Category: Corporate law

When Corporate Legal Teams Break

Forward-thinking organizations that refocus their legal teams on the removal of systemic friction and value creation can better detect and forecast risk; however, organizations that have not modernized their legal teams often miss subtleties masking surprisingly deep areas of risk. Recent history shows nothing is too big to fail, but earlier risk detection may have helped avoid some of the most catastrophic losses.

The most recent and notable industry-wide example, of course, was the financial services industry, which triggered the Great Recession from 2007 to 2009.

In the world’s most infamous accounting scandal, Enron imploded in 2001, wiping out $74bn of shareholder funds and the pensions and jobs of thousands of employees. Enron’s auditor also collapsed. The organizations were interconnected and dependent systems. One fell, the other followed. Undetected risk festered and worsened, and the interconnectedness of these organizations and systems created a complex network that made detecting risk more difficult.

As modern society demands more capable systems, they become more interconnected and complex by necessity. As Meltdown: Why Our Systems Fail and What We Can Do About It posits, this staggering complexity means that tiny mistakes or simple accidents can lead to devastating catastrophes that often go undetected. The reasons for failure can stem from very different problems, but the underlying causes are similar.

In accounting scandals with nefarious actors, huge debts are obscured and once revealed, lead to corporate failure. In legal departments with good actors – led by a noble General Counsel (GC) who serves as the defender of the enterprise – business risks are obscured and once revealed, can lead to devastating consequences: bet-the-company litigation, core intellectual property battles, merger & acquisition failure, and crippling regulatory fines, to name a few.

Embracing digital helps identify and expose risk, but organizations set the stage for failure when legal, or other critical functions, don’t keep up, fail to embrace the digital evolution, become disconnected, and lack or lose visibility. Those organizations make decisions without a clear view of the legal implications, and they might not even know it because, for now, they operate with blind trust of the Office of the GC.

Corporations in all industries are “going digital” to remain competitive amidst technological disruption. This focus on digital starts with core products and service offerings, and then is pushed throughout the business to align company to product. The result? Faster moving businesses with a wave of demand pummelling the legal department…if not yet, then soon as digital initiatives across the business mature.

Most corporate legal departments simply do not have the systems required to keep up — providing consistent regulatory counsel, detecting and preventing impending litigation, or simply knowing who is doing what in the legal organization is already a challenge Risk is obscured. A “break” like we’ve never experienced is primed.

If we examine the ecosystem, the warning signs are there.

Catching up to other corporate functions

As demands on legal teams continue to grow and CFOs ask GCs to do more with less, quality suffers amid rising law firm rates and unchecked complexity. Corners get cut. Risks emerge while their likelihood to go undetected rises. Of course, when adding headcount is not an option, revamping processes and technology is often the answer.

In finance, accounting, information technology, and human resource departments, among others, advances in technology have enabled self-service, helped control costs, made it easier to compare costs, and increased quality choices. These corporate functions have embraced systems-level restructuring with artificial intelligence (AI), data analytics, cloud computing and “Big Data” to modernize working practices and improve performance.

In their often siloed and conservative world, most GCs and corporate legal departments, on the other hand, make crucial decisions guided as much by gut instinct as by data and industry benchmarks. For decades, they have resisted change or lacked sufficient resources to enable change in technology, working practices, and corporate culture. Now, with the real-time requirement for speed, scale, and transparency — that era is over.

To retain and increase influence, improve their performance and trim costs as recessionary fears grow, GCs would be wise to more fully modernize their legal departments quickly through an open, digitally-savvy, and collaborative working culture.

Collaborate and listen

Building a data-driven, digital, secure and scalable legal system is an ethical and commercial imperative for GCs. Technology is part of the solution but not the place to start.

To more proactively expose, manage and mitigate risk, executives and their boards need GCs to emphasize the imperative for a more analytical, data-based and efficient approach to corporate legal practice with concrete examples to punctuate the “Why.”

You could start with three actions.

  1. Educate yourself and your colleagues about trends in legal digitization, performance improvement and new working practices. A comprehensive source of information is thDigital Legal Exchange, a global institute of leading thinkers from academia, business, government, technology and law.
  2. Become Modern. Be the change. Lead the change. Make tough decisions about your top leaders and whether they are capable of a data and digital-first mindset and way of working. Change leadership is the prime point of failure for legal modernization efforts.
  3. Be ambitious in the scope of your reforms. Small, pilot projects (ie, e-signature or automated NDAs) won’t make much of an impact and won’t convince your board of the need for bold legal change.

Modernizing the legal system and companies’ legal departments can improve affordability and performance for clients, lawyers, company boards, and shareholders.

Absent modern means of detection, legal risk can proliferate unknown and unseen only to all too often reveal triggers of impending corporate failure when it’s already too late.

Article By Anusia Gillespie of UnitedLex

For more corporate law legal news, click here to visit the National Law Review.

© 2022 UnitedLex, All Rights Reserved

Caremark Liability Following the SEC’s New ESG Reporting Requirements

Recent developments in the Court of Chancery concerning a corporate board’s duty to monitor and provide oversight over a corporation’s operations, so-called Caremark claims, are likely to intersect with the Securities and Exchange Commission’s (“SEC”) proposed new ESG disclosure obligations to create a new category of corporate risk.  In this article, we discuss the recent trends in Delaware law that have led to a revitalization of Caremark and the SEC’s current proposals for enhanced ESG disclosure, the intersection of which can be expected to result in litigation and other corporate risk, and some commonsense steps corporations can take to mitigate this potential new category of risk.

The “Caremark” Doctrine

One of the more notable developments in Delaware case law in recent years has been the revitalization of “Caremark duty” claims.  Caremark actions traditionally were notoriously difficult to plead—in explaining the doctrine, the Chancery Court famously called it “the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.”  In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959, 967 (Del. Ch. 1996). In recent years, however, the Delaware courts have breathed new life into the Caremark doctrine by allowing these types of claims to proceed to discovery.

Specifically, the Caremark doctrine was returned to potency in 2019 following the Delaware Supreme Court’s decision in Marchand v. Barnhill, 212 A.3d 805 (Del. 2019).  Although Marchand did not change the Caremark standard, it demonstrated the Delaware courts’ greater willingness to permit Caremark claims to pass the motion to dismiss phase if they could be plausibly pled.  Marchand ultimately laid the groundwork for a number of subsequent rulings demonstrating the renewed vitality of Caremark claims—not only have at least four Caremark suits survived a motion to dismiss since Marchand, but there are also several ongoing Caremark suits in Delaware.

Under Caremark, there are two distinct types of claims.  The first type concern a board’s failure to implement a system of controls to prevent some unlawful misconduct that occurred.  The second type of claims concern a failure to monitor by the directors.  It is imperative, therefore, that boards focus on:  (1) establishing adequate information and reporting systems to monitor “mission critical” aspects of their company’s business; and (2) monitoring those systems once in place.

The SEC’s Proposed New Climate-Related Disclosures

On March 21, 2022, the SEC proposed new rules requiring companies to report extensive line-item disclosures on climate-related ESG issues, entitled: “The Enhancement and Standardization of Climate-Related Disclosures for Investors.”  If implemented as written, the proposed rules would require registrants to make significant additional disclosures regarding the impact of climate-related risks on their business.

Among other things, under the proposed rules, registrants would be required to disclose:

  1. Greenhouse gas (“GHG”) emissions, regardless as to whether those emissions are deemed material by the company.  Emissions would now be reported by “scope” or type.

  2. “Climate-related risks” that are “reasonably likely to have a material impact,” including climate-related conditions and events that impact financial statements, business operations, or value chains.

  3. Governance disclosures related to climate risk, including how the board and management assess and manage these climate-related risks.

  4. Any targets or goals related to the reduction of GHG emissions.

These proposed new rules are part of the Biden Administration’s efforts to “advance consistent, clear, intelligible, comparable, and accurate disclosure of climate-related financial risk.”  Yet the sheer breadth, specificity, and complexity of the proposed rules would result in one of the most profound changes to public companies’ disclosure obligations in the history of the SEC.

Additional Caremark Exposure

The SEC’s climate-related disclosure rules will likely fuel ESG-related Caremark claims.  In particular, heightened disclosure requirements will provide ammunition for derivative or class action lawsuits and may expose companies to specific indirect risks, including heightened exposure to pre-suit discovery and proxy contests.

Direct Litigation Risk

The SEC’s new reporting requirements are likely to create new grounds for investors to assert liability claims against corporations and their boards of directors and management. Shareholders can be expected to leverage the new disclosures to seek to hold companies accountable for failing to properly oversee, mitigate or eliminate climate-related risk.  The revitalized Caremark doctrine is likely to be employed to allege boards and managers failed to oversee so-called “mission-critical” aspects of their business that generate climate-related risk.

In this vein, plaintiffs may choose to use disclosures required by the SEC’s proposed rules as the basis for a breach of duty to monitor or Caremark claim through either a derivative suit, brought on behalf of the company against its directors and officers, or a class action suit, brought on behalf of a class of injured shareholders or investors.  Caremark claims will likely arise if and when a board fails to exercise proper oversight with respect to climate-related risks or to consider proper mitigating steps. This new threat will be amplified for companies that (i) have yet to fully examine how ESG issues factor into their mission-critical operations or (ii) have yet to devote resources and personnel to measuring (using consistent, comparable and reliable data) and analyzing their own ESG-related risks. Companies need to be able to ascertain and address their most pressing ESG-related risks to avoid future Caremark liability.

Indirect Risks

Indirect risks from the proposed new disclosure regime may manifest in a variety of ways..  They can result in the disclosure of embarrassing or harmful information about a company, its board, or managers, and lead to the replacement of key company executives or directors by aggrieved shareholders.  Moreover, they give rise to issues that are expensive and resource-intensive to address.  While these risks are indirect to companies, they pose a direct threat to board members and managers.

Pre-Suit Discovery.  Boards can expect new disclosure requirements to enable shareholders to gain greater access to pre-suit discovery.  Section 220 of Delaware’s General Corporate Law provides shareholders with a qualified right to inspect a company’s books and records for suspected corporate wrongdoing or mismanagement, and need only demonstrate a “credible basis” to proceed.  The new ESG reporting requirements will likely provide shareholders with even more information as ammunition to fuel Section 220 demands.  Opening a company’s books to pre-suit discovery could expose boards, management, or companies to serious reputational harm, as well as provide fodder for future lawsuits against the current board.

Proxy Contests.  New ESG-related disclosures are also likely to generate greater turmoil in the form of proxy battles at the board level.  Historically, shareholder activists have been focused on addressing short-term profit, stock price and total shareholder return.  Yet activist campaigns containing an environmental or social objective have doubled as a proportion of campaigns overall during the five years between 2016 and 2021, including a successful campaign against Exxon to place directors on its board.  The proliferation of new ESG reporting requirements is expected to further fuel these contests, particularly with respect to companies that are perceived to be lagging on ESG commitments or expectations.

Avoiding Environmental-Caremark Claims

Companies should take several steps in preparation for the increased pressure expected to arise from the need to address ESG issues.

First, companies should be aware of the obligations and risks they face with regard to ESG issues.  That means determining what ESG-related risks could detrimentally impact a “mission-critical” aspect of a company’s business.  What is determined to be “mission-critical” will necessarily vary by company.

Second, once companies are cognizant of the ESG-related risks they face, they will need to start implementing appropriate governance structures so that they are aware of, and can take steps to address, ESG risks.  Directors should establish responsible committees and internal information and reporting procedures to ensure board members have proper oversight of these efforts.  This will allow boards to demonstrate their engagement in response to potential Caremark claims, as well as to respond to any ESG risks arising in the company’s operations.

Third, with these governance structures in place, companies must focus on generating, collecting, and analyzing consistent and comparable data on the ESG-related risks they face.  These data should be actively monitored by managers and board members so they can identify and address ESG risks before they result in catastrophic situations and resulting litigation.  And, if Caremark claims ensue, boards will be able to use these governance structures and reporting regimes to demonstrate that they have satisfied their oversight obligations.

Finally, once these systems are in place, companies should take steps to prepare for the adoption of the SEC’s new climate-related disclosure requirements.  The development of governance and reporting structures will undoubtedly aid in the collection of information for these purposes.  While taking these steps, it is advisable that corporate executives and boards seek input from subject matter experts and experienced legal counsel to help design and implement robust compliance and monitoring regimes that can help to discourage or forestall future litigation in the form of Caremark or other claims related to ESG issues.

©1994-2022 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.
For more Securities Law coverage, click here to visit the National Law Review.

SEC Ramps Up Enforcement against Public Companies and Subsidiaries in FY 2022

The SEC imposed $2.8 billion in monetary settlements, the largest total in any fiscal year recorded in the Securities Enforcement Empirical Database.

New YorkThe U.S. Securities and Exchange Commission (SEC) filed 68 enforcement actions against public companies and subsidiaries in the first full fiscal year of Chair Gary Gensler’s tenure. Monetary settlements imposed in public company or subsidiary actions reached $2.8 billion, according to a report released today by the NYU Pollack Center for Law & Business and Cornerstone Research.

The report, SEC Enforcement Activity: Public Companies and Subsidiaries—Fiscal Year 2022 Update, analyzes information from the Securities Enforcement Empirical Database (SEED). The 68 enforcement actions in FY 2022, which ended September 30, reflected a 28% increase from the previous fiscal year.

The SEC imposed monetary settlements on 97% of the 75 public company and subsidiary defendants that settled in FY 2022. Both the dollar amount and the percentage were the largest of any fiscal year recorded in SEED, which covers actions beginning in FY 2010.

“The number of defendants that settled in FY 2022 with admissions of guilt increased substantially from the previous fiscal year. This was driven by actions involving Broker Dealer allegations brought by the SEC in September,” said Stephen Choi, the Bernard Petrie Professor of Law and Business at New York University School of Law and director of the Pollack Center for Law & Business. “The 16 defendants admitting guilt was double the largest number in any previous fiscal year in SEED.”

The $2.8 billion in monetary settlements imposed in public company or subsidiary enforcement actions in FY 2022 was $921 million more than in FY 2021 and $321 million more than in any other fiscal year in SEED. The median monetary settlement in FY 2022 was $9 million, the largest in SEED. The average settlement was $42 million.

“The increase in monetary settlements is consistent with the SEC’s public statements that ‘robust remedies’ are an enforcement priority,” said report coauthor Sara Gilley, a Cornerstone Research vice president. “The $1.2 billion in monetary settlements with 16 public broker-dealer subsidiaries for recordkeeping failures represents 44% of total monetary settlements in the fiscal year.”

Issuer Reporting and Disclosure continued to be the most common allegation type in FY 2022, accounting for 38% of actions. Allegations in the SEC’s Broker Dealer classification were the second most common for the first time since FY 2018. Nearly 70% of the 16 Broker Dealer actions were filed against financial institutions for recordkeeping failures.

Click here to read the full report from Cornerstone Research.

Article By Sara E. Gilley, Lindsay Schick, and Heather B. Lazur of Cornerstone Research

For more securities and SEC legal news, click here to visit the National Law Review.

Copyright ©2022 Cornerstone Research

Buying, Selling, and Investing in Telehealth Companies: Navigating Structural and Compliance Issues

A multi-part series highlighting the unique health regulatory aspects of Telemedicine mergers and acquisitions, and financing transactions

Investors in the telehealth space and buyers and sellers of telehealth companies need to account for a set of health regulatory considerations that are unique to deals in this sector. As all parties to potential telehealth transactions analyze their long term role in the telehealth marketplace, two of the central issues to any transaction are compliance and structure – both in terms of structuring the telehealth transaction itself and due diligence issues that arise related to a target’s structure.

The COVID-19 pandemic, combined with strained health care staffing and provider availability, have accelerated the growth of the telehealth, and start-ups and traditional health systems alike are competing for access to patient populations in the telehealth space. However, as we adjust to life with COVID-19 as the norm, the expiration of the federal Public Health Emergency (PHE) looms, and the national economy contracts, we expect that the remainder of 2022 and into 2023 will see consolidation as the telehealth market begins to saturate and the long-term viability of certain platforms are tested. Telehealth companies, health systems, pharma companies and investors are all in potential positions to take advantage of this consolidation in a ripening M&A sector (while startups in the telehealth space continue to seek venture and institutional capital).

This is the first post in a series highlighting the unique health regulatory aspects of telehealth transactions. Future installments of this series are expected to cover licensure and regulatory approvals, compliance / clinical delivery models, and future market developments.

Telehealth Transaction Structure Considerations

The structure of any given telehealth transaction will largely depend on the business of the telehealth organization at play, but also will depend on the acquirer / investor. Regardless of whether a party is buying, selling or investing in a telehealth company, structuring the transaction appropriately will be important for all parties involved. While a standard stock purchase, asset purchase or merger may make sense for many of these transactions, we have also seen a proliferation of, affiliation arrangements, joint ventures (JV), alliances and partnerships.  These varieties of affiliation transactions can be a good choice for health systems that are not necessarily looking to manage or develop an existing platform, but instead are looking to leverage their patient populations and resources to partner with an existing technology platform. An affiliation or JV is more popular for telehealth companies operating purely as a technology platform (with no core business involving clinical services being provided). For parties in the traditional healthcare provider sector that provide clinical services, an affiliation or JV, which is easier to unwind or terminate than a traditional M&A transaction, can allow the parties to “test the waters” in a new, combined business venture. The affiliation or JV can take a variety of forms, including technology licensing agreements; the creation of a new entity to house the telehealth mission, which then has contractual arrangements with the both the JV parties; and exclusivity arrangements relating to use of the technology and access to patient populations.

While an affiliation or JV offers flexibility, can minimize the need for a large upfront investment, and can be an attractive alternative to a more permanent purchase or sale, there can be increased regulatory risk. Entrepreneurs, investors, and providers considering any such arrangement should bear in mind that in the wake of the COVID-19 pandemic and proliferation of telehealth, the Office of Inspector General of the Department of Health and Human Services (HHS-OIG) has expressed a heightened interest in investigating so called “telefraud” and recently issued a special fraud alert regarding suspect arrangements, discussed in this prior post. Further, the OIG’s guidance on contractual joint ventures that would run afoul of the federal Anti-Kickback Statute (AKS) should be front of mind and parties should strive to structure any affiliation or JV in a manner that meets or approximates an AKS safe harbor.

Target Telehealth Company Structure Compliance

Where telehealth companies are providing clinical services, and are not purely technology platforms, structuring and transaction diligence should focus on whether the target is operating in compliance with corporate practice of medicine (CPOM) laws. The CPOM doctrine is intended to maintain the independence of physician decision-making and reduce a “profits over people” mentality, and prevent physician employment by a lay-owned corporation unless an exception applies. Most states that have adopted CPOM impose similar restrictions on other types of clinical professionals, such as nurses, physical therapists, social workers, and psychologists. Telehealth companies often attempt to utilize a so-called “friendly PC” structure to comply with CPOM, whereby an investor-owned management services organization (“MSO”) affiliates with a physician-owned professional corporation (or other type of professional entity) (a “PC”) through a series of contractual agreements that foster a close working relationship between the MSO, PC, and PC owner and whereby the MSO provides management services, and sometimes start-up financing. The overall arrangement is intended to allow the MSO to handle the management side of the PC’s operations without impeding the professional judgment of the PC or the medical practice of its physicians and the PC owner.

CPOM Compliance Considerations and Diligence for Telehealth Companies

A sophisticated buyer will want to confirm that the target’s friendly PC structure is not only formally established, but is also operationalized properly and in a manner that minimizes fraud and abuse risk. If CPOM compliance gaps are identified in diligence this may, at worst, tank the deal and, at best, cause unexpected delays in the transaction timeline, as restructuring may be required or advisable. The buyer may also request additional deal concessions, such as a purchase price reduction and special indemnification coverage (with potentially a higher liability limit and an escrow as security). Accordingly, a telehealth company anticipating a sale or fund raise would be well served to engage in a self-audit to identify any CPOM compliance issues and undertake necessary corrective actions prior to the commencement of a transaction process.

Below are nine key questions with respect to CPOM compliance and related fraud and abuse issues that a buyer/investor in a telehealth transaction should examine carefully (and that the target should be prepared to answer):

  1. Does target have a PC that is properly incorporated or foreign qualified in all states where clinical services are provided (based on the location of the patient)?
  2. Does the PC owner (and any directors and officers of the PC, to the extent different from the PC owner) have a medical license in all states where the PC conducts business (to the extent in-state licensure is required)? To the extent the PC has multiple physician owners and directors/officers, are all such individuals licensed as required under applicable state law?
  3. Does the PC(s) have its own federal employer identification number, bank account (including double lockbox arrangement if enrolled in federal healthcare programs), and Medicare/Medicaid enrollments?
  4. Does the PC owner exercise meaningful oversight and control over the governance and clinical activities of the PC? Does the PC owner have background and expertise relevant to the business (e.g., a cardiologist would not have appropriate experience to be the PC owner of a PC that provides telemental health services)?
  5. Are the physicians and other professionals providing clinical services for the business employed or contracted through a PC (rather than the MSO)? Employment or independent contractor agreements should be reviewed, as well as W-2s, and payroll accounts.
  6. Is the PC properly contracted with customers (to the extent services are provided on a B2B basis) and payors?
  7. Do the contractual agreements between the MSO and PC respect the independent clinical judgment of the PC owner and PC physicians and otherwise comply with state CPOM laws.
  8. Do the financial arrangements between the MSO, PC, and PC owner comply with AKS, the federal Stark Law, and corollary state laws and fee-splitting prohibitions, to the extent applicable?
  9. Is the PC owner or any other physician performing clinical services for the PC an equity holder in the MSO? If so, are these equity interests tied to volume/value of referrals to the PC or MSO (i.e., if the MSO provides ancillary services such as lab or prescription drugs) or could equity interests be construed as an improper incentive to generate healthcare business (e.g., warrants that can only be exercised upon attainment of certain volume)?

Telehealth companies considering a sale or financing transaction, and potential buyers and investors, would be well served to spend time on the front end of a potential transaction assessing the above issues to determine potential risk areas that could impact deal terms or necessitate any friendly PC structuring.

Article By Hannah E. Zaitlin, Mitchell D. Lindstrom, David S. Sanders, and Natasha Allen of Foley & Lardner LLP

For more health law legal news, click here to visit the National Law Review.

© 2022 Foley & Lardner LLP

Now is a Good Time to Confirm Your S Corporation Status

On October 11, 2022, the IRS published Revenue Procedure 2022-19 providing taxpayers with liberalized procedures for resolving common S corporation issues. Previously, taxpayers would have needed costly IRS letter rulings for certainty on their S corporation status. The new procedures are simpler and less expensive.

The IRS has separately assured taxpayers that LLCs that are classified as S corporations may also qualify for this liberalized relief.

Inadvertent loss of S corporation status can have significant tax consequences and can make your business a less attractive acquisition target. For example, an S corporation that reverts to a C corporation may be subject to a double layer of tax going back several years. As a result, potential acquirers of any S corporation invariably request representations on the validity of the S corporation status.

The new Revenue Procedure describes common situations that the IRS has historically treated as not affecting the validity of S corporation status or qualified S corporation Qsub status, such as:

  1. One class of stock requirement in the governing provisions (including the concept that commercial contractual agreements are not treated as binding agreements unless a “principal purpose” of the agreement is to circumvent the one class of stock requirement);

  2. Disproportionate distributions inadvertently creating a second class of stock;

  3. Certain inadvertent errors or omissions on Form 2553 or Form 8869;

  4. Missing administrative acceptance letters for S corporation or Qsub elections;

  5. Federal income tax return filings inconsistent with an S election; or

  6. Governing provisions that allow for non-identical treatment of shareholders, such as differing liquidation rights (allowing for retroactive corrections).

For these common situations, there are now simpler and cheaper procedures to preserve S corporation status. For example, for certain small errors such as missing officer signatures, S corporations may follow the same simplified procedures as the late election relief procedures in Revenue Ruling 2013-30. Those procedures do not require a private letter ruling request, but only the original election form with a reasonable cause statement. As another example, if the issue is non-identical governing provisions and no disproportionate distributions were made, the S corporation may simply be retroactively treated as an S Corporation if it meets certain eligibility requirements and keeps a copy of a signed statement in its files.

Shareholders of uncertain S corporations should consider taking advantage of these new relaxed and cheaper procedures for curing S corporation mistakes. Each different type of error has a different cure with specific requirements.

Article By Christie R. Galinski and Samuel L. Parks of Miller Canfield

For more corporate law legal news, click here to visit the National Law Review.

© 2022 Miller, Canfield, Paddock and Stone PLC

FinCEN Issues Final Rule on the Corporate Transparency Act Requiring Businesses to Report Beneficial Ownership Information

On September 30, 2022, the U.S. Financial Crimes Enforcement Network (“FinCEN”) published its final rule implementing Section 6403 of the Corporate Transparency Act (“CTA”). The final rule, which will take effect on January 1, 2024, will require “tens of millions” of companies doing business in the U.S. to report certain information about their beneficial owners. The reporting companies created or registered before January 1, 2024, will have until January 1, 2025, to file their initial beneficial ownership reports with FinCEN. Reporting companies created or registered on or after January 1, 2024, will be required to file initial beneficial ownership reports within 30 days of formation.

The CTA was passed by Congress on January 1, 2021, as part of the Anti-Money Laundering Act of 2020 in the National Defense Authorization Act for Fiscal Year 2021. After publishing a Notice of Proposed Rulemaking and receiving public comments, FinCEN adopted the proposed rule largely as proposed, with certain modifications intended to minimize unnecessary burdens on reporting companies.

What Entities are Reporting Companies? The final rule describes two types of reporting companies: domestic and foreign.

  • A domestic reporting company is any entity that is a corporation, a limited liability company, or other entity (such as limited liability partnerships, limited liability limited partnerships, business trusts, and most limited partnerships and business trusts) created by the filing of a document with a secretary of state or any similar office under the law of a state or American Indian tribe.

  • A foreign reporting company is any corporation, limited liability company, or other entity formed under the law of a foreign country and registered to do business in any state or tribal jurisdiction by the filing of a document with a secretary of state or any similar office under the law of a state or American Indian tribe.

What Entities are Exempt? The final rule exempts twenty-three separate categories of entities from the definition of the reporting company. Many of the exempted entities are already subject to federal or state regulations requiring disclosure of beneficial ownership information, such as banks, credit unions, depositary institutions, investment advisors, securities brokers and dealers, accounting firms, governmental entities, tax-exempt entities, and entities registered with the SEC under the Exchange Act of 1934. Additionally, the rules set forth an exemption for “large operating companies” that can demonstrate each of the following factors:

  • Employ more than 20 full-time employees in the U.S.

  • Have an operating presence at a physical office within the U.S.

  • Filed a federal income tax or information return in the U.S. for the previous year demonstrating more than $5 million in gross receipts or sales (excluding gross receipts or sales from sources outside the U.S.)

Finally, under the so-called “subsidiary exemption,” entities whose ownership interests are controlled or wholly owned by one or more exempt entities may also qualify for exemption. If a reporting company was formerly exempt but loses its exemption, it must file an updated report that announces the change and includes all the information required in a reporting company’s initial report.

Who are Beneficial Owners? The final rule requires reporting companies to report each individual who is a beneficial owner of such reporting company. A “beneficial owner” is any individual who, directly or indirectly, either exercises substantial control over the reporting company or owns or controls at least 25 percent of the ownership interests of the reporting company. An individual exercises “substantial control” if such individual:

  • Serves as a senior officer (except for corporate secretary or treasurer)

  • Has authority over the appointment or removal of any senior officer or a majority of the board of directors (or similar body)

  • Directs, determines, or has substantial influence over important decisions made by the reporting company

  • Has any other form of substantial control over the reporting company

Additionally, an individual may exercise substantial control over a reporting company, directly or indirectly, including as a trustee of a trust or similar arrangement, through:

  • Board representation

  • Ownership or control of a majority of the voting power or voting rights of the reporting company

  • Rights associated with any financing arrangement or interest in a company

  • Control over one or more intermediary entities that separately or collectively exercise substantial control over a reporting company

  • Arrangements or financial or business relationships, whether formal or informal, with other individuals or entities acting as nominees

  • Any other contract, arrangement, understanding, relationship, or otherwise

The final rule exempts five categories of individuals from the definition of beneficial owner: (i) minors, (ii) nominees, intermediaries, custodians, and agents, (iii) certain employees who are not senior officers, (iv) heirs with a future interest in the company, and (v) certain creditors.

Who are Company Applicants? In addition to the beneficial owner information, the final rule requires reporting companies created or registered on or after January 1, 2024, to report identifying information about each “company applicant.” A “company applicant” is:

  • Any individual who directly files the document to create a domestic reporting company or register a foreign reporting company with a secretary of state or similar office in the U.S.

  • Any individual who is primarily responsible for directing or controlling such filing if more than one individual is involved in the filing

The final rule provides further clarification as to certain individuals who, by virtue of their formation roles, fall under the definition of “company applicants.” For example:

  • If an attorney oversees the preparation and filing of incorporation documents and a paralegal files them, the reporting company would report both the attorney and paralegal as company applicants.

  • If an individual prepares and self-files documents to create the individual’s own reporting company, the reporting company would report the individual as the only company applicant.

The final rule removes the requirements that i) entities created before the effective date report company applicant information and ii) reporting companies update their company applicant information (except to correct inaccuracies), each of which were set forth in the proposed rules.

When are Initial Reports Due? When an initial report must be filed depends on the status of the reporting company as of January 1, 2024:

  • If Created or Registered on or after January 1, 2024 – It must file a report within 30 calendar days from the earlier of: i) the date on which the company receives actual notice that its creation or registration has become effective, or ii) the date a secretary of state or similar office first provides public notice, such as through a publicly accessible registry, that the company has been created or registered.

  • If Created or Registered Prior to January 1, 2024 – It must file a report not later than January 1, 2025.

What Information Must be Reported? An initial report must include the following information with respect to the reporting company:

  • The full legal name of the reporting company

  • Any trade name or “doing business as” name of the reporting company

  • The street address of the principal place of business of the reporting company (if outside the U.S., the street address of the primary location in the U.S. where it conducts business)

  • The state, tribal, or foreign jurisdiction of formation of the reporting company (a foreign reporting company must also report the state or tribal jurisdiction where it first registers)

  • The IRS Taxpayer Identification Number (“TIN”) of the reporting company (including the EIN of the reporting company, or if a foreign reporting company without a TIN, a tax identification number issued by a foreign jurisdiction and the name of such jurisdiction)

For each company applicant (of a reporting company registered or created on or after January 1, 2024) and each beneficial owner of a reporting company, the following information must be reported:

  • The full legal name of the individual

  • The date of birth of the individual

  • The current business street address (for a company applicant who forms or registers an entity in the course of such company applicant’s business) or residential street address (for all other individuals including beneficial owners)

  • A unique identifying number from, and image of, an acceptable identification document (e.g., a passport)

If a reporting company is directly or indirectly owned by one or more exempt entities and an individual is a beneficial owner of the reporting company exclusively by virtue of such individual’s ownership interest in the exempt entity, the reporting company’s report may list the name of the exempt entity in lieu of the beneficial ownership information set forth above.

When do Companies have to Report Changes? If there is any change with respect to required information previously submitted to FinCEN concerning a reporting company or its beneficial owners, including any change with respect to who is a beneficial owner or information reported for any particular beneficial owner, the reporting company is required to file an updated report within 30 calendar days of when the change occurred.

What are the Penalties for Violations? The final rule provides for a fine of up to $10,000.00 and/or imprisonment of up to two years for any person who willfully: (i) provides or attempts to provide false or fraudulent beneficial ownership information, or (ii) fails to report complete or updated beneficial ownership information to FinCEN. The penalties may also extend to individuals causing a reporting company’s failure to report or update information and senior officials of a reporting company at the time such failure occurs.

What is Coming Next from FinCEN? FinCEN is expected to publish the forms and instructions to be used for reporting beneficial ownership information well in advance of the effective date. FinCEN will further establish a secure nonpublic database for storage of the beneficial ownership information. Finally, FinCEN will issue rules on who may access the information (a limited group of governmental authorities and financial institutions), under what circumstances, and how the parties would generally be required to handle and safeguard the information.

What Should Reporting Companies be Doing Now? Existing companies should begin evaluating whether they are a “reporting company” and if so, determining who are their beneficial owners. Such reporting companies, including any other reporting companies that may be created or registered before the effective date, will have until January 1, 2025, to file an initial report. As noted, reporting companies created or registered on or after the effective date will have 30 calendar days after the date of creation or registration to file an initial report.

Article By Thomas G. Appleman, Arthur L. Griem, and Vera S. Hansen of Miller Canfield

For more financial legal news, click here to visit the National Law Review.

© 2022 Miller, Canfield, Paddock and Stone PLC

SEC Awards $825,000 to Whistleblower

On October 11, the U.S. Securities and Exchange Commission (SEC) announced a $825,000 whistleblower award issued to an individual who voluntarily provided the agency with original information about securities fraud.

The SEC Whistleblower Program offers monetary awards to qualified whistleblowers whose disclosures contribute to the success of enforcement actions. SEC whistleblower awards are for 10-30% of the funds collected by the government in the relevant enforcement action.

According to the SEC award order, the whistleblower “expeditiously provided detailed information that prompted the opening of the investigation.” Furthermore, the whistleblower “thereafter met with Commission staff in person and provided additional information after submitting the initial TCR.”

In addition to monetary awards, the SEC Whistleblower Program offers anti-retaliation protections to whistleblowers, including confidentiality. Thus, the SEC does not disclose any information that could identify a whistleblower.

Since the whistleblower program was established in 2010, the SEC has awarded more than $1.3 billion to over 280 individual whistleblowers. In August 2021, SEC Chair Gary Gensler stated that the program “has greatly aided the Commission’s work to protect investors” and noted that “the SEC has used whistleblower information to obtain sanctions of over $5 billion from securities law violators” and “return over $1.3 billion to harmed investors.”

Article By Mary Jane Wilmoth of Kohn, Kohn & Colapinto. Geoff Schweller also contributed to this article.

For more criminal law and business crimes legal news, click here to visit the National Law Review.

Copyright Kohn, Kohn & Colapinto, LLP 2022. All Rights Reserved.

The “Iron Curtain” has Fallen: A Radical Shift in Lawyers Representing Whistleblowers

Whistleblower Network News (WNN) recently revealed, for the first time, that major corporate law firms specializing in representing defendants before the U.S. Securities and Exchange Commission (SEC) have, in some cases, switched sides and are now representing whistleblowers who are turning in corporate fraudsters.  All but one of the firms identified by the SEC did not call public attention to their new-found client base – most likely because they did not want to upset their bread-and-butter corporate clients.  It appears that major corporate law firms now understand that the Dodd-Frank Act’s whistleblower reward provisions are incredibly effective in incentivizing corporate insiders to report fraud, even when those insiders are executives usually on the other side of a whistleblower issue.  Lawyers who traditionally represent whistleblowers understand that Dodd-Frank is well designed and is being professionally implemented by the SEC.  Corporate lawyers and their firms have apparently caught on to this new reality and are now representing whistleblowers.

That defense firms are now actively engaged in representing whistleblowers cannot be denied.  Lists of law firms that have prevailed in Dodd-Frank whistleblower cases, disclosed in response to Freedom of Information Act (FOIA) requests filed with the SEC, document that 9.3% of firms that have obtained rewards on behalf of whistleblowers were traditional defense firms.  These firms include some of the largest defense firms in the United States that represent numerous corporations subjected to SEC enforcement actions for violating securities laws as well as firms that have defended corporations against whistleblowers in retaliation cases.

If that statistic holds, it is clear hundreds of corporate defense firms or their attorneys are representing whistleblowers in confidential investigations.  Why are these cases still under review?  Dodd-Frank is still a young law, and the vast majority of cases have not yet resulted in formal reward determinations.  Cases often take five years or more to be finalized, and as of the end of Fiscal Year 2021 over 51,000 whistleblower cases had been filed with the SEC.  Furthermore, under the FOIA requests the SEC only released the names of law firms that prevailed in a whistleblower case.  The names of firms that did not prevail in a claim, or firms that represent whistleblowers in ongoing investigations, were not disclosed.

Time will tell whether defense firms’ representation of whistleblowers who accuse their employers (or other corporate wrongdoers) of fraud is a good or bad development.  But unique issues will arise whenever a firm that primarily generates its profits from representing corporations accused of wrongdoing switches sides and represents a whistleblower who has accused an executive of engaging in fraud.  Although such representations may be permitted under the attorney’s rules of ethics, this does not mean that such representations are always in the best interest of a lawyer’s clients.  There are inherent potential conflicts whenever a defense firm switches sides and decides to represent a whistleblower reporting major corporate crimes.

Regardless of where you stand on this issue, one thing is clear: the ethical, policy and legal implications of defense firms representing whistleblowers is a dramatic shift in legal practice and must be carefully evaluated.  Defense firms must understand that whenever they represent a whistleblower, they must zealously advocate on their behalf, even when the precedents set by their cases may be used against their corporate clients.  Likewise, whistleblowers need to be aware of the implications of choosing a lawyer whose primary practice is representing corporate crooks.  Conflicts of interest may not initially be visible but can unfold as a case progresses.

The Revelation

In August of 2022, Bloomberg Law and a draft non-peer-reviewed article published by University of Kansas Professor Alexander Platt raised the issue of which law firms represent whistleblowers.  Bloomberg and Platt obtained lists of law firms that prevailed in Dodd-Frank whistleblower cases.  They used the lists to identify a small number of firms, all of which could be classified as pro-whistleblower firms.  These firms’ practices are centered on fighting corporate fraud and speculated whether these firms were being given preferential treatment by the SEC. Neither publication offered proof of any wrongdoing.  But Platt and Bloomberg did not list all the law firms that prevailed in Dodd-Frank cases.  Significantly, neither even mentioned the fact that major defense law firms had already filed and won Dodd-Frank cases on behalf of whistleblowers.  Additionally, the two authors did not explore the special issues that could arise when firms dedicated to defending white-collar criminals quietly switch sides.

In response to Platt and Bloomberg, WNN filed its own Freedom of Information Act (FOIA) request to obtain access to the documents relied upon in the two articles.  The SEC released over 1000 pages of documents to WNN, including all its correspondence with Platt and all the records provided to Platt (and Bloomberg) that identified law firms that successfully represented whistleblowers.

On September 27, 2022, WNN revealed, for the first time, that the SEC had identified 64 law firms that successfully obtained a reward on behalf of a whistleblower.  Among those firms were six that primarily represent corporations and individuals accused of corporate crimes.  These defense firms included industry giants such as Winston & Strawn and Akin Gump.  Together, the defense firms have already obtained over $56 million in rewards on behalf of whistleblowers.  In response to the Platt, Bloomberg, and WNN FOIA requests, the SEC only identified firms that had already prevailed and obtained a reward on behalf of their clients. Approximately 50,000 cases are pending within the SEC’s reward program, and there is a long delay in processing whistleblower cases.  Therefore, one can assume that numerous other pending cases where these or other defense firms are actively representing whistleblowers that were not disclosed by the SEC.

It is important to note that the Dodd-Frank provisions only apply to large fraud cases.  No reward is available unless the SEC issues sanctions against the entity being investigated in excess of $1 million.  Thus, the cases previously targeted by the defense firms and currently under investigation by the SEC would implicate major frauds.

The defense firms identified by WNN as being listed in the SEC-released materials were:

Winston & Strawn, LLP:  Winston advertises itself as defending “companies and individuals in SEC enforcement and regulatory matters related to allegations involving securities fraud.”  But not mentioned on its webpage is that it also represented a securities law whistleblower who obtained a $2.2 million reward.

Akin Gump Strauss Hauer & Feld LLP: Akin Gump also describes its practice as representing “companies and individuals” under investigation by various regulatory agencies, including the SEC.  Akin’s attorneys obtained a Dodd-Frank reward of $800,000 award.

Haynes and Boone, LLP: This 600-lawyer defense firm’s website explained that it has “represented employers” in “whistle blowing.”  However, the SEC documents revealed the firm also represented a whistleblower who obtained a “20%” award against a corporate fraudster.

Levine Lee LLP:  Although this firm markets itself as successfully representing clients accused of violating anti-fraud laws, like the other defense firms, it has apparently started a whistleblower practice and obtained a reward of $10 million on behalf of a whistleblower.

Leader Berkon Colao & Silverstein LLP:  This defense firm prevailed in cases filed on behalf of two separate whistleblowers and had considerable success.  Their whistleblower clients obtained $15 million and $27 million in awards.

Sallah Astarita & Cox, LLC: Although this firm “regularly represents financial institutions” in “fraud” cases, the firm also represented a whistleblower who obtained a $1.8 million award.  Sallah Astarita was the only firm that listed its Dodd-Frank Act whistleblower case on its website as among the victories achieved by one of its partners.

The SEC’s Dodd-Frank Whistleblower Program

Professor Platt and Bloomberg Law criticized the SEC’s Dodd-Frank program as having a bias in favor of a small number of whistleblower-rights law firms that had employed former SEC lawyers.  However, the information revealed by WNN completely refuted this negative implication raised by Platt and Bloomberg.  Instead, the FOIA documents support a finding that the SEC program is a paradigm of fairness and openness.  The extensive correspondence between Platt and the SEC demonstrates that the Commission freely disclosed the names of the firms that had won cases while carefully balancing the confidentiality needs of the whistleblower clients.  These numbers illustrate a program open to law firms regardless of their reputation or whether they employ former government lawyers.  They also reveal a program open to working directly with whistleblowers and rewarding them even if they had no lawyer.  Not one document produced provided any evidence whatsoever of wrongdoing, bias, or unprofessionalism.  The numbers speak for themselves:

  • Over 50 pro se whistleblowers won cases on their own behalf.  This high percentage of unrepresented applicants who successfully navigated the SEC’s program is remarkable.  In other legal programs, pro se whistleblowers (and other unrepresented persons) lose the vast majority of their cases.  Not so under Dodd-Frank. This demonstrates a high level of commitment by the SEC to helping individual whistleblowers who could not afford or obtain lawyers.
  • Of the 64 law firms that prevailed in a Dodd-Frank reward claim, only 12 had hired former SEC lawyers to assist in the cases.  Thus, the vast majority of successful law firms (52 of the 64) had no “insider” connection to the SEC.   This fact demonstrates the Commission’s staff’s willingness to work closely with attorneys who had no “friends” in the agency and whose information was solely merit-based. Moreover, a significant percentage of the firms that did employ former SEC or Justice Department lawyers were the very defense firms that Bloomberg Law and Platt did not discuss or analyze.
  • The Commission’s staff demonstrated no bias against firms based on their practice areas.  The Commission’s enforcement staff and Whistleblower Office worked with law firms that were defense-based (6) and law firms that traditionally represent whistleblowers or employees in lawsuits against companies (many of the remaining 58).

The FOIA documents support a finding that the Commission’s staff is open to whistleblowers, regardless of whether they represent themselves or whether or not the firms raising the concerns have any “insider” connections.   Organizations such as the National Whistleblower Center, which regularly works with whistleblowers, have widely praised the program, as have the last three Chairs of the SEC, appointed by Presidents ObamaTrump, and Biden.  The Commission itself confirmed that as of September 2021, it returned over $1.3 billion to harmed investors based on whistleblower cases.

The Future Role of Defense Firms in Dodd-Frank Cases

The SEC cannot implement special rules that would be prejudicial to traditional defense firms that file whistleblower cases.   Likewise, whistleblowers have the right to hire counsel of their choice and, in most cases, can knowingly waive potential conflicts of interest.  But the mere fact that traditional defense firms can lawfully represent whistleblowers without violating any SEC or local Bar rules does not address the special problems that may exist when a defense firm represents a whistleblower.  For example, such representations can result in significant conflicts of interest that may not be apparent at the commencement of a case. This may result in the whistleblower’s attorneys not advocating for legal precedents that could harm their other corporate clients.

Traditional defense firms should implement internal procedures to guard against potential problems based on the obvious conflicts that can arise when they represent clients on both sides of whistleblower-disclosure cases.  More significantly, it is absolutely crucial that whistleblowers fully understand the potential for conflicts of interest when deciding on the best attorneys to hire.  Attorneys working for defense firms must clearly spell out these issues and ensure that when representing a whistleblower, their prospective client is fully aware of all the risks and limitations.

Among the rules, procedures, and practices that defense firms should implement or carefully consider are:

  1. At the very least, defense firms representing whistleblowers should identify this on their websites.  Corporate clients should know that the firm also represents whistleblowers and should be able to question counsel on these matters so they feel comfortable that no conflicts would arise.
  2. Whistleblower clients need full disclosure of how the defense firm’s primary practice may impact the representation.  This is particularly true whenever a case would require advocacy on behalf of a whistleblower that could expand legal interpretations benefiting whistleblowers.  It is hard to reconcile how a law firm defending some clients against whistleblowers can effectively argue before administrative agencies or courts of law legal precedents that could expand the rights of whistleblowers.  These expanded rights could and would ultimately not be to the advantage of corporate clients accused of wrongdoing.
  3. Similarly, defense firms need to reconcile how they can advocate for a whistleblower who engaged in tactics, such as removing documents or one-party tape recording, that their corporate clients may find offensive.  This is particularly true when the zealous representation of a whistleblower requires expanding the ability of whistleblowers to obtain evidence of wrongdoing, and the precedent this advocacy establishes may be used against the firm’s current or future corporate clients.
  4. The potential for a conflict of interest needs to be fully explored in every case.  One issue that firms and clients may not be fully aware of is how the “related action” provisions of the laws impact potential conflicts.  Once the SEC obtains a sanction of over $1 million in any case, all “related actions” become eligible for a reward.  Sanctions issued by other law enforcement or regulatory agencies based on “related” claims can form the basis of a reward.   When examining whether a conflict exists, law firms need to look beyond the SEC action and determine witnesses, parties, and issues that may be implicated in a “related action.” This determination is critical even if the related action is not based on any securities law violation.
  5. Defense firms can also explore ways to refer potential whistleblower clients to attorneys whose practices are based solely on representing whistleblowers.  These referrals would help ensure that the defense firm is not conflicted (either as a matter of ethics or marketing) and that the client can obtain the best counsel.

Conclusion: The Iron Curtain has Fallen

Whistleblower representation is entering a new world.  The “iron curtain” that formerly separated law firms that represent corporate crooks from those that represent whistleblowers has fallen. This new reality is not without serious risks to whistleblowers (and corporate clients).  Whistleblowers must be fully aware of the dangers of having a corporate law firm represent them.  Corporate law firms must institute procedures to guard against conflicts of interest and to ensure they can zealously represent whistleblowers.  Zealous representation is needed even when the precedents established in these cases may create trouble for their other client base.

At the end of the day, the fact that defense law firms are now representing whistleblowers affirms the success of Dodd-Frank.  It is an affirmation of the critical nature of the information whistleblowers provide to the government and the role of this insider information in stopping otherwise hard to detect corporate crimes.  The “iron curtain” has fallen, but it has fallen in the direction that helps whistleblowers.  It has fallen in the direction that affirms the quality of their disclosures. It refutes the often-repeated slander that whistleblowers are somehow simply disgruntled employees.

Whistleblowers are essential to ensuring fairness in the markets, holding wrongdoers accountable, and deterring future wrongdoing.  The SEC has publicly recognized this, and now leading corporate defense attorneys have quietly recognized it. Defense firms like Akin Gump, Winston and Strawn, and Hayes and Boone got it right when they advocated for paying whistleblowers substantial rewards.  Whistleblowers whose information holds corporate criminals accountable deserve large rewards. These rewards are in the public interest, and the SEC Dodd-Frank whistleblower program must be protected, enhanced and expanded.

Sources:

  1. Whistleblower Network News, “WNN Exclusive: SEC FOIA Documents Reveal Big Law Defense Firms are Confidentially Representing Dodd-Frank Whistleblowers,” (September 27, 2022)
  2. List of Law Firms that Obtained Rewards in Whistleblower Cases as of 2021
  3. List of Awards Obtained by the Six Defense Law Firms
  4. List of pro se Cases where Whistleblowers Obtained a Reward
  5. FAQ on the SEC’s Dodd-Frank Act program
  6. FAQ on Confidentiality of Dodd-Frank Act claims

Article By Stephen M. Kohn of Kohn, Kohn & Colapinto

For more criminal law and business crimes legal news, click here to visit the National Law Review.

Copyright Kohn, Kohn & Colapinto, LLP 2022. All Rights Reserved.

NYC Issues Proposed Rules for Its Automated Employment Decision Tools Law

On Friday, September 23, 2022, the New York City Department of Consumer and Worker Protection (“DCWP”) releasedNotice of Public Hearing and Opportunity to Comment on Proposed Rules related to its Automated Employment Decision Tool law (the “AEDT Law”), which goes into effect on January 1, 2023. As we previously wrote, the City passed the AEDT Law to regulate employers’ use of automated employment decision tools, with the aim of curbing bias in hiring and promotions; as written, however, it contains many ambiguities, which has left covered employers with open questions about compliance.

The proposed rules are intended to clarify the requirements for the use of automated employment decision tools within New York City, the definitions of key terms in the AEDT law, the notices to employees and applicants regarding the use of the tool, the bias audit for the tool, and the required published results of the bias audit.

The DCWP’s public hearing on the proposed rules and deadline for comments are October 24, 2022. Although the proposed rules may be modified prior to adoption, the following summarizes the key provisions.

“Substantially assist or replace discretionary decision making”

The AEDT Law applies to an automated decision tool that is used “to substantially assist or replace discretionary decision making.” It does not, however, specify the type of activities that constitute such conduct or what particular AI-powered employment tools are covered by the law.

The proposed rules attempt to provide guidance on this issue by defining “substantially assist or replace discretionary decision-making” as one of the following actions:

  1. relying solely on a simplified output (score, tag, classification, ranking, etc.), without considering other factors; or
  2. using a simplified output as one of a set of criteria where the output is weighted more than any other criterion in the set; or
  3. using a simplified output to overrule or modify conclusions derived from other factors including human decision-making.

“Bias Audit”

Pursuant to the AEDT Law, before using an automated employment decision tool, a covered employer or employment agency must subject the tool to a “bias audit” no more than one year prior to the use of the of the tool.  The law explains that “bias audit” means an “impartial evaluation by an independent auditor,” but does not otherwise specify who or what constitutes an “independent auditor” or what the “bias audit” must contain. The proposed rules address these gaps.

First, the proposed rules define “independent auditor” as “a person or group that is not involved in using or developing an [automated employment decision tool] that is responsible for conducting a bias audit of such [tool].” This definition does not specify that the auditor must be a separate legal entity from the creator or vendor of the tool and therefore suggests that it may be acceptable for the auditor to be employed by the organization using the tool, provided the auditor does not use and has not been involved in developing the tool.

Second, the proposed rules state that the required contents of a “bias audit” will depend on how the employer or employment agency uses the tool.

If the tool selects individuals to move forward in the hiring process or classifies individuals into groups, the “bias audit,” at a minimum, would need to:

  1. calculate the selection rate for each category;
  2. calculate the impact ratio for each category; and
  3. where the tool classifies candidates into groups, the bias audit must calculate the selection rate and impact ratio for each classification.

If the automated employment decision tool merely scores candidates, the “bias audit” at a minimum, would need to:

  1. calculate the average score for individuals in each category; and
  2. calculate the impact ratio for each category.

The preamble to the proposed rules makes clear that DCWP intends these calculations to be consistent with the Uniform Guidelines on Employee Selection Procedures (“UGESP”), 29 C.F.R. § 1607.4, and borrows concepts from the framework established by the UGESP in the definitions of “impact ratio” and “selection rate.”

Under the AEDT Law, upon completion of a bias audit, and prior to using the automated employment decision tool, covered employers and employment agencies must make the date and summary of the results of the bias audit publicly available on the careers or job section of their website in a clear and conspicuous manner. The proposed rules clarify that publication may be made via an active hyperlink to a website containing the required information, as long as the link is clearly identified as linking to the results of the bias audit. The required information must remain posted for at least six months after the covered employer or employment agency uses the tool for an employment decision.

Required Notices

The AEDT Law also specifies that employers and employment agencies must notify candidates for employment and employees who reside in New York City as follows:

  1. at least ten business days prior to using an automated decision tool, that such a tool will be used to assess or evaluate the candidate or employee, and allow the individual to request an alternative selection process or accommodation;
  2. at least ten business days prior to use, the job qualifications and characteristics that the tool will use in the assessment or evaluation; and
  3. if not disclosed on the employer or employment agency’s website, information about the type of data collected for the tool, the source of such data, and the employer or employment agency’s data retention policy shall be available upon written request by the individual and be provided within thirty days of the written request.

Covered employers and employment agencies have expressed concern about the practical and administrative difficulties of providing the above notices in the fast-paced environment of today’s recruiting and hiring.

In apparent response to these concerns, the proposed rules clarify that the employer or employment agency may provide the notices required by paragraphs (1) and (2) by:

  1. (a) in the case of candidates, including notice on the careers or jobs section of its website at least ten business days prior to the use of the tool, and (b) in the case of employees, including notice in a written policy or procedure that is provided to employees at least ten business days prior to use;
  2. including notice in a job posting at least ten days prior to using the tool; or
  3. (a) in the case of candidates, providing notice via U.S. mail or email at least ten business days prior to use of the tool; and (b) in the case of employees, providing written notice in person, via U.S. mail, or email at least ten business days prior to use.

In short, under the proposed rule, an employer or employment agency could comply with the AEDT Law by providing the required notice when first posting the job.

With respect to the notice requirement in paragraph (3), the proposed rules state that an employer or employment agency must provide notice to covered individuals by including notice on the careers or jobs section of its website, or by providing written notice in person, via U.S. mail, or by email within 30 days of receipt of a written request for such information. If notice is not posted on the website, the employer or agency must post instructions for how to make a written request for such information on its careers or job section of the website.

Finally, although the AEDT Law requires an employer or employment agency to allow covered individuals to request an alternative selection process, the proposed rules state that nothing requires an employer or employment agency to provide an alternative selection process.

Article By Adam S. Forman, Nathaniel M. Glasser, Robert J. O’Hara, Alexander J. Franchilli, and Ridhi D. Madia of Epstein Becker & Green, P.C.

For more labor and employment legal news, click here to visit the National Law Review.

©2022 Epstein Becker & Green, P.C. All rights reserved.