able to update and review your medical information in real time, but also know it has been held securely.

A novel design feature of MedRec is the way records are validated and added to the blockchain. The miners for MedRec are medical researchers who are rewarded with access to census-level data of the medical records.”

Perhaps most intriguing is that Blockchain records can be securely stored, accessed, and shared over the lifetime of the patient with multiple providers. That allows medical records to have portability, longevity, and security that promotes care and treatment over the life of the patient.

Help with Disaster Recovery Backup

Blockchain could also be useful as a means to back up important information from an organization’s servers in much the same way as using a Cloud provider today, with differences related to its public facing and distributed technology design. With encryption, the content could be scrambled and securely stored in a third-party location that could be made available in the unlikely event of a disaster that requires information to be restored. In today’s information security environment, such protections may be more and more essential.

Help with Litigation Discovery

The litigation process could be greatly enhanced if ESI were blockchain records in that they would be “self-authenticating”; stored publicly, which would add to their integrity; and would be complete as they are captured real-time in total and validated as part of the blockchain process. Further, if managed in the blockchain environment overtime, chain of custody would be known and easier to demonstrate if challenged.

Help with Transactions Between Devices in the Internet of Things

With the exponential growth of transactions between smart devices, called the Internet of Things (IoT), traditional intermediaries like banks won’t be able to handle the volume of transactions. Here, too, Blockchain can execute and track such transactions. Many companies are testing out the utility of blockchain and IoT, from security to storage management.

Conclusion

Whether it’s secure real estate transactions, chain of custody, smart contract, multi-party agreements, or UCC filings, blockchain may be a gamechanger. According to the Harvard Business Review, “It can validate—and secure—almost anything. From voter authentication to government processes, health information, and proof of intellectual property, Blockchain can serve as a secure process to validate almost anything of value, and to keep it safe.”

While Bitcoin and other cryptocurrencies may wither away, blockchain is here to stay. U.S. law will likely never dictate that Blockchain be used, but, depending on the business being transacted, there are lots of reasons to see if it can make electronic business happen “faster, better and cheaper,” while being legally compliant.

Public Policy Prohibits Contractual Restrictions on an LLC’s Right to File Bankruptcy

Posted on January 15, 2018 by - Uncategorized

Generally, public policy prohibits attempts to contract away the right to file bankruptcy, and a string of recent decisions confirms this principle in the context of limited liability company (LLC) operating agreements. In September, the U.S. Bankruptcy Court for the Eastern District of Kentucky held that provisions of an LLC operating agreement that were added incidental to the closing of a commercial loan served no purpose other than to frustrate the LLC’s ability to commence a bankruptcy case, and were thus unenforceable. In re Lexington Hosp. Grp., LLC, 2017 WL 4118117 (Bankr. E.D. Ky. Sept. 15, 2017). In short, the applicable provisions gave the lender the ability to block a filing. Notwithstanding state law policy of freedom of contract in LLC agreements, the bankruptcy court observed that enforceability of bankruptcy restrictions is a matter of federal law. The court’s holding follows two other recent decisions similarly voiding restrictions on bankruptcy rights. See In re Intervention Energy Holdings, LLC, 553 B.R. 258 (Bankr. D. Del. 2016); In re Lake Michigan Beach Pottawattamie Resort, LLC, 547 B.R. 899 (Bankr. N.D. Ill. 2016).

In Lexington Hospitality, the LLC’s original operating agreement contained no limitations on its manager’s and/or members’ ability to file bankruptcy on the LLC’s behalf. The LLC later executed an amended operating agreement (the Agreement) in connection with its acquisition of a hotel which granted the lender a 30 percent equity stake until the loan was fully repaid. The Agreement also provided for the appointment of an “Independent Manager” and vested the sole discretion to file bankruptcy on behalf of the LLC in that person: (i) “The Company may declare bankruptcy only so long as the Independent Manager authorizes such action” and (ii) “In order for the Company to declare Bankruptcy or dissolve and liquidate its assets, the Independent Manager must provide authorization, and then only upon a 75% vote of the Members.” 2017 WL 4118117 at *3. The Agreement set forth a list of nine requirements that attempted to preserve the Independent Manager’s independence. It then limited the Independent Manager’s ability to act, vote, or otherwise participate in any LLC matters other than to consent to file bankruptcy. The Independent Manager was instructed to consider the interests of the LLC in acting or otherwise voting, as well as the interests of creditors and the economic interests of a minority member that was controlled by the lender. The Agreement also eliminated any fiduciary duty or liability that the Independent Manager might have to other members or managers. And, the Independent Manager’s role terminated upon repayment of the loan.

An addendum to the Agreement contained a further restriction on the LLC’s right to file a bankruptcy petition: “[The LLC shall not file bankruptcy] without the advance, written affirmative vote of the Lender and all members of the Company.” That provision directly conflicted with the Independent Manager provisions, which required only a 75 percent vote of the members.

The LLC filed a petition for Chapter 11 relief signed by its manager pursuant to a corporate resolution authorizing such action. The resolution disclaimed any knowledge as to the contact information or whereabouts of the Independent Manager and did not indicate a member vote was taken. Three days later, the lender filed a motion to dismiss the bankruptcy case, arguing that the Agreement’s bankruptcy restrictions were not followed.

In analyzing the Agreement’s enforceability, the bankruptcy court first noted that “state law governs whether a business entity is authorized to file a bankruptcy petition.” Kentucky law permitted the LLC’s member to do so, absent the Agreement’s restrictions in favor of the lender. The court then turned to federal law and public policy to determine whether the restrictions were enforceable.

Federal Public Policy Against Bankruptcy Restrictions

 Parties to an operating agreement generally have the freedom to contract limited only by the parameters in the relevant articles of organization and statutory law. But there is a strong federal public policy in favor of allowing individuals and entities their right to a fresh start in bankruptcy. Thus, cases discussing bankruptcy restrictions in LLC operating agreements usually begin with the uncontested premise that entities, like individuals, cannot contract away access to bankruptcy relief. See, e.g., In re Squire Court Partners Ltd. P’ship, 2017 U.S. Dist. LEXIS 105032, at *9 (E.D. Ark. July 7, 2017); Lake Michigan Beach, 547 B.R. 899; Intervention Energy, 553 B.R. 258; In re Bay Club Partners 472, LLC, 2014 WL 1796688, at *1 (Bankr. D. Or. May 6, 2014); Continental Ins. Co. v. Thorpe Insulation Co., 671 F.3d 1011, 1026 (9th Cir. 2012) (“This prohibition of prepetition waiver has to be the law; otherwise, astute creditors would routinely require their debtors to waive.” (quotation and citation omitted)). As the Lexington Hosp. court noted, “[i]ndeed, since bankruptcy is designed to produce a system of reorganization and distribution different from what [sic] would obtain under nonbankruptcy law, it would defeat the purpose of the Code to allow parties to provide by contract that the provisions of the Code should not apply.” Lexington Hosp., 2017 WL 4118117 at *5 (citing In re 203 N. LaSalle St. P’ship, 246 B.R. 325, 331 (Bankr. N.D. Ill. 2000)). Based on those policy considerations, contractual provisions in operating agreements that effectively block the entity’s ability to file bankruptcy without a creditor’s consent have been held void. Id. (citing Intervention Energy Holdings, 553 B.R. at 263–64; Lake Michigan Beach, 547 B.R. at 913).

In Lake Michigan Beach, the LLC debtor defaulted on a debt and agreed to give the creditor “special member” status in exchange for a promise not to pursue the default. 547 B.R. at 903–04. The amended operating agreement made the creditor a member with the right to approve or disapprove a bankruptcy filing by the debtor. The creditor had no interest in the LLC’s profits or losses, no right to distributions, no tax consequences, and no obligation to make capital contributions to the LLC. The creditor “was kept separate and apart from the Debtor in all ways but for its authority to block the Debtor from petitioning for bankruptcy relief.”.

In Intervention Energy, the LLC debtor defaulted on its debt and agreed to make the creditor a common member in exchange for waiver of all defaults. The amended operating agreement required unanimous consent from members to file for bankruptcy. The effect of the amendment was to grant the creditor, holder of one membership unit out of 22 million, full veto power over a bankruptcy filing.

In Bay Club, the LLC debtor received a real estate purchase money loan secured by the property and the LLC’s related assets. 2014 Bankr. LEXIS 2051 at *1–3. The lender asked the debtor to add a bankruptcy waiver provision and other restrictive covenants to its operating agreement. The amended agreement provided that the debtor “shall not institute proceedings to be adjudicated bankrupt or insolvent” until “the indebtedness secured by that pledge is paid in full.”

The form that a contractual bankruptcy waiver may take is limited only by the resourcefulness of attorneys. Squire Court Partners, 2017 U.S. Dist. LEXIS 105032 at *11 (citing Intervention Energy 553 B.R. at 264). The bottom line, however, is that in all of the recent decisions, the provision amounted to a debtor agreeing to a prepetition waiver. Moreover, each case involved a creditor limiting a debtor’s right to seek bankruptcy relief as a condition of supplying credit. Each of these “blocking provisions” violated federal public policy.

Lexington Hospitality Group’s Amended LLC Agreement

In Lexington Hospitality Group, the court invalidated the bankruptcy restrictions in the amended LLC Agreement. First, the court found that the Independent Manager was “not a truly independent decision maker,” despite the existence of provisions that appeared to require independence. 2017 WL 4118117 at *6. The Independent Manager’s fiduciary duties to the company were abrogated by her contractual duties to creditors and the minority member controlled by the lender. The Independent Manager’s existence was also terminated upon payment of the debt; “this connection with the financing highlights the concern that the Independent Manager is not actually independent from the creditor who negotiated for her participation in a bankruptcy decision.”

In any event, even if those provisions were not enough to invalidate the restrictions, the court determined that the following provision “confirms that the Independent Manager is merely a pretense to suggest that the right to file bankruptcy is not unfairly restricted”—“In order for the Company to declare Bankruptcy or dissolve and liquidate its assets, the Independent Manager must provide authorization, and then only upon a 75% vote of the Members.” The 75 percent requirement, while purporting to reserve the LLC members’ bankruptcy rights, actually disguised the true impact of the restriction because, as part of the loan transaction, the LLC’s majority owner diluted its 100 percent ownership interest to give a 30 percent interest to an entity controlled by the lender. Thus, it was impossible for the LLC to achieve 75 percent without the lender’s consent.

Finally, the lender’s power to prohibit a bankruptcy filing was even more direct in the addendum to the Agreement, which gave the lender express veto power regardless of the members’ consent to a bankruptcy filing. For all of those reasons, the bankruptcy restrictions were deemed unenforceable.

“Acceptable” Bankruptcy Restrictions

Not all bankruptcy restrictions are unenforceable, however. Members of a business entity, even a non-fiduciary member or manager, may freely agree among themselves not to file bankruptcy. See, e.g., Lexington Hosp., 2017 WL 4118117 at *6. Thus, the issue is whether bankruptcy restrictions are imposed by a creditor to create an absolute waiver of the LLC debtor’s right to file bankruptcy. 2017 WL 4118117 at *6. With respect to such restrictions in favor of outside parties to an LLC—such as the appointment of an “independent director” with veto power over a bankruptcy filing—the rule is that “the director must be subject to normal director fiduciary duties and therefore in some circumstances vote in favor of a bankruptcy filing, even if it is not in the best interests of the creditor that they were chosen by.” Lake Michigan Beach, 547 B.R. at 913. Absent normal fiduciary duties, “allowing a creditor to contract for control of a debtor’s decision whether to file a bankruptcy petition would undermine the most fundamental purposes of the bankruptcy laws.” Squire Court Partners, 2017 U.S. Dist. LEXIS 105032 at *12 (citing Lake Michigan Beach, 547 B.R. at 914).

Conclusion

The key takeaway for parties considering restrictions on an LLC’s bankruptcy rights is that an independent decision maker installed by an outside creditor cannot exist simply to vote “no” to a bankruptcy filing, but must also have normal fiduciary duties. See Lexington Hosp., 2017 Bankr. LEXIS 3129, at *16 (citing Lake Michigan Beach, 547 B.R. at 911–13). This is consistent with the rule that upon insolvency (and in some states in the so-called “zone of insolvency”), fiduciary duties shift from equity holders to all creditors. Contractual provisions cannot alter existing common law and/or statutory fiduciary duties for the sole benefit of one creditor. Further, as the discussion in Lexington Hospitality makes clear, the purpose of a contractual restriction on bankruptcy and the factual circumstances surrounding its adoption may affect enforceability as much as the contract language itself.

ESI Spoliation Sanctions: Assessing the Impact of the 2015 Federal Discovery Amendments

Posted on January 15, 2018 by - Uncategorized

Two years ago this past December, substantive amendments to the Federal Rules of Civil Procedure took effect. The most significant of these changes were to address the behemoth that is e-discovery. This included the new Rule 26 “proportionality” standard designed to balance ever increasingly complex e-discovery with the needs of each particular case. Another key revision was to require discovery objections to be made “with specificity,” thus effectively killing off boilerplate objections.

Another significant change was the retooling of Rule 37(e) to define the affirmative duty to preserve electronically store information (ESI) and to establish a framework for when it is appropriate to impose sanctions for the spoliation of ESI. This article explores the amended Rule 37(e) and its application since its introduction two years ago.

Background of the Rule 37(e) Amendment

The duty to preserve relevant documents and information is not new but arises from a long-recognized, common-law duty to preserve potentially relevant information for trial, subject to the court’s inherent sanction power. In adapting this common-law duty to the rising influx of ESI, some courts, however, had imposed rather harsh sanctions for even negligent conduct that resulted in lost ESI. Because a party could potentially “lose” vast amounts of ESI with surprising ease due to the nature of ESI, practitioners were rightfully terrified of being hit with spoliation sanctions.

In response to these decisions, the Advisory Committee on Civil Rules crafted Rule 37(e) in an effort to create a uniform framework for courts to evaluate the duty to preserve ESI and determine whether and what sanctions might be appropriate. But, as the Advisory Committees recognizes, Rule 37(e) is not intended to supplant the inherent powers of the court to sanction bad behavior.

When Does the Rule 37(e) Duty to Preserve Apply?

Rule 37(e) codifies the affirmative duty to preserve ESI that “should have been preserved in the anticipation or conduct of litigation.” Thus, Rule 37(e)’s duty to preserve ESI requires several “trigger” elements before a court can consider spoliation sanctions:

  • the relevant ESI that “should have been preserved” must have been “lost”;
  • the loss must have occurred after the duty to preserve arose (i.e., when litigation was “reasonably foreseeable”);
  • the loss must have occurred because the party failed to take “reasonable steps” to preserve the ESI; and
  • the ESI cannot be “replaced or restored” through additional discovery such that the loss prejudices the party seeking the ESI.

Each of these individual triggers deserves a little more discussion.

The ESI Must Be “Lost”

ESI may often exist in multiple forms in multiple places. Thus, ESI that can be restored or replaced is not “lost” under Rule 37(e). A question that is still open is whether “lost” ESI can be supplanted by other forms of discovery. Some courts have declined to allow this, but others have permitted narrowed additional discovery to allow parties to pursue additional discovery to uncover “lost” ESI.

Another potential question is what does “lost” mean? In Hsueh v. N.Y. State Dep’t of Fin. Servs., 2017 WL 1194706 (S.D.N.Y., Mar. 31, 2017), the court agreed with the defendant’s argument that Rule 37(e) does not apply when ESI is intentionally deleted, rather than “lost.” Although the court found that the language of Rule 37(e) did not cover intentional deletion, the court still imposed sanctions under its inherent authority. Arguably, intentional deletion still falls under Rule 37(e)—especially considering the “intent to deprive” factor discussed below—but in cases of evident bad faith, regardless of whether Rule 37(e) applies, the court has the power to sanction such egregious conduct and most likely will.

The Duty to Preserve Must Have Been “Reasonably Foreseeable”

Typically, the initiation of litigation—whether formally by a lawsuit or informally by a preceding demand letter—will be the obvious trigger of a party’s duty to preserve ESI. Other events, however, such as governmental investigations or industry events or knowledge, may make such litigation “reasonably foreseeable” such that a court will consider the duty to preserve to have been triggered. Obviously, these situations are case-specific, but practitioners must proceed with caution when disputes begin to arise. The second case discussed below provides a good example.

A Party Must Take “Reasonable Steps” to Preserve ESI

Once the duty to preserve has been triggered, Rule 37(e) requires the party to take “reasonable steps” to preserve ESI. A sound litigation hold practice and procedure that identifies all the relevant custodians and document storage systems will generally be sufficient to qualify. Courts and the Advisory Committee understand that “reasonable steps” does not mean perfection, and ESI may get lost. However, failure to turn off auto-deletion systems is generally not going to be easily forgiven.

The Lost ESI Must Be “Relevant”

Relevance, of course, is a touchstone for all the triggers. The courts will evaluate the relevance of the lost ESI in applying the Rule 37(e) triggers. The moving party bears the burden to show relevancy, but a party requesting extensive relief under the Rule should be prepared to answer questions as to how relevant it believes the lost ESI is. This will also go toward proving prejudice, as discussed below, and when looking at the prejudice suffered from the lost ESI, courts may sometimes shift the burden to the nonmoving party to prove that the ESI was not relevant.

Steps for Imposing Sanctions for Failure to Preserve ESI

If a party can establish the elements above, Rule 37(e) then separates possible sanctions for spoliation into two categories. Both categories require an initial finding that the loss of the ESI prejudices the other party. As noted above, proving prejudice will often require evaluating the relevance of the lost ESI. This will, of course, be factually intensive. Generally, however, if the lost ESI would have made a difference in the pursuit of claims or defenses, its loss will be considered prejudicial.

Once prejudice is proven, the court looks to whether there was an “intent to deprive” the other party of the lost ESI.

If there were no “intent to deprive,” then the court may “order measures no greater than necessary to cure the prejudice.” This will generally constitute, but is not limited to, monetary fines or, more likely, the award of the other side’s attorney’s fees. However, a court may also order, for instance, a forensic examination of a hard drive at the nonmoving party’s expense to attempt to lessen the burden of the spoliation, or other similar measures.

Harsher sanctions are only applicable upon a finding of an “intent to deprive.” These sanctions include a jury instruction (or court presumption) that the lost information was likely unfavorable to the party and, for egregious cases, “death penalty” sanctions of dismissal or a default judgment.

Recent Decisions

Courts continue to apply and interpret Rule 37(e). The following decisions are illustrative of some of the principles behind the Rule and its mechanical application.

In Mueller v. Swift, 2017 U.S. Dist. LEXIS 112276 (D. Colo., July 19, 2017), a radio DJ claimed pop star Taylor Swift falsely accused him of sexual misconduct, resulting in his firing. At the time of his termination, he recorded his calls with his employer. Swift requested them in discovery. The DJ turned over the files to his attorney, but not before editing them to delete everything that was “not important.” He also claimed the original files were lost due to a spilled-coffee incident.

Consequently, Swift claimed spoliation under Rule 37(e) and requested an adverse inference against the DJ that the missing information was favorable to her. Applying Tenth Circuit precedent and Rule 37(e), the court held that such an inference is only warranted if there is sufficient proof the evidence was lost or deleted in bad faith. The court was unable “to draw conclusions about disputed facts bearing on the merits of an action as the result of spilled coffee.” The court thus denied Swift’s request for an adverse inference, but allowed her to cross-examine plaintiff about the record of spoliation in front of the jury.

In ILWU-PMA Welfare Plan Bd. of Trs. v. Connecticut Gen. Life. Ins. Co., 2017 WL 345988 (N.D. Cal., Jan. 24, 2017), an ERISA plaintiff sought spoliation sanctions against the defendant, stemming in part from a tolling agreement the parties signed in 2011 due to previous litigation. In 2012, defendant’s parent company sold one of its three subsidiaries to a third party. Included in the transferred assets were e-mail accounts and other ESI belonging to defendant. Importantly, the purchase agreement obligated the buyer to “provide [the seller] reasonable access to business information of both parties as reasonably required for, among other things, litigation purposes.” The agreement also stipulated that each party would preserve defendant’s information, and that for the first six years, neither party would destroy any of the subsidiary’s information without first providing the other party an opportunity to obtain a copy.

In February 2016, as part of the present dispute, plaintiff requested ESI that included records included in the sale. Despite the purchase agreement’s terms, the third party was unable to produce any of defendant’s records dated before 2009. Defendant argued that sanctions were not warranted, as it could not have reasonably foreseen this action. Further, defendant argued that even if it could have foreseen litigation, the purchase agreement established that defendant took reasonable steps to preserve the ESI.

Turning to FRCP 37(e), the court found that defendant was on notice of potential litigation in 2011 based upon the tolling agreement’s terms and the fact that the issues in the present suit related to the 2011 litigation. Additionally, the purchase agreement expressly stated that defendant would have access to the transferred records “for litigation purposes.” The court was also troubled that the subsidiary sold by the parent company had records of a completely separate subsidiary, and that the company did not bother to make copies of the records before transfer. The court held that even though the discovery process was still ongoing, “at least some prejudice” occurred, and that sanctions against the defendant were appropriate. The court ordered discovery reopened and required defendant to pay the reasonable costs for discovery, as well as plaintiff’s costs for bringing its sanctions motion.

Spoliation Sanctions for Failing to Preserve ESI Are Scary but Manageable

As fitting with the overarching theme of the 2015 Amendments, the preservation duty imposed by Rule 37(e) and its related threat of spoliation sanctions encourage early cooperation with opposing counsel to define the scope of discovery for the case. If parties can do so—or at least understand how each side views proportionality in the context of the case, especially as to ESI—then they can greatly reduce the risk that the other side will claim spoliation of ESI so long as they are taking other reasonable steps to preserve ESI. Parties should not take the duty to preserve ESI lightly, given that courts have not hesitated to dole out spoliation sanctions under Rule 37(e) and their inherent power where appropriate.

Draft Canadian Security Breach Regulations Finally Unveiled

Posted on January 15, 2018 by - Uncategorized

It’s been a long wait. More than two years have passed since Ottawa amended Canada’s federal private-sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA, or the Act) by enacting Bill S-4, the Digital Privacy Act, to establish mandatory data-breach reporting requirements. Yet, sections 10.1 through 10.3, the provisions outlining the obligations for breach reporting and notification, still are not yet in force pending the creation of necessary regulations. On September 2, 2017, Innovation, Science and Economic Development Canada finally revealed the proposed Breach of Security Safeguards Regulations (Regulations), along with a Regulatory Impact Analysis Statement (RIAS) which can be found in the Canada Gazette. The proposed Regulations will come into force at the same time as section 10 of the Digital Privacy Act and are open for comments from interested parties for a period of 30 days.

By way of refresher, following the implementation of the new data-breach sections of PIPEDA, organizations that experience a data breach (referred to in PIPEDA as a “breach of security safeguards”) must determine whether the breach poses a “real risk of significant harm” (which may include bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record, and damage to or loss of property) to any individual whose information was involved in the breach by conducting a risk assessment. When conducting this risk assessment, organizations must consider the sensitivity of the information involved and the likelihood of whether it will be misused. If the answer is “yes,” the organization is required to notify affected individuals and the Privacy Commissioner of Canada (the Commissioner) as soon as “feasible.”

Additionally, because the primary objective of the new data-breach reporting and notification framework in PIPEDA is to prevent or mitigate the potential harm to individuals resulting from a breach, the updated Act requires organizations that notify individuals of breaches to notify other third-party organizations and government institutions (or part of government institution) of a potentially harmful data breach if the organization making the notification concludes that such notification may reduce the risk of harm that could result from the breach or mitigate the potential harm.

Data-Breach Report to the Commissioner

The proposed Regulations provide a list of requirements that must be covered in any notice to the Commissioner. The RIAS further notes that this list is not intended to be exhaustive, and there is nothing in the Regulations that precludes an organization from providing additional information to the Commissioner should the organization believe that the information is pertinent to the Commissioner’s understanding of the incident.

At a minimum, the data-breach report to the Commissioner must be in writing and must contain the following information:

(a) a description of the circumstances of the breach and, if known, the cause;

(b) the day on which, or the period during which, the breach occurred;

(c) a description of the personal information that is the subject of the breach;

(d) an estimate of the number of individuals in respect of whom the breach creates a real risk of significant harm;

(e) a description of the steps that the organization has taken to reduce the risk of harm to each affected individual resulting from the breach or to mitigate that harm;

(f) a description of the steps that the organization has taken or intends to take to notify each affected individual of the breach in accordance with subsection 10.1(3) of the Act; and

(g) the name and contact information of a person who can answer, on behalf of the organization, the Commissioner’s questions about the breach.

Notifying the Affected Individual

Similarly, although the proposed Regulations also list the requirements that must be contained in any notification to affected individuals, the RIAS provides that companies can provide additional information and/or design the notice to suit the intended audience. Minimally, the following information is required in any notice to an affected individual:

(a) a description of the circumstances of the breach;

(b) the day on which, or period during which, the breach occurred;

(c) a description of the personal information that is the subject of the breach;

(d) a description of the steps that the organization has taken to reduce the risk of harm to the affected individual resulting from the breach or to mitigate that harm;

(e) a description of the steps that the affected individual could take to reduce the risk of harm resulting from the breach or to mitigate that harm;

(f) a toll-free number or e-mail address that the affected individual can use to obtain further information about the breach; and

(g) information about the organization’s internal complaint process and about the affected individual’s right, under the Act, to file a complaint with the Commissioner.

Direct Notification/Indirect Notification

The Regulations confirm that organizations can communicate with affected individuals through a variety of channels, including: (a) by e-mail or any other secure form of communication if the affected individual has consented to receiving information from the organization in that manner; (b) by letter delivered to the last known home address of the affected individual; (c) by telephone; or (d) in person.

However, the Regulations also recognize that there might be circumstances when “indirect” notification of affected individuals is acceptable. Examples include when: (a) the giving of direct notification would cause further harm to the affected individual; (b) the cost of giving of direct notification is prohibitive for the organization; or even when (c) the organization does not have contact information for the affected individual or the information that it has is out of date. In these circumstances, the proposed Regulations suggest that a public announcement, i.e., a “conspicuous message” posted on the organization’s website for at least 90 days or the use of an advertisement that is “likely to reach the affected individuals” would be acceptable. However, one may question whether this carve-out, which clearly puts the onus on the aggrieved party to take active steps to find out about the breach, is actually reasonable in most circumstances, as it may prove tempting to organizations that would rather avoid the considerable cost of individual notification and instead rely on digital publication.

Data-Breach Recordkeeping

Significantly, companies that experience data breaches will no longer have the ability to hide them. Under the draft Regulations, organizations must maintain a “record” (the word is undefined and may arguably be broadly interpreted) of every breach of security safeguards for a minimum of 24 months after the day on which the organization determines that the breach has occurred. Ouch. Even worse, the record must be sufficiently detailed and must contain any information pertaining to the breach that enables the Commissioner to verify compliance with subsections 10.1(1) and (3) of the Act. The Regulations do confirm that the data-breach report provided to the Commissioner as described above can also be considered a record of the breach of security safeguards.

Next Steps

What does this all mean for Canadian and U.S. businesses?

Certainly, U.S. organizations that have a real and substantial connection to Canada and that collect, use, and disclose the personal information of Canadians in the course of their commercial activities should dust off and revisit their existing corporate data-breach/breach of security safeguards policies to ensure that they at least minimally dovetail with the proposed Regulations, which are expected to come into force in 2018. It is important to know that Canadian courts have held that PIPEDA has extraterritorial application to foreign organizations involved in the collection, use or disclosure of personal information in Canada including through the offer and provision of services to Canadians (see Lawson v. Accusearch Inc. (c.o.b. Akiba.com) [2007] F.C.J. No. 164 and more recently, T.(A.) v. Globe24h.com [2017] F.C.J. No. 96).

If an organization does not yet have a data-breach/breach of security safeguards policy, then it’s high time to consider putting one in place. As the recent Equifax and other data breaches have reminded us, no company is immune to the threat of hackers, and the loss of personal information and organizations that are subject to PIPEDA will be obliged, under Canadian law, to report such incidents. Once the mandatory provisions of PIPEDA dealing with breach reporting, notification, and recordkeeping come into force, any affected U.S. organization that knowingly fails to report to the OPC or notify affected individuals of a breach that poses a real risk of significant harm, or knowingly fails to maintain a record of all such breaches, could face fines of up to $100,000 per violation. Therefore, there is no time like the present for smart companies to review their current practices and establish those critical safeguards/methodologies to avoid these penalties.

Lisa R. Lifshitz

Announcing the ABA’s 2017 Private Target Mergers & Acquisitions Deal Points Study

Posted on January 15, 2018 by - Uncategorized

As chair of the ABA’s Private Target Mergers & Acquisitions Deal Points Study (the Private Target Deal Points Study), I am pleased to announce that we published the latest iteration of the study to the ABA’s website in December 2017.

Congratulations! But Wait. What Exactly Is This Private Target Deal Points Study, Anyway?

The Private Target Deal Points Study is a publication of the Market Trends Subcommittee of the Business Law Section’s M&A Committee. It examines the prevalence of certain provisions in publicly available private target mergers and acquisitions transactions during a specified time period. The Private Target Deal Points Study is the preeminent study of M&A transactions, widely utilized by practitioners, investment bankers, corporate development teams, and other advisors.

The 2017 iteration of the Private Target Deal Points Study analyzes publicly available definitive acquisition agreements for transactions executed and/or completed either during calendar year 2016 or during the first half of calendar year 2017. In each case, the transaction involved a private target acquired by a public buyer, with the acquisition material enough to that public buyer for the Securities and Exchange Commission to require public disclosure of the applicable definitive acquisition agreement.

The final sample examined by the 2017 Private Target Deal Points Study is made up of 139 definitive acquisition agreements and excludes agreements for transactions in which the target was in bankruptcy, reverse mergers, divisional sales (for divisional sales, see the Carveout Study also published by the Market Trends Subcommittee in December 2017), and transactions otherwise deemed inappropriate for inclusion.

Although the deals in the 2017 Private Target Deal Points Study reflect a broad swath of industries, the technology and health-care sectors together made up nearly half of the deals. Asset deals comprised 13.7 percent of the sample, with the remainder either equity purchases or mergers.

Of the 2017 Private Target Deal Points Study sample, 21 deals signed and closed simultaneously, whereas the remaining 118 deals had a deferred closing some time after execution of the definitive purchase agreement.

The transactions analyzed in the 2017 Private Target Deal Points Study were in the “middle market,” with purchase prices ranging between $30 million and $500 million; purchase prices for most deals in the data pool were below $300 million.

The Private Target Deal Points Study Sounds Great! How Can I Get a Copy?

  • All members of the M&A Committee of the Business Law Section received an e-mail alert from me with a link when the study was published. If you are not currently a member of the M&A Committee but don’t want to miss future e-mail alerts, committee membership is free to Business Law Section members, and you can sign up on the M&A Committee’s homepage.
  • The published 2017 Private Target Deal Points Study is available for download by M&A Committee members from the Market Trends Subcommittee’s page on the ABA’s website. Also available at that link are the other studies published by the Market Trends Subcommittee, including the recently released Canadian Public Target M&A Deal Points Study (chaired by Cameron Rusaw), Carveout Transactions M&A Deal Points Study (chaired by Rita-Anne O’Neill), and Strategic Buyer/Public Target M&A Deal Points Study (chaired by Claudia Simon).

How Does the 2017 Private Target Deal Points Study Differ from the Prior Version?

The 2017 version of the Private Target Deal Points Study has a number of features that differentiate it from prior iterations.

  • Data in the 2017 version of the Private Target Deal Points Study is more current:
    • The 2017 version of the Private Target Deal Points Study includes not only 2016 transactions, but also transactions from the first half of 2017.
    • The 2017 version of the Private Target Deal Points Study includes deals signed during those periods, not just deals that closed during those periods.
  • The 2017 version of the Private Target Deal Points Study excludes divisional sales:
    • The Market Trends Subcommittee of the M&A Committee has also published a special study of carveout sales; thus, by excluding them from the 2017 version of the Private Target Deal Points Study, we can better compare results for given data points between the two studies.
  • The 2017 version of the Private Target Deal Points Study contains new data points:
    • There is an entire new section in the 2017 version of the Private Target Deal Points Study regarding representations and warranties insurance, along with correlations to certain data points relating to indemnification.
    • There are other new data points scattered throughout the 2017 Private Target Deal Points Study with “new data” flags (like the sample shown below) to make them easy to spot: 

  • The 2017 version of the Private Target Deal Points Study provides multiyear comparisons:
    • We have been collecting many of the data points for over a decade now, allowing us to display data—and trend lines—over a number of years in the 2017 version of the Private Target Deal Points Study.
    • Please join me in extending a hearty thank you to everyone who worked so hard on this study, from leadership to advisors to issue group leaders to the working groups, all of whom are listed in the credits pages.

For more information, there will be an In the Know webinar covering the Private Target M&A Deal Points Study on March 8, 2018, from 1:00 p.m. to 2:30 p.m. (ET).

Notes on the Tax Cuts and Jobs Act

Posted on January 15, 2018 by - Uncategorized

Taxation of Individuals

The Tax Cuts and Jobs Act (the Act) provides seven tax brackets (10 percent, 12 percent, 22 percent, 24 percent, 32 percent, 35 percent, and 37 percent) for individuals paying taxes on their ordinary income, such as wages. The Act repeals the Affordable Care Act’s individual mandate penalty. The Act did not repeal, however, the 3.8 percent net investment income tax, nor did it remove the additional payroll and Medicare taxes, resulting in a possible top marginal rate of 40.8 percent for individuals. These new individual tax rates will sunset on December 31, 2025.

Generally, fewer individuals will itemize their deductions for tax year 2018 because although the Act eliminated personal exemptions, it doubled the current standard deduction. In addition, although charitable deductions were left untouched, the mortgage interest deduction will be based on a new $750,000 limit instead of the prior $1,000,000 limit for home acquisition debt. State and local taxes for individuals can also still be itemized and deducted, but only up to $10,000. There was previously no limit on the amount of state and local taxes that could be deducted on personal income tax returns.

Taxation of Pass-through Income

The Act provides a 20-percent deduction for pass-through entities, such as partnerships, S corporations, and sole proprietorships. Business income from specified services (including health, law, accounting, consulting, athletics, financial services, brokerage services, and certain other services) is ineligible for the deduction, except for taxpayers with income below certain thresholds. Taxpayers with taxable income not exceeding $157,500 (or $315,000 in the case of a joint return) are exempt from the prohibition on specified services. As with other individual income tax provisions in the Act, the 20-percent deduction for pass-through entities will sunset on December 31, 2025.

Corporate Taxation

Corporate tax rates are reduced from a maximum rate of 35 percent to a flat rate of 21 percent under the Act. The corporate alternative minimum tax is also eliminated, unlike the individual alternative minimum tax which was retained. Although the Act has eliminated most corporate deductions and credits, it provides for the immediate write-off of the cost of business investments under bonus depreciation.

Estate and Gift Taxes

The Act increases the federal estate and gift tax unified credit basic exclusion amount to $10 million (adjusted for inflation from the same 2010 base year), effective for decedents dying and gifts made after 2017 and before 2026. The Act increases the federal GST exemption amount to $10 million (adjusted for inflation from the same 2010 base year), effective for generation-skipping transfers made after 2017 and before 2026.

Employee Tax Benefits

Generally, a deduction for compensation paid or accrued with respect to a “covered employee” of a publicly traded corporation is capped at $1 million per year. Covered employees include the CEO, CFO, and the three highest-paid employees. Pre-reform, the deduction limitation did not apply to commissions or performance-based remuneration (including stock options). The Act repeals the commission and performance-based compensation exceptions.

Section 83(i) of the Internal Revenue Code will provide new tax benefits to employees of certain startup companies. Here, a qualified employee may make an election to defer income with respect to qualified stock so that no amount is included in income for up to five years or until a specified event occurs, such as the company going public. The company must have a written plan that provides RSUs  or stock options to at least 80 percent of the employees of the company. Employers must provide notice that the employee may be eligible to elect to defer income. Certain highly compensated employees are explicitly excluded.

International Taxation

Subtitle D of the Act contains the international tax provisions. Here, the Act creates a new territorial system of taxation by exempting certain foreign income of U.S. corporations from U.S. taxation.

Conclusion

Although President Trump signed the Act into law, Americans can expect further legislation to clarify and modify the new rules. Outside of budget reconciliation, any subsequent bills are going to require 60 votes to pass in the Senate, which means some Democrats will also have to be on board. In the interim, we will have to rely on further IRS guidance to fill in the gaps of this tax reform legislation.

SEC’s Challenge—Public Company Model Is Unattractive for Many Businesses

Posted on December 14, 2017 by - Uncategorized

Analysis of trends in U.S. capital markets reveals “an undeniable fact that the number of U.S. public companies has declined considerably from the peak of 20 years ago.” Ernst & Young LLP, Foreword, Looking Behind the Declining Number of Public Companies, an Analysis of Trends in US Capital Markets, May 2017 (E&Y Analysis). Listings of public companies in the United States “fell by roughly 50 percent . . . from 1996 through 2016.” Credit Suisse, The Incredible Shrinking Universe of Stocks, the Causes and Consequences of Fewer U.S. Equities, Mar. 22, 2017, at 1 (Credit Suisse Report). The reality is that more companies are choosing to stay private longer, and some public companies voluntarily “go dark” (i.e., deregister their stock from the Securities and Exchange Commission) or are acquired.

In his July 12, 2017 remarks at the Economic Club of New York, SEC Chairman Jay Clayton unequivocally stated that “the reduction in the number of U.S.-listed public companies is a serious issue for our markets and the country more generally,” and that “we need to increase the attractiveness of our public capital markets without adversely affecting the availability of capital from our private markets.”

In August 2017, the Council of Institutional Investors (CII) and the U.S. Chamber of Commerce, along with representatives of different segments of the U.S. economy, wrote letters to the Department of Treasury in connection with its upcoming report on regulations impacting the capital markets. See Council of Institutional Investors, Letter to the U.S. Department of Treasury on Capital Markets Report, (Aug. 23, 2017) (CII Letter); Joint Letter to Treasury Regarding the Decline in Public Companies (Aug. 22, 2017) (Joint Letter). (The Joint Letter was submitted by the U.S. Chamber of Commerce, as well as the Intercontinental Exchange; Nasdaq; Biotechnology Innovation Organization; Equity Dealers of America; Steven Bochner, Partner, Wilson Sonsini Goodrich & Rosati; Joseph D. Culley, Jr., Janney Montgomery Scott LLC; Kate Mitchell, Co-Founder and Partner, Scale Venture Partners; Jeffrey M. Solomon, President, Cowen Inc.; and Joel H. Trotter, Partner, Latham & Watkins.) Both the CII Letter and the Joint Letter identify the problem of shrinking public company markets but approach it differently.

CII, as the voice of institutional shareholders, including employee benefit plans, foundations, and endowments, believes that the SEC must “improve the delivery and access of the information required to be provided to investors,” but should not significantly alter “the total mix of information provided to investors.” The Joint Letter, representing views of businesses, expresses concern that “the decline in U.S. public companies inhibits economic growth, job creation, and the ability of households to create sustainable wealth” and suggests the following reforms to help reinvigorate the U.S. IPO market:

  • extend the “on-ramp” accommodations of the JOBS Act from five years to ten years for all emerging growth companies (EGCs), and revise the EGC definition to eliminate the premature phase-out of those accommodations;
  • make the JOBS Act on-ramp available for all companies seeking an IPO for five years, regardless of whether they meet the definition of an EGC;
  • modernize the regulatory regime for internal control reporting requirements under the Sarbanes-Oxley Act;
  • modernize the disclosure regime administered by the SEC, including elimination of outdated or duplicative disclosures, repeal of immaterial social and politically motivated disclosure mandates, as well as further scaled disclosure requirements for EGCs;
  • reform the outdated rules governing shareholder proposals under Rule 14a-8, including modernizing the thresholds for shareholder proposal resubmissions by increasing the shareholder support thresholds;
  • enhance regulatory oversight of the proxy advisory firm industry;
  • promote an equity market structure that enhances liquidity for EGCs and other small capitalization companies; and
  • incentivize both pre-IPO and post-IPO research of companies.

In his speech, Chairman Clayton praised the U.S. public company disclosure and trading system as “an incredibly powerful, efficient, and reliable means of making investment opportunities available to the general public,” but he also acknowledged that the SEC, lawmakers, and other regulators “have slowly but significantly expanded the scope of required disclosures beyond the core concept of materiality.”

The SEC’s Regulatory Flexibility Agenda (see 82 Fed. Reg. 163 (Aug. 24, 2017)) published for public comment, delays (arguably indefinitely) the adoption of rules that many companies view as burdensome and pushes forward rules that are designed to lead to a more balanced disclosure regime. For example, the proposed agenda places the adoption of final rules implementing the following Dodd-Frank mandates on hold, with the timetable for the SEC action identified as “to be determined”:

  • disclosure of hedging by employees, officers, and directors;
  • clawback of erroneously awarded compensation; and
  • pay-versus-performance disclosure.

The adoption of the following final rules, among certain other actions, is targeted for April 2018:

  • amendments to the definition of a “smaller reporting company” to expand the number of registrants that qualify as smaller reporting companies in order to promote capital formation and reduce compliance costs for smaller registrants; and
  • updates to certain disclosure requirements in Regulations S–X and S–K that may have become redundant, duplicative, overlapping, outdated, or superseded.

The adoption of these rules, albeit important, is unlikely to be a game-changer in a company’s decision whether to go public. The implementation of significant reforms that will spur public company activity may involve a lengthy SEC rulemaking process and will not happen overnight; however, it is important that the issue of declining interest in becoming a U.S. public company is recognized, discussed, and put at the forefront of the SEC agenda.

Debtors, Fiduciaries, and Directors and Officers Beware: The Limits of D&O Liability Policy Coverage

Posted on December 14, 2017 by - Uncategorized

Sometimes, uncontrollable financial circumstances precipitate a company’s decision to seek the protection of the Bankruptcy Code. Other times, a bankruptcy filing results, at least in part, from poor decisions made by the company’s management. A bankruptcy trustee is duty-bound to scrutinize the decisions of management and determine whether certain errors were made that caused harm to the debtor or its creditors and, if appropriate, commence litigation against the relevant decision makers for the benefit of the bankruptcy estate and its creditors. These suits often involve allegations that directors and officers have breached their fiduciary duties.

This type of litigation is all the more likely in cases where the debtor has or had a director and officer liability policy (D&O policy) in place to cover such claims, but most D&O policies contain an “insured vs. insured” exclusion, which excludes claims made by an insured against another insured under the policy.

Although not all courts have agreed, in a majority of jurisdictions, court-appointed trustees (Chapter 7 and Chapter 11) have circumvented insured vs. insured exclusions by arguing that there is no risk of collusion when the suit is brought by an independent, court-appointed fiduciary, and that the debtor company and the debtor’s estate—on whose behalf a trustee is bringing suit—are distinct legal entities.

But what about bankruptcy fiduciaries who are not court-appointed Chapter 7 or Chapter 11 trustees? A debtor-in-possession often will include in its Chapter 11 plan of reorganization the appointment of a litigation trustee, liquidating trustee, or other fiduciary to oversee litigation and make distributions for the benefit of creditors. Just like a court-appointed trustee, these fiduciaries will see a D&O policy as a source of potential recovery.

But a recent decision of the Sixth Circuit Court of Appeals may have far-reaching ramifications for fiduciaries who are not court-appointed, and may even erode at the general success Chapter 7 and Chapter 11 trustees have had in pursuing claims against debtors’ D&O policies.

In Indian Harbor Ins. Co. v. Zucker for Liquidation Tr. of Capitol Bancorp Ltd., 860 F.3d 373 (6th Cir. 2017), the debtor, Capitol Bancorp, confirmed a liquidating plan that created a liquidating trust to pursue litigation claims on behalf of the estate. The liquidation trustee sued Capitol Bancorp’s officers, alleging that they breached their fiduciary duties to the company. Indian Harbor Insurance—the company’s D&O insurer—filed a separate action seeking a declaration that the trustee’s claims fell within the policy’s insured vs. insured exclusion. The district court found the exclusion applied, and the liquidation trustee appealed.

The Sixth Circuit began its analysis with the language of the insured vs. insured exclusions, which excluded coverage for “any claim made against an Insured Person . . . by, on behalf of, or in the name or right of, the Company or any Insured Person.” This is fairly standard language, some variant of which is found in most D&O policies. Notably, there was no mention of the existence in the policy at issue of an exclusion to the insured versus insured exclusion which relates to insolvency and/or bankruptcy proceedings

The court went on to discuss the purpose of insured vs. insured exclusions, analogized well by the Zucker majority:

Not unlike a homeowner’s insurance policy that excludes coverage for a fire that the policyholder intentionally sets, these exclusions limit the management-liability insurance to claims by outsiders, prohibiting coverage for claims by people within the insured company. A company thus cannot hope to push the costs of mismanagement onto an insurance company just by suing (and perhaps collusively settling with) past officers who made bad business decisions.

(citing Biltmore Assocs., LLC v. Twin City Fire Ins. Co., 572 F.3d 663, 670 (9th Cir. 2009)). Although one would generally consider a liquidating trustee to be similarly disinterested as a court-appointed trustee so as to dissuade any fears of collusive behavior, the Zucker majority was not so convinced. It admitted that court approval of the debtor’s plan was a procedural safeguard, but stated that that alone did not “eliminate the practical and legal difference between an assignee [the liquidating trustee who was assigned causes of action under the plan] and a court-appointed trustee that receives the right to sue on the estate’s behalf by statute.” The majority concluded that “[t]he risk of collusion is surely higher when the insured individuals—the management of the debtor in possession—can negotiate and put conditions on a trustee’s right to sue them.” In other words, the mere fact that the debtor’s former managers can propose to name the individual who will serve as trustee and condition his or her authority is enough to raise the red flag of collusion beyond an acceptable threshold.

This is troubling for two reasons. First, if anything, management typically attempts to restrict the ability of a trustee to bring causes of action against them—a negotiating tactic that, if successful, would reduce overall the types of claims the trustee could bring; it would not elevate the risk of the trustee bringing collusive claims to the insurer’s detriment. Second, even if management sought to restrict or steer the trustee’s recovery efforts, those provisions would be subject to objection by creditors and interested parties and, if unacceptable, may result in a failure to garner sufficient votes to confirm the plan. As the dissent points out, “[f]unctionally, however, there is no distinction between an assigned trustee that a bankruptcy court has determined is independent and does not pose a risk of collusion, and one that is appointed by a bankruptcy court and is by nature of that appointment independent.”

With respect to the distinct-legal-entity argument, the liquidation trustee argued that a debtor-in-possession is legally distinct from the prebankruptcy “Company” defined in the insurance policy, making the insured vs. insured exclusion inapplicable to the trustee, who is the debtor-in-possession’s assignee. In response, the Zucker majority provides another analogy:

[T]his new-entity argument surely would not work before bankruptcy. Capitol could not have dodged the exclusion by transferring a mismanagement claim to a new company—call it Capitol II—for the purpose of filing a mismanagement claim against [Capitol’s management]. No matter how legally distinct Capitol II might be, the claim would still be ‘by, on behalf of, or in the name or right of’ Capitol. The same conclusion applies to a claim filed after bankruptcy. Here too the voluntarily transferred claim would be filed “on behalf of” or “in . . . the right of” Capitol. The exclusion remains applicable by its terms.

The majority interpreted its own precedent discussing the legal distinction between a prebankruptcy debtor and a debtor-in-possession narrowly, stating that the two are “one and the same person, although ‘wearing two hats’” (quoting Cle-Ware Indus., Inc. v. Sokolsky, 493 F.2d 863, 871 (6th Cir. 1974)). The majority concluded that Capitol, as a debtor-in-possession, was the same “Company” that entered into the insurance contract; therefore, the liquidation trustee, as assignee of the debtor-in-possession, stand’s in the “Company’s” shoes and is subject to the same defenses. “Just as the exclusion would bar a suit ‘by’ or ‘on behalf of” Capitol, it bars a suit by or on behalf of the Trust” (citing Biltmore, 572 F.3d at 671).

The majority then went a step further, putting even court-appointed trustees on shaky ground. The court stated, “[i]n truth, because the exclusion also applies to claims ‘in the . . . right of’ Capitol, it’s not even clear that a court-appointed trustee or creditor’s committee could collect on the policy.” But the court stopped short of deciding that issue, and held merely that “a voluntary assignee like the Trust, which stands in Capitol’s shoes, brings a breach-of-fiduciary-duty suit ‘by, on behalf of, or in the name or right of’ the debtor in possession” and, therefore, the claim was excluded from coverage under Capitol’s D&O policy.

The Zucker holding could have a dramatic and unintended impact on bankruptcy cases, the assertion of breach of fiduciary duty claims, and the availability of coverage for those claims. As the dissent notes:

If the majority’s decision becomes settled precedent, this Court will send a clear message to creditors in chapter 11 proceedings that if claims against directors and officers are deemed to be of significant value and the plan proposes to put those claims into a trust, the creditors must not agree to a plan proposed or even agreed to by the debtor-in-possession. Instead creditors will be required to seek the appointment of a bankruptcy trustee, where appropriate, or they will have to defeat the debtor-in-possession’s plan and propose their own disclosure statement and plan.

We will have to wait and see the true effect of Zucker, but all debtors, creditors, fiduciaries, and directors and officers are now on notice that the ability to recover against or receive coverage under a D&O policy may, depending upon the terms of the policy and the exact circumstances of the case, be compromised when such claims are pursued by a fiduciary who has not been appointed pursuant to statute or court order.