The Olympic Games: an event that involves athletes from 206 countries competing in 33 different sports, each requiring specialized training and competition facilities, that must be completed in 17 days as half the people on the planet watch the exciting drama unfold. Think of the tens of thousands of contractual and other arrangements that go into the delivery of an event as complex as the Olympic Games.

The Games are awarded to the city selected by a majority of the members of the International Olympic Committee (IOC) from among candidate cities around the world approximately seven years prior to the date of the Games. The organizational aspects are set forth in a contract between the IOC, the host national Olympic committee, and the government of the host country. Tokyo was chosen in 2013 for 2020 Games, and the exact dates were identified shortly thereafter: July 24–August 9.

Once the dates are confirmed, everything turns on ensuring the Games will start and finish on those precise dates. There is no margin for error; everything must work perfectly—the first time. Using military terminology, the Games are a no-fail mission.

Athletes build their training around a fixed schedule: an athlete competing in the 100-meter dash, for example, knows precisely when the heats, quarter-finals, semi-finals, and finals will occur in order to achieve optimal performances during the Games. The international sport schedules in all Olympic sports are designed around the Olympic calendar so that all athletes are at their best for the Games.

Broadcasters, sponsors, spectators, transportation companies, hotels, meeting and other facilities such as conference and convention centers, suppliers, and construction and development organizations all base their planning on the dates of the Games. Legislation in the host country generally needs adjustment to permit entry without visas (merely the Olympic identification card), to permit Olympic parties to bring equipment and workers without taxation and to remove both when the Games finish (again without taxation), to establish the necessary security arrangements, and to provide special access at airports and other border crossings, to name but a few.

The Japanese organizers have been first class, and there was little doubt that the Games were going to be extremely well organized. There was a universal expectation, within the Olympic movement and throughout Japan, that the forthcoming Games would set new standards in Games planning and delivery.

Enter COVID-19.

That the world was unprepared to deal with this virus is now all too apparent. Not only was the world unprepared, but in too many cases the threat was underestimated, and exceptional measures to limit its spread were not undertaken quickly enough. The virus spread and a pandemic resulted. Personal livelihoods and freedoms have been compromised, the economy has suffered, education has been affected, people have died from the virus, and more will die.

Although an event like the Games is not as important as the larger existential threat implicit in COVID-19, it nevertheless is impacted by it and, depending on the organizers’ conduct, could either support efforts to contain the virus or act in disregard of those efforts.

The contractual right to cancel the Games in the face of, among other considerations, safety concerns could have allowed the IOC to unilaterally cancel the Tokyo Games. It did not do so. Instead, it responded positively to a request by the Japanese government to postpone the Games, after consultation with the WHO, competing athletes, international federations, and national Olympic committees. The most convenient postponement was almost exactly one year, to begin on July 23, 2021, taking advantage of vacation periods and student holidays to reduce traffic and strains on the transportation systems. The schedule matches previous athlete training rhythms and minimally impacts sport programming for the major broadcasters. It also gives the organizers the time they need to extend, vary, or renegotiate the many contracts entered into before the disruption resulting from the pandemic.

The organizers and others are now undertaking the many challenges of re-weaving the contractual tapestry for Games in 2021. This will remain a work in progress and will require the exercise of tact and compromise, as well as a general desire to make the postponement work. Organizing a first-bounce recovery is much better for everyone, including for Japan, the athletes, and the spectators, rather than simply to cancel the Games. It is not the fault of the Tokyo organizers, nor the Olympic parties, that the pandemic has struck, and no “blame” can fairly be assigned to any of the contractual parties.

A formidable series of challenges looms ahead. To mention but a few, consider the Olympic Village, generally recognized as the “heart” of any Olympic Games, where the athletes of the world come together. This involves some 20,000 people (athletes, coaches, officials, and medical staff) who all must be accommodated, fed, and transported to and from training and competition venues. Security must be provided in a post-Munich and post-9/11 era, which has changed the former, less formal paradigm. All those arrangements must be put on hold and reinstalled a year later. Organizing committee employees may be kept on, or laid-off and rehired several months later. Venue arrangements need renegotiation, and ticket arrangements may be carried forward if the venues remain exactly the same, or revised if there will be new venues. Hotel accommodations may or may not be carried forward, depending on negotiations with the relevant associations. Airport and border-crossing security must be reconfigured, and coordination with law enforcement agencies and even the military put back into place.

With the goodwill surrounding the Olympic Games, this should all be possible. The world wants the Olympics to work because if the Olympics can work, perhaps someday the world will work. First, however, we must wrestle COVID-19 to the ground.

 Joining the global trend originating in Europe with the General Data Protection Regulation (GDPR), Brazil recently enacted its own omnibus law governing the use of personal data, the Lei Geral de Proteção de Dados (LGPD), or General Law for the Protection of Privacy. Similar to the EU’s GDPR and California’s Consumer Privacy Act (CCPA), LGPD is intended to regulate the processing of personal data. The stated purpose of the law is to protect “the fundamental rights of freedom and privacy and the free development of the personality of the natural person.”

This article addresses the most commonly asked questions about the applicability of LGPD and its exemptions and enforcement. The analysis is woven with a comparison to the GDPR and CCPA.

To Whom Does LGPD Apply?

The LGPD applies to any natural person or legal entity, including the government, that processes the personal data of the people of Brazil, even if the entity processing the data is based outside of Brazil. There are some exceptions, however, such as (1) when the processing is done by a natural person exclusively for private and noneconomic purposes; (2) when done exclusively for journalistic, artistic, or academic purposes; or (3) when done for purposes of public safety, national defense, state security, or activities or investigation and prosecution of criminal offenses.

What Is Personal Data and How Can It Be Processed?

Personal data in this statute is defined broadly as “information regarding an identified or identifiable natural person.” There are also special restrictions for the processing of “sensitive personal data,” which is data that relates to racial or ethnic origin, religious beliefs, political opinion, affiliation to unions or political, philosophical or religious organizations, health information, sexual preference, or genetic and biometric data. To that end, and similarly to the GDPR and CCPA, sensitive personal data may only be processed when the data subject specifically and distinctly consents to the specified purposes.

Personal data may be processed without consent for certain specific and limited purposes, including (1) to comply with a legal obligation; (2) when it is necessary by the public administration for the execution of public policies; (3) when it is a study carried out by a research entity; or (4) to protect the life or physical safety of the data subject or a third party.

Companies can collect and use publicly available personal data under the LGPD only if it is (1) being used for the same purpose that it was originally collected, in which case consent from the data subject is not needed; or (2) for a different purpose, but only if the controller has identified a valid legal basis for the use of the data.

What Rights Does LGPD Grant to Data Subjects?

The LGPD sets out nine fundamental rights granted to all Brazilian data subjects that are similar to the eight fundamental rights laid out in the GDPR. The ninth comes from a more specific definition of the “right to be informed” as granted in the GDPR. LGPD separates the right to be informed into (1) the right to “information about the public and private entities with which the controller has shared data” and (2) “information about the possibility of denying consent and the consequences of such denial.” This gives the data subject not only a right to request information the organization collects about the data subject, but also the right to ask about what will happen if the data subject does not give the controller consent to process his or her personal data. Data subjects are also entitled to an explanation about any automated decision-making carried out by the controller that affects their interests. When a data subject requests a review, the controller must provide “clear and adequate information regarding the criteria and procedures used for an automated decision.”

What Is Exempted under LGPD?

Although the GDPR has six lawful bases for processing data, the LGPD expands upon those, listing 10 legal bases for justifying the processing of personal data. The 10 bases listed in the LGPD generally follow the bases listed in the GDPR, with the exception of the last legal basis listed in the LGPD, giving the ability to process data for “the protection of credit.” This implies that consent is not necessary under the LGPD to process data for credit protection purposes, but this section should still be read in the context of two other laws that govern personal data for protection of credit purposes (the Federal Consumer Code and the Positive Credit History Law).

In addition to the legal basis exempted to process data, like the GDPR and CCPA, under the LGPD, data that has been anonymized is generally exempt from the requirements of the LGDP so long as the process by which the data was anonymized is not able to be reversed applying reasonable efforts. The LGPD defines “anonymization” as the “use of reasonable technical means available at the time of processing, by means of which the data loses the possibility of direct or indirect association to a natural person.” A key difference here, however, is that per the LGPD, some anonymized data may even be deemed as “personal data” if it is used to “formulate behavioral profiles of a particular natural person, if that person is identified.” As such, if the anonymized data is still being used for behavior profiling, it is subject to the restrictions of personal data. Another difference is that, unlike the GDPR, the LGPD does not necessarily endorse pseudonymization as a best practice; in fact, it only addresses pseudonymization once, encouraging public health research bodies to either anonymize or pseudonymize when possible. GDPR, by contrast, frequently references pseudonymization as a best practice in order to assure compliance.

What Other Key Requirements Does LGPD Impose?

Aside from having to identify a legal basis for processing data without consent, companies must also create and maintain a map of the personal data that they collect and process. This requirement is not imposed by CCPA but it does appear under GDPR. Furthermore, organizations must ensure that they are tracking consents and revocations by data subjects, which should be done as a matter of best practice even to establish compliance if it were not specifically mentioned in LGPD.

Does LGPD Require a DPO?

Like the GDPR, and unlike the CCPA, the LGPD requires businesses and organizations to hire a Data Protection Officer (DPO). However, unlike GDPR, the LGPD does not outline specific cases for which a DPO is needed. It simply states that the “controller shall appoint an officer to be in charge of processing personal data.” This implies that any organization that processes the data of people in Brazil will need a DPO. Both controllers and processors must appoint a DPO.

Who Will Enforce LGPD?

The LGPD creates an enforcement authority responsible for overseeing the data protection regulation in the National Data Protection Authority (Autoridade Nacional de Proteção de Dados, or ANPD). The ANPD has the authority to create separate guidelines, rules, and deadlines applicable to small businesses and startups to make sure that they comply with the LGPD. As the ANPD begins to issue guidance on the provisions of the LGDP, this will affect how they will be enforced and implemented. The LGPD does not give a firm deadline for reporting data breaches to the ANPD; it merely states that “the controller must communicate to the national authority and to the data subject the occurrence of a security incident . . . in a reasonable time period, as defined by the national authority.”

What Are the Fines for Noncompliance?

Fines for noncompliance are not as substantial in the LGPD as they are in the GDPR, giving the maximum fine for a violation as “2% of a private legal entity’s, group’s or conglomerate’s revenue in Brazil, for the prior fiscal year, excluding taxes, up to a total maximum of 50 million reals.” The sanctions will be applied only after an administrative procedure where opportunity is given for a full defense, and taking into account the severity of the infraction and other parameters.

Over the years many of us have imagined what the world would be like in some sort of global pandemic. There have been books, movies, and short stories all “imagining” the day a global pandemic might hit. The time, tragically, is upon us. For those of you who have geared your practices toward a remote working environment, you are several steps ahead of the game. For the majority, now is the time to consider what tools you should have in your toolkit to survive this and perhaps future experiences. Fortunately, we have not had to experience a mass disaster such as an earthquake, but many of the concepts discussed in this article are applicable to all sorts of disasters.

Tip 1: It’s about your hardware. Needless to say, having an iPad, a laptop, or a home computer is the first, most important way to connect remotely. Although you could certainly use your smart phone, having an adequately sized piece of hardware is critical to getting the most out of your out-of-office productivity. For the last 20 years, I used a laptop to connect to the office remotely, but over the last five, I have abandoned the laptop and use an iPad exclusively when working remotely. The current generation of iPad I am using is the iPad Pro 12.9 device. It truly is, at least for me, a laptop replacement. Using the iPad Pro with the Apple keyboard (although there are several third-party keyboards available as well) provides enormous amounts of productivity wherever I am. However, there are several manufacturers that produce fantastic laptops to be considered as well. What’s great about the iPad is that rather than having to lug around a separate computer charging cable, the iPad Pro cable is easy to carry, and with just a replacement, the lightening plug works with the same adapter. As an aside, my firm is totally PC-based; therefore, even though the iPad is an Apple product, I almost exclusively use Microsoft software on my iPad.

Tip 2: Software. You must ensure that you are using software that allows you to connect to your office remotely. In my firm there are two ways for users to connect to the office remotely. The first is through Citrix, which is a software system that allows remote connectivity to my office’s servers using a remote connection. The other option is LogMeIn, which is software that allows you to connect remotely to your actual desktop computer and work as though you were literally sitting at your own desk at the office. I really enjoy LogMeIn because of this experience. The backbone for all of this remote connectivity is Tip 3.

Tip 3: Internet connectivity. When you are remotely connecting to your office, it is important that you have good, stable internet connection, as well as the appropriate security. (I will deal with security in Tip 4.) It is important that you are connecting to your office through one of at least three different methods. The first method is a wired internet connection at your home to connect to your firm’s computers. If you are working somewhere where you do not have direct internet connectivity, another option is hardware with built-in wireless connectivity. For example, the iPad has two versions: one is a purely Wi-Fi-based connection, and the other is Wi-Fi plus cellular. I have the iPad Pro with both Wi-Fi and cellular access because sometimes there may not be Wi-Fi available, and I do not want lose access to the internet. However, if you do not have a cellular iPad, you could use your own cell phone to create a wireless “hotspot” to connect with your iPad. For example, my iPhone 11 Pro has a feature to connect my remote device through the Sprint network to the internet. In other words, if I did not want to use my iPad’s own cellular connectivity, I could turn my iPhone into an access point for connection. When I have traveled outside of the United States where the cellular connection does not work on my iPad, I can actually use my iPhone to connect the iPad wirelessly. That said, it tends to be expensive to use my iPhone to connect my iPad to the internet. You can also purchase a cellular providers’ “hot spot,” which is a separate device that serves as a gateway between your laptop or iPad and an internet connection. Nevertheless, those are your options for internet connectivity as we begin 2020. There are several companies working on developing a blanket around the world of access points that would essentially create Wi-Fi for all no matter where you are.

Tip 4: Security. It is important that your communications with your firm remain private. The one way to ensure privacy in your communications when working by Wi-Fi is using a virtual private network (VPN). When using a VPN, your communications are encased in a steel tube so that no one can penetrate the contents of your communications from your device to your office systems, assuming you are accessing a secure connection. You may have seen the following designation: “www.https://.” The “https” designation denotes a “s”ecure connection. When you visit a bank website, for example, you will notice it is designated as an httpS, meaning it is secure. However, the connection is only as secure as your initiation point. Whenever I am using a “public” wireless connection, whether at a hotel, an airport, or a Starbucks, I always initiate the VPN software on my iPad. VPNs are readily available and cost a minimal monthly amount for their use. There are numerous amazing benefits to a VPN, but they are beyond the scope of this article. However, if interested, I would encourage you to find out more about VPNs and how to use them. It is sufficient to say that if you are not entering your firm’s network from a secure location, such as your home, you should absolutely use a VPN.

Tip 5: Telephone calls. Most office phone systems now allow you to call-forward your office line to your remote device. If you have a direct dial at your office and can call-forward your direct dial to your remote device, whether it’s a cell phone or a home number, it is important that you have the ability to call-forward your main office line. However, at a small firm, you may need to simply direct the main number for your office directly to one individual, like a receptionist, who can take and process all calls. In times such as these where your offices are essentially vacated, you must have someone monitor your telephone system.

Tip 6: Video communication. I have been a power user of Zoom, a U.S. web-based video teleconferencing system, since 2012. Zoom is one of several companies that offer real-time video connectivity between yourself and anyone else who has access to the Zoom network. There are certainly several competitors to Zoom, but I personally find the ease-of-use and scalability of Zoom preferable. You are able to call as few as one to as many as 1,000 individuals at the same time. On a smaller scale, you can use Apple’s FaceTime for basic, peer-to-peer videoconferencing. Ring Central offers videoconferencing, as does Microsoft meeting. I find, especially during these isolating times, that the ability to see people face-to-face is absolutely necessary to maintaining your sanity when working.

Tip 7: Speech-recognition software. Those of you who are challenged in your typing skills and do not currently have access to support staff might need to look into speech-recognition software for assistance. I have used Dragon NaturallySpeaking for almost 25 years. Dragon translates your spoken word into typewritten text one word at a time and is the program I am using to prepare this article. Whenever I am doing any sort of word processing, I dictate my work directly into Dragon and subsequently proofread, cleanup, and then send. I oftentimes dictate using Dragon and then forward to my legal assistants to clean up my dictation, deal with formatting issues, and then finalize the pleading, correspondence, or even an article like this. I highly recommend Dragon NaturallySpeaking as a fantastic complement to your remote work environment.

Tip 8: Screening your calls. Google Voice allows you to force callers to identify who they are before the call gets forwarded to you. I oftentimes choose not to give out my cell phone number in favor of my Google Voice number. When you pick up a Google Voice call, the individual calling you is first announced and then you can choose whether to accept or reject the call—a nice feature when working remotely. At the office, you might have your receptionist or secretary “screen” your calls for you, but when working remotely you lose that opportunity. Google Voice solves that problem. Unfortunately, Google stopped supporting Google Voice in 2019, but there are several alternative products available, and you should research which one might be best for you.

Tip 9: Cloud-based computing. Although my office has continued to use on-site servers, several of my colleagues in larger firms have migrated to cloud-based software providers. Essentially, a cloud-based system allows you to work remotely as though you were in your office wherever you are in the world. Unlike the options mentioned earlier through Citrix or LogMeIn, if you are a cloud-based user, your law firm software resides somewhere in the world. It really doesn’t matter to you where it’s located so long as you have consistent access to your data. Although I prefer having all of my client files, documents, and other information reside at my office, if your firm uses a cloud-based computing platform, you have access to the entire suite of information wherever you are based. This certainly would be true if there were some sort of a mass catastrophic event that took your office out of service. Currently the pricing of cloud-based computing is expensive enough that I prefer housing my servers at my firm along with the concomitant outside vendor support, but in the future, that will probably change. In short, it really doesn’t matter whether a cloud-based office is physically open for business or where in the world you are in order to access your data.

Tip 10: Password managers. All of us have dozens of sites that we access daily that require password access. Whether you are accessing your office’s computer system, your Apple account, your Google account, or even your grocery store, managing your passwords is an important task. I have used for many years Dashlane to manage my passwords. I have over 300 different sites maintained in my Dashlane account, and these passwords synchronize among my devices. In other words, I have Dashlane at the office, at my home, on my iPad, and on my iPhone, and anytime I change one password, all of the other devices connected to Dashlane synchronize through the cloud and update every other device. It is not a good idea to use the same password on every website. Although I realize it is difficult to use multiple passwords because it is hard to remember which password is for which account, that is the beauty of Dashlane. It automatically remembers and recalls for you the password you’ve used for each individual website. One trick to think about for your passwords is to use a phrase. Studies have shown that a series of lowercase letters, capitalized letters, symbols, numbers, etc. is not as effective as a long password, such as a common phrase that only you know. For example, you could simply vary the end of the phrase “hickorydickorydock” depending on the website.

Needless to say, there are a whole lot more than 10 tips, but this is a pretty good start when working remotely now and in the future. Be safe and be healthy!

Recent developments in the global markets, including changes in tax and regulatory regimes, have motivated businesses to seek new jurisdictions for incorporation by entities in their corporate structure.* Although such a change may be accomplished by merger of the relevant entity with another entity located in the desired destination where applicable law permits, many recent migrations and transformations have taken advantage of the conversion provisions of sections 265 and 266 of the Delaware General Corporation Law (DGCL) and the transfer, domestication, and continuation provisions of sections 388 and 390 of the DGCL. Unlike a merger, which recognizes the existence of at least two constituent entities, a company proceeding through a conversion, transfer, domestication, or continuation is recognized as a single entity that retains its corporate personality while migrating and/or transforming into a seemingly different entity. Given that those technical processes have been used less frequently than merger provisions, a moment with those sections of the DGCL—before considering their utility in a corporate reorganization or flip transaction—may be in order.

Origins and Development of Domestication and Conversion under the DGCL

The concept of domestication was explored in the context of modern corporate statutes around World War II.[1] Section 388 was not adopted until 1984, however, when entities formed outside of the United States were allowed to transfer or domesticate as Delaware corporations.[2] Eleven years later, section 390 was adopted to allow Delaware corporations to similarly transfer and domesticate as corporations in a non-U.S. jurisdiction.[3] Sections 388 and 390 have since been amended periodically to provide greater flexibility and, in their current forms, allow Delaware corporations to transfer and domesticate as any entity type in a non-U.S. jurisdiction (and vice versa). Those statutes also allow the original entity, which has transferred to a new jurisdiction of incorporation, to continue a dual existence in the original jurisdiction while being considered a single entity with the entity that has incorporated in the new jurisdiction.

The expanding scope of the domestication statutes has also come to overlap with significant aspects of the conversion statutes. Sections 265 and 266, arising from less bellicose beginnings, were adopted in 1999 to allow Delaware entities other than corporations (e.g., limited liability companies, limited partnerships, or business trusts) to convert into Delaware corporations (and vice versa). Given the similarities in function, the drafting of the conversion statutes closely tracked the drafting of the domestication statutes. When the domestication statutes were significantly expanded in 2005 to allow a Delaware corporation to domesticate as a non-U.S. entity other than a corporation, the conversion statutes were similarly expanded to allow a Delaware corporation to convert into an entity other than a corporation of a jurisdiction outside of Delaware (and vice versa).

As a result of their historical development, the conversion and domestication statutes now overlap significantly. Below is a chart comparing key aspects of those statutes and the merger statutes.

Practical Considerations

Through time and practice, the conversion and domestication provisions of the DGCL have evolved from their narrower original purposes. The current versions are broader and more flexible, but consideration of the entities, stakeholders, and objectives involved in a particular transaction, as well as limitations under the DGCL and other applicable laws, is also important. For instance, we have noticed a recent increase in the use of these statutory mechanics to “flip” an entity into another jurisdiction. Of course, mergers also permit such a possibility and do not carry the requirement of unanimous stockholder approval as do the conversion and domestication statutes, but other sources of applicable law may provide for different and potentially less attractive treatment when effecting a merger.

The benefits of conversion and domestication may be limited, however, to jurisdictions that have statutes authorizing such transactions. For instance, although jurisdictions outside of Delaware may be likely to have such authorizing statutes, only a subset of them may also authorize an entity to continue a dual existence there and in Delaware. Indeed, issues around a Delaware corporation with continuing existence in another jurisdiction, such as the governing law applicable to internal affairs, require careful consideration, especially if there is a broad base of stockholders.

Finally, it is worth noting that the Delaware General Assembly has adopted analogous provisions in the statutes governing entities other than corporations, such as the Limited Partnership Act[9] and the Limited Liability Company Act.[10] Given the similarities between those statutes and the analogous provisions of the DGCL, similar issues may arise when dealing with those alternative entities.

* Nate Emeritz is of counsel, and Jason Schoenberg is an associate, at Wilson Sonsini Goodrich & Rosati, P.C. in Wilmington, DE. The views expressed herein are those of the authors and do not necessarily reflect the views of the firm or its clients.

[1] See, e.g., Max Meyer & Harry Torczyner, Corporations in Exile, 43 Columbia. L. Rev. 364 (1943).

[2] This article does not comment on whether a particular jurisdiction permits corporate actions under the DGCL, such as merger, conversion, or domestication, involving an entity in that other jurisdiction.

[3] Perhaps reflecting its incubation during wartime, section 388 was not introduced alongside a reciprocal provision allowing a Delaware corporation to domesticate outside of the United States. Rather, section 389 was concurrently adopted with section 388 to allow a non-U.S. entity to move its domicile to Delaware on a temporary basis in the event of an emergency such as war, rioting, or nationalization of assets.

[4] This chart pertains to mergers, conversions, and domestications solely from the standpoint of the applicable DGCL provisions; however, implementation is also subject to the law of any other jurisdiction, entities’ governing documents, and applicable contractual terms.

[5] A surviving company maintains its original entity formation date following a merger, but any other constituent entity does not survive the merger.

[6] The sections of the DGCL applicable to conversions and domestications provide that entities involved in such an action (e.g., a Delaware corporation and another entity) shall be “deemed to be the same entity.” The DGCL sections applicable to mergers, on the other hand, contemplate at least two separate entities; one of those constituent entities may survive while the other ceases to exist, or both constituent entities may cease to exist and an additional, new entity may survive the merger, but in any event more than one “corporate personality” is recognized under the DGCL.

[7] The sections of the DGCL applicable to conversions and domestications provide that those actions “shall not be deemed to affect” the obligations or liabilities of a converting or domesticating entity. The statute applicable to mergers, however, provides that the surviving entity in a merger will “possess[] all the rights” and be “subject to all the restrictions, disabilities and duties” of each constituent entity, such that contracts of the surviving entity would remain intact after a merger, but contracts of a disappearing entity in the merger would be affected by operation of the DGCL. Of course, a complete analysis of the impact that a merger, conversion, or domestication may have on the related entities’ commercial contracts does not end with the effect of the DGCL as described in the chart above, but must also include a careful review of those contracts for provisions that may have been drafted to be triggered by the transaction.

[8] Section 262 of the DGCL provides appraisal rights for dissenting stockholders of a Delaware corporation in many, but not all, mergers. Thus, the availability of appraisal rights depends on the structure of the merger. Stockholders of a Delaware corporation do not have appraisal rights in a conversion or domestication, presumably because unanimous stockholder approval is required under the applicable DGCL provisions.

[9] See, e.g., 6 Del. C. § 17-215–17-217, 17-219.

[10] See, e.g., 6 Del. C. § 18-212–18-214, 18-216.

The American Bar Association (ABA) Mergers and Acquisitions Committee recently published its latest Private Target Mergers Deal Point Study. For the market metrics of major negotiated legal issues in U.S. private company acquisitions, this publication is widely considered the gold standard.

As is often the case, the ABA Deal Points Study began tracking some newly appearing representations and warranties in the sale purchase agreements they reviewed. Two of the newly tracked representations (reps) were related to privacy and cyber security. The ABA Deal Points Study looked for reps that went beyond compliance with the law or were limited to a specific area, such as medical records.

Privacy reps were included in 68 percent of the reviewed agreements. The ABA Deal Points Study provides sample language below to demonstrate the kind of language it is seeing:

Target has complied with all Laws and contractual and fiduciary obligations as to protection and security of Personal Data to which it is subject. Target has not received any inquiries from or been subject to any audit or Legal Proceeding by any Governmental Authority regarding Personal Data. Target has complied with its policies and procedures as to collection, use, processing, storage and transfer of Personal Data. No Legal Proceeding alleging (a) a material violation of any Person’s privacy rights or (b) unauthorized access, use or disclosure of Personal Data has been asserted or threatened to Target. Since [date], there has not been a material violation by Target of any Person’s privacy rights or any unauthorized access, use or disclosure by Target of Personal Data.

Cyber security reps were included in 70 percent of the reviewed agreements. As in the above, the ABA Deal Points Study provides sample language to demonstrate what the study was looking at here:

The information technology equipment and related systems owned, used or held for use by Target (“Systems”) are reasonably sufficient for the Business’s immediate needs. Since [date], there has been no unauthorized access, use, intrusion, or breach of security, or material failure, breakdown, performance reduction or other adverse event affecting any Systems that has caused or would reasonably be expected to cause any substantial disruption to the use of such Systems or the Business or any material loss or harm to Target or its personnel, property, or other assets.

So how would both representations and warranties insurance, and cyber insurance, respond to some of these new reps?

How Reps and Warranties Insurance Would Respond

When looking at the ability to obtain coverage for particular reps, from a representations and warranties perspective, we focus on two aspects: diligence (the work undertaken by the buyer or their third-party providers to verify the truth of the representation for themselves) and underlying insurance coverage (meaning the coverage already in place for the target that is being acquired).

If the buyer of the target is a private equity entity, then this diligence is most often handled by a third-party provider. On the other hand, a strategic buyer might handle this type of diligence internally, depending on the buyer’s size and sophistication in this field.

When an underwriter feels that a representation is too broad, by which we mean that it would be unreasonable for someone to make such a representation because they could not know whether it was true, they might seek to limit that statement to “knowledge.”

For example, a representation like, “We have not infringed anyone’s intellectual property (IP) anywhere in the world,” for the purposes of the policy might instead read, “To the best of our knowledge we have not infringed anyone’s IP anywhere in the world.”

Despite the above, these are not inherently difficult representations on which to conduct diligence. Providing access to a seller’s policy and procedures, their IT staff, any third-party penetration testing they have had done, and their claims history can all add comfort for the underwriter.

If diligence can be done, then the second issue becomes the quality of the underlying coverage. The underwriter will wish to review the target’s cyber insurance policy to see if a breach of the representations would be covered adequately by the existing policy if a claim is reported post-sign/close for an incident that occurred prior to signing.

Underwriters will want to have said coverage as a first port of call before they respond. In the event that the target’s coverage is inadequate, they will seek an exclusion or particularly high deductible for a claim against those breaches.

How Cyber Insurance Would Respond

Both scenarios under the contractual provisions highlighted in the ABA Deal Points Study would be covered by a well-brokered cyber insurance policy. Cyber insurance policies have been expanding coverage over the past few years, and affirmatively respond to both a failure of security, such as unauthorized access, as well as violations of consumer privacy rights.

Damages are a bit different in each case, but the coverage would respond to cover costs the “target” itself incurred to respond to the breach of security (first-party loss), as well as to cover any liability owed to a consumer or regulator (third-party liability).

Timeframes Are Key

One of the key aspects to these agreements is the date included in the cyber security representation because the farther back the time frame of the representation goes, the more risk that would be involved. Cyber security issues are notorious for taking a long time to surface in that attackers have become adept at infiltrating networks and moving laterally to avoid detection for long periods of time.

So, for a company that is looking to warrant no such security incidents for an extended period of time, they should consider an external assessment of their system to validate the warranty statement they are making.

There are many companies that provide IT expertise willing to do a security assessment and certify no security failures or unauthorized access for a company during an M&A transaction.

Consider Future Policy Protocols

We must also consider how the “target’s” cyber policy is going to be handled moving forward. Cyber insurance policies are typically written on a claims-made and reported basis, meaning the loss is attributed to the policy year that it is first discovered and reported to the insurance carrier.

Most include a “prior acts date” that provides coverage for events that occurred back to a specific date, but were not discovered and reported until the current date.

For example, say the “target” first experienced a breach in 2018 but did not discover it until 2019. Provided that the policy included a prior acts date that precedes the initial intrusion, i.e., the prior acts date lists some date before 2018, the claim would go against the 2019 policy because that is when the breach was discovered and reported, despite the initial intrusion occurring in 2018.

As a result, underwriters will want to see that the cyber policy in force at the time of the acquisition goes into run-off. A run-off is a mechanism that allows the policyholder to make a claim for breaches discovered for a set period of time, often up to six years, but which occurred prior to the transaction.

This would allow the new owners to mitigate the risk of an unknown cyber intrusion by allowing them to report a claim to the old policy and prevent a dilution of the limits on the new owner’s policy.

Not All Policies Are Created Equal

It is worth being aware that not all cyber policies are created equal. Our team at Woodruff Sawyer has seen more than a few situations where a target either has no cyber policy in place or one that only provided partial coverage. In these situations, a couple of alternative options exist:

• Purchase a stand-alone run-off policy, which would act as if a cyber policy had been in place and provide coverage for incidents that occurred during a specific time frame (i.e., from the set prior acts date to the deal closing date) but were not discovered until a later date.
• Have the target rolled into the buyer’s existing policy, but purchase backdated coverage of two or three years in order to avoid an exclusion or carve out of coverage under the reps and warranties policy.

In conclusion, we expect to see these clauses and representations flagged by the ABA Deal Points Study to continue to appear at an even higher rate as cyber security is front and center in the minds of strategic acquirers and private equity buyers.

Making sure diligence is done on the target’s existing insurance policy, along with good practices and procedures, will ensure coverage is available for these types of representations in your transaction.

Practicing lawyers . . . have a few important specialized skills that make their insights particularly relevant to artificial intelligence as AI stands upon the precipice of mass-incorporation into our daily lives.[i]

Imagine that John Smith goes to a lending website to borrow $20,000 to start a new business, or to remodel a home office, or to pay off credit-card debt at a lower interest rate. The information provided through the online application is fairly limited: legal name, Social Security number, address for the last 10 years, level of education, occupation, etc. Thereafter, the online system takes the captured information and crunches it with the underwriting algorithm against additional internal data to evaluate John’s loan request and credit worthiness. What exactly is the algorithm doing to evaluate the risk of underwriting this particular loan?

In the example, algorithms are used to minimize human intervention, evaluate risk, and provide the potential borrower an answer and maybe a loan as quickly as practicable. In addition to the limited information the borrower must input into the online application, the algorithm also looks at an abundance of database information, much of which may not be specifically related to the borrower. Based on address, for example, the algorithm may reference the credit scores of individuals living in the same area code. This information—both explicitly provided by the borrower and aggregated from other sources based on the information provided—is used by the algorithm to determine whether the risk associated with the loan makes business sense.

In theory, algorithms should prevent bias by removing the human component of assessing data sets. If mathematical equations are assessing risk, rather than fallible human beings with their own respective and sometimes unconscious biases, the threat of bias should decrease, right? What if your algorithm nonetheless discriminates? What if the algorithm in our example decides that women age 21–35 are poor risks and deny most of these loan requests? Does it matter if they turn out to be mostly Hispanic? What if the algorithm decides that women are higher risk than men based upon bankruptcy data and loan delinquencies? What if people from a certain zip code have lots of bad debt, and the algorithm refuses to loan money 95 percent of the time to people in that area? Does the analysis change if the lion’s share of people in that neighborhood are immigrants from Nigeria?[ii]

Hypothetically, none of that should matter because the algorithm is “blind” to these facts. Math doesn’t have a heart or feelings, or even know what it is to be brown or white. If algorithmic decision-making is integral to a business process (or if a business is headed in that direction), lawyers need a deeper understanding of AI and how it does what it does.

What Is AI?

Artificial intelligence (AI) is an area of computer science that emphasizes the creation of intelligent machines that attempt to mirror the cognitive processes of humans, but much faster, albeit in limited ways at this point. AI techniques make it possible for vast amounts of information to be analyzed very quickly, and AI allows connections and patterns to be unearthed or developed, outcomes predicted, and answers provided to various kinds of business problems. AI can be an amalgamation of several different tools (like machine learning, natural language processing, deep learning, chatbots, etc.) which may rely upon varied and layered algorithms to perform a targeted analysis.

Usually, the information that AI analyzes is so voluminous that it would be impossible for humans to meaningfully process it. Sometimes, humans teach the algorithm what to do by showing what “right” and “wrong” looks like (supervised machine learning), and other times it learns by itself (unsupervised machine learning). All of AI and its progeny in one way or another rely on various complex mathematical equations (the algorithms) to do their work. It seems neutral enough, until you remember that it is people (fallible humans) who set up the search queries, provide the inputs, and guide and manage AI. This human guidance can and does impact what AI tools do and is central to the question of how algorithms discriminate.

The Dirty Little Secret of AI: Algorithms Can Discriminate

It is a common misperception that AI technologies operate objectively. At the click of a mouse thousands or millions or billions of sets of data (often called Big Data) are sliced, diced, connected, deconstructed, aggregated, and analyzed for patterns, connections, meaning, and a decision point (like whether John Smith in our example should be approved for a credit card or loan). Although innumerable data points pass through what we acknowledge is the “AI black box” (appropriately named because little is truly knowable about what the algorithm does, discussed in depth below), we cling to the notion that AI is making an “autonomous” (and therefore legal and nondiscriminatory) decisions regardless of the outcome.

However, there is evidence that some algorithms discriminate or at least treat certain characteristics unfairly. There are two ways a company or an algorithm a company uses might discriminate against someone: either in an outright/direct manner, or using a process that has a disparate impact on legally protected classes of people. Both are illegal.

High-profile examples are already popping up. For example, Bloomberg reported that a Wall Street regulator opened a probe into Goldman’s credit-card practices after a viral tweet from a tech entrepreneur alleged that the Apple Card’s algorithms discriminated against his wife. Now another high-profile user of the Apple Card, Apple co-founder Steve Wozniak, is calling for the government to get involved, citing excessive corporate reliance on mysterious technology. The law forbids discrimination, by algorithm or otherwise, and that prohibition can be implemented by regulating the process through which AI processes are designed.

What Has AI Discrimination Looked Like?

The math that underpins AI is incredibly complex and nearly impossible for the average person to fully comprehend. Although businesses regularly rely on AI, it is not readily understood how AI does what it does or how it ultimately comes to specific results. That lack of insight—the “black box” conception of how data was sliced or diced by the algorithm—is not helped by the lack of a paper trail detailing how AI makes decisions. We do know algorithms can and do discriminate, however, and we are beginning to understand how.

Often the inputs (like training data, guidance by people, etc. ) cause the problem. Although people could set up the AI application purposefully to weed out certain people or groups, most likely AI discrimination will be indirect or “unintentional,” and this unintentional, algorithm-driven discrimination is the focus of our guidance.

AI Is a Seismic Shift in Business Decision-Making

AI is not only here to stay, but it is likely to lead a sea change in improved processes and business operations.[iv] AI is not just a new computation or analytical tool, it is a completely new way of doing business. Given that computers are so much better and faster at processing certain types of information than humans, the capability of AI goes far beyond that which humans were able to process in a pre-AI world. A case in point is the Human Genome Project, which was successful only because AI did all the real work; people simply didn’t have the capacity to analyze all the information to connect billions of data points, making sense of the aggregated data. Algorithms that do the “heavy lifting” of data analysis are very powerful and capable of answering many business questions better than human beings. As this major shift takes place across industries, responsible business leaders should anticipate the potential adverse effects of embedding AI in a business, particularly with regard to compliance and potential legal risk. In other words, AI will continue to drive great and productive change in every industry, but lawyers must figure out how to better guide the use of AI.

The Path Forward

Given the power, utility, and potential for risk and liability of AI, here are some concrete steps all businesses should consider when embedding more business processes with algorithmic tools:

1. Pick the right Big Data stewards because they can affect AI outcomes. Going forward, larger companies will likely use AI in different aspects of its operations; companies should therefore consider appointing a chief AI officer. Although it may not be reasonable for a single person to understand it all, there ought to be a single executive to whom periodic reporting is made and who has overall oversight for AI’s deployment within the company.

AI is good for business, but it requires great AI leadership, and even that is not enough. To get ahead of any potential claims for discrimination, companies should bring a multidisciplinary team to develop and implement AI processes, plans, and projects.

2. Build a diverse team. The conventional wisdom for building good AI projects is to also build diverse teams that understand the data inputs and help ensure discrimination is less likely. “If diverse teams do the coding work, bias in data and algorithms can be mitigated. If AI is to touch all aspects of human life, its designers should ensure it represents all kinds of people.”[v]

3. Make lawyers and compliance professionals part of the AI team. Transparency in the AI process (as much as practicable), and thus defensibility from claims of discrimination, requires upfront involvement and guidance from lawyers and compliance professionals as part of the AI team. Regulators and courts may expect some transparency in the upfront decisions and implementation of processes to clear claims of discrimination, and that needs the upfront guidance of lawyers.

4. Make privacy a part of the solution. When customers’ data or personal identifiable information (PII) is involved in an AI process (which will most often be the case), it will be useful to get the privacy officer (or someone primarily responsible for privacy) engaged as well. Such early involvement will not only address any business process-specific privacy issue, but can help ensure consistency in the way the company uses PII across different AI applications.[vi]

5. Don’t rely on or accept as a fait accompli the “black box” and lack of AI transparency. Although AI and related tools are inherently complicated, the black-box defense should not be relied upon to combat any future claims of discrimination (after all, ignorance is not a defense).[vii] Rather, you should seek to understand what the AI tool is doing (and if you can’t, find someone who can) and document that use of the tool was structured in a way to get a fair result. Further, it makes sense to anticipate potential points of attack on the system upfront so you can help preempt future claims. Demand AI “explainability,” which means, among other things, documenting what decisions were made and why.

Similarly, given that many companies use AI technology that is provided by a third party, claiming that a third-party consultant is responsible for the company’s AI projects is also unlikely to be a viable defense. It is imperative that your organization understand and test any third-party technology because you likely will not be able to transfer liability to the vendor if discrimination occurs (negotiate a thoughtful contract, but don’t expect it to insulate for discrimination). The EEOC has provided guidance on employment hiring tests that is likely applicable to AI technology purchased from a third party: “[w]hile a test vendor’s documentation supporting the validity of a test may be helpful, the employer is still responsible for ensuring that its tests are valid.”[viii]  Much like the need to understand the upfront decision impacting the AI project, you must understand and review what third parties are doing for your organization.

6. The output is only as good as the input. AI tools crawl through data and make connections. Sometimes those connections can have a “disparate impact” on a protected class of people or just appear to be unfair (both of which may invite legal challenges). If the tool is selecting or deselecting a protected group uniformly, this may be a sign of a potential discriminatory issue within either the data inputs or the process by which the data is analyzed. Thinking through and discussing (with the lawyers and possibly compliance team members) the scope, type, and input of data prior to launching the AI program, while being mindful of a discriminatory bias the tool may have, is prudent. That will likely require more upfront work, but given the potential for claims of discrimination and their impact, companies are well-served to redouble efforts to get this right up front. So, select carefully, analyze thoroughly, document the vigilance to promote transparency in an opaque process, test the tool, and verify results.[ix] “If a company wants to make its business fit for AI, it has to fulfill several criteria, It has to be skilled in data and understand, how data is collected, cleaned and prepared, for AI processing . . . .”

7. Determine organizational comfort with AI “predictions.” It requires a leap of faith to shift decision-making from a person to an algorithm. In that regard, organizations must understand that a decision is made not necessarily on facts exclusively related to the issue, but that an algorithm is also analyzing data from other sources that help conclude, for example, who will be best for the job or to what application to grant insurance coverage. In that sense AI can “predict” outcomes and answers based on an archetype.[xi]

8. Determine how much “rightness” or certainty is needed in AI. Work with the dedicated AI team to determine what percentage of “rightness” or certainty is needed for the company to take action. Issues around false positives or false negatives, or a precision score that indicates the likelihood of “correctness,” may be a part of the algorithm. In other words, using AI tools for business decisions must be explored and understood upfront. Lawyers should ask questions about what can be known about AI technology and document required outcomes early on in the project so the company can defend its AI process later if need be.

9. Test the AI tool to ensure it is not discriminating. Employers should test their AI tools and algorithms often to get their AI tool and corresponding algorithms “to the stage where AI can remove human bias, and . . . to know where humans need to spot-check for unintended robot bias.” Our recommendation is not to test your AI against an existing system, which may also be biased, but to statistically validate your AI by a data scientist—ideally one operating at the direction of an attorney so that the work remains privileged.

10. People should make the really important decisions. As powerful as AI tools are (and they are only getting better) for important business decisions, people should make the final decisions. Letting an AI tool “run wild” or decide major issues for the company is not prudent. This is why we don’t let the drone software assassinate terrorists without a human agreeing that the chosen target meets military requirements.

Conclusion

The legal and business landscape for AI and predictive algorithmic decision-making is evolving in real time. As we move forward into this brave new world of AI, regulators, stakeholders, company leadership, and legal departments will be playing catch-up. Despite the complex math that underlies the technology, lawyers are uniquely positioned to add value to a company’s Big Data or AI team. With a working understanding of how the technology functions, and knowledge of the potential for bias or disparate impact, lawyers should be able to bridge the gap between the technology and legal space.

Business leaders and lawyers alike should work to remain abreast of new developments in the regulatory space as it relates to AI and related technologies. If an AI/Big Data team is in place, individuals should be dedicated to observing, understanding, and summarizing technical and regulatory developments for the rest of the team.

Businesses that position themselves as proactive in the face of new regulations, laws, and best practices will be better prepared to benefit from and defend their AI practices in this complex new world where math rules the day.

[i] Theodore Claypoole, The Law of Artificial Intelligence and Smart Machines (ABA 2019).

[ii] Daniel Cossins, Discriminating algorithms: 5 times AI showed prejudice, New Scientist, Apr. 12, 2018 (“Artificial intelligence is supposed to make life easier for us all—but it is also prone to amplify sexist and racist biases from the real world.”).

[iii] “…AI can result in bias by selecting for certain neutral characteristics that have a discriminatory impact against minorities or women. For example, studies show that people who live closer to the office are likelier to be happy at work. So an AI algorithm might select only resumes with certain ZIP codes that would limit the potential commute time. This algorithm could have a discriminatory impact on those who do not live in any of the nearby ZIP codes, inadvertently excluding residents of neighborhoods populated predominantly by minorities.”

[iv] Daniel Cossins, supra note 3 (“Modern life runs on intelligent algorithms. The data-devouring, self-improving computer programs that underlie the artificial intelligence revolution already determine Google search results, Facebook news feeds and online shopping recommendations. Increasingly, they also decide how easily we get a mortgage or a job interview.”).

[v] Anastassia Lauterback, Introduction to Artificial Intelligence and Machine Learning in The Law of Artificial Intelligence and Smart Machines (Theodore Claypoole, ed.).

[vi] Camerion F. Kerry, Protecting privacy in an AI-driven world (“As artificial intelligence evolves, it magnifies the ability to use personal information in ways that can intrude on privacy interests by raising analysis of personal information to new levels of power and speed.”).

[viii] The U.S. Equal Employment Opportunity Commission, Employment Tests and Selection Procedures (“These [AI] tools often function in black boxes—meaning that they’re proprietary and operated by the companies that sell them—which makes it difficult for us to know when or how they might be harming real people (or if they even work as intended). And new AI-based tools can also raise concerns about privacy and surveillance.”).

[ix] We also recommend doing this now, even if you have an AI system currently in use.

[x] Anastassia Lauterback, supra note 6. 

[xii] https://www.shrm.org/ResourcesAndTools/legal-and-compliance/employment-law/Pages/artificial-intelligence-discriminatory-data.aspx

Maine’s Supreme Court recently held that a foreclosing lender’s equitable interest in the mortgage does not by itself equate to ownership of the mortgage and does now allow courts to compel the mortgage’s assignment.* Beal Bank USA v. New Century Mortg. Corp., 2019 ME 150, ¶ 15. The opinion revives concerns over the viability of foreclosing Maine mortgages involving Mortgage Electronic Registration Systems, Inc. (MERS).

MERS operates as an electronic mortgage registry whereby borrowers taking out mortgage loans give the mortgage to MERS as nominee for the lender’s successors and assigns. Although MERS mortgages generally include standardized language, different model mortgages utilize different descriptions of MERS’s core functions and purpose. Typically, the different MERS language makes little substantive difference in its powers. However, where state courts interpret MERS’s authority based on specific language in the mortgage, as Maine’s courts do, foreclosing lenders should check their specific mortgage language before proceeding.

In 2010, Maine’s Supreme Court analyzed MERS language with the following description in the paragraph defining MERS: “For purposes of recording this mortgage, MERS is the mortgagee of record.” Mortg. Elec. Reg. Sys. v. Saunders, 2010 Me. 79, ¶ 9 (emphasis removed). Relying at least in part on this language, the court held that MERS lacked standing to foreclose because the borrower gave MERS the right to only record the mortgage. Four years later, the court extended its MERS analysis from Saunders to mortgage assignments from MERS, holding that the assignments transfer only MERS’s right to record the mortgage. See Bank of America, N.A. v. Greenleaf, 2014 Me. 89, ¶ 17. This can create problems for foreclosing lenders who often rely on assignments from MERS to demonstrate their ownership of the mortgage.

Maine’s Supreme Court recently confirmed that the original lender can ratify a prior MERS assignment to give it the same effect as if the original lender assigned its interests in the mortgage rather than MERS. U.S. Bank N.A. v. Gordon, 2020 Me. 33, ¶ 10. This allows foreclosing lenders to correct the chain of assignments with an assignment or other document from the original lender acknowledging the transfer. Similarly, language in later documents, such as loan modification agreements, sometimes separately conveys full rights in the mortgage to a subsequent entity other than MERS, validating mortgage assignments from those entities.

What can foreclosing lenders do when the original lender no longer exists, and no other documents can demonstrate a transfer of the original lender’s full mortgage interest to the foreclosing lender? Before writing off the asset or making other decisions about how to proceed, lenders should confirm that their specific mortgage includes the same relevant MERS language that Maine’s Supreme Court considered controlling in Saunders and its progeny. As discussed below, some MERS mortgages include key differences relevant to the Saunders analysis.

Proof of Mortgage Ownership

Maine law requires the lender to establish the following elements to foreclose a delinquent mortgage: (1) the existence of the mortgage; (2) proof of ownership of the mortgage and note, including all assignments and endorsements; (3) a breach of the condition in the mortgage; (4) the amount due on the note, including attorney’s fees and costs; (5) the order of priority and any amounts that may be due to other interested parties; (6) evidence of a properly served notice of default and a mortgagor’s right to cure per 14 M.R.S. § 6111; (7) proof of completed mediation (or a waiver or default of mediation); and (8) SCRA compliance affidavit. See Chase Home Fin. LLC v. Higgins, 2009 ME 136, ¶ 11.

For the second element (proof of ownership of the mortgage and note), most foreclosing lenders rely on their status as the mortgage note’s holder along with a chain of mortgage assignments from the original lender to the foreclosing lender. Under the MERS system, the borrower usually gives the mortgage note to the original lender while separately conveying the mortgage to MERS as nominee for the original lender and the original lender’s successors and assigns. See, e.g., Saunders, 2010 Me. 79, ¶ 8. In many judicial foreclosure states, MERS then assigns the mortgage to a subsequent note holder when necessary to permit foreclosure. Case law from Maine’s Supreme Court has long complicated this system.

Saunders, Greenleaf, and Beal

In Saunders, MERS filed a foreclosure action in its own name, seeking to foreclose the mortgage as the nominee for the note holder. Maine’s Supreme Court held that MERS lacks standing to foreclose under Maine law. Saunders, 2010 Me. 79, ¶ 15. The court specifically quoted the applicable language in the mortgage at issue there:

C) “MERS” is Mortgage Electronic Registrations Systems, Inc. MERS is a separate corporation that is acting solely as a nominee for Lender and Lender’s successors and assigns. MERS is organized and existing under the Laws of Delaware, and has an address and telephone number of P.O. Box 2026, Flint, MI 48501- 2026, tel. (888) 679-MERS. FOR PURPOSES OF RECORDING THIS MORTGAGE, MERS IS THE MORTGAGEE OF RECORD.

* * *

[Borrowers] mortgage, grant and convey the Property to MERS (solely as nominee for Lender and Lender’s successors and assigns), with mortgage covenants, subject to the terms of this Security Instrument, to have and to hold all of the Property to MERS (solely as nominee for Lender and Lender’s [***9] successors and assigns), and to its successors and assigns, forever.

* * *

[Borrowers] understand and agree that MERS holds only legal title to the rights granted by [Borrowers] in this Security Instrument, but, if necessary to comply with law or custom, MERS (as nominee for Lender and Lender’s successors and assigns) has the right:

(A) to exercise any or all of those rights, including, but not limited to, the right to foreclose and sell the Property; and

(B) to take any action required of Lender including, but not limited to, releasing and canceling this Security Instrument.

* * *

[Borrowers] grant and mortgage to MERS (solely as nominee for Lender and Lender’s successors in interest) the Property described [below].

Saunders, 2010 Me. 79, ¶ 9 (emphasis in original).

Relying on this quoted language, Maine’s Supreme Court found that “[t]he only rights conveyed to MERS in either the [borrower’s] mortgage or the corresponding promissory note are bare legal title to the property for the sole purpose of recording the mortgage.” The court noted that “[e]ach reference to MERS within the [borrower’s] mortgage describes MERS solely as the ‘nominee’ to the lender,” and it explained (quoting Black’s Law Dictionary 1149 (9th ed. 2009)) that “[a] nominee is a ‘person designated to act in place of another, [usually] in a very limited way,’ or a ‘party who holds bare legal title for the benefit of others or who receives and distributes funds for the benefit of others.’”

The Saunders court further noted that under the mortgage, the borrowers expressly gave the lender—not MERS—the rights provided for in the mortgage, and that the borrowers did not make any of the mortgage covenants to or in favor of MERS. Saunders, 2010 Me. 79, ¶ 10. Accordingly, the court determined that MERS did not qualify as a mortgagee under Maine’s foreclosure statute (discussing 14 M.R.S. §§ 6321–6325).

The Saunders court next considered MERS’s standing under traditional standing rules that require a plaintiff to “show that it has suffered an injury fairly traceable to an act of the mortgagor and that the injury is likely to be redressed by the judicial relief sought.” Saunders, 2010 Me. 79, ¶ 14. Noting again that “[t]he only right MERS has in the [borrower’s] mortgage and note is the right to record the mortgage,” the court held that “MERS lacked standing to institute foreclosure proceedings and could not invoke the jurisdiction of our trial courts.”

Maine’s Supreme Court later extended its Saunders ruling to mortgage assignments from MERS. See Greenleaf, 2014 Me 89. In Greenleaf, the court analyzed identical mortgage language as the language at issue in Saunders. As in Saunders, the court quoted the specific MERS language at issue, including the definition paragraph for MERS that read: “FOR PURPOSES OF RECORDING THIS MORTGAGE, MERS IS THE MORTGAGEE OF RECORD.” (Emphasis in original.)

Based on this specific language, Maine’s Supreme Court reiterated that “the mortgage conveyed to MERS only the right to record the mortgage as nominee for the lender.” Greenleaf, 2014 Me. 89, ¶ 15. Thus, the court found that “[w]hen MERS then assigned its interest in the mortgage . . . it granted . . . only what MERS possessed—the right to record the mortgage as nominee.” Accordingly, the record the foreclosure plaintiff provided to show ownership of the mortgage “demonstrate[d] only a series of assignments of the right to record the mortgage as nominee, but no more.”

After Saunders and Greenleaf, foreclosing lenders in Maine “continued to argue that a holder of a note secured by a mortgage has an equitable pre-foreclosure right to compel an assignment of the mortgage.” Fannie Mae v. First Magnus Fin. Corp., No. RE-2016-110, 2019 Me. Super. LEXIS 104 *3 (Penobscot C’ty Oct. 24, 2019). Unfortunately, Maine’s Supreme Court recently rejected that work-around. See Beal, 2019 Me. 150.

In Beal, the court considered Maine’s equitable trust doctrine that “one who takes a mortgagee’s title holds it in trust for the owner of the debt to secure the debt for which the mortgage was given.” 2019 Me. 150, ¶ 7 (quotations omitted). It rejected the plaintiff’s argument that it could compel the original mortgagee to assign it the mortgage because the original mortgagee held the mortgage in trust for the plaintiff. Noting that “the language of the mortgage was identical to that in [Greenleaf]”, the court held that applying the equitable trust doctrine in the situation presented “would be at odds with our holding in Greenleaf.”

These three decisions—Saunders, Greenleaf, and Beal—call into question the viability of mortgage foreclosures involving some MERS mortgages and assignments. However, they should not apply to all MERS mortgages in Maine.

Distinguishing Saunders, Greenleaf, and Beal

Importantly, Saunders, Greenleaf, and Beal all specified that the language in the mortgages at issue there included the identical “for purposes of recording this mortgage, MERS is the mortgagee of record” language. See Saunders, 2010 Me 79, ¶ 9; Greenleaf, 2014 Me. 89, ¶ 14; Beal, 2019 Me. 150, ¶ 3 n.4. Other courts in Maine to have considered issues affected by Saunders and its progeny have also expressly confirmed that the language is the same. See U.S. Bank v. Gordon, 2020 Me 33, ¶ 25 (Horton, J. concurring); Knope v. Green Tree Servicing, 2017 Me. 95, ¶ 3 n.1 (referencing specifically the “for purposes of recording this mortgage” language) (capitalization removed); First Magnus, 2019 Me. Super. LEXIS 104, *2 n.1.

However, not all MERS mortgages include the “for purposes of recording” language. For example, at least some MERS mortgages approved for use in Maine by the Fair Housing Association (FHA) instead read:

This Security Instrument secures to Lender: (a) the repayment of the debt evidenced by the Note, with interest, and all renewals, extensions and modification of the Note; (b) the payment of all other sums, with interest, advanced under paragraph 7 to protect the security of this Security Instrument; and (c) the performance of Borrower’s covenants and agreements under this Security instrument and the Note. For this purpose, Borrower does hereby mortgage, grant and convey to MERS (solely as nominee for Lender and Lender’s successors and assigns) and to the successors and assigns of MERS the following described property . . . .

* * *

Borrower understands and agrees that MERS holds only legal title to the interests granted by Borrower in this Security Instrument; but, if necessary to comply with law or custom, MERS (as nominee for Lender and Lender’s successors and assigns) has the right: to exercise any or all of those interests, including, but not limited to, the right to foreclose and sell the Property; and to take any action required of Lender, including, but not limited to, releasing or canceling this Security Instrument.

Mortgage, at 1–2 (emphasis added). These alternate MERS mortgages differ from the MERS mortgages discussed in Saunders and its progeny in key respects.

Whereas Maine’s Supreme Court interpreted the mortgage at issue in Saunders as limiting MERS’s status as nominee to “purposes of recording this mortgage,” the alternative MERS mortgages quoted above expressly confirm that the borrower grants the mortgage to MERS for the purpose of securing repayment of the debt to the lender. This distinction is important because even to the extent that Saunders and Greenleaf focused on MERS’s status as nominee, the term “nominee” by itself does not mean “party limited to recording a document.” Rather, Maine’s Supreme Court describes a nominee as “a person designated to act in place of another, usually in a very limited way.” Saunders, 2010 Me. 79, ¶ 10 (internal quotations omitted). Those limitations naturally arise from the contract itself, i.e., the specific mortgage language at issue.

The Saunders court construed the mortgage’s language there to mean that the borrower gave the mortgage to MERS as the lender’s nominee for the purpose of recording the mortgage. See Saunders, 2010 Me 79, ¶ 10. Yet under other MERS mortgages, the borrower conveys the mortgage to MERS for the purpose of securing repayment to the lender. The borrower further expressly agrees that the interest it gives to MERS—which it gives for the purpose of securing repayment—includes the right to exercise “any or all” of the lender’s interests “if necessary to comply with law or custom.” Those rights specifically include without limitation “the right to foreclose and sell the Property.”

Thus, under some MERS mortgages’ alternative language, the borrower grants MERS a mortgage interest allowing it to exercise the lender’s right to foreclose for the purpose of securing repayment. In other words, the mortgage bestows on MERS a contractual right to foreclose, or more importantly for this articles purposes, a contractual right to take any action “necessary to comply with law or custom” to secure repayment to the lender through foreclosure.

Maine’s Supreme Court has repeatedly recognized that MERS can assign only the mortgage rights it has. See, e.g., Greenleaf, 2014 Me. 89, ¶ 16. In Saunders and its progeny, the mortgages at issue limited those rights to “purposes of recording,” at least according to Maine’s Supreme Court. 2019 Me. 79, ¶ 9. The language in other MERS mortgages does not limit the rights to the purpose of recording; it limits them only to any interests necessary to comply with law or custom to secure repayment to the lender.

Moreover, MERS’s lack of standing to foreclose should not impact this analysis. Maine’s Supreme Court acknowledges that its standing analysis is separate and distinct from the question of mortgage ownership. See Greenleaf, 2014 Me. 89, ¶ 22 n.13. This suggests that MERS’s lack of standing to foreclose should not limit its ability to assign its contractual rights under the mortgage to a party who could demonstrate standing.

Under Maine law, MERS lacks standing to foreclose because it does not qualify as a mortgagee under the applicable statute and because it does not suffer an injury sufficient to give the court jurisdiction. See, e.g., Saunders, 2010 Me. 79, ¶¶ 10, 14–15. However, because standing and ownership are separate issues, Maine law could still allow MERS to assign its contractual rights under the alternative MERS mortgages, including its right “to exercise any or all of [the lender’s] interests, including, but not limited to, the right to foreclose.”

Put differently, MERS can assign whatever interest it has in the mortgage to another party. See, e.g., Greenleaf, 2014 Me. 89, ¶ 16. For MERS mortgages that do not limit MERS’s authority to recording purposes, those interests include rights beyond just recording. If MERS assigns those interests to a subsequent note holder who can establish standing, then the note holder should properly acquire all the same interests in the mortgage that the original lender had, and no legal mechanism should preclude the note holder from foreclosing.

Notably, this analysis fully comports with Maine’s traditional understanding of a nominee as holding “bare legal title for the benefit of others.” Saunders, 2010 Me. 79, ¶ 10. As nominee, MERS holds legal title to the mortgage interests for the benefit of the lender and the lender’s successors and assigns. When MERS assigns that legal title to the party for whom it holds it—i.e., the lender’s successor and assign—MERS’s legal title merges into the beneficiary-assignee’s interests, and the beneficiary-assignee acquires full rights under the mortgage. Where the mortgage limits MERS’s interest to “purposes of recording” under Maine case law, MERS can only transfer that limited interest. See, e.g., Greanleaf, 2014 Me. 89, ¶ 17. However, mortgages that do not limit MERS’s interest to recording purposes should not create similar impediments to foreclosure.

Conclusion

The impact of different MERS mortgage language under Saunders and Greenleaf appears untested in Maine courts. Until the Beal decision, lenders could still seek foreclosure under the position that the original lender holds any mortgage interest MERS itself could not assign in equitable trust for the party to whom MERS assigned its interests, meaning the foreclosing lender could compel a mortgage assignment from the original lender and continue with the foreclosure. See Beal, 2019 Me. 150, ¶ 8. Now that Maine’s Supreme Court has shot down the equitable trust argument, however, foreclosing lenders must seek alternative arguments to enforce their mortgage rights. Before they decide how to proceed, they should check their Maine mortgage to see how it describes MERS’s main purpose.

* Kevin M. Hudspeth serves as of counsel to Maurice Wutscher LLP, a national financial services law firm, where he practices in the appellate, consumer credit, and regulatory compliance groups. He has extensive experience with real estate litigation in Ohio, Illinois, and other jurisdictions throughout the country. He regularly advises attorneys and clients about contested foreclosure issues arising in multiple states.

Healthcare provider companies that serve patients and affiliated organizations are straining to keep up with the spread of the novel coronavirus. While working to maintain operations, the leaders of healthcare companies also must consider the business implications of this crisis.

Here are ten operating considerations for healthcare companies grappling with COVID-19, and three deal considerations for companies active in the transaction space.

1. Redouble Your Risk Assessment Efforts. Name a task force, with board oversight, to implement your risk mitigation plan and constantly reevaluate business risk as the crisis evolves. The pandemic and efforts to stem it are having huge impacts on the regulatory environment—keep up with the latest guidance from the Centers for Medicare & Medicaid Services (CMS), the Centers for Disease Control and Prevention (CDC), and other agencies.

2. Focus on Problem-Solving with Your Clients. During a crisis, we instinctively hunker down and focus inward; instead, at this time, be proactive with your clients and partners. Communicate the risks you have identified and your mitigation plans. Invite your clients and partners to collaborate with you to solve problems: Most will be open to this approach and will appreciate your candor.

3. Review Information Systems (IS) and Data Privacy Measures. The spread of COVID-19 has expanded the use of telemedicine and remote work, putting intense pressure on IS infrastructure and policies, especially cybersecurity and data privacy. Evaluate the suitability of IS capacity, vendors, and policies for this new reality.

4. Evaluate Financing Needs and Options. Update financial projections to evaluate your cash needs over the next six to nine months. Then consider drawing on available credit facilities and requesting equity infusions from investors. Check the impact of borrowing on covenant compliance and consider approaching lenders proactively about a potential covenant default. With the sharp economic slowdown, some lenders are not fully funding available amounts under existing credit facilities.

5. Determine whether CMS Waivers Apply. CMS announced blanket waivers on March 13 under Section 1135 of the Social Security Act, relaxing certain regulatory requirements in response to the COVID-19 pandemic. A separate blanket waiver for telehealth was announced March 17. Review whether your company can use this flexibility to better serve patients.

6. Analyze Force Majeure Clauses for Material Contracts. For contracts that require your company to provide services, evaluate whether force majeure could provide relief from performance. Likewise, analyze contracts with suppliers and vendors to assess whether they are likely to cite similar outs—this will have an impact on your company’s ability to maintain uninterrupted service.

7. Manage Your Workforce. Set the right tone by being empathetic to employee concerns. Communicate the ways you are assessing and mitigating risks. Consider more flexibility in work-from-home arrangements, with proper supervision and data security. Also, stay on top of employment regulatory changes, as several federal regulatory bodies have issued guidance for employers.

For companies active in the deal space—transactions are still moving forward—here are three additional things to consider.

8. Be Prepared for Robust Diligence. Investors are looking for signs that a target company has mishandled the crisis, damaging relationships with employees, patients, or partners. Lenders will increase scrutiny of borrowing needed to complete a transaction. Insurers will engage in a much more robust underwriting process for representations and warranties insurance.

9. Consider Impact on Deal Terms. Many sellers will want to find carveouts related to COVID-19 to ensure the deal closes. Buyers should weigh contingencies carefully, such as a financing contingency because of the volatility of credit markets. With more closing contingencies built in, buyers also may want to consider negotiating interim operating covenants that address compliance with certain COVID-19 guidelines.

10. Analyze Existing and Proposed Earnouts. The coronavirus pandemic likely will affect financial performance metrics and the ability of recently acquired companies to achieve earnouts and other performance-based payments. For earnouts with measurement periods impacted by the current COVID-19 crisis, consider whether, based on the circumstances, the period should be extended or metrics modified—in particular if the earnouts are payable to key employees.

Healthcare companies can be proud of the way the industry has come together to serve patients and rally the nation to fight the coronavirus pandemic. Company leaders need to anticipate the business issues this effort will raise as best as they can in a rapidly changing environment.

Angela Humphreys is chair of the Healthcare Practice Group at Bass, Berry & Sims PLC and co-chair of the firm’s Healthcare Private Equity Team. With more than 20 years of experience, she counsels private equity firms and national healthcare organizations on mergers and acquisitions and investments in the healthcare sector. She can be reached at [email protected].