On February 1, 2023, the Centers for Medicare and Medicaid Services (“CMS”) issued its final rule on risk adjustment data validation (“RADV”) audits.^[1] The rule expands CMS’s scope with regard to Medicare Advantage Plans, by authorizing different sampling methods and audit techniques and eliminating the fee-for-service adjuster (“FFSA”) offset from 2018 forward.

The Final Rule is expected to increase the frequency of claims audits as well as the potential liability of Medicare Advantage Plans, physicians, and other providers. During a RADV audit, CMS looks at a sample of Medicare Advantage claims and confirms that any diagnoses submitted for risk adjustment are supported in the patient’s medical record to ensure the plan did not receive an overpayment. Changes in sampling methods and extrapolation of overpayments affect both the frequency of RADV audits as well as potential overpayment calculations.

This article discusses the increased risk of liability for providers who are parties to Medicare Advantage risk-sharing arrangements resulting from the 2023 RADV Final Rule. The 2023 audit changes represent a strengthening of CMS’s programmatic method of assuring accurate payments under the Medicare Advantage program, through an expanded scope of the RADV audits that authorizes different sampling methods and auditing techniques, and methods of extrapolation and calculation of overpayments.

Medicare Advantage Risk-Adjustment Payment Methodology

To understand the evolution of the 2023 RADV audit final rule, an understanding of the Medicare Advantage payment methodology is required. While the intention of the Medicare Advantage program was to provide coverage to enrollees who require increased health-care resources, the abuses of the model have resulted in an expanded scope of CMS RADV audits and increased regulatory scrutiny of payers by the Department of Justice.

Unlike Medicare Part B payments, which are based on procedures performed, Medicare Advantage payments are diagnosis driven. A hierarchical condition category (“HCC”) model is used to risk-adjust diagnoses, by grouping ICD-10^[2] diagnosis codes by severity of condition and increased cost of care for treatment of enrollees with chronic diagnoses. The HCCs are additive in nature and produce a risk score. Risk adjustment allows CMS to redirect payments from managed-care organizations that target healthy populations to those that care for the most ill. By risk-adjusting plan payments, CMS can make appropriate payments for enrollees with differences in expected costs. As an enrollee’s risk score increases, the monthly risk-adjusted payment to the Medicare Advantage organization also increases. In this way, the risk-adjustment program compensates Medicare Advantage plans for the additional risk of providing coverage to enrollees expected to require more health-care resources.

CMS Audits of Medicare Advantage Plans

Under its authority to identify waste and mismanagement of federal health program dollars, CMS has been actively conducting audits on risk-adjustment submissions from Medicare Advantage organizations.

There was little to no activity by CMS in terms of Medicare Advantage audits prior to 2019. However, in 2021, CMS recouped $223,043,005 in overpayments from six plans. The overpayment recouped from Humana in one audit totaled $197.7M (comprising 71 percent of the recoveries by the Office of Inspector General for the Department of Health and Human Services (HHS OIG) in 2021). In 2022, CMS recouped $134,739,612 in overpayments from twelve Medicare Advantage plans.

This increased scrutiny stems from the fact that in 2019 the Medicare Advantage program provided health-care coverage for 23 million Americans (accounting for about a third of all Medicare beneficiaries). Health-care coverage under Medicare Advantage plans resulted in a total annual cost of $264 billion of the $758 billion total Medicare program costs spent in fiscal year 2019.^[3]

Evolution of the Audit Rule

The discussion below traces the changes in CMS audit methodology and reflects the expansion of RADV audits’ scope over time.

Medicare Advantage Audit Methodology under the 2012 Final Rule

Selection of Plans. The selection of plans for audit in 2012 was stratified. Under CMS’s approach, thirty Medicare Advantage plans were selected annually for audit, typically two to three years after payment. The contracts were targeted based on diagnosis coding intensity, which is the average change in risk score associated with reported beneficiary diagnoses covered by the Medicare Advantage contract. Coding intensity measures the extent to which the estimated medical needs of beneficiaries increase from year to year. The targeted contracts were those whose beneficiaries appeared to get sicker at a relatively rapid rate, based on the information submitted to CMS. Those contracts chosen by coding intensity were divided into three categories: high, medium, and low, with the same number of enrollees for each stratum.^[4]

Beneficiary Sampling. The total number of enrollees sampled was up to, but often exceeded (see table below), 201 beneficiaries, with 67 enrollees per stratum. The categories of each stratum were based on the individual risk scores of the enrollees.^[5]

Medical Record Collection and Review. After selecting the beneficiaries for review, CMS requested supporting documentation for all risk-adjusted diagnoses submitted in the past year. The Medicare Advantage plans were permitted to submit five medical records per audited risk-adjusted diagnosis. CMS contractors then reviewed the submitted medical records to determine if the medical records supported the diagnosis.

Payment Error Calculation and Extrapolation. When a medical review was completed, CMS extrapolated an error rate for the entire population over the audited period. The extrapolated amount considered the sampling weight of each enrollee. The payment error was calculated by taking the difference between the actual amount paid based on the plan’s submitted diagnoses and the amount that would have been paid based on the RADV-validated diagnoses.^[6]

Extrapolation meant that if an error was found during a RADV audit on an HCC, not only were the overpayments recouped on that plan member, but payment was recouped on all members who were in that HCC over the audited year(s). The annual payment error for each sampled enrollee was multiplied by the enrollee’s sampling weight (computed for each stratum). The weighted enrollee annual payment error was summed across all enrollees in the sample to determine the extrapolated payment error.

In its prior final rule in 2012, CMS recognized the need to use an offset, the FFSA, to account “for the fact that the documentation standard used in RADV audits to determine a contract’s payment error (medical records) is different from the documentation standard used to develop the Part C risk-adjustment model (FFS claims).”^[7] The FFSA was intended to ensure that the amount due in a RADV audit considered the difference between audit review standards and the errors resulting from unsupported fee-for-service diagnostic codes, creating a permissible level of payment errors and limiting RADV audit recovery to payment errors above the set level.^[8] Under that 2012 CMS final rule, the FFSA was used to account for differences in the fee-for-service and Medicare Advantage documentation standards to ensure that there was no bias built in that resulted in underpayment to Medicare Advantage plans.

The 2018 CMS Proposed Rule

Highlights. CMS proposed eliminating the FFSA as part of the revised 2018 RADV audit methodology proposed rule. To support its proposal, CMS cited a 2018 internal study finding “that errors in FFS claims data do not have any systematic effect on the risk scores calculated by the CMS-HCC risk adjustment model, and therefore do not have any systematic effect on the payments made to [Medicare Advantage] organizations.”^[9] CMS’s proposed changes to the audit methodology, i.e., the elimination of the FFSA, would allow it to recover payments retroactively from audits conducted for plan years from 2011 forward without an offset.

CMS also asserted its authority to use its discretion to identify different sampling methods and auditing techniques other than a stratified approach, including auditing by sub-cohorts. Auditing by sub-cohorts involves auditing by HCC, targeting diagnoses that CMS views as subject to high rates of improper payment.^[10] A sub-cohort represents a grouping of HCCs, such as HCCs 17, 18, and 19—the HCCs for the diagnosis of diabetes and its complications. The 2018 proposed rule recognized that using a sub-cohort method of auditing plans would allow CMS to use smaller sample sizes to calculate extrapolated overpayments.^[11]

Litigation. In United Healthcare Insurance v. Becerra, the U.S. Court of Appeals for the D.C. Circuit rejected the United Healthcare challenges to the 2018 CMS RADV rule, finding that there was no valid legal or factual claim that CMS’s overpayment rule failed to comply with actuarial equivalence, affirming CMS’s agency authority to implement the 2018 RADV proposed rule as a final rule.^[12]

Audits in 2021 and 2022: Combined Methodology of 2012 and 2018 Audits

Below is a summary of some of the HHS OIG audits performed in 2021 and 2022 that combine the methodology of audits used in both 2012 and 2018 and represent varied approaches to the RADV audit process.^[13] CMS’s authority to conduct RADV audits is set out in 42 CFR 422.311 and has been applied by the HHS OIG in its performance of Medicare Advantage compliance audits.

Even at that time, there were inconsistencies in the audit approach. Only four of the audits above used a sample size of 200 or below; most used a significantly larger sample size. Some had more than one reference year from which the sample was drawn. All samples were drawn from reference years that were closed, i.e., they already had final reconciliations and were settled, mostly five to six years prior to the year of the audit. Two of the contract-level audits did not extrapolate the overpayments; several were targeted reviews of sub-cohorts of HCCs, while others followed a stratified sampling method.

The 2023 RADV Audit Final Rule

Highlights. Below are the highlights of the most recent final rule, effective February 1, 2023:^[26]

• CMS will no longer apply a risk-adjustment factor, the FFSA, in RADV audits, meaning that plans will no longer have an offset against the extrapolated amount determined in the RADV audit.
• CMS will no longer be limited in either the audit methodology used to conduct RADV audits or its extrapolation of payment errors.^[27] CMS is “not adopting any specific sampling or extrapolated audit methodology, but will rely on any statistically valid method for sampling and extrapolation that is determined to be well-suited to a particular audit.”^[28] CMS will extrapolate RADV audit findings under its new methodology beginning with plan year 2018, and that approach will not apply to any plan years prior to that.^[29]
• Payer challenges to CMS and HHS OIG audit methodology since the 2023 RADV Final Rule have focused on the lack of a consistent approach.
  • Two payers audited in 2023, MCS Advantage (“MCS”) and Excellus Health Plan, Inc. (“Excellus”), have challenged changes to audit methodology by arguing that their audits involved flawed audit sampling, inconsistent with CMS’s actuarial equivalent mandate and its requirements for data accuracy and compliance.^[30] The MCS audit challenged the sampling methodology on grounds that it was “biased to identify overpayments.”^[31] HHS did not seek to identify or account for all potential unrelated HCCs that were not submitted but were reported to CMS, thus omitting data that represented potential underpayments. HHS responded by stating its analysis “is now limited to the net overpayments associated with the sampled enrollee-years” and that a valid estimate “does not need to take into consideration all potential HCCs or underpayments within the audit period.”^[32]
  • MCS and Excellus also challenged the audit analysis as employing a shifting audit methodology, arguing there is no consistency in the selection of the method of identifying high-risk diagnoses for review. Excellus noted that in its audit, four cancer diagnoses were selected as HCCs targeted for review, while in other compliance audits affecting other payers, none were selected. It also argued that a “high-risk” diagnosis code is nowhere defined, though HHS argued it provided information on the parameters used.^[33]
  • Further, both payers argued that actuarial equivalence between Medicare Advantage and traditional Medicare payments is required as part of the calculation of estimated overpayments, and that HHS did not meet this requirement due to its not applying an FFSA or other mechanism to account for its risk adjustment model being based on unaudited traditional Medicare data.^[34] These challenges were dismissed by HHS, based on CMS’s statement that application of an adjustment factor in RADV audits is no longer required.
  • MCS and Excellus also contended that other aspects of the current audit methodology are at odds with the risk adjustment model. MCS and Excellus argued the use of a physician as a tiebreaker when medical review contractors cannot determine whether a reported HCC represents an overpayment deviated from the CMS risk adjustment program requirements, which base overpayments on the inaccurate assignment of ICD 10 codes, not the clinical judgment of a physician reviewer.^[35] Excellus asserted that HHS failed to use a proper notice and rulemaking process to establish its audit standards because its audit departed from CMS’s established risk adjustment audit standards. The use of such standards made the audit “procedurally defective, arbitrary and capricious” in Excellus’s view, though HHS disagreed.^[36]

Impact. Plans and providers can expect the following:

• The number of RADV audits will increase because of CMS’s use of either sub-cohort audits or Unified Program Integrity Contractors (“UPIC”) auditors to perform Medicare Advantage audits. CMS will use UPICs to select Medicare Advantage plan enrollees for review, identify underpayments and overpayments associated with diagnosis data submitted to CMS, and calculate the final over-/underpayment amount.^[37] CMS intends for all Medicare Advantage plans to be subject to either a comprehensive or condition-specific RADV audit each plan year. There is expected to be an increase in targeted reviews, which would allow CMS to base audits on smaller sample sizes, permitting it to increase the number of audits performed. This would increase the burden on providers to respond to record requests and also widen the spectrum of provider liability for those providers who are parties to risk-sharing arrangements.
• The new methods of extrapolation of overpayments from 2018 forward will potentially subject providers who participated in risk-sharing arrangements to exposure to increased, unexpected losses, where they participated as an in-network provider during the earlier periods and a final reconciliation has already taken place. They also could expect reduced income where a RADV audit has resulted in recoupment of overpayments from a plan year where no final reconciliation has occurred. While providers face a contractual risk of liability as part of the recoupment of overpayments from plans, they also could face liability under the False Claims Act to the extent they benefited financially from inflating revenues.^[38]
• An increase in the number of RADV audits will likely lead to additional scrutiny of physician documentation. Certain clinical documentation and billing practices can be an indicator of an overpayment.^[39] Diagnoses that cannot be validated either because they are clinically unsupported or have resolved could result in RADV audit findings.^[40] Managing risk in this area can protect physicians against not only liability for overpayment under a risk-sharing arrangement but also direct liability under the False Claims Act for “potential fraud actions.”^[41]
• As plan revenues become more uncertain due to plans’ inability to adjust for potential recoupment of overpayments, premiums may increase as one way to address that uncertainty, and enrollee decision-making as to plan options and participation could be impacted. That change, coupled with increased provider exposure to liability due to risk-sharing arrangements, may impact provider decisions to accept Medicare Advantage enrollees. A decision to no longer accept Medicare Advantage patients, while driven by revenue considerations, may have other revenue consequences for physicians who fail to factor in the potential loss of revenues from other sources, i.e., providers who refer patients to them based on their acceptance of Medicare Advantage insurance.
• Providers will likely be subject to increasing demand to respond to requests from plans to comply with audit requirements.
• Plans will likely conduct increased prospective audits on providers’ coding and charting to improve the accuracy of ICD-10 coding.

Guidance for Ensuring Compliance with the 2023 RADV Audit Requirements

Plans and providers should perform billing compliance audits to ensure the accuracy and completeness of the coding of claims and to affirm that diagnosis codes are clinically supported.

A plan has twenty-five weeks to submit medical records to CMS in response to an audit request. There is a large amount of information involved in a RADV audit, as well as a fixed deadline. Efficiently managing time and use of software tools enables both the provider and the plan to capture and track pertinent information.

Plans must be aware of the timetable to appeal RADV audit findings. Plans must file a written request with CMS for an appeal of the RADV audit report (the medical record review determination or the payment error calculation) within sixty days of its issuance.

Conclusion

The impact of the 2023 RADV audit final rule extends beyond Medicare Advantage payer pricing and the Medicare Advantage bid process. Providers who are parties to risk-sharing arrangements face unexpected risk in the form of loss of revenue from audited periods where final reconciliations have occurred. The contractual risks of recoupment of overpayments sought from earlier plan periods alone may be sufficient for some providers to no longer accept enrollees as patients. Further, increased premiums built into future bids may affect patient choice in terms of the plans selected; more importantly, the increased cost of the program to the plans may restrict the availability of services, ultimately impacting the patients for whom the program was created.

1. Medicare and Medicaid Programs; Policy and Technical Changes to the Medicare Advantage, Medicare Prescription Drug Benefit, Program of All-Inclusive Care for the Elderly (PACE), Medicaid Fee-for-Service, and Medicaid Managed Care Programs for Years 2020 and 2021, 88 Fed. Reg. 6643 (Feb. 1, 2023) [hereinafter 2023 Final Rule]. ↑

2. ICD-10 stands for International Classification of Diseases, Tenth Revision. ↑

3. U.S. Dep’t of Health and Hum. Servs., OEI-03-17-00471, Billions in Estimated Medicare Advantage Payments From Diagnoses Reported Only on Health Risk Assessments Raise Concerns (2020), at 1–2, 12–13. This 2020 HHS OIG report noted that in 2017, diagnoses reported by Medicare Advantage organizations reported only on health risk assessments and not in medical records totaled $2.3 billion. ↑

4. Ctrs. for Medicare & Medicaid Servs., Notice of Final Payment Error Calculation Methodology for Part C Medicare Advantage Risk Adjustment Data Validation Contract-Level Audits 1–3 (Feb. 24, 2012). ↑

5. Id. ↑

6. Id. ↑

7. Ctrs. for Medicare & Medicaid Servs., Fee for Service Adjuster and Payment Recovery for Contract Level Risk Adjustment Data Validation Audits (Oct. 26, 2018). See also Ctrs. for Medicare & Medicaid Servs., Notice of Final Payment Error Calculation Methodology for Part C Medicare Advantage Risk Adjustment Data Validation Contract-Level Audits (Feb. 24, 2012). ↑

8. Ctrs. for Medicare & Medicaid Servs., Notice of Final Payment Error Calculation Methodology for Part C Medicare Advantage Risk Adjustment Data Validation Contract-Level Audits (Feb. 24, 2012). ↑

9. Medicare and Medicaid Programs; Policy and Technical Changes to the Medicare Advantage, Medicare Prescription Drug Benefit, Program of All-Inclusive Care for the Elderly (PACE), Medicaid Fee-for-Service, and Medicaid Managed Care Programs for Years 2020 and 2021, 83 Fed. Reg. 54982 (Nov. 1, 2018). See also Ctrs. for Medicare & Medicaid Servs., Fee for Service Adjuster and Payment Recovery for Contract Level Risk Adjustment Data Validation Audits (Oct. 26, 2018); Ctrs. for Medicare & Medicaid Servs., RADV Provision CMS 4185-N4 Data Release June 2019 (June 27, 2019); Medicare and Medicaid Programs, Risk Adjustment Data Validation, 84 Fed. Reg. 30983 (June 28, 2019). ↑

10. In the 2018 proposed rule, CMS sought feedback on use of different payment methodologies. The cohort-by-cohort methodology would target certain HCCs with a high likelihood of improper payments. 2023 Final Rule, supra note 1, at 6649. ↑

11. Id. ↑

12. United Healthcare Ins. Co. v. Becerra, 16 F.4th 868, 869, 877 (D.C. Cir. 2021). ↑

13. See Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Reports and Publications, Office of Audit Services, Centers for Medicare and Medicaid Services (last visited Nov. 13, 2023). ↑

14. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Specific Diagnosis Codes That UPMC Health Plan, Inc. (Contract H3907) Submitted to CMS (Nov. 5, 2021). ↑

15. RADV recoveries with asterisks represent audits where CMS did not extrapolate the overpayment amount due. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Specific Diagnosis Codes That Coventry Health Care of Missouri, Inc. (Contract H2663) Submitted to CMS (Oct. 28, 2021). ↑

16. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Specific Diagnosis Codes That Anthem Community Insurance Company, Inc. (Contract H3655) Submitted to CMS (May 21, 2021). ↑

17. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Diagnosis Codes That Humana, Inc., (Contract H1036) Submitted to CMS (Apr. 19, 2021). ↑

18. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Specific Diagnosis Codes That HumanaChoice (Contract R5826) Submitted to CMS (Sept. 30, 2022). ↑

19. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Specific Diagnosis Codes That Highmark Senior Health Company (Contract H3916) Submitted to CMS (Sept. 29, 2022). ↑

20. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Diagnosis Codes That Inter Valley Health Plan, Inc. (Contract H0545), Submitted to CMS (Sept. 26, 2022). ↑

21. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Specific Diagnosis Codes That Regence BlueCross BlueShield of Oregon (Contract H3817) Submitted to CMS (Sept. 13, 2022). ↑

22. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Specific Diagnosis Codes That WellCare of Florida, Inc., (Contract H1032) Submitted to CMS (Aug. 29, 2022). ↑

23. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Diagnosis Codes That Cigna HealthSpring of Florida, Inc. (Contract H5410) Submitted to CMS (Aug. 19, 2022). ↑

24. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Specific Diagnosis Codes That Cariten Health Plan, Inc., (Contract H4461) Submitted to CMS (July 18, 2022). ↑

25. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Diagnosis Codes That SCAN Health Plan (Contract H5425) Submitted to CMS (Feb. 2, 2022). ↑

26. 2023 Final Rule, supra note 1. ↑

27. Medicare Program Integrity Manual, at ch. 8 (“Administrative Actions and Sanctions and Statistical Sampling for Overpayment Estimation”) (effective Feb. 21, 2023). ↑

28. Id. ↑

29. Rather than applying extrapolation beginning for payment year (PY) 2011 audits as proposed, is finalizing a policy whereby it will not extrapolate RADV audit findings for PYs 2011 through 2017 and will begin extrapolation with the PY 2018 RADV audit. As a result, CMS will only collect the non-extrapolated overpayments identified in the CMS RADV audits and Department of Health and Human Services Office of Inspector General audits between PY 2011 and PY 2017, and will begin collection of extrapolated overpayment findings for any CMS and OIG audits conducted in PY 2018 and any subsequent payment year. ↑

30. Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Specific Diagnosis Codes That MCS Advantage. Inc. (Contract H5577) Submitted to CMS (Mar. 24, 2023) (“MCS Audit Report”); Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Specific Diagnosis Codes That Excellus Health Plan, Inc. (Contract H3351) Submitted to CMS (July 10, 2023) (“Excellus Audit Report”). ↑

31. MCS Audit Report at 20. ↑

32. MCS Audit Report at 21. ↑

33. Excellus Audit Report at 18–19. ↑

34. MCS Audit Report at 23–24; Excellus Audit Report at 23–24. HHS applies the audit rule in place at the time of the audit, rather than the rule in place at the time of the audited activity, arguably improperly allowing retroactive application of the new RADV Audit Rule. ↑

35. MCS Audit Report at 23; Excellus Audit Report at 20–22. ↑

36. Excellus Audit Report at 19–22. ↑

37. Medicare Program Integrity Manual, at ch. 8 (“Administrative Actions and Sanctions and Statistical Sampling for Overpayment Estimation”), § 8.4.1.4 (effective Feb. 21, 2023); id. at ch. 4 (“Program Integrity”). ↑

38. Provider liability under the False Claims Act can result from:

    • Upcoding to increase risk adjustment factor scores (i.e., where a patient encounter note does not indicate a severe or chronic diagnosis, but a high-dollar risk-adjusted diagnosis code is assigned).
    • False reporting of conditions with high risk-adjusted diagnosis scores where the condition has resolved (cancer, stroke, myocardial infarction).
    • Making post-encounter addenda to record unsupported risk-adjusted diagnoses.
    • Failure to delete inappropriate codes that are part of a problem list in a patient’s medical record.

    Physicians in network with Medicare Advantage Plan organizations who received financial incentives in the form of bonuses to make changes that inflated plan revenues are subject to individual liability under the False Claims Act.

    See, e.g., United States’ Complaint-in-Intervention, United States ex rel. Osinek v. Kaiser Permanente, No. 3:13-cv-03891-EMC (N.D. Cal. Oct. 25, 2021). Kaiser Permanente allegedly created programs to mine patients’ electronic medical records for certain data—key words, lab results, medications, clinical indicators—suggestive of potential diagnoses that would increase risk-adjustment payments. Id. at 37. The government’s complaint alleges Kaiser “systematically alter[ed] patient medical records to add diagnoses that either did not exist or were unrelated” to a patient’s visit, using Kaiser physicians to inflate a patient’s risk score. Id. at 1; see also id. at 24, 40–43. Kaiser allegedly altered the patients’ medical records retrospectively using addenda to add diagnoses months, or even a year, after a patient’s visit. Id. at 1. Approximately 500,000 addenda were added during the period covered by the complaint, resulting in alleged damages in the range of $1 billion. Id. at 1, 74.

    See also United States’ Complaint-in-Intervention, United States ex rel. Kathy Ormsby v. Sutter Health and Palo Alto Medical Foundation, No. 3:15-cv-01062-JD (N.D. Cal. Mar. 4, 2019). Sutter Health physicians were pressured to add risk-adjusting diagnoses codes for conditions that had resolved in prior years and no longer mapped to an HCC, and to add addenda for past patient encounters, even a year old. Sutter Health settled the False Claims Act suit in 2021 for $90 million plus a five-year Corporate Integrity Agreement. ↑

39. Such activity includes: Medicare Advantage organizations ”querying” physicians, directing them to supplement their documentation to add risk-adjusted diagnoses; improper use of amendments or addenda to add high-dollar risk-adjusted diagnoses six to twelve months after the patient encounter; and inconsistencies between diagnoses on problem lists compared against current encounter documentation. Ctrs. for Medicare & Medicaid Servs., Contract-Level Risk Adjustment Data Validation: Medical Record Reviewer Guidance in effect as of 03/20/2019 at 42–43, 52, 60–61 (2018). There is no indication that this RADV audit medical reviewer checklist is no longer in effect. ↑

40. Id. Findings in RADV audits focus on diagnoses the HHS OIG asserts are at high risk of being used improperly; this is audit specific, but there some diagnoses that are used frequently. See, e.g., Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Specific Diagnosis Codes That HumanaChoice (Contract R5826) Submitted to CMS (Sept. 30, 2022) (high-risk groups of diagnoses: acute stroke, acute heart attack, embolism, vascular claudication, major depressive disorder, lung cancer, breast cancer, colon cancer, and prostate cancer); Off. of Inspector Gen., U.S. Dep’t of Health & Hum. Servs., Medicare Advantage Compliance Audit of Specific Diagnosis Codes That MCS Advantage, INC. (Contract H5577) Submitted to CMS (Mar. 24, 2023) (same set of high-risk groups of diagnoses). ↑

41. See Sabrina Skeldon, How the new “RADV” rule will affect physicians, Getting Paid: Blog from FPM J. (Sept. 12, 2023). ↑

In re Fox Corporation/Snap Inc. Section 242 Litigation, C.A. Nos. 2022-1007, 2022-1032, 120 (Del. Jan. 17, 2024) (Seitz, C.J.)

In a decision driven by long-standing precedent and a close adherence to historical interpretations of the Delaware General Corporation Law (“DGCL”), the Delaware Supreme Court (the “Court”) affirmed the Court of Chancery’s holding that Section 242(b)(2) of the DGCL did not require a separate class vote of nonvoting shares for a certificate of incorporation amendment to provide for officer exculpation under Section 102(b)(7).

In 2022, the board of Fox Corporation (“Fox”) adopted a certificate of incorporation amendment in accordance with the recent revisions to Section 102(b)(7). The capital stock of Fox was comprised of two classes: Class A Common Stock and Class B Common Stock. The holders of Class A Common Stock did not have voting rights. The holders of Class B Common Stock were entitled to one vote per share, and they were the only class to vote on the amendment, which was ultimately approved.

The board of Snap Inc. (“Snap”) adopted a similar certificate of incorporation amendment. Like Fox, Snap had a multi-class capital structure. The holders of Class A Common Stock did not have the power to vote, the holders of Class B Common Stock were entitled to one vote per share, and the holders of Class C Common Stock were entitled to ten votes per share. The Class C stockholders executed a written consent approving the amendment.

A Class A Fox stockholder and a Class A Snap stockholder filed suit against their respective companies, seeking a “declaration that the charter amendments did not comply with Section 242(b)(2) and were invalid.” The matters were consolidated.

Section 242(b)(2) provides, in relevant part:

The holders of the outstanding shares of a class shall be entitled to vote as a class upon a proposed amendment, whether or not entitled to vote thereon by the certificate of incorporation, if the amendment would increase or decrease the aggregate number of authorized shares of such class, increase or decrease the par value of the shares of such class, or alter or change the powers, preferences, or special rights of the shares of such class so as to affect them adversely. (Emphasis added.)

Relying on this language, the plaintiffs asserted that stockholders have three fundamental powers—the power to vote, to sell, and to sue. As such, the plaintiffs argued that, by depriving stockholders of the ability to sue officers for duty of care violations, the amendment infringed on one of those powers and therefore triggered a class vote of each class of capital stock pursuant to Section 242(b)(2).

At the subsequent summary judgment hearing in this matter, the plaintiffs argued: (i) that the word “powers” should be read broadly, and in conjunction with other, unrelated sections of the DGCL, and (ii) that Hartford Accident & Indemnity Co. v. Dickey Clay Mfg. Co. (“Dickey Clay”) and Orban v. Field (“Orban”), two seminal cases interpreting Section 242(b)(2), were inapplicable to the present dispute because those cases did not, at their core, deal with “the elimination of a personal power.” By contrast, the defendants asserted that: (i) the word “powers” only referred to “special characteristics of the class” and that the term needed to be closely analyzed in conjunction with the phrase “preferences, or special rights of the shares of such class” and (ii) the long-standing precedent of Dickey Clay and Orban provided strong support that Section 242(b)(2) should apply to only the “peculiar” or “special” characteristics of stock.

The Court of Chancery, while hesitant to do so, granted summary judgment in favor of the defendants and held that “the officer exculpation amendment d[id] not require a class vote of the company’s non-voting stock because the officer exculpation amendment d[id] not affect a power, preference, or special right that appears expressly in the charter.” The Court of Chancery arrived at this conclusion by conducting a textual analysis of Sections 242(b)(2) and 102(a)(4) of the DGCL and reviewing precedent as well as practitioner understanding and commentary.

More specifically, the Court of Chancery first concluded that while the plaintiffs attempted to shape the right to sue officers for monetary damages for a breach of the duty of care as a power specially granted to stockholders, such a power was not set forth in the certificate of incorporation or in the DGCL, and, accordingly, the Fox and Snap amendments did not require a separate Class A stockholder vote. Second, the Court of Chancery drew upon Dickey Clay and Orban, which stand for the proposition that a Section 242(b)(2) vote is only necessary when the amendment “adversely affect[s] a peculiar attribute of the class of stock rather than rights incidental to stock ownership.” Lastly, the Court of Chancery concluded that the plaintiffs’ argument was not well-supported by treatises, general commentary, or practice.

On appeal, the plaintiffs argued that the Court of Chancery: (i) improperly rejected the plaintiffs’ interpretation of the word “powers” and their argument that the right to sue officers falls under the powers referenced in Section 242(b)(2); (ii) incorrectly relied on Dickey Clay and Orban; and (iii) wrongfully considered the legal community’s understanding of Section 242(b)(2) as part of its analysis. The Court addressed, and rejected, each of these arguments.

First, after diving into the lengthy history of Section 242(b)(2) and the case law interpreting it, the Court analyzed Section 242(b)(2) in conjunction with two additional provisions of the DGCL: Sections 102(a)(4) and 151(a). Section 102(a)(4) provides that the “powers, preferences and rights” of class-based stock must be included in a corporation’s certificate of incorporation. Section 151(a) discusses the “powers,” “preferences,” and “special rights” that may be granted to specific classes of stock and provides that such powers “shall be stated and expressed in the certificate of incorporation or of any amendment thereto . . . .” As the Court noted, Section 242 directly references amendments to the certificate of incorporation, thereby connecting it to Section 151(a).

The Court continued by explaining that the “powers, preferences, and rights” that are incorporated into all three of the above-mentioned statutes are not defined in Section 242(b)(2), but that Sections 102(a)(4) and 151(a) shape the understanding of Section 242(b)(2) as “limit[ing] the ‘powers, preferences, or special rights’ of a class to those authorized by Section 151(a) and expressed in the charter under Sections 151(a) and 102(a)(4).” Importantly, these powers may either be expressly set forth in the certificate of incorporation or may be incorporated pursuant to Section 394, which provides that the DGCL is part of the certificate of incorporation of every Delaware corporation.

Then, the Court, disagreeing with the plaintiffs’ introduction of rather selective definitions of the word “power,” again explained the importance of understanding Section 242(b)(2) in relation to Sections 102(a)(4) and 151(a), and further explained that the term “powers” is meant to refer to “specific class powers . . . and not to general powers incidental to stock ownership.” The Court also dismissed plaintiffs’ argument that “power” should be read in conjunction with other provisions of the DGCL. Specifically, the Court explained that plaintiffs’ cited provisions only referred to the power to sue in certain contexts, rather than defining the right to sue as a power specific to the shares of a class. The Court also declined to accept plaintiffs’ argument that requiring a class vote for powers stated in the certificate of incorporation, but not requiring such a vote for identical powers stemming from the DGCL, creates an inequality. As the Court had noted earlier, the DGCL, through Section 394, makes it clear that the DGCL is part of the certificate of incorporation of every Delaware corporation, thereby eliminating any potential inequality.

Second, the Court summarily dealt with plaintiffs’ precedent argument, concluding that “for three quarters of a century, Dickey Clay has stood for two points: 1) that rights incidental to stock ownership are not a peculiar characteristic of the shares of a class of stock, and 2) that Section 242(b)(2) should be read considering other provisions of the DGCL.” Fifty years later, Orban confirmed the value of Dickey Clay. As such, the Court affirmed the Court of Chancery’s reliance on, and application of, Dickey Clay.

Finally, the Court also rejected plaintiffs’ third argument. The Court briefly recognized legal practitioners’ near-unanimous understanding of how Section 242(b)(2) operates, as evidenced by the fact that nine multi-class corporations that amended their certificates of incorporation to include director exculpation provisions under Section 102(b)(7) concluded that a multi-class vote was not necessary, a point raised during summary judgment. Further, the Court highlighted the Court of Chancery’s statement that since Section 102(b)(7) was adopted nearly forty years ago, the plaintiffs were the first to argue that an exculpation amendment required a class vote. Lastly, the Court explained that the Court of Chancery’s observation of practitioner commentary did not substantially contribute to its ultimate holding.

Proponents of marijuana reform have had cause for celebration in recent months. Despite challenges facing the industry, the political and social momentum surrounding cannabis is ticking upward.

Recently, the marijuana industry touted the passage of the Secure And Fair Enforcement Regulation Banking Act (SAFER Banking Act) by the Senate Banking Committee. The SAFER Banking Act passed by a notable bipartisan majority of 14–9 on September 27, 2023. The bill (S. 2860) was placed on the Senate legislative calendar under general orders the following day. A Senate floor vote is now pending.

Despite the SAFE Banking Act passing in the US House of Representatives on seven previous occasions since its first passage in 2019, the SAFER Banking Act’s advancement through the Senate has caused quite a stir among not only cannabis and cannabis-related businesses, but also among banks, credit unions, insurers, lenders, and more—especially those that have, until now, elected not to serve the cannabis industry due to the risk that they could be prosecuted given federal restrictions on cannabis. While some banks, credit unions, and other financial services providers do serve the cannabis industry, the majority of state-legal medicinal or recreational cannabis businesses do not participate in traditional and secure banking systems and financial services for this very reason.

The advancement of the SAFER Banking Act by the Senate Banking Committee may be a signal that significant changes are on the horizon, making marijuana a bigger, more accessible product throughout the country—and allowing cannabis industry participants to make bigger deals—in the near future.

Marijuana Gains Momentum at Federal and State Levels

Based on recent events, it seems likely marijuana will be rescheduled under the Controlled Substances Act (CSA) sometime this year, garnering attention nationwide. While industry experts have discussed the potential impacts of rescheduling marijuana from a Schedule I substance to a Schedule III substance—including offering relief from Internal Revenue Code 280E, resulting in a much lower effective tax rate for businesses across the industry, as well as providing expanded opportunities to research the plant and its impact on and interactions with the human body—many questions still remain with respect to how the rescheduling of marijuana could impact a cannabis or cannabis ancillary company’s ability to access financial services. As reported previously, “[i]t is unclear if the change from Schedule I to Schedule III will impact the marijuana industry’s ability to access financial services. Although many risks may be reduced, they are not fully eliminated. Time will tell if and how this change in marijuana re-scheduling will change the risk appetite of banks, credit unions, and other financial service providers.”

The passage of the SAFER Banking Act, conversely, would have substantial direct impacts on banks, credit unions, and other financial service providers.

Zooming in, thirty-eight states and Washington, DC, currently allow for the medical use of marijuana. Voters or legislators in twenty-three states and Washington, DC, have passed laws regulating the non-medical (so-called “recreational”) use of cannabis. There have been several notable developments in the past year: Maryland’s recreational marijuana market opened on July 1, 2023, and Maryland cannabis retailers sold more than $85 million worth of products during the state’s first month of legal sales. Minnesota’s law—the most recently implemented—went into effect on August 1, 2023. Ohio voters approved a measure to legalize recreational marijuana in early November, and recreational marijuana may be on the ballot in Florida in 2024 as well.

Key Provisions of the SAFER Banking Act

In sum, the key provisions of the SAFER Banking Act include the “safe harbor”—or protections—from certain criminal, civil, and administrative penalties that may otherwise result due to the status of marijuana under federal law on the basis of the institution’s provision of financial services to a “State-sanctioned marijuana business or service provider.”

While marijuana will remain illegal under the SAFER Banking Act, the law would resolve the tension between federal and state law with respect to banking, lending to, and insuring a state-legal cannabis business. While the authors of this article are not aware of any enforcement action taken against a bank or credit union solely on the basis of its providing services to a state-legal marijuana business, a pattern of non-enforcement does not operate as a shield against future enforcement. The fear of such enforcement operated as a substantial barrier to marijuana-related businesses obtaining financing and banking products in recent years.

Under the SAFER Banking Act, certain applicable guidelines and restrictions will remain in place—primarily surrounding due diligence and ongoing monitoring for suspicious activities, all activities to which banking and financial institutions are accustomed in the context of other highly regulated industries.

The Scope of the SAFER Banking Act

Payments: The SAFER Banking Act includes the following payments-related activities under the definition of “financial service(s)” that are protected under the Act’s safe harbor provisions:

1. “whether performed directly or indirectly, the authorizing, processing, clearing, settling, billing, transferring for deposit, transmitting, delivering, instructing to be delivered, reconciling, collecting, or otherwise effectuating or facilitating the payment of funds that are made or transferred by any means, including by the use of credit cards, debit cards, other payment cards, or other access devices, accounts, original or substitute checks, or electronic funds transfers;” and
2. “acting as a money transmitting business that directly or indirectly makes use of a depository institution in connection with effectuating or facilitating a payment for a State-sanctioned marijuana business or service provider.” Sec. 2(7)(B)(ii–iii).

Insurers: The text of the bill also provides protections for insurers engaging in the business of insurance with a state-sanctioned marijuana business or service provider of the relevant legal jurisdiction against being held liable pursuant to any federal law or regulation solely for providing a financial service, or for further investing any income derived from such a financial service. Sec. 2(1), Sec. 2(7)(B)(i). The language of the SAFER Banking Act also expands these protections to insurers that “otherwise engage[] with a person in a transaction permissible pursuant to a law (including regulations),” Sec. 5(c), language that notably does not appear in the House’s SAFE Banking Act.

Mortgage Loans: Under the SAFER Banking Act, income derived from a legally operating state-sanctioned marijuana business “shall be considered in the same manner as any other legal income for purposes of determining eligibility for a covered mortgage loan for a 1- to 4-unit property that is the principal residence of the mortgagor.” Sec. 9(b)(1). Further, a mortgager or servicer may not be held liable pursuant to any federal law or regulation solely for providing, guaranteeing, purchasing, or securitizing a mortgage to an otherwise qualified borrower, or for accepting such income as payment on the covered mortgage loan. Sec. 9(b)(2)(A)–(B). Nor may a relevant legal interest be forfeited solely based on an entity’s providing, insuring, guaranteeing, purchasing, or securitizing a mortgage to an otherwise qualified borrower, or accepting marijuana-related income as payment on a covered mortgage loan.

The SAFER Banking Act provides 180 days after its enactment for affected agencies, departments, corporations, and more to provide notice of the implementation of the law previously described by notice, mortgagee letter, circular or handbook, bulletins, seller/servicer guides, and guidelines as directed thereby.

Forfeiture: A critical consideration in any discussion of the relevant risks faced by all parties providing goods or services to the cannabis industry is the risk of forfeiture.

Addressing these issues, the SAFER Banking Act provides express protections against “criminal, civil, or administrative forfeiture” of relevant “legal interest[s]” solely for providing a financial service to a state-sanctioned marijuana business or service provider, or for further investing any income derived from such a financial service. See Sec. 5. The beneficiaries of these protections include depository institutions, community development financial institutions, federal reserve banks, federal home loan banks, federal national mortgage associations, federal home loan mortgage corporations, and federal agencies making, insuring, or guaranteeing mortgage loans or securities. These protections also extend to other parties to mortgage loans (such as nondepository lenders that make a covered mortgage loan, as further defined, and any person who otherwise has a legal interest in such a loan or in the collateral of the loan, including individual units of condominiums and cooperatives, provided that the collateral is a property designed principally for the occupancy of one to four families and underwritten, in whole or in part, based on income from a state-sanctioned marijuana business or service provider). Sec. 5(d).

Hemp: The SAFER Banking Act also addresses challenges faced by “hemp-related legitimate businesses.” Sec. 8. Acknowledging that “despite the legalization of hemp, some hemp businesses (including producers, manufacturers, and retailers) continue to have difficulty gaining access to banking products and services”—including that “businesses involved in the sale of hemp-derived CBD products are particularly affected, due to confusion about the legal status of such products” —the SAFER Banking Act requires each federal banking regulator to update guidance related to providing financial services to “hemp-related legitimate business and hemp-related service providers.” Sec. 8(c).

Specifically, regulators will have 180 days to provide guidance concerning compliance with obligations of financial institutions, as well as best practices for providing financial services—expressly including processing payments—to such businesses and service providers.

Will Financial Institutions Be Required to Serve the Marijuana Industry?

Under the newly revised legislation, the Treasury Secretary is required to publish updated guidance titled “BSA Expectations Regarding Marijuana-Related Businesses” (FIN–2014–G001), or otherwise issue new guidance to “ensure[] that a financial institution, and any director, officer, employee, or agent of a financial institution continues to report suspicious transactions” within one year of the enactment of the SAFER Banking Act. Sec. 6(2). Notably, the previous version of the SAFER Banking Act initially introduced in the Senate provided the Treasury Secretary only half this amount of time (180 days) to issue amended or new guidance.^[1]

So what are banks, credit unions, insurers, lenders, and others to do in the meantime? Will institutions and entities be forced to do business with marijuana-related business and services providers?

If the SAFER Banking Act does become law, all relevant entities will be expected by Congress—despite no updated guidance in place at the time—to “take a risk-based approach in assessing individual customer relationships rather than decline to provide banking services to categories of customers without regard to the risks presented by an individual customer or the ability of the depository institution to manage the risk.” Sec. 10(a)(5).

But no, institutions will not be required to serve marijuana businesses; the Act states as much:

Nothing in this Act shall require a depository institution, an entity performing a financial service for or in association with a depository institution, a community development financial institution, or an insurer to provide financial services to a State-sanctioned marijuana business, service provider, or any other business.

Sec. 16(a).

The SAFER Banking Act’s passage would mean there would likely be a significant (voluntary) influx in market entry for financial services providers, as well as increased competition among new and existing financial, insurance, and related service participants in the cannabis industry. With that influx will come an increased need for these institutions and entities to engage in a wide range of state- and marijuana-specific business activities such as customer identification, risk-based customer diligence, and complying with suspicious activity monitoring and reporting obligations consistent with the business plan, risk profile, and management capabilities of the entity or institution.

A Risk-Based Approach: How to Prepare to Work with a Marijuana Business

The current FinCEN guidance (FIN-2014-G001, issued February 14, 2014) clarifying Bank Secrecy Act (BSA) expectations for financial institutions seeking to provide services to marijuana-related businesses is based on what are known as the “Cole Memos.” This guidance requires financial institutions in practice to develop a sophisticated expertise in the marijuana laws and marijuana business environment particular to each marijuana-related business customer.

This FinCEN guidance remains the current authority on BSA expectations for financial institutions that offer marijuana banking services and financial institutions generally, if any suspected marijuana-related activity taking place in the financial institution requires a report to be filed pursuant to the guidance. Briefly, the guidance restates the standards set out in Cole Memo I, including the eight enforcement priorities.

The FinCEN guidance then details the following requirements for financial institutions:

• Initial and Ongoing Customer Due Diligence. As part of the financial institution’s determination whether to open, close, or refuse an account.
• Suspicious Activity Reports (SARs). Regardless of any state law legalizing marijuana, financial transactions involving a marijuana-related business involve funds derived from presently federally illegal activity. Therefore, financial institutions must file SARs on marijuana-related business activity even if the marijuana-related businesses are legal under state law. There are three types of SARs for marijuana businesses, and financial institutions must determine which is appropriate for a transaction.
• Currency Transaction Reports. The marijuana industry is still overwhelmingly cash-based, and financial institutions must still comply with currency transaction reporting (CTR) requirements for marijuana-related transactions.

If the SAFER Banking Act passes, this guidance will be required to be updated within one year of its date of enactment.

Big Deal(s) Ahead

Despite the existing disconnect between federal and state law with respect to the treatment of marijuana, as well as the oft-conflicting federal guidance, some financial institutions have chosen to serve marijuana-related businesses in recent years. However, the SAFER Banking Act could change that landscape completely and usher in a new era of expanded banking, financing, and insurance of the cannabis industry throughout the United States.

1. Uniform guidance and examination procedures are also required to be developed by the Federal Financial Institutions Examination Council, in consultation with the Department of the Treasury, within one year of the enactment of the SAFER Banking Act. Sec. 7(a). ↑

Before a company raises its first round of financing, it’s crucial that the founding team understands how an equity round will impact the company’s capitalization table (“cap table”) and the founders’ ownership in the company. This article illustrates an easy way to conceptualize this impact and calculate a company’s post-money cap table following a financing.

Initial Share Distribution

Before we delve into the numbers, let’s imagine a scenario: Alice and Bob are the sole founders of XYZ Tech and are considering their first major financing round. Currently, Alice and Bob each hold 500,000 shares of XYZ Tech representing 50 percent of its outstanding equity.

The table below represents XYZ Tech’s cap table immediately prior to the financing:

Raising Cash – Transforming the Cap Table

Example 1: Initial Capital Raise Impact on XYZ Tech’s Cap Table

Assume that Alice and Bob meet with a prospective investor who is interested in investing $1 million in XYZ Tech based on a pre-money valuation of $15 million. By accepting these terms, XYZ Tech will receive an investment of $1 million in exchange for issuing equity to the new investor. This will increase XYZ Tech’s post-money valuation to $16 million (i.e., the company had $15 million of value, and an additional $1 million in cash was added to its balance sheet), but it will also dilute Alice and Bob’s ownership percentage of XYZ Tech (i.e., the pre-money capitalization).

Using these terms, we can calculate XYZ Tech’s post-money capitalization table using the following process:

1. New Investor Ownership Percentage: The $1 million investment translates into a 6.25 percent ownership stake in XYZ Tech on a post-money basis ($1,000,000 investment / $16,000,000 post-money valuation).
2. Founders Post-Money Capitalization Ownership Percentage: Alice and Bob currently own 100 percent of the company. After the investment, their combined ownership will adjust to accommodate the new investor’s 6.25 percent ownership stake, leaving them with 93.75 percent of XYZ Tech’s post-money capitalization (100% – 6.25%).
3. Post-Money Capitalization Shares: Post-money capitalization shares can be calculated by dividing the pre-money capitalization shares by Alice and Bob’s remaining ownership percentage after the investment (i.e., the founders’ post-money capitalization ownership percentage calculated in Step 2) (1,000,000 / 93.75% = 1,066,667).
4. New Investor Shares: To determine the actual number of shares that the new investor receives, we multiply the new investor ownership percentage we calculated in Step 1 by the post-money capitalization shares calculated in Step 3 (6.25% x 1,066,667 = 66,667).
5. Post-Money Cap Table: The final step is to update the cap table with the new share distribution. Optionally, you can include a column for the value of the shares held by each shareholder. This value can be calculated by multiplying the post-money ownership percentage by XYZ Tech’s post-money valuation. The revised cap table, with the optional “Value” column, would look like this:

Option Pool Increase and Convertible Notes

Example 2: Incorporating Convertible Notes and the Employee Stock Option Pool Prior to Investment

Now assume that XYZ Tech has an additional financial instrument in play prior to the financing: $500,000 in convertible notes that will convert at a 20 percent discount. For those unfamiliar with convertible notes, they are short-term debt that will usually convert into equity at the most favorable price per share derived from either a valuation cap or a discount during a company’s next equity financing. For this example, the notes convert using a discount rate.

Assume further that XYZ Tech is required to create an employee stock option pool (“ESOP”) equal to 15 percent of its post-money capitalization as part of the terms of the investment.

A simple way to calculate the post-money capitalization table is to begin by determining the ownership percentages of the new investor, the ESOP, the noteholders, and the founders, as follows:

1. New Investor Ownership Percentage: The new investor still receives a 6.25 percent ownership stake in XYZ Tech’s post-money capitalization ($1,000,000 / $16,000,000).
2. ESOP Ownership Percentage: XYZ Tech is required to allocate an option pool equal to 15 percent of its post-money capitalization.
3. Noteholders Ownership Percentage: The noteholders’ ownership percentage can be calculated by dividing the total value of the convertible notes after adjusting for the discount ($500,000 / 80% = $625,000) by the post–money valuation: ($625,000 / $16,000,000 = 3.90625%).
4. Founders Post-Money Capitalization Ownership Percentage: We calculate the founders’ post-money ownership percentage using the same method as before, except now we need to adjust to accommodate the new investor, the ESOP, and the convertible notes (100% – 6.25% – 15.00% – 3.90625% = 74.84375%).

As in Example 1, to calculate the total post-money capitalization shares, we divide the total pre-money capitalization shares by Alice and Bob’s remaining ownership percentage after the investment (1,000,000 / 74.84375% = approximately 1,336,117). Now we can determine the share amounts for each category and update the cap table with the new share distribution:

• ESOP Share Calculation: Multiply the ownership percentage by the total number of shares (15.00% x 1,336,117 = 200,418 shares).
• Noteholders Share Calculation: Multiply the ownership percentage by the total number of shares (3.90625% x 1,336,117 = 52,192 shares).
• New Investor Share Calculation: Multiply the ownership percentage by the total number of shares (6.25% x 1,336,117 = 83,507 shares).

Example 3: Incorporating Convertible Notes and the ESOP After the Investment

The timing of the option pool increase and conversion of outstanding notes or simple agreements for future equity (“SAFEs”)—that is, whether they occur before or after an equity investment—can have significant implications for a start-up’s valuation, investor share price, and founder dilution.

• Before the New Investment: Treating an option pool increase or the shares issued upon conversion of outstanding notes or SAFEs as occurring prior to the new investment effectively lowers a company’s post-money valuation and increases the dilutive impact on prior investors. This results in a higher share count before the investment and thus a lower share price for the new investor. If you compare Examples 1 and 2 above, you can see that including the ESOP and the noteholders in the company’s pre-money capitalization, before the new investment, dilutes Alice and Bob’s ownership in XYZ Tech and the effective value of their investment by 18.91 percent (93.75% – 74.84%).
• After the New Investment: Treating an option pool increase or the shares issued upon conversion of outstanding notes or SAFEs as occurring after the new investment means that the new investor will share some of the dilution with the current cap table. This results in a higher share price for investors and less dilution for the founders initially.

To illustrate this concept, let’s continue our ongoing analysis of XYZ Tech’s cap table from Example 2, except with a critical timing difference: the ESOP increase and the conversion of the convertible notes will occur after the investment. Since the convertible notes and the ESOP occur after the investment, we calculate the shares issued to the new investor using the same calculation as in Example 1.

1. New Investor Ownership: The new investor’s $1 million investment translates into a 6.25 percent ownership stake in XYZ Tech on a post-money basis, immediately prior to the conversion of the notes and the ESOP ($1,000,000 / $16,000,000 post-money valuation).
2. Post-Money Shares before ESOP and Note Conversion: Using the steps outlined in Example 1, we know that Alice and Bob’s one million shares represent 93.75 percent of XYZ Tech’s outstanding equity and that the shares allocated to the new investor are equal to 66,667. Therefore, the total capitalization of XYZ Tech immediately after the investment but before the conversion of the notes and the option pool increase is 1,066,667 shares (1,000,000 / 93.75%), which represents $16 million from a valuation perspective.
3. Note Conversion: The number of shares issued to the noteholders can be calculated using the same methodology as before, except that the ownership percentage for the noteholders is multiplied by the number of shares calculated in Step 2 above (3.90625% x 1,066,667 = 41,667).
4. Calculating Total Post-Money Capitalization: We can use the same methodology outlined above to calculate the total post-money capitalization, except that now both the new investor and the noteholders are included with Alice and Bob in the capitalization calculations. This means that we can calculate post-money capitalization by dividing 1,108,334 (1,066,667 + 41,667) by 85 percent (100% – 15% (ESOP)), which equals 1,303,922.

This scenario illustrates how the timing of the ESOP increase and note conversion influences the cap table. By deferring these actions until after the investment, the new investor and the noteholders share in the dilution, reducing the total dilutive impact on the founders (Alice and Bob) by 1.848 percent.

Summary

In conclusion, mastering cap table math is vital for start-up success. Founders must comprehend the impact of financing on ownership and valuation to make informed decisions. This guide simplifies the complexities, empowering entrepreneurs with the knowledge to navigate equity distribution and maintain the integrity of their vision and ownership.

Recent regulatory proposals have kick-started the open banking sprint.^[1] As both banks and fintechs adopt open banking innovations, however, new all-encompassing digital interfaces, paired with artificial intelligence (“AI”), will raise critical questions about data protection, consent, and current disclosure frameworks. Entities must dedicate sufficient resources to design, test, and protect AI and protect privacy as they enter the new, exciting open banking landscape.

The Future of Open Banking

In the not-so-distant future, we will find ourselves in a brave new world of consumers sharing deposit, credit card, loan, and mortgage data across enterprises, to display and interact with their full financial profile in one dynamic interface. In that world—known as “open banking”—privacy implications and potential AI applications loom large.

This future has been accelerated by the proposed rule on open banking announced by the Consumer Financial Protection Bureau (“CFPB”) on October 19, 2023. The proposed rule mandates that financial institutions, card issuers, and payment providers make consumer data—including transaction data—readily available to consumers and authorized third parties. In addition, the proposed rule institutes consumer protection obligations on collection and use of that data and prohibits data providers from imposing fees for establishing and maintaining these new-age interfaces.

Further dissection of the CFPB’s proposed rule on personal financial data rights illustrates an expectation that digital interfaces will play a primary role in the banking ecosystem, as well as a staunch desire to prevent potential exploitation through limitations and protections on the use of personal financial data. Key considerations will include implementation of robust encryption mechanisms, transparent data governance practices, and protection against inadvertent disclosure of sensitive financial information.

The Proposed Section 1033 Rule: Overview

Section 1033 of the Dodd-Frank Act provides consumers the right to obtain their information relating to a consumer financial product or service in an electronic form from a covered person subject to CFPB rulemaking to implement this statutory provision. The CFPB has described its proposed rulemaking as accelerating the shift to open banking, which is the idea that financial information will flow among various parties in the financial services ecosystems, including banks, fintechs, data aggregators, and consumers. However, the proposed section 1033 rules currently are limited to regulating the flow of consumer financial data from data providers to consumers and third parties authorized to access that data by the consumer. The comment period on the proposed rule closed on December 29, 2023.

The rule represents one of CFPB Director Rohit Chopra’s signature priorities because it addresses his desire both to regulate what he refers to as the monetization of consumer data and to promote competition in consumer financial services. Competition in the marketplace arguably is bolstered by consumers having the ability to “vote with their feet” and more easily move their financial data from one entity to another. Because of the rule’s importance to Chopra’s agenda, a final rule is likely to be issued by late spring to avoid potential Congressional Review Act invalidation. The compressed time frame from proposed to final rule suggests that there will not be significant change in scope between the proposed and final rules.

Elements of the Proposed Rule

The proposed rule establishes pertinent terminology: data providers, covered data, and authorized third parties. In the initial iteration of the rule, data providers are limited to financial institutions as defined by Regulation E and credit card issuers as defined by Regulation Z.^[2] (The CFPB has intimated that expanding the applicability of this data access right to other markets will likely be the subject of future rulemakings.)

This first round of rulemaking applies to covered data relating to Regulation E accounts and Regulation Z credit cards.^[3] Authorized third parties are those that are permitted to request covered data from a data provider.^[4] They will have to comply with certain authorization procedures that require express consent by the consumer that is limited in duration.^[5] Moreover, they will be subject to a limitation on use and retention of covered data and will be required to condition further disclosure of consumer data to other third parties upon that third party’s agreement by contract to comply with the section 1033 authorization requirements.^[6] These restrictions on the flow and use of data by third parties and other players in the payments ecosystem will undoubtedly have implications for consumers’ privacy and use cases for AI as open banking develops and evolves in the United States.

The proposed rule seeks to impose a framework in which data transfers are accomplished via application programming interface (“API”) calls rather than by existing methods such as screen scraping or credential sharing. Data providers will be required to maintain a consumer interface and establish and maintain a developer interface, both of which must meet certain performance specifications, to receive and respond to data access requests.^[7] Data providers generally will not be allowed to restrict the frequency of access requests, nor will they be permitted to deny access requests except in limited circumstances to address risk management concerns.^[8]

Notable Gaps in the Proposed Rule

Banking industry trade groups, whose members are subject to the proposed rule, have sharply critiqued the proposed rule for failing to be sufficiently prescriptive on issues relating to data accessibility and for being nearly silent on issues relating to liability for mishandling data.^[9]

Indeed, many of the standards by which the CFPB proposes to make data accessible and available to consumers and authorized third parties appear to be delegated to standard-setting organizations (“SSOs”) that have yet to be recognized by the CFPB. The Financial Data Exchange, widely regarded by industry groups as the leading contender to qualify as a standard-setting organization, does not yet function in the form that the proposed rule contemplates. And there is no industry-wide agreement on whether any CFPB-recognized SSO should enjoy enforcement power or otherwise be able to mandate adoption of the standards it promulgates. Nor does the proposed rule contemplate that a data provider’s compliance with any standards promulgated by a recognized SSO will provide a safe harbor from any regulatory action. The lack of certainty around the role that an SSO will play under the final rule and the implementation of appropriate governance that an SSO will need to achieve recognition leaves many in the banking industry viewing the short compliance time frames in the proposed rule (which are staggered according to asset thresholds, with the first time frame to take effect six months after publication of the final rule in the Federal Register) as unworkable.

The proposed rule fails to resolve questions of liability for any potential misuse, misappropriation, or breach of a consumer’s financial data. That silence is a notable asymmetry to the obligations (and corresponding liability) that Regulation E and Regulation Z impose on financial institutions and credit card issuers to investigate disputes. The proposed rule’s failure to allocate liability is likely to disadvantage financial institutions relative to nonbanks: because consumers are more likely to complain to their banks in the first instance about potential unauthorized payments transfers, even if an authorized third party or a player even further downstream was the one that mishandled the data resulting in the alleged payment, banks will likely need to invest greater resources than nonbanks to comply with their Regulation E obligations. Any investment to meet increased compliance demands may result in either an increase in the price of banking products or services or reduced offerings of such products and services, or both, none of which would benefit consumers.

Instead, the proposed rule contemplates that liability will be handled by private contract among data providers and authorized third parties. Banking trade groups have appropriately raised concerns that larger market players—such as data aggregators and other nonbank institutions—will be able to leverage their bargaining power to minimize their liability. Leaving liability to private contract also raises the specter of inconsistent treatment of data and remedies for consumers in the event of a breach or misuse of data.

The Proposed Rule’s Potential to Blunt the Promotion of Open Banking

The promise of open banking that the proposed rule seeks to advance may be undone by two of its key aspects.

First, under the proposed rule, data providers are not permitted to charge fees in connection with developing and maintaining the data access interfaces. The costs of developing and maintaining these interfaces will be significant, with various trade groups estimating development costs of approximately “the high tens of millions of dollars”^[10] and ongoing maintenance costs ranging anywhere from “millions of dollars each year”^[11] to “approximately $15 million beyond what is currently spent to provide consumers and third parties with covered data through existing APIs.”^[12] There is also significant cost incurred by a data provider in ensuring the security of that data when it is transferred in response to an access request. Larger institutions may be able to better leverage the work they’ve already put in to facilitate data transfers in the market as it exists today, but smaller financial institutions will not necessarily have done this work. Industry groups have argued that smaller financial institutions in particular may decrease their product offerings to consumers without a way to recoup any of the costs of their technology investments.

Further, the proposed rule imposes limitations on third parties’ use of consumer data obtained from data providers. The proposed rule provides that third parties must limit their use, retention, and collection of covered data to what is “reasonably necessary to provide a consumer’s requested product or service.”^[13] The rule prohibits, as not “reasonably necessary,” use of covered data to provide targeted advertising, to cross-sell other products or services, or to sell the data itself.^[14] While such limitations may be laudable from a consumer privacy perspective, they may nonetheless inhibit the achievement of open banking without greater regulatory clarity about what is “reasonably necessary” to provide a consumer’s requested product or service. It is less than clear, for example, whether a third party may collect and use consumer data to train algorithms that may in turn improve the quality of the requested product or service. Nor is it certain whether a third party may use consumer data to forecast trends that may improve credit underwriting or inform new product development.

Privacy and AI Implications

The interplay between open banking and data rights raises critical issues across state privacy regimes and federal financial services requirements—including the Gramm-Leach-Bliley Act’s safeguarding mandates. Handing users financial data-sharing control across digital services, platforms, and sectors will now drive industry obligations. However, this control sans safeguards will not only create a minefield for privacy overexposure but also open floodgates for bad actors.

When “forced” to share data, financial institutions will need to ensure secure transfer to prevent breach and compromise of consumers’ data. This will include salting, hashing, and/or tokenizing numbers to eliminate security risk, and identifying compromised points—while limiting friction on customer end points. Tokenized Account Numbers (TANs) will assist in the solution, through obfuscating raw data, pinpointing a breach (since TANs are merchant-specific), and promoting scalability. TANs are also utilized by users and merchants today and will fulfill section 1033’s mandate for secure, standardized documentation through a low-code, or no-code integration path.

In addition to the other benefits noted, open banking’s inevitable integration of AI models/algorithms will increase efficiency and user personalization. The increase in reliance on AI-driven data analytics, however, will require a continued balance between innovation and safeguarding user privacy. Named entity recognition (NER), as a subset of natural language processing (NLP), will undoubtedly be used to extract relevant information from open banking’s text-based transaction data—both for beneficial use cases such as organization and ease of customer use and for improper uses like payment surveillance. Machine learning will also solve classification problems with ease—identifying purchasing, prioritizing payments, and supporting other open-banking use cases.

Conclusion

If properly implemented, open banking will drive exciting pro-consumer innovation and competition in financial services. This new reality will have to balance privacy and AI implications to build consumer trust and maximize the potential of section 1033. To do so, the CFPB should take into account legitimate concerns raised by financial institutions regarding the burdens that the proposed rule places on them to ensure the accuracy, integrity, and accessibility of sensitive payments–related and other financial data to consumers and authorized third parties—without any ability to recoup the significant costs involved, to protect themselves against liability once the data leaves their control, or to prepare adequately for compliance with the rule in the absence of certainty as to the role SSOs will play under this regulatory framework.

1. Jehan Patterson is counsel at Debevoise & Plimpton LLP; Sumeet Chugani is general counsel at Cloaked. The coauthors participated on a panel titled “AI + Privacy in the New Age of Open Banking” presented at the American Bar Association’s Consumer Financial Services Committee Winter Meeting on January 7, 2024, in Santa Barbara, California, and their remarks are adapted for this article. In addition, Patterson assisted one of the industry trade groups cited in a footnote to this article in preparing comments on the proposed rulemaking to implement section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. ↑

2. Proposed Rule 12 C.F.R. § 1033.111. ↑

3. Id. §§ 1033.111, 1033.211. ↑

4. Id. §§ 1033.131, 1033.401. ↑

5. Id. § 1033.401. ↑

6. Id. § 1033.421(a), (f). ↑

7. Id. § 1033.301(a). ↑

8. Id. § 1033.311(c)(2). ↑

9. See, e.g., SIFMA Comment Letter (Dec. 20, 2023); Consumer Bankers Association Comment Letter (Dec. 29, 2023); American Bankers Association Comment Letter (Dec. 29, 2023); Bank Policy Institute & Clearing House Association Comment Letter (Dec. 29, 2023). ↑

10. Consumer Bankers Association Comment Letter, supra note 8, at 16. ↑

11. Id. at 17. ↑

12. SIFMA Comment Letter, supra note 8, at 8. ↑

13. Proposed Rule 12 C.F.R. § 1033.421(a)(1). ↑

14. Id. § 1033.421(a)(2). ↑

The case of Hardwick v. 3M, a per- and polyfluoroalkyl substances (PFAS) class action lawsuit filed in Ohio, has been marked as one of the most significant legal cases in recent history. The Sixth Circuit Court of Appeals granted interlocutory review of this enormously significant case on September 9, 2022. However, on November 28, 2023, the Sixth Circuit Court of Appeals dismissed the class action, holding that the lead plaintiff failed to identify which companies made the “forever chemicals” detected in his blood.

The Hardwick case is noteworthy due to the proposed scope of plaintiffs that counsel sought to include in the case. The lawsuit aimed to include any US citizen with detectable levels of PFAS in their blood, which is estimated to be over 95 percent of the US population.

Instead of seeking relief in the form of monetary damages, the suit sought to establish a medical monitoring program for affected citizens. It also sought to establish an independent science panel to study the effects of numerous PFAS on human health. In March 2022, the Ohio court ruled that the class of plaintiffs allowed to proceed with the lawsuit was “[i]ndividuals subject to the laws of Ohio who have 0.05 parts per trillion (ppt) of PFOA (C-8) and at least 0.05 ppt of any other PFAS in their blood serum.”

Although the Ohio federal district court rejected the lead plaintiff’s proposed nationwide class, it nonetheless certified a class of what the Sixth Circuit’s order granting interlocutory review referred to as “nearly all 11.8 million residents of Ohio, along with anyone else otherwise subject to its laws.” The court limited the class to individuals subject to Ohio law instead of making it nationwide due to the fact that numerous states do not yet recognize medical monitoring as a legal cause of action, and some states do not permit lawsuits to proceed for an increased risk of disease without any proof of actual harm.

Sixth Circuit Vacates District Court’s Class Certification

On November 27, 2023, in a strongly worded order, the Sixth Circuit vacated the district court’s class certification and remanded with instructions to dismiss for lack of jurisdiction.^[1] The Sixth Circuit stated that “[s]eldom is so ambitious a case filed on so slight a basis,” acknowledging that PFAS exposure is a “fact of daily life” for Americans, involving thousands of compounds manufactured by thousands of companies over the last fifty-plus years, with human body concentration reductions varying from days to years depending on the compound type.

The Sixth Circuit held that the plaintiff lacked standing due to the absence of particular allegations about how each defendant manufactured or provided a plausible pathway that likely delivered to the plaintiff’s body any one of the five detected PFAS compounds. The court found that the plaintiff pled only collective and conclusory allegations against all defendants for the trace quantities of only five PFAS compounds, while not knowing which companies manufactured those five PFAS compounds, not having any current sickness or symptoms, and not knowing whether PFAS exposure may someday make him sick. Thus, even at the pleadings stage, a plaintiff must do more than make a conclusory “the-defendant-unlawfully-harmed-me-accusation.” Hardwick failed to allege facts “supporting a plausible inference that any of these defendants caused these five particular PFAS to end up in his blood.”

Implications

The Hardwick decision is instructive in evaluating future PFAS claims. Absent evidence of traceability to the defendant at the time of filing, plaintiffs will have a difficult time surviving dispositive motions on the basis of standing. This decision sets forth a burden for standing plaintiffs must meet in order bring PFAS claims against multiple defendants. Plaintiffs must establish a “plausible pathway” at the time of filing. This will require tying an alleged injury to a particular defendant. In short, plaintiffs will have to show traceability back to the defendants at the time of filing the complaint in order to survive dispositive motions.

Facing PFAS exposure claims, companies may want to consider conducting qualified environmental audits with use of outside counsel in identifying sources where PFAS is used either in their manufacturing process or in their parts received by suppliers. Audits will enable companies to distinguish the type of PFAS in question and trace potential exposure pathways for those PFAS chemicals.

Similarly, on January 12, 2024, a northern California federal district court dismissed the PFAS-related class action case of Lowe v. Edgewell Personal Care Company on the grounds that its plaintiffs had not plausibly alleged injury from the products at issue. The Lowe plaintiffs brought their actions against two different tampon product lines, claiming that the presence of PFAS rendered the manufacturer’s various representations about the products “false and misleading.”

The manufacturers filed motions to dismiss the actions on the grounds that the plaintiffs had not plausibly alleged that its products contained PFAS and that any alleged amount of PFAS rendered the products harmful, or that PFAS can be traced back to the manufacturers.

The Court granted defendants’ motion to dismiss, holding that plaintiffs’ allegations provided no specificity as to the results reached by the independent testing or any other findings that would support their interpretation of the testing results. It also found the plaintiffs to have merely speculated that the tampon components were likely to contain PFAS because those chemicals are “frequently” used to make materials water-repellent.

The court further found that plaintiffs’ allegations that the tampons contained PFAS to be insufficient because the plaintiffs did not provide any information showing how much PFAS the tampons might have contained, let alone whether that level of PFAS in a tampon might be harmful.

Conclusion

Hardwick is a virtual roadmap for all companies facing alleged PFAS exposure issues, providing a step-by-step basis for challenging standing. It appears that federal courts will not allow just any complaint containing PFAS allegations to progress past the pleading stage of litigation. Plaintiffs will have to show some plausible pathway that can be traced back to the defendant. Environmental audits focused on a cradle-to-grave examination from the time the PFAS chemical is created or used up through the time it is properly disposed will be invaluable. It will likely require the use of qualified environmental consultants and outside counsel but is well worth the investment of time and expense.

1. Hardwick v. 3M Co. (In re E.I. du Pont de Nemours), 2023 US App. LEXIS 31297 (6th Cir. Nov. 27, 2023). ↑

Canada’s M&A activity is poised at the crossroads of anticipation and opportunity as we step into 2024. Reflecting on both recent trends that have shaped the Canadian legal landscape and predicted ones, it’s clear that a sense of cautious optimism pervades discussions about the future.

In this article, we delve into the anticipated trends in Canada’s M&A landscape for 2024. Through a pragmatic lens, we explore key factors shaping the M&A environment, ranging from considerations like interest rates and inflation to the evolving dynamics of private credit and the increasing international interest in Canadian renewable energy.

Increased Confidence Surrounding Interest Rates and Inflation

In the evolving landscape of Canadian M&A in 2024, a critical factor influencing dealmaking will be the projected stabilization of interest rates and inflation. Some buyers may remain cautious, evaluating economic conditions, while others, stimulated by the “new normal” of higher interest rates, may boldly charge forward with M&A activity.

The Bank of Canada and the US Federal Reserve have each hinted at interest rate cuts in 2024. Though the timing is unclear, the reduced concerns about ongoing inflation and rate increases may drive market activity.

Distressed Acquisition Opportunities

The aftermath of government support during the post-COVID-19 era, coupled with the impact of high interest rates, has created a landscape ripe with distressed acquisition opportunities and restructuring potential. Limited liquidity and inflated valuations will compel organizations to evaluate strategic alternatives, leading to an expected uptick in distressed M&A activities. In 2024, well-capitalized companies are anticipated to be well poised to engage in strategic acquisition transactions at discounted prices.

Less Frenzied M&A Market

A notable shift in the M&A landscape for 2024 is the anticipation of a less frenzied market characterized by greater parity among buyers and sellers. The days of rushed transactions may give way to a more deliberate approach, with extended negotiation periods and in-depth due diligence becoming the norm. Both buyers and sellers are expected to exercise heightened caution, leading to more balanced and nuanced deal terms, including the continued prevalence of earn-out structures. This shift towards a measured M&A environment emphasizes the importance of thorough assessments and collaborative negotiations in achieving mutually beneficial outcomes.

The delicate balance between risk and reward will bring dealmakers back to the negotiating table, fostering a climate where astute decision-making becomes paramount. Within this context, we are cautiously optimistic that we will see continued deal activity in 2024, with stakeholders keenly assessing the impact of the economic factors discussed above on transaction dynamics.

Increased Availability and Use of Private Sources of Funds

In response to the evolving financial landscape, a notable trend on the horizon is the increased use of private credit to finance purchase prices. The significant increase in borrowing costs, not wholly offset by decreased valuations for targets, means that traditional banks constrained by regulatory frameworks and risk appetites may be unable or unwilling to provide the capital required for M&A transactions. Consequently, private credit has become an attractive alternative source of capital. Dealmakers are expected to increasingly turn to private credit instruments and innovative financial solutions in 2024. Borrowers are also likely to leverage their existing lending relationships, as banks and other lenders will be more willing to deploy their capital to borrowers with whom they have established a history.

Regulatory Scrutiny

A growing consensus among competition regulators and policymakers suggests that many markets have become less competitive, necessitating heightened merger enforcement. In 2024, regulatory bodies are expected to intensify their examination of foreign investment transactions and strategic combinations.

Proposed changes to the Competition Act aim to strengthen the Competition Bureau’s enforcement powers, penalties, and sanctions. These changes subject more mergers to notification and approval requirements, lowering the bar for the Bureau to challenge transactions. The result is regulatory uncertainty and increased costs. Such considerations lessen the attraction for some companies seeking to engage in Canadian business deals.

Attention on ESG and Canadian Renewable Energy

Canada’s renewable energy sector is poised to attract heightened international interest in 2024. As global initiatives focus on sustainable practices, Canadian projects present attractive investment opportunities. The confluence of Canada’s commitment to ESG, including renewable energy targets, and the international appetite for green investments positions the country as a key player in the global energy transition. For investors looking to take advantage of more readily available capital, projects involving clean energy innovation will be an attractive option, given the Canadian federal budget and provincial measures being used to entice investment. Investors and dealmakers alike are expected to explore partnerships and acquisitions within the Canadian renewable energy landscape, contributing to the sector’s growth and fostering international collaboration.

With this said, it is growing increasingly important that parties to M&A transactions carefully evaluate and structure their deals with ESG considerations top of mind, ensuring that a clear narrative, targets, and performance indicators are employed. This is especially true for larger public or multinational companies, given the rising pressure from investors and stakeholders to prioritize ESG considerations.

Conclusion

The landscape of Canadian M&A in 2024 is characterized by opportunity—to create value through creative financing, strategic acquisitions, and carefully considered deal terms and structures. As we anticipate the stabilization of interest rates and inflation, the surge in private credit, international interest in Canadian renewable energy, distressed acquisition opportunities, increased regulatory scrutiny, and a less frenzied M&A market, strategic and well-informed dealmakers and their legal representatives are poised to capitalize on the evolving M&A terrain.

The trends forecast for 2024 underscore the importance of strategic foresight, adaptability, and a nuanced understanding of the intricacies inherent in each transaction. As the legal landscape responds to economic shifts and global imperatives, dealmakers can leverage this knowledge to navigate M&A scenarios with confidence and clarity.

This article is adapted from the Fund Director’s Guidebook, Fifth Edition, by the American Bar Association Business Law Section’s Federal Regulation of Securities Committee.

To fulfill their responsibilities, directors or trustees (“directors”) of US investment companies registered under the Investment Company Act of 1940 (“1940 Act”) should have a solid understanding of the robust regulatory structure that the funds they oversee are subject to. The American Bar Association Business Law Section has updated its Fund Director’s Guidebook, a key resource for registered fund directors as a primer on that regulatory regime, directors’ responsibilities, and key areas of oversight. The Fund Director’s Guidebook, Fifth Edition is available for purchase from the ABA.

Many investment companies, including mutual funds, exchange-traded funds, and closed-end funds, are registered with the Securities and Exchange Commission (“SEC”) under the 1940 Act. The 1940 Act mandates compliance with extensive and comprehensive requirements that, for example, govern capital structure, prohibit certain types of investments, restrict transactions with affiliates, and regulate investment advisory and distribution arrangements. Regulation extends to such matters as composition of a fund’s board and election of directors, capital structure and derivatives risk, portfolio transactions, custodial arrangements, fidelity bonding, selection of accountants and auditing standards, compliance programs, valuation and pricing of shares, and portfolio liquidity, among others. Beyond the 1940 Act, the regulatory regime for investment companies also includes the Investment Advisers Act of 1940, the Securities Act of 1933, the Securities Exchange Act of 1934, the Commodity Exchange Act, regulations of the SEC and the Commodity Futures Trading Commission (CFTC), other regulators and self-regulatory organizations, and laws of the states where the funds are organized.

The comprehensive regulatory regime applicable to registered funds—contained in the 1940 Act and the SEC’s rules thereunder in particular—contemplates an important and active role for fund directors. Because of the external management structure typical of most investment companies, the role of the directors of a fund or group of funds differs in important respects from the role of the board of directors of an operating company. The external manager of a fund necessarily operates its business in its own best interests, which may not always be congruent with the best interests of the fund’s shareholders.

For this reason, although fund management and fund shareholders have common interests in many areas, there are actual and potential conflicts of interest between the two. Under the 1940 Act regulatory framework, the directors (particularly the independent directors) are responsible for monitoring potential and existing conflicts and representing the interests of fund shareholders. Although fund directors generally work closely and cooperatively with fund management, the directors—particularly independent directors—must exercise independent judgment. Although the most obvious conflicts overseen by fund directors relate to fees and other expenses paid by, and the quality of services provided to, the fund, there are others as well. Independent directors represent the interests of fund shareholders when those interests might conflict with those of the adviser.

The Fund Director’s Guidebook serves as a convenient resource for directors of mutual funds, exchange-traded funds, and closed-end funds. It provides an overview of the functions, responsibilities, and potential liabilities of fund directors, under both the federal securities laws (including the 1940 Act) and corporate or trust law generally, as well as information about the structure and operations of the board and its relationship to the investment adviser, the distributor, and others important to the fund. The Guidebook is intended to help directors discharge their responsibilities by providing them with practical information and guidance to help them understand their duties and ask the right questions.

It is important to note that the manner and the environment in which funds operate are constantly evolving, as are the regulations governing fund and investment management activities and the industry itself. It is essential that fund directors and management stay abreast of new industry and regulatory developments affecting how business is conducted.

In an attempt to keep up with the pace of the developing industry and its regulatory environment, the Guidebook was initially published in 1996 and was subsequently updated in 2003, 2006, and 2015. The fifth edition reflects a large number of regulatory developments since 2015, covering significant completed and pending rulemakings and other initiatives by the SEC as well as industry developments, including those relating to:

• liquidity risk and cybersecurity risk management;
• exchange traded funds;
• the use by funds of derivatives;
• fair valuation;
• funds investing in other funds;
• money market fund reform;
• fund names;
• environmental (including climate), social, and governance (ESG) investing;
• LIBOR transition;
• responses to the COVID-19 pandemic; and
• a greater focus on diversity, equity, and inclusion.

The American Bar Association Business Law Section recommends that copies of the Guidebook be shared with fund directors and those that assist fund directors in carrying out their oversight function. Fund advisers, law firms with practices in this area, and other service providers to registered funds will also find the Guidebook to be a helpful resource.

Companies with international product distribution face considerable logistical challenges just getting a product to its intended market. Additionally, that product will likely come back to the United States in the form of unauthorized gray-market goods. The good news is that there are many tools in the legal toolbox for stopping those imports.

In a July 2019 article and a July 2020 article for Business Law Today, we highlighted how to use the US International Trade Commission (ITC) to stop unauthorized imports at the border. But there are many other options that companies can use to police the market and address the shifting realities of the post-COVID-19 economy.

Since the supply chain disruptions caused by the pandemic, companies are seeing counterfeit goods mixed in with gray-market goods (which were already problematic) more and more often. United States trademark, anti-counterfeiting, and anti–unfair competition laws provide private causes of action that companies can use to aggressively shut down unauthorized resellers of gray-market and counterfeit goods. These laws provide for seizures of goods, injunctive relief, and recovery of substantial compensatory, equitable, and punitive monetary damages.

The Problem

In today’s global economy, companies in the United States face unlawful importation of goods from abroad bearing genuine trademarks—referred to as gray-market infringement—as well as the importation and sale of counterfeit goods that can include spurious marks, labels, and paperwork. Even though the height of the COVID-19 pandemic is now behind us, the lingering effects of severe supply chain issues can present ripe opportunities for unauthorized goods to enter the United States via online marketplaces run by bad actors located anywhere.

The Tools

The ITC remains an important venue for stopping unauthorized imports and has the benefit of offering broad injunctive relief in the form of general exclusion orders. However, monetary relief is not available at the ITC.

When the identity of unlawful importers is known and US sales are substantial, actions brought in federal district courts allow companies to seek monetary damages as well as injunctive relief. In our experience, a powerful case against infringers can be built from the multiple available causes of action under federal and state law.

First, claims can be brought under the Lanham Act (15 USC 1051 et seq.) for trademark infringement, false advertising, false designation of origin, and dilution. The pathways available under the Lanham Act for monetary recovery depend on the violations for which the defendant is found liable. It is therefore important to conduct a thorough investigation and marshal the appropriate facts regarding the defendant’s activities so that all potential violations can be pleaded and tried against the defendant.

Second, private claims can be brought under federal and state anti-counterfeiting laws. In our experience, those laws provide strong avenues for investigating and stopping counterfeiting, including ex parte seizures, expedited discovery, asset freezes, and preliminary injunctive relief. These tools can be used in addition to those available for simple gray-market infringement claims. For instance, an unauthorized reseller that engages in both counterfeiting and gray-market infringement of other products beyond the counterfeit products commits multiple violations under the Lanham Act. Besides civil counterfeiting actions, the government can initiate criminal prosecution under US counterfeiting laws that include serious penalties.

Third, plaintiffs can bring suits under various state and common-law unfair competition, unjust enrichment, and deceptive trade practices laws. These laws differ from state to state but mostly track the Lanham Act’s prohibition against false, misleading, or deceptive acts or practices that are likely to confuse consumers, which typically include trademark infringement. One advantage of this approach is that many of these state statutes allow for automatic entitlement to attorney fees, without a need to prove that the case is exceptional as with Lanham Act claims.

State laws governing deceptive trade practices and unfair competition may also be triggered by a broader scope of conduct than claims under the Lanham Act, such as passing off, deceptive representation of geographic origin, selling old products as new, false or misleading advertising, and other specific deceptive practices. These additional causes of action can be powerful tools when companies are faced with an unauthorized reseller engaged in activity that aligns with the language of the relevant statute.

Available Remedies for Gray-Market and Counterfeiting Cases

Claims under the Lanham Act and state law can allow for multiple nonexclusive remedies for trademark infringement arising from the sale of gray-market goods and counterfeiting. These include seizures of goods, injunctive relief, and recovery of substantial compensatory, equitable, and statutory monetary damages as well as attorney fees. State law and common-law claims for unfair competition and deceptive trade practices can also implicate powerful punitive damages.

Injunctive Relief

Under the Lanham Act, a court is authorized to grant an injunction “according to the principles of equity and upon such terms as the court may deem reasonable” in trademark infringement, false advertising, trademark dilution, and cyberpiracy claims brought under Section 43 of the Act. To obtain such relief, the trademark holder must demonstrate a likelihood of success on the merits, irreparable harm, and that a balancing of equities and the public interest favors the entry of an injunction.

Historically, some circuits applied a rebuttable presumption of irreparable harm upon a finding of infringement, while other circuits did not. Some circuits did not apply the presumption for some claims, such as false advertising in cases of implied falsity or when the defendant’s false claims were about its own products. However, the Trademark Modernization Act of 2020 amended Section 34(a) of the Lanham Act to restore a rebuttable presumption of irreparable harm upon a finding of infringement, including causes of action brought under Section 43 of the Lanham Act. Prevailing plaintiffs can now seek injunctive relief with more confidence, including for false advertising claims.

Monetary Relief

The Lanham Act specifies that victorious plaintiffs shall be entitled to recover, subject to the principles of equity: (1) the defendant’s profits; (2) any damages sustained by the plaintiff; and (3) the costs of the action. Under Section 1117(a) of the Lanham Act, courts have great latitude to adjust these profits and damages, including the discretion to enter judgment “for any sum above the amount found as actual damages” according to the circumstances of the case. Under Section 1117(a), courts also may exercise discretion to enter judgment for any “sum as the court shall find to be just” if it finds that the amount of the recovery based on profits is either inadequate or excessive.

The Lanham Act also provides for treble damages for violations involving the intentional use of a counterfeit mark. Moreover, in cases involving the use of a counterfeit mark, at any time before judgment is entered, the plaintiff may elect to recover statutory damages within a prescribed range of $1,000 to $200,000 per counterfeit mark per type of goods or services sold and up to as much as $2 million for willful infringement. The court may award reasonable attorney fees to the prevailing party in exceptional cases.

The rationales behind the Lanham Act’s damages and remedy provisions can be powerful tools for plaintiffs to (1) avoid the defendant’s profiting off its infringement; (2) compensate the plaintiff for damages it sustained; and (3) deter infringement by the defendant or deter others from engaging in similar acts. Plaintiffs should keep these three principles in mind when crafting their damages case to ensure that the court has the necessary evidence to consider each of the rationales in a trademark owner’s favor. For instance, the brazen nature of a willful infringer can help to establish that there is a strong need for deterrence of others that may follow in the infringer’s footsteps for a quick but unlawful profit. While the Lanham Act is not designed to punish infringers, defendants that are found liable under state law and common-law unfair competition claims can be assessed additional punitive damages to punish outrageous conduct that was intentional or reckless.

Split Burden to Show Revenues and Costs

Trademark owners bringing claims against counterfeiters and gray-market infringers often face the difficult task of demonstrating the scope of the wrongdoing. Counterfeiters often take great care to cover their steps or avoid a paper trail. To level the playing field, the Lanham Act includes a burden-shifting framework trademark owners can use to great effect.

In assessing profits under Section 1117(a) of the Lanham Act, the plaintiff “shall be required to prove defendant’s sales only.” The burden flips to the defendant to “prove all elements of cost or deduction claimed,” and the defendant must demonstrate how any alleged deductible cost contributed to the sale of the infringing product. If a defendant is unable or unwilling to meet this burden, courts have discretion to award the entire gross revenue as the defendant’s profit. Moreover, if damages cannot be proven with certainty because of a defendant’s own actions, whether it be through a purposeful lack of recordkeeping or obstruction in discovery, courts can hold the uncertainty against the defendant. The burden-shifting framework can provide a powerful boost to plaintiffs facing uncooperative or sophisticated infringers and counterfeiters.

Conclusion

Companies have many different tools at their disposal to police the market and guard against the unlawful importation of gray-market and counterfeit goods. The ITC presents an important venue for broad injunctive relief. In addition, actions brought in federal district courts can be a powerful option against unlawful importers that allow companies to seek injunctive relief as well as monetary damages. There, companies can seek multiple nonexclusive remedies that include seizures of goods, injunctive relief, and the recovery of compensatory, equitable, and statutory monetary damages as well as attorney fees, along with the potential for punitive damages in certain cases. Companies that are aware of these different tools can take proactive steps to investigate infringers and counterfeiters to prepare for efficient litigation and advantageously leverage these tools to combat unlawful importation and sales.

Impact investing has been gaining new prominence recently to respond to the environmental and social challenges that the traditional frameworks of philanthropy alone could not address. Impact investors generally seek to generate a double or multiple bottom-line, meaning achieving positive social and/or environmental change in addition to securing a financial return. Some examples of impact investors include development finance institutions, banks, impact investing firms, family offices, public charities, and private foundations. These entities usually invest in ventures aligned with their mission, priorities, or sustainable goals (e.g., clean energy, health, education, financial services, sustainable agriculture, gender equality). Many examples of successful impact investments and ventures exist. One such success story is the Patagonia venture fund launched in 2013, known as Tin Shed Ventures, which invests in “innovations that overcome systemic barriers to regenerative agriculture adoption on land and water,” with outcomes including the reduction of waste and the environmental impacts of agriculture.

Innovation in the field of impact investing has translated into creative legal innovation including the evolution of new financing tools, such as the B corporation, revenue-based financing, and recoverable grant and social bond structures. The impact investing industry is also using innovative blended finance structures to more adequately balance impact and financial objectives.

The effectiveness of impact investing implies considering the long-term lasting impact of an investment, including after liquidation. For that reason, achieving a “responsible exit” when divesting is crucial. Exits need to be structured at the outset to ensure that the liquidation of the impact investment is accountable to the communities being served and intentional about continuing the positive impact for society.

I. Considerations at the time and during the life of the investment

Planning for a responsible exit should start long before an actual divestment. To accommodate a responsible exit, when investing, an impact investor can seek to invest in mission-driven founders and should understand the founders’ plans for growth and possible exit scenarios. As a condition to investment, and then during the investment, impact investors should look to design ways to influence policies and achieve certain impact metrics. When considering attracting additional investors, impact investors can also undertake proper due diligence to ensure alignment of any co-investors with the company’s mission, and they should provide for contractual mechanisms to protect the mission of the investment.

Mission-driven leadership. Impact investing also means investing in a team that will embed the mission in the company and its operations. Selecting a founder of the venture and a management team who are aligned with the impact investor’s objectives and deeply committed to the mission is often the best way to create a lasting impact. Founders likely will want to retain a degree of control over the venture company’s mission (e.g., by creating separate classes of voting stock and vesting in the founders certain voting or veto rights over identified decisions affecting the mission).

Effective policies. Impact investors can also lay the groundwork for responsible exits during the life of their investment. The investor can promote effective policies related to Environmental, Social, and Governance (“ESG”) and related issues, and it can make sure those policies are implemented by systematizing reporting requirements, compliance, and audit checks. Good governance and policy implementation should be a key focus of impact investing, and it should never be underestimated when exploring and negotiating the investment. Embedding certain ethical principles and instilling ESG and equivalent policies and practices into the business is essential to a responsible investment, and should be factored into the investment strategy. Depending on the industry, investors can even take additional steps by seeking to ensure that their investments obtain the highest level of third-party certification available in that industry (e.g., B Corp certification, or, in the case of financial institutions, client protection certification from bodies approved by Cerise+SPTF, which provides confidence that a financial service provider adequately follows client protection principles).

Investor alignment and legal protection mechanisms. Structuring the investment with investors sharing a similar philosophy can also influence whether an investment will be able to grow sustainably while also subsequently achieving a responsible exit. Mechanisms should be incorporated in a shareholder’s agreement (or equivalent document) to enshrine the mission consistent with the objectives described above. The impact investor can require that certain impact metrics (such as the number of lives impacted, the progress on gender equality and women and girls’ empowerment, or the alignment with certain United Nations’ Sustainable Development Goals) are met in connection with their investment. A supermajority vote or founder consent may be required for any amendment to the mission statement for mergers, reorganizations, or stock transfer as discussed above. Put option or redemption rights may be available, and in fact, are often requested by impact investors as mechanisms to withdraw from the investment under the occurrence of certain triggering events (e.g., if the company fails to meet or maintain certain impact objectives or results). Such provisions are also used by impact investors to protect against reputational risk if, for example, the company’s activities become misaligned with the investor’s mission, priorities, policies, or regulations.

II. Considerations at the time of exit

When it is time to divest, the ability to achieve a responsible exit may be challenged by several factors. The exiting impact investor and the prospective ideal buyer may not always have the same time horizon, resulting in the need to compromise, depending on availability of adequate buyers. In addition, finding the perfect buyer with an aligned mission can prove to be difficult in some markets. Finally, enshrining mission preservation principles in the legal documentation at exit is at best difficult and at worst impossible.

Timing the exit. In the impact investing space (similar to other types of investments), timing an exit may depend on several factors. The investors may have decided that their mission or impact objectives have been accomplished, and now they need to deploy their capital elsewhere. Additional capital may also be required to further the mission, capital that the current investors may not be willing or able to provide. Scarcity of aligned buyers is another factor in determining the timing and conditions of an exit. For instance, an aligned buyer may want to invest at a specific time when no other aligned buyers are available at that time. This, in turn, forces the divesting impact investors to be more accommodating from a financial (i.e., pricing) perspective if they believe long-term impact may be created. Being flexible in terms of timing may also allow for better, more responsible exits.

Buyer selection and mission alignment. Identifying buyers aligned with the company’s mission is generally the best guarantee that such mission and related impact will be continued. Impact investors should perform a thorough due diligence on the buyer to increase the likelihood of continued impact after exit. In addition to the traditional Know Your Customer searches on the buyer, impact investors should understand the industry reputation of the buyer, along with the prospective buyer’s track record of achieving impact objectives. The buyer should also have the financial capacity to carry the mission forward. One complicating factor, though, is that the impact investors may not have multiple buyers available at a time when they are under financial constraint. Identifying and vetting the right buyer and preserving the financial situation of the investment will also, at times, require a balancing act.

Legal documentation protections. Legally enshrining the mission preservation in the legal documents at the time of exit through various covenants is often challenging and may be subject to difficult negotiations. At the core of preserving the mission is ensuring that the employees of the divested company are protected. Employees who decide to work in impact investing often have made the choice consciously and care deeply about their company’s mission. Once the impact investor has divested, these employees are needed to help carry the mission forward and thus realize its objectives. Hence, protecting the employees at the time of exit should be part of the negotiations both at the time of investment and upon exit. This is particularly important given that covenants in the sales closing documentation requiring new owners to preserve impact post-closing are often difficult to negotiate and most of the time ineffective. It would generally be very difficult for impact investors to ensure compliance post-closing with these conditions, and the likelihood of exited impact investors suing a buyer to enforce these covenants is unlikely in practice.

Conclusion

When companies reach a level of maturity such that a new strategic investor is needed, or when a reallocation of resources is necessary, impact investors may decide to exit responsibly to mitigate any mission drift, and in the hope that their investment will have a lasting impact. Despite its challenges (e.g., lack of appropriate buyers, difficulties in enforcing impact-related covenants), trying to achieve a responsible exit is paramount for impact investors. Put simply, it means caring about the population served and wanting to leave them in a better, more lasting position with new investors who share similar values. Not exiting responsibly can also have severe reputational consequences, which may result in an impact investor being unable to raise future capital or source deals. In some industries, selling to the wrong buyer can also have dire consequences (e.g., in the case of microfinance, selling a company to a predatory lender means negatively impacting the population the impact investor seeks to serve). Careful exit planning throughout the investment, nevertheless, can achieve a responsible and sustainable investment aligned with the original mission.