Since the outbreak of the COVID-19 pandemic, there has been a wave of cases in Canada and the United States where buyers have sought to walk away from an acquisition.[1] In justifying their decision not to close, buyers have invoked material adverse effect (“MAE”) clauses and covenants to carry on business in the ordinary course. The recent decision of the Ontario Superior Court of Justice in Fairstone Financial Holdings Inc. v. Duo Bank of Canada has established an important Canadian precedent for the interpretation of these commonly-found provisions in M&A transaction agreements. Interestingly, around the same time, the Delaware Court of Chancery released its AB Stable VIII LLC v. MAPS Hotels and Resorts One LLC decision, which also centered on a purchaser’s right to abandon an M&A transaction in the face of COVID-19. Since these types of disputes are typically settled before trial, these decisions offer some important takeaways. This article primarily focuses on the Fairstone decision and then compares it to the Court’s analysis in AB Stable.
The Fairstone Decision: Facts
In early 2020, Duo Bank of Canada (“Duo”) won a highly competitive auction to purchase Fairstone Financial Holdings Inc. (“Fairstone”), Canada’s largest consumer finance company for near prime borrowers. The share purchase agreement (the “SPA”) was signed on February 18, 2020, with the closing date set for June 1, 2020 and an outside date of August 14, 2020.
At the time of signing, the World Health Organization had already declared that COVID-19 was a “public health emergency” and the mounting pandemic only exacerbated Fairstone’s financial situation over the coming months. Duo ultimately communicated to Fairstone on May 27, 2020 that it would not be closing the transaction on the planned date of June 1, taking the position that it could abandon closing because the MAE clause and the ordinary course covenant had been breached. In response, Fairstone brought an application for specific performance.
Did the COVID-19 Pandemic Constitute an MAE?
The SPA included a closing condition that no MAE could occur between signing and closing. The definition of MAE in the SPA was fairly typical. It included any fact, circumstance, condition or occurrence that has (or would reasonably be expected to have) a material adverse effect on Fairstone’s business, operations, or condition (financial or otherwise). The definition then went on to identify a number of carve-outs; that is, circumstances or events that would be deemed not to be an MAE under the SPA. The carve-outs included:
worldwide, national, provincial, or local conditions or circumstances, including emergencies and crises;
changes in the markets or industry in which Fairstone operates; and
the failure of Fairstone to meet any financial projections.
The first two carve-outs were further subject to a disproportionate effects exception whereby the carve-out would not apply (and thus an MAE would occur) if the carve-out event had a materially disproportionate adverse impact on Fairstone compared to other players in its industry or market.
The Court ultimately found that although Duo had met its burden of proof to establish that there was an MAE, all three of the carve-outs applied and none of them had a materially disproportionate adverse impact on Fairstone relative to others in the industry or market. Accordingly, an MAE did not occur and the no MAE condition was satisfied.
The decision sheds light on several important considerations for the interpretation of MAE provisions:
Issues of timing were clarified. The Court agreed with Fairstone that August 14, 2020, the outside date by which the transaction was to close, was the appropriate date to assess whether an MAE had occurred. Duo had argued that May 27, 2020 – the date that it gave notice that it would not close – was the appropriate date. The “outside date” was chosen by the Court because Duo made the strategic decision not to terminate the SPA before then to avoid a potentially significant damages claim by Fairstone and to reserve its ability to close. Had Duo formally terminated the SPA, the termination date would have been the proper assessment date.
A second timing-related issue addressed by the Court was the question of how far into the future a court should look to determine if a condition is reasonably expected to constitute an MAE. While the answer to this question will depend on the circumstances of the case, the Court underscored that the forward-looking period cannot be indefinite and the nature of the business to be acquired will play a role in this determination.
Delaware case law can be influential in Canada, eh. Justice Koehnen affirmed the principle that MAE clauses are to be interpreted from the perspective of the party for whose benefit they were granted. He cited with approval case law from Delaware that sets out three requirements for an MAE:
an event that is unknown when the agreement is signed;
which is a threat to overall earnings potential; and
which has “durational significance”.
Of particular interest, the Court concluded that while the existence of the pandemic was known at the time the SPA was signed, the effect of the pandemic was not. The effect was, therefore, the unknown condition.
MAE clauses are not meant to protect purchasers against systemic risks. In finding that each of the three carve-outs applied, Justice Koehnen adopted a broad interpretation that supported the principle that MAE clauses are intended to allocate systemic risks to the purchaser, whereas company-specific risks are borne by the seller. Against this backdrop, the findings further highlighted that the MAE clause could have been drafted in a way that better protected the purchaser from exogenous risks like a pandemic, however the Court made a point not to afford either party protections they could have had but did not bargain for.
Were Fairstone’s responses to COVID-19 ordinary course?
The second issue the Court considered was whether Fairstone breached the ordinary course covenant, which required Fairstone to operate the business in the ordinary course between the signing of the SPA and the closing date. “Ordinary Course” was defined in the SPA as an action consistent with past practices and taken in the ordinary course of the normal day-to-day operations. The only way that Fairstone could forego this obligation was to obtain the consent of Duo, which could not unreasonably withheld.
Duo argued that Fairstone took various steps in response to the pandemic that violated the ordinary course covenant, namely that Fairstone made changes:
to its branch operations;
its collection process;
its employment policies;
its expenditures; and
its accounting methods.
The Court disagreed and made the following key holdings in reaching this conclusion:
The interpretation of the ordinary course covenant warrants a contextual analysis. The Court rejected Duo’s submission that Fairstone’s conduct during the pandemic ought to be compared to its conduct before the pandemic. Instead, a contextual approach was applied whereby the Court found that in the face of an economic contraction, it was more appropriate to look at what Fairstone had done in similar economic circumstances or what other businesses were doing. Although it was deemed in the ordinary course of any business to respond to economic downturns, the magnitude and the duration of the response factored into the Court’s analysis. The Court concluded that, in response to an economic contraction, if a business takes prudent steps that have no long-lasting effects and do not impose any obligations on the purchaser, such steps fall within the realm of ordinary course operations.
The purpose of the ordinary course covenant is to protect a buyer against company-specific risks and moral hazard. The Court’s interpretation of the ordinary course covenant in light of this purpose sought to evaluate whether Fairstone’s conduct was pursued in good faith for the purpose of continuing the business, as opposed to changing it. The Court found that none of the actions taken by Fairstone in response to the pandemic fundamentally changed its business. Fairstone’s responded to the pandemic with the aim of preserving normal operations, as much as possible. Conversely, if a seller is responding to economic challenges that are unique to the target business or is behaving opportunistically, then a Court will be hard-pressed to find that such conduct falls within the ordinary course.
Obtaining the purchaser’s consent to operate outside of the ordinary course may not be required if withholding such consent would be unreasonable. The SPA allowed Fairstone to operate outside of the ordinary course if it obtained prior written consent from Duo, which Duo could not withhold unreasonably. The Court found that Fairstone did not need to seek Duo’s consent because it was operating within the ordinary course. However, the Court went further and determined that even if Fairstone’s conduct fell outside of the ordinary course, Duo would have had to provide its consent because it would have been unreasonable to withhold consent in the circumstances. The inclusion of a reasonableness standard left it to the Court to ultimately decide whether or not obtaining the purchaser’s consent was just a legal formality. It remains to be seen how similar clauses will be interpreted in subsequent decisions.
A different approach in AB Stable
The AB Stable litigation stemmed from a September 2019 agreement of Mirae Asset Financial Group (“Mirae”) to acquire Strategic Hotels & Resorts (“Strategic”), a luxury hotel portfolio. The transaction was set to close in April 2020; however, Mirae provided notice to the seller, a subsidiary of Anbang Insurance Group (“Angbang”), that it was not required to close. Mirae asserted that Strategic’s business had suffered an MAE due to COVID-19 and Angbang had breached its covenant to ensure Strategic continued to carry on its business in the ordinary course between signing and closing by reason of the changes that Strategic made to its business to respond to the COVID-19 pandemic. Angbang sued Mirae to compel it to close.
Vice Chancellor Laster found that the COVID-19 pandemic did not result in an MAE on the target business because the consequences of the pandemic fell within the plain meaning of the carve-out to the MAE definition for “natural disasters and calamities.” However, the Vice Chancellor found that Angbang made significant changes to Strategic’s business to respond to the pandemnic and that these changes were not undertaken in the ordinary course of business, in breach of Angbang’s covenant in the merger agreement to operate Strategic’s business in the ordinary course between signing and closing. As result of that breach, Mirae could avoid closing.
Below is a summary of critical findings from the decision and how they compare to the Ontario Court’s approach in Fairstone:
Baseline assumptions of risk allocation warrant a broad interpretation of the MAE clause. Because the structure of a typical MAE definition (as described above in the Fairstone SPA) shifts systemic risks to a purchaser, it made sense to read the “calamity” exception as shifting the systemic risk of a global pandemic to Mirea. This reasoning supported the Court’s rather expansive interpretation of the plain meaning of “calamities” and it mirrors the broad reading of MAE carve-outs taken by the Court in Fairstone. Both decisions also suggest that deviations from the underlying assumptions of risk allocation should, therefore, be explicit.
The Delaware Court’s analysis of the ordinary course covenant largely relied on the specific contractual language in the merger agreement. In response to COVID-19, Angbang took various actions that included closing hotels, severely limiting operations of other hotels, and reducing its staff. While acknowledging that these changes were “reasonable responses to the pandemic,” the Court viewed inclusion of the word only in the ordinary course covenant – i.e. Strategic was to conduct its business “only in the ordinary course consistent with past practices” (emphasis added) – as creating a standard that looked exclusively at how the target business was operated before and after entering into the merger agreement. The Court in AB Stable rejected the kind of contextual analysis undertaken by the Ontario Court in Fairstone and concluded that the steps taken by Angbang “departed radically” from Strategic’s routine operations. The AB Stable decision highlights that the flexibility to respond to extraordinary events must be drafted into the ordinary course covenant, whereas the Ontario Court’s analysis in Fairstone imported a degree of flexibility in its analysis.
“Compliance with the notice requirement is not an empty formality.” Vice Chancellor Laster stated these words in support of his finding that Angbang was obligated to seek Mirae’s consent before operating outside of the ordinary course. The Court explained that notice allows a purchaser to protect its interests, such as proposing reasonable conditions to providing consent. Accordingly, if a purchaser’s consent is not granted, then a seller’s recourse is to sue the purchaser for unreasonably withholding its consent. This approach is in stark contrast to the conclusion reached by the Ontario Court in Fairstone where it held that in the circumstances, actions taken by the target in response to the pandemic, the purchaser could not have reasonably withheld its consent even if the seller had deviated from the ordinary course.
Conclusion
These decisions provide important guidance for Canadian and American M&A practitioners negotiating MAE clauses and ordinary course covenants. They are significant because in each respective jurisdiction, a court had not previously opined on this subject matter in the context of COVID-19. The Fairstone decision is also the first Canadian decision that approvingly cites a string of modern Delaware cases that generally have been viewed as being pro-seller.
The Court in Fairstone ultimately ordered the purchaser to specifically perform the SPA, and the purchaser completed the acquisition on January 5, 2021. Remedies were therefore not a major point of contention and we will have to wait for further Canadian judicial guidance on this point. Conversely, the Court in AB Stable ruled that the purchaser was entitled to a return of the deposit it paid plus interest, in accordance with the terms of the transaction agreement.
[1] John F. Clifford is a partner (and head of the Business Law/M&A Group) and Mikolaj Niski is as associate in the Toronto office of McMillan LLP.
A recent[1] ABA ethics opinion addresses conflicts arising out of a lawyer’s personal relationship with opposing counsel under Rule 1.7(a)(2) of the Model Rules of Professional Conduct. That Rule prohibits a lawyer from representing a client without informed consent if there is a significant risk that the representation of the client will be materially limited either by a lawyer’s responsibilities to others (another client, a former client, a third person) or by a personal interest of the lawyer.
Formal Opinion 494 (“Op. 494”) considers the latter in the context of personal relationships with counsel representing different clients in the same or related matters. The point of departure for this examination is Comment [11] to the rule, which observes that when opposing counsel are related by blood or marriage, “there may be a significant risk that client confidences will be revealed and that the lawyer’s family relationship will interfere with both loyalty and independent professional judgment.”
The opinion expressly relies upon—and derives these categories from—an opinion issued a year earlier, Formal Opinion 488, dealing with judicial disqualification or recusal[2] based on a judge’s social or close personal relationships with lawyers or parties. This weakens Op. 494, as analogy to judicial ethics is not entirely apposite: Judicial disqualification under Rule 2.11 of the Model Code of Judicial Conduct arises when a judge’s impartiality “might reasonably be questioned.”[3] The judiciary’s authority and persuasiveness are dependent upon public trust and confidence in the fairness, integrity, and impartiality of judicial officers, in fact as well as in appearance.[4] Indeed, the importance of such public perceptions is emphasized on the very first page of Formal Opinion 488.
In contrast, practicing lawyers are not supposed to be impartial, either in fact or in appearance; on the contrary, lawyers have an ethical obligation to be zealous advocates of their clients’ interests. In fact, the “appearance of impropriety” as an ethical paradigm, which was included in Canon 9 of the ABA Model Code of Professional Responsibility,[5] has since been firmly repudiated, primarily because it was too vague a standard to be enforceable. The Restatement observed that this standard did not “give fair warning of the nature of the charges to a lawyer respondent” and “subjective and idiosyncratic considerations could influence a hearing panel or reviewing court in resolving a charge based only on it.”[6] The Ethics Committee conceded the point in 1975,[7] as did the ABA when adopting the Model Rules.[8]
Despite the unsuitability of the analogy to judicial disqualification, it does seem sensible to try to identify bases for distinguishing different types of relationships with other lawyers that might give rise to a conflict of interest and identifying those that are waivable by client consent.
Op. 494 divides such relationships into three categories: intimate relationships, friendships, and acquaintances.[9] Ascertaining which of these three characterizes a relationship with opposing counsel will help to determine whether a conflict exists. If it does, the lawyer may still be able to continue the representation under Rule 1.7(b)(1) and (b)(4), provided “the lawyer reasonably believes that the lawyer will be able to provide competent and diligent representation to each affected client” and “each affected client gives informed consent, confirmed in writing.”
Intimate relationships include marriage, engagement to be married, or an exclusive romantic attachment. Intimate but non-exclusive relationships are more difficult to characterize and require a more nuanced judgment by the lawyers involved. Lawyers cohabiting in an intimate relationship are treated pari passu with married couples.
Friendships “may be the most difficult category to navigate.” The opinion strikes the balance this way: Close friendships (routine socializing, vacationing together, exchanges of gifts) should be disclosed, and informed consent should be obtained; professional friendships (law school classmates, former professional colleagues) need not ordinarily be disclosed, but even if, out of an abundance of caution, disclosure is advisable, informed consent need not be obtained.
Acquaintances are described as “relationships that do not carry the familiarity, affinity or attachment of friendships.” Examples include individuals whom the lawyer sees at social or professional gatherings, such as a professional organization or a church, but with whom there is no “close personal bond.” These need not ordinarily be disclosed and do not require client consent. The opinion notes, however, that disclosure “may be advisable to maintain good client relations” and may help explain to the client that the relationship may actually benefit the representation “because the lawyers can work collegially.”
While certainly useful for promoting awareness of what constitutes a personal interest conflict in the context of relationships with other lawyers, Op. 494 fails to elaborate a clear mental process for lawyers to detect and resolve these personal interest conflicts.
In this author’s opinion, a sensible approach would be to start by asking whether the risk is significant that the lawyer’s relationship with other counsel would materially impair professional judgment in representing each affected client. If not, then there simply is no conflict of interest. If so, then the self-assessment morphs to whether the lawyer “reasonably believes” that he or she can nonetheless “provide competent and diligent representation to each affected client.” (Recall that “reasonably” and “reasonably believes” are defined terms in Model Rule 1.0). If the answer to that question is affirmative, then the lawyer should disclose the relationship and obtain informed consent in writing, but, if negative, then it seems the conflict is not curable by consent, and the lawyer cannot ethically represent the client in the matter.
Finally, if a lawyer is disqualified by a personal relationship conflict, what about that lawyer’s partners and associates? Unlike conflicts involving current and/or former clients, personal interest conflicts are not automatically imputed to others in the conflicted lawyer’s firm. In that situation, Model Rule 1.10(a)(1) would not impute the conflict if the personal interest “does not present a significant risk of materially limiting the representation of the client by the remaining lawyers in the firm.”
[1] Formal Opinion 494, though dated July 29, 2020, was not actually released until October 7, 2020.
[2] Strictly speaking, “recusal” traditionally refers to a judge’s withdrawal from a case sua sponte, while “disqualification” refers to the motion of a litigant asking the judge to step down. See, e.g., Forrest v. State, 904 So.2d 629, 629 n.1 (Fla. App. 2005) (noting that “[r]ecusal is the process by which a trial court voluntarily removes itself, while disqualification is the process by which a party seeks to remove a judge from the case”). In many jurisdictions, however, this distinction has not been observed or the two terms have been conflated. See, e.g., Hendrix v. Sec’y, Fla. Dept of Corrections, 527 F.3d 1149, 1152 (11th Cir. 2008) (using the terms interchangeably); Advocacy Org. v. Motor Club Ins. Ass’n, 472 Mich. 91, 97 (2005) (Weaver J., concurring) (observing that recusal is the “process by which a judge is disqualified on objection of either party (or disqualifies himself or herself) from hearing a case.”). Cf. John P. Frank, Disqualification of Judges: In Support of the Bayh Bill, 35 Law & Contemp. Probs. 43, 45 n.7 (1970) (observing that amendments to the federal disqualification statute, 28 U.S.C. § 455, have rendered the term “recusal” obsolete). The ABA’s 1972 Code of Judicial Conduct and subsequent versions have used the term “disqualification” to mean both withdrawal sua sponte and upon motion of a party.
[3] This is the current default standard in the Model Code of Judicial Conduct and has been adopted in nearly all the states. Forty-five states have actually adopted it virtually in haec verba. (It is also the federal standard. See 28 U.S.C. § 455(a)).
[4]Canon 1 of the Model Code of Judicial Conduct expressly requires judges to avoid impropriety and the appearance of impropriety.” “Appearances matter because the public’s perception of how the courts are performing affects the extent of its confidence in the judicial system. And public confidence in the judicial system matters a great deal . . . public confidence in our judicial system is an end in itself.” American Bar Ass’n, Justice in Jeopardy: Report of the Commission on the 21st Century Judiciary 10 (2003).
[5] Canon 9 provided, “A lawyer should avoid even the appearance of professional impropriety.”
[6] Restatement (Third) of the Law Governing Lawyers § 5(c) (2000).
[7]See Formal Opinion 342, n.17, reprinted in 62 A.B.A. J. 517 (interpreting the appearance standard and characterizing it as “too vague to be useful”).
[8] “In the context of private practice, the test has no apparent limits except what a particular tribunal might regard as impropriety. . . . [S]uch a standard is too vague and could cause judgments about the propriety of conduct to be made on instinctive, ad hoc, or ad hominem criteria.” ABA Comm. on Evaluation of Model Rules of Prof’l Conduct 53 (Prop. Final Draft 1981).
[9] Formal Opinion 488 used a slightly different spectrum: “(1) acquaintanceships, (2) friendships, and (3) close personal relationships.” The latter included not just romantic relationships but also situations where a romance was not existing but desired, former romantic interests (e.g., a judge divorced from a lawyer where the two remain in communication because, for example, they share custody of children), and godparents. Despite Op. 494’s reliance on Formal Opinion 488, the former inexplicably does not consider the latter’s example of divorced couples sharing custody of their children.
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR)1 came into effect, replacing the EU’s 1995 Data Protection Directive.2 With the aim of modernizing and harmonizing the patchwork of laws across the European Union, the GDPR strengthened the protection afforded to data that identify individuals under the Data Protection Directive and clarified a number of key principles. Most notably, the GDPR extended the territorial reach of European data privacy law to organizations outside of the EU. For the first time, numerous U.S. companies would be directly subject to European data privacy law and therefore obliged to comply. In addition, the GDPR introduced tough new penalties, threatening organizations with fines of up to €20 million or 4 percent of global revenues for the most serious breaches. This led companies across Europe and the world to focus on bringing themselves into compliance and to build new processes and functions to respond to greater regulatory responsibilities, coupled with an increased awareness among data subjects of their rights under the GDPR.
In its first progress report, published two years after the GDPR took effect,3 the European Commission in June 2020 highlighted a number of improvements brought about by the GDPR, including a level playing field for businesses across Europe, a greater awareness of citizens’ rights, and the GDPR’s flexibility to adapt to new technology. The Report concluded that “the GDPR has successfully met its objectives of strengthening the protection of the individual’s right to personal data protection and guaranteeing the free flow of personal data within the EU.”4
This article addresses some of the most significant compliance issues under the GDPR and how these have evolved since the GDPR came into effect, some of the most notable cases applying the GDPR, and practical points that U.S. companies should consider.
The Importance of Consent
The GDPR states that personal data may not be “processed,” such as collecting, storing, and transmitting personal data, unless at least one of six legal bases is met.5 One of those legal bases is whether the “data subject,” or individual, “has given consent.”6 Consent has drawn a lot of attention over the last couple of years as it was previously a commonly used mechanism to enable the processing of personal data. Obtaining consent under the GDPR is now more challenging in practice due to stricter conditions than those set out in the Data Protection Directive.7 The “controller,” which is the entity or organization that decides the purpose and means of processing personal data,8 is responsible for compliance with the requirement to ensure personal data are legally processed, along with the other principles relating to the processing of personal data described in Article 5 of the GDPR (and other requirements of the GDPR).
“[C]onsent can only be an appropriate lawful basis if a data subject is offered control and is offered a genuine choice with regard to accepting or declining the terms offered or declining them without detriment,” according to the European Data Protection Board (EDPB), an independent body, consisting of representatives from each EU country, whose purpose is to ensure the GDPR’s consistent application across Europe.9 This is important not least because of the increasing prominence of consent for particular processing activities in the digital age, such as in the areas of new technologies and cookies.
Since the GDPR came into effect, the objective of increased transparency has been strongly emphasized in various guidelines published by European data protection authorities and the EDPB. A prerequisite to obtaining valid consent is that the data subject must be informed about the processing for which consent is being obtained.10 According to Article 4(11) of the GDPR, the controller must be able to demonstrate that consent of the data subject was freely given, specific, and informed and an unambiguous indication of the wishes of the data subject, in which the data subject, either by a statement or by a clear affirmative action, signifies agreement to his or her personal data being processed. If there is insufficient transparency, the data subject’s consent will not be deemed valid.
The link between transparency and consent has been a pivotal issue in the much noted and discussed ruling by the French data protection authority—Commission Nationale de l’Informatique et des Libertés (CNIL)—against Google LLC.11 In June 2020, France’s highest administrative court, the Conseil d’État, confirmed the ruling.12 The ruling sanctioned Google with a €50 million fine for failure to comply with the GDPR requirements on transparency, adequate information, and valid consent for ad personalization. As of this article’s publication, this is the largest European fine confirmed as final and not subject to appeal.
In this important ruling, the CNIL referred to Articles 12 and 13 of the GDPR.13 These articles require the controller to take appropriate measures to provide specific information to data subjects about the controller’s processing activities “in a concise, transparent, intelligible and easily accessible form, using clear and plain language.”14 The specific information required to be provided is listed in Article 13 of the GDPR and includes the identity of the controller, the purposes of the processing, the legal basis for the processing, the recipients of the personal data, and other information necessary to ensure fair and transparent processing. The CNIL made it clear that the information provided by the controller to data subjects must put individuals in a position to determine in advance the scope and consequences of the processing so that their data are not used in ways that they are not expecting.15 The CNIL determined that, when providing information to data subjects using a layered approach—such as giving a short initial notice containing key information and then including links to additional layers of information covering more detail—the most relevant information (including the scope and extent of purposes of the data processing) must be provided in the very first layer.16
A related and important issue arising in the context of online advertising was noted by the Conseil d’État. It found that in order to obtain a valid consent for personalized ads, Articles 4(11), 6, and 7 of the GDPR—articles covering the definition of consent, the lawful bases of processing, and the conditions for consent, respectively—prohibit collection of the data subject’s consent by way of a pre-checked checkbox.17 It also noted that for the consent to be deemed valid the data subject must be provided with all adequate and sufficient information, and that the main information must be made available to the data subject up front, in the first layer of information.18 Furthermore, the Conseil d’État found it improper to seek consent as part of the overall acceptance of general terms and conditions for using a service because the request for consent is not clearly distinguished from the overall acceptance of the general terms and conditions, as required by Article 7(2) of the GDPR.19
When the GDPR came into effect, one of the initial challenges to assessing whether consent was valid arose because certain processing activities fell under both the GDPR and the Privacy and Electronic Communications Directive 2002/58/EC on Privacy and Electronic Communications (ePrivacy Directive)—a 2002 EU directive on data protection and privacy in the digital age. However, in October 2019, the Court of Justice for the European Union (CJEU)—the European Union’s highest court—handed down an important decision concerning how consent to process personal data and use cookies may be obtained on the internet.20 The CJEU ruled that consent is invalid under the ePrivacy Directive if it is given by means of opt-out boxes that users must uncheck in order to refuse consent.21 The CJEU also pointed out that user consent, as required by the ePrivacy Directive, should be interpreted and read in conjunction with the definition of consent in the GDPR,22 which also means that active consent from the user is required.23 In addition, the CJEU ruled that the aforementioned interpretation of consent should be applied regardless of whether or not the data being stored or accessed from a user’s equipment are personal data.24
This ruling had a significant impact on the use of cookies by companies, and their marketing strategies had to be revised. The CNIL in France has worked with several marketing and advertising firms to find solutions to standardize the vocabulary in cookie banners. Also, the UK data protection authority, the Information Commissioner’s Office, has made clear that it will take a risk-based approach to the requirement of GDPR-level consent for cookies under its enforcement policy.25 Businesses should therefore take particular care in obtaining consent for privacy-intrusive cookies such as those used for behavioral advertising or sensitive personal data collection.
From a practical perspective, the implications of both the aforementioned judgments as well as guidance published by European data protection authorities for controllers are as follows:
It is critical that controllers assess their level of transparency from the standpoint of complying with data subjects’ needs, rather than from the perspective of how well it serves the controller’s business;
Data privacy statements should be reviewed regularly to ensure that they provide the level of transparency now expected by data protection authorities and data subjects;
Controllers should carefully assess all of the legal bases described in Article 6 of the GDPR that could be available to ensure that consent is the most appropriate basis for processing and check that the basis on which a controller has been processing personal data in previous years is still accurate, as sometimes this may have changed. Moving from one basis to another presents challenges that are beyond the scope of this article;
If consent is considered the most appropriate basis for processing, then the entire mechanism for obtaining consent, including the information provided to data subjects through layered notices and policies, must be properly reviewed; and
For accountability purposes, controllers should ensure that they adequately record what consents have been provided and to what processing activities and purposes they relate.
The Evolving Concept of Accountability
While largely building on existing principles, the GDPR introduced a new concept of “accountability”—the principle that the controller “shall be responsible for, and able to show compliance with,” the GDPR’s subject matter and objectives.26 This principle requires that, if requested, organizations can demonstrate the steps they took to comply with the GDPR and the effectiveness of those steps. The GDPR therefore requires organizations to not only take responsibility for everything they do with personal data but also actually document how they comply with all obligations enshrined in the GDPR.
In its Report, the EC commended the GDPR, saying that “The GDPR … ensures that all those that handle personal data under its scope of application are more accountable and responsible.”27 Unfortunately, the GDPR does not further specify which measures are necessary to fulfill the accountability requirement. In the course of assessing and then implementing the relevant measures to ensure that GDPR requirements are met, organizations have often interpreted accountability to mean technical and organizational measures, which are already required under the GDPR, including specific measures such as keeping a register of processing activities, making data protection impact assessments, and providing data protection notices. However, as a result of published guidance by European data protection authorities, it has become clear that more documentation is needed than originally thought when companies were initially preparing for the GDPR.
For larger organizations, a new best practice has emerged: adoption of an overall data protection management framework, embedding processes that ensure systematic and demonstrable compliance across the entire organization. Typical measures include:
Robust program controls relating to the material obligations under the GDPR;
Mapping of the organization’s processing operations— and maintenance of an inventory of them—that is regularly reviewed;
Bespoke allocation of data protection responsibilities and implementation of reporting structures;
Appointment of a Data Protection Officer28 when processing is carried out by a public authority or body, the core activities of a controller or processor involve regular and systematic monitoring of data subjects on a large scale, or there is processing on a large scale of special categories of personal data29 or personal data relating to criminal convictions;
Written documentation of internal checks and assessments, including appropriate data protection policies; and
Audit and evaluation processes.
The latter two points are important in practice. European data protection authorities expect that companies can prove that they completed relevant assessments and that these assessments are performed regularly. For example, companies should carry out and thoroughly document an assessment of the circumstances in which they consider that they can lawfully process personal data on the basis that it is in their legitimate interests to do so,30 especially since many European data protection authorities have requested these assessments in administrative proceedings. There have been cases where data protection authorities have sanctioned companies for breaching the accountability obligation, which demonstrates the importance of these process requirements. For example, in its decision dated July 30, 2019, the Greek data protection authority based its €150,000 fine against PwC on a breach of the accountability principle, because the controller allegedly was not able to demonstrate that they had collected valid consents for a certain processing activity.31
Against this background, organizations should reassess whether they have appropriate documentation in place and whether they have implemented a system of regular checks and audits of their data handling practices in order to keep up with stricter accountability interpretation and enforcement by data protection authorities.
Joint Controller Responsibilities
The most significant development in terms of which parties are subject to the GDPR is that of “joint controllers.”32 Guidance from European data protection authorities demonstrates that there are many more circumstances in which the relationship between two parties is likely to be deemed that of joint controllers—rather than a controller and a “processor” or two independent controllers—than many practitioners and commentators anticipated. The importance of this distinction lies in the way that the GDPR places primary responsibility for compliance on the controller—the entity that determines the purposes and means of processing of personal data. The GDPR also allows for a scenario in which two or more controllers jointly determine the purpose and means of processing. Where this is the case, they are classified as joint controllers.
A number of legal obligations flow from the concept of joint controllers, including the requirement for the joint controllers to determine their respective responsibilities for compliance and the obligation to ensure that this arrangement is transparent and that key aspects are made available to the data subjects whose data are being processed.
In addition to guidance, there are also several CJEU cases signalling that more relationships will fall under the joint controller category than once anticipated.
The first was the Fan Page case,33 in which the court found in June 2018 that the operator of a fan page and a social network, Facebook, were both joint controllers with respect to the processing of the personal data of visitors to a fan page hosted on Facebook. The court noted that visitors to the fan page were not warned that Facebook was collecting their personal data with cookies. One takeaway from this case was that a joint controller relationship was possible even if one of the parties—the administrator of the fan page—did not have access to the data that the other party—Facebook—was collecting. The court found the fact that both parties were determining the parameters for data analysis was sufficient for them to be deemed joint controllers.
In the Jehovah’s Witnesses case,34 the court found in July 2018 that a religious community, such as the Jehovah’s Witnesses, is a controller jointly with its members who engage in preaching for the processing of personal data carried out by its members in their door-to-door preaching. The court noted that an entity that exerts influence over the processing of personal data for its own purposes and that participates, as a result, in the determination of the purposes and means of that processing, may be regarded as a controller. As with the Fan Page case, joint responsibility did not require access to the data on the part of both controllers.
Finally, in the Fashion ID case,35 the court found in July 2019 that website operators that incorporate a third-party plug-in—a piece of software that acts as an add-on—on their sites can become joint controllers in the collection and sharing of personal data with that third party. One takeaway from this case was that joint control does not need to span the entire processing cycle for the parties to be joint controllers; it could be limited to certain processing steps.
These cases demonstrate that the CJEU applies a very low threshold for the required level of influence on data processing to categorize companies as joint controllers. Unfortunately, there is still a lack of clear and unambiguous criteria for assessing when a joint controller relationship may exist. In practice, companies should check that key intra-group and vendor relationships are properly assessed to ensure that any joint controller relationships have been identified and responsibilities documented that accurately reflect the processing activities being carried out. They should also review privacy notices to ensure they provide adequate disclosures of any joint controller arrangements.
Ongoing Focus on Security
Security of data processing may not be a new concern in itself, but it has become a major focus area for data protection authorities and therefore a key area of risk for controllers and processors. The introduction of more specific data breach notification duties and other onerous obligations on controllers and processors to implement organizational and technical security measures under the GDPR means that data protection authorities may investigate thoroughly and question organizations’ operations and internal processes. Experience shows that European data protection authorities have started making effective use of their new powers under the GDPR. In fact, there has been a significant number of investigations opened, and fines issued, as a result of an organization notifying a data breach to the data protection authority. In the months following the GDPR’s implementation, data protection authorities reported a sharp increase in data breach notifications received. For example, the Dutch data protection authority, Autoriteit Persoonsgegevens, declared more than 20,000 notifications in 2018 alone. As society increasingly digitizes, security issues are a trend that seems here to stay.
Certain high-profile cases have also hit the press, with the Information Commissioner’s Officer in October 2020 fining Marriott International more than €20 million,36 and in October 2020 fining British Airways more than €22 million,37 in both cases as a result of major data breaches and failure to fulfil data security requirements. There are many other ongoing cases all showing the willingness of data protection authorities to take a more critical view of organizations’ approach to security and to require the application of a genuine information management and classification policy.
The GDPR adopts a technology-neutral approach to data security but stresses the importance of addressing the actual risks in an appropriate manner, by implementing a set of measures ranging from organizational and contractual preparedness, to technical protection and safeguards, logging and documenting incidents, training staff, and raising awareness. For instance, in a recent German case, a health insurance organization that collected data from raffle participants implemented internal guidelines and training to ensure that only those who consented would be contacted for marketing.38 In spite of these measures, data of individuals who had not consented was used for marketing purposes, and the organization’s security measures were found to be insufficient. The German data protection authority wanted to highlight the need to implement better security measures in order to achieve the sought-after result and to turn good intentions into reality. This example shows how far reaching the implications of the security obligations under the GDPR can be, well beyond the straightforward situations of passwords or individuals’ credentials that leak online. Generally speaking, on the enforcement front, the EC’s Report describes the approach as “balanced.” Data protection authorities are making use of a range of their powers and taking into account mitigating factors—such as an organization’s willingness to acknowledge its failures and to work with authorities to fix and remedy breaches—when weighing appropriate enforcement action.
In addressing the ongoing and increased threat to all businesses from sophisticated physical and cyber security attacks, companies should ensure that they implement best-practice security measures and continually review them, together with keeping internal records of policies and procedures. Having well-rehearsed and documented incident management protocols is also essential to identifying and mitigating the impact of any security events. Companies should also carefully scrutinize existing and potential vendors and ensure that they have robust contractual protections in place dealing with ongoing security measures, incident response, and liability.
Enhanced Data Subject Rights
One of the main objectives of the GDPR is to give data subjects control over their own personal data. Since the GDPR came into effect, data subjects have become well aware of their rights through data protection authority awareness campaigns, high-profile data breaches, and numerous email updates to marketing consents and privacy policies. This has ultimately led to an increased number of data subject requests to controllers and complaints to national data protection authorities. According to a recent survey by the EU Fundamental Rights Agency, 69 percent of the population over the age of 16 in the European Union have heard about the GDPR and 71 percent have heard about their national data protection authority.39 Public recognition of data privacy means that companies have suddenly faced an urgent need to implement a more efficient process to address and respond to the exercise of rights by data subjects within the GDPR’s mandated timeframes, which require controllers to respond to requests without undue delay and within one month of receipt of the request.40 Having a streamlined response process not only supports compliance but can also improve customer service, which could give a competitive advantage.
In Spain, the Spanish Data Protection Act41 goes one step further than the GDPR by enshrining additional digital rights under national law to supplement the GDPR. The act includes the express recognition of the right to be forgotten in search engines, social networks, and other similar services (based on the CJEU’s ruling in the Google Spain case42). Following this theme, the EDPB also published recent guidance on the exercise of the right to be forgotten in search engines.43
Companies can take steps to preemptively minimize requests from data subjects, and thus mitigate any costs of resolving those requests, by being fully transparent and providing comprehensive details about their personal data processing activities. It should be noted that companies are usually more exposed to requests and complaints from data subjects (especially in relation to the exercise of the data subject access right) if they include scarce, or the bare minimum of, information about the relevant data processing.
Because the exercise of data subject rights is essentially free of charge under the GDPR (a change for some jurisdictions), there are numerous examples of cases where individuals took advantage of those rights in bad faith to put pressure on a controller in connection with a separate and unrelated dispute. This is a developing trend. In any event, if a particular request is manifestly unfounded or excessive, the controller may (1) charge a reasonable fee (based on the administrative costs of providing the information, communicating, and responding to the request) or (2) refuse to act on the request, albeit guidance from data protection authorities suggests this concept is likely to be narrowly construed. The GDPR clarifies that fees may be charged, in particular, where requests are repetitive. One example is that the GDPR expressly confers on controllers the ability to charge a reasonable fee for any further copies requested by data subjects in the exercise of their data subject access rights.
With respect to the manner in which data subjects may exercise their data protection rights, the GDPR recommends that controllers implement an electronic means of facilitating the exercise of those rights (especially in cases where personal data are also processed by electronic means). In this sense, making standard forms available for data subjects could make the handling and resolution of these requests easier for controllers. However, since data subjects cannot be forced to use any specific form in order to exercise their rights, companies may still need to invest in dedicated teams to handle data subject requests (whatever their form may be) and to ensure GDPR compliance. The creation of dedicated teams has also proven to be favored when dealing with data breaches.
The Current Status of International Data Transfers
As for international data transfers—namely, transfers to a jurisdiction outside the European Union—the GDPR provides for some continuity with the previous regime in terms of legal tools and legal bases for a transfer. The GDPR provides that in the absence of an adequacy decision of the European Commission (and such decisions so far have been given to few jurisdictions, the most relevant of which are Argentina, Canada, Israel, Japan, and Switzerland), companies should take measures to compensate for the lack of data protection in a third country by way of appropriate safeguards for the data subject, unless a specific (but limited) derogation applies. Such safeguards may consist of making use of binding corporate rules, standard contractual clauses adopted by the EC, standard data protection clauses adopted by a data protection authority, or contractual clauses authorized by a data protection authority. Those safeguards should ensure compliance with data protection requirements and the rights of the data subjects appropriate to processing within the European Union. These include the availability of enforceable data subject rights and effective legal remedies, including the right to obtain effective administrative or judicial redress and to claim compensation in the European Union or a third country.
Standard contractual clauses (or model clauses) approved by the European Commission are the most commonly adopted legal instrument to carry out international data transfers. Basically, there are two different contractual types that address the transfer from a European controller (known as the data exporter) to a non-European controller or processor (in both cases, known as data importers).44
European businesses exporting personal data to the United Stated once relied on the EU-U.S. Privacy Shield Framework.45 This was a legal framework designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
Then, the CJEU invalidated the Privacy Shield in the July 2020 case of Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems (Schrems II case).46 The CJEU examined the adequacy of the protection provided by the Privacy Shield, holding that (1) the requirements of U.S. law, and in particular certain programs enabling U.S. authorities to access personal data transferred from the European Union to the United States for national security purposes, result in limitations on personal data protections that are not circumscribed in a way that satisfies EU law requirements; and (2) such U.S. law does not grant data subjects actionable rights before the courts against the U.S. authorities.
Additionally, the CJEU examined the validity of the EC’s Decision 2010/87/EC, which had approved the use of a set of standard contractual clauses for the transfer of personal data to processors in third countries.47 Although the CJEU found that these clauses remain valid, it noted that validity depends on whether such clauses are able, in practice, to ensure compliance with the level of protection essentially equivalent to that guaranteed within the European Union by the GDPR or, if not, transfers of personal data pursuant to such clauses are suspended or prohibited. The CJEU pointed out that the above-mentioned decision imposes an obligation on European companies acting as data exporters and on the data importers in third countries to verify, prior to any transfer—and taking into account the circumstances of the transfer—whether that level of protection is respected in the country concerned. Furthermore, the decision requires the data importer to inform the data exporter of any inability to comply with the standard contractual clauses, and where necessary, with additional safeguards that the parties included to supplement those measures already included in those clauses. As a consequence of such notification, the European data exporter is then obliged to suspend the transfer of data or terminate the clause with the data importer.
The Schrems II case is having a major impact on international data transfers because, in one fell swoop, the Privacy Shield that many businesses relied on for their data transfers was declared invalid while standard contractual clauses now need additional assessments and possible supplementary measures (not specifically identified by the court or any other body, so far).
Any possible approval of additional sets of standard contractual clauses by the European Commission or by the individual national data protection authorities is unlikely in the short term and will require time. Furthermore, it is unlikely that individual data protection authorities will decide to act alone and outside a common framework agreed at the European level.
Companies might look into seeking the approval of European data protection authorities for use of binding corporate rules, which are data protection policies written and adhered to by companies established in the European Union for transfers of personal data outside the European Union within a group of undertakings or enterprises. But this is a procedure that takes time and is costly, and therefore it is not an immediate solution for companies that may be seeking to implement a solution in the next few months in response the Schrems II case. Furthermore, even the use of binding corporate rules must be assessed on a case-by-case basis by companies using them. Companies must make an assessment taking into account the circumstances of the transfers and supplementary measures (as referred to above in connection with standard contractual clauses) put in place to ensure that U.S. law does not impact the adequate level of protection that the binding corporate rules guarantee.
The invalidation of the Privacy Shield and broader impact of the Schrems II case on other data transfer mechanisms as described above is serious, not least because the alternative limited derogations for international transfers under the GDPR only apply in specific situations and because no grace period has been given for organizations to implement alternative data transfer mechanisms. Furthermore, the data protection authorities have begun to receive complaints about international data transfers allegedly in breach of the Schrems II case. Companies are therefore strongly advised to promptly review their international data flows and start taking appropriate action, especially if the data importer is located in the United States.
Finally, many aspects of the Schrems II Case and the issues examined by the CJEU are particularly relevant for the future of data transfers from the European Union to the United Kingdom after the end of the Brexit transition period on December 31, 2020. After this date, the current status quo for data transfers will no longer apply and the United Kingdom will be a third country according to the GDPR. Companies are therefore tracking closely the outcome of the UK’s pending application to the European Commission for adequacy status.
Conclusion
Going forward, we expect to see more enforcement action, the further overlaying of national legislation supplementing the GDPR on specific data privacy topics, and additional guidance from European data protection authorities. While the stated aim of the European Commission in its Report is to support the harmonized and consistent implementation and enforcement of the GDPR across the European Union, there are likely to be challenges to this objective.
Key issues on the horizon include:
Much-anticipated guidance around international data transfers in light of the recent invalidation of the EU-U.S. Privacy Shield and additional measures required in connection with the use of standard contractual clauses;
The scope of the final draft ePrivacy Regulation, which will replace the existing ePrivacy Directive, governing the use of personal data and other information in marketing as well as the use of cookies and how this practice intersects with the GDPR, particularly as to when GDPR-level consent will be required;
The outcome of the adequacy assessment currently being carried out by the European Commission with respect to the United Kingdom in accordance with the Political Declaration on the Future Relationship; and
The application of the GDPR to new technologies, such as artificial intelligence and machine learning.
Companies will need to consider these external issues and also closely monitor their internal data collection and use in order to ensure that their data privacy compliance approach remains in step with the GDPR as it evolves in the coming years.
1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and repealing Directive 95/46/EC (General Data Protection Regulation), 2016 O.J. (L 119) 1 [hereinafter GDPR].
2 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, 1995 O.J. (L 281) 31 [hereinafter Data Protection Directive].
3 Eur. Comm’n, Data Protection as a Pillar of Citizens’ Empowerment and the EU’s Approach to the Digital Transition—Two Years of Application of the General Data Protection Regulation, COM (2020) 264 final (Jun. 24, 2020) [hereinafter Report].
5 GDPR, art. 6(1). Additional conditions apply when special categories of personal data are being processed. See id. art. 9.
6Id. art. 6(1)(a). The GDPR defines “data subject” as “an identified or identifiable natural person.” Id. art. 4(1). It defines “consent” as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” Id. art. 4(11).
8Id. art. 4(7) defines “controller” as “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.” In the context of the internet, the term often refers to companies that operate websites.
9 Eur. Data Prot. Bd., Guidelines 05/2020 on Consent Under Regulation 2016/679 ver. 1.1 ¶ 3, at 5 (May 4, 2020), https://edpb .europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en.
11 CNIL, Deliberation of the Restricted Committee SAN-2019-001 of 21 January 2019 Pronouncing a Financial Sanction Against Google LLC (2019), https://www.cnil.fr/sites/default/files/atoms/files/san-2019-001.pdf.
12 Conseil d’État, Sanction infligée à Google par la CNIL, Décision 19 Juin 2020, https://www.conseil-etat.fr/ressources/decisions-contentieuses/dernieres-decisions-importantes/conseil-d-etat-19-juin-2020-sanction-infligee-a-google-par-la-cnil.
13See, e.g., CNIL, supra note 12, ¶¶ 86–89, at 11–12. Article 12, in particular, is cited throughout the opinion.
20 Case C-673/17, Bundesverband der Verbraucherzentralen und Verbraucherverbände––Verbraucherzentrale Bundesverband eV v. Planet49 GmbH, ECLI:EU:C:2019:801 (Oct. 1, 2019).
25 Info. Comm’r’s Office, Guidance: Privacy and Electronic Communications: Guidance on the Use of Cookies and Similar Technologies 47 (July 3, 2019); https://ico.org.uk/media/for-organisations/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies-1-0.pdf.
29Id. art. 9(1) (defining special categories of data as “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”).
30 The controller’s legitimate interest is one of the six legal bases for processing personal data. Id. art. 6(1)(f).
31 Decision 26/2019 of the Hellenic Data Protection Authority, https://www .dpa.gr/pls/portal/docs/PAGE/APDPX/ENGLISH_INDEX/DECISIONS/SUMMARY%20OF%20DECISION%2026_2019%20(EN).PDF.
33 Case C-210/16, Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v. Wirtschaftsakademie Schleswig-Holstein GmbH, ECLI:EU:C:2018:388 (June 5, 2018).
34 Case C-25/17, Tietosuojavaltuutettu v. Jehovan todistajat––uskonnollinen yhdyskunta, ECLI:EU:C:2018:551 (July 10, 2018).
35 Case C-40/17, Fashion ID GmbH & Co. KG v. Verbraucherzentrale NRW eV, ECLI:EU:C:2019:629 (July 29, 2019).
36 Press Release, Info. Comm’r’s Office, ICO Fines Marriott International Inc £8.4 Million for Failing to Keep Customers’ Personal Data Secure (Oct. 30, 2020), https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-fines-marriott-international-inc-184million-for-failing-to-keep-customers-personal-data-secure/.
37 Press Release, Info. Comm’r’s Office, ICO Fines British Airways £20m for Data Breach Affecting More than 400,000 Customers (Oct. 16, 2020), https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400-000-customers/.
38 Commissioner for Data Protection and Freedom of Information Baden-Wurttemberg, decision of 26 June 2020 re. AOK Baden Wuerttemberg.
39 Eur. Union Agency for Fundamental Rights, Your Rights Matter: Data Protect ion and Privacy (2020).
40 GDPR, art. 12(3). The period of one month may be extended by two further months where necessary, taking into account the complexity and number of requests. Id.
41 Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales, 2018 B.O.E. 119788.
42 Case C-131/12, Google Spain SL v. Agencia Española de Protección de Datos (AEPD), ECLI:EU:C:2014:317 (May 13, 2014).
43 Eur. Data Prot. Bd., Guidelines 5/2019 on the Criteria of the Right To Be Forgotten in the Search Engines Cases Under the GDPR (Part 1) (Dec. 2, 2019), https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_201905_rtbfsearchengines_forpublicconsultation.pdf.
44 There are currently two different types of standard contractual clauses for use, depending on whether the EU-based data exporter is transferring personal data to a controller, in which case one of the two sets of the European Commission approved controller-to-controller clauses should be used, or the data exporter is transferring personal data to a processor, when the European Commission approved controller-to-processor clauses are used.
The COVID-19 pandemic has wreaked havoc on the commercial real estate industry for the last year. For commercial tenants, customers are scarce, demand for goods and services has dried up, and supply chains have been severely disrupted. Additionally, many jurisdictions have implemented (and later re-implemented) restrictive measures, such as “stay at home” orders, leading to the widespread closure or limitation of nonessential businesses. Although COVID-19 vaccines have been approved and have begun to be distributed, the distribution process has been very slow. Accordingly, there is no clear timeline by which businesses can “return to normal.”
Accordingly, commercial landlords nationwide have been forced to prepare for and address the inability of tenants to sustain their rental obligations. For landlords to formulate their strategy, among other factors, they must be aware of the applicable lease provisions, their available remedies, the short- and long-term financial viability of the defaulting tenant and the rental market for the leased premises. On the other side of the bargaining table, tenants who are unable to pay their lease obligations likewise need to be aware of these factors in order to determine their strategy to request a deferral or abatement of rent, lease termination, or to not to pay the rent due.
Lurking in the background is the potential bankruptcy of the tenant, which may have a significant impact on the landlord’s and the tenant’s rights and remedies; and accordingly, a significant impact on the landlord’s and the tenant’s strategy with respect to both the exercise of remedies and lease restructuring negotiations.
This article highlights the relevant principles of bankruptcy law that affect the landlord/tenant relationship if the tenant enters bankruptcy voluntarily or involuntarily. It will then explore the strategic considerations that landlords and tenants should consider when the threat of a tenant bankruptcy is a real possibility.
PERTINENT BANKRUPTCY LAW PRINCIPLES
1. The Automatic Stay
Section 362(a) of the Bankruptcy Code provides that upon the commencement of the bankruptcy case, an “automatic stay” goes into effect.[1] The automatic stay protects debtors that file bankruptcy by prohibiting any creditor from acting to obtain possession of or exercise control over property of the debtor’s bankruptcy estate.[2] Among other consequences, the automatic stay halts the commencement or continuation of any judicial, administrative or other action or proceeding against the debtor that was commenced (or could have been commenced) before the bankruptcy filing date.
Accordingly, absent relief from the automatic stay (which is discussed below), a landlord may not take any action to collect, assess or recover on a claim under a commercial lease that arose before the bankruptcy case, including commencing or continuing an eviction action, or attempting to collect pre-petition rent. Normally, a landlord that sends lease termination notices to tenants after the petition date would violate the automatic stay.[3]
Section 362(k) of the Bankruptcy Code provides that “an individual injured by any willful violation of a stay provided by this section shall recover actual damages, including costs and attorneys’ fees, and, in appropriate circumstances, may recover punitive damages.” Thus, at least in cases where the tenant is an individual (or perhaps where a trustee has been appointed in the tenant’s bankruptcy case),[4] a landlord’s violation of the automatic stay can result in sanctions, including the entry of a court order obligating the landlord to pay the tenant’s actual damages and attorneys’ fees, and possibly punitive damages. For this reason, landlords should consult with their counsel before taking any actions against tenants, once the tenants enter bankruptcy.
To the extent that a landlord has obtained a cash security deposit from the tenant before the tenant files bankruptcy, the landlord will not be entitled to set off the security deposit against its claims against the tenant, absent relief from the automatic stay or except as set forth in the tenant’s eventual Chapter 11 plan. This presents a timing issue for the landlord, as it may take a long time for the landlord to be able to apply the security deposit.
Alternatively, if the credit support is in the form of a letter of credit from a bank or other third-party issuer (with the landlord as the beneficiary), the automatic stay would generally not prevent the landlord from drawing down on the letter of credit to obtain the proceeds to apply to unpaid lease obligations. This is based on the view that letters of credit and their proceeds are not property of the bankruptcy estate because the issuer of the letter of credit pays the beneficiary with its own funds, not with the debtor’s assets.[5] This comes with a caveat, however. If the terms of the lease or the letter of credit require the landlord to first give the tenant notice that it intends to seek payment under the letter of credit, providing that the notice to the tenant may violate the automatic stay – which could delay, or even prevent, the landlord from drawing on the letter of credit. This risk can be mitigated if the letter of credit authorizes the landlord to draw upon it if it submits a certificate to the issuer that the tenant is in bankruptcy. In addition, if the proceeds realized from the drawing on the letter of credit exceed the amount of the tenant’s then-unpaid obligations under the lease, most leases provide that such excess would be held as a cash security deposit, in which event such excess would be subject to the automatic stay as described above. This dilemma may be avoided if the letter of credit permits partial draws, so that the landlord would continue to have the protection of a letter of credit, rather than a mere cash security deposit.
Section 362(d) of the Bankruptcy Code provides that the bankruptcy court shall lift the automatic stay if (a) “cause” exists, or (b) the debtor does not have equity in the property and the property is not necessary to an effective reorganization, and a landlord requests that the stay be lifted under such rule.[6] However, it can be difficult for a commercial landlord to obtain relief from the stay to terminate a lease or evict a tenant over the tenant’s objection, particularly early in the bankruptcy case. This is because bankruptcy courts may defer to the tenant’s assessment early in the case that the lease may have value, or that the lease may be necessary to achieve the tenant’s reorganization. This is particularly true if the lease is clearly “below market” (i.e., the rent amount under the lease is less than the prevailing market rate), as the tenant might be able to assign the lease to a third party and receive value in exchange. The issue of tenant assignments of leases in bankruptcy is addressed later in this article.
Landlords may find more success in convincing the bankruptcy court to lift the automatic stay to simply permit them to set off their cash security deposits against unpaid pre-petition amounts due under their leases. This is because landlords have a secured claim for unpaid amounts due to the extent of their cash security deposits. Accordingly, to the extent the security deposit would cover unpaid amounts under the lease, allowing the landlord to set off the security deposit would not harm other creditors or the bankruptcy estate. In addition, if the tenant fails to make its post-petition lease payments to the landlord (which are discussed below), the landlord will likely have a strong basis to request that the bankruptcy court lift the automatic stay to permit the landlord to pursue eviction proceedings.
2. Treatment of a Tenant’s Pre-Petition and Post-Petition Lease Obligations in Bankruptcy
The Bankruptcy Code provides for different treatment of a landlord’s claim for unpaid amounts that became due before the tenant’s bankruptcy filing date (“pre-petition” claims), and a landlord’s claim for amounts that become due after the tenant’s bankruptcy filing date (“post-petition” claims).
As noted above, the automatic stay prevents the landlord from taking actions against the tenant on account of the landlord’s pre-petition claim, including setting off any cash security deposit against unpaid pre-petition amounts due under the lease. In addition, the landlord’s pre-petition claim for unpaid amounts due under the lease will be treated as a secured claim to the extent the landlord holds collateral (such as a cash security deposit), and a general unsecured claim to the extent the amount due from the tenant exceeds the value of the collateral that the landlord holds. In many bankruptcy cases, general unsecured creditors receive little or no distribution on account of their claims. In those cases, the landlord’s only practical sources of recovery may be security deposits and third-party guarantees.
If a landlord holds a pre-petition claim, it must make sure to file a proof of claim in the bankruptcy case by the deadline for the filing of such claims (the “bar date”). If a landlord fails to file a proof of claim, or files one after the bar date, it may be barred from recovering on its pre-petition claim.
On the other hand, post-petition amounts are called “administrative expenses” and are entitled to priority over general unsecured claims. Section 365(d)(3) of the Bankruptcy Code requires a tenant to perform all post-petition obligations under the lease, until the tenant either assumes or rejects the lease.[7] The landlord’s collection of post-petition lease payments does not violate the automatic stay, and landlords do not need to obtain an order from the bankruptcy court to receive those post-petition payments. Importantly, the tenant ultimately will be required to pay all of its administrative expenses (including post-petition rent) in full and in cash to confirm a Chapter 11 plan in its bankruptcy case.[8]
Although Section 365(d)(3) of the Bankruptcy Code requires the tenant to pay its post-petition lease obligations on a current basis, landlords should be aware that the very same Code section further provides that the bankruptcy court may extend the tenant’s deadline to perform the lease obligations that arise during the first 60 days of the bankruptcy filing.[9] For example, the bankruptcy court in the J. Crew bankruptcy case (In re Chinos Holdings, Inc.) granted the debtors/tenants a 60-day extension of their deadline to perform their lease obligations expressly because of the COVID-19 pandemic.[10] Tenants could even try to seek further extensions of that deadline under the bankruptcy court’s equitable powers.[11]
In Chapter 11 cases under “Subchapter V” (certain small businesses can elect to file Subchapter V cases), however, the Consolidated Appropriations Act, 2021 that was enacted on December 27, 2020 (the “2021 CAA”) provides that the time for performance of an obligation arising under an unexpired lease of non-residential real property may be extended by the court for an additional 60 day period (for a total of 120 days after the order for relief), if the debtor is experiencing or has experienced a material financial hardship because of the COVID-19 pandemic. This special rule for Subchapter V cases expires on December 27, 2022. However, the rule will continue to apply in any bankruptcy case that is commenced before the December 27, 2022 sunset date. Thus, for example, the special rule will apply to a Subchapter V case that is filed on December 25, 2022.
Landlords must also take note of any deadlines that the bankruptcy court may establish for them to file a claim for post-petition administrative expenses. If the court establishes such a deadline, landlords will need to timely file their claims with the bankruptcy court for any unpaid post-petition administrative expenses.
3. Possible Suspension of Chapter 11 Cases
Because of the exigencies of the COVID-19 pandemic and the stay-at-home orders that are in effect in many jurisdictions, tenants may ask the bankruptcy court to suspend their bankruptcy case, and thereby also suspend the tenants’ obligation to pay post-petition lease obligations. The legal bases for this type of request are Section 105(a) of the Bankruptcy Code (which codifies the bankruptcy court’s equitable powers) and Section 305 of the Bankruptcy Code (which provides that the court may dismiss or suspend all proceedings in a bankruptcy case at any time, if “the interests of creditors and the debtor would be better served by such dismissal or suspension”).
This recently occurred in the Modell’s Sporting Goods, Inc. bankruptcy case, where the tenant intended to pursue a going-out-of-business sale, which could not be carried out because of the pandemic. In Modell’s, the court suspended the bankruptcy case for approximately three months, and permitted the debtors to defer payments of expenses (other than “essential expenses”) during the term of the suspension.[12] Similarly, in the Pier 1 Imports, Inc. case, the bankruptcy court permitted the tenant to temporarily defer making rent payments.[13] Accordingly, landlords that are involved in bankruptcy cases, like Modell’s and Pier 1, that are suspended due to the pandemic, may face delays in receiving post-petition lease payments.
4. General Unenforceability of Bankruptcy Termination Provisions
Leases commonly include so-called “ipso facto” provisions, which provide that the lease will be terminated or be modified if the tenant commences a bankruptcy case. Because of Section 365(e)(1) of the Bankruptcy Code, however, these ipso facto provisions are generally unenforceable against debtors in bankruptcy.[14] Specifically, Section 365(e)(1) of the Bankruptcy Code overrides lease language that provides for lease termination or modification on the tenant’s commencement of a bankruptcy case, the insolvency or financial condition of the tenant at any time before the closing of its bankruptcy case, or the appointment of a trustee in the tenant’s bankruptcy case.
The foregoing rule does not apply to the valid termination of a lease before the tenant’s bankruptcy filing (the general rule is that a lease will be deemed terminated if all final hurdles to termination have been satisfied and the lease is not subject to any form of equitable redemption or statutory grace period). This is because Section 365(c)(3) of the Bankruptcy Code provides that a tenant cannot assume or assign any lease of nonresidential real property that was properly terminated before the commencement of the bankruptcy case. Accordingly, where the lease was properly terminated before the bankruptcy case commenced, the tenant will likely be required to vacate the premises notwithstanding the bankruptcy filing – since Section 365(c)(3) would preclude the tenant from assuming or assigning the lease. Note, however, that tenants may try to contest the validity of any pre-bankruptcy lease terminations as part of their bankruptcy litigation strategy. In addition, some states have anti-forfeiture statutes that permit a tenant to revive a terminated lease, while other jurisdictions have equitable principles that permit an otherwise-terminated lease to be resurrected.
If the landlord terminated the lease before the bankruptcy case commenced, but the tenant continues to inhabit the premises after the case commences, the best practice is for the landlord to first request relief from the automatic stay before taking steps to evict the tenant. This would reduce the risk that the landlord would be found to have violated the automatic stay by enforcing an improper termination of the lease.
5. General Unenforceability of Anti-Assignment Clauses in Bankruptcy
In addition to termination provisions, leases commonly contain provisions that prohibit the tenant from assigning the lease to a third party or restrict the tenant’s ability to assign the lease. Section 365(f) of the Bankruptcy Code overrides almost all of these provisions, specifying that notwithstanding any anti-assignment language in the lease, the tenant may assign the lease as long as certain requirements are met.[15]
6.Assumption, Assignment or Rejection of Leases by the Tenant
In connection with its bankruptcy case, a tenant can make one of three elections with respect to its unexpired leases, subject to the approval of the bankruptcy court and so long as the tenant satisfies certain applicable requirements under the Bankruptcy Code. The tenant can:
assume the lease in accordance with Sections 365(a) and (b) of the Bankruptcy Code;
assume and assign the lease to a third party in accordance with Section 365(f) of the Bankruptcy Code; or
reject the lease.
Although the landlord can object to the tenant’s motion to take any one of these three actions, the tenant does not need to obtain the landlord’s consent. All the tenant needs to do is obtain the bankruptcy court’s approval, which bankruptcy courts tend to provide so long as the debtor exercised sound business judgment in deciding which action to pursue.
If the tenant elects to assume the lease, then it will be required to:
cure virtually all types of outstanding defaults (including unpaid rent) under the lease; and
provide adequate assurance to the landlord that it can continue performing its future lease obligations.[16]
Critically, if the tenant decides to assume the lease, it must assume the entire lease cum onere. The tenant cannot pick and choose which provisions of the lease it wants to assume or reject.[17] Any modifications of the lease require the landlord’s consent.
To assume a lease, the tenant must file a motion with the bankruptcy court and provide notice to the landlord. The landlord may then object to the tenant’s request (including on the basis that the landlord’s calculation of the cure amount is greater than the tenant’s calculation, or on the basis that the tenant is unable to provide adequate assurance of future performance).
If the tenant elects to assume the lease and assign it to a third-party assignee, then:
either the tenant or the assignee will be required to cure virtually all types of outstanding defaults under the lease; and
the assignee will need to provide adequate assurance to the landlord that the assignee can continue performing the future lease obligations.[18]
Tenants often assume and assign their leases as part of a sale of the tenant’s assets to a third party, or when the rental rate under the lease is below market. To assume and assign a lease, the tenant must file a motion with the bankruptcy court and provide notice to the landlord. The landlord may then object to the tenant’s request.
If a tenant makes the election to assume and assign its lease, the landlord can try to make a defensive bid to purchase the lease. If the landlord prevails in its bid, it would then be free to terminate the lease, recover the premises and rent it to a new tenant of the landlord’s own choosing. If the landlord does not prevail in its bid, then the tenant can assign the lease to any assignee, including one that the landlord does not approve.
A number of courts have held that a tenant can assume and assign leases without giving effect to any lease clause that requires the tenant to share with the landlord a portion of any net profits that the tenant receives in connection with the assignment.[19] The rationale is that such profit-sharing provisions in a lease are unenforceable in bankruptcy, because they are effectively a restriction on assignment.[20] This is typically the case even if the profit-sharing provision is a bargained-for exchange in which the landlord had agreed to charge below-market rent.
The Bankruptcy Code includes some additional protections to landlords in shopping centers in the event of a tenant’s assumption and assignment of its lease. It defines “adequate assurance” in this context to include requirements that:
the “financial condition and operating performance” of the proposed assignee and its guarantors are similar to those of the tenant and its guarantors;
the percentage rent due under such lease will not decline substantially;
the assignee’s proposed use of the leased premises will not violate any radius, location, use, or exclusivity provisions of the lease or any such provisions contained in any other agreements related to the shopping center; and
the assignee’s proposed use of the lease premises will not disrupt any tenant mix or balance in the shopping center.[21]
An interesting issue arises when the debtor/tenant has subleased some or all of the premises to a subtenant. If the debtor/tenant rejects the prime lease with the landlord, would the subtenant have the right to remain on the premises? Although it is clear the debtor/tenant would be required to vacate the premises in this situation, it is not entirely clear whether any subtenants will also be required to vacate the property. This is because Sections 365(h)(1)(A) and (B) of the Bankruptcy Code (which protect certain rights of tenants if the landlord were to file bankruptcy) may be construed to give subtenants the right to remain on the property (or at least be able to raise any available rights under state law), even after the debtor/tenant rejects the prime lease.[22] A number of courts have held that Sections 365(h)(1)(A) and (B) do not protect subtenants who do not have a direct agreement with the landlord. The basis for these courts’ conclusion is that subleases depend upon the continuing viability of the prime leases, and the rejection of the prime leases also results in the rejection of the subleases.[23] However, a landlord might still have to litigate this issue with subtenants in jurisdictions where this issue has not yet been settled.
In addition, once the tenant rejects the lease, it will be deemed to have breached the lease.[24] In that case, the landlord may assert:
an administrative expense claim for any unpaid post-petition rent relating to the period between the bankruptcy filing date and the rejection date; and
a general unsecured claim for damages arising out of that rejection (g., lost post-petition rent, the costs of re-letting the premises and attorneys’ fees, all to the extent such amounts are specifically provided under the lease).
The claim for rejection damages will be treated as a pre-petition general unsecured claim, even for rejection damages that relate to the period of time after rejection. Pursuant to Section 502(b)(6) of the Bankruptcy Code, the landlord’s claim for rejection damages is capped at an amount equal to the greater of one year’s rent, or 15% of the remaining rent due under the lease, up to a maximum of three years of rent.[25]
Similar to the cum onere rule for the assumption of leases, if the tenant decides to reject a lease, it must reject the entire lease. In other words, the tenant cannot pick and choose which provisions of the lease it wants to assume or reject. The landlord will be required to file a proof of claim in the bankruptcy court to assert any rejection damages.
7. Tenant’s Deadline to Decide Whether to Assume or Reject Leases
Under Section 365(d)(4)(A) of the Bankruptcy Code, the tenant has an initial period (the “Initial Period”) of up to 120 days after the bankruptcy case is filed to decide whether to assume, assume and assign, or reject its unexpired commercial real property leases.[26] Under the 2021 CAA, the Initial Period was temporarily expanded from 120 days to 210 days after the bankruptcy case is filed. The 2021 CCA’s temporary expansion of the Initial Period will expire on December 27, 2022, meaning that after that date, the Initial Period will once again become 120 days.
The Initial Period can be extended by up to 90 additional days if the bankruptcy court approves that extension, pursuant to Section 365(d)(4)(B) of the Bankruptcy Code. Any further extension (i.e., beyond the Initial Period plus the 90 additional days) requires the consent of the landlord. [27] This means that, unless the landlord consents to further extensions, the tenant will have no more than the Initial Period plus 90 days after its bankruptcy case begins to decide whether to assume, assume and assign, or reject its unexpired leases. During the time that the debtor is making that decision, the debtor must continue to timely perform all of its obligations under the lease. If the tenant does not make its decision by the deadline, the lease will be deemed rejected by operation of Section 365(d)(4)(A) of the Bankruptcy Code.
8. Modification of Leases
Although tenants can assume, assume and assign or reject their unexpired commercial leases without the landlord’s consent, tenants cannot modify the terms of their leases without the landlord’s consent. This is the result of the cum onere rule described above – if the debtor/tenant assumes a lease, it must accept the burdens of the lease, along with its benefits.[28] To the extent the landlord and the tenant agree to modify the terms of the lease, the tenant must then request bankruptcy court approval to assume the lease as modified by the parties’ agreement.
An interesting issue arises when a lease is part of a battery of other documents that may be considered an inseverable whole. This issue arose in the Buffets Inc. case, where the debtors sought to reject certain leases (but not all of the leases) that were integrated into master leases. The landlords argued that the debtor could not pick and choose only specific leases within the master lease portfolio to reject (while assuming the other leases in the portfolio). Instead, the landlords argued that all of the leases in the master lease portfolio must either have been assumed or rejected in toto. The bankruptcy court agreed with the landlords based on the facts of the case and the applicable state law.[29]
9.Credit Support for Landlords: Security Deposits, Letters of Credit and Personal Guarantees
There are several ways for landlords to obtain credit support to reduce their risk of the tenant defaulting under the lease. One method is a traditional cash security deposit. However, because traditional cash security deposits are normally deemed to be property of the tenant’s bankruptcy estate (even though the landlord holds the deposit), it is not the best credit support mechanism from a bankruptcy perspective. This is because the landlord will only be able to set off the deposit against unpaid amounts due under the lease after it obtains relief from the automatic stay or if the tenant’s Chapter 11 plan permits it.[30] The inherent delay in applying the deposit can harm a landlord that relies on the rent payments from its tenants to meet the landlord’s own mortgage obligation on the property. In addition, if the amount of the security deposit exceeds the landlord’s claim amount, the tenant may seek “turnover” of the excess. The landlord is only obligated to return the security deposit amount that exceeds its allowed claim.
Another form of common credit support is a letter of credit, which the tenant would obtain from a third-party issuer (typically a bank). The letter of credit will provide that the third-party issuer will pay the landlord directly upon demand, with the landlord being permitted to make such demand if the contractual conditions to payment under the letter of credit (e.g., the tenant’s payment default under the lease) are met. Because of the “independence principle” inherent in letter of credit law, the automatic stay in the tenant’s bankruptcy case should not prevent the landlord from drawing on the letter of credit, so long as the lease and the letter of credit do not obligate the landlord to take any action vis-à-vis the tenant (such as providing notice to the tenant). This is because of the “independence principle,” which provides that a letter of credit is an independent contractual obligation of the issuer. As a result, landlords are well-advised to obtain a third-party letter of credit instead of a cash security deposit, and to ensure that the terms of the lease and the letter of credit do not obligate the landlord to take any action vis-à-vis the tenant before being able to draw on the letter of credit.
Another form of credit support is a guarantee by either an entity that is affiliated with the tenant, or one or more principals of the tenant. If the tenant files bankruptcy, but the guarantor does not, in most cases the landlord will be free to collect on the guarantee without ever having to set foot in bankruptcy court. This is because the automatic stay generally only applies to the specific entity or individual that has actually filed bankruptcy. However, in a few cases, the tenant will be able to obtain a bankruptcy court order extending the automatic stay to affiliates and principals that have not filed bankruptcy. Courts that have extend the automatic stay to non-debtor affiliates and principals typically only have done so because “unusual” or “extraordinary” circumstances existed.[31] Additionally, if the guarantor itself files bankruptcy, the automatic stay in the guarantor’s own bankruptcy case will halt the landlord’s efforts to collect on the guaranty.
10. Financing Issues
Once a tenant files bankruptcy, it typically requests bankruptcy court approval to use the “cash collateral” of its lender and/or requests a new loan from a lender, which is called a debtor-in-possession (“DIP”) loan. In the first circumstance, the lender will be entitled “adequate protection.”[32] In the second circumstance, the DIP lender likely will request security for its new loan and the pre-petition lender (if there is one) would be entitled to adequate protection if the tenant proposes to grant the DIP lender a lien that is senior to or pari passu with the pre-petition lender’s lien.[33] In both circumstances, the lender may request a lien on the tenant’s leasehold interest, or at least a lien on any proceeds that the tenant might receive by assigning its lease.
Bankruptcy courts typically permit the debtor/tenant to grant the lender a lien simply on any proceeds that the tenant might receive by assigning its lease, as granting a lien only on assignment proceeds would not affect the landlord’s rights as to the property.
The question of whether a tenant may grant a lien on the leasehold interest (as opposed to mere proceeds) is critical. Typically, if the tenant is unable to reorganize and assume or assign its lease in Chapter 11, the landlord can regain the premises. However, if the tenant has previously granted a lien on its leasehold interest to a lender, that lender could foreclose on the tenant’s rights under the lease without having to comply with the landlord protections relating to assumption and assignment that are discussed above.
There is little case law addressing the question of whether a tenant may grant a DIP lender a lien on its leasehold interests when (a) the lease contains an anti-hypothecation provision, and (b) the landlord objects to the debtor’s request to grant such lien. On this issue, DIP lenders have contended that anti-hypothecation provisions in leases are invalid under Section 365(f) of the Bankruptcy Code.[34] They also have cited cases suggesting that a bankruptcy court, in approving DIP financing under Section 364(c), can grant a lien on assets that are subject to negative pledge covenants. On the other hand, landlords have argued that such invalidation could apply only if such leases were actually assumed under Section 365(b). Landlords have also noted that where the lease is in a shopping center, Section 365(b)(3) of the Bankruptcy Code contains special protections for landlords in shopping center leases, and that granting a lien on the leasehold interest would eviscerate those protections.
Regardless of how a court would rule on this issue if it were contested, a debtor likely could still grant security interests on a leasehold interest when the applicable landlord fails to object to the cash collateral motion or DIP motion at issue. This means that if the lease contains an anti-hypothecation provision, the landlord should consider filing an objection to the tenant’s cash collateral or DIP motion, on the basis that the tenant should not be permitted to grant a lien on its leasehold interest under the express terms of the lease.
11. Going Out of Business Sales
Landlords that have retail tenants may also need to contend with “Going Out of Business” (“GOB”) sales. Despite any lease provisions that prohibit GOB sales, tenants will often seek (and receive) bankruptcy court approval to run GOB sales during the bankruptcy case. A bankrupt tenant’s GOB sale can negatively affect the landlord’s other tenants, because of the extensive (and colorful) signage, and the usual messiness and poor maintenance of the premises during GOB sales. Landlords often also consider GOB sales undesirable because they are associated with financially unstable companies, and may lead current or future tenants to perceive that the premises cannot support a successful business operation. Landlords typically cannot entirely prevent a tenant-debtor from having a GOB sale, because a GOB sale may be the only way for the tenant and the tenant’s creditors to maximize value for themselves.
Even though landlords typically cannot wholly prevent a GOB sale, they can try to minimize the sale’s negative impact on the premises. For example, landlords can:
negotiate a finite time period for the sale;
monitor the signage and advertising to ensure that it does not disrupt other tenants;
monitor the sale to ensure compliance with applicable guidelines for the premises, such as noise levels, capacity, and cleanliness; and
monitor the premises to ensure proper maintenance.
If a landlord cannot reach an agreement with its tenant regarding GOB sales or if the tenant does not comply with its agreement, the landlord can seek intervention by the bankruptcy court to force tenant compliance. Indeed, pursuant to Sections 105(a) and 363(e) of the Bankruptcy Code, bankruptcy courts have the discretion to condition the time, place, and manner of GOB sales to balance the interests of bankrupt tenants and their landlords.[35]
STRATEGIC CONSIDERATIONS FOR COMMERCIAL LANDLORDS AND TENANTS
With these basic principles of bankruptcy law that affect the landlord/tenant relationship in the event of tenant bankruptcy in mind, we now explore the strategic considerations that landlords and tenants should consider where the threat of a tenant bankruptcy is a real possibility.
1. Landlord’s Considerations
Given the current conditions in the marketplace, commercial landlords can safely surmise that one or more of their tenants is facing, or may soon be facing, financial stress. Landlords that become aware of a tenant’s potential financial stress (whether through direct communication with the tenant, the tenant’s failure to pay rent, abandonment of its space, or through third-party sources) should attempt, as promptly as possible, to gather information to confirm whether the tenant has reached a point where it is (or will be) unable to pay all of its obligations as they become due. As part of that information-gathering exercise, the landlord should consider asking the tenant directly about its current financial condition and its prospects. If the lease provisions contain financial or operational reporting obligations on the part of the tenant, the landlord should press the tenant to deliver the required reporting.
In addition, the landlord should not be surprised if, during its discussions with the tenant regarding possible rent relief and lease modifications, the tenant states that it may file bankruptcy if the landlord does not agree to the tenant’s demands. Indeed, the threat of bankruptcy is often a negotiation tactic in many restructuring discussions, as the tenant could file bankruptcy and, without the landlord’s consent, reject the lease – which could leave the landlord with little or no recovery – or take advantage of a below-market rent and assume and assign the lease to a new occupant. This threat of bankruptcy and subsequent lease rejection (or assumption and assignment) could lead the landlord to agree to a negotiated workout in order to minimize the chances of the tenant’s bankruptcy filing. Although landlords should not necessarily take the threat of bankruptcy at face value, astute landlords will consider what their likely outcome would be if their tenants ultimately do file bankruptcy.
Below are some steps that a landlord should take when its tenant is facing financial difficulties and there is a possibility of the tenant’s bankruptcy.
A. Familiarize Yourself With Your Lease Documents
Before a landlord makes the determination to place the tenant in default, or commences any discussions with a tenant concerning a possible lease modification, the landlord (with the assistance of counsel) must review the existing lease documents. In particular, the landlord should review the default provisions of the lease (and any relevant provisions which may excuse performance) to determine what actions or omissions have occurred may constitute a default by the tenant, applicable notice and cure periods, and whether any event excuses the tenant’s duties to perform. In addition, the landlord should review applicable remedies for the default under the lease, and any obligation to mitigate the damages caused by the tenant’s breach.
B. Default Notices: The Clock is Ticking
Once a landlord determines that a default or an event of default has occurred under the specific terms of the lease, it should send any required default notice to the tenant as soon as possible. With the threat of the tenant’s bankruptcy looming, the landlord needs to be cognizant of the substantial advantage of having the lease terminated prior to the bankruptcy filing. If the lease is not terminated before the tenant’s bankruptcy filing, the tenant will be able to remain in the premises until it either rejects the lease, assumes the lease, assumes and assigns the lease, or the automatic stay is lifted to allow the landlord to terminate the lease (and, until such time, the landlord will be unable to enforce any of its remedies for the tenant’s default and/or re-let the premises to a more palatable tenant). This will be the case even if the landlord has declared a default under the lease prior to the bankruptcy. In fact, once the tenant files bankruptcy, the landlord may be in violation of the automatic stay if it subsequently sends a default notice without first obtaining a lift-stay order from the bankruptcy court.
Accordingly, if the landlord seeks the leverage of having the lease terminated prior to the bankruptcy, taking the first step in that process – sending any required default notice – promptly is critical. The timing sensitivity is particularly acute since many leases give the tenant some period of time after the notice is delivered to cure the applicable defaults. Even worse, if the landlord waits too long to send any notice that is required under the lease, the tenant may argue that the landlord has waived the default, or that equitable principles (such as the doctrines of laches or estoppel) preclude the landlord from exercising its remedies.
The landlord is advised to send any required default notice to the tenant, even if it expects to negotiate a workout or does not yet intend to exercise its remedies. By sending the notice as soon as the default is identified, the landlord can:
maximize flexibility and avoid delays if the landlord needs to terminate the lease before the tenant files bankruptcy; and
minimize the risk of the landlord inadvertently waiving remedies that are not promptly exercised.
In addition, the lease may permit the landlord to apply the security deposit or to draw a letter of credit against unpaid lease obligations after a default has occurred, so sending out the notice earlier may allow the landlord to exercise its rights as to the security more quickly. This is particularly critical if the landlord holds a cash security deposit, because the automatic stay would delay (and limit) the landlord’s ability to apply the cash security deposit against the outstanding amounts due under the lease. If the landlord is the beneficiary of a letter of credit, the landlord should limit its draws to the amount in default, so that the balance would not be held as a cash security deposit that could be subject to the automatic stay.
C. Possible Termination of the Lease
The proper termination of a lease before the tenant’s bankruptcy filing prevents the lease from becoming property of the tenant’s bankruptcy estate, and as set forth above, the tenant will not be permitted to elect to reject, assume or assign the lease. This significantly reduces the tenant’s leverage over the landlord, because the bankruptcy filing will not resuscitate a lease that was validly terminated before the bankruptcy, and the landlord will be free to pursue an eviction of the tenant. Even if the lease is terminated, the landlord would still be free to negotiate a new lease with the existing tenant, if the landlord believes that a restructured lease with the existing tenant is more desirable than entering into a lease with a new tenant.
The word “proper” is emphasized in the paragraph above, because a bankruptcy court could conclude that the landlord’s purported termination of the lease was ineffective. This can occur if the landlord fails to terminate in strict compliance with the express terms of the lease and applicable law. For example, if the lease requires the landlord to provide seven days’ prior notice to the tenant, but it purported to terminate the lease on only three days after delivering notice, the termination may be ineffective. As another example, if the landlord demands payments that are higher than those to which it is entitled under the lease, the landlord’s subsequent termination of the lease because of the tenant’s failure to pay such higher amount may be improper. In addition, any action that the landlord takes against the tenant under the mistaken assumption that the tenant was in default could expose the landlord to liability.
The Bankruptcy Code overrides lease language that provides for the termination or modification of the lease due to the tenant’s commencement of a bankruptcy case, the insolvency or financial condition of the tenant at any time before the closing of its bankruptcy case, or the appointment of a trustee in the tenant’s bankruptcy case. Only a “proper” termination of the lease before the tenant files bankruptcy will be recognized by the bankruptcy court.
Even if the landlord does everything that it is required to do under the lease and applicable law to terminate the lease, it should be prepared for the tenant to dispute the termination in court. In certain situations, the bankruptcy court may find a way to restore a tenant’s contract rights notwithstanding the lease terms. This is especially true where lease defaults are non-monetary, where a landlord can be made whole if the tenant makes all outstanding payments, or where the terms of the lease or the issues in dispute are unclear or subject to differing interpretations.
D. Tenant Bankruptcy vs. Lease Workout
In connection with considering defaulting the tenant and pursuing the landlord’s remedies under the lease, where such action may force the tenant into bankruptcy, the landlord must compare its potential recovery in the bankruptcy process against what the landlord may be able to achieve through a lease modification.
First, the landlord needs to consider what is the likelihood that the tenant will actually file bankruptcy. In doing so, the issues that the landlord should think about include whether:
the lease represents a significant portion of the tenant’s total expenses;
the tenant has other leases or other contractual or debt obligations that it is having trouble satisfying;
any principal or affiliate of the tenant has guaranteed the tenant’s lease obligations; and
the landlord holds any collateral to secure its claim for lease damages and in what form such security exists (g., cash security deposit or letter of credit).
If the lease represents a small portion of the tenant’s expenses, if the tenant is not experiencing difficulty in complying with its obligations under other leases and debt instruments, or if a solvent principal or affiliate has guaranteed the tenant’s lease obligations, the tenant may be less inclined to actually file bankruptcy if a lease workout is not agreed to. This may give the landlord more leverage during any lease workout discussions with the tenant.
On the other hand, if the tenant is behind in its obligations under several other leases and under its other contractual and debt obligations, and is in severe financial distress, the tenant is likely to file bankruptcy regardless of whether the landlord reaches a deal with the tenant with respect to its particular lease. In that circumstance, the landlord needs to more closely consider what it will realize from the lease if the tenant files in bankruptcy.
Second, the landlord needs to consider whether the rent under its lease is above-market (i.e., the rent under the lease exceeds the current market rate) or below market (i.e., the rent under the lease is less than the current market rate). If the rent is above-market, the tenant may be more bold in requesting rent reductions, and less likely to agree to continue paying rent at the rate provided under the lease. In this situation, the landlord should be reminded that its claim for damages resulting from the tenant’s lease rejection will be subject to a cap under the Bankruptcy Code. Therefore, the landlord may be better off agreeing to a modification of the lease to avoid the tenant’s bankruptcy. Conversely, if the rent is below market, the tenant could potentially monetize the lease, so it may be less willing to suffer a lease termination. Instead, a tenant holding a below market lease may more seriously consider filing bankruptcy to interrupt any eviction action and to assign the lease to a third party. In this situation, the landlord may want to attempt to negotiate a termination of the lease, in lieu of incurring the risk of the tenant assigning the lease to a third party in bankruptcy where the tenant (rather than the landlord) will enjoy the profit on the assignment and the landlord could be stuck with a new tenant it never bargained for. As noted previously, a number of courts have held that profit-sharing provisions in leases are unenforceable in bankruptcy, because they effectively act as restrictions on assignment.
Third, closely tied to the market rental rate discussed above, the landlord needs to consider whether there are potential alternative tenants for the leased premises, and how likely it would be that the premises would remain vacant if the landlord evicts the tenant or if the tenant rejects the lease in bankruptcy. If the tenant presents a serious ongoing credit risk, and the landlord expects to be able to re-let the premises to an acceptable tenant relatively swiftly, the landlord will certainly lean toward rejecting the tenant’s workout demands and terminating the lease. In that situation, the landlord may be less concerned about the tenant’s bankruptcy, as a seriously struggling tenant might not be able to satisfy its obligations if it tried to assume the lease in bankruptcy; but the landlord would want to move ahead with terminating the lease aggressively in order to not have the availability of the leased premises for re-leasing delayed by the bankruptcy process. Conversely, if the landlord expects there to be relatively few acceptable replacement tenants, the landlord may be more interested in reaching a deal with the tenant (thereby reducing the risk of a bankruptcy filing).
Fourth, if the tenant is behind in its payment obligations under the lease, the landlord may face preference liability under Section 547 of the Bankruptcy Code if the tenant pays the overdue arrearages and subsequently files bankruptcy. Section 547(b) of the Bankruptcy Code provides that a debtor-in-possession or a bankruptcy trustee may avoid a pre-bankruptcy transfer of the debtor’s property (e.g., a payment to a landlord) that is:
made to a creditor;
on account of an antecedent debt;
while the debtor was insolvent;
within ninety days before the bankruptcy filing (or one year before the bankruptcy filing if the transfer was made to an insider); and
that made the landlord better off than it would have been if the transfer had not been made and the debtor had liquidated in Chapter 7.
A landlord may try to assert one or more of the statutory defenses to preference actions, which are enumerated in Section 547(c) of the Bankruptcy Code. A common defense is that the debtor made the transfers at issue to the landlord “in the ordinary course of business or financial affairs of the debtor and the landlord” or “according to ordinary business terms.” Another common defense for landlords is that they “gave new value to or for the benefit of the debtor” after it received the transfers at issue.
Fortunately for landlords, the 2021 CAA provides a temporary new statutory respite from certain types of preference liability. Specifically, the 2021 CAA added a new Section 547(j) to the Bankruptcy Code, which creates a temporary new exemption from preference liability for creditors, which is designed to encourage rent deferral and vendor workout agreements. It prohibits any debtor in possession or trustee in any bankruptcy case from avoiding payments made by a debtor during the preference period for “covered rental arrearages.” To qualify for the exemption, the debtor and the landlord must have amended the lease after March 13, 2020, and the amendment must have deferred or postponed payments that were otherwise due under the lease. The preference exemption does not apply to the payment of fees, penalties, or interest in excess of the fees, penalties, or interest the debtor would otherwise have owed without the deferral. This new provision expires on December 27, 2022, which is two years after the 2021 CAA was enacted. However, it will continue to apply in any bankruptcy case that is commenced before the December 27, 2022 sunset date.
Fifth, the landlord should consider what its likely outcome would be if the tenant ultimately were to file bankruptcy. For example, if the tenant files bankruptcy while it remains in the premises, the landlord can take advantage of the landlord protections under the Bankruptcy Code, such as the debtor’s obligation to pay the reasonable value of its leasehold interest during bankruptcy, unless and until the tenant rejects the lease in bankruptcy. In addition, the landlord might be able to pursue its rights with respect to any credit support that the tenant provided, such as a cash security deposit, a letter of credit or third-party guarantee. However, the landlord should be cognizant of any possible limitations, such as how the automatic stay may delay its ability to exercise its setoff right with respect to a cash security deposit or its ability to draw on a letter of credit if the landlord is obligated to first provide notice to the tenant (which may violate the automatic stay). The landlord should also take into account the legal fees it may incur in fighting the tenant in bankruptcy, as well as the limitation on the damages that a landlord may assert if the tenant rejects the lease.
In light of the COVID-19 pandemic, among the risks that the landlord must consider if its tenant files bankruptcy is the possibility that the bankruptcy court may suspend the tenant’s bankruptcy case, as recently occurred in the Modell’s Sporting Goods, Inc. and the Pier 1 Imports, Inc. cases. In those cases, the landlords endured substantial delays in receiving their post-petition lease payments during the period of the case suspensions.
Sixth, if the premises are located in a shopping center or in another type of multi-tenant development, the landlord should consider whether the bankruptcy of the tenant will impact other tenants’ rights under the landlord’s leases with those other tenants (such as co-tenancy conditions).
Finally, the landlord should also think through the tenant-side considerations that are discussed in Section II below. For example, does the landlord believe that the benefits the tenant might obtain through bankruptcy are worth the disruption to the tenant’s business, and the costs and administrative burdens that a bankruptcy filing would impose on the tenant?
E. Opportunities For the Landlord To Modify the Lease
In the current economic environment, many landlords are unable to find substitute tenants that make more economic sense then maintaining the current tenant in place, even with the landlord granting the existing tenant rent relief. If the landlord determines that its best business decision is to grant the tenant rent relief, rather than pursuing its default claim and leading the tenant into bankruptcy, the landlord should consider certain modifications that can add value to the lease in exchange for such relief. The following is a non-exhaustive list of concepts the landlord may consider negotiating into the lease in exchange for granting the tenant rent relief:
additional credit support, such as a letter of credit or a third-party guaranty;
increased rent in future periods, particularly if the rent under the lease is currently below market;
extension of the term of the lease, particularly if the tenant has complied with its lease obligations until now and the landlord would otherwise like to keep the tenant in place;
reduction in the term of the lease or landlord early termination right, if the landlord would prefer the tenant to vacate soon;
elimination of any rights of first refusal or rights of first offer, or options to extend, on the part of the tenant;
the restructuring of any economic terms, such as lease assignment profit-sharing provisions, that may be unenforceable in the tenant’s bankruptcy case;
for example, the landlord may negotiate to receive more rent in the future, in exchange for removing the profit-sharing provision;
modification of the existing default notice and cure provisions to the extent they can be made to be more favorable to the landlord;
for example, a default can be self-executing, without the requirement of notice by the landlord; and
in light of the current COVID-19 pandemic, a requirement for the tenant to apply for governmental assistance programs and to pay any proceeds from those programs toward deferred or forgiven rent.
If the landlord has mortgaged the property, it must confirm its rights to modify the applicable lease without lender’s consent. Among other prohibited modifications, the loan documents may limit the latitude that the landlord has to grant rent relief. In addition, many loans contain covenants that require minimum debt-service coverage ratios, levels of rent and/or occupancy levels. Similarly, if the landlord is an investment trust it might have fiduciary duties to its shareholders that limit its options in aiding an insolvent tenant. In either event, the consent of the applicable third party (e.g., the mortgage lender or the shareholders) may be required as a condition to the landlord entering into the applicable lease modification.
2. Tenant’s Considerations
On the other side of the table, when a tenant faces financial distress and contemplates seeking rent relief or other lease modifications from its landlord, it make sense to consider the strategy of threatening bankruptcy. If the lease is at an above-market rent, then the tenant’s threat to file bankruptcy could leave the landlord at risk of obtaining limited damages if the lease is subsequently rejected in a tenant’s bankruptcy case. If the tenant’s lease is at a below-market rent, then the tenant’s bankruptcy could leave the landlord unable to capitalize on terminating the lease and capturing the higher market rent under a lease with another tenant, because the tenant may elect to assume and assign the lease in bankruptcy without the landlord’s consent (notwithstanding a lease provision requiring landlord’s consent to the contrary). Additionally, the tenant likely can assume and assign leases without giving effect to any lease clause that requires the tenant to share with the landlord a portion of any net profits that the tenant receives in connection with the assignment. Moreover, as noted earlier, the tenant’s bankruptcy filing will result in the imposition of the automatic stay, which can delay the landlord’s ability to set off a cash security deposit against the tenant’s unpaid lease obligations; and as explained above, the landlord faces the risk of delays in receiving post-petition lease payments, in the event the bankruptcy court allows the case to be suspended in light of the COVID-19 pandemic.
The tenant can typically assume, assume and assign, or reject a lease in bankruptcy without the landlord’s consent. After the lease is rejected, the landlord will be left with:
an administrative expense claim for any unpaid post-petition rent relating to the period between the bankruptcy filing date and the rejection date; and
a general unsecured claim for damages arising out of the rejection (g., lost post-petition rent, the costs of re-letting the premises and attorneys’ fees, all to the extent such amounts are specifically provided under the lease).
That general unsecured claim for rejection damages will be limited to the greater of one year’s rent, or 15% of the remaining rent due under the lease, up to a maximum of three years of rent. Particularly where the lease is at an above-market rent, the landlord will be faced with the risk of receiving little or no recovery on account of its rejection damages claim (in addition to the time and cost of pursuing its remedies in the bankruptcy). Accordingly, the threat of bankruptcy can give the tenant meaningful leverage during lease renegotiation discussions.
In some circumstances, it will make sense for the tenant to file bankruptcy if it cannot reach a workout agreement with the landlord, particularly if the tenant has substantial other debts that it is unable to pay, if it wishes to sell its assets to a third party that wants to purchase the assets “free and clear” of liens and claims, or where the lease is at a below-market rental rate. If the tenant files bankruptcy, in addition to the right to reject the lease described above, the tenant will typically have the right to assume, or assume and assign, its lease. To the extent that the tenant wishes to sell its assets to a third party, the tenant will be able to assign its lease to that party.
The threshold question for the tenant to answer is whether it can make a credible threat to the landlord that it will actually file bankruptcy. This will depend on the tenant’s particular facts and circumstances. Even financially solvent tenants can file bankruptcy, because insolvency is not a requirement for a bankruptcy filing. As a general matter, the tenant will be allowed to remain in bankruptcy if:
it is suffering some sort of financial distress that can be ameliorated through the bankruptcy process (even if it is solvent);
it is not filing bankruptcy simply to obtain a tactical litigation advantage; and
the bankruptcy filing serves a legitimate bankruptcy purpose.
Legitimate bankruptcy purposes include the reorganization of the tenant’s balance sheet, to halt and centralize pending or threatened litigation against the tenant, to make operational changes (including exiting geographic markets and rejecting leases), or to sell the tenant’s assets as a going concern to a third party.
If the tenant files bankruptcy primarily to reject a lease and therefore to subject its landlord to the Bankruptcy Code’s statutory cap on rejection damages, there will usually be an open question about whether the bankruptcy case could be dismissed as a “bad faith” filing. The particular facts and circumstances of the tenant’s case will drive the bankruptcy court’s analysis. If the tenant is suffering financial distress that can be ameliorated by the bankruptcy case and has filed bankruptcy to preserve value for creditors, the court will be more likely to allow the case to proceed and allow the tenant to assume, assume and assign, or reject the lease. The reverse is true if the bankruptcy court finds that the tenant was not in financial distress and only filed bankruptcy to obtain a tactical litigation advantage. Ultimately, the tenant will be able to more credibly threaten a bankruptcy filing to its landlord if the tenant is truly in financial distress and if a bankruptcy filing would serve a legitimate purpose other than simply permitting the rejection of the lease.
If the tenant’s bankruptcy filing is able to proceed, and is not dismissed as a “bad faith” filing, the tenant would most likely be able to assume, assume and assign, or reject its lease, so long as the requirements to do so under the Bankruptcy Code are satisfied (e.g., the obligation to cure defaults and to provide adequate assurance of future performance, if the tenant seeks to assume or to assume and assign its lease). Bankruptcy courts normally will defer to the business judgment that the tenant makes in determining whether it is most beneficial to the tenant to assume, assign or reject its lease.
Tenants should be aware of the material drawbacks and risks to a bankruptcy filing, however. First, a bankruptcy filing can be extremely disruptive to the business, particularly if appropriate pre-bankruptcy planning is not performed. For example, customers and vendors may refuse to do business with bankrupt tenants (particularly if no contract requires such third party to continue doing business with the tenant), as those customers and vendors may be concerned that the tenant’s business will liquidate, and thus not be able to comply with its obligations to those customers and vendors. Second, Chapter 11 bankruptcy is a time-consuming and expensive process, and the tenant typically will need to pay the fees and expenses of not only its own professionals, but also those of any official committees that are appointed in the case. Third, operating in bankruptcy requires the tenant to comply with numerous administrative responsibilities, such as preparing bankruptcy schedules and statements of financial affairs, and appearing at required meetings and court hearings. The tenant will need to determine whether these drawbacks and risks to filing bankruptcy are worth the benefit of assigning or rejecting a lease in a bankruptcy case.
[1] The Bankruptcy Code is Title 11 of the United States Code.
[2] As a general matter, 11 U.S.C. § 362(a) provides that a voluntary or involuntary bankruptcy petition automatically operates as a stay of the commencement or continuation of a judicial, administrative, or other action or proceeding against the debtor that was or could have been commenced before the commencement of the bankruptcy case, or to recover a claim against the debtor that arose before the commencement of the case under this title; the enforcement, against the debtor or against property of the estate, of a judgment obtained before the commencement of the bankruptcy case; and any act to obtain possession of property of the estate or of property from the debtor’s bankruptcy estate or to exercise control over property of the debtor’s bankruptcy estate.
[3]See, e.g., In re 48th Street Steakhouse, Inc., 835 F.2d 427 (2d Cir. 1987). On the other hand, mere informational statements that make no threats or require any action on part of the debtor might not violate the automatic stay. See, e.g., In re Schatz, 452 B.R. 544, 549 (Bankr. M.D. Pa. 2011).
[4] There is a split of authority on the question of whether a bankruptcy trustee is an “individual” injured by a violation of the automatic stay for purposes of Section 362(k) of the Bankruptcy Code. See, e.g., In re Glenn, 379 B.R. 760, 762 (Bankr. N.D. Ill. 2007) (holding that a bankruptcy trustee is not an “individual” for purposes of Section 362(k); In re Howard, 428 B.R. 335, 336-37 (Bankr. W.D. Pa. 2010) (holding the opposite).
[5] In a typical letter of credit arrangement, the obligor enters into an underlying contract with the beneficiary, and the obligor also enters into a separate agreement with the letter of credit issuer (typically a bank) for the latter to issue a letter of credit. The beneficiary is permitted, under specified conditions, to present certain documents to draw down a certain amount under the letter of credit. Then, the obligor is obligated to pay to the letter of credit issuer a sum in the amount the beneficiary has drawn. each of the contractual relationships is independent of the others.
One of the most basic precepts of letter of credit law and practice is the principle of independence. The concept is that each of these relationships is independent of the others, and the rights and obligations of the parties to one are not affected by the breach or non-performance of any of the other. The obligor’s obligation to reimburse the letter of credit issuer for its proper honor of demands for payment under the letter of credit is unaffected by disputes over performance of its contract with the beneficiary, and the account party must reimburse the issuer who paid on a proper demand even if the beneficiary breached the underlying contract. See, e.g., In re Lancaster Steel Co., 284 B.R. 152, 158 (S.D. Fla. 2002).
[7] Section 365(d)(3) of the Bankruptcy Code provides that: “The trustee shall timely perform all the obligations of the debtor, except those specified in section 365(b)(2), arising from and after the order for relief under any unexpired lease of nonresidential real property, until such lease is assumed or rejected, notwithstanding section 503(b)(1) of this title.”
[9]See 11 U.S.C. § 365(d)(3), which provides, in relevant part:
“The trustee shall timely perform all the obligations of the debtor, except those specified in section 365(b)(2), arising from and after the order for relief under any unexpired lease of nonresidential real property, until such lease is assumed or rejected, notwithstanding section 503(b)(1) of this title. The court may extend, for cause, the time for performance of any such obligation that arises within 60 days after the date of the order for relief, but the time for performance shall not be extended beyond such 60-day period.”
[10]In re Chinos Holdings, Inc., Case No. 20-32181 (Bankr. E.D. Va., May 26, 2020) [Docket No. 323].
[11] 11 U.S.C. § 105(a) codifies the bankruptcy court’s equitable powers, and states:
“The court may issue any order, process, or judgment that is necessary or appropriate to carry out the provisions of this title. No provision of this title providing for the raising of an issue by a party in interest shall be construed to preclude the court from, sua sponte, taking any action or making any determination necessary or appropriate to enforce or implement court orders or rules, or to prevent an abuse of process.”
[12]In re Modell’s Sporting Goods, Inc., Case No. 20-14179 (Bankr. D. N.J. March 27, 2020 and June 5, 2020) [Docket Nos. 166 and 371].
[13]In re Pier 1 Imports, Inc., Case No 20-30805 (Bankr. E.D. Va. April 6, 2020) [Docket No. 493].
[14] Section 365(e)(2) of the Bankruptcy Code provides an exception to this rule, in cases where applicable law excuses the counterparty from accepting performance from or rendering performance to the trustee or to an assignee of such contract or lease. However, commercial landlords generally will be unable to take advantage of that exception.
(1) Except as provided in subsections (b) and (c) of this section, notwithstanding a provision in an executory contract or unexpired lease of the debtor, or in applicable law, that prohibits, restricts, or conditions the assignment of such contract or lease, the trustee may assign such contract or lease under paragraph (2) of this subsection.
(2) The trustee may assign an executory contract or unexpired lease of the debtor only if—
the trustee assumes such contract or lease in accordance with the provisions of this section; and
adequate assurance of future performance by the assignee of such contract or lease is provided, whether or not there has been a default in such contract or lease.
(3) Notwithstanding a provision in an executory contract or unexpired lease of the debtor, or in applicable law that terminates or modifies, or permits a party other than the debtor to terminate or modify, such contract or lease or a right or obligation under such contract or lease on account of an assignment of such contract or lease, such contract, lease, right, or obligation may not be terminated or modified under such provision because of the assumption or assignment of such contract or lease by the trustee.
[17]See, e.g., In re Fleming Companies, Inc., 499 F.3d 300, 308 (3d Cir. 2007) (stating that “the debtor may not blow hot and cold. If he accepts the contract he accepts it cum onere. If he receives the benefits he must adopt the burdens. He cannot accept one and reject the other.” The cum onere rule “prevents the [bankruptcy] estate from avoiding obligations that are an integral part of an assumed agreement.”) [internal citation omitted].
[19]See, e.g., In re Jamesway Corp., 201 B.R. 73, 78 (Bankr. S.D.N.Y. 1996), citingRobb v. Schindler, 142 B.R. 589 (D. Mass. 1992) and South Coast Plaza v. Standor Jewelers West, Inc. (In re Standor Jewelers West, Inc.), 129 B.R. 200 (9th Cir. B.A.P. 1991).
[20] Section 365(f)(1) of the Bankruptcy Code invalidates provisions that prohibit, restrict or condition assignment. Section 365(f)(3) invalidates provisions that terminate or modify the terms of a lease because it has been assumed or assigned. Courts have read these two sections of the Bankruptcy Code to invalidate profit-sharing arrangements pertaining to lease assignments. See, e.g., In re Jamesway Corp., 201 B.R. at 78.
(A) If the trustee rejects an unexpired lease of real property under which the debtor is the lessor and—
(i) if the rejection by the trustee amounts to such a breach as would entitle the lessee to treat such lease as terminated by virtue of its terms, applicable nonbankruptcy law, or any agreement made by the lessee, then the lessee under such lease may treat such lease as terminated by the rejection; or
(ii) if the term of such lease has commenced, the lessee may retain its rights under such lease (including rights such as those relating to the amount and timing of payment of rent and other amounts payable by the lessee and any right of use, possession, quiet enjoyment, subletting, assignment, or hypothecation) that are in or appurtenant to the real property for the balance of the term of such lease and for any renewal or extension of such rights to the extent that such rights are enforceable under applicable nonbankruptcy law.
(B) If the lessee retains its rights under subparagraph (A)(ii), the lessee may offset against the rent reserved under such lease for the balance of the term after the date of the rejection of such lease and for the term of any renewal or extension of such lease, the value of any damage caused by the nonperformance after the date of such rejection, of any obligation of the debtor under such lease, but the lessee shall not have any other right against the estate or the debtor on account of any damage occurring after such date caused by such nonperformance.
[23]See, e.g., In re The Great Atlantic & Pacific Tea Company, Inc., 544 B.R. 43, 52 (Bankr. S.D.N.Y. 2016); In re Child World, Inc., 142 B.R. 87 (Bankr. S.D.N.Y. 1992).
[28]In re Buffets Holdings, Inc., 387 B.R. 115, 119 (Bankr. D. Del. 2008); see also In re ANC Rental Corp., Inc., 277 B.R. 226, 238–39 (Bankr. D. Del. 2002).
[29]In re Buffets Holdings, Inc., 387 B.R. at 127. The court in Buffets noted that the determination of whether a specific contract or lease is an indivisible agreement or is several agreements in one is a question of state law. Id. at 120.
[30] 11 U.S.C. § 362(a)(7) provides that the automatic stay applies to “the setoff of any debt owing to the debtor that arose before the commencement of the case under this title against any claim against the debtor.”
[31] In A.H. Robins Co. v. Piccinin, 788 F.2d 994, 999 (4th Cir. 1986), the Fourth Circuit stated that the automatic stay may be extended to non-debtors when “unusual circumstances” exist. Such unusual circumstances may exist when “there is such identity between the debtor and the third-party defendant that the debtor may be said to be the real party defendant and that a judgment against the third-party defendant will effect be a judgment or finding against the debtor.” An illustration of such a situation would be a suit against a third party who is entitled to absolute indemnity by the debtor on account of any judgment that might result against them in the case. Other courts have followed the test articulated in Queenie Ltd. v. Nygard Int’l, 321 F.3d 282, 287-88 (2d Cir. 2003) where the Second Circuit held that the automatic stay can be extended to non-debtors if the claim will have “an immediate adverse economic consequence for the debtor’s estate.” Examples are a claim to establish an obligation of which the debtor is a guarantor, and actions where there is such identity between the debtor and the third-party defendant that the debtor may be said to be the real party defendant.
[32]See 11 U.S.C. § 363(e). Section 361 of the Bankruptcy Code provides examples of the types of items a debtor can provide as “adequate protection.”
[34]In Reorganized Gilbert/Robinson, Inc. v. Wagner (In re I&M Acquisition Corp.), No. 95 Civ. 2114, 1995 U.S. Dist. LEXIS 15089 at *10 (S.D.N.Y. Oct. 13, 1995), the district court held that the anti-pledge provision in the lease was unenforceable and allowed the debtors to pledge their leasehold interests as collateral.
[35] 11 U.S.C. § 363(e) provides, in relevant part:
“Notwithstanding any other provision of this section, at any time, on request of an entity that has an interest in property used, sold, or leased, or proposed to be used, sold, or leased, by the trustee, the court, with or without a hearing, shall prohibit or condition such use, sale, or lease as is necessary to provide adequate protection of such interest.”
For decades, even centuries, whether in law, accounting, or economics, we have been led to believe that shareowners own corporations, that shareowners are beneficial owners of the corporation, that shareowners are residual claimants, that directors are the agents of shareowners, and that directors are trustees of shareowners. But where is the evidence or legal argument that supports those beliefs? There is none. The evidence and legal arguments in fact prove the opposite. Shareowners do not own corporations. Shareowners are not beneficial owners. Shareowners are not residual claimants. Directors are not agents of shareowners. And directors are not trustees of shareowners.
Shareowners are considered owners of the corporation. But the most important aspects of private property are the rights of exclusion and exclusive use. Thus, if I own land, or an automobile, and you enter upon the land that I own without my permission, or drive away in my automobile, you can be arrested for trespass or theft and fined or imprisoned. Absent an agreement to the contrary, a partner can enter onto the land owned by the partnership without permission because partners are joint tenants and may use partnership property for partnership business.
A deed is evidence that someone owns land. A title to an automobile is evidence that someone owns the automobile. But a share of stock is not evidence that someone owns the corporation. If a shareowner of a corporation enters onto the land owned by the corporation without the corporation’s permission or attempts to use the property owned by the corporation, she can be arrested because she does not own the corporation and has no right of exclusion or exclusive use of the corporation or its property. A shareowner merely owns (x/n) percent of the shares outstanding, not (x/n) percent of the corporation. To hold otherwise is a violation of property law. There is no legal argument that can be made that shareowners own corporations that does not violate property law.
Shareowners are considered to be residual claimants, that is, claimants after claims of creditors. A corporation’s balance sheet shows that assets equals liabilities plus equity, or that assets minus liabilities equals equity. Thus, equity is simply the net assets. Equity is what remains after the claims of creditors are satisfied.
It is indisputable that the corporation owns all of its assets. It is also indisputable that the corporation owes the liabilities and is alone responsible for paying the liabilities. Therefore, it is indisputable that the corporation owns the net assets just as it owns the total assets. But net assets are simply the equity.
In law, economics, and particularly accounting, equity is referred to as shareholders’ equity. But how is it possible for the net assets owned by the corporation to be transformed into equity owned by the shareowners? Even Voldemort could not accomplish such a transformation. The correct accounting equation is assets equals liabilities plus corporate equity, not shareowners’ equity. It is the corporation that owns the equity, not the shareowners. Shareowners have no residual claim against the equity, that is, the net assets, of the corporation.
The purchase of stock from the corporation in an initial public offering (IPO) is a contract, just as the purchase of a bond from the corporation is a contract. Purchasers of bonds (and other creditors) have claims against the corporation for interest and principal, enforceable in a court of law. If the corporation does not pay the interest or principal, creditors can sue and obtain a judgment against the corporation.
Unlike purchasers of bonds (or other creditors), purchasers of stock have no claims against the corporation. Not since Dodge v. Ford can shareowners assert a claim against the corporation, and that was an anomaly. Shareowners are not claimants, residual or otherwise, against the corporation because they have no claim against the corporation, its total assets, its net assets, or its income. To hold otherwise is a violation of contract law. There is no legal argument that can be made that shareowners are claimants, residual or otherwise.
Directors are considered agents of shareowners. But in order for directors to be agents, there must be a principal–agent relationship, which means there must be principals. If there is a principal–agent relationship between shareowners and directors, and directors are the agents, then shareowners necessarily are the principals.
Several legal obstacles prevent directors from being agents. First, principals appoint or hire agents; agents do not appoint principals. When a corporation is formed, directors are either named in the articles of incorporation or elected by the incorporators prior to shares being issued and prior to there being shareowners. Thus, directors exist prior to shareowners existing. Directors issue shares, which would mean directors as agents appoint shareowners as principals. That is not permitted under agency law.
Second, fundamental agency law requires that principals be liable for the acts of their agents, whether in tort or contract. If directors are agents of shareowners, then shareowners as principals are liable for the acts of the directors. However, it is fundamental corporate law that shareowners are not liable for the acts of directors, according to what is mistakenly called the “limited liability” of shareowners. (Shareowners do not have limited liability. They have no liability. The most they can lose is the market value of their shares, none of which is used to pay corporate liabilities.) If shareowners are not liable for the acts of the directors, then shareowners are not principals. Therefore, directors are not agents. Furthermore, since directors are not agents of shareowners, directors cannot owe a fiduciary duty to shareowners. To hold that directors are agents of shareowners is a violation of agency law. There is no legal argument that can be made that directors are agents of shareowners.
Directors are considered trustees of shareowners, and shareowners are the beneficial owners. But fundamental trust law prohibits this. In order for directors to be trustees, a trust must be created. In order to create a trust, the trustor must transfer property to the trustee, who then takes legal title to the property and administers the property for the benefit of the beneficiary who is the beneficial owner. But that is not what occurs between shareowners, corporations, and directors.
Shareowners transfer property (cash) to the corporation in an IPO. It is the corporation, not the directors, that takes legal title to the property. There is no trust relationship between directors and shareowners because directors do not, and cannot, take legal title to the property. Therefore, directors cannot be trustees of shareowners. If there is no trust or trust relationship between shareowners and directors, shareowners cannot be beneficiaries and therefore cannot be beneficial owners. Furthermore, since directors are not trustees of shareowners, directors cannot owe a fiduciary duty to shareowners. To hold that directors are trustees and shareowners are beneficial owners is a violation of trust law. There is no legal argument that can be made that directors are trustees of shareowners or that shareowners are beneficial owners.
It’s the end of corporate law as we know it, and I feel fine.
New anti-money laundering legislation was included as part of the National Defense Authorization Act (NDAA) enacted by Congress on January 1, 2021, through the override of a presidential veto. The NDAA is a series of federal laws primarily specifying the annual budget and expenditures of the United States Department of Defense.
The NDAA for Fiscal Year 2021 includes the expansive Anti-Money Laundering Act of 2020 (AMLA), with the purpose of updating and amending the country’s anti-money laundering laws. It has long been acknowledged that the United States lags behind other developed countries in its safeguards designed to prevent the flow of illicit money—so much so that the Tax Justice Network, an independent institution that indexes countries’ financial secrecy, currently ranks the United States as the second most financially secretive jurisdiction, ranking behind only the Cayman Islands and just ahead of Switzerland.[1]
The AMLA bolsters existing anti-money laundering legislation through several amendments to the Bank Secrecy Act (BSA), which has been the primary statutory vehicle for financial institutions to assist the federal government in detecting and preventing money laundering since its passage in 1970. The amendments include the enhancement of whistleblower protections and incentives, as well as new oversight on rising channels for money laundering, such as antiquities and virtual currency.[2] Furthermore, the AMLA expands sharing of information with foreign authorities and financial institutions.[3]
The AMLA also provides one of the more notable additions to this anti-money laundering legal regime, the Corporate Transparency Act (CTA). Through the CTA, Congress directs the United States Treasury Department’s Financial Crimes Enforcement Network (FinCEN) to establish and maintain a national registry of beneficial owners of entities that are deemed “reporting companies.”[4] In so acting, Congress stated that bad actors seek to conceal their ownership of business entities through the use of shell companies in order to facilitate illicit activities, including money laundering, the financing of terrorism, human and drug trafficking, and securities fraud.[5] Congress observed that the lack of state laws requiring companies to identify their beneficial owners has arguably enabled such persons to exploit these entities to further criminal activities.[6]
Reporting Companies
The CTA broadly defines a reporting company as any corporation, limited liability company, or other similar entity created by filing a document with the secretary of state or similar office in any state or territory or with a federally recognized Indian Tribe, or formed under the laws of a foreign country and registered to do business in the United States.[7] Pending implementing regulations, it is unclear whether limited partnerships are included. As the CTA’s focus is on shell companies and other entities with limited or no operations, the CTA provides numerous exceptions for entities from undergoing reporting, including those in a regulated industry (where existing regulatory regimens would already include beneficial ownership reporting), publicly traded companies, investment vehicles operated by investment advisors, nonprofits, and government entities.[8] Significantly, there is also an exception from required reporting for an entity that (1) employs more than twenty employees; (2) filed in the previous year a tax return demonstrating more than $5 million in gross receipts or sales; and (3) has an operating presence at a physical office within the United States.[9] Moreover, entities that are subsidiaries of such excluded companies are also exempted from these reporting requirements.[10]
Beneficial Owners and the Information to Report
The CTA defines a beneficial owner of an entity as any individual who, directly or indirectly, (1) exercises substantial control over the entity or (2) owns or controls not less than 25 percent equity in the entity.[11] The phrase “substantial control” is not defined in the CTA, so further regulations should clarify its meaning.[12] The legislation expressly excludes certain individuals from the definition of beneficial ownership, including (1) a minor child (as long as the child’s parent’s or guardian’s information is reported); (2) an individual acting as an intermediary or agent on behalf of another; (3) a person whose control over a reporting company derives solely from their employment; (4) an individual whose only interest in a reporting company is through a right of inheritance; or (5) a creditor of a reporting company (unless they qualify as a “beneficial owner” through substantial control or equity ownership).[13]
In each report to FinCEN, a reporting company must provide each beneficial owner’s name, date of birth, residential or business address, and a unique identifying number from an acceptable identification document (such as a state driver’s license or passport).[14]
The date on which a reporting company’s report to FinCEN is due depends on whether it is an existing entity or a newly formed one. After the effective date of FinCEN’s forthcoming regulations—which are due within a year after enactment of the CTA—new reporting companies will be required to report their beneficial owners’ information at formation.[15] Existing entities will need to provide such information within two years from the promulgation of the new regulations. A reporting company will also need to update its information within a year of any change to its beneficial ownership.[16]
Storage and Use of Reported Information
FinCEN will be responsible for storing the information collected pursuant to the CTA in a secure private database.[17] This database will not be publicly available. The beneficial ownership information will be available from a request only by (1) a federal law enforcement agency; (2) a state, local, or tribal law enforcement agency (if authorized by a court order); (3) a federal agency on behalf of a foreign country (if the request is pursuant to an international agreement); or (4) a financial institution for customer due diligence purposes and if authorized by the reporting company.[18]
The laws regarding customer due diligence requirements for financial institutions will also be updated to conform to the CTA, as the CTA will provide a new means for a financial institution to verify a customer’s “Know Your Customer” information.[19]
Penalties for Violating CTA
Companies subject to the CTA and their counsel should be cognizant of the steep penalties for violating the reporting requirements of the Act. Willfully providing false information to FinCEN or failing to report complete information to FinCEN can result in fines up to $10,000 and imprisonment for up to two years.[20] The CTA contains a safe harbor from such civil and criminal liability for the submission of inaccurate information if the person who submitted the report voluntarily and promptly corrects the report within 90 days.[21]
Concerns for Business Lawyers
The CTA raises a number of issues for business lawyers who cause the formation of business entities for clients. A primary concern is the need to balance requirements under the CTA with professional ethical responsibilities to their clients. The CTA defines the term applicant as any individual who files an application to form an entity or registers a foreign entity to do business in the United States.[22] Lawyers frequently undertake such acts, but it is unclear as to whether the reporting obligation will be imposed on the “applicant” or the entity itself.
The American Bar Association (ABA) has a long-stated opposition to a mandate that lawyers provide business entity beneficial ownership information because of these ethical obligations.[23] See the ABA Fact Sheet here. As the ABA argued when an earlier version of the CTA was introduced in Congress, the CTA and other similar anti-money laundering legislation create intrusive gatekeeper requirements on attorneys that risk undermining the attorney–client privilege, the confidential attorney–client relationship, and the right to effective counsel.[24] Unfortunately, the CTA, as enacted, leaves these concerns outstanding, and lawyers who file entity registration documents could be subject to severe penalties under the act if they are found to have willfully provided false information to FinCEN.
Furthermore, the CTA seems to expose business lawyers to privacy concerns of their own. Identifying personal information must be provided to FinCen for both the applicable reporting company and the applicant.[25] Thus, lawyers may be required to submit their date of birth and state driver’s license number or passport number in connection with each entity they form or register to do business in the United States.
In contrast, it seems clear that the obligation to report information for existing companies and to update reports falls on the reporting company itself.[26]
Hopefully, the forthcoming CTA implementing regulations will provide guidance on the applicability of the FinCen reporting regimen on lawyers and clear up the uncertainty as to how business lawyers may ethically represent their clients while ensuring compliance with the law.
Conclusion
The CTA is a clear step toward modernization of the United States’ anti-money laundering legal landscape. It will give law enforcement agencies greater access to the beneficial ownership information of entities than ever before. It will also shift the burden of financial institutions from needing to collect customer due diligence information to being able to obtain it from the federal government. These changes of course come at a cost. The anonymity that private company owners have long enjoyed will be rolled back, and the new compliance costs will be shouldered by companies that are often small businesses.
[23] Gatekeeper Regulation and the Legal Profession: ABA Opposes Anti-Money Laundering Legislation that Imposes Burdensome Regulations on Small Businesses and Their Attorneys and Undermines the Attorney-Client Privilege, ABA, https://www.americanbar.org/content/dam/aba/administrative/government_affairs_office/gatekeeper-factsheet-july-2020.pdf?logActivity=true (last visited Jan. 14, 2021).
For the future of the interconnectivity of business and cybersecurity, it is imperative that the Biden administration make international cooperation in the regulation of artificial intelligence a key component of the United States’ reentry into international cooperation and leadership. The Biden administration is expected to take a cooperative tone on international matters, and it is critical that the administration look at the areas where international model rules are needed for the protection of countries and individuals as well as the technology being created to service each.
If the United States does not begin to engage the international community and simultaneously take a serious look at domestic artificial intelligence regulation, it will fall behind in a very dangerous arms race that is quickly maturing out of its infancy. Without international coherence in the law, corporations will race to countries that provide the greatest flexibility—even if that flies in the face of business ethics. The United States is already behind in that its intellectual property laws do not recognize the creativity of machine-based systems, which forces developers in these areas two undesirable options: leave creative results unprotected or take credit for property they did not create.[1] From a business ethics perspective, this undermines many of the principles that have historically enabled the creativity of United States developers.
Strong process models are imperfect, but already developed to justify cooperation with the international community. The United States has seen desirable outcomes in negotiating treaties with other nuclear capable countries. While this model has been successful in keeping mankind from annihilating itself, it arguably fails to deal with countries who (currently) lack nuclear capabilities but nonetheless want a seat at the table. Despite sanctions against countries wanting to develop the technology, the prevalence of nuclear technology theft and unauthorized research and development seems to indicate that negotiating one-on-one with countries developing AI technology will not achieve the desired long-term effect.
Rather than negotiating with countries individually, the United States should lead the way in developing comprehensive worldwide regulations that will protect countries from one another as well as protecting humans, other creatures, and the environment from artificial intelligence. We have seen this type of cooperation in the past in Space Law, and have seen strong leadership from the United States in the development of ICANN.
The international community recognized almost immediately that there were both interconnectivity and state sovereignty issues in dealing with space. Thanks in part to World War I, the Paris Convention of 1919 established the sovereignty of airspace[2] merely 16 years after the Wright brothers were credited with the first flight and 6 years after the first passenger-carrying flight. After another world war and the corresponding advancements in technology, the international community was spurred into a substantive movement to regulate space. As today with AI, there were many academic articles and books written that began to shape a framework for future regulation. It therefore appears we are at a crucial time, similar to the beginning of the substantive development of Space Law, and should be ready to take the next steps without fighting world wars.
A more recent example of the international community cooperating to set parameters and harness a global technology that has changed the world is the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN provides an important link between the worldwide web, businesses, and the consumers they service by maintaining databases related to namespace and numerical space on the Internet to ensure stable and secure network operation. ICANN is unique in that it is not a treaty, but a state-registered nonprofit organization.[3],[4] While ICANN may not be the best model for international cooperation in regulating AI because of the nature of AI versus maintaining a registration database, it does show unprecedented international cooperation in moving business, technology, and society forward. ICANN demonstrated that countries can cooperate on an international scale without being forced by conflict, and it highlights that some issues have international results which the world should solve and that the United States can take the lead in these areas. The US Department of Defense funded the earliest iteration of ICANN and transferred control to the Department of Commerce as global use of the internet increased. Recognizing the potential of a global multistakeholder community, ICANN was incorporated in 1998.
More and more is being written on how states individually—and the world as a whole—should regulate AI, but no country has yet stepped forward to lead an international effort in regulation and ethics. The incoming Biden administration has the opportunity to take the lead here and work toward laws that will encourage the development of AI and commercial growth, but also protect humans, states, and the environment from countries that would develop AI in a dangerous way.
[1] Abbott, Ryan, The Reasonable Robot: Artificial Intelligence and the Law (Cambridge, 2020), 77.
One of the biggest legal stories of 2020 barely made any headlines because, understandably, reporting on the COVID-19 pandemic and the presidential election dominated the news cycle. Mainstream attention on data privacy focused largely on the implementation and subsequent referendum expanding the California Consumer Privacy Act (“CCPA”), while the Schrems II invalidation of the GDPR Privacy Shield framework also gained widespread attention.
As a result, Facebook’s historic $650 million biometric privacy settlement under the Illinois Biometric Information Privacy Act (“BIPA”) attracted much less media fanfare. The settlement comes just a year after Facebook was hit with a record $5 billion fine by the Federal Trade Commission for deceiving users about users’ ability to control the privacy of their personal information.
Given the pace of current events, the lack of attention on this issue is not surprising, but it is unfortunate. Access to biometric data, including facial recognition technology, is one of the most important privacy issues attorneys will need to think about in the coming decades.
Facial Recognition Technology is No Longer Science Fiction
Facial recognition technology uses data to create a biometric map of the human face. Once the data is collected, algorithms analyze incoming images for unique facial features and dimensions to find a match, thereby attributing the new image to an individual.
Some estimates predict the facial recognition market will be worth nearly $9.6 billion by 2022. Facial recognition has already been tested at large public sporting events in the United States where attendees are admitted to the facility by facial authentication, rather than paper ticket or other methods.
Facial recognition requires a database of information to reference in order to make matches. For example, social media companies and smart phone applications easily obtain this information when users voluntarily upload their photos. Such companies and applications typically obtain the users’ consent to use the uploaded photos in a terms of service agreement. But studies consistently show the majority of users rarely read digital terms of service agreements.
Facebook Settles Facial Recognition Class Action for $650 Million
In late January 2020, Facebook announced it would pay $550 million to settle a BIPA class action suit over its use of facial recognition technology. In July 2020, the settlement was increased to $650 million.
Illinois was the first state to pass legislation aimed at protecting biometric data, enacting BIPA in 2008. Among other provisions, BIPA requires that consent be obtained prior to the collection of a user’s biometric data. Because BIPA contemplates $1,000 to $5,000 for each violation of the law, a verdict could have exposed Facebook to billions in damages. The $650 million settlement is likely the largest facial recognition case to date.
The litigation arose from Facebook’s “Tag Suggestion” service. This is essentially a photo-labeling service that suggests the names of individuals in photos. Facebook obtained this information from “tagging,” a practice where users identified themselves and others in photos. This information was put into a database and eventually Facebook had enough data to automatically recognize the faces of users and make suggestions of users to “tag” in new photos.
But Facebook isn’t the only application on your smartphone potentially harvesting your biometric data. Several other popular smartphone apps have been criticized for the improper use of facial recognition technology. Most recently, the Clearview AI app came under criticism by privacy advocates. Clearview AI “scrapes” publicly available photos from social media accounts. Clearview AI contracts with law enforcement agencies, and until May 2020, also sold this information to private companies. Clearview promised to voluntarily terminate all contracts with entities based in Illinois after it was also sued under BIPA. Apple also faces multiple lawsuits under BIPA. One involves facial recognition, the other focuses on voice biometrics.
Technology Companies Promise Reform
In response to these recent controversies, several of the largest technology companies have announced restrictions on their development of facial recognition technology. On June 8, 2020, IBM announced it would no longer develop facial recognition technology.
On June 11, 2020, Microsoft followed by announcing it would no longer permit law enforcement use of its facial recognition technology.
Biometric data, including facial recognition, may be the most significant new legal front for privacy advocates. Biometric systems are becoming more common across society, such as the fingerprint sensor on many smartphones, retina scanning, and voice recognition.
Conclusion
Notwithstanding the likelihood of future litigation and public policy proposals, there are several actions individuals can take now to protect their privacy. Anyone concerned about protecting biometric data should avoid apps that require uploading a photo of their face. Also, users can avoid tagging themselves and others in social media posts. Finally, users can review their privacy settings and disable most facial recognition features.
Unfortunately, reigning in the use of facial recognition technology by government agencies is not always so easy. Other governments, most notably China, paint an alarming picture of how biometric data can be abused by authorities in the absence of appropriate legal protections.
Several local jurisdictions already prohibit the use of facial recognition technology. Major cities such as San Francisco, Boston, and Oakland have adopted such laws. In June 2020 the Boston City Council voted unanimously to ban the use of facial recognition by police. Officials cited concerns including racial bias and misidentification. Other cities are going even further. Effective January 1, 2021, Portland, Oregon’s facial recognition-ban applies to both government agencies and private businesses.
BIPA may only attract a fraction of the attention garnered by other prominent privacy laws like CCPA and GDPR, but with more actions filed under BIPA each month, this often-overlooked Illinois statute will become harder to ignore in 2021. Just as importantly, other jurisdictions may follow Illinois’ lead by enacting similar laws in the near future.
Patrick McKnight is an Associate in the Litigation Department of Klehr Harrison Harvey Branzburg LLP in Philadelphia, Pennsylvania. He is a member of the firm’s Data, Privacy, and Cybersecurity practice group. The opinions expressed in this article are those of the author and not necessarily of Klehr Harrison Harvey Branzburg LLP or its clients.
On January 1, 2021, Congress overrode the presidential veto of the National Defense Authorization Act for Fiscal Year 2021 (NDAA).[1] While the new law dealt mostly with national security, it also included a provision that substantially amended the SEC’s remedial powers, expressly authorizing the SEC to obtain disgorgement in federal court and doubling the statute of limitations for some types of relief. Early reactions to the amendments have viewed them as attempting to overturn the Supreme Court’s recent decisions in Kokesh v. SEC[2] and Liu v. SEC[3] that had curtailed the SEC’s remedial powers. Kokesh overruled a long line of lower court cases that had held that disgorgement was not subject to any statute of limitations. And Liu rejected the SEC’s broad interpretation of disgorgement, instead adopting a much narrower view of disgorgement, closer to how other courts had interpreted the sanction under common law, such as by permitting deductions for certain legitimate business expenses. Against this backdrop, some have suggested the amendments “neuter” or “upend” Liu’s limitations on disgorgement.[4]
But do they? Although the statute was enacted after Liu, the relevant provision’s language was originally introduced before the Supreme Court had even granted certiorari in Liu, let alone issued its decision. The legislative history reveals that this provision was in response to Kokesh, particularly a footnote in which the Supreme Court suggested disgorgement may not actually have been authorized by the provisions of the Securities Exchange Act of 1934[5] (Exchange Act) that the SEC and courts had long relied on.[6] Simply put, the NDAA’s amendment focused on Kokesh, not Liu.
Indeed, contrary to some suggestions, the NDAA’s characterization of disgorgement in many ways tracks the Supreme Court’s discussion in Liu. Unsurprisingly, then, under ordinary principles of statutory interpretation, some of Liu’s limitations on disgorgement probably remain, even after the NDAA’s amendments. And those limitations could continue to provide an important check on the new statutory disgorgement power that Congress has given the SEC.
Background: Kokesh and Liu
For at least several decades, disgorgement was seen as a silver bullet in the SEC’s arsenal, because it was not subject to any statute of limitation and the amount of disgorgement was largely left to the discretion of the SEC or lower courts. Over time, this perceived flexibility resulted in disgorgement becoming a powerful tool to sanction misconduct where civil money penalties were time-barred or considered insufficient. But in 2017, a unanimous Supreme Court held in Kokesh that, as applied by many courts, disgorgement was effectively a penalty. And as a result, an action for disgorgement was subject to the same default five-year statute of limitations in 28 U.S.C. § 2462 that applied to SEC actions for civil money penalties.
In a significant footnote, the Supreme Court noted that whether the SEC was even authorized to seek disgorgement remained an open, antecedent question that was not then before the Court. Given that the case was limited to addressing the applicability of a statute of limitations, the Court cautioned that “[n]othing in this opinion should be interpreted as an opinion on whether courts possess authority to order disgorgement in SEC enforcement proceedings or on whether courts have properly applied disgorgement principles in this context. The sole question presented in this case is whether disgorgement, as applied in SEC enforcement actions, is subject to § 2462’s limitations period.”[7]
That footnote cast doubt on the SEC’s authority under the Exchange Act to obtain disgorgement in district court actions. And, when the Supreme Court later decided to hear a case that directly challenged the SEC’s authority to obtain disgorgement, many were concerned that the Court would hold that disgorgement was not authorized by the Exchange Act.
In Liu, however, the Supreme Court held that disgorgement was a permissible “equitable remedy” under Exchange Act Section 21(d)(5), so long as the disgorgement award “does not exceed a wrongdoer’s net profits and is awarded for victims.”[8] The Court reasoned that when the Exchange Act authorized “any equitable relief that may be appropriate or necessary for the benefit of investors,” Congress incorporated longstanding equitable principles that prevented an equitable remedy from being transformed into a punitive sanction. The Court identified three limitations that, when observed, made a disgorgement award an equitable remedy:
In general, disgorgement of a defendant’s gains should be returned to wronged investors for their benefit, not simply deposited with the Treasury.
Disgorgement is available only for the profits that accrued to wrongdoers themselves and not to another party.
Disgorgement is limited to a party’s “unjust enrichment,” so awards generally must deduct legitimate business expenses so that the total award does not exceed a wrongdoer’s net profits.[9]
How these three limitations should be put into practice has vexed the SEC and defense attorneys since Liu was decided in June 2020. The Liu opinion has, seemingly, left the SEC reluctant to seek disgorgement in many cases.
The NDAA’s Amendments to the Exchange Act
Section 6501 of the NDAA directly and broadly addresses disgorgement in two ways. First, it amends Section 21(d) of the Exchange Act so that the provision now explicitly provides the SEC with authority to seek (and provides courts with authority to order) disgorgement “of any unjust enrichment by the person who received such unjust enrichment as a result of such violation . . . in any action or proceeding brought by the Commission under any provision of the securities laws.” Second, Section 6501 provides that the statute of limitations for disgorgement is generally five years but is extended to 10 years for violations of the securities laws “for which scienter must be established.” And in another subsection, Congress also expanded the statute of limitations to 10 years for “any equitable remedy, including for an injunction or for a bar, suspension, or cease and desist order,” without the need to establish scienter.
History of NDAA Section 6501
Section 6501 was inserted into the Conference Report on the NDAA (H.R.6395) on December 3, 2020, without any Congressional debate or discussion. The subject matter of Section 6501 was obviously far afield from the NDAA, so the technical statutory language in that provision had to come from somewhere else. Section 6501’s sources are three prior bills introduced in Congress well before Liu was decided.
In March 2019 (after Kokesh but before the petition for certiorari in Liu was even filed), the Securities Fraud Enforcement and Investor Compensation Act of 2019 (S.799) was introduced in the Senate. That bill would have amended Exchange Act Section 21(d) to expressly authorize the SEC to obtain disgorgement for unjust enrichment. It also would have established a five-year statute of limitations for disgorgement and a 10-year statute of limitations for equitable remedies.
In September 2019 (while the petition for certiorari in Liu was pending but not yet granted), the Investor Protection and Capital Markets Fairness Act (H.R.4344) was introduced in the House. This different bill also would have amended Exchange Act Section 21(d) to authorize disgorgement in any SEC action or proceeding. And it would have made 28 U.S.C. § 2462 inapplicable to disgorgement, though it did not specify another statute of limitations.
A few days later, the Improving Laundering Laws and Increasing Comprehensive Information Tracking of Criminal Activity in Shell Holdings Act (S.2563) was introduced in the Senate. That bill had a number of provisions unrelated to the Exchange Act, but Sections 501 and 502 of S.2563 incorporated S.799 in its entirety, with only a few changes. The only material change to S.799 in S.2563 would have been an extension of the statute of limitations for equitable remedies from 10 years to 12. The bill expressly would have applied only to actions or proceedings commenced on or after the date of enactment.
These three predecessor bills (S.799, H.R.4344, and S.2563) were all plainly focused on Kokesh, and in particular, the Supreme Court’s holding that disgorgement was subject to a five-year statute of limitations and the question raised by footnote three as to whether the SEC was even authorized to seek disgorgement.
On November 18, 2019 (shortly after the petition for certiorari in Liu had been granted), the House took up an amended version of H.R.4344. That version of the bill would have amended Section 21(d) of the Exchange Act as before, only now it would have created a 14-year statute of limitations for disgorgement, and it would have expressly applied the amendments to Section 21(d) retroactively (with the same language ultimately enacted in NDAA Section 6501). In the limited floor debate on H.R.4344, members continued to focus on expanding the statute of limitations, to abrogate Kokesh’s holding. In a comment that was representative of the floor debate, one member characterized the bill as follows: “This bill is the result of the Supreme Court’s Kokesh decision, which restricted the SEC’s disgorgement authority to five years [and the] concern that a five-year statute of limitations allows bad actors to hold on to their ill-gotten gains obtained outside that five-year window.”[10] Other members also raised concerns that the footnote in Kokesh and the Court’s decision to hear Liu meant that the Supreme Court could “remove any disgorgement action from the SEC, absent further action by Congress.”[11] Members made it clear that the purpose of the provision was not to address the contours of the Commission’s disgorgement authority, but to simply “clarify[] that the SEC does indeed have disgorgement authority.”[12]
None of these three predecessor bills were ever taken up in the Senate. That might have been the end of the matter, until Section 6501 was slipped into the Conference Report on the Defense Bill.[13] The language of Section 6501 was largely derived from S.2563, though it incorporated the retroactivity provision originally approved by the House in H.R.4344.
In summary, the legislative history suggests that the only purpose of Section 6501 was to respond to the Supreme Court’s decision in Kokesh by giving the SEC express authority to seek disgorgement and by lengthening the applicable statute of limitations. The statutory language in Section 6501 had nothing to do with Court’s decision Liu—indeed, it couldn’t have, because that language was crafted and debated many months before the Supreme Court issued its opinion in Liu. The language of amended Section 21(d) was never meant to respond Liu.
Textual Analysis of Amended Section 21(d)
Of course, just because Congress apparently didn’t intend to abrogate Liu doesn’t mean that Section 6501 didn’t effect substantive changes. The legislative history may be interesting, but the interpretation of a statute begins (and often ends) with the text.[14] Applying ordinary principles of statutory interpretation to Section 6501 reveals that, contrary to some suggestions, the disgorgement remedy Congress has now authorized likely embraces some of Liu’s important limitations on the SEC’s disgorgement authority.
Section 21(d), as amended, does not simply authorize “disgorgement.” Rather, it provides a more limited grant of authority to obtain disgorgement only “of unjust enrichment.” “Unjust enrichment” is undefined, but it is a familiar principle. Indeed, the concept was the foundation of the Supreme Court’s interpretation in Liu regarding what funds could be disgorged. As the Court explained, “unjust enrichment” had long been understood to be a “profit-based measure” that was “tethered to a wrongdoer’s net unlawful profits.” Congress is presumed to be familiar with the meaning of common legal terms and Supreme Court decisions when it legislates,[15] so its decision to limit disgorgement orders to “unjust enrichment” should be seen as embracing, not rejecting, that portion of Liu. Moreover, Congress chose the term “disgorgement”—which is of relatively recent vintage—instead of “restitution,” which has a longer history in decided cases. That decision should not be considered inadvertent, and it is consistent with the provision’s focus on unjust gains instead of the victim’s losses.
Section 6501’s text also confirms Congress’s intent that the right target of a disgorgement order is “the person who received such unjust enrichment as a result of such violation.” That approach is different from the approach the SEC and some lower courts had taken before Liu. As the Supreme Court explained, courts often imposed “disgorgement liability on a wrongdoer for benefits that accrue to his affiliates, sometimes through joint-and-several liability.” When Liu was decided, that broad approach was “seemingly at odds with the common-law rule requiring individual liability for wrongful profits.” And now, that broad approach appears to likewise be at odds with Section 21(d), as amended.
This is not to say that the statutory disgorgement authorized by Congress in Section 6501 is identical to the equitable disgorgement addressed in Liu. One key difference is that, while the disgorgement discussed in Liu is a type of equitable relief, in Section 6501 Congress textually distinguished the new disgorgement remedy and “any equitable remedy.” One consequence of this distinction is that the other limitations on equitable disgorgement that are not mirrored by Section 6501—such as the requirement to generally return disgorged funds to victims instead of depositing them in the Treasury—probably do not apply. Thus, the SEC may have more freedom to deposit funds with the Treasury now instead of returning them to victims, as Liu generally requires for equitable disgorgement. That result also addresses the practical concern, voiced by the SEC, that in many instances it may be nearly impossible to return funds to an identified group of victims.
Conclusion
There can be little doubt that NDAA Section 6501 substantially changes the SEC’s ability to obtain disgorgement in enforcement actions. But, contrary to some suggestions, the Commission’s new statutory disgorgement remedy seems to be subject to many of the same limitations recognized by the Supreme Court in Liu.
[6] Congressional Record at H8930 (Nov. 18, 2019) (“The Supreme Court further hinted, in an obscure footnote, that the SEC may not be able to seek disgorgement of ill-gotten gains at all.”).
[7]Kokesh v. Sec. & Exch. Comm’n, 137 S. Ct. 1635, 1642 n.3 (2017).
[8]Liu et al. v. Sec. & Exch. Comm’n, 140 S. Ct. 1936, 1940 (2020).
[13] H. Rept. 116-617, William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Conference Report to Accompany H.R.6395 at 1267–68 (Dec. 3, 2020).
[14]See, e.g., Octane Fitness, LLC v. ICON Health & Fitness, Inc., 572 U. S. 545, 553 (2014).
[15]See, e.g., Hall v. Hall, 138 S. Ct. 1118, 1128 (2018).
The COVID-19 pandemic is a triple threat to state and local solvency.
State and local governments must spend increasing amounts to save their citizens’ health and welfare through emergency treatment, testing, tracking, and unemployment insurance. The COVID-19 lock down cut retail sales, road tolls, and mass transit fares dramatically and immediately, putting budgets under immediate pressure. The Center on Budget Priorities estimated that state budget shortfalls will total $615 billion for the fiscal year ending (for most states) on June 30, 2020. Finally, a decrease in interest rates will increase pension plan liabilities (and annual funding requirements) for states with already challenged pension plans.
Thus, financial pressure on state and local governments is escalating at the same time the Bankruptcy Code is malfunctioning in Puerto Rico’s insolvency proceedings.
State and local governments with low credit ratings may obtain credit by pledging tax and other revenues, including what the Bankruptcy Code calls “special revenues”:
receipts from systems providing transportation, utility, or other services;
special excise taxes on particular activities or transactions;
incremental tax receipts from an area benefiting from tax-increment financing;
other revenues or receipts from particular functions; or
taxes specifically levied to finance one or more projects or systems, excluding general property, income, or sales taxes used for general purposes.
Chapter 9 of the Bankruptcy Code contains protections for bonds secured by pledges of special revenues. Section 928(a) provides that special revenues received during and after a municipal bankruptcy remain subject to a prebankruptcy pledge, subject to the “necessary operating expenses” of “the project or system” under section 928(b). Section 922(d) provides that the automatic stay does not operate as a stay of “application” of pledged special revenues under section 927.
These sections had been widely understood to assure revenue bondholders that they would continue to be paid from pledged special revenues during a chapter 9 case except to the extent pledged revenues were required to fund “necessary operating expenses.” The U.S. Court of Appeals for the First Circuit destroyed that understanding in Assured Guaranty Corp. v. Carrion, 919 F.3d 121 (1st Cir. 2019), a case under the Puerto Rico Oversight Management and Security Act of 2016 (PROMESA).
PROMESA Section 305 (a virtual copy of Bankruptcy Code Section 904) provides that the court may not interfere with any property or revenues of a municipal debtor. The First Circuit therefore held that the statute did not require the municipality to continue to pay pledged special revenues to bondholders; it only permitted the municipality to do so. The First Circuit reaffirmed that holding in a published decision denying en banc review over Judge Lynch’s dissent. 931 F.3d 111 (1st Cir. 2019).
Assured v. Carrion turned the statute from a straightforward assurance of during-the-case-payment into an incoherent, almost unenforceable mess.
As noted, a pre-petition pledge of special revenues continues to attach to post-petition revenues. However, the First Circuit holds that the bankruptcy court cannot enforce that pledge under section 904; thus, the debtor can just spend special revenues regardless of a bondholder pledge unless:
the bankruptcy court lifts the automatic stay for lack of adequate protection under section 362(d)(1), as it must (931 F.3d at 918); and
the bondholders get an injunction from a nonbankruptcy court to enforce their pledge.
However, then the bondholders’ pledge is subject to “necessary operating expenses” under section 928(b), which must be determined by the bankruptcy court, not the court enforcing the pledge.
Even if the bankruptcy court’s decision on adequate protection determines the amount of special revenues needed for operating expenses, that decision is good for that day only—operating expenses fluctuate. In the First Circuit, then, the bankruptcy court determining how to enforce a pledge of special revenues cannot enforce the pledge, and the court enforcing the pledge of special revenues cannot determine how to enforce the pledge.
None of this makes any sense.
Congress should amend chapter 9 to ensure that no future court adopts the misinterpretation of the First Circuit, and it should do so before that misinterpretation damages governments’ ability to issue revenue bonds at a time of financial crisis.
Connect with a global network of over 30,000 business law professionals
