3115 Search Results

October 18, 2018 |
FERC Issues Long-Awaited Order on Return on Equity for New England Electric Utilities

Click for PDF On October 16, 2018, the Federal Energy Regulatory Commission (“FERC”) issued a long-awaited order on the return on equity (“ROE”) to be used by electric utilities in New England for setting their transmission rates.  The order has major implications for all electric utilities—not just those in New England—because the order establishes a new methodology for reviewing and setting ROEs that will be applied to all FERC-regulated electric utilities going forward.  There is no indication in the order that FERC intends this methodology to apply to natural gas pipeline rates. In Tuesday’s order, FERC charted a wholly new course for setting ROEs by using neither a one-step or two-step discounted cash flow (“DCF”) methodology as it has used historically.  Implicitly responding to long standing criticism of the DCF model, FERC instead adopted a new approach in which it: (i) will first look to whether an existing ROE falls within a particular range of ROEs within a “zone of reasonableness” established through three separate financial models (one of which is the DCF) and then, if the ROE falls outside the range, (ii) it will establish a new ROE through application of four separate methodologies for estimating ROEs. The order was issued in four separate but related proceedings initiated by complaints filed against the New England utilities.  One of these proceedings was on remand from the U.S. Court of Appeals for the D.C. Circuit’s 2017 decision in Emera Maine v. FERC.  Three were pending before FERC on “exceptions” (i.e., appeal) from FERC administrative law judge (“ALJ”) decisions issued in 2016 and 2018. These four related cases began with a complaint filed against New England’s utilities on September 30, 2011 by Martha Coakley, the Attorney General of Massachusetts, and other entities and state agencies.  FERC set that matter for hearing before an ALJ but, on appeal of the ALJ’s decision, issued its then-seminal 2014 order in Coakley v. Bangor Hydro in which it changed its historic methodology for setting electric utility ROEs. Prior to Coakley, FERC established electric utility ROEs based on a “one-step” DCF methodology that estimated actual ROEs of publicly traded electric utilities to determine the appropriate ROE for the subject utility.  More specifically, the methodology calculated what investors in comparable utilities expected for ROEs (as evidenced by dividend yields and analyst earnings forecasts) and then set the ROE for the subject utility at either the midpoint or median of the range of ROEs of these comparable utilities (the so-called “zone of reasonableness”). In Coakley, FERC instead used a “two-step” DCF methodology to set the ROEs for the New England utilities.  This methodology, which had been used by FERC for natural gas pipelines for some time, looked not only at ROEs of comparable utilities but also at long-term economic growth forecasts.  All things being equal, the two-step methodology thus resulted in a lower ROE than the one-step methodology because long-term forecast economic growth generally is lower than ROEs imputed from divided yields and earnings forecasts.  However, in a major departure from precedent, FERC set the ROE for the New England utilities not at the median or midpoint of the zone of reasonableness, but at the midpoint of the upper half of the zone.  FERC explained that anomalous capital market conditions justified this departure from precedent. From 2012 to 2014, three additional complaints were filed against the New England utilities by a variety of entities seeking lower ROEs.  FERC set all three for hearing before ALJs.  All three resulted in ALJ decisions that were appealed up to FERC, where they remain pending, and partially rendered moot by yesterday’s FERC order. The Coakley decision was widely criticized as an opportunistic means to lowering overall returns at a time when lower interest rates were actually encouraging new infrastructure investment.  The decision was appealed to the U.S. Court of Appeals for the D.C. Circuit by both the utilities and their customers. The Court in 2017—in an order titled Emera Maine v. FERC—found in part for the utilities and in part for the customers.  Finding for the customers, the Court held that an existing ROE that falls within the zone of reasonableness is not per se just and reasonable and, thus, may be changed by FERC.  Finding for the utilities, the Court held that FERC had not adequately shown that the New England utilities’ existing ROE was unjust and reasonable.  The Court thus vacated the underlying Coakley decision and remanded the matter to FERC.  But by vacating the underlying decision, the Court gave FERC wide berth in adopting a new and revised approach to establishing ROE policy. Yesterday’s FERC order addresses the Coakley decision’s shortcomings identified by the Court in Emera Maine v. FERC by establishing a clear two-step approach to ROE complaint matters.  But it goes much further by looking beyond DCF analyses and espousing a methodology that uses multiple financial models. First, FERC proposes using three different financial models—the DCF, the CAPM, and the Expected Earnings models—to establish a zone of reasonableness of estimated ROEs enjoyed by utilities with comparable risk to that at issue (with risk generally indicated by credit ratings).  The DCF model, as noted, has historically been the sole model used by FERC to establish the zone of reasonableness and, if necessary, the new ROE; parties, however, have often presented evidence of results from the CAPM or Expected Earnings models as additional evidence seeking to support or refute the DCF results. Importantly, FERC held that if a utility’s existing ROE falls within a particular range (i.e., effectively a sub-zone) within the zone of reasonableness it will be presumed to be just and reasonable.  As a result, FERC will dismiss a complaint if the ROE falls within the range unless other evidence sufficiently rebuts that presumption.  Given the D.C. Circuit’s ruling in Emera Maine v. FERC, this part of FERC’s order will likely be challenged in court again. Second, if the existing ROE is found to be unjust and unreasonable, FERC will establish a new ROE based on four financial models—the three used to set the zone of reasonableness as well as the Risk Premium Model.  More specifically, FERC will set the new ROE at the average of (i) the midpoints or medians of the zones of reasonableness established by the DCF, the CAPM, and the Expected Earnings models and (ii) the single numerical result of the Risk Premium Model (which, like the CAPM and Expected Earnings models, has been used in FERC proceedings as additional evidence).  More detail on the models is provided in an appendix to the FERC order. As FERC applied this new methodology to the pending New England utility cases, it found that the range for evaluating the current ROE is 9.60 percent to 10.99 percent and that the pre-Coakley 11.14 percent ROE for the utilities is unjust and unreasonable.  FERC then applied the new composite methodology to setting ROEs and reached a “preliminary” finding that a 10.41 percent ROE is just and reasonable.  FERC however established a “paper hearing” and invited parties to submit briefs regarding the proposed new approach to ROEs and its application to the four New England complaint proceedings.  Initial briefs are due within 60 days of the date of the order and reply briefs are due 30 days thereafter. The order was issued by Chairman McIntryre, and Commissioners LaFleur and Chatterjee. Commissioner Glick did not participate in the decision, but no reason was given.  It is suspected that Commissioner Glick recused himself because he previously worked for Iberdrola, the parent of two of the New England electric utilities directly impacted by the order. On balance, FERC’s new approach, while complicated, appears to be a sounder approach to establishing ROEs than simply using the DCF method.  However, the order fails to specify many implementation details that will need to be hashed out in the upcoming briefing process.  How these details are determined will have a large impact on the end result of the new approach.  And all of this will likely be done in the context of rising interest rates and the need to invest in new transmission infrastructure in a number of parts of the country. Gibson Dunn’s Energy, Regulation and Litigation lawyers are available to assist in addressing any questions you may have regarding the developments discussed above.  To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, or the authors: William S. Scherman – Washington, D.C. (+1 202-887-3510, wscherman@gibsondunn.com) Jeffrey M. Jakubiak – New York (+1 212-351-2498, jjakubiak@gibsondunn.com) Jennifer C. Mansh – Washington, D.C. (+1 202-955-8590, jmansh@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 17, 2018 |
SEC Warns Public Companies on Cyber-Fraud Controls

Click for PDF On October 16, 2018, the Securities and Exchange Commission issued a report warning public companies about the importance of internal controls to prevent cyber fraud.  The report described the SEC Division of Enforcement’s investigation of multiple public companies which had collectively lost nearly $100 million in a range of cyber-scams typically involving phony emails requesting payments to vendors or corporate executives.[1] Although these types of cyber-crimes are common, the Enforcement Division notably investigated whether the failure of the companies’ internal accounting controls to prevent unauthorized payments violated the federal securities laws.  The SEC ultimately declined to pursue enforcement actions, but nonetheless issued a report cautioning public companies about the importance of devising and maintaining a system of internal accounting controls sufficient to protect company assets. While the SEC has previously addressed the need for public companies to promptly disclose cybersecurity incidents, the new report sees the agency wading into corporate controls designed to mitigate such risks.  The report encourages companies to calibrate existing internal controls, and related personnel training, to ensure they are responsive to emerging cyber threats.  The report (issued to coincide with National Cybersecurity Awareness Month) clearly intends to warn public companies that future investigations may result in enforcement action. The Report of Investigation Section 21(a) of the Securities Exchange Act of 1934 empowers the SEC to issue a public Report of Investigation where deemed appropriate.  While SEC investigations are confidential unless and until the SEC files an enforcement action alleging that an individual or entity has violated the federal securities laws, Section 21(a) reports provide a vehicle to publicize investigative findings even where no enforcement action is pursued.  Such reports are used sparingly, perhaps every few years, typically to address emerging issues where the interpretation of the federal securities laws may be uncertain.  (For instance, recent Section 21(a) reports have addressed the treatment of digital tokens as securities and the use of social media to disseminate material corporate information.) The October 16 report details the Enforcement Division’s investigations into the internal accounting controls of nine issuers, across multiple industries, that were victims of cyber-scams. The Division identified two specific types of cyber-fraud – typically referred to as business email compromises or “BECs” – that had been perpetrated.  The first involved emails from persons claiming to be unaffiliated corporate executives, typically sent to finance personnel directing them to wire large sums of money to a foreign bank account for time-sensitive deals. These were often unsophisticated operations, textbook fakes that included urgent, secret requests, unusual foreign transactions, and spelling and grammatical errors. The second type of business email compromises were harder to detect. Perpetrators hacked real vendors’ accounts and sent invoices and requests for payments that appeared to be for otherwise legitimate transactions. As a result, issuers made payments on outstanding invoices to foreign accounts controlled by impersonators rather than their real vendors, often learning of the scam only when the legitimate vendor inquired into delinquent bills. According to the SEC, both types of frauds often succeeded, at least in part, because responsible personnel failed to understand their company’s existing cybersecurity controls or to appropriately question the veracity of the emails.  The SEC explained that the frauds themselves were not sophisticated in design or in their use of technology; rather, they relied on “weaknesses in policies and procedures and human vulnerabilities that rendered the control environment ineffective.” SEC Cyber-Fraud Guidance Cybersecurity has been a high priority for the SEC dating back several years. The SEC has pursued a number of enforcement actions against registered securities firms arising out of data breaches or deficient controls.  For example, just last month the SEC brought a settled action against a broker-dealer/investment-adviser which suffered a cyber-intrusion that had allegedly compromised the personal information of thousands of customers.  The SEC alleged that the firm had failed to comply with securities regulations governing the safeguarding of customer information, including the Identity Theft Red Flags Rule.[2] The SEC has been less aggressive in pursuing cybersecurity-related actions against public companies.  However, earlier this year, the SEC brought its first enforcement action against a public company for alleged delays in its disclosure of a large-scale data breach.[3] But such enforcement actions put the SEC in the difficult position of weighing charges against companies which are themselves victims of a crime.  The SEC has thus tried to be measured in its approach to such actions, turning to speeches and public guidance rather than a large number of enforcement actions.  (Indeed, the SEC has had to make the embarrassing disclosure that its own EDGAR online filing system had been hacked and sensitive information compromised.[4]) Hence, in February 2018, the SEC issued interpretive guidance for public companies regarding the disclosure of cybersecurity risks and incidents.[5]  Among other things, the guidance counseled the timely public disclosure of material data breaches, recognizing that such disclosures need not compromise the company’s cybersecurity efforts.  The guidance further discussed the need to maintain effective disclosure controls and procedures.  However, the February guidance did not address specific controls to prevent cyber incidents in the first place. The new Report of Investigation takes the additional step of addressing not just corporate disclosures of cyber incidents, but the procedures companies are expected to maintain in order to prevent these breaches from occurring.  The SEC noted that the internal controls provisions of the federal securities laws are not new, and based its report largely on the controls set forth in Section 13(b)(2)(B) of the Exchange Act.  But the SEC emphasized that such controls must be “attuned to this kind of cyber-related fraud, as well as the critical role training plays in implementing controls that serve their purpose and protect assets in compliance with the federal securities laws.”  The report noted that the issuers under investigation had procedures in place to authorize and process payment requests, yet were still victimized, at least in part “because the responsible personnel did not sufficiently understand the company’s existing controls or did not recognize indications in the emailed instructions that those communications lacked reliability.” The SEC concluded that public companies’ “internal accounting controls may need to be reassessed in light of emerging risks, including risks arising from cyber-related frauds” and “must calibrate their internal accounting controls to the current risk environment.” Unfortunately, the vagueness of such guidance leaves the burden on companies to determine how best to address emerging risks.  Whether a company’s controls are adequate may be judged in hindsight by the Enforcement Division; not surprisingly, companies and individuals under investigation often find the staff asserting that, if the controls did not prevent the misconduct, they were by definition inadequate.  Here, the SEC took a cautious approach in issuing a Section 21(a) report highlighting the risk rather than publicly identifying and penalizing the companies which had already been victimized by these scams. However, companies and their advisors should assume that, with this warning shot across the bow, the next investigation of a similar incident may result in more serious action.  Persons responsible for designing and maintaining the company’s internal controls should consider whether improvements (such as enhanced trainings) are warranted; having now spoken on the issue, the Enforcement Division is likely to view corporate inaction as a factor in how it assesses the company’s liability for future data breaches and cyber-frauds.    [1]   SEC Press Release (Oct. 16, 2018), available at www.sec.gov/news/press-release/2018-236; the underlying report may be found at www.sec.gov/litigation/investreport/34-84429.pdf.    [2]   SEC Press Release (Sept. 16, 2018), available at www.sec.gov/news/press-release/2018-213.  This enforcement action was particularly notable as the first occasion the SEC relied upon the rules requiring financial advisory firms to maintain a robust program for preventing identify theft, thus emphasizing the significance of those rules.    [3]   SEC Press Release (Apr. 24, 2018), available at www.sec.gov/news/press-release/2018-71.    [4]   SEC Press Release (Oct. 2, 2017), available at www.sec.gov/news/press-release/2017-186.    [5]   SEC Press Release (Feb. 21, 2018), available at www.sec.gov/news/press-release/2018-22; the guidance itself can be found at www.sec.gov/rules/interp/2018/33-10459.pdf.  The SEC provided in-depth guidance in this release on disclosure processes and considerations related to cybersecurity risks and incidents, and complements some of the points highlighted in the Section 21A report. Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these issues.  For further information, please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Securities Enforcement or Privacy, Cybersecurity and Consumer Protection practice groups, or the following authors: Marc J. Fagel – San Francisco (+1 415-393-8332, mfagel@gibsondunn.com) Alexander H. Southwell – New York (+1 212-351-3981, asouthwell@gibsondunn.com) Please also feel free to contact the following practice leaders and members: Securities Enforcement Group: New York Barry R. Goldsmith – Co-Chair (+1 212-351-2440, bgoldsmith@gibsondunn.com) Mark K. Schonfeld – Co-Chair (+1 212-351-2433, mschonfeld@gibsondunn.com) Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com) Joel M. Cohen (+1 212-351-2664, jcohen@gibsondunn.com) Lee G. Dunst (+1 212-351-3824, ldunst@gibsondunn.com) Laura Kathryn O’Boyle (+1 212-351-2304, loboyle@gibsondunn.com) Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Avi Weitzman (+1 212-351-2465, aweitzman@gibsondunn.com) Lawrence J. Zweifach (+1 212-351-2625, lzweifach@gibsondunn.com) Washington, D.C. Richard W. Grime – Co-Chair (+1 202-955-8219, rgrime@gibsondunn.com) Stephanie L. Brooker  (+1 202-887-3502, sbrooker@gibsondunn.com) Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com) Stuart F. Delery (+1 202-887-3650, sdelery@gibsondunn.com) Patrick F. Stokes (+1 202-955-8504, pstokes@gibsondunn.com) F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) San Francisco Marc J. Fagel – Co-Chair (+1 415-393-8332, mfagel@gibsondunn.com) Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) Thad A. Davis (+1 415-393-8251, tdavis@gibsondunn.com) Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com) Michael Li-Ming Wong (+1 415-393-8234, mwong@gibsondunn.com) Palo Alto Paul J. Collins (+1 650-849-5309, pcollins@gibsondunn.com) Benjamin B. Wagner (+1 650-849-5395, bwagner@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) Monica K. Loseman (+1 303-298-5784, mloseman@gibsondunn.com) Los Angeles Michael M. Farhang (+1 213-229-7005, mfarhang@gibsondunn.com) Douglas M. Fuchs (+1 213-229-7605, dfuchs@gibsondunn.com) Privacy, Cybersecurity and Consumer Protection Group: Alexander H. Southwell – Co-Chair, New York (+1 212-351-3981, asouthwell@gibsondunn.com) M. Sean Royall – Dallas (+1 214-698-3256, sroyall@gibsondunn.com) Debra Wong Yang – Los Angeles (+1 213-229-7472, dwongyang@gibsondunn.com) Christopher Chorba – Los Angeles (+1 213-229-7396, cchorba@gibsondunn.com) Richard H. Cunningham – Denver (+1 303-298-5752, rhcunningham@gibsondunn.com) Howard S. Hogan – Washington, D.C. (+1 202-887-3640, hhogan@gibsondunn.com) Joshua A. Jessen – Orange County/Palo Alto (+1 949-451-4114/+1 650-849-5375, jjessen@gibsondunn.com) Kristin A. Linsley – San Francisco (+1 415-393-8395, klinsley@gibsondunn.com) H. Mark Lyon – Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com) Shaalu Mehra – Palo Alto (+1 650-849-5282, smehra@gibsondunn.com) Karl G. Nelson – Dallas (+1 214-698-3203, knelson@gibsondunn.com) Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com) Benjamin B. Wagner – Palo Alto (+1 650-849-5395, bwagner@gibsondunn.com) Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415-393-8333/+1 650-849-5393, mwong@gibsondunn.com) Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 15, 2018 |
Flood v. Synutra Refines “Ab Initio” Requirement for Business Judgment Review of Controller Transactions

Click for PDF On October 9, 2018, in Flood v. Synutra Intth’l, Inc.,[1] the Delaware Supreme Court further refined when in a controller transaction the procedural safeguards of Kahn v. M & F Worldwide Corp.[2] (“MFW“) must be implemented to obtain business judgment rule review of the transaction.  Under MFW, a merger with a controlling stockholder will be reviewed under the deferential business judgment rule standard, rather than the stringent entire fairness standard, if the merger is conditioned “ab initio” upon approval by both an independent, adequately-empowered Special Committee that fulfills its duty of care, and the uncoerced, informed vote of a majority of the minority stockholders.[3]  Writing for the majority in Synutra, Chief Justice Strine emphasized that the objective of MFW and its progeny is to incentivize controlling stockholders to adopt the MFW procedural safeguards early in the transaction process, because those safeguards can provide minority stockholders with the greatest likelihood of receiving terms and conditions that most closely resemble those that would be available in an arms’ length transaction with a non-affiliated third party.  Accordingly, the Court held that “ab initio” (Latin for “from the beginning”) requires that the MFW protections be in place prior to any substantive economic negotiations taking place with the target (or its board or Special Committee).  The Court declined to adopt a “bright line” rule that the MFW procedures had to be a condition of the controller’s “first offer” or other initial communication with the target about a potential transaction. Factual Background Synutra affirmed the Chancery Court’s dismissal of claims against Liang Zhang and related entities, who controlled 63.5% of Synutra’s stock.  In January 2016, Zhang wrote a letter to the Synutra board proposing to take the company private, but failed to include the MFW procedural prerequisites of Special Committee and majority of the minority approvals in the initial bid.  One week after Zhang’s first letter, the board formed a Special Committee to evaluate the proposal and, one week after that, Zhang submitted a revised bid letter that included the MFW protections.  The Special Committee declined to engage in any price negotiations until it had retained and received projections from its own investment bank, and such negotiations did not begin until seven months after Zhang’s second offer. Ab Initio Requirement The plaintiff argued that because Zhang’s initial letter did not contain the dual procedural safeguards of MFW as pre-conditions of any transaction, the “ab initio” requirement of MFW was not satisfied and therefore business judgment standard of review had been irreparably forfeited.  The Court declined to adopt this rigid position, and considered that “ab initio” for MFW purposes can be assessed more flexibly.  To arrive at this view, the Court explored the meaning of “the beginning” as used in ordinary language to denote an early period rather than a fixed point in time.  The Court also parsed potential ambiguities in the language of the Chancery Court’s MFW opinion, which provided that MFW pre-conditions must be in place “from the time of the controller’s first overture”[4] and “from inception.”[5] Ultimately, the Court looked to the purpose of the MFW protections to find that “ab initio” need not be read as referring to the single moment of a controller’s first offer.  As Synutra emphasizes, the key is that the controller not be able to trade adherence to MFW protections for a concession on price.  Hence the “ab initio” analysis focuses on whether deal economics remain untainted by controller coercion, so that the transaction can approximate an arms’ length transaction process with an unaffiliated third party.  As such, the Court’s reasoning is consistent with the standard espoused by the Chancery Court in its prior decision in Swomley v. Schlecht,[6] which the Court summarily affirmed in 2015, that MFW requires procedural protections be in place prior to the commencement of negotiations.[7] In a lengthy dissent, Justice Valihura opined that the “ab initio” requirement should be deemed satisfied only when MFW safeguards are included in the controller’s initial formal written proposal, and that the “negotiations” test undesirably introduces the potential for a fact-intensive inquiry that would complicate a pleadings-stage decision on what standard of review should be applied.  Chief Justice Strine acknowledged the potential appeal of a bright line test but ultimately rejected it because of the Court’s desire to provide strong incentive and opportunity for controllers to adopt and adhere to the MFW procedural safeguards, for the benefit of minority stockholders.  In doing so, the Court acknowledged that its approach “may give rise to close cases.”  However, the Court went on to add, “our Chancery Court is expert in the adjudication of corporate law cases.”  The Court also concluded that the facts in Synutra did not make it a close case.[8] Duty of Care The Court also upheld the Chancery Court’s dismissal of plaintiff’s claim that the Special Committee had breached its duty of care by failing to obtain a sufficient price.  Following the Chancery Court’s reasoning in Swomley, Synutra held that where the procedural safeguards of MFW have been observed, there is no duty of care breach at issue where a plaintiff alleges that a Special Committee could have negotiated differently or perhaps obtained a better price – what the Chancery Court in Swomley described as “a matter of strategy and tactics that’s debatable.”[9]  Instead, the Court confirmed that a duty of care violation would require a finding that the Special Committee had acted in a grossly negligent fashion.  Observing that the Synutra Special Committee had retained qualified and independent financial and legal advisors and engaged in a lengthy negotiation and deal process, the Court found nothing to support an inference of gross negligence and thus deferred to the Special Committee regarding deal price.[10] Procedural Posture Synutra dismissed the plaintiff’s complaint at the pleadings stage.  In its procedural posture, the Court followed Swomley, which allowed courts to resolve the MFW analysis based on the pleadings.  The dissent noted that adoption of a bright-line test would be more appropriate for pleadings-stage dismissals.  However, the Court established that it would be willing to engage some degree of fact-finding at the pleadings stage in order to allow cases to be dismissed at the earliest opportunity, even using the Court’s admittedly more flexible view of the application of MFW. Takeaways Synutra reaffirms the Court’s commitment to promoting implementation of MFW safeguards in controller transactions.  In particular: The Court will favor a pragmatic, flexible approach to “ab initio” determination, with the intent of determining whether the application of the MFW procedural safeguards have been used to affect or influence a transaction’s economics; Once a transaction has business judgment rule review, the Court will not inquire further as to sufficiency of price or terms absent egregious or reckless conduct by a Special Committee; and Since the goal is to incentivize the controller to follow MFW at a transaction’s earliest stages, complaints can be dismissed on the pleadings, thus avoiding far more costly and time consuming summary judgment motions. Although under Synutra a transaction may receive business judgment rule review despite unintentional or premature controller communications that do not reference the MFW procedural safeguards as inherent deal pre-conditions, deal professionals would be well advised not to push this flexibility too far.  Of course, there can be situations where a controller concludes that deal execution risks or burdens attendant to observance of the MFW safeguards are too great (or simply not feasible), and thus is willing to confront the close scrutiny of an entire fairness review if a deal is later challenged.  However, if a controller wants to ensure it will receive the benefit of business judgment rule review, the prudent course is to indicate, in any expression of interest, no matter how early or informal, that adherence to MFW procedural safeguards is a pre-condition to any transaction.  Synutra makes clear that the availability of business judgment review under MFW will be a facts and circumstances assessment, but we do not yet know what the outer limits of the Court’s flexibility will be, should it have to consider a more contentious set of facts in the future. [1]       Flood v. Synutra Int’l, Inc., No. 101, 2018 WL 4869248 (Del. Oct. 9, 2018). [2]      Kahn v. M&F Worldwide Corp., 88 A.3d 635 (Del. 2014). [3]      Id. at 644. [4]      In re MFW Shareholders Litigation, 67 A.3d 496, 503 (Del. Ch. 2013). [5]      Id. at 528. [6]      Swomley v. Schlecht, 2014 WL 4470947 (Del. Ch. 2014), aff’d 128 A.3d 992 (Del. 2015) (TABLE). [7]      The Court did not consider that certain matters that transpired between Zhang’s first and second offer letters, namely Synutra’s granting of a conflict waiver to allow its long-time counsel to represent Zhang (the Special Committee subsequently hired separate counsel), constituted substantive “negotiations” for this purpose since the waiver was not exchanged for any economic consideration. [8]      Synutra, 2018 WL 4869248, at *8. [9]      Id. at *11, citing Swomley, 2014 WL 4470947, at 21. [10]     In a footnote, the Court expressly overruled dicta in its MFW decision that the plaintiff cited to argue that a duty of care claim could be premised on the Special Committee’s obtaining of an allegedly insufficient price.  Id. at *10, Footnote 81. The following Gibson Dunn lawyers assisted in preparing this client update: Barbara Becker, Jeffrey Chapman, Stephen Glover, Mark Director, Eduardo Gallardo, Marina Szteinbok and Justice Flores. Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these issues.  For further information, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Mergers and Acquisitions practice group: Mergers and Acquisitions Group / Corporate Transactions: Barbara L. Becker – Co-Chair, New York (+1 212-351-4062, bbecker@gibsondunn.com) Jeffrey A. Chapman – Co-Chair, Dallas (+1 214-698-3120, jchapman@gibsondunn.com) Stephen I. Glover – Co-Chair, Washington, D.C. (+1 202-955-8593, siglover@gibsondunn.com) Dennis J. Friedman – New York (+1 212-351-3900, dfriedman@gibsondunn.com) Jonathan K. Layne – Los Angeles (+1 310-552-8641, jlayne@gibsondunn.com) Mark D. Director – Washington, D.C./New York (+1 202-955-8508/+1 212-351-5308, mdirector@gibsondunn.com) Eduardo Gallardo – New York (+1 212-351-3847, egallardo@gibsondunn.com) Saee Muzumdar – New York (+1 212-351-3966, smuzumdar@gibsondunn.com) Mergers and Acquisitions Group / Litigation: Meryl L. Young – Orange County (+1 949-451-4229, myoung@gibsondunn.com) Brian M. Lutz – San Francisco (+1 415-393-8379, blutz@gibsondunn.com) Aric H. Wu – New York (+1 212-351-3820, awu@gibsondunn.com) Paul J. Collins – Palo Alto (+1 650-849-5309, pcollins@gibsondunn.com) Michael M. Farhang – Los Angeles (+1 213-229-7005, mfarhang@gibsondunn.com) Joshua S. Lipshutz – Washington, D.C. (+1 202-955-8217, jlipshutz@gibsondunn.com) Adam H. Offenhartz – New York (+1 212-351-3808, aoffenhartz@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 11, 2018 |
Financing Arrangements and Documentation: Considerations Ahead of Brexit

Click for PDF Since the result of the Brexit referendum was announced in June 2016, there has been significant commentary regarding the potential effects of the UK’s withdrawal from the EU on the financial services industry. As long as the UK is negotiating its exit terms, a number of conceptual questions facing the sector still remain, such as market regulation and bank passporting. Many commentators have speculated from a ‘big picture’ perspective what the consequences will be if / when exit terms are agreed.  From a contractual perspective, the situation is nuanced. This article will consider certain areas within English law financing documentation which may or may not need to be addressed. Bank passporting The EU “passporting” regime has been the subject of much commentary since the result of the Brexit referendum.  In short, in some EU member states, lenders are required under domestic legislation to have licences to lend.  Many UK lenders have relied on EU passporting (currently provided for in MiFID II), which allows them to lend into EU member states simply by virtue of being regulated in the UK (and vice versa). The importance for the economy of the passporting regime is clear. Unless appropriate transitional arrangements are put in place to ensure that the underlying principle survives, however, there is a risk that following Brexit passporting could be lost.  Recent materials produced by the UK Government suggest that the loss of passporting may be postponed from March 2019 until the end of 2020, although financial institutions must still consider what will happen after 2020 if no replacement regime is agreed.  The UK Government has committed to legislate (if required) to put in place a temporary recognition regime to allow EU member states to continue their financial services in the UK for a limited time (assuming there is a “no deal” scenario and no agreed transition period). However, there has not to date been a commitment from the EU to agree to a mirror regime. Depending on the outcome of negotiations on passporting, financial institutions will need to consider the regulatory position in relation to the performance of their underlying financial service, whether that is: lending, issuance of letters of credit / guarantees, provision of bank accounts or other financial products, or performing agency / security agency roles. Financial institutions may need to look to transfer their participations to an appropriately licensed affiliate (if possible) or third party, change the branch through which it acts, resign from agency or account bank functions, and/or exit the underlying transaction using the illegality protections (although, determining what is “unlawful” for these purposes in terms of a lender being able to fund or maintain a loan will be a complex legal and factual analysis).  More generally, we expect these provisions to be the subject of increasing scrutiny, although there seems to be limited scope for lenders to move illegality provisions in their favour and away from an actual, objective illegality requirement, owing to long-standing commercial convention. From a documentary perspective, it will be necessary to analyse loan agreements individually to determine whether any provisions are invoked and/or breached, and/or any amendments are required.  For on-going structuring, it may be appropriate for facilities to be tranched – such tranches (to the extent the drawing requirements of international obligor group can be accurately determined ahead of time) being “ring-fenced”, with proportions of a facility made available to different members of the borrower group and to be participated in by different lenders – or otherwise structured in an alternative, inventive manner – for example, by “fronting” the facility with a single, adequately regulated lender with back-to-back lending mechanics (e.g. sub-participation) standing behind.  In the same way, we also expect that lenders will exert greater control – for example by requiring all lender consent in all instances – on the accession of additional members of the borrowing group to existing lending arrangements in an attempt to diversify the lending jurisdictions.  Derivatives If passporting rights are lost and transitional relief is not in place, this could have a significant impact on the derivatives markets.  Indeed, without specific transitional or equivalence agreements in place between the EU and the UK, market participants may not be able to use UK clearing houses to clear derivatives subject to mandatory clearing under EMIR.  Additionally, derivatives executed on UK exchanges could be viewed as “OTC derivatives” under EMIR and would therefore be counted towards the clearing thresholds under EMIR.  Further, derivatives lifecycle events (such as novations, amendments and portfolio compressions) could be viewed as regulated activities thereby raising questions about enforceability and additional regulatory restrictions and requirements. In addition to issues arising between EU and UK counterparties, equivalence agreements in the derivatives space between the EU and other jurisdictions, such as the United States, would not carry over to the UK.  Accordingly, the UK must put in place similar equivalence agreements with such jurisdictions or market participants trading with UK firms could be at a disadvantage compared to those trading with EU firms. As a result of the uncertainty around Brexit and the risk that passporting rights are likely to be lost, certain counterparties are considering whether to novate their outstanding derivatives with UK derivatives entities to EU derivatives entities ahead of the exit date.  Novating derivatives portfolios from a UK to an EU counterparty is a significant undertaking involving re-documentation, obtaining consents, reviewing existing documentation, identifying appropriate counterparties, etc. EU legislation and case law Loan agreements often contain references to EU legislation or case law and, therefore, it is necessary to consider whether amendments are required. One particular area to be considered within financing documentation is the inclusion of Article 55 Bail-In language[1].  In the last few years, Bail-In clauses have become common place in financing documentation, although they are only required for documents which are governed by the laws of a non-EEA country and where there is potential liability under that document for an EEA-incorporated credit institution or investment firm and their relevant affiliates, respectively.  Following withdrawal from the EU, the United Kingdom will (subject to any transitional or other agreed arrangements) cease to be a member of the EEA and therefore English law governed contracts containing in-scope liabilities of EU financial institutions may become subject to the requirements of Article 55.  Depending on the status of withdrawal negotiations as we head closer to March 2019, it may be appropriate as a precautionary measure to include Bail-In clauses ahead of time – however, this analysis is very fact specific, and will need to be carefully considered on a case-by-case basis. Governing law and jurisdiction Although EU law is now pervasive throughout the English legal system, English commercial contract law is, for the most part, untouched by EU law and therefore withdrawal from the EU is expected to have little or no impact.  Further, given that EU member states are required to give effect to the parties’ choice of law (regardless of whether that law is the law of an EU member state or another state)[2], the courts of EU member states will continue to give effect to English law in the same way they do currently.  Many loan agreements customarily include ‘one-way’ jurisdiction clauses which limit borrowers/obligors to bringing proceedings in the English courts (rather than having the flexibility to bring proceedings in any court of competent jurisdiction). This allows lenders to benefit from the perceived competency and commerciality of the English courts as regards disputes in the financial sector. Regardless of the outcome of the Brexit negotiations, such clauses  are likely to remain unchanged due to the experience of English judges in handling such disputes and the certainty of the common law system. It is possible that the UK’s withdrawal will impact the extent to which a judgement of the English courts will be enforceable in other EU member states.  Currently, an English judgement is enforceable in all other EU member states pursuant to EU legislation[3].  However, depending on the withdrawal terms agreed with the EU, the heart of this regulation may or may not be preserved. In other words, English judgements could be in the same position to that of, for example, judgements of the New York courts, where enforceability is dependent upon the underlying law of the relevant EU member state; or, an agreement could be reached for automatic recognition of English judgements across EU member states.  In the same vein, the UK’s withdrawal could also impact the enforcement in the UK of judgements of the courts of the remaining EU member states. Conclusion Just six months ahead of the UK’s 29 March 2019 exit date, there remains no agreed legal position as regards the terms of the UK’s withdrawal from the EU. It is clear that, for so long as such impasse remains, the contractual ramifications will continue to be fluid and the subject of discussion.  However, what is apparent is that the financial services sector, and financing arrangements more generally, are heavily impacted and it will be incumbent upon contracting parties, and their lawyers, to consider the relevant terms, consequences and solutions at the appropriate time. [1]   Article 55 of the Bank Resolution and Recovery Directive [2]   Rome I Regulation [3]   Brussels I regulation. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Global Finance practice group, or the authors: Amy Kennedy – London (+44 (0)20 7071 4283, akennedy@gibsondunn.com) Jeffrey L. Steiner – Washington, D.C. (+1 202-887-3632, jsteiner@gibsondunn.com) Alex Hillback – Dubai (+971 (0)4 318 4626, ahillback@gibsondunn.com) Please also feel free to contact the following leaders and members of the Global Finance and Financial Institutions practice groups: Global Finance Group: Thomas M. Budd – London (+44 (0)20 7071 4234, tbudd@gibsondunn.com) Gregory A. Campbell – London (+44 (0)20 7071 4236, gcampbell@gibsondunn.com) Richard Ernest – Dubai (+971 (0)4 318 4639, rernest@gibsondunn.com) Jamie Thomas – Singapore (+65 6507 3609, jthomas@gibsondunn.com) Michael Nicklin – Hong Kong (+852 2214 3809, mnicklin@gibsondunn.com) Linda L. Curtis – Los Angeles (+1 213 229 7582, lcurtis@gibsondunn.com) Aaron F. Adams – New York (+1 212 351 2494, afadams@gibsondunn.com) Financial Institutions Group: Arthur S. Long – New York (+1 212-351-2426, along@gibsondunn.com) Michael D. Bopp – Washington, D.C. (+1 202-955-8256, mbopp@gibsondunn.com) Jeffrey L. Steiner – Washington, D.C. (+1 202-887-3632, jsteiner@gibsondunn.com) Carl E. Kennedy – New York (+1 212-351-3951, ckennedy@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 10, 2018 |
Artificial Intelligence and Autonomous Systems Legal Update (3Q18)

Click for PDF We are pleased to provide the following update on recent legal developments in the areas of artificial intelligence, machine learning, and autonomous systems (or “AI” for short), and their implications for companies developing or using products based on these technologies.  As the spread of AI rapidly increases, legal scrutiny in the U.S. of the potential uses and effects of these technologies (both beneficial and harmful) has also been increasing.  While we have chosen to highlight below several governmental and legislative actions from the past quarter, the area is rapidly evolving and we will continue to monitor further actions in these and related areas to provide future updates of potential interest on a regular basis. I.       Increasing Federal Government Interest in AI Technologies The Trump Administration and Congress have recently taken a number of steps aimed at pushing AI forward on the U.S. agenda, while also treating with caution foreign involvement in U.S.-based AI technologies.  Some of these actions may mean additional hurdles for cross-border transactions involving AI technology.  On the other hand, there may also be opportunities for companies engaged in the pursuit of AI technologies to influence the direction of future legislation at an early stage. A.       White House Studies AI In May, the Trump Administration kicked off what is becoming an active year in AI for the federal government by hosting an “Artificial Intelligence for American Industry” summit as part of its designation of AI as an “Administration R&D priority.”[1] During the summit, the White House also announced the establishment of a “Select Committee on Artificial Intelligence” to advise the President on research and development priorities and explore partnerships within the government and with industry.[2]  This Select Committee is housed within the National Science and Technology Council, and is chaired by Office of Science and Technology Policy leadership. Administration officials have said that a focus of the Select Committee will be to look at opportunities for increasing federal funds into AI research in the private sector, to ensure that the U.S. has (or maintains) a technological advantage in AI over other countries.  In addition, the Committee is to look at possible uses of the government’s vast store of taxpayer-funded data to promote the development of advanced AI technologies, without compromising security or individual privacy.  While it is believed that there will be opportunities for private stakeholders to have input into the Select Committee’s deliberations, the inaugural meeting of the Committee, which occurred in late June, was not open to the public for input. B.       AI in the NDAA for 2019 More recently, on August 13th, President Trump signed into law the John S. McCain National Defense Authorization Act (NDAA) for 2019,[3] which specifically authorizes the Department of Defense to appoint a senior official to coordinate activities relating to the development of AI technologies for the military, as well as to create a strategic plan for incorporating a number of AI technologies into its defense arsenal.  In addition, the NDAA includes the Foreign Investment Risk Review Modernization Act (FIRRMA)[4] and the Export Control Reform Act (ECRA),[5] both of which require the government to scrutinize cross-border transactions involving certain new technologies, likely including AI-related technologies. FIRRMA modifies the review process currently used by the Committee on Foreign Investment in the United States (CFIUS), an interagency committee that reviews the national security implications of investments by foreign entities in the United States.  With FIRRMA’s enactment, the scope of the transactions that CFIUS can review is expanded to include those involving “emerging and foundational technologies,” defined as those that are critical for maintaining the national security technological advantage of the United States.  While the changes to the CFIUS process are still fresh and untested, increased scrutiny under FIRRMA will likely have an impact on available foreign investment in the development and use of AI, at least where the AI technology involved is deemed such a critical technology and is sought to be purchased or licensed by foreign investors. Similarly, ECRA requires the President to establish an interagency review process with various agencies including the Departments of Defense, Energy, State and the head of other agencies “as appropriate,” to identify emerging and foundational technologies essential to national security in order to impose appropriate export controls.  Export licenses are to be denied if the proposed export would have a “significant negative impact” on the U.S. defense industrial base.  The terms “emerging and foundational technologies” are not expressly defined, but it is likely that AI technologies, which are of course “emerging,” would receive a close look under ECRA and that ECRA might also curtail whether certain AI technologies can be sold or licensed to foreign entities. The NDAA also established a National Security Commission on Artificial Intelligence “to review advances in artificial intelligence, related machine learning developments, and associated technologies.”  The Commission, made up of certain senior members of Congress as well as the Secretaries of Defense and Commerce, will function independently from other such panels established by the Trump Administration and will review developments in AI along with assessing risks related to AI and related technologies to consider how those methods relate to the national security and defense needs of the United States.  The Commission will focus on technologies that provide the U.S. with a competitive AI advantage, and will look at the need for AI research and investment as well as consider the legal and ethical risks associated with the use of AI.  Members are to be appointed within 90 days of the Commission being established and an initial report to the President and Congress is to be submitted by early February 2019. C.       Additional Congressional Interest in AI/Automation While a number of existing bills with potential impacts on the development of AI technologies remain stalled in Congress,[6] two more recently-introduced pieces of legislation are also worth monitoring as they progress through the legislative process. In late June, Senator Feinstein (D-CA) sponsored the “Bot Disclosure and Accountability Act of 2018,” which is intended to address  some of the concerns over the use of automated systems for distributing content through social media.[7] As introduced, the bill seeks to prohibit certain types of bot or other automated activity directed to political advertising, at least where such automated activity appears to impersonate human activity.  The bill would also require the Federal Trade Commission to establish and enforce regulations to require public disclosure of the use of bots, defined as any “automated software program or process intended to impersonate or replicate human activity online.”  The bill provides that any such regulations are to be aimed at the “social media provider,” and would place the burden of compliance on such providers of social media websites and other outlets.  Specifically, the FTC is to promulgate regulations requiring the provider to take steps to ensure that any users of a social media website owned or operated by the provider would receive “clear and conspicuous notice” of the use of bots and similar automated systems.  FTC regulations would also require social media providers to police their systems, removing non-compliant postings and/or taking other actions (including suspension or removal) against users that violate such regulations.  While there are significant differences, the Feinstein bill is nevertheless similar in many ways to California’s recently-enacted Bot disclosure law (S.B. 1001), discussed more fully in our previous client alert located here.[8] Also of note, on September 26th, a bipartisan group of Senators introduced the “Artificial Intelligence in Government Act,” which seeks to provide the federal government with additional resources to incorporate AI technologies in the government’s operations.[9] As written, this new bill would require the General Services Administration to bring on technical experts to advise other government agencies, conduct research into future federal AI policy, and promote inter-agency cooperation with regard to AI technologies.  The bill would also create yet another federal advisory board to advise government agencies on AI policy opportunities and concerns.  In addition, the newly-introduced legislation seeks to require the Office of Management and Budget to identify ways for the federal government to invest in and utilize AI technologies and tasks the Office of Personal Management with anticipating and providing training for the skills and competencies the government requires going-forward for incorporating AI into its overall data strategy. II.       Potential Impact on AI Technology of Recent California Privacy Legislation Interestingly, in the related area of data privacy regulation, the federal government has been slower to respond, and it is the state legislatures that are leading the charge.[10] Most machine learning algorithms depend on the availability of large data sets for purpose of training, testing, and refinement.  Typically, the larger and more complete the datasets available, the better.  However, these datasets often include highly personal information about consumers, patients, or others of interest—data that can sometimes be used to predict information specific to a particular person even if attempts are made to keep the source of such data anonymous. The European Union’s General Data Protection Regulation, or GDPR, which went into force on May 25, 2018, has deservedly garnered a great deal of press as one of the first, most comprehensive collections of data privacy protections. While we’re only months into its effective period, the full impact and enforcement of the GDPR’s provisions have yet to be felt.  Still, many U.S. companies, forced to take steps to comply with the provisions of GDPR at least with regard to EU citizens, have opted to take many of those same steps here in the U.S., despite the fact that no direct U.S. federal analogue to the GDPR yet exists.[11] Rather than wait for the federal government to act, several states have opted to follow the lead of the GDPR and enact their own versions of comprehensive data privacy laws.  Perhaps the most significant of these state-legislated omnibus privacy laws is the California Consumer Privacy Act (“CCPA”), signed into law on June 28, 2108, and slated to take effect on January 1, 2020.[12]  The CCPA is not identical to the GDPR, differing in a number of key respects.  However there are many similarities, in that the CCPA also has broadly defined definitions of personal information/data, and seeks to provide a right to notice of data collection, a right of access to and correction of collected data, a right to be forgotten, and a right to data portability.  But how do the CCPA’s requirements differ from the GDPR for companies engaged in the development and use of AI technologies?  While there are many issues to consider, below we examine several of the key differences of the CCPA and their impact on machine learning and other AI-based processing of collected data. A.       Inferences Drawn from Personal Information The GDPR defines personal data as “any information relating to an identified or identifiable natural person,” such as “a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that nature person.”[13]  Under the GDPR, personal data has implications in the AI space beyond just the data that is actually collected from an individual.  AI technology can be and often is used to generate additional information about a person from collected data, e.g., spending habits, facial features, risk of disease, or other inferences that can be made from the collected data.  Such inferences, or derivative data, may well constitute “personal data” under a broad view of the GDPR, although there is no specific mention of derivative data in the definition. By contrast, the CCPA goes farther and specifically includes “inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.”[14]  An “inference” is defined as “the derivation of information, data, assumptions, or conclusions from evidence, or another source of information or data.”[15] Arguably the primary purpose of many AI systems is to draw inferences from a user’s information, by mining data, looking for patterns, and generating analysis.  Although the CCPA does limit inferences to those drawn “to create a profile about a consumer,” the term “profile” is not defined in the CCPA.  However, the use of consumer information that is “deidentified” or “aggregated” is permitted by the CCPA.  Thus, one possible solution may be to take steps to “anonymize” any personal data used to derive any inferences.  As a result, when looking to CCPA compliance, companies may want to carefully consider the derivative/processed data that they are storing about a user, and consider additional steps that may be required for CCPA compliance. B.       Identifying Categories of Personal Information The CCPA also requires disclosures of the categories of personal information being collected, the categories of sources from which personal information is collected, the purpose for collecting and selling personal information, and the categories of third parties with whom the business shares personal information. [16]  Although these categories are likely known and definable for static data collection, it may be more difficult to specifically disclose the purpose and categories for certain information when dynamic machine learning algorithms are used.  This is particularly true when, as discussed above, inferences about a user are included as personal information.  In order to meet these disclosure requirements, companies may need to carefully consider how they will define all of the categories of personal information collected or the purposes of use of that information, particularly when machine learning algorithms are used to generate additional inferences from, or derivatives of, personal data. C.       Personal Data Includes Households The CCPA’s definition of “personal data” also includes information pertaining to non-individuals, such as “households” – a term that the CCPA does not further define.[17]  In the absence of an explicit definition, the term “household” would seem to target information collected about a home and its inhabits through smart home devices, such as thermostats, cameras, lights, TVs, and so on.  When looking to the types of personal data being collected, the CCPA may also encompass information about each of these smart home devices, such as name, location, usage, and special instructions (e.g., temperature controls, light timers, and motion sensing).  Furthermore, any inferences or derivative information generated by AI algorithms from the information collected from these smart home devices may also be covered as personal information.  Arguably, this could include information such as conversations with voice assistants or even information about when people are likely to be home determined via cameras or motion sensors.  Companies developing smart home, or other Internet of Things, devices thus should carefully consider whether the scope and use they make of any information collected from “households” falls under the CCPA requirements for disclosure or other restrictions. III.       Continuing Efforts to Regulate Autonomous Vehicles Much like the potential for a comprehensive U.S. data privacy law, and despite a flurry of legislative activity in Congress in 2017 and early 2018 towards such a national regulatory framework, autonomous vehicles continue to operate under a complex patchwork of state and local rules with limited federal oversight.  We previously provided an update (located here)[18] discussing the Safely Ensuring Lives Future Deployment and Research In Vehicle Evolution (SELF DRIVE) Act[19], which passed the U.S. House of Representatives by voice vote in September 2017 and its companion bill (the American Vision for Safer Transportation through Advancement of Revolutionary Technologies (AV START) Act).[20]  Both bills have since stalled in the Senate, and with them the anticipated implementation of a uniform regulatory framework for the development, testing and deployment of autonomous vehicles. As the two bills languish in Congress, ‘chaperoned’ autonomous vehicles have already begun coexisting on roads alongside human drivers.  The accelerating pace of policy proposals—and debate surrounding them—looks set to continue in late 2018 as virtually every major automaker is placing more autonomous vehicles on the road for testing and some manufacturers prepare to launch commercial services such as self-driving taxi ride-shares[21] into a national regulatory vacuum. A.       “Light-touch” Regulation The delineation of federal and state regulatory authority has emerged as a key issue because autonomous vehicles do not fit neatly into the existing regulatory structure.  One of the key aspects of the proposed federal legislation is that it empowers the National Highway Traffic Safety Administration (NHTSA) with the oversight of manufacturers of self-driving cars through enactment of future rules and regulations that will set the standards for safety and govern areas of privacy and cybersecurity relating to such vehicles.  The intention is to have a single body (the NHTSA) develop a consistent set of rules and regulations for manufacturers, rather than continuing to allow the states to adopt a web of potentially widely differing rules and regulations that may ultimately inhibit development and deployment of autonomous vehicles.  This approach was echoed by safety guidelines released by the Department of Transportation (DoT) for autonomous vehicles.  Through the guidelines (“a nonregulatory approach to automated vehicle technology safety”),[22] the DoT avoids any compliance requirement or enforcement mechanism, at least for the time being, as the scope of the guidance is expressly to support the industry as it develops best practices in the design, development, testing, and deployment of automated vehicle technologies. Under the proposed federal legislation, the states can still regulate autonomous vehicles, but the guidance encourages states not to pass laws that would “place unnecessary burdens on competition and innovation by limiting [autonomous vehicle] testing or deployment to motor vehicle manufacturers only.”[23]  The third iteration of the DoT’s federal guidance, published on October 4, 2018, builds upon—but does not replace—the existing guidance, and reiterates that the federal government is placing the onus for safety on companies developing the technologies rather than on government regulation. [24]  The guidelines, which now include buses, transit and trucks in addition to cars, remain voluntary. B.       Safety Much of the delay in enacting a regulatory framework is a result of policymakers’ struggle to balance the industry’s desire to speed both the development and deployment of autonomous vehicle technologies with the safety and security concerns of consumer advocates. The AV START bill requires that NHTSA must construct comprehensive safety regulations for AVs with a mandated, accelerated timeline for rulemaking, and the bill puts in place an interim regulatory framework that requires manufacturers to submit a Safety Evaluation Report addressing a range of key areas at least 90 days before testing, selling, or commercialization of an driverless cars.  But some lawmakers and consumer advocates remain skeptical in the wake of highly publicized setbacks in autonomous vehicle testing.[25]  Although the National Safety Transportation Board (NSTB) has authority to investigate auto accidents, there is still no federal regulatory framework governing liability for individuals and states.[26]  There are also ongoing concerns over cybersecurity risks[27], the use of forced arbitration clauses by autonomous vehicle manufacturers,[28] and miscellaneous engineering problems that revolve around the way in which autonomous vehicles interact with obstacles commonly faced by human drivers, such as emergency vehicles,[29] graffiti on road signs or even raindrops and tree shadows.[30] In August 2018, the Governors Highway Safety Association (GHSA) published a report outlining the key questions that manufacturers should urgently address.[31]  The report suggested that states seek to encourage “responsible” autonomous car testing and deployment while protecting public safety and that lawmakers “review all traffic laws.”  The report also notes that public debate often blurs the boundaries between the different levels of automation the NHTSA has defined (ranging from level 0 (no automation) to level 5 (fully self-driving without the need for human occupants)), remarking that “most AVs for the foreseeable future will be Levels 2 through 4.  Perhaps they should be called ‘occasionally self-driving.'”[32] C.       State Laws Currently, 21 states and the District of Columbia have passed laws regulating the deployment and testing of self-driving cars, and governors in 10 states have issued executive orders related to them.[33]  For example, California expanded its testing rules in April 2018 to allow for remote monitoring instead of a safety driver inside the vehicle.[34]  However, state laws differ on basic terminology, such as the definition of “vehicle operator.” Tennessee SB 151[35] points to the autonomous driving system (ADS) while Texas SB 2205[36] designates a “natural person” riding in the vehicle.  Meanwhile, Georgia SB 219[37] identifies the operator as the person who causes the ADS to engage, which might happen remotely in a vehicle fleet. These distinctions will affect how states license both human drivers and autonomous vehicles going forward.  Companies operating in this space accordingly need to stay abreast of legal developments in states in which they are developing or testing autonomous vehicles, while understanding that any new federal regulations may ultimately preempt those states’ authorities to determine, for example, crash protocols or how they handle their passengers’ data. D.       ‘Rest of the World’ While the U.S. was the first country to legislate for the testing of automated vehicles on public roads, the absence of a national regulatory framework risks impeding innovation and development.  In the meantime, other countries are vying for pole position among manufacturers looking to test vehicles on roads.[38]  KPMG’s 2018 Autonomous Vehicles Readiness Index ranks 20 countries’ preparedness for an autonomous vehicle future. The Netherlands took the top spot, outperforming the U.S. (3rd) and China (16th).[39]  Japan and Australia plan to have self-driving cars on public roads by 2020.[40]  The U.K. government has announced that it expects to see fully autonomous vehicles on U.K. roads by 2021, and is introducing legislation—the Automated and Electric Vehicles Act 2018—which installs an insurance framework addressing product liability issues arising out of accidents involving autonomous cars, including those wholly caused by an autonomous vehicle “when driving itself.”[41] E.       Looking Ahead While autonomous vehicles operating on public roads are likely to remain subject to both federal and state regulation, the federal government is facing increasing pressure to adopt a federal regulatory scheme for autonomous vehicles in 2018.[42]  Almost exactly one year after the House passed the SELF DRIVE Act, House Energy and Commerce Committee leaders called on the Senate to advance automated vehicle legislation, stating that “[a]fter a year of delays, forcing automakers and innovators to develop in a state-by-state patchwork of rules, the Senate must act to support this critical safety innovation and secure America’s place as a global leader in technology.”[43]  The continued absence of federal regulation renders the DoT’s informal guidance increasingly important.  The DoT has indicated that it will enact “flexible and technology-neutral” policies—rather than prescriptive performance-based standards—to encourage regulatory harmony and consistency as well as competition and innovation.[44]  Companies searching for more tangible guidance on safety standards at federal level may find it useful to review the recent guidance issued alongside the DoT’s announcement that it is developing (and seeking public input into) a pilot program for ‘highly or fully’ autonomous vehicles on U.S. roads.[45]  The safety standards being considered include technology disabling the vehicle if a sensor fails or barring vehicles from traveling above safe speeds, as well as a requirement that NHTSA be notified of any accident within 24 hours. [1] See https://www.whitehouse.gov/wp-content/uploads/2018/05/Summary-Report-of-White-House-AI-Summit.pdf; note also that the Trump Administration’s efforts in studying AI technologies follow, but appear largely separate from, several workshops on AI held by the Obama Administration in 2016, which resulted in two reports issued in late 2016 (see Preparing for the Future of Artificial Intelligence, and Artificial Intelligence, Automation, and the Economy). [2] Id. at Appendix A. [3] See https://www.mccain.senate.gov/public/index.cfm/2018/8/senate-passes-the-john-s-mccain-national-defense-authorization-act-for-fiscal-year-2019.  The full text of the NDAA is available at https://www.congress.gov/bill/115th-congress/house-bill/5515/text.  For additional information on CFIUS reform implemented by the NDAA, please see Gibson Dunn’s previous client update at https://www.gibsondunn.com/cfius-reform-our-analysis/. [4] See id.; see also https://www.treasury.gov/resource-center/international/Documents/FIRRMA-FAQs.pdf. [5] See https://foreignaffairs.house.gov/wp-content/uploads/2018/02/HR-5040-Section-by-Section.pdf.   [6] See, e.g. infra., Section III discussion of SELF DRIVE and AV START Acts, among others. [7] S.3127, 115th Congress (2018). [8] https://www.gibsondunn.com/new-california-security-of-connected-devices-law-and-ccpa-amendments/. [9] S.3502, 115th Congress (2018). [10] See also, infra., Section III for more discussion of specific regulatory efforts for autonomous vehicles. [11] However, as 2018 has already seen a fair number of hearings before Congress relating to digital data privacy issues, including appearances by key executives from many major tech companies, it seems likely that it may not be long before we see the introduction of a “GDPR-like” comprehensive data privacy bill.  Whether any resulting federal legislation would actually pre-empt state-enacted privacy laws to establish a unified federal framework is itself a hotly-contested issue, and remains to be seen. [12] AB 375 (2018); Cal. Civ. Code §1798.100, et seq. [13] Regulation (EU) 2016/679 (General Data Protection Regulation), Article 4 (1). [14] Cal. Civ. Code §1798.140(o)(1)(K). [15] Id.. at §1798.140(m). [16] Id. at §1798.110(c). [17] Id. at §1798.140(o)(1). [18] https://www.gibsondunn.com/accelerating-progress-toward-a-long-awaited-federal-regulatory-framework-for-autonomous-vehicles-in-the-united-states/. [19]   H.R. 3388, 115th Cong. (2017). [20]   U.S. Senate Committee on Commerce, Science and Transportation, Press Release, Oct. 24, 2017, available at https://www.commerce.senate.gov/public/index.cfm/pressreleases?ID=BA5E2D29-2BF3-4FC7-A79D-58B9E186412C. [21]   Sean O’Kane, Mercedes-Benz Self-Driving Taxi Pilot Coming to Silicon Valley in 2019, The Verge, Jul. 11, 2018, available at https://www.theverge.com/2018/7/11/17555274/mercedes-benz-self-driving-taxi-pilot-silicon-valley-2019. [22]   U.S. Dept. of Transp., Automated Driving Systems 2.0: A Vision for Safety 2.0, Sept. 2017, https://www.nhtsa.gov/sites/nhtsa.dot.gov/files/documents/13069a-ads2.0_090617_v9a_tag.pdf. [23]   Id., at para 2. [24]   U.S. DEPT. OF TRANSP., Preparing for the Future of Transportation: Automated Vehicles 3.0, Oct. 4, 2018, https://www.transportation.gov/sites/dot.gov/files/docs/policy-initiatives/automated-vehicles/320711/preparing-future-transportation-automated-vehicle-30.pdf. [25]   Sasha Lekach, Waymo’s Self-Driving Taxi Service Could Have Some Major Issues, Mashable, Aug. 28, 2018, available at https://mashable.com/2018/08/28/waymo-self-driving-taxi-problems/#dWzwp.UAEsqM. [26]   Robert L. Rabin, Uber Self-Driving Cars, Liability, and Regulation, Stanford Law School Blog, Mar. 20, 2018, available at https://law.stanford.edu/2018/03/20/uber-self-driving-cars-liability-regulation/. [27]   David Shephardson, U.S. Regulators Grappling with Self-Driving Vehicle Security, Reuters. Jul. 10, 2018, available at https://www.reuters.com/article/us-autos-selfdriving/us-regulators-grappling-with-self-driving-vehicle-security-idUSKBN1K02OD. [28]   Richard Blumenthal, Press Release, Ten Senators Seek Information from Autonomous Vehicle Manufacturers on Their Use of Forced Arbitration Clauses, Mar. 23, 2018, available at https://www.blumenthal.senate.gov/newsroom/press/release/ten-senators-seek-information-from-autonomous-vehicle-manufacturers-on-their-use-of-forced-arbitration-clauses. [29]   Kevin Krewell, How Will Autonomous Cars Respond to Emergency Vehicles, Forbes, Jul. 31, 2018, available at https://www.forbes.com/sites/tiriasresearch/2018/07/31/how-will-autonomous-cars-respond-to-emergency-vehicles/#3eed571627ef. [30]   Michael J. Coren, All The Things That Still Baffle Self-Driving Cars, Starting With Seagulls, Quartz, Sept. 23, 2018, available at https://qz.com/1397504/all-the-things-that-still-baffle-self-driving-cars-starting-with-seagulls/. [31]   ghsa, Preparing For Automated Vehicles: Traffic Safety Issues For States, Aug. 2018, available at https://www.ghsa.org/sites/default/files/2018-08/Final_AVs2018.pdf. [32]   Id., at 7. [33]   Brookings, The State of Self-Driving Car Laws Across the U.S., May 1, 2018, available at https://www.brookings.edu/blog/techtank/2018/05/01/the-state-of-self-driving-car-laws-across-the-u-s/. [34]   Aarian Marshall, Fully Self-Driving Cars Are Really Truly Coming to California, Wired, Feb. 26, 2018, available at, https://www.wired.com/story/california-self-driving-car-laws/; State of California, Department of Motor Vehicles, Autonomous Vehicles in California, available at https://www.dmv.ca.gov/portal/dmv/detail/vr/autonomous/bkgd. [35]   SB 151, available at http://www.capitol.tn.gov/Bills/110/Bill/SB0151.pdf. [36]   SB 2205, available at https://legiscan.com/TX/text/SB2205/2017. [37]   SB 219, available at http://www.legis.ga.gov/Legislation/en-US/display/20172018/SB/219. [38]   Tony Peng & Michael Sarazen, Global Survey of Autonomous Vehicle Regulations, Medium, Mar. 15, 2018, available at https://medium.com/syncedreview/global-survey-of-autonomous-vehicle-regulations-6b8608f205f9. [39]   KPMG, Autonomous Vehicles Readiness Index: Assessing Countries’ Openness and Preparedness for Autonomous Vehicles, 2018, (“The US has a highly innovative but largely disparate environment with little predictability regarding the uniform adoption of national standards for AVs. Therefore the prospect of  widespread driverless vehicles is unlikely in the near future. However, federal policy and regulatory guidance could certainly accelerate early adoption . . .”), p. 17, available at https://assets.kpmg.com/content/dam/kpmg/nl/pdf/2018/sector/automotive/autonomous-vehicles-readiness-index.pdf. [40]   Stanley White, Japan Looks to Launch Autonomous Car System in Tokyo by 2020, Automotive News, Jun. 4, 2018, available at http://www.autonews.com/article/20180604/MOBILITY/180609906/japan-self-driving-car; National Transport Commission Australia, Automated vehicles in Australia, available at https://www.ntc.gov.au/roads/technology/automated-vehicles-in-australia/. [41]   The Automated and Electric Vehicles Act 2018, available at http://www.legislation.gov.uk/ukpga/2018/18/contents/enacted; Lexology, Muddy Road Ahead Part II: Liability Legislation for Autonomous Vehicles in the United Kingdom, Sept. 21, 2018,  https://www.lexology.com/library/detail.aspx?g=89029292-ad7b-4c89-8ac9-eedec3d9113a; see further Anne Perkins, Government to Review Law Before Self-Driving Cars Arrive on UK Roads, The Guardian, Mar. 6, 2018, available at https://www.theguardian.com/technology/2018/mar/06/self-driving-cars-in-uk-riding-on-legal-review. [42]   Michaela Ross, Code & Conduit Podcast: Rep. Bob Latta Eyes Self-Driving Car Compromise This Year, Bloomberg Law, Jul. 26, 2018, available at https://www.bna.com/code-conduit-podcast-b73014481132/. [43]   Freight Waves, House Committee Urges Senate to Advance Self-Driving Vehicle Legislation, Sept. 10, 2018, available at https://www.freightwaves.com/news/house-committee-urges-senate-to-advance-self-driving-vehicle-legislation; House Energy and Commerce Committee, Press Release, Sept. 5, 2018, available at https://energycommerce.house.gov/news/press-release/media-advisory-walden-ec-leaders-to-call-on-senate-to-pass-self-driving-car-legislation/. [44]   See supra n. 24, U.S. DEPT. OF TRANSP., Preparing for the Future of Transportation: Automated Vehicles 3.0, Oct. 4, 2018, iv. [45]   David Shephardson, Self-driving cars may hit U.S. roads in pilot program, NHTSA says, Automotive News, Oct. 9, 2018, available at http://www.autonews.com/article/20181009/MOBILITY/181009630/self-driving-cars-may-hit-u.s.-roads-in-pilot-program-nhtsa-says. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work, or the authors: H. Mark Lyon – Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com) Claudia M. Barrett – Washington, D.C. (+1 202-887-3642, cbarrett@gibsondunn.com) Frances Annika Smithson – Los Angeles (+1 213-229-7914, fsmithson@gibsondunn.com) Ryan K. Iwahashi – Palo Alto (+1 650-849-5367, riwahashi@gibsondunn.com) Please also feel free to contact any of the following: Automotive/Transportation: Theodore J. Boutrous, Jr. – Los Angeles (+1 213-229-7000, tboutrous@gibsondunn.com) Christopher Chorba – Los Angeles (+1 213-229-7396, cchorba@gibsondunn.com) Theane Evangelis – Los Angeles (+1 213-229-7726, tevangelis@gibsondunn.com) Privacy, Cybersecurity and Consumer Protection: Alexander H. Southwell – New York (+1 212-351-3981, asouthwell@gibsondunn.com) Public Policy: Michael D. Bopp – Washington, D.C. (+1 202-955-8256, mbopp@gibsondunn.com) Mylan L. Denerstein – New York (+1 212-351-3850, mdenerstein@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 10, 2018 |
Why We Think the UK Is Heading for a “Soft Brexit”

Click for PDF Our discussions with politicians, civil servants, journalists and other commentators lead us to believe that the most likely outcome of the Brexit negotiations is that a deal will be agreed at the “softer” end of the spectrum, that the Conservative Government will survive and that Theresa May will remain as Prime Minister at least until a Brexit deal is agreed (although perhaps not thereafter).  There is certainly a risk of a chaotic or “hard” Brexit.  On the EU side, September’s summit in Salzburg demonstrated the possibility of unexpected outcomes.  And in the UK, the splits in the ruling Conservative Party and the support it relies upon from the DUP (the Northern Irish party that supports the Government) could in theory result in the ousting of Prime Minister May, which would likely lead to an extension of the Brexit deadline of 29 March 2019.  However, for the reasons set out below we believe a hard or chaotic Brexit is now less likely than more likely. Some background to the negotiations can be found here.  It should be noted that any legally binding deal will be limited to the terms of the UK’s departure from the EU (“the Withdrawal Agreement”) and will not cover the future trading relationship.  But there will be a political statement of intent on the future trading relationship (“the Future Framework”) that will then be subject to further detailed negotiation. There is a European Council meeting on 17/18 October although it is not expected that a final agreement will be reached by then.  However, the current expectation is that a special meeting of the European Council will take place in November (probably over a weekend) to finalise both the Withdrawal Agreement and the Future Framework. Whatever deal Theresa May finally agrees with the EU needs to be approved by the UK Parliament.  A debate and vote will likely take place within two or three weeks of a deal being agreed – so late November or early December.  If Parliament rejects the deal the perceived wisdom is that the ensuing political crisis could only be resolved either by another referendum or a general election. However: the strongest Brexiteers do not want to risk a second referendum in case they lose; the ruling Conservative Party do not want to risk a general election which may result in it losing power and Jeremy Corbyn becoming Prime Minister; and Parliament is unlikely to allow the UK to leave without a deal. As a result we believe that Prime Minister May has more flexibility to compromise with the EU than the political noise would suggest and that, however much they dislike the eventual deal, ardent Brexiteers will likely support it in Parliament.  This is because it will mean the UK has formally left the EU and the Brexiteers live to fight another day. The UK’s current proposal (the so-called “Chequers Proposal”) is likely to be diluted further in favour of the EU, but as long as the final deal results in a formal departure of the UK from the EU in March 2019, we believe Parliament is more likely than not to support it, however unsatisfactory it is to the Brexiteers. The key battleground is whether the UK should remain in a Customs Union beyond a long stop date for a transitional period.  The UK Government proposes a free trade agreement in goods but not services, with restrictions on free movement and the ability for the UK to strike its own free trade deals.  This has been rejected by the EU on the grounds that it seeks to separate services from goods which is inconsistent with the single market and breaches one of the fundamental EU principles of free movement of people.  The Chequers Proposal is unlikely to survive in its current form but the EU has acknowledged that it creates the basis for the start of a negotiation. There has also been discussion of a “Canada style” free-trade agreement, which is supported by the ardent Brexiteers but rejected by the UK Government because it would require checks on goods travelling across borders.  This would create a “hard border” in Northern Ireland which breaches the Good Friday Agreement and would not be accepted by any of the major UK political parties or the EU.  The consequential friction at the borders is also unattractive to businesses that operate on a “just in time” basis – particularly the car manufacturers.  The EU has suggested there could instead be regulatory alignment between Northern Ireland and the EU, but this has been accepted as unworkable because it would create a split within the UK and is unacceptable to the DUP, the Northern Ireland party whose support of the Conservatives in Parliament is critical to their survival.  This is the area of greatest risk but it remains the case that a “no deal” scenario would guarantee a hard border in Ireland. If no deal is reached by 21 January 2019 the Prime Minister is required to make a statement to MPs.  The Government would then have 14 days to decide how to proceed, and the House of Commons would be given the opportunity to vote on these alternate plans.  Although any motion to reject the Government’s proposal would not be legally binding, it would very likely catalyse the opposition and lead to an early general election or a second referendum.  In any of those circumstances, the EU has already signalled that it would be prepared to grant an extension to the Article 50 period. This client alert was prepared by London partners Charlie Geffen and Nicholas Aleksander and of counsel Anne MacPherson. We have a working group in London (led by Nicholas Aleksander, Patrick Doris, Charlie Geffen, Ali Nikpay and Selina Sagayam) addressing Brexit related issues.  Please feel free to contact any member of the working group or any of the other lawyers mentioned below. Ali Nikpay – Antitrust ANikpay@gibsondunn.com Tel: 020 7071 4273 Charlie Geffen – Corporate CGeffen@gibsondunn.com Tel: 020 7071 4225 Nicholas Aleksander – Tax NAleksander@gibsondunn.com Tel: 020 7071 4232 Philip Rocher – Litigation PRocher@gibsondunn.com Tel: 020 7071 4202 Jeffrey M. Trinklein – Tax JTrinklein@gibsondunn.com Tel: 020 7071 4224 Patrick Doris – Litigation; Data Protection PDoris@gibsondunn.com Tel:  020 7071 4276 Alan Samson – Real Estate ASamson@gibsondunn.com Tel:  020 7071 4222 Penny Madden QC – Arbitration PMadden@gibsondunn.com Tel:  020 7071 4226 Selina Sagayam – Corporate SSagayam@gibsondunn.com Tel:  020 7071 4263 Thomas M. Budd – Finance TBudd@gibsondunn.com Tel:  020 7071 4234 James A. Cox – Employment; Data Protection JCox@gibsondunn.com Tel: 020 7071 4250 Gregory A. Campbell – Restructuring GCampbell@gibsondunn.com Tel:  020 7071 4236 © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 8, 2018 |
Four Questions To Ask Before An IPO

Houston partners Hillary Holmes, Gerry Spedale and James Chenoweth are the authors of “Four Questions To Ask Before An IPO,” [PDF] published in the October 2018 issue of Midstream Business.

October 5, 2018 |
OFAC Issues Economic Sanctions Guidance on Digital Currencies

Click for PDF Over the last several months, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has expressed a clear interest in protecting the U.S. financial system from illicit activities in the digital currency space and has posited that transactions involving digital currencies be treated similarly to transactions involving traditional fiat currency.[1]  OFAC released Frequently Asked Questions (FAQs) on March 19 and June 6, 2018 that addressed the treatment of digital currencies.  In particular, the FAQs suggest that compliance obligations apply to digital currencies in the same manner as they would apply to traditional fiat currencies.[2]  Moreover, the FAQs note that OFAC may add digital currency addresses associated with blocked persons to its List of Specially Designated Nationals (SDN List) and put the onus on individuals[3] engaging in such transactions to screen and ensure that they are not dealing with banned persons.[4]  Finally, an Executive Order from President Trump and related guidance from OFAC prohibited transactions involving “petro,” a digital currency issued by the Venezuelan government to evade U.S. sanctions.[5] Through this series of FAQs, OFAC has begun to stake out its position on certain compliance obligations for digital currency transactions as well as OFAC sanctions for those who use digital currency for illicit transactions.  However, key questions still remain around the scope and application of such obligations.  We discuss OFAC’s guidance on digital currencies in more detail below. FAQ 559: Definitions of “virtual currency,” “digital currency,” “digital currency wallet,” and “digital currency address” for purposes of OFAC sanctions programs OFAC’s FAQ 559 defined “virtual currency” as “a digital representation of value that functions as (i) a medium of exchange; (ii) a unit of account; and/or (iii) a store of value; is neither issued nor guaranteed by any jurisdiction; and does not have legal tender status in any jurisdiction.”[6]  Similarly, OFAC defined the broader term, “digital currency,” which involves “sovereign cryptocurrency, virtual currency (non-fiat), and a digital representation of fiat currency.”[7]  Next, it was explained that a “digital currency wallet” is typically a software application that holds, stores, and transfers digital currency.[8]  And finally, the FAQ explained that a “digital currency address” consists of “an alphanumeric identifier that represents a potential destination for a digital currency transfer.”[9]  These definitions are used throughout OFAC’s other FAQs. FAQ 560: Compliance obligations for digital currency and traditional fiat currency In FAQ 560, OFAC indicated its view that individuals are subject to identical compliance obligations regardless of whether a transaction involves digital currency or traditional fiat currency,[10] including prohibitions on the following:  trade or other transactions with persons on OFAC’s SDN List; “unauthorized transactions prohibited by OFAC sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade or investment-related transactions”; and transactions involving entities in which a blocked person has an ownership interest of 50 percent or more.[11]  These restrictions include “transactions that evade or avoid, have the purpose of evading or avoiding, cause a violation of, or attempt to violate prohibitions imposed by OFAC under various sanctions authorities.”[12]  Accordingly, OFAC warns that “persons that provide financial, material, or technological support for or to a designated person may be designated by OFAC under the relevant sanctions authority.”[13] OFAC recommends that individuals should develop a compliance solution that is tailored to each circumstance.  In particular, the FAQ states that “technology companies; administrators, exchangers, and users of digital currencies; and other payment processors should develop a tailored, risk-based compliance program, which generally should include sanctions list screening and other appropriate measures.”[14] FAQ 561: Using the SDN List to sanction the illicit use of digital currencies OFAC recognizes in FAQ 561 that there is a “growing and evolving threat posed by malicious actors using new payment mechanisms” and is determined to sanction those who use digital currency and other emerging payment systems to conduct prohibited financial transactions and evade United States sanctions.[15]  Accordingly, the FAQ explains that in order “[t]o strengthen our efforts to combat the illicit use of digital currency transactions under our existing authorities, OFAC may include as identifiers on the SDN List specific digital currency addresses associated with blocked persons” (emphasis added).[16]  This practice of using the SDN list would mirror OFAC’s current practice of adding people and governments to such list and would enable OFAC and other users to screen for digital currency addresses. FAQ 562: Identifying digital currency-related information on the SDN List In FAQ 562, OFAC recognizes that although it may add digital currency addresses to the SDN List, those address listings are not likely to be exhaustive.[17]  Consequently, OFAC states that individuals should take the necessary steps to block questionable digital currencies and file reports with OFAC if and when they identify digital currency identifiers or wallets that they believe are owned by or are “associated with[] an SDN” (emphasis added).[18] FAQ 563: Format of digital currency addresses on the SDN List OFAC explains that the structure of a digital currency address on the SDN List will include a currency’s unique alphanumeric identifier and will identify the specific digital currency to which the address corresponds (e.g., Bitcoin (BTC), Litecoin (LTC), petro (PTR), etc.).[19] FAQ 594: Querying a digital currency address using OFAC’s Sanctions List Search tool OFAC confirmed that it is not possible to query for digital currency addresses using OFAC’s Sanctions List Search Tool.[20]  Instead, FAQ 594 recommends that OFAC will use its SDN List to screen for listed digital currency addresses.[21] OFAC’s Guidance and President Trump’s Executive Order Concerning Venezuela On March 19, 2018, OFAC released a set of FAQs to deal with the situation in Venezuela at the same time President Trump issued Executive Order 13827 on “Taking Additional Steps to Address the Situation in Venezuela” (“Executive Order”).[22]  The Executive Order aimed to combat Venezuela’s attempts to use digital currencies to bypass sanctions that were implemented against it by the United States.[23]  Specifically, the Executive Order bans individuals from engaging in transactions involving “any digital currency, digital coin, or digital token that was issued by, for, or on behalf of the Government of Venezuela on or after January 9, 2018.”[24]  In February 2018, the Venezuelan government launched a digital currency known as the “petro” to try to enable the national oil company of Venezuela, Petróleos de Venezuela, S.A., to engage in transactions that were not denominated in U.S. Dollars.  OFAC’s FAQ 564 confirmed that the phrases “digital currency, digital coin, or digital token” referenced in the Executive Order include the petro and petro-gold.[25] Concluding Thoughts Through issuing a series of FAQs, OFAC has begun to stake out its position on certain compliance obligations for digital currency transactions as well as OFAC sanctions for those who use digital currency for illicit transactions.  However, key questions still remain around the scope and application of such obligations.  For example, it is unclear how broadly OFAC will apply its definitions of “virtual currency” and “digital currency” to various cryptoassets that are fundamentally unlike major cryptocurrencies such as bitcoin.  Also, under FAQ 562, it is unclear to what extent an entity is “associated” with an SDN and when parties are obligated to block questionable digital currencies and file reports with OFAC.  Further, it is unclear under FAQ 560 as to what specifically should be included within a “tailored, risk-based compliance program, which include[s] . . . sanctions list screening and other appropriate measures.” The FAQs also fail to address significant practical concerns.  For example: To what extent do parties have the technical abilities to block incoming transactions?  Are there exceptions for companies that are hacked and subsequently forced to pay ransom to an address on the SDN List?  How will OFAC address the use of private blockchain addresses?  These uncertainties highlight the complexity and evolving nature of digital currency transactions and blockchain technology and, perhaps more importantly, they suggest the need for additional guidance from OFAC. [1] See Statements & Remarks, U.S. Department of the Treasury, U.S. Department of the Treasury Under Secretary Sigal Mandelker Speech before the Securities Industry and Financial Markets Association Anti-Money Laundering & Financial Crimes Conference (Feb. 13, 2018), https://home.treasury.gov/news/press-release/sm0286. [2] Office of Foreign Assets Control, Frequently Asked Questions, Questions 559-63, 594, available at https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_compliance.aspx [hereinafter “OFAC FAQ”]. [3] The term “individual,” as used by OFAC in its FAQs, generally encompasses persons, parties, corporations, and other entities subject to OFAC jurisdiction. See OFAC FAQ, Question 560. [4] Id. [5] Exec. Order No. 13827, 83 Fed. Reg. 12469 (Mar. 21, 2018). [6] OFAC FAQ, Question 559. [7] Id. [8] Id. [9] Id. [10] OFAC FAQ, Question 560. [11] Id. [12] Id. [13] Id. [14] Id. [15] OFAC FAQ, Question 561. [16] Id. (emphasis added). [17] OFAC FAQ, Question 562. [18] Id. (emphasis added). [19] OFAC FAQ, Question 563. [20] OFAC FAQ, Question 594. [21] Id. [22] Exec. Order No. 13827, 83 Fed. Reg. 12469 (Mar. 21, 2018). [23] Id. [24] Id. [25] Office of Foreign Assets Control, Frequently Asked Questions, Question 564, available at https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_other.aspx#venezuela. The following Gibson Dunn lawyers assisted in preparing this client update: Judith Lee and Jeffrey Steiner. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the above developments.  Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s International Trade or Financial Institutions practice groups: International Trade Group – United States: Judith Alison Lee – Co-Chair, International Trade Practice, Washington, D.C. (+1 202-887-3591, jalee@gibsondunn.com) Ronald Kirk – Co-Chair, International Trade Practice, Dallas (+1 214-698-3295, rkirk@gibsondunn.com) Jose W. Fernandez – New York (+1 212-351-2376, jfernandez@gibsondunn.com) Marcellus A. McRae – Los Angeles (+1 213-229-7675, mmcrae@gibsondunn.com) Adam M. Smith – Washington, D.C. (+1 202-887-3547, asmith@gibsondunn.com) Christopher T. Timura – Washington, D.C. (+1 202-887-3690, ctimura@gibsondunn.com) Ben K. Belair – Washington, D.C. (+1 202-887-3743, bbelair@gibsondunn.com) Courtney M. Brown – Washington, D.C. (+1 202-955-8685, cmbrown@gibsondunn.com) Laura R. Cole – Washington, D.C. (+1 202-887-3787, lcole@gibsondunn.com) Stephanie L. Connor – Washington, D.C. (+1 202-955-8586, sconnor@gibsondunn.com) Helen L. Galloway – Los Angeles (+1 213-229-7342, hgalloway@gibsondunn.com) William Hart – Washington, D.C. (+1 202-887-3706, whart@gibsondunn.com) Henry C. Phillips – Washington, D.C. (+1 202-955-8535, hphillips@gibsondunn.com) R.L. Pratt – Washington, D.C. (+1 202-887-3785, rpratt@gibsondunn.com) Scott R. Toussaint – Palo Alto (+1 650-849-5320, stoussaint@gibsondunn.com) International Trade Group – Europe: Peter Alexiadis – Brussels (+32 2 554 72 00, palexiadis@gibsondunn.com) Attila Borsos – Brussels (+32 2 554 72 10, aborsos@gibsondunn.com) Patrick Doris – London (+44 (0)207 071 4276, pdoris@gibsondunn.com) Penny Madden – London (+44 (0)20 7071 4226, pmadden@gibsondunn.com) Benno Schwarz – Munich (+49 89 189 33 110, bschwarz@gibsondunn.com) Michael Walther – Munich (+49 89 189 33-180, mwalther@gibsondunn.com) Richard W. Roeder – Munich (+49 89 189 33-160, rroeder@gibsondunn.com) Financial Institutions Group: Arthur S. Long – New York (+1 212-351-2426, along@gibsondunn.com) Jeffrey L. Steiner – Washington, D.C. (+1 202-887-3632, jsteiner@gibsondunn.com) Carl E. Kennedy – New York (+1 212-351-3951, ckennedy@gibsondunn.com) James O. Springer – Washington, D.C. (+1 202-887-3516, jspringer@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 5, 2018 |
What Employers Need to Know About California’s New #MeToo Laws

Click for PDF On September 30, 2018, Governor Edmund G. Brown signed several new workplace laws, and vetoed others, that arose out of the #MeToo movement.  We briefly review the newly signed legislation and also highlight bills that Governor Brown rejected.  Unless otherwise indicated, these new laws will take effect on January 1, 2019. New Requirements for Employers New Training Requirements Expanded Requirements for Harassment and Discrimination Training.  Most California employers are aware that, under existing California law, employers with 50 or more employees must provide at least two hours of prescribed training regarding sexual harassment within six months of an individual’s hiring or promotion to a supervisory position and every two years while an employee remains in a supervisory position.  SB 1343 expands this requirement in two critical ways: The training requirements now cover all employers with five or more employees, which includes temporary or seasonal employees, meaning that many smaller employers are now subject to California’s training requirements. All covered employers must now provide at least one hour of sexual harassment training to non-supervisory employees by January 1, 2020, and once every two years thereafter, which may greatly expand the scope of required training for employers with large line-level workforces. SB 1343 also requires the California Department of Fair Employment and Housing (DFEH) to make available online training courses that employers may use to meet these requirements.  However, employers may wish to work with their counsel and Human Resources departments to develop training that is specific to their business and industry, which is generally regarded as more effective than “one size fits all” trainings. Education and Training for Employees in Entertainment Industry.  AB 2338 requires, prior to the issuance of a permit to employ a minor in the entertainment industry, that the minor and the minor’s parents or legal guardians receive and complete sexual harassment training.  The law also requires that talent agencies ensure that minors have a valid work permit, and that agencies provide adult artists with accessible educational material “regarding sexual harassment prevention, retaliation, and reporting resources,” as well as nutrition and eating disorders. Anti-Harassment Legislation Restrictions on Non-Disclosure and Confidentiality Agreements and More Rigorous Sexual Harassment Standards.  SB 1300 amends California’s Fair Employment and Housing Act (FEHA) to prohibit an employer from requiring an employee to agree to a non-disparagement agreement or other document limiting the disclosure of information about unlawful workplace acts in exchange for a raise or bonus, or as a condition of employment or continued employment.  Employers are also prohibited from requiring an individual to “execute a statement that he or she does not possess any claim or injury against the employer” or to release “a right to file and pursue a civil action or complaint with, or otherwise notify, a state agency, other public prosecutor, law enforcement agency, or any court or other governmental entity.”  Under the law, any such agreement is contrary to public policy and unenforceable.  (Some of these activities, such as reporting to law enforcement, are already protected, of course.)  While negotiated settlement agreements of civil claims supported by valuable consideration are exempted from these prohibitions, employers will want to review their various employee agreement templates to ensure none contain these or other types of prohibited clauses. SB 1300 also codifies several legal standards that may make it more challenging for employers to prevail on harassment claims before trial.  For example, the law provides that a single incident of harassing conduct may create a triable issue of fact in a hostile work environment case; that it is irrelevant to a sexual harassment case that a particular occupation may have been characterized by more sexualized conduct in the past; and that “hostile working environment cases involve issues ‘not determinable on paper.'”  Employers can expect to see SB 1300 cited in any plaintiff’s opposition to summary judgment in a sexual harassment case, and they will need to give serious consideration as to whether and how to seek summary judgment in light of the new law. Limitations on Confidentiality in Settlement Agreements.  SB 820 prohibits provisions in settlement agreements entered into on or after January 1, 2019 that prevent the disclosure of facts related to sexual assault, harassment, and discrimination claims that have been “filed in a civil action or a complaint filed in an administrative action.”  Note, however, that SB 820 does not prohibit provisions precluding the disclosure of the settlement payment amount, and the law carves out an exception for provisions protecting the identity of the claimant where requested by the claimant. Expanded Sexual Harassment Liability to Cover Certain Business Relationships.  Businesses in the venture capital, entertainment, and similar industries will want to be alert to SB 224, which modifies California Civil Code section 51.9 and would include within the elements in a cause of action for sexual harassment when the plaintiff proves, among other things, that the “defendant holds himself or herself as being able to help the plaintiff establish a business, service, or professional relationship with the defendant or a third party.”  The law identifies additional examples of potential defendants under the statute, such as investors, elected officials, lobbyists, directors, and producers. Limitations on Barring Testimony Related to Criminal Conduct or Sexual Harassment.  AB 3109 prohibits waivers of a party’s right to testify in an administrative, legislative, or judicial proceeding concerning alleged criminal conduct or sexual harassment by the other party to a contract, when the party has been required or requested to attend the proceeding pursuant to a court order, subpoena, or written request from an administrative agency or the legislature. Mandating Gender Diversity on Boards of Directors for Publicly Held Corporations SB 826 requires a minimum number of female directors on the boards of publicly traded corporations with principal executive offices in California.  The location of a corporation’s principal executive office will be determined by the Annual Report on Form 10-K. Under SB 826, a corporation covered by the law must have at least one female member on its board of directors by December 31, 2019, and additional female members by 2021 depending on the size of the board.  If the corporation has a board of directors with: four members or less, no additional female directors are required; five members, the board must have at least two female directors by December 31, 2021; and six or more members, at least three female directors are required to be in place by December 31, 2021. The California Secretary of State can impose fines of $100,000 for a first violation and $300,000 for subsequent violations. Potential challengers of this law argue that it suffers from numerous legal deficiencies, including that it violates the Commerce Clause and the Equal Protection Clause of the United States Constitution.  Indeed, Governor Brown himself acknowledged in his signing statement that this new law has “potential flaws that indeed may provide fatal to its ultimate implementation” and will likely be subject to challenge.  For more information on SB 826, please consult our Securities Regulation and Corporate Governance group’s analysis, available here. Bills Vetoed by Governor Brown Governor Brown also vetoed several bills relating to sexual harassment that could have significantly impacted employers in California, including: The closely watched AB 3080, which sought to forbid mandatory arbitration agreements in the workplace. AB 1867, which sought to require employers with fifty or more employees to “maintain records of employee complaints alleging sexual harassment” for a period of five years after the last day of employment of either “the complainant or any alleged harasser named in the complaint, whichever is later.” AB 1870, which sought to extend the deadline in which a complainant may file an administrative charge with the DFEH alleging employment discrimination from one year to three years. AB 3081, which sought to require a client employer and a labor contractor to share all “civil legal responsibility and civil liability for harassment” for all workers supplied by that labor contractor and prohibit an employer from shifting its duties or liabilities to a labor contractor. Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. We have been engaged by numerous clients recently to conduct investigations of #MeToo complaints; to proactively review sexual harassment policies, practices and procedures for the protection of employees and the promotion of a safe, respectful and professional workplace; to conduct training for executives, managers and employees; and to handle related counseling and litigation. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work or the following Labor and Employment or Securities Regulation and Corporate Governance practice group leaders and members: Labor and Employment Group: Catherine A. Conway – Co-Chair, Los Angeles (+1 213-229-7822, cconway@gibsondunn.com) Jason C. Schwartz – Co-Chair, Washington, D.C. (+1 202-955-8242, jschwartz@gibsondunn.com) Rachel S. Brass – San Francisco (+1 415-393-8293, rbrass@gibsondunn.com) Jesse A. Cripps – Los Angeles (+1 213-229-7792, jcripps@gibsondunn.com) Theane Evangelis – Los Angeles (+1 213-229-7726, tevangelis@gibsondunn.com) Michele L. Maryott – Orange County (+1 949-451-3945,mmaryott@gibsondunn.com) Katherine V.A. Smith – Los Angeles (+1 213-229-7107, ksmith@gibsondunn.com) Securities Regulation and Corporate Governance Group: Elizabeth Ising – Co-Chair, Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com) Lori Zyskowski – Co-Chair, New York (+1 212-351-2309, lzyskowski@gibsondunn.com) Stewart L. McDowell – San Francisco (+1 415-393-8322, smcdowell@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 5, 2018 |
New California Security of Connected Devices Law and CCPA Amendments

Click for PDF California continues to lead the United States in focusing attention on privacy and security of user data and devices.  Last week, Governor Jerry Brown signed into law two identical bills requiring manufacturers to include “reasonable security feature[s]” on all devices which are “capable of connecting to the Internet” (commonly known as the Internet of Things).[1]  The law is described as the first of its kind in the United States, and comes just three months after passage of the California Consumer Privacy Act of 2018 (“CCPA”);[2] both laws are set to take effect January 1, 2020.[3]  Collectively, these laws represent a dramatic expansion of data privacy law that will impact the products and processes of many companies. Also last week, Governor Brown signed into law Senate Bill 1121, which implemented amendments to the CCPA relating primarily to enforcement of the provisions, and clarification of exemptions relating to medical information. Security of Connected Devices The new law is aimed at protecting “connected devices” from unauthorized access, and requires “reasonable security feature[s]” proportional to the device’s “nature and function” and the “information it may collect, contain, or transmit.”[4]  There are various notable exclusions, particularly where the devices are covered by certain other laws, or when a company merely purchases devices for resale (or for branding and resale) in California.[5]  Nonetheless, the law is unique in that it may require security for Internet-connected products regardless of the type of information or data at issue—a contrast to the CCPA and other data privacy and security laws. Who Must Comply with the Law? Anyone “who manufactures, or contracts with another person to manufacture on the person’s behalf, connected devices that are sold or offered for sale in California” is subject to the statute.[6]  However, the law includes an explicit carve-out that “contract[ing] with another person to manufacture on the person’s behalf” does not include a “contract only to purchase a connected device, or only to purchase and brand a connected device.”[7]  Thus, if a company is merely purchasing whole units, and reselling, or even branding and reselling—effectively without the ability to indicate specifications for the device—it will likely not be subject to the new law. What’s Required? The law applies to manufacturers of “connected devices.”  A “connected device” is defined as “capable of connecting to the Internet . . . and . . . assigned an Internet Protocol address or Bluetooth address.”[8]  The number of products falling into this category is increasing at a remarkable rate, and the products span a multitude of applications, from consumer products (such as smart home features, including automatic lights or thermostats controlled remotely), to commercial use cases (such as electronic toll systems and “smart agriculture”). The law requires that such manufacturers “equip the device with a reasonable security feature or features” that is: Appropriate to the nature and function of the device; Appropriate to the information it may collect, contain, or transmit; and Designed to protect the device and its information from unauthorized access, destruction, use, modification, or disclosure.[9] The law does not specify what is “reasonable,” and relies upon the manufacturer to determine what is appropriate to the device.  As a result, “reasonable” will likely be further refined through enforcement actions (described below) . However, the law does provide that a device will satisfy the provisions if it is “equipped with a means for authentication outside a local area network,” and (1) each device is preprogrammed with a unique password, or (2) the user must create a “new means of authentication” (such as a password) before the device may be used.[10] [11] What’s Not Covered? Notably, the law excludes certain devices or manufacturers, particularly where they are covered by other existing laws, and makes clear statements of what this law does not do.  For example, the law does not apply to[12]: Any unaffiliated third-party software or applications the user adds to the device; Any provider of an electronic store, gateway, marketplace, or other means of purchasing or downloading software or applications; Devices subject to security requirements under federal law (e.g., FDA); and “Manufacturers” subject to HIPAA or the Confidentiality of Medical Information Act—at least “with respect to any activity regulated by those acts.”[13] How Will It Be Enforced? The law expressly does not provide for a private right of action, and it may only be enforced by the “Attorney General, a city attorney, a county counsel, or a district attorney.”[14]  It further does not set forth any criminal penalty, include a maximum civil fine, or specify any other authorized relief.  Nonetheless, the authorization of the enumerated entities to enforce it presumably includes the authority for those entities to seek civil fines, as they can under other consumer protection statutes (for example, Section 17206 of the California Business & Professions Code).[15] What Can You Do? If your company sells, or intends to sell, a product in California that connects to the Internet, consider: Whether the company is a “manufacturer”; The security features of the device, if any; What security features might be reasonable given the nature and function of the device and the nature of the data collected or used; Possibilities for alternative, or additional security measures for the specific device; and Engineering resources and timeline required to implement additional features. Many connected devices on the market today already have authentication and security features, but even those that do may benefit from an evaluation of their sufficiency in preparation for this new law.  Because the law may require actual product changes, rather than merely policy changes, addressing these issues early is important. Consultation with legal and information security professionals may be helpful. Amendments to CCPA Signed by Governor Brown on September 23, 2018 As anticipated, the California Legislature has begun to pass amendments to the CCPA, though the current changes are relatively modest.  Governor Brown signed the latest amendments to the CCPA on September 23, 2018, which included[16]: Extending the deadline for the California Attorney General (“AG”) to develop and publish rules implementing the CCPA until July 1, 2020; Prohibiting the AG from enforcing the Act until either July 1, 2020, or six months after the publication of the regulations, whichever comes first; Limiting the civil penalties that the AG can impose to $2,500 for each violation of the CCPA or up to $7,500 per each intentional violation; Removing the requirement for a consumer to notify the AG within 30 days of filing a civil action in the event of a data breach and to then wait six months to see if the AG elects to pursue the case; Clarifying that consumers only have a right of action related to a business’ alleged failure to “implement and maintain reasonable security procedures and practices” that results in a breach and not for any other violations of the Act; Updating the definition of “personal information” to stress that certain identifiers (e.g., IP address, geolocation information and web browsing history) only constitute personal information if the data can be “reasonably linked, directly or indirectly, with a particular consumer or household”; and Explicitly exempting entities covered by HIPAA, GLBA and DPPA, as well as California’s Confidentiality of Medical Information Act and its Financial Information Privacy Act. The foregoing amendments may not have been of major significance—they were passed on the last day of the most recent legislative session.  The California Legislature is expected to consider more substantive changes to the law when it reconvenes for the 2019 – 2020 session in January 2019, including addressing additional concerns regarding enforcement mechanisms, the law’s broad scope, and the sweeping disclosure obligations. Companies that may be impacted by the CCPA should continue to monitor legislative and regulatory developments relating to the CCPA, and should begin planning for the implementation of this broad statute.    [1]   Assembly Bill 1906 and Senate Bill 327 contain identical language.    [2]   The California Consumer Privacy Act was the subject of a detailed analysis in a client alert issued by Gibson Dunn on July 12, 2018.  That publication is available here.    [3]   The law will be enacted as California Civil Code Sections 1798.91.04 to 1798.91.06.    [4]   Cal. Civil Code § 1798.91.04(a)(1) and (a)(2).    [5]   Cal. Civil Code § 1798.91.05(c) and § 1798.91.06.    [6]   Cal. Civil Code § 1798.91.05(c).    [7]   Cal. Civil Code § 1798.91.05(c).    [8]   Cal. Civil Code § 1798.91.05(b).    [9]   Cal. Civil Code § 1798.91.04(a)(1), (a)(2), and (a)(3).    [10]   Cal. Civil Code § 1798.91.04(b) (emphasis added).    [11]   Authentication is simply defined as a “method of verifying the authority” of a user accessing the information or device. Cal. Civil Code § 1798.91.05(a).    [12]   Cal. Civil Code § 1798.91.06.    [13]   That said, those laws generally require stricter provisions for security measures.    [14]   Cal. Civil Code § 1798.91.06(e).    [15]   See Cal. Bus. & Prof. Code § 17204.    [16]   S.B. 1121. S. Reg. Sess. 2017-2018. (CA 2018) The following Gibson Dunn lawyers assisted in the preparation of this client alert: Joshua A. Jessen, Benjamin B. Wagner, and Cassandra L. Gaedt-Sheckter. Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these issues.  For further information, please contact the Gibson Dunn lawyer with whom you usually work or the following leaders and members of the firm’s Privacy, Cybersecurity and Consumer Protection practice group: United States Alexander H. Southwell – Co-Chair, New York (+1 212-351-3981, asouthwell@gibsondunn.com) M. Sean Royall – Dallas (+1 214-698-3256, sroyall@gibsondunn.com) Debra Wong Yang – Los Angeles (+1 213-229-7472, dwongyang@gibsondunn.com) Christopher Chorba – Los Angeles (+1 213-229-7396, cchorba@gibsondunn.com) Richard H. Cunningham – Denver (+1 303-298-5752, rhcunningham@gibsondunn.com) Howard S. Hogan – Washington, D.C. (+1 202-887-3640, hhogan@gibsondunn.com) Joshua A. Jessen – Orange County/Palo Alto (+1 949-451-4114/+1 650-849-5375, jjessen@gibsondunn.com) Kristin A. Linsley – San Francisco (+1 415-393-8395, klinsley@gibsondunn.com) H. Mark Lyon – Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com) Shaalu Mehra – Palo Alto (+1 650-849-5282, smehra@gibsondunn.com) Karl G. Nelson – Dallas (+1 214-698-3203, knelson@gibsondunn.com) Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com) Benjamin B. Wagner – Palo Alto (+1 650-849-5395, bwagner@gibsondunn.com) Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415-393-8333/+1 650-849-5393, mwong@gibsondunn.com) Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com) Europe Ahmed Baladi – Co-Chair, Paris (+33 (0)1 56 43 13 00, abaladi@gibsondunn.com) James A. Cox – London (+44 (0)207071 4250, jacox@gibsondunn.com) Patrick Doris – London (+44 (0)20 7071 4276, pdoris@gibsondunn.com) Bernard Grinspan – Paris (+33 (0)1 56 43 13 00, bgrinspan@gibsondunn.com) Penny Madden – London (+44 (0)20 7071 4226, pmadden@gibsondunn.com) Jean-Philippe Robé – Paris (+33 (0)1 56 43 13 00, jrobe@gibsondunn.com) Michael Walther – Munich (+49 89 189 33-180, mwalther@gibsondunn.com) Nicolas Autet – Paris (+33 (0)1 56 43 13 00, nautet@gibsondunn.com) Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com) Sarah Wazen – London (+44 (0)20 7071 4203, swazen@gibsondunn.com) Alejandro Guerrero – Brussels (+32 2 554 7218, aguerrero@gibsondunn.com) Asia Kelly Austin – Hong Kong (+852 2214 3788, kaustin@gibsondunn.com) Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 3, 2018 |
2018 Mid-Year Activism Update

Click for PDF This Client Alert provides an update on shareholder activism activity involving NYSE- and NASDAQ-listed companies with equity market capitalizations above $1 billion during the first half of 2018.  After a modest decline in activist activity in the second half of 2017, activism resumed a torrid pace during the first half of 2018.  Compared to the same period in 2017, which had previously been the most active half-year period covered by any edition of this report, this mid-year edition of Gibson Dunn’s Activism Update reflects a further increase in public activist actions (62 vs. 59) and companies targeted by such actions (54 vs. 50). In this edition of the Activism Update, our survey covers 62 total public activist actions, involving 41 different activist investors targeting 54 different companies.  Eight of those companies faced activist campaigns from two different investors, and five of those situations involved at least some degree of coordination between the activists involved.  Nine activist investors were responsible for two or more campaigns between January 1, 2018 and June 30, 2018, representing 30, or nearly half, of the 62 campaigns covered by this report. By the Numbers – 2018 Full Year Public Activism Trends *All data is derived from the data compiled from the campaigns studied for the 2018 M Activism Update. Additional statistical analyses may be found in the complete Activism Update linked below.  While changes in business strategy were the top goal of activist campaigns covered by Gibson Dunn’s Activism Update for the second half of 2017, changes to board composition have returned to prominence in the first half of 2018 (75.8% of campaigns), coinciding with a dramatic uptick in publicly filed settlement agreements during the same period.  Activists pursued governance initiatives, sought to influence business strategy, and took positions on M&A-related issues (including pushing for spin-offs and advocating both for and against sales or acquisitions) at nearly equal rates, representing 35.5%, 33.9%, and 32.3% of campaigns, respectively.  Demands for management changes (21.0% of campaigns), attempts to take control of companies (9.5% of campaigns), and requests for capital returns (6.1% of campaigns) remained relatively less common goals of activist campaigns over the first half of 2018.  The frequency of activists filing proxy materials remained relatively consistent with periods covered by recent editions of this report, with investors filing proxy materials in just over one in five campaigns.  While market capitalizations of target companies ranged from this survey’s $1 billion minimum threshold to $100 billion, activists’ focus remained largely on small-cap companies with market capitalizations below $5 billion, which represented 64.8% of the 54 target companies captured by our survey. The most significant development noted in our previous report, covering the second half of 2017, was the decrease in publicly filed settlement agreements between activist investors and target companies, which we attributed partially to the concurrent decline in campaigns involving activists seeking board seats.  This trend has been reversed.  As campaigns seeking board representation have returned to prominence, the number of publicly filed settlement agreements in the first half of 2018 has seen a fivefold increase from the previous half-year period, from four such agreements in the second half of 2017 to 21 in the first half of 2018.  Trends in the key terms of settlement agreements remain relatively steady.  Voting agreements, standstills, and ownership thresholds remain nearly ubiquitous.  Non-disparagement provisions dropped off slightly in the first half of 2018, while committee appointments for new directors and other strategic initiatives (e.g., replacement of management, spin-offs, governance changes) remained near their historical averages in prior editions of this report.  The increased frequency of expense reimbursement noted in our last report has also continued into 2018, with 62% of publicly filed settlement agreements containing such a provision compared to a historical average of just 36% from 2014 through the first half of 2017.  Further details and data on publicly filed settlement agreements may be found in the latter half of this report. We hope you find Gibson Dunn’s 2018 Mid-Year Activism Update informative. If you have any questions, please do not hesitate to reach out to a member of your Gibson Dunn team. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this publication.  For further information, please contact the Gibson Dunn lawyer with whom you usually work, or any of the following authors in the firm’s New York office: Barbara L. Becker (+1 212.351.4062, bbecker@gibsondunn.com) Richard J. Birns (+1 212.351.4032, rbirns@gibsondunn.com) Dennis J. Friedman (+1 212.351.3900, dfriedman@gibsondunn.com) Eduardo Gallardo (+1 212.351.3847, egallardo@gibsondunn.com) William Koch (+1 212.351.4089, wkoch@gibsondunn.com) Please also feel free to contact any of the following practice group leaders and members: Mergers and Acquisitions Group: Jeffrey A. Chapman – Dallas (+1 214.698.3120, jchapman@gibsondunn.com) Stephen I. Glover – Washington, D.C. (+1 202.955.8593, siglover@gibsondunn.com) Jonathan K. Layne – Los Angeles (+1 310.552.8641, jlayne@gibsondunn.com) Securities Regulation and Corporate Governance Group: Brian J. Lane – Washington, D.C. (+1 202.887.3646, blane@gibsondunn.com) Ronald O. Mueller – Washington, D.C. (+1 202.955.8671, rmueller@gibsondunn.com) James J. Moloney – Orange County, CA (+1 949.451.4343, jmoloney@gibsondunn.com) Elizabeth Ising – Washington, D.C. (+1 202.955.8287, eising@gibsondunn.com) Lori Zyskowski – New York (+1 212.351.2309, lzyskowski@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 2, 2018 |
M&A Report – Fresenius Marks a Watershed Development in the Analysis of “Material Adverse Effect” Clauses

Click for PDF On October 1, 2018, in Akorn, Inc. v. Fresenius Kabi AG,[1]  the Delaware Court of Chancery determined conclusively for the first time that a buyer had validly terminated a merger agreement due to the occurrence of a “material adverse effect” (MAE). Though the decision represents a seminal development in M&A litigation generally, Vice Chancellor Laster grounded his decision in a framework that comports largely with the ordinary practice of practitioners. In addition, the Court went to extraordinary lengths to explicate the history between the parties before concluding that the buyer had validly terminated the merger agreement, and so sets the goalposts for a similar determination in the future to require a correspondingly egregious set of facts. As such, the ripple effects of Fresenius in future M&A negotiations may not be as acute as suggested in the media.[2] Factual Overview On April 24, 2017, Fresenius Kabi AG, a pharmaceutical company headquartered in Germany, agreed to acquire Akorn, Inc., a specialty generic pharmaceutical manufacturer based in Illinois. In the merger agreement, Akorn provided typical representations and warranties about its business, including its compliance with applicable regulatory requirements. In addition, Fresenius’s obligation to close was conditioned on Akorn’s representations being true and correct both at signing and at closing, except where the failure to be true and correct would not reasonably be expected to have an MAE. In concluding that an MAE had occurred, the Court focused on several factual patterns: Long-Term Business Downturn. Shortly after Akorn’s stockholders approved the merger (three months after the execution of the merger agreement), Akorn announced year-over-year declines in quarterly revenues, operating income and earnings per share of 29%, 84% and 96%, respectively. Akorn attributed the declines to the unexpected entrance of new competitors, the loss of a key customer contract and the attrition of its market share in certain products. Akorn revised its forecast downward for the following quarter, but fell short of that goal as well and announced year-over-year declines in quarterly revenues, operating income and earnings per share of 29%, 89% and 105%, respectively. Akorn ascribed the results to unanticipated supply interruptions, added competition and unanticipated price erosion; it also adjusted downward its long-term forecast to reflect dampened expectations for the commercialization of its pipeline products. The following quarter, Akorn reported year-over-year declines in quarterly revenues, operating income and earnings per share of 34%, 292% and 300%, respectively. Ultimately, over the course of the year following the signing of the merger agreement, Akorn’s EBITDA declined by 86%. Whistleblower Letters. In late 2017 and early 2018, Fresenius received anonymous letters from whistleblowers alleging flaws in Akorn’s product development and quality control processes. In response, relying upon a covenant in the merger agreement affording the buyer reasonable access to the seller’s business between signing and closing, Fresenius conducted a meticulous investigation of the Akorn business using experienced outside legal and technical advisors. The investigation revealed grievous flaws in Akorn’s quality control function, including falsification of laboratory data submitted to the FDA, that cast doubt on the accuracy of Akorn’s compliance with laws representations. Akorn, on the other hand, determined not to conduct its own similarly wide-ranging investigation (in contravention of standard practice for an FDA-regulated company) for fear of uncovering facts that could jeopardize the deal. During a subsequent meeting with the FDA, Akorn omitted numerous deficiencies identified in the company’s quality control group and presented a “one-sided, overly sunny depiction.” Operational Changes. Akorn did not operate its business in the ordinary course after signing (despite a covenant requiring that it do so) and fundamentally changed its quality control and information technology (IT) functions without the consent of Fresenius. Akorn management replaced regular internal audits with “verification” audits that only addressed prior audit findings rather than identifying new problems. Management froze investments in IT projects, which reduced oversight over data integrity issues, and halted efforts to investigate and remediate quality control issues and data integrity violations out of concern that such investigations and remediation would upend the transaction. Following signing, NSF International, an independent, accredited standards development and certification group focused on health and safety issues, also identified numerous deficiencies in Akorn’s manufacturing facilities. Conclusions and Key Takeaways The Court determined, among others, that the sudden and sustained drop in Akorn’s business performance constituted a “general MAE” (that is, the company itself had suffered an MAE), Akorn’s representations with respect to regulatory compliance were not true and correct, and the deviation between the as-represented condition and its actual condition would reasonably be expected to result in an MAE. In addition, the Court found that the operational changes implemented by Akorn breached its covenant to operate in the ordinary course of business. Several aspects of the Court’s analysis have implications for deal professionals: Highly Egregious Facts. Although the conclusion that an MAE occurred is judicially unprecedented in Delaware, it is not surprising given the facts. The Court determined that Akorn had undergone sustained and substantial declines in financial performance, credited testimony suggesting widespread regulatory noncompliance and malfeasance in the Akorn organization and suggested that decisions made by Akorn regarding health and safety were re-prioritized in light of the transaction (and in breach of a highly negotiated interim operating covenant). In In re: IBP, Inc. Shareholders Litigation, then-Vice Chancellor Strine described himself as “confessedly torn” over a case that involved a 64% year-over-year drop-off in quarterly earnings amid allegations of improper accounting practices, but determined that no MAE had occurred because the decline in earnings was temporary. In Hexion Specialty Chemicals, Inc. v. Huntsman Corp., Vice Chancellor Lamb emphasized that it was “not a coincidence” that “Delaware courts have never found a material adverse effect to have occurred in the context of a merger agreement” and concluded the same, given that the anticipated decline in the target’s EBITDA would only be 7%. No such hesitation can be found in the Fresenius opinion.[3] MAE as Risk Allocation Tool. The Court framed MAE clauses as a form of risk allocation that places “industry risk” on the buyer and “company-specific” risk on the seller. Explained in a more nuanced manner, the Court categorized “business risk,” which arises from the “ordinary operations of the party’s business” and which includes those risks over which “the party itself usually has significant control”, as being retained by the seller. By contrast, the Court observed that the buyer ordinarily assumes three others types of risk—namely, (i) systematic risks, which are “beyond the control of all parties,” (ii) indicator risks, which are markers of a potential MAE, such as a drop in stock price or a credit rating downgrade, but are not underlying causes of any MAE themselves, and (iii) agreement risks, which include endogenous risks relating to the cost of closing a deal, such as employee flight. This framework comports with the foundation upon which MAE clauses are ordinarily negotiated and underscores the importance that sellers negotiate for industry-specific carve-outs from MAE clauses, such as addressing adverse decisions by governmental agencies in heavily regulated industries. High Bar to Establishing an MAE. The Court emphasized the heavy burden faced by a buyer in establishing an MAE. Relying upon the opinions that emerged from the economic downturns in 2001 and 2008,[4]  the Court reaffirmed that “short-term hiccups in earnings” do not suffice; rather, the adverse change must be “consequential to the company’s long-term earnings power over a commercially reasonable period, which one would expect to be measured in years rather than months.” The Court underscored several relevant facts in this case, including (i) the magnitude and length of the downturn, (ii) the suddenness with which the EBITDA decline manifested (following five consecutive years of growth) and (iii) the presence of factors suggesting “durational significance,” including the entrance of new and unforeseen competitors and the permanent loss of key customers.[5] Evaluation of Targets on a Standalone Basis. Akorn advanced the novel argument that an MAE could not have occurred because the purchaser would have generated synergies through the combination and would have generated profits from the merger. The Court rejected this argument categorically, finding that the MAE clause was focused solely on the results of operations and financial condition of the target and its subsidiaries, taken as a whole (rather than the surviving corporation or the combined company), and carved out any effects arising from the “negotiation, execution, announcement or performance” of the merger agreement or the merger itself, including “the generation of synergies.” Given the Court’s general aversion to considering synergies as relevant to determining an MAE, buyers should consider negotiating to include express references to synergies in defining the concept of an MAE in their merger agreements. Disproportionate Effect. Fresenius offers a useful gloss on the importance to buyers of including “disproportionate effects” qualifications in MAE carve-outs regarding industry-wide events. Akorn argued that it faced “industry headwinds” that caused its decline in performance, such as heightened competition and pricing pressure as well as regulatory actions that increased costs. However, the Court rejected this view because many of the causes of Akorn’s poor performance were actually specific to Akorn, such as new market entrants in Akorn’s top three products and Akorn’s loss of a specific key contract. As such, these “industry effects” disproportionately affected and were allocated from a risk-shifting perspective to Akorn. To substantiate this conclusion, the Court relied upon evidence that Akorn’s EBITDA decline vastly exceeded its peers. The Bring-Down Standard. A buyer claiming that a representation given by the target at closing fails to satisfy the MAE standard must demonstrate such failure qualitatively and quantitatively. The Court focused on a number of qualitative harms wrought by the events giving rise to Akorn’s failure to bring down its compliance with laws representation at closing, including reputational harm, loss of trust with principal regulators and public questioning of the safety and efficacy of Akorn’s products. With respect to quantitative measures of harm, Fresenius and Akorn presented widely ranging estimates of the cost of remedying the underlying quality control challenges at Akorn. Using the midpoint of those estimates, the Court estimated the financial impact to be approximately 21% of Akorn’s market capitalization. However, despite citing several proxies for financial performance suggesting that this magnitude constituted an MAE, the Court clearly weighted its analysis towards qualitative factors, noting that “no one should fixate on a particular percentage as establishing a bright-line test” and that “no one should think that a General MAE is always evaluated using profitability metrics and an MAE tied to a representation is always tied to the entity’s valuation.” Indeed, the Court observed that these proxies “do not foreclose the possibility that a buyer could show that percentage changes of a lesser magnitude constituted an MAE. Nor does it exclude the possibility that a buyer might fail to prove that percentage changes of a greater magnitude constituted an MAE.” Fresenius offers a useful framework for understanding how courts analyze MAE clauses. While this understanding largely comports with the approach taken by deal professionals, the case nevertheless offers a reminder that an MAE, while still quite unlikely, can occur. Deal professionals would be well-advised to be thoughtful about how the concept should be defined and used in an agreement.    [1]   Akorn, Inc. v. Fresenius Kabi AG, C.A. No. 2018-0300-JTL (Del. Ch. Oct. 1, 2018).    [2]   See, e.g., Jef Feeley, Chris Dolmetsch & Joshua Fineman, Akorn Plunges After Judge Backs Fresenius Exit from Deal, Bloomberg (Oct 1, 2018) (“‘The ruling is a watershed moment in Delaware law, and will be a seminal case for those seeking to get out of M&A agreements,’ Holly Froum, an analyst with Bloomberg Intelligence, said in an emailed statement.”); Tom Hals, Delaware Judge Says Fresenius Can Walk Away from $4.8 Billion Akorn Deal, Reuters (Oct. 1, 2018) (“‘This is a landmark case,’ said Larry Hamermesh, a professor at Delaware Law School in Wilmington, Delaware.”).    [3]   The egregiousness of the facts in this case is further underscored by the fact that the Court determined that the buyer had breached its own covenant to use its reasonable best efforts to secure antitrust clearance, but that this breach was “temporary” and “not material.”    [4]   See, e.g., Hexion Specialty Chems. Inc. v. Huntsman Corp., 965 A.2d 715 (Del. Ch. 2008); In re: IBP, Inc. S’holders Litig., 789 A.2d 14 (Del. Ch. 2001).    [5]   This view appears to comport with the analysis highlighted by the Court from In re: IBP, Inc. Shareholders Litigation, in which the court determined that an MAE had not transpired in part because the target’s “problems were due in large measure to a severe winter, which adversely affected livestock supplies and vitality.” In re: IBP, 789 A.2d at 22. In this case, the decline of Akorn was not the product of systemic risks or cyclical declines, but rather a company-specific effect. The following Gibson Dunn lawyers assisted in preparing this client update:  Barbara Becker, Jeffrey Chapman, Stephen Glover, Mark Director, Andrew Herman, Saee Muzumdar, Adam Offenhartz, and Daniel Alterbaum. Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these issues.  For further information, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Mergers and Acquisitions practice group: Mergers and Acquisitions Group / Corporate Transactions: Barbara L. Becker – Co-Chair, New York (+1 212-351-4062, bbecker@gibsondunn.com) Jeffrey A. Chapman – Co-Chair, Dallas (+1 214-698-3120, jchapman@gibsondunn.com) Stephen I. Glover – Co-Chair, Washington, D.C. (+1 202-955-8593, siglover@gibsondunn.com) Dennis J. Friedman – New York (+1 212-351-3900, dfriedman@gibsondunn.com) Jonathan K. Layne – Los Angeles (+1 310-552-8641, jlayne@gibsondunn.com) Mark D. Director – Washington, D.C./New York (+1 202-955-8508/+1 212-351-5308, mdirector@gibsondunn.com) Andrew M. Herman – Washington, D.C./New York (+1 202-955-8227/+1 212-351-5389, aherman@gibsondunn.com) Eduardo Gallardo – New York (+1 212-351-3847, egallardo@gibsondunn.com) Saee Muzumdar – New York (+1 212-351-3966, smuzumdar@gibsondunn.com) Mergers and Acquisitions Group / Litigation: Meryl L. Young – Orange County (+1 949-451-4229, myoung@gibsondunn.com) Brian M. Lutz – San Francisco (+1 415-393-8379, blutz@gibsondunn.com) Aric H. Wu – New York (+1 212-351-3820, awu@gibsondunn.com) Paul J. Collins – Palo Alto (+1 650-849-5309, pcollins@gibsondunn.com) Michael M. Farhang – Los Angeles (+1 213-229-7005, mfarhang@gibsondunn.com) Joshua S. Lipshutz – Washington, D.C. (+1 202-955-8217, jlipshutz@gibsondunn.com) Adam H. Offenhartz – New York (+1 212-351-3808, aoffenhartz@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 1, 2018 |
Gibson Dunn Ranked Among Top New York Real Estate Law Firms

The Real Deal ranked Gibson Dunn No. 2 on its 2018 list of law firms who handled the highest dollar volume of New York real estate sales on the buyer side and also No. 2 on its 2018 list of law firms who handled the highest dollar volume of New York real estate loans on the lender side.  The list was published on October 1, 2018.

October 1, 2018 |
Congress Clarifies Statutory Thresholds for FERC Merger Approvals

Click for PDF On September 28, 2018, President Trump signed into law amendments to Section 203 of the Federal Power Act that, among other things, narrow the scope of transactions that require prior approval from the Federal Energy Regulatory Commission (“FERC”).  The changes become effective on March 27, 2019. Presently, FERC prior approval is required anytime a public utility or an affiliate of a public utility acquires facilities subject to FERC’s jurisdiction (i.e., it engages in a “utility merger”)—regardless of value.  The new law establishes a $10 million threshold for such transactions and also requires after-the-fact reporting of such transactions involving assets valued between $1 million and $10 million. This amendment fixes inconsistencies in the Federal Power Act and eases significantly the regulatory burden associated with the purchase of smaller and/or lower value, FERC-jurisdictional assets.  Under the Energy Policy Act of 2005, Congress eliminated entirely any clear monetary threshold for utility merger approvals while at the same time increasing the threshold from $50,000 to $10 million for all other types of sales and purchases requiring FERC approval.  Since the statute was silent regarding any sort of de minimis threshold utility merger approvals, FERC interpreted its authority to extend to all such mergers regardless of the value of the facilities.  This has led to numerous applications to FERC for approval of transactions involving minimally valued assets (some as low as $1), frustration on the part of some utilities, and some entities incurring fines from the FERC Office of Enforcement due to erroneous reading of a $10 million threshold into the statute. The amended Section 203(a)(1) will also significantly ease the regulatory burden associated with the sales of lower value, FERC-jurisdictional assets.  Applications to FERC under Section 203 are burdensome to compile and it can often take months before the Commission issues an order on the request.  This amendment will help to encourage sales of less valuable FERC-jurisdictional assets while also freeing up the Commission to focus on other matters. Starting on March 27, 2019, entities wishing to engage in transactions involving FERC-jurisdictional assets of more than $10 million must continue to request FERC approval for consummating the transaction.  Entities wishing to engage in transactions involving FERC-jurisdictional assets between $1 million and $10 million do not need to seek FERC pre-approval, and instead must only notify FERC of the transaction within one month of the closing.  Transactions involving FERC-jurisdictional assets below the $1 million threshold do not need to be reported. Gibson Dunn’s Energy, Regulation and Litigation lawyers are available to assist in addressing any questions you may have regarding the developments discussed above.  To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, or the authors: William S. Scherman – Washington, D.C. (+1 202-887-3510, wscherman@gibsondunn.com) Jeffrey M. Jakubiak – New York (+1 212-351-2498, jjakubiak@gibsondunn.com) Jennifer C. Mansh – Washington, D.C. (+1 202-955-8590, jmansh@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 1, 2018 |
Federal Circuit Update (October 2018)

Click for PDF This edition of Gibson Dunn’s Federal Circuit Update offers a reminder of the upcoming American Intellectual Property Law Association (AIPLA) Annual Meeting and of Supreme Court’s upcoming review of decisions coming up from the Federal Circuit.  We also briefly recap the rules for obtaining a stay of an order pending Federal Circuit appeal.  The Update also summarizes recent Federal Circuit decisions limiting the scope of fee awards, narrowing the window for IPR petitions, clarifying standing requirements for IPR appeals, and providing for the separate patentability for engineering mammalian versus bacterial genomes. Federal Circuit News The AIPLA’s Annual Meeting will take place at the Marriott Wardman Park Hotel in Washington, D.C. from October 25–27, 2018.  Keynote speakers at this meeting will include the Honorable Raymond T. Chen and the Honorable Kara F. Stoll of the Federal Circuit, as well as Andrei Iancu of the U.S. Patent and Trademark Office. Supreme Court:  Thus far, the only case from the Federal Circuit scheduled to be heard in the OT2018 Term is Helsinn Healthcare S.A. v. Teva Phar. USA Inc.  Twenty-three amicus briefs have been filed in that case, reflecting the high interest in the case: Case Status Issue Helsinn Healthcare S.A. v. Teva Pharm. USA Inc., No. 17-1229 Petition for writ of certiorari granted on June 25, 2018 Whether the sale of a patented invention by the inventor to a third party that is obligated to keep the invention confidential constitutes prior art for determining patentability Federal Circuit Practice Update This month, we highlight the Federal Rules of Appellate Procedure and the Federal Circuit Rules of Practice governing requests to stay lower court or agency orders pending appeal.  Stay requests in appeals from a district court are governed by Federal Rule of Appellate Procedure 8 and Federal Circuit Rule 8, with stays from PTAB proceedings governed by parallel Rules 18. Proceed Below First:  FRAP 8(a)(1) and 18(a)(1) provide that “ordinarily” a party must first move in the district court or PTAB for the stay pending appeal. Stay from Federal Circuit:  Under FRAP 8(a)(2) and 18(a)(2), if the party did not move for relief below, the party must include in its motion a showing that it would have been impractical to do so.  Alternatively, if the party did make a request below, the party must explain why the district court or PTAB denied the motion or otherwise failed to provide the requested relief.  Given these requirements, a stay from the Federal Circuit should not be viewed as an alternative to moving below but rather as a second chance if prior efforts failed. Evidentiary Support Required:  FRAP 8(a)(2)(B) and 18(a)(2)(b) also require that “affidavits or other sworn statements” accompany a motion for a stay to support the need for the relief sought.  Lawyer’s argument is generally deemed insufficient. Bond May be Required:  The Federal Circuit “may condition relief on the filing of a bond or other appropriate security.”  FRAP 8(a)(2)(E) and 18(b). Formal Requirements:  Federal Circuit Rules 8 and 18 provide further procedural guidelines.  The motion and opposition to stay may not exceed 5,200 words, and the reply may not exceed 2,600 words.  A list of exhibits required for stay motions is also provided.  The Federal Circuit also mandates that, if a motion to stay remains pending below, the moving party must include an explanation as to when it filed the motion and why it is not practical to await a ruling below. Key Case Summaries (August – September 2018) In Re: Rembrandt Techs. LP Patent Litigation, No. 17-1784 (Fed. Cir. Aug. 15, 2018 (Public Opinion)):  Attorneys’ fees awarded under § 285 must have a “causal connection” to the misconduct that rendered the case exceptional. Section 285 provides that “[t]he court in exceptional cases may award reasonable attorney fees to the prevailing party.”  The statute, however, does not expressly state whether, in exceptional cases, the award must be apportioned between the exceptional and nonexceptional aspects of the case.  In Rembrandt the Federal Circuit suggests that only fees related to the exceptional aspects of the case should be shifted, which may portend a trend to narrower fee awards in the future. In a multidistrict litigation, Rembrandt asserted nine patents against dozens of parties.  After the Markman hearing, the court issued claim construction, which was adverse to Rembrandt for all patents.  The parties then agreed to covenants not to sue on eight of the patents and stipulated to non-infringement for the ninth.  After the Federal Circuit affirmed the claim construction for the ninth patent, the district court considered the defendants’ motion for fees.  The court found that Rembrandt had improperly revived two of the patents, allowed spoliation of evidence, and had improperly given fact witnesses interests contingent on the case’s outcome.  The court found these facts supported that the case was exceptional and awarded $51 million in fees. The Federal Circuit (O’Malley, J.) affirmed the court’s determination that the case is exceptional based on the above findings, but vacated the award of attorneys’ fees.  The panel held that, although the amount of a fee award is a matter of the district court’s discretion, the amount must bear a “causal connection” to the misconduct that makes the case exceptional.  The panel noted that, in less complicated or sprawling litigation, a “finding of pervasive misbehavior or inequitable conduct that affects all of the patents in suit may justify an award of all of the fees incurred.”  But here the district court awarded the entirety of the fees without making findings that, for example, spoliation affected every issue in the suit.  Likewise, the court did not explain why there was misconduct with respect to patents that were not improperly revived.  The panel thus remanded for a fee determination causally linked to the misconduct. Click-to-Call Techs., LP v. Ingenio, Inc., No. 15-1242 (Fed. Cir. Aug. 16, 2018) (key holding en banc): IPR one-year time bar under § 315(b) runs from when a complaint is served even if that complaint is then voluntarily dismissed without prejudice. In 2001, Inforocket sued Ingenio (then operating under a different name) for patent infringement.  After the complaint was served, the case was dismissed.  Click-to-Call (“CTC”) later acquired the patent and sued Ingenio a second time.  Ingenio filed an IPR petition, which CTC argued was time barred because the earlier complaint had been served well more than one year prior to the petition.  The PTAB rejected CTC’s § 315(b) argument and found the claims unpatentable. The Federal Circuit (O’Malley, J.) disagreed and vacated the ruling.  In a rare procedural move, a majority of the en banc court joined the panel’s holding that § 315(b)’s time bar runs from when a petitioner is served with an infringement complaint even if the complaint is dismissed.  The court explained that § 315(b) focuses on whether a petitioner “is served with a complaint alleging infringement.”  While the court recognized precedent stating that dismissals without prejudice leave the parties “as though the action had never been brought,” the panel also noted that the language of § 315(b) offers no exceptions.  The panel and en banc majority thus held that dismissal of a complaint does not negate the time bar triggered by service of that complaint. Regents of the Univ. of Calif. v. Broad Institute, Inc., No. 17-1907 (Fed Cir. Sept. 10, 2018):  Genetic engineering methods in mammalian cells are patentably distinct from those applied to bacterial cells. The University of California (UC) and the Broad Institute (along with their respective research partners) both claimed inventorship over CRISPR (Clustered Regularly Interspaced Short Palindromic Repeats) genomic editing using the Cas9 nuclease enzyme.  CRISPR-Cas9, which enables fast and precise genomic editing, is recognized as a potentially revolutionary next-generation tool in biomedical research and therapy development. The UC researchers reduced to practice (and published) using CRISPR-Cas9 in vitro in a non-cellular environment, and their patent application did not limit claims to any particular cell type.  The Broad team later reduced to practice in eukaryotic cells (specifically, human and mouse cells), filing claims covering CRISPR-Cas9 in eukaryotic cells.  The Patent Trial and Appeal Board issued an interference.  The Broad asserted that its later application was non-obvious and patentably distinct because a person of ordinary skill in the art would not have had a reasonable expectation of success in eukaryotic cells based on the UC’s research.  The PTAB agreed, citing differences between eukaryotic (e.g., plant or animal) and prokaryotic (e.g., bacterial) systems. The Federal Circuit affirmed.  The panel (Moore, J., joined by Schall, J. and Prost, C.J.) considered evidence of the unpredictability, more complicated protein folding, and greater genomic length and complexity of eukaryotic cells, as well as other prior art prokaryotic research that did not work fully in eukaryotic systems.  Although a motivation to combine was evidenced by multiple research groups succeeding in applying the CRISPR-Cas9 in eukaryotic cells shortly after the UC published its initial research, this did not necessarily indicate an expectation of success.  The panel thus found “substantial evidence” that “applying similar prokaryotic systems in eukaryotes was unpredictable” and that methods in eukaryotic cells were patentably distinct. While the panel cautioned that it was not “ruling on the validity of either set of claims,” its decision provides precedent that foundational research in bacterial systems and the same method applied to eukaryotic cells may be patentably distinct.  CRISPR-Cas9 and other biotechnologies stemming from prokaryotic research may now be subject to multiple patent estates, potentially subjecting industry participants to overlapping licensing obligations for the same technology.  From the perspective of foundational noneukaryotic-based research, such the UC’s work here, this decision may suggest future § 112 challenges for claims extending to eukaryotic systems or lead to narrower claiming to exclude such scope. JTEKT Corp. v. GKN Automotive, Ltd., No. 17-1828 (Fed. Cir. Aug. 3, 2018): Status as a competitor with potentially infringing product in development is insufficient to confer standing to appeal an adverse IPR decision Under § 311(a), any person or entity may petition to institute an IPR—there is no requirement of Article III standing.  But to appeal to the Federal Circuit, the petitioner must satisfy Article III, establishing an injury that is both concrete and particularized and not conjectural or hypothetical. GKN’s patent recites claims to vehicle drivetrains.  JTEKT was developing a competing drivetrain and initiated an IPR against GKN’s patent.  JTEKT sought to appeal the Board’s adverse decisions on several claims, but the Federal Circuit (Dyk, J., joined by O’Malley, J., and Prost, C.J.) held that the appellant lacked standing.  As the panel noted that, “[t]he fact that JTEKT has no product on the market at the present time does not preclude Article III standing.”  But, as the party seeking review, JTEKT had the burden to show the requisite injury.  The Federal Circuit noted that JTEKT was “currently validating its design” which could “continue to evolve and may change” before being finalized.  As such, the panel held that JTEKT failed to “establish that its planned product would create a substantial risk of infringing claims.” E.I. DuPont de Nemours & Co. v. Synvina C.V., No. 17-1977 (Fed. Cir. Sept. 17, 2018): Operating a factory capable of infringing a method of manufacturing is sufficient to confer standing to appeal an adverse IPR decision. DuPont petitioned for IPR of its competitor’s (Synvina’s) patent to methods of manufacturing FDCA.  On appeal, Synvina challenged DuPont’s standing to maintain the appeal, arguing that DuPont had not suffered an actual or imminent injury in fact.  The Federal Circuit (Lourie, J., joined by O’Malley, J. and Chen, J.) rejected the challenge.  The court held that, on appeal from an adverse IPR decision, “the petitioner must generally show a controversy of sufficient immediacy and reality to warrant the requested judicial relief.”  The court found this standard met because DuPont—a competitor of the patent owner—operates a plant capable of infringing the challenged patent, with the claimed reaction conditions.  Thus, “DuPont is engaged or will likely engage in an activity that would give rise to a possible infringement suit.”  Taken with JTEKT above, this illustrates the fact dependent and uncertain nature of the standing inquiry. Upcoming Oral Argument Calendar For a list of upcoming arguments at the Federal Circuit, please click here. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this alert: Blaine H. Evanson – Orange County (+1 949-451-3805, bevanson@gibsondunn.com) Raymond A. LaMagna – Los Angeles (+1 213-229-7101, rlamagna@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups: Appellate and Constitutional Law Group: Mark A. Perry – Washington, D.C. (+1 202-887-3667, mperry@gibsondunn.com) Caitlin J. Halligan – New York (+1 212-351-4000, challigan@gibsondunn.com) Nicole A. Saharsky – Washington, D.C. (+1 202-887-3669, nsaharsky@gibsondunn.com) Intellectual Property Group: Josh Krevitt – New York (+1 212-351-4000, jkrevitt@gibsondunn.com) Wayne Barsky – Los Angeles (+1 310-552-8500, wbarsky@gibsondunn.com)Mark Reiter – Dallas (+1 214-698-3100, mreiter@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 1, 2018 |
DOJ Antitrust Head Signals Move to Shorter, Less Burdensome Merger Review

Click for PDF On September 25, 2018, in a speech at the 2018 Georgetown Law Global Antitrust Enforcement Symposium, Assistant Attorney General Makan Delrahim, head of the Justice Department’s Antitrust Division (“DOJ”), announced his intention to significantly reduce the time needed to review proposed mergers and to reduce the burden in responding to a Request for Additional Information and Documentary Material (“Second Request”) regarding proposed transactions.  The proposed changes raise substantial procedural considerations for clients contemplating transactions posing complex antitrust issues that are reviewed by DOJ, although it remains to be seen whether and to what extent the new policies will be implemented. Transactions such as mergers and joint ventures that meet thresholds set out in the Hart-Scott-Rodino Act, 15 U.S.C. § 18a, and related regulations (“HSR”) must file with the FTC’s Premerger Notification Office and go through an initial 30-day waiting period to give the FTC and DOJ time to make an initial evaluation of the transaction’s potential effect on competition.  During this waiting period, either agency may issue a Second Request, a subpoena that seeks a substantial volume of documents and data regarding potential markets that may be affected by the proposed transaction.  Following substantial compliance with a Second Request, the reviewing agency has another 30 days to make an enforcement decision, a second waiting period that is sometimes extended by a “timing agreement” with the parties for another 30 to 60 days. Six-month Timeframe for Merger Review.  Delrahim announced that DOJ would aim to resolve most merger investigations within six months of the parties’ HSR filing.  Citing a source claiming that “significant merger reviews” in 2017 took an average of 10.8 months to complete, up 65% from just over 7 months in 2011, Delrahim acknowledged that increasingly lengthy merger investigations were “a problem” and that a change was needed to “modernize” the merger review process.  Delrahim’s stated goal to keep most merger investigations under six months was conditioned on companies’ “expeditious cooperat[ion]” throughout the process in the form of prompt production of relevant documents and data.  Delrahim noted that not every merger could be completed in this time frame, as some will have thorny issues that will take longer than six months to resolve.  Delrahim’s willingness implement a specific “benchmark” with regard to DOJ’s merger review timeline will come as a welcome retreat from the trend of longer and more burdensome merger investigations.  However, it remains to be seen whether a six-month deadline will be implemented in practice, particularly in mergers involving complex global markets, which are often subject to coordinated investigations by the DOJ and other competition authorities around the world, each with different timelines and procedures. Second Request Avoidance.  Delrahim signaled that DOJ would take a harder look at whether merger investigations can be closed without the need for a Second Request.  A Second Request for information can extend the deadline for a merger to close by six months or more, and DOJ staff sometimes requests that parties “pull and refile”—that is, withdraw and resubmit their HSR  filings to provide the agency 30 additional days to resolve potential issues.  Delrahim’s guidance suggests that DOJ staff may use this avenue more frequently going forward if it can avoid the need for a Second Request. Faster Decision-Making.  Delrahim promised faster decision-making once parties have complied with the Second Request, indicating that DOJ “will make a decision in no longer than 60 days—sooner, if possible . . .”  The HSR Act permits filing parties to consummate their merger as early as 30 days after certifying substantial compliance with a Second Request.  In practice, however, DOJ would frequently require that parties enter into “timing agreements” that extend the deadline by 30 to 60 days or more.  This change will also shorten the time needed to complete a merger review and render an enforcement decision, but in practice DOJ may be reluctant to shorten this waiting period where litigation is a possibility. Fewer Custodians and Depositions.  Delrahim issued crisper guidelines regarding the appropriate number of custodians and depositions needed to do a fulsome merger review.  Regarding custodians, Delrahim stated that “as a general matter we will assume that 20 custodians per party will be sufficient unless the Deputy AAG in charge of the investigation explicitly authorizes more.”  Regarding depositions, Delrahim said that “we generally will not seek more than 12 depositions unless the deputy in charge of the investigation authorizes a greater number.”  This is a welcome reduction in the number of custodians, given that a similar reform in 2006 imposed a much higher limit of 30 custodians.  This change may further reduce the expense and time needed to comply with a Second Request.  Delrahim’s proposed limits, however, were conditioned on earlier production of documents and data, less “gamesmanship” on privilege logs, and a longer post-complaint discovery period should the investigation result in litigation.  As a result, it is unclear whether this commitment will result in a lighter compliance burden for merging parties. Stricter Third Party CID Enforcement.  Delrahim sought to reinvigorate fulsome compliance with Civil Investigative Demands, noting that the Division would “not hesitate to bring CID enforcement actions in federal court to ensure timely and complete compliance.”  This suggests third parties in receipt of CIDs may encounter less flexibility on the part of DOJ Staff to modifications that substantially narrow the scope of the CID or extend the deadline to respond.  Nevertheless, the DOJ Staff relies heavily on third party cooperation in merger investigations, and should remain willing to limit the scope of CIDs in cases where doing so will speed up compliance. Withdrawal of 2011 Policy Guide to Merger Remedies.  Delrahim announced the withdrawal of the 2011 Policy Guide to Merger Remedies and restored the effectiveness of the 2004 Policy Guide until new guidance could be issued.  Merger remedies have been an area of particular focus for Delrahim, who in November of 2017 stated a preference for structural remedies—remedies requiring divestiture of business units—over  behavioral ones requiring changes to a company’s conduct.  The reversion to the 2004 Policy Guide seems to codify Delrahim’s preference for structural relief, as the 2011 Guide had signaled greater willingness to accept conduct remedies of the sort seen in the consent decrees entered in the Comcast/NBCU and Ticketmaster/LiveNation mergers, for example. Earlier Front Office Engagement.  Delrahim offered parties the opportunity to meet with Front Office staff earlier in the merger review process, indicating that these personnel would “be open to an initial, introductory meeting.”  This suggests parties will be given a greater opportunity to dialogue with Antitrust Division decision-makers much earlier in the investigative process.  Delrahim’s guidance responds to private sector complaints about the merger review and may portend meaningful changes in the merger investigation process, at least at the DOJ.  This is not the first and is unlikely to be the last attempt to reform the Second Request process or reduce the burden on merging parties.  Prior initiatives have largely failed to achieve their core goal of reducing the time to clearance, although some (such as the 2006 reform) have reduced the cost of compliance. If the announced changes are fully implemented, companies may look forward to meaningfully shorter merger investigations.  Transactions subject to Second Requests should have lower burdens of compliance in the form of fewer depositions and custodians.  Finally, parties can look forward to greater and earlier engagement with Front Office leadership before critical junctures in merger investigations are reached. Delrahim’s announcement contrasts notably with recent pronouncements by the FTC.  Under Chairman Joseph Simons, who took the reins of the agency on May 1, 2018, the agency recently revised its Model Timing Agreement to formalize adding time to merger reviews.  Specifically, the model agreement links parties’ opportunity to present advocacy to FTC senior leadership to agreeing to provide additional time post-compliance—60 to 90 days—for FTC staff to review submitted Second Request materials.  While the revision is generally consistent with current practice, at minimum, it reflects continued use of an elongated merger review period, and therefore suggests that the FTC may be diverging from DOJ with respect to the desire to shorten and streamline the full-phase merger review process. A copy of the Assistant Attorney General’s remarks can be found at: https://www.justice.gov/opa/speech/assistant-attorney-general-makan-delrahim-delivers-remarks-2018-global-antitrust. A copy of the FTC’s Revised Model Timing Agreement can be found at: https://www.ftc.gov/news-events/blogs/competition-matters/2018/08/timing-everything-model-timing-agreement. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Antitrust and Competition practice group, or the authors: Daniel G. Swanson – Los Angeles (+1 213-229-7430, dswanson@gibsondunn.com) Cynthia Richman – Washington, D.C. (+1 202-955-8234, crichman@gibsondunn.com) Adam Di Vincenzo – Washington, D.C. (+1 202-887-3704, adivincenzo@gibsondunn.com) Richard H. Cunningham – Denver, CO (+1 303-298-5752, rhcunningham@gibsondunn.com) Brian K. Ryoo – Washington, D.C. (+1 202-887-3746, bryoo@gibsondunn.com) Chris Wilson* – Washington, D.C. (+1 202-955-8520, cwilson@gibsondunn.com) Please also feel free to contact any of the following practice group leaders and members: Washington, D.C. D. Jarrett Arp (+1 202-955-8678, jarp@gibsondunn.com) Adam Di Vincenzo (+1 202-887-3704, adivincenzo@gibsondunn.com) Scott D. Hammond (+1 202-887-3684, shammond@gibsondunn.com) Joshua Lipton (+1 202-955-8226, jlipton@gibsondunn.com) Richard G. Parker (+1 202-955-8503, rparker@gibsondunn.com) Cynthia Richman (+1 202-955-8234, crichman@gibsondunn.com) New York Eric J. Stock (+1 212-351-2301, estock@gibsondunn.com) Los Angeles Daniel G. Swanson (+1 213-229-7430, dswanson@gibsondunn.com) Samuel G. Liversidge (+1 213-229-7420, sliversidge@gibsondunn.com) Jay P. Srinivasan (+1 213-229-7296, jsrinivasan@gibsondunn.com) Rod J. Stone (+1 213-229-7256, rstone@gibsondunn.com) San Francisco Rachel S. Brass (+1 415-393-8293, rbrass@gibsondunn.com) Trey Nicoud (+1 415-393-8308, tnicoud@gibsondunn.com) Dallas Veronica S. Lewis (+1 214-698-3320, vlewis@gibsondunn.com) Brian Robison (+1 214-698-3370, brobison@gibsondunn.com) M. Sean Royall (+1 214-698-3256, sroyall@gibsondunn.com) Robert C. Walters (+1 214-698-3114, rwalters@gibsondunn.com) Denver Richard H. Cunningham (+1 303-298-5752, rhcunningham@gibsondunn.com) Brussels Peter Alexiadis (+32 2 554 7200, palexiadis@gibsondunn.com) Jens-Olrik Murach (+32 2 554 7240, jmurach@gibsondunn.com) David Wood (+32 2 554 7210, dwood@gibsondunn.com)> London Patrick Doris (+44 20 7071 4276, pdoris@gibsondunn.com) Charles Falconer (+44 20 7071 4270, cfalconer@gibsondunn.com) Ali Nikpay (+44 20 7071 4273, anikpay@gibsondunn.com) Philip Rocher (+44 20 7071 4202, procher@gibsondunn.com) Deirdre Taylor (+44 20 7071 4274, dtaylor2@gibsondunn.com) Munich Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com) Kai Gesing (+49 89 189 33 180, kgesing@gibsondunn.com) Hong Kong Kelly Austin (+852 2214 3788, kaustin@gibsondunn.com) Sébastien Evrard (+852 2214 3798, sevrard@gibsondunn.com) *Not admitted in D.C.; practicing under supervision of principals of the firm. © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

September 27, 2018 |
New York Office of the Attorney General Publishes Report on Virtual Currency Platforms and Their Potential Risks

Click for PDF This Alert reviews the New York State Office of the Attorney General’s (the “OAG”) Virtual Markets Integrity Initiative Report (the “Report”), which was published on September 18, 2018.[1]  The publication of the OAG’s 42-page Report brings to a close its six-month fact-finding inquiry of several virtual currency platforms.[2]  The OAG sent out detailed letters and questionnaires to a number of virtual currency platforms seeking information from the platforms across a wide-range of issues, including trading operations, fees charged to customers, the existence of robust policies and procedures, and the use of risk controls. The OAG’s purpose in conducting this inquiry was to inform investors and consumers of the risks they face when considering whether to trade on virtual currency platforms.  The OAG is charged with enforcing laws that protect investors and consumers from unfair and deceptive practices and that safeguard the integrity of financial markets.  To that end, the OAG “compil[ed] and analyz[ed] the responses, compar[ed] [those responses] to the platforms’ publicly available disclosures,” and gave the platforms opportunities to confirm the OAG’s analysis in advance of the Report’s publication.[3] The Report focuses on three main concerns.  First, the OAG highlighted that virtual currency platforms may not sufficiently disclose or take measures to mitigate potential conflicts of interest.  Second, the OAG opined that virtual currency platforms currently do not take sufficient efforts to impede market manipulation and protect market integrity.  And third, the OAG expressed its view that virtual currency platforms may not have adequate safeguards for the protection of customer funds. We believe that the virtual currency industry (i.e., investors, consumers, platforms and other stakeholders) should view the Report as a best practices or best standards document, upon which virtual currency platforms may be measured in terms of their riskiness and viability. Please contact Gibson Dunn’s Digital Currencies and Blockchain Technology Team if you have any questions regarding the Report or any of the information discussed in this Alert. I.   The Virtual Currency Markets and New York’s Oversight Authority In order to have a better understanding of the potential impact of the Report, a primer on virtual currency markets generally and the State of New York’s oversight of virtual currency platforms is appropriate.             a.   Primer on Virtual Currency Markets The virtual currency markets have only been in existence for roughly ten years.  While these virtual or digital units of currency have no intrinsic value and are generally traded outside of the purview of direct government controls, the market’s popularity and trading volumes have catapulted it to a total market capitalization of approximately USD 218 billion as of September 27, 2018.[4]  One market analyst has estimated the existence of approximately 2,001 different virtual currencies, which are traded on platforms or “exchanges” around the globe.[5] The most popular virtual currency, Bitcoin, currently has a market capitalization of approximately USD 113 billion and a price of USD 6,523.[6]  There are several other virtual currencies—including ether, XRP, EOS, litecoin, and bitcoin cash—that are also widely traded. Investors and consumers generally access the virtual currency markets through trading platforms, most of which are unregistered and/or not subject to comprehensive governmental oversight in a manner similar to registered exchanges in other financial markets such as securities, commodities, and derivatives markets.  There are approximately 100 different virtual currency trading platforms in the world; not all are open to U.S. persons.[7] In the United States, government supervision over virtual currency markets continues to evolve at both the federal and state levels.  At the federal level, several federal regulators—including the Commodity Futures Trading Commission (“CFTC”) and the Securities and Exchange Commission (“SEC”)—have all begun to bring virtual currency trading more squarely under governmental supervision and control, either through defining their authority in federal court cases,[8] issuing regulatory guidance or consumer advisories,[9] or bringing enforcement actions against fraudsters and market participants and trading platforms, which violate existing laws.[10] In addition, states have enacted legislation or adopted regulations requiring virtual currency platforms to become licensed before offering trading access to their residents.  Some of these states, including New York, have also taken a more aggressive posture in warning consumers about fraudsters and platform operators that prey on their investor and consumer residents.[11]             b.   The State of New York’s Oversight of Virtual Currency Platforms New York has been a leader in establishing regulatory oversight over virtual currency markets in two important respects.  First, in 2014, New York—through its Department of Financial Services (“NYDFS”)—issued a comprehensive regulatory framework requiring virtual currency platforms and operators to secure a special business license called a “BitLicense” when engaging in virtual currency activities, and for those platforms and operators to establish consumer protections, anti-money laundering compliance, and cybersecurity guidelines.[12]  NYDFS has also granted limited purpose trust charters under New York banking law to virtual currency companies and has issued specific virtual currency product approvals.[13]  NYDFS has awarded eight BitLicenses, and it has granted two virtual currency limited-purpose trust company charters.[14] Second, New York has issued detailed guidance focusing on fraud detection and prevention.[15]  NYDFS’s guidance mandates that virtual currency licensees and chartered entities implement measures designed to effectively detect, prevent, and respond to fraud, attempted fraud, and similar wrongdoing in the trading of virtual currencies.  Many industry observers have viewed this guidance as amplifying and strengthening the monitoring requirements that already exist in New York’s regulations applying to BitLicensees. The OAG’s recent inquiry and its publication of the Report thus build on a developed framework of state regulation. II.   The Report and Its Three Key Areas of Concern The Report covers the following broad topics: (a) The jurisdiction in which virtual currency platforms operate; (b) The platforms’ acceptance of currencies (i.e., fiat and/or virtual); (c) Fees charged and disclosures of fee structures to customers; (d) The robustness of a platform’s trading policies and procedures; (e) How the platforms manage various types of conflicts of interest; (f) How the platforms safeguard customer funds through the establishment of security processes and procedures, the role of insurance, and the use of independent audits; and (g) The platforms’ processes around providing access to customers’ funds, as well as how the platforms handle trading suspensions and outages. We have produced the following chart that summarizes the OAG’s assessment of, and key findings from analyzing, the questionnaire responses received with respect to each of the topics above.  The Report also offered recommendations to assist virtual currency investors and consumers (i.e., platform customers) in making educated choices when deciding whether to invest or trade on a particular virtual currency platform. Topical Area Assessment Recommendations Jurisdiction Knowing where a platform is incorporated and headquartered is important because the platform’s domicile impacts which laws apply to any rights and remedies an investor or consumer may have in the event of a dispute, loss, theft or insolvency. Participating platforms claimed to limit trading access to authorized customers from particular locations; however, many of these platforms do not have effective know-your-customer (“KYC”) programs or actively monitor customers’ IP addresses in order ensure the identity and location of particular customers. Customers should know the jurisdictions from which their virtual currency trading platforms are located and headquartered. Platforms need to significantly enhance and improve their KYC programs and to develop effective IP monitoring systems in order to properly monitor and limit the platforms’ trading systems to authorized customers.   Acceptance of Currency To obtain virtual currency initially, customers must find a platform that accepts fiat currency (i.e., government-backed currency). It is important to know which trading platforms accept fiat currency; the acceptance of fiat currency demonstrates that the platform has a relationship with a regulated bank. Customers should be mindful of whether a virtual currency platform has a formal banking relationship in place.  The existence of such a relationship may offer customers a useful indicator for evaluating that a particular platform is a legitimate business concern. Fees and Fee Disclosures Most virtual currency trading platforms charge fees per transaction.  However, many virtual currency platforms’ fees may differ based on the price of the virtual asset that is bought or sold, the volume of trades executed by the customer, the order type chosen, or the timing of an order submission. Some platforms offer significant discounts to high-volume trading customers.  This discounting is known as a “maker-taker” fee model. Additionally, some platforms charge fees for withdrawals and deposits of customer fiat and virtual currencies. Customers should understand which actions will trigger fees, the size of those fees, and whether the platform will charge hidden fees.  To that end, the OAG recommends that customers should review and understand a platform’s complete fee schedule before the customer begins trading. Fee transparency is absolutely essential and customers should understand when a particular platform offers high-volume customer discounts. Trading Policies The Report drew several comparisons between virtual currency markets and the policies and market structure seen in securities trading. The OAG observed that, similar to securities platforms, the virtual currency platforms that participated in the inquiry do provide special features to professional traders. The OAG also noted that these platforms allow automated and algorithmic trading but few if any have robust policies in place to address such trading. The OAG noted that, while all of the participating platforms expressed a commitment to stamp out abusive trading practices, few had actual policies in place to define, detect, prevent, or penalize suspicious trading or market manipulation. The OAG noted that only a couple of platforms that responded to the questionnaire allow margin trading, whereby customers were allowed to borrow funds to trade a virtual asset. Since monitoring trading activity on a platform is critical to the integrity of the entire market, the OAG recommended that virtual currency platforms develop robust policies around automated and algorithmic trading, provide more transparency around the special trading features and order types offered to professional traders, improve customer onboarding procedures and implement serious market surveillance capabilities akin to those in securities trading venues  in order to detect and punish suspicious trading activity.   Conflicts of Interest The OAG noted that virtual currency platforms may have conflicts in terms of: (1) the standards applied when considering whether to list virtual assets; (2) compensation that they receive for listing particularly virtual assets; (3) the lack of consistent industry policies and procedures regarding platform employee trading; and (4) the ability of a platform to trade on its venue in a proprietary capacity. The OAG recommended that virtual currency platforms disclose payments and other compensation that they receive for listing a particular virtual currency. The OAG noted that, while the measures taken to monitor or prevent employee trading on platforms differed, virtual currency platforms should generally make their policies around employee trading more transparent to customers. Although proprietary trading certainly occurs in other markets, the OAG cautioned that customers should be aware that: (1) a platform could be trading on its own account on its own venue on an undisclosed basis; (2) high levels of proprietary trading may raise serious questions about the true available liquidity on a platform; and (3) the platforms may be trading with informational advantages. Safeguarding Customer Funds The OAG noted that, although safeguarding customer funds is of paramount importance, the virtual currency platforms that submitted responses did not consistently employ measures to ensure the security of those funds in the platforms’ custody The OAG also noted that industry standards have not yet developed around insurance for virtual currency platforms (i.e., what assets should be insured, against what risks, and at what price). The OAG noted that, although a number of the platforms reported that they have retained outside firms to conduct independent audits, the industry lacked common auditing standards. The OAG recommended that virtual currency platforms require two-factor identification by default to ensure that customer’s data is secure.  The OAG also recommended that platforms make better use of “cold storage” (i.e., a security practice wherein private keys to virtual currency are kept off of the internet).  Finally, the OAG recommended that platforms regularly conduct “penetration testing” in order to identify security holes in a platform’s information technology and data security infrastructure. The OAG recommended that customers should demand more information from trading platforms about how those platforms insure risks related to the virtual or fiat currency held within their custody. The OAG recommended that the industry come together to develop common auditing standards for virtual currency platforms. Access to Customer Funds During Suspensions/Outages The OAG noted that platforms often fail to detail their procedures for transferring virtual currency from customer accounts to private wallets, or for processing fiat currency withdrawals both under normal market conditions and during a suspension or outage.  The platforms that participated in the inquiry had differing policies. The OAG further noted that platforms do not have adequate policies or procedures for suspending trading or delaying pending trades, and the handling of open orders during and immediately following suspension and/or platform outage. The OAG recommended that customers should familiarize themselves with how pending trades and currency withdrawals are treated under normal market conditions and during a trading suspension or outage. Disclosure of Historical Outages The OAG noted that while most platforms notify customers of any trading suspensions or outages, few of the platforms provide full disclosure of past outages or suspensions, and the reasons for those events. The OAG suggested that customers examine whether a platform provides a history of prior outages and trading interruptions because by doing so it helps customers evaluate historical stability, reliability, and transparency of a venue. After conducting the general assessment described above, the OAG highlighted its three principal areas of concern: Virtual Currency Platforms Do Not Disclose or Take Measures to Mitigate Potential Conflicts of Interest.  Virtual currency platforms may operate with several conflicts of interest, including:  (1) operating several lines of business that would be restricted or carefully regulated if those platforms were exchanges in traditionally regulated markets; (2) receiving fees and other incentives to list particular virtual currencies; (3) having insufficient policies and procedures for limiting access to platforms employees to trade alongside of customers; and (4) engaging in proprietary trading alongside customers when platforms have access to nonpublic information. Virtual Currency Platforms Do Not Take Serious Efforts to Impede Market Manipulation and Protect Market Integrity.  The Report opined that many virtual currency platforms are susceptible to manipulative and fraudulent trading activity.  Such platforms lack robust real-time and historical market surveillance capabilities like those found in the securities and commodities and derivatives markets. Customer Fund Safeguards on Platforms are Limited and Often Illusory.  The Report also flagged that virtual currency markets may lack consistent and transparent approaches to ensure the protection of customer funds.  While many virtual currency platforms use independent auditors to conduct reviews of the platforms’ holdings, and some platforms have insurance, the scope and sufficiency of the audits and insurance do not provide adequate protections to customers for losses of their virtual or fiat currency. The OAG reiterated that New York’s virtual currency regulations address many of these concerns and the topics identified in its assessment.  The OAG reminded BitLicense registrants that they should be adhering to these requirements already. III.   Conclusion Although the Report was directed at New York investors and consumers, its assessment principles and recommendations may also establish more generally applicable industry standards.  Indeed, platforms operating outside of New York can use the OAG’s assessment and recommendations to enhance and improve their existing operations. The Report noted that the OAG has made referrals to NYDFS to initiate investigatory proceedings against three platforms that appear to engage in a virtual currency business in New York.  The Report may also influence other states and the federal government to consider developing regulations or guidance based on the OAG’s assessment and recommendations.    [1]   See Office of the New York State Attorney General, Virtual Markets Integrity Initiative Report, Sept. 18, 2018, available at https://ag.ny.gov/sites/default/files/vmii_report.pdf.    [2]   See Office of the New York State Attorney General, Press Release, A.G. Schneiderman Launches Inquiry Into Cryptocurrency “Exchanges”, Apr. 17, 2018, available at https://ag.ny.gov/press-release/ag-schneiderman-launches-inquiry-cryptocurrency-exchanges.    [3]   Report, p.2.    [4]   See CoinMarketCap, Sept 27, 2018, available at https://coinmarketcap.com/all/views/all/.    [5]   See Report p.2 (“there are more than 1,800 different virtual currencies. . . .”); see also CoinMarketCap, Sept. 27, 2018, available at https://coinmarketcap.com/all/views/all/.    [6]   See CoinMarketCap, Sept. 27, 2018, available at https://coinmarketcap.com/all/views/all/.    [7]   The website CoinMarketCap estimates that there are 14,252 different “markets” for trading cryptocurrencies.  See id.  The definition of “markets” also includes offline commercial areas or arenas for trading.    [8]   Through administrative decisions issued in 2015, the CFTC set forth its interpretation that virtual currencies (which include cryptocurrencies like Bitcoin) are commodities under the Commodity Exchange Act.  See In the Matter of: Coinflip, Inc., d/b/a Derivabit, and Francisco Riordan, CFTC Docket No. 15-29, available here.    [9]   See, e.g., CFTC Advisory, Customer Advisory: Use Caution When Buying Digital Coins or Tokens, July 16, 2018, available at https://www.cftc.gov/sites/default/files/2018-07/customeradvisory_tokens0718.pdf. [10]   See, e.g., CFTC v. Kantor et al., Civ. Act. No. CV182247, Apr. 17, 2018, available at https://www.cftc. gov/sites/default/files/2018-04/enfbluebitbancorder041718.pdf. [11]   Georgia, Illinois, Kansas, Massachusetts, Tennessee, Texas and Washington have established streamlined application processes for financial technology firm applicants to obtain money transmitter licenses. [12]   See 23 NYCRR Part 200 (Virtual currencies) (2018). [13]   See https://www.dfs.ny.gov/banking/virtualcurrency.htm. [14]   See id. [15]   See NYSDFS, Guidance on Prevention of Market Manipulation and Other Wrongful Activity, Feb. 7, 2018, available at https://www.dfs.ny.gov/legal/industry/il180207.pdf. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact any member of the Gibson Dunn team, the Gibson Dunn lawyer with whom you usually work in the firm’s Financial Institutions practice group, or the authors: Arthur S. Long – New York (+1 212-351-2426, along@gibsondunn.com) Jeffrey L. Steiner – Washington, D.C. (+1 202-887-3632, jsteiner@gibsondunn.com) Carl E. Kennedy – New York (+1 212-351-3951, ckennedy@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

September 27, 2018 |
Supreme Court Round-Up: A Summary of the Court’s Opinions, Cases to Be Argued This Term, and Other Developments

As the Supreme Court begins its 2018 Term next week, Gibson Dunn’s Supreme Court Round-Up provides summaries of the questions presented in the cases that the Court will hear this Term as well as other key developments on the Court’s docket.  Gibson Dunn presented 3 arguments during the 2017 Term, securing wins for clients in all 3 cases, and was involved in 11 additional cases as counsel for amici curiae.  To date, the Court has granted certiorari in 42 cases for the 2018 Term, and Gibson Dunn is counsel for the petitioner in 2 of those cases. Spearheaded by former Solicitor General Theodore B. Olson, the Supreme Court Round-Up keeps clients apprised of the Court’s most recent actions.  The Round-Up previews cases scheduled for argument, tracks the actions of the Office of the Solicitor General, and recaps recent opinions.  The Round-Up provides a concise, substantive analysis of the Court’s actions.  Its easy-to-use format allows the reader to identify what is on the Court’s docket at any given time, and to see what issues the Court will be taking up next.  The Round-Up is the ideal resource for busy practitioners seeking an in-depth, timely, and objective report on the Court’s actions. To view the Round-Up, click here. Gibson Dunn has a longstanding, high-profile presence before the Supreme Court of the United States, appearing numerous times in the past decade in a variety of cases.  During the Supreme Court’s 5 most recent Terms, 9 different Gibson Dunn partners have presented oral argument; the firm has argued a total of 17 cases in the Supreme Court during that period, including closely watched cases with far-reaching significance in the class action, intellectual property, separation of powers, and First Amendment fields.  Moreover, while the grant rate for certiorari petitions is below 1%, Gibson Dunn’s certiorari petitions have captured the Court’s attention: Gibson Dunn has persuaded the Court to grant 24 certiorari petitions since 2006. *   *   *  * Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Supreme Court.  Please feel free to contact the following attorneys in the firm’s Washington, D.C. office, or any member of the Appellate and Constitutional Law Practice Group. Theodore B. Olson (+1 202.955.8500, tolson@gibsondunn.com) Amir C. Tayrani (+1 202.887.3692, atayrani@gibsondunn.com) Brandon L. Boxler (+1 202.955.8575, bboxler@gibsondunn.com) Andrew G.I. Kilberg (+1 202.887.3759, akilberg@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

September 26, 2018 |
Chancery Reaffirms Safe Harbor for Directors’ Reasonable Reliance on Expert Advice

San Francisco partner Brian M. Lutz and New York associate Mark H. Mixon Jr. are the authors of “Chancery Reaffirms Safe Harbor for Directors’ Reasonable Reliance on Expert Advice” [PDF] published in the Delaware Business Court Insider on September 26, 2018.  

September 26, 2018 |
Lexology Navigator – Cartels

​San Francisco partners Rachel Brass and Trey Nicoud and Washington, D.C. partner Cynthia Richman contributed to the USA section of “Lexology Navigator – Cartels,” [PDF] published by Lexology on September 26, 2018.