November 2024 Legal News: Law Firm News and Industry Expansion, Industry Awards and Recognition, DEI and Women in Law

Thank you for reading the National Law Review’s legal news roundup, highlighting the latest law firm news! As the country enters the penultimate month of 2024, legal industry news continues to be a hot topic. Please read below for the latest in law firm news and industry expansion, legal industry awards and recognition, and DEI and women in the legal field.

Law Firm News and Industry Expansion

Ward and Smith, P.A. announced the addition of Hunter Morris and Mark Wigley to the firm’s Raleigh office. Bringing dedication to the firm’s core practice areas, they will help to strengthen the commitment to exceptional client service.

Mr. Morris, a trust and estates attorney, will help guide clients through the planning and administration process including wills, various trusts and powers of attorney. He also offers support in probate document preparation and succession planning.

Mr. Wigley’s practice encompasses litigation matters, such as drafting and filing motions as well as conducting thorough research. Skilled in drafting trial and appellate briefs and managing evidence, he has represented clients in matters filed in the U.S.

“We are excited to welcome Hunter and Mark to the firm,” said Brad Evans, co-managing director of Ward and Smith. “Their commitment to high-quality legal service aligns with our mission to provide our clients with the guidance and expertise needed to navigate complex legal issues.”

Andrew M. Kaufman joined Blank Rome LLP as a Corporate Litigation group associate in the firm’s New York office. Mr. Kaufman is involved in all stages of litigation, representing clients from various industries in a broad range of matters.

Having received his J.D., magna cum laude and Order of the Coif, from New York University School of Law and his B.A., summa cum laude, from Binghamton University, Mr. Kaufman’s practice areas include consumer fraud, securities, products liability, bankruptcy litigation and commercial real estate.

In addition, he has extensive experience preparing fact and expert witnesses for deposition and trial testimony as well as managing discovery in complex litigation.

Norton Rose Fulbright announced the addition of Jim Arnold and Phil Hodgkins as senior counsel to the firm’s global cybersecurity and privacy group in in St. Louis and New York, respectively.

Mr. Arnold, a cybersecurity lawyer, has over 18 years of experience advising Fortune 500 clients on proactive cybersecurity program development. He has led comprehensive investigations, remediations and recovery efforts.

Privacy lawyer Mr. Hodgkins navigates clients through complex data challenges such as regulatory compliance, investigations and litigation. His practice includes many areas of privacy law, such as cross-border data transfers, use and storage, data collection and data privacy regulation readiness analysis.

“Jim and Phil are skilled cybersecurity and privacy professionals with innovative practices that complement our global team. Their backgrounds and focus on helping build programs before there is an issue is a perfect complement to the life-cycle of services we provide our clients,” said Chris Cwalina, head of cybersecurity and privacy at Norton Rose Fulbright. “Our practice is focused on improving oversight and governance for our clients and we are thrilled to have the experience Jim and Phil bring to assist with the wide range of risks in the increasingly complex cybersecurity and privacy landscape.”

Legal Industry Awards and Recognition

The 2025 edition of Best Lawyers recognized multiple National Law Review clients. The rankings include 75 national practice areas and 127 metropolitan areas based on client evaluations as well as leading attorney peer reviews. NLR clients included in the 2025 edition include:

Hunton Andrews Kurth LLP partner Roland M. Juarez was honored by the Los Angeles Business Journal (LABJ) in its annual Leaders of Influence: Labor & Employment Attorneys list. The list honors attorneys recognized as outstanding professionals in the industry by the LABJ based on their professional achievements, community leadership, milestones and notable accomplishments throughout the last 12-18 months.

Mr. Juarez has  been recognized on numerous lists for litigation and labor and employment by Daily Journal, LABJ and The Los Angeles Times, as well as being ranked by legal directories including Benchmark Litigation and Legal 500. He handles high-stakes labor and employment cases including class action and collective actions, PAGA, non-compete, non-solicitation and employee raiding cases, discrimination, harassment, disability, and wage and hour cases.

Jenner & Block Partner Angela Allen was honored at the 2024 Night of Shining Stars on October 30. The event, hosted by Hilco Global and the TMA, benefited the All Stars Project of Chicago, a nonprofit organization that connects youth in underserved communities to opportunities within the city.

Angela was recognized for her contributions in the turnaround and restructuring community and for her commitment to Chicago’s youth. Ms. Allen is actively involved with Turnaround Management Association (TMA) and served as the President of the Chicago/Midwest Chapter in 2020.

DEI and Women in Law

The Leadership Council on Legal Diversity (LCLD) has named Bradley a recipient of its 2024 Compass Award for its involvement in LCLD programs and promotion of the organization’s mission. LCLD is comprised of over 400 corporate chief legal officers and law firm managing partners who are committed to building a more equitable and diverse legal profession. Bradley partner Kristina Allen Reliford was chosen as a Fellow of the LCLD this year, with Bradley associates Trenton K. Patterson and Sabah Petrov being chosen as LCLD Pathfinders.

“We are very appreciative of LCLD’s recognition as one of its 2024 Compass Award winners,” said Bradley Chairman of the Board and Managing Partner Jonathan M. Skeeters. “Bradley is proud of its leadership and commitment to fostering an inclusive legal profession.”

Leigha Beckman, an associate at Morgan Lewis, was awarded the “2024 Antitrust and Unfair Competition Lawyers to Watch Award” by the California Lawyers Association. Ms. Beckman was recognized with four other nominees who have exhibited outstanding achievements in their first eight years of practicing antitrust and unfair competition law.

Ms. Beckham has extensive experience in multidistrict litigation, focusing her practice on counseling, government investigations and litigation. This includes cases brought under California’s Cartwright Act and Unfair Competition Law, as well as the Sherman Act and antitrust class actions.

Copyright ©2024 National Law Forum, LLC
For more Law News, visit the NLR Law Office Management section.

New York City Mayor Signs Hotel Safety and Licensing Law Imposing New Compliance Requirements on Hotel Operators

On November 4, 2024, New York City Mayor Eric Adams signed legislation to ensure hotel safety that will mandate a comprehensive licensing system for hotels to operate in New York City, implement several consumer safety protections, and require hotels to maintain continuous front-desk coverage, directly employ certain “core” employees, and provide human trafficking recognition training.

Quick Hits
New York City enacted a new hotel safety law that will require hotels to obtain a license to operate in the city and impose certain staffing requirements.
The law will require hotels to directly employ core employees, mainly housekeepers and front desk staff, avoiding the use of third-party staffing agencies.
The law is set to take effect 180 days after signing, or May 3, 2025.
The Safe Hotels Act, Int. No. 0991-2024, represents a significant shift in the regulatory landscape for New York City hotel operators, imposing several new employment and consumer compliance requirements as the city’s tourism industry rebounds from the pandemic.

“Our top priority from day one has been to keep people safe, and that includes protecting workers and tourists at our city’s hotels,” Mayor Adams said in a statement announcing the signing of the law. “That’s why we are expanding protections for the working-class New Yorkers who run our hotels and the guests who use them.”

Here is a breakdown of the key aspects of the new law.

Licensing
Under the new law, all hotel operators must obtain a license to operate within New York City. The license, valid for two years, requires a fee of $350. Hotel operators must submit detailed applications demonstrating their compliance with various staffing, safety, and operational standards. Violations of the new licensing requirements can result in significant civil penalties, ranging from $500 for a first offense to $5,000 for repeated offenses.

Staffing
The law will require hotel operators to provide continuous front desk coverage, either through front desk staff or, during overnight shifts, a security guard trained in human trafficking recognition. Large hotels (those with more than 400 rooms) must also maintain continuous security guard coverage on the premises.

Further, the law will require large hotels to directly employ certain “core employees,” aiming to eliminate the use of third-party contractors for core staffing needs. The law defines “core employees” as “any employee whose job classification is related to housekeeping, front desk, or front service at a hotel.” The law exempts small hotels, defined as those with fewer than 100 rooms.

The law will also prohibit hotel operators from retaliating against employees who report violations, participate in investigations, or refuse to engage in practices they believe to be illegal or unsafe.

Consumer Protections
Hotels will be required to maintain the cleanliness of guest rooms and common areas. Daily cleaning and trash removal are mandatory unless explicitly declined by the guest. Hotels will not be allowed to charge fees for daily room cleaning or offer incentives to guests to forgo this service.

Safety
The law will require hotels to provide panic buttons to employees whose duties involve entering occupied guest rooms. Additionally, all core employees must receive human trafficking recognition training within sixty days of employment.

Key Takeaways
Hotel operators may want to consider reviewing and updating policies to align with the new requirements, including updating staff training programs, security protocols, and cleaning schedules. They may also want to assess their staffing arrangements to ensure that core employees are directly employed.

The law is set to take effect 180 days after signing, or May 3, 2025.

© 2024, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.
by: Simone R.D. Francis Zachary V. Zagger of Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

For more news on New York City’s Hotel Regulations ,visit the NLR Consumer Protection section.

Post Election – Expect Tax Legislation

I. Introduction

With clear Republican victories in the White House and the Senate, and a very slim majority for either side in the House of Representatives, we can expect tax legislation in the coming year. It is expected that the President elect will likely seek to enact his economic agenda as quickly as possible. While Congress may work for bipartisan support of any such legislation, Congressional Republicans and the Administration have the ability to utilize the filibuster-proof budget reconciliation rules (that eliminate the need for 60 votes in the Senate) to pass such tax legislation. We understand that the advance preparation and work for a 2025 reconciliation bill began in Republican Leadership offices over the summer and will continue through the end of the year.

Key to the current discussions of tax policy are provisions from the 2017 Tax Cuts and Jobs Act (the “TCJA”), a large overhaul of the Internal Revenue Code during President Trump’s first term. The TCJA instituted many significant changes to U.S. tax laws, including cutting the corporate rate, lowering individual income tax rates, and introducing a new deduction for passthrough income. However, due to various reasons, including the arcana of procedural rules of Congress associated with the “reconciliation” procedures, many of these provisions were temporary and scheduled to expire at the end of 2025. Exactly which provisions are to be extended, which to be modified, which to be abandoned and how to budget for each of these provisions, is expected to be a part of the legislative agenda next year. It is important to note that, among certain other items, the reduced corporate tax rate enacted in the TCJA is not scheduled to expire.

The most significant expiring provisions of the TCJA are set forth below.

II. Expiring Provisions

A. Changes to non-corporate tax rates, credits, deductions, exemptions and exclusions

The most significant expiring provisions, at least from a political perspective, are the provisions providing significant adjustments to the various tax rates, credits, deductions and similar provisions mostly applicable to individuals, resulting in a broad-scale reversion to the pre-2017 regime for individual taxpayers. The key changes are the following, generally coming into effect in 2026, if not extended or modified:

  • The lower individual income tax rates in the TCJA will expire, and the top marginal rate will go from 37% to 39.6%;
  • The estate and gift tax exclusion amount will be cut in half to $5 million and then adjusted for inflation, so the estate tax exemption will go from approximately $14 million in 2025 to approximately $7 million in 2026;
  • The standard deduction will revert to pre-TCJA levels (almost half the current standard deduction), although the personal exemption amount (which was set to zero under the TCJA) will return to pre-TCJA levels as well;
  • The deduction for miscellaneous itemized expenses, including unreimbursed employee expenses and tax preparation fees will return, and taxpayers will be able to deduct miscellaneous itemized expenses above 2% of adjusted gross income (“AGI”);
  • The phasing-out of itemized deductions for high income taxpayers will return;
  • The TCJA’s cap on the deductibility of state and local tax will expire, so taxpayers will be able to deduct all state and local income taxes (or sales taxes, if selected by the taxpayer) and property taxes—this may be celebrated by higher-income taxpayers in high tax states, but much of the benefit could be tempered by the return of broader scope of the alternative minimum tax discussed immediately below;
  • The alternative minimum tax (the “AMT”), which under the TCJA was limited to a small number of taxpayers, will return to its pre-TCJA form (which applied to a much larger group of individual taxpayers);
  • The deduction limit for cash charitable deductions will revert to 50% of AGI (as compared the current limit of 60% of AGI);
  • The child tax credit will be cut in half so that the maximum credit is $1,000 per child, the refundable portion of the credit will decline from $1,400 to $1,000, and other various adjustments will apply; and
  • The broader mortgage interest exemption available under the pre-TCJA regime will return.

B. Employment-related provisions

Certain employment-related provisions will also expire, and many pre-TCJA rules will return, generally in 2026, if not extended or modified. The most significant changes are the following:

  • The Work Opportunity Tax Credit, which provides a credit to employers who hire members of certain groups, such as veterans, recipients of various federal welfare benefit programs, and residents of empowerment zones, would expire;
  • Employers who pay wages to employees on family and medical leave are generally eligible currently for a credit for a percentage of 12 weeks of paid leave wages—this credit would expire;
  • The deductibility of employer-provided meal expenses, currently limited to 50 percent of the meal expense, will be eliminated; and
  • The suspension of the exclusion for employer reimbursements for moving expenses for persons other than certain members of the armed services, will be lifted, at which point taxpayers will be able once again to exclude from income qualifying moving expense reimbursements received from an employer.

C. Various business provisions

Multiple provisions designed to create tax benefits or tax reductions for certain business operations or activities are also amongst the set of expiring or changing provisions. Among the key provisions that will change, generally in 2026, if not extended or modified are the following:

  • The TCJA introduced the qualified business income deduction for 20% of qualified passthrough income, excluding specified service trade or business income, and ordinary REIT dividends—this deduction would expire, so passthrough income and ordinary REIT dividends will be taxed at ordinary income rates with no deduction;
  • The TCJA’s bonus depreciation allowance will continue to decline over the next few years: only a 40% immediate deduction in 2025, 20% in 2026, and no bonus depreciation after 2026 (with some exceptions);
  • The special “opportunity zone” rules—whereby taxpayers could defer capital gains if the gains are reinvested in such an opportunity zone and exclude capital gains income after a 10-year holding period—will expire. Similarly, the empowerment zone program’s tax benefits and the New Markets Tax Credit will also expire.

D. International tax provisions

The TCJA also made some significant revisions to the international and cross-border tax rules, many of which will have changes that will automatically trigger in 2025 or 2026. The most material are:

  • The “base erosion and anti-abuse tax” (the “BEAT”) minimum tax rate will increase to 12.5% (from 10%) and the calculation of the modified income tax (on which the BEAT minimum tax rate applies) will be adjusted to eliminate the taxpayer’s ability to benefit from certain tax credits;
  • The deductions applicable to global intangible low-taxed income (“GILTI”) inclusions for corporations will be reduced (resulting in an increase in the amount of tax imposed on such inclusions)—the deductions for most income will drop from 50% to 37.5%;
  • The deduction on “foreign derived intangible income” (“FDII”) will drop from 37.5% to 21.875%; and
  • The oft extended “look through” rule (which did not originate in the TCJA) for dividends, interest, rents and royalties received by a controlled foreign corporation from another related controlled foreign corporation is set to expire.

As one can imagine on reading this long list of expiring tax provisions (and not even taking account the many more minor provisions also set to expire or change which are not included above), the likelihood of a new tax bill to address these provisions is high. Given the nature of the Congressional rules around reconciliation and the nature of budget and tax negotiations, attempts to extend many of these provisions would likely involve the addition of new revenue-raising provisions. As such, the prospects of tax reform in 2025 are high. Proskauer closely monitors legislative developments, and additional tax blog posts will be made as specific tax proposals are moved through Congress.

© 2024 Proskauer Rose LLP.
For more on Tax Legislation, visit the NLR Tax section

The CTA Filing Deadline is Approaching. Is Your BOIR Filed Yet?

The clock is ticking—just 49 days remain until the one-year filing deadline for the Corporate Transparency Act (CTA)! Entities established before January 1, 2024, must submit a beneficial owner information report (BOIR) by December 31, 2024.

The CTA is a new reporting requirement that came into effect on January 1, 2024. The CTA requires any entity created by or registered to do business by the filing of a document with a secretary of state, or another similar office, to report its information and its beneficial owners to the Financial Crimes Enforcement Network (FinCEN), which is a bureau of the United States Treasury. The goal is to decrease money laundering and fraud.

We previously published advisories on the general application of the CTA and its specific application to entities created for estate planning purposes. The rules and guidelines about which we previously reported are largely unchanged. A reporting company still needs to report its legal name, all trades and d/b/a names, address, and beneficial owners. Beneficial owners are those with substantial control or who own or control 25% or more of the reporting company, directly or indirectly. The reporting company needs to report each beneficial owner’s name, date of birth, residential address, and an identifying number and image from one of four acceptable identification documents.

Although the CTA was declared unconstitutional by a federal district court in Alabama, the ruling only prevents the CTA’s enforcement on the parties directly involved in the case. The court did not issue a nationwide ruling to prevent the law from being enforced. Thus, other companies are expected to continue filing BOIRs. The Alabama case is currently on appeal and oral arguments were held at the end of September 2024.

FinCEN has been periodically updating its Frequently Asked Questions to provide some clarification since the CTA became effective. We outline the most relevant guidance below:

General Updates:

  1. Entities that are created before January 1, 2024, even if dissolved sometime in 2024 before the December 31, 2024, deadline, must still report their information and beneficial owners by December 31, 2024.
  2. Entities that are created in 2024 have 90 days to file the BOIR. Entities created on or after January 1, 2025, will have 30 days to file the BOIR. Entities that are created in 2024 but are wound up, dissolved, or otherwise cease to exist must still file the BOIR with FinCEN.
  3. Beneficial ownership is determined in the aggregate. This means that companies need to analyze each beneficial owner to determine if he or she indirectly/directly substantially controls or owns 25% or more of a reporting company. For example, Individual X owns 10% of Company Y. Individual X is also trustee of a trust that owns 20% of Company Y. Individual X needs to be reported as a beneficial owner because he owns an aggregate 30% of the company.
  4. Beneficial owners may now apply for a FinCEN Identifier here. This allows the beneficial owners to report their information to FinCEN directly, obtain an Identifier number, and simply provide the Identifier to those reporting companies of which he or she is a beneficial owner. This prevents a beneficial owner from having to share personal and sensitive information with a company. This also streamlines the process for any change in the beneficial owner’s information. Each beneficial owner can log into FinCEN and simply update the information within 30 days of the change rather than first providing it to the reporting company and then the company filing a new BOIR to update the information.

a. In order to create a FinCEN Identifier, an individual will have to create a login.gov account. This is the account that the federal government is using to streamline many of its services, such as, global entry and applying for federal jobs.

5. Reporting companies may complete and submit a BOIR online here. A company could also submit a PDF of the report at the same link if it chose to complete a paper copy. There is no fee to submit online. There are also many vendors offering a service to assist with the process and submit the report for a fee.

Real Estate/Corporate Updates:

6.FinCEN clarified that the subsidiary exemption applies when a subsidiary’s ownership interests are entirely controlled or wholly owned, directly, or indirectly, by any of the following types of exempt entities: (1) Securities reporting issuer; (2) Governmental authority; (3) Bank; (4) Credit union; (5) Depository institution holding company; (6) Broker or dealer in securities; (7) Other Exchange Act registered entity; (8) Investment company or investment adviser; (9) Venture capital fund adviser; (10) Insurance company; (11) State-licensed insurance producer; (12) Commodity Exchange Act registered entity; (13) Accounting firm; (14) Public utility; (15) Financial market utility; (16) Tax-exempt entity; or (17) Large operating company. Further, if a reporting company’s ownership interests are controlled or wholly owned by more than one exempt entity, the reporting company may still qualify for the subsidiary exemption if the entities are unaffiliated; however, every controlling or owning entity must itself be an exempt entity in order for the reporting company to qualify for the subsidiary exemption.

Trusts and Estates Updates:

7.If there is a corporate trustee, the reporting company will be reporting those individual beneficial owners that indirectly own or control at least 25% of the ownership interests of the reporting company through the ownership in the corporate trustee. This will be determined by multiplying the percentage of ownership of the corporate trustee with the trust’s ownership/control of the reporting company. For example, if Individual A owns 70% of the corporate trustee of a trust, and that trust holds 30% of the reporting company, Individual A holds or controls 21% of the reporting company (70% x 30 = 21). If Individual A owned 90% of the corporate trustee, then it would own/control 27% of the reporting company (90% x 30 = 27) and the company must report Individual A as a beneficial owner. There may be other beneficial owners if someone else at the corporate trustee exercises substantial control over the reporting company.

A reporting company may submit the corporate trustee’s information in lieu of each beneficial owner’s information only if all of these conditions are met:

a. The corporate entity is an exempt entity from the reporting requirements.

b. The individual owns or controls 25% of the reporting company only through the corporate trustee.

c. The individual does not exercise substantial control over the reporting company.

A company can obtain its own FinCEN Identifier when it submits an initial BOIR for its beneficial owner(s). This way, such company may be reported as a beneficial owner, such as a corporate trustee that meets the above requirements. For example, when LLC A reports Individual A as its beneficial owner, LLC A has the option of clicking a button to obtain its own FinCEN Identifier.

8. An individual who has the power to remove a trustee, remove and replace a trustee, and/or appoint an additional trustee is deemed to have substantial control through the power to change the person who makes decisions for the trust, and thereby, the reporting company. While this is not explicit in the Frequently Asked Questions, it is consistent with FinCEN’s position that someone who has the power to remove a senior officer of a reporting company is a beneficial owner.

While this is an extensive list, it is by no means an exhaustive list, and various circumstances not discussed above may change how the CTA applies in a particular case.

Copyright 2024 Goulston & Storrs PC.
For more on the CTA, visit the NLR Corporate Business Organizations section

The Power of Incorporation Compels You: Surety Succeeds in Compelling Contractor to Arbitrate Bond Claims Pursuant to Arbitration Clause in Subcontract

In Swinerton Builders, Inc. v. Argonaut Insurance Co., Swinerton Builders, a contractor, sued a surety on bond claims arising from defaults by its subcontractor on a series of work orders. The owner of Swinerton’s mechanical subcontractor on three projects passed away unexpectedly, and the subcontractor was unable to complete its remaining work on the projects.

Swinerton filed a complaint in August 2023 against Argonaut, the subcontractor’s surety, seeking to recover on the payment and performance bonds issued by Argonaut. The complaint also included claims for breach of the covenant of good faith and fraud. Argonaut responded by moving to dismiss based on the arbitration clause in Swinerton’s subcontract. The bonds at issue incorporated by reference the subcontract, including the arbitration provision. The federal district court converted the motion to dismiss to a motion to stay and compel arbitration based on the requirements of the Federal Arbitration Act.

To compel arbitration, the court noted that Argonaut must show that there was an agreement to arbitrate with Swinerton and that the disputes at issue fell under that agreement. Swinerton argued that it only agreed to arbitrate disputes between Swinerton and the subcontractor and that the arbitration provision did not apply to Argonaut, a non-signatory to the subcontract agreement.

The court disagreed with Swinerton and granted Argonaut’s motion. Relying on precedent holding that a surety may be bound by an arbitration provision where the bond incorporates the underlying contract containing the arbitration clause, the court ruled that the same rationale supported the surety’s motion to compel in this instance. The court also did not find persuasive Swinerton’s argument that it should not be compelled to arbitrate where the bonded subcontractor’s default was not disputed. The court determined the alleged breaches of the subcontract would have to be arbitrated.

It is not clear why Argonaut elected to pursue arbitration as opposed to litigating the bond claims. The surety may have been concerned with the bad faith and fraud claims asserted by Swinerton and concluded that arbitrating such disputes would be preferable to a jury trial on those issues. However, the court did note that the arbitrator would retain authority to determine which of Swinerton’s claims were arbitrable under the arbitration agreement, so there remains a risk that some of the claims will be referred back to the court by the arbitrator. Regardless, for parties choosing whether to arbitrate or litigate under their construction contracts, the expansive application of the arbitration provision by the court in Swinerton Builders is another factor to be considered, especially where performance is secured by third-party bonds, guarantees, and other instruments.

Listen to this post

© 2024 Bradley Arant Boult Cummings LLP
For more on Contractors, visit the NLR Construction Law section

The Power of Incorporation Compels You: Surety Succeeds in Compelling Contractor to Arbitrate Bond Claims Pursuant to Arbitration Clause in Subcontract

In Swinerton Builders, Inc. v. Argonaut Insurance Co., Swinerton Builders, a contractor, sued a surety on bond claims arising from defaults by its subcontractor on a series of work orders. The owner of Swinerton’s mechanical subcontractor on three projects passed away unexpectedly, and the subcontractor was unable to complete its remaining work on the projects.

Swinerton filed a complaint in August 2023 against Argonaut, the subcontractor’s surety, seeking to recover on the payment and performance bonds issued by Argonaut. The complaint also included claims for breach of the covenant of good faith and fraud. Argonaut responded by moving to dismiss based on the arbitration clause in Swinerton’s subcontract. The bonds at issue incorporated by reference the subcontract, including the arbitration provision. The federal district court converted the motion to dismiss to a motion to stay and compel arbitration based on the requirements of the Federal Arbitration Act.

To compel arbitration, the court noted that Argonaut must show that there was an agreement to arbitrate with Swinerton and that the disputes at issue fell under that agreement. Swinerton argued that it only agreed to arbitrate disputes between Swinerton and the subcontractor and that the arbitration provision did not apply to Argonaut, a non-signatory to the subcontract agreement.

The court disagreed with Swinerton and granted Argonaut’s motion. Relying on precedent holding that a surety may be bound by an arbitration provision where the bond incorporates the underlying contract containing the arbitration clause, the court ruled that the same rationale supported the surety’s motion to compel in this instance. The court also did not find persuasive Swinerton’s argument that it should not be compelled to arbitrate where the bonded subcontractor’s default was not disputed. The court determined the alleged breaches of the subcontract would have to be arbitrated.

It is not clear why Argonaut elected to pursue arbitration as opposed to litigating the bond claims. The surety may have been concerned with the bad faith and fraud claims asserted by Swinerton and concluded that arbitrating such disputes would be preferable to a jury trial on those issues. However, the court did note that the arbitrator would retain authority to determine which of Swinerton’s claims were arbitrable under the arbitration agreement, so there remains a risk that some of the claims will be referred back to the court by the arbitrator. Regardless, for parties choosing whether to arbitrate or litigate under their construction contracts, the expansive application of the arbitration provision by the court in Swinerton Builders is another factor to be considered, especially where performance is secured by third-party bonds, guarantees, and other instruments.

Listen to this post

© 2024 Bradley Arant Boult Cummings LLP
For more on Contractors, visit the NLR Construction Law section

The Cybersecurity Maturity Model Certification (CMMC) Program – Defense Contractors Must Rapidly Prepare and Implement

The Department of Defense (DoD) has officially launched the Cybersecurity Maturity Model Certification (CMMC) Program, which requires federal contractors and subcontractors across the Defense Industrial Base (DIB) to comply with strict cybersecurity standards. The CMMC program aims to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in DoD contracts from evolving cyber threats by requiring defense contractors to implement comprehensive cybersecurity controls. The CMMC Program, which must be confirmed by contracting officers, moves beyond the prior self-assessment model for many contractors to a certification-based approach verified by DoD-approved third-party assessors known as CMMC Third Party Assessor Organizations (C3PAOs).

This client alert outlines the key elements of the CMMC program, providing a detailed analysis of the new certification requirements, timelines for implementation, and practical steps contractors can take to prepare for compliance.

CMMC Overview and Purpose

The CMMC Program represents the DoD’s commitment to ensuring that companies handling FCI and CUI meet stringent cybersecurity standards. The program was developed in response to increasing cyber threats targeting the defense supply chain and is designed to verify that defense contractors and subcontractors have implemented the necessary security measures to safeguard sensitive information.

The CMMC Program consists of three levels of certification, with each level representing an increasing set of cybersecurity controls. The certification levels correspond to the type of information handled by the contractor, with higher levels required for contractors handling more sensitive information, such as CUI.

The DoD officially published the CMMC final rule on October 15, 2024, establishing the CMMC Program within federal regulations. The rule will be effective 60 days after publication, marking a significant milestone in the program’s rollout. DoD expects to publish the final rule amending the DFARS to add CMMC requirements to DoD contracts in early 2025. Contractors that fail to meet CMMC requirements will be ineligible for DoD contracts that involve FCI or CUI and could face significant penalties if they inappropriately attest to compliance.

The overall scope of the CMMC rule is relatively clear; however, some key elements are ambiguous and, in some cases, may require careful consideration. Particularly at the outset of any assessment process, a pre-risk gap assessment internal review, ideally conducted under legal privilege, is recommended to permit sufficient time to address shortfalls in technical controls or governance. The typical timeline for implementing a CMMC-type program may take many months, and we strongly recommend that clients begin this process soon if they have not already started—it is now unquestionably a requirement to do business with the DoD.

CMMC Certification Levels

The CMMC Program features three certification levels that contractors must achieve depending on the nature and sensitivity of the information they handle:

Level 1 (Self-Assessment)

Contractors at this level must meet 15 basic safeguarding requirements outlined in Federal Acquisition Regulation (FAR) 52.204-21. These requirements focus on protecting FCI, which refers to information not intended for public release but necessary for performing the contracted services. A self-assessment is sufficient to achieve certification at this level.

Level 2 (Self-Assessment or Third-Party Assessment)

Contractors handling CUI must meet 110 security controls specified in NIST Special Publication (SP) 800-171. CUI includes unclassified information that requires safeguarding or dissemination controls according to federal regulations. To achieve certification, contractors at this level can conduct a self-assessment or engage a C3PAO. Most defense contracts involving CUI will require third-party assessments to verify compliance.

Level 3 (Third-Party Assessment by DIBCAC)

Contractors supporting critical national security programs or handling highly sensitive CUI must achieve Level 3 certification. This level adds 24 security controls from NIST SP 800-172 to protect CUI from advanced persistent threats. The Defense Contract Management Agency’s (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) will conduct assessments for Level 3 contractors. This is the most stringent level of certification and is reserved for contractors working on the most sensitive programs.

Each certification level builds upon the previous one, with Level 3 being the most comprehensive. Certification is valid for three years, after which, contractors must be reassessed.

Certification Process and Assessment Requirements

Contractors seeking certification must undergo an assessment process that varies depending on the level of certification they are targeting. For Levels 1 and 2, contractors may conduct self-assessments. However, third-party assessments are required for most contracts at Level 2 and all contracts at Level 3. The assessment process includes several key steps:

Self-Assessment (Level 1 and Level 2 (Self))

Contractors at Level 1 or Level 2 (Self) must perform an internal assessment of their cybersecurity practices and submit their results to the Supplier Performance Risk System (SPRS). This system is the DoD’s centralized repository for contractor cybersecurity assessments. Contractors must affirm their compliance annually to maintain their certification status.

Third-Party Assessment (Level 2 (C3PAO) and Level 3 (DIBCAC))

For higher-level certifications, contractors must engage a certified C3PAO to conduct an independent assessment of their compliance with the applicable security controls. For Level 3 certifications, assessments will be performed by the DIBCAC. These assessments will involve reviewing the contractor’s cybersecurity practices, examining documentation, and conducting interviews to verify that the contractor has implemented the necessary controls.

Plan of Action and Milestones (POA&M)

Contractors that do not meet all of the required security controls during their assessment may develop a POA&M. This document outlines the steps the contractor will take to address any deficiencies. Contractors have 180 days to close out their POA&M, after which they must undergo a follow-up assessment to verify that all deficiencies have been addressed. If the contractor fails to meet the requirements within the 180-day window, their conditional certification will expire, and they will be ineligible for future contract awards.

Affirmation

After completing an assessment and addressing any deficiencies, contractors must submit an affirmation of compliance to SPRS. This affirmation must be submitted annually to maintain certification, even if a third-party assessment is only required once every three years.

Integration of CMMC in DoD Contracts

The CMMC Program will be integrated into DoD contracts through a phased implementation process. The program will initially apply to a limited number of contracts, but it will eventually become a requirement for all contracts involving FCI and CUI. The implementation will occur in four phases:

Phase 1 (Early 2025)

Following the publication of the final DFARS rule, CMMC requirements will be introduced in select solicitations. Contractors bidding on these contracts must meet the required CMMC level to be eligible for contract awards.

Phase 2

One year after the start of Phase 1, additional contracts requiring CMMC certification will be released. Contractors at this stage must meet Level 2 certification if handling CUI.

Phase 3

A year after the start of Phase 2, more contracts, including those requiring Level 3 certification, will include CMMC requirements.

Phase 4 (Full Implementation)

The final phase, expected to occur by 2028, will fully implement CMMC requirements across all applicable DoD contracts. From this point forward, contractors must meet the required CMMC level as a condition of contract award, exercise of option periods, and contract extensions.

Flow-Down Requirements for Subcontractors

CMMC requirements will apply to prime contractors and their subcontractors. Prime contractors must ensure that their subcontractors meet the appropriate CMMC level. This flow-down requirement will impact the entire defense supply chain, as subcontractors handling FCI must achieve at least Level 1 certification, and those handling CUI must achieve Level 2.

Subcontractors must be certified before the prime contractor can award them subcontracts. Prime contractors will be responsible for verifying that their subcontractors hold the necessary CMMC certification.

Temporary Deficiencies and Enduring Exceptions

The CMMC Program allows for limited flexibility in cases where contractors cannot meet all of the required security controls. Two key mechanisms provide this flexibility:

Temporary Deficiencies

Contractors may temporarily fall short of compliance with specific security controls, provided they document the deficiency in a POA&M and work toward remediation. These temporary deficiencies must be addressed within 180 days to maintain certification. Failure to close out POA&Ms within the required timeframe will result in the expiration of the contractor’s conditional certification status.

Enduring Exceptions

In some cases, contractors may be granted an enduring exception for specific security controls that are not feasible to implement due to the nature of the system or equipment being used. For example, medical devices or specialized test equipment may not support all cybersecurity controls required by the CMMC Program. In these cases, contractors can document the exception in their System Security Plan (SSP) and work with the DoD to determine appropriate mitigations.

Compliance Obligations and Contractual Penalties

The DoD has made it clear that failure to comply with CMMC requirements will have serious consequences for contractors. Noncompliant contractors will be ineligible for contract awards. Moreover, the Department of Justice’s Civil Cyber-Fraud Initiative looms menacingly in the background, as it actively pursues False Claims Act actions against defense contractors for alleged failures to comply with cybersecurity requirements in the DFARS. In addition, the DoD reserves the right to investigate contractors that have achieved CMMC certification to verify their continued compliance. If an investigation reveals that a contractor has not adequately implemented the required controls, the contractor may face contract termination and other contractual remedies.

Preparing for CMMC Certification

Given the far-reaching implications of the CMMC Program, contractors and subcontractors should begin preparing for certification as soon as possible. As an initial step, an internal, confidential gap assessment is highly advisable, preferably done under legal privilege, to fully understand both past and current shortfalls in compliance with existing cybersecurity requirements that will now be more fully examined in the CMMC process. Key steps include:

Assess Current Cybersecurity Posture

Contractors should conduct an internal assessment of their current cybersecurity practices against the CMMC requirements. This will help identify any gaps and areas that need improvement before seeking certification.

Develop an SSP

Contractors handling CUI must develop and maintain an SSP that outlines how they will meet the security controls specified in NIST SP 800-171. This document will serve as the foundation for both internal and third-party assessments.

Engage a C3PAO

Contractors at Level 2 (C3PAO) and Level 3 must identify and engage a certified C3PAO to conduct their assessments. Given the anticipated demand for assessments, contractors should begin this process early to avoid delays.

Prepare a POA&M

For contractors that do not meet all required controls at the time of assessment, developing a POA&M will be crucial to addressing deficiencies within the required 180-day window.

Review Subcontractor Compliance

Prime contractors must review their subcontractors’ compliance with CMMC requirements and ensure they hold the appropriate certification level. This flow-down requirement will impact the entire defense supply chain.

Conclusion

The CMMC Program marks a significant shift in the oversight of how the DoD manages cybersecurity risks within its defense supply chain. While DoD contractors that handle CUI have had contractual obligations to comply with the NIST SP 800-171 requirements since January 1, 2018, the addition of third-party assessments and more stringent security controls for Level 3 contracts aim to improve the overall cybersecurity posture of contractors handling FCI and CUI. Contractors that fail to comply with CMMC requirements risk losing eligibility for DoD contracts, which could result in substantial business losses.

Given the phased implementation of the program, contractors must act now to assess their cybersecurity practices, engage with certified third-party assessors, and ensure compliance with the new requirements. Proactive planning and preparation will be key to maintaining eligibility for future DoD contracts.

Copyright 2024 K & L Gates
For more on Defense Contractors, visit the NLR Government Contracts Maritime Military section

Artificial Intelligence and the Rise of Product Liability Tort Litigation: Novel Action Alleges AI Chatbot Caused Minor’s Suicide

As we predicted a year ago, the Plaintiffs’ Bar continues to test new legal theories attacking the use of Artificial Intelligence (AI) technology in courtrooms across the country. Many of the complaints filed to date have included the proverbial kitchen sink: copyright infringement; privacy law violations; unfair competition; deceptive and acts and practices; negligence; right of publicity, invasion of privacy and intrusion upon seclusion; unjust enrichment; larceny; receipt of stolen property; and failure to warn (typically, a strict liability tort).

A case recently filed in Florida federal court, Garcia v. Character Techs., Inc., No. 6:24-CV-01903 (M.D. Fla. filed Oct. 22, 2024) (Character Tech) is one to watch. Character Tech pulls from the product liability tort playbook in an effort to hold a business liable for its AI technology. While product liability is governed by statute, case law or both, the tort playbook generally involves a defective, unreasonably dangerous “product” that is sold and causes physical harm to a person or property. In Character Tech, the complaint alleges (among other claims discussed below) that the Character.AI software was designed in a way that was not reasonably safe for minors, parents were not warned of the foreseeable harms arising from their children’s use of the Character.AI software, and as a result a minor committed suicide. Whether and how Character Tech evolves past a motion to dismiss will offer valuable insights for developers AI technologies.

The Complaint

On October 22nd, 2024, Ms. Garcia, the mother of the deceased minor (Sewell), filed a complaint in the Middle District of Florida against Google LLC, Character Technologies Inc. and the creators of Character.AI—Noam Shazeer and Daniel De Frietas Adiwarsana. Shazeer and De Frietas formed Character Technologies Inc. after they left their prior jobs at Google LLC and subsequently developed and marketed Character.AI.

Character.AI allows users to communicate with existing Character.AI characters – such as Interviewer or Trip Planner – or to create new AI characters using Character.AI’s tools. A user can then engage with the Character.AI character – whether for human-like conversations, such as to answer questions, write a story, translate or write code – based on Character Tech’s large language model chatbot. According to the Complaint, Character.AI was rated as suitable for children until July 2024.

The Complaint alleges that Character.AI’s chatbot led Sewell to commit suicide. The Plaintiff claims her son became instantly addicted to Character.AI, leading to drastic behavioral changes such as sleep deprivation, school-related issues and low self-esteem. Her son primarily engaged with Character.AI characters from the HBO series Game of Thrones. The conversations with Game of Thrones’ female characters (such as Rhaenyra Targaryen and Daenerys Targaryen) involved sexualized content. Sewell also expressed his own dark thoughts such as “[t]he world I’m in now is such a cruel one. One where I’m meaningless. But, I’ll keep living and trying to get back to you so we can be together again, my love.” According to the Complaint, after Ms. Garcia took her son’s phone away, Sewell would use extraordinary measures to engage with Character.AI characters.

In his last conversation with a Character.AI character, Sewell told the character that he wanted to “come home” and the character replied, “[please] come home to me as soon as possible, my love,” to which he responded, “[w]hat if I told you I could come home right now?” The character answered, “…please do, my sweet king.” Seconds later, Sewell took his own life.

The Claims

The Complaint asserts a host of claims centered around an alleged lack of safeguards for Character.AI and the exploitation of minors. The most significant claims are noted below:

  • The Product Liability Torts

The Plaintiff alleges both strict liability and negligence claims for a failure to warn and defective design. The first hurdle under these product liability claims is whether Character.AI is a product. She argues that Character.AI is a product because it has a definite appearance and location on a user’s phone, it is personal and movable, it is a “good” rather than an idea, copies of Character.AI are uniform and not customized, there are an unlimited number of copies that can be obtained and it can be accessed on the internet without an account. This first step may, however, prove difficult for the Plaintiff because Character.AI is not a traditional tangible good and courts have wrestled over whether similar technologies are services—existing outside the realm of product liability. See In re Social Media Adolescent Addiction, 702 F. Supp. 3d 809, 838 (N.D. Cal. 2023) (rejecting both parties’ simplistic approaches to the services or products inquiry because “cases exist on both sides of the questions posed by this litigation precisely because it is the functionalities of the alleged products that must be analyzed”).

The failure to warn claims allege that the Defendants had knowledge of the inherent dangers of the Character.AI chatbots, as shown by public statements of industry experts, regulatory bodies and the Defendants themselves. These alleged dangers include knowledge that the software utilizes data sets that are highly toxic and sexual to train itself, common industry knowledge that using tactics to convince users that it is human manipulates users’ emotions and vulnerability, and that minors are most susceptible to these negative effects. The Defendants allegedly had a duty to warn users of these risks and breached that duty by failing to warn users and intentionally allowing minors to use Character.AI.

The defective design claims argue the software is defectively designed based on a “Garbage In, Garbage Out” theory. Specifically, Character.AI was allegedly trained based on poor quality data sets “widely known for toxic conversations, sexually explicit material, copyrighted data, and even possible child sexual abuse material that produced flawed outputs.” Some of these alleged dangers include the unlicensed practice of psychotherapy, sexual exploitation and solicitation of minors, chatbots tricking users into thinking they are human, and in this instance, encouraging suicide. Further, the Complaint alleges that Character.AI is unreasonably and inherently dangerous for the general public—particularly minors—and numerous safer alternative designs are available.

  • Deceptive and Unfair Trade Practices

The Plaintiff asserts a deceptive and unfair trade practices claim under Florida state law. The Complaint alleges the Defendants represented that Character.AI characters mimic human interaction, which contradicts Character Tech’s disclaimer that Character.AI characters are “not real.” These representations constitute dark patterns that manipulate consumers into using Character.AI, buying subscriptions and providing personal data.

The Plaintiff also alleges that certain characters claim to be licensed or trained mental health professionals and operate as such. The Defendants allegedly failed to conduct testing to determine whether the accuracy of these claims. The Plaintiff argues that by portraying certain chatbots to be therapists—yet not requiring them to adhere to any standards—the Defendants engaged in deceptive trade practices. The Complaint compares this claim to the FTC’s recent action against DONOTPAY, Inc. for its AI-generated legal services that allegedly claimed to operate like a human lawyer without adequate testing.

The Defendants are also alleged to employ AI voice call features intended to mislead and confuse younger users into thinking the chatbots are human. For example, a Character.AI chatbot titled “Mental Health Helper” allegedly identified itself as a “real person” and “not a bot” in communications with a user. The Plaintiff asserts that these deceptive and unfair trade practices resulted in damages, including the Character.AI subscription costs, Sewell’s therapy sessions and hospitalization allegedly caused by his use of Character.AI.

  • Wrongful Death

Ms. Garcia asserts a wrongful death claim arguing the Defendants’ wrongful acts and neglect proximately caused the death of her son. She supports this claim by showing her son’s immediate mental health decline after he began using Character.AI, his therapist’s evaluation that he was addicted to Character.AI characters and his disturbing sexualized conversations with those characters.

  • Intentional Infliction of Emotional Distress

Ms. Garcia also asserts a claim for intentional infliction of emotional distress. The Defendants allegedly engaged in intentional and reckless conduct by introducing AI technology to the public and (at least initially) targeting it to minors without appropriate safety features. Further, the conduct was allegedly outrageous because it took advantage of minor users’ vulnerabilities and collected their data to continuously train the AI technology. Lastly, the Defendants’ conduct caused severe emotional distress to Plaintiff, i.e., the loss of her son.

  • Other Claims

The Plaintiff also asserts claims of negligence per se, unjust enrichment, survivor action and loss of consortium and society.

Lawsuits like Character Tech will surely continue to sprout up as AI technology becomes increasingly popular and intertwined with media consumption – at least until the U.S. AI legal framework catches up with the technology. Currently, the Colorado AI Act (covered here) will become the broadest AI law in the U.S. when it enters into force in 2026.

The Colorado AI Act regulates a “High-Risk Artificial Intelligence System” and is focused on preventing “algorithmic discrimination, for Colorado residents”, i.e., “an unlawful differential treatment or impact that disfavors an individual or group of individuals on the basis of their actual or perceived age, color, disability, ethnicity, genetic information, limited proficiency in the English language, national origin, race, religion, reproductive health, sex, veteran status, or other classification protected under the laws of [Colorado] or federal law.” (Colo. Rev. Stat. § 6-1-1701(1).) Whether the Character.AI technology would constitute a High-Risk Artificial Intelligence System is still unclear but may be clarified by the anticipated regulations from the Colorado Attorney General. Other U.S. AI laws also are focused on detecting and preventing bias, discrimination and civil rights in hiring and employment, as well as transparency about sources and ownership of training data for generative AI systems. The California legislature passed a law focused on large AI systems that prohibited a developer from making an AI system available if it presented an “unreasonable risk” of causing or materially enabling “a critical harm.” This law was subsequently vetoed by California Governor Newsome as “well-intentioned” but nonetheless flawed.

While the U.S. AI legal framework – whether in the states or under the new administration – an organization using AI technology must consider how novel issues like the ones raised in Character Tech present new risks.

Daniel Stephen, Naija Perry, and Aden Hochrun contributed to this article

© Copyright 2024 Squire Patton Boggs (US) LLP
For more on AI, visit the NLR Communications Media Internet section

“Captive Audience” Bans: Employers Should Be Aware of This Trend

As organized labor activity has been on the rise in recent years and stories about union-related matters have become regular news, labor relations questions have ever-increasingly become front-of-mind for employers. It is also not crazy to think that unions that have been considering an organizing effort will decide in the next couple of months to roll the dice now in anticipation that federal labor policy will (again) radically shift following the results of last week’s elections.

What has not garnered as much attention as the Starbucks and other prominent unionization efforts is the effort to strip from employers one of their most effective tools in countering union efforts to organize: mandatory employee meetings where employers can address and rebut the kinds of sweeping promises common to a union sales pitch.

In the midst of an organizing campaign, and particularly so in the days leading up to a union election, employers have long used meetings with employees as an opportunity to communicate their views on unionization and share their position on the upcoming vote. And for good reason — such meetings are one of the most effective tools to respond to promises unions make to employees and educate workers on the fact that unions have the legal right to make all sorts of promises about things they know they cannot guarantee, while employers are constrained by law from making almost any promises to employees.

These meetings are also very important mechanisms to share information that most unions prefer to avoid discussing — like mandatory dues, how long first contract negotiations can take, the potential for union decertification, and a union’s ability to call employees out on strike and punish them if employees will not toe the picket line. Much like with meetings to discuss other topics such as safety concerns or policy changes, employers often make attendance at such meetings mandatory and compensate employees for their time at such meetings because their attendance is a job expectation.

Given the effectiveness of such meetings, if you’re a cynic like me, then perhaps it does not surprise you that political forces favoring unions want to prevent employers from conducting them. In April 2022, National Labor Relations Board (NLRB) General Counsel Jennifer Abruzzo issued a memo announcing that she intended to push the NLRB to make legal rulings finding that employer mandatory meetings covering union-related and labor relations matters violate the National Labor Relations Act (NLRA). Such rulings would be an explicit reversal of NLRB decisions dating back to 1948 taking the position that employers do not violate the NLRA by requiring employees to attend meetings where the employer shares its messages regarding unionization. However, notwithstanding the General Counsel’s request, the NLRB has yet to reverse these decisions, and last week’s presidential election results certainly suggest the policy pendulum at the NLRB is likely to soon swing in the other direction.

But the current political winds at the federal level will not stop all momentum to prevent employers from using employee meetings to combat against the lofty promises unions make and communicate information they want to make sure is available to employees. Several “blue” states — California, Hawaii, Illinois, Vermont, and Washington — have all passed laws in the last year making employer captive audience meetings illegal, joining Connecticut, Maine, Minnesota, New York, and Oregon, which already had similar laws on the books. Alaska voters appear to have also adopted such a law in their state. If last week’s election results suggest anything, it may be that, in anticipation of a federal about-face in the organized labor arena, more states will try to take matters into their own hands and consider additional bans on these types of meetings.

The legality of such state laws is not without question. While Oregon’s law — the first of its kind and passed in 2010 — survived a legal preemption challenge, the argument remains that the NLRA preempts such laws as an impermissible intrusion on federal labor policy and employer rights preserved by federal law. With the reshaping of the federal courts in recent years, we can reasonably expect someone will attempt another NLRA preemption challenge, hoping to land before a federal judge or court more likely to be sympathetic to the argument. There is also a compelling argument that such state laws infringe employer First Amendment rights, particularly given that they target a particular speaker and a particular message, while not banning mandatory meetings to discuss things like safety or company updates. Such state action is therefore not content- or viewpoint-neutral, as required by most types of First Amendment analysis. To that end, the Illinois Policy Institute is making this First Amendment argument in a lawsuit it recently filed asking a federal court in Chicago to block the Illinois Worker Freedom of Speech Act from going into effect on January 1, 2025. How the Chicago federal court rules in that case may have wide-ranging implications for the other states’ statutes and the future of efforts to ban captive audience meetings.

As labor relations policy is sure to continue evolving in the coming years, employers should stay aware for now of the developing captive audience landscape, particularly if they face union activity in a state with a current ban on employer meetings of the type described in this article. Employers in such states can still hold meetings to discuss their message regarding unionization and make attendance at them voluntary — and should absolutely do so if faced with a union campaign.

© 2024 Foley & Lardner LLP

by: Christopher G. Ward of Foley & Lardner LLP

For more news on

visit the NLR Labor & Employment section.

CFPB Imposes $95 Million Fine on Large Credit Union for Overdraft Fee Practices

On November 7, 2024, the CFPB ordered one of the largest credit unions in the nation to pay over $95 million for its practices related to the imposition of overdraft fees. The enforcement action addresses practices from 2017 to 2022 where the credit union charged overdraft fees on transactions that appeared to have sufficient funds, affecting consumers including those in the military community, in violation of the CFPA’s prohibition on unfair, deceptive, and abusive acts or practices.

The Bureau alleges that the credit union’s practices, particularly in connection with its overdraft service, resulted in nearly $1 billion in revenue from overdraft fees over the course of five years. According to the Bureau, the credit union unfairly charged overdraft fees in two ways. First, it charged overdraft fees on transactions where the consumer had a sufficient balance at the time the credit union authorized the transaction, but then later settled with an insufficient balance. The Bureau noted that these authorize-positive/settle-negative violations have been a focus of federal regulators since 2015, and were the subject of a CFPB circular in October 2022. Second, when customers received money though peer-to-peer payment networks, the credit union’s systems showed the money as immediately available to spend. However, the credit union failed to disclose that payments received after a certain time of the day would not post until the next business day. Customers who tried to use this apparently available money were then charged overdraft fees

In addition to monetary fines, the CFPB’s order prohibits the credit union from imposing overdraft fees for authorize-positive, settle negative transactions, and also in cases where there was a delayed crediting of funds from peer-to-peer payment platforms.

The monetary penalties the consent order imposes consist of $80 million in consumer refunds for wrongfully charged overdraft fees and a $15 million civil penalty to be paid to the CFPB’s victims relief fund.

Putting It Into Practice: This order aligns with federal and state regulators’ recent focus on overdraft fees in a broader initiative to eliminate allegedly illegal “junk fees” (a trend we previously discussed herehere, and here). For companies operating in the financial sector or providing peer-to-peer payment services, this enforcement action serves as a critical reminder of the need for transparency and adherence to consumer financial protection laws. Regular audits of fee practices and disclosures can help identify and rectify potential compliance issues before they escalate. Companies aiming to impose overdraft or other types of fees should review agency guidance enforcements to ensure their internal policies and business practices do not land them in hot water.

Listen to this post

Copyright © 2024, Sheppard Mullin Richter & Hampton LLP.
For more on the CFPB, visit the NLR Financial Institutions Banking section.