CERCLA PFAS Designation Major Step Forward

On January 10, 2022, the EPA submitted a plan for a PFAS Superfund designation to the White House Office of Management and Budget (OMB) when it indicated an intent to designate two legacy PFAS – PFOA and PFOS – as “hazardous substances” under the Comprehensive Environmental Response, Compensation & Liability Act (CERCLA, also known as the Superfund law). The EPA previously stated its intent to make the proposed designation by March 2022 when it introduced its PFAS Roadmap in October 2021. Under the Roadmap, the EPA planned to issue its proposed CERCLA designation in the spring of 2022. On Friday, a CERCLA PFAS designation took a significant step forward when the OMB approved the EPA’s plan for PFOA and PFOS designation. This step opens the door for the EPA to put forth its proposed designation of PFOA and PFOS under CERCLA and engage in the required public comment period.

Any PFAS designation will have enormous financial impacts on companies with any sort of legacy or current PFOA and PFOS pollution concerns. Corporations, insurers, investment firms, and private equity alike must pay attention to this change in law when considering risk issues.

Opposition to CERCLA Designation

Since the EPA’s submission of its intent to designate PFOA and PFOS as hazardous substance to the OMB, the EPA has been met with industry pushback on the proposal. Three industries met with the OMB earlier in 2022 to explain the enormity of regulatory and cleanup costs that the industries would face with a CERCLA designation of PFOA and PFOS – water utilities, waste management companies, and the International Liquid Terminals Association. These industries in particular are concerned about bearing the burden of enormous cleanup costs for pollution that third parties are responsible for. Industries are urging the OMB and EPA to consider other ways to achieve regulatory and remediation goals aside from a CERCLA designation.

During an April 5, 2022 meeting of the Environmental Council of the States (ECOS), several states also expressed concerns regarding the impact that a CERCLA designation for PFAS types would have in their states and on their constituent companies. The state environmental leaders discussed with EPA representatives how the EPA would view companies in their states that fall into categories such as waste management and water utilities, who are already facing uphill battles in disposing of waste or sludge that contains PFAS.

Realizing that the EPA is likely set on its path to designate at least two PFAS as “hazardous substances”, though, industries are asking the EPA to consider PFAS CERCLA exemptions for certain industries, which would exempt certain industry types from liability under CERCLA. Industries are also pushing the EPA, OMB and the U.S. Chamber of Commerce to conduct a robust risk analysis to fully vet the impact that the designation will have on companies financially. The EPA is statutorily required to conduct a risk analysis as part of its CERCLA designation process, so it is likely that the EPA’s delay in issuing a proposed hazardous substance designation until it feels that adequate time has passed for its designation to survive the likely legal challenges that will likely follow the designation.

CERCLA PFAS Designation: Impact On Businesses

Once a substance is classified as a “hazardous substance” under CERCLA, the EPA can force parties that it deems to be polluters to either cleanup the polluted site or reimburse the EPA for the full remediation of the contaminated site. Without a PFAS Superfund designation, the EPA can merely attribute blame to parties that it feels contributed to the pollution, but it has no authority to force the parties to remediate or pay costs. The designation also triggers considerable reporting requirements for companies. Currently, those reporting requirements with respect to PFAS do not exist, but they would apply to industries well beyond just PFAS manufacturers.

The downstream effects of a PFOA and PFOS designation would be massive. Companies that utilized PFOA and PFOS in their industrial or manufacturing processes and sent the PFOA/PFOS waste to landfills or otherwise discharged the chemicals into the environment will be at immediate risk for enforcement action by the EPA given the EPA’s stated intent to hold all PFAS polluters of any kind accountable. Waste management companies should be especially concerned given the large swaths of land that are utilized for landfills and the likely PFAS pollution that can be found in most landfills due to the chemicals’ prevalence in consumer goods. These site owners may be the first targeted when the PFOA/PFOS designation is made, which will lead to lawsuits filed against any company that sent waste to the landfills for contribution to the cost of cleanup that the waste management company or its insured will bear.

Also of concern to companies are the re-opener possibilities that a CERCLA designation would result in. Sites that are or were previously designated as Superfund sites will be subject to additional review for PFOA/PFOS concerns. Sites found to have PFOA/PFOS pollution can be re-opened by the EPA for investigation and remediation cost attribution to parties that the EPA finds to be responsible parties for the pollution. Whether through direct enforcement action, re-opener remediation actions, or lawsuits for contribution, the costs for site cleanup could amount to tens of millions of dollars, of course depending on the scope of pollution.

Conclusion

Now more than ever, the EPA is clearly on a path to regulate PFAS contamination in the country’s water, land and air. The EPA has also for the first time publicly stated when they expect such regulations to be enacted. These regulations will require states to act, as well (and some states may still enact stronger regulations than the EPA). Both the federal and the state level regulations will impact businesses and industries of many kinds, even if their contribution to drinking water contamination issues may seem on the surface to be de minimus. In states that already have PFAS drinking water standards enacted, businesses and property owners have already seen local environmental agencies scrutinize possible sources of PFAS pollution much more closely than ever before, which has resulted in unexpected costs. Beyond drinking water, though, the EPA PFAS plan shows the EPA’s desire to take regulatory action well beyond just drinking water, and companies absolutely must begin preparing now for regulatory actions that will have significant financial impacts down the road.

©2022 CMBG3 Law, LLC. All rights reserved.

Law Firms Respond to Russia’s Invasion of Ukraine: How the Legal Industry & the Public Can Help

On February 21, 2022, Russian President Vladimir Putin ordered ground troops into the eastern Ukrainian provinces of Donetsk and Luhansk. Invading under the guise of establishing independence for the region on February 24, Russia started bombing key points of interest around the country, including the capital city of Kyiv. At the time of writing, the skirmishes remain ongoing, with Russia expanding its invasion force as the days go on.

The ramifications of Russia’s war are widespread. In Ukraine, infrastructural damage is considerable, an estimated 2 million civilians are evacuating or have been driven from their homes. The death toll remains uncertain at this time, but the Ukrainian health ministry estimates that hundreds of citizens have been killed as a result of the violence. Globally, financial markets are in a state of rapid flux, seeing huge rises in inflation, a strained supply chain and plummeting stock prices.

Law firms in the United States and abroad have responded to the conflict by offering pro bono services in anticipation of resultant legal complications and organized means by which money can be donated to Ukrainian humanitarian efforts.

How Have Law Firms Responded to Russia’s Invasion of Ukraine?

In some instances, firms have also closed offices in Ukraine to protect workers, and severed ties with Russian businesses. Law firms that have closed offices in Ukraine include Dentons, CMS and Baker McKenzie, which have closed offices in Kyiv.

“Dentons has established a taskforce to monitor and manage the crisis situation, with a primary focus on protecting our people,”  Tomasz Dąbrowski, CEO of Dentons Europe, told the National Law Review“We are in regular contact with our team in Kyiv and are providing our colleagues and their families with any possible assistance, including transport, relocation and accommodation assistance in the neighboring countries. Furthermore, we have seen a wave of kindness and generosity from our people across Europe, who have volunteered to provide accommodation in their homes for Ukrainian colleagues.  Furthermore, in addition to the financial support our Firm is providing to our Ukrainian colleagues, we have also received financial donations from around the world to help them resettle.”

Many law firms have announced they are closing offices in Russia, including Squire Patton Boggs, Latham & Watkins Freshfields Bruckhaus Deringer, Akin Gump Strauss Hauer & Feld and Morgan Lewis & Bockius, among others. Norton Rose Fulbright announced March 7 that they are winding down their operations in Russia and will be closing their Moscow office as soon as they can, calling Russia’s invasion of Ukraine “increasingly brutal.”

“The wellbeing of our staff in the region is a priority. We thank our 50 colleagues in Moscow for their loyal service and will support them through this transition.”

Norton Rose Fulbright said they “stand unequivocally with the people of Ukraine,” and are taking steps to respond to the invasion.

“Some immediate actions are possible and we are taking them. We are not accepting any further instructions from businesses, entities or individuals connected with the current Russian regime, irrespective of whether they are sanctioned or not. In addition, we continue to review exiting from existing work for them where our professional obligations as lawyers allow. Where we cannot exit from current matters, we will donate the profits from that work to appropriate humanitarian and charitable causes,” the statement read. “We are working with our charitable partners in every region to raise funds to help the people of Ukraine, as well as providing pro bono support to those Ukrainians and others who are being forced to relocate.”

Law firms have also stepped forward to offer pro bono assistance to those affected by the Russian invasion of Ukraine.

Law Firms Offering Pro Bono Assistance to Ukraine

Akin Gump Partner and Pro Bono Practice leader Steven Schulman explained how the legal industry is collaborating and working to provide assistance:

“So what we often do in these crises, we will self organize, [and] say who’s a point person who knows what’s going on, and then we will share information so that again, we’re lightening the load on the legal aid organizations.”

Another law firm offering assistance to Ukraine is  Covington & Burling, which the country hired to help pursue its claim against  Russia at the International Court of Justice (ICJ). Specifically, Ukraine asked the court to order Russia to halt its invasion. Covington filed a claim on behalf of Ukraine to the ICJ.

Nongovernmental organizations (NGOs) are providing emergency aid in Ukraine, as well as in neighboring countries, such as Poland, Hungary, Slovakia and Romania to help people displaced by the war as they come across the border, Mr.Dąbrowski said. These organizations are providing food, water, hygiene supplies and other necessities, and urgent psychological counseling. Specific NGOs on the ground in Ukraine include Mercy CorpsFight for Right, Project HOPEHungarian Helsinki Committee, and  Fundacja Ocalenieamong others.

However, NGOs need cash donations in order to keep providing aid. Mr.Dąbrowski detailed what pro bono work Dentons is doing, and how the firm is supporting NGOs:

“Our Positive Impact team is in touch with numerous NGOs and lawyers from our firm to identify opportunities for pro bono legal advice, mainly in the countries which share a border with Ukraine.  We are already working with NGOs in Poland and Hungary which are helping Ukrainian refugees displaced by the war. We are assisting with issues related to employment law, contracts, establishment of charitable foundations, etc… We are also in discussions with an international relief agency which is looking to set up operations within Ukraine.

While men between the ages of 18 and 60 are currently prohibited from leaving Ukraine, as of March 10, 2022, the conflict has created one of the largest refugee crises within the last few decades.

“We have activated our registered charitable foundation to collect donations from our people around the world to support Ukrainian families – and particularly children –  displaced by the war, including some of our own people from Kyiv.  So far, our colleagues from around the world have donated or pledged close to €300,000,” Mr.Dąbrowski said. “We have already distributed €60,000 of that to eight NGOs in Poland, Hungary and Romania, which are providing emergency aid, food and water, hygiene supplies, transportation, medical and psychological care, shelter and schooling to Ukrainian civilians fleeing from the war”

Concerns with immigration and refugee asylum is the next expected complication. In the short-term, the Department of Homeland Security is prioritizing Temporary Protected Status (TPS) designations for those already in the U.S.

For the public, there are a number of actions to take to support Ukrainians. However, those wishing to help should make sure to do their research before making any donations in order to ensure the funds end up in the right hands.

How Can Members of the Public Help Ukraine?

Possible scam organizations and outreach programs are common during international crises, so it’s important to know the signs of fraudulent charities. Some best practices for providing support include:

  • Giving directly to an organization rather than through shared donation links on social media

  • Being wary of crowdfunding efforts

  • Doing a background check on an organization and its donation claims using Charity WatchGive.org, and Charity Navigator.

Some examples of charitable organizations focused on Ukraine relief include:

Informational resources for those affected are provided below:

Conclusion

Law firms and the public alike have stepped up to offer assistance and financial help to those most affected by the Russian invasion. Law firms cutting ties with Russian businesses and closing offices in Russia shows that the legal industry is standing behind Ukraine as the conflict continues to escalate.

In upcoming coverage, the National Law Review will be writing about how law firms are helping clients handle Russian sanctions, as well as the immigration implications of refugees displaced by the war in Ukraine.

*The quotes and input of interviewees reflect the latest information on the Russian invasion of Ukraine as of March 7, 2022. Readers can find the latest legal news from around the world on The National Law Review’s Global Law page.*

Copyright ©2022 National Law Forum, LLC

Patch Up – Log4j and How to Avoid a Cybercrime Christmas

A vulnerability so dangerous that Cybersecurity and Infrastructure (CISA) Director Jen Easterly called it “one of the most serious [she’s] seen in [her] entire career, if not the most serious” arrived just in time for the holidays. On December 10, 2021, CISA and the director of cybersecurity at the National Security Agency (NSA) began alerting the public of a critical vulnerability within the Apache Log4j Java logging framework. Civilian government agencies have been instructed to mitigate against the vulnerability by Christmas Eve, and companies should follow suit.

The Log4j vulnerability allows threat actors to remotely execute code both on-premises and within cloud-based application servers, thereby obtaining control of the impacted servers. CISA expects the vulnerability to affect hundreds of millions of devices. This is a widespread critical vulnerability and companies should quickly assess whether, and to what extent, they or their service providers are using Log4j.

Immediate Recommendations

  • Immediately upgrade all versions of Apache Log4j to 2.15.0.
  • Ask your service providers whether their products or environment use Log4j, and if so, whether they have patched to the latest version. Helpfully, CISA sponsors a community-sourced GitHub repository with a list of software related to the vulnerability as a reference guide.
  • Confirm your security operations are monitoring internet-facing systems for indicators of compromise.
  • Review your incident response plan and ensure all response team information is up to date.
  • If your company is involved in an acquisition, discuss the security steps taken within the target company to address the Log4j vulnerability.

The versatility of this vulnerability has already attracted the attention of malicious nation-state actors. For example, government-affiliated cybercriminals in Iran and China have a “wish list” (no holiday pun intended) of entities that they are aggressively targeting with the Log4j vulnerability. Due to this malicious nation-state activity, if your company experiences a ransomware attack related to the Log4j vulnerability, it is particularly important to pay attention to potential sanctions-related issues.

Companies with additional questions about the Log4j vulnerability and its potential impact on technical threats and potential regulatory scrutiny or commercial liability are encouraged to contact counsel.

© 2021 Bracewell LLP

Current Pandemic-Related Regulations for Business Travel to the United States, Germany, and the EU

Recently, due to the availability of COVID-19 vaccines, many countries decided to lift their entry restrictions or change them in such a way that travelers who had recovered from COVID-19 infections or been vaccinated were allowed entry. Here is an overview of some of the current entry requirements for international travel.

Entry Into the United States

Since November 8, 2021, individuals have been allowed to enter the United States again from Europe. For 20 months, an entry ban had been in place in the United States for travelers from Brazil, China, India, Iran, Ireland, the Schengen Area (26 countries), South Africa, and the United Kingdom. A proclamation issued by President Joe Biden on October 25, 2021—“A Proclamation on Advancing the Safe Resumption of Global Travel During the COVID-⁠19 Pandemic”—ended these entry restrictions and the need for national interest exceptions (NIE) to the restrictions. Travelers from most countries (a recent U.S. ban on travel from eight African countries took effect on November 29, 2021) may enter the United States if they are fully vaccinated and present negative coronavirus test results (via RT-PCR tests or antigen tests) that are no more than three days old at the time of departure.

Travelers must prove to their airlines that they have been fully vaccinated with internationally recognized vaccines prior to their departures. Currently, the United States recognizes vaccines the Pfizer-BioNTech, Oxford-AstraZeneca, Oxford-AstraZeneca/Covishield, Covaxin, Moderna, Johnson & Johnson/Janssen, BIBP/Sinopharm, and Sinovacvaccines. A traveler’s last vaccination must have taken place at least 14 days before the planned date of travel. The United States accepts the EU Digital COVID Certificate as proof of vaccination.

Exempt groups include persons on diplomatic or governmental foreign travel, children under 18 years of age, and persons who cannot be vaccinated with a COVID-19 vaccine for documented medical reasons. Persons exempt from the October 25, 2021, proclamation’s requirements may enter the United States without being fully vaccinated, but they must quarantine for seven days upon arrival and test for COVID-19 infection three to five days after entry.

Regardless of the COVID-19–related entry requirements, all travelers still need an Electronic System for Travel Authorization (ESTA) entry permit issued by U.S. Customs and Border Protection (CBP). CBP advises travelers to apply online for ESTA authorization at least 72 hours in advance of departure.

Requirements for Entry Into the European Union

The European Union (EU) has a common approach to travel from third countries to EU member states. Entry requirements are constantly being adapted to the pandemic situation as international travel gradually opens up. Currently, in principle, any person from a third country who has been fully vaccinated with a vaccine approved by the European Medicines Agency (EMA) (BioNTech-Pfizer, Moderna, AstraZeneca, and Janssen-Cilag) may enter the European Union. The last vaccination must have taken place at least 14 days before the planned entry.

EU citizens and residents as well as their family members are allowed to enter EU member states without being fully vaccinated. Further exceptions apply to persons for whom absolutely necessary reasons for entry exist. “Absolutely necessary reasons” may exist, among other things, for highly qualified employees from third countries if their labor is necessary from an economic point of view and their work cannot be postponed or carried out abroad.

The EU also maintains a list of countries where the epidemiological situation has improved sufficiently (the so-called “EU White List”), so that entry from these countries is possible regardless of an individual’s vaccination status. This list is constantly updated according to the epidemiological situation. The United States is not currently on the EU White List, so entry from the United States is only possible for fully vaccinated persons.

Each EU member state may set its own additional entry requirements. The EU’s “Re-open EU,” a clearinghouse of information regarding EU member states’ pandemic-related measures, offers an overview of the quarantine and testing requirements of the individual countries.

Requirements for Entry Into Germany

All travelers to Germany from third countries that are not on the EU White List and are not EU citizens or residents must be fully vaccinated. In exceptional cases, entry is possible if it is absolutely necessary.

In addition, all travelers aged 12 or older must provide proof of vaccination. Before crossing the border, proof of vaccination or convalescence, or a test result showing negative for infection (e.g., an antigen test that is no more than 48 hours old or an RT-PCR test that is no more than 72 hours old), must be presented for inspection by the carrier or at the request of the Federal Police.

For previous stays in high-risk or virus-variant areas, digital travel registration is also mandatory. The Robert Koch Institute provides a current list of all high-risk and virus-variant areas.

Nonvaccinated or recovered travelers entering from high-risk areas must also present a negative test upon entry and enter domestic quarantine for 10 days. The domestic quarantine can be ended prematurely if another negative test result is presented five days after entry.

At present, travel from a virus-variant area is not possible, as a travel ban is in force for countries where virus mutations are widespread. Entry is possible only in a few exceptional cases (for example, for German nationals and persons with residence and an existing right of abode in Germany, as well as their immediate family members). Irrespective of vaccination or convalescent status, these travelers are obliged to register their entries digitally, present negative test results upon entry, and go into quarantine for 14 days. Only vaccinated and recovered persons may shorten their quarantine periods by presenting further negative test results five days after entry.

Employer Inquiries Into Employees’ Vaccination and Recovery Status

These extensive regulations raise a question as to whether an employer may inquire into an employee’s vaccination status, or whether the employee has recovered from a COVID-19 infection in connection with an upcoming business trip.

The vaccination and/or convalescence status of an employee, under 9 (1) of the EU’s General Data Protection Regulation (GDPR), is considered health data and thus protected personal information according to Art. An employer may request and process this information only if there is a legal basis for doing so. If a business trip requires proof of an employee’s vaccination against COVID-19 (e.g., due to entry restrictions), an employer may request and process this information from the employee in individual cases. However, employers may only request the information in the context of specific business trips and are prohibited from retaining the information for any other purposes.”

The COVID-19–related entry regulations of many countries may largely determine the feasibility of a contemplated business trip, as the prospect for international business travel will likely depend on the vaccination status of the employees involved. This situation may result in a legitimate interest on the part of the employer to inquire into employee vaccination status because the employer would otherwise be unable to find out whether a particular employee met the entry requirements of the destination country. Only by inquiring into vaccination status can the employer ensure that the employee is not turned away at the border—i.e., that the employee can fulfill the duty to provide the contractually agreed upon work within the scope of the business trip.

Whether an employer’s query regarding an employee’s vaccination status is legitimate is therefore a case- and fact-specific inquiry, which depends above all on the entry regulations of the destination country. If the destination country requires complete vaccination for entry, it may be permissible from a data protection perspective to ask about an employee’s vaccination status.

Article By Cynthia Lange of Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

For more COVID-19 and travel-related legal news, click here to visit the National Law Review.

© 2021, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.

U.S. House and Senate Reach Agreement on Uyghur Forced Labor Prevention Act

On December 14, 2021, lawmakers in the House and Senate announced that they had reached an agreement on compromise language for a bill known as the Uyghur Forced Labor Prevention Act or “UFLPA.”  Different versions of this measure passed the House and the Senate earlier this year, but lawmakers and Congressional staff have been working to reconcile the parallel proposals. The compromise language paves the way for Congress to pass the bill and send it to President Biden’s desk as soon as this week.

The bill would establish a rebuttable presumption that all goods originating from China’s Xinjiang region violate existing US law prohibiting the importation of goods made with forced labor. The rebuttable presumption would go into effect 180 days after enactment.  The compromise bill would also require federal officials to solicit public comments and hold a public hearing to aid in developing a strategy for the enforcement of the import ban vis-à-vis goods alleged to have been made through forced labor in China.

This rebuttable presumption will present significant challenges to businesses with supply chains that might touch the Xinjiang region.  Many businesses do not have full visibility into their supply chains and will need to act quickly to map their suppliers and respond to identified risks.  Importers must present detailed documentaton in order to release any shipments that they think were improperly detained, a costly and time-consuming endeavor.  Notably, the public comment and hearing processes will guide the government’s enforcement strategy, providing business stakeholders an opportunity to contribute to an enforcement process that could have implications for implementation of the import ban more broadly.

China’s Xinjiang region is a part of several critical supply chains, lead among them global cotton and apparel trade, as well as solar module production.  According to the Peterson Institute:

Xinjiang accounts for nearly 20 percent of global cotton production, with annual production greater than that of the entire United States. Its position in refined polysilicon—the material from which solar panels are built—is even more dominant, accounting for nearly half of global production. Virtually all silicon-based solar panels are likely to contain some Xinjiang-sourced silicon, according to Jenny Chase, head of solar analysis at Bloomberg New Energy Finance. If signed into law, the bill will send apparel producers and the US solar industry scrambling to find alternative sources of supply and prices are bound to increase.

Article By Ludmilla L. Kasulke and Rory Murphy of Squire Patton Boggs (US) LLP

For more legal news and legislation updates, click here to visit the National Law Review.

© Copyright 2021 Squire Patton Boggs (US) LLP

CFPB Solicits Whistleblowers to Strengthen Enforcement of Consumer Financial Protection Laws

In its revamped whistleblower webpage, the CFPB is enlisting the help of whistleblowers to provide tips about the following issues:

  • Any discrimination related to consumer financial products or services or small businesses
  • Any use of artificial intelligence/machine learning models that is based on flawed or incomplete data sets, that uses proxies for race, gender, or other group characteristics, or that impacts particular groups or classes of people more than others;
  • Misleading or deceptive advertising of consumer financial products or services, including mortgages
  • Failure to collect, maintain, and report accurate mortgage loan application and origination data
  • Failure to provide or use accurate consumer reporting information
  • Failure to review mortgage borrowers’ loss mitigation applications in a timely manner
  • Any unfair, deceptive, or abusive act or practice with respect to any consumer financial product or service.

The CFPB has also announced that it seeks tips to help it combat the role of Artificial Intelligence in enabling intentional and unintentional discrimination in decision-making systems.  For example, a recent study of algorithmic mortgage underwriting revealed that Black and Hispanic families have been more likely to be denied a mortgage compared to similarly situated white families.

Proposed CFPB Whistleblower Reward Program

Currently, there is no whistleblower reward program at the CFPB and sanctions collected in CFPB enforcement actions do not qualify for SEC related action whistleblower awards.  In light of the success of the SEC’s Whistleblower Program as an effective tool to protect investors and strengthen capital markets, the CFPB requested that Congress establish a rewards program to strengthen the CFPB’s enforcement of consumer financial protection laws.

In September 2021, Senator Catherine Cortez Masto introduced the Financial Compensation for Consumer Financial Protection Bureau Whistleblowers Act (S. 2775), which would establish a whistleblowers rewards program at the CFPB similar to the SEC Whistleblower Program.  It would authorize the CFPB to reward whistleblowers between 10% to 30% of collected monetary sanctions in a successful enforcement action where the penalty exceeds $1 million.  And in cases involving monetary penalties of less than $1 million, the CFPB would be able to award any single whistleblower 10% of the amount collected or $50,000, whichever is greater.

The Financial Compensation for CFPB Whistleblowers Act is cosponsored by Chairman of the Senate Banking, Housing, and Urban Affairs Committee Senator Sherrod Brown and Senators Dick Durbin, Elizabeth Warren, Jeff Merkley, Richard Blumenthal, and Tina Smith. In the House, Representative Al Green introduced a companion bill (H.R. 5484).

A whistleblower reward program at the CFPB could significantly augment enforcement of consumer financial protection laws, including laws barring unfair, deceptive, or abusive acts and practices.  The CFPB has authority over a broad array of consumer financial products and services, including mortgages, deposit taking, credit cards, loan servicing, check guaranteeing, collection of consumer report data, debt collection associated with consumer financial products and services, real estate settlement, money transmitting, and financial data processing.  In addition, the CFPB is the primary consumer compliance supervisory, enforcement, and rulemaking authority over depository institutions with more than $10 billion in assets.

Hopefully, Congress will act swiftly to enact the Financial Compensation for CFPB Whistleblowers Act.

Protection for CFPB Whistleblowers

Although Congress did not establish a whistleblower reward program when it created the CFPB, it included a strong whistleblower protection provision in the Consumer Financial Protection Act of 2010 (CFPA).  The anti-retaliation provision of the Consumer Financial Protection Act provides a cause of action for corporate whistleblowers who suffer retaliation for raising concerns about potential violations of rules or regulations of the CFPC.

Workers Protected by the CFPA Anti-Retaliation Law

The term “covered employee” means “any individual performing tasks related to the offering or provision of a consumer financial product or service.”  The CFPA defines a “consumer financial product or service” to include “a wide variety of financial products or services offered or provided for use by consumers primarily for personal, family, or household purposes, and certain financial products or services that are delivered, offered, or provided in connection with a consumer financial product or service . . . Examples of these include . .. residential mortgage origination, lending, brokerage and servicing, and related products and services such as mortgage loan modification and foreclosure relief; student loans; payday loans; and other financial services such as debt collection, credit reporting, credit cards and related activities, money transmitting, check cashing and related activities, prepaid cards, and debt relief services.”

Scope of Protected Whistleblowing About Consumer Financial Protection Violations

The CFPA protects disclosures made to an employer, to the CFPB or any State, local, or Federal, government authority or law enforcement agency concerning any act or omission that the employee reasonably believes to be a violation of any CFPB regulation or any other consumer financial protection law that the Bureau enforces. This includes several federal laws regulating “unfair, deceptive, or abusive practices . . . related to the provision of consumer financial products or services.”

Some of the matters the CFPB regulates include:

  • kickbacks paid to mortgage issuers or insurers;
  • deceptive advertising;
  • discriminatory lending practices, including a violation of the Equal Credit Opportunity Act (“ECOA”);
  • excessive fees;
  • any false, deceptive, or misleading representation or means in connection with the collection of any debt; and
  • debt collection activities that violate the Fair Debt Collection Practices Act (FDCPA).

Some of the consumer financial protection laws that the CFPB enforces include:

  • Real Estate Settlement Procedures Act;
  • Home Mortgage Disclosure Act;
  • Equal Credit Opportunity Act;
  • Truth in Lending Act;
  • Truth in Savings Act;
  • Fair Credit Billing Act;
  • Fair Credit Reporting Act;
  • Electronic Fund Transfer Act;
  • Consumer Leasing Act;
  • Fair Debt Collection Practices Act;
  • Home Owners Protection Act; and
  • Secure and Fair Enforcement for Mortgage Licensing Act

Reasonable Belief Standard in Banking Whistleblower Retaliation Cases

The CFPA whistleblower protection law employs a reasonable belief standard.  As long as the plaintiff’s belief is reasonable, the whistleblower is protected, even if the whistleblower makes a mistake of law or fact about the underlying violation of a law or regulation under the CFPB’s jurisdiction.

Prohibited Retaliation

The CFPA anti-retaliation law proscribes a broad range of adverse employment actions, including terminating, “intimidating, threatening, restraining, coercing, blacklisting or disciplining, any covered employee or any authorized representative of covered employees” because of the employee’s protected whistleblowing.

Proving CFPA Whistleblower Retaliation

To prevail in a CFPA whistleblower retaliation claim, the whistleblower need only prove that his or her protected conduct was a contributing factor in the adverse employment action, i.e., that the protected activity, alone or in combination with other factors, affected in some way the outcome of the employer’s decision.

Where the employer takes the adverse employment action “shortly after” learning about the protected activity, courts may infer a causal connection between the two.  Van Asdale v. Int’l Game Tech., 577 F.3d 989, 1001 (9th Cir. 2009).

Filing a CFPA Financial Whistleblower Retaliation Claim

CFPA complaints are filed with OSHA, and the statute of limitations is 180 days from the date when the alleged violation occurs, which is the date on which the retaliatory decision has been both made and communicated to the whistleblower.

The complaint need not be in any particular form and can be filed orally with OSHA. A CFPA complaint need not meet the stringent pleading requirements that apply in federal court, and instead the administrative complaint “simply alerts OSHA to the existence of the alleged retaliation and the complainant’s desire that OSHA investigate the complaint.” If the complaint alleges each element of a CFPA whistleblower retaliation claim and the employer does not show by clear and convincing that it would have taken the same action in the absence of the alleged protected activity, OSHA will conduct an investigation.

OSHA investigates CFPA complaints to determine whether there is reasonable cause to believe that protected activity was a contributing factor in the alleged adverse action.  If OSHA finds a violation, it can order reinstatement of the whistleblower and other relief.

Article By Jason Zuckerman of Zuckerman Law

For more financial legal news, click here to visit the National Law Review.

© 2021 Zuckerman Law

Biden Administration Issues New Government-Wide Anti-Corruption Strategy

On Dec. 7, 2021, the White House published a government-wide policy document entitled “United States Strategy on Countering Corruption” (“Strategy”). The Strategy implements President Biden’s National Security Memorandum from earlier in 2021, which declared international corruption a threat to U.S. national security.

The Strategy is notable for several reasons:

First, the Strategy focuses not just on the “supply side” of foreign bribery and corruption—that is, companies acting in violation of the Foreign Corrupt Practices Act (FCPA)—but also on the “demand side” of the equation, namely corrupt foreign officials and those who assist them. It promises to pair vigorous enforcement of the FCPA with efforts to hold corrupt leaders themselves accountable, via U.S. money laundering laws, economic sanctions, and visa restrictions.

Second, the Strategy specifically calls out the role of illicit finance in facilitating and perpetuating foreign corruption, promising “aggressive enforcement” against those who facilitate the laundering of corrupt proceeds through the U.S. economy. Professional gatekeepers such as lawyers, accountants, and trust and company service providers are specifically identified as targets of future scrutiny. The Strategy also promises to institute legislative and regulatory changes to address anti-money laundering (AML) vulnerabilities in the U.S. financial system. These promised changes include:

  • Finalizing beneficial ownership regulations, and building a national database of beneficial owners, as mandated by the Anti-Money Laundering Act of 2020.

  • Promulgating regulations designed to reveal when real estate is used to hide ill-gotten gains. Contemporaneously with the White House’s issuance of the Strategy, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an Advance Notice of Proposed Rulemaking (ANPRM), inviting public comment on its plan to apply additional scrutiny to all-cash real estate transactions.

  • Prescribing minimum reporting standards for investment advisors and other types of equity funds, which are currently not subject to same AML program requirements as other financial institutions.

Third, the Strategy calls for a coordinated, government-wide response to corruption, and it contemplates a role not only for law enforcement and regulatory agencies but also for agencies such as the Department of State and Department of Commerce, which is to establish its own new anti-corruption task force. It remains to be seen if the increased scope of anti-corruption efforts called for by the Strategy will result in new or additional penalties for persons and entities perceived as corrupt or as facilitating corruption, but the Strategy may place an additional premium on corporate anti-corruption compliance.

Individuals and entities operating in sectors traditionally associated with corruption and/or AML risk should consider taking the following steps in response to the Strategy. These considerations apply not only to U.S. persons and businesses but also to anyone who may fall within the broad purview of the FCPA, U.S. money laundering statutes, and other laws with extraterritorial reach:

  • Increase due diligence for any pending or future transactions in jurisdictions where potentially corrupt actors or their designees play a role in awarding government contracts. Ensure any payments are the result of arms-length transactions based on legitimate financial arrangements.

  • Professional gatekeepers should become familiar with the particular risks associated with the industries in which they operate. While AMLA made it clear that lawyers, accountants, and real estate professionals will come under increased scrutiny based on the risk profile of their clients, the Strategy increases the likelihood that law enforcement will devote additional resources in this sometimes-overlooked area.

  • Given the increased role the State Department will continue to play in the anticorruption space based on the National Defense Authorization Act and the Strategy, companies doing business in or with countries vital to U.S. foreign policy goals should remember that in addition to the individual leaders of these countries, government institutions and lower-level officials could create risk and will be closely watched. Though the U.S. government often talks about specific government officials, the Strategy appears to take a broader approach.

  • Businesses should continue to examine and reexamine third-party risk with an emphasis on preventing potential problems before they occur. Additional resources and increased cooperation between and among government agencies may lead to additional investigations and enforcement actions, so compliance programs should be updated where necessary.

Article By Kyle R. Freeny and Benjamin G. Greenberg of Greenberg Traurig, LLP

For more white collar crime and consumer rights legal news, click here to visit the National Law Review.

©2021 Greenberg Traurig, LLP. All rights reserved.

Tribal Cannabis Tourism and Current Status of Federal Legislation Impacting the Cannabis Industry

As Tribes expand their economic endeavors into the cannabis industry, the growth of cannabis tourism is a natural development. Below, we offer details on how cannabis tourism could support Tribal governments’ economic development efforts. We also provide an update on the status of pending federal legislation that could bring positive impacts to the cannabis industry.

Cannabis Tourism

With the pandemic continuing to take a toll on the tourism industry, many U.S. states and territories are exploring ways to help that industry recover. One potential savior for tourism is cannabis. As states went into varying levels of lockdown in early 2020, businesses deemed “nonessential,” including recreational facilities, gyms, bars, restaurants, etc. were forced to shut down. However, early into lockdown, cannabis was deemed “essential” in California, a designation other states with functional cannabis markets quickly adopted. In total, nearly 30 states, along with the District of Columbia and Puerto Rico, deemed cannabis businesses essential. This triggered some major changes in the industry, including:

With all of these changes, cannabis tourism has developed into a potentially rewarding industry that Tribal governments might be able to cultivate as part of efforts to recover economic losses suffered by their tourism and other businesses

What is Cannabis Tourism?

Cannabis tourism is most generally characterized as a destination-based industry that attracts tourists because cannabis is legal in that location. But the industry can take many forms. For example, tourists might visit a dispensary to learn more about the development of cannabis crops, stay at a “bud and breakfast,” tour a cannabis farm or growing facility, or dine at a restaurant with cannabis-infused dishes. Cannabis tourism can also have a positive knock-on effect for many other Tribal businesses.

How can Tribes Participate?

Interested Tribes can create specific cannabis-centered tourist destinations. One example is opening a farm or growing facility that is similar to a wine vineyard, where consumers can tour the facility and sample the products. This concept would serve multiple functions in that the farm would supply dispensaries while providing a tourism destination that would benefit hotels, restaurants, and the local economy.

Another route is to add cannabis tourism into existing tourism infrastructure. Tribes can take advantage of their land base and natural resources by offering cannabis hikes or camping expeditions, where participants are able to experience nature while partaking. Tribes with resort properties can offer CBD-infused massages at their spa, include CBD and hemp products at their gift shops, or offer travel packages designed for cannabis tourists. The idea behind this approach is to utilize the Tribe’s existing tourism infrastructure to provide new cannabis tourism options.

Federal Cannabis Legislation Update

The following is an update on pending federal legislation that would impact the cannabis industry. Summaries of previous cannabis legislative developments are provided in past articles..

The Democrats control both the House and the Senate (with Vice President Harris acting as the tie-breaking vote in the 50-50 Senate) but passing any cannabis legislation in the current Congress might prove difficult. The filibuster rules require 60 votes for a bill to pass the Senate, so any cannabis legislation would need relatively strong bipartisan support.

The future of federal cannabis law remains unclear, but Tribes interested in the cannabis industry can start taking steps now to establish the necessary framework to support this new area of Tribal economic enterprise.

Article By Robert A. Conrad and Laura E. Jones of Van Ness Feldman LLP

For more biotech, food, and drug legal news, click here to visit the National Law Review.

© 2021 Van Ness Feldman LLP

NYC Announces Private-Sector Vaccine Mandate

On December 6, 2021, outgoing New York City Mayor Bill de Blasio announced major expansions to New York’s “Key to NYC” program, which was implemented through Emergency Executive Order 225 and became effective on August 17, 2021. The mayor also announced a first-in-the-nation vaccination mandate for private-sector workers in New York City, which is set to take effect on December 27, 2021. Additional guidance on these expansive mandates is expected on December 15, 2021.

Private-Sector Vaccine Mandate

The mayor has announced that New York City will implement a “first-in-the-nation,” vaccine mandate for private-sector workers. The mandate is currently set to take effect on December 27, 2021. The mayor estimates that approximately 184,000 businesses would be affected. A spokesperson for Mayor-elect Eric Adams, who is due to take office on January 1, 2022, just days after the mandate is set to take effect, has indicated that the mayor-elect will evaluate the mandate when he takes office and will “make determinations based on science, efficacy and the advice of health professionals.”

Key to NYC Expanded

Under the existing Key to NYC program, staff and patrons who enter certain types of indoor entertainment, recreation, dining, and fitness establishments are required to have received at least one dose of a COVID-19 vaccine. Previously, children under the age of 12, along with certain other individuals were exempt from showing proof of vaccination.

Beginning on December 14, 2021, children ages 5-11 will be required to show proof of at least one dose of the COVID-19 vaccine in order to enter the covered establishments mentioned above. While individuals were previously only required to show proof of one dose of the vaccine, beginning on December 27, individuals in New York City over the age of 12 will now be required to show proof of two doses of the vaccine.

High-Risk Extracurricular Activities

The mayor also announced that vaccinations would be required for children ages 5-11 if they wish to participate in “high-risk extracurricular activities.” These activities are currently defined as “sports, band, orchestra, and dance.” Children in this age group will be required to have the initial vaccine dose by December 14, 2021.

Key Takeaways

Employers in New York City may wish to review the above requirements to ensure that their practices comply with the obligations articulated in the anticipated mandates. Employers may also want to stay updated as the Key to NYC and the private-sector vaccine mandate continues to evolve.

Article By Kelly M. Cardin and Jessica R. Schild of Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

For more labor and employment legal news, click here to visit the National Law Review.

© 2021, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.

Privacy Tip #309 – Women Poised to Fill Gap of Cybersecurity Talent

I have been advocating for gender equality in Cybersecurity for years [related podcast and post].

The statistics on the participation of women in the field of cybersecurity continue to be bleak, despite significant outreach efforts, including “Girls Who Code” and programs to encourage girls to explore STEM (Science, Technology, Engineering and Mathematics) subjects.

Women are just now rising to positions from which they can help other women break into the field, land high-paying jobs, and combat the dearth of talent in technology. Judy Dinn, the new Chief Information Officer of TD Bank NA, is doing just that. One of her priorities is to encourage women to pursue tech careers. She recently told the Wall Street Journal that she “really, really always wants to make sure that female representation—whether they’re in grade school, high school, universities—that that funnel is always full.”

The Wall Street Journal article states that a study by AnitaB.org found that “women made up about 29% of the U.S. tech workforce in 2020.”  It is well known that companies are fighting for tech and cybersecurity talent and that there are many more open positions than talent to fill them. The tech and cybersecurity fields are growing with unlimited possibilities.

This is where women should step in. With increased support, and prioritized recruiting efforts that encourage women to enter fields focused on technology, we can tap more talent and begin to fill the gap of cybersecurity talent in the U.S.

Article By Linn F. Freedman of Robinson & Cole LLP

For more privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.