Category: Uncategorized

Ripple Faces Class Action Lawsuit Alleging Sale of Unregistered Securities

A class action lawsuit was filed on May 3rd against Ripple Labs Inc.—a fintech startup that controls the third-largest cryptocurrency in the world—and its CEO Brad Garlinghouse, alleging that Ripple sold unregistered, non-exempt securities in violation of federal and California state securities laws.

In their complaint, Plaintiffs characterized the sale of XRP (Ripple’s native token) as “a scheme by Defendants to raise hundreds of millions of dollars through the unregistered sale of XRP” and “what is essentially a never-ending initial coin offering (ICO).” In addition to attorney fees, costs of the suit, and punitive damages, the plaintiffs also request a declaration from the court that the sale of XRP is an unregistered securities sale and to enjoin defendants from further violating securities laws.

Plaintiffs alleged facts that correspond to the elements of the Howey test for determining whether an instrument qualifies as an “investment contract,” and thus, as security, under the federal securities laws. Specifically, the complaint states that XRP purchasers (1) made an investment of money, (2) in a common enterprise, (3) with a reasonable expectation of profits (4) derived predominantly from the essential managerial or entrepreneurial efforts of others.

This lawsuit comes in the wake of heightened SEC scrutiny of cryptoasset token issuances. As we’ve noted, SEC Chairman Jay Clayton has said in recent months that he has not seen a single token issued through an ICO that is not a security.

Ripple’s prominent position within the blockchain ecosystem, the relationship between XRP tokens and Ripple’s enterprise software, and the manner in which their tokens are distributed could form the basis for tremendously impactful judicial precedent with respect to ICOs.

We will continue to monitor developments in this area.

© 2018 Proskauer Rose LLP.
This article was written by Divya Taneja of Proskauer Rose LLP

Smartphone Wars – The Last Jury: Samsung Owes $539M for Infringing Apple’s Patents

A California jury recently awarded Apple $538.6 million in total damages for patent infringement by Samsung. This is the latest development in the patent battle between smartphone industry titans that began in 2011 and took another step towards completion.  The verdict arrived after five days of deliberations and seven months after Judge Koh ordered a second trial to determine appropriate damages in light of the U.S. Supreme Court decision in December of 2016.  The jury attributed $533.3 million for the infringement of Apple’s design patents and $5.3 million for infringement of Apple’s utility patents.

As we have covered here before, Apple originally filed this patent infringement action in the U.S. District Court for the Northern District of California in 2011, alleging that Samsung’s smartphones infringed three of Apple’s design patents, D593,087, D618,677, and D604,305. The design patents cover a black rectangular front face with rounded corners, a rectangular front face with rounded corners and a raised rim, and a grid of 16 colorful icons on a black screen.  Judge Koh presided over the dispute. The jury found that Samsung infringed all three design patents, and the district court entered final judgment awarding $399 million for the infringement. The Federal Circuit upheld the lower court’s judgment on the amount of damages for infringement of the design patents, and Samsung filed a petition for certiorari to the Supreme Court.

The Supreme Court reversed, explaining that, within the meaning of a 35 U.S.C. § 289 damages inquiry, the phrase “article of manufacture” need not be limited to the end product sold to the consumer, but may be a smaller component of that product. Samsung Elecs. Co. v. Apple Inc., 137 S. Ct. 429 (2016). The Supreme Court set aside the $399 million damage award, which represented the entire profit from the sale of the infringing Samsung smartphones.  Samsung argued that had the jury been able to consider components of a smartphone as the article of manufacture the resulting damage award would have been smaller.  As it turned out, Samsung was wrong.  When the jury considered the components of the smartphone, it found that Samsung owes Apple even more – $140 million more.

In the instructions to the jury, Judge Koh adopted a four-factor test to determine damages, essentially adopting the Solicitor General’s test and rejecting Samsung’s simpler two-step test.  The four factor test instructed jurors to consider the following:

  1. The scope of the design claimed in Apple’s patent, including the drawing and written description;

  2. The relative prominence of the design within the product as a whole;

  3. Whether the design is conceptually distinct from the product as a whole; and

  4. The physical relationship between the patented design and the rest of the product, including whether the design pertains to a component that a user or seller can physically separate from the product as a whole, and whether the design is embodied in a component that is manufactured separately from the rest of the product, or if the component can be sold separately.

Apple sought about $1 billion in damages – what a 2012 jury awarded them for Samsung’s infringement of these design patents.  Samsung, on the other hand, argued that it should pay only $28 million.  The amount of damages awarded suggests that the jury believed the design patents covered more than mere components of the smartphone and also shows that design patents can be an important part of a patent portfolio.

©1994-2018 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

Reasonable Notice to Consumer Required for Enforcement of Arbitration Clause

Addressing an important contract-formation issue that has divided federal courts, the U.S. District Court for the Western District of Pennsylvania recently denied a company’s motion to compel arbitration because the consumer was not given “reasonable notice” of the arbitration clause.

The court in Jones v. Samsung Electronics America, Inc. declined to enforce the arbitration clause because it was located in the “Manufacturer’s Warranty” section of a 64-page “Important Information Booklet” contained in the phone’s sales box. None of the Booklet’s section headings referred to arbitration.

In Jones, the plaintiff, Brittany Jones, filed a class action against Samsung after her cell phone allegedly exploded and caught fire. Samsung moved to compel arbitration, relying in part on the U.S. Court of Appeals for the Seventh Circuit’s 1997 decision in Hill v. Gateway 2000, Inc., which enforced an arbitration clause contained in the shipping box that stated purchasers had 30 days to return the computer if they did not want to arbitrate.

According to the Seventh Circuit, “[a] contract need not be read to be effective.” Ms. Jones said she was unaware of the arbitration clause and its 30-day opt-out period at the time she bought the phone because the arbitration clause was inconspicuous and contained in a section of the Booklet dealing with warranties. She relied on the U.S. Court of Appeals for the Ninth Circuit’s 2017 decision in Norcia v. Samsung Telecommunications America, Inc., which held that Samsung’s arbitration clause was ineffective because the plaintiff did not receive adequate notice of its existence.

After reviewing these decisions and precedent of the U.S. Court of Appeals for the Third Circuit, the Jones court concluded that “[p]urchasers may be bound by what they have not read, but they may not be bound by what they cannot find, or what has been (negligently or by connivance) buried in the verbal underbrush.”

The court emphasized that the arbitration agreement was never cited in the Booklet’s section headings and was “tucked away in the section misleadingly titled ‘Manufacturer’s Warranty.'” According to the court, “[i]f Samsung had actually desired to make its customers aware of the Arbitration Agreement, it would have been simple to bring the point home more clearly.”

The Jones court found the Seventh Circuit’s Gateway decision was no longer the leading authority in this area, having been eclipsed by more recent decisions that “focus not on whether consumers had read waiver language, but on whether they received reasonable notice of the existence of the language.”

Jones illustrates that even the best-drafted arbitration clause will not be enforced if the court perceives it to have been presented in a manner that would make it unlikely consumers would actually notice it.

Copyright © by Ballard Spahr LLP
This article was written by Alan S. Kaplinsky and Mark J. Levin of Ballard Spahr LLP

Colorado Enacts Groundbreaking Privacy and Cybersecurity Legislation

Colorado has enacted groundbreaking privacy and cybersecurity legislation that will require covered entities to implement and maintain reasonable security procedures, dispose of documents containing confidential information properly, ensure that confidential information is protected when transferred to third parties, and notify affected individuals of data breaches in the shortest time frame in the country. The new law—which becomes effective on September 1, 2018—was spearheaded by the Colorado Attorney General’s office, which is charged with enforcing its requirements. As a result of the legislation, covered entities should consider implementing written information security programs, third party vendor management controls, and incident response plans to best position themselves against potential enforcement actions and civil litigation in the future.

Data Security Requirements

For the first time, covered entities that maintain, own, or license “personal identifying information” (PII) of a Colorado resident are required to implement and maintain reasonable security procedures and practices that are “appropriate to the nature of the personal identifying information and the nature and size of the business and its operations.”

The law defines PII broadly to include a social security number; personal identification number; password; passcode; official state or government-issued driver’s license or identification card number; government passport number; biometric data; employer, student, or military identification number; or financial transaction device (as defined in C.R.S. § 18-5-701(3)).

Covered entities also must take measures to protect PII when transferring it to third parties. Unless a covered entity agrees to provide its own security protection for the information it discloses to a third-party service provider, the covered entity “shall require” the third-party service provider to implement and maintain reasonable security procedures and practices that are appropriate to the nature of the PII disclosed and reasonably designed to help protect the PII from unauthorized access, use, modification, disclosure, or destruction. A “third-party service provider” is defined as an entity that “has been contracted to maintain, store, or process personal information on behalf of a covered entity.”

The law also requires covered entities that maintain electronic or paper documents that contain PII to develop a written policy for the destruction of such documents when they are no longer needed.

The Attorney General’s office is authorized to enforce these new requirements and may bring an action in law or equity to ensure compliance or recover direct economic damages resulting from a violation.

As a consequence of these new requirements, covered entities should consider developing and implementing written information security programs that include appropriate administrative, technical and physical safeguards for the types of PII that they maintain, own or license.

Changes to Colorado’s Breach Notification Law

The new law strengthens and expands Colorado’s data breach notification law. Perhaps the most significant change is that covered entities now must notify affected individuals within 30 days after determining that a security breach occurred that resulted in, or is likely to result in, misuse of personal information. Colorado’s 30-day deadline is the shortest of any state. Florida also has a 30-day deadline but allows for an additional 15 days under certain circumstances.

The new law drastically expands the types of information that will trigger a breach notification obligation if compromised. Specifically, the law defines “personal information” to mean a Colorado resident’s first name or first initial and last name in combination with any of the following data elements: social security number; student, military or passport identification number; driver’s license number or identification card number; medical information; health insurance identification number; or biometric data. The definition also includes a Colorado resident’s username or e-mail address in combination with a password or security questions and answers that would permit access to an online account or a Colorado resident’s account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to that account. However, a covered entity does not need to provide notice if the information was encrypted unless the encryption key also was compromised.

Importantly, the law does not create exemptions for entities subject to reporting requirements under the Gramm-Leach-Bliley Act or HIPAA. Rather, if there is a conflict between the 30-day time period for providing notice under Colorado law and a time period in another federal or state law, the law with the shortest time frame for providing notice controls.

The law also specifies what type of information must be included in the notice, such as a description of the PII involved in the breach, the date or estimated date of the breach, and contact information for the Federal Trade Commission and credit reporting agencies. If the breach involves the compromise of login information, a covered entity also is required to notify individuals to change their login information for that account and any other account that uses the same login information.

A covered entity must notify the Colorado Attorney General’s office if it provides notice to 500 or more Colorado residents, and it must notify credit reporting agencies if it is provides notice to more than 1,000 residents.

If a third-party servicer provider experiences a data breach, it must notify the covered entity “in the most expedient time possible, and without unreasonable delay.”

As with the new data security requirements, the Attorney General’s office is charged with enforcing violations of the notification requirements. However, a covered entity that maintains its own notification procedures as part of an information security policy that is consistent with the new law is in compliance with the law’s requirements if the covered entity follows those procedures. Therefore, to ensure compliance, covered entities should consider developing and implementing incident response plans that are consistent with the new law.

Finally, the law adds new provisions that create similar obligations for government entities.

Copyright © by Ballard Spahr LLP
This article was written by David M. Stauss and Gregory Szewczyk of Ballard Spahr LLP

Never-Ending Liability Under Novartis

The Evolution of Innovator Liability for Pharmaceutical Manufacturers

Brand-name drug manufacturers are not unfamiliar with the concept of Innovator Liability, under which they can be held liable for injuries caused by a product they did not make. In other words, Innovator Liability holds a manufacturer liable by virtue of being an innovator.

Innovator Liability, usually brought under a failure to warn theory, can be traced back to a 2008 California case, Conte v. Wyeth, Inc., where the Court of Appeal held that a branded drug manufacturer’s duty to warn extends to patients taking the generic counterpart. The court reasoned that it is foreseeable that physicians and pharmacists may rely on the brand drug’s label to prescribe the drug’s generic counterpart for patients.[i]Conte has been rebuffed nationwide. By July 2014, more than 100 courts in 49 states, including the U.S. Courts of Appeals for six different circuits, rejected Innovator Liability.[ii] The Supreme Court of Iowa described Innovator Liability as “deep-pocket jurisprudence [which] is law without principle.”[iii]

Despite the overwhelming rejection of this theory of law, California continues to breed even more extreme decisions under Innovator Liability. On December 21, 2017, the California Supreme Court decided T.H. v. Novartis Pharmaceuticals Corp. (Novartis). The court unanimously upheld Innovator Liability against a brand-name drug company six years after the company sold all the rights to that drug.[iv]Furthermore, by a 4-3 decision, the court went beyond Conte to hold that predecessor drug manufacturers can be held liable, as a matter of law, for their successors’ failure to warn, because it is foreseeable that the successor company may be just as negligent as its predecessor in fulfilling the duty to warn.[v]

The Novartis decision creates an open-ended, never-ending liability for brand-name drug manufacturers, and calls for new business strategies to avoid, or reduce, the risk of litigation.

The Novartis Opinion

The product at issue in Novartis was Brethine, a beta-adrenergic agonist used for asthma treatment. Novartis owned the New Drug Application (NDA) of Brethine and manufactured the drug until 2001, when it sold both the drug and its NDA to a successor company.[vi]

In 2007, the plaintiffs’ mother was prescribed the generic version of Brethine, terbutaline, for its off-label use of suppressing premature labor. The mother continued taking terbutaline until the end of a full-term pregnancy and gave birth to twin boys, who were later diagnosed with autism. With their father as Guardian ad litem, the twins sued Novartis for failure to warn. Plaintiffs alleged that Novartis knew, or should have known, that Brethine had the effect of penetrating the placental barrier and damaging the fetal brain. Plaintiffs alleged that for many years Brethine had been prescribed for the off-label use of preventing pre-term labor, yet Novartis never updated the drug’s label to include the fetal damage side-effect.[vii]

Novartis moved to dismiss the complaint, arguing that, as a matter of law, it did not owe a duty to the plaintiffs because it did not manufacture the drug that the mother took − terbutaline. Novartis further argued that since 2001 when it sold the NDA of Brethine, it has had no control over the content of Brethine’s label. The trial court dismissed the complaint without leave to amend. The appellate court reversed, directing the trial court to grant plaintiffs leave to amend their complaint as to the negligence and negligent misrepresentation claims.[viii] The California Supreme Court granted review to determine a single issue − whether, and if so, under what circumstances, a brand-name drug manufacturer may be sued under Innovator Liability, when its drug’s label was alleged to be deficient, but the plaintiffs were injured by the drug’s generic version bearing the same label?[ix]

The Court answered this question affirmatively, and in two parts:

  • In the first part, the court held that a branded drug manufacturer’s duty to warn extends to consumers of the generic bioequivalent. As in Conte, the court based its decision on foreseeability. The court reasoned that if Novartis knew that its label was deficient when it held rights to the drug, it should have foreseen that (1) generic manufacturers would not change the label, because they are required by the FDA to copy the brand drug’s label verbatim and (2) physicians or pharmacies would rely on Brethine’s label to prescribe terbutaline to patients.[x]

  • In the second part, the majority addressed the unique issue with Novartis − the alleged injury occurred six years after Novartis sold the drug and the NDA. The majority held that a predecessor should foresee that its successor may be just as negligent as the predecessor in fulfilling its duty to warn. Noting that 50 percent of Brethine’s sales were for the off-label use of preventing premature labor, the majority assumed that Novartis must have been reluctant to include the fetal side-effect in Brethine’s warning label for financial reasons. Thus, according to the court, it is foreseeable that the successor will have the same financial disincentive to update the drug’s label.[xi]

In the majority’s view, a predecessor drug manufacturer and its successor are not categorically distinguishable in their likelihood of being conscientious about their obligations to disclose relevant risks. Under that view, the lapse of time (in this case, six years) from the predecessor’s divestiture of the NDA to the time the injury occurred has no bearing on the issue of duty, “which must be addressed at a higher level of generality.”[xii]

Risk Considerations for Brand-Name Drug Manufacturers

The Novartis decision creates a warning liability “in perpetuity.” The majority provides no guidance as to how long a predecessor will be held liable for its successor’s business conduct, or whether a predecessor should foresee the potential negligence of only its immediate successor, or of generations of successors. In addition, the court views the prescription drug market as a unique market “where one entity’s misrepresentations about its own product foreseeably and legally contributed substantially to the harm caused by another entity’s product.”[xiii] Under these holdings, branded drug manufacturers are facing potential litigation arising from products they are making, did make in the past, or have never made, and the potential liability will exist, essentially, forever.

Branded drug manufacturers must take actions to protect themselves from future Novartis-type litigation. Different strategies can be adopted by companies at different stages with respect to the drug. Companies that are manufacturing the drug and own the NDA need to monitor new scientific developments very closely, and the update of the label should be considered whenever new side-effects are discovered. Companies that already sold the drug and the NDA should continue monitoring scientific developments concerning its former product; this can be done in collaboration with the successor company that bought the drug and the NDA, since the company that acquired the NDA now has the ability to update the drug’s warnings. It provides additional benefits for the companies to establish a dialogue with the FDA regarding their post-marking surveillance on the drug’s side-effects or complications, but of course this needs to be done with extreme caution to avoid being taken as an admission of fault.

Companies that are considering selling their brand-name drugs and divesting the NDAs are at the key stage to take actions to reduce the risk of future Novartis liabilities. Several actions can be taken toward that goal:

  • First, as the Novartis majority advised, indemnification provisions must be in place when the ownership of the NDA is transferred. Although it will not entirely avoid the prospect of extended exposure as the majority assured, an indemnification clause could still help put most of the litigation burden on the actual manufacturer of the drugs − the generic drug companies.

  • Second, predecessor companies need to conduct more careful due diligence on potential buyers, especially on the buyers’ financial resources and approach to safety. It is at least implied in the majority’s opinion that the successor company’s lack of financial means factored into the determination of foreseeability.

  • Third, before selling its product and NDA, a predecessor company may consider whether it is feasible to revise the label and include in the warnings as many side-effects as the available scientific evidence suggests. Although there is always a risk that overwarning may cause the consumer to disregard the warning label’s content, it is still an effective way to avoid future failure-to-warn liability.

  • Lastly, if financially feasible, drug innovators may consider forming a “special-purpose entity” (SPE) for the development, manufacture and distribution of each drug that carries a high risk of severe side-effects.[xiv] A SPE can take the form of a limited liability company, and can be wound up (e., discontinued) when the parent company decides to sell the drug. The establishment of a SPE may help to legally isolate the parent company of a high-risk project and to allow other investors to take a share of the risk.

[i] 168 Cal.App.4th 89 (Ct. App. 2008).

[ii] Bexis, Innovator Liability at 100, Drug and Device Law (July 18, 2014). https://www.druganddevicelawblog.com/?s=innovator+liability+at+100

[iii] Huck v. Wyeth, Inc., 850 N.W.2d 353, 380 (Iowa 2014).

[iv] 4 Cal.5th 145; 226 Cal.Rptr.3d 336 (2017).

[v] Id.

[vi] Novartis, supra, 4 Cal.5th at 158.

[vii] Id. at 160-162.

[viii] Id. at 161-162.

[ix] Id. at 155.

[x] Id. at 166-191.

[xi] Id. at 183.

[xii] Id. at 183-184.

[xiii] Id. at 180.

[xiv] Sainati, Tristano; Brookes, Naomi; Loatelli, Giorgio (2016-09-19).  “Special Purpose Entities in Megaprojects: empty boxes or real companies? Literature Review.” Project Management Journal. 48:55-73.

© 2018 Wilson Elser

Eleventh Circuit Reaches Different Conclusions While Examining Pollution Exclusion

The Eleventh Circuit recently examined two insurance coverage cases involving the applicability of the pollution exclusion.  In one case it held that sewage was not a pollutant, but in the other case it held that storm water was a pollutant.  These cases provide guidance to policyholders who may face a pollution exclusion argument from their carrier in the Eleventh Circuit.

In the case Evanston Insurance Company v. J&J Cable Construction, LLC, the Eleventh Circuit held that damage caused by a sewage leak was not barred by the pollution exclusion. (Case No. 17-11188, April 20, 2018).  The court looked to a prior Alabama case that distinguished industrial waste from residential sewage.  However, the Eleventh Circuit reached the opposite conclusion in the caseCentro Development Corp. v. Central Mutual Insurance Company (Case No. 17-13489, April 27, 2018).  There, the Eleventh Circuit found that storm water was a pollutant excluded by the policy’s pollution exclusion.  The court looked to a Georgia Supreme Court case that held that a pollutant did not have to be specifically named in the policy in order for the exclusion to apply, as was the case in the Central Mutual policy.

These decisions serve as a good reminder that the Eleventh Circuit will look to precedent from the state law that governs the coverage dispute.  In addition, whether a pollutant is tied to industrial waste may be a determining factor for the application of the pollution exclusion in the Eleventh Circuit.

© 2018 BARNES & THORNBURG LLP
This article was written by Kara Cleary of Barnes & Thornburg LLP

Bank Deregulation Bill Becomes Law: Economic Growth, Regulatory Relief, and Consumer Protection Act

On May 24, President Trump signed into law the most significant banking legislation since the enactment of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) in 2010.  The bill – named the Economic Growth, Regulatory Relief, and Consumer Protection Act (the “Act”) – passed its final legislative hurdle earlier this week when it was approved by the U.S. House of Representatives.  Identical legislation passed the U.S. Senate last March on a bipartisan basis.

The Act makes targeted, but not sweeping, changes to several key areas of Dodd-Frank, with the principal beneficiaries of most provisions being smaller, non-complex banking organizations.

Below is a summary of several key changes:

  • Higher SIFI Threshold – The controversial $50 billion asset threshold under Dodd-Frank is now $250 billion, affecting about two dozen bank holding companies. Under Section 165 of Dodd-Frank, bank holding companies with at least $50 billion in total consolidated assets were subjected to enhanced prudential standards.  Under the Act, the enhanced prudential standards under Section 165 no longer apply to bank holding companies below $100 billion, effective immediately.  Bank holding companies with total consolidated assets of between $100 billion and $250 billion will be exempted from such standards starting in November 2019, although the Federal Reserve retains the authority to apply the standards to any such company if it deems appropriate for purposes of U.S. financial stability or to promote the safety and soundness of the particular firm.

The increase in the Section 165 threshold does not eliminate the $50 billion threshold used in other areas of regulation and supervision, such as the Office of the Comptroller of the Currency’s (“OCC”) “heightened standards,” the “living will” regulations adopted by the Federal Deposit Insurance Corporation (“FDIC”) for insured depository institutions or the Federal Reserve’s capital plan rule pursuant to which it administers the CCAR process.  However, it is expected that the federal banking agencies may reconsider the appropriateness of using the $50 billion asset threshold elsewhere.

The increase in this threshold is especially important because it may spark renewed interest in M&A opportunities among regional banks that have carefully managed growth to avoid crossing $50 billion or that have otherwise been reluctant to pursue transactions in light of the significant regulatory scrutiny that has accompanied applications by large acquirors.

  • Volcker Rule – The Volcker Rule is amended so that it no longer applies to an insured depository institution that has, and is not controlled by a company that has, (i) less than $10 billion in total consolidated assets and (ii) total trading assets and trading liabilities that are not more than 5% of total consolidated assets. All other banking entities, however, remain subject to the Volcker Rule.  The other change to the Volcker Rule relates to the name-sharing restriction under the asset management exemption, which the Act modifies slightly by easing the prohibition on banking entities sharing the same name with a covered fund for marketing or other purposes.  Going forward, a covered fund may share the same name as a banking entity that is the investment adviser to the covered fund as long as the word “bank” is not used in the name and the investment adviser is not itself (and does not share the same name as) an insured depository institution, a company that controls an insured depository institution or a company that is treated as a bank holding company.  This change allows separately branded investment managers within a bank holding company structure to restore using the manager’s name on its advised funds.

The Act represents only the first set of changes to the Volcker Rule.  The federal banking agencies are expected to release a proposal the week of May 28 to revise aspects of the regulations first adopted in late 2013.

  • “Off-Ramp” Relief for Qualifying Community Banks – A depository institution or depository institution holding company with less than $10 billion in total consolidated assets will constitute a “qualifying community bank” under the Act. The benefit of such a designation is that the institution will be exempt from generally applicable capital and leverage requirements, provided the institution complies with a leverage ratio of between 8% and 10%.  The federal banking agencies must develop this ratio and establish procedures for the treatment of a qualifying community bank that fails to comply.  The regulators have the authority to determine that a depository institution or depository institution holding company is not a qualifying community bank based on the institution’s risk profile.

  • Stress Testing – The Act provides relief from stress testing for certain banking organizations. Notably, bank holding companies with total consolidated assets of between $10 billion and $250 billion will no longer need to conduct company-run stress tests.  Bank holding companies with more than $250 billion in assets and nonbank companies deemed systemically important still need to conduct company-run stress tests, but are permitted to do so on a “periodic” basis rather than the previously required semi-annual cycle.  As for supervisory stress tests, which are conducted by the Federal Reserve, bank holding companies with less than $100 billion are no longer subject to such stress tests.  Bank holding companies with total consolidated assets between $100 billion and $250 billion are subject to supervisory stress tests on a periodic basis, while such firms with $250 billion or more in total consolidated assets and nonbank companies designated as systemically important remain subject to annual supervisory stress tests.

  • Risk Committees and Credit Exposure Reports – The Act raises the asset threshold that triggers the need for publicly-traded bank holding companies to establish a board-level risk committee, from $10 billion to $50 billion. In addition, the Act amends Dodd-Frank’s requirement that bank holding companies with at least $50 billion in assets and nonbank companies designated as systemically important submit credit exposure reports.  Instead, the Act authorizes, but does not mandate, the Federal Reserve to receive reports from these firms, but with respect to bank holding companies, only those with more than $250 billion in assets are within scope.

  • Exam Cycle and Call Report Relief for Smaller Institutions – The Act increases the asset threshold for insured depository institutions to qualify for an 18-month on-site examination cycle from $1 billion to $3 billion. The Act also directs the federal banking agencies to adopt short-form call reports for the first and third calendar quarters for insured depository institutions with less than $5 billion in total consolidated assets and that meet such other criteria as the agencies determine appropriate.

  • Small BHC and SLHC Policy Statement – The asset threshold for the application of the Federal Reserve’s Small Bank Holding Company and Savings and Loan Holding Company Policy Statement is raised from $1 billion to $3 billion. As a result, those institutions with less than $3 billion in consolidated assets are not subject to consolidated capital requirements and have the benefit of less restrictive debt-to-equity limitations.

  • Flexibility for Federal Thrifts to Operate as National Banks – Federal savings associations with total consolidated assets of $20 billion or less (as of December 31, 2017) may elect to be subject to the same rights, privileges, duties, restrictions, penalties, liabilities, conditions and limitations that apply to a national bank, without having to convert their charters. As a result, institutions that make the election would be exempt from certain restrictions unique to savings associations, including asset-based limitations applicable to commercial and consumer loans, unsecured constructions loans, and non-residential real property loans.  To make an election, a federal savings association must provide 60 days’ prior written notice to the OCC.

  • “Ability to Repay” Safe Harbor for Smaller Institutions – The Act provides a safe harbor from the “ability to repay” requirement under the Truth in Lending Act (“TILA”) for mortgage loans originated and retained in portfolio by an insured depository institution or insured credit union that has, together with its affiliates, less than $10 billion in total consolidated assets. However, mortgage loans that have interest-only, negative amortization or certain other features do not qualify for this ability-to-repay relief.

  • Capital Treatment for HVCRE Exposures – The Act eases the treatment for certain “high-volatility commercial real estate” (“HVCRE”) loans under U.S. Basel III capital rules. HVCRE exposures had been assigned a 150% risk-weight under the U.S. standardized approach, but the Act now restricts this higher risk-weight to those exposures that constitute acquisition, development and construction (“ADC”) loans meeting a new “HVCRE ADC loan” definition.  Various loans are excluded from HVCRE ADC loan definition, including loans to finance the acquisition, development or construction of one- to four-family residential properties, community development project loans, and loans secured by agricultural land.  In addition, loans to acquire, refinance or improve income-producing properties and commercial real estate projects that meet certain loan-to-value ratios are also excluded from the new HVCRE ADC loan definition.

  • Reciprocal Deposits – The Act excludes deposits received under a reciprocal deposit placement network from the scope of the FDIC’s brokered deposit rules if the agent institution’s total amount of reciprocal deposits does not exceed either $5 billion or 20% of the institution’s total liabilities. The exclusion applies generally to a bank that has a composite condition of outstanding or good and is well capitalized, but it may be relied upon by a bank that has been downgraded or ceases to be well capitalized if the amount of reciprocal deposits it holds does not exceed the average of its total reciprocal deposits over the four quarters preceding its rating or capital downgrade.

  • PACE Financing – The Act requires the Consumer Financial Protection Bureau (“CFPB”) to issue ability-to-repay rules under TILA to cover Property Assessed Clean Energy (“PACE”) financing. The Act defines such financing to include a loan that covers the costs of home improvements and which results in a tax assessment on the consumer’s real property.  In developing these regulations, the CFPB must consult with state and local governments and PACE bond-issuing authorities.

  • Protections for Student Borrowers – The Act provides protections for student loan borrowers in situations involving the death of the borrower or cosigner and those seeking to “rehabilitate” their student loans. In particular, the Act amends TILA to prohibit a private education loan creditor from declaring a default or accelerating the debt of the student obligator solely on the basis of the death or bankruptcy of a cosigner.  In addition, in the case of the death of the borrower, the holder of a private education loan must release any cosigner within a “reasonable timeframe” after receiving notice of the borrower’s death.  The Act also amends the Fair Credit Reporting Act by allowing a borrower to request that a financial institution remove a reported default on a private education loan from a consumer credit report if the institution offers and the borrower successfully completes a loan rehabilitation program.  The program, which must be approved by the institution’s federal banking regulator, must require that the borrower make consecutive on-time monthly payments in a number that, in the institution’s assessment, demonstrates a “renewed ability and willingness to repay the loan.”

  • Immunity from Suit for Disclosure of Financial Exploitation of Senior Citizens – The Act shields financial institutions and certain of their personnel from civil or administrative liability in connection with reports of suspected exploitation of senior citizens. The reports must be made in good faith and with reasonable care to a law enforcement agency or certain other designated agencies, including the federal banking agencies.  Personnel covered by the immunity (which include compliance personnel and their supervisors, as well as registered representatives, insurance producers and investment advisors) must have received training in elder care abuse by the financial institution or a third party selected by the institution.

  • Mortgage Relief – The Act contains a number of provisions easing certain residential mortgage requirements, especially with respect to such loans made by smaller institutions. The Act amends the Home Mortgage Disclosure Act to exempt from specified public disclosure requirements depository institutions and credit unions that originate, on an annual basis, fewer than a specified number of closed-end mortgages or open-end lines of credit.  The Act revises the Federal Credit Union Act to allow a credit union to extend a member business loan with respect to a one- to four-family dwelling, regardless of whether the dwelling is the member’s primary residence.  The Act also amends the S.A.F.E. Mortgage Licensing Act of 2008 to allow loan originators that meet specified requirements to continue, for a limited time, to originate loans after moving: (i) from one state to another, or (ii) from a depository institution to a non-depository institution.  Further, the Act exempts from certain escrow requirements a residential mortgage loan held by a depository institution or credit union that: (i) has assets of $10 billion or less, (ii) originated 1,000 or fewer mortgages in the preceding year, and (iii) meets other specified requirements.

  • Liquidity Coverage Ratio – The Act directs the federal banking agencies to amend their liquidity coverage ratio requirements to permit certain municipal obligations to be treated as higher quality “level 2B” liquid assets if they are investment grade, liquid and readily marketable.

  • Custodial Bank Capital Relief – The Act requires the agencies to exclude, for purposes of calculating a custodial bank’s supplementary leverage ratio, funds of a custodial bank that are deposited with a central bank. The amount of such funds may not exceed the total value of deposits of the custodial bank linked to fiduciary or custodial and safekeeping accounts.

  • Fair Credit Reporting Act – The Fair Credit Reporting Act is amended to increase the length of time a consumer reporting agency must include a fraud alert in a consumer’s file. The Act also: (i) requires a consumer reporting agency to provide a consumer with free “credit freezes” and to notify a consumer of their availability, (ii) establishes provisions related to the placement and removal of these credit freezes and (iii) creates requirements related to the protection of the credit records of minors.

  • Cyber Threat Report – Within one year of enactment, the Secretary of the Treasury must submit a report to Congress on the risks of cyber threats to U.S. financial institutions and capital markets. The report must include: (i) an assessment of the material risks of cyber threats, (ii) the impact and potential effects of material cyber attacks, (iii) an analysis of how the federal banking agencies and the Securities and Exchange Commission are addressing these material risks and (iv) a recommendation of whether additional legal authorities or resources are needed to adequately assess and address the identified risks.

Apart from the changes in the thresholds for banks with assets above $100 billion, most of the Act’s provisions are effective immediately.

 

© Copyright 2018 Cadwalader, Wickersham & Taft LLP
Read more news on banks at the National Law Review’s Finance Practice Group Page.

Three Important Considerations For All Businesses in Light of GDPR

Today, the European General Data Protection Regulation (“GDPR”) takes effect. The GDPR is the most comprehensive and complex privacy regulation currently enacted. The GDPR can apply to a business or organization (including a non-profit organization) anywhere in the world and its potential financial impact is huge; fines can reach up to € 20 million Euros (over $23 million USD) or 4% of an entity’s total revenue, whichever is greater. Not surprisingly, the potential for this type of penalty has caused concern and chaos leading up to the May 25, 2018 effective date. In light of this significant international development, all organizations should consider the following:

1. Does the GDPR Apply?

If your entity “processes” the “personal data” of anyone within the European Union, then the GDPR may apply. “Personal data” under the GDPR is any information that could identify an individual, directly or indirectly, like a name, email address or even an IP address. The GDPR also broadly defines “processing” to include activities such as collecting, storing or using the personal data. For more information on how to determine if the GDPR applies to your entity, watch our 3-minute video on the subject.

2. If the GDPR Does Apply, What is the Compliance Strategy?

You need a plan. Yes, it would have been ideal to have it in place by today but if the GDPR applies to your entity, do not delay any further in creating a GDPR compliance strategy. A GDPR compliance strategy starts with a detailed examination of your entity’s data collection and use practices. Those practices must comply with the GDPR requirements and your entity may need to implement new or revised policies to address specific compliance requirements. This process is specific to the particular practices of each entity – there is no one-size-fits-all GDPR compliance program. You can find the regulatory language here.

3. Even If the GDPR Does Not Apply, How Do You Handle the Data You Collect?

Even if the GDPR does not apply to your entity, there are significant risks and liability surrounding the data collection and processing practices of any business. Data breaches happen every day. No business is immune. Each organization should closely examine its data collection and use practices and determine if it absolutely needs all of the data it collects. Then, the organization must determine whether the steps it is taking to protect the data it collects are reasonable in today’s environment. In Massachusetts, businesses must undergo this process and create a written information security plan. In Connecticut, having such a plan may help avoid a government enforcement action if you experience a data breach. In addition, the Federal Trade Commission and states’ Attorneys General are actively pursuing companies with questionable privacy practices.

© Copyright 2018 Murtha Cullina.
This post was written by Dena M. Castricone and Daniel J. Kagan of Murtha Cullina.

Patent Damages: How Many Essential Features in a Smart Phone?

On March 20, 2018, the public version of Eastern District of Texas Magistrate Judge Roy Payne’s March 7, 2018 order tossing a $75 million jury verdict obtained by Ericsson against TCL Communication was released.  Ericsson Inc., et al, v. TCL Communication Technology Holdings, Ltd., et al, Case No. 2:15-cv-00011-RSP, Doc. No. 460 (redacted memorandum opinion and order) (E.D. Tex. March 7, 2018) (“Order”).  Judge Payne’s order sheds important light on the damages analysis for infringement of patents covering features of smartphone technology and potentially provides lessons to future litigants seeking damages for smartphone innovations.

After a jury verdict finding infringement, Ericsson also won a damages verdict of $75M due to TCL’s ongoing and willful infringement of U.S. Patent No. 7,149,510 (“the ’510 patent”).  Ericsson contended that the ’510 patent covers smartphone functionality that allows a user to grant or deny access to native phone functionality to a third-party application, which is a standard feature in all Android smartphones.  After trial, TCL moved for judgment as a matter of law on infringement and damages, or in the alternative new trials.  Judge Payne indicated that he was going to uphold the infringement verdict, but ordered a new trial on damages.  Order at 1.

Ericsson’s damages case relied on two experts: Dr. Wecker and Mr. Mills.  Dr. Wecker analyzed a consumer survey that attempted to approximate the apportioned value of the patented feature in the accused products.  Mr. Mills determined a royalty rate based both on that apportionment and on a hypothetical negotiation between Ericsson and TCL.  Dr. Wecker determined that 28% of TCL customers would not have purchased a TCL smartphone if the smartphone did not have the patented feature in the ’510 patent.  This would have resulted in a loss of 28% of TCL’s sales and profits.  From this, Mr. Mills determined that the at-risk profit for TCL was $3.42 per device sold by TCL, which is the average profit per device for all accused devices, after a 28% loss rate discount.  Mr. Mills determined that during the hypothetical negotiation Ericsson would have recovered nearly all of the at-risk profit, likely obtaining a rate of $3.41 per device, but in any event would have secured no less than half of the at-risk profits, or $1.72 per product.  These rates would have justified a damages award ranging from $123.6M to $245M for damages across the life of the ’510 patent.  Mr. Mills further determined that the parties would have negotiated a lump sum payment discount for both pre-trial and post-trial infringement rather than a running royalty. Based on this expert testimony, the jury awarded Ericsson a $75M lump sum.

Judge Payne threw out the jury’s award for two reasons.  First, Judge Payne found error in Ericsson’s argument that TCL would have settled up front with a lump sum covering the entire royalty for the projected future sales of 111 million smartphones during the remaining life of the ’510 patent.  According to Judge Payne these products could not be part of the infringement base because they did not exist at the time of trial and could not have been adjudicated to infringe.  These future products could not be part of a damages order.  See Order at 12-14.

But the real meat of Judge Payne’s order is in his other justification for throwing out the damages verdict.  Judge Payne faulted Ericsson for painting the consumers’ choice of whether to buy a TCL phone as a binary decision based on the presence of the accused feature.  Judge Payne noted that the case originally had five patents and consumer surveys were done which noted that if each feature of three of the asserted patents was missing from TCL products, TCL would have lost 64% of its profits due to sales lost due to the absence of those features.  Judge Payne concluded that each of these features individually could not be responsible for a quarter of TCL’s profits per phone, and noted the following:

It is not difficult to see how this lost profit number quickly becomes unrealistic. Subtracting just three features covered by a mere three implementation patents would have allegedly cut TCL’s profit by more than half. The evidence from both sides suggested that there were at least a thousand implementation patents that might cover a TCL phone.  Regardless of the number, there is no dispute that a phone with an Android-operating system has many patented features, and that, according to Dr. Wecker’s survey results, consumers would likely find numerous features essential. According to Mr. Mills, any one of these allegedly essential features could independently be worth more than a quarter of TCL’s profit on the phone. By removing even three additional features covered by an implementation patent, on top of the features allegedly covered by the ’510, ’931, and ’310 patents, TCL would have lost all its profit (conservatively), according to Mr. Mills’ theory.

Order at 10-11 (emphasis added) (internal citations omitted).  Judge Payne faulted Ericsson for not considering that a consumer’s decision to purchase or not purchase a phone would be based on whether numerous features were included, not just the ones covered by the asserted patents, and that Ericsson’s theory would erode all of TCL’s profits.  See Order at 11.  The judge further noted that:

To conclude that any one of these features—simply because it is considered essential to a consumer—could account for as much as a quarter of TCL’s total profit is unreliable and does not consider the facts of the case, particularly the nature of smartphones and the number of patents that cover smartphone features.

Order at 11.  Put simply, Judge Payne found that a single feature could not possibly account for $75M in damages for TCL’s smartphones, particularly in view of the many other features that are subject to patent protection.  Judge Payne noted that both sides agreed that Ericsson possessed potentially at least a thousand patents covering features of TCL phones.  Order at 10.  To Judge Payne, it could not possibly be the case that each of these patents accounted for 25% of the profits made by TCL.

This decision underscores the importance of securing a defensible damages analysis, especially in the context of the multifaceted technology embodied in modern smartphones.  Judge Payne’s concerns in his non-precedential opinion seemed to flow largely from unstated anxiety relating to royalty-stacking that made the logical extrapolation of the experts’ rubric unreasonable and erroneous.  In this context, it will be interesting to see how Ericsson recasts its damages theory in the next round of this litigation. We will continue to follow this case to see the approach, as we fully expect a notice of appeal to the Federal Circuit from Ericsson.

 

©1994-2018 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

First Amendment Bars Trump from Blocking Critics on Twitter, Court Rules

A federal judge has ruled that the First Amendment prohibits President Donald J. Trump from blocking Twitter users because of political disagreements.

Last summer, seven individual plaintiffs—Twitter users who had been blocked from the President’s account, @realDonaldTrump, after tweeting criticism about the President or his policies—together with the Knight First Amendment Institute, sued Trump and Daniel Scavino, the White House’s Director of Social Media, for blocking them from reading, replying, or otherwise responding to the President’s tweets. The individual plaintiffs argued that the President had unconstitutionally interfered with their ability to speak on matters of public concern, in violation of the First Amendment.

In her decision this week, District Judge Naomi Reice Buchwald ruled that the President’s tweets are government speech, noting that President Trump exercises substantial control over the account and uses it to announce major government policy decisions. The court continued that, because the “interactive space” in his Twitter account permits unblocked users to read, reply, and respond to the President’s tweets, it is a designated public forum. Finally, the court noted that the President did not dispute that he blocked the individual plaintiffs based on their criticism of him.

Following traditional constitutional analysis, which narrowly restricts President Trump from discriminating against speech in a public forum, the court determined that the “continued exclusion of the individual plaintiffs based on viewpoint is, therefore, impermissible under the First Amendment.” Although the court recognized “the President’s personal First Amendment rights,” it warned that “he cannot exercise those rights in a way that infringes the corresponding First Amendment rights of those who have criticized him.”

Judge Buchwald issued a declaratory judgment in the plaintiffs’ favor, but she declined to enter an injunction against the President or Mr. Scavino, explaining that while the court has that authority, “because no government official is above the law and because all government officials are presumed to follow the law once the judiciary has said what the law is, we must assume that the President and Scavino will remedy the blocking we have held to be unconstitutional.”

The case is Knight First Amendment Institute at Columbia University, et al., v. Trump, et al., Southern District of New York, Case No. 17-cv-5205(NRB).

Copyright © by Ballard Spahr LLP
This article was written by Jacquelyn N. Schell and Charles D. Tobin of Ballard Spahr LLP