Recent regulatory proposals have kick-started the open banking sprint.^[1] As both banks and fintechs adopt open banking innovations, however, new all-encompassing digital interfaces, paired with artificial intelligence (“AI”), will raise critical questions about data protection, consent, and current disclosure frameworks. Entities must dedicate sufficient resources to design, test, and protect AI and protect privacy as they enter the new, exciting open banking landscape.

The Future of Open Banking

In the not-so-distant future, we will find ourselves in a brave new world of consumers sharing deposit, credit card, loan, and mortgage data across enterprises, to display and interact with their full financial profile in one dynamic interface. In that world—known as “open banking”—privacy implications and potential AI applications loom large.

This future has been accelerated by the proposed rule on open banking announced by the Consumer Financial Protection Bureau (“CFPB”) on October 19, 2023. The proposed rule mandates that financial institutions, card issuers, and payment providers make consumer data—including transaction data—readily available to consumers and authorized third parties. In addition, the proposed rule institutes consumer protection obligations on collection and use of that data and prohibits data providers from imposing fees for establishing and maintaining these new-age interfaces.

Further dissection of the CFPB’s proposed rule on personal financial data rights illustrates an expectation that digital interfaces will play a primary role in the banking ecosystem, as well as a staunch desire to prevent potential exploitation through limitations and protections on the use of personal financial data. Key considerations will include implementation of robust encryption mechanisms, transparent data governance practices, and protection against inadvertent disclosure of sensitive financial information.

The Proposed Section 1033 Rule: Overview

Section 1033 of the Dodd-Frank Act provides consumers the right to obtain their information relating to a consumer financial product or service in an electronic form from a covered person subject to CFPB rulemaking to implement this statutory provision. The CFPB has described its proposed rulemaking as accelerating the shift to open banking, which is the idea that financial information will flow among various parties in the financial services ecosystems, including banks, fintechs, data aggregators, and consumers. However, the proposed section 1033 rules currently are limited to regulating the flow of consumer financial data from data providers to consumers and third parties authorized to access that data by the consumer. The comment period on the proposed rule closed on December 29, 2023.

The rule represents one of CFPB Director Rohit Chopra’s signature priorities because it addresses his desire both to regulate what he refers to as the monetization of consumer data and to promote competition in consumer financial services. Competition in the marketplace arguably is bolstered by consumers having the ability to “vote with their feet” and more easily move their financial data from one entity to another. Because of the rule’s importance to Chopra’s agenda, a final rule is likely to be issued by late spring to avoid potential Congressional Review Act invalidation. The compressed time frame from proposed to final rule suggests that there will not be significant change in scope between the proposed and final rules.

Elements of the Proposed Rule

The proposed rule establishes pertinent terminology: data providers, covered data, and authorized third parties. In the initial iteration of the rule, data providers are limited to financial institutions as defined by Regulation E and credit card issuers as defined by Regulation Z.^[2] (The CFPB has intimated that expanding the applicability of this data access right to other markets will likely be the subject of future rulemakings.)

This first round of rulemaking applies to covered data relating to Regulation E accounts and Regulation Z credit cards.^[3] Authorized third parties are those that are permitted to request covered data from a data provider.^[4] They will have to comply with certain authorization procedures that require express consent by the consumer that is limited in duration.^[5] Moreover, they will be subject to a limitation on use and retention of covered data and will be required to condition further disclosure of consumer data to other third parties upon that third party’s agreement by contract to comply with the section 1033 authorization requirements.^[6] These restrictions on the flow and use of data by third parties and other players in the payments ecosystem will undoubtedly have implications for consumers’ privacy and use cases for AI as open banking develops and evolves in the United States.

The proposed rule seeks to impose a framework in which data transfers are accomplished via application programming interface (“API”) calls rather than by existing methods such as screen scraping or credential sharing. Data providers will be required to maintain a consumer interface and establish and maintain a developer interface, both of which must meet certain performance specifications, to receive and respond to data access requests.^[7] Data providers generally will not be allowed to restrict the frequency of access requests, nor will they be permitted to deny access requests except in limited circumstances to address risk management concerns.^[8]

Notable Gaps in the Proposed Rule

Banking industry trade groups, whose members are subject to the proposed rule, have sharply critiqued the proposed rule for failing to be sufficiently prescriptive on issues relating to data accessibility and for being nearly silent on issues relating to liability for mishandling data.^[9]

Indeed, many of the standards by which the CFPB proposes to make data accessible and available to consumers and authorized third parties appear to be delegated to standard-setting organizations (“SSOs”) that have yet to be recognized by the CFPB. The Financial Data Exchange, widely regarded by industry groups as the leading contender to qualify as a standard-setting organization, does not yet function in the form that the proposed rule contemplates. And there is no industry-wide agreement on whether any CFPB-recognized SSO should enjoy enforcement power or otherwise be able to mandate adoption of the standards it promulgates. Nor does the proposed rule contemplate that a data provider’s compliance with any standards promulgated by a recognized SSO will provide a safe harbor from any regulatory action. The lack of certainty around the role that an SSO will play under the final rule and the implementation of appropriate governance that an SSO will need to achieve recognition leaves many in the banking industry viewing the short compliance time frames in the proposed rule (which are staggered according to asset thresholds, with the first time frame to take effect six months after publication of the final rule in the Federal Register) as unworkable.

The proposed rule fails to resolve questions of liability for any potential misuse, misappropriation, or breach of a consumer’s financial data. That silence is a notable asymmetry to the obligations (and corresponding liability) that Regulation E and Regulation Z impose on financial institutions and credit card issuers to investigate disputes. The proposed rule’s failure to allocate liability is likely to disadvantage financial institutions relative to nonbanks: because consumers are more likely to complain to their banks in the first instance about potential unauthorized payments transfers, even if an authorized third party or a player even further downstream was the one that mishandled the data resulting in the alleged payment, banks will likely need to invest greater resources than nonbanks to comply with their Regulation E obligations. Any investment to meet increased compliance demands may result in either an increase in the price of banking products or services or reduced offerings of such products and services, or both, none of which would benefit consumers.

Instead, the proposed rule contemplates that liability will be handled by private contract among data providers and authorized third parties. Banking trade groups have appropriately raised concerns that larger market players—such as data aggregators and other nonbank institutions—will be able to leverage their bargaining power to minimize their liability. Leaving liability to private contract also raises the specter of inconsistent treatment of data and remedies for consumers in the event of a breach or misuse of data.

The Proposed Rule’s Potential to Blunt the Promotion of Open Banking

The promise of open banking that the proposed rule seeks to advance may be undone by two of its key aspects.

First, under the proposed rule, data providers are not permitted to charge fees in connection with developing and maintaining the data access interfaces. The costs of developing and maintaining these interfaces will be significant, with various trade groups estimating development costs of approximately “the high tens of millions of dollars”^[10] and ongoing maintenance costs ranging anywhere from “millions of dollars each year”^[11] to “approximately $15 million beyond what is currently spent to provide consumers and third parties with covered data through existing APIs.”^[12] There is also significant cost incurred by a data provider in ensuring the security of that data when it is transferred in response to an access request. Larger institutions may be able to better leverage the work they’ve already put in to facilitate data transfers in the market as it exists today, but smaller financial institutions will not necessarily have done this work. Industry groups have argued that smaller financial institutions in particular may decrease their product offerings to consumers without a way to recoup any of the costs of their technology investments.

Further, the proposed rule imposes limitations on third parties’ use of consumer data obtained from data providers. The proposed rule provides that third parties must limit their use, retention, and collection of covered data to what is “reasonably necessary to provide a consumer’s requested product or service.”^[13] The rule prohibits, as not “reasonably necessary,” use of covered data to provide targeted advertising, to cross-sell other products or services, or to sell the data itself.^[14] While such limitations may be laudable from a consumer privacy perspective, they may nonetheless inhibit the achievement of open banking without greater regulatory clarity about what is “reasonably necessary” to provide a consumer’s requested product or service. It is less than clear, for example, whether a third party may collect and use consumer data to train algorithms that may in turn improve the quality of the requested product or service. Nor is it certain whether a third party may use consumer data to forecast trends that may improve credit underwriting or inform new product development.

Privacy and AI Implications

The interplay between open banking and data rights raises critical issues across state privacy regimes and federal financial services requirements—including the Gramm-Leach-Bliley Act’s safeguarding mandates. Handing users financial data-sharing control across digital services, platforms, and sectors will now drive industry obligations. However, this control sans safeguards will not only create a minefield for privacy overexposure but also open floodgates for bad actors.

When “forced” to share data, financial institutions will need to ensure secure transfer to prevent breach and compromise of consumers’ data. This will include salting, hashing, and/or tokenizing numbers to eliminate security risk, and identifying compromised points—while limiting friction on customer end points. Tokenized Account Numbers (TANs) will assist in the solution, through obfuscating raw data, pinpointing a breach (since TANs are merchant-specific), and promoting scalability. TANs are also utilized by users and merchants today and will fulfill section 1033’s mandate for secure, standardized documentation through a low-code, or no-code integration path.

In addition to the other benefits noted, open banking’s inevitable integration of AI models/algorithms will increase efficiency and user personalization. The increase in reliance on AI-driven data analytics, however, will require a continued balance between innovation and safeguarding user privacy. Named entity recognition (NER), as a subset of natural language processing (NLP), will undoubtedly be used to extract relevant information from open banking’s text-based transaction data—both for beneficial use cases such as organization and ease of customer use and for improper uses like payment surveillance. Machine learning will also solve classification problems with ease—identifying purchasing, prioritizing payments, and supporting other open-banking use cases.

Conclusion

If properly implemented, open banking will drive exciting pro-consumer innovation and competition in financial services. This new reality will have to balance privacy and AI implications to build consumer trust and maximize the potential of section 1033. To do so, the CFPB should take into account legitimate concerns raised by financial institutions regarding the burdens that the proposed rule places on them to ensure the accuracy, integrity, and accessibility of sensitive payments–related and other financial data to consumers and authorized third parties—without any ability to recoup the significant costs involved, to protect themselves against liability once the data leaves their control, or to prepare adequately for compliance with the rule in the absence of certainty as to the role SSOs will play under this regulatory framework.

1. Jehan Patterson is counsel at Debevoise & Plimpton LLP; Sumeet Chugani is general counsel at Cloaked. The coauthors participated on a panel titled “AI + Privacy in the New Age of Open Banking” presented at the American Bar Association’s Consumer Financial Services Committee Winter Meeting on January 7, 2024, in Santa Barbara, California, and their remarks are adapted for this article. In addition, Patterson assisted one of the industry trade groups cited in a footnote to this article in preparing comments on the proposed rulemaking to implement section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. ↑

2. Proposed Rule 12 C.F.R. § 1033.111. ↑

3. Id. §§ 1033.111, 1033.211. ↑

4. Id. §§ 1033.131, 1033.401. ↑

5. Id. § 1033.401. ↑

6. Id. § 1033.421(a), (f). ↑

7. Id. § 1033.301(a). ↑

8. Id. § 1033.311(c)(2). ↑

9. See, e.g., SIFMA Comment Letter (Dec. 20, 2023); Consumer Bankers Association Comment Letter (Dec. 29, 2023); American Bankers Association Comment Letter (Dec. 29, 2023); Bank Policy Institute & Clearing House Association Comment Letter (Dec. 29, 2023). ↑

10. Consumer Bankers Association Comment Letter, supra note 8, at 16. ↑

11. Id. at 17. ↑

12. SIFMA Comment Letter, supra note 8, at 8. ↑

13. Proposed Rule 12 C.F.R. § 1033.421(a)(1). ↑

14. Id. § 1033.421(a)(2). ↑

The case of Hardwick v. 3M, a per- and polyfluoroalkyl substances (PFAS) class action lawsuit filed in Ohio, has been marked as one of the most significant legal cases in recent history. The Sixth Circuit Court of Appeals granted interlocutory review of this enormously significant case on September 9, 2022. However, on November 28, 2023, the Sixth Circuit Court of Appeals dismissed the class action, holding that the lead plaintiff failed to identify which companies made the “forever chemicals” detected in his blood.

The Hardwick case is noteworthy due to the proposed scope of plaintiffs that counsel sought to include in the case. The lawsuit aimed to include any US citizen with detectable levels of PFAS in their blood, which is estimated to be over 95 percent of the US population.

Instead of seeking relief in the form of monetary damages, the suit sought to establish a medical monitoring program for affected citizens. It also sought to establish an independent science panel to study the effects of numerous PFAS on human health. In March 2022, the Ohio court ruled that the class of plaintiffs allowed to proceed with the lawsuit was “[i]ndividuals subject to the laws of Ohio who have 0.05 parts per trillion (ppt) of PFOA (C-8) and at least 0.05 ppt of any other PFAS in their blood serum.”

Although the Ohio federal district court rejected the lead plaintiff’s proposed nationwide class, it nonetheless certified a class of what the Sixth Circuit’s order granting interlocutory review referred to as “nearly all 11.8 million residents of Ohio, along with anyone else otherwise subject to its laws.” The court limited the class to individuals subject to Ohio law instead of making it nationwide due to the fact that numerous states do not yet recognize medical monitoring as a legal cause of action, and some states do not permit lawsuits to proceed for an increased risk of disease without any proof of actual harm.

Sixth Circuit Vacates District Court’s Class Certification

On November 27, 2023, in a strongly worded order, the Sixth Circuit vacated the district court’s class certification and remanded with instructions to dismiss for lack of jurisdiction.^[1] The Sixth Circuit stated that “[s]eldom is so ambitious a case filed on so slight a basis,” acknowledging that PFAS exposure is a “fact of daily life” for Americans, involving thousands of compounds manufactured by thousands of companies over the last fifty-plus years, with human body concentration reductions varying from days to years depending on the compound type.

The Sixth Circuit held that the plaintiff lacked standing due to the absence of particular allegations about how each defendant manufactured or provided a plausible pathway that likely delivered to the plaintiff’s body any one of the five detected PFAS compounds. The court found that the plaintiff pled only collective and conclusory allegations against all defendants for the trace quantities of only five PFAS compounds, while not knowing which companies manufactured those five PFAS compounds, not having any current sickness or symptoms, and not knowing whether PFAS exposure may someday make him sick. Thus, even at the pleadings stage, a plaintiff must do more than make a conclusory “the-defendant-unlawfully-harmed-me-accusation.” Hardwick failed to allege facts “supporting a plausible inference that any of these defendants caused these five particular PFAS to end up in his blood.”

Implications

The Hardwick decision is instructive in evaluating future PFAS claims. Absent evidence of traceability to the defendant at the time of filing, plaintiffs will have a difficult time surviving dispositive motions on the basis of standing. This decision sets forth a burden for standing plaintiffs must meet in order bring PFAS claims against multiple defendants. Plaintiffs must establish a “plausible pathway” at the time of filing. This will require tying an alleged injury to a particular defendant. In short, plaintiffs will have to show traceability back to the defendants at the time of filing the complaint in order to survive dispositive motions.

Facing PFAS exposure claims, companies may want to consider conducting qualified environmental audits with use of outside counsel in identifying sources where PFAS is used either in their manufacturing process or in their parts received by suppliers. Audits will enable companies to distinguish the type of PFAS in question and trace potential exposure pathways for those PFAS chemicals.

Similarly, on January 12, 2024, a northern California federal district court dismissed the PFAS-related class action case of Lowe v. Edgewell Personal Care Company on the grounds that its plaintiffs had not plausibly alleged injury from the products at issue. The Lowe plaintiffs brought their actions against two different tampon product lines, claiming that the presence of PFAS rendered the manufacturer’s various representations about the products “false and misleading.”

The manufacturers filed motions to dismiss the actions on the grounds that the plaintiffs had not plausibly alleged that its products contained PFAS and that any alleged amount of PFAS rendered the products harmful, or that PFAS can be traced back to the manufacturers.

The Court granted defendants’ motion to dismiss, holding that plaintiffs’ allegations provided no specificity as to the results reached by the independent testing or any other findings that would support their interpretation of the testing results. It also found the plaintiffs to have merely speculated that the tampon components were likely to contain PFAS because those chemicals are “frequently” used to make materials water-repellent.

The court further found that plaintiffs’ allegations that the tampons contained PFAS to be insufficient because the plaintiffs did not provide any information showing how much PFAS the tampons might have contained, let alone whether that level of PFAS in a tampon might be harmful.

Conclusion

Hardwick is a virtual roadmap for all companies facing alleged PFAS exposure issues, providing a step-by-step basis for challenging standing. It appears that federal courts will not allow just any complaint containing PFAS allegations to progress past the pleading stage of litigation. Plaintiffs will have to show some plausible pathway that can be traced back to the defendant. Environmental audits focused on a cradle-to-grave examination from the time the PFAS chemical is created or used up through the time it is properly disposed will be invaluable. It will likely require the use of qualified environmental consultants and outside counsel but is well worth the investment of time and expense.

1. Hardwick v. 3M Co. (In re E.I. du Pont de Nemours), 2023 US App. LEXIS 31297 (6th Cir. Nov. 27, 2023). ↑

Canada’s M&A activity is poised at the crossroads of anticipation and opportunity as we step into 2024. Reflecting on both recent trends that have shaped the Canadian legal landscape and predicted ones, it’s clear that a sense of cautious optimism pervades discussions about the future.

In this article, we delve into the anticipated trends in Canada’s M&A landscape for 2024. Through a pragmatic lens, we explore key factors shaping the M&A environment, ranging from considerations like interest rates and inflation to the evolving dynamics of private credit and the increasing international interest in Canadian renewable energy.

Increased Confidence Surrounding Interest Rates and Inflation

In the evolving landscape of Canadian M&A in 2024, a critical factor influencing dealmaking will be the projected stabilization of interest rates and inflation. Some buyers may remain cautious, evaluating economic conditions, while others, stimulated by the “new normal” of higher interest rates, may boldly charge forward with M&A activity.

The Bank of Canada and the US Federal Reserve have each hinted at interest rate cuts in 2024. Though the timing is unclear, the reduced concerns about ongoing inflation and rate increases may drive market activity.

Distressed Acquisition Opportunities

The aftermath of government support during the post-COVID-19 era, coupled with the impact of high interest rates, has created a landscape ripe with distressed acquisition opportunities and restructuring potential. Limited liquidity and inflated valuations will compel organizations to evaluate strategic alternatives, leading to an expected uptick in distressed M&A activities. In 2024, well-capitalized companies are anticipated to be well poised to engage in strategic acquisition transactions at discounted prices.

Less Frenzied M&A Market

A notable shift in the M&A landscape for 2024 is the anticipation of a less frenzied market characterized by greater parity among buyers and sellers. The days of rushed transactions may give way to a more deliberate approach, with extended negotiation periods and in-depth due diligence becoming the norm. Both buyers and sellers are expected to exercise heightened caution, leading to more balanced and nuanced deal terms, including the continued prevalence of earn-out structures. This shift towards a measured M&A environment emphasizes the importance of thorough assessments and collaborative negotiations in achieving mutually beneficial outcomes.

The delicate balance between risk and reward will bring dealmakers back to the negotiating table, fostering a climate where astute decision-making becomes paramount. Within this context, we are cautiously optimistic that we will see continued deal activity in 2024, with stakeholders keenly assessing the impact of the economic factors discussed above on transaction dynamics.

Increased Availability and Use of Private Sources of Funds

In response to the evolving financial landscape, a notable trend on the horizon is the increased use of private credit to finance purchase prices. The significant increase in borrowing costs, not wholly offset by decreased valuations for targets, means that traditional banks constrained by regulatory frameworks and risk appetites may be unable or unwilling to provide the capital required for M&A transactions. Consequently, private credit has become an attractive alternative source of capital. Dealmakers are expected to increasingly turn to private credit instruments and innovative financial solutions in 2024. Borrowers are also likely to leverage their existing lending relationships, as banks and other lenders will be more willing to deploy their capital to borrowers with whom they have established a history.

Regulatory Scrutiny

A growing consensus among competition regulators and policymakers suggests that many markets have become less competitive, necessitating heightened merger enforcement. In 2024, regulatory bodies are expected to intensify their examination of foreign investment transactions and strategic combinations.

Proposed changes to the Competition Act aim to strengthen the Competition Bureau’s enforcement powers, penalties, and sanctions. These changes subject more mergers to notification and approval requirements, lowering the bar for the Bureau to challenge transactions. The result is regulatory uncertainty and increased costs. Such considerations lessen the attraction for some companies seeking to engage in Canadian business deals.

Attention on ESG and Canadian Renewable Energy

Canada’s renewable energy sector is poised to attract heightened international interest in 2024. As global initiatives focus on sustainable practices, Canadian projects present attractive investment opportunities. The confluence of Canada’s commitment to ESG, including renewable energy targets, and the international appetite for green investments positions the country as a key player in the global energy transition. For investors looking to take advantage of more readily available capital, projects involving clean energy innovation will be an attractive option, given the Canadian federal budget and provincial measures being used to entice investment. Investors and dealmakers alike are expected to explore partnerships and acquisitions within the Canadian renewable energy landscape, contributing to the sector’s growth and fostering international collaboration.

With this said, it is growing increasingly important that parties to M&A transactions carefully evaluate and structure their deals with ESG considerations top of mind, ensuring that a clear narrative, targets, and performance indicators are employed. This is especially true for larger public or multinational companies, given the rising pressure from investors and stakeholders to prioritize ESG considerations.

Conclusion

The landscape of Canadian M&A in 2024 is characterized by opportunity—to create value through creative financing, strategic acquisitions, and carefully considered deal terms and structures. As we anticipate the stabilization of interest rates and inflation, the surge in private credit, international interest in Canadian renewable energy, distressed acquisition opportunities, increased regulatory scrutiny, and a less frenzied M&A market, strategic and well-informed dealmakers and their legal representatives are poised to capitalize on the evolving M&A terrain.

The trends forecast for 2024 underscore the importance of strategic foresight, adaptability, and a nuanced understanding of the intricacies inherent in each transaction. As the legal landscape responds to economic shifts and global imperatives, dealmakers can leverage this knowledge to navigate M&A scenarios with confidence and clarity.

This article is adapted from the Fund Director’s Guidebook, Fifth Edition, by the American Bar Association Business Law Section’s Federal Regulation of Securities Committee.

To fulfill their responsibilities, directors or trustees (“directors”) of US investment companies registered under the Investment Company Act of 1940 (“1940 Act”) should have a solid understanding of the robust regulatory structure that the funds they oversee are subject to. The American Bar Association Business Law Section has updated its Fund Director’s Guidebook, a key resource for registered fund directors as a primer on that regulatory regime, directors’ responsibilities, and key areas of oversight. The Fund Director’s Guidebook, Fifth Edition is available for purchase from the ABA.

Many investment companies, including mutual funds, exchange-traded funds, and closed-end funds, are registered with the Securities and Exchange Commission (“SEC”) under the 1940 Act. The 1940 Act mandates compliance with extensive and comprehensive requirements that, for example, govern capital structure, prohibit certain types of investments, restrict transactions with affiliates, and regulate investment advisory and distribution arrangements. Regulation extends to such matters as composition of a fund’s board and election of directors, capital structure and derivatives risk, portfolio transactions, custodial arrangements, fidelity bonding, selection of accountants and auditing standards, compliance programs, valuation and pricing of shares, and portfolio liquidity, among others. Beyond the 1940 Act, the regulatory regime for investment companies also includes the Investment Advisers Act of 1940, the Securities Act of 1933, the Securities Exchange Act of 1934, the Commodity Exchange Act, regulations of the SEC and the Commodity Futures Trading Commission (CFTC), other regulators and self-regulatory organizations, and laws of the states where the funds are organized.

The comprehensive regulatory regime applicable to registered funds—contained in the 1940 Act and the SEC’s rules thereunder in particular—contemplates an important and active role for fund directors. Because of the external management structure typical of most investment companies, the role of the directors of a fund or group of funds differs in important respects from the role of the board of directors of an operating company. The external manager of a fund necessarily operates its business in its own best interests, which may not always be congruent with the best interests of the fund’s shareholders.

For this reason, although fund management and fund shareholders have common interests in many areas, there are actual and potential conflicts of interest between the two. Under the 1940 Act regulatory framework, the directors (particularly the independent directors) are responsible for monitoring potential and existing conflicts and representing the interests of fund shareholders. Although fund directors generally work closely and cooperatively with fund management, the directors—particularly independent directors—must exercise independent judgment. Although the most obvious conflicts overseen by fund directors relate to fees and other expenses paid by, and the quality of services provided to, the fund, there are others as well. Independent directors represent the interests of fund shareholders when those interests might conflict with those of the adviser.

The Fund Director’s Guidebook serves as a convenient resource for directors of mutual funds, exchange-traded funds, and closed-end funds. It provides an overview of the functions, responsibilities, and potential liabilities of fund directors, under both the federal securities laws (including the 1940 Act) and corporate or trust law generally, as well as information about the structure and operations of the board and its relationship to the investment adviser, the distributor, and others important to the fund. The Guidebook is intended to help directors discharge their responsibilities by providing them with practical information and guidance to help them understand their duties and ask the right questions.

It is important to note that the manner and the environment in which funds operate are constantly evolving, as are the regulations governing fund and investment management activities and the industry itself. It is essential that fund directors and management stay abreast of new industry and regulatory developments affecting how business is conducted.

In an attempt to keep up with the pace of the developing industry and its regulatory environment, the Guidebook was initially published in 1996 and was subsequently updated in 2003, 2006, and 2015. The fifth edition reflects a large number of regulatory developments since 2015, covering significant completed and pending rulemakings and other initiatives by the SEC as well as industry developments, including those relating to:

• liquidity risk and cybersecurity risk management;
• exchange traded funds;
• the use by funds of derivatives;
• fair valuation;
• funds investing in other funds;
• money market fund reform;
• fund names;
• environmental (including climate), social, and governance (ESG) investing;
• LIBOR transition;
• responses to the COVID-19 pandemic; and
• a greater focus on diversity, equity, and inclusion.

The American Bar Association Business Law Section recommends that copies of the Guidebook be shared with fund directors and those that assist fund directors in carrying out their oversight function. Fund advisers, law firms with practices in this area, and other service providers to registered funds will also find the Guidebook to be a helpful resource.

Companies with international product distribution face considerable logistical challenges just getting a product to its intended market. Additionally, that product will likely come back to the United States in the form of unauthorized gray-market goods. The good news is that there are many tools in the legal toolbox for stopping those imports.

In a July 2019 article and a July 2020 article for Business Law Today, we highlighted how to use the US International Trade Commission (ITC) to stop unauthorized imports at the border. But there are many other options that companies can use to police the market and address the shifting realities of the post-COVID-19 economy.

Since the supply chain disruptions caused by the pandemic, companies are seeing counterfeit goods mixed in with gray-market goods (which were already problematic) more and more often. United States trademark, anti-counterfeiting, and anti–unfair competition laws provide private causes of action that companies can use to aggressively shut down unauthorized resellers of gray-market and counterfeit goods. These laws provide for seizures of goods, injunctive relief, and recovery of substantial compensatory, equitable, and punitive monetary damages.

The Problem

In today’s global economy, companies in the United States face unlawful importation of goods from abroad bearing genuine trademarks—referred to as gray-market infringement—as well as the importation and sale of counterfeit goods that can include spurious marks, labels, and paperwork. Even though the height of the COVID-19 pandemic is now behind us, the lingering effects of severe supply chain issues can present ripe opportunities for unauthorized goods to enter the United States via online marketplaces run by bad actors located anywhere.

The Tools

The ITC remains an important venue for stopping unauthorized imports and has the benefit of offering broad injunctive relief in the form of general exclusion orders. However, monetary relief is not available at the ITC.

When the identity of unlawful importers is known and US sales are substantial, actions brought in federal district courts allow companies to seek monetary damages as well as injunctive relief. In our experience, a powerful case against infringers can be built from the multiple available causes of action under federal and state law.

First, claims can be brought under the Lanham Act (15 USC 1051 et seq.) for trademark infringement, false advertising, false designation of origin, and dilution. The pathways available under the Lanham Act for monetary recovery depend on the violations for which the defendant is found liable. It is therefore important to conduct a thorough investigation and marshal the appropriate facts regarding the defendant’s activities so that all potential violations can be pleaded and tried against the defendant.

Second, private claims can be brought under federal and state anti-counterfeiting laws. In our experience, those laws provide strong avenues for investigating and stopping counterfeiting, including ex parte seizures, expedited discovery, asset freezes, and preliminary injunctive relief. These tools can be used in addition to those available for simple gray-market infringement claims. For instance, an unauthorized reseller that engages in both counterfeiting and gray-market infringement of other products beyond the counterfeit products commits multiple violations under the Lanham Act. Besides civil counterfeiting actions, the government can initiate criminal prosecution under US counterfeiting laws that include serious penalties.

Third, plaintiffs can bring suits under various state and common-law unfair competition, unjust enrichment, and deceptive trade practices laws. These laws differ from state to state but mostly track the Lanham Act’s prohibition against false, misleading, or deceptive acts or practices that are likely to confuse consumers, which typically include trademark infringement. One advantage of this approach is that many of these state statutes allow for automatic entitlement to attorney fees, without a need to prove that the case is exceptional as with Lanham Act claims.

State laws governing deceptive trade practices and unfair competition may also be triggered by a broader scope of conduct than claims under the Lanham Act, such as passing off, deceptive representation of geographic origin, selling old products as new, false or misleading advertising, and other specific deceptive practices. These additional causes of action can be powerful tools when companies are faced with an unauthorized reseller engaged in activity that aligns with the language of the relevant statute.

Available Remedies for Gray-Market and Counterfeiting Cases

Claims under the Lanham Act and state law can allow for multiple nonexclusive remedies for trademark infringement arising from the sale of gray-market goods and counterfeiting. These include seizures of goods, injunctive relief, and recovery of substantial compensatory, equitable, and statutory monetary damages as well as attorney fees. State law and common-law claims for unfair competition and deceptive trade practices can also implicate powerful punitive damages.

Injunctive Relief

Under the Lanham Act, a court is authorized to grant an injunction “according to the principles of equity and upon such terms as the court may deem reasonable” in trademark infringement, false advertising, trademark dilution, and cyberpiracy claims brought under Section 43 of the Act. To obtain such relief, the trademark holder must demonstrate a likelihood of success on the merits, irreparable harm, and that a balancing of equities and the public interest favors the entry of an injunction.

Historically, some circuits applied a rebuttable presumption of irreparable harm upon a finding of infringement, while other circuits did not. Some circuits did not apply the presumption for some claims, such as false advertising in cases of implied falsity or when the defendant’s false claims were about its own products. However, the Trademark Modernization Act of 2020 amended Section 34(a) of the Lanham Act to restore a rebuttable presumption of irreparable harm upon a finding of infringement, including causes of action brought under Section 43 of the Lanham Act. Prevailing plaintiffs can now seek injunctive relief with more confidence, including for false advertising claims.

Monetary Relief

The Lanham Act specifies that victorious plaintiffs shall be entitled to recover, subject to the principles of equity: (1) the defendant’s profits; (2) any damages sustained by the plaintiff; and (3) the costs of the action. Under Section 1117(a) of the Lanham Act, courts have great latitude to adjust these profits and damages, including the discretion to enter judgment “for any sum above the amount found as actual damages” according to the circumstances of the case. Under Section 1117(a), courts also may exercise discretion to enter judgment for any “sum as the court shall find to be just” if it finds that the amount of the recovery based on profits is either inadequate or excessive.

The Lanham Act also provides for treble damages for violations involving the intentional use of a counterfeit mark. Moreover, in cases involving the use of a counterfeit mark, at any time before judgment is entered, the plaintiff may elect to recover statutory damages within a prescribed range of $1,000 to $200,000 per counterfeit mark per type of goods or services sold and up to as much as $2 million for willful infringement. The court may award reasonable attorney fees to the prevailing party in exceptional cases.

The rationales behind the Lanham Act’s damages and remedy provisions can be powerful tools for plaintiffs to (1) avoid the defendant’s profiting off its infringement; (2) compensate the plaintiff for damages it sustained; and (3) deter infringement by the defendant or deter others from engaging in similar acts. Plaintiffs should keep these three principles in mind when crafting their damages case to ensure that the court has the necessary evidence to consider each of the rationales in a trademark owner’s favor. For instance, the brazen nature of a willful infringer can help to establish that there is a strong need for deterrence of others that may follow in the infringer’s footsteps for a quick but unlawful profit. While the Lanham Act is not designed to punish infringers, defendants that are found liable under state law and common-law unfair competition claims can be assessed additional punitive damages to punish outrageous conduct that was intentional or reckless.

Split Burden to Show Revenues and Costs

Trademark owners bringing claims against counterfeiters and gray-market infringers often face the difficult task of demonstrating the scope of the wrongdoing. Counterfeiters often take great care to cover their steps or avoid a paper trail. To level the playing field, the Lanham Act includes a burden-shifting framework trademark owners can use to great effect.

In assessing profits under Section 1117(a) of the Lanham Act, the plaintiff “shall be required to prove defendant’s sales only.” The burden flips to the defendant to “prove all elements of cost or deduction claimed,” and the defendant must demonstrate how any alleged deductible cost contributed to the sale of the infringing product. If a defendant is unable or unwilling to meet this burden, courts have discretion to award the entire gross revenue as the defendant’s profit. Moreover, if damages cannot be proven with certainty because of a defendant’s own actions, whether it be through a purposeful lack of recordkeeping or obstruction in discovery, courts can hold the uncertainty against the defendant. The burden-shifting framework can provide a powerful boost to plaintiffs facing uncooperative or sophisticated infringers and counterfeiters.

Conclusion

Companies have many different tools at their disposal to police the market and guard against the unlawful importation of gray-market and counterfeit goods. The ITC presents an important venue for broad injunctive relief. In addition, actions brought in federal district courts can be a powerful option against unlawful importers that allow companies to seek injunctive relief as well as monetary damages. There, companies can seek multiple nonexclusive remedies that include seizures of goods, injunctive relief, and the recovery of compensatory, equitable, and statutory monetary damages as well as attorney fees, along with the potential for punitive damages in certain cases. Companies that are aware of these different tools can take proactive steps to investigate infringers and counterfeiters to prepare for efficient litigation and advantageously leverage these tools to combat unlawful importation and sales.

Impact investing has been gaining new prominence recently to respond to the environmental and social challenges that the traditional frameworks of philanthropy alone could not address. Impact investors generally seek to generate a double or multiple bottom-line, meaning achieving positive social and/or environmental change in addition to securing a financial return. Some examples of impact investors include development finance institutions, banks, impact investing firms, family offices, public charities, and private foundations. These entities usually invest in ventures aligned with their mission, priorities, or sustainable goals (e.g., clean energy, health, education, financial services, sustainable agriculture, gender equality). Many examples of successful impact investments and ventures exist. One such success story is the Patagonia venture fund launched in 2013, known as Tin Shed Ventures, which invests in “innovations that overcome systemic barriers to regenerative agriculture adoption on land and water,” with outcomes including the reduction of waste and the environmental impacts of agriculture.

Innovation in the field of impact investing has translated into creative legal innovation including the evolution of new financing tools, such as the B corporation, revenue-based financing, and recoverable grant and social bond structures. The impact investing industry is also using innovative blended finance structures to more adequately balance impact and financial objectives.

The effectiveness of impact investing implies considering the long-term lasting impact of an investment, including after liquidation. For that reason, achieving a “responsible exit” when divesting is crucial. Exits need to be structured at the outset to ensure that the liquidation of the impact investment is accountable to the communities being served and intentional about continuing the positive impact for society.

I. Considerations at the time and during the life of the investment

Planning for a responsible exit should start long before an actual divestment. To accommodate a responsible exit, when investing, an impact investor can seek to invest in mission-driven founders and should understand the founders’ plans for growth and possible exit scenarios. As a condition to investment, and then during the investment, impact investors should look to design ways to influence policies and achieve certain impact metrics. When considering attracting additional investors, impact investors can also undertake proper due diligence to ensure alignment of any co-investors with the company’s mission, and they should provide for contractual mechanisms to protect the mission of the investment.

Mission-driven leadership. Impact investing also means investing in a team that will embed the mission in the company and its operations. Selecting a founder of the venture and a management team who are aligned with the impact investor’s objectives and deeply committed to the mission is often the best way to create a lasting impact. Founders likely will want to retain a degree of control over the venture company’s mission (e.g., by creating separate classes of voting stock and vesting in the founders certain voting or veto rights over identified decisions affecting the mission).

Effective policies. Impact investors can also lay the groundwork for responsible exits during the life of their investment. The investor can promote effective policies related to Environmental, Social, and Governance (“ESG”) and related issues, and it can make sure those policies are implemented by systematizing reporting requirements, compliance, and audit checks. Good governance and policy implementation should be a key focus of impact investing, and it should never be underestimated when exploring and negotiating the investment. Embedding certain ethical principles and instilling ESG and equivalent policies and practices into the business is essential to a responsible investment, and should be factored into the investment strategy. Depending on the industry, investors can even take additional steps by seeking to ensure that their investments obtain the highest level of third-party certification available in that industry (e.g., B Corp certification, or, in the case of financial institutions, client protection certification from bodies approved by Cerise+SPTF, which provides confidence that a financial service provider adequately follows client protection principles).

Investor alignment and legal protection mechanisms. Structuring the investment with investors sharing a similar philosophy can also influence whether an investment will be able to grow sustainably while also subsequently achieving a responsible exit. Mechanisms should be incorporated in a shareholder’s agreement (or equivalent document) to enshrine the mission consistent with the objectives described above. The impact investor can require that certain impact metrics (such as the number of lives impacted, the progress on gender equality and women and girls’ empowerment, or the alignment with certain United Nations’ Sustainable Development Goals) are met in connection with their investment. A supermajority vote or founder consent may be required for any amendment to the mission statement for mergers, reorganizations, or stock transfer as discussed above. Put option or redemption rights may be available, and in fact, are often requested by impact investors as mechanisms to withdraw from the investment under the occurrence of certain triggering events (e.g., if the company fails to meet or maintain certain impact objectives or results). Such provisions are also used by impact investors to protect against reputational risk if, for example, the company’s activities become misaligned with the investor’s mission, priorities, policies, or regulations.

II. Considerations at the time of exit

When it is time to divest, the ability to achieve a responsible exit may be challenged by several factors. The exiting impact investor and the prospective ideal buyer may not always have the same time horizon, resulting in the need to compromise, depending on availability of adequate buyers. In addition, finding the perfect buyer with an aligned mission can prove to be difficult in some markets. Finally, enshrining mission preservation principles in the legal documentation at exit is at best difficult and at worst impossible.

Timing the exit. In the impact investing space (similar to other types of investments), timing an exit may depend on several factors. The investors may have decided that their mission or impact objectives have been accomplished, and now they need to deploy their capital elsewhere. Additional capital may also be required to further the mission, capital that the current investors may not be willing or able to provide. Scarcity of aligned buyers is another factor in determining the timing and conditions of an exit. For instance, an aligned buyer may want to invest at a specific time when no other aligned buyers are available at that time. This, in turn, forces the divesting impact investors to be more accommodating from a financial (i.e., pricing) perspective if they believe long-term impact may be created. Being flexible in terms of timing may also allow for better, more responsible exits.

Buyer selection and mission alignment. Identifying buyers aligned with the company’s mission is generally the best guarantee that such mission and related impact will be continued. Impact investors should perform a thorough due diligence on the buyer to increase the likelihood of continued impact after exit. In addition to the traditional Know Your Customer searches on the buyer, impact investors should understand the industry reputation of the buyer, along with the prospective buyer’s track record of achieving impact objectives. The buyer should also have the financial capacity to carry the mission forward. One complicating factor, though, is that the impact investors may not have multiple buyers available at a time when they are under financial constraint. Identifying and vetting the right buyer and preserving the financial situation of the investment will also, at times, require a balancing act.

Legal documentation protections. Legally enshrining the mission preservation in the legal documents at the time of exit through various covenants is often challenging and may be subject to difficult negotiations. At the core of preserving the mission is ensuring that the employees of the divested company are protected. Employees who decide to work in impact investing often have made the choice consciously and care deeply about their company’s mission. Once the impact investor has divested, these employees are needed to help carry the mission forward and thus realize its objectives. Hence, protecting the employees at the time of exit should be part of the negotiations both at the time of investment and upon exit. This is particularly important given that covenants in the sales closing documentation requiring new owners to preserve impact post-closing are often difficult to negotiate and most of the time ineffective. It would generally be very difficult for impact investors to ensure compliance post-closing with these conditions, and the likelihood of exited impact investors suing a buyer to enforce these covenants is unlikely in practice.

Conclusion

When companies reach a level of maturity such that a new strategic investor is needed, or when a reallocation of resources is necessary, impact investors may decide to exit responsibly to mitigate any mission drift, and in the hope that their investment will have a lasting impact. Despite its challenges (e.g., lack of appropriate buyers, difficulties in enforcing impact-related covenants), trying to achieve a responsible exit is paramount for impact investors. Put simply, it means caring about the population served and wanting to leave them in a better, more lasting position with new investors who share similar values. Not exiting responsibly can also have severe reputational consequences, which may result in an impact investor being unable to raise future capital or source deals. In some industries, selling to the wrong buyer can also have dire consequences (e.g., in the case of microfinance, selling a company to a predatory lender means negatively impacting the population the impact investor seeks to serve). Careful exit planning throughout the investment, nevertheless, can achieve a responsible and sustainable investment aligned with the original mission.

Last updated on December 31, 2024.

This is a summary of the Hotshot course “Fraud Carve-Outs: Market Trends,” in which ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP discuss market trends for fraud carve-outs, drawing on data from the ABA M&A Committee’s Private Target Deal Points Study. View the course here.

Fraud Carve-Outs: Market Trends

• Market trends indicate that there’s increasing awareness of the importance of defining fraud in acquisition agreements.
• According to the 2023 ABA M&A Committee’s Private Target Deal Points Study, fraud was carved out of the Exclusive Remedy provision in 87% of deals in 2022 and the first quarter of 2023. Of these deals:
  • 26% leave fraud undefined;
  • 70% refer to “actual” or “intentional” fraud; and
    • 30% of those refer to different types of fraud, like common law fraud or intentional misrepresentation.
• The number of deals that leave fraud undefined has decreased over the years:
  • 74% in 2014;
  • 63% in 2016 to 2017;
  • 39% in 2018 to 2019;
  • 32% in 2020 to 2021; and
  • 26% in 2022 to 2023.
• Because the Study only looked at material transactions between public companies and private parties, a substantial number of transactions were excluded.
  • Anecdotal information is that the vast majority of private equity deals include defined fraud carve-outs that limit fraud to deliberate falsehoods, knowingly made in the written representations and warranties of the acquisition agreement.
    • This supports the trend shown in the Study away from the use of undefined fraud carve-outs.

The rest of the video includes interviews with ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP.

Download a copy of this summary here.

This is a summary of the Hotshot course “Fraud Carve-Outs: Drafting,” a look at different approaches to drafting a fraud carve-out in an acquisition agreement. The course includes drafting tips and perspectives from ABA M&A Committee members Tali Sealman from White & Case LLP and Glenn West from Weil, Gotshal & Manges LLP. View the course here.

Drafting Fraud Definitions and Carve-Outs

• This is a typical undefined fraud carve out to an exclusive remedy provision:
  

  Following the Closing, except in the case of fraud (for which no limitations set forth herein shall be applicable), the sole and exclusive remedy of the parties hereto for monetary damages arising out of, relating to or resulting from any claim for breach of any covenant, agreement, representation or warranty set forth in this Agreement, the Disclosure Schedule, or any certificate delivered by a party with respect hereto will be limited to those contained in this Article IX.

  (Emphasis added)

• The language in this sample provision says the following:
  • Except in the case of fraud, a party’s sole remedy for monetary damages arising from a breach of any covenant, agreement, representation, or warranty in the agreement—and related documents—is limited to the indemnification rights provided under the agreement.
  • The indemnification rights are subject to caps and baskets as well as a limited definition of recoverable losses.
  • In cases of fraud, none of the limitations provided in the indemnification section will apply.
• This is a buyer-friendly approach to a fraud carve-out because it leaves the definition of fraud open to interpretation.
  • It gives the buyer lots of options when bringing a fraud claim.
• However, leaving fraud undefined raises several questions:
  • What type of fraud is included?
  • Which statements can form the basis of a fraud claim?
  • Whose knowledge matters?
  • Who can be held liable?
  • What type of claim can be brought for fraud? A tort-based claim or an uncapped indemnification claim?
• To avoid the unintended consequences that can occur when the above questions are left unanswered, parties typically define what counts as “fraud.”
  • This can be done in the carve-out to the Exclusive Remedy provision itself or as a defined term that’s referred to in the carve-out.

Sample Provision Defining “Fraud” in the Exclusive Remedies Provision

Except in the case of claims of intentional common law fraud respecting the express representations and warranties set forth in this Agreement and asserted against the Person who knowingly committed such intentional common law fraud, claims for indemnification brought in accordance with and subject to this Article IX shall be the sole and exclusive remedy of any Indemnitee for Losses from and after the Closing Date with respect to any claim arising from, based upon, or related to this Agreement (whether in contract or tort).

• In this example, the type of fraud that’s subject to the carve-out is limited to intentional common law fraud.
  • So both equitable fraud and common law fraud based on recklessness are not included.
• The types of statements that can form the basis of the fraud are only the reps and warranties actually set forth in the written acquisition agreement.
  • This helps eliminate any conflict between the fraud carve-out in this Exclusive Remedy provision and the No-Reliance clause, which says that the buyer isn’t relying on any representations or duties to disclose other than those expressly set forth in the acquisition agreement.
• The provision goes on to specify that only the “Persons”—usually defined as entities or natural persons—who actually committed the fraud can be held liable.
  • In other words, only the “Persons” who knew the rep was false when made and caused or allowed that rep to be made anyway would have exposure.
  • So under this provision, innocent sellers are not liable for fraud committed by other sellers.
• The provision also limits the carved-out fraud claim to a tort-based claim for common law fraud because it does not expressly preserve an uncapped indemnification claim based on the allegation of fraud.

Sample Provision Where Fraud Is Included in the Definitions Section of the Agreement

“Fraud” shall mean with respect to the Sellers, any intentional common law fraud with respect to the making of the express representations and warranties of the Sellers set forth in Article IV, provided, that any such intentional common law fraud of the Sellers shall only be deemed to exist if any of the individuals identified in the definition of “Knowledge,” as applicable to the Sellers, had actual knowledge (as opposed to imputed or constructive knowledge) that the representations and warranties made by the Sellers in Article IV were actually false when made, with the express intention that Buyers rely thereon to their detriment.

(Emphasis Added)

• Like the first example, this definition addresses most of the major concerns that arise when fraud is undefined.
• It also limits the type of fraud to only “intentional common law fraud” and restricts the types of statements that can form the basis of a fraud claim to the written reps and warranties in the agreement itself.
• In terms of whose knowledge matters, the parties here have specified a “knowledge group.”
  • So the actions of any one of the named individuals in the group could result in a fraud claim.
• The definition goes on to require that the named person had actual knowledge that the reps and warranties were actually false when made.
• To understand how this definition works, we have to look at it in the context of the Exclusive Remedy provision. Here’s an example of what that would look like:
  

  Claims for indemnification brought in accordance with and subject to this Article IX shall be the sole and exclusive remedy of any Indemnitee for Losses from and after the Closing Date with respect to any claim arising from, based upon, or related to this Agreement (whether in contract or tort); provided, however that in the case of Fraud, the caps and baskets set forth in this Article IX shall not be applicable.

• The Exclusive Remedy provision says that a party’s sole remedy for a breach is the indemnification rights provided under the agreement, except in the case of fraud with a capital F.
• Unlike the prior example, this provision expressly maintains the right to bring an indemnification-based claim for “Fraud,” but eliminates the caps and baskets otherwise applicable.
  • This may or may not be more buyer-friendly depending on the definition of losses and other applicable limitations in the indemnification provision.
• But because “Fraud” has been defined so that all of the Sellers are liable for the fraud of any of the Seller’s Knowledge parties, even though other Sellers may have been innocent, this is more buyer-friendly than the first approach.
  • If there are multiple sellers in a deal (for example, a company with many stockholders), this approach is rare since some sellers may be completely passive and have no way of knowing whether the reps and warranties being made by the knowledge parties are accurate.
• This is an example of where the negotiated fraud carve-out, even though well defined, is more expansive than the judicially created, public-policy carve out imposed in many states.

The rest of the video includes interviews with ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP.

Download a copy of this summary here.

This is a summary of the Hotshot course “Fraud Carve-Outs,” an introduction to fraud carve-outs and the issues parties consider when defining fraud, such as who’s liable, whose knowledge matters, what types of fraud claims can be brought, and what statements can form the basis for a fraud claim. View the course here.

Explaining Fraud Carve-Outs

• Indemnification rights for breaches of representations and warranties in a private acquisition agreement are typically heavily negotiated. The parties often agree to limit these rights through:
  • Caps, baskets, and loss exclusions; and
  • An Exclusive Remedy provision which says that the rights and remedies in the indemnification section are the only ones available if there’s a breach of the written reps and warranties.
• In addition, when a buyer gets rep & warranty insurance, a seller’s contractual liability for breaches can be eliminated altogether.
• There’s an important exception to these limitations for claims involving fraud that either the parties agree to or that’s imposed by law in many states:
  • If the seller commits fraud when making reps or warranties to the buyer, the buyer wants to be able to bring a claim for that fraud, either as:
    • A tort-based claim; or
    • A contract-based claim that’s not subject to the caps and baskets that otherwise apply to indemnification claims—in this summary, this is referred to as an “uncapped indemnification claim.”
• This exception for fraud is known as a “fraud carve-out,” and when the parties agree to it, it’s usually included in the Exclusive Remedy provision of the acquisition agreement.
• Whether or not to include a fraud carve-out isn’t typically an issue because sellers usually agree to include some form of it.
  • The issue that does arise is whether and how the term “fraud” is defined for purposes of the carve-out.
• While fraud may seem straightforward, it’s actually a complex concept that parties need to define carefully.
  • There are different types and sources of fraud claims as well as different states of mind that could be required to constitute fraud.
  • Depending on how a fraud carve-out is drafted, there are also a number of remedies that could be available as well as various people who could be held responsible for that fraud.
• The parties need to weigh all these considerations and potential outcomes when negotiating a fraud carve-out.
  • Sellers, of course, benefit from a narrow definition of fraud.
    • They want to limit the scope of the fraud carve-out to a defined set of circumstances where the sellers deliberately included a representation in the agreement knowing it was false.
  • Buyers prefer either no definition at all or a broader definition that includes misstatements made both in and outside of the agreement by any one of the sellers or their representatives.
    • They want liability to extend to all sellers, including sellers who may not actually have direct knowledge of the underlying fraud.

Leaving Fraud Undefined

• Many agreements leave fraud undefined, which can cause uncertainty and significant unintended consequences related to:
  • The types of fraud claims that can be brought;
  • The statements that can form the basis of those claims; and
  • The people that could be held liable because of the fraud.
• In M&A agreements, reps are often seen as risk allocation devices—not literal statements of truth.
  • A party may—and often does—make several reps believing them to be true, but without any way of determining (or any evidence supporting) their actual truth.
• If a fraud carve-out doesn’t clarify what counts as fraud, a party could be exposed to uncapped liability for:
  • An innocent or negligent misrepresentation (known as “equitable fraud”); or
  • A reckless misrepresentation (a type of traditional common-law fraud).
• For example:
  • A seller may rep and believe that its business has been in compliance with all laws for the past five years, even though it doesn’t actually know for sure if the statement is true.
  • Similarly, the seller may make a rep based upon information provided by its management team that a member of the management team knew to be false even though the seller itself did not.
  • The seller agrees to make these reps because it’s a fair allocation of risk. And the seller is prepared to indemnify the buyer subject to the contractual caps, even though in both cases the seller has no actual knowledge of the truth or falsity of the reps.
• Even if it’s not the parties’ intention, an undefined fraud carve-out could expose the seller to the following possibilities:
  • The seller could be responsible for recklessly making false reps even if the seller made those reps in a way consistent with industry practice.
  • The seller could be responsible for innocent or negligent misrepresentations in the reps if the applicable jurisdiction allows these types of equitable fraud claims.
  • The seller could be exposed to tort-based fraud claims or uncapped indemnification.
• Defining fraud helps protect against these situations and clarifies when the seller truly has uncapped liability.

Defining Fraud

• A well-defined fraud carve-out explains:
  • The type of fraud that’s covered and the type of knowledge or scienter necessary to establish that fraud;
  • Which statements can form the basis of fraud, meaning those made inside or outside the agreement;
  • Whose knowledge matters;
  • Who’s liable for the fraud; and
  • Whether a party can bring a tort-based claim or an uncapped indemnification claim for the alleged fraud.

Type of Fraud

• There’s no unified definition of fraud across jurisdictions, so when an agreement leaves the term undefined it’s unclear which definition and therefore which type of claim and level of knowledge is intended. For example, there’s:
  • Common-law fraud, which can be based on:
    • A representation that was made even though it was known to be false;
    • A representation that was made recklessly but without sufficient basis to actually know it was true; or
    • Under certain circumstances, even nondisclosures.
  • Equitable fraud, in which a completely innocent or at worst negligent misrepresentation made neither knowingly nor recklessly can constitute fraud; and
  • Promissory fraud, which is a form of common law fraud involving the oral communication of a promise to do something in the future that the promisor allegedly never intended to actually do.
    • This can effectively result in a breach of contract claim being recast as a tort-based fraud claim.
• Most buyers acknowledge that the fraud they have in mind when negotiating the carve-out is specifically when the seller knowingly makes a material false statement of fact that the buyer relies on.
  • So buyers are often willing to include a definition of the term that matches this expectation.
• If the term is undefined, then the parties open up the possibility of any or all of the various types of fraud being included in the carve-out.

Type of Statements

• Parties also consider the type of statements that can form the basis of a potential fraud claim.
• A No-Reliance clause is when the buyer agrees that it’s not relying on any representations or duties to disclose other than those expressly set forth in the acquisition agreement.
  • In most states, if the parties have included a No-Reliance clause in the agreement, only those written reps and warranties can form the basis for a fraud claim.
• When fraud is left undefined in the carve-out, there could be a conflict between the No-Reliance clause and the carve-out.
  • This can raise questions about whether both contractual and extra- contractual representations should be allowed as the basis of a fraud claim.

Whose Knowledge Matters

• In addition, the definition of fraud can specify whose knowledge matters when it comes to fraud that’s based on a knowing misstatement.
• The definition could include a specific set of individuals (like certain named officers) or a larger group of people (like all sellers and the management team).

Who is Liable

• Similarly, parties sometimes specify who can be held liable for fraud.
• A poorly defined fraud carve-out can result in innocent sellers being liable for the fraud of the guilty sellers.
  • If that’s the deal that the parties negotiated, then it’s not a problem.
  • But if it was never discussed, then this could result in an unwelcome surprise to an innocent stockholder.

Type of Fraud Claim

• Finally, whether a party can bring a tort-based claim or an uncapped indemnification claim for alleged fraud has implications on the party’s potential recovery and pool of defendants. For example:
  • An uncapped indemnification claim based on alleged fraud might result in a larger recovery than a simple tort-based claim would in the applicable jurisdiction. The buyer may be able to seek damages from all of the sellers, regardless of whether they committed the alleged fraud.
  • On the other hand, the definition of indemnifiable losses in the agreement might be so limited—for example, if punitive damages are excluded—that the buyer would be better off making a tort-based common law fraud claim even though that type of claim can usually only be brought against the culpable seller.

No-Reliance Clauses and Fraud Carve-Outs

• This summary doesn’t focus on No-Reliance clauses, but it’s important to understand how a fraud carve-out can undermine the efficacy of the provision.
• In most M&A agreements, buyers specifically acknowledge that they’re not relying on any statement made by the sellers or anyone acting on the sellers’ behalf other than the reps in the written acquisition agreement itself.
• The idea is that the parties have carefully negotiated the scope of what the seller agrees to stand behind, and they’ve put that in writing in the acquisition agreement.
  • The seller doesn’t want to find out later that the buyer was instead relying on a statement made in a management presentation or a negotiation session even though those statements weren’t included in the written reps in the agreement.
• Since a required element of common-law fraud is justifiable reliance by the buyer, a No-Reliance clause can prevent any argument that the buyer relied on reps made outside of the contract.
• A fraud carve-out can undermine the efficacy of the No-Reliance clause. For example:
  • Leaving fraud undefined could be interpreted to mean that both types of statements—those in and outside of the agreement—are included, despite a No-Reliance clause.
  • Or if the parties include the fraud carve-out in the No-Reliance clause itself, it could be argued that they intend for both contractual and extra-contractual fraud to be an exception to no-reliance.
• If the express purpose of the No-Reliance clause is to eliminate all fraud claims that are based on extra-contractual statements by expressly disclaiming reliance upon any such statements, it doesn’t make sense to carve out fraud from the reach of the No-Reliance clause.
  • So to avoid this pitfall and any other ambiguity, the parties usually define fraud so that it only includes knowingly false statements of fact set forth in the written reps of the agreement.

Judicially Created Fraud Carve-Outs and State Law

• Many states have laws that address the issue of fraud and No-Reliance clauses in acquisition agreements.
• For example, Delaware law, which is the governing law in most acquisition agreements, imposes a judicially created fraud carve-out in every acquisition agreement, regardless of any other contractually bargained-for carve-outs.
  • So if an agreement governed by Delaware law has no fraud carve-out and a fully effective No-Reliance clause which eliminates all extra-contractual fraud claims, the Exclusive Remedy provision would eliminate all fraud claims based on the written reps.
    • The exception would be when the seller itself knowingly makes a false statement in the agreement’s written representations.
  • In other words, under Delaware law, even if the parties don’t include a fraud carve-out in the exclusive remedies provision, a buyer could still bring a tort- based claim if they believe the seller knowingly lied in the written reps.
• When a fraud carve-out is included in an agreement governed by Delaware law, the seller will want to make sure to include well-defined limits.
  • Otherwise the contractual fraud carve-out could increase the seller’s exposure well beyond the public-policy carve-out and potentially undo the carefully negotiated limitations on liability.
• Other jurisdictions have different views on these issues.
  • In Massachusetts and some other jurisdictions, No-Reliance clauses are ineffective in the face of almost any type of fraud except claims based on negligence.
  • Other jurisdictions have similar limitations on the effectiveness of No- Reliance and exclusive remedy provisions.
• Because state law can impose liability where the parties don’t intend there to be any, it’s important to familiarize yourself with the relevant laws of the governing jurisdiction before negotiating these issues.

The rest of the video includes interviews with ABA M&A Committee members Glenn West from Weil, Gotshal & Manges LLP and Tali Sealman from White & Case LLP.

Download a copy of this summary here.

As artificial intelligence (“AI”) becomes more prevalent in business processes and service delivery across industries, it is increasingly important for M&A buyers to familiarize themselves with the legal nuances associated with the use of AI technologies. In this article, we explore seven key areas of inquiry for an M&A buyer when conducting legal due diligence on a target company that uses AI in its operations.

1. Type of AI used and how the target is using it

AI can be used for a wide variety of functions and applications. At the outset, it is important to understand what types of AI tools, systems, models, and technologies the target company is using, the provenance of such technologies (e.g., are they proprietary or licensed from a third party?), and how they are being used. Are they used internally only or in the delivery of products or services? Will they be business-to-business and/or consumer-facing? The answers to these questions will inform due diligence strategy and assist M&A buyers in assessing the target company’s risk profile.

Further, AI is not one type of technology. Generative AI—AI that creates new synthetic content or data, like text, images, audio, video, and source code, after being trained on large datasets and often using large language models—has caught the attention of the world, but it is only one of many kinds of AI. Deal team members should identify the types of AI being used by the target company and develop a tailored due diligence plan to understand the legal implications of the target’s AI-enabled operations and offerings.

2. How the AI is trained and rights to input data

Most AI technologies (including generative AI) require access to large datasets in order to train the AI’s “foundation models.” If the target company uses AI technology provided by a third-party vendor, the M&A buyer will need to diligence the vendor contract or applicable terms of use to analyze both the commercial arrangement between the target company and vendor and how the vendor’s AI technologies were trained (e.g., using what datasets accessed with which rights). Where the target company is providing protected, confidential, proprietary, or otherwise commercially sensitive information or data (e.g., personal data) to the third party, whether to further train or fine-tune such AI technology or via prompts (i.e., queries), buyers should also assess how the target company has addressed risks associated with this. For example, they should consider how the vendor contract permits the vendor to use such information and data, how the vendor is required to secure and protect the information and data (including retention and deletion obligations), and what guarantees (if any) the target company is making with respect to such inputs. Analyzing the nature and source of the training data (including any associated rights and other disclosures or consents) may also be warranted when the target company is training its own proprietary AI models. As further discussed in Section 6, legal obligations with respect to data protection laws and regulations still apply (despite the evolving regulatory landscape of AI regulation—see Section 7).

3. Rights to the AI-generated output

Where a target uses generative AI to create outputs, the M&A buyer should diligence the materiality of those outputs on the target’s business and whether they can be protected against third-party use. For example, consider whether the AI tool and outputs will be used internally only, whether the target company or possibly even the M&A buyer may wish to incorporate the AI technology or AI-generated outputs into its own products and services, and whether the value of the target company is dependent on having exclusive rights to (or the ability to exclude others from using) the AI-generated output. Moreover, where third-party AI is used by the target company, vendor contracts should also be analyzed to confirm whether the target company has the necessary rights to use the AI technology and its outputs—both pre-acquisition in its current business (e.g., commercially) and post-acquisition as the M&A buyer intends to use them.

Copyright and patent laws in the majority of jurisdictions (including the US, UK, Australia, and Europe) do not currently protect works or inventions created solely by AI. Accordingly, if AI-generated outputs comprise all or a part of any material assets or operations of the target company, it will be important to determine to what extent there was human involvement in their creation, what intellectual property rights the target company may have to them, and what other measures the target company has taken to protect them (e.g., contractual protections). Buyers should also undertake a review of the contractual terms applicable to such outputs (whether under the vendor terms or the commitments the target company itself may be making with respect to the AI-generated outputs).

4. Risk allocation

If the target company uses AI-enabled tools or technologies—whether proprietary or from a third party—on a commercial basis, the M&A buyer should carefully assess the potential risk associated with use of the AI or its outputs, including review of any applicable vendor contract to understand how such risk is allocated.

For example, if the AI model was trained on copyrighted works, the model could reproduce copyrighted material in its output. Many vendors have started providing certain contractual protections and indemnifications in this regard. As another example, if the target company relies on a third-party AI tool to deliver products or services to its customers and the AI tool malfunctions (e.g., hallucinates in a chatbot context), the target company may be in breach of commitments it has made or be liable for any harm or damage resulting from its customers’ use of erroneous outputs. From an M&A buyer’s perspective, it is therefore important to understand the scope of the target’s (and vendor’s, if applicable) warranties, limitations of liability, and indemnification obligations, as well as its creditworthiness. In addition, an M&A buyer should also review insurance policies the target is carrying that could cover potential instances of third-party claims.

5. Protection of proprietary AI technology

If the target company developed the AI tool and it confers a competitive advantage or is otherwise material to the target company’s business, the M&A buyer should seek to understand how the company aims to protect the AI technology from use by others. This inquiry will often be similar to due diligencing other proprietary intellectual property of the target company, including reviewing policies and procedures, employment and contractor agreements, location of development, etc.

Under intellectual property laws in the United States, AI technologies may be protectable through patent, copyright, and trade secret laws. The US Patent and Trademark Office recognizes AI as a class in its patent classification system, but given the nature of AI inventions, there are challenges to satisfying the subject matter eligibility and enablement elements required for patent protection. Copyright protection may be available, but only to certain aspects of the AI model (e.g., original expression of source code), and the visual elements of an AI system may be protectable, but functional aspects (like algorithms) are not. So, often, AI models are best protected as trade secrets. As a result, acquirers should confirm that the target company has taken reasonable measures (including reasonable legal, physical, and technological measures) to protect and maintain the secrecy of its AI models, including maintaining reasonable information security policies and procedures, as well as securing appropriate nondisclosure agreements from personnel and third parties with access to the information. Using reasonable measures to protect the secrecy of a trade secret is not just a legal requirement to maintain a trade secret’s protected status under US law but also an operational safeguard to ensure trade secret information does not (directly or indirectly) fall into the wrong hands.

6. Cybersecurity and data privacy considerations

If personal information or other regulated information is used by the target in connection with its AI technology use, diligence should include a review of at least the following: the target’s data privacy policies and cybersecurity practices; whether the target’s AI technology use is consistent with applicable privacy policies, law, and regulation; where such data or information is stored; the security measures in place to safeguard against breach; and insurance coverage applicable to breaches. In the US, there are many state comprehensive privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act.^[1] In addition to comprehensive privacy laws, there are sectoral laws that are relevant to privacy and AI, including the Biometric Information Privacy Act in Illinois that covers the use of biometrics and has extremely high penalties. The target should be able to describe the nature of the relevant data and how the target obtained it, as well as applicable contracts, user consents, or disclosures governing such data (including compliance with any use restrictions that apply to the data), as applicable.

If the AI technology has been provided by a third party, not only will the target’s practices be relevant, but vendor contracts or applicable terms of use should also be reviewed to ensure there are appropriate vendor obligations addressing data privacy (see Section 2) and cybersecurity.

If the target company operates across different jurisdictions, then inquiries should also be made about the measures the target takes to comply with cross-border data transfer requirements. If the target uses training data sourced from multiple jurisdictions, the M&A buyer should confirm that the cross-border data transfers conformed to established compliance standards and protocols.

7. Compliance support and the changing regulatory landscape

As described above, acquisition of AI-enabled M&A targets involves nuanced legal considerations. In addition, the regulatory landscape with respect to AI is rapidly evolving; for example, Europe reached political agreement on the EU’s AI Act on December 8, 2023, and US President Joseph Biden issued an executive order on “safe, secure and trustworthy” AI use on October 30, 2023. The frameworks, regulations, and legislation being introduced or discussed around the world involve varying approaches, such as differing definitions of AI, targeting slightly different issues, and differing approaches to enforcement and liability. M&A buyers should consider what systems and processes the target company has in place to oversee its use of AI and the challenges posed by such technologies (e.g., systems to identify and minimize bias and to ensure safety, transparency, and human oversight). They should also consider what representations the target company is making about its AI usage.

Some major frontier AI companies have spent tremendous resources and built strong teams to tackle the challenges of compliance with regulatory requirements and to address ethical issues arising from the use and development of AI. Accordingly, it is important to examine the target company’s organizational supports and systems to not only comply with, but also to be able to adapt to, the evolving regulatory landscape, and to address existing and future regulatory compliance.

James Hu is a corporate partner at White & Case LLP, Karl Gao is the Vice President & Global General Counsel of NIO, and Yixin (Yish) Gong is a technology transactions partner at White & Case LLP. Hope Anderson, Burr Eckstut, Arlene Hahn, and Erin Hanson, partners of White & Case LLP, also contributed to this article. Any views expressed in this publication are strictly those of the authors and contributors and should not be attributed in any way to White & Case LLP or NIO.

1. Additional state comprehensive privacy bills have been proposed and others have passed and will be coming into effect. ↑