There is slow-moving, high drama happening in Colorado between the Federal Deposit Insurance Corporation (FDIC) and the administrator of the Colorado Uniform Consumer Credit Code (UCCC). This refers, of course, to the litigation filed by the Colorado UCCC administrator against Avant and related parties, and Marlette Funding and related parties (the Partners) (Zavislan v. Avant of Colorado LLC, 2017cv30377 (District Court City & County of Denver, Mar. 9, 2017); Meade v. Marlette Funding LLC d/b/a Best Egg, 2017cv30376 (District Court City & County of Denver, Mar. 3, 2017)). This drama intensified last fall when the regulator amended its complaint, originally filed in March 2017, to add national bank defendants. In these cases, the national bank defendants—Wilmington Trust, N.A. and Wilmington Savings Fund Society, FSB—act as the trustee for trusts established to hold bank-originated loans or receivables that are sold by the banks after origination.

At the heart of the litigation is who the “true lender” is on the loans made by the banks. The Partners assert that the banks involved in the partnership are, in fact, the lender. Conversely, the Colorado administrator asserts that the alleged partnership is a mere sham—a way for nonbanks to avoid state laws by taking advantage of the powers of banks to export interest and interest fees from their home states or states where they have a branch. This power, or “rate exportation,” is extended to banks because banks are given special treatment under federal and state law. It takes more to become a bank than to simply be a licensed lender. Banks are subject to rigorous oversight not only by their state regulator if said bank is state-chartered, but also by a federal regulator, such as the FDIC, which it turns out has spent a great deal of time thinking about how its member banks work with the Partners. Additionally, state regulators, some more than others, despise that rate exportation exists because states would prefer to exercise control over all depository entities, sometimes asserting consumer protection as the ostensible basis for their desire to control the banks.

Although the FDIC is not named as a defendant in the Colorado litigation, the Colorado UCCC administrator is taking direct aim at the banking agency’s guidance to its member banks who engaged in the partnership space. The FDIC has discussed third-party involvement with its member banks in numerous publications, including the Winter 2015 issue of Supervisory Insights in which it offers guidance to participants in the bank partnership space. The FDIC notes that some marketplace lending companies operate though a cooperative arrangement with a partner bank. The FDIC describes the arrangement thusly:

In these cases, the bank-affiliated marketplace company collects borrower applications, assigns the credit grade, and solicits investor interest. However, from that point the bank-affiliated marketplace company refers the completed loan applications to the partner bank that makes the loan to the borrower. The partner bank typically holds the loan on its books for 2–3 days before selling it to the bank-affiliated marketplace company.

In July 2016, the FDIC went beyond the discussion in Supervisory Insights and issued proposed guidance for its member banks that work with the Partners to originate loans, including vendors involved in bank partnerships, supplementing the many financial institution letters the FDIC has issued on this topic. The FDIC requested comments on its proposed guidance that outlines the risks that may be associated with third-party lending, as well as the expectations for a risk-management program, supervisory considerations, and examination procedures related to third-party lending. The proposed guidance, which has never been finalized, describes third-party lending as an arrangement in which a bank relies on an outside source to perform a significant aspect of the lending process, such as originating loans for third parties, originating loans through third parties or jointly with third parties, and originating loans using platforms developed by third parties. The draft guidance supplements and expands on previously issued guidance and would apply to all FDIC-supervised institutions that engage in third-party lending programs.

In its publications on this topic, the FDIC has walked through factors a bank should examine before entering into a partnership with a nonbank entity. It directs its member banks to consider the partner’s compliance with applicable federal law, consumer protection requirements, anti-money laundering rules, and fair-credit obligations, as well as applicable state laws such as licensing or registrations necessary to engage in the partnership. The FDIC also asks its member banks to consider whether the partnership will meet the FDIC’s safety and soundness requirements. Specifically, member banks should consider the following questions:

• What duties does the bank rely on the marketplace lending company to perform?
• What are the direct and indirect costs associated with the program?
• Is the bank exposed to possible loss, and are there any protections provided to the bank by the marketplace lending company?
• What are the bank’s rights to deny credit or limit loan sales to the marketplace lending company?
• How long will the bank hold the loan before sale?
• Who bears primary responsibility for consumer compliance requirements, and how are efforts coordinated?
• Is all appropriate and required product-related information effectively and accurately communicated to consumers?
• What procedures are in place to prevent identity theft and satisfy other customer identification requirements?
• What other risks is the bank exposed to through the marketplace arrangement?

In its complaints against Avant and Marlette Funding, the administrator trots out several facts as allegedly indicating that the bank is not the true lender in the partnership. Some questions fintech companies and their partner banks may ask themselves in light of the Colorado litigation include the following:

• Did the partner pay an implementation fee? What was the amount of the implementation fee?
• Does the partner pay the bank’s legal fees and expenses related to the partnership? Does the partner pay the expenses and legal fees that the bank incurs to negotiate the partnership? Does the partner pay the bank’s legal fees when the bank is sued over the partnership?
• Does the partner bear all the expenses incurred in marketing the loans?
• Does the partner pay all the costs of determining which loan applicants will obtain loans, including paying employees to evaluate loan applications, purchasing credit reports, and paying wire transfer and ACH costs for money transfers in connection with the loans?
• Does the partner decide which applicants get loans, applying lending criteria agreed to by the partner and the bank?
• Did the partner or the bank develop and implement the processes used by the partner to identify qualifying loan applicants?
• Is the partner responsible for ensuring that the partnership complies with all applicable federal and state laws?
• Who developed and implemented policies for the partnership, which were used to ensure compliance with laws such as the Bank Secrecy Act, the Truth in Lending Act, and others?
• Who is responsible for all communications with loan applicants and borrowers, including providing adverse action notices or loan agreements?
• Who is responsible for all servicing and administration of the loans, even before the bank sells the loans to the partner?
• Who has the right to consumer information? If an applicant is denied credit, can the partner solicit the consumer for other credit products? Is the bank permitted to use the information from applicants or borrowers? If so, how?
• Who bears the risk of loss of principal if a borrower defaults?
• Is there a collateral account? Does it secure the purchase of the loans by the partner? Where is the collateral account held? How much money must be in the account?
• What does the purchase price for the loans include? Does it only include the amount advanced to the borrower, or does it include other amounts?
• How are the loans sold? With or without recourse?
• Does the partner indemnify the bank from and against claims arising from the partnership?
• How are the loans funded? Does the partner fund the loans? Does it raise money from institutional investors to fund the loans?
• Who shares in the profit of a paid-off loan? What is the percentage of the distribution of profit?

The “rent-a-bank” or “true lender” theory advanced by the Colorado administrator does not derive from a statute or regulation. Rather, it derives from case law and brute disdain that rate exportation exists. The lawsuit represents a most serious affront to the power of banks to both export interest rates and to hire partners to help them do it. There is, in fact, no statute or regulation in Colorado that prohibits a bank from engaging the services of a partner to aid them in their lending activities.

Indeed, the FDIC noted in its Supervisory Insights that banks can manage the risks posed by potential partnerships through proper risk identification, appropriate risk-management practices, and effective oversight of the nonbank partner. Virtually all documents that memorialize partnerships will contemplate and address these questions and, importantly, the FDIC does not dictate what the answers should be; rather, the FDIC is concerned about the risks vendor relationships pose to its member banks that engage in third-party relationships as an exercise of their bank power.

As of this writing, there has yet to be any litigation that addresses the tension between the directives of the FDIC to its member banks and the concept of “true lender,” although the Colorado litigation certainly raises questions. The FDIC and its member banks should not shy away from this discussion, which raises significant public-policy issues over who gets to claim the mantle of consumer protection, and what consumer protection should look like. Many consumers in Colorado no doubt want loans originated by banks through partnerships because they are often both faster and less expensive than available alternatives. In addition, an argument can be made that a bank acts as a true lender when it exercises the authority granted to it by the FDIC, its primary federal regulator. In other words, a bank exercising its power to hire a partner does not magically stop being a bank by exercising this power. It is likely that as pressure continues to tighten on bank partnerships though litigation such as the Colorado lawsuits and legislative efforts to curtail bank powers, banks involved in such partnerships and their partners will assert their power to engage partners consistent with the FDIC’s guidance in response.

While considering the specific criminal charge of voyeurism, Canada’s Supreme Court of Canada recently confirmed that privacy is not an ”all-or-nothing concept,” and being in a public or semi-public space does not automatically negate all expectations of privacy with respect to observation or recording.

This case involved Mr. Ryan Jarvis, an English teacher at a high school who used a camera concealed inside a pen to make surreptitious video recordings of female students (particularly focusing on their faces, upper bodies and breasts) while they were engaged in ordinary school-related activities in common areas of the school. The students were unaware they were being recorded, and a school board policy in effect at the relevant time expressly prohibited the type of conduct engaged in by the accused. Mr. Jarvis was charged with voyeurism under s. 162(1)(c) of the Canadian Criminal Code (where a person surreptitiously observes or makes a visual recording of another person who is in circumstances that give rise to a reasonable expectation of privacy, if the observation or recording is done for a sexual purpose).

At trial, Mr. Jarvis admitted he had surreptitiously made the video recordings but the trial judge acquitted him because he was not satisfied the recordings were made for a sexual purpose. The Court of Appeal concluded that the trial judge had erred in law in failing to find that the accused made the recordings for a sexual purpose, but upheld the accused’s acquittal on the basis that the students were not in circumstances that give rise to a reasonable expectation of privacy since they were recorded in a “public” space (public areas of their high school which had security cameras recording them). 

The Supreme Court allowed the appeal (and entered the conviction) with the majority confirming that the students recorded by the accused were in circumstances that give rise to a reasonable expectation of privacy for the purposes of s. 162(1) of the Criminal Code. The Court found that “circumstances that give rise to a reasonable expectation of privacy” are circumstances in which a person would reasonably expect not to be the subject of the type of recording that had occurred, while considering the entire context in which the observation or recording took place. Significantly, the Court found that privacy is not an “all-or-nothing concept,” and whether an observation or recording would generally be regarded as an invasion of privacy depends on a variety of factors. The Court set out a non-exhaustive list of considerations, which include: (1) the location the person was in when she was observed or recorded, (2) the nature of the impugned conduct (whether it consisted of observation or recording), (3) awareness of or consent to potential observation or recording, (4) the manner in which the observation or recording was done, (5) the subject matter or content of the observation or recording, (6) any rules, regulations or policies that governed the observation or recording in question, (7) the relationship between the person who was observed or recorded and the person who did the observing or recording, (8) the purpose for which the observation or recording was done, and (9) the personal attributes of the person who was observed or recorded. 

Considering the overall context, the Court found that there can be no doubt that the students’ circumstances give rise to a reasonable expectation that they would not be recorded as they had been, especially considering that they were (i) teenage students at a high school; (ii) recorded by their teacher in breach of the relationship of trust; and (iii) in contravention of a formal school board policy that prohibited such recording. The Court confirmed that individuals “going about their day-to-day activities – whether attending school, going to work, taking public transit or engaging in leisure pursuits…reasonably expect not to be the subject of targeted recording focused on their intimate body parts (whether clothed or unclothed) without their consent.” In recording these videos, the accused acted contrary to the reasonable expectations of privacy that would be held by persons in the circumstances of the students when they were recorded.

Lisa R. Lifshitz

With the Illinois Supreme Court’s recent decision in Rosenbach v. Six Flags Entertainment Corp., the floodgates have opened for class actions in Illinois against businesses that collect biometric information from employees or customers. In Rosenbach, the Illinois Supreme Court ruled that alleged procedural violations of Illinois’s Biometric Information Privacy Act (“BIPA”) are enough, without alleging actual injury to an individual, to bring an action under the law. Although the details of that decision can be relevant to specific situations, —you need to know what to do now in light of this new ruling, particularly if your company currently is collecting biometric information from customers or employees, or considering doing so in the near future.

If your company has been collecting biometric data:

• Initiate a rapid internal audit to determine how your company, or any agent or contractor you hire, is using biometric data for any reason (e.g., security for facilities or devices, time clock or other employment verification, or marketing to consumers).
• Once you understand the scope of biometric data collection, implement BIPA’s requirements, which include: (1) informing an individual that his or her biometric information is being collected or stored; (2) informing the individual of the purpose of the collection, storage and/or its use, along with how long such information will be collected, stored, or used; and (3) receiving a written release from the individual to collect the information.

Since the Rosenbach ruling, we have seen a quick and significant increase in the number of BIPA class action lawsuits filed. If your company is currently facing a lawsuit over an alleged BIPA violation, consider taking the following steps: 

• Remove the case to federal court, if possible. Based on Supreme Court precedent and a recent decision from an Illinois federal court, defendants facing these class actions may be able to challenge a plaintiff’s standing to bring suit based solely on a procedural violation of the statute where no actual harm has occurred.

• Identify sources of either express or implied consent for the collection of biometric information. For example, employees may have received notice from an employee handbook about collection of their biometric data.  
• Assert class action defenses related to typicality and commonality. Typicality is meant to ensure that the named plaintiff’s claims have the same essential characteristics as the claims of the entire class. If proof of the named plaintiff’s claims would not necessarily prove all of the proposed class members’ claims, the plaintiff fails the typicality requirement.  Commonality requires plaintiffs to demonstrate that the class members have suffered the same injury, meaning that they were affected by the same violation of the same statute. This emphasis on dissimilarities between plaintiffs will illustrate whether there are any class-wide commonalities.

Finally, companies considering biometric data collection in Illinois should:

• Prepare explicit disclosures and documents for written consent as required by BIPA.
• Determine whether the collection of biometric data is truly necessary for the business, given the strict requirements of BIPA and increase in the number of lawsuits. If this data is necessary, collect as little as possible and consider whether it can be captured and not retained.
• Avoid collection of biometric data in Illinois. Some companies have begun altering their behavior in Illinois to adhere to the law. For example, Nest, a maker of smart thermostats and doorbells, sells a doorbell with a camera that can recognize visitors by their faces. However, Nest does not offer that feature in Illinois because of BIPA.
• Keep an eye on legislative developments. Many other states have considered biometric privacy legislation over the years, but only Texas (in 2009) and Washington (in 2017) have passed such laws. But that may change soon. In the first few weeks of 2019 alone, legislators have already introduced new bills in Arizona, Connecticut, New Hampshire, New Mexico, New York, Oregon, and Washington. These initiatives have the potential to introduce a conflicting national patchwork of regulations.
• In Illinois, there is currently a bill (SB3053) pending before the Illinois legislature to amend BIPA. The bill proposes to exempt private entities from BIPA’s requirements under a number of circumstances, including (1) if the biometric information is used “exclusively for employment, human resources, fraud prevention, or security purposes,” (2) if the company “does not sell, lease, trade or similarly profit” from the biometric information, or (3) if the company protects biometric information at least as securely as it secures other sensitive information.

This article is adapted from the recent Asia Ascending: Insider Strategies for Competing with the Global Colossus, published by the American Bar Association.

President Trump surprised many observers in August 2017 when he abruptly ordered the Office of the United States Trade Representative (USTR) to initiate an in-depth investigation into China and the need for protecting intellectual property (IP). The USTR confirmed that 40 million jobs in America were at risk because they were, either directly or indirectly, attributable to IP industries. The president utilized section 301 of the Trade Act of 1974 as the tool to target what he viewed as China’s unjustified actions harming certain U.S. industries. Interestingly, the president used section 301 in the same way it had been utilized two decades earlier to target Japanese trade practices.

Six months later, after it was announced that China’s 2017 trade deficit with the United States had exceeded $375 billion, the issue came to a very public boil. The trade deficit with China now dwarfs the size of the trade deficit with Japan during the 1990s. The Trump administration’s reaction to the trade deficit was to impose high tariffs on some Chinese goods with the threat of higher tariffs on a broader range of goods if significant changes were not implemented. As we all know, China retaliated.

Although unlikely to resolve quickly, I predict this high-profile clash—“trade war” may be too strong a label—will fizzle out over time. There are two key factors influencing the current trade dispute between the United States and China: economics and politics.

First, consider the economic factors. Although neither China nor the United States is willing to publicly admit it, both countries are so closely intertwined economically that neither can afford to engage in an all-out trade war without triggering severe fiscal consequences on themselves and the overall global economy. Examining the major components that make up China’s $375 billion deficit with the United States, it appears that $77 billion is comprised of Chinese-made computer sales, and another $70 billion comes from the sale of cell phones assembled in China. Although these electronic products are sourced from China, many are sold throughout the United States under product names that are not necessarily recognized by U.S. consumers as originating in China. Add in over $50 billion in shoes and clothing coming from China, and these three categories alone comprise half of the current Chinese trade deficit with the United States. It is difficult to imagine U.S. consumers willingly sacrificing their computers, mobile phones, and inexpensive clothing in exchange for a lower trade deficit with China. Most U.S. consumers do not care about the trade deficit; it just isn’t important to them in their daily lives. However, it is a fact that prices for these goods will skyrocket, and their availability will become a real challenge, if a trade war continues throughout 2019. From China’s perspective, there is no question that losing the U.S. market for just these three categories of products will leave a vast hole in China’s export capacity and harm Chinese manufacturers.

Now look at it from the standpoint of U.S. exporters. Of the $130 billion of U.S. exports sold to China during the same period, $16 billion was for U.S.-built aircraft; $10 billion was for American automobiles; and another $13 billion was for soybeans. Although the Chinese obviously consider all of these U.S.-made products as important and desirable, none are irreplaceable. Airbus SE, Europe’s Aerospace Consortium, would be delighted to dethrone Boeing as an aircraft supplier to China’s growing aviation market. Automobiles coming from the United States could be easily substituted by Japanese and European models. In addition, China blocked imports of U.S. soybeans in retaliation as the trade dispute escalated (although China has since backed off somewhat and promised to buy U.S. soybeans, but this can still change). In short, although the Chinese would definitely be hurt during the first six to twelve months of an escalating trade war, in the end China can and will find alternative purchasers for its exported products, albeit at lower prices. Without question, U.S. companies now exporting to China and with active Chinese operations will continue to feel pressure from Chinese authorities.

Next, think about the implications of the politics of a trade war between China and the United States. Much of the ongoing trade confrontation depends on the political wills of Donald Trump and Xi Jinping. As I describe in my recent book Asia Ascending, Xi Jinping today is the single most powerful political leader in the world. This is due to the unprecedented power and influence Xi has amassed over China during the last half decade. The best way to understand this is to picture China as a three-legged stool: the first leg is the Communist Party, which makes all policy and governmental decisions; the second leg is the centrally controlled Chinese economy; and the third leg is the immensely influential Chinese military. Few Americans understand or appreciate that Xi Jinping is China’s first leader since Mao to have complete mastery of all three legs of the stool. During the 19th Party Congress, Xi extended his existing term for at least another five years. Even more important, Xi has no identified successor(s), and is thus likely to rule over China for a very long time. So although China would definitely suffer during an extended trade war with the United States, Xi Jinping has the ability to sit back and play a long waiting game until a settlement is negotiated. On the other hand, if President Trump expects to run for re-election in 2020, he can expect to encounter significant criticism and political opposition if the current trade war extends beyond the next six months. The president is under tremendous pressure to arrive at an acceptable accommodation with China as he attempts to solidify his political base for re-election.

The bottom line is that because China is truly such a centrally controlled economy, it is in a better position than the United States (with its current highly politicized atmosphere) to hold out during a trade war. In addition, as the owner of almost 20 percent of the U.S. public debt, China can play the “no longer underwriting” card and begin to sell off its current U.S. debt holdings, which would inevitably drive up interest rates and accelerate a downturn in the U.S. economy.

Without question, China presents many serious challenges to the United States that must be proactively addressed. These challenges include China’s efforts to gain or purchase Western intellectual property by any means possible and China’s ongoing manipulation of its currency to its own benefit. These are problems that must be resolved between China and the United States over time. The United States can and should continue to use sections 301 and 201 of the Trade Act of 1974 as one approach to make China more open; however, an all-out trade war is not the right way—at least for now.

In a 64-page settlement agreement with the Department of Justice (DOJ), Skadden, Arps, Slate, Meagher & Flom has agreed to pay more than $4.6 million to the U.S. Treasury and register retroactively as a foreign agent of the Ukrainian government in a case tied to Paul Manafort. Under the Foreign Agents Registration Act (FARA), a U.S. person engaging in political activities on behalf of a foreign principal, which includes a foreign government, is required to register and make a variety of written public disclosures to the DOJ.

DOJ’s January 15 press release asserts that Skadden made false and misleading statements to DOJ’s FARA Registration Unit about the scope of the firm’s work for Ukraine, which began back in 2012. The statements were made to persuade the Registration Unit that Skadden was not required to register as a foreign agent under the statute. Skadden reportedly spent more than a year negotiating with the Registration Unit over whether it had to register as an agent of Ukraine in the matter. As such registration determinations are based on the evidence DOJ receives about whether registration as a foreign agent is required, either DOJ or the FARA Registration Unit may qualify as a “tribunal” under Model Rule 1.0(m). Lawyers are prohibited under Model Rule 3.3 from knowingly making false statements to a tribunal and, more generally under Model Rule 4.1, from knowingly making a false statement of material fact to any third party.

Questions leading to the firm’s settlement with DOJ came to light tangentially out of the Mueller probe. Suspicions apparently arose because the engagement letter provided that Skadden was going to charge the Ukrainian government 100 Ukrainian hryvnia per hour—equivalent to only $12,000. The press release reads that the law firm initially took a $4 million advance from a third party—an unnamed “business person”—before beginning work on the project. By the end of the engagement, Skadden had been paid $5.2 million by the “business person,” largely through Cyprus-based offshore firms controlled by Manafort.

According to the settlement agreement, “Registration under FARA would have required [Skadden] to disclose, among other things, accurate and complete information related to the compensation that it received for preparing the Report on behalf of the [Ukrainian government], and the identity of” the business person who paid for it. The settlement agreement also reads, “Skadden has already taken substantial steps to comply with its terms, and so long as the firm continues to comply with it, the Department will not undertake any action against the firm” related to its conduct in the matter.

Separately, however, the lead partner in the matter, a former Obama White House counsel who left Skadden last April, has reportedly been under investigation by prosecutors for his work on the matter. Another former Skadden lawyer, a Dutch national, pleaded guilty to lying repeatedly to Mueller’s team about the work done for the Ukrainian regime and was deported after serving 30 days in prison.

These facts if admitted or otherwise proved would constitute misconduct under various provisions of Model Rule 8.4 and can result in suspension or disbarment for the lawyers involved. Possible grounds include violating the Rules of Professional Conduct (R. 8.4(a)); committing a criminal act that reflects negatively on a lawyer’s honesty, trustworthiness, or fitness as a lawyer in other respects (R. 8.4(b)); engaging in conduct involving dishonesty, fraud, deceit, or misrepresentation (R. 8.4(c)); and engaging in conduct that is prejudicial to the administration of justice (R. 8.4(d)).

It is a quirk of the Bankruptcy Code that while it expressly allows oversecured creditors’ claims for post-petition contractual attorneys’ fees, it is silent as to the treatment of claims for post-petition contractual attorneys’ fees on unsecured claims. In part because the Supreme Court in Travelers Casualty & Surety Co. of America v. Pacific Gas & Electric Co., 549 U.S. 443 (2007) did not directly address the question whether unsecured creditors can recover post-petition contractual attorneys’ fees as part of their claims, courts continue to reach conflicting decisions. Very recently, in connection with a dispute arising out of the Tribune Company’s 2008 bankruptcy, Delaware District Judge Richard G. Andrews reversed the decision below and interpreted Travelers to mean that unsecured claims for post-petition contractual attorneys’ fees are not barred by Section 506(b) of the Bankruptcy Code. Wilmington Trust Co. v. Tribune Media Co. (In re Tribune Media Co., et al), Case No. 15-01116 9 (RGA), 2018 WL 6167504 (D. Del. Nov. 26, 2018).

Background

Wilmington Trust Company (the “Trustee”) was the trustee under an indenture for certain unsecured notes issued by Tribune Company (“Tribune”). The indenture required Tribune to reimburse the Trustee for the reasonable attorneys’ and other professionals’ fees and expenses incurred by the Trustee as a result of Tribune’s default. The Trustee submitted a claim in the Tribune bankruptcy that included more than $30 million for attorneys’ and other professionals’ fees and expenses incurred during the bankruptcy case (the “Fee Claim”).  

After Tribune objected to the Trustee’s Fee Claim, the mediator appointed by the bankruptcy court recommended that the claim be disallowed in its entirety. The mediator concluded that because Section 506(b) of the Bankruptcy Code addresses only secured creditors’ entitlement to post-petition attorneys’ fees as part of its claim, the expressio unius est exclusio alterius principle of statutory construction applied and precluded recovery of post-petition attorneys’ fees by unsecured creditors. 

The bankruptcy court adopted the mediator’s recommendation and disallowed the Trustee’s Fee Claim. In doing so, the bankruptcy court agreed with the reasoning in the mediator’s report—in particular, “the conclusion that the plain language of §502(b) and §506(b), when read together, indicate that postpetition interest, attorneys’ fees and costs are recoverable only by oversecured creditors”—and rejected the Trustee’s Travelers-based arguments with the explanation that the Travelers Court did not consider whether Section 506(b) of the Bankruptcy Code disallows unsecured claims for post-petition contractual attorneys’ fees.

The District Court’s Ruling

In a three-page memorandum opinion, Judge Andrews briskly dispensed with Tribune’s expressio unius argument and the bankruptcy court’s conclusion that because section 506(b) of the Bankruptcy Code expressly allows the claim of an oversecured creditor for post-petition attorneys’ fees, Congress must have intended to disallow such claims to unsecured creditors. 

First, Judge Andrews characterized the Supreme Court’s Travelers opinion as having “reaffirmed a requirement that claims that are within the scope of Section 502 are allowed unless they are expressly disallowed in the Bankruptcy Code.” Next, while noting that there continue to be reasoned bankruptcy and district court decisions to the contrary, he observed that “[t]he courts of appeals that have considered this issue post-Travelers have unanimously rejected Appellee’s position and have allowed unsecured claims for contractual attorneys’ fees that accrued post-filing of the bankruptcy petition.” Finally, taking the cue from Travelers, he said “I cannot conclude that Section 506(b) ‘expressly’ disallows the claims at issue here. Thus, I agree with the position adopted by every court of appeals faced with the question; Section 506(b) does not limit the allowability of unsecured claims for contractual post-petition attorneys’ fees under Section 502.”

Observations

As Judge Andrews observed, there has never been a nationwide consensus on the allowability of an unsecured creditor’s claim for post-petition contractual attorneys’ fees.  Because Tribune appealed Judge Andrews’ decision, the Third Circuit soon may have an opportunity to decide the issue. Whether it will take that opportunity remains to be seen, however; as of this writing, it has asked the parties to file briefs addressing whether Judge Andrews’ order, which remanded the case to the bankruptcy court for further consideration, is final or otherwise appealable. Putting aside potential jurisdictional defects, it is safe to say that a decision on the merits from another court of appeals—particularly if it joined the other courts of appeals that have considered the issue post-Travelers in allowing unsecured creditors’ claims for post-petition contractual attorneys’ fees—could strongly influence future courts’ decisions on this recurring question.

Competition law, anti-bribery and anti-corruption (ABC), and personal data protection are all essential (but not exclusive) components of a robust legal compliance program. In companies where no such program is in place, employees may nevertheless obtain a general understanding of ABC compliance via mainstream media, and of personal data protection via the numerous GDPR awareness campaigns on social media. Awareness and understanding of competition law, however, is often less robust, and this is especially true outside the United States.

This article provides thoughts, observations, and practical guidance from both the in-house and outside counsel perspectives to help ensure your company practices effective competition law compliance. We know that every company’s in-house legal and/or compliance functions differ in size, scope, and role, but we believe that many of these thoughts and observations are applicable to all.

From the In-House Perspective

Where to Begin

A targeted approach to delivering an effective competition law compliance program (as part of a wider legal compliance program) is vital to ensure that the key messages are absorbed and practiced by all colleagues, including those who have never worked with in-house lawyers. This process can be challenging, especially for the sales and legal teams, because it can reveal cultural differences between in-house lawyers and their nonlegal colleagues. Sales colleagues, for instance, may on occasion push back if they perceive in-house lawyers as blocking essential sales activities; therefore, it is crucial that a competition law program wins credibility by demonstrating added value to commercial activities. When this confidence and trust are established, they can serve to empower a mindset and organizational culture of compliant sales.

Make It Relevant

There is no better way to establish trust than to show colleagues that your role is to support their role and activities. So, treat colleagues as customers, and ensure that you understand the way they do business before advising them on competition law compliance. In practical terms, this means identifying their unique processes in the documents and training materials that you create.

Using templates and one-size-fits-all materials, without tailoring them to the particular issues and business, risks undermining the opportunity to build a relationship of trust. However, working together to create policies, processes, guidelines, and training that support the creation of legally compliant methods can produce significant results. It is also equally important to demonstrate a commitment to supporting commercial activities by being solution-orientated. For example, establishing an ethical wall between purchasing and sales that allows an important activity to take place while ensuring that restricted information flows are not compromised is a common example of a practical solution that also reduces risk.

Make It Understandable

Even lawyers don’t like legalese, so we do not recommend imposing it on your nonlegal colleagues. Instead, draft practical policies and guidelines in plain language and include examples that relate to the business at issue. Remind colleagues from time to time that competition law programs are there to protect the profits of the business by avoiding fines, investigations, and litigation. Compliance programs provide important policies and training that aim to protect the company against revenue loss and reputational damage, and to protect employees from potential personal liability. Periodically, share with business colleagues recent news items relating to other companies in the same (or similar) industry that ran afoul of competition laws. Highlight the impact on both the infringing company’s business and personnel, and consider using these examples as case studies in any future training sessions. These messages, alongside a tailored competition law compliance program, will begin to demonstrate the real added value of the program and help gain the trust of colleagues.

Make It Visible

We recommend that you create and maintain a dedicated and easy-to-locate space on the company intranet to post policies, processes, and guidelines. Promote new policies, processes, and guidelines internally. Don’t overload colleagues with too much information, but create sufficient awareness so that they know how to identify a potential competition law issue and who to contact within the compliance team for inquiries. Then, make yourself approachable and accessible for discussion of these issues with colleagues to enhance their understanding of the law, to troubleshoot, and to find a solution to their situation within the competition law compliance parameters.

All-employee meetings or other large business meetings can be used to deliver presentations that review competition law concepts or introduce new competition law initiatives. Introduce daily reminders—for instance, following a recent meeting, Kyocera Legal provided nonlegal colleagues with a competition law desk card setting out key principles in bullet points. It was a useful and fun takeaway from the meeting, and Kyocera’s nonlegal colleagues are now encouraged to keep these cards on their desks for easy reference. Their presence contributes to creating the mindset and organizational culture of competition law compliance.

We have found that different people learn in different ways, so using varied approaches—for example, formal presentations, informal discussions, and/or daily reminders—will enhance the effectiveness of your competition law compliance program. It is also important to recognize that different personnel come to your company with different knowledge of, and attitudes toward, competition law. Some personnel have worked at organizations where legal compliance and understanding were important values. Others may come from organizations where the law and the legal department were viewed as obstacles to avoid or ignore. The most effective legal compliance leaders will actively seek to identify personnel in this latter group and take steps to educate them, helping them to develop new values that are consistent with their new company’s views on compliance.

Choosing External Competition Law Advisors

The purpose of a competition law program is to support a serious message. Creating an interesting or fun initiative that aims to maximize learning and engagement is important but should not detract from the premise that the legal principles of competition law are non-negotiable. Strengthening this critical message will require expertise on competition law topics in addition to implementing operational activities. It is vital to select external competition law advisors with whom you can effortlessly communicate so that you can absorb the information they provide and, in turn, confidently explain the legal issues to the business.

Supporting as Outside Counsel

Beginning Basics and a Reaffirmed Importance

According to business leaders, competition law is one of the top-three threats to organizations (along with IT and fraud), yet it is not uncommon to see low compliance effectiveness in the competition area. The biggest barrier that we see to effective competition law compliance programs is the traditional attitude of some businesses toward compliance and the way in which compliance teams are kept at arm’s length, separate from key business decisions.

Compliance programs work largely out of sight to protect companies from risk in the form of, among other things, investigations, regulatory violations, and litigation. When they are working well, there is little need for business leaders to consider their function and, as a result, the contribution of compliance is counted in cost rather than in value. Perhaps unfairly, compliance functions are often viewed as the police rather than as partners, and as a hindrance to growth and innovation.

This misconception belies the significant responsibility shouldered by compliance teams in today’s increasingly complex and punitive regulatory environment, and fails to acknowledge the crucial role those teams play in protecting a company’s value and brand. Indeed, research shows that an effective “connected compliance” program has a positive impact on the top, as well as the bottom, line. Strong compliance is not only good practice, it is good business. For instance, an executive’s knowledge of the competition laws can be the difference between breaking the law—and potentially facing a prison sentence—and not.  

Connected Compliance

Connected compliance envisages a fully integrated compliance function that is connected to the business and plays an active role in strategic thinking and growth decisions. It rejects the traditional image of a siloed compliance team, where there is no collaboration among departments and where, to employees, compliance means an annual “tick box” exercise, a multitude of complex policies, and a high degree of self-management based on an employee’s own “moral compass.” Indeed, although we observe that business managers have taken more interest in compliance—as they observe longer jail sentences for antitrust violations in the United States—an overwhelming 60 percent still believe that the compliance team takes sole responsibility for good governance.

It Is Everyone’s Responsibility for a Reason

In effective programs, clear responsibility for compliance is given to specific individuals, or “compliance contacts,” who sit within strategic business lines and are involved in determining a company’s growth plan and risk appetite. Clear, simple policies and procedures are outlined, but most importantly, responsibility for compliance is shared across every business division and every organization. This creates a culture of compliance from the top (i.e., senior-most leadership) down so that compliance becomes everyone’s concern and everyone’s responsibility.

Such compliance integration is not a new concept, but some in the business community have been slow to embrace it. Research shows that companies have made little progress in improving critical connections among different business functions or in addressing gaps in compliance accountability among employees at all levels of the business.

For example, take M&A activity, which is on the rise as companies pursue aggressive growth and innovation. M&A activity necessarily involves high risks, cultural upheaval, and regulatory scrutiny, but we observe that many compliance teams are not consistently included when planning and implementing deals. Research by Baker McKenzie shows that fewer than one in five companies involves compliance “substantively” in planning and implementing M&A deals, whereas almost half bring in compliance when selecting new business partners. More than a quarter of respondents admitted to deliberately keeping compliance out of the loop for fear of issues being uncovered and plans derailed. This has serious consequences: on average, 40 percent of organizations that acquired a new business admitted to uncovering compliance issues within that business only after the acquisition.

Not only does this approach increase a company’s risk exposure, it also negates a company’s opportunity to tackle compliance risks during the deal process and to best negotiate the terms of the deal. In short, it risks undermining the value of the investment the company has just made. Most seriously, legislation empowers authorities to hold companies accountable for failing to prevent noncompliant activity, so the “don’t ask, don’t tell” approach sometimes adopted by companies is an insufficient defense in many circumstances.

What Does It Mean?

Promoting an effective compliance program is not only in a company’s interest in the long term, but is arguably an immediate necessity as well. More than half of respondents to a survey conducted by Baker McKenzie are aware of a hidden compliance breach in their organization that is yet to surface to the regulator or the public. Two-thirds of compliance chiefs expect breaches to rise as regulation becomes more complex, and as agencies and prosecutors promote more aggressive enforcement policies. Such enforcement has been particularly apparent for competition law violations, where recent high-profile, high-penalty cases have raised the perceived risk level. Indeed, leaders view competition law as the number-one threat for business compliance, yet competition law is not a top priority in many strained compliance budgets, which often focus on developing “adequate procedures” as a compliance defense in other legal areas, such as bribery and tax evasion.

In spite of these growing risks, more than a third of companies are planning to reduce the compliance services offered to the business as a way of cutting costs. Although there are strong commercial realities—and we know that in-house legal and compliance departments face significant workloads beyond their “compliance” work—businesses must not lose their focus on compliance. Businesses should and can adapt their compliance functions to match the evolving landscape, much like any other business segment. Developing a compliance program that is agile, collaborative, and above all connected will ensure its effectiveness and protect the company’s brand and value.

Final Words

There are many aspects to developing, implementing, and maintaining a comprehensive compliance program, and this article does not endeavor to cover them all. However, we hope that our observations and practical guidance provide an overview of the importance of developing a comprehensive and dynamic compliance program.

Today’s computer hackers are helping themselves to the privileged information that has been a core covenant of the attorney-client relationship for hundreds of years. Hackers know the value of sensitive information that is exchanged and retained between a business and its law firms. According to the most recent information from the American Bar Association, 23 percent of law firms experienced a cyber attack or data breach in 2018.

There has been widespread response to breaches from the largest businesses and law firms, who were initially hit the hardest; they have been working to lock down their data and information. Small- and mid-sized companies and their law firms have also grown serious about cybersecurity. Cybersecurity has become a top priority for legal departments and their service providers.

To assess progress and continue to find ways to increase security, it is critical to take inventory across the chain of information exchange and storage, ensuring all law firms working for the company, regardless of their size and location, reach consistently high levels of compliance with cybersecurity standards. That is because every link in the chain of information is a potentially vulnerable junction for compromise.

Here are questions to ask to help you better understand the risks and opportunities for strengthening every link in your cybersecurity chain:

Are there consistencies in cybersecurity between large, mid-sized, and small law firms?

Larger law firms assessed their security measures after the now-infamous DLA Piper data breach and subsequent shutdown of the firm in 2017. Clients began to require their firms to complete extensive cybersecurity surveys to demonstrate readiness in the event of a potential hack. Clients wanted to know their exposure given their firms’ cybersecurity sophistication, or lack thereof.

Smaller firms moved into action as well, many working with consultants who assessed their processes and formulated plans to achieve a higher state of security. The partners of small and mid-sized firms have been able to enact change as they have closer management oversight of their IT systems and were likely involved in the development of the IT department and decisions on selected tech programs from the beginning. They have intimate knowledge of their current processes and practices and, in the end, these partners are ultimately responsible for the safeguarding of all client relationships and the sustainability of the firm over the long term, given their names are on the door.

All law firms should now have cybersecurity plans in place. The key indicator to understand, however, is their capacity to take action on the plan to make enhancements as soon as the environment changes. Many times, scaling cybersecurity best practices across smaller firms can happen more quickly. That is not to say that it is easy—the most effective cybersecurity assessment and enhancements should be rigorous for any firm.

Are there cybersecurity variances across law firms in different jurisdictions and geographies?

Data privacy and protection regulations are constantly changing across states and countries. If a company does business across jurisdictions and regions, it is important that its law firms stay current on changes in all of those markets and proactively advise on how they affect the overall cybersecurity of the clients’ information and their legal obligations.

The EU’s recent implementation of the General Data Protection Regulation (GDPR) is only the latest (albeit most sweeping) development in this crucial area of law. Outside the EU, however, there is little uniformity in how different countries protect data.

• For example, personal information protection does not have a long history in the Chinese legal system, but it is now one of the hottest legal topics in China. Chinese legislation contains broad, confusing definitions of protection and involves stringent regulations and severe legal penalties. The Chinese government is still exploring a feasible way to implement the relevant legal requirements. This has delayed the process of issuing the rules.
• In contrast, Taiwan recognized the importance of data protection and put information protections in place more than 20 years ago. The most current personal data protection law in Taiwan was enacted in 2010 and implemented in stages. The law is now fully in effect and, among other changes, removes the data user-registration requirement and expands data protection obligations to all industries in Taiwan and to all methods of processing. All business entities in Taiwan that collect, process, or use data must comply with this law, but it does not extend to non-Taiwan business entities that collect, process, or use data of Taiwan resident “protected parties” outside Taiwan.
• In Singapore, the mandatory protection of personal data came into force only in 2014 and is meant to address growing concerns from individuals about how their personal data is used, maintain the trust of individuals in organizations that manage data, and strengthen Singapore’s position as a trusted business hub.
• Australian privacy law has national significance and contains 13 principles, which have the force of law by virtue of the country’s Privacy Act of 1988. The federal privacy regulator is the Australian Information Commissioner.

These are just a few of the differences that exist by region. If a company does business in multiple jurisdictions, it should expect its law firms to not only intimately understand the data rules of their market, but proactively share their knowledge. An example of this is a recent guide published by a global network of legal firms.

What should the cybersecurity culture be at my law firm(s)?

The cybersecurity culture at your law firm should be proactive and integrated into everyday practice, prioritized and lead by those at the partner level. Cybersecurity should be a top focus of upper management, not relegated to IT staff or firm administration. Many major breeches have occurred because of employee or vendor error, and are not directly controlled by the IT department. Partners should play or share the role of chief compliance officer and chief information security officer to keep cybersecurity at the forefront of their practice.

With what standards should my law firm(s) comply?

Having a current information security plan, and reporting to demonstrate ongoing progress against that plan, are critical indicators of the cybersecurity strength of a law firm. All law firms should be able to report high levels of standards in these areas:

• management’s demonstrative commitment to cybersecurity
• ongoing risk assessments
• technical safeguards
• physical safeguards
• employee training
• third-party risk management
• business continuity
• breach response
• frequent reviews and updates

Significant progress has been made in boosting cybersecurity in the legal industry. In 2018, the American Bar Association reported just a 1 percent increase in law firms that have experienced an attack, much improved over the 8 percent increase from 2016 to 2017. While it will never be possible to completely eliminate breeches, the hard work law firms are doing to reduce the risk is clearly making a difference.

Most public employees in California are eligible to enroll in a state or county retirement system.  These retirement systems are governed by state statutes, known primarily as either the Public Employees’ Retirement Law (“PERL”) or the County Employees’ Retirement Law (“CERL”), depending on the retirement system in question. 

While the legislature enacts statutes to provide benefits in retirement, the California courts have developed what is known as the “California Rule” regarding vesting of these benefits. This judicially created rule states that public employees in California have vested rights in their pension benefits, and therefore begin earning this deferred form of compensation from their very first day of employment. While they may not remain employed long enough to actually receive benefits, as long as they do remain employed, they have the right to keep earning this deferred compensation to be paid after they retire. The courts have held that these pension benefits cannot be modified unless: (1) the modification maintains the integrity of the system; (2) bears some relation to the theory of the pension system; and (3) if the modification results in some disadvantage, it is accompanied by a comparable new advantage. Practically speaking, this makes it difficult for the state legislature to revise pension statutes in order to allow reductions in benefits that had previously been promised to public employees. The result is that promises made years or decades earlier generally cannot be modified despite current exploding costs being absorbed by public employers. 

On September 12, 2012, Governor Jerry Brown signed into law the Public Employees’ Pension Reform Act of 2013 (“PEPRA”) in order to address the looming crisis of increasing pension costs. PEPRA primarily changed the pension benefits that employees hired after its enactment could expect. However, PEPRA also modified some of the pension benefits for existing public employees under both the PERL and CERL. Some of these changes include the discontinuation of the right to purchase service credit not related in any way to prior employment (known as “airtime”), as well as the discontinuation of certain types of compensation in pension calculations, among others. There are currently several cases before the California Supreme Court, which will analyze whether PEPRA changes to existing employees’ pension benefits violated the California Rule. 

On December 5, 2018, the California Supreme Court heard oral argument in Cal Fire Local 2881 v. CalPERS, which it chose to hear first. The state intervened in the case to defend PEPRA. In this case, public employees are challenging PEPRA’s elimination of “airtime.” The appellate court held that employees did not have a vested right to purchase airtime because there was no express language in the statute, or its legislative history, that unambiguously stated an intent by the Legislature to create a vested pension benefit.  Alternatively, the appellate court held that it was permissible to eliminate “airtime” because a pension system was established to compensate for actual work and that, in fact, the option to purchase “airtime” was detrimental to the successful operation of the pension system because it does not relate to any work performed. Finally, the appellate court held that while a comparable new advantage “should” be provided, the term “shall” in prior decisions was not a mandate. If upheld, this decision would mark a serious erosion of California public employee pension vesting principles.  

During oral argument before the California Supreme Court, the justices directed questions at both attorneys to address whether the opportunity to purchase airtime was a vested right. The employees argued that the opportunity to purchase airtime was a vested right upon one’s acceptance of and/or continued employment. The justices challenged this notion because any such rule may be overbroad and may apply to any employment benefit offered to an employee.  Interestingly, the justices did not question either side on whether there needed to be a comparable new advantage provided to employees in exchange for the elimination of the right to purchase “airtime.”

On the other side, the state argued that the legislature never intended for this opportunity be to a vested right, neither expressly nor impliedly. The justices seemed to concede that there was no express language that created a vested right, but questioned whether the legislature could ever create an implied right to a benefit and if so, how. The state responded that there appears to be an implied right to a “substantial, reasonable pension,” but that purchasing “airtime” was not necessary to providing a substantial, reasonable pension.

While it is usually difficult to predict a court’s final ruling based on the questions the justices ask during oral argument, the court could be signaling its direction here given the questions it did not ask. Specifically, the justices did not ask about the heart of the California Rule; whether alternative benefits must be provided whenever a vested right is impaired. Given the other cases pending before the Supreme Court and the nature of the justices’ questions in Cal Fire, the court appeared to signal that it will likely issue a narrow ruling related to airtime itself, allowing major components of the California Rule to be argued in later cases. In any event, even if the Supreme Court overturns the California Rule in full and allows pension benefits to be modified more easily, there is unlikely to be an immediate impact on California public employees nor relief to public employers facing ever-increasing pension costs. Any change to public employee pension benefits must first come from the state legislature. While overturning the California Rule would, in theory, make it easier to modify pension benefits, it would still be up to the state legislature, not individual public employers enrolled in these pension plans, to first make modifications to the state statutes. Absent such statutory change, these benefits will remain largely untouchable, regardless of the court’s ultimate decision.

Partner Steven M. Berliner and Associate Danny Y. Yoo are attorneys with Liebert Cassidy Whitmore, California’s largest education and public sector labor and employment firm. Berliner is the Chair of the firm’s Retirement, Health and Disability Practice Group; he can be reached at [email protected] or 310-981-2000. Yoo represents public agency clients in all facets of labor and employment law; he can be reached at [email protected] or 310-981-2069.