Author: National Law Forum

A group of in-house attorneys developed the National Law Review on-line edition to create an easy to use resource to capture legal trends and news as they first start to emerge. We were looking for a better way to organize, vet and easily retrieve all the updates that were being sent to us on a daily basis.In the process, we’ve become one of the highest volume business law websites in the U.S. Today, the National Law Review’s seasoned editors screen and classify breaking news and analysis authored by recognized legal professionals and our own journalists. There is no log in to access the database and new articles are added hourly. The National Law Review revolutionized legal publication in 1888 and this cutting-edge tradition continues today.

PFAS Medical Monitoring Goes To State Supreme Court

A year-and-a-half agowe predicted that in the PFAS litigation world, medical monitoring claims would quickly become a claim that finds its way into numerous PFAS cases with ever-increasing risks and cost to companies embroiled in the lawsuits. On November 15, 2022, the viability of medical monitoring claims with respect to PFAS found its way to the New Hampshire Supreme Court for oral argument. While courts are currently divided as to whether medical monitoring claims should be permitted to proceed without proof of actual injury to the plaintiffs, the result of the New Hampshire Supreme Court case will likely have ripple effects in other states where medical monitoring claims continue to proliferate.

PFAS Medical Monitoring Costs – The Current Landscape

PFAS medical monitoring costs is not a new topic for the litigation – it is something that plaintiffs’ counsel push for either as a damages component to a cause of action or as a term for settlement negotiations in PFAS cases. Yet, to date, only a few states allow for medical monitoring costs to be pled as a cause of action unto itself. Instead, states either require an underlying harm to be proven before the courts will consider awarding medical monitoring costs or states have outright rejected the medical monitoring theory of damages altogether.

The American Law Institute (ALI) is a prestigious legal organization that develops “Restatements” of various laws in the United States, including tort law. The ALI’s work and the Restatements, while not binding on courts, are widely regarded by attorneys, judges and legal scholars as a comprehensive understanding of many of the nuanced parts of legal theories. Through decades of work and revisions, the Restatement (Third) of Torts is now nearing the final stages of completion.

Significantly, the Restatement (Third) is contemplating including recommendations that courts allow plaintiffs to recover monetary damages for medical monitoring expenses, even though the plaintiffs do not have any present bodily harm. With respect to PFAS litigation, medical monitoring costs have been awarded in some states or through settlements to plaintiffs alleging some degree of injury from PFAS. The Restatement (Third) approach, though, opens the door to citizens in the country with no bodily injury from PFAS to participate in free (to the plaintiffs) medical monitoring to ensure that health issues do not arise related to PFAS.

The ALI’s approach to medical monitoring is a topic that is hotly contested in many legal circles, as awarding medical monitoring costs absent any injury is a highly controversial recommendation that seems to upend decades of tort law. Opponents argue that one of the very tenants of tort law is that there is an injury to the plaintiff – without an injury, there is no tort. Courts are currently split on whether they permit medical monitoring costs to be awarded to plaintiffs without any injury.

PFAS Medical Monitoring In New Hampshire

In Kevin Brown v. Saint Gobain, the plaintiffs’ drinking water was allegedly contaminated with PFOA as a result of a Saint-Gobain facility that discharged PFOA into local waterways, which fed drinking water sources. The case made its way through the USDC-NH, but the defendant certified the question to the New Hampshire Supreme Court of whether New Hampshire law permits the plaintiffs, who are asymptomatic, to bring a claim for the costs of their being periodically medically monitored for symptoms of disease caused by exposure to PFOA.

At oral argument on the issue, the parties and the Court held a spirited debate as to whether the seventeen states that allow medical monitoring as a form of relief are similar legally to New Hampshire, such that the state should adopt a broad interpretation and allow medical monitoring claims without proof of present injury. Defendant and parties who filed amicus briefs in support of defendants argued that the Court should defer to the legislature on the issue, as the legislature has primary responsibility for declaring public policy.

Impact On Companies

The issue of permitting PFAS medical monitoring claims without any present injury is one that has enormous impacts not only on PFAS manufacturers, but any downstream commerce company that finds itself in litigation (often class action lawsuits) alleging medical monitoring damages. The litigation is already shifting in such a way that downstream commerce companies (i.e. – companies that did not manufacture PFAS, but utilized PFAS in manufacturing or products) are being named in lawsuits for personal injury and environmental pollution at increasing rates. Allowing a medical monitoring component to the recoverable costs that can pled would significantly raise the risks and potential liability costs to downstream companies.

It is of the utmost importance that businesses along the whole supply chain in various industries evaluate their PFAS risk. Public health and environmental groups urge legislators to regulate PFAS at an ever-increasing pace. Similarly, state level EPA enforcement action is increasing at a several-fold rate every year. Companies that did not manufacture PFAS, but merely utilized PFAS in their manufacturing processes, are therefore becoming targets of costly enforcement actions at rates that continue to multiply year over year. Lawsuits are also filed monthly by citizens or municipalities against companies that are increasingly not PFAS chemical manufacturers.

Article By John Gardella of CMBG3 Law

For more environmental legal news, click here to visit the National Law Review.

©2022 CMBG3 Law, LLC. All rights reserved.

ANOTHER TRILLION DOLLAR CASE:? TikTok Hit in MASSIVE CIPA Suit Over Its Business Model of Profiting from Advertising by Collecting and Monetizing User Data

Data privacy lawsuits are EXPLODING and one of our country’s most popular mobile app — TikTok’s privacy issues keep piling up.

Following its recent $92 million class-action data privacy settlement for its alleged violation of Illinois Biometric Information Privacy Act (BIPA), TikTok is now facing a CIPA and Federal Wire Tap class action for collecting users’ data via its in-app browser without Plaintiff and class member’s consent.

The complaint alleges “[n]owhere in [Tik Tok’s] Terms of Service or the privacy policies is it disclosed that Defendants compel their users to use an in-app browser that installs JavaScipt code into the external websites that users visit from the TikTok app which then provides TikTok with a complete record of every keystroke, every tap on any button, link, image or other component on any website, and details about the elements the users clicked. “

Despite being a free app, TikTok makes billions in revenue by collecting users’ data without their consent.

The world’s most valuable resource is no longer oil, but data.”

While we’ve discussed before, many companies do collect data for legitimate purposes with consent. However this new complaint alleges a very specific type of data collection practice without the TikTok user’s OR the third party website operator’s consent.

TikTok allegedly relies on selling digital advertising spots for income and the algorithm used to determine what advertisements to display on a user’s home page, utilizes tracking software to understand a users’ interest and habits. In order to drive this business, TikTok presents users with links to third-party websites in TikTok’s in-app browser without a user  (or the third party website operator) knowing this is occurring via TikTok’s in-app browser. The user’s keystrokes is simultaneously being intercepted and recorded.

Specifically, when a user attempts to access a website, by clicking a link while using the TikTok app, the website does not open via the default browser.  Instead, unbeknownst to the user, the link is opened inside the TikTok app, in [Tik Tok’s] in-app browser.  Thus, the user views the third-party website without leaving the TikTok app. “

The Tik-Tok in-app browser does not just track purchase information, it allegedly tracks detailed private and sensitive information – including information about  a person’s physical and mental health.

For example, health providers and pharmacies, such as Planned Parenthood, have a digital presence on TikTok, with videos that appear on users’ feeds.

Once a user clicks on this link, they are directed to Planned Parenthood’s main webpage via TikTok’s in-app browser. While the user is assured that his or her information is “privacy and anonymous,” TikTok is allegedly intercepting it and monetizing it to send targeted advertisements to the user – without the user’s or Planned Parenthood’s consent.

The complaint not only details out the global privacy concerns regarding TikTok’s privacy practices (including FTC investigations, outright ban preventing U.S. military from using it, TikTok’s BIPA lawsuit, and an uptick in privacy advocate concerns) it also specifically calls out the concerns around collecting reproductive health information after the demise of Roe v. Wade this year:

TikTok’s acquisition of this sensitive information is especially concerning given the Supreme Court’s recent reversal of Roe v. Wade and the subsequent criminalization of abortion in several states.  Almost immediately after the precedent-overturning decision was issued, anxieties arose regarding data privacy in the context of commonly used period and ovulation tracking apps.  The potential of governments to acquire digital data to support prosecution cases for abortions was quickly flagged as a well-founded concern.”

Esh. The allegations are alarming and the 76 page complaint can be read here: TikTok.

In any event, the class is alleged as:

“Nationwide Class: All natural persons in the United State whose used the TikTok app to visit websites external to the app, via the in-app browser.

California Subclass: All natural persons residing in California whose used the TikTok app to visit websites external to the app, via the in-app browser.”

The complaint alleges California law applies to all class members – like the Meta CIPA complaint we will have to wait and see how a nationwide class can be brought related to a CA statute.

On the CIPA claim, the Plaintiff – Austin Recht – seeks an unspecific amount of damages for the class but the demand is $5,000 per violation or 3x the amount of damages sustained by Plaintiff and the class in an amount to be proven at trial.

We’ll obviously continue to keep an eye out on this.

Article By Puja J. Amin of Troutman Firm

For more communications and media legal news, click here to visit the National Law Review.

© 2022 Troutman Firm

CMS Issues Calendar Year 2023 Home Health Final Rule

On November 4, 2022, the Centers for Medicare & Medicaid Services (CMS) published the calendar year 2023 Home Health Prospective Payment System Rate final rule, which updates Medicare payment policies and rates for home health agencies.  Some of the key changes implemented by the final rule are summarized below.

  • Home Health Payment Rates. Instead of imposing a significant rate cut, as was included in the proposed rule released earlier this year, CMS has increased calendar year 2023 Medicare payments to home health agencies by 0.7 percent or $125 million in comparison to calendar year 2022.

 

  • Patient-Driven Groupings Model and Behavioral Changes. A -3.925 percent permanent adjustment to the 30-day payment rate has been implemented for calendar year 2023. The purpose of this adjustment is to ensure that aggregate expenditures under the new patient-driven groupings model payment system are equal to what they would have been under the old payment system. Additional permanent adjustments are expected to be proposed in future rulemaking.

 

  • Permanent Cap on Wage Index Decreases. The rule finalizes a permanent 5 percent cap on negative wage index changes for home health agencies.

 

  • Recalibration of Patient-Driven Groupings Model Case-Mix Weights. CMS has finalized the recalibration of the case-mix weights, including the functional levels and co-morbidity adjustment subgroups and the low utilization payment adjustment thresholds, using calendar year 2021 data in an effort to more accurately pay for the types of patients home health agencies are serving.

 

  • Telehealth. CMS plans to begin collecting data on the use of telecommunications technology under the home health benefit on a voluntary basis beginning on January 1, 2023, and on a mandatory basis beginning on July 1, 2023. Further program instruction for reporting this information on home health claims is expected to be issued in January of 2023.

 

  • Home Infusion Therapy Benefit. The Consumer Price Index for all urban consumers for June 2022 is 9.1 percent and the corresponding productivity adjustment is a reduction of 0.4 percent. Therefore, the final home infusion therapy payment rate update for calendar year 2023 is an increase of 8.7 percent. The standardization factor, the final geographic adjustment factors, national home infusion therapy payment rates, and locality-adjusted home infusion therapy payment rates will be posted on CMS’ Home Infusion Therapy Services webpage once the rates are finalized.

 

  • Finalization of All-Payer Policy for the Home Health Quality Reporting Program. CMS has ended the temporary suspension of Outcome and Assessment Information Set (OASIS) data collection on non-Medicare/non-Medicaid home health agency patients. Beginning in calendar year 2027, home health agencies will be required to submit all-payer OASIS data, with two quarters of data required for program year 2027. A phase-in period will occur from January 1, 2025 through June 30, 2025, and during that time the failure to submit the data will not result in a penalty.

 

  • Health Equity Request for Information. The comments received from stakeholders providing feedback on health equity measure development for the Home Health Quality Reporting Program and the potential future application of health equity in the Home Health Value-Based Purchasing Expanded Model’s scoring and payment methodologies are summarized in the final rule.

 

  • Baseline Years in the Expanded Home Health Value-Based Purchasing (HHVBP) Model. For the Expanded Home Health Value-Based Purchasing Expanded Model, CMS is: updating definitions, changing the home health agency baseline calendar year (from 2019 to 2022 for existing home health agencies with a Medicare certification date prior to January 1, 2019, and from 2021 to 2022 for home health agencies with a Medicare certification date prior to January 1, 2022); and changing the model baseline calendar year from 2019 to 2022 starting in 2023.

For more Health Care legal news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

EPA Announces the Release of Its Endangered Species Act Workplan Update

On November 16, 2022, the U.S. Environmental Protection Agency (EPA) announced it released an Endangered Species Act (ESA) Workplan Update (Workplan Update) that outlines major steps to increase protections for wildlife and regulatory certainty for pesticide users. The Workplan Update details how EPA will pursue protections for nontarget species, including federally listed endangered and threatened (i.e., listed) species, earlier in the process for pesticide registration review and other Federal Insecticide, Fungicide, and Rodenticide Act (FIFRA) actions. According to EPA, these early protections will help EPA comply with the ESA, thus reducing its legal vulnerability, providing farmers with more predictable access to pesticides, and simplifying the ESA-FIFRA process that, left unchanged, creates both significant litigation risk and a workload far exceeding what EPA has the resources to handle.

EPA states this update is a follow-up to EPA’s April 2022 ESA Workplan that addresses the complexity of meeting its ESA obligations for thousands of FIFRA actions annually. The ESA Workplan prioritizes certain FIFRA actions for ESA compliance, outlines how EPA will pursue early mitigation for listed species under FIFRA, and describes directions for expediting and simplifying the current pesticide consultation process.

As part of registering new pesticides or reevaluating pesticides during registration review, EPA has a responsibility under the ESA to ensure certain pesticide registrations do not jeopardize the continued existence of listed species or adversely modify their designated critical habitats. EPA states that it has seen in the past few decades an increase in litigation due to EPA’s failure to meet its ESA obligations when taking FIFRA actions. Over the next six years, existing court-enforceable deadlines will require EPA to complete ESA reviews for 18 pesticides — the most EPA estimates it can handle during this period based on its current capacity and processes. Ongoing litigation and settlement discussions for other lawsuits cover dozens of additional pesticides and will likely fill the EPA’s ESA workload well beyond 2030. According to EPA, if its ESA efforts continue at this pace, a future court may decide to curtail drastically pesticide use until EPA meets its obligations. EPA believes this situation would be unsustainable and legally tenuous and provide inadequate protection for listed species and create regulatory uncertainty for farmers and other pesticide users.

The Workplan Update is EPA’s first update to the ESA Workplan and covers four main goals:

  1. Describes EPA’s overall approach to mitigating ecological risks in registration review, which includes prioritization of registration review cases based on opportunities to reduce a pesticide’s risk to human health or the environment.

  2. Proposes a menu of FIFRA Interim Ecological Mitigation measures that EPA will draw from for many future conventional and biological pesticide registration and registration review actions to protect nontarget species. For each FIFRA action, EPA will consider this menu and propose, based on the risks and benefits of the particular pesticide, which specific measures to include on the pesticide label.

  3. Proposes label language to expand the use of online endangered species protection bulletins to implement geographically specific mitigation measures for individual listed species. These measures are designed to focus protections only in specific needed areas, thus minimizing impacts to agriculture. Where needed, EPA may develop these measures to complement the generic FIFRA ecological mitigation described above.

  4. Describes current and future programmatic initiatives with other federal agencies to prioritize mitigation for listed species that are particularly vulnerable to pesticides and to improve the efficiency and timeliness of the ESA-FIFRA process.

The first strategy described in EPA’s ESA Workplan is to “meet ESA obligations for FIFRA actions.” EPA states as part of its work to execute this strategy, it has identified a menu of Interim Ecological Mitigation measures it will use as a starting point to address pesticide risks to nontarget species during registration and registration review.

The menu of Interim Ecological Mitigation will include measures to reduce pesticide spray drift and pesticide runoff and will be considered as part of EPA’s upcoming proposed interim registration review decisions. While EPA intends for this set of Interim Ecological Mitigation measures to apply widely to many pesticides, EPA will consider the menu of options for any given pesticide depending on the level of risk that it poses to species and the exposure route.

EPA anticipates that this approach will more efficiently establish protections for nontarget species, including listed species, and standardize the protections across similar pesticides, in contrast to identifying mitigation measures pesticide by pesticide or species by species, as EPA has typically done in the past.

EPA states it will also work with registrants to add language on pesticide incident reporting, advisory language to protect insect pollinators, and language to most outdoor-use pesticide labels that directs users to reference Bulletins Live! Two, a website where pesticide users can find endangered species protection bulletins. These bulletins describe geographically specific use limitations to protect threatened and endangered species and their designated critical habitat.

EPA expects that once consultation with the U.S. Fish and Wildlife Service and the National Marine Fisheries Service is completed for any given outdoor-use pesticide, endangered species protection bulletins may be necessary for at least one listed species.

EPA also expects that working with registrants proactively to add the reference to Bulletins Live! Two to pesticide labels in advance of consultation will ultimately save EPA, state partners, and registrants time and resources by minimizing the number of amendments to labels.

The ESA Workplan Update also describes initiatives that, according to EPA, will help it and other federal agencies improve approaches to mitigation under the ESA and improve the interagency consultation process outlined in the ESA Workplan. These initiatives include EPA’s work to identify ESA mitigation measures for pilot species, incorporate early ESA mitigation measures for groups of pesticides (e.g., herbicides), and develop region-specific ESA mitigations.

Comments on the proposed set of interim mitigation measures and the proposed revisions to label language included in the Workplan Update appendix are due on or before January 30, 2023. Comments can be submitted at EPA-HQ-OPP-2022-0908.

Commentary

This next phase of the ESA Workplan provides more detail about how EPA plans to impose various mitigation measures to meet its ESA obligations when registering a pesticide. The most favorable view of what EPA has presented is that it continues the march toward ESA compliance, which is long overdue, and provides more detail about the kinds of mitigation approaches it will place on pesticide labels to meet ESA requirements. The less favorable view here is that EPA has outlined a number of “off the shelf” mitigation options (buffers to reduce pesticide drift and water runoff), and EPA might impose such conditions in many instances where more careful analysis of usage data and site- or use-specific considerations might lessen the areas where such mitigation measures are needed.

EPA has stated previously as part of its earlier Workplan document, issued in April 2022, that using the present approaches EPA would complete only 5 percent of the ESA required reviews in about 18 years — implying that the current approach would take about 360 years to complete. This next iteration of the Workplan, describing “early mitigation” strategies, is designed to reduce this unacceptable timeframe (360 years), but is likely to lead to fears among some stakeholders that in a “rush” to complete this work, EPA will make overly conservative label restrictions and reduce availability of the pesticide without increased species protections. Such concerns raise immediate ancillary concerns about stakeholder involvement in decision-making, compliance with what might be complicated label requirements, and enforcement of what is already typically a long list of label requirements for many current products. An example of such issues: one mitigation option example discussed is “do not use when rain is expected in the next 48 hours” — which could raise issues concerning what or how compliance might be proven or enforced.

Again, to be sure, this next document about how EPA plans to make significant progress in meeting its ESA obligations continues the effort to convince courts that it is meeting its ESA obligations. As such, it represents a large step forward where in the past EPA was left with little progress or plans to present in court as part of litigation over ESA compliance. As it continues to reveal its plans and options, however, stakeholders will need to follow closely and consider the possible impacts of the Workplan and the resulting label proposals to follow.

For more Environmental Law news, click here to visit the National Law Review.

©2022 Bergeson & Campbell, P.C.

Dead Canary in the LBRY

In a case watched by companies that offered and sold digital assets1 Federal District Court Judge Paul Barbadoro recently granted summary judgment for the Securities and Exchange Commission (“SEC”) against LBRY, Inc.2 This case is seen by some as a canary in the coalmine in that the decision supports the SEC’s view espoused by SEC Chairman Gary Gensler that nearly all digital assets are securities that were offered and sold in violation of the securities laws.3 For FinTech companies hoping to avoid SEC enforcement actions, the LBRY decision strongly suggests that all companies offering digital assets could be viewed by courts as satisfying the Howey test for investment contract securities.4

LBRY is a company that promised to use blockchain technology to allow users to share videos and images without the need for third-party intermediaries like YouTube or Facebook. LBRY offered and sold LBRY Credits, called LBC tokens, that would compensate participants of their blockchain network and would be spent by LBRY users on things like publishing content, tipping content creators, and purchasing paywall content. At launch, LBRY had pre-mined 400 million LBC for itself, and approximately 600 million LBC would be available in the future to compensate miners. LBRY spent about half of the 400 million LBC tokens on various endeavors, such as direct sales and using the tokens to incentivize software developers and software testers.

Judge Barbadoro concluded as a matter of law (i.e., that no reasonable jury could conclude otherwise) that the LBC tokens were securities under Section 5 of the Securities Act. Applying the Howey test, Judge Barbadoro noted the only prong of the Howey test that was disputed in the case was: Did investors buy LBC tokens “with an expectation of profits to be derived solely from the efforts of the promoter or a third party”? Judge Barbadoro answered resoundingly, “Yes.”

Most important to his conclusion that investors purchased LBC tokens with the expectations of profits solely through the efforts of the promoter (i.e., LBRY) were: the many statements made by LBRY employees and community representatives about the price of LBC and trading volume of LBC; and many statements that LBRY made about the development of its content platform, including how the platform would yield long-term value to LBC holders. Critically, however, Judge Barbadoro found that even if LBRY had made none of these statements, the LBC token would still constitute a security because “any reasonable investor who was familiar with the company’s business model would have understood the connection” between LBC value growth and LBRY’s efforts to grow the use of its network. Even if LBRY had never said a word about the LBC token, Judge Barbadoro found that the LBC token would constitute a security because LBRY retained hundreds of millions of LBC tokens for themselves, thus signaling to investors that it was committed to working to improve the value of the token.

Judge Barbadoro flatly rejected LBRY’s defense that the LBC token cannot be a security because the token has utility.5 The judge noted, “Nothing in the case law suggests that a token with both consumptive and speculative uses cannot be sold as an investment contract.” Likewise, Judge Barbadoro was unmoved by LBRY’s argument that it had no “fair notice” that the SEC would treat digital assets as unregistered securities simply because this was the first time the SEC had brought an enforcement action against an issuer of digital currency.6

In sum, if Judge Barbadoro’s reasoning is applied more broadly to the thousands of digital assets that have emerged over the last several years—including companies that tout the so called “utility” of their tokens—they will all likely be deemed digital asset securities that were offered and sold without a registration or an exemption from registration.

The LBRY decision is yet another case in which a court has concluded a digital asset is a security. Developers of digital assets must proceed with a high degree of caution. The SEC continues to display a high degree of willingness to initiate investigations and enforcement actions against issuers of digital assets that are viewed as securities under the Howey and Reeves tests, investment companies, or security-based swaps.

For more Securities Law and Digital Assets news, click here to visit the National Law Review.

Copyright ©2022 Nelson Mullins Riley & Scarborough LLP

FOOTNOTES

The SEC defines “digital assets” as intangible “asset[s] that [are] issued and transferred using distributed ledger or blockchain technology.” Statement on Digital Asset Securities Issuance and Trading, Division of Corporation Finance, Division of Investment Management, and Division of Trading and Markets, SEC (Nov. 16, 2018), available here.

SEC v. LBRY, Inc., No. 1:21-cv-00260-PB (D.N.H. filed Mar. 29, 2021), available here. A copy of the complaint against LBRY can be found here.

See, e.g., Gary Gensler, Speech – “A ‘New’ New Era: Prepared Remarks Before the International Swaps and Derivatives Association Annual Meeting” (May 11, 2022) (“My predecessor Jay Clayton said it, and I will reiterate it: Without prejudging any one token, most crypto tokens are investment contracts under the Supreme Court’s Howey Test.”), available here. Section 5(a) of the Securities Act of 1933 (the “Securities Act”) provides that, unless a registration statement is in effect as to a security, it is unlawful for any person, directly or indirectly, to sell securities in interstate commerce. Section 5(c) of the Securities Act provides a similar prohibition against offers to sell or offers to buy securities unless a registration statement has been filed.

SEC v. W.J. Howey Co., 328 U.S. 293 (1946). This case did not address when digital assets could be deemed debt securities under the test articulated by the U.S. Supreme Court in Reves v. Ernst & Young, 494 U.S. 56, 66-67 (1990), or when digital assets could be deemed an investment company under the Investment Company Acy of 1940. See, e.g., In the Matter of Blockfi Lending, Feb. 14, 2022, available here. This case also does not address when a digital asset is a security-based swap. See, e.g., In the Matter of Plutus Financial, Inc., (July 13, 2020), available here.

The argument a digital asset is not a security because it has “utility” is a favorite argument of critics of the SEC’s enforcement actions against issuers of digital assets. Unfortunately, the “utility” argument appears to be of little merit when the digital asset is offered and sold to raise capital.

This is an argument that has been made by a number of defendants in SEC enforcement actions involving digital asset securities.

“Red Flags in the Mind Set”: SEC Sanctions Three Broker/Dealers for Identity Theft Deficiencies

In 1975, around the time of “May Day” (1 May 1975), which brought the end of fixed commission rates and the birth of registered clearing agencies for securities trading (1976), the U. S. Securities and Exchange Commission (“SEC”) created a designated unit to deal with the growth of trading and the oversight of broker/dealers. That unit, the Office of Compliance Inspections and Examinations (the “OCIE”), evolved and grew over time. It regularly issued Risk Alerts on specific topics aimed at Broker/Dealers and/or Investment Advisers, expecting that those addressees would take appropriate steps to prevent the occurrence of the identified risk, or at least mitigate its impact on customers. On Sept. 15, 2020, the OCIE issued a Risk Alert entitled “Cybersecurity: Safeguarding Client Accounts against Credential Compromise,” which emphasized the importance of compliance with SEC Regulation S-ID, the “Identity Theft Red Flags Rule,” adopted May 20, 2013, under Sections of the Securities Exchange Act of 1934 (the “34 Act”) and the Investment Advisers Act of 1940, as amended (the “40 Act”). See, in that connection, the discussion of this and related SEC cyber regulations in my Nov. 19, 2020, Blog “Credential Stuffing: Cyber Intrusions into Client Accounts of Broker/Dealers and Investment Advisors.”

The SEC was required to adopt Regulation S-ID by a provision in the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act, which amended a provision of the Fair Credit Reporting Act of 1970 (“FCRA”) to add both the SEC and the Commodity Futures Trading Commission to the federal agencies that must have “red flag” rules. That “red flag” requirement for the seven federal prudential bank regulators and the Federal Trade Commission was made part of the FCRA by a 2003 amendment. Until Wednesday, July 27, 2022, the SEC had (despite the Sept. 15, 2020, Risk Alert) brought only one enforcement action for violating the “Red Flag” Rule (in 2018 when customers of the firm involved suffered harm from the identity thefts). In 2017, however, the Commission created a new unit in its Division of Enforcement to better address the growing risks of cyber intrusion in the U.S. capital markets, the Crypto Assets and Cyber Unit (“CACU”). That unit almost doubled in size recently with the addition of 20 newly assigned persons, as reported in an SEC Press Release of May 3, 2022. There the Commission stated the Unit “will continue to tackle the omnipresent cyber-related threats in the nation’s [capital] markets.” Also, underscoring the ever-increasing role played by the SEC in overseeing the operations of broker/dealers and investment advisers, the OCIE was renamed the Division of Examinations (“Exams”) on Dec. 17, 2020, elevating an “Office” of the SEC to a “Division.”

Examinations of three broker/dealers by personnel from Exams led the CACU to investigate all three, resulting in the institution of Administrative and Cease-and Desist Proceedings against each of the respondents for violations of Regulation S-ID. In those proceedings, the Commission alleged that the Identity Theft Protection Program (“ITPP”), which each respondent was required to have, was deficient. Regulation S-ID, including its Appendix A, sets forth both the requirements for an ITPP and types of red flags the Program should consider, and in Supplement A to Appendix A, includes examples of red flags from each category of possible risks. An ITPP must be in writing and should contain the following:

  1. Reasonable policies and procedures to identify, detect and respond appropriately to relevant red flags of the types likely to arise considering the firm’s business and the scope of its brokerage and/or advisory activities; and those policies and procedures should specify the responsive steps to be taken; broad generalizations will not suffice. Those policies and procedures should also describe the firm’s practices with respect to theft identification, prevention, and response, and direct that the firm document the steps to be taken in each case.
  2.  Requirements for periodic updates of the Program, including updates reflecting the firm’s experience with both a) identity theft; and b) changes in the firm’s business. In addition, the updates should address changes in the types and mechanisms of cybersecurity risks the firm might plausibly encounter.
  3. Requirements for periodic review of the types of accounts offered and the risks associated with each type.
  4. Provisions directing at least annual reports to the firm’s board of directors, and/or senior management, addressing the program’s effectiveness, including identity theft-related incidents and management responses to them.
  5. Provisions for training of staff in identity theft and the responses required by the firm’s ITPP.
  6. Requirements for monitoring third party service providers for compliance with identity theft provisions that meet those of the firm’s program.

The ITPP of each of the three broker/dealers was, as noted, found deficient. The first, J.P. Morgan Securities, LLC (“MORGAN”), organized under Delaware law and headquartered in New York, New York, is a wholly owned subsidiary of JPMorgan Chase & Co. (described by the Commission as “a global financial services firm” in its July 27, 2022, Order Instituting Administrative and Cease-and-Desist Proceedings [the “Morgan Order”]). Morgan is registered with the Commission as both a broker/dealer (since Dec. 13, 1985) and an investment adviser (since April 3, 1965). As recited in the Morgan Order, the SEC found Morgan offered and maintained customer accounts “primarily for personal, family, or household purposes that involve or are designed to permit multiple payments or transactions.” The order further notes that from Jan. 1, 2017, through Dec. 31, 2019, Morgan’s ITPP did not meet the requirements of Regulation S-ID because it “merely restated the general legal requirements” and did not specify how Morgan would identify a red flag or direct how to respond to it. The Morgan Order notes that although Morgan did take action to detect and respond to incidents of identity theft, the procedures followed were not in Morgan’s Program. Further, Morgan did not periodically update its program, even as both the types of accounts offered, and the extent of cybersecurity risks changed. The SEC also found Morgan did not adequately monitor its third-party service providers, and it failed to provide any identity theft-specific training to its staff. As a result, Morgan had violated Regulation S-ID. The order noted that Morgan “has undertaken substantial remedial acts, including auditing and revising … [its Program].” Nonetheless, Morgan was ordered to cease and desist from violating Regulation S-ID, was censured, and was ordered to pay a civil penalty of $1.2 million.

The second broker/dealer charged was UBS Financial Services Inc.(“UFS”), a Delaware corporation dually registered with the Commission as both a broker/dealer and an investment adviser since 1971. UFS, headquartered in Weehawken, New Jersey, is a subsidiary of UBS Group AG, a publicly traded major financial institution incorporated in Switzerland. In 2008, UBF adopted an ITPP (the “UBF Program”) pursuant to the 2003 amendments to the FCRA. The program applied both to UBF and to other affiliated entities and branch offices in the U.S. and Puerto Rico “which offered private and retail banking, mortgage, and private investment services that operated under UBS Group AG’s Wealth Management Americas’ line of business.” See my blog published on Aug. 22, 2022, “Only Sell What You Know: Swiss Bank Negligence is a Fraud on Clients,” for information about the origins and history of UBS Group AG.

The July 27, 2022, SEC Order instituting Administrative and Cease-and-Desist Proceedings against UBF (the “UBF Order”) stated that UBF made no change to the UBF Program when, in 2013, it became subject to Regulation S-ID, or thereafter from Jan. 1, 2017, to Dec. 31, 2019, other than to revise the list of entities and branches it covered. The Commission found UBF failed to update the UBF Program even as the accounts it offered changed, and without considering if some accounts offered by affiliated entities and branches are not “covered accounts” within regulation S-ID. The UBF Program did not have reasonable policies and procedures to identify red flags, taking into consideration account types and attendant risks, and did not specify what responses were required. The SEC also found the program wanting for not providing for periodic updates, especially addressing changes in accounts and/or in cybersecurity risks. The annual reports to the board of directors “did not provide sufficient information” to assess the UBF Program’s effectiveness or the adequacy of UBF’s monitoring of third-party service providers; indeed, the UBF Order notes the “board minutes do not reflect any discussion of compliance with Regulation S-ID.” In addition, UBF “did not conduct any training of its staff specific” to the UBF Program, including how to detect and respond to red flags.  As a result, the Commission found UBF in violation of Regulation S-ID. Although the Commission again noted the “substantial remedial acts” undertaken by UBF, including retaining “an outside consulting firm to review its Program” and to recommend change, the SEC nonetheless ordered UBF to cease and desist from violating the Regulation, censured UBF, and ordered it to pay a civil penalty of $925,000.

The third member of this broker/dealer trio is TradeStation Securities, Inc. (“TSS”), a Florida corporation headquartered in Plantation, Florida, that, according to the July 27, 2022, SEC Order Instituting Administrative and Cease-and-Desist Proceedings (the “TSS Order”), “provides primarily commission-free, directed online brokerage services to retail and institutional customers.” TSS has been registered with the SEC as a broker/dealer since January 1996. Their ITPP, too, was found deficient. The ITPP implemented by TSS (the “TSS Program”) essentially ignored the reality of TSS’s business as an online operation. For instance, the TSS Program cited only the red flags offered as “non-comprehensive examples in Supplement A to Appendix A” and not any “relevant to its business and the nature and scope of its brokerage activities.” Hence, the TSS Program cited the need to confirm the physical appearance of customers to make certain it was consistent with photographs or physical descriptions in the file. But an online broker/dealer would have scant opportunity to see a customer or a new customer in person, even when opening an account. Nor did TSS check the Supplement A red flag examples cited in the TSS Program when opening new customer accounts. The TSS Program directed only that “additional due diligence” should be performed if a red flag were identified, rather than directing specific responsive steps to be taken, such as not opening an account in a questionable situation. There were no requirements for periodic updates of the TSS Program. Indeed, “there were no material changes to the Program” after May 20, 2013, “despite significant changes in external cybersecurity risks related to identity theft.” At this point in the TSS Order, the Commission cited a finding in the Federal Register that “[a]dvancements in technology … have led to increasing threats to the integrity … of personal information.” The SEC found that TSS did not provide reports about the TSS Program and compliance with Regulation S-ID either to the TSS board or to a designated member of senior management, and that TSS had no adequate policies and procedures in place to monitor third-party service providers for compliance with detecting and preventing identity theft. The order is silent on the extent of TSS’s training of staff to deal with identity threats, but considering the other shortcomings, presumably such training was at best haphazard. The Commission found that TSS violated Regulation S-ID. Although the TSS Order noted (as with the other Proceedings) the “substantial remedial acts” undertaken by TSS, including retaining “an outside consulting firm” to aid compliance, the Commission nonetheless ordered TSS to cease-and-desist from violating the Regulation, censured TSS, and ordered it to pay a civil penalty of $425,000.

These three enforcement actions on the same day, especially ones involving two of the world’s leading financial institutions, signal a new level of attention by the Commission to cybersecurity risks to customers of broker/dealers and investment advisers, with a focus on the risks inherent in identity theft. As one leading law firm writing about these three actions advised, “[f]irms should review their ITPPs placing particular emphasis on identifying red flags tailored to their business and on conducting regular compliance reviews to update those red flags and related policies and procedures to reflect changes in business practices and risk.” That sound advice should be followed NOW, before the CACU comes calling.

For more Financial, Securities, and Banking Law news, click here to visit the National Law Review.

©2022 Norris McLaughlin P.A., All Rights Reserved

Congress Passes Speak Out Act, Banning Certain Prospective Non-Disclosure Agreements (US)

Earlier this year, we reported that Congress amended the Federal Arbitration Act to preclude compulsory binding arbitration of sexual assault and sexual harassment claims. This past week, Congress went a step further, passing the Speak Out Act, S. 4524, which is aimed at prohibiting prospective, pre-dispute non-disclosure and non-disparagement agreements that prevent employees from discussing sexual harassment or sexual assault. The Senate passed the bill unanimously on September 29, 2022 and the House of Representatives voted in favor of the measure, 315-109, on November 17, 2022. President Biden has expressed his intention to sign the bill into law, and it will become effective immediately upon his signature.

The bipartisan federal legislation – the latest federal bill inspired by the #metoo movement and one that has been slowly gaining support over the past five years – applies only to pre-dispute nondisclosure and non-disparagement agreements and similar clauses in employment agreements, rendering them null and void in instances in which sexual harassment or sexual assault is alleged in violation of federal, state, or tribal law. The goal of the bill is to prevent the use of pre-dispute agreements aimed at silencing employees from reporting sexual impropriety in the workplace. Similar measures have been passed at the state level in some jurisdictions (see, for example, our prior reporting regarding analogous California, Illinois, Maryland, and Vermont herehere, and here, to name just a few), but when President Biden signs the Speak Out Act, as he has indicated he will do, the law becomes immediately effective nationwide.

Earlier versions of the Speak Out Act included language precluding non-disclosure clauses as applied to claims of race, age, national origin, and similar equal employment opportunity claims, but the bill was stripped back to apply only to claims of sexual harassment and sexual assault in its final form. President Biden’s administration urges further legislation to address the use of non-disclosure agreements used to prevent discussion of other types of labor violations, but as a practical matter, the National Labor Relations Act already protects the right of covered employees to engage in protected, concerted activity – such as discussing workplace discrimination, assault, and harassment – and existing EEO laws protect employees engaged in conduct aimed at asserting their own rights or cooperating with other employees in protecting their rights.

Furthermore, the Speak Out Act only precludes the use of pre-dispute non-disclosure and non-disparagement agreements, meaning those signed before the unlawful conduct begins. It does not prevent employers and employees from agreeing to confidential settlements after alleged sexual harassment or abuse occurs. Parties remain free to enter into such arrangements, provided that employers still cannot preclude employees from reporting violations of EEO laws to agencies entrusted with enforcing such laws, like the Equal Employment Opportunity Commission. Employers may still require non-disclosure agreements to protect trade secrets and confidential business information, and may still include confidentiality provisions in severance agreements. Consequently, the Speak Out Act is not as much a sea change itself as a recommitment by Congress and the Administration to expanding measures aimed at transparency around sexual misconduct in the workplace. Employers should review existing handbook policies and standard non-disclosure agreements to ensure compliance with the Speak Out Act, but that should be just one small step in a comprehensive audit of sexual harassment policies, reporting mechanisms, and investigation procedures.

For more Labor and Employment Law news, click here to visit the National Law Review.

© Copyright 2022 Squire Patton Boggs (US) LLP

FDA Issues Warning Letters to 7 Dietary Supplement Companies for Drug Claims

  • On November 17, 2022, FDA posted warning letters to 7 companies for selling different dietary supplements with claims that caused the products to be “drugs” in violation of the Federal Food, Drug, and Cosmetic Act (FD&C Act).  Under the FD&C Act, products intended to diagnose, cure, treat, mitigate, or prevent disease are drugs and are subject to the requirements that apply to drugs, even if they are labeled as dietary supplements.

  • The claims were found on the 7 companies’ websites, social media pages, and/or Amazon or Walmart storefronts, and included a variety of statements regarding the products’ claimed abilities to cure, treat, mitigate, or prevent cardiovascular disease (or related conditions, such as atherosclerosis, stroke, or heart failure).  Six of the companies at issue sell a product(s) containing one or more dietary ingredients identified as Vitamin B3, red yeast rice, pine bark extract, EPA and DHA omega-3 fatty acids, magnesium, zinc, bergamot, Hawthorn berry, Hawthorn extract, Coleus forskohlii, hops, taurine, garlic powder, amino sulfonic acid, Co-Q-10, and/or octacosanol.  The seventh company does not list a dietary ingredient but identifies its product as a “glycocalyx regenerating product” and notes various “pathologies associated with impaired endothelial glycocalyx.”  As noted in the warning letters, FDA has not evaluated whether the unapproved products are effective for their intended use, the proper dosage, potential interaction with FDA-approved drugs or other substances, or whether they have dangerous side effects or other safety concerns.  Further, in addition to characterizing the products as unapproved “new drugs,” FDA’s letters note misbranding charges based on the impossibility of writing adequate directions for a layperson to use the products safely for the intended purpose of treating one more diseases that are not amenable to self-diagnosis or treatment without the supervision of a licensed practitioner.

  • FDA requested that the companies respond to the warning letters within 15 working days and describe how they will address the issues, or provide reasoning and substantiation as to why they believe the products are not in violation of the law.  Failure to adequately address could result in legal action, such as product seizure and/or injunction.

For more Biotech, Food and Drug Law news, click here to visit the National Law Review

© 2022 Keller and Heckman LLP

Supply Chain Shortages in the Meat and Poultry Industries

With Thanksgiving fast approaching, you have probably heard that there is a turkey shortage1 – brought about by a combination of rising costs for feed and fuel, continued labor shortages, and – if that were not enough –a virulent strain of avian flu decimating turkey flocks across the U.S.

Although industries across the board have felt the effects of supply chain disruptions brought on by the COVID-19 pandemic, the meat and poultry industry has been particularly hard-hit. So much so that the Biden Administration, in concert with the United States Department of Agriculture (USDA), has moved forward with regulatory actions aimed at easing the supply bottleneck. Whether they will have the intended effect remains to be seen.

In July 2021, President Biden signed an Executive Order on Promoting Competition in the American Economy (the Executive Order).2 The Executive Order directs 72 different actions across the federal government, including several rulemaking directives to the USDA aimed at increasing competition within the meat and poultry industry. Among other things, the Executive Order directs the USDA to issue new rules defining when meat can bear “Product of USA” labels, to address perceived loopholes in the current rules, and to issue new rules under the Packers and Stockyards Act. Following the Executive Order, the USDA has made progress on these new rules, and recently announced new initiatives to ramp up antitrust enforcement in the meat industry.

(For more on this Executive Order and its implications across industries, see a prior article from our Foley colleagues, President Biden’s Executive Order on Competition Could Mean Broad Changes Across a Range of Industries.)

Modernizing the Packers and Stockyards Act

The Packers and Stockyards Act (PSA), enacted in 1921, is a federal law designed to combat labor abuses by meatpackers and processors. Specifically, the PSA makes it illegal for livestock and poultry producers to engage in any unfair, unjustly discriminatory, or deceptive practice,3 or to give any undue or unreasonable preference or advantage to any person or locality.4 Congress explicitly intended the protections in the PSA to be broader than those found in other federal statutes, such as the Sherman Antitrust Act.5 However, the USDA believes the force of the PSA has been reduced by a combination of regulatory narrowing, budget and administrative cuts, and under-enforcement in previous decades. For that reason, the USDA announced three rulemaking actions designed to address livestock and poultry markets as they exist today so the PSA fulfills Congress’s goal to protect livestock producers and poultry growers.

The first proposed rule, released in draft form on June 7, 2022,6 is intended to promote transparency in poultry production contracting by revising the list of disclosures and information live poultry dealers must furnish to poultry growers and sellers with whom the dealers contract. The proposed rule establishes additional disclosure requirements in connection with the use of poultry grower ranking systems by live poultry dealers to determine settlement payments for poultry growers.

The second proposed rule, released in draft form on October 3, 2022,7 identifies retaliatory practices taken by regulated entities – which the PSA defines as swine contractors, live poultry dealers, or packers – that interfere with lawful communications, assertions of rights, and participation in associations (among other protected activities), as “unjust discrimination.” The proposed rule also identifies unlawfully deceptive practices with respect to contract formation, performance, termination, and refusal. Specifically, USDA proposes to:

  • Prohibit, as “undue prejudices,” disadvantages and other adverse actions against “market vulnerable” individuals who are deemed to be at heightened risk of adversely differential treatment in relevant markets;

  • Prohibit, as “unjust discrimination,” retaliatory and adverse actions that interfere with lawful communications, assertions of rights, associational participation, and other protected activities;

  • Prohibit, as deceptive practices, regulated entities employing pretexts, false or misleading statements, or omissions of material facts, in contract formation, performance, termination, and refusal; and

  • Require recordkeeping to support USDA monitoring, evaluation, and enforcement of compliance with aspects of the rule.

The USDA is presently seeking comments on this proposed rule, with the rulemaking docket open for comment until December 2, 2022. Following the comment period, the third potential rule, which has not yet been released, will focus on certain unfair practices and undue preferences. In addition, the third rule will explain whether and when a showing of harm to competition is—or is not—required under sections 202(a) and (b) of the PSA.

Increased Focus on Antitrust Enforcement

A recurring theme underlying the USDA’s recent rulemaking efforts is a perception that existing federal laws aimed at protecting farmers, ranchers, and other agricultural producers have been under-enforced. Earlier in 2022, the USDA and the U.S. Department of Justice (DOJ) jointly expressed a shared commitment to enforcing “federal competition laws that protect farmers, ranchers, and other agricultural producers and growers from unfair and anticompetitive practices.”8 One notable component of this agency cooperation is a new USDA website, www.farmerfairness.gov, which allows anyone to report complaints of potential violations of antitrust laws and the PSA. In addition, the website incorporates existing PSA confidentiality and whistleblower protections against retaliation for those who report criminal antitrust concerns.

In September 2022, the USDA also announced the availability of $15 million in funding to encourage state Attorneys General (AGs) to partner with the USDA on competition issues in the food and agricultural space. The USDA expects to engage state AGs through a combination of renewable cooperation agreements and memoranda of understanding aimed at improving state AGs’ ability to conduct on-the-ground investigations of competition issues. The USDA says it will work directly with state AG offices to solicit applications for funding.

These recent agency efforts come on the heels of multiple civil lawsuits alleging price-fixing and other anticompetitive practices by producers across the beef, pork, and poultry industries.

Conclusion: Will the Turkey Shortage Affect Your Thanksgiving?

It is too early to say whether the USDA’s recent efforts to address competition in the meat and poultry industry will result in lower prices – in part because the effects of the COVID-19 pandemic (e.g., labor shortages, shipping disruptions, and higher prices for inputs like fuel and animal feed) still linger. However, as national and global supply chains begin to return to pre-pandemic operations, consumers can hope for a less expensive turkey on the dinner table by next Thanksgiving.

For more Biotech, Food & Drug Law news, click here to visit the National Law Review

© 2022 Foley & Lardner LLP

FOOTNOTES

1 https://www.nytimes.com/2022/10/21/dining/thanksgiving-turkeys-cost-infl…

2 Executive Order 14036, Promoting Competition in America’s Economy, 86 Fed Reg. 36987, July 9, 2021.

3 7 U.S.C. § 192(a).

4 7 U.S.C. § 192(b).

5 See, e.g., Wilson & Co. v. Benson, 286 F.2d 891, 895 (7th Cir. 1961).

6 Docket No. AMS-FTPP-21-0044.

7 Docket No. AMS-FTPP-21-0045.

8 https://www.usda.gov/media/press-releases/2022/01/03/agriculture-department-and-justice-department-issue-shared