The National Law Forum

Department of Education Unveils Proposed Title IX Regulations

On Friday, November 16, 2018, the Department of Education (DOE) released proposed Title IX regulations dictating the process by which colleges and universities must handle allegations of sexual misconduct.

Institutions of higher education have been in limbo since September 2017 when the DOE rescinded Obama-era guidance that called for hard-hitting enforcement of Title IX and issued interim guidance as a placeholder until they could engage in the formal rulemaking process. Today’s proposed regulations, if enacted, will take the place of the DOE’s September 2017 interim guidance. According to the DOE, the new regulations would substantially decrease the number of investigations into complaints of sexual misconduct and save institutions millions over the next decade.

Many of the new regulations deviate significantly from prior guidance. The most significant changes increase the discretion given to universities in crafting procedures for adjudicating Title IX claims within their institutions. The proposed guidance allows universities to choose the applicable evidentiary standard (either “preponderance of the evidence” or “clear and convincing evidence”) in determining responsibility, as long as it is consistent with the standard used in other student disciplinary matters. The new regulations also permit the use of informal resolution processes to resolve sexual misconduct allegations if the parties agree.

Other notable provisions of the proposed regulations include the following:

The definition of “sexual harassment” has been more narrowly defined as “unwelcome conduct on the basis of sex that is so severe, pervasive and objectively offensive that it denies a person access to the school’s education program or activity.”
For purposes of administrative enforcement, universities would be held to a “deliberately indifferent” standard. In other words, to avoid liability, a university with “actual knowledge” of sexual harassment need only respond in a manner that is not “deliberately indifferent.” An institution would be found deliberately indifferent “only if its response to sexual harassment is clearly unreasonable in light of the known circumstances.”
“Actual knowledge” is defined in the proposed regulations as notice of sexual harassment or allegations of sexual harassment provided to an official of the institution “who has the authority to institute corrective measures on behalf of the [institution].” In contrast to prior guidance, this definition excludes most professors, administrators, and staff.
Under the proposed regulations, universities would no longer be allowed to investigate allegations of sexual harassment that occurred off-campus.
The proposed regulations would require universities to provide written notice to a respondent upon receipt of a complaint, which would include a statement that the responding party is presumed to be not responsible for the alleged conduct and that a determination of responsibility will be made at the end of the grievance process.
Live fact-finding hearings would be mandatory for universities under the new regulations. Investigators would also be precluded from serving as factfinders. This would eliminate the use of the single investigator model currently used by many universities.
Universities must permit cross-examination of any party or witness by the opposing party’s advisor, but not by the party him/herself. If a party or witness refuses to submit to cross-examination, that person’s testimony could not be relied on by the fact-finder. The party’s choice of advisor could not be limited by the institution of higher education.
Religious institutions of higher education would no longer be required to seek assurances of exemption from Title IX regulations in advance of a DOE investigation. Under the new regulations, a religious institution of higher education could invoke an exemption to Title IX’s requirements at any time during the investigation.

The new regulations address other topics such as constitutional issues and the intersection between Title IX and Title VII of the Civil Rights Act. They also clarify that, just as an institution’s treatment of a complaining party may constitute discrimination based on sex, an institution’s treatment of the responding party may also constitute discrimination based on sex. Institutions of higher education must continue to comply with all applicable state laws regarding sexual misconduct and sexual misconduct investigations.

Now that the proposed regulations have been published, the public has sixty days to submit comments before the regulations go into effect. The final regulations, however, are likely to closely mirror what has been proposed today, and colleges and universities should act immediately to carefully review their sexual misconduct policies and practices for compliance.

This post was written by Susan D. Friedfel, Monica H. Khetarpal Marla N. Presley Crystal L. Tyler and Hobart J. Webster.

International Sanctions and the Energy Sector – Part 2: Russia

In the second part of this series we explore the EU and the US sanctions that have been imposed against the Russian energy sector.

RUSSIA

Background
The sanctions regimes against Russia were imposed in response to actual or alleged actions by the Russian government. These included the annexation of Crimea and the destabilisation of Ukraine in 2014, plus the alleged malicious cyber activities aimed at interfering with or undermining the 2016 US presidential election.

They initially targeted a number of individuals and companies alleged to be involved in these actions or those close to the Russian government. However, they have since been expanded to include sanctions prohibiting activity in certain sectors of Russia’s economy (in particular its energy industry) and have also targeted a number of the so-called ‘Oligarchs’ and the companies in their control.

More recently, sanctions have been imposed in the wake of the Novichok nerve agent attack in Salisbury, UK.

This article concentrates on the sanctions directly targeting the Russian energy sector.

The EU Sectoral Sanctions
The EU sanctions targeting the Russian energy sector are primarily contained in Council Regulation (EU) No 833/2014 (as amended) (the “EU Regulation”). They seek to inhibit oil exploration and production projects in Russia:

in waters deeper than 150 meters;
in the offshore area north of the Arctic Circle; or
which exploit shale formations by way of hydraulic fracturing.

(the “Targeted Projects”)

The sanctions operate in two key ways. First, by preventing the sale, supply, transfer or export of the items listed in Annex II of the EU Regulation (which includes a number of items that can be used in the exploration or production of oil, for example, drill pipe and casing) by EU persons or from the EU for use in the Targeted Projects.¹ Second, by prohibiting the direct or indirect provision of associated services necessary for the Targeted Projects, including: drilling, well testing, logging and completion services; and supply of specialised floating vessels.²

The EU Regulation also prohibits:

certain dealings, directly or indirectly, with transferable securities and money-market instruments with a maturity exceeding 30 days and issued after 12 September 2014 by, or
the making of loans or credit with a maturity over 30 days to,

certain Russian companies involved in the sale or transportation of crude oil or petroleum products, any non-EU subsidiaries owned 50% or more by them and any person acting on their behalf or at their direction.³ The companies currently listed in the EU Regulation are Rosneft, Transneft and Gazprom Neft.

Finally, the EU Regulation states that prior authorisation is required in respect of the provision of certain assistance or financing related to the items listed in Annex II of the EU Regulation to individuals or entities in Russia or if the items are to be used in Russia.⁴

A separate EU regulation prohibits the sale, supply, transfer or export of certain goods and technology suited for use in the energy sector and for the exploration of oil, gas and mineral resources to Crimea or Sevastopol and any associated assistance of financing.⁵

The EU sanctions apply to anyone within the EU, any EU national or company incorporated in the EU (wherever they may be physically located), and to any business done in whole or in part in the EU.

The US Sectoral Sanctions
The US sanctions targeting the Russian energy sector are primarily contained in Executive Order 13662 (as amended) (the “Order”) and in the Countering America’s Adversaries Through Sanctions Act (“CAATSA”).

The Order applies to “United States persons”.⁶ However, it could also apply to non-US persons in respect of any transaction that causes a US person to violate the Order or causes a violation of the Order to occur in the US.

In similar fashion to the EU Regulation, Directive 4 of the Order seeks to inhibit oil exploration and production from the Targeted Projects. It does this by preventing goods, services (other than financial services), or technology in support of exploration or production from being provided to certain restricted entities and their 50% or more subsidiaries.

However, following the introduction of CAATSA in August 2017, the US sectoral sanctions went a step further than their EU counterparts. In particular, CAATSA extended Directive 4 to include oil projects outside Russia in which the restricted Russian entities have a 33% or greater ownership interest or own the majority of the voting rights. The US sectoral sanctions can therefore impact projects located far from Russian borders.

The Order also attacks the ability of key companies in the Russian energy sector to access the international debt markets. Directive 2 of the Order prohibits new debt with a maturity of more than 60 days being issued to certain entities and their 50% or greater subsidiaries.

CAATSA contains various additional provisions impacting the Russian Energy Sector. In particular, it provides for the:

mandatory imposition of sanctions on non-US persons who knowingly⁷ make a significant investment⁸ in a project intended to extract crude oil from deepwater, Arctic offshore or shale projects in Russia (section 225); and
discretionary imposition of sanctions on a person (not limited to US persons) who knowingly:
1. makes an investment of $1 million or more (or an aggregate value of $5 million or more over a 12‑month period), which directly and significantly contributes to the enhancement of the ability of Russia to construct energy export pipelines; or
2. provides goods, services, technology, information or support to Russia, which could directly and significantly facilitate the maintenance or expansion of the construction, modernisation or repair of energy export pipelines. (section 232)

That section 232 refers to “energy export pipelines” is significant. Unlike the previous sanctions targeting the oil sector, section 232 could be applied to pipelines carrying Russian gas, large amounts of which are imported by the EU.

These additional provisions purport to have extraterritorial effect, which means they are of concern to non-US persons who are otherwise outside the US jurisdiction. Any non-US persons breaching these provisions may become subject to secondary sanctions that would severely restrict their ability to do business with the US and to access the US financial system, and therefore the international financial system.

The Reaction of Energy Companies
The sanctions imposed on the Russian energy sector have received mixed reactions among energy companies. The differences between the EU and US sanctions, most especially the manner in which they are enforced, has led to the perception that US companies are more affected than their European counterparts.

Mostly, however, energy companies have been able to progress their projects unimpeded by the sanctions. This likely reflects the types of projects being progressed in Russia since the sanctions came into force.

The EU and US sectoral sanctions target oil exploration and production from deepwater, Arctic offshore or shale projects in Russia. Such projects are complicated and require the adoption of advanced techniques and technologies. Accordingly, they are typically more expensive than, for example, conventional shallow water or onshore drilling operations. Projects of this nature therefore tend to be uneconomic in periods of lower oil prices, such as those experienced since 2014. For these reasons, it is possible that such projects might not have been pursued since 2014 even in the absence of sanctions.

In fact, Russian oil production has increased from 10.86 million barrels per day in 2014 to 11.23 million barrels per day in 2017, making it the world’s third largest producer in 2017 behind the US and Saudi Arabia.⁹ This is a clear indication that the sanctions have not had a significant impact on the Russian energy sector’s ability to produce crude.

Looking Forward
It is questionable whether the sanctions imposed on Russia’s energy sector have been effective. They have not, it seems, prevented Russia from increasing its production of oil. Neither have they prevented all deepwater, Arctic or shale projects from being progressed. However, with higher oil prices than when the sanctions first took effect, the economics of such projects should become more palatable and Russia may begin to feel the impact of the sanctions to greater extents.

Furthermore, the extraterritorial aspects of CAATSA are likely to begin affecting the appetite of non-US persons to make significant investments in Russian energy export pipelines or in Russian deepwater, Arctic offshore or shale projects. There is also the risk of further sanctions. The US Energy Secretary, Rick Perry, recently indicated that sanctions on the Nord Stream 2 pipeline are possible and that further energy‑related sanctions are planned.¹⁰ In addition, further sanctions on Russia in relation to the Novichok nerve agent attack in Salisbury, UK are expected, although it is not yet clear what form they will take and whether they will target Russia’s energy sector^.11

In the first part of this three part series we considered the impact of President Trump’s decision to re-impose sanctions on Iran’s energy sector with effect from 5 November 2018.

________________________________________________________________

_{¹ Article 3 of the EU Regulation.}

_{² Article 3a of the EU Regulation.}

_{³Articles 5(2) and 5(3) of the EU Regulation.}

_{⁴Article 4.3(a) of the EU Regulation.}

_{⁵Article 2(b) of Regulation EU No 692/2014.}

_{⁶United States persons is defined as “any United States citizen, permanent resident alien, entity organized under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person in the United States” (Section 6(c) of Executive Order 13662).}

_{⁷ “Knowingly” for these purposes means a person who had actual knowledge, or who should have known, of the conduct, circumstance or result.}

_{8Guidance from the US Department of State that whether or not an investment is “significant” will be determined on a case by case basis taking into account inter}_alia_the_{nature and magnitude of the investment and its relation and significance to the Russian Energy Sector.}

_⁹here.

_¹⁰here.

_¹¹here.

This post was written by Robert Meade and Joshua C. Zive of Bracewell LLP.

CFIUS Broadens Coverage of Cross-Border Biotech Transactions

Summary

The Committee on Foreign Investment in the United States recently broadened its coverage of biotechnology transactions via new regulations that became effective on November 10, 2018. This article provides perspectives about how broadly these new rules will affect the biotech industry. All parties to cross-border transactions involving US biotech businesses, whether mere licensing arrangements or full M&A, should carefully consider all US regulatory implications, including application of the new CFIUS rules, US export controls and related requirements. Parties to pending biotech transactions or contemplating future biotech transactions are well advised to take actions.

In Depth

INTRODUCTION

Recent statutory and regulatory enactments have broadened the scope and jurisdiction of the Committee on Foreign Investment in the United States (CFIUS), including its jurisdiction over transactions in the biotechnology industry. This article provides perspectives about how broadly the new CFIUS regulations, which became effective November 10, 2018, will affect cross-border biotech transactions.

The development and growth of the biotechnology industry has spurred a growing volume of cross-border transactions with US life sciences businesses in recent years, involving early stage research companies as well as large pharmaceutical conglomerates. Foreign parties to cross-border biotech transactions have been active and diverse, involving financial and strategic investors and collaborators from Asia, Europe and other regions. Such transactions take a variety of forms, and can be grouped primarily in the following categories:

Controlling investments by foreign entities, such as acquisitions of a majority or more of equity or assets of US biotech companies;
Joint ventures between US and foreign entities to which US biotech companies contribute assets and/or intellectual property;
Non-controlling investments by foreign entities in US biotech companies with or without outbound licenses and/or options to acquire future equity interests or assets; and
Straightforward technology licenses granted by US biotech companies to foreign entities without corresponding equity interests issued in US companies.

How many of the foregoing types of transactions are now subject to the broadened jurisdiction of CFIUS? This On the Subject addresses the effect of recent CFIUS regulations on different types of cross-border biotech transactions.

FIRRMA AND BROADENED JURISDICTION OF CFIUS

CFIUS is a federal interagency committee chaired by the US Treasury Department (Treasury) that is charged with reviewing and addressing any adverse implications for US national security posed by foreign investments in US businesses. For background on the fundamentals of the CFIUS process and recent developments, see here, here and here.

As biotechnology entities generally focus on researching and finding therapeutics and diagnostics for diseases and saving patients’ lives, this industry has spurred very little concern for US national security outside of limited areas of bioterrorism and toxins. CFIUS review procedures were largely irrelevant for parties to cross-border biotech transactions. Under the voluntary CFIUS notification rules, parties to very few biotech transactions involving foreign acquirers notified CFIUS and sought CFIUS’s review and clearance of their deals. This may significantly change with the recent enactment of the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) in August 2018.

Prior to the enactment of FIRRMA, CFIUS was authorized to review the national security implications of only transactions that could result in control of a US business by a foreign person. FIRRMA expanded the scope of transactions subject to CFIUS’s review to include certain foreign investments in US businesses even in cases where the investment does not result in a controlling interest and imposedmandatory reporting requirements for certain transactions.

On October 10, 2018, Treasury issued new interim rules to implement FIRRMA, establishing a temporary “Pilot Program” that includes a mandatory declaration process. The Pilot Program went into effect on November 10, 2018, and will end no later than March 5, 2020. The interim rules specify 27 industries for focused attention under the Pilot Program, including Nanotechnology (NAICS Code: 541713) and Biotechnology (NAICS Code: 541714), as follows:

Research and Development in Nanotechnology
NAICS Code: 541713

“This U.S. industry comprises establishments primarily engaged in conducting nanotechnology research and experimental development. Nanotechnology research and experimental development involves the study of matter at the nanoscale (i.e., a scale of about 1 to 100 nanometers). This research and development in nanotechnology may result in development of new nanotechnology processes or in prototypes of new or altered materials and/or products that may be reproduced, utilized, or implemented by various industries.”

Such establishments include “Nanobiotechnologies research and experimental development laboratories.”

Research and Development in Biotechnology (except Nanobiotechnology)
NAICS Code: 541714

“This US industry comprises establishments primarily engaged in conducting biotechnology (except nanobiotechnology) research and experimental development. Biotechnology (except nanobiotechnology) research and experimental development involves the study of the use of microorganisms and cellular and biomolecular processes to develop or alter living or non-living materials. This research and development in biotechnology (except nanobiotechnology) may result in development of new biotechnology (except nanobiotechnology) processes or in prototypes of new or genetically-altered products that may be reproduced, utilized, or implemented by various industries.”

The new Pilot Program rules could directly affect parties to multiple cross-border biotech industry transactions, whether they are potential target companies, investors or acquirers. Mandatory, not voluntary, filings with CFIUS will be required for controlling and non-controlling investments that fall within the definition of “Pilot Program Covered Transactions,” and violations of the new rules could result in substantial penalties.

EFFECT ON CROSS-BORDER TRANSACTIONS IN BIOTECH SECTOR

PILOT PROGRAM COVERED TRANSACTIONS

The Pilot Program requires that parties to a “pilot program covered transaction” notify CFIUS of the transaction by either submitting an abbreviated declaration or filing a full written notice.

A “pilot program covered transaction” means either of the following:

1. Any non-controlling investment, direct or indirect, by a foreign person in an unaffiliated “pilot program US business” that affords the foreign person the following (a “pilot program covered investment”):

Access to any material nonpublic technical information in the possession of the target US business;
Membership or observer rights on the board of directors or equivalent governing body of the US business, or the right to nominate an individual to a position on the board of directors or equivalent governing body of the US business; or
Any involvement, other than through voting of shares, in substantive decision-making of the US business regarding the use, development, acquisition or release of critical technology.

As it relates to the biotech sector, the term “pilot program US business” means any US business that produces, designs, tests, manufactures, fabricates or develops one or more “critical technologies” either used in connection with, or designed specifically for use in, the biotechnology industry and/or nanobiotechnology industry. The determining factor is “critical technologies.”

An “unaffiliated” pilot program US business is defined as a “pilot program US business” in which the foreign investor does not directly hold more than 50 percent of outstanding voting interest or have the right to appoint more than half of the members of the board or equivalent governing body.

2. Any transaction by or with any foreign person that could result in foreign control of a “pilot program US business,” including such a transaction carried out through a joint venture.

By contrast, an investment by a foreign person in a US biotech company that does not produce, design, test, manufacture, fabricate or develop one or more “critical technologies” is not a “pilot program covered transaction.”

As it relates to the biotech industry, the term “critical technologies” under the Pilot Program may include:

Civilian/military dual-use technologies subject to Export Administration Regulations (EAR) that are relating to national security, chemical and biological weapons proliferation, nuclear nonproliferation or missile technology, excluding, for instance, “EAR99” items (i.e., those not covered by a specific Export Classification Control Number in the EAR);
Select agents and toxins; and
“Emerging and foundational technologies” controlled pursuant to section 1758 of the Export Control Reform Act of 2018 (the definition of which is forthcoming from the Department of Commerce).

Because most biotech products and technologies are classified as EAR 99 or are not otherwise subject to existing US export license requirements, a US biotech company (not involved with select agents and toxins) would fall under the “pilot program US business” category when one or more technologies such US biotech company produces, designs, tests, manufactures, fabricates or develops are covered in the to-be-released definition of “emerging and foundational technologies,” which are sensitive and innovation technologies not currently subject to export controls but deemed important for US economic security and technological leadership. Industry observers predict that such definition will likely encompass certain biopharmaceuticals, biomaterials, advanced medical devices, and new vaccines and drugs, because some of these have been the subject of recent economic espionage efforts from groups in select countries such as China and Russia.

The US Commerce Department’s Bureau of Industry and Security (BIS) is expected soon to announce an advance notice of proposed rulemaking, inviting public comments on the development of the scope of such “emerging and foundational technologies.” Interested members of the US biotech industry should monitor and/or participate in this rulemaking procedure, which will define the scope of these new controls. Until new rules defining “emerging and foundational technologies” are issued, many in the biotech industry are expected to take a conservative approach in treating a broad range of biotechnology as potentially within the scope of “emerging and foundational technologies” for CFIUS purposes.

PRACTICAL IMPLICATIONS FOR DIFFERENT TYPES OF TRANSACTIONS

Controlling Investments by Foreign Persons

As discussed above, the Pilot Program applies to “any transaction by and with any foreign person that could result in foreign control of any pilot program US business, including such a transaction carried out through a joint venture.” Thus, parties to a controlling investment by a foreign entity in a US biotech company which is a “pilot program US business” are required to submit a declaration to CFIUS.

It is important to note that the CFIUS regulations define “US business,” “control” and “foreign person” very broadly. Such broad definitions could subject even transactions between two non-US entities to the jurisdiction of CFIUS, at least to the extent their venture involves any US business.

CFIUS regulations define a “US business” to include any entity engaged in interstate commerce in the United States, regardless of who owns it or where it is formed or headquartered. This broad definition authorizes CFIUS to review investments by a foreign business (e.g., a Chinese company) in another foreign business (e.g., a German target company) to the extent the deal involves elements of the foreign target company which is engaged in US interstate commerce, such as a US subsidiary or sales office. In other words, an investment or M&A transaction between two non-US biotech companies could be subject to CFIUS review if there are US business activities that will be controlled by the foreign company post-closing.

The CFIUS rules define “control” to mean the power to determine, direct, take, reach or cause decisions regarding important matters of a US business through the ownership of a majority or a “dominant minority” of the voting shares, board representation, proxy voting or contractual arrangements.

Under the CFIUS regulations, the term “foreign person” includes any entity over which a foreign national, foreign government or foreign entity exercises, or has the power to exercise control, (including a foreign-owned US subsidiary or investment fund). In contrast to a US citizen, a US permanent resident visa holder (i.e., green card holder) is a foreign national under the CFIUS regulations. Hence, a company formed as a Delaware corporation or Delaware limited liability company, which is controlled by green card holders, is also a foreign person for CFIUS purposes. An investment by such a Delaware company into a US biotech company will need to be analyzed under the new CFIUS regulations.

The Pilot Program applies to investments by any foreign investor, regardless of the investor’s country, and there are currently no exemptions. FIRRMA provides that CFIUS “may consider” whether a covered transaction involves a country of “special concern” for US national security, and practitioners generally expect CFIUS will consider the countries of foreign investors and will place heightened scrutiny on select countries, particularly if there is government involvement. However, the new regulations themselves do not establish different treatment for different countries, e.g., China, Canada, France or Germany.

Non-Controlling Direct Investments by Foreign Strategic Investors or Foreign Investment Funds

A large number of recent biotech deals take the form of a non-controlling investment, for example, a 5 – 15 percent investment, directly by a foreign strategic investor (e.g., foreign pharmaceutical companies) or by a foreign venture capital or private equity fund in a US biotech business. In some cases, the investment is coupled with, or conditioned upon, a grant by the US biotech business to such foreign strategic investor or its affiliate of an exclusive license of the former’s intellectual property for a particular geographic territory. A typical provision in such investment transactions entitles the investor to serve as, or nominate, a director or observer on the board. Assuming other features of the deal satisfy the new CFIUS regulations, this common transaction term would now trigger a mandatory CFIUS declaration filing whenever such rights are granted to a foreign investor.

Even non-controlling investments with no rights to a board seat or board observer status could be a “pilot program covered investment” subject to the mandatory filing requirement if the investment involves access for the foreign investors to material non-public technological data and scientific findings. The term “material nonpublic technical information” means “information that is not available in the public domain, and is necessary to design, fabricate, develop, test, produce, or manufacture critical technologies, including process, techniques, or methods,” and does not include “financial information regarding the performance of an entity.” Access to such information is common for biotech investors, precisely because of the need for parties to any biotech deal to focus on the business’s underlying science. For both controlling and non-controlling investments, the ability to undertake careful diligence inquiries into underlying key technologies and scientific findings of biotechnology company targets is critical, especially with respect to the targets that are pre-revenue businesses. When such data and information are not yet patented or published in patent applications or other published scientific literatures, the access by a foreign investor to them in a non-controlling investment would make the transaction fall within the definition of a “pilot program covered investment.”

The CFIUS regulations define the term “investment” to mean the acquisition of equity interests, including not only voting securities, but also contingent equity interests, which are financial instruments or rights that currently do not entitle their holders to voting rights, but are convertible into equity interests with voting rights. For example, if a foreign investor is granted a warrant, option or right of first refusal to obtain additional equity interest in a “pilot program US business,” future exercise of the warrant, option or the right of first refusal should be analyzed to assess whether a declaration must be filed with CFIUS and whether CFIUS might find any US national security implications.

Indirect Investments by Foreign Persons via US Investment Funds

The Pilot Program rules establish an exemption from the mandatory declaration requirement for certain passive investments in US businesses made through investment funds. If a foreign investor makes an investment indirectly through a US-managed investment fund in a “pilot program US business,” such an indirect investment will not constitute a covered transaction under the Pilot Program and will not be subject to CFIUS review, even if it affords the foreign person membership as a limited partner or a seat on an advisory board or investment committee of the fund, provided that the following conditions are satisfied:

The fund is managed exclusively by a general partner, managing partner or equivalent who is not the foreign person;
The advisory board or investment committee does not have the ability to approve, disapprove or otherwise control (i) investment decisions or (ii) decisions by the general partner (or equivalent) related to entities in which the fund is invested;
The foreign person does not otherwise have the ability to control the fund, including authority to (i) approve or control investment decisions; (ii) unilaterally approve or control decisions by the general partner (or equivalent) related to entities in which the fund is invested; or (iii) unilaterally dismiss, select or determine the compensation of the general partner (or equivalent); and
The foreign person does not have access to material nonpublic technical information as a result of participation on the advisory board or investment committee.

Private equity funds that have foreign investors, especially foreign sovereign funds, as their limited partners, should carefully review their existing contractual arrangements with their foreign investors, as well as the ownership and control of general partners of such funds, to determine whether this “safe harbor” exemption applies to them.

Follow-On Investments

For any transaction that is not subject to the Pilot Program because it was completed before the effective date of the new rules (November 10, 2018), it is important to note that future investments by the same foreign investor may trigger the Pilot Program’s mandatory declaration requirement and should be reviewed for CFIUS implications earlier than 45 days in advance of such new investment.

CFIUS’s prior approval of a “pilot program covered investment” does not automatically endorse any subsequent “pilot program covered investment” by the same foreign person in the same US business. For example, if a foreign person acquired a 4 percent, non-controlling interest in a US biotech company that is a “pilot program US business” which was cleared by CFIUS, and then subsequently acquires an additional 6 percent non-controlling interest in the same US biotech company and obtains access to material nonpublic technical information, the parties to such follow-on investment would be required to file with CFIUS again.

Outbound License of US Technologies

Under new CFIUS regulations, outbound licensing of only intellectual property or technology by a US business to a foreign person does not fall within CFIUS’s jurisdiction, unless it also involves the acquisition of, or investments in, a US business or unless such license is a disguised acquisition of a US business or all or substantially all of its assets. Note, however, that if such technology is controlled under the EAR, access to such technology by a foreign person may require a US export license under the EAR.

Any contribution by a US critical technology company of both intellectual property and associated support to a foreign person through any type of arrangement (e.g., outbound licensing agreements) are now regulated under enhanced US export controls. Under US export control regulations, an export license is required to be obtained before a “controlled technology” classified in certain export classifications under the EAR is transferred or released to a foreign person. US businesses must carefully determine the export classification of any technology before transferring or releasing (e.g., pursuant to a licensing agreement) such technology to any foreign person.

THE NEW MANDATORY DECLARATION PROCEDURE

Parties to a “pilot program covered transaction” (i.e., the foreign investor and the US business) must submit to CFIUS an abbreviated declaration or, if preferred, file a full written notice (as provided under previous CFIUS rules and procedures). The filing must be made at least 45 days prior to the expected completion date of the transaction, so that CFIUS has an opportunity to review the transaction. The penalty for failing to file can be up to the entire amount of the investment.

A declaration, at around five pages in anticipated length, is expected to be easier to prepare than the typically much longer joint voluntary notice. CFIUS is preparing to release a declaration form for parties to use. The Pilot Program rules require fairly substantial information in a declaration, including but not limited to the following:

Brief description of the nature of the transaction and its structure (e.g., share purchase, merger, asset purchase)
The percentage of voting interest acquired;
The percentage of economic interest acquired;
Whether the “pilot program US business” has multiple classes of ownership;
The total transaction value;
The expected closing date;
All sources of financing for the transactions;
A list of the addresses or geographic coordinates of all “locations” of the“pilot program US business,” including “headquarters, facilities, and operating locations”; and
A complete organization chart, including information that identifies the name, principal place of business and place of incorporation of the immediate parent, the ultimate parent and each intermediate parent (if any) of each foreign person that is a party to the transaction.

After CFIUS receives a declaration, the CFIUS staff chair will initially assess its completeness and decide whether to accept it as complete. After such acceptance, CFIUS must take action within 30 days. CFIUS may either

Request that the parties file a full written notice;
Inform the parties that CFIUS cannot complete action on the basis of the declaration (and that the parties may file a full written notice);
Initiate a unilateral review of the transaction through an agency notice; or
Notify the parties that CFIUS has approved the transaction.

TAKEAWAYS

All parties to cross-border transactions involving US biotech businesses, whether mere licensing arrangements or full M&A, should carefully consider all US regulatory implications, including application of the new CFIUS rules, US export controls and related requirements. Parties to pending biotech transactions or contemplating future biotech transactions are well advised to:

Analyze at the outset whether the US businesses’ products and technologies are controlled under the US export control regimes and/or fall within the scope of “critical technologies”;
Monitor and participate in the BIS rulemaking procedure for establishing export controls on “emerging” and “foundational” technologies;
Determine well in advance of their transactions if the new Pilot Program rules apply, requiring a mandatory declaration filing and review by CFIUS;
Establish deal terms and conditions with a full understanding of how the various US requirements apply; and
Monitor continuing regulatory developments, as the new CFIUS Pilot Program will be supplanted by final CFIUS regulations to be issued by February 2020.

ARTICLE BY

McDermott Will & Emery

New Report Reveals Sources of Foodborne Illnesses

On November 9, 2018, the Interagency Food Safety Analytics Collaborations (IFSAC) released a report on foodborne illnesses caused by four pathogens. The data in the report, titled, “Foodborne illness source attribution estimates for 2016 for Salmonella, Escherichia coli O157, Listeria monocytogenes, and Campylobacter using multi-year outbreak surveillance data, United States,” came from 1,255 foodborne disease outbreaks that occurred from 1998 through 2016. According to the report:
- Salmonella illnesses came from a wide variety of foods;
- E. coli O157 illnesses were most often linked to Vegetable Row Crops (such as leafy greens) and Beef;
- Listeria monocytogenes illnesses were most often linked to Dairy products and Fruits; and
- Campylobacter illnesses were most often linked to Chicken after removing Dairy outbreaks from the estimates.
The analysis to develop the report involved a method developed by IFSAC to estimate foodborne illness source attribution (see our blog on IFSAC research on how to categorize foods linked to foodborne disease outbreaks). IFSAC includes the Centers for Disease Control and Prevention (CDC), the U.S. Food and Drug Administration (FDA), and the U.S. Department of Agriculture’s Food Safety and Inspection Service (USDA-FSIS).
Each year in the United States, foodborne disease caused by known pathogens results in an estimated 9 million people becoming sick, 56,000 hospitalizations, and 1,300 deaths, according to the report. The pathogens in the report were chosen because of the frequency or severity of the illnesses they cause. CDC estimates that, combined, the four pathogens cause 1.9 million foodborne illnesses in the United States each year. The four pathogens also were selected because targeted interventions can have a major impact in reducing foodborne illness caused by these pathogens.

Food and Drug Law at Keller and Heckman

Keller and Heckman LLP

U.S. Department of Labor Rescinds Guidance Regarding “Side Work” and the FLSA’s Tip Credit in Restaurants

Under the Fair Labor Standards Act (“FLSA”), employers can satisfy their minimum wage obligations to tipped employees by paying them a tipped wage of as low as $2.13 per hour, so long as the employees earn enough in tips to make up the difference between the tipped wage and the full minimum wage. (Other conditions apply that are not important here.) Back in 1988, the U.S. Department of Labor’s Wage and Hour Division amended its Field Operations Handbook, the agency’s internal guidance manual for investigators, to include a new requirement the agency sought to apply to restaurants. Under that then-new guidance, when tipped employees spend more than 20% of their working time on tasks that do not specifically generate tips—tasks such as wiping down tables, filling salt and pepper shakers, and rolling silverware into napkins, duties generally referred to in the industry as “side work”—the employer must pay full minimum wage, rather than the lesser tipped wage, for the side work.

This provision of the Handbook flew largely under the radar for years. This was partly because the Department did not publicize the contents of the Handbook, and party because the Department did not bring enforcement actions premised on a violation of this 20% standard. And historically, virtually nobody in the restaurant industry maintained records specifically segregating hours and minutes spent on tip-generating tasks as compared to side work.

In 2007, a federal district court in Missouri issued a ruling in a class action upholding the validity of the 20% standard, and that decision received an enormous amount of attention and publicity. In the years that followed, a wave of class actions against restaurants flooded the courts across the country, all contending that the restaurants owe the tipped employees extra money because of the Department’s 20% standard in the Handbook.

In January of 2009, in the waning days of the George W. Bush Administration, the Department issued an opinion letter rejecting the 20% standard, superseding the Handbook provision, and stating that there is no limit on the amount of time a tipped employee can spend on side work. Six weeks later, however, in March of 2009, the Obama Administration withdrew that opinion letter. In subsequent years, the Department filed several amicus curiae briefs in pending court cases endorsing the 20% standard, and the Department even modified the Handbook provision to make the requirements even more difficult for employers to satisfy.

In late 2017, a divided three-judge panel of the U.S. Court of Appeals for the Ninth Circuit concluded, in nine consolidated appeals presenting the same issue, that the Department’s 20% standard is not consistent with the FLSA and thus was unlawful. A few months later, however, a divided 11-judge en banc panel of the same court reached the opposite conclusion, ruling by an 8-3 vote that the 20% standard is worthy of deference.

In July of 2018, the Restaurant Law Center, represented by Epstein Becker Green, filed a declaratory judgment action against the Department in federal court in Texas challenging the validity of the 20% standard under the FLSA, the Administrative Procedure Act, and the U.S. Constitution. Roughly a month before the employers’ deadline to file a certiorari petition with the Supreme Court regarding the en banc Ninth Circuit ruling, and just days before the government’s response is due in the Texas litigation, the Department reissued the 2009 opinion letter.

This opinion letter, now designated as FLSA2018-27, once again rejects the 20% standard and clarifies that employers may pay a tipped wage when employees engage in side work so long as the side work occurs contemporaneously with, or in close proximity to, the employees’ normal tip-generating activity. This opinion letter should put an end to the many pending cases, including numerous class actions, that depend on the 20% standard.

The overall take-away for employers is that at least under federal law, side work performed during an employee’s shift, in between tip-generating tasks, should present no concern. The same should be true of side work performed at the start or end of an employee’s shift, so long as the side work does not take too long. An employee coming in fifteen or thirty minutes before the restaurant is open to help get the restaurant ready for the day, followed by the remainder of the shift in which the employee generates tips, seems to be consistent with the new opinion letter. Likewise for employees who spend some time at the end of the shift helping to close the restaurant for the day. But employers should use common sense and good judgment, as having tipped employees spend hours and hours performing side work may still give rise to risks. And it remains important to be aware of any state or local law requirements that may differ from federal law.

This post was written by Paul DeCamp of Epstein Becker & Green, P.C.

Preparing your Company for Discovery with Cloud Faxing

Discovery refers the process by which documents and other material are sought, collected and examined, usually for use as legal evidence in a civil or criminal case.

Organizations that fail to produce discoverable material can face severe penalties, so it is critical that companies have a sufficient infrastructure in place to ensure discovery obligations are met.

For most types of discoverable material — such as emails, invoices, spreadsheets — deploying a document review platform can keep the discovery process quick and inexpensive. But other documents, such as hard copy faxes, can be trickier to manage.

Potential issues with legacy fax records

Traditional desktop fax machines are still commonplace in many office environments. Although fax records in most organizations are stored as hard copies, as far as discovery obligations are concerned, all faxes — whether sent or received — could potentially be discoverable material. Therefore, it is critical that organizations treat fax documents the same as any other types of documents.

But when a discovery request is issued, having to scour through mountains of paper fax records can be time-consuming, tedious and stressful for the staff involved. So how can the process be improved? When it comes to preparing for discovery, there are three routes you can take with regard to your fax review:

1. Take the risk with legacy fax

But by sticking with your legacy fax system, when a discovery request comes in, your organization may not be prepared and could descend into panic — panic that could be avoided.

Such an unmethodical and frantic data recovery process can not only cause huge disruption to staff productivity but could also result in a late response to a discovery request which could lead to regulatory penalties for your organization.

2. Implement a paper-to-electronic fax policy

Your second option is to implement a new ‘paper-to-electronic’ fax archival policy; each time an employee sends or receives a paper fax document, they must file the hard copy in a secure filing system and then scan and save an electronic copy of the fax making sure to include any metadata.

This will create an electronic library of all client-related faxes that is readily available in the event of discovery request.

While this solution avoids the chaos of combing through paper records, it is time-consuming, and its success relies entirely on the attention and care taken by staff members. As such, it is highly vulnerable to human error. One misfiled or incomplete document could jeopardize your discovery process.

3. Adopt a cloud-fax solution

The final option is to trade in your organization’s legacy faxing infrastructure for a fully hosted, cloud fax solution. This will allow your employees to send and receive faxes by email (or from a user-friendly platform), directly from their computers or even their mobile devices.

Many cloud fax systems will automatically save electronic records of faxes sent or received by your organization, along with metadata, in a secure storage base. Therefore, should your company receive a discovery request, you may be able to leverage a cloud fax system to quickly respond while minimizing disruption to your business operation.

Traditional paper-based fax isn’t going away anytime soon, but its days are definitely numbered. For forward-thinking organizations that value efficiency, accuracy, and privacy there’s only one fax solution that is able to offer true peace of mind, and that’s cloud fax.

eFax® is a registered trademark of j2 Cloud Services™, Inc. and j2 Global Holdings Ltd.

This post was written by David Hold of eFax.

2018 MIDTERMS: The Power of Women, Possibility, and Partisan Rancor

The 2018 midterm elections showcased the power of women, both as candidates and as a key voting demographic. The elections represented a new political moment for women candidates who ran and were nominated in record numbers, particularly in the Democratic party. In total, 272 women ran for House, Senate, or Gubernatorial seats this year. This phenomenon is closely linked to the national gender gap of 25 points in favor of Democrats, which played a particularly key role in highly educated suburbs.

Tuesday’s results also illustrate the power of possibility, with voters siding against newly vulnerable incumbents and in favor of anti-establishment candidates across the country. While the ideological middle of both parties was well represented, progressive Democratic candidates like Beto O’Rourke and Andrew Gillum and anti-establishment Republicans Brian Kemp and Kris Kobach still managed to draw considerable attention and support, signaling increasingly credible challenges from the outer wings of both parties.

Additionally, the elections took place on—and in many ways helped stoke—a toxic and perilous political landscape characterized by negative and fear-inspiring advertisements, the long shadow of potential tampering by foreign states, ideologically motivated domestic terror threats, and tense developments with our allies abroad. The partisan rancor shows few signs of abating, especially as the establishment consensus of both parties continues to fray.

U.S. House of Representatives: Democratic Agenda “For the People” … or Anti-Trump Obstructionism?

The House has changed control and Democrats are now in the majority. Gains for Democrats came primarily from suburban districts Hillary Clinton carried in 2016 like Virginia District 10 (Rep. Barbara Comstock’s district), Illinois District 6 (Rep. Peter Roskam’s district), and Kansas District 3 (Rep. Kevin Yoder’s district). Democrats also made gains in heavily Republican suburbs like Virginia District 7, where Abigail Spanberger defeated Tea Party member Rep. David Brat. Democrats entered with an advantage due to the historically high rate of Republican retirements that surrendered the benefits of incumbency in extremely tight races.

Minority Leader Nancy Pelosi (D-CA) looks likely to ascend to the speaker position over prospective progressive and/or younger challengers. Her speakership would occur despite broader divisions in the party between its long-term establishment leadership and a wave of new candidates and elected officials seeking to pull the party left. The position of minority leader is expected to go to Rep. Kevin McCarthy (R-CA), who has been on the inside track since Speaker Paul Ryan (R-WI) announced his retirement. Majority Whip Steve Scalise (R-LA), who has been spirited around the country along with Rep. McCarthy, will also vie for leadership, but is unlikely to pose a major challenge.

The broader change in control also means committee gavels will change hands. It is an open question whether incoming chairs will focus primarily on articulating a new Democratic agenda or on obstructing Trump administration policy goals. Most likely, they will choose a combination of both. Already, the presumptive chairs of two House committees, Energy and Commerce and Oversight and Government Reform—Reps. Frank Pallone (D-NJ) and Elijah Cummings (D-MD), respectively—have indicated they will greatly increase the number and intensity of inquiries into the administration.

The commitments of the ascendant chairman herald an onslaught of oversight across committees, issues, and departments. Committees will likely take particular interest in issues related to the President’s finances, the Mueller investigation, and the affairs of cabinet officials already subject to ethics inquiries. These inquiries will also focus on industries perceived to have aided in the development of controversial regulatory actions, such as the Department of Energy Grid Resiliency Proposal, and recent moves at the Environmental Protection Agency (EPA) and the Bureau of Land Management (BLM) to relax methane regulations.

One major policy focus for House Democrats may be climate change and countering the administration’s narrative on energy and environmental regulations. Minority Leader Pelosi recently indicated she may bring back the Select Committee on Energy Independence and Global Warming that stood from 2007-2011 and assisted with major cap-and-trade legislation in 2009.

In the midst of these investigations, it is possible that both parties could find common cause on a handful of legislative issues, including infrastructure. Bipartisan legislation on any such issue would require a well-crafted compromise to navigate Democrats’ desire to buck the President, and internal divisions among Republicans on issues like infrastructure funding.

U.S. Senate: Statewide Voting Efforts Boost Republican Candidates
As the results stand, Republicans expanded their Senate majority to 54-46. Republicans defended seats in key states like Arizona and managed to defeat vulnerable Democratic incumbents in Missouri, North Dakota, and Indiana. Democrats did, however, make one pickup in Nevada where Jacky Rosen defeated Dean Heller.

Senate Majority Leader Mitch McConnell (R-KY) and Minority Leader Chuck Schumer (D-NY) will continue to lead their respective parties in the 116^th Congress, but both parties are poised to make changes to committee leadership. Specifically, Republicans will select chairs for two key committees: Foreign Relations, currently led by retiring Sen. Bob Corker (R-TN), and Finance, chaired by retiring Sen. Orrin Hatch (R-UT). Leadership is likely to remain constant on committees with energy and environment jurisdiction: Energy and Natural Resources, and Environment and Public Works. If Sen. Bill Nelson (D-FL) goes down to defeat, Democrats will select a new ranking member for the Senate Commerce Committee. The position falls to Sen. Maria Cantwell (D-WA), but since she is the ranking member of the Energy and Natural Resources Committee, the position may instead go to Sen. Amy Klobuchar (D-MN).

The Senate will likely see considerable action on the 182 executive branch nominees and 71 federal judges that have yet to be confirmed. Additionally, the Senate will likely face a number of high-profile nomination fights, with multiple members of the cabinet reported to be considering leaving in the near future, including Attorney General Jeff Sessions, Secretary of Commerce Wilbur Ross, Secretary of the Interior Ryan Zinke, and Secretary of the Treasury Steven Mnuchin. Additionally, the Senate will consider key appointments at EPA and the Federal Energy Regulatory Commission (FERC), including the possible formal nomination of Acting EPA Administrator Andrew Wheeler, as well as a new FERC commissioner.

While room for agreement will be slim, Senators will have to iron out a compromise on certain must-pass issues such as a debt ceiling increase. Additionally, Senators may work together on legislation to address the nation’s opioid crisis, like Sen. Lamar Alexander’s (R-TN) Opioid Crisis Response Act (2018), which passed 99-1. In the energy space, committees of jurisdiction will likely focus on incentivizing energy infrastructure, protecting key assets from cyberattacks, and new technologies in areas like carbon utilization.

And Outside of Washington

Election Day was also important outside of Washington, DC. 36 states held gubernatorial elections this cycle. Democratic pick-ups (a half-dozen or so) are important for policy developments pushed down to the state level in light of the current administration’s approach to cooperative federalism in regulation. Further, governors elected this time around will still be in office as redistricting proceeds in 2021. Thirty states also elected attorneys general (AG), increasingly important on energy, environment, healthcare and other issues affected by multistate litigation. The four flips to newly-minted Democratic AG’s could have impacts on infrastructure and oil and gas issues in states like Michigan and Colorado.

We also were watching state ballot initiatives very closely this cycle, given the profound implications many had on energy issues in particular. In Washington state, the much-watched Initiative 1631 that would have imposed a $15 carbon tax per metric ton (increasing thereafter by $2 per year until 2035 goals were met) failed by 12 points. A ballot initiative requiring Arizona to source 50 percent of its electricity from renewables by 2030 also failed by almost 40 points. While a similar initiative passed in Nevada, it will have to pass again before becoming operative. In addition, a Colorado ballot measure imposing distance requirements on oil and gas development—an effective ban if passed—failed by about 15 points and did not enjoy the support of either nominee for governor. In each case, the regulated community took the ballot measures seriously and addressed them with sophisticated advocacy campaigns—a sign to come as more issues devolve to the state level.

This post was written by Scott H. Segal and Dee Martin of Bracewell LLP.

Law Firm Security: Privacy & Data Security Laws that Affect Your Law Firm

At this point in the cybersecurity game, it’s a given that to prevent a breach, law firms must take every precaution to protect its data as well as the valuable data of its clients. What may not be as clear are the obligations that law firms, or any other third party, owe to certain organizations via industry-specific privacy and data security laws and regulations. These are put in place by foundations, government laws, and agency policies to ensure that they are not vulnerable to cybersecurity attacks.

Privacy and Data Security Laws and Regulations

Although there are many organizations that are subject to these laws, this article will address the most high-profile organizations, including the following:

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA applies to covered entities such as health plans, health care clearinghouses and certain health care providers. Because these entities do not operate in a vacuum and often rely on the services of third-party businesses, there are provisions that allow these entities to share information with business associates and law firms.

A business associate “is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity,” according to the U.S. Department of Health & Human Services website.

Before information is shared with a business associate, the entity must first receive satisfactory assurances that the information will only be used for the purposes for which it was obtained, that the information will be safeguarded and that the information will help the covered entity to perform its duties. The satisfactory assurances must be in writing to ensure compliance with privacy and data security laws.

Gramm Leach Bliley Act (GLBA)

The GLBA was enacted to require financial institutions to explain their information-sharing practices to their customers and to safeguard vulnerable customer data from a security breach.

Under the Safeguards Rule of the GLBA, all financial institutions must protect consumer collected information from a security breach. Usually, data collected includes names, addresses and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers.

Further, financial institutions are required to ensure that parties with whom they are doing business must also be able to safeguard data with which they have been entrusted, such as law firms. Financial institutions must “select service providers that can maintain appropriate safeguards. Make sure your contract requires them to maintain safeguards, and oversee their handling of customer information,” according to the FTC website to ensure compliance of privacy and data security laws.

The FTC provides a detailed list of tips that financial institutions, as well as third-parties, can use to set up a strong security system to prevent a data breach of a customer’s information.

Payment Card Industry Data Security Standard (PCI-DSS)

The PCI was founded by American Express, Discover Financial Services, JCB International, MasterCard, and Visa, Inc. with the intent to “develop, enhance, disseminate and assist with the understanding of security standards for payment account security,” according to its website.

The standards apply to all entities that store, process or transmit cardholder data. This would include law firms, of course. The website lists 12 requirements that must be maintained, including:

Install and maintain a firewall configuration to protect cardholder data.
Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect stored cardholder data.
Encrypt transmission of cardholder data across open, public networks.
Use and regularly update anti-virus software or programs.
Develop and maintain secure systems and applications.
Restrict access to cardholder data by business need-to-know.
Assign a unique ID to each person with computer access.
Restrict physical access to cardholder data.
Track and monitor all access to network resources and cardholder data.
Regularly test security systems and processes.
Maintain a policy that addresses privacy and data security laws and regulations for employees and contractors.

Federal Reserve System

The Federal Reserve System issued the Guidance on Managing Outsourcing Risk publication to address concerns about third-party vendors or service providers and the risks of a data breach. The Federal Reserve defines service provider as, “all entities that have entered into a contractual relationship with a financial institution to provide business functions or activities.”

The publication indicates that a financial institution should treat the service provider risk management program commensurate with the level of risk presented by each service provider. “It should focus on outsourced activities that have a substantial impact on a financial institution’s financial condition; are critical to the institution’s ongoing operations; involve sensitive customer information or new bank products or services; or pose material compliance risk,” according to the publication.

An effective program should include the following:

Risk assessments;
Due diligence and selection of service providers;
Contract provisions and considerations;
Incentive compensation review;
Oversight and monitoring of service providers; and
Business continuity and contingency plans.

Federal Deposit Insurance Corporation (FDIC)

The FDIC issued a Guidance for Managing Third-Party Risk where the agency makes clear that an institution’s board of directors and senior management are responsible for the activities and risks associated with third-party vendors. This includes a breach into a third-party’s system. Among other third-party organizations, the publication lists significant organizations where “the relationship has a material effect on the institution’s revenues or expenses; the third party performs critical functions; the third-party stores, accesses, transmits, or performs transactions on sensitive customer information.” All of these could involve law firms that work with financial institutions.

The publication summarizes risks that third-party entities may pose, including strategic risk, reputations risk, operational risk, transaction risk, credit risk, compliance risk, and other risks. It also summarizes a risk management process, which includes the following elements of (1) risk assessment, (2) due diligence in selecting a third party, (3) contract structuring and review, and (4) oversight.

Conclusion

Being a third-party cybersecurity risk may be foreign territory to most law firms. But many organizations have in place privacy and data security laws and regulations to protect systems that could be vulnerable to a cybersecurity breach. It behooves law firms to be aware of these laws and regulations to be able to implement the laws and regulations as thoroughly and as expeditiously as possible.

ARTICLE BY:

Jaliz Maldonado

PracticePanther

#MeToo Movement Inspires Avalanche of New Laws Affecting California Employers

On September 30, 2018, Governor Jerry Brown signed several bills that will affect California employers. The following summarizes key aspects of these new laws. Unless otherwise noted, the new laws are effective January 1, 2019.

Major Changes to the Definition of “Hostile Work Environment” Harassment

Senate Bill (“SB”) 1300 significantly expands the circumstances in which hostile work environment harassment may be found to exist by rejecting the “severe or pervasive” standard developed and refined over several decades by California courts. Harassment is redefined to encompass a broad spectrum of conduct, specifically:

“Harassment creates a hostile, offensive, oppressive, or intimidating work environment and deprives victims of their statutory right to work in a place free of discrimination when the harassing conduct sufficiently offends, humiliates, distresses, or intrudes upon its victim, so as to disrupt the victim’s emotional tranquility in the workplace, affect the victim’s ability to perform the job as usual, or otherwise interfere with and undermine the victim’s personal sense of well-being.”

Government Code Section 12923, which declares the Legislature’s intent in enacting the new law, will provide guidance about what types of evidence will be sufficient to establish a harassment claim. It states that employees are no longer required to prove that their productivity has declined as a result of harassment. Now, they only need to show that the harassment made it “more difficult” for them to do their job. Even a “single incident of harassing conduct” is now sufficient to create a triable issue of fact, allowing a case to go to a jury. Furthermore, a single remark made by someone unconnected to a termination decision can be circumstantial evidence of discrimination. Finally, the Legislature made it clear that harassment cases are “rarely” appropriate for dismissal at the summary judgment stage.

Employers can be held liable for all forms of harassment – not just sexual harassment – directed at employees by non-employees, such as clients or vendors. This includes harassment based on race, national origin, religion, and other protected characteristics.

Finally, if an employer wins a sexual harassment lawsuit, it cannot recover attorney’s fees and costs unless it can prove that the plaintiff’s action was “frivolous, unreasonable, or groundless” either when filed or after it clearly became so.

Restrictions on Releases and Non-Disparagement Agreements

SB 1300 also prohibits employers from requiring a release of harassment, discrimination, or retaliation claims or to sign a non-disparagement agreement that purports to prevent disclosure of information about unlawful acts in the workplace, if the release is required to get a job, stay employed, or receive a raise or bonus. This does not apply to a negotiated settlement to resolve a claim filed in court, with government agencies, in arbitration, or through an employer’s internal complaint process, provided that the employee has an attorney or an opportunity to retain one.

Extended Statute of Limitations for Sexual Assault

The California Legislature lengthened from three years to ten years the statute of limitations for sexual assault claims. Under Assembly Bill (“AB”) 1619, a plaintiff may now bring a civil action for sexual assault within the later of “[ten] years from the date of the last act, attempted act, or assault with the intent to commit an act, of sexual assault by the defendant against the plaintiff” or “[w]ithin three years from the date the plaintiff discovers or reasonably should have discovered that an injury or illness resulted” from the defendant’s act.

Restrictions on Confidentiality and Testimony Provisions in Settlement Agreements

SB 820 prohibits settlement agreements that restrict plaintiffs from disclosing factual information about harassment claims in judicial proceedings. The bill does not, however, prohibit settlement provisions restricting disclosure of settlement amounts. Furthermore, a provision that shields the identity of a claimant may be included in a settlement agreement at the request of the claimant, unless a government agency or public official is a party to the agreement.

AB 3109 voids settlements that waive the right to testify regarding criminal conduct or sexual harassment, when the party has been required or requested to attend a proceeding by court order, subpoena, or other government request.

Enhanced Protection from Defamation

AB 2770 enhances protections from defamation claims made against sexual harassment claimants and employers that investigate such complaints. Three types of statements are privileged: 1) employee complaints of sexual harassment made without malice and supported by credible evidence; 2) communications made without malice between an employer and other interested persons regarding a sexual harassment complaint; and 3) answers provided without malice by a current or former employer in response to questions from a prospective employer regarding whether the current or former employer would rehire an employee, and whether the decision not to rehire is based on a determination that the former employee engaged in sexual harassment.

Broadened Definition of Non-Employment Related Harassment

SB 224 significantly expands sexual harassment claims in business, service, and professional relationships under California Civil Code Section 51.9. Going beyond the prior definition, which applied to physicians, attorneys, trustees, landlords, and other similar relationships, the law now prohibits harassment by individuals who “hold themselves out as being able to help the plaintiff establish a business, service, or professional relationship with the defendant or a third party.” Examples include investors, elected officials, lobbyists, directors, and producers.

The law also reduces the burden to establish a claim, removing the previous requirement that a plaintiff establish that he or she was “unable to easily terminate the relationship.” The law also allows the California Department of Fair Employment and Housing (“DFEH”) to prosecute non-employment based sexual harassment claims, and makes it unlawful to “deny or aid, incite, or conspire in the denial of rights of persons related to sexual harassment actions.”

Expanded Anti-Harassment Training

Under existing law, employers with fifty or more employees were required to provide two hours of anti-harassment training to supervisory employees every two years. Under SB 1343, any employer with five or more employees, including temporary and seasonal workers, must provide two hours of anti-harassment training to supervisors and one hour of training to non-supervisors by January 1, 2020, and then once every two years thereafter. The bill also requires the DFEH to develop these courses and to post them online.

Corporate Boards of Publicly Held Corporations Must Include Female Representatives

SB 826 requires all publicly-held domestic and foreign corporations with principal executive offices in California to have at least one female on their boards by the end of 2019. By the end of 2021, the minimum increases to one female for boards with four or fewer members, two females for boards with five members, and three females for boards with six or more members. “Female” refers to an individual’s gender identification, not designated sex at birth.

The bill directs the Secretary of State to publish online reports documenting compliance. In addition, the Secretary of State may issue fines of $100,000 for failure to file board member information, $100,000 for the first violation of the member requirement, and $300,000 for subsequent violations. Each position not appropriately filled constitutes a separate violation.

Salary History Ban and Pay Scale Disclosure Guidance

Labor Code Section 432.3, enacted in January 2018, requires employers to provide applicants, upon request, with the pay scale for a position. It also prohibits employers from asking about or relying on prior salary in hiring or compensation.

An amendment to this bill enacted in July 2018 provides some necessary clarifications. It defines “pay scale” as a “salary or hourly wage range,” and it clarifies that the salary history ban and pay scale requirement do not apply to current employees. It also explains that employers are not required to provide pay scale information until after the initial interview. Employers are also allowed to ask about salary expectations. Finally, it allows employers to make compensation decisions based on existing salaries, so long as any differential is justified by a bona-fide factor such as seniority or merit.

Limitations on Criminal History Inquiries

Existing law restricts employers from considering applicants’ and employees’ judicially dismissed or sealed convictions or participation in pretrial or post-trial diversion programs. SB 1412 narrows the scope of an exception to this general rule. The bill permits employers to seek information from the applicant or other sources only about an applicant’s “particular conviction,” rather than a “conviction” generally.

An employer may inquire about a “particular” conviction only if: 1) the employer is legally required to obtain information regarding the conviction; 2) the applicant would be required to possess or use a firearm; 3) an individual with that conviction is legally prohibited from holding the position; or 4) the employer is legally prohibited from hiring an applicant with that conviction.

The employer may inquire about the particular conviction under these circumstances even if it has been expunged, sealed, statutorily eradicated, or judicially dismissed. The law further states that it does not prohibit an employer from conducting criminal background checks or restricting employment based on criminal history when legally required to do so.

Paid Family Leave for Active Duty Families

SB 1123 extends California’s paid family leave program to families with members on active duty in the armed forces. Beginning on January 1, 2021, an individual may take up to six weeks of paid family leave a year when participating in a qualifying exigency related to the covered active duty or call to covered active duty of the individual’s spouse, domestic partner, child, or parent.

Employment Record Inspection Rights

SB 1252 provides guidance regarding requests to inspect employment records. Employees have a right to receive a copy of their records, not merely inspect or copy them. An employer must deliver a copy within 21 days, and may charge the cost of reproduction to the employee. An employer who fails to provide an employee with a copy of his or her employment records within the 21-day time period will be subject to a $750 fine.

Expanded Lactation Accommodation Requirements

AB 1976 expands the existing lactation accommodation standards to now require that employers create a permanent lactation location in an area other than a bathroom. Before this change, employers were required to provide only an area other than a toilet stall. Employers may create a temporary location if they can demonstrate: 1) an inability to provide a permanent location due to operational, financial, or spatial constraints; 2) the temporary location is private and free from intrusion when needed for lactation; 3) the temporary location is only for lactation purposes when needed for that purpose; and 4) the temporary location otherwise meets state law requirements. If the requirements would create an “undue hardship”, however, the employer must make “reasonable efforts” to provide the employee with an area other than a toilet stall that is in close proximity to the employee’s work area where the employee can express milk in private.

California Construction Employers Temporarily Protected from PAGA Suits

California construction workers will no longer be able to bring suit against their employers under the Private Attorneys General Act of 2004 (“PAGA”) if they work under a collective bargaining agreement that meets certain requirements provided in AB 1654. To qualify, the agreement must: 1) provide for the wages, hours of work, and working conditions of employees, premium wage rates for all overtime hours worked, and for employees to receive a regular hourly pay rate of not less than 30 percent more than the state minimum wage rate; 2) provide for a grievance and binding arbitration procedure to redress labor code violations; 3) expressly waive PAGA’s requirements in clear and unambiguous terms; and 4) authorize the arbitrator to award any and all remedies available under law. This exception expires on the earlier of the collective bargaining agreement’s expiration date or the statute’s repeal date of January 1, 2028.

Petroleum Industry Employee Rest Breaks May be Interrupted

Although California law prohibits employers from requiring employees to work during their meal, rest, or recovery periods, AB 2605 creates an exception for certain workers in the petroleum industry who are covered by a qualifying collective bargaining agreement. Under this provision, employers may interrupt rest breaks taken by employees who hold safety-sensitive positions at petroleum facilities from their duties, to the extent the employee is required to carry and monitor a communication device and respond to emergencies or is required to remain on employer premises to monitor the premises and respond to emergencies. If a rest break is interrupted, an employer must promptly provide an additional rest break. If a rest break cannot be provided, the employer must pay the employee an hour of pay. This bill became effective immediately when it was signed by Governor Brown on September 20, 2018, and it will remain effective until the section is repealed in January 1, 2021.

Suggested Actions

In light of these changes, California employers should consider taking the following actions:

Train managers, recruiters, human resource professionals, and other relevant staff regarding these new requirements and restrictions.
Educate all employees, especially supervisory employees, about laws prohibiting harassment, including SB 1300’s expanded definition of harassment, and train employees on how to appropriately respond to complaints of harassment.
Update policies, procedures, and agreements in light of SB 1300’s new restrictions on non-disparagement agreements and releases and SB 820’s and AB 3109’s restrictions on confidentiality provisions in settlement agreements.
Update training policies, procedures, and materials to comply with SB 1343’s expanded requirements for sexual harassment training for all employees.
Consider updating procedures and policies regarding employment references to third parties to permit disclosures regarding eligibility for rehire. Employers should designate a single person or a human resources professional to provide references in order to ensure that disclosures fall within AB 2770’s defamation privilege.
Begin planning for SB 826’s requirements for female representation on corporate boards.
Ensure that application forms, candidate questionnaires, interview outlines and scripts, and other screening and hiring materials omit inquiries regarding salary history and inquiries regarding criminal history, consistent with applicable law.
Prepare policies and procedures for complying with the salary history ban’s pay scale disclosure requirements. Such policies and procedures should comply with the requirements described above.
Consider asking applicants about their salary expectations, rather than salary history. If an employee voluntarily offers salary information, contemporaneously document that the employee introduced the information into the discussion.
Review criminal history screening policies, procedures, and forms to ensure compliance with the restrictions on criminal history inquiries. Prepare policies for dealing with criminal history to avoid ad hoc decision-making by managers and consider involving human resource professionals.
Contemporaneously document any individualized assessments regarding an applicant’s suitability for employment based on criminal history information.
Update written policies regarding qualifying exigencies related to military service.
Ensure policies for responding to employee requests for records; permit employees to obtain copies of such records.
Ensure that there is an available space for lactation in the workplace that complies with the new requirements.
Reach out to us if you have any questions, concerns, or need guidance with respect to these new laws or your company’s obligations to comply with them.

This post was written by Spencer Hamer and Catherine C. Smith of K&L Gates.

Making Your Employees’ Votes Count: Employer Obligations on Election Day

With just days to go before the 2018 midterm elections, candidates are sending out their final pleas for voters’ endorsements and employers are taking steps to ensure that their employees have the ability to voice their choice. According to electionday.org, nearly 60% of voting-eligible Americans did not vote in the last midterm elections, with 35% of those nonvoters reporting that “scheduling conflicts with work or school” kept them from getting to the polls.

So, what are employers’ obligations to employees when it comes to getting out to vote? Federal law does not require employers to provide workers with time off to vote, though it does generally protect an employee’s right to vote by prohibiting interference with the voting process. The majority of states (nearly 60%), however, have laws on the books that provide some level of protection to employees who need to take time off work in order to cast their vote. The laws vary state-by-state – some states simply require an employer to allow an employee “sufficient” unpaid leave time to vote, while other states mandate 2-4 consecutive non-working hours of paid leave to vote. In states with laws requiring employers to allow employees time off to vote, they apply to both public and private employers, and the majority of these state laws require that employees be paid for at least a portion of any such voting leave.

In order to ensure compliance with various state laws, employers should consider the following practices:

Maintaining voting leave policies that are compliant with the laws in all states/localities in which the company operates;
Training managers on the applicable voting laws and any policies in advance of any major elections – particularly if they manage non-exempt employees;
Providing employees anywhere between 2-4 hours of paid or unpaid time off at the beginning or end of a shift for voting leave in certain circumstances (typically where the employees’ daily schedule would not allow them a block of 2-4 consecutive non-working hours between the opening and closing of the polls to vote);
Scheduling employees’ work hours on election days so that every employee will have the opportunity to exercise their right to vote;
Allowing employees to vote during the first two hours in which polls are open in the state;
Posting notices in the workplace reminding employees that they have the right to use time off to vote (note that such posted notices are required by some states, including California and New York); and
Requiring employees to provide reasonable notice (anywhere from 1-7 days, depending on the applicable law) of their intention to take time off to vote.

At a minimum, employers should ensure they are in compliance with any state or local voting leave laws applicable to their locations. Some of those laws are very detailed (time off can vary based on the mileage between a voter’s place of employment and their designated polling location; some laws apply only to employees in certain industries) while others are much more generic in scope (requiring employers to allow “reasonable” or “sufficient” time off, or “encouraging” employers to allow time off, but setting no specific rules). In order to prevent abuse, some state laws require proof of voting before an employer is obligated to make a payment for voting leave, and many require that employees provide some level of advance notice that they will be taking time off to vote. In many states, failure to comply with the applicable laws can subject employers to the possibility of criminal or civil penalties.

Even in states where the law does not mandate employee time off to vote, best practice for employers is to provide some base level of paid time off to employees to vote. For employers operating in multiple states, maintaining one policy that complies with the most favorable of all of the states’ laws where the company is located is advisable. In addition, employers will be well-served by training managers on any company voting leave policy well in advance of any major election in order to ensure that employees are aware of the policy and that managers know how to apply it.

In preparation for next week, employers should review their existing voting leave policies to ensure compliance with applicable laws. Employers without voting leave policies should analyze the potential barriers their employees face in getting to the polls, determine the legal requirements of the states in which they operate and implement a policy that is compliant with the applicable laws and meets the company’s operational needs. Employers should also treat time off for early voting the same way they do Election Day voting, document employees’ requests for time off to vote, direct non-exempt employees to record their time appropriately, and maintain a record of voting leave. In addition, employers can be proactive by adding Election Day to the work calendar and having managers remind employees that the company encourages employees to use their time to vote.

Employment, Labor & Benefits at Mintz Levin

Share this:

Like this:

RUSSIA

Share this:

Like this:

Summary

In Depth

INTRODUCTION

FIRRMA AND BROADENED JURISDICTION OF CFIUS

EFFECT ON CROSS-BORDER TRANSACTIONS IN BIOTECH SECTOR

PILOT PROGRAM COVERED TRANSACTIONS

PRACTICAL IMPLICATIONS FOR DIFFERENT TYPES OF TRANSACTIONS

Controlling Investments by Foreign Persons

Non-Controlling Direct Investments by Foreign Strategic Investors or Foreign Investment Funds

Indirect Investments by Foreign Persons via US Investment Funds

Follow-On Investments

Outbound License of US Technologies

THE NEW MANDATORY DECLARATION PROCEDURE

TAKEAWAYS

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Potential issues with legacy fax records

1. Take the risk with legacy fax

2. Implement a paper-to-electronic fax policy

3. Adopt a cloud-fax solution

Share this:

Like this:

U.S. House of Representatives: Democratic Agenda “For the People” … or Anti-Trump Obstructionism?

And Outside of Washington

Share this:

Like this:

Privacy and Data Security Laws and Regulations

Health Insurance Portability and Accountability Act (HIPAA)

Gramm Leach Bliley Act (GLBA)

Payment Card Industry Data Security Standard (PCI-DSS)

Federal Reserve System

Federal Deposit Insurance Corporation (FDIC)

Conclusion

Share this:

Like this:

Major Changes to the Definition of “Hostile Work Environment” Harassment

Extended Statute of Limitations for Sexual Assault

Restrictions on Confidentiality and Testimony Provisions in Settlement Agreements

Enhanced Protection from Defamation

Broadened Definition of Non-Employment Related Harassment

Expanded Anti-Harassment Training

Corporate Boards of Publicly Held Corporations Must Include Female Representatives

Salary History Ban and Pay Scale Disclosure Guidance

Limitations on Criminal History Inquiries

Paid Family Leave for Active Duty Families

Employment Record Inspection Rights

Expanded Lactation Accommodation Requirements

California Construction Employers Temporarily Protected from PAGA Suits

Petroleum Industry Employee Rest Breaks May be Interrupted

Suggested Actions

Share this:

Like this:

Share this:

Like this: