Tag: legal

Patch Up – Log4j and How to Avoid a Cybercrime Christmas

A vulnerability so dangerous that Cybersecurity and Infrastructure (CISA) Director Jen Easterly called it “one of the most serious [she’s] seen in [her] entire career, if not the most serious” arrived just in time for the holidays. On December 10, 2021, CISA and the director of cybersecurity at the National Security Agency (NSA) began alerting the public of a critical vulnerability within the Apache Log4j Java logging framework. Civilian government agencies have been instructed to mitigate against the vulnerability by Christmas Eve, and companies should follow suit.

The Log4j vulnerability allows threat actors to remotely execute code both on-premises and within cloud-based application servers, thereby obtaining control of the impacted servers. CISA expects the vulnerability to affect hundreds of millions of devices. This is a widespread critical vulnerability and companies should quickly assess whether, and to what extent, they or their service providers are using Log4j.

Immediate Recommendations

  • Immediately upgrade all versions of Apache Log4j to 2.15.0.
  • Ask your service providers whether their products or environment use Log4j, and if so, whether they have patched to the latest version. Helpfully, CISA sponsors a community-sourced GitHub repository with a list of software related to the vulnerability as a reference guide.
  • Confirm your security operations are monitoring internet-facing systems for indicators of compromise.
  • Review your incident response plan and ensure all response team information is up to date.
  • If your company is involved in an acquisition, discuss the security steps taken within the target company to address the Log4j vulnerability.

The versatility of this vulnerability has already attracted the attention of malicious nation-state actors. For example, government-affiliated cybercriminals in Iran and China have a “wish list” (no holiday pun intended) of entities that they are aggressively targeting with the Log4j vulnerability. Due to this malicious nation-state activity, if your company experiences a ransomware attack related to the Log4j vulnerability, it is particularly important to pay attention to potential sanctions-related issues.

Companies with additional questions about the Log4j vulnerability and its potential impact on technical threats and potential regulatory scrutiny or commercial liability are encouraged to contact counsel.

Article By Philip J. Bezanson, Brittney E. Justice, Claire E. Cahoon, and Seth D. DuCharme of Bracewell LLP

For more cybersecurity legal news, click here to visit the National Law Review.

© 2021 Bracewell LLP

Stay of OSHA Emergency Temporary Standard Lifted By Sixth Circuit – “All Systems Go,” For Now…

A divided panel of the United States Court of Appeals for the Sixth Circuit lifted the stay on the Occupational Safety and Health Association’s Emergency Temporary Standard (“OSHA ETS”) late Friday night (December 17, 2021). The Sixth Circuit had previously been selected at random to hear the consolidated OSHA ETS litigation.

As a result of the Sixth Circuit’s ruling, OSHA announced that it would exercise enforcement discretion with respect to the compliance dates of the OSHA ETS.  To provide employers with sufficient time to come into compliance:

  • OSHA will not issue citations for noncompliance with any requirements of the OSHA ETS before January 10, 2022; and

  • OSHA will not issue citations for noncompliance with testing requirements before February 9, 2022.

These “extensions” are conditioned on an employer exercising reasonable, good faith efforts to come into compliance with the OSHA ETS.

Ultimately, the Sixth Circuit found that the petitioners (Republican-led states, businesses, religious groups, and individuals) were unable to establish a likelihood of success on the merits. In doing so, the Sixth Circuit considered and analyzed a myriad of statutory and constitutional arguments. Two out of the three judges on the panel determined that the petitioners would be unlikely to be successful on their constitutional arguments that OSHA violated the commerce clause or the non-delegation doctrine.

Under the Occupational Safety and Health Act, OSHA is required to show that health effects may constitute a “grave danger” in order to warrant an emergency temporary standard. The Sixth Circuit held that the determination as to what constitutes “grave danger” should be left, in the first instance, to the agency. The Sixth Circuit expressly disagreed with, and in effect overruled, the United States Court of Appeals for the Fifth Circuit by holding that OSHA was not required to make findings of exposure in all covered workplaces. The Sixth Circuit held that to require so would mean that no hazard could ever rise to the level of “grave danger.” Ultimately, the Sixth Circuit found that OSHA had shown that COVID-19 is a danger and relied on proper science in issuing the ETS. The Sixth Circuit further held that simply because OSHA did not issue the ETS at the beginning of the pandemic did not mean the agency did not consider COVID-19 an emergency worth addressing.

The Sixth Circuit’s decision was appealed this morning to the Supreme Court; however, this appeal does not alter the decision unless and until the Supreme Court rules.  In the meantime, employers should resume (or continue) preparations to comply with the ETS requirements. For a summary of the OSHA ETS and its requirements, visit here.

Article By Lilian Doan Davis and Isaac T. Caverly of Polsinelli PC

For more coronavirus legal news, click here to visit the National Law Review.

© Polsinelli PC, Polsinelli LLP in California

Current Pandemic-Related Regulations for Business Travel to the United States, Germany, and the EU

Recently, due to the availability of COVID-19 vaccines, many countries decided to lift their entry restrictions or change them in such a way that travelers who had recovered from COVID-19 infections or been vaccinated were allowed entry. Here is an overview of some of the current entry requirements for international travel.

Entry Into the United States

Since November 8, 2021, individuals have been allowed to enter the United States again from Europe. For 20 months, an entry ban had been in place in the United States for travelers from Brazil, China, India, Iran, Ireland, the Schengen Area (26 countries), South Africa, and the United Kingdom. A proclamation issued by President Joe Biden on October 25, 2021—“A Proclamation on Advancing the Safe Resumption of Global Travel During the COVID-⁠19 Pandemic”—ended these entry restrictions and the need for national interest exceptions (NIE) to the restrictions. Travelers from most countries (a recent U.S. ban on travel from eight African countries took effect on November 29, 2021) may enter the United States if they are fully vaccinated and present negative coronavirus test results (via RT-PCR tests or antigen tests) that are no more than three days old at the time of departure.

Travelers must prove to their airlines that they have been fully vaccinated with internationally recognized vaccines prior to their departures. Currently, the United States recognizes vaccines the Pfizer-BioNTech, Oxford-AstraZeneca, Oxford-AstraZeneca/Covishield, Covaxin, Moderna, Johnson & Johnson/Janssen, BIBP/Sinopharm, and Sinovacvaccines. A traveler’s last vaccination must have taken place at least 14 days before the planned date of travel. The United States accepts the EU Digital COVID Certificate as proof of vaccination.

Exempt groups include persons on diplomatic or governmental foreign travel, children under 18 years of age, and persons who cannot be vaccinated with a COVID-19 vaccine for documented medical reasons. Persons exempt from the October 25, 2021, proclamation’s requirements may enter the United States without being fully vaccinated, but they must quarantine for seven days upon arrival and test for COVID-19 infection three to five days after entry.

Regardless of the COVID-19–related entry requirements, all travelers still need an Electronic System for Travel Authorization (ESTA) entry permit issued by U.S. Customs and Border Protection (CBP). CBP advises travelers to apply online for ESTA authorization at least 72 hours in advance of departure.

Requirements for Entry Into the European Union

The European Union (EU) has a common approach to travel from third countries to EU member states. Entry requirements are constantly being adapted to the pandemic situation as international travel gradually opens up. Currently, in principle, any person from a third country who has been fully vaccinated with a vaccine approved by the European Medicines Agency (EMA) (BioNTech-Pfizer, Moderna, AstraZeneca, and Janssen-Cilag) may enter the European Union. The last vaccination must have taken place at least 14 days before the planned entry.

EU citizens and residents as well as their family members are allowed to enter EU member states without being fully vaccinated. Further exceptions apply to persons for whom absolutely necessary reasons for entry exist. “Absolutely necessary reasons” may exist, among other things, for highly qualified employees from third countries if their labor is necessary from an economic point of view and their work cannot be postponed or carried out abroad.

The EU also maintains a list of countries where the epidemiological situation has improved sufficiently (the so-called “EU White List”), so that entry from these countries is possible regardless of an individual’s vaccination status. This list is constantly updated according to the epidemiological situation. The United States is not currently on the EU White List, so entry from the United States is only possible for fully vaccinated persons.

Each EU member state may set its own additional entry requirements. The EU’s “Re-open EU,” a clearinghouse of information regarding EU member states’ pandemic-related measures, offers an overview of the quarantine and testing requirements of the individual countries.

Requirements for Entry Into Germany

All travelers to Germany from third countries that are not on the EU White List and are not EU citizens or residents must be fully vaccinated. In exceptional cases, entry is possible if it is absolutely necessary.

In addition, all travelers aged 12 or older must provide proof of vaccination. Before crossing the border, proof of vaccination or convalescence, or a test result showing negative for infection (e.g., an antigen test that is no more than 48 hours old or an RT-PCR test that is no more than 72 hours old), must be presented for inspection by the carrier or at the request of the Federal Police.

For previous stays in high-risk or virus-variant areas, digital travel registration is also mandatory. The Robert Koch Institute provides a current list of all high-risk and virus-variant areas.

Nonvaccinated or recovered travelers entering from high-risk areas must also present a negative test upon entry and enter domestic quarantine for 10 days. The domestic quarantine can be ended prematurely if another negative test result is presented five days after entry.

At present, travel from a virus-variant area is not possible, as a travel ban is in force for countries where virus mutations are widespread. Entry is possible only in a few exceptional cases (for example, for German nationals and persons with residence and an existing right of abode in Germany, as well as their immediate family members). Irrespective of vaccination or convalescent status, these travelers are obliged to register their entries digitally, present negative test results upon entry, and go into quarantine for 14 days. Only vaccinated and recovered persons may shorten their quarantine periods by presenting further negative test results five days after entry.

Employer Inquiries Into Employees’ Vaccination and Recovery Status

These extensive regulations raise a question as to whether an employer may inquire into an employee’s vaccination status, or whether the employee has recovered from a COVID-19 infection in connection with an upcoming business trip.

The vaccination and/or convalescence status of an employee, under 9 (1) of the EU’s General Data Protection Regulation (GDPR), is considered health data and thus protected personal information according to Art. An employer may request and process this information only if there is a legal basis for doing so. If a business trip requires proof of an employee’s vaccination against COVID-19 (e.g., due to entry restrictions), an employer may request and process this information from the employee in individual cases. However, employers may only request the information in the context of specific business trips and are prohibited from retaining the information for any other purposes.”

The COVID-19–related entry regulations of many countries may largely determine the feasibility of a contemplated business trip, as the prospect for international business travel will likely depend on the vaccination status of the employees involved. This situation may result in a legitimate interest on the part of the employer to inquire into employee vaccination status because the employer would otherwise be unable to find out whether a particular employee met the entry requirements of the destination country. Only by inquiring into vaccination status can the employer ensure that the employee is not turned away at the border—i.e., that the employee can fulfill the duty to provide the contractually agreed upon work within the scope of the business trip.

Whether an employer’s query regarding an employee’s vaccination status is legitimate is therefore a case- and fact-specific inquiry, which depends above all on the entry regulations of the destination country. If the destination country requires complete vaccination for entry, it may be permissible from a data protection perspective to ask about an employee’s vaccination status.

Article By Cynthia Lange of Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

For more COVID-19 and travel-related legal news, click here to visit the National Law Review.

© 2021, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.

U.S. House and Senate Reach Agreement on Uyghur Forced Labor Prevention Act

On December 14, 2021, lawmakers in the House and Senate announced that they had reached an agreement on compromise language for a bill known as the Uyghur Forced Labor Prevention Act or “UFLPA.”  Different versions of this measure passed the House and the Senate earlier this year, but lawmakers and Congressional staff have been working to reconcile the parallel proposals. The compromise language paves the way for Congress to pass the bill and send it to President Biden’s desk as soon as this week.

The bill would establish a rebuttable presumption that all goods originating from China’s Xinjiang region violate existing US law prohibiting the importation of goods made with forced labor. The rebuttable presumption would go into effect 180 days after enactment.  The compromise bill would also require federal officials to solicit public comments and hold a public hearing to aid in developing a strategy for the enforcement of the import ban vis-à-vis goods alleged to have been made through forced labor in China.

This rebuttable presumption will present significant challenges to businesses with supply chains that might touch the Xinjiang region.  Many businesses do not have full visibility into their supply chains and will need to act quickly to map their suppliers and respond to identified risks.  Importers must present detailed documentaton in order to release any shipments that they think were improperly detained, a costly and time-consuming endeavor.  Notably, the public comment and hearing processes will guide the government’s enforcement strategy, providing business stakeholders an opportunity to contribute to an enforcement process that could have implications for implementation of the import ban more broadly.

China’s Xinjiang region is a part of several critical supply chains, lead among them global cotton and apparel trade, as well as solar module production.  According to the Peterson Institute:

Xinjiang accounts for nearly 20 percent of global cotton production, with annual production greater than that of the entire United States. Its position in refined polysilicon—the material from which solar panels are built—is even more dominant, accounting for nearly half of global production. Virtually all silicon-based solar panels are likely to contain some Xinjiang-sourced silicon, according to Jenny Chase, head of solar analysis at Bloomberg New Energy Finance. If signed into law, the bill will send apparel producers and the US solar industry scrambling to find alternative sources of supply and prices are bound to increase.

Article By Ludmilla L. Kasulke and Rory Murphy of Squire Patton Boggs (US) LLP

For more legal news and legislation updates, click here to visit the National Law Review.

© Copyright 2021 Squire Patton Boggs (US) LLP

CFPB Solicits Whistleblowers to Strengthen Enforcement of Consumer Financial Protection Laws

In its revamped whistleblower webpage, the CFPB is enlisting the help of whistleblowers to provide tips about the following issues:

  • Any discrimination related to consumer financial products or services or small businesses
  • Any use of artificial intelligence/machine learning models that is based on flawed or incomplete data sets, that uses proxies for race, gender, or other group characteristics, or that impacts particular groups or classes of people more than others;
  • Misleading or deceptive advertising of consumer financial products or services, including mortgages
  • Failure to collect, maintain, and report accurate mortgage loan application and origination data
  • Failure to provide or use accurate consumer reporting information
  • Failure to review mortgage borrowers’ loss mitigation applications in a timely manner
  • Any unfair, deceptive, or abusive act or practice with respect to any consumer financial product or service.

The CFPB has also announced that it seeks tips to help it combat the role of Artificial Intelligence in enabling intentional and unintentional discrimination in decision-making systems.  For example, a recent study of algorithmic mortgage underwriting revealed that Black and Hispanic families have been more likely to be denied a mortgage compared to similarly situated white families.

Proposed CFPB Whistleblower Reward Program

Currently, there is no whistleblower reward program at the CFPB and sanctions collected in CFPB enforcement actions do not qualify for SEC related action whistleblower awards.  In light of the success of the SEC’s Whistleblower Program as an effective tool to protect investors and strengthen capital markets, the CFPB requested that Congress establish a rewards program to strengthen the CFPB’s enforcement of consumer financial protection laws.

In September 2021, Senator Catherine Cortez Masto introduced the Financial Compensation for Consumer Financial Protection Bureau Whistleblowers Act (S. 2775), which would establish a whistleblowers rewards program at the CFPB similar to the SEC Whistleblower Program.  It would authorize the CFPB to reward whistleblowers between 10% to 30% of collected monetary sanctions in a successful enforcement action where the penalty exceeds $1 million.  And in cases involving monetary penalties of less than $1 million, the CFPB would be able to award any single whistleblower 10% of the amount collected or $50,000, whichever is greater.

The Financial Compensation for CFPB Whistleblowers Act is cosponsored by Chairman of the Senate Banking, Housing, and Urban Affairs Committee Senator Sherrod Brown and Senators Dick Durbin, Elizabeth Warren, Jeff Merkley, Richard Blumenthal, and Tina Smith. In the House, Representative Al Green introduced a companion bill (H.R. 5484).

A whistleblower reward program at the CFPB could significantly augment enforcement of consumer financial protection laws, including laws barring unfair, deceptive, or abusive acts and practices.  The CFPB has authority over a broad array of consumer financial products and services, including mortgages, deposit taking, credit cards, loan servicing, check guaranteeing, collection of consumer report data, debt collection associated with consumer financial products and services, real estate settlement, money transmitting, and financial data processing.  In addition, the CFPB is the primary consumer compliance supervisory, enforcement, and rulemaking authority over depository institutions with more than $10 billion in assets.

Hopefully, Congress will act swiftly to enact the Financial Compensation for CFPB Whistleblowers Act.

Protection for CFPB Whistleblowers

Although Congress did not establish a whistleblower reward program when it created the CFPB, it included a strong whistleblower protection provision in the Consumer Financial Protection Act of 2010 (CFPA).  The anti-retaliation provision of the Consumer Financial Protection Act provides a cause of action for corporate whistleblowers who suffer retaliation for raising concerns about potential violations of rules or regulations of the CFPC.

Workers Protected by the CFPA Anti-Retaliation Law

The term “covered employee” means “any individual performing tasks related to the offering or provision of a consumer financial product or service.”  The CFPA defines a “consumer financial product or service” to include “a wide variety of financial products or services offered or provided for use by consumers primarily for personal, family, or household purposes, and certain financial products or services that are delivered, offered, or provided in connection with a consumer financial product or service . . . Examples of these include . .. residential mortgage origination, lending, brokerage and servicing, and related products and services such as mortgage loan modification and foreclosure relief; student loans; payday loans; and other financial services such as debt collection, credit reporting, credit cards and related activities, money transmitting, check cashing and related activities, prepaid cards, and debt relief services.”

Scope of Protected Whistleblowing About Consumer Financial Protection Violations

The CFPA protects disclosures made to an employer, to the CFPB or any State, local, or Federal, government authority or law enforcement agency concerning any act or omission that the employee reasonably believes to be a violation of any CFPB regulation or any other consumer financial protection law that the Bureau enforces. This includes several federal laws regulating “unfair, deceptive, or abusive practices . . . related to the provision of consumer financial products or services.”

Some of the matters the CFPB regulates include:

  • kickbacks paid to mortgage issuers or insurers;
  • deceptive advertising;
  • discriminatory lending practices, including a violation of the Equal Credit Opportunity Act (“ECOA”);
  • excessive fees;
  • any false, deceptive, or misleading representation or means in connection with the collection of any debt; and
  • debt collection activities that violate the Fair Debt Collection Practices Act (FDCPA).

Some of the consumer financial protection laws that the CFPB enforces include:

  • Real Estate Settlement Procedures Act;
  • Home Mortgage Disclosure Act;
  • Equal Credit Opportunity Act;
  • Truth in Lending Act;
  • Truth in Savings Act;
  • Fair Credit Billing Act;
  • Fair Credit Reporting Act;
  • Electronic Fund Transfer Act;
  • Consumer Leasing Act;
  • Fair Debt Collection Practices Act;
  • Home Owners Protection Act; and
  • Secure and Fair Enforcement for Mortgage Licensing Act

Reasonable Belief Standard in Banking Whistleblower Retaliation Cases

The CFPA whistleblower protection law employs a reasonable belief standard.  As long as the plaintiff’s belief is reasonable, the whistleblower is protected, even if the whistleblower makes a mistake of law or fact about the underlying violation of a law or regulation under the CFPB’s jurisdiction.

Prohibited Retaliation

The CFPA anti-retaliation law proscribes a broad range of adverse employment actions, including terminating, “intimidating, threatening, restraining, coercing, blacklisting or disciplining, any covered employee or any authorized representative of covered employees” because of the employee’s protected whistleblowing.

Proving CFPA Whistleblower Retaliation

To prevail in a CFPA whistleblower retaliation claim, the whistleblower need only prove that his or her protected conduct was a contributing factor in the adverse employment action, i.e., that the protected activity, alone or in combination with other factors, affected in some way the outcome of the employer’s decision.

Where the employer takes the adverse employment action “shortly after” learning about the protected activity, courts may infer a causal connection between the two.  Van Asdale v. Int’l Game Tech., 577 F.3d 989, 1001 (9th Cir. 2009).

Filing a CFPA Financial Whistleblower Retaliation Claim

CFPA complaints are filed with OSHA, and the statute of limitations is 180 days from the date when the alleged violation occurs, which is the date on which the retaliatory decision has been both made and communicated to the whistleblower.

The complaint need not be in any particular form and can be filed orally with OSHA. A CFPA complaint need not meet the stringent pleading requirements that apply in federal court, and instead the administrative complaint “simply alerts OSHA to the existence of the alleged retaliation and the complainant’s desire that OSHA investigate the complaint.” If the complaint alleges each element of a CFPA whistleblower retaliation claim and the employer does not show by clear and convincing that it would have taken the same action in the absence of the alleged protected activity, OSHA will conduct an investigation.

OSHA investigates CFPA complaints to determine whether there is reasonable cause to believe that protected activity was a contributing factor in the alleged adverse action.  If OSHA finds a violation, it can order reinstatement of the whistleblower and other relief.

Article By Jason Zuckerman of Zuckerman Law

For more financial legal news, click here to visit the National Law Review.

© 2021 Zuckerman Law

Revenue Growth Strategy with Goulston & Storrs P.C.[PODCAST]

Your clients are here, are you listening? Rachel meets with Beth Cuzzone of Goulston & Storrs P.C. to discuss how to, “pitch less and listen more,” when it comes to law firm growth.

We’ve included a transcript of our conversation below, transcribed by artificial intelligence. The transcript has been lightly edited for style, clarity and readability.

INTRO  00:02

Hello and welcome to Legal News Reach, the official podcast for The National Law Review. Stay tuned for more discussion on the latest trends in legal marketing, SEO, law firm best practices and more.

Rachel  00:15

I’m Rachel, the Editorial Manager at the National Law Review. In this episode we’re excited to talk to Beth Cuzzone, Chief Strategic Growth Officer for Goulston & Storrs. Beth’s role at Goulston & Storrs revolves around relationships.  Relationships internally and externally.  Relationships with prospects, clients and business partners.  With decades of experience in the industry, Beth has been inducted into the College of Law Practice Management and the Legal Marketing Hall Of Fame, published by the ABA, Thomson Reuters and several industry publications, and awarded several honors throughout her career. Beth is also a co-founder of Legal Sales and Service Organization.  Thank you, Beth, for joining us today.

Beth Cuzzone  00:53

Thank you so much for having me, Rachel. And I’m so excited to see that you’ve launched this podcast series.

Rachel  00:59

We’re very excited to have launched it and really excited that we got to have you on. So one of the main topics we want to dive in today was bringing the voice of the client into legal marketing. So I was wondering if we could just get your thoughts on that? Why is it so important to bring the voice of the client into firms?

Beth Cuzzone

That’s a great place to start, Rachel, that’s a great place to start. And I do think bringing the voice of the client into what we are doing every day in the in law firms is really important, let me give you a couple of statistics. 80% of revenue will come from 20% of existing clients and law firms. So your future revenue depends on 20% of your existing clients, I’m going to say that, again, 80% of revenue comes from 20% of your existing clients, then you’ve got five times as many resources to attract a new client than it does to keep an existing one, you take those and you marry that with market demand. So spoiler alert, for anybody who’s listening to this podcast, what we want you to be thinking about is bringing the voice of the client and listening more to client needs to basically help you be more competitive, generate more revenue, be more profitable, and increase your client service.

Rachel  02:16

It definitely seems like an important part, especially that statistic of keeping those 20% of clients to make sure you hang on to that revenue. That’s super important. How has COVID-19 affected firms relationship with their clients? Because it’s sort of, you know, buried its way into basically every single facet of our lives. So I’m curious to get your thoughts on that.

Beth Cuzzone  02:37

No, it’s true. I mean, if we start on the very premise that clients are the most important variable, and growing revenue and profit for law firms, and that the only thing that’s constant is change, right? Clients’ needs change, decision makers at client companies change, laws and regulations change. And so if we aren’t having those open dialogue conversations and getting feedback and conversations with our clients, then how do we stay ahead of change? And then you bring in COVID, you know, with great disruption, it brings great opportunity. And so I would say now is the time for lawyers and law firms to be implementing, bringing the voice of the client into their firm, no matter what they’re doing to bring it in even stronger. I think having client feedback programs and listening to clients was once a nice to have now it’s a need to have. So if you are still doing the exact same legal services in the exact same way that you were pre pandemic, not to sound harsh, I would consider this your warning light for b2b law firms. There aren’t new issues, new ways of doing business, new technologies. And so I think the pandemic has catapulted the need for firms to be doing this with much more vigor, and process and framework. So I also think that the pandemic has affected firms’ relationships with their clients in a lot of good ways. We are bringing clients or clients are bringing their lawyers into their home. I don’t know about you, but over the last year and a half, I’ve met pets, children, delivery people, family members, from our clients, and my colleagues and my friends in the industry that I probably never would have if not for the pandemic and the reality of Zoom. So I do think that we’re starting to get to know clients in a different way. That’s not a bad thing. But again, I also think that the business issues that have come with COVID has created opportunity, and it also has created the foundation for “let’s do things differently”

Rachel  05:00

That’s some really good insight there. I want to get your thoughts on what firms can do, why it’s important for firms to bring in their clients into their conversations in legal marketing, what firms can do right now to improve those relationships.

Beth Cuzzone  05:13

Beyond the feedback, I do think just in general, overarching, how you improve your relationship with clients, is about asking yourself and taking a little bit of a litmus test. Take your top 10 clients, your top 15, your top three, your top 20, it depends on the size of your firm your practice that sort of thing. And say, “Do I know every one of my clients strategic priorities, strategic directions, measurable goals in the next year or two?” I don’t think we’re going to find many people that can actually rehearse them for their top five, top 10, top 20, top 30 clients. The other thing I would say is, you know, really being able to impact your relationship is asking the people that you have relationships with at client companies – how are they evaluated? How are they deemed successful? What are they trying to accomplish, but sometimes their goals may be different than the company goals. If there is a software technology company, and they have an in house legal department, the technology company’s mission might be changing the way science is done or impact on a disease. So that’s kind of their mission and their strategic direction. And goals might be about how many new customers they can acquire and that sort of thing. That’s all very important information to know. But if you’re the General Counsel, you know, maybe what you’re trying to accomplish is budget certainty. So if you don’t know those answers to those questions, then it’s hard to be able to provide service that has value. And you know, basically, what I mean by that is, how are you spending time off the clock with your clients? What value are you providing? Because when you’re on the clock, they’re paying you to be strategic, substantive, proactive, responsive, accessible, all of those things they’re paying you for. But when you’re off the clock, how are you helping their business? What kind of information are you giving them? Are you making introductions to them? Are you saving them money? And so I think it’s a little bit like throwing something at the wall to see if it sticks if you don’t know the answer to those questions.

Rachel  07:28

We spoke a little bit about spending time with clients off the clock and, you know, engaging with them in that way. Is that part of that process? Or, you know, is that one of the ways that people can see that feedback out?

Beth Cuzzone  07:42

Absolutely. Bringing the voice of your client into the firm can be done in many different ways. And feedback is one of them. But that is a way that you can add value to the client, because you will hear when you’re asking for feedback about ways that you’ll be able to improve your service. And then you’ll be able to go back and implement change and in turn, increase client service and really impact your client relationship. It all ties together. And it is one facet of client service.

Rachel  08:19

So you recently wrote a book about client feedback for the ABA. Can you tell us a little bit about that?

Beth Cuzzone  08:26

Well, I think timing played a big role. We were just talking about this. I think this now is the time for law firms to really double down in this area. We’ve all been reading books and articles about obtaining feedback from clients. And it’s important. And they’ll focus on the business case, some of the statistics that you and I were just talking about, or they’ll focus on a phase of the feedback loop. The book that we wanted to create was an instruction that would lay out the entire process, step by step of how our industry can move along the maturation line of client feedback, bringing the voice of the client, making improvements, and keeping that loop moving.

Rachel  09:22

Seems like an exciting topic and a great opportunity. So what are some ways you’re seeing firms getting this feedback?

Beth Cuzzone  09:29

There’s a couple of things that are happening. First, there’s a huge technology push in business right now. And so I’m seeing some terrific uses of technology and lawyers and law firms or marketing. The marketing function in law firms can do after action reviews, which is at the end of a deal, or a case, being able to sit down with a client for a few minutes and say, how did we do? What did you think of our team? And what did you like best about us? Did we surprise you? Are there other things that other law firms do that you’d like that you’d like us to do in the future. There’s also online surveys, I’ve seen law firms put a couple of survey questions on their bills, every two years, we’re going to sit down and have an annual strategy session. And we’re going to take two or three hours off the clock. And we’re going to talk about how we’ve been doing. And we’re going to talk about the people on our team, we’re going to talk about the changes in your company, we’re going to talk about what the pipeline of issues look like, and how we can be preventative and try to bring down, you know, the legal spend that sort of thing. And that’s where you either hire a consultant, or in house, you do it, where it doesn’t have to be on a schedule. But you reach out to those top clients. And again, that could be 10% or 30% of your clients depending on your law firm size, and asking them how you’re doing. And then bringing it back.

Rachel  11:18

How can law firms really use this feedback to differentiate themselves from the competition and really take that feedback to heart and actually make some changes?

Beth Cuzzone  11:26

So these are all really great questions. So you will find this staggering, I think, Rachel, I have been conducting client interviews for more than 20 years. I was at a consulting firm. Before I went in house to law firms where we did some client interviews, I’ve been at a law firm that I’ve been doing client interviews at for a couple of decades. I can probably count less than a dozen times that I’ve encountered a client feedback interview when the client hasn’t commented “this is the first time my law firm has ever asked me these questions.” This is the first time I’ve ever been invited to a client feedback session. That’s the first time that I’ve been, you know, invited to give some client service input. So think about that 25 plus years of client interviews, and I think less than 12 have actually had something like this happen to them before. My point  is that the very nature of doing it is a differentiator, right. And what it will allow you to do is when you’re asking these questions, and getting the feedback about what they want to see, you can be that trusted advisor. That starts to bring all sorts of value, added value around your substantive legal service advice. And you can actually start to play a real business leader role with your clients so that you’re not seeing it as legal advice, or the necessary evil, but really start to see that you’re additive. And that you can be accretive to the company and their mission. And I think again, the way you do that is by taking the very information that you hear and turning it into value add.

Rachel  13:40

Moving into our next section here speaking a little bit about differentiating law from service from the competition, we’ve spoken about ways that law firms can interact with their clients and asking for that feedback allows them to, you know, show that they can be a really good added value. What are some ways that firms can really highlight the service they offer to clients and make that connection with them?

Beth Cuzzone  14:03

We’ve always had a hard time differentiating our services from our competition. I think we look alike. We sound alike. And I think where we’re going to find differentiation is – do we act alike? And so I think that some of the ways that we as law firms will be able to highlight the services that we offer to clients is instead of telling clients what we do, too, responding to clients about what they need and how we can solve, I think just sometimes we’ve gotten into a little bit of an automated notion of, we have a newsletter. And so we’re going to now send it out to every one of our clients that talks about a new law and something that we do. And that’s not differentiating, that’s not really highlighted. or services. Instead, I would say if law firms can start doing what I call Account Based Marketing, and looking at it client by client, and really understanding what’s important to the client, and the content and conversation that you put in front of those clients will be the way that you differentiate yourself. So move from content marketing, which was so popular a couple of years ago, I say, take the very tenets of content marketing, and bring them down to a client and have it, again, be client based. That’s where I think law firms will be able to differentiate those micro sites that are just for the client. And the information in that hub is just for that client. You know, if that client is a middle market, private company, they don’t care about what’s happening in the eye, you know, with no, by the way, with no interest in becoming a public company, you know, they don’t want to get 17 newsletters about a new law that’s impacting public companies. But you certainly can be looking at trends that are in the middle market space, and kind of what’s market deal points and be putting that into a hub. So that’s where I think I’d like to see law firms and lawyers and marketing departments really start to focus.

Rachel  16:32

I guess this is sort of like a two pronged question. How have you seen the legal industry pivot in the post COVID world in terms of how they interact with clients? And a larger question would be what changes have you seen with that sort of client interaction since COVID has taken place?

Beth Cuzzone  16:50

Well, I think that the playing field has leveled, I think that there used to be some type of hierarchy before you could have access to a client, when you were at a law firm. If you were the relationship partner, you were the bridge between the client and everybody else at your firm. And I have seen that collapse, that hierarchy collapse. And I think that these relationship partners have brought along, you know, some younger folks, or maybe one of their colleagues who’s an industry expert in something the client needs. But what I’ve also seen, which is so exciting for me, is the opportunity for people in marketing departments to have FaceTime with clients. And that’s always been a little bit of an obstacle for marketing departments and law firms. And I’ve heard so many of my executives, who are amazing brand ambassadors for their law firms say, I’m not sure how I can find a way to be client facing. And it’s been a goal of mine. And I think COVID has really changed that. And I think that now, there are lots of opportunities for the marketing departments, or the business development departments, the client, service departments, whatever they’re called, to really have that forward facing role. And I think feedback is one way, but using your CRM system, to really find some proactive opportunities, and bringing them to the relationship partner and saying, let’s talk with the client about this.

Rachel  18:49

So what are some things that Goulston & Storrs has done the past year to really adapt to challenges brought on by COVID-19? We’ve spoken to a number of law firms so far, and in making this podcast and it seems like all of them sort of have a different answer. So I think it’s interesting to get that perspective.

Beth Cuzzone  19:07

The first thing that we did, I think, as a firm was we took off the law firm or lawyer or legal services hat at the beginning of COVID. I think the place where we probably had a shining moment with our clients, we were worried about our clients, their families, their businesses, and we put down the webinars and the newsletters and the outreach, and just tried to reach out to them on a very personal individual level to be sure people were doing okay and were healthy, and that that’s the first thing we did. But then it came back to business as usual. And I’m looking at so many statistics Rachel that are showing me that law firms are having the best year they’ve had since the last downturn this year. And so we’ve done a number of things differently. First of all, the way we are packaging, pricing and delivering, our legal services looks a little bit different. We brought in a chief value officer a couple of years ago, and it’s a real growth spot for us a real bright light for us. Because we are spending a lot of time with clients trying to figure out how to price you know, our services that fall in line with where they may be, economically. And it’s a marathon, right, it’s not a sprint. And so they’re just, some years clients need a different approach than others, in terms of billing and payment terms, and that sort of thing. So we’ve really been trying to align with our client needs there. And, and just the way we’re talking to them is different, right, we’ve created more on demand video, versus hosting seminars in our offices.. So anything the same that you were doing pre COVID, probably time to look at that process. And I think that runs across all the business operations.  think we’ve all had to manage to change and adapt.

Rachel  21:48

Right. And I think the only constant in life is change. I think one of the things that we have heard from a lot of law firms is just having just a pivot and make all these changes. And now a lot of law firms are looking at adopting law these things long term. So hopefully, we’ll see some, you know, improvements and some changes going long term.

Beth Cuzzone  22:15

I’m wondering, Rachel, you and your team spend so much time out in the marketplace, so I’m interested to see what trends are you seeing in the marketplace around client service and client growth.

Rachel  22:32

We’ve spoken with quite a few law firms in creating this podcast. And I think one of the big trends that we’ve seen from the guests that we’ve interviewed is, and you mentioned this earlier, sort of pivoting more to bring in the client into what these law firms are doing in terms of their marketing efforts, and finding new ways to connect with them. I think one of the one of the big things that we’ve seen as like a company as like, working with clients on publishing their thought leadership and publishing, you know, their events and things like that, I think one of the big things we did see are more firms doing these virtual events. And, you know, putting their expertise out there when they couldn’t meet in person, and they can’t, you know, have a conversation with their clients or go to a conference, or things like that. So I think just finding new ways to connect with the people that they work with, outside of the office, when we can’t actually be with each other in person.

Beth Cuzzone  23:39

Or so you’re starting to see content marketing, turn into content selling in a way and content relationship building. And you’re part of that process.

Rachel  23:49

Right. And we do. One of our publishing clients, specifically writes a lot about ways that attorneys and law firms can really set themselves apart or improve their processes. And that’s been a shift in focus from what we saw before the pandemic.

Beth Cuzzone  24:07

I love that. Are there are initiatives that you’re seeing that firms are deploying that actually improve relationships with their clients? Are you seeing some of what we touched on earlier in other firms or in the marketplace?

Rachel  24:20

Right, I think it sort of goes along with what I said earlier, and really positioning themselves as you know, a value improvement and then also highlighting what they do well, as a firm. Specifically, one of the topics that’s come up in other interviews is really highlighting what the firm is doing more broadly in terms of their growth, some speaking more about, like diversity and inclusion initiatives, keeping themselves accountable for making sure those things happen and really taking on more of these changes that we’ve seen as COVID has progressed. I mean, it’s just Typically, I’m talking about, you know, remote work arrangements, you know, really listening to what their attorneys want and need. So I think that’s been a big thing that we’ve seen on technology.

Beth Cuzzone  25:11

Are you seeing any technology that’s hot around growing relationships?

Rachel  25:21

The main thing is, as I spoke earlier, really taking advantage of virtual events. And I’m not specifically talking about just webinars, one of the other firms that we had on spoke about how they interacted with clients. And this is maybe more than relationship building is sort of empowering attorneys to have like a coffee meeting with their clients like a virtual coffee meeting. So they would, they would give out these Starbucks gift cards. So they could sit down with their clients and have a cup of coffee virtually, and really hear about the things that they’re experiencing, their pain points, things like that. And one other thing that they were talking about was, before the pandemic, they maybe had never even heard of doing a virtual happy hour. And maybe a lot of people would have scoffed at that idea of having like, either like a drink or a cup of coffee over a Zoom call. But he said that, you know, he’s been on countless, or at least I think at least he said, at least three virtual happy hour since the pandemic began. I don’t really think a lot of people used Zoom a lot before the pandemic. So it’s been sort of a big way that people have connected with their clients. But I’d be interested in hearing what you have to say about that topic. You know, are there any technologies that you’re seeing that are helping firms grow their relationships with their clients?

Beth Cuzzone  26:47

I think there’s a couple of things that we’re seeing Goulston & Storrs. We are looking for technology that brings efficiency, and AI to some of the services that we provide. And so you know, you’re on a constant hunt nf figuring out how artificial intelligence and that sort of thing helps. But also, one of the things that we’ve done is we have adopted a technology in all of our business units that talk to each other. Finance, pricing, experience, relationship, management, enterprise, all of those products are talking to each other. So you are more informed. And we’ve been able to create some predictability around some of our client needs. Because there’s so many things talking to each other, as opposed to having these silos. I feel like you and I are experiencing and seeing a lot of the same trends, I think our highlights for today is great disruption brings great opportunity, service will be a differentiator, your client is another law firm’s prospect. Getting closer and digging further down into that relationship has never been more important. And client feedback is not only a way for that to happen, but I think it’s also a way for the marketing business operations functions to find client facing roles.

Rachel  28:23

Right. And I think specifically, your focus for this podcast about bringing the client into the conversation, I think, isn’t one that we’ve had so far. I think one thing that’s been really great about this podcast is just being able to learn so much from each of the people that we talked to. So yeah, thank you for joining us today. And thank you for those great questions.

Beth Cuzzone  28:45

I just want to again, thank you for bringing this podcast to us. And the series because I think we’re going to learn a lot from each other. I think there’s a real brain trust among a legal marketing and business development community. And I’m thrilled that you’re bringing it together and making it accessible for all of us.

Rachel  29:05

We had a great conversation about client feedback, revenue, and go-to-market strategies in the legal industry. Special thanks to Beth Cuzzone from Goulston & Storrs for joining us today.

Beth Cuzzone  29:15

Thank you so much, Rachel.

Copyright ©2021 National Law Forum, LLC
For more articles on the legal industry, visit the NLR Law Office Management section.

Biden Administration Issues New Government-Wide Anti-Corruption Strategy

On Dec. 7, 2021, the White House published a government-wide policy document entitled “United States Strategy on Countering Corruption” (“Strategy”). The Strategy implements President Biden’s National Security Memorandum from earlier in 2021, which declared international corruption a threat to U.S. national security.

The Strategy is notable for several reasons:

First, the Strategy focuses not just on the “supply side” of foreign bribery and corruption—that is, companies acting in violation of the Foreign Corrupt Practices Act (FCPA)—but also on the “demand side” of the equation, namely corrupt foreign officials and those who assist them. It promises to pair vigorous enforcement of the FCPA with efforts to hold corrupt leaders themselves accountable, via U.S. money laundering laws, economic sanctions, and visa restrictions.

Second, the Strategy specifically calls out the role of illicit finance in facilitating and perpetuating foreign corruption, promising “aggressive enforcement” against those who facilitate the laundering of corrupt proceeds through the U.S. economy. Professional gatekeepers such as lawyers, accountants, and trust and company service providers are specifically identified as targets of future scrutiny. The Strategy also promises to institute legislative and regulatory changes to address anti-money laundering (AML) vulnerabilities in the U.S. financial system. These promised changes include:

  • Finalizing beneficial ownership regulations, and building a national database of beneficial owners, as mandated by the Anti-Money Laundering Act of 2020.

  • Promulgating regulations designed to reveal when real estate is used to hide ill-gotten gains. Contemporaneously with the White House’s issuance of the Strategy, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an Advance Notice of Proposed Rulemaking (ANPRM), inviting public comment on its plan to apply additional scrutiny to all-cash real estate transactions.

  • Prescribing minimum reporting standards for investment advisors and other types of equity funds, which are currently not subject to same AML program requirements as other financial institutions.

Third, the Strategy calls for a coordinated, government-wide response to corruption, and it contemplates a role not only for law enforcement and regulatory agencies but also for agencies such as the Department of State and Department of Commerce, which is to establish its own new anti-corruption task force. It remains to be seen if the increased scope of anti-corruption efforts called for by the Strategy will result in new or additional penalties for persons and entities perceived as corrupt or as facilitating corruption, but the Strategy may place an additional premium on corporate anti-corruption compliance.

Individuals and entities operating in sectors traditionally associated with corruption and/or AML risk should consider taking the following steps in response to the Strategy. These considerations apply not only to U.S. persons and businesses but also to anyone who may fall within the broad purview of the FCPA, U.S. money laundering statutes, and other laws with extraterritorial reach:

  • Increase due diligence for any pending or future transactions in jurisdictions where potentially corrupt actors or their designees play a role in awarding government contracts. Ensure any payments are the result of arms-length transactions based on legitimate financial arrangements.

  • Professional gatekeepers should become familiar with the particular risks associated with the industries in which they operate. While AMLA made it clear that lawyers, accountants, and real estate professionals will come under increased scrutiny based on the risk profile of their clients, the Strategy increases the likelihood that law enforcement will devote additional resources in this sometimes-overlooked area.

  • Given the increased role the State Department will continue to play in the anticorruption space based on the National Defense Authorization Act and the Strategy, companies doing business in or with countries vital to U.S. foreign policy goals should remember that in addition to the individual leaders of these countries, government institutions and lower-level officials could create risk and will be closely watched. Though the U.S. government often talks about specific government officials, the Strategy appears to take a broader approach.

  • Businesses should continue to examine and reexamine third-party risk with an emphasis on preventing potential problems before they occur. Additional resources and increased cooperation between and among government agencies may lead to additional investigations and enforcement actions, so compliance programs should be updated where necessary.

Article By Kyle R. Freeny and Benjamin G. Greenberg of Greenberg Traurig, LLP

For more white collar crime and consumer rights legal news, click here to visit the National Law Review.

©2021 Greenberg Traurig, LLP. All rights reserved.

Tribal Cannabis Tourism and Current Status of Federal Legislation Impacting the Cannabis Industry

As Tribes expand their economic endeavors into the cannabis industry, the growth of cannabis tourism is a natural development. Below, we offer details on how cannabis tourism could support Tribal governments’ economic development efforts. We also provide an update on the status of pending federal legislation that could bring positive impacts to the cannabis industry.

Cannabis Tourism

With the pandemic continuing to take a toll on the tourism industry, many U.S. states and territories are exploring ways to help that industry recover. One potential savior for tourism is cannabis. As states went into varying levels of lockdown in early 2020, businesses deemed “nonessential,” including recreational facilities, gyms, bars, restaurants, etc. were forced to shut down. However, early into lockdown, cannabis was deemed “essential” in California, a designation other states with functional cannabis markets quickly adopted. In total, nearly 30 states, along with the District of Columbia and Puerto Rico, deemed cannabis businesses essential. This triggered some major changes in the industry, including:

With all of these changes, cannabis tourism has developed into a potentially rewarding industry that Tribal governments might be able to cultivate as part of efforts to recover economic losses suffered by their tourism and other businesses

What is Cannabis Tourism?

Cannabis tourism is most generally characterized as a destination-based industry that attracts tourists because cannabis is legal in that location. But the industry can take many forms. For example, tourists might visit a dispensary to learn more about the development of cannabis crops, stay at a “bud and breakfast,” tour a cannabis farm or growing facility, or dine at a restaurant with cannabis-infused dishes. Cannabis tourism can also have a positive knock-on effect for many other Tribal businesses.

How can Tribes Participate?

Interested Tribes can create specific cannabis-centered tourist destinations. One example is opening a farm or growing facility that is similar to a wine vineyard, where consumers can tour the facility and sample the products. This concept would serve multiple functions in that the farm would supply dispensaries while providing a tourism destination that would benefit hotels, restaurants, and the local economy.

Another route is to add cannabis tourism into existing tourism infrastructure. Tribes can take advantage of their land base and natural resources by offering cannabis hikes or camping expeditions, where participants are able to experience nature while partaking. Tribes with resort properties can offer CBD-infused massages at their spa, include CBD and hemp products at their gift shops, or offer travel packages designed for cannabis tourists. The idea behind this approach is to utilize the Tribe’s existing tourism infrastructure to provide new cannabis tourism options.

Federal Cannabis Legislation Update

The following is an update on pending federal legislation that would impact the cannabis industry. Summaries of previous cannabis legislative developments are provided in past articles..

The Democrats control both the House and the Senate (with Vice President Harris acting as the tie-breaking vote in the 50-50 Senate) but passing any cannabis legislation in the current Congress might prove difficult. The filibuster rules require 60 votes for a bill to pass the Senate, so any cannabis legislation would need relatively strong bipartisan support.

The future of federal cannabis law remains unclear, but Tribes interested in the cannabis industry can start taking steps now to establish the necessary framework to support this new area of Tribal economic enterprise.

Article By Robert A. Conrad and Laura E. Jones of Van Ness Feldman LLP

For more biotech, food, and drug legal news, click here to visit the National Law Review.

© 2021 Van Ness Feldman LLP

NYC Announces Private-Sector Vaccine Mandate

On December 6, 2021, outgoing New York City Mayor Bill de Blasio announced major expansions to New York’s “Key to NYC” program, which was implemented through Emergency Executive Order 225 and became effective on August 17, 2021. The mayor also announced a first-in-the-nation vaccination mandate for private-sector workers in New York City, which is set to take effect on December 27, 2021. Additional guidance on these expansive mandates is expected on December 15, 2021.

Private-Sector Vaccine Mandate

The mayor has announced that New York City will implement a “first-in-the-nation,” vaccine mandate for private-sector workers. The mandate is currently set to take effect on December 27, 2021. The mayor estimates that approximately 184,000 businesses would be affected. A spokesperson for Mayor-elect Eric Adams, who is due to take office on January 1, 2022, just days after the mandate is set to take effect, has indicated that the mayor-elect will evaluate the mandate when he takes office and will “make determinations based on science, efficacy and the advice of health professionals.”

Key to NYC Expanded

Under the existing Key to NYC program, staff and patrons who enter certain types of indoor entertainment, recreation, dining, and fitness establishments are required to have received at least one dose of a COVID-19 vaccine. Previously, children under the age of 12, along with certain other individuals were exempt from showing proof of vaccination.

Beginning on December 14, 2021, children ages 5-11 will be required to show proof of at least one dose of the COVID-19 vaccine in order to enter the covered establishments mentioned above. While individuals were previously only required to show proof of one dose of the vaccine, beginning on December 27, individuals in New York City over the age of 12 will now be required to show proof of two doses of the vaccine.

High-Risk Extracurricular Activities

The mayor also announced that vaccinations would be required for children ages 5-11 if they wish to participate in “high-risk extracurricular activities.” These activities are currently defined as “sports, band, orchestra, and dance.” Children in this age group will be required to have the initial vaccine dose by December 14, 2021.

Key Takeaways

Employers in New York City may wish to review the above requirements to ensure that their practices comply with the obligations articulated in the anticipated mandates. Employers may also want to stay updated as the Key to NYC and the private-sector vaccine mandate continues to evolve.

Article By Kelly M. Cardin and Jessica R. Schild of Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

For more labor and employment legal news, click here to visit the National Law Review.

© 2021, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.

In the Coming ‘Metaverse’, There May Be Excitement but There Certainly Will Be Legal Issues

The concept of the “metaverse” has garnered much press coverage of late, addressing such topics as the new appetite for metaverse investment opportunities, a recent virtual land boom, or just the promise of it all, where “crypto, gaming and capitalism collide.”  The term “metaverse,” which comes from Neal Stephenson’s 1992 science fiction novel “Snow Crash,” is generally used to refer to the development of virtual reality (VR) and augmented reality (AR) technologies, featuring a mashup of massive multiplayer gaming, virtual worlds, virtual workspaces, and remote education to create a decentralized wonderland and collaborative space. The grand concept is that the metaverse will be the next iteration of the mobile internet and a major part of both digital and real life.

Don’t feel like going out tonight in the real world? Why not stay “in” and catch a show or meet people/avatars/smart bots in the metaverse?

As currently conceived, the metaverse, “Web 3.0,” would feature a synchronous environment giving users a seamless experience across different realms, even if such discrete areas of the virtual world are operated by different developers. It would boast its own economy where users and their avatars interact socially and use digital assets based in both virtual and actual reality, a place where commerce would presumably be heavily based in decentralized finance, DeFi. No single company or platform would operate the metaverse, but rather, it would be administered by many entities in a decentralized manner (presumably on some open source metaverse OS) and work across multiple computing platforms. At the outset, the metaverse would look like a virtual world featuring enhanced experiences interfaced via VR headsets, mobile devices, gaming consoles and haptic gear that makes you “feel” virtual things. Later, the contours of the metaverse would be shaped by user preferences, monetary opportunities and incremental innovations by developers building on what came before.

In short, the vision is that multiple companies, developers and creators will come together to create one metaverse (as opposed to proprietary, closed platforms) and have it evolve into an embodied mobile internet, one that is open and interoperable and would include many facets of life (i.e., work, social interactions, entertainment) in one hybrid space.

In order for the metaverse to become a reality, that is, successfully link current gaming and communications platforms with other new technologies into a massive new online destination – many obstacles will have to be overcome, even beyond the hardware, software and integration issues. The legal issues stand out, front and center. Indeed, the concept of the metaverse presents a law school final exam’s worth of legal questions to sort out.  Meanwhile, we are still trying to resolve the myriad of legal issues presented by “Web 2.0,” the Internet we know it today. Adding the metaverse to the picture will certainly make things even more complicated.

At the heart of it is the question of what legal underpinnings we need for the metaverse infrastructure – an infrastructure that will allow disparate developers and studios, e-commerce marketplaces, platforms and service providers to all coexist within one virtual world.  To make it even more interesting, it is envisioned to be an interoperable, seamless experience for shoppers, gamers, social media users or just curious internet-goers armed with wallets full of crypto to spend and virtual assets to flaunt.  Currently, we have some well-established web platforms that are closed digital communities and some emerging ones that are open, each with varying business models that will have to be adapted, in some way, to the metaverse. Simply put, the greater the immersive experience and features and interactions, the more complex the related legal issues will be.

Contemplating the metaverse, these are just a few of the legal issues that come to mind:

  • Personal Data, Privacy and Cybersecurity – Privacy and data security lawyers are already challenged with addressing the global concerns presented by varying international approaches to privacy and growing threats to data security. If the metaverse fulfills the hype and develops into a 3D web-based hub for our day-to-day lives, the volume of data that will be collected will be exponentially greater than the reams of data already collected, and the threats to that data will expand as well. Questions to consider will include:
    • Data and privacy – What’s collected? How sensitive is it? Who owns or controls it? The sharing of data will be the cornerstone of a seamless, interoperable environment where users and their digital personas and assets will be usable and tradeable across the different arenas of the metaverse.  How will the collection, sharing and use of such data be regulated?  What laws will govern the collection of data across the metaverse? The laws of a particular state?  Applicable federal privacy laws? The GDPR or other international regulations? Will there be a single overarching “privacy policy” governing the metaverse under a user and merchant agreement, or will there be varying policies depending on which realm of the metaverse you are in? Could some developers create a more “privacy-focused” experience or would the personal data of avatars necessarily flow freely in every realm? How will children’s privacy be handled and will there be “roped off,” adults-only spaces that require further authentication to enter? Will the concepts that we talk about today – “personal information” or “personally identifiable information” – carry over to a world where the scope of available information expands exponentially as activities are tracked across the metaverse?
    • Cybersecurity: How will cybersecurity be managed in the metaverse? What requirements will apply with respect to keeping data secure? How will regulation or site policies evolve to address deep fakes, avatar impersonation, trolling, stolen biometric data, digital wallet hacks and all of the other cyberthreats that we already face today and are likely to be exacerbated in the metaverse? What laws will apply and how will the various players collaborate in addressing this issue?
  • Technology Infrastructure: The metaverse will be a robust computing-intensive experience, highlighting the importance of strong contractual agreements concerning cloud computing, IoT, web hosting, and APIs, as well as software licenses and hardware agreements, and technology service agreements with developers, providers and platform operators involved in the metaverse stack. Performance commitments and service levels will take on heightened importance in light of the real-time interactions that users will expect. What is a meaningful remedy for a service level failure when the metaverse (or a part of the metaverse) freezes? A credit or other traditional remedy?  Lawyers and technologists will have to think creatively to find appropriate and practical approaches to this issue.  And while SaaS and other “as a service” arrangements will grow in importance, perhaps the entire process will spawn MaaS, or “Metaverse as a Service.”
  • Open Source – Open source, already ubiquitous, promises to play a huge role in metaverse development by allowing developers to improve on what has come before. Whether or not the obligations of common open source licenses will be triggered will depend on the technical details of implementation. It is also possible that new open source licenses will be created to contemplate development for the metaverse.
  • Quantum Computing – Quantum computing has dramatically increased the capabilities of computers and is likely to continue to do over the coming years. It will certainly be one of the technologies deployed to provide the computing speed to allow the metaverse to function. However, with the awesome power of quantum computing comes threats to certain legacy protections we use today. Passwords and traditional security protocols may be meaningless (requiring the development of post-quantum cryptography that is secure against both quantum and traditional computers). With raw, unchecked quantum computing power, the metaverse may be subject to manipulation and misuse. Regulation of quantum computing, as applied to the metaverse and elsewhere, may be needed.
  • Antitrust: Collaboration is a key to the success of the metaverse, as it is, by definition, a multi-tenant environment. Of course collaboration amongst competitors may invoke antitrust concerns. Also, to the extent that larger technology companies may be perceived as leveraging their position to assert unfair control in any virtual world, there may be additional concerns.
  • Intellectual Property Issues: A host of IP issues will certainly arise, including infringement, licensing (and breaches thereof), IP protection and anti-piracy efforts, patent issues, joint ownership concerns, safe harbors, potential formation of patent cross-licensing organizations (which also may invoke antitrust concerns), trademark and advertising issues, and entertaining new brand licensing opportunities. The scope of content and technology licenses will have to be delicately negotiated with forethought to the potential breadth of the metaverse (e.g., it’s easy to limit a licensee’s rights based on territory, for example, but what about for a virtual world with no borders or some borders that haven’t been drawn yet?). Rightsholders must also determine their particular tolerance level for unauthorized digital goods or creations. One can envision a need for a DMCA-like safe harbor and takedown process for the metaverse. Also, akin to the litigation that sprouted from the use of athletes’ or celebrities’ likenesses (and their tattoos) in videogames, it’s likely that IP issues and rights of publicity disputes will go way up as people’s virtual avatars take on commercial value in ways that their real human selves never did.
  • Content Moderation. Section 230 of the Communications Decency Act (CDA) has been the target of bipartisan criticism for several years now, yet it remains in effect despite its application in some distasteful ways. How will the CDA be applied to the metaverse, where the exchange of third party content is likely to be even more robust than what we see today on social media?  How will “bad actors” be treated, and what does an account termination look like in the metaverse? Much like the legal issues surrounding offensive content present on today’s social media platforms, and barring a change in the law, the same kinds of issues surrounding user-generated content will persist and the same defenses under Section 230 of the Communications Decency Act will be raised.
  • Blockchain, DAOs, Smart Contract and Digital Assets: Since the metaverse is planned as a single forum with disparate operators and users, the use of a blockchain (or blockchains) would seem to be one solution to act as a trusted, immutable ledger of virtual goods, in-world currencies and identity authentication, particularly when interactions may be somewhat anonymous or between individuals who may or may not trust each other and in the absence of a centralized clearinghouse or administrator for transactions. The use of smart contracts may be pervasive in the metaverse.  Investors or developers may also decide that DAOs (decentralized autonomous organizations) can be useful to crowdsource and fund opportunities within that environment as well.  Overall, a decentralized metaverse with its own discrete economy would feature the creation, sale and holding of sovereign digital assets (and their free use, display and exchange using blockchain-based payment networks within the metaverse). This would presumably give NFTs a role beyond mere digital collectibles and investment opportunities as well as a role for other forms of digital currency (e.g., cryptocurrency, utility tokens, stablecoins, e-money, virtual “in game” money as found in some videogames, or a system of micropayments for virtual goods, services or experiences).  How else will our avatars be able to build a new virtual wardrobe for what is to come?

With this shift to blockchain-based economic structures comes the potential regulatory issues behind digital currencies. How will securities laws view digital assets that retain and form value in the metaverse?  Also, as in life today, visitors to the metaverse must be wary of digital currency schemes and meme coin scams, with regulators not too far behind policing the fraudsters and unlawful actors that will seek opportunities in the metaverse. While regulators and lawmakers are struggling to keep up with the current crop of issues, and despite any progress they may make in that regard, many open issues will remain and new issues will be of concern as digital tokens and currency (and the contracts underlying them) take on new relevance in a virtual world.

Big ideas are always exciting. Watching the metaverse come together is no different, particularly as it all is happening alongside additional innovations surrounding the web, blockchain and cryptocurrency (and, more than likely, updated laws and regulations). However, it’s still early. And we’ll have to see if the current vision of the metaverse will translate into long-term, concrete commercial and civic-minded opportunities for businesses, service providers, developers and individual artists and creators.  Ultimately, these parties will need to sort through many legal issues, both novel and commonplace, before creating and participating in a new virtual world concept that goes beyond the massive multi-user videogame platforms and virtual worlds we have today.

Article By Jeffrey D. Neuburger of Proskauer Rose LLP. Co-authored by  Jonathan Mollod.

For more legal news regarding data privacy and cybersecurity, click here to visit the National Law Review.

© 2021 Proskauer Rose LLP.