SCOTUS Decision Affects Diversity Jurisdiction of Business Trusts

Many registered investment companies and real estate investment trusts are organized as business trusts. Certain states, such as Maryland, Delaware, and Massachusetts have been hospitable to such entities, and therefore are home to many of these entities. In some states, such as Massachusetts, the entities are formed as common-law trusts, while in others there is a statutory authorization for the formation of a business trust. However, unlike corporations which exist as “persons” for the purpose of legal actions, there have been questions raised as to whether business trusts have a separate legal existence.

The issue of whether a trust is a separate legal entity can impact how trusts access courts.  In a decision that could significantly impact the way in which business trusts determine the forum in which they sue or are sued, on March 7, 2016 the U.S. Supreme Court decided a case involving Americold Realty Trust. In that decision, the Court held that, unlike a corporation, a trust does not have a separate legal existence for the purpose of determining the citizenship of the entity.

The decision reaffirmed that a corporation is a citizen of the state in which it is organized (and the state in which it maintains its principal office, if different).  However, in an 8-0 decision, the Court held that trusts are not separate legal entities with a defined state of citizenship.  Rather, the citizenship of a business trust will be determined by where the beneficiaries of the trust are located.  For a large, publicly-owned business trust, such as a registered investment company or a REIT which have shareholders scattered in many or all of the states, that may effectively destroy any basis for such a trust to use diversity of citizenship to affect federal court jurisdiction.  If sued, this could force such entities to litigate in jurisdictions where the trust is not organized and does not maintain an office because an isolated shareholder resides in that jurisdiction.

While there may be little that investment companies or REITs can do to alter the impact of this decision, it will be interesting to see if the state laws authorizing such trusts can be revised in a way that may impact the consequences of this decision.

Article By Steven M. Felsenstein of Greenberg Traurig, LLP

©2016 Greenberg Traurig, LLP. All rights reserved.

Financial Services Sector Implications of ‘Brexit

Should Britain decide to leave both the EU and EEA as a result of a “Brexit” vote on 23 June 2016, the impact on UK and EU financial services firms could be significant.

The City of London is Europe’s key financial centre and one of the world’s leading financial centres. As such, asset managers, investment banks, retail banks, broker-dealers, corporate finance firms, and insurers choose the United Kingdom to headquarter their businesses, anchoring themselves in a convenient time zone and location from which to access the European and global markets.

A central plank of the European Union’s vision for a single market in financial services is that financial services firms authorised by their local member state regulators may carry on business in any other member state by establishing a local branch or by providing services on a cross-border basis without the need for separate authorisation in every host state. UK-based regulated asset managers (e.g., long-only, hedge fund, and private equity), banks, broker-dealers, insurers, Undertakings for Collective Investment in Transferable Securities Directive (UCITS) funds, UCITS management companies, and investment managers of non-UCITS (known as alternative investment funds or AIFs) have a passporting right to carry on business in any other state in the European Economic Area (EEA) in which they establish a branch or into which they provide cross-border services, without the need for further local registration. Passporting also facilitates the marketing of UCITS and AIFs established in the EEA (EEA AIFs) into other member states.

Members of the EEA (which comprises the 28 EU member states and Norway, Liechtenstein, and Iceland) are subject to the benefits and burdens of the financial services single market directives and regulations, including passporting rights. One outcome of a vote to leave the European Union in the UK referendum to be held on 23 June 2016, would be that the UK leaves the EU but decides to remain in the EEA (with a similar status to, say, Norway)—in which case the impact of a “Brexit” on the financial sector would likely be minimal. Another outcome would be that the UK finds it unpalatable politically to leave the EU whilst remaining in the EEA and therefore decides to leave both the EU and the EEA; it is this scenario that would have significant impact on both UK and EU financial services firms.

Effect on Passporting for UK Financial Services Firms

According to figures released by the European Banking Authority (EBA) in December 2015, more than 2,000 UK investment firms carrying on Markets in Financial Instruments Directive (MiFID) business (e.g., portfolio managers, investment advisers, and broker dealers) benefit from an outbound MiFID passport, and nearly 75% of all MiFID outbound passporting by firms across the EEA is undertaken by UK firms into the EEA. Notably, according to the EBA, 2,079 UK firms use the MiFID passport to access markets in other EEA countries, and the next two highest totals in the EBA list are Cyprus (148 firms) followed by Luxembourg (79 firms). EEA-wide, there are around 6,500 investment firms authorised under MiFID. The United Kingdom, Germany, and France are the main jurisdictions for more than 70% of the MiFID investment firm population of the EU; more than 50% are based in the UK.

We consider that these figures suggest that Continental consumers potentially stand to lose more than UK consumers in terms of the cross-border provision of financial services in the event of a Brexit, which could be a driver for the UK being given a special deal to permit access to continue, although this needs to be weighed against the political imperative that the remaining EU countries would likely feel against being seen as being too accommodating to a country leaving the EU.

In the event of a Brexit where the United Kingdom leaves the EEA, unless special arrangements for the UK were to be agreed between the UK and the EU, and subject to the more detailed comments below, UK firms would cease to be eligible for a passport to provide services cross-border into, or establish branches in, the remaining EEA countries (rEEA) and to market UCITS and AIFs across the rEEA. Instead, local licences would be required, and the use of relatively low-cost branches in multiple member states may have to be reassessed. UK-authorised firms no longer able to passport into the rEEA but wishing to do so would need to consider moving sufficient of their main operations to an rEEA jurisdiction in order to qualify for a passport.

Effect on UK Financial Services Regulatory Law

The EU is a major source of UK financial services regulatory law. Recent UK parliamentary research estimates that EU-related law constitutes one-sixth of the UK statute book. That figure does not include the deposit of more than 12,000 EU “regulations” which take direct effect in each member country (including the UK) in contrast to EU “directives” which must be implemented or “transposed” in local law by each country; EU regulations would cease to apply in the UK post-Brexit. In addition, it would be necessary for the UK to renegotiate or reconfirm a series of EU negotiated free-trade deals that would not automatically be inherited by the UK upon Brexit. Post-Brexit, the UK would need to legislate to “renationalise” voluminous laws rooted in the EU and fill any regulatory gaps in UK legislation once the EU treaties ceased to apply.

It would be open to the UK merely to incorporate directly applicable EU regulations into UK law. This might be the easiest course of action, given the volume and breadth of issues which would need to be addressed by the UK government in the event of a vote to leave the EU.

Accordingly, in contrast to the impact that the UK leaving the EEA would have on passporting, the UK regulatory environment for financial services firms may not change dramatically in the event of a Brexit, at least in the short-term. Furthermore, any subsequent changes to the UK regime are more likely than not to be deregulatory in nature and therefore favourable to UK firms. In relation to the AIFMD, to take one example, the UK government would have the option to introduce a more tailored and proportionate regime for fund managers managing AIFs with lower risk profiles.

Pre-Referendum Planning

Planning for a Brexit is difficult without knowing what a post-Brexit landscape would look like (as yet, this is a “known unknown”). However, in the run up to the UK referendum, it seems prudent for UK financial institutions to consider the impact of a Brexit on the terms of any new contracts being entered into and, if relevant, seek to make provision for a Brexit (e.g., by including Brexit in a force majeure provision; providing for termination rights in the event of a Brexit and adapting references to the EEA to continue to cover the UK, if appropriate).

Passporting aside, UK firms will also need to assess the practical issues that would arise in the event of a Brexit. For instance, investment strategies that permit investments in the EEA may need to be amended in order for investments in the UK to continue to be permitted. Similarly, a Brexit may impact the terms of product distribution agreements and other service agreements.

Alternative Investment Fund Managers Directive (AIFMD)

If the UK were to leave the EEA, then, potentially: UK AIFMs would be treated as non-rEEA AIFMs, marketing by UK AIFMs of AIFs to rEEA investors would have to be undertaken on the basis of member state private placement regimes, and UK AIFMs would no longer be able to manage (from the UK) an AIF established in an rEEA member state without being locally authorised in that member state to do so. Further, UK AIFMs that utilise AIFMD passports for MiFID investment services to provide segregated client portfolio management and/or advisory services on a cross-border basis would cease to be able to use those passports. Conversely, rEEA AIFMs that seek to manage or market AIFs in the UK or provide MiFID investment services to clients in the UK in reliance on AIFMD passports would no longer be able to do so.

However, unlike other single-market directives, the AIFMD provides for its regime to be extended to non-EEA managers, and this offers a potential “third way” should the UK not remain in the EEA. If the UK were to leave its current AIFMD compliant regime in place, it ought to be technically straightforward, following a Brexit, for the AIFMD to be extended to the UK. In this scenario, UK AIFMs could continue to be authorised under the regime and be entitled to use the AIF marketing and management passports (a non-rEEA manager passport). This possibility may influence the UK government to leave the current UK regime unchanged in the event of a vote to leave the EU. However, any such extension of the AIFMD would require a positive opinion from the European Securities and Markets Authority (ESMA) and a decision by the EU Commission, so there would be a political dimension to it that would likely introduce uncertainty.

It is important to note, though, that the use by a UK AIFM of a non-rEEA manager passport would be subject to a number of conditions prescribed by the AIFMD that would have material practical implications. In particular,

  • a UK AIFM would need to be authorised by the regulator in its rEEA “member state of reference” (this would be determined in accordance with the AIFMD by reference to where in the rEEA the manager is proposing to manage and/or market funds). This regulator could not be the Financial Conduct Authority (FCA), so the use of a non-rEEA manager passport would involve dual regulation and supervision—by the FCA in the UK and by a regulator in an rEEA country in relation to compliance with the directive for funds managed or marketed in rEEA countries (the guidance and approach to application and interpretation of the directive by the regulator and local rules in the member state of reference may well differ from that of the FCA);

  • it would be necessary to establish a legal representative in the member state of reference in order to be the contact point between the manager and rEEA regulators, and the manager and rEEA investors. The legal representative would be required to perform the compliance function relating to funds managed or marketed in rEEA countries; and

  • disputes with rEEA investors in a fund managed/marketed by a manager using a non-rEEA manager passport would need to be “settled in accordance with the law of and subject to the jurisdiction of a Member State”—this would preclude the use of UK courts as a forum for disputes with investors.

UK AIFMs should also note that the AIFMD does not provide for a non-rEEA manager passport to cover the provision of MiFID investment services on a cross-border basis. Accordingly, even if the AIFMD were to be extended to the UK so that UK AIFMs could use a non-rEEA manager passport to manage and/or market AIFs in the rEEA, in the event of the UK not remaining in the EEA, UK AIFMs providing cross-border MiFID investment services within the rEEA (e.g. discretionary management/advisory services for separate account clients) may need to think about where the services are in fact being provided and whether local authorisation would be required to continue the provision of those services. For the provision of MiFID investment services, this would re-establish the position prior to the implementation of the Investment Services Directive (the precursor of MiFID) in the mid-1990s.

Undertakings for Collective Investment in Transferable Securities Directive (UCITS)

A UCITS fund must by definition be EEA domiciled, as must its management company. Currently, both UCITS funds and their EEA managers benefit from the passport. UCITS funds are passportable into any other member state for the purposes of being marketed locally to the public and management companies can set up branches and/or provide services cross-border into other member states (e.g., a UK-based management company can provide management services to a UCITS fund based in any other EEA country such as, for example, Ireland or Luxembourg). UK UCITS funds and management companies established pre-Brexit would no longer qualify as UCITS post-Brexit. UK-based UCITS funds would no longer be automatically marketable to the public in the rEEA and would therefore become subject to local private placement regimes. Conversely, a UCITS fund established, say, in Ireland or Luxembourg, would no longer be marketable in the UK to the general public, and a management company based in Ireland or Dublin would no longer be entitled to provide management services to a UK-based UCITS fund.

Accordingly, consideration would need to be given to migrating UK UCITS funds to an rEEA country. Otherwise, UK UCITS funds would become subject to the AIFMD regime instead of the UCITS regime and would be subject to additional restrictions and unavailable to most types of retail investor. UK UCITS management companies would have to migrate to rEEA in order to continue to benefit from the passport.

The Markets in Financial Instruments Directive (MiFID)

MiFID gives EEA investment firms authorised in their home EEA country a passport to conduct cross-border business and to establish branches in other EEA countries, free from additional local authorisation requirements. MiFID prohibits member states from imposing any additional requirements in respect of MiFID-scope business on incoming firms that provide cross-border services within their territory, but does allow host territory regulators to regulate passported branches in areas such as conduct of business.

UK-regulated firms that undertake MiFID business would no longer be able to rely on the passport to undertake MiFID business in rEEA and might have to restructure accordingly. Conversely, rEEA firms that seek to undertake MiFID business in the UK would no longer be able to do so and might also have to restructure. However, in contrast to UCITS, that outcome is potentially leavened by the new third-country regime indicated by the recast Markets in Financial Instruments Directive (MiFID II).

The impact on the provision of cross-border MiFID investment services might be diluted by the regime under MiFID II permitting non-EEA firms to provide investment services to professional clients on a pan-EEA basis upon registration with ESMA, but this would not be an immediate solution, as it would be subject to ESMA making an equivalence determination under MiFID II in relation to the UK, and the timing would be highly uncertain (in particular, MiFID II seems unlikely to come into effect until January 2018, which will be 18 months after the UK referendum). The UK could implement an equivalent regime (in practice, largely by not repealing or amending its EU-generated legislative inheritance and “renationalising” it) to secure its status as an “equivalent” third country with which EEA firms can do business. However, it seems unlikely, given the technical difficulties and delays being experienced generally by ESMA in relation to MiFID II implementation, that an equivalence determination for any non-EEA firms will be high on the agenda until sometime following January 2018.
UK financial institutions would need to consider the regulatory perimeter in each rEEA country in which a financial institution wishes to undertake business. Conversely, rEEA financial institutions would need to consider the UK perimeter to identify what activities by them in the UK would engage a registration requirement locally in the UK.

On the other hand, equivalency considerations aside, the proposals under MiFID II for the unbundling of research and trading fees would fall away in the UK and remain in the rEEA. The unpopular cap on bonuses for systemically important banks and investment firms brought in by the Capital Requirements Directive (CRD) would also fall away in the UK but remain in the rEEA. Notably, the EBA has recently indicated that the bonus cap should be imposed on all firms subject to the CRD, which would implicate a huge increase in the number of banks and investment firms subject to the cap. On 29 February, it was announced that FCA and the Prudential Regulation Authority had decided to reject that advice on the basis of proportionality. Accordingly, even without a Brexit, the UK is already implementing a policy which should put it at a competitive advantage to other EEA countries that decide to follow the EBA’s guidelines.

Under MiFID, EEA countries must permit investment firms from other EEA countries to access regulated markets, clearing and settlement systems established in their country. Post-Brexit, UK investment firms would no longer be able to rely on those provisions, but nor would rEEA firms looking to access the UK. It is precisely this possibility of “mutually assured destruction”—combined with the UK’s status as Europe’s leading financial centre—that could drive some hard bargaining post-Brexit by both sides towards a constructive outcome in favour of continuing integrated financial markets and services.

The European Market Infrastructure Regulation (EMIR)

EMIR applies to undertakings established in the EEA (except in the case of AIFs, wherever established, where it is the regulatory status of the manager under AIFMD which is key) that qualify as “financial counterparties” or “non-financial counterparties.” Since, post-Brexit, a UK undertaking would no longer be established in the EEA, under EMIR, UK undertakings that are currently financial counterparties or non-financial counterparties would become third-country entities (TCEs) for EMIR purposes.

Post-Brexit, UK undertakings—along with other TCEs—would not be able to avoid EMIR altogether, as a number of its provisions have extraterritorial effect, including in relation to key requirements such as margin for uncleared trades and mandatory clearing. The trade reporting obligation, however, does not apply to TCEs. The UK government would need to consider whether to introduce similar reporting requirements domestically, particularly given the size and importance of the UK derivatives market. If UK undertakings became TCEs, they would be required to determine whether they would be financial counterparties or non-financial counterparties if they were established in the rEEA, an exercise which would be straightforward.

In any event, UK undertakings subject to the clearing and margin requirements of EMIR pre-Brexit would remain subject to such requirements when entering into derivatives transactions with rEEA firms post-Brexit. Importantly, the exemption from the forthcoming mandatory clearing requirement for UK pension scheme trustees would cease to apply post-Brexit. Accordingly, a UK pension scheme would no longer be able to rely on the EMIR exemption when entering an OTC derivative contract with an rEEA counterparty.

The City of London boasts some of the world’s largest clearing houses, and at least three of them are currently permitted under EMIR to provide clearing services to clearing members and trading venues throughout the EEA in their capacity as ESMA-authorised central counterparties (CCPs). Post-Brexit, however, a UK CCP would become a third-country CCP. Under EMIR, a third-country CCP can only provide clearing services to clearing members or trading venues established in the EEA where that CCP is specifically recognised by ESMA. This would require, among other things, clearing houses operating out of London to apply to ESMA for recognition, the European Commission to pass an implementing act on the equivalence of the UK’s regime to EMIR, and relevant cooperation arrangements to be put in place between the rEEA and the UK—a lengthy process overall. Financial institutions based in rEEA will certainly want to continue to access UK regulated markets and CCPs.

Article By Simon Currie & William Yonge of Morgan, Lewis & Bockius LLP

Copyright © 2016 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

What Does the US Supreme Court Ruling Mean for Local Affordable Housing Laws?

On February 29, the US Supreme Court denied certiorari in California Building Industry Association v. City of San Jose, 61 Cal. 4th 435 (2015), and leaves standing a unanimous decision by the California Supreme Court upholding the city of San Jose’s affordable housing ordinance.

San Jose’s ordinance compels all developers of new residential development projects with 20 or more units to reserve a minimum of 15 percent of for-sale units for low-income buyers, and the price of those units cannot exceed 30 percent of the buyers’ median income. The ordinance requires these restrictions to remain in place for 45 years. Alternatively, the developer can pay the city a fee in lieu. The California Building Industry Association argued that the ordinance was an unlawful exaction in violation of Nollan v. California Coastal Comm’n, 483 U.S. 825 (1987), Dolan v. City of Tigard, 512 U.S. 374 (1994), and Koontz v. St. Johns River Water Management District, 133 S. Ct. 2586 (2013). In a June 15, 2015 decision, the California Supreme Court disagreed, concluding that the ordinance is not an exaction because it does not require a developer to give up a property interest, but instead a typical zoning restriction subject to rational basis review.

In concurring with the US Supreme Court’s denial of certiorari in this case, Associate Justice Clarence Thomas acknowledged the important issues raised in California Building Industry Association, perhaps signaling the Court may revisit this issue. In particular, Justice Thomas stated, “For at least two decades . . . lower courts have divided over whether the Nollan/Dolan test applies in cases where the alleged taking arises from a legislatively imposed condition rather than an administrative one. . . . I continue to doubt that ‘the existence of a taking should turn on the type of governmental entity responsible for the taking. . . . Until we decide this issue, property owners and local governments are left uncertain about what legal standard governs legislative ordinances and whether cities can legislatively impose exactions that would not pass muster if done administratively.”

Ultimately, however, Justice Thomas determined that California Building Industry Association did not provide an opportunity to decide the conflict: “The City raises threshold questions about the timeliness of the petition for certiorari that might preclude us from reaching the Takings Clause question. Moreover, petitioner disclaimed any reliance on Nollan and Dolan in the proceedings below. Nor did the California Supreme Court’s decision rest on the distinction (if any) between takings effectuated through administrative versus legislative action.”

The denial of certiorari leaves in place similar “inclusionary” affordable housing programs that have been adopted in more than 170 California municipalities.

Article By Bryan K. BrownCynthia L. BurchDavid P. Cohen & Kenneth G. Lore

©2016 Katten Muchin Rosenman LLP

Taco Bell Employees Likely Are Not Celebrating Their “Victory” in California Meal and Rest Period Class Action

More than a few media sources have reported on the March 10, 2016 wage-hour “victory” by a class of Taco Bell employees on meal period claims in a jury trial in the Eastern District of California.  A closer review of the case and the jury verdict suggests that those employees may not be celebrating after all — and that Taco Bell may well be the victor in the case.

The trial involved claims that Taco Bell had not complied with California’s meal and rest period laws. The employees sought meal and rest period premiums and associated penalties for a class of employees that reportedly exceeded 134,000 members.

Now, it is certainly true that, at trial, a class of employees prevailed on a claim that Taco Bell did not comply with California meal period laws for a limited period of time (2003-2007), when Taco Bell reportedly provided employees with 30 minutes of pay when they were not able to take meal periods, rather than the full one-hour of pay provided for by California law.

And it is certainly true that the class of employees was awarded approximately $496,000 on that claim.

But as it appears that there were more than 134,000 employees in the class, a few punches on the calculator show that, on average, each employee would receive approximately $3.

Perhaps more importantly, while it may have lost on that one claim, Taco Bell prevailed on the remaining claims in the case where the class alleged that Taco Bell had violated both meal and rest period laws as to its employees, including a claim that Taco Bell had not provided meal periods in compliance with the law for a period of approximately 10 years (2003-2013).   That claim alone likely would have resulted in a jury verdict of several million dollars had the employees prevailed on it.  But they did not.  Taco Bell did.

In other words, in a case where the employees were presumably asking a jury for several millions of dollars for alleged violations dating back to George W. Bush’s first term as President, they were only awarded approximately $496,000.

In the grand scheme of a class action, where employers must constantly weight the costs of litigation with the benefits of settlement, that is a small sum.  It is likely an amount Taco Bell gladly would have paid to settle the case.  In fact, one would have to speculate that $496,000 is likely much less than the amount Taco Bell actually offered the employees and their attorneys to resolve the case in mediation or otherwise.

So while the media may be reporting that this is a “victory” for Taco Bell employees, those employees, who will receive $3 each on average, may not see it that way.  Instead, they may well be questioning the lead plaintiffs and their attorneys about how much Taco Bell offered at the settlement table, if it was rejected, and why.

(And before anyone responds, “But the employees’ attorneys will get their attorneys fees,” we’re talking about the recovery for the employees themselves. If the real victors in the case are the attorneys, that’s another issue, isn’t it?)

Article By Michael S. Kun of Epstein Becker & Green, P.C.

©2016 Epstein Becker & Green, P.C. All rights reserved.

NIOSH Issues Suggestions to Help Workers Adapt to the Time Change

Spring is in the air and with it comes the time change to account for daylight savings.  Do not forget to set your clocks forward one hour this Sunday, March 13, 2016 or at least be ready for your smart devices to change their time spontaneously.

However, according to NIOSH, the time change can create real risks to workplace health and safety:

It can take about one week for the body to adjust the new times for sleeping, eating, and activity (Harrision, 2013). Until they have adjusted, people can have trouble falling asleep, staying asleep, and waking up at the right time. This can lead to sleep deprivation and reduction in performance, increasing the risk for mistakes including vehicle crashes. Workers can experience somewhat higher risks to both their health and safety after the time changes (Harrison, 2013). A study by Kirchberger and colleagues (2015) reported men and persons with heart disease may be at higher risk for a heart attack during the week after the time changes in the Spring and Fall.

Employers are encouraged to remind workers of the upcoming time change and that it can have effects on the mind and body for several days following the change.  NIOSH suggests that employees should consider reducing demanding physical and mental tasks as much as possible the week of the time change to allow oneself time to adjust.  See all of NIOSH’s guidance here.

Article By Matthew Linton of Holland & Hart LLP

Copyright Holland & Hart LLP 1995-2016.

April 2016 Visa Bulletin Release

visaThe Department of State (DOS) has released the April 2016 Visa Bulletin, with the Application Final Action Date chart for employment-based applications reflecting some substantial movement. The 2nd preference category for China-mainland born applicants has moved ahead one month to Sept. 1, 2012, and for India born applicants it has moved ahead a few weeks to Nov. 8, 2008. The 3rd preference and Other Workers categories have moved ahead at least one month for all applicants. The Final Action Date cut-off for China-mainland born applicants is now Feb. 1, 2014, for all 5th preference category applicants. There was no movement in the Dates for Filing chart for employment-based categories.

The family-based categories also showed slight movement in the Application Final Action Date chart, but there was no movement in the Dates for Filing chart.

As reported, last month prospective adjustment of status applicants were advised to use the Application Final Action Date chart to determine their eligibility to file applications, despite previous guidance that the Dates for Filing chart could be used. USCIS has not yet advised which April 2016 charts should be referred to in filing adjustment of status applications for family- or employment-based petitions, but anticipates that this information will be released within the week.

Article By Lauren A. Tetenbaum of Greenberg Traurig, LLP

©2016 Greenberg Traurig, LLP. All rights reserved.

DHS Announces Final Rule on STEM OPT Employment Authorization

The final rule adds employer obligations to the STEM OPT program.

The US Department of Homeland Security has released an advance version of its long-anticipated final rule that expands employment authorization for foreign students with science, technology, engineering, or mathematics (STEM) degrees. The rule, which will be published in the Federal Register on March 11 and take effect on May 10, 2016, will allow such students to extend their period of optional practical training (OPT) by an extra 24 months, for a total of 36 months of OPT employment authorization. Previously, students in STEM fields were allowed a total of 29 months of OPT. Foreign students with degrees in non-STEM fields will continue to be limited to 12 months of OPT.

The rule also improves and increases oversight over STEM OPT extensions by, among other things, requiring that employers implement formal training plans, adding wage and other protections for STEM OPT students and US workers, and allowing extensions only to students with degrees from accredited schools. The rule also allows US Immigration and Customs Enforcement to conduct site visits to employers of STEM OPT holders to ensure that the rule’s requirements are being complied with.

Previous 17-month STEM OPT employment authorizations issued before May 10 will remain valid until their expirations. Starting May 10, STEM students will have a chance to apply for an additional seven months of OPT.

Article By Eleanor Pelta, Eric S. BordA. James Vázquez-AzpiriLisa Stephanian Burton & Tracy Evlogidis of Morgan, Lewis & Bockius LLP
Copyright © 2016 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

Exclusive Study Analyzes 2015 IPOs

Proskauer’s Global Capital Markets Group presents the third annual IPO Study, a comprehensive analysis of U.S.-listed initial public offerings in 2015 and identification of three-year comparisons and trends of U.S.-listed initial public offerings over the same period.

The study examines 90 U.S.-listed 2015 IPOs with a minimum initial deal size of $50 million, and includes industry analysis on health care; technology, media & telecommunications; energy & power; financial services; industrials and consumer/retail. The study also includes a focus on foreign private issuers. It also makes year-over-year comparisons of extensive data about deal structures and terms, SEC comments and timing, financial profiles, accounting disclosures, corporate governance and deal expenses.

Underlying the study is the global Capital Markets Group’s proprietary IPO database, which is a valuable resource for sponsors and companies considering an IPO as well as for IPO market participants and their advisors.

Download Proskauer’s 2016 IPO Study

Article By Frank Lopez of Proskauer Rose LLP
© 2016 Proskauer Rose LLP.

More Than Family Affair: Six-Figure HIPAA Penalty Upheld for Unrepentant Home Care Agency due to PHI Access by Spurned Spouse of Employee

HIPAAIntroduction

The Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 and the regulations promulgated thereunder (“HIPAA”) should be now well-known to health care providers and health plans.  Under HIPAA’s “Privacy Rule,” covered entities must take steps to “reasonably safeguard” protected health information (“PHI”) from any “intentional or unintentional use or disclosure that is in violation of the standards, implementation specifications or other requirements” of the Privacy Rule.  What is also becoming painfully clear is the growing financial and reputational risks to covered entities (and business associates) from a breach of HIPAA’s Privacy or Security Rules stemming from unauthorized access or disclosure of PHI.

A recent ruling by a U.S. Department of Health and Human Services Administrative Law Judge (“ALJ”) in the case of Director of the Office for Civil Rights v. Lincare, Inc., (Decision No. CR4505, Jan. 13, 2016), underscores the substantial penalties that a health care provider can face, even for relatively small-scale HIPAA violations, particularly if the provider determines to not settle with the Office of Civil Rights (“OCR”) and instead contests the claimed violations.  In Lincare, a home care agency was found to have violated the Privacy Rule when an unauthorized person (the husband of a home health employee) was able to access patient records after the employee had removed records from the agency and taken them into the field as part of her job.  Specifically, the ALJ upheld a civil monetary penalty (“CMP”) of $239,800 imposed by OCR – only the second time the OCR has sought CMPs for violations of HIPAA’s Privacy Rule.  In a unique twist, OCR was alerted to the improper disclosures when the “estranged husband” of an employee of the home care agency complained to OCR that his wife allowed him to access documents containing PHI when she moved out of the marital home and left patient records behind.

Background

Lincare Home Care Agency.  The respondent Lincare, Inc., d/b/a United Medical (“Lincare”) supplies respiratory care, infusion therapy, and medical equipment to patients in their homes.  Lincare operates more than 850 branch locations in 48 states.  As Lincare explained, because its employees provide services in the homes of patients, they often remove patient records containing PHI from its branch locations.  Additionally, according to Lincare, managers of the various Lincare branch offices are required to maintain in their vehicles copies of Lincare’s “Emergency Procedures Manual,” which contains PHI of Lincare patients, so that employees could access patient contact information if an office was destroyed or otherwise inaccessible.

PHI at Issue.  Faith Shaw was a Lincare branch manager in Wynne, Arkansas from October 2005 until July 2009 and maintained the “Emergency Procedures Manual,” with PHI of 270 Lincare patients, as well as patient-specific documents of eight Lincare patients.  The patient records and Manual were apparently hard copies, and not electronically secured through encryption or authentication.

Disclosure of the PHI.  Ms. Shaw kept the records containing PHI in her car and in her marital home, where her husband lived.  After a falling out with her husband Richard in August 2008, Ms. Shaw moved out of the marital home and left the documents containing the PHI behind in her home and car.  In November of 2008, Mr. Shaw, who was concededly not authorized to access the Lincare PHI, reported to Lincare and OCR that he had in his possession the Emergency Procedures Manual and the eight patient files left behind by his wife.

OCR’s Investigation and Action.  Following its investigation, OCR determined that Ms. Shaw:  (a) kept the PHI either in her vehicle or home, to which Mr. Shaw had access; (b) maintained the PHI without proper safeguards, (c) knew or reasonably should have known that the manner in which she kept the PHI did not reasonably safeguard such PHI, and (d) knew or reasonably should have known that Mr. Shaw had ready access to the PHI.  While acknowledging that the provision of home care services may require providers to remove PHI from their offices, OCR found that Lincare’s policies and procedures did not adequately instruct its employees how to maintain PHI taken off the premises in a safe and secure manner and that Lincare did not properly record or track removed PHI.  Unlike the majority of HIPAA violations cited by OCR against providers, Lincare did not settle with OCR and instead determined to contest OCR’s charges.

In the absence of a settlement, OCR cited the following “aggravating” factors for imposing a substantial CMP against Lincare:

  • The length of time Lincare allowed employees to transport PHI away from the office without appropriate and reasonable safeguards; and

  • Lincare’s failure to promptly review and enhance its HIPAA policies for safeguarding PHI taken off premises even after it was notified of the improper disclosure.

Accordingly, OCR sought to impose a CMP totaling 239,800 for Lincare’s alleged violations of HIPAA’s Privacy Rule, broken down as follows:

  • Impermissibly disclosing PHI:  OCR determined that Lincare had improperly disclosed PHI of 278 patients in November of 2008, which then carried a penalty of $100 per patient.  OCR imposed a penalty of $25,000 – the maximum penalty that could be applied in the 2008 calendar year.

  • Failure to safeguard PHI:  OCR determined that the failure to safeguard the PHI lasted from February 1, 2008 through November 17, 2008, which carried a penalty of $100 per day.  OCR imposed an additional penalty of $25,000 – the maximum penalty that could be applied in the 2008 calendar year.

  • Failure to implement policies and procedures to ensure compliance with the Privacy Rule:  OCR determined that Lincare’s failure continued from (a) February 1, 2008 through December 31, 2008, at a penalty of $100 per day, with a maximum of $25,000 per calendar year, (b) January 1, 2009 through February 17, 2009, at a penalty of $100 per day, which totaled $4,800, and (c) from February 18, 2009 through July 28, 2009, during which time, penalty amounts were increased pursuant to the adoption of the HITECH Act, and which OCR determined to be $1,000 per day, totaling $160,000.

Significantly, in effectively stacking CMPs for separate HIPAA violations, one on top of another—although arising from the same breach or continued breach—OCR was able to multiply the aggregate size of penalties to $239,800.  At the same time, OCR determined that there was no basis to waive the imposition of the CMP because there was no evidence that the payment of a CMP would be excessive relative to the violations that it found.

Lincare appealed OCR’s determination before an ALJ.  OCR moved for summary judgment, arguing that there was no genuine issue of material fact concerning the HIPAA violations and that it was entitled to impose the aggregate CMP as a matter of law.

The ALJ’s Analysis

The ALJ granted OCR’s motion for summary judgment, finding that the evidence established that Lincare had violated HIPAA, and upheld the CMP of $239,800.

Theft is No Defense to Improper Disclosures:  In its defense, Lincare claimed that it was not responsible for the improper disclosure because it was the victim of a theft.  Specifically, Lincare claimed that Mr. Shaw “stole” the PHI from his wife and “attempted to use it as leverage to induce his estranged wife to return to him.”  The ALJ rejected this argument, concluding that Lincare was obligated to take “reasonable steps to protect its PHI from theft.”  The ALJ explained that Lincare violated this obligation when Ms. Shaw took documents out of the office and left them in in her car or home, allowing her husband to access them; and then completely abandoned them.

Lincare’s Policies Did Not Properly Address the Removal of PHI:  The ALJ also found that Lincare’s privacy policy failed to properly address the security of records removed from the office for use in the field, and monitor removed records to ensure their return.  When asked about specific guidelines for safeguarding PHI taken out of its offices, Lincare’s Corporate Compliance Officer replied that Lincare personnel “considered putting a policy together that said thou shalt not let anybody steal your protected health information.”  The ALJ did not “consider this a serious response.”

Key Takeaways

Consider Settling with OCR to Avoid a CMP:  The OCR’s imposition of a CMP, and the ALJ’s decision to affirm this penalty, represents only the second time a CMP has been imposed for a violation of the HIPAA Privacy Rule, and the first one in which an ALJ ruled on the merits.  Typically, OCR attempts to resolve HIPAA violations informally, but could not reach such a resolution with Lincare in this case.  Had a resolution been reached, the OCR would likely not have sought and secured such a substantial CMP based on “aggravating factors,” with the resultant fine likely to have been significantly lower.

Consider Encryption or other Means for Accessing PHI Remotely:  Employees of home care agencies often need to access PHI in the field when providing services.  However, the provider should consider restricting access only through electronic devices, with appropriate encryption and user authentication, to prevent unauthorized users from accessing these records.

Update Policies and Procedures:  Policies and procedures should detail for employees when patient records can be removed from the office and taken into the field, and under what circumstances; and identify how such records containing PHI should be safeguarded from disclosure.

Implement a System to Track Removed PHI:  Similarly, a system should be implemented to record and track the removal of records containing PHI so as to allow the health care provider to account for and maintain oversight over removed documents.

Regularly Train Employees:  Having detailed policies and procedures is not enough; all employees should be regularly trained on the HIPAA Privacy and Security Rules, and the agency’s corresponding HIPAA policies and practices.  To reinforce training, to the extent any PHI is removed from the premises, employees should be continually reminded not to allow unauthorized persons—including a spouse or other family or friends—to access the records.

Article By Jared Facher & Brian T. McGovern of Cadwalader, Wickersham & Taft LLP
© Copyright 2016 Cadwalader, Wickersham & Taft LLP

FBI’s Choice of Contractors Not as Good as Its Crime Solving/Terrorist Tracking

fbibuilding jedgar hoover.jpgThe FBI is very good at tracking down terrorist threats and catching criminals. It appears, however, that it needs some help in choosing contractors to support its mission.

The FBI wanted a contractor for its Name Check and Freedom of Information Act (FOIA)/Declassification programs. Specifically, the FBI needed personnel to conduct research and to provide analysis and reporting services. The FBI decided to procure these services under the Federal Supply Schedule (FSS) using streamlined procedures. So, the FBI issued a Request for Quotations (RFQ) with these labor categories: research analysts; program managers, general consultants; and legal administrative assistants. That much is clear.

The rest is less clear. Apparently, the FBI selected a contractor that did not have the required personnel. Instead of personnel with experience in paralegal, records management and declassification review, the FBI got personnel with capabilities in the development of business methods and identification of best practices. That’s according to the Government Accountability Office (GAO) decision in US Investigations Services, Professional Services Division, Inc., B-410454.2, Jan. 15, 2015, 2015 CPD ¶ 44.

That case was cited by GAO’s general counsel, Susan A. Poling, recently in the GAO Bid Protest Annual Report to Congress for Fiscal Year 2015. Ms. Poling cited to US Investigations Services as an example of GAO’s Most Prevalent Grounds for Sustaining Protests. GAO notified Congress that “unreasonable technical evaluation” was no. 5 on the list and described the decision as follows: “finding that the agency erred in concluding that the labor categories included on the awardee’s Federal Supply Schedule contract encompassed the requirements of the task order.”

Contractors can learn valuable lessons from this case. First, don’t leave the Government hanging. Make sure the labor categories in your proposal match the categories listed in the Solicitation. If there is not a direct match, make sure you explain how your personnel fit the requirements. For task orders under FSS contracts, the law is clear. All solicited labor categories must be on the successful offeror’s FSS contract. Here, maybe the awardee was surprised that it won. More likely, the awardee just failed to explain what it was offering. That was fatal. If you can’t explain how your labor categories fit the RFQ requirements, maybe you should take a pass on the bid.

For protesters and disappointed bidders, this case demonstrates a solid ground for protest. In truth, you probably already know what your competitors are offering, at least when it comes to FSS contract offerings. A quick check on www.GSAAdvantage.gov after you receive an award notice is always a good idea.

Footnote: Although GAO sustained USIS’s protest, the FBI had overridden the automatic stay of performance. Thus, GAO made alternative recommendations to the FBI. Under one scenario, the FBI could consider awarding the task order to USIS but first it had more work to do. That is because in a different protest GAO had questioned an agency’s affirmative determination of USIS’s responsibility in the face of fraud allegations against USIS’s parent company. So, if the FBI was to select the “next in line” bidder, it would have to be careful that the bidder was eligible to perform the work. Otherwise, it could be back to the drawing board.

Article By Michael D. MaloneyCharles R. Lucy & Diego G. Hunt of Holland & Hart LLP

Copyright Holland & Hart LLP 1995-2016.