Author: jschaller@natlawreview.com

A group of in-house attorneys developed the National Law Review on-line edition to create an easy to use resource to capture legal trends and news as they first start to emerge. We were looking for a better way to organize, vet and easily retrieve all the updates that were being sent to us on a daily basis.In the process, we’ve become one of the highest volume business law websites in the U.S. Today, the National Law Review’s seasoned editors screen and classify breaking news and analysis authored by recognized legal professionals and our own journalists. There is no log in to access the database and new articles are added hourly. The National Law Review revolutionized legal publication in 1888 and this cutting-edge tradition continues today.

Who Owns the Crypto, the Customer or the Debtor?

Whose crytpo is it? With the multiple cryptocurrency companies that have recently filed for bankruptcy (FTX, Voyager Digital, BlockFi), and more likely on the way, that simple sounding question is taking on huge significance. Last week, the Bankruptcy Court for the Southern District of New York (Chief Judge Martin Glenn) attempted to answer that question in the Celsius Network LLC bankruptcy case.

The Facts of the Case

Celsius and its affiliated debtors (collectively, “Debtors”) ran a cryptocurrency finance platform. Faced with extreme turbulence in the cryptocurrency markets, the Debtors filed Chapter 11 petitions on July 13, 2022. As part of their regular business, the Debtors had allowed customers to both deposit cryptocurrency digital assets on their platform and earn a percentage yield, as well as take out loans by pledging their cryptocurrencies as security. One specific program offered by the Debtors was the “Earn” program, under which customers could transfer certain cryptocurrencies to the Debtors and earn “rewards” in the form of payment of in-kind interest or tokens. On the petition date, the Earn program accounts (the “Earn Accounts”) held cryptocurrency assets with a market value of approximately $4.2 billion. Included within the Earn Accounts were stablecoins valued at approximately $23 million in September 2022. A stablecoin is a type of cryptocurrency designed to be tied or pegged to another currency, commodity or financial instrument.

Recognizing their emerging need for liquidity, on November 11, 2022, the Debtors filed a motion seeking entry of an order (a) establishing a rebuttable presumption that the Debtors owned the assets in the Earn Accounts and (b) permitting the sale of the stablecoins held in the Earn Accounts under either section 363(c)(1) (sale in the ordinary course of business) or section 363(b)(1) (sale outside the ordinary course of business) of the Bankruptcy Code. The motion generated opposition from the U.S. Trustee, various States and State securities regulators and multiple creditors and creditor groups. The Official Committee of Unsecured Creditors objected to the sale of the stablecoins under section 363(c)(1) but argued that the sale should be approved under section 363(b)(1) because the Debtors had shown a good business reason for the sale (namely to pay ongoing administrative expenses of the bankruptcy cases). On January 4, 2023, the court issued its forty-five (45) page memorandum opinion granting the Debtors’ motion.

The Court’s Decision

Although the ownership issue may appear complex given the nature of the assets (i.e., cryptocurrency), the bankruptcy court framed the issue into relatively straightforward state law questions of contract formation and interpretation. The court first analyzed whether there was a valid contract governing the parties’ rights to the cryptocurrency assets in the Earn Accounts. Under governing New York law, a valid, enforceable contract requires an offer and acceptance (i.e., mutual assent), consideration and an intent to be bound. The court found that all three elements were satisfied. The Debtors required that all customers agree to and accept “Terms of Use.” The Terms of Use was set up as a “clickwrap” agreement that required customers to agree to the terms and prevented the customers from advancing to the next page and completing their sign up unless they agreed to the Terms of Use. Under New York law, “clickwrap” agreements are sufficient to constitute mutual assent. The court also found that consideration was given by way of allowing the customers to earn a financing fee (i.e., the rewards in the form of payment of in-kind interest or tokens). Finally, the court noted that no party had presented evidence that either the Debtors or the customers lacked intent to be bound by the contract terms. Accordingly, the court held that the Terms of Use constituted a valid contract, subject to the rights of customers to put forth individual contract formation defenses in the future, including claims of fraudulent inducement based on representations allegedly made by the Debtors’ former CEO, Alex Mashinsky.

Having found a valid contract to presumptively exist, the court turned its attention to what the Terms of Use provided in terms of transfer of ownership. In operative part, the Terms of Use provided:

In consideration for the Rewards payable to you on the Eligible Digital Assets using the Earn Service … and the use of our Services, you grant Celsius … all right and title to such Eligible Digital Assets, including ownership rights, and the right, without further notice to you, to hold such Digital Assets in Celsius’ own Virtual Wallet or elsewhere, and to pledge, re-pledge, hypothecate, rehypothecate, sell, lend or otherwise transfer or use any amount of such Digital Assets, separately or together with other property, with all the attendant rights of ownership, and for any period of time, and without retaining in Celsius’ possession and/or control a like amount of Digital Assets or any other monies or assets, and use or invest such Digital Assets in Celsius’ full discretion. You acknowledge that with respect Digital Assets used by Celsius pursuant to this paragraph:

  1. You will not be able to exercise rights of ownership;
  2. Celsius may receive compensation in connection with lender or otherwise using Digital Assets in its business to which you have no claim or entitlement; and
  3. In the event that Celsius becomes bankrupt, enters liquidation or is otherwise unable to repay its obligations, any Eligible Digital Assets used in the Earn Service or as collateral under the Borrow Service may not be recoverable, and you may not have any legal remedies or rights in connection with Celsius’ obligations to you other than your rights as a creditor of Celsius under any applicable laws.

Based on this language, the court held that the Terms of Use unambiguously transferred ownership of the assets in the Earn Accounts to the Debtors. Central to the court’s decision was that under the Terms of Use customers had granted the Debtors “all right and title to such Digital Assets, including ownership rights.” Based on this language, the court found that title and ownership of the cryptocurrency held in the Earn Accounts was “unequivocally transferred to the Debtors and became property of the Estate on the Petition Date.”

Finally, the court found that the Debtors had shown that they needed to generate liquidity to fund the bankruptcy cases, and that additional liquidity would be needed early this year. Accordingly, the court held that the Debtors had shown sufficient cause to permit the sale of the stablecoins outside of the ordinary course of business in accordance with section 363(b)(1).

Implications

Given the turbulent nature of the cryptocurrency market and the likelihood of further cryptocurrency bankruptcy filings, the court’s ruling is sure to have significant implications. First, unless it is reversed on appeal, the opinion means that the Debtors’ Earn program customers do not own the funds in their digital accounts and will instead be relegated to the status of unsecured creditors with a highly uncertain recovery. Second, the opinion underscores the Wild West nature of crypto and the fact that unlike deposits at a federally insured financial institution, deposits at cryptocurrency exchanges are not similarly insured and may be at risk. Third, customers or account holders in other cryptocurrency exchanges or businesses should carefully review the applicable terms of use to determine if those terms transferred ownership of their digital assets to their cryptocurrency counterparty. It is likely a fair assumption that such other terms of use transferred ownership in the same way that the Celsius Terms of Use did, in which case customers must remain vigilant of the financial health of their cryptocurrency counterparty. Finally, all parties engaging in on-line business transactions, including those outside of cryptocurrency, are on notice that clickwrap agreements commonly found in such transactions are, at least under New York law, enforceable. In short, those agreements mean something, and the fact that a party did not read the terms before agreeing to them through a “click” is likely not going to be a viable defense to the enforcement of those terms.

For more Bankruptcy Legal News, click here to visit the National Law Review.

© Copyright 2023 Squire Patton Boggs (US) LLP

Complying With New Federal Pregnant Workers Fairness Act, PUMP for Nursing Mothers Act

The new Pregnant Workers Fairness Act (PWFA) and the Providing Urgent Maternal Protections for Nursing Mothers Act (PUMP For Nursing Mothers Act) were adopted when President Joe Biden signed the Consolidated Appropriations Act, 2023 on Dec. 29, 2022.

PWFA: Pregnancy Finally Given Disability-Like Protection

The PWFA applies to employers with at least 15 employees and becomes effective on June 27, 2023.

Like the Americans with Disabilities Act (ADA), the PWFA includes the obligation to provide reasonable accommodations so long as they do not impose an undue hardship. Many courts have determined that pregnancy alone was not a disability entitled to accommodation under the ADA. Under the PWFA, employers will be required to provide reasonable accommodations to employees and applicants with known temporary limitations on their ability to perform the essential functions of their jobs based on a physical or mental condition related to pregnancy, childbirth, and related medical conditions.

The PWFA adopts the same meaning of “reasonable accommodation” and “undue hardship” as used in the ADA, including the interactive process that will typically be used to determine an appropriate reasonable accommodation.

The PWFA provides that an employee or their representative can make the employer aware of the employee’s limitations. It also provides that an employer cannot require an employee to take a paid or unpaid leave of absence if another reasonable accommodation can be provided. Of course, that does not mean the employee gets the accommodation of their choice. The statute provides a defense to damages for employers that, in good faith, work with employees to identify alternative accommodations that are equally effective and do not cause an undue hardship.

Practical Advice for PWFA Compliance

  1. Employers do not have to have a policy for every rule or practice that applies in the workplace. However, if an employer has a reasonable accommodations policy, that policy should be reviewed and updated, as necessary.
  2. Human resources professionals are not the only ones who need training. If managers are not trained as well, they may unwittingly say something in response to an employee’s question that is inconsistent with your policies and practices.
  3. Create a process to follow when employees request an accommodation due to pregnancy-related limitations. The process should be similar to the ADA process, including requesting supporting documentation from the treating healthcare provider. Have employees in states or cities that have adopted versions of the pregnant workers fairness law or other similar laws that are more generous than the federal PWFA? The federal PWFA does not preempt more generous state and local laws. Therefore, any policy, practice, or form may need to be modified depending on where employees are located. As an example, some city and state laws, except in specific circumstances, prohibit employers from requesting medical documentation to confirm an employee’s pregnancy, childbirth, or related medical conditions as part of the accommodation process.
  4. Like under the ADA, when an employee requests an accommodation under the PWFA, Human resources professionals should think about how to make this work, not this will never work. This simple shift in approach makes finding a reasonable accommodation that does not impose an undue hardship on operations more likely.

PUMP for Nursing Mothers Act

The PUMP for Nursing Mothers Act expands existing employer obligations under the Fair Labor Standards Act (FLSA) to provide an employee with reasonable break time to express breast milk for the employee’s nursing child for one year after the child’s birth. The employer obligation to provide a place to express milk shielded from view and intrusion from coworkers and the public (other than a bathroom) continues.

Except for changes to available remedies, the amendment to the FLSA took effect on December 29, 2022. The changes to remedies will take effect on April 28, 2023.

What Changed Under PUMP for Nursing Mothers Act

The PUMP for Nursing Mothers Act covers all employees, not just non-exempt workers. The break time may be unpaid unless otherwise required by federal or state law or municipal ordinance. Employers should ensure that non-exempt nursing employees are paid if they express breast milk during an otherwise paid break period or if they are not completely relieved of duty for the entire break period. Exempt employees should be paid their full weekly salary as required by federal, state, and local law, regardless of whether they take breaks to express breast milk.

With some exceptions, the law requires employees to provide notice of an alleged violation to the employer and give the employer a 10-day cure period before filing a suit.

Employers with fewer than 50 employees can still rely on the small employer exemption, if compliance with the law would cause undue hardship because of significant difficulty or expense. Crewmembers of air carriers are exempted from the law. Rail carriers and motorcoach services operators are covered by the law, but there are exceptions and delayed effective dates for certain employees. No similar exemption is provided for other transportation industry employers.

Practical Advice for PUMP for Nursing Mothers Act Compliance

  1. Educate the HR team and front-line managers on the update to the law and refresh them on the process for providing break time and private spaces to express breast milk.
  2. Like the PWFA, the law does not preempt state law or municipal ordinances that provide greater protection than provided by the PUMP for Nursing Mothers Act. Depending on where employees are located, policies, practices, and the private space provided to express breast milk may need to be modified.
  3. Creativity is the key to being able to come up with staffing solutions and private spaces for nursing mothers to express breast milk. Nothing in the law requires employers to maintain a permanent, dedicated space for nursing mothers. A space temporarily created or converted into a space for expressing breast milk and made available when needed by a nursing mother is sufficient if the space is shielded from view and free from intrusion from coworkers and the public. In other words, allowing an employee to use an office with a door that locks would be convenient, but not practical for many worksites. Depending on the workplace settings, privacy screens, curtains, signage, portable pumping stations, and partnerships with other employers to provide private spaces for nursing mothers are all possibilities.

For more election & legislative news, click here to visit the National Law Review.

Jackson Lewis P.C. © 2023

Ankura CTIX FLASH Update – January 3, 2023

Malware Activity

Louisiana’s Largest Medical Complex Discloses Data Breach Associated to October Attack

On December 23rd, 2022, the Lake Charles Memorial Health System (LCMHS) began sending out notifications regarding a newly discovered data breach that is currently impacting approximately 270,000 patients. LCMHS is the largest medical complex in Lake Charles, Louisiana, which contains multiple hospitals and a primary care clinic. The organization discovered unusual activity on their network on October 21, 2022, and determined on October 25, 2022, that an unauthorized actor gained access to the organization’s network as well as “accessed or obtained certain files from [their] systems.” The LCMHS notice listed the following patient information as exposed: patient names, addresses, dates of birth, medical record or patient identification numbers, health insurance information, payment information, limited clinical information regarding received care, and Social Security numbers (SSNs) in limited instances. While LCMHS has yet to confirm the unauthorized actor responsible for the data breach, the Hive ransomware group listed the organization on their data leak site on November 15, 2022, as well as posted files allegedly exfiltrated after breaching the LCMHS network. The posted files contained “bills of materials, cards, contracts, medical info, papers, medical records, scans, residents, and more.” It is not unusual for Hive to claim responsibility for the associated attack as the threat group has previously targeted hospitals/healthcare organizations. CTIX analysts will continue to monitor the Hive ransomware group into 2023 and provide updates on the Lake Charles Memorial Health System data breach as necessary.

Threat Actor Activity

Kimsuky Threat Actors Target South Korean Policy Experts in New Campaign

Threat actors from the North Korean-backed Kimsuky group recently launched a phishing campaign targeting policy experts throughout South Korea. Kimsuky is a well-aged threat organization that has been in operation since 2013, primarily conducting cyber espionage and occasional financially motivated attacks. Aiming their attacks consistently at entities of South Korea, the group often targets academics, think tanks, and organizations relating to inter-Korea relations. In this recent campaign, Kimsuky threat actors distributed spear-phishing emails to several well-known South Korean policy experts. Within these emails, either an embedded website URL or an attachment was present, both executing malicious code to download malware to the compromised machine. One (1) tactic the threat actors utilized was distributing emails through hacked servers, masking the origin IP address(es). In total, of the 300 hacked servers, eighty-seven (87) of them were located throughout North Korea, with the others from around the globe. This type of social engineering attack is not new for the threat group as similar instances have occurred over the past decade. In January 2022, Kimsuky actors mimicked activities of researchers and think tanks in order to harvest intelligence from associated sources. CTIX continues to urge users to validate the integrity of email correspondence prior to visiting any embedded emails or downloading any attachments to lessen the risk of threat actor compromise.

Vulnerabilities

Netgear Patches Critical Vulnerability Leading to Arbitrary Code Execution

Network device manufacturer Netgear has just patched a high-severity vulnerability impacting multiple WiFi router models. The flaw, tracked as CVE-2022-48196, is described as a pre-authentication buffer overflow security vulnerability, which, if exploited, could allow threat actors to carry out a number of malicious activities. These activities include stealing sensitive information, creating Denial-of-Service (DoS) conditions, as well as downloading malware and executing arbitrary code. In past attacks, threat actors have utilized this type of vulnerability as an initial access vector by which they pivot to other parts of the network. Currently, there is very little technical information regarding the vulnerability and Netgear is temporarily withholding the details to allow as many of their users to update their vulnerable devices to the latest secure firmware. Netgear stated that this is a very low-complexity attack, meaning that unsophisticated attackers may be able to successfully exploit a device. CTIX analysts urge Netgear users with any of the vulnerable devices listed in Netgear’s advisory to patch their device immediately.

For more cybersecurity news, click here to visit the National Law Review.

Copyright © 2023 Ankura Consulting Group, LLC. All rights reserved.