SEC Observations from Recent Cybersecurity Examinations Identify Best Practices

The SEC continues to focus on cybersecurity as an area of concern within the investment management industry.

On August 7, the US Securities and Exchange Commission’s (SEC’s) Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert summarizing its observations from a recent cybersecurity-related examination of 75 firms—including broker-dealers, investment advisers, and investment companies (“funds”) registered with the SEC.

The SEC staff has made it clear that cybersecurity remains a high priority and is likely to be an area of continued scrutiny with the potential for enforcement actions. During a recent interview,[1] the SEC’s co-directors of Enforcement, Stephanie Avakian and Steven Peikin, stated their belief that “[t]he greatest threat to our markets right now is the cyber threat.” This pronouncement follows on the heels of OCIE’s identification of cybersecurity as one of its examination priorities for 2017,[2] OCIE’s release of a Risk Alert on the “WannaCry” ransomware virus,[3] and several significant Regulation S-P enforcement actions involving firms that failed to adequately protect customer information.[4]

This LawFlash details OCIE’s observations from its recent cybersecurity-related examination that were discussed in its Risk Alert.

OCIE’s Examination Identifies Common Issues

OCIE staff observed common issues in a majority of the firms and funds subject to examination. These common issues include the following:

  • Failure to reasonably tailor policies and procedures. Specifically, the examination found issues with policies and procedures that

    • incorporated only general guidance;

    • identified limited examples of safeguards for employees to consider; and

    • did not articulate specific procedures to implement policies.

  • Failure to adhere to or enforce policies and procedures. In some cases, policies and procedures were confusing or did not reflect a firm’s actual practices, including in the following areas:

    • Annual customer protection reviews not actually conducted on an annual basis

    • Policies providing for ongoing reviews to determine whether supplemental security protocols were appropriate performed only annually, or not at all

    • Policies and procedures creating contradictory or confusing instructions for employees[5]

    • Firms not appearing to adequately ensure that cybersecurity awareness training was provided and/or failing to take action where employees did not complete required cybersecurity training

  • Regulation S-P issues among firms that did not appear to adequately conduct system maintenance. Because Regulation S-P was enacted to safeguard the privacy of customer information, OCIE observed that issues arose where firms failed to install software patches to address security vulnerabilities and other operational safeguards to protect customer records and information.

  • Failure to fully remediate some of the high-risk observations that firms discovered when they conducted penetration tests and vulnerability scans.

Cyber Best Practices and Other Observations

OCIE identified elements of what it viewed as “robust” cybersecurity policies and procedures from its examinations. Such elements should be considered as best practices and instructive for broker-dealers, investment advisers, and funds in implementing, assessing, and/or enhancing existing cybersecurity-related policies and procedures. Such elements are as follows:

  • Maintenance of data, information, and vendor inventory, including risk classifications

  • Detailed cybersecurity-related instructions, including instructions related to penetration tests, access rights, and reporting guidelines for lost, stolen, or unintentionally disclosed sensitive information

  • Maintenance of prescriptive schedules and processes for testing data integrity and vulnerabilities, including patch management policies

  • Access controls for data and systems

  • Mandatory employee training upon onboarding and periodically thereafter

  • Engaged senior management

OCIE staff noted an overall improvement in firms’ awareness of cyber-­related risks and the implementation of certain cybersecurity practices since its previous Cybersecurity 1 Initiative.[6] Most notably, all broker-dealers, all funds, and nearly all investment advisers in the more recent examinations maintain written policies and procedures related to cybersecurity that address the protection of customer/shareholder records and information. This finding is in contrast to the Cybersecurity 1 Initiative, where OCIE found that comparatively fewer broker-dealers and investment advisers had adopted this type of written policies and procedures.

OCIE staff also noted the following:

  • Nearly all broker-dealers and many investment advisers and funds conducted periodic risk assessments, penetration tests, and vulnerability scans.

  • All broker-dealers and nearly all investment advisers and funds had a process in place for ensuring regular system maintenance.

  • All firms utilized some form of system, utility, or tool to prevent, detect, and monitor data loss as it relates to personally identifiable information.

  • All broker-dealers and a majority of investment advisers and funds maintained cybersecurity organizational charts and/or identified and described cybersecurity roles and responsibilities for the firms’ workforces.

  • Almost all firms either conducted vendor risk assessments or required that vendors provide the firms with risk management and performance reports (i.e., internal and/or external audit reports) and security reviews or certification reports.

  • Information protection programs at the firms typically included relevant cyber-related policies and procedures as well as incident response plans.

Key Takeaways

SEC-registered broker-dealers, investment advisers, and funds should evaluate their policies and procedures to determine whether there are gaps or areas that could be improved based on OCIE’s articulation of best practices. Firms and funds should further evaluate their policies and procedures to ensure that they reflect actual practices and are reasonably tailored to the particular firm’s business. As OCIE notes, effective cybersecurity requires a tailored and risk-based approach to safeguard information and systems.[7]

This post was written by Mark L. Krotoski,  Merri Jo Gillette , Sarah V. Riddell Martin Hirschprung and  Jennifer L. Klass of Morgan, Lewis & Bockius LLP.

Read more legal analysis at The National Law Review.

[1] Sarah Lynch, Exclusive: New SEC Enforcement Chiefs See Cyber Crime as Biggest Market Threat, Reuters.com (Jun. 8, 2017).

[2] OCIE, Examination Priorities for 2017 (Jan. 12, 2017).

[3] National Exam Program Risk Alert, Cybersecurity: Ransomware Alert (May 17, 2017).

[4] In re Morgan Stanley Smith Barney LLC, Exchange Act Release No. 78021, Advisers Act Release No. 4415 (Jun. 8, 2016); In re R.T. Jones Capital Equities Management Inc., Advisers Act Release No. 4204 (Sept. 22, 2015); and In re Craig Scott Capital LLC, Exchange Act Release No. 77595 (Apr. 12, 2016).

[5] OCIE provides an example of confusing policies regarding remote customer access that appeared to be inconsistent with those for investor fund transfers, making it unclear to employees whether certain activity was permissible based on the policies.

[6] See, e.g., OCIE Cybersecurity Initiative (Apr. 15, 2014); see also National Exam Program Risk Alert, Cybersecurity Examination Sweep Summary (Feb. 3, 2015).

[7] For example, the National Institute of Standards and Technology Cybersecurity Framework 1.0 (Feb. 12, 2014) provides a useful flexible approach to assess and manage cybersecurity risk.

For Whom the Class Tolls: “No Piggybacking Rule” Does In Would-Be Class in Ongoing Wal-Mart Saga

In 2011, the United States Supreme Court issued its landmark decision in Wal-Mart Stores, Inc., v. Betty Dukes, et al., decertifying a putative class of approximately 1.6 million current and former female Wal-Mart employees who claimed gender discrimination in wages and promotions in violation of Title VII. 564 U.S. 338 (2011).  The Court reversed the Ninth Circuit’s affirmation of class certification and determined the plaintiffs failed to meet the class “commonality” standard set out in Federal Rule of Civil Procedure 23. Id. at 349-60. The Dukes decision set in motion a number of spinoff regional cases, one of which – barring another grant of certiorari to the high court – met its end somewhat anticlimactically, when the Eleventh Circuit issued its August 3, 2017 order in Love, et. al. v. Wal-Mart Stores, Inc. No. 15-15260.

The Love plaintiffs included a sub-group of the Dukes plaintiffs who worked in the southeastern United States. These holdover Dukes plaintiffs were able to refile their claims because of the requirement that federal court discrimination plaintiffs first file with the Equal Employment Opportunity Commission. This rule effectively tolled the statute of limitations during the pendency of Dukes. But critically, under the Eleventh Circuit’s “no piggybacking rule”, tolling is limited to individual claims only, not class claims, which has also been adopted by the Fifth and Sixth Circuits.  The Love court previously left little room for argument when it noted in a 2013 order that “[t]he Eleventh Circuit categorically refuses to toll the limitations period for subsequent class actions by members of the original class once class certification is denied in the original suit.”  Thus, on October 16, 2015 the individual named plaintiffs and Wal-Mart settled and jointly filed a “stipulation of voluntary dismissal.”

On November 6, 2015, the Love appellants, made up of unnamed members of the would-be class, filed a motion to intervene solely to appeal the dismissal of class claims. This motion was denied 13 days later as moot, which, to make matters worse for the appellants, took them outside of their 30-day deadline to appeal the October 16 stipulated dismissal. The Eleventh Circuit thus found the appeal jurisdictionally barred, providing a rather sudden end to the winding multi-year litigation.

In light of this tangled and technical history, employers and their counsel should be sure to understand the differences in treatment of class actions and individuals under the relevant rules, regulations, and statutes. Though it can be tempting to move immediately to the standard substantive arguments against numerosity, commonality, typicality, and adequacy of the proposed class, the Wal-Mart cases show that knowing your way around the procedural thicket is another useful skill in avoiding or minimizing the cost of class litigation.

 This post was written by Kelly J. Muensterman of  Polsinelli PC.

[1] https://www.supremecourt.gov/opinions/10pdf/10-277.pdf

[2] http://hr.cch.com/eld/LoveWalmart080317.pdf

[3] Salazar–Calderon v. Presido Valley Farmers Ass’n, 765 F.2d 1334 (5th Cir.1985) and Andrews v. Orr, 851 F.2d 146 (6th Cir.1988)

[4] 2013 WL 5434565, at *2.

 For more legal analysis check out the National Law Review’s homepage.

Potential Obstacle To Effective Internal Compliance Reporting System? The False Claims Act

Yes, you read the title of this post correctly.  Under the False Claims Act, a whistleblower is not required to report compliance concerns internally through a company’s internal reporting system before filing a “qui tam” court action.  Indeed, the False Claims Act — with its potential “bounty” of 15 to 30 percent of the government’s recovery — may actually encourage employees to file suit in the first instance, to qualify as an “original source,” and bypass the organization’s reporting system altogether, thereby frustrating a key component of an effective compliance program.  Whistleblower organizations have recently gone so far as to discourage individuals employed by health care providers from bringing compliance concerns directly to their employer so that they can get a share of the government’s recovery.

A provider or other entity participating in the Medicare or Medicaid programs, however, can mitigate that risk through, among other things, employee training and disciplinary policies encouraging good-faith reporting and the promotion of a culture of compliance, including setting the right “tone from the top.”

Internal Reporting System.  The cornerstone of any effective compliance program is developing and implementing a robust internal reporting system that employees can use to raise any compliance concerns on an anonymous basis.  Among other things, when compliance concerns are brought to the attention of the organization’s compliance personnel, the organization can investigate the issue and take appropriate steps to prevent or remediate any continued potential misconduct.  Likewise, having such a system in place may serve as a defense to liability under the False Claims Act.  Even if improper billing is found to have taken place, evidence that the organization has an effective, anonymous internal compliance reporting system may show that the improprieties were not the result of deliberate indifference or reckless disregard for such practices.

False Claims Act.  Plainly, the risk of treble damages and per claim penalties under the False Claims Act is a powerful incentive for a health care organization to implement an effective compliance program.  What is more, the provision for whistleblower awards under the False Claims Act can be an effective tool to aid the government in detecting and preventing overpayments by Medicare and Medicaid to fraudulent operators and other bad actors.  By allowing whistleblowers to file relator actions under seal and potentially share in any of the government’s recovery — as well as to seek damages for any retaliatory employment action — the False Claims incentivizes employees in the health care industry to come forward with information about fraudulent billing, without the fear of reprisal.

The Tension Between The Two.  At the same time, a whistleblower’s potential recovery can operate as a countervailing disincentive for an employee to report compliance concerns internally.  That is because under the False Claims Act, a qui tam relator is entitled to a “bounty” only if the individual is the “original source” of information to the government about the improper billing practices that are the subject of the relator’s action.  On the other hand, if an employee does dutifully report a compliance concern internally through the organization’s reporting system, and the organization itself reports any overpayments to the government or remediates the misconduct itself, the whistleblower may be unable to sue and recover any “bounty.”  As noted earlier, this point is not lost on the relator bar.

Overcoming The Tension.  How does a provider overcome the entreaties of the relator bar, along with the incentives under the False Claims Act whistleblower provisions, to convince employees with compliance concerns to avail themselves of the company’s internal reporting system?  At the outset, the reporting system may be both effective and credible to instill  confidence in the system so that employees will take full advantage of it – that is, the organization must deliver on its promise of anonymity and protection of good-faith reporting and must follow through on a timely basis with a thorough investigation and meaningful corrective action, if indicated.  Further, a robust reporting system, standing alone, will not be effective unless all other elements of an organization’s compliance program are working effectively as well, starting with a “culture of compliance,” reinforced by the executive team and management, and continuing with inservice compliance training, underscoring the importance of timely reporting and the anonymity and other protections afforded to reporting employees.

Likewise, the organization must have personnel and disciplinary policies that reward good-faith reporting and punish compliance lapses, both for engaging in unlawful conduct as well as for failing to report it.  That said, taking any disciplinary action against an employee who files suit as a relator, without ever having reported the compliance concerns in breach of the employee’s duties, is fraught with the risk that the termination or other action will be challenged as retaliation for filing the False Claims Act action, and that the cited ground — failing to report   — is allegedly merely pretextual.

However, with the proper messaging and training, coupled with a robust anonymous reporting system, the company can give its employees good reason to “do the right thing” and report compliance concerns to the company in the first instance, despite the lure of a False Claims Act bounty.

This post was written byBrian T. McGovern of Cadwalader, Wickersham & Taft LLP.
For more legal analysis check out the National Law Review.

Share Recent Eighth Circuit Case Illustrates the Need for Newest Members of the NLRB to Be Confirmed Sooner Rather Than Later

In another example of a federal circuit court taking the National Labor Relations Board (NLRB) to task for stretching federal labor law past the point of recognition, the Eight Circuit Court of Appeals recently refused to enforce a NLRB order reinstating several former employees. The former employees were discharged after they posted flyers around town insinuating their employer was selling unsafe, germ-laden sandwiches as part of a campaign to enhance their sick leave. MikLin Enterprises, Inc. v. NLRB, No. 14-3099 (July 3, 2017).

In its decision, the Eight Circuit upbraided the NLRB for abandoning and ignoring the Supreme Court of the United States’ precedent regarding when an employee can be disciplined for “disloyalty” in the midst of a union organizing drive. The Eighth Circuit took particular issue with the NLRB’s interpretation of the seminal Supreme Court case NLRB v. Local Union No. 1229, IBEW (Jefferson Standard) and found that the NLRB’s reasoning effectively overruled Jefferson Standard.

Background

MikLin is a family business that owns and operates 10 Jimmy John’s sandwich shop franchises in the Minneapolis-St.Paul area. In 2007, several MikLin workers began an organizing campaign seeking representation by the Industrial Workers of the World (IWW) union.

In an attempt to garner more support for a rerun election, union supporters began a sick leave campaign in early 2011. They posted a flyer on community bulletin boards in MikLin stores with two identical images of a Jimmy John’s sandwich. Above the first image were the words, “YOUR SANDWICH MADE BY A HEALTHY JIMMY JOHN’S WORKER.” The text above the second image said, “YOUR SANDWICH MADE BY A SICK JIMMY JOHN’S WORKER.” Below the pictures, the white text asked: “CAN’T TELL THE DIFFERENCE?” The response, in red and slightly smaller, said: “THAT’S TOO BAD BECAUSE JIMMY JOHN’S WORKERS DON’T GET PAID SICK DAYS. SHOOT, WE CAN’T EVEN CALL IN SICK.” Below, in slightly smaller white text, was the warning, “WE HOPE YOUR IMMUNE SYSTEM IS READY BECAUSE YOU’RE ABOUT TO TAKE THE SANDWICH TEST.” The text at the bottom of the poster asked readers to help the workers win paid sick days by going to their website.

The day before the IWW could request a rerun election, its supporters distributed a press release, letter, and the sandwich poster to more than 100 media contacts. The press release highlighted discussed the employees’ need for sick leave and ended with a threat: If MikLin would not talk with the IWW about their demands for paid sick leave, they would proceed with “dramatic action” by “plastering the city with thousands of Sick Day posters.”

Days later, IWW supporters implemented their threat to plaster the city with posters. However, in the new version of the poster, rather than asking for support of the employees’ request for paid sick leave, the public posters listed the MikLin CEO’s personal telephone number and instructed customers to call him to “LET HIM KNOW YOU WANT HEALTHY WORKERS MAKING YOUR SANDWICH!” Two days later, MikLin fired six employees who coordinated the attack and issued written warnings to three others who assisted in it.

The NLRB Proceedings

The Board’s administrative law judge (ALJ) determined that MikLin violated the National Labor Relations Act by discharging the employees. Citing prior Board decisions, the ALJ ruled that the NLRA “protects employee communications to the public that are part of and related to an ongoing labor dispute” unless they are “so disloyal, reckless, or maliciously untrue as to lose the Act’s protections.” The ALJ found that to lose the act’s protections “an employee’s public criticism . . . must evidence ‘a malicious motive’ or be made with knowledge of the statements’ falsity or with reckless disregard for their truth or falsity.”

The ALJ found that the posters in question were not maliciously untrue. “While ‘it is not literally true that employees could not call in sick,’ the ALJ observed, employees ‘are subject to discipline if they call in sick without finding a replacement,’” and thus—according to the ALJ—the assertion that employees were required to work when sick was protected hyperbole. Though MikLin had a strong track record with the health department, the ALJ found that “it is at least arguable that [MikLin’s] sick leave policy subjects the public to an increased risk of food borne disease.”

A divided panel of the Board affirmed the ALJ’s findings and conclusions. The majority found “that neither the posters nor the press release were shown to be so disloyal, reckless, or maliciously untrue as to lose the Act’s protection.” The public communications “were clearly related to the ongoing labor dispute concerning the employees’ desire for paid sick leave. . . . Indeed, any person viewing the posters and press release would reasonably understand that the motive for the communications was to garner support for the campaign to improve the employees’ terms and conditions of employment by obtaining paid sick leave rather than to disparage [MikLin] or its product.”

MikLin appealed the Board’s order reinstating the employees to the Eighth Circuit Court of Appeals. On appeal, a three-judge panel upheld the NLRB’s ruling, but upon rehearing en banc by the full court, the ruling was overturned.

The Eighth Circuit’s Analysis

In its full court hearing, the Eighth Circuit took the NLRB to task for significantly misreading the Supreme Court’s decision in Jefferson Standard. First, the majority focused on the Board’s interpretation that no act of employee disparagement is unprotected disloyalty unless it is “maliciously motivated to harm the employer.” They found this additional requirement impermissibly overruled Jefferson Standard.

Second the court balked at the Board’s definition of “malicious motive.” The Board excluded from Jefferson Standard’s interpretation of Section 10(c) of the NLRA all employee disparagement that is part of or directly related to an ongoing labor dispute as improper. In other words, the Board refused to treat as “disloyal” any public communication intended to advance employees’ aims in a labor dispute, regardless of the manner in which, and the extent to which, it harms the employer.

The court rejected that idea:

By requiring an employer to show that employees had a subjective intent to harm, and burdening that requirement with an overly restrictive need to show “malicious motive,” the Board has effectively removed from the Jefferson Standard inquiry the central Section 10(c) issue as defined by the Supreme Court — whether the means used reflect indefensible employee disloyalty. This is an error of law.

Rather than employee motive, the Eighth Circuit explained that critical question in the Jefferson Standard disloyalty inquiry is whether the employees’ public communications reasonably targeted the employer’s labor practices or indefensibly disparaged the quality of the employer’s products or services. The Eight Circuit found that when employees convince customers not to patronize an employer because its labor practices are unfair, subsequent settlement of the labor dispute brings the customers back—to the benefit of both employer and employee. By contrast, the court found, sharply disparaging the employer’s products or services as unsafe, unhealthy, or of shoddy quality causes harm that outlasts the labor dispute to the detriment of employees, as well as the employer.

Key Takeaways

While the Eighth Circuit’s decision is heartening, its effect will be limited for the time being as the NLRB is under no obligation to recognize the court’s interpretation of federal labor law. Further, the decision highlights the cost of fighting incorrect NLRB decisions for employers; MikLin had to appeal the ALJ’s decision to the NLRB, then appeal that decision to the Eighth Circuit, and then request a rehearing after the three-judge panel wrongly decided the appeal. Many employers simply do not have the resources to see a fight like this through to the end.

With President Trump’s selections to the NLRB being vetted by Congress this week, we can hope for a light at the end of this long, dark tunnel for employers.

This post was written byMatthew J. Kelley of Ogletree, Deakins, Nash, Smoak & Stewart, P.C.
Go to the National Law Review for more legal analysis.

Sign of Future Changes? DOL Proposes 18-Month Extension of Transition Period for Compliance With ERISA “Fiduciary Investment Advice” Rule

On August 9, the US Department of Labor (DOL) announced in a court filing that it has proposed an 18-month extension of the full implementation of the Best Interest Contract Exemption (the “BIC Exemption”) under the ERISA fiduciary investment advice rule. The Proposed Extension would also apply to the Principal Transaction Exemption and Prohibited Transaction Exemption 84-24 (together with the BIC Exemption, the “Exemptions”). In April of this year, the DOL extended the effective date of the Rule until June 9 and limited the requirements of the Exemptions to only require compliance with the “impartial conduct standards” (ICS) through December 31 (the “Transition Period”). If the Proposed Extension is approved, full compliance with the Exemptions will not be required until July 1, 2019.

As described in our earlier advisory, “Compliance With the ERISA Fiduciary Advice Rule for Private Investment Fund Managers and Sponsors and Managed Account Advisers: Beginning June 9, 2017,” compliance with the ICS generally requires that an investment advice fiduciary (1) act in the “best interest” of plan participants and IRA owners; (2) receive no more than “reasonable compensation” (as defined under ERISA and the Internal Revenue Code); and (3) make no materially misleading statements about recommended transactions, fees, compensation and conflicts of interest.

The Proposed Extension was submitted to the Office of Management and Budget (OMB) in the form of an amendment to each of the Exemptions.

This post was written by Henry Bregstein Wendy E. Cohen David Y. Dickstein Jack P. Governale Christian B. Hennion and Gary W. Howell of Katten Muchin Rosenman LLP
For more legal analysis visit the National Law Review.

DOL Proposes New LCA, H-1B Complaint Form

Following through on its April 3, 2017announcement that it was considering changes to the Labor Condition Application (LCA), the Department of Labor (DOL) published a notice in the Federal Register on August 3, 2017, of its proposed revisions to the ETA 9035 or LCA. A certified LCA must be included with every H-1B petition filed with the U.S. Citizenship and Immigration Services.  DOL’s Employment and Training Administration posted the proposed LCA on its website saying the changes would “better protect American workers, confront fraud, and increase transparency.” DOL said it would accept comments until Oct. 2, 2017.

The revisions in the form reflect the focus of the Trump Administration on increased enforcement of third-party placement and on H-1B dependent employers. The new LCA asks whether the sponsored worker will be “placed with a secondary employer” and, if yes, asks for the legal name of the secondary employer. The new LCA also requires H-1B dependent employers to complete an additional list of questions set out in an appendix if the sponsored worker is exempt from H-1B dependency obligations. In addition, the attestation language in the form is more expansive. For example, the wage attestation in the new LCA specifies that employers may not deduct attorneys’ fees or costs in connection with a visa petition.

At the same time it released its new LCA form, the DOL also posted its revised WH-4, Nonimmigrant Worker Information Form, which is the form individuals may use to submit complaints to DOL about fraud or misconduct in H-1B, H-1B1 or E-3 visa programs. This form is utilized by DOL’s Wage and Hour Division, which is the office that conducts LCA audits.

This post was written byRebecca B. Schechter of  Greenberg Traurig, LLP.
More information on Department of Labor at the National Law Review.

The Changing Landscape of Sexual Orientation Discrimination Law

From the time Congress passed the Civil Rights Act of 1964 until earlier this year, federal courts have consistently held that the Act’s protections against employment discrimination did not apply to discrimination on the basis of sexual orientation. However, in March, the Seventh Circuit Court of Appeals (which covers Wisconsin, Illinois, and Indiana) became the first court to rule the other way, holding that Title VII of the Civil Rights Act’s prohibition against discrimination on the basis of sex includes discrimination based on sexual orientation. What has occurred in federal courts in the wake of that decision, however, has only muddied the waters.

Title VII prohibits employment discrimination based on race, color, religion, sex, and national origin. Prior to the Seventh Circuit’s notable decision, courts had only permitted gay employees to make claims of sex discrimination if the employee could show the discrimination occurred because the employee did not conform to gender stereotypes, not simply because of the employee’s sexual orientation. The Seventh Circuit found that the gender stereotype argument is unnecessary, stating “it is . . . impossible to discriminate on the basis of sexual orientation without discriminating on the basis of sex.”

The question is far from settled. In April, in a case involving a gay skydiving instructor who claims he was fired because of his sexual orientation, a three-judge panel of the Second Circuit ruled that it could not follow the Seventh Circuit’s decision. It held that a three-judge panel could not overturn precedential decisions regarding Title VII’s application to sexual orientation discrimination. Such a ruling would require a review by the entire panel of judges. The Second Circuit has granted such a review (an en bancreview), indicating that perhaps the full panel of judges may be willing to follow the lead of the Seventh Circuit.

The picture becomes fuzzier still because of conflicting input from two government agencies. In preparation for its en banc review, the Second Circuit invited the EEOC to offer an opinion on the matter. The EEOC restated a stance it has held since 2012, saying sexual orientation discrimination is inextricably linked to gender and gender stereotypes and should fall under the protection of Title VII. However, on July 26, 2017, the Department of Justice filed a brief taking the opposite position. The DOJ argued Congress did not intend Title VII to apply to sexual orientation, and that expansion of the protection should be left to Congress, not implemented by the courts. The DOJ also says that the court owes no deference to the EEOC.

Because the federal circuits are now split on the issue, the question may eventually be decided by the United States Supreme Court. The Court has already been asked to review a case in which a former security guard at a Georgia hospital claims she was forced to quit because she was gay. The Court has not yet said whether it will hear the case. Ultimately, as the DOJ suggests, Congress could pass legislation to decide the issue one way or the other.

The takeaway from this flurry of activity is that this is an area of law that is very much in flux. For decades, the position of federal courts in regards to sexual orientation discrimination under Title VII was clear. Now, the landscape has shifted, and the ground is still settling. Employers should be aware that changes are happening quickly in this area and proceed cautiously when a situation potentially involving a sexual orientation discrimination claim arises.

This post was written by Mark G Jeffries of  Steptoe & Johnson PLLC.
Much more legal analysis at the National Law Review.

What Is Going On With The Revised EEO-1 Form? Acting EEOC Chair Provides Insight Into Its Status

As loyal readers of our blog are aware, in February 2016, the EEOC released a rule to amend the Form EEO-1.  The new rule requires private employers (including federal contractors) with 100 or more employees to submit pay data with their EEO-1 reports.  Employers with fewer than 100 employees will still not need to file an EEO-1.  Federal contractors with 50-99 employees are still required to file an EEO-1, but are not required to submit the new pay data.  The rule is slated to go into effect on March 31, 2018.

Since the election of President Trump, employers have been watching anxiously to see if the new form and the burdens it places on them will be modified or ideally repealed.  Although employers are not required to submit the new form until March 2018, the addition of compensation information has dramatically increased the complexity of preparing EEO-1 submissions.  As a consequence, if the new EEO-1 form is to remain in effect, employers should start preparing for this new requirement immediately (if they have not already begun).

Efforts have been underway to rescind the new EEO-1 form – including efforts in Congress.  The Chamber of Commerce requested that the Office of Management and Budget (“OMB”) rescind the new form because it violates the Paperwork Reduction Act (“PRA”), arguing that the EEOC’s revised EEO-1 does not “(1) minimize the burden on those required to comply with government requests; (2) maximize the utility of the information being sought; and/or (3) ensure that the information provided is subject to appropriate confidentiality and privacy protections” as required by the PRA.

On August 3, 2017, Acting Chair of the Equal Employment Opportunity Commission (“EEOC”), Victoria Lipnic, speaking at the Industry National Liaison Group’s Annual Conference in San Antonio, Texas, discussed the fate of the revised Form EEO-1.  Speech provided new information about the EEO-1 and her efforts to have the revised form rescinded.

Chair Lipnic noted that the Office of Information and Regulatory Affairs (“OIRA”), which is housed within the OMB, would be the entity deciding Chamber of Commerce’s challenge.  Chair Lipnic informed the gathering that the Administrator of OIRA, Neomi Rao, had only recently been confirmed to the post, but that she (Chair Lipnic) had already reached out to discuss the issues raised by the new EEO-1 form.

Chair Lipnic shared that she has sent Administrator Rao a memorandum, asking OIRA to decide by the end of this month (August 2017) whether to implement or discard the wage data collection portion of the revised EEO-1.  Recognizing the burden posed by the new compensation data requirements, Chair Lipnic expressed that it was important to provide employers with information about the fate of the revised EEO-1 sooner rather than later, so employers can prepare to comply.  In Chair Lipnic’s words, “time is of the essence.”

This post was written by Connie N Bertram Guy Brenner and Alex C Weinstein of Proskauer Rose LLP.
Read more legal analysis at the National Law Review.

California Employers Face New Notice Requirement for Domestic Violence, Sexual Assault, and Stalking Time Off

The California Division of Labor Standards Enforcement (DLSE) has published a new form that must be added to the growing list of documents that employers are required to provide to employees at the time of hire.

The new form refers to employees’ rights under California Labor Code Section 230.1 relating to protections of employees who are victims of domestic violence, sexual assault, and/or stalking. Last October, we notified California employers about this new law amending Section 230.1, Assembly Bill (AB) 2337. The amended law requires employers with 25 or more employees to provide an employee with written notice of his or her rights to take time off for the following purposes:

  1. “To seek medical attention for injuries caused by domestic violence, sexual assault, or stalking.
  2. To obtain services from a domestic violence shelter, program, or rape crisis center as a result of domestic violence, sexual assault, or stalking.
  3. To obtain psychological counseling related to an experience of domestic violence, sexual assault, or stalking.
  4. To participate in safety planning and take other actions to increase safety from future domestic violence, sexual assault, or stalking, including temporary or permanent relocation.”

The law requires employers to provide the notice “to new employees upon hire and to other employees upon request.”

As we reported previously, employers were not required to distribute this information until the California Labor Commissioner published a form employers could use to comply with the law. The law gave the Labor Commissioner until “on or before July 1, 2017” to develop and post the form.

As required by AB 2337, the Labor Commissioner’s office recently released the notice. The DLSE has made both an English and Spanish version of the notice available on its website. The notice also contains information on employees’ rights to reasonable accommodation and to be free from retaliation and discrimination.

Finally, the new law clarifies that employers that do not use the Labor Commissioner’s notice may use an alternative that is “substantially similar in content and clarity to the form developed by the Labor Commissioner.”

This post was written by Christopher W. Olmsted and Hera S. Arsen of Ogletree, Deakins, Nash, Smoak & Stewart, P.C.
Read more legal analysis on the National Law Review.

Rethinking Transparency – Inpatient Prospective Payment System Final Rule Rescinds Proposed Survey Disclosure Rule

The 2018 Inpatient Prospective Payment System (IPPS)/Long-Term Care Hospital (LTCH) Prospective Payment System (PPS) proposed rule, published in April 2017, contained a controversial provision that would have required accrediting organizations (AOs) that confer deemed status (such as The Joint Commission and DNV) to make all survey reports and acceptable plans of correction publicly available on their websites within 90 days of issuance (Proposed Transparency Rule). While the proposed rule cited the goal of improved transparency and enhancing patient health and safety, hospitals and other health care facilities that rely on AOs for deemed status voiced significant concerns about the unintended consequences of such disclosures, including providing an AO-slanted view of events, placing health care facilities on the defensive regarding corrective actions, the inability to correct misstatements in survey reports, and the risk that the public would not understand the survey process and become unreasonably biased against certain facilities. The Proposed Transparency Rule also garnered comment as Centers for Medicare and Medicaid Services (CMS) does not require itself to make all of its survey reports publicly available in such a short time frame, and does not presently make full plans of correction for all health care facilities readily available to the public.

To the surprise of some in the industry, the 2018 IPPS/LTCH PPS final rule (Final Rule) released on August 2, 2017, withdrew the Proposed Transparency Rule in its entirety, for a reason entirely unrelated to the main arguments that had been raised: potential conflict with Section 1865(b) of the Social Security Act (Act). Section 1865(b) of the Act provides that:

The Secretary may not disclose any accreditation survey (other than a survey with respect to a home health agency) made and released to the Secretary by the American Osteopathic Association or any other national accreditation body, of an entity accredited by such body, except that the Secretary may disclose such a survey and information related to such a survey to the extent such survey and information relate to an enforcement action taken by the Secretary. See 42 USC 1395bb.

CMS indicated in the Final Rule that it was concerned that implementing the Proposed Transparency Rule would “appear as if CMS was attempting to circumvent” the Act by requiring the AOs to release their own survey reports—a concern that was sufficient for the Proposed Transparency Rule to be withdrawn.

Whatever the basis of the decision, AOs, hospitals and health care facilities must prepare for the next effort to make AO and CMS survey and plan of correction information readily available on-line—transparency may have been delayed by the withdrawal of the Proposed Transparency Rule—but it is on the way, like it or not.

This post was written bySandra M. DiVarco  of McDermott Will & Emery.
More legal analysis available at the National Law Review.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by