On September 9, 2022, the U.S. Department of the Treasury (“Treasury”) published Preliminary Guidance on Implementation of a Maritime Services Policy and Related Price Exception for Seaborne Russian Oil (the “Guidance”),[1] taking a step toward implementing the commitment made at the G7 Finance Ministers Meeting on September 2, 2022 to institute a comprehensive prohibition of services that enable maritime transportation of Russian-origin oil and petroleum products unless such oil is purchased below an agreed-upon price cap.[2] The Guidance outlines the United States’ forthcoming policy and anticipated regulations from Treasury’s Office of Foreign Assets Control (“OFAC”) on the U.S. treatment of services related to the maritime transportation of Russian Federation-origin crude oil and petroleum products (“seaborne Russian oil”).

The mechanisms described in the Guidance will operate quite differently from the way other U.S. sanctions programs have targeted the oil trade and oil producing countries, such as the ‘waiver’ program under the Iran sanctions program whereby certain countries are excepted from sanctions targeting the purchases of Iranian oil if those countries have agreed to eliminate or substantially reduce their consumption of Iranian oil over time.[3] This forthcoming policy and regulation in the Russia context will create additional sanctions compliance obligations and challenges for companies across many sectors wherever there are services being provided relating to the maritime transportation of oil.

Focus of the policy

The policy seeks to establish a framework whereby the provision of services for Russian oil being exported by sea is prohibited unless the oil was purchased below the price cap, with the goal of reducing Russia’s overall revenues from its oil exports while maintaining a reliable supply of seaborne Russian oil to the global market and reducing upward pressure on energy prices. In the wake of the Ukraine invasion, Russian oil is increasingly transported via maritime tankers as opposed to land-based pipelines, with reported estimates that such tankers carry about 70% of Russian crude oil exports.[4]

The prohibitions will take effect (i) on December 5, 2022 with respect to maritime transportation of crude oil, and (ii) on February 5, 2023 with respect to maritime transportation of petroleum products.

Implementation

To implement the policy, OFAC anticipates issuing a determination pursuant to Executive Order 14071,[5] which will prohibit the exportation, re-exportation, sale, or supply, directly or indirectly, from the United States, or by a U.S. person, wherever located, of services related to the maritime transportation of seaborne Russian oil if the oil is purchased above the price cap.

The price cap will be set by a coalition of countries including the G7 and EU. The coalition will conduct a technical exercise to consider a range of factors with a rotating lead coordinator, in order to reach consensus on setting the price cap level. OFAC will issue additional guidance on how the price cap level will be published and updated.

Treasury and the U.S. Government broadly anticipate working with other members of the coalition implementing the maritime services policy to enforce the price cap.

Note, even with the new policy, the United States will continue to prohibit the importation of Russian-origin crude oil, petroleum and petroleum fuels, oils and products of their distillation into the United States, in accordance with Executive Order 14066.[6]

Anticipated compliance guiderails

In order to steer clear of a potential OFAC enforcement action, service providers dealing with seaborne Russian oil will need to be able to provide certain evidence that the price cap was not breached in regard to the shipment they are servicing. The specific evidence and level of diligence required will vary depending on the role the service provider is playing in the supply chain, as noted below. If the service provider satisfies the applicable requirements, the service provider can avail itself of a “safe harbor” from the ordinarily strict liability of sanctions, in the event of an inadvertent provision of services related to a purchase of seaborne Russian oil above the price cap. This process, of course, is in addition to standard due diligence procedures a service provider may already be carrying out for sanctions risks.

The Guidance describes the following three tiers of service providers, with examples and recommended evidentiary and diligence best practices. OFAC expects each covered service provider to retain relevant records for five years.

Tier 1 Actors: service providers who regularly have direct access to price information in the ordinary course of business should retain and share necessary documents showing that seaborne Russian oil was purchased at or below the price cap (“necessary price cap documents”). Examples of Tier 1 Actors include commodities brokers and refiners. Relevant documentation includes invoices, contracts, or receipts/proofs of accounts payable. Recommended risk-based measures to comply with the price cap include updating terms and conditions of contracts.

Tier 2 Actors: service providers who are sometimes able to request and receive price information from their customers in the ordinary course of business should (i) when practicable, request, retain and share necessary price cap documents or (ii) if not practicable, provide customer attestations in which the customer commits to not purchase seaborne Russian oil above the price cap (“customer price cap attestations”). Examples of Tier 2 Actors include financial institutions. Recommended risk-based measures include providing guidance to trade finance departments, relationship managers and compliance staff.

Tier 3 Actors: service providers who do not regularly have direct access to price information in the ordinary course of business should obtain and retain customer price cap attestations. Examples of Tier 3 Actors include insurers and protection and indemnity clubs. Insurers may request customer price cap attestations that cover the entire period a policy is in place, rather than requesting separate attestations for each shipment. Recommended risk-based measures include updating policies and terms and conditions.

Companies that make significant purchases of oil above the price cap and knowingly rely on service providers subject to the maritime services policy, or those that knowingly provide false information, documentation, or attestations to a service provider, will have potentially violated the maritime services policy and may be a target for a U.S. sanctions enforcement action.

Red flags to identify evasive or violating transactions

U.S. companies and banks are required to reject transactions that violate or seek to evade the maritime services policy and price cap, and report any such a transaction to OFAC. The Guidance provides the following red flags which service providers should consider:

Evidence of deceptive shipping practices: The Treasury, U.S. Department of State and U.S. Coast Guard issued a global advisory in 2020 to alert the maritime industry to deceptive shipping practices used to evade sanctions (the “2020 Maritime Sanctions Advisory”).[7] The indicators included in the 2020 Maritime Sanctions Advisory, such as falsifying cargo and vessel documents and complex ownership / management, are also relevant for the Russia oil price cap. Recommended business practices to address such red flags include institutionalizing sanctions compliance programs, adopting know-your-customer practices and exercising supply chain due diligence. Please consult the 2020 Maritime Sanctions Advisory for more information.

Refusal or reluctance to provide requested price information: A customer’s refusal or reluctance to provide the necessary documentation or attestation, as well as requests for exceptions to established practice, may indicate that they have purchased seaborne Russian oil above the price caps.

Unusually favorable payment terms, inflated costs or insistence on using circuitous or opaque payment mechanisms: Seaborne Russian oil purchased so far below the price cap as to be economically non-viable for the Russian exporter or excessively high service costs may be indicators the purchaser has made a back-end arrangement to evade the price cap. Attempts to use opaque payment mechanisms may also indicate that the counterparty is avoiding creating payment documentation.

Indications of manipulated shipping documentation, such as discrepancies of cargo type, voyage numbers, weights or quantities, serial numbers, shipment dates: Any indication of manipulated shipping documentation may be a red flag which should be fully investigated before providing services.

Newly formed companies or intermediaries, especially if registered in high-risk jurisdictions: Firms should exercise appropriate due diligence when providing services to new counterparties, particularly if such entities were recently formed or registered in high-risk jurisdictions and do not have a demonstrated history of legitimate business.

Abnormal shipping routes: Using shipping routes or transshipment points that are abnormal for shipping seaborne Russian oil to the intended destination may indicate attempts to conceal the true history of an oil shipment in violation of the price cap.

We will continue to closely monitor developments in this area, and will provide a more detailed analysis when OFAC publishes the forthcoming determination implementing this policy.

____________________________

[1] Preliminary Guidance on Implementation of a Maritime Services Policy and Related Price Exception for Seaborne Russian Oil, published by the U.S. Department of the Treasury (Sept. 9, 2022), https://home.treasury.gov/system/files/126/cap_guidance_20220909.pdf.

[2] See “G7 Finance Ministers´ Statement on the united response to Russia´s war of aggression against Ukraine,” Sept. 2, 2022, https://www.bundesfinanzministerium.de/Content/EN/Downloads/G7-G20/2022-09-02-g7-ministers-statement.pdf?__blob=publicationFile&v=7.

[3] See our prior publication, “Iran Sanctions 2.0: The Trump Administration Completes Its Abandonment of the Iran Nuclear Agreement,” Nov. 9, 2018, https://www.gibsondunn.com/iran-sanctions-2-0-the-trump-administration-completes-abandonment-of-iran-nuclear-agreement/#_ftn28.

[4] “The story behind the proposed price cap on Russian oil,” D. Wessel, Brookings (July 5, 2022).

[5] Executive Order 14071, 87 Fed. Reg. 20999 (Apr. 6, 2022), https://home.treasury.gov/system/files/126/14071.pdf.

[6] Executive Order 14066, 87 Fed. Reg. 13625 (Mar. 8, 2022), https://home.treasury.gov/system/files/126/eo_14066.pdf.

[7] Sanctions Advisory for the Maritime Industry, Energy and Metals Sectors, and Related Communities, published by the U.S. Department of the Treasury, U.S. Department of State and U.S. Coast Guard (May 14, 2020), https://home.treasury.gov/system/files/126/05142020_global_advisory_v1.pdf.

The following Gibson Dunn lawyers prepared this client alert: Felicia Chen, David A. Wolber, Judith Alison Lee, Stephenie Gosnell Handler, Scott Toussaint and Adam M. Smith.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or the following members and leaders of the firm’s International Trade practice group:

United States
Judith Alison Lee – Co-Chair, International Trade Practice, Washington, D.C. (+1 202-887-3591, jalee@gibsondunn.com)
Ronald Kirk – Co-Chair, International Trade Practice, Dallas (+1 214-698-3295, rkirk@gibsondunn.com)
Courtney M. Brown – Washington, D.C. (+1 202-955-8685, cmbrown@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202-887-3786, dburns@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202-955-8510, shandler@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213-229-7269, nhanna@gibsondunn.com)
Marcellus A. McRae – Los Angeles (+1 213-229-7675, mmcrae@gibsondunn.com)
Adam M. Smith – Washington, D.C. (+1 202-887-3547, asmith@gibsondunn.com)
Christopher T. Timura – Washington, D.C. (+1 202-887-3690, ctimura@gibsondunn.com)
Annie Motto – Washington, D.C. (+1 212-351-3803, amotto@gibsondunn.com)
Chris R. Mullen – Washington, D.C. (+1 202-955-8250, cmullen@gibsondunn.com)
Samantha Sewall – Washington, D.C. (+1 202-887-3509, ssewall@gibsondunn.com)
Audi K. Syarief – Washington, D.C. (+1 202-955-8266, asyarief@gibsondunn.com)
Scott R. Toussaint – Washington, D.C. (+1 202-887-3588, stoussaint@gibsondunn.com)
Shuo (Josh) Zhang – Washington, D.C. (+1 202-955-8270, szhang@gibsondunn.com)

Asia
Kelly Austin – Hong Kong (+852 2214 3788, kaustin@gibsondunn.com)
David A. Wolber – Hong Kong (+852 2214 3764, dwolber@gibsondunn.com)
Fang Xue – Beijing (+86 10 6502 8687, fxue@gibsondunn.com)
Qi Yue – Beijing – (+86 10 6502 8534, qyue@gibsondunn.com)

Europe
Attila Borsos – Brussels (+32 2 554 72 10, aborsos@gibsondunn.com)
Nicolas Autet – Paris (+33 1 56 43 13 00, nautet@gibsondunn.com)
Susy Bullock – London (+44 (0) 20 7071 4283, sbullock@gibsondunn.com)
Patrick Doris – London (+44 (0) 207 071 4276, pdoris@gibsondunn.com)
Sacha Harber-Kelly – London (+44 (0) 20 7071 4205, sharber-kelly@gibsondunn.com)
Penny Madden – London (+44 (0) 20 7071 4226, pmadden@gibsondunn.com)
Benno Schwarz – Munich (+49 89 189 33 110, bschwarz@gibsondunn.com)
Michael Walther – Munich (+49 89 189 33 180, mwalther@gibsondunn.com)
Richard W. Roeder – Munich (+49 89 189 33 115, rroeder@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

On September 15, 2022, the President issued the first Executive Order (“E.O.”) in the nearly 50-year history of the interagency Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) to provide explicit guidance for CFIUS in conducting national security reviews of covered transactions.[1] The E.O. does not legally alter CFIUS processes or legal jurisdiction, but rather elaborates on certain existing factors that the Committee is mandated by statute to consider,[2] and adds further national security factors for the Committee to consider, when it is evaluating transactions. The E.O. comes as the U.S. Government is increasingly focused on strategic competition—particularly regarding the national security implications of critical technologies, critical infrastructure, and sensitive personal data—and builds on the expansive CFIUS authorities codified in the Foreign Investment Risk Review Modernization Act of 2018 and implementing regulations.[3] Importantly, the E.O. continues the momentum established with recent legislation enacted by Congress,[4] as well as other Biden administration initiatives,[5] and comes in the midst of broader discussions about regulating both inbound and outbound technology transfers. This E.O. plays an important role in the U.S. Government approach to achieving national security objectives in protecting U.S. technological competitiveness and curbing U.S. reliance on foreign supply chains involving critical technologies.

Specifically, the E.O. directs CFIUS to consider the following five factors:

The resilience of critical U.S. supply chains that may have national security implications, including those outside of the defense industrial base;
U.S. technological leadership in areas affecting U.S. national security, including but not limited to microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies;
Aggregate industry investment trends that may have consequences for a given transaction’s impact on U.S. national security;
Cybersecurity risks that threaten to impair national security; and
Risks to U.S. persons’ sensitive data.

We discuss each of these five factors and their impact on the CFIUS process in turn below, as well as the common concern relating to third-party ties highlighted by the E.O. in each of these factors.

The Resilience of Critical U.S. Supply Chains

With respect to the first factor, the E.O. directs CFIUS to consider supply chain resiliency, inside and outside the defense sector, and whether a transaction could pose a threat of future supply disruptions of goods and services critical to the United States. Specific elements the Committee should consider are whether a supply chain is sufficiently diversified with alternative suppliers including in allied and partner countries, the concentration of ownership or control in the supply chain by the foreign investor, and whether the U.S. party to the transaction supplies to the U.S. Government.

U.S. Technological Leadership

The second factor focuses CFIUS’ attention on a transaction’s potential effect on U.S. leadership in certain critical sectors that are fundamental to national security, including microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy and climate adaptation technologies. Not surprisingly, the specific technologies identified in this E.O. align with the most recent list of Critical and Emerging Technologies (“CET”) published by the U.S. National Science and Technology Council,[6] in line with the U.S. Government’s overall focus on protecting and developing these technologies. Along these lines, part of the CFIUS review of this factor will need to include not only the current state of the U.S. business and technology being acquired, but also now whether the transaction could reasonably result in future advancements and applications in technology that could undermine U.S. national security, according to the E.O.

Consideration of Aggregate Industry Trends

The third factor—directing CFIUS to consider the consequences of industry investment trends on a particular transaction’s national security impact—grants the Committee express authority to block a transaction even where the covered transaction itself might not constitute a national security risk. In other words, the assessed national security risk of a covered transaction, standing alone, could be low when viewed on a case-by-case basis. But, under this Presidential direction, CFIUS would also consider broader industry trends, such as whether a specific foreign actor is acquiring or investing in multiple companies in a sector that, in the aggregate, could impact U.S. national security. This factor has significant disruptive potential for deal certainty given that it formally broadens CFIUS review beyond the specific facts of the transaction itself, and we assess this factor and the next (discussed below) to be among the most significant in the E.O. in terms of impact on the CFIUS process.

Cybersecurity Risks

Building on President Biden’s E.O. on “Improving the Nation’s Cybersecurity,”[7] the fourth factor instructs the Committee to consider whether a covered transaction may provide a foreign person or their third-party ties with access and ability to conduct cyber intrusions or other malicious cyber activity. CFIUS’ interest in cybersecurity risks is longstanding; however, this factor appears to give more weight to the growing risk of supply chain compromise that threaten broader national security. This makes sense given the context of the devastating SolarWinds Sunburst attack, in which a malicious nation-state actor leveraged unauthorized access to build a backdoor into a software update for a widely used network monitoring and management software. This backdoor was then used to gain unprecedented access to networks, systems, and data of thousands of organizations—including the U.S. Government. While critical technologies are a well-recognized priority of CFIUS, this factor appears to direct increased attention to technologies that would not necessarily be considered emerging or foundational, but are core to business operations in a manner that could have national security implications should they be compromised by a malicious actor. We therefore anticipate that CFIUS will look more closely at transactions involving the acquisition of basic management systems or software used across key industries and critical sectors, with an emphasis on transactions that may provide a foreign person or their third-party ties with the ability to leverage these systems or software to breach supply chains in those industries and/or sectors.

Access to U.S. Persons’ Sensitive Data

The fifth and final factor in the E.O. directs CFIUS to consider whether a covered transaction involves a U.S. business with access to U.S. persons’ sensitive data, and whether the foreign investor has, or the foreign investor’s ties have, the ability to exploit that data through commercial or other means to the detriment of U.S. national security. This factor reflects longstanding CFIUS concerns over access to sensitive personal data, and specifically recognizes that the transfer to foreign persons of large data sets can enable foreign persons or countries to conduct surveillance, tracing, tracking, and targeting of U.S. individuals or groups.

A Consistent Theme: National Security Concerns of Third Party Ties

Throughout all five factors, the E.O. directs that CFIUS should be scrutinizing transactions that involve foreign persons with any “third-party ties” which could add to the potential threat to U.S. national security, be it through providing those third parties access to critical technology or the opportunity to disrupt supply chains, engage in malicious cyber activity or misuse U.S. personal data. While no specific third-party ties are identified as riskier than others, it would be no surprise if in the current geopolitical environment ties involving Russia, China and other U.S. strategic competitors would be targeted for enhanced review.

Key Takeaways

In sum, while this is the first-ever E.O. providing guidance concerning the CFIUS review process, most of the direction builds upon the existing policy trendlines of the U.S. Government and the increasing concerns surrounding the national security implications of foreign investments in and acquisitions of U.S. businesses. It is no surprise that advanced technologies, cybersecurity risks, supply chains, and sensitive data remain at the forefront of national security considerations, but this E.O. directs the CFIUS’s national security risk analysis in a way that, as a practical matter, will continue to expand the Committee’s review authority. It is also being released amidst a series of efforts on the legislative and regulatory fronts to improve the competitiveness and resilience of U.S. technology, including discussions of additional Presidential directives concerning outbound technology transfers and capital, as well as enhanced protections of sensitive personal data. Given this breadth based on the five factors elucidated in the E.O., combined with the Biden administration’s goals of prioritizing U.S. competitiveness in certain critical technology sectors, we expect that the number of transactions reviewed by the Committee will continue to grow. Prior to engaging in any M&A activity or investments involving U.S. businesses operating within the sectors implicated by the factors outlined in this week’s E.O., transaction parties should carefully assess the likelihood of CFIUS review and the potential need to file a notice or declaration.

____________________________

[1] Executive Order on Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States (Sept. 15, 2022), available at https://www.whitehouse.gov/briefing-room/presidential-actions/2022/09/15/executive-order-on-ensuring-robust-consideration-of-evolving-national-security-risks-by-the-committee-on-foreign-investment-in-the-united-states/.

[2] See Section 721(f) of the Defense Production Act of 1950, 50 U.S.C. § 4565(f).

[3] Foreign Investment Risk Review Modernization Act of 2018, Pub. L. No. 115-232 (2018); 31 C.F.R. Parts 800 to 802.

[4] The CHIPS and Science Act of 2022, recently signed into law by President Biden, is intended to “ensure the United States maintains and advances its scientific and technological edge,” by “boost[ing] American semiconductor research, development, and production”—”technology that forms the foundation of everything from automobiles to household appliances to defense systems.” The White House, FACT SHEET: CHIPS and Science Act Will Lower Costs, Create Jobs, Strengthen Supply Chains, and Counter China (Aug. 9, 2022), available at

https://www.whitehouse.gov/briefing-room/statements-releases/2022/08/09/fact-sheet-chips-and-science-act-will-lower-costs-create-jobs-strengthen-supply-chains-and-counter-china/.

[5] On September 14, 2022, President Biden announced that the U.S. will invest $40 billion to expand biomanufacturing for key materials needed to produce essential medications, as well as develop and cultivate healthy supply chains to support the advanced development of bio-based materials, such as fuels, fire-resistant composites, polymers and resins, and protective materials. The White House, FACT SHEET: The United States Announces New Investments and Resources to Advance President Biden’s National Biotechnology and Biomanufacturing Initiative (Sept. 14, 2022), available at https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/14/fact-sheet-the-united-states-announces-new-investments-and-resources-to-advance-president-bidens-national-biotechnology-and-biomanufacturing-initiative/.

[6] National Science and Technology Council, Critical and Emerging Technologies Update List (Feb. 2022), available at https://www.whitehouse.gov/wp-content/uploads/2022/02/02-2022-Critical-and-Emerging-Technologies-List-Update.pdf.

[7] Executive Order on Improving the Nation’s Cybersecurity (May 2021), available at https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/.

The following Gibson Dunn lawyers prepared this client alert: Stephenie Gosnell Handler, David A. Wolber, Annie Motto, Scott Toussaint, and Claire Yi.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

In a major development on 13 September 2022, the UAE Ministry of Justice called upon the Dubai Courts to enforce judgments of the English Courts in the UAE going forward, based on principles of reciprocity.

The English Courts were historically reluctant to enforce UAE-issued judgments; and the UAE courts had for decades used the lack of reciprocity as a bar to the enforcement of English judgments. The English High Court’s recent decision in Lenkor Energy Trading DMCC v Puri (2020) EWHC 75 (QB) was a welcome development. In that seminal case, which was upheld on appeal, the High Court enforced a ‘bounced cheque’ judgment of the Dubai Court of Cassation. The High Court and Court of Appeal both ruled that the Dubai judgment was a final and conclusive judgment of a court of competent jurisdiction, which did not offend English public policy.

Days ago, on 13 September 2022, the UAE Ministry of Justice issued an official communication to the Dubai Courts, confirming that the Lenkor decision “constitutes a legal precedent and a principle binding on all English Courts according to their judicial system”.

In an unprecedented move, the UAE Ministry of Justice therefore asked the Dubai Courts to:

“take the relevant legal actions regarding any requests for enforcement of judgments and orders issued by the English Court, in accordance with the laws in force in both countries, as a confirmation of the principle of reciprocity initiated by the English Courts and assurance of its continuity between the English Courts and the UAE Courts.”

This important development provides confidence for creditors looking to enforce English Court judgments in the UAE. It is an encouraging development in terms of the ongoing judicial cooperation between the English and Dubai courts.

It also opens additional avenues for the enforcement of arbitral awards. Creditors of London-seated arbitral awards may now consider proceeding directly to the Dubai courts after enforcing their awards at the seat of arbitration under s. 66 of the Arbitration Act. This is a useful alternative to the traditional path of asking the Dubai Courts to recognise and enforce arbitral awards under the New York Convention, which has produced mixed results. It is also an alternative to the to the well-trodden path of using the (award creditor-friendly) DIFC Courts as a gateway to the enforcement of London-seated arbitral awards in Dubai and beyond.

The context: no applicable enforcement and recognition treaties between the UK and the UAE

There is no bilateral treaty between the UAE and the UK for the reciprocal recognition and enforcement of judgments (other than the Treaty between the UK and the UAE on Judicial Assistance in Civil and Commercial Matters, which lacks an enforcement mechanism, and the memoranda of understanding issued by the Courts of the DIFC and the ADGM).

In the absence of a treaty, judgment creditors must bring a claim to enforce a UAE judgment in England and Wales under common law. Under the common law test, the English court must be satisfied that the relevant UAE court: (i) had original jurisdiction to render its judgment; (ii) issued a final and conclusive judgment; and (iii) issued a judgment for a definite and calculable sum. If that is proven, then there are only limited defences available to a judgment debtor – chief amongst which is that enforcement of the foreign judgment would contravene English public policy.

Likewise, in the absence of a bilateral enforcement treaty, the UAE Courts will only enforce foreign judgments “under the same conditions laid down in the jurisdiction issuing the order”—in other words, when reciprocity exists with the issuing jurisdiction. This is set out in Article 85 of Cabinet Resolution No. 57 of 2018 concerning the Executive Regulations of Federal Law No. 11 of 1992 (as amended). Prior to the Lenkor decision, the English Courts were not in the practice of readily enforcing Dubai Court judgments; and the UAE courts had treated this lack of reciprocity as a bar to enforcement.

The Lenkor decision: a landmark decision of the English court to enforce a judgment of the UAE court

The English High Court enforced a ‘bounced cheque’ judgment from the Dubai court in Lenkor.

Mr Puri, a UK citizen, was the principal and controller of IPC Dubai. He had signed two security cheques in favour of Lenkor on IPC’s behalf. Lenkor and IPC then fell into dispute. Lenkor prevailed in an arbitration against IPC, and when IPC failed to satisfy the resulting arbitral award, Lenkor attempted to cash the cheques. When the cheques bounced, Lenkor brought Dubai court proceedings against Mr Puri personally.

The Dubai courts—including the final appellate court, the Dubai Court of Cassation—found that Mr Puri had contravened Article 599/2 of the UAE Commercial Transactions Law (UAE Federal Law No. 18 of 1993). Under that provision, the person who draws a cheque is deemed personally liable for the amount of the cheque; and a cheque may not be issued unless the drawer has, at the time of drawing the cheque, sufficient funds to meet it. The Dubai Court of First Instance entered judgment against Mr Puri for an AED equivalent of about USD 33.5 million, plus 9% interest per annum. This was upheld on multiple rounds of appeal, including ultimately by the Dubai Court of Cassation.

Mr Puri challenged the enforcement of the Dubai judgment in the English Courts. He argued that the judgment offended English public policy, on the bases that: (i) the underlying transaction between IPC and Lenkor was tainted by illegality; (ii) unlike Dubai law, English would not find Mr Puri personally liable for IPC’s debt and would not permit the piercing of the corporate veil; and (iii) the 9% interest awarded was unduly high and an unenforceable penalty.

The English High Court dismissed these arguments, because: (i) the question was whether the UAE Court’s judgment offended public policy, not the underlying transaction; (ii) the finding of Mr Puri’s personal liability was a question of Dubai law; and (iii) the interest rate awarded was not unduly high or an unenforceable penalty.

The English Court of Appeal upheld the decision on appeal in Lenkor Energy Trading DMCC v Puri [2021] EWCA Civ 770.

The 13 September 2022 direction from the UAE Ministry of Justice

The Lenkor decision is seminal in that it has demonstrated reciprocity between the UAE and the UK—certainly from the perspective of the UAE Ministry of Justice. The 13 September 2022 communication, issued from Judge Abdul Rahman Murad Al-Blooshi, Director of International Cooperation Department of the Ministry of Justice, to His Excellency Tarish Eid Al-Mansoori, Director General of the Dubai Courts, confirms (in an unofficial translation) that:

“…based on the Treaty between the United Kingdom of Great Britain and Northern Ireland and the United Arab Emirates on Judicial Assistance in Civil and Commercial Matters, and the desire to strengthen fruitful cooperation in the legal and judicial field;

Whereas, the aforementioned Treaty does not provide for enforcement of foreign judgments, and states that the judgments should be enforced according to the relevant applicable mechanism set forth in the local laws of both countries;

Whereas, Article (85) of the Executive Regulation of the Civil Procedures Law, as amended in 2020, stipulates that judgments and orders issued in a foreign country may be enforced in the State under the same conditions prescribed in the law of that country, and the legislator does not require an agreement for judicial cooperation to enforce foreign judgments, and such judgments may be enforced in the State according to the principle of reciprocity; and

Whereas, the principle has been considered by the English Courts upon previous enforcement of a judgment issued by Dubai Courts by virtue of a final judgment issued by the High Court of the United Kingdom in Lenkor Energy Trading DMCC v Puri (2020) EWHC 75 (QB), which constitutes a legal precedent and a principle binding on all English Courts according to their judicial system,

Therefore, we kindly request you to take the relevant legal actions regarding any requests for enforcement of judgments and orders issued by the English Court, in accordance with the laws in force in both countries, as a confirmation of the principle of reciprocity initiated by the English Courts and assurance of its continuity between the English Courts and the UAE Courts.”

The Arabic original is available below:

Closing comment

This development provides confidence for creditors looking to enforce English Court judgments in the UAE. It also opens additional avenues for arbitral award creditors to proceed directly to the Dubai courts once a London-seated award has been enforced at the seat of arbitration (as an alternative to the standard New York Convention route or the use of the DIFC Courts as a gateway). It remains to be seen whether the courts of Abu Dhabi will adopt a similar view. Either way, this is an important development given the close trade links between the UAE and the UK, and it demonstrates a pro-enforcement stance from the UAE Ministry of Justice, which is welcome news.

The following Gibson Dunn lawyers assisted in the preparation of this client update: Penny Madden KC and Nooree Moola.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s International Arbitration, Judgment and Arbitral Award Enforcement or Transnational Litigation practice groups, or any of the following practice leaders and members:

Cyrus Benson – London (+44 (0) 20 7071 4239, CBenson@gibsondunn.com)
Penny Madden KC – London (+44 (0) 20 7071 4226, PMadden@gibsondunn.com)
Jeff Sullivan KC – London (+44 (0) 20 7071 4231, Jeffrey.Sullivan@gibsondunn.com)
Nooree Moola – Dubai (+971 (0) 4 318 4643, nmoola@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

The European Commission (the “EC”) is expected to announce a proposal shortly that will ban products made using forced labour. The move follows a public consultation earlier this year by the EC seeking public opinion on an initiative “to keep the EU market free from products made, extracted or harvested with forced labour, whether they are made in the EU or elsewhere in the world.”[1] The proposal could have a significant impact on corporates’ supply chain management and approach to human rights due diligence; areas which are already under close scrutiny by the EU.

While the EU’s proposal has not yet been released, several media outlets report to have seen an EU document which states that a ban should apply to products (including their components) for which forced labour has been used at any stage of production, manufacture, harvest or extraction, including working or processing.

The proposed prohibition is also expected to apply regardless of the origin of the products, whether they are domestic or imported, or placed or made available on the EU market or exported outside of the EU.

It is understood that each EU member state will be responsible for detection and enforcement and that national authorities will be tasked with proving that relevant products were made or processed using forced labour. At least one report suggests that a database of forced labour risk in specific geographic areas or specific products made with forced labour imposed by state authorities will be set up and made available to the public as part of implementation.

A step further than the U.S.

The enactment of the Uyghur Forced Labor Prevention Act (the “UFLPA”) on 21 June, 2022, introduced a presumptive ban on all imports to the U.S. from China’s Xinjiang Uyghur Autonomous Region (the “XUAR”) and from certain entities designated by the U.S. Department Homeland Security Customs and Border Protection. The UFLPA’s presumptive ban modified Section 307 of the U.S. Tariff Act of 1930, which generally bans the importation of any products mined, produced or manufactured wholly or in part by forced or indentured child labour.

While the EU will follow the U.S. in legislating to end forced labour practices, it appears that the geographic scope of the EU proposal will be broader than current U.S. law, because it also applies internally to products made within the EU.

Next steps

Details of the proposal will need to be addressed with lawmakers and EU countries, but the intended prohibition looks set to be sweeping and significant. We will monitor these developments and provide further details as the draft law evolves.

_________________________

[1] https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13480-Effectively-banning-products-produced-extracted-or-harvested-with-forced-labour_en

The following Gibson Dunn lawyers prepared this client alert: Susy Bullock, Perlette Jura, Christopher Timura, Sean J. Brennan*, and Rebecca McGrath.

Environmental, Social and Governance (ESG) Group:
Susy Bullock – London (+44 (0) 20 7071 4283, sbullock@gibsondunn.com)
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
Perlette M. Jura – Los Angeles (+1 213-229-7121, pjura@gibsondunn.com)
Ronald Kirk – Dallas (+1 214-698-3295, rkirk@gibsondunn.com)
Michael K. Murphy – Washington, D.C. (+1 202-955-8238, mmurphy@gibsondunn.com)
Selina S. Sagayam – London (+44 (0) 20 7071 4263, ssagayam@gibsondunn.com)
Rebecca McGrath – London (+44 (0) 20 7071 4219, rmcgrath@gibsondunn.com)

International Trade Group:

* Sean Brennan is an associate working in the firm’s Washington, D.C. office who currently is admitted only in New York.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Following the settlement of an Attorney General enforcement action, defendants often face new and expensive private lawsuits for the same conduct. These subsequent private lawsuits often result in years of additional litigation, legal fees, and further monetary penalties and damages. Due to the likelihood of follow-on suits, we suggest clients consider taking several proactive and strategic steps when structuring a settlement with the California Attorney General in order to mitigate the risk of subsequent civil lawsuits and associated penalties.

The following strategic considerations provide a general framework to consider in maximizing the possibility of barring subsequent lawsuits: (1) taking steps to negotiate which statute will be used in the complaint accompanying the consent judgment; (2) including a broad statement of facts in the settlement agreement and complaint; and (3) structuring and characterizing any settlement payment with a preclusion strategy in mind. Though courts in California ultimately engage in a case-specific inquiry as to whether private litigants’ claims are barred by prior settlement of a government action, all of these factors influence the likelihood of a successful claim preclusion defense, and have important underlying strategic advantages.[1]

Statutes Underlying the Government Enforcement Action

The statutes underlying the California Attorney General’s enforcement action, and identified in the settlement agreement, impact the likelihood of success of a future res judicata defense in subsequent private litigation. If the statute underlying the Attorney General’s action provides a private right of action, subsequent private litigation redressing individual harms is unlikely to be barred. For example, in CS Wang & Assoc. v. Wells Fargo Bank, N.A., the California Attorney General brought an enforcement action under the California Unfair Competition Laws (“UCL”) asserting claims through the California Invasion of Privacy Act (“CIPA”). The government action sought to protect the public from unfair and harmful business practices resulting from Wells Fargo’s alleged failure to disclose the recording of communications with California residents.[2] Despite the fact that the enforcement action sought to redress public harm, CIPA created a private right of action which allowed a subsequent class action to move forward. The inability to bar the private litigation hinged on CIPA’s dual enforcement mechanism – the explicit private right of action within the statute, and the UCL’s authorization to enforce CIPA on behalf of the People.[3]

To the extent possible, settling parties looking to maximize the success of precluding subsequent private suits should attempt to negotiate with the Attorney General regarding the underlying statutory basis for the enforcement action. Because certain statutes allow both private and public enforcement for the same conduct, it is advantageous to specify statutes that do not contain private rights of action in the settlement agreement in order to encompass potential private plaintiffs’ claims. Although the private plaintiff may still attempt to recover under different statutes to avoid a res judicata defense, if the prior government action was based on the same primary right asserted by the private party, the subsequent suit is more likely to be precluded.[4]

Broadening the Statement of Facts

Parties should also consider including a broad and comprehensive statement of facts within the settlement documents in order to cover most or all claims underlying the state’s investigation. The more claims and factual allegations that are encompassed in the settlement with the government, the less likely that a private plaintiff will be able to justify how their claims are sufficiently distinct from the government’s case to withstand dismissal.

Illustratively, in Villalobos, the defendant settled the entirety of an Attorney General enforcement action that alleged poor workplace conditions and wage violations, agreeing to pay an undisclosed amount in restitution to cover all claims related to the unlawful employment practices. In precluding the subsequent private litigation, the court noted that the government action and settlement broadly addressed the terms of employment and work conditions that gave rise to the plaintiffs’ new claims, despite the lack of factual specificity in the settlement and government complaint. The expansive coverage of the settlement precluded the private litigants’ lawsuit because the prior action ultimately encompassed the plaintiffs’ claims.[5]

This approach is not risk-free even in the context of no-admit settlements. For example, a broader statements of facts makes public, and puts potential follow-on plaintiffs on notice of, more factual allegations than necessary to effectuate the settlement. These risks should be weighed against the cost of potential follow-on private litigation due to narrow admissions that do not cover the private litigant’s claims.

Paying Restitution rather than Civil Penalties

In structuring a settlement with the California Attorney General, and in cases where a settlement includes monetary payment, it is generally preferable that the payment be in the form of restitution, rather than civil penalties. In assessing the preclusive effect of a settlement reached by the state, the court pays particular attention to the specific terms of the agreement and the types of relief obtained on behalf of consumers. Courts in California look at whether or not the government properly represented a private litigant’s interests in a prior action, and in that analysis courts consider the type of relief sought by the government.[6] Courts have found that in instances where the Attorney General seeks predominantly injunctive relief and civil penalties, the government action serves a law enforcement function to protect the public, rather than to vindicate the rights of private plaintiffs.[7] In such instances, a res judicata defense fails because the interests of the government and private plaintiff differ.[8]

On the other hand, when a settlement involves paying restitution and the restitution constitutes all or most of the monetary relief specified in the settlement agreement, courts are more likely to find an identity of interests between the government and private plaintiffs. However, the private plaintiffs in the subsequent litigation must fall within the class of restitution recipients as defined by the government action and settlement. The settling defendant should define the class of restitution recipients as broadly as possible to encompass future private plaintiffs, risking a greater payment to the government but potentially precluding future private lawsuits. For example, in Villalobos, the court barred a private lawsuit following an enforcement action partly because the Attorney General dedicated monetary relief solely to restitution and the plaintiffs fell within the class of recipients.[9] The government recovered restitution on behalf of all Calandri Sonrise Farm workers, and the private plaintiffs were eligible for such relief because of their employment at Calandri. Because the government exclusively sought restitution, the court found that government represented the private plaintiffs’ interests since the Attorney General enforcement action compensated the plaintiffs for their alleged harms.

To the extent possible, a settling defendant should negotiate restitution that encompasses potential plaintiffs over other types of relief when settling with the Attorney General to optimize the success of a future claim preclusion defense. Where restitution constitutes a small portion of the overall monetary settlement, courts are less likely to find that the government represented the private litigants’ interests, whereas paying out more in restitution strengthens such a finding.[10] Thus, there is a tension between the instinct to limit the settlement amount and paying out more to the government to bar future claims. That said, if civil penalties cannot be avoided, a settling defendant should ensure that restitution relief is clearly delineated and remains a large part of the settlement to tip the scale toward the government representing the private plaintiff’s interests.

Conclusion

In order to mitigate the potential risk of costly follow-on litigation after the settlement of an Attorney General enforcement action, it is important for a party to consider structuring a government settlement with an eye toward strategic factors that can impact future preclusion arguments. Engaging in negotiations with the Attorney General regarding the statute underlying the government’s complaint, structuring the settlement to encompass potential private claims through a broad statement of facts, and pushing to pay restitution rather than injunctive relief or civil penalties, all bolster the efficacy of a future res judicata defense. Though such strategies may potentially increase the degree of factual disclosure and ultimate payout in settling government claims, the ability to preclude private litigation may very will lead to overall cost savings in the long term.

________________________

[1] The California Attorney General often carves-out private litigation and private rights of action from the release of liability provision in a settlement. For example, in a recent settlement between the California Attorney General and Dermatology Industry Inc., the release of liability provision specifically excluded “any liability which any … Released Part[y] has or may have to individual consumers.” Stipulation for Entry of Final J. and Permanent Inj., Ex. 1, at 10-11, People v. Dermatology Indus., Inc., No. 37-2022-00009826-CU-MC-CTL (Cal. Super. Ct. 2022). Though this language may leave open the possibility for private follow-on litigation, it is not dispositive. Courts ultimately assess the claim preclusive effect of a government action through a three-part test: whether there is (1) the same cause of action; (2) final judgment on the merits; and (3) privity between the parties. Boeken v. Philip Morris USA, Inc., 48 Cal. 4th 788, 797 (2010).

[2] No. 16-C-11223, 2020 WL 5297045, at *6, *9 (N.D. Ill. Sept. 4, 2020).

[3] See id. at *9.

[4] See Villalobos v. Calandri Sonrise Farms LP, No. CV 12-2615, 2012 WL 12886832, at *7 (C.D. Cal. Sept. 11, 2012) (barring a plaintiffs’ lawsuit for asserting injuries already redressed in a prior Attorney General enforcement action despite raising claims under different statutes).

[5] See id. at *5.

[6] It may also be helpful to include a provision in the agreement to demonstrate that the Attorney General provided adequate representation to the citizens it purported to represent. See Taylor v. Sturgell, 128 S. Ct. 2161, 2176 (2008) (“[a] party’s representation of a nonparty is ‘adequate’ for preclusion purposes only if, at a minimum: (1) the interests of the nonparty and her representative are aligned, and (2) either the party understood herself to be acting in a representative capacity or the original court took care to protect the nonparty’s interests”). This can be demonstrated by noting that the Attorney General received some preliminary discovery sufficient to assess the adequacy of any proposed relief.

[7] See Payne v. Nat’l Collection Sys. Inc., 91 Cal. App. 4th 1037, 1045 (2001).

[8] See People v. Pac. Land Rsch. Co., 20 Cal. 3d 10, 17 (1977).

[9] 2012 WL 12886832, at *2, *7.

[10] See id.; cf. CS Wang & Assoc. v. Wells Fargo Bank, N.A., No. 16-C-11223, 2020 WL 5297045, at *6 (N.D. Ill. Sept. 4, 2020) (rejecting cy pres restitution as an indication of privity because it “constituted a small portion” of the overall settlement).

The following Gibson Dunn lawyers assisted in preparing this client update: Winston Chan, Charles Stevens, and Justine Kentla.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following members of the firm’s White Collar Defense and Investigations practice group in California:

Los Angeles
Nicola T. Hanna (+1 213-229-7269, nhanna@gibsondunn.com)
Debra Wong Yang (+1 213-229-7472, dwongyang@gibsondunn.com)
Marcellus McRae (+1 213-229-7675, mmcrae@gibsondunn.com)
Michael M. Farhang (+1 213-229-7005, mfarhang@gibsondunn.com)
Douglas Fuchs (+1 213-229-7605, dfuchs@gibsondunn.com)
Eric D. Vandevelde (+1 213-229-7186, evandevelde@gibsondunn.com)

Palo Alto
Benjamin B. Wagner (+1 650-849-5395, bwagner@gibsondunn.com)

San Francisco
Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com)
Thad A. Davis (+1 415-393-8251, tadavis@gibsondunn.com)
Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com)
Michael Li-Ming Wong (+1 415-393-8234, mwong@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Gibson Dunn’s D.C. Circuit Foreign Sovereign Immunities Act Enforcement Update summarizes recent decisions within the D.C. Circuit that are relevant to the enforcement of judgments and arbitral awards against foreign states.

This edition summarizes:

(1) the D.C. Circuit’s decision in Estate of Levin v. Wells Fargo Bank, N.A., Nos. 21-7036, 21-7041, 21-7044, 21-7052, 21-7053, 2022 WL 3364493, addressing the attachment of electronic fund transfers (“EFTs”) by victims of state-sponsored terrorism;

(2) the district court’s decision in Chiejina v. Federal Republic of Nigeria, No. 21-2241, 2022 WL 3646377 (D.D.C.), addressing the proper framework that applies when a foreign state opposes enforcement of an arbitral award by disputing the existence of a valid arbitration agreement between the parties; and

(3) the district court’s decisions in ConocoPhillips Petrozuata B.V. v. Bolivarian Republic of Venezuela, No. 19-0683, 2022 WL 3576193 (D.D.C.) and Tethyan Copper Co. PTY Ltd. v. Islamic Republic of Pakistan, No. 19-2424, 2022 WL 715215 (D.D.C.), addressing the enforcement of arbitral awards issued pursuant to the International Convention on the Settlement of Investment Disputes between States and Nationals of Other States (“ICSID Convention”).

D.C. Circuit Opens The Door For Victims Of Terrorism To Attach Blocked Assets Of State Sponsors Of Terrorism

On August 16, 2022, the D.C. Circuit broke with the Second Circuit and issued a significant decision for victims of terrorism in Estate of Levin v. Wells Fargo Bank, N.A., Nos. 21-7036, 21-7041, 21-7044, 21-7052, 21-7053, 2022 WL 3364493. Ruling in favor of terrorism victims represented by Matt McGill (argued) and Jessica Wagner of Gibson Dunn, the court unanimously reversed the district court’s dissolution of orders of attachment on nearly $10 million in blocked Iranian funds. The decision opens the door for victims of terrorism to attach blocked funds of state sponsors of terrorism under the Terrorism Risk Insurance Act (“TRIA”) more generally.

Background

Victims of terrorism often struggle to collect on judgments against state sponsors of terrorism. Even when those states’ funds surface in U.S. financial institutions and are blocked by sanctions laws, sovereign immunity can place them beyond the reach of judgment creditors. To address these enforcement challenges, Congress enacted TRIA, codified at 28 U.S.C. § 1610 Note. This law ensures that when funds of state sponsors of terrorism are blocked by sanctions, those funds remain available for “execution or attachment” by plaintiffs holding judgments against those states—”[n]otwithstanding any other provision of law.” TRIA, § 201(a).

In order for blocked funds to fall within the protection of TRIA, they must be “blocked assets of” the relevant state or its agency or instrumentality. TRIA, § 201(a). The Second Circuit, however, has adopted a narrow view of ownership in the context of EFTs, in which funds move quickly from one account to another through a series of intermediary banks. Relying on Article 4A of the Uniform Commercial Code (“UCC”), the Second Circuit has held that the only entity with an ownership interest in funds blocked at an intermediary bank is the entity immediately preceding that bank in the chain of electronic transfers—even if the chain of transfers was initiated by a state sponsor of terrorism. See Doe v. JPMorgan Chase Bank, N.A., 899 F.3d 152 (2d Cir. 2018). Until Levin, however, the D.C. Circuit had not decided this issue.

In Levin, two groups of terrorism victims—including nearly 90 victims represented by Gibson Dunn (the “Owens victims”)—who hold approximately $1 billion in judgments against the Islamic Republic of Iran obtained writs of attachment against funds blocked at Wells Fargo by the Office of Foreign Assets Control (“OFAC”) during an attempted EFT initiated by an agent of Iran seeking to purchase an oil tanker. The United States—which had earlier sought forfeiture of the same funds—intervened and moved to quash the writs. Adopting the Second Circuit’s approach in Doe, the district court granted the government’s motion, holding that the funds were not subject to attachment under TRIA because only the bank immediately preceding Wells Fargo in the chain of transfers held an ownership interest.

Decision

The D.C. Circuit unanimously reversed, rejecting the Second Circuit’s reliance on UCC Article 4A in favor of a broader rule grounded in tracing principles. The court explained—as Gibson Dunn had argued on behalf of the Owens victims—that “[w]hile [Article 4A] seeks to minimize disruptions in electronic funds transfers, OFAC’s blocking does the opposite—its purpose is to disrupt terrorist [EFTs].” Given this mismatch, the court concluded that Article 4A is a poor fit for determining ownership of blocked EFTs. Instead, the court held that ownership should be determined according to tracing principles: under TRIA, “terrorist victims may attach OFAC blocked electronic funds transfers if those funds can be traced to a terrorist owner,” and “no intermediary or upstream bank asserts an interest as an innocent third party.”

Judge Pillard filed a concurrence arguing that a tracing rule—which accounts for the funds’ path through the financial system—does not, on its own, accomplish the statutorily required showing of ownership. Judge Pillard would have adopted, “instead of or in addition to tracing,” the common law rule of agency that the Owens victims proposed, which would have treated banks as agents rather than owners when they effectuate EFTs originated by state sponsors of terrorism.

The D.C. Circuit’s decision has significant implications for judgment enforcement actions brought by victims of terrorism. It clears the way for victims to attach blocked funds that would have been unreachable under the Second Circuit’s rule, and effectuates Congress’ intent to make blocked funds of state sponsors of terrorism available—”notwithstanding any other provision of law”—to victims holding judgments against those states. By creating a circuit split, moreover, the decision may provide an avenue for terrorism victims to challenge the prevailing standard in the Second Circuit.

D.D.C. Reaffirms Arbitrability Disputes Do Not Implicate U.S. Courts’ Jurisdiction

On August 23, 2022, a district court in the D.C. Circuit issued a decision reaffirming that arbitrability disputes do not implicate subject-matter jurisdiction under the arbitration exception of the Foreign Sovereign Immunities Act (“FSIA”). See Chiejina v. Federal Republic of Nigeria, No. 21-2241, 2022 WL 3646377 (D.D.C. Aug. 23, 2022). In Chiejina, Nigeria opposed confirmation of an arbitration award against it on the grounds that one of the petitioners was not a party to the underlying agreement to arbitrate. Consistent with “every case” the district court has decided on this issue, the court determined that arbitrability disputes such as this one implicate the merits of the petition and not the court’s subject-matter jurisdiction under the FSIA. The court thus denied Nigeria’s motion to dismiss, which means that Nigeria’s arbitrability challenge will have to be litigated at the merits stage under a more deferential standard of review, rather than decided de novo as an issue of subject-matter jurisdiction.

Background

Petitioners seeking to confirm a foreign arbitral award issued against a foreign state typically must overcome two obstacles. First, under the FSIA, 28 U.S.C. § 1605(a), foreign states are presumptively immune from suit in U.S. court unless one of the FSIA’s enumerated exceptions to jurisdictional immunity is satisfied. One such exception, the FSIA’s arbitration exception, 28 U.S.C. § 1605(a)(6), provides for subject-matter jurisdiction in an action against a foreign state to “confirm an award made pursuant to” an arbitration agreement. Second, once jurisdiction is established, the petitioner must establish on the merits that the award is subject to confirmation under the applicable legal framework—typically, either the Convention on the Recognition and Enforcement of Foreign Arbitral Awards (the “New York Convention”) or the ICSID Convention. Both Conventions limit a court’s authority to review the merits of the arbitral award or question the determinations of the tribunal that issued it.

To avoid the New York and ICSID Conventions’ limits on judicial review, foreign states often attempt to frame their challenges to enforcement of an arbitral award as raising issues of subject-matter jurisdiction under the FSIA, rather than the merits. In particular, in a number of recent cases, foreign states have argued that the FSIA’s arbitration exception does not apply—and the state is therefore immune from suit—because there is no valid arbitration agreement between the parties. The D.C. Circuit and the D.D.C. have repeatedly held, however, that issues of “arbitrability”—including the existence of a valid arbitration agreement—go to the merits rather than to subject-matter jurisdiction under the FSIA. See, e.g., LLC SPC Stileks v. Republic of Moldova, 985 F.3d 871, 877-78 (D.C. Cir. 2021); Chevron Corp. v. Ecuador, 795 F.3d 200, 204 (D.C. Cir. 2015).

In Chiejina, petitioners are seeking to confirm and enforce under the New York Convention a $2.9 million award, plus interest, issued against the Federal Republic of Nigeria. Like the defendants in Stileks, Chevron, and Tethyan, Nigeria moved to dismiss for lack of subject-matter jurisdiction, arguing that the FSIA’s arbitration exception did not apply because one of the petitioners was not a party to the relevant arbitration agreement. Nigeria also argued that the court lacked personal jurisdiction because the petitioners failed to properly effect service of process consistent with the FSIA’s service provision, 28 U.S.C. § 1608(e).

Decision

The district court rejected Nigeria’s challenge to subject-matter jurisdiction, explaining that under the D.C. Circuit’s decisions in Stileks and Chevron, arbitrability “is a question that goes to the merits of whether the award should be confirmed pursuant to the New York Convention,” rather than “a basis on which to conclude that the Court lacks jurisdiction under the FSIA.” For that reason, Nigeria could not challenge subject-matter jurisdiction by arguing that petitioners’ claims in the arbitration were “not encompassed by the underlying agreement to arbitrate” because one of the petitioners was not a party to that agreement. Instead, the court indicated that it would address arbitrability—including the existence of a valid arbitration agreement between the parties—at the merits stage under the deferential standard for confirmation of foreign arbitral awards under the New York Convention. The decision thus reaffirms the principle that arbitrability is not an issue of subject-matter jurisdiction.

The court also addressed service of process. When a plaintiff enters into a “special arrangement” for service on a foreign state, the FSIA, 28 U.S.C. § 1608(a)(1), requires the plaintiff to attempt service through that arrangement before proceeding with other methods of service. In Chiejina, the underlying construction contract at issue in the arbitration included a notice provision specifying a method for serving notices related to the contract. Rather than follow that notice provision, the petitioner served Nigeria through a separate method applicable in the absence of a “special arrangement” between the parties. The court held that service was properly effected on Nigeria because the contractual notice provision applied only to notices that were “‘required or authorized’ by the Contract itself,” not service of process in the lawsuit. In doing so, the court reaffirmed the principle that a notice provision in an underlying contract creates a “special arrangement” for purposes of FSIA service “only where the language is ‘all encompassing’ rather than ‘confined to the contract or agreement at issue.’” Berkowitz v. Republic of Costa Rica, 288 F. Supp. 3d. 166, 173 (D.D.C. 2018) (quoting Orange Middle East & Africa v. Republic of Equatorial Guinea, No. 1:15-CV-849 2016 WL 2894857, at *4 (D.D.C. May 18, 2016)).

D.D.C. Reaffirms U.S. Courts’ Obligation To Enforce ICSID Awards

On August 19, 2022, a district court in the D.C. Circuit issued a decision reaffirming the obligation of U.S. courts to enforce arbitral awards issued pursuant to the ICSID Convention. See ConocoPhillips Petrozuata B.V. v. Bolivarian Republic of Venezuela, No. 1:19-cv-683, 2022 WL 3576193 (D.D.C. Aug. 19, 2022). Consistent with precedent and federal law, the court held that it had subject-matter jurisdiction under both the arbitration and waiver exceptions of the FSIA on account of Venezuela’s decision to join the ICSID Convention. In doing so, the court reaffirmed the principle that a foreign state that joins the ICSID Convention waives immunity to the enforcement of ICSID awards in U.S. court.

Background

The ICSID Convention is a treaty signed by the United States and 164 other nations of the world that provides a comprehensive framework for resolving investment disputes between participating nations and the private investors of other participating nations. The Convention provides for arbitration before an international tribunal and streamlined enforcement procedures for any resulting arbitral award. Each contracting party agrees to “recognize an award rendered pursuant to [the] Convention as binding and enforce the pecuniary obligations imposed by that award within its territories as if it were a final judgment of a court in that State.” ICSID Convention, art. 54(1). The United States has implemented this treaty obligation through legislation providing that an ICSID award “shall be enforced and shall be given the same full faith and credit as if the award were a final judgment of a court of general jurisdiction of one of the several States.” 22 U.S.C. § 1650a(a).

Despite this congressional mandate, foreign states often attempt to oppose enforcement of ICSID awards by challenging the U.S. court’s subject-matter jurisdiction under the FSIA. But the D.C. Circuit held in Tatneft v. Ukraine that when a foreign state joins a treaty that “contemplate[s] arbitration-enforcement actions in other signatory countries, including the United States”—as the ICSID Convention does—it “waives its immunity from arbitration-enforcement actions” under the FSIA. 771 F. App’x 9, 10 (D.C. Cir. 2019). The Second Circuit has applied this principle in the context of the ICSID Convention, holding that a foreign states “waive[s] its sovereign immunity” from enforcement of an ICSID award “by becoming a party to the ICSID Convention.” Blue Ridge Invs., L.L.C. v. Republic of Argentina, 735 F.3d 72, 84 (2d Cir. 2013). These decisions provide an alternative basis—in addition to the arbitration exception at issue in Chiejina—for establishing subject-matter jurisdiction in an action to enforce an ICSID award.

Decision

The petitioners in ConocoPhillips sought to confirm and enforce an ICSID award issued against the Bolivarian Republic of Venezuela. When Venezuela failed to timely respond to the enforcement petition, the petitioners sought entry of a default judgment, and the district court granted the motion. Although the motion was not opposed, the district court addressed subject-matter jurisdiction under the FSIA, holding that Venezuela was not immune from suit—and the court therefore had subject-matter jurisdiction—on two grounds: (1) the FSIA’s arbitration exception; and (2) the FSIA’s waiver exception, 28 U.S.C. § 1605(a)(1), which provides jurisdiction where a foreign state has waived its immunity to suit in U.S. court.

First, the court concluded that when a foreign state agrees to arbitration pursuant to the ICSID Convention, the arbitration exception permits enforcement even if the state subsequently withdraws from the Convention, so long as “the relevant rights and obligations of the parties arose before [the] denunciation took effect.” This holding means that a foreign state cannot evade its obligations to parties holding ICSID awards by withdrawing from the ICSID Convention.

Second, the court confirmed that the waiver exception also applied because “Venezuela implicitly waived its sovereign immunity with respect to suits to recognize and enforce ICSID awards by becoming a Contracting State to the ICSID Convention.” The court emphasized that “[t]o hold otherwise would be to disrespect Venezuela’s choice (at the time) to be a Contracting State, and it would diminish other Nations’ ability to attract investment in the future by committing themselves to resolving investment disputes through arbitration.” The court thus referenced one of the key purposes of the ICSID Convention: By providing investors with a remedy through arbitration and strong guarantees that any resulting award will be subject to enforcement, the Convention helps contracting parties attract foreign investment. ConocoPhillips thus strengthens the chorus of decisions recognizing that parties to the ICSID Convention and other arbitration enforcement treaties waive their immunity from enforcement of arbitral awards issued pursuant to those treaties.

D.D.C. Clears The Way For Landmark $6.5 Billion Judgment Enforcing Arbitration Award Against Pakistan

On March 10, 2022, a district court in the D.C. Circuit issued a groundbreaking decision on behalf of Tethyan Copper Company PTY Limited (“Tethyan”), an Australian mining company represented by Matt McGill, Robert Weigel, Jason Myatt, and Matt Rozen of Gibson Dunn in its long-running efforts to enforce a $4 billion plus interest arbitration award issued against Pakistan pursuant to the ICSID Convention. Tethyan Copper Co. PTY Ltd. v. Islamic Republic of Pakistan, No. 1:19-cv-2424, 2022 WL 715215 (D.D.C. Mar. 10, 2022). In its opinion and accompanying order, the court denied Pakistan’s motion to dismiss or, in the alternative, to stay enforcement proceedings, and directed the parties to submit a proposed judgment, clearing the way for the entry, after interest and costs, of a more than $6.5 billion judgment as of this writing, which would be one of the largest judgments ever entered by the D.C. federal district court. The decision reinforces three principles concerning the enforcement of ICSID awards.

First, the decision emphatically rejects the recurring argument that enforcement of such awards should universally be stayed while the losing party tries to vacate or set aside the award in parallel proceedings. Under the ICSID Convention, only an ICSID tribunal or committee—not the courts of any contracting state—may decide whether an award should be set aside, either through revision by the original tribunal pursuant to Article 51 of the Convention, or through annulment by an ad hoc committee pursuant to Article 52 of the Convention. Article 54 of the Convention expressly provides that ICSID awards are immediately enforceable as “final judgment[s]” even while revision or annulment proceedings are pending, and it tasks the ICSID tribunal or committee overseeing those proceedings with deciding whether a stay of enforcement is appropriate.

In TCC, Pakistan sought both revision and annulment, but the tribunal and committee overseeing those proceedings allowed enforcement to proceed. Pakistan then moved in the district court to stay the U.S. enforcement proceedings. But the district court rejected that request. The court acknowledged some prior decisions from the same district that had stayed enforcement proceedings pending set aside proceedings. In the court’s view, however, the interest in judicial economy and the potential hardship to Tethyan from a stay clearly outweighed any potential hardship to Pakistan from denying a stay. Tethyan had waited over a decade for compensation, and the court concluded that “[a] stay only prolongs justice denied.”

Second, the court rejected the state’s attempt to relitigate in enforcement proceedings jurisdictional arguments already raised before and rejected by the arbitral tribunal. Specifically, Pakistan had challenged the tribunal’s jurisdiction on the ground that there was no valid arbitration agreement, because Pakistan purportedly had not properly consented to arbitration under the ICSID Convention. The tribunal rejected the argument. In the subsequent enforcement proceedings, Pakistan attempted to renew the same objection—that there was no valid arbitration agreement between the parties—as a challenge both to the district court’s jurisdiction under the FSIA and its authority to grant full faith and credit to the award. Relying on the above-described principles from the D.C. Circuit’s decisions in Stileks and Chevron, however, the TCC court refused to second-guess the tribunal’s rulings on arbitrability—including the existence of a valid agreement to arbitrate. The court held that once such issues have been resolved in arbitration, they cannot be revisited through a collateral attack on the tribunal’s rulings, whether in the guise of a challenge to jurisdiction under the FSIA or to the merits of the enforcement petition.

Finally, the court’s order, directing the parties to promptly meet and confer and submit a proposed judgment, with interest, recognizes that once the court has determined that it has subject-matter jurisdiction to enforce an ICSID award, the award holder is entitled to prompt entry of judgment as soon as interest is calculated. (In an effort to facilitate settlement, the court later granted the parties’ joint request for an extension of time to submit a proposed judgment until December 15, 2022.) If followed elsewhere, the court’s order may greatly streamline efforts by future litigants to enforce arbitral awards against foreign sovereigns in U.S. courts.

Gibson Dunn’s Judgment and Arbitral Award Enforcement Practice Group offers top-tier international arbitral award and judgment enforcement strategies and solutions, deep proficiency in cross-border litigation and international arbitration, and best-in-class advocacy that not only applies the law, but, time and again, has crafted and shaped new law to achieve our clients’ objectives.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the D.C. Circuit. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Judgment and Arbitral Award Enforcement practice group, or the following:

Matthew D. McGill – Co-Chair, Washington, D.C. (+1 202-887-3680, mmcgill@gibsondunn.com)
Robert L. Weigel – Co-Chair, New York (+1 212-351-3845, rweigel@gibsondunn.com)
Jason Myatt – New York (+1 212-351-4085, jmyatt@gibsondunn.com)
Matthew S. Rozen – Washington, D.C. (+1 202-887-3596, mrozen@gibsondunn.com)

This client update was prepared by Matt McGill, Robert Weigel, Jason Myatt, Matt Rozen, Jessica Wagner, Jeff Liu, Luke Zaro, and Sam Speers.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

In an August 11, 2022 letter to the Department of Justice (“DOJ”), Senators Elizabeth Warren (D-Mass) and Ben Ray Lujan (D-N.M.) signaled renewed congressional interest in the Government’s right to suspend or debar government contractors and federal financial assistance recipients from obtaining new business, and pressed for DOJ to boost its use of this administrative remedy in connection with its prosecution of criminal or fraud cases.

The bases for discretionary suspension and debarment include “making false statements” and “any other offense indicating a lack of business integrity or business honesty.”[1] It is no surprise, then, that companies subject to investigations, litigation, and resolutions under the civil False Claims Act (“FCA”) often find themselves faced with the prospect of suspension or debarment from future government work—even when they dispute the merits of the FCA allegations in question.

In most cases, government agencies have significant discretion to decide whether there are sufficient grounds to exclude an entity from receiving government contracts or financial assistance awards. DOJ has traditionally taken an agnostic approach to the interplay between its FCA investigations and the suspension and debarment authority of the government agency affected by the underlying conduct. The Warren-Lujan letter, however, presses DOJ to take a more activist role in suspending or debarring not just the companies it is pursuing as “corporate criminals,” but companies that are the subject of “corporate fraud cases” like those under the civil FCA.

While DOJ’s response to this congressional outreach remains to be seen, any attempt by the Department to address the Senators’ concerns as articulated in the letter would represent a meaningful change in policy and would undoubtedly affect companies’ evaluation of whether to litigate or settle FCA claims with the Government. Companies subject to FCA investigations, litigation, and resolutions should be particularly mindful of how they approach mitigating the risk of suspension or debarment in the context of DOJ investigations and resolutions, in light of the Warren-Lujan letter.

Discretionary Suspension and Debarment

The ability to compete for new Government work is critical to the success of any government contractor. So too for companies that depend on Government funding – whether directly, through government grants or cooperative agreements, or indirectly, through state, local, or educational institution projects.

Suspension and debarment are administrative actions taken by the U.S. Government to disqualify a contractor from contracting with or receiving funding from the Federal Government based upon the Government’s determination that the contractor is not “presently responsible” (i.e., that it lacks the necessary integrity to be a business partner of the Government). Suspensions and debarments are not meant to be employed by the Government “for purposes of punishment.”[2] Notably, suspending and debarring officials (“SDOs”) often have complete discretion as to whether to exercise the right to suspend or debar.[3] Even when a Government agency finds some past violation that could provide a basis for suspension or debarment, an agency SDO is not required to, and should not, suspend or debar a contractor that is “presently responsible.” In addition, an SDO could also decline to suspend or debar a contractor, even where grounds exist to do so, because it would not be in the Government’s best interest.[4]

The grounds for suspension and for debarment are substantially similar to one another, with different evidentiary thresholds. Both the suspension and debarment frameworks permit the exclusion of a company based on “adequate evidence” (suspension) or a civil judgment (debarment) for civil fraud, or other conduct that affects an entity’s present responsibility, or an offense that indicates a lack of business integrity or business honesty.[5]

FCA Violations as Grounds for Suspension or Debarment

The FCA is the government’s primary tool for addressing alleged fraud related to government funds. Under the FCA, both DOJ and would-be whistleblowers (who may file FCA lawsuits on the government’s behalf and obtain a percentage of any recovery) can pursue lawsuits against companies that do business with the government, and if successful, obtain treble damages, per-claim penalties, and attorneys’ fees and costs.

The FCA creates liability for any party that submits a false claim for payment to the federal government, or who makes a false statement that is material to a false claim. 31 U.S.C. § 3729(a)(1)(A), (B). The Government often takes the position that a violation of contract requirements can create fraud liability under the FCA if it is done with knowledge and is material to payment. Under the “reverse” false claims provision, liability also exists for anyone who “knowingly makes, uses, or causes to be made or used, a false record or statement material to an obligation to pay or transmit money or property to the Government, or knowingly conceals or knowingly and improperly avoids or decreases an obligation to pay or transmit money or property to the Government.” Id. § 3729(a)(1)(G).

Therefore, the potential bases for FCA liability substantially overlap with the grounds for potential suspension or debarment—i.e., “making false statements” and “any other offense indicating a lack of business integrity or business honesty.”[6] Accordingly, the consequences of being found liable in an FCA case can be catastrophic, resulting in suspension or debarment from government contracts or exclusion from participation in government programs.

As a matter of policy, DOJ attorneys are required to coordinate with the Government’s relevant criminal, civil, regulatory, and administrative attorneys when initiating an FCA suit or investigation, including with regard to suspension and debarment.[7] A 2012 DOJ memorandum, for example, stresses the importance of “[e]ffective and timely communication with representatives of the agency . . . including suspension and debarment authorities,” to ensure that appropriate remedies are pursued at the correct time.[8] The Interagency Suspension and Debarment Committee (“ISDC”) is tasked with overseeing and coordinating all executive agencies’ implementation of suspension and debarment regulations.[9] One such coordination activity involves the designation of a “lead” agency where a case may affect the missions of multiple agencies.[10] Under the current system, the lead agency is the ultimate decision maker as to what suspension or debarment action, if any, will be taken.

The Warren-Lujan Letter

The Warren-Lujan letter to Attorney General Merrick Garland and Deputy Attorney General Lisa O. Monaco criticizes DOJ for not using its authority to suspend or debar “corporate criminals” from the government contracting process, and urges DOJ to “pursue more robust use of its suspension and debarment authority.” Notably, the letter advocates for DOJ to use its suspension and debarment authority even for “companies that it does not directly do business with,” rather than relying on the contracting or lead agencies to pursue suspension or debarment, and calls for DOJ to “adopt policies that call for [DOJ] prosecutors to systematically refer corporate misconduct to” DOJ’s own “debarring officials for review in all appropriate cases.”

Senators Warren and Lujan propose four ways in which DOJ should “expand its use of debarment”:

1. Use debarment authority for corporate entities, not just individuals.
2. Use debarment government-wide (i.e., DOJ should suspend or debar entities that contract with any federal agency, rather than just its own contractors).
3. Consider debarment for all corporate misconduct, including “defraud[ing] the government…[t]ax evasion, bribery, unsatisfactory performance, and other harmful conduct,” “in any contract—whether the government was harmed or not….”
4. Use suspension authority while an investigation is pending.

The Senators’ letter betrays a failure to appreciate several critical facets of the suspension and debarment regime—particularly the non-punitive nature of such exclusions, the focus on present responsibility rather than past misconduct, and the primacy of the government’s interest in making such exclusion decisions. Moreover, these proposals introduce the possibility for a sea change in DOJ policy that would have dire impacts for companies subject to FCA prosecution.

Implications for FCA Defendants

If adopted as a matter of practice or policy by DOJ, the Warren-Lujan approach could have significant effects for companies facing FCA lawsuits and investigations.

The potential for FCA liability is already a significant risk for government contractors in light of the potential for massive treble damage awards and civil penalties. Indeed, FCA settlements and judgments total billions of dollars every year, with individual settlements often reaching tens or even hundreds of millions of dollars. But debarment or suspension for companies that depend on government business would be ruinous, because those penalties would effectively put companies out of business altogether. The Warren-Lujan approach to suspension and debarment significantly heightens these risks, and makes resolving FCA suits considerably more difficult in several regards:

Imposing a Suspension During an Investigation May Force Unfavorable Settlements. In many cases, companies settle or otherwise resolve FCA lawsuits before trial as part of a negotiated resolution, in part precisely because of the risk that an adverse judgment on the merits could result in debarment. This is so even where companies dispute the merits of the FCA claim but wish to avoid the cost and uncertainty of a trial and the resulting collateral consequences of suspension or debarment. Through a negotiated resolution, companies can ensure there is no formal judgment of a false statement, and negotiate a path forward that does not include any suspension or debarment, for example through entering into a Corporate Integrity Agreement (CIA) or other administrative agreement. But the Warren-Lujan approach would encourage DOJ to increase its use of its authority to suspend contractors while an investigation is pending, which would significantly increase pressure on companies to quickly settle cases. FCA investigations can last years, and few companies could weather a multi-year suspension while defending against an FCA investigation. Moreover, uncertainties regarding when an investigation might result in “adequate evidence” to suspend an entity may lead even companies that have strong defenses and have done nothing wrong to enter into hasty settlements, without a full opportunity to defend themselves, to avoid an interim suspension – though as discussed below, the resolution itself may still raise the specter of exclusion.

Government-Wide, Corporate-Level Suspensions and Debarment Could Disincentivize Any Settlements Whatsoever. Even in cases where debarment or suspension is on the table, FCA defendants typically negotiate to keep those penalties carefully circumscribed. For example, companies may engage with agency SDOs early in settlement negotiations in an effort to limit any suspension or debarment to individual wrongdoers or corporate divisions (as opposed to the entire company). The Warren-Lujan approach would make this far more difficult by calling for DOJ to impose suspensions and debarments at the corporate level. When broad, unlimited penalties of that nature are on the table, a contractor may be unable or unwilling to even consider a negotiated resolution, since it would be a death knell to most government contractors if the corporation was barred from all government business.

Supplanting Lead Agency Discretion with DOJ’s Could Result in Suspensions or Debarments That Are Not in the Government’s Interest. Furthermore, by advocating for DOJ to pursue suspension or debarment directly—instead of working through the lead contracting agency—the Warren-Lujan approach ignores an important consideration in the use of suspension and debarment. Agencies that work directly with contractors are best placed to understand the work those contractors do, and often rely deeply on the contractors to compete for new work to serve the agencies’ missions. Those agencies are therefore attuned to the practical, disruptive implications of suspending or debarring a contractor. Indeed, the suspension and debarment regulations specifically contemplate that SDOs must consider the government’s interest in making suspending or debarring decisions.[11] Moreover, those agencies are also in the best position to assess whether a contractor is “presently responsible.” DOJ attorneys are likewise supposed to take into account “the adequacy and effectiveness of the corporation’s compliance program at the time of the offense, as well as at the time of a charging decision” when evaluating corporate settlements,[12] but the Warren-Lujan approach would have DOJ pursue a suspension and debarment decision apparently with little regard for either corporate compliance improvements or whether an agency is “presently responsible” despite past misconduct. Supplanting an agency’s judgment with DOJ’s judgment could mean that suspension and debarment decisions are made without a full appreciation of these practical realities, and without consideration of the governmental interests.

Although whether and to what extent DOJ will heed the Warren-Lujan admonitions remains to be seen, clients facing FCA investigations, litigation, and potential resolutions must consider how a possible shift in Department policy could impact the appropriate steps to be taken to mitigate against the corporate “death sentence” of suspension or debarment.

__________________________

[1] FAR 9.406-2; FAR 9.407-2; 2 C.F.R. § 180.800.

[2] FAR 9.402(b); 2 C.F.R. § 180.125(c).

[3] FAR 9.406-1(a), 9.407-1(a); 2 C.F.R. § 180.700; 2 C.F.R. § 180.800.

[4] FAR 9.406; see 2 C.F.R. § 180.845(a).

[5] See FAR 9.406-2; FAR 9.407-2; 2 C.F.R. § 180.800.

[6] Id.

[7] Attorney General, Memorandum for All U.S. Attorneys, Director of the Federal Bureau of Investigation, All Assistant U.S. Attorneys, All Litig. Divs., and All Trial Attorneys, Coordination of Parallel Criminal, Civil, Regulatory, and Admin. Proceedings (Jan. 30, 2012), available at https://www.justice.gov/jm/organization-and-functions-manual-27-parallel-proceedings.

[8] Id.

[9] See Exec. Order No. 12549, Debarment and Suspension, 51 Fed. Reg. 6370 (Feb. 21, 1986).

[10] See Interagency Suspension and Debarment Committee, “About the ISDC,” available at https://www.acquisition.gov/isdc-home.

[11] FAR 9.406; see 2 C.F.R. § 180.845(a).

[12] U.S. Dep’t of Justice, Justice Manual § 9-28.300 (Dec. 2018), https://www.justice.gov/jm/jm-9-28000-principles-federal-prosecution-business-organizations#9-28.300.

The following Gibson Dunn lawyers assisted in the preparation of this alert: Jonathan M. Phillips, Lindsay M. Paulin, Joseph D. West, and Reid F. Rector.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any member of the firm’s False Claims Act/Qui Tam Defense, Government Contracts, or White Collar Defense and Investigations practice groups.

Washington, D.C.
Jonathan M. Phillips – Co-Chair, False Claims Act/Qui Tam Defense Group (+1 202-887-3546, jphillips@gibsondunn.com)
F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com)
Joseph D. West (+1 202-955-8658, jwest@gibsondunn.com)
Robert K. Hur (+1 202-887-3674, rhur@gibsondunn.com)
Geoffrey M. Sigler (+1 202-887-3752, gsigler@gibsondunn.com)
Lindsay M. Paulin (+1 202-887-3701, lpaulin@gibsondunn.com)

San Francisco
Winston Y. Chan – Co-Chair, False Claims Act/Qui Tam Defense Group (+1 415-393-8362, wchan@gibsondunn.com)
Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com)

New York
Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com)
Mylan Denerstein (+1 212-351-3850, mdenerstein@gibsondunn.com)
Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com)
Brendan Stewart (+1 212-351-6393, bstewart@gibsondunn.com)
Casey Kyung-Se Lee (+1 212-351-2419, clee@gibsondunn.com)

Denver
John D.W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com)
Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com)
Monica K. Loseman (+1 303-298-5784, mloseman@gibsondunn.com)
Ryan T. Bergsieker (+1 303-298-5774, rbergsieker@gibsondunn.com)
Reid Rector (+1 303-298-5923, rrector@gibsondunn.com)

Dallas
Robert C. Walters (+1 214-698-3114, rwalters@gibsondunn.com)
Andrew LeGrand (+1 214-698-3405, alegrand@gibsondunn.com)

Los Angeles
Nicola T. Hanna (+1 213-229-7269, nhanna@gibsondunn.com)
Timothy J. Hatch (+1 213-229-7368, thatch@gibsondunn.com)
Deborah L. Stein (+1 213-229-7164, dstein@gibsondunn.com)
James L. Zelenay Jr. (+1 213-229-7449, jzelenay@gibsondunn.com)

Palo Alto
Benjamin Wagner (+1 650-849-5395, bwagner@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Following a three-month consultation period, the Securities and Futures Commission’s (“SFC”) Code of Conduct (“Code”) provision, paragraph 21, has come into effect on August 5, 2022.[1] The provision outlines new conduct requirements for intermediaries carrying out bookbuilding and placing activities in equity and debt capital market transactions, including, the introduction of enhanced obligations applicable to an Overall Coordinator (“OC”). This client alert discusses these new requirements and how they could raise certain sanctions-related questions for the OC as they consider their new obligations under the Code during their review of the order book.

1. The Role of the Overall Coordinator

The OC is the “head of syndicates” responsible for the overall management of the share or debt offering, coordination of bookbuilding or placing activities, and exercise control over bookbuilding activities and market allocation recommendations to the issuer. In order to address deficiencies in bookbuilding and allocation practices, the SFC has expanded the role of an OC in paragraph 21 of the Code.

In particular, in its Consultation Paper on (i) the Proposed Code of Conduct on Bookbuilding and Placing Activities in Equity Capital Market and Debt Capital Market Transactions and (ii) the “Sponsor Coupling” Proposal (“Consultation Paper”), the SFC highlighted the following key concerns:[2]

Inflated demand: The SFC observed practices where intermediaries knowingly placed orders in the order book which they knew had been inflated. There had also been instances where heads of syndicate disseminated misleading book messages which overstated the demand for an Initial Public Offering (“IPO”). The SFC considered that these inflated orders undermine the price discovery process and can mislead investors.
Lack of transparency: In debt capital market bookbuilding activities, the SFC considered the use of “X-orders,” which are orders where the identities of investors are concealed, as problematic. In these cases, since investors’ identities are only known to the syndicate members who place the orders and to the issuers, the SFC was concerned that duplicated, or potentially fictitious orders might not be identified.
Lack of documentation: Heads of syndicates did not properly maintain records of incoming client orders, important discussions with the issuer or the rest of the syndicate, or the basis for making allocation recommendations. The SFC criticized this practice as it undermined the integrity of the book-building process, which is meant to be the keeping of contemporaneous records to establish the position in case of any dispute.

In order to plug the gaps in the bookbuilding process identified above, the SFC has expanded the role of an OC to cover additional responsibilities, such as, consolidating orders from all syndicate members in the order book, taking reasonable steps to identify and eliminate duplicated orders, inconsistencies and errors, ensuring that identities of all investor clients are disclosed in the order book (except for orders placed on an omnibus basis), and making enquiries with capital market intermediaries[3] if any orders appear to be unusual or irregular.[4]

The OC is under an obligation to advise the issuer on pricing and allocation matters. With respect to allocation, the OC is expected to develop and maintain an allocation policy which sets out the criteria for making allocation recommendations to the issuer, for example, the policy should take account into the types, spread, and characteristics of targeted investors, as well as the issuer client’s objectives, preferences and recommendations. The OC should then make allocation recommendations in accordance with the policy.[5] In practice, the OC’s powers are limited to providing recommendations or advice to the issuer on a best efforts basis, and do not go as far as preventing or rejecting an allocation. The final decision on whether to make an allocation lies with the issuer. Therefore, where an issuer decides not to adopt the OC’s advice or recommendations, the OC should explain the potential concerns of doing so (i.e., that the issuer’s decision may lead to a lack of open market, an inadequate spread of investors, or may negatively affect the orderly and fair trading of such shares in the secondary market), and advise the issuer against the decision.[6]

1. Potential Sanctions Considerations

These new requirements, however, which aimed to plug the gaps in the bookbuilding process as noted above, may raise new risks or questions for OCs in other regulatory areas, namely whether there may be implications for the OC in terms of its compliance and legal obligations under the various economic and trade sanctions laws and regulations to which the OC may also be subject, such as those issued by the United Nations, United States (“U.S.”), European Union (“EU”), United Kingdom (“UK”) and others. Specifically, because OCs will now be made aware of the identities of the ultimate investors in an allocation, a financial institution operating as an OC may have concerns about being able to perform its duties under the SFC requirements in cases where an investor has been identified as a possible subject of sanctions under laws that are applicable to the OC.

For example, under U.S. sanctions administered and enforced by the U.S. Department of the Treasury, Office of Foreign Assets Control (“OFAC”), U.S. financial institutions and their foreign branches are generally prohibited from engaging in, approving or otherwise facilitating transactions with individuals and entities designated to OFAC’s Specially Designated Nationals and Blocked Persons (“SDN”) List. The contours of what kind of activity constitutes prohibited “facilitation” under U.S. sanctions law is not completely defined and is largely fact dependent. Thus, it is unclear whether or not, under U.S. law, the subsequent actions a U.S. financial institution might perform in its role as OC after an investor has been identified as a potential sanctioned person could run afoul of U.S. sanctions regulations. Similar issues may exist under the laws of other jurisdictions such as the EU or UK, depending on the jurisdictional hooks over the OC in question.

Whether or not there is risk here will depend on a variety of factors, including but not limited to: the precise nature of the OC’s actions subsequent to the identification of a sanctions concern (is the OC “approving” or “recommending” action, merely passing along information, recusing itself, etc.); the role, if any, of the OC in actual transactions involving the sanctioned person; the ability of the OC to affect or direct the actual allocation; the precise nature of the sanctions in question; and potentially any contractual protections that may be in place in the underlying operative agreements governing the OC’s role.

In addition, OCs will need to weigh the extent to which any potential sanctions obligations, including anti-boycott / blocking statute related, could conflict with the OC’s obligations under the Code, to provide adequate allocation advice to the issuer with due skill, care and diligence.[7]

Our view is that ultimately both sets of risks and obligations can be effectively managed and met, and we are working with clients and industry to understand and address the impact of these new regulations on the policies and procedures of financial institutions serving in the OC capacity.

_________________________

[1] Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission (August 2022), published by the Securities and Futures Commission, https://www.sfc.hk/-/media/EN/assets/components/codes/files-current/web/codes/code-of-conduct-for-persons-licensed-by-or-registered-with-the-securities-and-futures-commission/Code_of_conduct_05082022_Eng.pdf.

[2] Consultation Paper on (i) the Proposed Code of Conduct on Bookbuilding and Placing Activities in Equity Capital Market and Debt Capital Market Transactions and (ii) the “Sponsor Coupling” Proposal (February 2021), published by the Securities and Futures Commission, https://apps.sfc.hk/edistributionWeb/api/consultation/openFile?lang=EN&refNo=21CP1.

[3] “Capital Market Intermediaries” is defined as licensed or registered persons that engage in capital market activities, namely bookbuilding and placing activities and any related advice, guidance or assistance. See paragraph 21.1.1 of the Code.

[4] Paragraph 21.4.4(a)(i) of the Code.

[5] Paragraph 21.4.4(c) of the Code.

[6] Paragraph 21.4.2(c) of the Code.

[7] Paragraph 21.4.2(a) of the Code.

The following Gibson Dunn lawyers prepared this client alert: William Hallatt, David Wolber, Becky Chung, Richard Roeder and Jane Lu*.

If you wish to discuss any of these developments, please contact any of the authors of this alert, the Gibson Dunn lawyer with whom you usually work or any of the following leaders and members of the firm’s Global Financial Regulatory or International Trade teams:

Global Financial Regulatory Group:
William R. Hallatt – Co-Chair, Hong Kong (+852 2214 3836, whallatt@gibsondunn.com)
Michelle M. Kirschner – Co-Chair, London (+44 (0) 20 7071 4212, mkirschner@gibsondunn.com)
Jeffrey L. Steiner – Co-Chair, Washington, D.C. (+1 202-887-3632, jsteiner@gibsondunn.com)
Emily Rumble – Hong Kong (+852 2214 3839, erumble@gibsondunn.com)
Arnold Pun – Hong Kong (+852 2214 3838, apun@gibsondunn.com)
Becky Chung – Hong Kong (+852 2214 3837, bchung@gibsondunn.com)
Chris Hickey – London (+44 (0) 20 7071 4265, chickey@gibsondunn.com)
Martin Coombes – London (+44 (0) 20 7071 4258, mcoombes@gibsondunn.com)

International Trade Group:

* Jane Lu is a trainee solicitor working in the firm’s Hong Kong office who is not yet admitted to practice law.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

On August 25, 2022, the Securities and Exchange Commission (“SEC” or “Commission”), in a 3-to-2 vote, adopted final rules implementing the pay versus performance disclosure requirement called for under Section 953(a) of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”). The final rules require proxy statements or information statements that include executive compensation disclosures to include a new compensation table setting forth for each of the five most recently completed fiscal years, the “executive compensation actually paid” (as defined in the final rule) to the company’s principal executive officer (“PEO”) and the average of such amounts for the company’s other named executive officers (“NEOs”), total compensation as disclosed in the Summary Compensation Table for the PEO and the average of such amounts for the other NEOs, total shareholder return (TSR), peer group TSR, net income and a company-selected financial measure that represents the “most important financial measure” used by the company to link compensation actually paid to company performance. In addition, based on the information set forth in the new table, a company must provide a clear description of the relationship between each of (1) the executive compensation actually paid to the PEO and to the non-PEO NEOs and the company’s TSR, the company’s net income and the company-selected financial measure over the previous five years, and (2) the company’s TSR and the TSR of a peer group chosen by the company. Finally, the rule requires companies to provide a list of three to seven other financial performance measures that the company determines are its most important measures “used to link compensation actually paid . . . to company performance.”

The final rule release is available here, and the SEC’s pay versus performance fact sheet is available here. The final rule will become effective 30 days after its publication in the Federal Register, and companies will be required to comply with the requirements in proxy and information statements that are required to include executive compensation disclosures for fiscal years ending on or after December 16, 2022. Set forth below is a summary of the final rules and considerations for companies.

Summary of the Final Rules

New Tabular Disclosure under Item 402(v) of Regulation S-K. Section 953(a) of the Dodd-Frank Act instructs the Commission to adopt rules requiring companies to provide “a clear description of . . . information that shows the relationship between executive compensation actually paid and the financial performance of the issuer.” To address this mandate, Item 402(v) of Regulation S-K will now require companies to include a new table (set forth below) in any proxy statement or information statement setting forth executive compensation disclosure, reporting:

The “executive compensation actually paid” to the PEO and the total compensation reported in the Summary Compensation Table for the PEO. If more than one person served as the PEO during the covered fiscal year, then each PEO would be reported separately in additional columns with information provided for the applicable year such individual was a PEO.
An average of the “executive compensation actually paid” to the remaining NEOs and an average of the total compensation reported in the Summary Compensation Table for the remaining NEOs. Footnote disclosure of the names of individual NEOs and the years in which they are included is also required.
The company’s cumulative annual TSR calculated and presented as the dollar value of an investment of $100 (i.e., in the same manner as in the Stock Price Performance Graph required under Item 201(e) of Regulation S-K).
The cumulative annual TSR of the companies in a peer group chosen by the company (which must be the same index or peer group used for the purposes of Item 201(e) or, if applicable, the peer group used for purposes of the Compensation Discussion and Analysis disclosures). Footnote disclosure of any year-over-year changes in peer group constituent companies as well as the reasons for any such change will be required along with a comparison of the issuer’s cumulative annual TSR with that of both the new and prior fiscal year peer group.
The company’s net income for the fiscal year calculated in accordance with U.S. GAAP.
A financial performance measure chosen by the company (the “Company-Selected Measure”) that the company has determined represents the “most important financial performance measure” that the company uses to link compensation actually paid to the NEOs to company performance for the most recently completed fiscal year. If such measure is a non-GAAP measure, disclosure must be provided as to how the number is calculated from the issuer’s audited financial statements, but a full reconciliation is not required.

PAY VERSUS PERFORMANCE

Year (a)	Summary Compensation Table Total for PEO (b)	Compensation Actually Paid to PEO (c)	Average Summary Compensation Table Total for Non-PEO NEOs (d)	Average Compensation Actually Paid to Non-PEO NEOs (e)	Value of Initial Fixed $100 Investment Based On:		Net Income (h)	[Company-Selected Measure] (i)
					Total Shareholder Return (f)	Peer Group Total Shareholder Return (g)

The table is required to set forth this information for each of the five most recently completed fiscal years, subject to a transition rule and certain exceptions described below.

The final rule requires companies to provide disclosure accompanying the table that “use[s] the information provided in the table . . . to provide a clear description of the relationship” between:

Executive compensation actually paid to the PEO and the other NEOs and the company’s TSR across the last five fiscal years;
Executive compensation actually paid to the PEO and the other NEOs and the company’s net income across the last five fiscal years;
Executive compensation actually paid to the PEO and the other NEOs and the Company-Selected Measure; and
The company’s TSR and the peer group TSR.

These descriptions could include narrative or graphic disclosure (or a combination of the two). If any additional, voluntary performance measures are included in the table, the disclosure must also include a description of the relationship between executive compensation actually paid to the PEO and the other NEOs and the additional performance measure across the last five fiscal years.

In addition, under the final rule companies must provide a tabular list of three to seven other financial performance measures that the company has determined represent the most important financial performance measures used to link compensation actually paid for the most recent fiscal year to company performance. So long as at least three of the measures are financial performance measures, the company may include non-financial performance measures in the tabular list. If fewer than three financial performance measures were used by the company to link compensation and performance, such list must include all such measures, if any, that were used.

Companies will also be required to tag each value disclosed in the table, block-text tag the footnote and relationship disclosure, and tag specific data points within the footnote disclosures in interactive data format using eXtensible Business Reporting Language, or XBRL.

“Executive Compensation Actually Paid.” Under the final rule, “executive compensation actually paid” is somewhat of a misnomer, as it includes both amounts paid or earned, as well as incremental accounting valuations for unvested equity awards that may never be earned or that could have different intrinsic values when earned. For these purposes, “executive compensation actually paid” is defined as the total compensation reported in the Summary Compensation Table, with adjustments made to the amounts report for pension values and equity awards.

Pension Values. With respect to pension values, the aggregate change in the actuarial present value of all defined benefit and actuarial pension plans will be deducted from the reported total compensation, and instead “executive compensation actually paid” will include both (1) the actuarially determined service cost for services rendered by the executive during the applicable year (“service cost”) and (2) the entire cost of benefits granted in a plan amendment (or initial plan adoption) during the applicable year that are attributed by the benefit formula to services rendered in periods prior to the plan amendment or adoption (“prior service cost”), in each case, calculated in accordance with U.S. GAAP. If the prior service cost is a negative amount as a result of an amendment that reduces benefits relating to prior periods of service, then such amount would reduce the compensation actually paid.

Equity Awards. With respect to the stock award and option award values, the amounts included in the Summary Compensation Table, representing the grant date fair value, will be deducted, and the following adjustments will be made, in each case, with fair value calculated in accordance with U.S. GAAP:

For awards granted in the covered fiscal year:
- add the year-end fair value if the award is outstanding and unvested as of the end of the covered fiscal year; and
- add the fair value as of the vesting date for awards that vested during the year.
For any awards granted in prior years:
- add or subtract any change in fair value as of the end of the covered fiscal year compared to the end of the prior fiscal year if the award is outstanding and unvested as of the end of the covered fiscal year;
- add or subtract any change in fair value as of the vesting date (compared to the end of the prior fiscal year) if the award vested during the year; and
- subtract the amount equal to the fair value at the end of the prior fiscal year if the award was forfeited during the covered fiscal year.
Add the dollar value of any dividends or other earnings paid on stock awards or options in the covered fiscal year prior to the vesting date that are not otherwise reflected in the fair value of such award or included in any other component of total compensation for the covered fiscal year.

Footnote disclosure is required to identify the amount of each adjustment, as well as valuation assumptions used in determining any equity award adjustments that are materially different from those disclosed as of the grant date of such equity awards.

Filings and Timing of Disclosures. Companies will be required to include the pay versus performance disclosure in all proxy and information statements that are required to include executive compensations disclosures under Item 402 of Regulation S-K for fiscal years ending on or after December 16, 2022. Under the transition rules, companies will only be required to provide disclosure for three years in the first proxy or information statement in which disclosure is provided, adding one additional year in each of the two subsequent years. In addition, disclosure is only required for fiscal years in which the company was a reporting company. The Item 402(v) disclosure will be treated as “filed” for the purposes of the Exchange Act and will be subject to the say-on-pay advisory vote under Exchange Act Rule 14a-21(a).

Issuers Subject to the Final Rules. The final rules require pay versus performance disclosure for all companies other than emerging growth companies (which are statutorily exempt from the requirements pursuant to the Jumpstart Our Business Startups Act), foreign private issuers, and registered investment companies.

Smaller reporting companies are subject to scaled disclosure requirements. They are not required to provide peer group TSR or any Company-Selected Measure, and the calculation of executive compensation actually paid may exclude amounts relating to pensions. In addition, smaller reporting companies are only required to provide disclosure for the most recent three years and are allowed initially to provide disclosure for two years, adding one additional year in the next year. Smaller reporting companies also are afforded a transition period with respect to XBRL requirements and are not required to provide inline XBRL data until the third filing in which it provides the pay versus performance disclosure.

Observations and Considerations for Companies

The new rules will require extensive calculations and disclosures. For many companies, however, the biggest challenge will be drafting disclosure that uses the information in the table to provide a clear description of the relationship between “compensation actually paid” and the prescribed performance measures. This disclosure is, appropriately, not presented in the Compensation Discussion and Analysis, as it will not necessarily relate to the performance measures utilized by a company’s compensation committee in designing and awarding executive compensation. Indeed, in our experience few compensation committees (if any) currently evaluate executive compensation based on the “compensation actually paid” formula prescribed under the new rules. As such, the required description may best be viewed as an after-the-fact review of whether and how this prescriptive and non-routine measure of “compensation actually paid” aligns with the discrete measures of corporate performance prescribed under the rule, if at all. In light of this disconnect between how compensation committees evaluate performance in awarding and paying out executive compensation and how compensation and performance will be presented under the new rules, some companies may determine to include additional voluntary disclosures that reflect how they view the connection between realized or realizable compensation and corporate performance. Indeed, while the final rules check the box in fulfilling a Dodd-Frank mandate to require a pay-for-performance presentation, it’s unclear whether the manner in which the Commission chose to implement the Dodd-Frank mandate justifies the time and expense that companies will need to expend to produce the disclosures and whether investors will expend the effort that would be needed to assess the disclosures.

For companies with calendar year fiscal years, the pay versus performance disclosures will be required in the 2023 proxy statement, and for companies that are not smaller reporting companies, the first year of disclosure will cover the 2022, 2021 and 2020 fiscal years. Given the substantial undertaking required to prepare the historical disclosures and the likelihood that significant interpretive questions will arise when applied to companies’ particular facts, companies should begin preparing for the new rules now by collecting the information that will be necessary for the disclosures, particularly with respect to the historical pension and equity award adjustments for calculating executive compensation actually paid, and should begin to mock up the required table now for historical periods. In addition, companies should begin discussions regarding what financial performance measure should be utilized as the Company-Selected Measure, understanding that it should be focused on the most recently completed fiscal year (i.e., 2022 for companies with calendar year fiscal years). Consultation with the company’s compensation committee and its independent compensation consultant will be key in ensuring that appropriate performance measures are utilized for both the Company-Selected Measure and in the tabular list. As well, companies should also consider whether any supplemental, voluntary disclosures or presentations may be appropriate. For instance, TSR amounts presented in the table may not align with the performance periods applicable to incentive and equity compensation awards.

The following Gibson Dunn lawyers assisted in the preparation of this alert: Krista Hanvey, Thomas Kim, Ronald Mueller, and Gina Hancock.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these issues. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Executive Compensation and Employee Benefits or Securities Regulation and Corporate Governance practice groups, or any of the following practice leaders and members:

Executive Compensation and Employee Benefits Group:
Stephen W. Fackler – Palo Alto/New York (+1 650-849-5385/+1 212-351-2392, sfackler@gibsondunn.com)
Sean C. Feller – Los Angeles (+1 310-551-8746, sfeller@gibsondunn.com)
Krista Hanvey – Dallas (+ 214-698-3425, khanvey@gibsondunn.com)
Gina Hancock – Dallas (+1 214-698-3357, ghancock@gibsondunn.com)

Securities Regulation and Corporate Governance Group:
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
Thomas J. Kim – Washington, D.C. (+1 202-887-3550, tkim@gibsondunn.com)
Ron Mueller – Washington, D.C. (+1 202-955-8671, rmueller@gibsondunn.com)
Michael Titera – Orange County, CA (+1 949-451-4365, mtitera@gibsondunn.com)
Lori Zyskowski – New York, NY (+1 212-351-2309, lzyskowski@gibsondunn.com)
Aaron Briggs – San Francisco, CA (+1 415-393-8297, abriggs@gibsondunn.com)
Julia Lapitskaya – New York, NY (+1 212-351-2354, jlapitskaya@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Towards the end of 2022, Europe will likely see a wave of class action legislation. Many member states of the European Union (“EU”) will have to either devise new class action regimes or amend their existing provisions on collective redress. They have until Christmas Day 2022 to implement the EU Directive on Representative Actions into national law. The new procedural rules must be applied to new collective claims raised by 25 June 2023.

So far, only the Netherlands has voted to amend its class action regime to comply with the Directive. Most other EU countries will have to take legislative action in the fall. The EU directive, once implemented, will allow for more cross-border mass litigation throughout Europe. Some states will use the opportunity to strengthen their jurisdiction by incentivizing plaintiffs to file cross-border representative actions in their courts, paving the way for cross-border forum shopping in Europe.

1. The EU’s Directive on Representative Actions and Its Core Requirements

In 2020, the European Union issued a Directive on Representative Actions (EU Directive 2020/1828), which obliges all EU member states to amend their respective national rules of civil procedure to allow qualified entities to file collective actions for a class of consumers.

The member states enjoy considerable leeway to transfer the Directive’s broad requirements into their national legal system. For example, member states are free to implement either an opt-in or an opt-out mechanism for consumers to join the collective action. Consequently, national provisions on collective actions will still differ from country to country. However, for the first time, all of Europe will have some form of collective redress to allow consumers to directly claim compensation from a defendant. Still, the Directive does not change the current European law on cross-border jurisdiction or conflict of laws.

The core requirements under the Directive which each member state must implement at a minimum are:

1. Relief? Member states have to provide at least one procedural mechanism by which a qualified entity can sue on behalf of consumers for a variety of redress measures (compensation, repair, replacement, contract termination) or injunctive relief. Some preexisting representative actions in Europe (i.e. in Germany) have so far allowed only declaratory judgments for consumers.
2. Claimant? Only qualified entities have standing to sue on behalf of consumers; special criteria apply for entities bringing cross-border actions. This procedural setup is designed to avoid abusive litigation. In the legislative ideal, representative actions should be driven by consumer protection organizations who have the consumers’ best interests instead of their own financial interest in mind.
3. Predicate Laws? The Directive requires that such representative actions can be filed for the violation of 66 EU laws for consumer protection, which are listed in the Directive’s annex. Over the past 30 years, member states have transferred this EU consumer protection legislation into their national laws. Today, core provisions in the member states’ civil codes (i.e. contract formation with consumers and defects liability) are based on the referenced EU legislation. The scope of the Directive also includes more ancillary EU legislation regarding claims by consumers arising out of, inter alia, unfair commercial practices, air travel, financial services, loans, food safety, electronic communication, and data protection. Seemingly every transaction with consumers in the EU could therefore be subject of a representative action in the future.
4. Funding? Qualified entities may be funded by third parties as long as conflicts of interests are prevented. When justified doubts regarding a conflict arise, qualified entities shall disclose their sources of funds used to support the representative action.
5. Discovery? In accordance with pre-existing national and EU law, member states shall allow courts to order the defendant or third parties to disclose additional evidence which lies in the control of the defendant or a third party. Some EU jurisdictions already have such procedural mechanisms in place. These mechanisms are generally limited in scope compared to US discovery. For example, in Germany, plaintiffs have to show that they require a specific document that would buttress their case before the court can order the defendant to turn it over. The Directive ensures that member states can keep these pre-existing national procedural provisions. They are also free, however, to vote for procedural rules more akin to US-style discovery, if they desire.
6. Cost-Shifting? As is customary in the EU (and unlike the US), the losing party shall bear the costs of the litigation. This is meant to discourage frivolous lawsuits. So if the case is dismissed, the qualified entity that brought the lawsuit on behalf of consumers will have to bear the entire cost of the proceedings. This – theoretically – includes the opposing party’s attorneys’ fees. However, the recoupable amount for attorneys’ fees is often capped by national law. The Directive does not affect these caps and it is unlikely that member states will change them to the detriment of qualified consumer protection entities. Even if successful, defendants will therefore not be able to shift their costs entirely to the plaintiff. The consumers behind the representative action generally will not bear any costs..
7. Tolling of Statutes of Limitations? Pending representative actions (both for redress measures and injunctive relief) shall suspend or interrupt the national statutes of limitation for the consumers’ individual claims.
8. Settlements? Similar to US class actions, all settlements in EU representative actions must be scrutinized by the court. The court will not approve the settlement if it violates mandatory national law or includes unenforceable conditions. Additionally, member states can allow the court to reject the settlement, if it is “unfair”. Settlements are final and binding for the parties as well as the consumers. However, consumers may opt-out of a settlement.

2. The Netherlands Set the Tone with a Plaintiff-Friendly Interpretation of the Directive

Many European countries either remain hesitant to approach legislation on collective redress or are still debating how to allow consumers to effectively resolve their grievances without inviting the specter of a US-style “class action industry” into European courtrooms.

The Netherlands, on the other hand, have already embraced the new procedure and have taken a leading role in its implementation. The Dutch parliament already passed class action legislation in 2020. In June 2022, as the first country in the EU to do so, the Netherlands amended this regime to fully comply with the EU Directive. Rather than simply implementing the Directive’s core requirements, the Netherlands have used the legislative leeway afforded by the EU to create a plaintiff-friendly class action regime which will strengthen the position of Dutch courts to resolve cross-border collective disputes. The main staples of the new Dutch representative action are:

1. Its scope goes far beyond the required minimum of sanctioning violations against EU consumer protection law. All subject-matters fit for a civil lawsuit can be litigated. Most notably, this includes climate change litigation, for which Dutch courts have built a plaintiff-friendly reputation with major verdicts against the Dutch Government in 2018 and Royal Dutch Shell in 2021.
2. The representative action is not limited to consumers. Companies can join a representative action as well.
3. For purely national litigation, the Netherlands pose very limited requirements for the representing qualified entities. Even entities which were founded for the sole purpose of bringing one particular representative action will have standing in Dutch courts. In cross-border litigation the requirements will be stricter as set out by the Directive.
4. Similar to a US class action, Dutch plaintiffs will have to opt-out of the class should they not want to participate in the litigation. Dutch representative actions are also open to plaintiffs residing outside the Netherlands, as long as they belong to the class and actively opt-in. International plaintiffs will also be part of any settlement. This will drive up the amounts in dispute compared to representative actions in neighboring countries like France and Germany, which favor opt-in mechanisms. Consequently, representative actions in the Netherlands will be particularly attractive for plaintiffs and third-party litigation funders.
5. Other than the Directive’s minimum requirements, the Netherlands have not imposed any restrictions on third-party funding. Litigation funders may not influence litigation strategy and the financial independence of the qualified entity must be safeguarded.

Some significant differences to US class actions still remain. The Netherlands have not introduced US-style discovery into their representative action, which the Directive would have allowed for. Plaintiffs will also not be able to sue for punitive damages.

3. Outlook: A Diverse Litigation Landscape in Europe with Opportunities for Plaintiffs

The European landscape for collective redress will remain diverse even after 2023. Not all EU member states will implement the Directive as broadly as the Dutch. For example, the German Attorney General has already indicated he will propose legislation that will be more narrowly tailored to the underlying EU Directive instead of overhauling Germany’s collective redress mechanisms in one legislative swoop.

However, following the example set by the Netherlands, some countries might try to incentivize plaintiffs and litigation funders to sue multi-national companies in their own courts by devising plaintiff-friendly procedural rules.

Even if such a competition among member states will not ensue, any reform of Europe’s collective redress system will present new opportunities for plaintiffs, in particular if last-minute legislation to meet the deadline of 25 December 2022 results in loopholes or unprecise statutes. Companies, courts, and law firms will have to adapt to the ensuing new legal challenges. With no or little case law on the books after the reform, plaintiffs have particular incentives to file creative lawsuits.

The following Gibson Dunn lawyers prepared this client alert: Markus Rieder, Patrick Doris, Alexander Horn, Kahn Scolnick, and Christopher Chorba.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Class Actions, Litigation, or Appellate and Constitutional Law practice groups, the authors, or any of the following leaders and members of the Class Actions Group:

Munich:
Markus Rieder (+49 89 189 33 162, mrieder@gibsondunn.com)
Alexander Horn (+49 89 189 33 161, ahorn@gibsondunn.com)

Paris:
Eric Bouffard (+33 (0) 1 56 43 13 00), ebouffard@gibsondunn.com)
Jean-Pierre Farges (+33 (0) 1 56 43 13 00, jpfarges@gibsondunn.com)
Pierre-Emmanuel Fender (+33 (0) 1 56 43 13 00, pefender@gibsondunn.com)

Brussels:
Christian Riis-Madsen (+32 2 554 72 05, criis@gibsondunn.com)

London:
Susy Bullock (+44 (0) 20 7071 4283, sbullock@gibsondunn.com)
Patrick Doris (+44 (0) 20 7071 4276, pdoris@gibsondunn.com)
Osma Hudda (+44 (0) 20 7071 4247, ohudda@gibsondunn.com)
Ali Nikpay (+44 (0) 20 7071 4273, anikpay@gibsondunn.com)
Philip Rocher (+44 (0) 20 7071 4202, procher@gibsondunn.com)
Deirdre Taylor (+44 (0) 20 7071 4274, dtaylor2@gibsondunn.com)
Doug Watson (+44 (0) 20 7071 4217, dwatson@gibsondunn.com)

United States:
Theodore J. Boutrous, Jr. – Los Angeles (+1 213-229-7000, tboutrous@gibsondunn.com)
Christopher Chorba – Co-Chair, Class Actions Practice Group – Los Angeles (+1 213-229-7396, cchorba@gibsondunn.com)
Theane Evangelis – Co-Chair, Litigation Practice Group, Los Angeles (+1 213-229-7726, tevangelis@gibsondunn.com)
Lauren R. Goldman – New York (+1 212-351-2375, lgoldman@gibsondunn.com)
Kahn A. Scolnick – Co-Chair, Class Actions Practice Group – Los Angeles (+1 213-229-7656, kscolnick@gibsondunn.com)
Bradley J. Hamburger – Los Angeles (+1 213-229-7658, bhamburger@gibsondunn.com)
Lauren M. Blas – Los Angeles (+1 213-229-7503, lblas@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Decided August 18, 2022

Serova v. Sony Music Entertainment, S260736

The California Supreme Court held yesterday that a seller’s promotional statements about an artistic work of interest to the public amounted to commercial speech, regardless of whether the seller knew of the statements’ falsity.

Background: The plaintiff sued Sony under the Unfair Competition Law (UCL) and Consumers Legal Remedies Act (CLRA) on the theory that promotional materials for a posthumous Michael Jackson album misrepresented that Jackson was the lead singer. Sony filed a motion to strike under California’s anti-SLAPP statute, arguing that the plaintiff’s UCL and CLRA claims were unlikely to succeed because those statutes target only commercial speech, not noncommercial speech about art protected by the First Amendment.

The Court of Appeal held that the motion should be granted because the plaintiff’s claims targeted protected speech that was immune from suit under the UCL and CLRA. It reasoned that the promotional statements about the album related to a public issue—the controversy over whether Jackson was the lead singer on the album—and were more than just commercial speech because they were connected to music. The plaintiff’s allegation that the statements were false did not strip them of First Amendment protection, according to the Court of Appeal, because Sony didn’t know the statements were false.

Issues: Were Sony’s representations that Michael Jackson was the lead singer on Michael noncommercial speech subject to First Amendment protection (in which case California’s anti-SLAPP statute would apply) or commercial speech (in which case the plaintiff could pursue UCL and CLRA claims against Sony)?

Court’s Holding:

Sony’s representations about the album constituted commercial speech, which can be prohibited entirely if the speech is false or misleading. And those representations did not lose their commercial nature simply because Sony made them without knowledge of their falsity or about matters that are difficult to verify.

“[C]ommercial speech does not lose its commercial nature simply because a seller makes a statement without knowledge or that is hard to verify.”

Justice Jenkins, writing for the Court

What It Means:

1. Although artistic works often enjoy robust First Amendment protections, the marketing of such works can constitute commercial speech that is regulated by consumer-protection laws.
2. It makes no difference whether a seller knew or didn’t know its statements are false, or whether the seller could or couldn’t find out whether its statements are false. If the seller’s speech is commercial, it will not receive full First Amendment protection in California.
3. In deciding motions to strike under the anti-SLAPP statute, courts have discretion to skip over the question whether a claim arises from the exercise of free-speech rights and first analyze whether the movant has shown a probability of success.

The Court’s opinion is available here.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the California Supreme Court. Please feel free to contact the following practice leaders:

Litigation Practice

Theodore J. Boutrous, Jr.
+1 213.229.7804
tboutrous@gibsondunn.com

Theane Evangelis
+1 213.229.7726
tevangelis@gibsondunn.com

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 tdupree@gibsondunn.com	Allyson N. Ho +1 214.698.3233 aho@gibsondunn.com	Julian W. Poon +1 213.229.7758 jpoon@gibsondunn.com
Blaine H. Evanson +1 949.451.3805 bevanson@gibsondunn.com	Bradley J. Hamburger +1 213.229.7658 bhamburger@gibsondunn.com	Michael J. Holecek +1 213.229.7018 mholecek@gibsondunn.com

Related Practice: Media, Entertainment & Technology

Scott A. Edelman +1 310-557-8061 sedelman@gibsondunn.com	Kevin Masuda +1 213-229-7872 kmasuda@gibsondunn.com	Benyamin S. Ross +1 213-229-7048 bross@gibsondunn.com
Katherine V.A. Smith +1 213.229.7107 ksmith@gibsondunn.com

Carbon capture, utilization, and sequestration (“CCUS”) projects around the United States received a significant boost from the Inflation Reduction Act of 2022 (the “IRA”).[1] The IRA, which President Biden recently signed into law, includes approximately $369 billion in incentives for clean energy and climate-related program spending, including CCUS projects.[2]

Notably, the IRA (1) substantially increases the availability of the federal income tax credits available for domestic CCUS projects (often referred to as “45Q credits”),[3] (2) makes it easier for CCUS projects to qualify for 45Q credits, and (3) provides significant new avenues for monetizing 45Q credits.[4] The IRA also extends the deadline to begin construction on 45Q credit-eligible projects from 2026 to 2033.

Taken together, these changes are anticipated to significantly increase the number of CCUS projects that will enter service over the coming years.

Substantial Increases in Availability of 45Q Credits

The IRA substantially increases the availability of 45Q credits. Under current law, qualified CCUS facilities that captured qualified carbon oxides (“QCO”) and either used the QCO in enhanced oil and gas recovery (“EOR”) or utilized the QCO in certain industrial applications would have been entitled to receive 45Q credits of up to $35/metric ton (“MT”), and facilities that otherwise disposed of QCO in secure geological storage would have been entitled to receive 45Q credits of up to $50/MT (both rates computed before inflation adjustments).

The IRA effectively increases the above rates to $60/MT and $85/MT (before inflation adjustments) respectively; however the IRA conditions the availability of these credit amounts on satisfying new prevailing wage and apprenticeship requirements (otherwise, the new rates are reduced by 80 percent). At a high level, the prevailing wage and apprenticeship requirements are focused on making sure that projects provide well-paying jobs and training opportunities. The new requirements will apply only to projects the construction of which begins within 60 days on or after the date on which Treasury issues regulatory guidance regarding the new requirements.

The IRA makes similar changes to 45Q credits for QCO captured by direct air capture (“DAC”) facilities, but the availability of 45Q credits for DAC facilities is even larger. Under current law, DAC facilities were eligible for 45Q credits at the same rates as industrial facilities. Under the IRA, DAC facilities are eligible for up to $130/MT for captured QCO used in EOR or utilized in certain industrial applications and $180/MT for other geologically sequestered QCO (subject to the same 80 percent haircut as other projects noted above if the DAC facility fails new prevailing wage and apprenticeship requirements).

The table below illustrates the extent to which the IRA is increasing the value of 45Q credits:

	2018 BBA 45Q Credit	2022 IRA 45Q Credit[5]
QCO Captured by Industrial Facility (Non-EOR/non-utilized)	$50/MT	$85/MT
QCO Captured by Industrial Facility (Used in EOR/utilized)	$35/MT	$60/MT
QCO Captured by DAC (Non-EOR/non-utilized)	$50/MT	$180/MT
QCO Captured by DAC (Used in EOR/utilized)	$35/MT	$130/MT

Expansion of Qualified Facilities

The IRA relaxes the annual thresholds that CCUS facilities must satisfy to be eligible for 45Q credits. For electric generating facilities, the IRA lowers the annual threshold from 500,000MT of captured QCO to 18,750MTs of captured QCO.[6] For DAC projects, the IRA lowers the annual threshold from 100,000MTs to just 1,000MTs. The IRA reduces the capture quantity requirements for all other industrial facilities to 12,500MTs. The high thresholds under prior law (combined with the cliff effect of failing to meet those thresholds) were major impediments to the financing of CCUS projects, so these reduced thresholds are a particularly welcome development for the industry.

Additional Options for Easier Monetization of 45Q Credits

The IRA also includes changes that could potentially result in significant adjustments to the manner in which 45Q credits are monetized, potentially diminishing the need for complicated tax equity structures to harvest the benefits of 45Q credits, which could expand the investor marketplace for CCUS projects. Most importantly, the IRA allows an owner of a qualified CCUS project to monetize 45Q Credits by selling any portion of its 45Q credits to third parties for cash or (in certain years) seeking direct payment for 45Q credits from the Treasury. In the case of a transfer, the cash payment received by the transferor will not be treated as taxable income, and the third party transferee may not deduct the cash payment. Once a 45Q credit is transferred to a third party under this rule, the third party may not transfer it again. Although expanded transferability of tax credits opens new potential monetization avenues, many practical questions (such as whether a purchaser that buys credits at a discount to face value would be required to recognize taxable income) remain unanswered and will likely require regulatory guidance. Moreover, the credit transfer regime contemplated by the IRA does not allow for depreciation deductions to be transferred, meaning that sponsors of projects who rely solely on the ability to transfer the 45Q credits will leave tax benefits on the table.

In addition to the new third-party transfer regime, direct payments from the Treasury in lieu of 45Q credits are available; however, with respect to claimants that are taxable entities, such direct payments are only available for the first five years of the twelve-year credit period, limiting the practical utility of the direct payment scheme.

It is important to note that additions to tax may apply to any “excessive credit transfer” (in the case of a credit transfer) or “excessive payments” (in the case of direct payments) in which the credit transferee or taxpayer, respectively, claims in excess of what the credit transferor or taxpayer could validly claim. The addition to tax is 120 percent of the excessive credit transfer or excessive payment. However, the 20 percent penalty component will not apply if the credit transferee or taxpayer can demonstrate reasonable cause for claiming the excessive credit transfer or excessive payment, respectively. Regulatory guidance will be needed to flesh out the details of this reasonable cause exception and other details of how the excessive credit transfer and excessive payment rules will operate in practice.

Conclusion

The IRA potentially fundamentally alters the CCUS landscape in the U.S. The substantially expanded availability of the 45Q credit, broadened scope of qualifying CCUS facilities, and simplified monetization of 45Q credits has the potential to incentivize current CCUS investors to increase the size of their investments, likely will encourage new investors to participate in CCUS projects, and should ensure that CCUS projects will be a significant feature of decarbonization efforts in the U.S.

________________________________

[1] As was the case with the so-called Tax Cuts and Jobs Act, the Senate’s reconciliation rules prevented Senators from changing the Act’s name and so the so-called Inflation Reduction Act is actually “An Act to provide for reconciliation pursuant to title II of S. Con. Res. 14.”

[2] https://www.democrats.senate.gov/imo/media/doc/inflation_reduction_act_one_page_summary.pdf

[3] 45Q credits are authorized by section 45Q of the Internal Revenue Code of 1986 (the “Code”).

[4] Inflation Reduction Act of 2022 (H.R. 5376), §§13104, 13801.

[5] These credit amounts are reduced by 80% unless new prevailing wage and apprenticeship requirements are satisfied (assuming those requirements apply to a project based on when it started construction).

[6] In addition to meeting this minimum requirement, the capture design capacity of the carbon capture equipment at the applicable electric generating unit at the CCUS project must be at least 75% of the baseline carbon oxide production of that unit.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have about these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Oil and Gas or Tax practice groups, or the following authors:

Oil and Gas Group:
Michael P. Darden – Co-Chair, Houston (+1 346-718-6789, mpdarden@gibsondunn.com)
Graham Valenta – Houston (+1 346-718-6646, gvalenta@gibsondunn.com)
Zain Hassan– Houston (+1 346-718-6640, zhassan@gibsondunn.com)

Tax Group:
Michael Q. Cannon – Dallas (+1 214-698-3232, mcannon@gibsondunn.com)
Matt Donnelly – Washington, D.C. (+1 202-887-3567, mjdonnelly@gibsondunn.com)
Josiah Bethards – Dallas (+1 214-698-3354, jbethards@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

The Court of Final Appeal (the “CFA”) has recently confirmed that a director is not liable to penalty, by way of additional tax, arising from an incorrect tax return filed by the company which he/she has signed and declared to be correct, on the basis that he/she should not be regarded having made the company’s incorrect tax return.[1]

The CFA’s judgment provides clarity on the meaning and effect of s 82A(1)(a) of the Inland Revenue Ordinance (Cap. 112) (the “IRO”), which empowers the Commissioner of Inland Revenue (the “Commissioner”) to impose additional tax, commonly referred to as penalty tax, on any person who without reasonable excuse “makes” an incorrect tax return.

It should, however, be noted that the relevant provision has also recently been amended to cover a person who “causes or allows to be made on the person’s behalf, an incorrect return”, and it remains to be seen how this amendment will affect a director’s liability in relation to any company’s incorrect returns signed and declared to be correct by him/her.

1. Background and Procedural History

The CFA judgment was on the appeal by the Commissioner against a decision of the Court of Appeal (“CA”) in October 2019, in which the CA dismissed the Commissioner’s appeal against a decision of the Court of First Instance (the “CFI”) made in November 2018. The CFI ruled in favour of Mr Koo Ming Kown (“Mr Koo”) and Mr Murakami Tadao (“Mr Murakami”), who appealed against two earlier decisions of the Board of Review (the “Board”) upholding certain penalty tax assessed against them.[2]

Mr Koo and Mr Murakami were directors of Nam Tai Electronic & Electrical Products Limited (the “Company”) at the material times when the Company’s returns for the years 1996/97, 1997/98 and 1999/2000 were filed. Mr Koo and Mr Murakami respectively signed and declared to be correct the first and third, and the second, of these returns. Mr Murakami and Mr Koo ceased to be directors of the Company in 2002 and 2006 respectively.

Following a tax audit in 2002, the Inland Revenue Department (the “IRD”) disallowed claims for deductions made in the returns, and assessed the Company to undercharged tax under s 60 of the IRO, which the Company challenged unsuccessfully. The Company did not pay the amounts assessed and was eventually wound up in June 2012 by the court on the petition of the Commissioner.

In 2013, Mr Koo and Mr Murakami were assessed to additional tax under s 82A(1)(a) of the IRO in the amount of HK$12,600,000 and HK$5,400,000 respectively, on the basis that the Company’s returns were incorrect. They appealed to the Board, which found against them. The Board found the returns to have been incorrect and increased the overall amounts payable by Mr Koo and Mr Murakami.

Mr Koo and Mr Murakami appealed to the CFI, which accepted their primary argument that they did not fall within s 82A(1)(a) of the IRO. The CFI ordered the annulment of the additional tax assessments against Mr Koo and Mr Murakami. The Commissioner appealed to the CA, which upheld the CFI’s decision that Mr Koo and Mr Murakami were not required by the IRO to make the returns on behalf of the Company, and therefore could not be made liable to additional tax under s 82A(1)(a).

The Commissioner appealed to the CFA but Mr Koo and Mr Murakami informed the CFA that they did not intend to oppose the Commissioner’s appeal and would not attend the hearing in person or instruct lawyers to do so. The CFA appointed Mr Eugene Fung SC and Mr John Leung as amici curiae, who filed submissions addressing the questions before the CFA that supported the CA and CFI decisions.

2. The CFA’s Decision

Whether Mr Koo and Mr Murakami should be liable for the Company’s incorrect returns signed by them depends on whether they fall within the description, in the s 82A(1)(a) prevailing at the material times, of a “person who without reasonable excuse – (a) makes an incorrect return by omitting or understating anything in respect of which he is required by this Ordinance to make a return, either on his behalf or on behalf of another person…”[3]

The Commissioner contended that the individuals specified under s 57(1),[4] which included Mr Koo and Mr Murakami as directors of the Company, were “answerable” for doing all such acts as were required to be done by the Company under the IRO, and accordingly they were required to make the Company’s returns; and further that, by physically signing and declaring to be correct the relevant Company’s returns, they did make the Company’s return on behalf of the Company as a corporate taxpayer. On the case for the Commissioner, the individuals identified under s 57(1) to be “answerable” (for doing all such acts as required to be done by a corporate taxpayer) are required (secondarily) to do such acts which the corporate taxpayer is (primarily) required to do under the IRO.

Upon examining the legislative history and context, the CFA disagreed with the Commissioner’s construction of the relevant provisions in the IRO. The CFA confirmed the decisions of the CFI and the CA and concluded that the Company (being the entity to which the notice for making a return was issued under s 51(1)), rather than the individual who signed the return, was the “person” legally required to make, and did make, the return. There is a distinction between answerability under s 57(1), which means that the individuals specified under s 57(1) are responsible for seeing or ensuring the corporate taxpayer does the act in question, and an obligation or requirement to do such act on behalf of the company.

Accordingly, the CFA dismissed the Commissioner’s appeal.

3. Conclusion

The CFA judgment helpfully clarifies that a director of a company (or any other relevant individual specified under s 57(1)) is not required to “make” the tax return of the company, and does not make such tax return by reason that he/she has signed, and declared his/her belief in the correctness of the information in, the returns filed by the company. Therefore, such director or individual specified under s 57(1) does not incur liability under s 82A(1)(a) of the IRO.

However, as from 11 June 2021, s 82A(1)(a) has been amended to provide that “[a]ny person who without reasonable excuse—(a) makes, or causes or allows to be made on the person’s behalf, an incorrect return by omitting or understating anything in respect of which he is required by this Ordinance to make a return, either on his behalf or on behalf of another person…” (emphasis added to show the amendments).[5]

It remains to be seen whether, notwithstanding that a company’s director signing (or approving the filing of) the company’s tax return is not one who “makes” the tax return, he/she might be caught by the current s 82A(1)(a) as a person who has “caused” or “allowed” the tax return to be made on the company’s behalf, and hence may be exposed to liability should the company’s tax return be found to be incorrect.

_____________________________

[1] Koo Ming Kown & Murakami Tadao v Commissioner of Inland Revenue [2022] HKCFA 18. A copy of the judgment of the Court of Final Appeal is available here. The judgment in the Court of Appeal ([2021] HKCA 1037) is available here. The judgment in the Court of First Instance ([2018] HKCFI 2593) is available here.

[2] Board of Review, Cases D32/16 (available here) and D33/16 (available here).

[3] The current s 82A(1)(a) provides that “[a]ny person who without reasonable excuse—(a) makes, or causes or allows to be made on the person’s behalf, an incorrect return by omitting or understating anything in respect of which he is required by this Ordinance to make a return, either on his behalf or on behalf of another person…” (emphasis added to show the amendments).

[4] The then-prevailing s 57(1) provided that “[t]he secretary, manager, any director or the liquidator of a corporation and the principal officer of a body of persons shall be answerable for doing all such acts, matters or things as are required to be done under the provisions of this Ordinance by such corporation or body of persons”; whilst the current s 57(1) provides that “[t]he following person is answerable for doing all the acts, matters or things that are required to be done under the provisions of this Ordinance by a corporation or body of persons—(b) for any other corporation [that is not an open-ended fund company], the secretary, manager, any director or the provisional liquidator or liquidator of the corporation…”

[5] See the Inland Revenue (Amendment) (Miscellaneous Provisions) Ordinance 2021, Ord. No. 18 of 2021, Gazette published on 11 June 2021, No. 23 Vol. 25 – Legal Supplement No. 1, available here.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, or the authors and the following lawyers in the Litigation Practice Group of the firm in Hong Kong:

Brian Gilchrist (+852 2214 3820, bgilchrist@gibsondunn.com)
Elaine Chen (+852 2214 3821, echen@gibsondunn.com)
Alex Wong (+852 2214 3822, awong@gibsondunn.com)
Celine Leung (+852 2214 3823, cleung@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

On August 2, 2022, the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) released its annual report covering calendar year 2021 (the “Annual Report”).[1] This report represents the first full calendar year in which the Committee operated pursuant to the new regulations implemented in 2020 under the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”).[2]

Our top observations from the Annual Report are set forth below.

Amidst the Backdrop of a Strong M&A Market, The Committee Reviewed a Record Number of Filings

Parties to a covered transaction may initiate CFIUS’s national security review of the transaction by filing a short-form declaration or a full-length written notice. Consistent with the robust M&A market in 2021, CFIUS reviewed a record number of 436 total filings in 2021, up 39 percent from 2020. 164 (38 percent) of these filings were declarations, and 272 (62 percent) were written notices, both figures representing significant percentage increases from 2020.[3]

	2020	2021 (∆)
Declarations	126	164 (↑30%)
Notices	187	272 (↑45%)
Total Filings	313	436 (↑39%)

1. The Use of Short-Form Declarations and CFIUS Clearance Rates of Such Declarations Have Increased Significantly

Short-form declarations were introduced through the passage of FIRRMA in 2018, as both an optional form of filing and pursuant to mandatory requirements under certain conditions. Although a recent introduction, the statistics noted above indicate that declarations are emerging as a viable alternative to the traditional written notice process in certain situations.

Less than a third of declarations filed in 2021 were subject to mandatory requirements (47 of 164 total declarations), indicating that parties are increasingly seeing value in filing a voluntary declaration, which has fewer requirements and a shorter review timeline. Although, there is always a risk with a declaration that the overall CFIUS timeline and burden could be lengthened should the Committee request the parties to file a written notice or determine it is unable to conclude action on the basis of the declaration after the 30-day declaration review. Thus, deciding whether to file a declaration versus a notice should be based on an overall risk calculus of many factors. As the numbers reflect, the availability of the declaration process does not replace notices as a filing of choice in all instances.

Committee Action	Number of Declarations (164 Total)
Request parties file a written notice	30 (18%)
Unable to conclude action	12 (7%)
Clearance	120 (73%)
Rejected	2 (1%) [4]

To put these numbers into perspective, Committee clearance of declarations increased from less than 10 percent in 2018, to 37 percent in 2019, to 64 percent in 2020, and 73 percent this past year.[5] CFIUS also requested slightly fewer written notices from parties who filed declarations (18 percent, down from 22 percent), and reduced the number of instances in which the parties were informed that CFIUS was unable to conclude action on the basis of the declaration—from 13 percent to 7 percent.[6]

There was a Significant Jump in Withdrawn Notices – But the Percentage of Abandoned Transactions Remained Consistent with 2020

A notable uptick was seen in the number and percentage of withdrawn notices in 2021 – 74 in 2021 (27 percent) versus 29 in 2020 (15.5 percent).[7] Similar to 2020, just under half of all notified transactions proceeded to the subsequent 45-day investigation phase (130).[8] It was during this investigation phase that nearly all (72) of the 74 notices were withdrawn.[9] Most notices were withdrawn after CFIUS informed the parties that the transaction posed a national security risk and proposed mitigation terms.[10] In the vast majority of withdrawn notices in 2021 (85 percent), parties filed a new notice.[11]

Eleven notices, representing four percent of the total number of notices filed in 2021, were withdrawn and the transaction ultimately abandoned either because (i) CFIUS informed the parties that it was unable to identify mitigation measures that would resolve the national security concerns, or the parties rejected mitigation measures proposed by the Committee (nine withdrawals); or (ii) for commercial reasons (two withdrawals).[12] This is relatively consistent with the figures on abandoned transactions in 2020 (just above four percent).[13]

Notably, 2021 was the first year since 2016 in which no Presidential decisions were issued.[14]

Canadian Acquirers Accounted for the Largest Number of Declarations, while Chinese Investors Greatly Preferred and Led in the Number of Notices Submitted

Investors from Canada accounted for the largest number of declarations filed in 2021 (22), representing approximately 13 percent of the total.[15] Other countries commonly characterized by the U.S. government as presenting lower national security risks also topped the list of declarations, with Australia, Germany, Japan, South Korea, Singapore and United Kingdom cumulatively accounting for 62—or approximately 38 percent—of the 164 declarations submitted in 2021. [16] These numbers are generally consistent with previous years’ trends. From 2019 to 2021, Canadian investors submitted 54 declarations, more than any other country. [17] Japanese and United Kingdom investors accounted for the second and third-most declarations filed over the same three-year period. [18]

While Canadian investors may be increasingly utilizing the declaration process, they also still account for a significant number of full-length notices (28, approximately 10 percent of total notices filed, more than any other country except China). The high volume of Canadian declarations and notices is reflective of the significant business activity between the U.S. and Canada, particularly in sectors that may present national security risk, as discussed in insight #5 below.

In contrast to the Canadian utilization of both declarations and notices, Chinese investors largely eschewed the declaration process, filing only one declaration in 2021. [19] Chinese investors filed the highest number of notices last year, with 44 notices, or 16 percent of the total. [20] This represents a 159 percent increase from 2020, and a 76 percent increase from 2019. [21] This increase may not be fully reflective of economic factors in 2021, as this increase comes as CFIUS is intentionally focusing on non-notified historic transactions.

China’s 2021 numbers are also consistent with the last three years, over which Chinese investors submitted 86 notices, but only nine declarations. [22] As noted in our discussion in insight #2, this apparent preference of Chinese investors to forego the short-form declaration in favor of the prima facia lengthier notice process may indicate a calculus that amidst U.S.-China geopolitical tensions, the likelihood of the Committee clearing a transaction involving a Chinese acquiror through the scaled down declaration process is quite low, and therefore a declaration filing may merely result in the Committee requesting after 30 days that the parties submit a notice, thus actually adding time to the process overall.

The low number of declarations also indicates that Chinese investors may be shying away from the more sensitive transactions, such as those involving critical technologies, which would require mandatory declarations.

2021 Figures Confirm Focus on Business Sectors Associated with Critical Technologies and Sensitive Data

Consistent with previous years, a high majority of CFIUS filings in 2021 involved the Finance, Information and Services and Manufacturing sectors, with those two sectors collectively accounting for over 80 percent of CFIUS filings.[23]

Business Sector	Notices
Finance, Information, and Services	55%
Manufacturing	28%
Mining Utilities and Construction	12%
Wholesale Trade, Retail Trade and Transportation	4%

In 2021, CFIUS reviewed 184 covered transactions involving acquisitions of U.S. critical technology companies.[24] In contrast to the 2020 data, the number of critical technologies filings have increased by 51 percent.[25] Consistent with the 2020 data, the largest number of notices filed remained to be the Professional, Scientific, and Technical Services subsector of the Finance, Information and Services sector (35) and Computer / Electronic Product Manufacturing subsector of the Manufacturing sector (31).[26]

Further, consistent with the observations made in insight #4 above, countries seen as traditionally U.S.-allied, such as Germany, United Kingdom, Japan, and South Korea, accounted for the most acquisitions of U.S. critical technology in 2021.[27] These four countries accounted for approximately 33 percent of such transactions. Of note, Canada and China each accounted for approximately five percent of transactions involving the acquisition of U.S. critical technologies.[28]

In light of the new policy mandate, critical technologies is expected to be a continuous focus of the Committee in coming years. Although the Annual Report does not specifically report on covered transactions involving acquisitions of U.S. companies with sensitive data, the sector-specific statistics indicate that this continues to be a focus area.

The Committee Shortened Its Response Times to Respond to Draft Notices and Accept Formal Notices, but Continues to Take Advantage of the Full Time Periods to Complete its Actual Reviews

Parties submitting draft notices to the Committee in 2021 received comments back from the Committee on average in just over six business days, an improvement from the 2020 average of approximately nine days.[29] Similarly, the Committee averaged six business days to accept a formal written notice after submission, which is an improvement from the average of 7.7 business days reported in the 2020 Annual Report.[30]

In terms of the Committee’s turnaround times once a declaration or notice has been filed/accepted, the Committee in 2021 generally utilized the entire available regulatory periods available. With respect to a declaration, the Committee is required to take action [31] within 30 business days after receiving a declaration. Upon acceptance of a formal notice, the Committee has an initial 45 business days to review the filing and may extend the review period into a further investigation period of 45 business days.

Regarding declarations submitted in 2021, it took the Committee, on average, the entire 30-day period to conclude action. [32] Similarly, it took the Committee an average of 46.3 calendar days to close a transaction review during the initial review stage. [33] If the Committee extended the review into the subsequent investigation phase, the Committee completed the investigation, on average, within 65 calendar days. [34] However, this number may be misleading, and in practice parties should expect the Committee to complete investigations closer to the full 90-day deadline because the Annual Report indicates that the median for investigation closures was 89.5 calendar days. [35]

No Significant Changes Regarding Mitigation Measures and Conditions

In 2020, CFIUS adopted mitigation measures and conditions with respect to 23 notices or 12 percent of the total number of 2020 notices. [36] On a percentage basis, 2021 saw a marginal overall decrease in the adoption of mitigation measures and conditions. The Committee adopted mitigation measures and conditions with respect to 31 notices or 11 percent of the total number of 2021 notices. [37] For 26 notices, CFIUS concluded action after adopting mitigation measures. [38] With respect to four notices that were voluntarily withdrawn and abandoned, CFIUS either adopted mitigation measures to address residual national security concerns, or imposed conditions without mitigation agreements.[39] Lastly, as in 2020, measures were imposed to mitigate interim risk for one notice filed in 2021.[40]

It is worth noting that the Committee conducted 29 site visits in 2021 for the purpose of monitoring compliance with mitigation agreements. [41] Where non-compliance was identified, monitoring agencies worked with the parties to achieve remediation. [42]

While CFIUS reviews are highly fact-specific and nuanced, based on historical data points, we can expect the Committee to complete action on a majority of transactions in 2022 without conditions or mitigating measures.

Real Estate Transactions Comprise a Minute Portion of CFIUS Reviews

Despite CFIUS’s expanded authority to review real estate transactions that may present a national security risk, such as proximity to sensitive U.S. military or government facilities, such transactions remain a very small portion of the total transactions reviewed by the Committee. Only five notices and one declaration concerning real estate were reviewed in 2021.[43] While the lack of real estate CFIUS filings could be tied to economic factors, this space remains one to watch in future years.

Requested Filings For Non-Notified/Non-Declared Transactions Decreased

In addition to transaction parties proactively filing with the Committee, the Committee may also identify and initiate unilateral review of a transaction, and may request the parties to submit a filing. The 2020 Annual Report was the first report to contain data relating to the number of non-notified/non-declared transactions identified and put forward to the Committee for consideration.

While CFIUS identified 135 non-notified/non-declared transactions in 2021—compared to 117 in 2020—fewer transactions resulted in a request for filing. [44] Out of 117 identified transactions in 2020, 17 resulted in a request for filing versus just eight requests for filing in 2021.[45]

Given that the number of transactions identified increased, the Committee appears committed to enhancing and utilizing methods for improving the identification of non-notified/non-declared transactions. In fact, in the press release announcing the Annual Report, the Department of Treasury noted as a “key highlight” that CFIUS continues to hire talented staff to support identifying transactions that are not voluntarily filed with the Committee, as well as monitoring and enforcement activities.[46] As such, the trends in the number of non-notified/non-declared transaction will be an important space to watch.

Conclusion

The record increase in CFIUS filings this year reflects the continuing expansion of the Committee’s scope and resources since the enactment of FIRRMA, as well as the recognition by foreign acquirers of the increased risks and sensitivities when it comes to transactions involving U.S. businesses that may pose potential national security risks in the eyes of the Committee. CFIUS has consistently reviewed more covered transactions from year to year, and we see no indication this trend will not continue.

_________________________

[1] Committee on Foreign Investment in the United States, “Annual Report to Congress, Report Period: CY 2021”, available at: https://home.treasury.gov/system/files/206/CFIUS-Public-AnnualReporttoCongressCY2021.pdf.

[2] For further detail on the impact of FIRRMA, see our previous alert “CFIUS Reform: Top Ten Takeaways from the Final FIRRMA Rules,” Feb. 19, 2020, available at: https://www.gibsondunn.com/cfius-reform-top-ten-takeaways-from-the-final-firrma-rules/.

[3] Annual Report at 4, 15.

[4] In one of these instances, the parties re-filed as a notice.

[5] Committee on Foreign Investment in the United States, “Annual Report to Congress, Report Period: CY 2018,” at 31 (the “2018 Annual Report”) available at: https://home.treasury.gov/system/files/206/CFIUS-Public-Annual-Report-CY-2018.pdf; ; Committee on Foreign Investment in the United States, “Annual Report to Congress, Report Period: CY 2019,” at 33 (the “2019 Annual Report”) available at: https://home.treasury.gov/system/files/206/CFIUS-Public-Annual-Report-CY-2019.pdf; Committee on Foreign Investment in the United States, “Annual Report to Congress, Report Period: CY 2020,” at 4 (the “2020 Annual Report”) available at: https://home.treasury.gov/system/files/206/CFIUS-Public-Annual-Report-CY-2020.pdf.

[6] 2020 Annual Report at 4; Annual Report at 4.

[7] 2020 Annual Report at 15; Annual Report at 15.

[8] Annual Report at 15.

[9] Annual Report at 37.

[10] Id.

[11] Id.

[12] Id.

[13] 2020 Annual Report at 15.

[14] Annual Report at 15; 2020 Annual Report at 17.

[15] Annual Report at 11.

[16] Annual Report at 11-12.

[17] Annual Report at 11

[18] Annual Report at 11-12.

[19] Annual Report at 11

[20] Annual Report at 32.

[21] Id.

[22] Annual Report at 11, 32.

[23] Annual Report at 20.

[24] Annual Report at 48.

[25] 2020 Annual Report at 51.

[26] Annual Report at 50.

[27] Annual Report at 49.

[28] Id.

[29] 2020 Annual Report at 18; Annual Report at 18.

[30] 2020 Annual Report at 18; Annual Report at 18.

[31] Upon receiving a declaration, the Committee may request that the parties file a written notice, inform the parties that the Committee is unable to complete action under the initial review phase on the basis of the declaration, initiate a unilateral review, or notify the parties it has completed all action with respect to the transaction. 50 U.S.C. § 4565(b)(1)(C)(v)(III)(aa).

[32] Annual Report at 13.

[33] Annual Report at 18. Considering that the figure of 46.3 days is expressed in calendar days and not business days, we take the view that the time taken by the Committee to close a transaction review is acceptable.

[34] Annual Report at 18.

[35] Id.

[36] 2020 Annual Report at 40.

[37] Annual Report at 38.

[38] Id.

[39] Id.

[40] Id.

[41] Annual Report at 44.

[42] Id.

[43] Annual Report at 4, 22.

[44] Annual Report at 45.

[45] 2020 Annual Report at 48; Annual Report at 45.

[46] “Treasury Releases CFIUS Annual Report for 2021,” (Aug. 2, 2022) available at:
https://home.treasury.gov/news/press-releases/jy0904.

The following Gibson Dunn lawyers prepared this client alert: Stephenie Gosnell Handler, David Wolber, Judith Alison Lee, Adam M. Smith, Annie Motto, and Jane Lu*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the above developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s International Trade practice group:

United States
Judith Alison Lee – Co-Chair, International Trade Practice, Washington, D.C. (+1 202-887-3591, jalee@gibsondunn.com)
Ronald Kirk – Co-Chair, International Trade Practice, Dallas (+1 214-698-3295, rkirk@gibsondunn.com)
Courtney M. Brown – Washington, D.C. (+1 202-955-8685, cmbrown@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202-887-3786, dburns@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202-955-8510, shandler@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213-229-7269, nhanna@gibsondunn.com)
Marcellus A. McRae – Los Angeles (+1 213-229-7675, mmcrae@gibsondunn.com)
Adam M. Smith – Washington, D.C. (+1 202-887-3547, asmith@gibsondunn.com)
Christopher T. Timura – Washington, D.C. (+1 202-887-3690, ctimura@gibsondunn.com)
Laura R. Cole – Washington, D.C. (+1 202-887-3787, lcole@gibsondunn.com)
Annie Motto – Washington, D.C. (+1 212-351-3803, amotto@gibsondunn.com)
Chris R. Mullen – Washington, D.C. (+1 202-955-8250, cmullen@gibsondunn.com)
Samantha Sewall – Washington, D.C. (+1 202-887-3509, ssewall@gibsondunn.com)
Audi K. Syarief – Washington, D.C. (+1 202-955-8266, asyarief@gibsondunn.com)
Scott R. Toussaint – Washington, D.C. (+1 202-887-3588, stoussaint@gibsondunn.com)
Shuo (Josh) Zhang – Washington, D.C. (+1 202-955-8270, szhang@gibsondunn.com)

* Jane Lu is a trainee solicitor working in the firm’s Hong Kong office who is not yet admitted to practice law.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

I. Introduction: Themes and Notable Developments in Rulemaking & Enforcement

A. Heightened Enforcement

In our 2021 Year-End Review, we noted that the Division of Enforcement under this Administration had outlined its vision of aggressive, heightened enforcement through an escalation of existing remedies, including increased penalties, individual bars and admissions. The first half of 2022 reflected the Enforcement Division pursuing the playbook as forecasted.

In the first half of 2022, the Commission filed complaints or settled matters in many of its priority areas, such as digital assets and environmental, social and governance (“ESG”) disclosures, and assessed significantly heightened monetary penalties.[1]

The Commission also brought its first substantive enforcement action involving Regulation Best Interest (“Reg BI”).[2] Reg BI—which establishes a “best interest” standard for investment recommendations by broker-dealers—went into effect on June 20, 2020, and abrogates the prior suitability standard for retail customers. The SEC filed a complaint relating to the sale of allegedly high-risk bonds to a number of retail customers alleging, among other things, that the broker-dealer did not conduct adequate diligence on the bonds, did not adequately advise its brokers of the risks, and did not have adequate policies and procedures for compliance with Reg BI.

The Commission’s Reg BI action is also an example of its continuing emphasis on naming and/or charging individual respondents along with entities. Notwithstanding the alleged institutional shortcomings, the complaint also names five individual brokers who earned as little as $5,400 in commissions from the sale of the bonds. All the defendants are litigating the action.[3] (More details are provided in the Broker-Dealers section below.) The result inevitably increases the litigation burden on the Staff of the Enforcement Division.

B. The Age of Dissent

Also of note is the extent to which the Commission’s heightened enforcement agenda is routinely drawing public dissent from at least one of the Commissioners, Hester Peirce.

Commissioner Peirce has long been critical of the Commission’s approach to regulation of the market for digital assets. In February, she reiterated that same criticism in response to a settled enforcement action against a financial services company to which investors lend crypto assets in exchange for a variable interest rate generated through the use of the crypto assets in lending and investment activities. The settled enforcement action alleged, among other things, violations of the registration provisions of the Securities Act and Investment Company Act. Commissioner Peirce again criticized the Commission’s lack of flexibility in subjecting the respondent to challenging registration requirements of the Investment Company Act without a willingness to structure a workable exemption that would still accomplish the Commission’s regulatory mission. Commissioner Peirce admonished that if the Commission is sincere in its invitation to hear from participants in digital asset markets, then the Commission “need[s] to commit to working with these companies to craft sensible, timely, and achievable regulatory paths.”[4]

In another example, in response to a settled insider trading enforcement action, Commissioner Peirce undertook a granular analysis of the factual findings of the Commission’s order and criticized the sufficiency of the evidence to establish the elements of a violation. The Commission found that the respondent had misappropriated material nonpublic information from a business partner who was on the board of the issuer. In finding that the respondent had become aware of material nonpublic information, the order pointed to public facts that the business partner had joined the board in part to assist with pursuing strategic opportunities combined with the respondent “observing [the insider’s] increased activities” at the issuer. Describing the order’s series of inferences as “a rickety structure at best,” Commissioner Peirce noted that the order appears to endorse an unsupported approach to the standard of materiality in which “the existence of a relationship of trust and confidence somehow transmogrifies non-material, public information into material, non-public information.” Of course, as a settled order, the Commission’s theory of liability is not subject to the test of litigation.[5]

More recently, Commissioner Peirce dissented from a settled enforcement action against a broker-dealer for alleged violations of the suitability, compliance and recordkeeping provisions arising from the sale of certain variable rate structured products. Commissioner Peirce dissented because the settlement order recited that, in accepting the respondent’s offer, the Commission took into consideration the respondent’s remedial acts, which included adopting a policy that prohibits the sale of the securities at issue to retail customers. Commissioner Peirce argued that the “Commission’s orders should not intimate that certain types of investments are never suitable for particular classes of investors.” In particular, Commissioner Peirce noted that the Commission’s acknowledgment of, and reliance on, the remedial step taken by the respondent “may be read either as implying that an absolute prohibition on the sale of a specific product is the only acceptable remedial measure here or as an expectation for other firms dealing with retail clients.”[6]

In another recent example, Commissioner Peirce issued a lengthy public dissent from a settled enforcement action against an accounting firm because the action was based in part on an alleged failure of the respondent to update a response to a voluntary information request from the Staff, notwithstanding that the respondent firm investigated and self-reported the underlying issue to its primary regulator, the PCAOB. Commissioner Peirce sharply criticized the Commission’s position as “lack[ing] sound legal grounding,” “woefully misguided” and “patently unfair.”[7]

These examples are important in that persons and entities subject to investigation have an audience on the Commission, albeit a minority, that provides a potential counterweight to the most aggressive instincts of this Commission, and may be receptive to arguments or positions that are contrary to those advanced by the Enforcement Division. However, make no mistake: the majority of this Commission will continue to pursue an aggressive enforcement agenda for the remainder of this Administration.

C. Litigation Update

In mid-July, the United States Court of Appeals for the Second Circuit issued a decision in SEC v. Rio Tinto plc, definitively limiting the way that the SEC has interpreted the boundaries of scheme liability after the Supreme Court’s decision in Lorenzo v. SEC. The SEC argued in Rio Tinto that alleged misstatements and omissions in annual reports and offering documents could form the basis of a scheme liability claim. The Second Circuit disagreed, holding that Lorenzo did not abrogate prior caselaw that scheme liability requires fraudulent conduct beyond mere misstatements and omissions. Our prior client alert provides additional information regarding the decision.

D. Commissioner and Senior Staffing Update

In the first half of 2022, the Commission experienced a number of changes in its senior staff, as well as the addition of a new Commissioner (with another Commissioner joining in July).

In June, Mark T. Uyeda was sworn into office as a Commissioner, filling the position most recently held by Elad Roisman.[8] He is the first Asian Pacific American to serve as a Commissioner at the SEC. He served on the staff of the SEC for 15 years before his appointment to the Commission, including as a Senior Advisor to various Commissioners and in roles in the Division of Investment Management. Commissioner Uyeda, a Republican, and Jaime Lizárraga, a Democrat, were both confirmed by the Senate earlier that month.[9] Mr. Lizárraga most recently served as a Senior Advisor to House Speaker Nancy Pelosi, and previously worked on the Democratic staff of the House Financial Services Committee.[10] He was sworn in on July 18 to fill the seat of Allison Herren Lee following her departure from the Commission.

At the staff level, the Division of Examinations, in particular, saw significant changes in leadership. Daniel S. Kahl, Acting Director of the Division, left the SEC in March.[11] Following Mr. Kahl’s departure, Richard R. Best left his post as Director of the New York Regional Office to serve as Acting Director and, later, Director of the Division of Examinations.[12] In January, the Division’s Deputy Director since 2018, Kristin Snyder, also left the agency.[13] Ms. Snyder had also led the Investment Adviser/Investment Company (IA/IC) examination program, including the Private Funds unit, since 2016. Following her departure, Joy Thompson has been serving as Acting Deputy Director and Acting Associate Director of the Private Funds Unit, and Natasha Vij Greiner has been serving as Acting Co-National Associate Director of the IA/IC examination program.

There was significant turnover at the regional offices, with five of eleven regional offices experiencing changes in leadership. Those changes, as well as other changes in the senior staffing of the Commission, include:

In February, Lori H. Price was named Acting Director of the Office of Credit Ratings, replacing Ahmed A. Abonamah, who left the agency that month.[14]
Also in February, Kelly L. Gibson, Director of the SEC’s Philadelphia Regional Office since 2020, left the agency.[15] Scott Thompson and Joy Thompson have been serving as Acting Co-Directors of the Philadelphia Regional Office following Ms. Gibson’s departure.
In March, Lara Shalov Mehraban began serving as Acting Director of the New York Regional Office following Richard R. Best’s transition to his new role in the Division of Examinations.[16]
Also in March, Erin E. Schneider, Director of the SEC’s San Francisco Regional Office since 2019, left the agency.[17] Monique C. Winkler has been serving as Acting Regional Director following Ms. Schneider’s departure.
In June, Tracy S. Combs was named Director of the Salt Lake Regional Office.[18] Combs previously served in the agency’s Division of Enforcement, including as counsel to the Director of Enforcement since 2021. Tanya Beard, who served as Acting Director prior to Ms. Comb’s appointment, remains in the Salt Lake Regional Office as Assistant Regional Director of Enforcement.
In July, Kurt. L. Gottschall, Director of the Denver Regional Office since 2018, left the SEC.[19] Jason J. Burt and Thomas M. Piccone have been serving as Co-Acting Regional Directors following Mr. Gottschall’s departure.

E. SPACs

The SEC continued its focus on Special Purpose Acquisition Companies (“SPACs”) in the first half of 2022. While there were no enforcement actions specifically related to SPACs, the SEC, in March, proposed new rules intended to enhance disclosure and investor protection in initial public offerings (“IPOs”) by SPACs and in subsequent business combinations between SPACs and private operating companies (“de-SPAC transactions”).[20] SEC Chair Gary Gensler described these proposed rules as crucial to “help ensure” that “disclosure[,] standards for marketing practices[,] and gatekeeper and issuer obligations” as applied in the traditional IPO context also apply to SPACs.[21] Chair Gensler further observed that “[f]unctionally, the SPAC target IPO is being used as an alternative means to conduct an IPO.”[22]

The proposed rules, which include new rules and amendments to existing rules, involve four key components:

Disclosure and Investor Protection: creating specific disclosure requirements with respect to, among other things, compensation paid to sponsors, potential conflicts of interest, dilution, and the fairness of the business combination, for both the SPAC IPOs and de‑SPAC transactions;
Business Combinations Involving Shell Companies: deeming a business combination transaction involving a reporting shell company and a private operating company as a “sale” of securities under the Securities Act of 1933 (the “Securities Act”) and amending the financial statement requirements applicable to transactions involving shell companies. Furthermore, the rules will amend the current “blank check company” definition to make clear that SPACs cannot rely on the safe harbor provision under the Private Securities Litigation Reform Act of 1995 when marketing a de-SPAC transaction;
Projections: expanding and updating the Commission’s guidance on the presentation of projections in filings with the Commission to address the reliability of such projections; and
New Safe Harbor under the Investment Company Act of 1940: creating a safe harbor that SPACs may rely on to avoid being subject to registration as investment companies under the Investment Company Act of 1940. The safe harbor would (i) require SPACs to hold only assets comprising of cash, government securities, or certain money market funds; (ii) require the surviving entity to be engaged primarily in the business of the target company; and (iii) impose a time limit, from the SPAC IPO, of 18 months for the announcement (and 24 months for the completion) of the de-SPAC transaction.

For a more detailed discussion of these proposed rules, see our prior alert on the subject.

F. Cybersecurity

The SEC continued its history of rulemaking in the area of cybersecurity matters during the first half of 2022.

1. Public Companies

In March, the SEC proposed further amendments to its rules which would require, among other things, current reporting about material cybersecurity incidents and periodic reporting to provide updates about previously reported cybersecurity incidents.[23] The proposal also would require periodic reporting about a public company’s policies and procedures to identify and manage cybersecurity risks; the registrant’s board of directors’ oversight of cybersecurity risk; and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures. The proposal further would require annual reporting or certain proxy disclosure about the board of directors’ cybersecurity expertise, if any.

For a more detailed discussion of the proposed rule, see our prior alert on the subject.

2. Investment Management

In February, the SEC voted to propose rules related to cybersecurity risk management for registered investment advisers, and registered investment companies and business development companies (funds), as well as amendments to certain rules that govern investment adviser and fund disclosures.[24] The proposed rules would require advisers and funds to adopt and implement written cybersecurity policies and procedures. The proposed rules also would require advisers to report significant cybersecurity incidents affecting the adviser or its fund or private fund clients to the Commission on a new confidential form, and to publicly disclose cybersecurity risks and significant cybersecurity incidents that occurred in the last two fiscal years in their brochures and registration statements. Additionally, the proposal would set forth new recordkeeping requirements for advisers and funds.

For further discussion of the proposed rule, see our prior alert regarding 2022 rule proposals targeting advisers to private funds.

G. ESG

The Division of Enforcement’s Climate and ESG Task Force, led by Sanjay Wadhwa, Deputy Director of the Division of Enforcement, has ramped up its efforts since its founding in May 2021, reportedly using “sophisticated data analysis to mine and assess information” to identify “material gaps or misstatements” in issuer’s disclosures and disclosures relating to investment advisers’ and funds’ ESG strategies.[25] Meanwhile, the Commission is also engaged in a number of rulemaking efforts relating to ESG.

1. Public Companies

In March, the SEC proposed rule changes that would require registrants to include certain climate-related disclosures in their registration statements and periodic reports.[26] The proposed rule changes would require a registrant to disclose information about (i) the issuer’s governance of climate-related risks and relevant risk management processes; (ii) how any climate-related risks identified by the registrant have had or are likely to have a material impact on its business and consolidated financial statements, which may manifest over the short-, medium-, or long-term; (iii) how any identified climate-related risks have affected or are likely to affect the registrant’s strategy, business model, and outlook; and (iv) the impact of climate-related events, and transition activities on the line items of a registrant’s consolidated financial statements, as well as on the financial estimates and assumptions used in the financial statements.

For public companies that already conduct scenario analyses, have developed transition plans, or publicly set climate-related targets or goals, the proposed amendments would require certain disclosures to enable investors to learn about those aspects of the registrants’ climate risk management.

The proposed rules also would require a registrant to disclose information about its direct greenhouse gas (“GHG”) emissions and indirect emissions from purchased electricity or other forms of energy, as well as from upstream and downstream activities in its value chain. The proposed rules provide a safe harbor for liability and an exemption from certain disclosure requirements for smaller reporting companies. Under the proposed rule changes, accelerated filers and large accelerated filers would be required to include an attestation report from an independent attestation service provider, with additional phase-ins over time.

According to Chair Gensler, the SEC has received 14,500 comment letters on the proposal.[27] For a more detailed discussion of the proposal, see our prior alert on the subject.

2. Investment Management

In May, the SEC proposed amendments to rules and reporting forms applying to certain registered investment advisers, advisers exempt from registration, registered investment companies, and business development companies.[28] The proposed amendments seek to categorize certain types of ESG strategies broadly and require funds and advisers to provide more specific disclosures in fund prospectuses, annual reports, and adviser brochures based on the ESG strategies they pursue. Funds focused on the consideration of environmental factors generally would be required to disclose the GHG emissions associated with their portfolio investments. Funds claiming to achieve a specific ESG impact would be required to describe the specific impacts they seek to achieve and summarize their progress on achieving those impacts. Funds that use proxy voting or other engagement with issuers as a significant means of implementing their ESG strategy would be required to disclose information regarding their voting of proxies on particular ESG-related voting matters and information concerning their ESG engagement meetings. Finally, the proposal would require certain ESG reporting on Forms N-CEN and ADV Part 1A.

In May, the SEC also proposed amendments to the Investment Company Act “Names Rule” with the stated goal of “moderniz[ing] the Names Rule for today’s markets,” including for ESG-related funds.[29] The current rule requires registered investment companies whose names suggest a focus in a particular type of investment to adopt a policy to invest at least 80% of the value of their assets in those types of investments. The proposed amendments would extend the requirement to any fund name with terms suggesting that the fund focuses in investments that have (or whose issuers have) particular characteristics, including fund names with terms such as “growth” or “value,” or terms indicating that the fund’s investment decisions incorporate one or more ESG-related factors.

An investment adviser ESG-related disclosure case is described below in III.B.

H. Whistleblower Awards

Coming off a record-breaking year, the pace and size of whistleblower awards has slowed in the first half of 2022. Through June of this year, the SEC’s whistleblower program has awarded approximately $88 million to 22 separate whistleblowers. This is less than half of the payments awarded during the same time period in 2021, which saw nearly $200 million in awards to 45 individuals.

Still, the whistleblower program remains significant for the Commission, with approximately $1.3 billion paid to 273 individuals since the program’s inception in 2012. Further, the SEC remains committed to incentivizing whistleblowers to come forward with information, and to rewarding their efforts. In February, the SEC proposed two amendments to whistleblower program rules aimed at further enticing whistleblowers to come forward.[30] The first proposed change would allow the Commission to pay whistleblower awards, even if the awards might otherwise be paid under another federal agency program.[31] The second change would affirm the SEC’s discretionary authority to consider the dollar amount of potential awards for the sole purpose of increasing any award under Rule 21F-6, which would preclude considering the dollar amount to decrease any award.[32]

Significant whistleblower awards granted during the first half of this year include:

Three awards in January, including a payment of over $13 million to a whistleblower who “promptly” notified the Commission of an ongoing fraud and provided “extensive” assistance thereafter, which led to the opening of an investigation and a successful enforcement action;[33] an award totaling more than $4 million to three whistleblowers in two separate enforcement proceedings, all described as providing “critical” information during the investigation;[34] and awards totaling more than $40 million to four whistleblowers, two of whom received a combined $37 million for providing “key evidence,” while the third received approximately $1.8 million for providing information which prompted a separate related action, and the fourth received a $1.5 million award for providing information that “shaped the staff’s instigative strategy.”[35]
Four awards in March, including a payment of more than $3.5 million to a whistleblower for contributing to the success of two enforcement actions and helping save the SEC staff time and resources;[36] an award of approximately $14 million to a whistleblower whose online report and outreach to staff exposed an ongoing fraud and prompted a successful enforcement action along with restitution to investors;[37] awards totaling approximately $3 million to three whistleblowers who provided information that prompted the SEC staff to open investigations and provided ongoing assistance in three separate actions;[38] and an award of $1.25 million to a whistleblower who provided “high-quality information and exemplary cooperation,” including identifying witnesses and explaining key documents, which led to a successful enforcement action and saved the SEC staff time and resources.[39]
An award in April of $6 million to five whistleblowers in a single enforcement proceeding who each provided ongoing assistance, in the form of either key documents or firsthand accounts of misconduct.[40]
An award in May totaling nearly $3.5 million to four whistleblowers who provided information which led to a successful enforcement action. Three of these whistleblowers provided the SEC with information that led to the opening of a new investigation, while the fourth provided analysis, which “focused the staff’s attention on new allegations.”[41]

II. Public Company Actions

Public company accounting and disclosure cases continued to comprise a significant portion of the SEC’s cases in the first half of 2022, and included a range of financial reporting, disclosure, and professional responsibility enforcement actions.

A. Financial Reporting

In February, the SEC announced settled charges against a healthcare company and two former employees for alleged accounting improprieties stemming from intra-company foreign exchange transactions that resulted in a purported misstatement of the company’s net income.[42] The SEC alleged that, from 1995 to 2019, the company used a non-GAAP convention for converting non-U.S. dollar transactions, assets, and liabilities on its financial statements. The SEC further alleged that, beginning in 2009, the company purposefully used this convention for the purpose of generating foreign exchange accounting gains and avoiding losses of the same. Further, the SEC alleged that one former employee did not take steps to investigate the company’s consistently generated gains. Without admitting or denying the allegations, the company and its former employees agreed to cease and desist from future violations. The company agreed to pay an $18 million fine, and the former employees agreed to pay nearly $315,000 combined in civil penalties and disgorgement.

In April, the SEC announced a settled action against a pest control company and a former executive for allegedly making improper accounting adjustments through reducing accounting reserves without analyzing appropriate criteria under GAAP in order to meet quarterly earnings per share targets.[43] The SEC further alleged that the company and former executive failed to adequately memorialize the basis for these accounting entries and that the company failed to document other quarterly entries from 2016 to 2018. Without admitting or denying the allegations, the company and executive agreed to cease and desist from future violations, and pay penalties of $8 million and $100,000, respectively. The company’s penalty was the highest yet under the SEC’s earnings per share (“EPS”) initiative, which relies on data analytics to uncover hard-to-detect accounting and disclosure violations.

In June, the SEC announced a settled action against a telecommunications-support technology company and several of its senior employees for improper accounting practices, including improperly recognizing revenue on multiple transactions and misleading the company’s auditors.[44] The SEC alleged that, from 2013 to 2017, senior employees of the company improperly accounted for three categories of transactions which resulted in overstating revenue in pursuit of meeting earnings targets: (1) transactions without persuasive evidence of an arrangement; (2) acquisitions and divestitures where revenue was recognized on license agreements instead of netting those amounts against purchase prices; and (3) license and hosting transactions where it recognized revenue upfront, instead of rated over the term of the arrangement. The SEC also alleged that certain employees attempted to conceal that revenue had been improperly recognized upfront when, instead, it was contingent on future events. Without admitting or denying the SEC’s findings, the company agreed to cease and desist from further violations and pay a $12.5 million civil penalty; three former employees and one current employee settled for civil penalties ranging from $15,000 to $90,000; and the company’s former general counsel agreed to pay a $25,000 penalty and to a suspension from appearing or practicing as an attorney before the SEC for 18 months. The company’s founder and former CEO, while not charged with misconduct, agreed to reimburse the company $1.3 million in stock sale profits and bonuses, and return shares of company stock. Additionally, the SEC filed a complaint in the Southern District of New York against both the company’s former CFO and the former Controller, seeking civil penalties, restitution, bars, and permanent injunctions. That litigation remains ongoing.

B. Public Statements and Filing Disclosures

In January, the SEC settled an action—without any monetary penalties—against a private technology company after it made significant remedial efforts in the wake of an internal investigation into misconduct by its now-former CEO.[45] As profiled in our last update, the SEC issued a complaint against the then-CEO of the company, after he allegedly inaccurately claimed the company had achieved strong and consistent revenue and customer growth in order to push it to a “unicorn” valuation of over $1 billion. The company’s Board of Directors conducted an internal investigation leading to the CEO’s removal and a revised valuation down to $300 million. The Board instituted other remedial measures, including the repayment of investors, hiring of new senior management, expansion of its board, and institution of processes and procedures to increase transparency and accuracy of deal reporting. The SEC highlighted these remedial actions and the company’s extensive cooperation in the matter as factors counseling against imposing a penalty. Accordingly, the company settled the complaint for a permanent injunction against further violations without admitting or denying wrongdoing.

In April, the SEC filed a complaint against a former executive of a Brazilian reinsurance company for making allegedly false statements claiming that a large, multi-national conglomerate had recently made a substantial investment in the company.[46] The SEC alleged that, in February 2020, the executive planted misleading stories with the media, created and shared fabricated shareholder lists purporting to show substantial purchases of the company’s stock by the conglomerate, and shared information with analysts and investors purporting to show this investment. The SEC alleged that, as a result of this information, the reinsurance company’s stock price rose by more than 6% during the following 24 hours, and dropped more than 40% after the conglomerate denied the investment. The SEC filed a complaint against the former executive seeking a permanent injunction, officer and director bar, and civil monetary penalties. The Department of Justice also announced criminal charges against the individual.

In May, the SEC announced settled charges against a healthcare supply chain company and a complaint against its former CEO and Chairman of the Board for making allegedly false statements regarding the company’s plan to distribute COVID-19 rapid test kits.[47] The SEC alleged that, in April 2020, the company issued a press release announcing a “committed purchase order” for two million COVID-19 test kits, as well as an ongoing commitment to purchase two million more test kits every week for nearly six months. However, the company allegedly had neither an executed purchase agreement nor a supplier for the tests. The SEC alleged that after the announcement, the company, which was struggling financially at the time, saw a 425% increase in stock price from the prior trading day. Without admitting or denying the allegations, the company agreed to a settlement that included permanent injunctions, a $125,000 penalty, and more than $500,000 in disgorgement. The U.S. Attorney’s Office for the District of New Jersey and the U.S. Department of Justice’s Criminal Division also announced criminal charges against the former CEO.

C. Gatekeepers

In June, the Commission instituted a settled action against a credit rating agency and its CEO for allegedly violating various conflict of interest rules.[48] The SEC’s complaint alleged that the CEO engaged in sales and marketing activities related to a client while, at the same time, determining that client’s credit rating, in violation of Rules 17g-5(c)(8)(i)–(ii) of the Exchange Act. The complaint also alleged that the agency violated Rule 17g-5(c)(1) (the “Ten Percent Rule”) by allegedly continuing to issue and maintain ratings for another client, even though that client had contributed more than 10% of the agency’s revenues in the prior fiscal year. Lastly, the SEC alleged that the agency did not establish, maintain, and enforce sufficient internal controls to manage these conflicts of interest. Without admitting or denying the SEC’s findings, both the agency and its CEO agreed to pay a total of $2 million in civil penalties, as well as over $146,000 in disgorgement.

Also in June, the SEC instituted a settled action against an audit firm and three of its partners for alleged improper professional conduct after failing to investigate two clients’ financial statements despite known concerns about the accuracy of one client’s goodwill impairment calculations and another’s related party transactions.[49] The SEC alleged that, in 2016 and 2017, the audit firm and its partners allegedly improperly accepted its clients’ determination that their goodwill had not been impaired or reduced in value, despite internal beliefs that the goodwill valuation methods employed by the clients were insufficient. The SEC also alleged that the audit firm’s quality control systems led to the failure to adhere to adequate professional auditing standards. Without admitting or denying the allegations, the audit firm agreed to pay a $1.9 million penalty, to be censured, and to retain an independent consultant to review and evaluate certain control policies and procedures. The partners, without admitting or denying the allegations, agreed to each pay penalties ranging from $20,000 to $30,000; two partners additionally agreed to one- and three-year suspensions to practicing before the SEC, and the third partner agreed to a censure. The audit firm’s two clients at issue previously settled with the SEC related to the same financial disclosures, but with different outcomes: one of the audit firm’s clients and the client’s employees agreed to a settlement involving multi-million dollar monetary fines, restitution, and injunctive relief in June 2019;[50] the other client agreed to a no-penalty settlement without admitting or denying wrongdoing.[51]

Also in June, the SEC settled an action with an accounting firm relating to cheating by the firm’s employees on CPA ethics exams over a number of years, which was aggravated by the SEC’s perceived failure by the firm to correct its response to an earlier SEC voluntary request for information regarding the matter.[52] In June 2019, in the wake of a settlement with a different accounting firm regarding a similar issue, the firm received a voluntary information request from the SEC regarding complaints about cheating on CPA ethics exams, and the SEC asked for a response only one day later. The firm complied with the short response timeline, but its response did not include a relevant whistleblower report that was first made the same day the firm received the voluntary information request, and of which the legal department was not aware of its existence at the time of its initial response to the SEC. After becoming aware of this report, the firm conducted an internal investigation into the issue and later reported its results to the PCAOB. However, the SEC reasoned that the firm had violated the PCAOB’s professionalism rules because it did not promptly supplement its initial response to the SEC’s June 2019 voluntary information request with information about the whistleblower’s report. The firm settled the SEC’s allegations, agreeing to pay a $100 million fine, as well as to engage two independent consultants to make recommendations for further internal improvements. As noted above, Commissioner Peirce issued a forceful dissent from the settlement, arguing that the SEC’s “unduly punitive terms” were overly focused on the firm’s “imperfect compliance” with the SEC staff’s request to respond with information the next day, and ignored the “central issue” of cheating by the auditing professionals employed by the firm.[53]

III. Investment Advisers

A. Misuse of Investor Funds

In January, the SEC charged a financial adviser (dual registered representative of a broker-dealer and investment adviser) for allegedly misappropriating nearly $6 million from a client[54] over a six-year period and using the money for personal expenses, and to repay money that he had taken from another client. The SEC alleged the adviser created false account statements, forged signatures on documents, and altered financial records to cover up his actions. The SEC is seeking injunctive relief, disgorgement, and civil penalties. The U.S. Attorney’s Office for the Southern District of Florida filed parallel criminal charges.

In March, the SEC announced fraud charges against an investment adviser for allegedly using investor funds for personal expenses and a Ponzi-like scheme.[55] According to the SEC, the adviser told investors that their pooled money would be invested using a proprietary algorithm. The SEC alleged that, instead, the adviser used investor funds to pay off his own personal expenses and to repay previous investors while misleading current investors about their returns. The same adviser was permanently barred from the securities industry in a 1992 SEC enforcement action.[56] In the current case, the SEC is seeking an injunction, disgorgement, and penalties against the adviser. The U.S. Attorney’s Office for the District of New Jersey brought parallel criminal charges.

In May, the SEC charged a hedge fund and its sole owner for allegedly misappropriating millions of investors’ funds.[57] According to the SEC, over a period of nearly five years, the hedge fund and its owner raised approximately $39 million from more than 100 investors and thereafter made inaccurate statements about the fund’s performance (incurring $27 million in trading losses), falsified investors account documents, misrepresented the fact that the fund did not have an auditor, engaged in a Ponzi-like scheme with new investor funds being paid to earlier investors, and took money from the fund to pay for personal expenses, including jewelry. The SEC sought and obtained emergency relief and an asset freeze against the hedge fund and its owner, and the litigation remains ongoing.

B. Material Misrepresentations

In February, the SEC announced a settled action against a robo-adviser based on allegations that it made misleading statements and failed to comply with its own representations that it was compliant with Shari’ah law.[58] The SEC alleged the robo-adviser promoted its own proprietary funds when no such funds existed, then used investor funds to seed an exchange-traded fund without any disclosure to the investors. In addition, the SEC claimed that the robo-adviser promoted itself as compliant with Shari’ah law, including marketing an income purification process, but then took no actions to ensure this compliance. Without admitting or denying the allegations, the adviser agreed to a cease-and-desist order, to retain an independent compliance consultant, and to pay a $300,000 penalty.

In February, the SEC announced charges against the former Chief Investment Officer and founder of an investment adviser to a mutual fund and a hedge fund, based on allegations that the CIO significant overvalued assets, resulting in his receipt of $26 million of improper profit distributions.[59] According to the SEC, the CIO altered documents describing the funds’ valuation policies and sent forged term sheets to the auditor of the mutual and private funds. The former CIO was removed from his position in February 2021 after the SEC’s Staff showed the firm information suggesting that the CIO had been adjusting the company’s third-party pricing model. Shortly thereafter, at the mutual fund’s request, the SEC issued an order suspending redemptions.[60] The U.S. Attorney’s Office for the Southern District of New York is pursuing parallel criminal charges.

In March, the SEC announced a settled action against an investment adviser for using its discretionary trading authority to invest advisory clients in proprietary mutual funds and failing to disclose the corresponding conflict of interest.[61] Without admitting or denying the allegations, the adviser agreed to a cease-and-desist order, to obtain an independent compliance consultant, and to pay disgorgement and penalties totaling $30 million.

In March, the SEC announced a settled action against a venture capital fund adviser and its CEO for allegedly making misstatements about the adviser’s management fees and otherwise breaching its operating agreement.[62] The SEC alleged that certain promotional material advertised a management fee that was much lower than what the adviser actually assessed. In addition, the SEC claimed that the adviser made cash transfers between various funds that were not authorized by the adviser’s operating agreement. Without admitting or denying the allegations, the adviser agreed to repay $4.7 million to the affected private funds along with a $700,000 penalty; the CEO agreed to pay a $100,000 penalty.

In April, the SEC announced a settled action against an asset manager and its former co-CEOs based on alleged misrepresentations about the asset manager’s prospects for growth.[63] According to the SEC, the asset manager overstated its assets by including amounts provisionally committed by clients who had no obligation to ultimately invest with the manager. The SEC alleged that the inclusion of these investments inflated the asset manager’s value and led investors to vote in favor of a merger for the asset manager that would result in higher paying jobs for the co-CEOs. Without admitting or denying the allegations, the co-CEOs and asset manager agreed to a cease-and-desist order and to pay a $10 million penalty.

In May, the SEC charged an investment firm for alleged misstatements and omissions about ESG considerations in making investment decisions for certain mutual funds that it managed.[64] The SEC’s order alleged that, from July 2018 to September 2021, the firm represented or implied in various statements that all investments in the funds had undergone an ESG quality review. But according to the SEC, numerous investments held by certain funds did not have an ESG quality review score as of the time of investment. Without admitting or denying the SEC’s findings, the firm agreed to a cease-and-desist order, a censure, and to pay a $1.5 million penalty.

Also in May, the SEC announced a settled action against a variable annuities principal underwriter for alleged sales practice misconduct by its wholesalers.[65] The SEC alleged employees of the wholesaler caused exchange offers to be made to customers and clients of its affiliated retail broker-dealer and investment adviser to switch from one variable annuity to another to increase sale commissions Notably, this case represents the first-ever enforcement proceeding under Section 11 of the Investment Company Act of 1940, which, absent an exception, prohibits any principal underwriter from making or causing to be made an offer to exchange the securities of registered unit investment trusts (including variable annuities) unless the terms of the offer have been approved by the SEC. Without admitting or denying the allegations, the respondent agreed to a cease-and-desist order and to pay a $5 million penalty.

Also in May, the SEC announced charges and settlements with an investment adviser and three of the adviser’s former senior portfolio managers for allegedly concealing the downside risks of an options trading strategy from approximately 114 institutional investors who invested approximately $11 billion in the strategy between 2016 and 2020.[66] According to the complaint and consent orders, the lead portfolio manager, with the assistance of two senior managers, manipulated financial reports and other information provided to investors to conceal the magnitude of the strategy’s risk and the strategy’s actual performance. In one instance, the senior portfolio managers allegedly reduced losses in one scenario in a risk report sent to investors from approximately negative 42.15% to negative 4.15%. The SEC alleged that the group took several steps to conceal their conduct, including by providing false testimony to the SEC. In settling the action, the investment adviser, which pleaded guilty to criminal charges, admitted that its conduct violated securities laws and agreed to a cease-and-desist order, a censure, and payment of $349.2 million in disgorgement and prejudgment interest and a fine of $675 million. Two of the three portfolio managers also consented to orders that included associational and penny stock bars as well as monetary relief to be determined in the future. The SEC’s litigation against the lead portfolio manager is ongoing.

In June, the SEC announced a settled action against an investment adviser and two affiliated companies based on allegations that the affiliates did not sufficiently describe in their historical disclosures how allocating a portion of a clients’ funds to cash could affect the performance of their portfolios under certain market conditions.[67] The SEC also alleged that the companies did not adequately disclose an affiliated bank’s ability to earn interest from the cash deposits. The SEC concluded, however, that each of the alleged disclosure deficiencies was fully corrected in November 2018. Without admitting or denying the allegations, the companies agreed to a cease-and-desist order, providing for their payment of approximately $187 million in disgorgement and penalties.

Also in June, the SEC announced a settled action against an investment adviser for allegedly contravening its agreements by allocating certain deal-related expenses across its private equity fund clients in a non-pro rata manner and failing to properly disclose the allocations.[68] According to the SEC, investors in the private equity funds included pension funds, foundations and endowments, other institutional investors, and high net worth individuals. Without admitting or denying the SEC’s allegations, the investment adviser agreed to a cease-and-desist order and to pay a $1 million penalty.

In June, the SEC announced a settled action against an investment adviser based upon allegations that the firm’s financial advisers did not adequately understand the risks associated with an options trading strategy that they recommended to approximately 600 advisory clients between February 2016 and February 2017 clients and thus the recommendations may not have been in the clients’ best interest.[69] Without admitting or denying the SEC’s allegations, the company agreed to a cease-and-desist order and agreed to pay a fine of $17.4 million and disgorgement and prejudgment interest of $7.2 million.

C. New Regulations

In addition to the cybersecurity and ESG-related rule proposals discussed in Section IE above, we note that in February, the SEC proposed a dramatic overhaul to the regulation of private fund advisers.[70] Among other changes, the proposed rules would require private fund advisers to provide investors with quarterly statements regarding fund fees, expenses, and performance. The proposed rule would also prohibit these advisers from giving certain kinds of preferential treatment to investors and would require disclosure to all current and prospective investors in a fund of any preferential rights granted to any investors of the fund.

For a more detailed discussion of the rule proposal, see our prior alert on the subject and the comment letter submitted by the Private Investment Funds Forum, of which GDC was a co-author.

We also note the upcoming November 2022 implementation deadline for the new Marketing Rule, which replaced the former Advertising and Solicitation rules, and caused the SEC to withdraw or modify roughly 200 No Action letters.[71]

IV. Broker-Dealers

A. Misrepresentation

In May, the SEC announced a settled action against a broker-dealer and its co-founder based on allegations that they misled customers as to restricting the purchase of so-called meme stocks in late January 2021.[72] According to the order, the broker-dealer halted purchases of the stocks for about 10 minutes, but after, the broker-dealer and its co-founder stated that it never restricted trading. Without admitting or denying the SEC’s charges, the broker-dealer and co-founder agreed to retain an independent compliance consultant and pay $100,000 and $25,000 fines, respectively.

B. Form-Filling Violations

In February, the SEC announced settled charges against 12 firms, six investment advisers and six broker-dealers, based on allegations that each of the firms failed to timely file and deliver the Form CRS to their existing and/or prospective retail clients and customers.[73] In June 2019, the SEC adopted Form CRS, which SEC-registered investment advisers and broker-dealers that offer services to retail investors are required to file and keep current with the SEC, deliver to existing and prospective clients and customers beginning no later than June/July 2020, and prominently post on their websites the most recently filed version thereof. The SEC alleged that the sanctioned 12 firms missed the regulatory deadlines and, in certain instances, failed to include required information and language in their respective Form CRS. Without admitting or denying the SEC’s findings, the firms each agreed to be censured, to a cease-and-desist order, and to pay civil penalties varying from $10,000 to $97,523.

In May, the SEC announced settled charges against a broker-dealer and investment adviser for allegedly failing to file over 30 suspicious activity reports (“SARs”) between April 2017 and October 2021, which are used to identify and investigate potentially suspicious activity.[74] The SEC’s order alleged that for a nine-month period, the firm failed to file at least 25 SARs as a result of its deficient implementation and testing of a new anti-money laundering (“AML”) transaction monitoring and alert system. The SEC further alleged that the firm failed to file at least nine additional SARs due to its failure to process wire transfer data into its AML transaction monitoring system on dates on which there was a bank holiday without a corresponding brokerage holiday. The order describes the firm’s substantial cooperation and voluntary remedial measures, as well as a thorough internal investigation conducted by the firm, the findings of which were shared with Staff. Notwithstanding, in its press release the SEC characterized the firm as a recidivist, citing to a prior settlement in 2017 relating to an alleged failure to file 50 SARs. Without admitting or denying the SEC’s findings, the firm agreed to a censure, a cease-and-desist order, and to pay a fine of $7 million.

C. Regulation Best Interest (“BI”)

As discussed in the introduction, in June, the SEC charged a broker-dealer and five of its registered representatives for allegedly violating Reg BI when recommending and selling L Bonds to retirees and other retail investors.[75] According to the SEC’s complaint, over a 10-month period, the broker’s registered representatives recommended and sold retail investors approximately $13.3 million in the bonds. According to the SEC, the bond’s issuer described the product as high risk, illiquid, and only suitable for customers with substantial financial resources. In the SEC’s first substantive Reg BI case, the SEC alleges violations of the broker-dealer’s Care Obligation (which requires that the registered representative have a reasonable basis to believe their recommendation is in the best interest of the customer), and Compliance Obligation (which requires that the broker-dealer maintain and enforce written policies and procedures designed to achieve compliance with Reg BI). The SEC is seeking permanent injunctions, disgorgement, and civil penalties.

V. Cryptocurrency and Other Digital Assets

Despite the recent current crypto winter (cryptocurrencies reportedly having lost trillions in value since market highs in 2021), digital assets continue to be a leading-edge asset class and a primary focus for the SEC’s Division of Enforcement, as evidenced by multiple enforcement actions in the first half of 2022, as well as expected rulemaking proposals and dramatic staffing increases in the Commission’s digital asset securities unit.

A. Agency Updates

In May, the SEC announced the allocation of 20 additional positions to the newly renamed Crypto Assets and Cyber Unit (formerly known as the Cyber Unit) in the Division of Enforcement, which will grow to 50 dedicated positions—nearly doubling the size of the unit.[76] According to the SEC, the expanded Crypto Assets and Cyber Unit will focus on investigating securities law violations related to: digital asset offerings; digital asset exchanges; digital asset lending and staking products; decentralized finance (“DeFi”) platforms; non-fungible tokens (“NFTs”); and stablecoins.

B. Fraud

In January, the SEC announced charges against an Australian citizen and two companies he founded for allegedly making false and misleading statements in connection with an unregistered offer and sale of digital asset securities.[77] According to the SEC’s complaint, the Founder claimed to have raised $40.7 million through his companies in an initial coin offering (“ICO”), and allegedly told investors that the ICO proceeds would be used to develop a new technology. Instead, however, he diverted more than $5.8 million in ICO proceeds to gold mining entities. The SEC also alleged that the Founder and his companies did not register their offers and sales of tokens with the Commission, and knowingly sold them to groups of investors without determining whether the underlying investors were accredited. Without admitting or denying the allegations, the Founder and his companies consented to a permanent injunction, and to permanently disable the tokens and remove them from digital asset trading platforms. The Founder further agreed to an officer or director bar, and a penalty of $195,000.

In March, the SEC announced that it charged two individuals with allegedly defrauding retail investors out of more than $124 million through two unregistered offerings of securities involving a digital token.[78] In its complaint, the SEC alleged that the defendants—in roadshows, YouTube videos, and other materials—falsely claimed that its crypto coin was supported by one of the largest crypto mining operations in the world, but that the defendants previously abandoned mining operations after generating less than $3 million in total mining revenue. As alleged, the defendants incorrectly stated that the crypto coin had a $250 million crypto mining operation and was producing $5.4 million to $8 million per month in mining revenues. According to the complaint, the two individuals also arranged for a public website to display a wallet of an unrelated third party showing more than $190 million in assets as of November 2021, even though the coin’s wallets were allegedly worth less than $500,000. Moreover, the complaint alleged that the individuals manipulated the crypto coin’s price and misused investor funds for personal expenses. In a parallel action, the U.S. Attorney’s Office for the Southern District of New York unsealed criminal charges against one of the individuals.

In May, the SEC announced charges against a corporation, its two founders, and two entities controlled by one of its founders.[79] According to the SEC’s complaint, the two founders sold mining packages to investors and promised daily returns of 1%, paid weekly, for a period of up to 52 weeks. The complaint also alleged that, in its early days, investors were promised returns in Bitcoin, but later, defendants required investors to withdraw their investments in the corporation’s own token. The complaint also alleged that investors were required to redeem those tokens on a “fake” crypto asset trading platform created and managed by one of the corporation’s founders, but when investors tried to liquidate their tokens on that asset trading platform, they encountered purported errors and were required to either buy another mining package or forfeit their investments. In April, the United States District Court for the Southern District of Florida issued a temporary restraining order against all of the defendants and an order freezing defendants’ assets, among other relief.

C. Registration and Disclosure

In February, the SEC announced that it charged a company with failing to register the offers and sales of its retail crypto lending product.[80] According to the SEC’s order, the company offered and sold a lending product to the public, through which investors lent crypto assets to the company in exchange for the company’s promise to provide a variable monthly interest payment. The SEC alleged that the lending products were securities, and the company therefore was required to register its offers and sales of the products but failed to do so or to qualify for an exemption from SEC registration. The SEC also alleged that the company operated for more than 18 months as an unregistered investment company because it issued securities and also held more than 40% of its total assets, excluding cash, in investment securities, including loans of crypto assets to institutional borrowers. Finally, the SEC alleged that the company made a false and misleading statement for more than two years on its website concerning the level of risk in its loan portfolio and lending activity. Without admitting or denying the SEC’s allegations, the company agreed to pay a $50 million penalty, cease its unregistered offers and sales of the lending product, and attempt to bring its business within the provisions of the Investment Company Act within 60 days. Finally, in parallel actions, the company agreed to pay an additional $50 million in fines to 32 states to settle similar charges. At the time of the settlement, the company was actively engaged in litigation with multiple states including the New Jersey Attorney General. (Prior to assuming his current role as the Director of the SEC’s Enforcement Division, Gurbir Grewal was the Attorney General for New Jersey.)

In May, the SEC also announced that it settled charges against a technology company for making allegedly inadequate disclosures concerning the impact of cryptomining on the company’s gaming business.[81] The SEC’s order found that, during consecutive quarters in fiscal year 2018, the company failed to disclose that cryptomining was a significant element of its material revenue growth. Specifically, the SEC alleged that the company did not disclose in its Forms 10-Q significant earnings and cash flow fluctuations related to a “volatile business” for investors to ascertain the likelihood that past performance was indicative of future performance. The SEC also alleged that the company’s omissions about the growth of the company’s gaming business were misleading given that the company made statements about how other parts of the company’s business were driven by demand for crypto. Without admitting or denying the SEC’s findings, the company agreed to a cease-and-desist order and to pay a $5.5 million penalty.

VI. Insider Trading

In January, the SEC announced insider trading charges against three Florida residents for allegedly trading in advance of market-moving announcements by three companies.[82] The SEC alleged that one of the individuals obtained non-public information from an insider family member and used it to trade in advance of one company’s earnings announcement, another company’s tender offer, and a third company’s merger announcement, gaining more than $600,000 in personal brokerage profits. The individual allegedly tipped off two friends, who also allegedly traded ahead of these announcements and who were likewise charged by the SEC. According to the SEC’s complaint, one of the tippees used various accounts to trade ahead of all three announcements, resulting in profits of over $4 million; the other tippee allegedly reaped profits of approximately $120,000. The SEC’s complaint seeks permanent injunctions and civil penalties. The U.S. Attorney’s Office of the District of Massachusetts announced criminal charges against the three men for the same conduct.

In March, the SEC filed a complaint against three software engineers of a communications tech company and four of their associates for allegedly trading on confidential information ahead of the company’s positive earnings announcement for the first quarter of 2020.[83] The SEC alleged that the software engineers had learned through their company’s databases that the company’s customers had increased usage of the company’s products and services in response to health measures imposed by the COVID-19 pandemic. The SEC further alleged that the software engineers discussed in a group chat that the company’s stock price would “rise for sure,” after which they tipped off, or used the brokerage accounts of, four of their family members and close friends to trade stock and options in advance of the earnings announcement to generate more than $1 million in profit. The SEC’s action is pending in the Northern District of California. The U.S. Attorney’s Office for the Northern District of California announced criminal charges against one of the tippees.

In April, the SEC announced a settled action against a former accountant of a large multinational restaurant chain for an alleged long-running scheme to trade on confidential information the accountant obtained through his role at the company in advance of the company’s earnings announcements.[84] The SEC alleged that, from 2015 to 2020, the employee engaged in trades across multiple different brokerage accounts tied to himself and family members in advance of earnings announcements, resulting in more than $960,000 in profits. Without admitting or denying the allegations, the accountant consented to an order permanently enjoining him from future violations and to a penalty of over $1.9 million. He also agreed to a suspension from appearing or practicing before the SEC.

In June, the SEC announced settled insider trading charges against a former software engineer of an online gambling company and his longtime friend for allegedly trading on confidential information about the gambling company’s interest in acquiring a mobile sports media company.[85] The SEC alleged that the software engineer purchased 500 out-of-the-money call options on the target mobile sports media company in the weeks and days leading up to the announcement of the acquisition, despite being told not to trade on the information he received. The SEC also alleged that he tipped off his friend about the impending deal through an encrypted messaging application, resulting in approximately $600,000 in combined profits. Without admitting or denying the allegations, the two individuals agreed to a permanent injunction, disgorgement, and civil penalties totaling more than $11,000. The U.S. Attorney’s Office for the Eastern District of Pennsylvania also announced criminal charges against the former software engineer.

VII. Trading and Markets

In March, the SEC commenced an action against five individuals for operating a call center in Colombia that allegedly employed high-pressure sales tactics and made misleading statements to sell the stock of at least 18 small companies trading in U.S. markets.[86] The SEC alleged that the defendants’ call centers employed false personas—including fake names, websites, and phone numbers—to appear as investment management firms. According to the complaint, the call centers then generated over $58 million in trading by making misleading or false statements about the stocks’ prospects for success. The SEC alleged that the defendants received roughly $10 million in exchange for their promotion of these thinly traded stocks. The SEC’s complaint seeks a permanent injunction, disgorgement and civil penalties, and a penny stock bar against the defendants. The complaint also names three additional individuals and one entity as relief defendants and seeks disgorgement from these parties as well.

In April, the SEC brought an action against an individual for making an allegedly false and misleading tender offer announcement.[87] According to the SEC’s complaint, the defendant allegedly placed an advertisement in the New York Times announcing a proposed purchase of all existing stock of a large defense company at a substantial premium. The SEC alleged that this offer was false and misleading because neither the defendant nor his company had the resources necessary to complete the transaction. Moreover, the complaint alleged that the defendant failed to disclose a series of bankruptcies and default judgments and mischaracterized the operations and assets of his company’s corporate parent. The complaint seeks injunctive relief, a monetary penalty, and an officer and director bar against the defendant. In a parallel action, the U.S. Attorney’s Office for the Southern District of New York announced criminal charges against the defendant.

Also in April, the Commission, in three separate complaints, commenced actions against 15 individuals and one entity for engaging in a complex series of allegedly fraudulent microcap operations spanning three continents and generating more than $194 million in illicit proceeds.[88] The SEC alleged that, over many years, various defendants acquired, via offshore companies, majority interests in the penny stocks of at least 17 issuers. Thereafter, the SEC alleged that certain defendants funded promotional campaigns for these stocks to increase demand, at which point some defendants allegedly sold their stocks for significant profits. Two of the three complaints further allege that some defendants used encrypted messaging services and code names to communicate with each other and with offshore trading platforms about the scheme to avoid being detected by regulators. The press release announcing these enforcement actions stated that more than 20 countries’ law enforcement authorities and securities regulators contributed to the SEC’s investigation, which is also associated with parallel criminal actions by the U.S. Attorney’s Office for the Southern District of New York.

Also in April, the SEC filed an action against the owner of an investment firm, as well as the firm’s CFO, head trader, and chief risk officer based on allegations of securities fraud based on misrepresentations and omissions as well as market manipulation, all relating to the trading of certain securities over a seven-month period.[89] The SEC alleged that the owner had purchased, on margin, billions of dollars of total return swaps, resulting in bank counterparties taking on significant positions in the equity securities of the relevant symbols for the purpose of hedging the risk of the swaps. According to the SEC, these swap purchases were intended to drive up the price of the securities. The CFTC also brought a complaint relating to misrepresentations and omissions—but did not allege market manipulation—and the U.S. Attorney’s Office for the Southern District of New York also announced that it is pursuing criminal charges against the individuals involved for the same conduct.

In June, the SEC announced a settled action against an investment adviser based on allegations that on seven occasions between December 2020 and February 2021 the firm violated Rule 105 of Regulation M of the Exchange Act by buying stock shortly after shorting that same stock during a restricted period (i.e., before a covered public offering).[90] The order explains that the firm had relevant policies and procedures and that its systems detected the possible violations both before and after the firm participated in the offerings. In each instance, according to the SEC, the firm’s traders and compliance department bypassed the systematic alerts and exceptions based on their own miscalculations of the restricted period. Thereafter, according to the order, the firm self-identified its errors and the violations, voluntarily and proactively remediated the errors and self-reported the violations to the SEC. Without admitting or denying the SEC’s allegations, the firm agreed to pay a fine of $200,000 and $6.7 million in disgorged profits.

VIII. Municipal Securities

In March, the SEC announced a settled action against a school district and its former CFO, alleging that they misled investors who purchased $20 million in municipal bonds.[91] The SEC also announced settled charges against the district’s auditor for alleged impropriety in connection with an audit of the district’s financial statements. According to the SEC’s complaint and orders, the district and CFO provided investors with misleading financial statements containing inflated general fund reserves and omitted payroll and construction liabilities. The district, without admitting or denying any findings, agreed to settle the SEC’s charges by consenting to a cease-and-desist order. The former CFO, also without admitting or denying the allegations, agreed to pay a $30,000 penalty and not participate in future municipal offerings. The auditor, without admitting or denying any findings, agreed to a suspension of at least three years from appearing or practicing before the SEC as an accountant and from certain auditor roles.

In June, the SEC brought an action against a town, its former mayor, the town’s unregistered municipal adviser, and the adviser’s owner, for allegedly misleading investors who purchased $5.8 million in municipal bonds across two offerings to finance the development of a water system and improvements to a sewer system.[92] According to the SEC’s complaints and order, the town submitted false financial projections, created by the municipal adviser with approval by the then-mayor, overstating the number of sewer customers in order to mislead a state agency commission that needed to approve the offerings. In turn, the town and its then-mayor allegedly failed to disclose to investors that approval of the bonds was based on the allegedly false projections or that the mayor had misused proceeds from prior offerings. Without admitting or denying the findings, the town agreed to settle with the SEC by consenting to a cease-and-desist order, while the municipal adviser and its owner also agreed pay disgorgement and civil penalties in amounts to be determined at a later date.

Also in June, the SEC instituted an action against a city, its former finance director, and its school district’s former CFO, alleging that they misled investors who purchased $119 million in municipal bonds.[93] The SEC also instituted an action against the city’s municipal adviser and its principal for allegedly misleading investors and breaching their fiduciary duty to the city. According to the SEC’s complaint, the defendants provided investors with misleading bond offering documents that failed to disclose the district’s financial distress stemming from spending on teacher salaries. The SEC alleged that the district’s former CFO was aware the district was facing at least a $25 million budget shortfall but misled a credit rating agency regarding the magnitude of the budget shortfall. The school district’s former CFO agreed to settle with the SEC, without admitting or denying any findings, and to pay a $25,000 penalty.

______________________________

[1] See, e.g., SEC Press Release, BlockFi Agrees to Pay $100 Million in Penalties and Pursue Registration of its Crypto Lending Product (Feb. 14, 2022), available at https://www.sec.gov/news/press-release/2022-26; SEC Press Release, Ernst & Young to Pay $100 Million Penalty for Employees Cheating on CPA Ethics Exams and Misleading Investigation (June 28, 2022), available at https://www.sec.gov/news/press-release/2022-114.

[2] SEC Press Release, SEC Charges Firm and Five Brokers with Violations of Reg BI (June 16, 2022), available at https://www.sec.gov/news/press-release/2022-110.

[3] Id.

[4] SEC Statement, Statement on Settlement with BlockFi Lending LLC (Feb. 14, 2022) (Commissioner Hester M. Peirce), available at https://www.sec.gov/news/statement/peirce-blockfi-20220214.

[5] SEC Statement, Statement on In the Matter of Lloyd D. Reed (Apr. 5, 2022) (Commissioner Hester M. Peirce), available at https://www.sec.gov/news/statement/peirce-lloyd-reed-20220405.

[6] SEC Statement, Statement Regarding In the Matter of Aegis Capital Corporation (July 28, 2022) (Commissioner Hester M. Peirce), available at https://www.sec.gov/news/statement/peirce-statement-aegis-capital-corporation-072822.

[7] SEC Statement, When Voluntary Means Mandatory and Forever: Statement on In the Matter of Ernst & Young LLP (June 28, 2022) (Commissioner Hester M. Peirce), available at https://www.sec.gov/news/statement/peirce-statement-ernst-and-young-062822.

[8] SEC Press Release, Mark T. Uyeda Sworn In as SEC Commissioner (June 30, 2022), available at https://www.sec.gov/news/press-release/2022-118.

[9] SEC Statement, Statement on Senate Confirmation of Jaime Lizárraga and Mark Uyeda (June 16, 2022), available at https://www.sec.gov/news/statement/commissioners-statement-confirmation-lizararago-uyeda.

[10] White House Press Release, President Biden Announces Key Nominees (Apr. 6, 2022), available at https://www.whitehouse.gov/briefing-room/statements-releases/2022/04/06/president-biden-announces-key-nominees-10/.

[11] SEC Press Release, SEC Announces New Leadership in Examinations Division and New York Regional Office (Mar. 24, 2022), available at https://www.sec.gov/news/press-release/2022-49.

[12] SEC Press Release, Richard R. Best Named Director of Division of Examinations (May 24, 2022), available at https://www.sec.gov/news/press-release/2022-87.

[13] SEC Press Release, Kristin Snyder, Deputy Director of Division of Examinations, to Leave SEC (Jan. 27, 2022), available at https://www.sec.gov/news/press-release/2022-13.

[14] SEC Press Release, Lori H. Price Named Acting Director of the Office of Credit Ratings; Ahmed Abonamah to Leave SEC (Feb. 1, 2022), available at https://www.sec.gov/news/press-release/2022-16.

[15] SEC Press Release, Kelly L. Gibson, Director of the Philadelphia Regional Office, to Leave the SEC; Scott Thompson and Joy Thompson named Office Acting Co-Heads (Feb. 11, 2022), available at https://www.sec.gov/news/press-release/2022-25.

[16] SEC Press Release, SEC Announces New Leadership in Examinations Division and New York Regional Office (Mar. 24, 2022), available at https://www.sec.gov/news/press-release/2022-49.

[17] SEC Press Release, San Francisco Regional Director Erin E. Schneider to Leave Agency (Mar. 25, 2022), available at https://www.sec.gov/news/press-release/2022-51.

[18] SEC Press Release, Tracy S. Combs Named Director of SEC’s Salt Lake Regional Office (June 29, 2022), available at https://www.sec.gov/news/press-release/2022-115.

[19] SEC Press Release, Denver Regional Director Kurt L. Gottschall to Leave SEC (June 29, 2022), available at https://www.sec.gov/news/press-release/2022-116.

[20] U.S. Securities and Exchange Commission, Proposed Rule (RIN 3235-AM90), Special Purpose Acquisition Companies, Shell Companies, and Projections (Mar. 30, 2022), available at https://www.gibsondunn.com/sec-proposes-rules-to-align-spacs-more-closely-with-ipos/https://www.gibsondunn.com/2022-mid-year-securities-enforcement-update/#_edn1.

[21] SEC Press Release, SEC Proposes Rules to Enhance Disclosure and Investor Protection Relating to Special Purpose Acquisition Companies, Shell Companies, and Projections (Mar. 30, 2022), available at https://www.sec.gov/news/press-release/2022-56.

[22] Id.

[23] SEC Press Release, SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (Mar. 9, 2022), available at https://www.sec.gov/news/press-release/2022-39.

[24] SEC Press Release, SEC Proposes Cybersecurity Risk Management Rules and Amendments for Registered Investment Advisers and Funds (Feb. 9, 2022), available at https://www.sec.gov/news/press-release/2022-20.

[25] Spotlight on Enforcement Task Force Focused on Climate and ESG Issues, available at https://www.sec.gov/spotlight/enforcement-task-force-focused-climate-esg-issues.

[26] SEC Press Release, SEC Proposes Rules to Enhance and Standardize Climate-Related Disclosures for Investors (Mar. 21, 2022), available at https://www.sec.gov/news/press-release/2022-46.

[27] SEC Statement, Remarks at Financial Stability Oversight Counsel Meeting (July 28, 2022) (Chair Gary Gensler), available at https://www.sec.gov/news/speech/gensler-statement-financial-stability-oversight-council-meeting-072822.

[28] SEC Press Release, SEC Proposes to Enhance Disclosures by Certain Investment Advisers and Investment Companies About ESG Investment Practices (May 25, 2022), available at https://www.sec.gov/news/press-release/2022-92.

[29] SEC Press Release, SEC Proposes Rule Changes to Prevent Misleading or Deceptive Fund Names (May 25, 2022), available at https://www.sec.gov/news/press-release/2022-91.

[30] SEC Press Release, SEC Proposed Changes to Two Whistleblower Program Rules (Feb. 10, 2022), available at https://www.sec.gov/news/press-release/2022-23.

[31] Id.

[32] Id.

[33] SEC Press Release, SEC Awards Over $13 Million to Whistleblower (Jan. 6, 2022), available at https://www.sec.gov/news/press-release/2022-2.

[34] SEC Press Release, SEC Issues Awards Totaling More Than $4 Million to Whistleblowers (Jan. 10, 2022), available at https://www.sec.gov/news/press-release/2022-5.

[35] SEC Press Release, SEC Issues Awards Totaling More Than $40 Million to Four Whistleblowers (Jan. 21, 2022), available at https://www.sec.gov/news/press-release/2022-7.

[36] SEC Press Release, SEC Awards More Than $3.5 Million to Whistleblower (Mar. 8, 2022), available at https://www.sec.gov/news/press-release/2022-38.

[37] SEC Press Release, SEC Awards Approximately $14 Million to Whistleblower (Mar. 11, 2022), available at https://www.sec.gov/news/press-release/2022-40.

[38] SEC Press Release, SEC Issues Awards Totaling Approximately $3 Million to Three Whistleblowers (Mar. 18, 2022), available at https://www.sec.gov/news/press-release/2022-45.

[39] SEC Press Release, SEC Awards $1.25 Million to Whistleblower (Mar. 25, 2022), available at https://www.sec.gov/news/press-release/2022-52.

[40] SEC Press Release, SEC Issues $6 Million Award to Five Whistleblowers (Apr. 25, 2022), available at https://www.sec.gov/news/press-release/2022-67.

[41] SEC Press Release, SEC Issues Nearly $3.5 Million Award to Four Whistleblowers (May 6, 2022), available at https://www.sec.gov/news/press-release/2022-80.

[42] SEC Press Release, SEC Charges Health Care Co. and Two Former Employees for Accounting Improprieties (Feb. 22, 2022), available at https://www.sec.gov/news/press-release/2022-31.

[43] SEC Press Release, Atlanta-Based Pest Control Company, Former CFO Charged with Improper Earnings Management (Apr. 18, 2022), available at https://www.sec.gov/news/press-release/2022-64.

[44] SEC Press Release, SEC Charges New Jersey Software Company and Senior Employees with Accounting-Related Misconduct (June 7, 2022), available at https://www.sec.gov/news/press-release/2022-101.

[45] SEC Press Release, Remediation Helps Tech Company Avoid Penalties (Jan. 28, 2022), available at https://www.sec.gov/news/press-release/2022-14.

[46] SEC Press Release, SEC Charges Senior Executive of Brazilian Company with Fraud (Apr. 18, 2022), available at https://www.sec.gov/news/press-release/2022-63.

[47] SEC Press Release, SEC Charges Company and Former CEO with Misleading Investors about the Sale of COVID-19 Test Kits (May 31, 2022), available at https://www.sec.gov/news/press-release/2022-94.

[48] SEC Press Release, SEC Charges Egan-Jones Ratings Co. and CEO with Conflict of Interest Violations (June 21, 2022), available at https://www.sec.gov/news/press-release/2022-111.

[49] SEC Press Release, SEC Charges CohnReznick LLP and Three Partners with Improper Professional Conduct (June 8, 2022), available at https://www.sec.gov/news/press-release/2022-102.

[50] SEC Press Release, SEC Adds Fraud Charges Against Purported Cryptocurrency Company Longfin, CEO, and Consultant (June 5, 2019), available at https://www.sec.gov/news/press-release/2019-90.

[51] SEC Press Release, SEC Obtains Final Judgment Against Sequential Brands Group, Inc. for Failing to Timely Impair Goodwill (Dec. 15, 2021), available at https://www.sec.gov/litigation/litreleases/2021/lr25289.htm.

[52] SEC Press Release, Ernst & Young to Pay $100 Million Penalty for Employees Cheating on CPA Ethics Exams and Misleading Investigation (June 28, 2022), available at https://www.sec.gov/news/press-release/2022-114.

[53] SEC Statement, When Voluntary Means Mandatory and Forever: Statement on In the Matter of Ernst & Young LLP (June 28, 2022) (Commissioner Hester M. Peirece), available at https://www.sec.gov/news/statement/peirce-statement-ernst-and-young-062822.

[54] SEC Press Release, Former Financial Advisor Charged with Stealing $5.8 Million from Client (Jan. 24, 2022), available at https://www.sec.gov/news/press-release/2022-8.

[55] SEC Press Release, SEC Charges Previously-Barred Investment Adviser with Fraud (Mar. 7, 2022), available at https://www.sec.gov/news/press-release/2022-35.

[56] SEC News Digest, David Schamens Barred (May 19, 1992), available at https://www.sec.gov/news/digest/1992/dig051992.pdf.

[57] SEC Press Release, SEC Halts Alleged Ongoing $39 Million Fraud by Hedge Fund Adviser (May 25, 2022), available at https://www.sec.gov/news/press-release/2022-90.

[58] SEC Press Release, SEC Charges Robo-Adviser with Misleading Clients (Feb. 10, 2022), available at https://www.sec.gov/news/press-release/2022-24.

[59] SEC Press Release, SEC Charges Infinity Q Founder with Orchestrating Massive Valuation Fraud (Feb. 17, 2022), available at https://www.sec.gov/news/press-release/2022-29.

[60] Investment Company Act Release No. 34198 (Feb. 21, 2021), available at https://www.sec.gov/rules/ic/2021/ic-34198.pdf.

[61] SEC Press Release, City National Rochdale to Pay More Than $30 Million for Undisclosed Conflicts of Interest (Mar. 3, 2022), available at https://www.sec.gov/news/press-release/2022-33.

[62] SEC Press Release, SEC Charges Venture Capital Fund Adviser with Misleading Investors (Mar. 4, 2022), available at https://www.sec.gov/news/press-release/2022-34.

[63] SEC Press Release, Medley Management and Former Co-CEOs to Pay $10 Million Penalty for Misleading Investors and Clients (Apr. 28, 2022), available at https://www.sec.gov/news/press-release/2022-73.

[64] SEC Press Release, SEC Charges BNY Mellon Investment Adviser for Misstatements and Omissions Concerning ESG Considerations (May 23, 2022), available at https://www.sec.gov/news/press-release/2022-86.

[65] SEC Press Release, SEC Charges RiverSource Distributors with Improper Switching of Variable Annuities (May 25, 2022), available at https://www.sec.gov/news/press-release/2022-89.

[66] SEC Press Release, SEC Charges Allianz Global Investors and Three Former Senior Portfolio Managers with Multibillion Dollar Securities Fraud (May 17, 2022), available at https://www.sec.gov/news/press-release/2022-84.

[67] SEC Press Release, Schwab Subsidiaries Misled Robo-Adviser Clients about Absence of Hidden Fees (June 13, 2022), available at https://www.sec.gov/news/press-release/2022-104.

[68] SEC Press Release, SEC Charges Private Equity Adviser for Failing to Disclose Disproportionate Expense Allocations to Fund (June 14, 2022), available at https://www.sec.gov/news/press-release/2022-107.

[69] SEC Press Release, UBS to Pay $25 Million to Settle SEC Fraud Charges Involving Complex Options Trading Strategy (June 29, 2022), available at https://www.sec.gov/news/press-release/2022-117.

[70] SEC Press Release, SEC Proposes to Enhance Private Fund Investor Protection (Feb. 9, 2022), available at https://www.sec.gov/news/press-release/2022-19.

[71] Information Update, Division of Investment Management Staff Statement Regarding Withdrawal and Modification of Staff Letters Related to Rulemaking on Investment Adviser Marketing (Oct. 2021), available at https://www.sec.gov/files/2021-10-information-update.pdf

[72] SEC Press Release, SEC Charges TradeZero America and Co-Founder with Deceiving Customers about Meme Stock Trading Halts (May 24, 2022), available at https://www.sec.gov/news/press-release/2022-88.

[73] SEC Press Release, SEC Charges 12 Additional Financial Firms for Failure to Meet Form CRS Obligations (Feb. 15, 2022), available at https://www.sec.gov/news/press-release/2022-27.

[74] SEC Press Release, SEC Charges Wells Fargo Advisors With Anti-Money Laundering Related Violations (May 20, 2022), available at https://www.sec.gov/news/press-release/2022-85.

[75] SEC Press Release, SEC Charges Firm and Five Brokers with Violations of Reg BI (June 16, 2022), available at https://www.sec.gov/news/press-release/2022-110.

[76] SEC Press Release, SEC Nearly Doubles Size of Enforcement’s Crypto Assets and Cyber Unit (May 3, 2022), available at https://www.sec.gov/news/press-release/2022-78.

[77] SEC Press Release, SEC Charges ICO Issuer and Founder with Defrauding Investors (Jan. 6, 2022), available at https://www.sec.gov/news/press-release/2022-3.

[78] SEC Press Release, SEC Charges Siblings in $124 Million Crypto Fraud Operation that included Misleading Roadshows, YouTube Videos (Mar. 8, 2022), available at https://www.sec.gov/news/press-release/2022-37.

[79] SEC Press Release, SEC Halts Fraudulent Cryptomining and Trading Scheme (May 6, 2022), available at https://www.sec.gov/news/press-release/2022-81.

[80] SEC Press Release, BlockFi Agrees to Pay $100 Million in Penalties and Pursue Registration of its Crypto Lending Product (Feb. 14, 2022), available at https://www.sec.gov/news/press-release/2022-26.

[81] SEC Press Release, SEC Charges NVIDIA Corporation with Inadequate Disclosures about Impact of Cryptomining (May 6, 2022), available at https://www.sec.gov/news/press-release/2022-79.

[82] SEC Press Release, SEC Charges Three Florida Residents in Multi-Million Dollar Insider Trading Scheme (Jan. 6, 2022), available at https://www.sec.gov/news/press-release/2022-4.

[83] SEC Press Release, SEC Charges Seven California Residents in Insider Trading Ring (Mar. 28, 2022), available at https://www.sec.gov/news/press-release/2022-55.

[84] SEC Press Release, Former Domino’s Pizza Accountant to Pay Nearly $2 Million Penalty for Insider Trading (Apr. 21, 2022), available at https://www.sec.gov/news/press-release/2022-66.

[85] SEC Press Release, SEC Charges Former Employee of Online gambling Company with Insider Trading (June 13, 2022), available at https://www.sec.gov/news/press-release/2022-105.

[86] SEC Press Release, SEC Charges Call Center Operators in $58 Million Penny Stock Scheme (Mar. 15, 2022), available at https://www.sec.gov/news/press-release/2022-41.

[87] SEC Press Release, SEC: Takeover Bid of Fortune 500 Company was a Sham (Apr. 5, 2022), available at https://www.sec.gov/news/press-release/2022-58.

[88] SEC Press Release, SEC Uncovers $194 Million Penny Stock Schemes that Spanned Three Continents (Apr. 18, 2022), available at https://www.sec.gov/news/press-release/2022-62.

[89] SEC Press Release, SEC Charges Archegos and its Founder with Massive Market Manipulation Scheme (Apr. 27, 2022), available at https://www.sec.gov/news/press-release/2022-70.

[90] SEC Press Release, SEC Charges Weiss Asset Management with Short Selling Violations (June 14, 2022), available at https://www.sec.gov/news/press-release/2022-106.

[91] SEC Press Release, SEC Charges Texas School District and its Former CFO with Fraud in $20 Million Bond Sale (Mar. 16, 2022), available at https://www.sec.gov/news/press-release/2022-43.

[92] SEC Press Release, SEC Charges Louisiana Town and Former Mayor with Fraud in Two Municipal Bond Deals (June 2, 2022), available at https://www.sec.gov/news/press-release/2022-97.

[93] SEC Press Release, SEC Charges Rochester, NY, and City’s Former Executives and Municipal Advisor with Misleading Investors (June 14, 2022), available at https://www.sec.gov/news/press-release/2022-108.

The following Gibson Dunn lawyers assisted in the preparation of this client update: Mark Schonfeld, Richard Grime, Barry Goldsmith, Tina Samanta, David Ware, Lauren Cook Jackson, Timothy Zimmerman, Luke Dougherty, Zoey Goldnick, Kate Googins, Ben Gibson, Jimmy Pinchak, and Sean Brennan*.

Gibson Dunn is one of the nation’s leading law firms in representing companies and individuals who face enforcement investigations by the Securities and Exchange Commission, the Department of Justice, the Commodities Futures Trading Commission, the New York and other state attorneys general and regulators, the Public Company Accounting Oversight Board (PCAOB), the Financial Industry Regulatory Authority (FINRA), the New York Stock Exchange, and federal and state banking regulators.

Our Securities Enforcement Group offers broad and deep experience. Our partners include the former Director of the SEC’s New York Regional Office, the former head of FINRA’s Department of Enforcement, the former United States Attorneys for the Central and Eastern Districts of California and the District of Maryland, and former Assistant United States Attorneys from federal prosecutors’ offices in New York, Los Angeles, San Francisco and Washington, D.C., including the Securities and Commodities Fraud Task Force.

Securities enforcement investigations are often one aspect of a problem facing our clients. Our securities enforcement lawyers work closely with lawyers from our Securities Regulation and Corporate Governance Group to provide expertise regarding parallel corporate governance, securities regulation, and securities trading issues, our Securities Litigation Group, and our White Collar Defense Group.

Securities Enforcement Practice Group Leaders:
Richard W. Grime – Washington, D.C. (+1 202-955-8219, rgrime@gibsondunn.com)
Mark K. Schonfeld – New York (+1 212-351-2433, mschonfeld@gibsondunn.com)

Please also feel free to contact any of the following practice group members:

New York
Zainab N. Ahmad (+1 212-351-2609, zahmad@gibsondunn.com)
Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com)
Joel M. Cohen (+1 212-351-2664, jcohen@gibsondunn.com)
James J. Farrell (+1 212-351-5326, jfarrell@gibsondunn.com)
Barry R. Goldsmith (+1 212-351-2440, bgoldsmith@gibsondunn.com)
Mary Beth Maloney (+1 212-351-2315, mmaloney@gibsondunn.com)
Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com)
Lawrence J. Zweifach (+1 212-351-2625, lzweifach@gibsondunn.com)
Tina Samanta (+1 212-351-2469, tsamanta@gibsondunn.com)

Washington, D.C.
Stephanie L. Brooker (+1 202-887-3502, sbrooker@gibsondunn.com)
Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com)
M. Kendall Day (+1 202-955-8220, kday@gibsondunn.com)
Jeffrey L. Steiner (+1 202-887-3632, jsteiner@gibsondunn.com)
Patrick F. Stokes (+1 202-955-8504, pstokes@gibsondunn.com)
F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com)
Lauren Cook Jackson (+1 202-955-8293, ljackson@gibsondunn.com)
David C. Ware (+1 202-887-3652, dware@gibsondunn.com)

Palo Alto
Michael D. Celio (+1 650-849-5326, mcelio@gibsondunn.com)
Paul J. Collins (+1 650-849-5309, pcollins@gibsondunn.com)
Benjamin B. Wagner (+1 650-849-5395, bwagner@gibsondunn.com)

Denver
Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com)
Monica K. Loseman (+1 303-298-5784, mloseman@gibsondunn.com)

Los Angeles
Michael M. Farhang (+1 213-229-7005, mfarhang@gibsondunn.com)
Douglas M. Fuchs (+1 213-229-7605, dfuchs@gibsondunn.com)
Nicola T. Hanna (+1 213-229-7269, nhanna@gibsondunn.com)
Debra Wong Yang (+1 213-229-7472, dwongyang@gibsondunn.com)

* Sean Brennan and Jimmy Pinchak are recent law graduates working in the firm’s Washington, D.C., and New York offices, respectively.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Gibson Dunn has surveyed the comment letters submitted by public and private energy companies and related industry associations regarding the proposed rules by the Securities and Exchange Commission (the “SEC” or “Commission”) on climate change disclosure requirements for U.S. public companies and foreign private issuers (the “Proposed Rules”).[1]

Based on our review of these comment letters, we have seen general support for transparent and consistent climate-related disclosures, along with a concern that the Proposed Rules do not reconcile with the SEC’s stated objective “to advance the Commission’s mission to protect investors, maintain fair, orderly and efficient markets, and facilitate capital formation, not to address climate-related issues more generally.”[2] Overarching themes included (i) general support for the Commission’s decision to base the Proposed Rules on the Task Force on Climate-Related Financial Disclosures (“TCFD”) framework and Greenhouse Gas Protocol (“GHG Protocol”), (ii) concern with deviation from the long-standing materiality threshold, (iii) concern that the Proposed Rules would overload investors with immaterial, uncomparable, or unreliable data, and (iv) questions as to whether the Proposed Rules would cause an unintended chilling effect on companies to set internal emissions reduction targets or other climate-related goals to avoid additional liability risks in disclosing such goals. The proposed disclosure requirements receiving the most comments from energy industry companies relate to (i) the Greenhouse Gas (“GHG”) emissions reporting (particularly Scope 3 emissions) and (ii) the amendments to financial statement disclosure in Regulation S-X (particularly the 1% materiality threshold). In addition to these higher-level observations, this client alert also provides a more granular review of the energy industry’s comments on specific provisions of the Proposed Rules.

I. Background on the Proposed Rules

The proposed climate change reporting framework laid out in the 500+ page Proposed Rules is extensive and detailed, with disclosure requirements that are mostly prescriptive rather than principles-based. Rather than creating a new stand-alone reporting form, the Commission proposed amending Regulation S-K and Regulation S-X to create a climate change reporting framework within existing registration statements and reports under the Securities Act of 1933 (the “Securities Act”) and the Securities Exchange Act of 1934 (the “Exchange Act”).

The Proposed Rules would amend (i) Regulation S-K to require a new, separately captioned “Climate-Related Disclosure” section in applicable SEC filings, which would cover a range of climate-related information, and (ii) Regulation S-X to require certain climate-related financial statement metrics and related disclosures in a separate footnote to companies’ annual audited financial statements. While brief summaries of certain of the proposed disclosure requirements are provided in this alert, for a more detailed description of the Proposed Rules, we encourage you to read our prior alert, “Summary of and Considerations Regarding the SEC’s Proposed Rules on Climate Change Disclosure (link),” and view our webcast, “Understanding the SEC Rule Proposal on Climate Change Disclosure (link).”

II. Comment Letter Highlights

To contribute to our understanding of the general reaction of the energy industry to the Proposed Rules, we conducted a survey of what we believe are all comment letters submitted to the SEC through June 17, 2022 (the deadline for comment submissions) by public and private energy and energy services companies and related industry associations. Of the 62 comment letters we reviewed, 31 such comment letters were submitted by U.S. public reporting companies, 10 such comment letters were submitted by non-reporting companies, and the remaining 21 comment letters were submitted by industry associations. The following charts highlight the frequency of comments by the 31 public reporting companies and the 21 industry associations on a particular requirement in the Proposed Rules. The specific comments are described more fully in the sections following the chart. We note that not all comment letters addressed each particular requirement, and we did not assume that the absence of a comment on a proposed requirement by any company or association suggests approval of such proposed disclosure requirement.

[chart]

III. Reactions to Proposed Reg. S-K Amendments

We summarize below the most frequent comments on the following proposed Reg. S-K disclosure requirements:

1. GHG Emissions Reporting
2. Climate-related risks
3. Climate-related risk oversight & management
4. Climate-related impacts on strategy, business model & outlook
5. Attestation of GHG Emissions
6. Targets, Goals & Transition Plans

A. GHG Emissions Reporting

Proposed Item 1504 of Reg. S-K would require companies to disclose Scope 1, Scope 2 and, in some cases, Scope 3 “GHG emissions … for [their] most recently completed fiscal year, and for the historical fiscal years included in [their] consolidated financial statements in the filing, to the extent such historical GHG emissions data is reasonably available.” The Commission based the GHG emissions disclosure requirements in the Proposed Rules on the GHG Protocol, which is a leading accounting and reporting standard for GHG emissions.

With respect to Scope 3 emissions, all reporting companies (other than smaller reporting companies) would be required to disclosure Scope 3 emissions, only if material or if the company has set a GHG emissions reduction target or goal that includes its Scope 3 emissions. The Proposed Rules presume that Scope 3 emissions are likely to be material for “oil and gas product manufacturers.”

The Proposed Rules include a limited safe harbor from liability for Scope 3 disclosures, providing that such disclosures will not be deemed fraudulent, “unless it is shown that such statement was made or reaffirmed without a reasonable basis or was disclosed other than in good faith.”

90% of public company letters and 90% of industry association letters commented on the GHG emissions reporting requirements, with particular focus on (i) the disclosure requirements in the Proposed Rule as compared to existing GHG emissions reporting requirements of the Environmental Protection Agency (“EPA”), (ii) the materiality of GHG emissions as defined, particularly with respect to Scope 3 emissions, and (iii) safe harbors for GHG emissions disclosure.

Sample Comments on GHG Emissions Reporting:

“We . . . suggest that the SEC work with the EPA to ensure its standards for Scopes 1 and 2 GHG emissions are sound and consistent. The Proposal acknowledges that the EPA already requires, and makes available to the public, reporting of certain GHG emissions, and we believe the EPA is best positioned to regulate emissions reporting from a scientific standpoint.”
“The SEC should not require GHG intensity disclosures for registrants that are not primarily involved in production activities, as such disclosures could lead to confusion and inaccurately suggest to investors that such data is comparable. Alternatively, the disclosure requirements should provide flexibility to account for differences in underlying business operations, including allowing midstream companies to report GHG intensity on a reasonable and supportable normalized basis of their choosing, or perhaps on a standardized basis developed and adopted by the industry over time (e.g., GHG intensity based on a ratio of emissions relative to throughput).”
“[T]he Proposal would require registrants to report GHG emissions data for certain entities, such as joint ventures, over which they have no operational control. . . . For those [joint ventures] that we do not operate, there is a potential barrier for [us] to obtain required GHG data, as a joint venture partner may (i) not have the necessary information, (ii) be unwilling to provide it, or (iii) calculate it using methodologies or assumptions that conflict with those used by [us]. This will increase the liability for registrants if they are unable to obtain or cannot verify the accuracy of information that is not within their control. The SEC should allow registrants to report GHG emissions on an operated basis (vs. on an equity ownership basis), meaning the registrant would report emissions from assets operated by either the registrant or entities under its direct control.”
“[T]here is an absence of materiality qualifiers applicable to the disclosure of Scope 1 and Scope 2 GHG emissions and, for Scope 3 GHG emissions, the materiality qualifier is ill-defined and somewhat esoteric. Gross emissions data should not be overemphasized, and the [EPA’s Greenhouse Gas Reporting Program (“GHGRP”)] and [California’s Regulation for the Mandatory Reporting of Greenhouse Gas Emissions (“MRR”)] have well-defined and understood reporting thresholds. . . . [R]egistrants who are subject to the GHGRP or MRR [should be allowed] to report GHG emissions in their SEC filings in a manner consistent with those programs.”
“Adopting standards that correspond to the GHG Protocol would provide investors with comparable disclosures to those which companies have made historically and to those made by companies not subject to the Commission’s reporting requirements. However, the standards in the Rule Proposal differ significantly from those in the GHG Protocol. For example, the Rule Proposal requires companies to set organizational boundaries for GHG emissions disclosure using the same scope of entities and holdings as those included in their consolidated financial statements. Conversely, the GHG Protocol allows for an equity share or control boundary. This difference in boundaries could lead to companies reporting significantly different emissions than they have historically. Deviating from the GHG Protocol would only serve to confuse investors with differences from companies’ previous GHG emissions disclosure and unnecessarily increase compliance costs as companies would need to recalculate their emissions disclosure both historically and going forward. We urge the Commission to revise the emission standards in the Rule Proposal to match those of the GHG Protocol.”

Sample Comments on Scope 3 Emissions:

“[T]he materiality of Scope 3 emissions must be evaluated on a case-by-case, registrant-by-registrant basis and does not lend itself to across-the-board presumptions of materiality, such as the Proposal implies for ‘oil and gas product manufacturers’. As a strictly exploration and production company, we are not ‘product manufacturers’ but this vague definition creates more uncertainty and underscores the need for Scope 3 materiality to be assessed at a specific registrant level, not by prescriptive assertions within proposed rulemaking.”
“While midstream companies . . . are not generally oil and gas manufacturers, we are concerned with the risk that this presumption creates. . . . In addition, there is currently no standard or guidance for the midstream sector to define, measure or report on Scope 3 emissions. If pipeline companies are required to report emissions attributable to upstream, downstream and end-use activities that are not within our control and are highly uncertain and unreliable, this would result in significant double or multiple counting of emissions across companies.”
“[R]equiring Scope 3 reporting, which includes all ‘upstream’ and ‘downstream’ emissions, . . . would be incredibly cost prohibitive, even with delayed compliance and ‘good faith’ safe harbor protections, and would limit innovation from companies in our supplier base. . . . Because [we have] thousands of vendors and customers, the variability in terms of their use of different methodologies, assumptions and speculation is self-evident. It would be difficult for us to attest even that the information was made on a ‘reasonable’ basis, since we will not be able to obtain sufficient access to the information required to generate Scope 3 emissions reports.”
“Scope 3 disclosure – upstream and downstream – will remain a challenge for many companies during the next few years, until clear methodologies and estimation tools are put in place for each of the 15 categories defined by the GHG Protocol. Providing accurate and faithful estimates will be subject to a large magnitude of uncertainty. [The company] therefore suggests to allow Scope 3 disclosure with a 5 to 10% uncertainty range.”
“Scope 3 emissions methodology double-counts emissions overall, since ‘the scope 3 emissions for one organization are the scope 1 and 2 emissions of another organization.’ Reporting across all 15 categories of Scope 3 emissions will also count the same emissions multiple times by the same party or by different parties in the value chain from initial production to ultimate sale and use of a product. . . . [T]he Proposal as currently written will likely end up enshrining the current, flawed approach as a feature of regulation, with advancement in reporting methodologies contingent on future SEC rulemaking.”

Sample Comments on Safe Harbors for GHG Emissions:

“At a minimum, the Proposed Rule should include Scope 1 and Scope 2 reporting (the latter of which registrants will necessarily need to rely on other entities to provide), as well as any discussion of scenario analysis, within the safe harbor presently proposed for Scope 3 GHG emissions.”
“Considering the nascent nature of the GHG reporting contemplated by the Proposal compared to traditional SEC reporting requirements, [the company] urges the Commission to provide stronger safe harbor protection from liability for all scopes of GHG emissions disclosures.”
“[W]hile we support the disclosure of Scopes 1 and 2 GHG emissions, to the extent the SEC concludes this information should be included in SEC reports, the data should be furnished, not filed, because these metrics are subject to a significant degree of technical estimation and numerous assumptions.”

B. Climate-Related Risks

Proposed Item 1502 of Reg. S-K would require companies to describe “climate-related risks reasonably likely to have a material impact on the registrant, including on its business or consolidated financial statements, which may manifest over the short, medium, and long term.” Based on the definition of “climate-related risks” in the Proposed Rules, companies would need to consider not only the direct impact of climate change on their financial statements and business, but also the indirect impacts on their “value chains.” These “climate-related risks” would be categorized as either a “physical risk” (i.e., related to physical impacts of climate change) or “transition risk” (i.e., related to the transition to a lower-carbon economy).

48% of public company letters and 43% of industry association letters expressed concern about the climate-related risk disclosure requirements, with particular focus on the definitions of “physical risk” and “transition risk,” the assessment of risks over longer time horizons, and the practicality of assessing risks for a registrant’s value chain.

Sample Comments:

“Risks, to the extent they are material, are currently disclosed in the Risk Factors section of our periodic reports and registration statements filed with the Commission. We believe certain aspects of the Proposal’s climate-related risk disclosures that require prospective disclosures will create compliance challenges and lead to volumes of information immaterial to investors. For example, the requirement to disclose risks over the near-, medium- and long-term presents a particularly tricky challenge given the complexity of modeling scenarios and making materiality determinations over extended periods of time, and such assessments may only serve to obscure material near-term risks.”
“Assessing risk of a registrant’s value chain . . . . is especially onerous for a midstream infrastructure company . . . who provides federally regulated transportation services for shippers without necessarily knowing where the product being shipped originated or where it will go or how it will be used once it leaves the pipeline. Even if [a midstream infrastructure company] could reliably identify companies in its value chain and the myriad of climate-related risks they may face, [such company] does not possess special inside information that would allow it to assess the climate-related risk of its value chain for purposes of assessing materiality.”
“[The] expansive definition of climate-related risks including the impacts on our value chains will require us to expend significant resources to assess and measure potential exposure from an endless list of parties outside of our own operations over which we have no control.”
“We request that the Commission remove the requirement to assess physical risks related to the entities with which a registrant does business, apply a materiality threshold to the assessment of direct physical risks, and provide additional clarification on the definitions of physical climate risks (g., ‘water stress,’ ‘wildfire prone,’) on issues such as frequency and severity to ensure the scope of the analysis required under the Proposed Rule is clear. To the extent that the Commission determines that separate disclosures on physical risks as applied to a registrant’s supply chain will be required, it should create a new definition for ‘supply chain risks.’ Disclosures made pursuant to this new definition should then be limited to the extent that such risks are material and identifiable and should be clarified so as not to require registrants to incur costs associated with collecting data from third parties if the information is not readily available.”
“[I]f the Proposed Rules are passed in their current form, it would be the first time that the Commission has required risk disclosures to be specified over prescribed time frames; this would be a significant departure from past practice. . . . The Proposed Rules do not provide a specific range of years to define short-, medium- and long-term time horizons. Instead, the Commission provides flexibility for registrants to select the time horizons and to describe how they define them. As such, the time horizons selected will vary widely across companies, resulting in information that is not comparable or consistent for investors.”
“The detail required in this proposed disclosure – including, for example, requirements for disclosure of specific locations of properties at physical risk (with location defined as a ZIP code or other similar postal code) – would result in disclosure of extensive information that we do not believe would be decision-useful to investor. At the same time, this level of detail could result in unintended negative consequences, including security concerns, competitive harm and conflicts with contractual obligations for a company.”

C. Climate-Related Risk Oversight & Management

Proposed Item 1501 of Reg. S-K would require companies to describe “the [board’s] oversight of climate-related risks” and “management’s role in assessing and managing climate-related risks.” With respect to the board’s role, disclosure would be required as to whether any directors have “expertise in climate-related risks.” In addition, proposed Item 1503 of Reg S-K would require companies to describe, if applicable, “any process the registrant has for identifying, assessing, and managing climate-related risks.”

39% of public company letters and 29% of industry association letters commented on board and management oversight of climate-related risks, with particular focus on the requirement for a “climate expert” on the board, such board member’s liability as a “climate expert” and the impact such requirement would have on the director selection process.

Sample Comments:

“Elevating particular facets of candidate experience above others, by compelling specific disclosure on those topics, creates a value-laden one-size-fits-all disclosure framework that ignores these important differences between companies and their board needs. Over the long term, this will likely impede the ability of boards and their nominating/governance committees to exercise appropriate judgment in candidate selection based on what they view as the most critical attributes needed for their particular businesses (versus feeling compelled to check certain boxes specified by the Commission).”
“While the disclosure requirements around board and management climate-related expertise and decision-making are dressed up as mere disclosure requirements, the aim and practical effect are clear: By requiring extensive annual disclosures on one particular topic, the Commission is necessarily highlighting it above other issues relevant to good governance and effective operations and ensuring that all public companies will pay particular attention to climate-related issues.”
“[T]here is little incentive for an individual to join a board of directors as a designated expert if there is potential for increased liability, including liability under Section 11 of the Securities Act. While we would urge the Commission to delete this disclosure requirement, if nonetheless adopted, the Proposed Rule should provide a safe harbor clarifying that such an expert designation would not impose any duties, obligations, or liability that is greater than the duties, obligations, and liability imposed on such person as a member of the board of directors in the absence of such designation or identification, similar to the safe harbor proposed in the Commission’s cybersecurity proposal.”
“We have serious concerns that the Proposed Rule will remove or impair the company’s flexibility to select (or maintain) the right board members for the job, potentially elevating climate-related expertise over other business considerations in order to comply with the Proposed Rule. The board of a company is responsible for overseeing all aspects of the business, and the Proposed Rule—focused on climate as it is—ensures the overemphasis on one particular aspect of operations, thereby skewing the focus of boards.”
“We do not believe that an in-depth discussion on climate-related expertise is necessary for investors to be able to understand how the board manages oversight of climate-related risks. However, to the extent that the Commission would require disclosure of such information, we recommend that the proxy disclosure rules be revised to require disclosure about any climate-related experience or expertise of board members.”
“The Commission should provide additional guidance as to whether a director’s expertise in climate-related risks can be demonstrated through Board education or whether such expertise must be demonstrated by prior professional experience, as it does with respect to the Audit Committee Financial Expert designation.”

D. Climate-Related Impacts on Strategy, Business Model & Outlook

Proposed Item 1502 of Reg. S-K would also require companies to describe “the actual and potential impacts of any [identified] climate-related risks … on the registrant’s strategy, business model, and outlook.” Pursuant to this requirement, companies that use scenario analysis would be required to disclose the specific scenarios considered along with parameters, assumptions, analytical choices and projected financial impacts under each scenario. In addition, for companies that have set an internal price on carbon (i.e., an estimate of the cost of carbon emissions for planning purposes), the proposed rules would require detailed disclosure on such carbon pricing.

35% of public company letters and 29% of industry association letters commented on the disclosure requirements for climate-related strategies, business models and outlooks, with particular focus on the unique and competitive nature of a registrant’s climate strategy, as well as the fact that scenario analyses are based on assumptions and forecasts that may change over time.

Sample Comments:

“Certain disclosures required under the Proposal such as internal carbon price and scenario analyses constitute competitive differentiators, the disclosure of which could cause competitive harm. Effective scenario analysis requires business plans and forecasts to assess the company’s exposure to climate-related risks and plan for transition scenarios. Disclosing this information would divulge sensitive information to the public and competitors. We therefore request the Commission consider providing additional safeguards or exclusions for information that a company deems to be competitively sensitive.”
“Unless the SEC provides a detailed framework mandating specific scenarios and a common set of assumptions, this disclosure will inevitably result in a lack of comparability between issuers. Furthermore, it is important to note that these exercises utilize “scenarios,” which reflect potential outcomes over the long term, but these scenarios are not forecasts, and no representation is being made as to the accuracy of the underlying assumptions or the likelihood or occurrence. Including this information in financial reports as required under the Proposed Rule may afford them an undue sense of accuracy.”
“While scenario analysis is a helpful tool, required disclosure of each scenario that a company simulates could result in the disclosure of commercially and strategically sensitive information, to the detriment of that company and its investors, which could penalize and disincentivize companies from taking prudent steps to manage risk through robust and varied scenario analyses. Moreover, disclosure of each scenario that a company simulates could result in disclosure of significant amounts of immaterial information that may only be of interest to competitors, not investors. Furthermore, because a company simulates a range of scenarios that could include those that management believes would have a remote likelihood of occurring, the Commission should not mandate disclosure of all scenario analyses, including input parameters, that a company performs.”
“We believe that the Commission should specify that a registrant is not required to disclose internal carbon prices in any circumstances.”
“We believe that registrants should be required to disclose information about an internal carbon price. Indeed, an internal carbon price is a multifaceted tool that can support companies in assessing climate-related risks and opportunities in the transition to a low-carbon economy. . . . However, there are different approaches both in the definition and application of an internal carbon price. . . . For this reason, we recommend not to mandate a particular carbon pricing methodology.”

E. Attestation of GHG Emissions

Proposed Item 1505 of Reg. S-K would require large accelerated filers and accelerated filers to obtain an attestation report from a GHG emissions attestation provider covering disclosure of Scope 1 and Scope 2 emissions.

35% of public company letters and 29% of industry association letters commented on the attestation requirement for Scope 1 and Scope 2 emissions, with particular focus on the expense and lack of availability of assurance providers.

Sample Comments:

“The attestation requirements will further add to the complexity and cost of compliance. The assurance obligation significantly adds to the time burden by effectively requiring the work to be ‘done again’ (even if just by reviewing the original work) in order for a third-party to provide such assurance. This would be difficult enough for limited assurance, but could become nearly impossible when looking for reasonable assurance. Given the rapidly evolving nature of emissions monitoring and climate data analysis, the methodologies for analyzing this information is still in relatively frequent flux, and achieving reasonable assurance on the time frame in the Proposed Rules may well be impossible; and, if not impossible, prohibitively costly.”
“One challenge that we potentially see with assurance requirements specifically could be availability and cost-effectiveness of qualified independent resources to perform limited reasonable assurance reviews on an annual basis. The supply of available, qualified auditors will be especially limited early on, and the high demand could mean companies are unable to secure and/or afford these resources until further development in this field takes place, which could take several years.”
“[T]he SEC should phase in attestation requirements to allow for a sufficient market of GHG attestation provides to develop, and once phased in, require only limited assurance attestation.”
“The Commission must provide clear guidelines for the accounting and attestation of emissions before reporting companies can be expected to provide results that are verifiable under attestation standards. Current guidelines, including those in the GHG Protocol and GRI, allow degrees of flexibility in interpretations that would be difficult to audit for lack of clear subject matter criteria. . . . The Commission has identified this flexibility as a concern in the Proposed Rule, but we do not believe that it has provided sufficient information to resolve these concerns.”

F. Targets, Goals & Transition Plans

Proposed Item 1506 of Reg. S-K would require detailed disclosures if a company has “set any targets or goals related to the reduction of GHG emissions, or any other climate-related target or goal (e.g., regarding energy usage, water usage, conservation or ecosystem restoration, or revenues from low-carbon products) such as actual or anticipated regulatory requirements, market constraints, or other goals established by a climate-related treaty, law, regulation, policy, or organization.” In addition, registrants would be required to disclose any use of carbon offsets or Renewable Energy Credits (RECs).

29% of public company letters and 33% of industry association letters commented on the disclosure requirements related to climate-related targets, goals and transition plans, with particular focus on the comparability of such disclosure across registrants and the chilling effect such disclosure may have on a registrant’s implementing goals or transition plans.

Sample Comments:

“A registrant should control the timing and extent to which it communicates with investors and other stakeholders about any ‘transition plan’ that it may have adopted. The Proposed Rule may compel companies to disclose potentially sensitive and competitive information earlier than is appropriate. . . . Requiring this disclosure also will likely to have a chilling effect on the progress of goals and sustainability initiatives at companies that are at the early stages of addressing the transition to a low carbon economy.”
“There are no standard methodologies for developing climate-related goals and targets, transition plans, or internal carbon prices. Accordingly, this information would not be comparable across companies and would not be decision-useful to investors.”
“We . . . believe registrants should disclose plans and progress toward meeting material short-term targets and goals only, (i.e., those set within the next five (5) years) where it is possible to make definitive plans. . . . Plans and progress toward meeting long-term targets and goals are inherently less certain and are very likely to evolve over time as circumstances and technologies improve, and we have a number of options to meet these objectives, but have not yet committed to one path. Therefore, we believe that detailed disclosures on medium- and long-term goals and targets would not be material to investors and could potentially be misleading.”
“The Proposal’s requirement to provide detailed disclosures applicable to all climate-related targets and goals that a company has set may have the unintended consequence of significantly limiting a company’s willingness to set new internal and external targets and goals to advance its environmental performance. . . . An alternative that could further the SEC’s goals and not result in these potential negative consequences would be to limit the disclosure requirements related to targets and goals to a company’s material climate-related targets and goals.”
“[T]he Proposal’s requirement for detailed disclosure regarding a company’s use of carbon offsets would result in public disclosure of commercially sensitive, yet likely immaterial information, such as highly negotiated prices associated with different offset-generating projects. To promote comparability of useful information, an alternative to the current provision in the Proposal could require, to the extent material, disclosure of carbon offsets and renewable energy credits inventory volume and annual retirement volume at a summarized level in the same disclosure as GHG emissions and for the same time period. This summarized version of the information would effectively convey comparable information while avoiding competitive harm concerns.”

IV. Reactions to Proposed Reg. S-X Amendments

The Proposed Rules would amend Reg. S-X to require certain climate-related financial information (specifically, financial impact metrics, expenditure/cost metrics and financial estimates and assumptions) and related disclosures in a separate footnote to companies’ annual audited financial statements.

77% of public company letters and 38% of industry association letters commented on the proposed amendments to Reg. S-X, with particular focus on the 1% materiality threshold and the proposed definitions around the required financial metrics. Several commenters requested the Commission forego the amendments to Reg. S-X in their entirety.

Sample Comments:

“[The company] requests that the Commission withdraw its proposed amendments to Regulation S-X. Alternatively, [the company] requests that the Commission bifurcate its rulemaking, deferring the proposed amendments to Regulation S-X until it is better positioned to issue a supplemental notice of proposed rulemaking that provides improved guideposts for assessing potential climate-related financial impacts.”
“At the outset, the premise that climate-related disclosures should be linked to the parameters of a company’s consolidated financial statements is unprecedented and conflicts with existing emissions reporting regimes used by [the company] and others in [the] industry. . . . [I]mposing disclosure requirements that partially overlap others already in place adds to the burdens on companies in preparing required information. At a minimum, registrants should have the flexibility to determine the appropriate parameters for evaluating climate-related information in preparing any required disclosure in order to conform with that company’s operations and other reporting obligations. This would better promote the Commission’s goal of generating reliable disclosure by companies.”
“[W]e believe the inclusion of information about climate events and transition plans through a principles-based framework focused on information most material to investors would align with the recently adopted amendments to modernize, simplify, and enhance certain financial disclosure requirements in Regulation S-K. We recommend that relevant financial impact metrics be included in the Form 10-K in some combination of Item 1 Business, Item 7 MD&A and/or the proposed Item 6 Climate-Related Disclosure under the provisions of Regulation S-K rather than within Item 8 Financial Statements under the provisions of Regulation S-X.”

We summarize below the most frequent comments on the following proposed Reg. S-X amendments:

1. Materiality threshold of 1%
2. Financial impact and expenditure/cost metrics; financial estimates and assumptions
3. Time period covered

A. Materiality Threshold of 1%

The financial metrics under proposed Rules 14-01 and 14-02 of Reg. S-X would require quantified disclosure if the absolute value of all climate-related impacts or expenditures/costs, as applicable, with respect to a corresponding financial statement line item represents at least 1% of that line item.

68% of public company letters and 33% of industry association letters commented on the 1% materiality threshold for the proposed financial metrics, with particular focus on how such a low threshold would likely result in great cost to the registrant and an overload of immaterial information to investors.

Sample Comments:

“One percent has never been, and is not, an appropriate threshold when quantitatively evaluating materiality for a financial statement line item; additionally, any individual line item may not be material for a given company. Applying a one percent threshold to every financial statement line item would require companies to collect data at a threshold much lower than one percent to demonstrate completeness and evaluate whether the threshold is met. This exercise would lead to excessive costs in collecting a substantial amount of data that is immaterial to investors. Furthermore, there is no other financial statement disclosure requirement under Regulation S-X that requires any similar disclosure for any other specific type of risk.”
“The 1% threshold is . . . significantly below the ‘initial step’/rule of thumb of 5% used by some registrants/auditors in assessing materiality. While the SEC Staff openly acknowledges that a purely quantitative threshold is not conclusive, setting the threshold at 1% is very low by any normative standard and by the SEC’s own logic in Staff Accounting Bulletin: No. 99 (‘SAB No. 99’), and not dispositive for purposes of a registrant’s materiality determination.”
“The 1% line-item threshold applicable to the impacts of severe weather or climate transition plan efforts (together, “climate-related impacts”) would not provide investors with consistently decision-useful information. . . . [W]hile materiality includes both qualitative and quantitative assessments, we believe it would be unusual for a climate-related impact to be qualitatively material yet have a quantitative value comprising just 1% of a line item. Indeed, this is even more likely to be the case since the 1% threshold is to be met by aggregating the absolute values of individual climate-related impacts. As a result, this footnote disclosure is unlikely to inform a reasonable shareholder’s investment or voting decision, and would only serve to increase compliance costs.”
“Public companies will need to conduct extensive and costly assessments of potential impacts to determine if they trigger the reporting threshold and revise controls on their financial reporting systems to account for the unprecedented 1% reporting threshold. Thus, notwithstanding if a registrant has to disclose such information, it will still need to engage in data calculation and subsequent calculations to determine whether it falls below the threshold for materiality.”
“[T]he materiality threshold of 1% of an individual line item is significantly lower than other thresholds in Regulation S-X implying that this information is more sensitive than any other measure of financial performance in the financial statements. Since the amount in which to apply this threshold is based on an aggregate number on an absolute basis, processes and controls will need to be in place to capture all transactions to have a complete population to analyze for disclosure, creating a significant burden to preparers.”

B. Financial Impact and Expenditure/Cost Metrics; Financial Estimates & Assumptions

The proposed amendments to Regulation S-X would require companies to disclose, subject to the 1% line-item threshold, (i) the financial impacts of severe weather events, other natural conditions and transition activities on any relevant line items in the company’s financial statements, and (ii) expenditures and capitalized costs to mitigate the risks of severe weather events or other natural conditions and expenditures related to transition activities. In addition, companies would be required to disclose whether estimates and assumptions underlying the amounts reported in the financial statements were impacted by risks and uncertainties associated with, or known impacts from, severe weather events and other natural conditions, the transition to a lower-carbon economy or any disclosed climate-related targets.

61% of public company letters and 19% of industry association letters commented on the disclosure requirements for financial metrics, estimates and assumptions, with particular focus on the definitions of “severe weather events” and “transition activities” and the difficulty in breaking out financial impacts and expenditures from standard business operations.

Sample Comments:

“With respect to our business, one of the largest event-driven impacts to our financial statements is from the movement in commodity prices, which are directly and indirectly impacted in any given period by a multitude of supply, demand and other factors. Thus, it is impossible for us to measure and determine the impact of a single climate or weather-related event on our revenues and certain other financial statement line items or on commodity prices, nor can we bifurcate the impact of macroeconomic events from climate change events. This would be impractical to measure and report even if the Commission were to raise the threshold for reporting from one percent to a higher percentage threshold.”
“Quantifying and providing the proposed financial impact metrics when the impact is the result of a mixture of factors, including events unrelated to climate, may be impractical. In such situations, we believe the Commission should permit a registrant to disclose that it was unable to make the required determination. Moreover, it would be helpful if the Commission could provide examples to illustrate impracticability.”
“[T]he metrics proposed would provide no detail as to the underlying cause for the negative or positive impact from climate-related events or transition activities. The amount disclosed for each line item could be comprised of a number of smaller events that aggregate to an amount requiring disclosure under the Proposed Rules and would not identify which climate-related risks may have driven the amounts disclosed.”
“In particular, we request additional specificity in regards to how, in preparing the proposed climate-related financial statement metrics, registrants should determine the financial impact of transition activities or climate-related physical risks and expenditures related to transition activities and the mitigation of physical risks. As currently drafted, for example, the proposed rules are unclear on how companies should distinguish climate-related impacts and expenditures from those that are part of normal business operations in order to apply the one percent threshold for disclosure.”
“Attempting to assess the financial impact of energy transition risk will require companies to translate predictions about the actions of regulatory bodies, new technologies, changes in market behavior, and a host of other variables, into financial consequences, which, due to the fact that there is no standardized method for making such determinations, means that consistent, comparable, and reliable disclosure is unlikely to be achieved.”

C. Time Period Covered

Proposed Rule 14-01 of Reg. S-X would require the financial statement disclosures discussed above to be provided for a company’s most recently completed fiscal year and for each historical fiscal year included in the financial statements in the applicable filing.

35% of public company letters and 19% of industry association letters commented on the applicable time period for financial statement disclosures, with particular focus on the requirement to provide disclosure for historical periods prior to implementation of any final rule.

Sample Comments:

“The Proposed Rule represents a significant sea change in financial reporting practices, and new processes and controls will have to be put in place to assess and identify relevant data. This will be a daunting task in and of itself, but being required to retroactively apply this requirement to historical financial data with the degree of accuracy that investors expect with respect to financial reporting is unfeasible.”
“Under the Rule Proposal, large accelerated and accelerated filers with calendar year-ends would be required to file the assured GHG emissions metrics by March 1 and March 16, respectively. Under the EPA Rule, those same companies are required to submit unverified metrics by March 31. While we expect that the Rule Proposal’s deadline would be difficult for companies that do not report GHG emissions, even companies that have adopted GHG emissions reporting practices meant to comply with the EPA Rule would incur significant costs to adapt their controls and procedures to meet the Form 10-K reporting deadline. . . . Given the significant burden of completing the GHG emissions reporting and assurance processes within the proposed time frame, the likelihood that disclosures would be undermined by the need to further rely on assumptions and estimates in order to meet such time frame, and the significant cost savings that could be realized with a deadline that occurs after the publication of GHG emissions reports under the EPA Rule, we recommend that the Commission extend the deadline for GHG emissions disclosure.”
“The required historical information will be difficult to obtain for periods prior to the current period when the Proposed Rules first take effect. . . . With the aim to reduce compliance burden, we would welcome a provision that permits the presentation of climate-related financial statement metrics only for the most recently completed fiscal year when the Proposed Rules first take effect and for subsequent years.”
“The proposed rules should not require the retrospective disclosure of historic climate-related information, which would introduce data inherently exposed to a greater risk of inaccuracy and difficulty to assure given, in particular, that registrants would have had no opportunity to implement the systems and processes to collect the required data for those prior years.”
“Compliance with the disclosure timeline contemplated by the Proposed Rule would be extremely onerous for [the association’s] members and other registrants, as it would require the assembly of data for calendar year 2021, which has already passed. For some registrants, systems needed to track the information required under the Proposed Rule were not in place to track all the required info at the time the Proposed Rule was issued, and attempting to retroactively determine that data will be extremely burdensome, if not impossible. For example, without a system to track fuel usage for fleet vehicles, going back and compiling that historical information with any reasonable degree of accuracy would not be possible.”

V. Other Significant Reactions to the Proposed Rules

A. Materiality

Very few items in the Proposed Rules are predicated on materiality. Other than in the context of Form 10-Q updating, only the climate change risk disclosures, the Scope 3 emissions disclosure requirement (i.e., disclosure required either if material or if included in a GHG emissions reduction target or goal), and certain details regarding emissions disclosures are predicated on materiality (and in the case of risk disclosures, the standard is “reasonably likely” to have a material impact).

52% of public company letters and 43% of industry association letters commented in some way that the Proposed Rules deviated from the long-standing, judicially accepted understanding of “materiality” under the federal securities laws.

Sample Comments:

“The Proposed Rules depart from the general, long-standing materiality constraint on required disclosures. While the Commission has previously mandated certain disclosures irrespective of a materiality threshold, that is the exception. The general guidepost for disclosures in federal securities law has been information that a reasonable investor would consider important in deciding how to vote or make an investment decision. However, the Proposed Rules eschew a materiality standard in some areas and apply a modified version in others.”
“We believe that climate-related risks should be disclosed based on the materiality standard that has been used by the Commission for many years and which is consistent with well-established and time-tested Supreme Court precedents. . . . This definition of materiality is foundational to the function of U.S. capital markets. Other frameworks for ESG disclosure have competing and non-aligned definitions of materiality when compared to the SEC’s well-established precedent . . . and we believe disclosures effectively requiring a different materiality framework are likely to create confusion and uncertainty for investors and registrants alike.”
“[The company] believes it is critical for the Commission to maintain the time-tested materiality standard that serves as the cornerstone of the securities disclosure system: information is material if there is a substantial likelihood that a reasonable investor would consider it important or significant in deciding whether to buy or sell a security. . . . The fact that climate-related information is valuable or interesting to many stakeholders does not make it material. We believe that companies are best positioned to determine materiality standards for disclosure of climate-related information, in light of their specific business circumstances, and to engage with their investors to determine what information is most useful to them.”
“The proposed rules, if adopted, would effectively compel all boards and management of public companies (but only of public companies) to subordinate their judgment of materiality to the SEC’s and treat essentially any and all climate-related matters, including any amount of Scope I and Scope II emissions, as material, regardless of whether there is a substantial likelihood that a reasonable shareholder would consider it important.”
“The Proposed Rule substantially deviates from the longstanding conception of materiality under the federal securities laws which is supported by related case law. For decades, the existing concept of materiality has advanced the best interests of investors, encouraged capital formation, and helped ensure the integrity of our capital markets. In contrast, the Proposed Rule calls for the disclosure of granular climate-related information that is often immaterial under the standard of materiality that the United States Supreme Court handed down decades ago.”

B. Implementation Timing

The Proposed Rules provide for a phase-in implementation schedule, assuming that final rules are adopted and effective by the end of 2022. Large accelerated filers would be required to comply with the disclosure requirements (other than Scope 3) beginning with fiscal year-end 2023 (for years 2023, 2022 and 2021), accelerated and non-accelerated filers would be required to comply beginning with fiscal year-end 2024 (for years 2024, 2023 and 2022 if included in the Form 10-K) and smaller reporting companies would be required to comply beginning with fiscal year-end 2025 (for years 2025, 2024 and 2023 if included in the Form 10-K). Disclosure on Scope 3 emissions would be required the succeeding year for large accelerated, accelerated and non-accelerated filers.

52% of public company letters and 29% of industry association letters commented with concerns that the implementation timeline would be too short for registrants to comply with the final rules once adopted.

Sample Comments:

“The timeline for implementing the Proposed Rule is far too aggressive. If adopted as proposed, the compliance date for the proposed disclosures (other than Scope 3 emissions disclosure) in annual reports for large accelerated filers . . . could be as early as the fiscal year 2023. That suggests that the necessary systems for compliance be in place by the end of this year and that we would have already needed to have them in place to the extent necessary for comparison to prior periods. For any adopted rule, there should be a multi-year transition period, even for large accelerated filers.”
“Many companies will not have the necessary expertise or staff to adequately respond to the reporting requirements. As a result, they will need to rely heavily on outside consultants, which will further increase compliance costs. . . . This problem is compounded by the relatively brief phase-in period for compliance with the Rule Proposal. . . . One solution would be to extend the transition period for emissions disclosures by one or two years to allow companies to effectively implement the internal controls and procedures required for emissions disclosures.”
“To enable compliance with the Proposed Rules, companies will need to expend significant effort to enhance data collection (including from third parties in their value chain), validation, reporting, control design, and third-party verification. . . . [The company] strongly recommends that the Commission extend the proposed implementation timeline such that the proposed disclosures, including GHG emission metrics, be required no earlier than for the 2024 fiscal year (filed in 2025), and preferably longer. It is critical to give registrants with sufficient time to ensure that their data is available and reliable in time for filing in the 10-K.”
“As the Commission’s proposed standard would be different than [the EPA’s and other GHG] reporting standards, such difference would create additional burden on the underlying processes and systems for gathering the information. . . . As such, we believe that registrants need time to digest the Commission’s final rule and implement tracking mechanisms and/or system enhancements. . . . We recommend that the Commission provide a transition period of at least one year from the issuance of the final rule until the start of the first reporting period provided the Commission modifies the financial metric disclosure requirements as recommended herein or a transition period of at least two years if the final rule is issued substantially as proposed.”
“We therefore respectfully ask the Commission to review and consider delaying the implementation timeline for all registrants and the phase-in periods for Scopes 1 and 2 emissions disclosure and assurance to at least five (5) years following the adoption of the final rules. This recommendation is consistent with the implementation timeline adopted for major recent changes to financial reporting standards such as the Financial Accounting Standards Board’s (FASB) implementation timeline for each of the revenue recognition and lease accounting standards, each of which provided public companies with significantly longer implementation timelines. . . . And prior to their issuance, the FASB worked for several years with stakeholders, including the financial statement preparer community, to finalize these rules. Neither rule contemplated changes that are as significant as those set forth in the Proposal.”

C. Increased Cost of Being a Public Company

The Commission estimates that annual direct costs to comply with the proposed rules (including both internal and external resources) would range from $490,000 (smaller reporting companies) to $640,000 (non-smaller reporting companies) in the first year and $420,000 to $530,000 in subsequent years.[3]

52% of public company letters and 43% of industry association letters raised concerns about the actual (and economic) cost of the Proposed Rules. Many believe the SEC underestimated the implementation costs, and a handful of companies provided quantitative estimates as to actual cost.

Sample Comments:

“We are . . . concerned about the cost, complexity and practicability of complying with parts of the Proposal (in particular, the proposed amendments to Regulation S-X) that will be borne by registrants of all sizes, and which we believe, will significantly exceed the estimates set forth in the Proposal. Our company expects implementation costs in the $100-500 million range, and annual costs for on-going compliance in the $10-25 million range — costs that will ultimately be borne by investors and the public markets.”
“This additional reporting [on GHG emissions] will come at a high costs: EPA estimated if it lowered its own de minimis reporting thresholds from 25,000 to 1,000 metric tons of CO₂e per year it would cost an additional $266 million (in 2006 dollars). . . . EPA updated the reporting requirements for petroleum and natural gas systems in 2010. In doing so, EPA estimated that the incremental cost to reduce the bright line threshold from 25,000 to 1,000 would cost an additional $54.43 million (2006 dollars). . . . Based on EPA’s figures, the Proposed Rule could mean an additional cost to [the company] of $7,000,000 or more in 2006 dollars just to track and report Scope 1 emissions from additional facilities. These figures also suggest that the Commission has not fully accounted for the cost of this rule.”
“[The company] estimates the cost of voluntarily reporting Scope 3 GHG emissions to be more than $1 million. . . . This does not include accounting personnel to incorporate Scope 3 emissions reporting into our Form 10-K or any commercial efforts needed to amend contracts or attempt to gather and verify Scope 3 emissions data across our value change to the extent it can be identified. Furthermore, [the company] estimates implementing the amendments to Regulation S-X would also be in the millions of dollars.”
“[A small cap public company] estimate[s] that the total annual cost of satisfying the disclosure requirements set forth in the Proposal would be approximately $500,000 to $800,000, which would be significant for a company of our size.”
“We believe the Commission’s cost estimates are significantly understated for large accelerated filers. . . . Currently, [the company’s] climate-related disclosures activities in line with TCFD recommendations require time and several million dollars in costs for data and information collection, IT system solutions, services provided and other related tools, techniques, and expertise. This does not include the significant additional time and cost of assurance of our performance data and disclosures.”
“[W]e believe the SEC has significantly underestimated the costs of compliance, which we believe would be many multiples of the projected $640,000 per year initially and would likely increase over time.”
“The cost of registrants trying to report in alignment with just certain aspects of TCFD for their first time on a voluntarily basis can be around $500,000. This does not account for the level of rigor, financial line items, attestation, and liability costs associated with complying with this Proposed Rule. The actual cost for complete alignment to TCFD could be up to $1,000,000 per registrant over several years. This does not include the annual cost associated with preparing for and conducting attestation.”
“[B]y only considering the costs of compliance to the public companies that are required to file, SEC misses completely the costs to companies that supply SEC filers, the largest being the induced requirement to gather and report their GHG emissions to the filing company as a condition of their supply relationship. . . . [B]ecause filing companies will have to undertake the herculean task of estimating their Scope 3 emissions, they will have no other choice but to require their suppliers to provide their GHGs, even if those suppliers have no regulatory requirement otherwise to report to SEC or EPA.”

D. Timing Deadlines for Reporting

The Proposed Rules would require the new climate-related disclosure to be included annually in the registrant’s Form 10-K (and Form 20-F for foreign private issuers). By requiring disclosures in Form 10-K, large accelerated filers will need to finalize both the traditional year-end financial reporting and the new climate-related disclosure no later than 60 calendar days after the fiscal year end.

45% of public company letters and 24% of industry association letters commented on the reporting timeline for the new climate-related disclosure requirements, with many requesting additional time to prepare the necessary disclosure.

Sample Comments:

“We have experience with reporting GHG emissions data and understand the time commitments and complexities involved to gather, model, analyze and verify the accuracy of such data. In addition to our disclosure of Scope 1 GHG emissions data in our Form 10-K, we also include Scope 2 and Scope 3 emissions data in our Climate Report, which is published significantly later in the year compared to our Form 10-K filing. We recommend that registrants be allowed to provide preliminary emissions data . . . for the most recently completed fiscal year as an estimated amount in the Form 10-K with final emissions data, with the corresponding attestation report on Scope 1 and Scope 2 emissions, provided in a subsequent reporting period (either later in the year on Form 10-Q or the following year Form 10-K).”
“The Proposal’s requirement for all climate-related disclosures to be provided in a registrant’s annual report on Form 10-K will prove challenging. Registrants already face significant pressure to meet existing annual and quarterly reporting deadlines, and the addition of climate-related disclosures, particularly quantitative disclosures that will need to be accompanied by assurance, will only increase such pressures. Moving GHG emissions disclosures and assurance to a separate report, such as furnishing within a specialized disclosure in Form SD with a later reporting deadline in the calendar year, will provide companies with additional time to properly collect GHG emissions data and assurance providers sufficient time to render their opinions. As an alternative, it may also be advisable to report GHG emissions on a one-year lag to ensure sufficient time for reporting and assurance.”
“The SEC financial reporting timelines are not consistent with current regulatory and voluntary reporting timelines. Currently our regulatory and voluntary reporting is based on verified annual data for the prior fiscal year. This means that GHG emissions data are collected and submitted to applicable regulators at the end of the first quarter following the reporting period. Voluntary disclosures such as our annual sustainability report and CDP submission are typically published at the end of the second quarter following the end of the reporting period. Transitioning to a reporting schedule that is consistent with SEC deadlines for Form 10-K will require an additional, parallel reporting process which will incorporate significant estimates (e.g., for the prior 4th quarter), reducing the accuracy of the information and its usefulness to investors and will impose a major burden on our existing reporting systems. A separate mid-year climate disclosure requirement would help ease the transition and avoid the potential need to update these disclosures based on actual data received after the Form 10-K filing deadline.”

E. Liability

The Proposed Rules would treat all climate-related disclosures as “filed” rather than “furnished” (other than those included in a foreign private issuer’s Form 6-K, which generally are “furnished”). This means that, in addition to general anti-fraud liability under Rule 10b-5 under the Exchange Act, such disclosures would be subject to incremental liability under Section 18 of the Exchange Act and, to the extent such disclosures are included or incorporated by reference into Securities Act registration statements, subject to liability under Sections 11 and 12 of the Securities Act.

45% of public company letters and 43% of industry association letters commented on liability concerns, with many requesting the climate-related disclosures be “furnished” rather than “filed” and that safe harbor protections from Sections 11, 12 and 17(a) of the Securities Act and Sections 10(b) and 18 of the Exchange Act be afforded for certain of the proposed disclosure requirements, including any forward-looking information and GHG emissions disclosure.

Sample Comments:

“Due to the long-term and uncertain nature of certain climate-related information, particularly while associated frameworks and standards are still evolving, [the company] believes that climate-related disclosures should be furnished to, rather than filed with the Commission, and not be included as part of any annual or quarterly Sarbanes-Oxley Act certifications.”
“[W]e believe that the new climate report should be treated as “furnished” instead of “filed” for purposes of liability under the Exchange Act, and not automatically incorporated by reference into Securities Act registration statements (where strict liability applies). This approach would appropriately recognize the novel and complex nature of the proposed disclosure requirements – including, among other items, GHG emissions data, scenario planning, targets and goals, and the detailed nature of many of the proposed requirements – which go far beyond information that has been required in SEC filed reports. In these circumstances, treating the information as furnished would provide appropriate liability protection while continuing to make the information widely available via the SEC’s EDGAR system.”
“[I]f climate information is subject to liability under Section 18 of the Securities Exchange Act and the strict liability provisions of Section 11 of the Securities Act, issuers are likely to disclose information in the most limited manner possible, and they may be unwilling to provide additional information that could give investors context. For these reasons, until climate-related estimation, monitoring and measurement methodologies and processes are sufficiently mature to support the more rigorous liability standards, we believe it would be more appropriate to remove the private right of action under 10b-5 with respect to such disclosures, or allow registrants to furnish climate-related disclosures as part of a separate disclosure report, formally furnished to the SEC, or make such disclosures through existing sustainability reports.”
“As climate change views and related rules and interpretations continue to evolve, we would appreciate the ability to furnish rather than file any mandated climate-related disclosures, particularly any disclosure requirements subject to significant interpretation or differences of opinion. Allowing such disclosures to be furnished and strengthening safe harbors around good faith disclosures will encourage greater disclosure transparency while climate and sustainability views evolve into greater uniformity.”
“There should exist a meaningful safe harbor for the entirety of any final rule considering the unique challenges that the SEC itself recognizes registrants must overcome to meet the proposed climate-related disclosure obligations. The SEC should enhance the safe harbor to recognize the evolving nature and inherent uncertainties of assessing climate risks to the level of granularity (e.g., risks to specific locations and assets) required in the Proposed Rule. Registrants should be shielded from liability for forward-looking statements and any inaccuracy in the reporting of the many metrics that necessarily involve uncertainty and subjective or speculative judgment calls.”

F. SEC Authority to Implement Proposed Rules

26% of public company letters and 81% of industry association letters commented on whether the Commission has the authority to implement the Proposed Rules.

Several of these commenters also raised the First Amendment concern noted by Commissioner Hester Peirce in her dissent to the Proposed Rules. Commissioner Peirce expressed a view that the proposal exceeds the Commission’s statutory limits of authority “by using the disclosure framework to achieve objectives that are not [the Commission’s] to pursue and by pursuing those objectives by means of disclosure mandates that may not comport with First Amendment limitations on compelled speech.”[4]

Sample Comments:

“The Proposal, as currently written, suffers from legal flaws that will undermine the validity of any final rule and the Commission’s objectives. Although information regarding climate risks and transition opportunities is important to many investors and companies, as evidenced by the Form 10-Ks and sustainability reports published by [association] members, the Proposal imposes an unprecedented degree of granularity and would require official reporting through the stringent requirements of Regulations S-X and S-K on predictive judgments that fall far outside of what federal securities laws demand. The Proposal also raises serious constitutional questions under the separation of powers. Furthermore, aspects of the Proposal would violate the First Amendment’s prohibition against compelled speech. If the Commission does not significantly alter the Proposal to address these concerns, then the final version of the rule will be vulnerable to invalidation on legal grounds.”
“We agree it is critical for the Commission to adhere to the scope of its authority as established by Congress, to adhere to established precedent regarding materiality and to carefully consider the risks associated with compelled speech. We further agree with the API the Proposal is beyond the scope of the Commission’s authority, violates foundational principles regarding materiality, as that term has been interpreted by the U.S. Supreme Court, and raises significant Constitutional concerns.”
“Congress has not given the SEC unlimited authority over the economy or climate change policy. The use of the [TCFD Framework] and the [GHG Protocol] as the basis of the disclosure framework for the proposal makes it clear that the SEC is attempting to achieve outcomes which are not within the agency’s authority. . . . Congress has yet to issue a specific mandate allowing the SEC to order climate-change disclosures.”
“We share many of the additional concerns articulated by other commenters about the breadth, potential impacts and legal authority to implement the Proposal, including, among others, whether the Proposal is within the scope of authority granted to the SEC by Congress, is enforceable based on application of the major questions doctrine, or exceeds First Amendment limitations on compelled speech.”

VI. Select Remarks from Non-Reporting Companies

Non-reporting energy companies who submitted comment letters focused primarily on concerns with the Proposed Rules’ impact on the energy industry in general and, specifically, on smaller, private companies. Many raised concerns that the Proposed Rules would “operate to limit or deny financing to oil and natural gas companies.” As one sample comment noted, “[t]hese time-intensive, resource-heavy measures will impair the abilities of private companies to pursue their business plans and grow through private capital. Increased costs will create significant burdens even if such private companies ultimately never seek to access the public market.”

Non-reporting companies also raised concerns that the Proposed Rules, and in particular, the GHG emissions reporting requirements, would “undoubtedly demand additional information from . . . privately traded companies not otherwise subject to the SEC’s jurisdiction” and impact the ability of smaller suppliers to public energy companies to compete for business. As noted by a few commenters:

“[b]ecause any one company’s Scope 3 emissions permeate among potentially many hundreds or even thousands of companies and millions of consumers, they are nearly impossible to accurately measure, calculate, or otherwise estimate. SEC would be requiring companies . . . to determine emissions data that are not available from our suppliers, who may-or may not-have SEC reporting obligations. The rule would incentivize SEC filers to favor large suppliers who have the wherewithal to calculate and provide their emissions data while disadvantaging smaller suppliers that cannot.”

One commenter also noted the impact of the Proposed Rules on private companies seeking to go public:

“The Proposed Rule explicitly notes that the climate-related disclosures and data must be included in registration statements but, per the implementation timeline, provides a delayed compliance date for registrants other than large accelerated filers. A smaller private company contemplating an IPO that would, if already public, qualify as an accelerated filer or non-accelerated filer, would be required to comply with the Proposed Rule’s disclosure requirements before an existing accelerated filer or non-accelerated filer, thereby increasing the burden on new entrants to the public markets. Likewise, the Proposed Rule’s amendments to Form S-4 would require a private target company to present all the disclosures required by the Proposed Rule in a Registration Statement on Form S-4 registering the equity securities of the acquiror to be issued in an M&A transaction. For a non-reporting company that has not maintained such records (and which may have been indifferent as to whether its potential acquiror was a reporting company), such a disclosure requirement presents a significant potential barrier to being acquired in an M&A transaction or a SPAC merger.”

VII. Conclusion

The breadth and scope of the Proposed Rules predictably resulted in many comments from the energy industry. These comments are informative as to how the industry is reacting to the Proposed Rules and what steps may be necessary for companies to start taking to be positioned to comply with the Proposed Rules, when adopted. Gibson Dunn’s premier securities regulation and energy lawyers are available to assist companies with preparation and compliance with new disclosure requirements.

___________________________

[1] For purposes of this client alert, we define energy companies to include companies in the oil and gas industry, including those in the exploration and production, midstream, downstream, and oilfield services sectors.

[2] See Release No. 33-11042, p. 9-10.

[3] See Release No. 33-11042, p. 373.

[4] See Commission Hester Peirce, “We are Not the Securities and Environment Commission – At Least Not Yet,” Mar. 21, 2022, https://www.sec.gov/news/statement/peirce-climate-disclosure-20220321.

The following Gibson Dunn lawyers prepared this client update: Hillary Holmes, Justine Robinson, Tull Florey, Brian Lane, Jim Moloney, Gerry Spedale, and Peter Wardle.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have about these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, or any of the following leaders and members of the firm’s Securities Regulation and Corporate Governance, Environmental, Social and Governance (ESG), Capital Markets, and Energy practice groups:

Securities Regulation and Corporate Governance Group:
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
James J. Moloney – Orange County (+1 949-451-4343, jmoloney@gibsondunn.com)
Lori Zyskowski – New York (+1 212-351-2309, lzyskowski@gibsondunn.com)
Brian J. Lane – Washington, D.C. (+1 202-887-3646, blane@gibsondunn.com)
Ronald O. Mueller – Washington, D.C. (+1 202-955-8671, rmueller@gibsondunn.com)
Thomas J. Kim – Washington, D.C. (+1 202-887-3550, tkim@gibsondunn.com)

Environmental, Social and Governance (ESG) Group:
Susy Bullock – London (+44 (0) 20 7071 4283, sbullock@gibsondunn.com)
Perlette M. Jura – Los Angeles (+1 213-229-7121, pjura@gibsondunn.com)
Ronald Kirk – Dallas (+1 214-698-3295, rkirk@gibsondunn.com)
Michael K. Murphy – Washington, D.C. (+1 202-955-8238, mmurphy@gibsondunn.com)
Selina S. Sagayam – London (+44 (0) 20 7071 4263, ssagayam@gibsondunn.com)

Capital Markets Group:
Andrew L. Fabens – New York (+1 212-351-4034, afabens@gibsondunn.com)
Hillary H. Holmes – Houston (+1 346-718-6602, hholmes@gibsondunn.com)
Stewart L. McDowell – San Francisco (+1 415-393-8322, smcdowell@gibsondunn.com)
Peter W. Wardle – Los Angeles (+1 213-229-7242, pwardle@gibsondunn.com)

Oil and Gas Group:
Michael P. Darden – Houston (+1 346 718 6789, mpdarden@gibsondunn.com)
Anna P. Howell – London (+44 (0) 20 7071 4241, ahowell@gibsondunn.com)
Brad Roach – Singapore (+65 6507 3685, broach@gibsondunn.com)

Power and Renewables Group:
Gerald P. Farano – Denver (+1 303-298-5732, jfarano@gibsondunn.com)
Peter J. Hanlon – New York (+1 212-351-2425, phanlon@gibsondunn.com)
Nicholas H. Politan, Jr. – New York (+1 212-351-2616, npolitan@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

On August 7, 2022, the Senate voted 51-50 to pass the Inflation Reduction Act of 2022 (the “Act”), which broadly addresses climate change, taxes, health care, and inflation. The action sends the measure to the House of Representatives for a vote as early as Friday of this week. The House is expected to pass the $430 billion Act without amendments and send it to the White House for President Biden’s signature. Federal agencies then would implement the law and promulgate rules as to the deployment of the funding.

Our previous alert analyzed proposed changes to U.S. tax law that were in an earlier draft of the legislation that was released on July 27, 2022. Consistent with the prior version of the legislation, the Senate-passed version of the Act includes a 15-percent corporate minimum tax, provides multi-year IRS funding with a dramatic increase in funding for tax enforcement, and extends and expands tax incentives for clean energy.

Notably, the Senate-passed version of the Act differs from the prior draft legislation in certain major respects, including that the Act (1) does not change existing law regarding the tax treatment of carried interests, (2) adds a one-percent excise tax on certain corporate stock buybacks, and (3) eases some of the effects of the new corporate minimum tax by, for example, taking into account certain depreciation and amortization deductions. A change relating to the corporate minimum tax in the draft legislation that may have adversely affected private equity funds was rejected.

Excise Tax on Stock Buybacks

As noted above, the Act introduces a one-percent excise tax on certain corporate stock buybacks. The proposal for the excise tax is identical to the excise tax that was proposed as part of the Build Back Better Act (H.R. 5376) at the end of 2021.

More specifically, the Act would impose a non-deductible one-percent excise tax on the fair market value of certain stock that is “repurchased” during the taxable year by a publicly traded U.S. corporation or acquired by certain of its subsidiaries. The taxable amount is reduced by the fair market value of certain issuances of stock throughout the year. On August 9, 2022, the Joint Committee on Taxation released its revenue estimate projecting that the excise tax will raise more than $73 billion in revenue over ten years.

A special rule would impose the tax on a publicly traded non-U.S. corporation that owns a U.S. entity that expatriated (as determined for U.S. tax purposes) after September 20, 2021. Another special rule would tax certain majority-owned U.S. subsidiaries in connection with certain acquisitions of the stock of their publicly traded non-U.S. parent corporations. (A publicly traded non-U.S. corporation’s non-U.S. subsidiary that undertakes such an acquisition generally would not be subject to the tax, except in the case of a subsidiary non-U.S. partnership with a U.S. entity as a direct or indirect partner.[1])

A “repurchase” includes a “redemption” (generally, any acquisition by a corporation of its stock in exchange for cash or property other than the corporation’s own stock or stock rights) and any other “economically similar” transaction, as determined by the Treasury. Certain repurchases, however, would be specifically excepted from the excise tax. Those include: (1) a repurchase to the extent it is part of a tax-free reorganization and no gain or loss is recognized on the repurchase by the shareholder “by reason of” the reorganization, (2) repurchases followed by a contribution of the repurchased stock (or stock with an equivalent value) to an employee pension plan, employee stock ownership plan, or similar plan, (3) stock repurchases the total value of which does not exceed $1 million during the taxable year, (4) repurchases by a dealer in securities in the ordinary course of business, (5) repurchases by regulated investment companies or real estate investment trusts, and (6) a repurchase that is treated as a dividend for U.S. federal income tax purposes.

The excise tax has a potentially broad reach. For example, certain split-off transactions and leveraged acquisitions that constitute redemptions for U.S. federal income tax purposes may be “repurchases.” Further, the definition of “repurchase” includes transactions that are “economically similar” to redemptions (as determined by the Treasury), so it is possible that a wide range of other corporate transactions that would not constitute stock buybacks in the traditional sense may be subject to the excise tax.

The excise tax would apply to “repurchases” occurring after December 31, 2022.

Revisions to the Corporate Alternative Minimum Tax

In the course of Senate negotiations, one significant change was made to the Act’s 15-percent corporate alternative minimum tax and one potentially significant change was rejected:

In a taxpayer-favorable development, the Act’s calculation of adjusted financial statement income was modified to allow depreciation generally (and amortization deductions for certain wireless spectrum specifically) to be computed using U.S. federal tax accounting methods, conventions, and class lives in lieu of corresponding financial statement principles. This modification will be beneficial to participants in industries that tend to make significant investments in property, plant and equipment (such as manufacturers). We also anticipate it will be a welcome development for sponsors of and investors in clean energy projects (which are further incentivized in the Act as described in our previous alert) because depreciation is one of the key tax attributes that is monetized by a tax equity investor in connection with a clean energy project financing transaction.
A change to the rules for aggregating entities in applying the minimum tax’s $1 billion income threshold (previously proposed as part of the Build Back Better Act and incorporated in a revised draft of the legislation) that would have grouped together additional entities (including, notably, private equity funds) was rejected via an amendment from Senator Thune shortly before passage of the Act.[2] It is hoped that additional clarification or confirmation in the form of committee reports or legislative history will be forthcoming to give guidance and instruction to the IRS and Treasury regarding the import of this aspect of the Act.
The Joint Committee on Taxation has projected that the minimum tax will raise more than $222 billion in revenue over ten years, a decline from the more than $318 billion in revenue that was projected to be raised from a similar provision included in the Build Back Better Act at the end of 2021.

Partnership Issues and Other Guidance Needs

Significant guidance from the IRS and Treasury will be necessary to administer the tax law changes included in the Act, in particular with respect to partnerships. For example, the new 15-percent corporate alternative minimum tax requires a determination of an applicable corporation’s “distributive share” of a partnership’s “adjusted financial statement income” without providing guidance as to how that “share” is to be determined. In addition, the excise tax on corporate stock buybacks applies to stock acquired by a partnership that is majority-owned “directly or indirectly” by the corporation, but the statutory provision itself does not include any further rules for determining such ownership. Further, the new tax credit transfer regime has a rule addressing a transfer of an eligible credit by a partnership, but no rules for the subsequent treatment of an eligible credit transferred to a partnership.

_________________________

[1] The intended interaction of these rules with the “May Company” regulations of Treas. Reg. § 1.337(d)-3 is not entirely clear.

[2] In connection with this amendment, the disallowance of excess of business losses by noncorporate taxpayers under section 461(l) was ultimately extended for two years (through 2028).

This alert was prepared by Josiah J. Bethards, Michael Q. Cannon, Michael J. Desmond, Matthew J. Donnelly, Pamela Lawrence Endreny, Bree Gong, Brian Hamano, Roscoe Jones Jr., Jamie Lassiter, and Eric B. Sloan.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Tax, Global Tax Controversy and Litigation, or Public Policy practice groups:

Tax Group:
Dora Arash – Los Angeles (+1 213-229-7134, darash@gibsondunn.com)
Sandy Bhogal – London (+44 (0) 20 7071 4266, sbhogal@gibsondunn.com)
Michael Q. Cannon – Dallas (+1 214-698-3232, mcannon@gibsondunn.com)
Hanna Chalhoub – Dubai (+971 (0) 4 318 4634, hchalhoub@gibsondunn.com)
Michael J. Desmond – Los Angeles/Washington, D.C. (+1 213-229-7531, mdesmond@gibsondunn.com)
Anne Devereaux* – Los Angeles (+1 213-229-7616, adevereaux@gibsondunn.com)
Matt Donnelly – Washington, D.C. (+1 202-887-3567, mjdonnelly@gibsondunn.com)
Pamela Lawrence Endreny – New York (+1 212-351-2474, pendreny@gibsondunn.com)
Benjamin Fryer – London (+44 (0) 20 7071 4232, bfryer@gibsondunn.com)
Brian R. Hamano – Los Angeles (+1 310-551-8805, bhamano@gibsondunn.com)
Kathryn A. Kelly – New York (+1 212-351-3876, kkelly@gibsondunn.com)
Brian W. Kniesly – New York (+1 212-351-2379, bkniesly@gibsondunn.com)
Loren Lembo – New York (+1 212-351-3986, llembo@gibsondunn.com)
Jennifer Sabin – New York (+1 212-351-5208, jsabin@gibsondunn.com)
Eric B. Sloan – Co-Chair, New York (+1 212-351-2340, esloan@gibsondunn.com)
Jeffrey M. Trinklein – London/New York (+44 (0) 20 7071 4224 /+1 212-351-2344), jtrinklein@gibsondunn.com)
John-Paul Vojtisek – New York (+1 212-351-2320, jvojtisek@gibsondunn.com)
Edward S. Wei – New York (+1 212-351-3925, ewei@gibsondunn.com)
Lorna Wilson – Los Angeles (+1 213-229-7547, lwilson@gibsondunn.com)
Daniel A. Zygielbaum – Washington, D.C. (+1 202-887-3768, dzygielbaum@gibsondunn.com)

Global Tax Controversy and Litigation Group:
Michael J. Desmond – Co-Chair, Los Angeles/Washington, D.C. (+1 213-229-7531, mdesmond@gibsondunn.com)
Saul Mezei – Washington, D.C. (+1 202-955-8693, smezei@gibsondunn.com)
Sanford W. Stark – Co-Chair, Washington, D.C. (+1 202-887-3650, sstark@gibsondunn.com)
C. Terrell Ussing – Washington, D.C. (+1 202-887-3612, tussing@gibsondunn.com)

Public Policy Group:
Michael D. Bopp – Co-Chair, Washington, D.C. (+1 202-955-8256, mbopp@gibsondunn.com)
Roscoe Jones, Jr. – Co-Chair, Washington, D.C. (+1 202-887-3530, rjones@gibsondunn.com)

* Anne Devereaux is an of counsel working in the firm’s Los Angeles office who is admitted only in Washington, D.C.; Bree Gong is an associate working in the firm’s Palo Alto office who is admitted only in New York; and Jamie Lassiter is an associate working in the firm’s Los Angeles office who is admitted only in New York and Texas.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

The second quarter of 2022 saw U.S. federal lawmakers and agencies focus on draft legislation and guidance aimed at closing the gap to the EU with respect to addressing risks in the development and use of AI systems, in particular risks related to algorithmic bias and discrimination. The American Data Privacy and Protection Act (“ADPPA”), the bipartisan federal privacy bill introduced to the U.S. House in June 2022, marks a major step towards a comprehensive national privacy framework, and companies should take particular note of its inclusion of mandated algorithmic impact assessments. Meanwhile, the E.U.’s regulatory scheme for AI continues to wind its way through the EU legislative process. Though it is unlikely to become binding law until late 2023 at the earliest, the EU policy landscape remains dynamic.

Our 2Q22 Artificial Intelligence and Automated Systems Legal Update focuses on these key efforts, and also examines other policy developments within the U.S. and EU that may be of interest to domestic and international companies alike.

I. U.S. ENFORCEMENT, REGULATORY & POLICY DEVELOPMENTS

A. U.S. National AI Strategy

1. U.S. Department of Commerce: U.S. Department of Commerce Appoints 27

Members to National AI Advisory Committee

On April 14, 2022, the U.S. Department of Commerce announced the appointment of 27 experts to the National Artificial Intelligence Advisory Committee (“NAIAC”), which will advise the President and the National AI Initiative Office on a range of issues related to AI.[1] The appointments are the first for the recently established committee, created in response to the National AI Initiative Act of 2020. The initiative directs the NAIAC to provide recommendations on topics like the current state of U.S. AI competitiveness, the state of science around AI, and AI workforce issues. The committee also is responsible for advice regarding the management and coordination of the initiative itself, including its balance of activities and funding.

2. NIST AI Risk Management Framework

As noted in our 1Q22 Legal Update,[2] in March 2022, the National Institute of Standards and Technology (“NIST”) released for public comment an initial draft of its AI Risk Management Framework (“AI RMF”), which provides guidance for managing risks in the design, development, use, and evaluation of AI systems. NIST separately released a document titled, “Towards a Standard for Identifying and Managing Bias within Artificial Intelligence,” which aims to provide guidance for mitigating harmful bias in AI systems.

Subsequently, on March 29-31, 2022, NIST held its second broad stakeholder workshop on its draft AI RMF titled, “Building the NIST AI Risk Management Framework: Workshop #2.”[3] The workshop extensively discussed the AI RMF as well as international trends and standards and mitigating harmful AI bias. NIST is seeking stakeholder feedback on the draft framework as part of a process over the next year to release a full version 1.0 of the AI RMF, which NIST intends to be a critical tool for organizations to identify and manage risks related to AI, including in areas like potential bias. We stand ready to assist clients who wish to participate in this process.

B. Algorithmic Accountability and Consumer Protection

1. FTC

The Federal Trade Commission (“FTC”) continues to position itself as a key regulator of AI technology. In December 2020, as part of the 2021 Appropriations Act, Congress tasked the FTC with conducting a study and reporting on whether and how AI could be used to identify, remove, or take other appropriate action to address a variety of online harms (scams, deepfakes, child sexual abuse, terrorism, hate crimes and harassment, election-related disinformation, and the traffic in illegal drugs and counterfeit goods). Congress also required the FTC to recommend reasonable policies and procedures for using AI to combat these online harms, and any legislation to “advance the adoption and use of [AI]” for these purposes.

In its June 16, 2022 report,[4] the FTC advised that, while AI can be used as a tool to detect and remove harmful material online, there are significant risks associated with its use. In particular, the FTC cautioned that because AI systems rely on algorithms and inputs created by humans, and often have built-in motivations geared more towards consumer engagement rather than content moderation, even supposedly neutral systems can disproportionately harm minorities while threatening privacy and free speech. Additionally, the FTC stated that while many companies currently use AI tools to moderate content, they “share little information about how these systems work, or how useful they are in actually combating harmful content.”[5] The FTC therefore advised that there needs to be more transparency before the government can understand how AI tools work in the real world. Although the Commission acknowledged that major tech platforms and others are already using AI tools to address online harms, the report’s final recommendation is that Congress should avoid laws that would mandate or overly rely on the use of AI to combat online harms and instead conduct additional investigation into other tools that might also be helpful in moderating online content. In his dissenting statement, Commissioner Phillips noted that the report “has no information gleaned directly from individuals and companies actually using AI to try to identify and remove harmful online content, precisely what Congress asked us to evaluate.”[6]

Further, on June 22, 2022, Senators Ed Markey (D-MA), Elizabeth Warren (D-MA), Brian Schatz (D-HI), Cory Booker (D-NJ), Ron Wyden (D-OR), Tina Smith (D-MN), and Bernie Sanders (VT) sent a letter to FTC chair Lina Khan urging the FTC to “build on its guidance regarding biased algorithms and use its full enforcement and rulemaking authority to stop damaging practices involving online data and artificial intelligence.”[7] The letter cites the National Institute of Standards and Technology’s study that Black and Asian individuals “were up to 100 times more likely to be misidentified” by biometric surveillance tools than white individuals, and asks the FTC to use its authority to combat “invasive and discriminatory biometric surveillance tools,” including facial recognition tools.

a) Digital Platform Commission Act of 2022 (S. 4201)

On May 12, 2022, Senator Michael Bennet (D-CO) introduced the Digital Platform Commission Act of 2022 (S. 4201), which would empower a new federal agency, the Federal Digital Platform Commission, to promulgate rules, impose civil penalties, hold hearings, conduct investigations, and support research with respect to online platforms that facilitate interactions between consumers, as well as between consumers and entities offering goods and services.[8] The Commission would have a broad mandate to promote the public interest, with specific directives to protect consumers, promote competition, and assure the fairness and safety of algorithms on digital platforms, among other areas. Regulations contemplated by the bill include requirements that algorithms used by online platforms “[be] fair, transparent, and without harmful, abusive, anticompetitive, or deceptive bias.” The bill has been referred to the Committee on Commerce, Science, and Transportation.

b) Health Equity and Accountability Act of 2022 (H.R. 7585)

Introduced in the House on April 26, 2022, the Health Equity and Accountability Act of 2022 (H.R. 7585) aims to address algorithmic bias in the context of healthcare.[9] The Bill would require the Secretary of Health and Human Services to establish a “Task Force on Preventing AI and Algorithmic Bias in Healthcare” to develop guidance “on how to ensure that the development and [use] of artificial intelligence and algorithmic technologies” in delivering care “does not exacerbate health disparities” and help ensure broader access to care. Additionally, the Task Force would be charged with identifying the risks posed by a healthcare system’s use of such technologies to individuals’ “civil rights, civil liberties, and discriminatory bias in health care access, quality, and outcomes.” The bill has been referred to the Committee on Energy and Commerce.

c) California Department of Insurance Issues Bulletin Addressing Racial Bias and Unfair Discrimination

On June 30, 2022, the California Department of Insurance issued a bulletin addressing racial bias and unfair discrimination in the context of consumer data.[10] The bulletin notes that insurance companies and other licensees “must avoid both conscious and unconscious bias or discrimination that can and often does result from the use of artificial intelligence, as well as other forms of ‘Big Data’ … when marketing, rating, underwriting, processing claims, or investigating suspected fraud.”[11] To that end, the Department now requires that insurers and licensees conduct their own due diligence to ensure full compliance with all applicable law “before utilizing any data collection method, fraud algorithm, rating/underwriting or marketing tool, insurers and licensees must conduct their own due diligence to ensure full compliance with all applicable laws.” In addition, insurers and licensees “must provide transparency to Californians by informing consumers of the specific reasons for any adverse underwriting decisions.”[12]

d) EEOC and DOJ Guidance on the Americans with Disabilities Act and the Use of AI to Assess Job Applicants and Employees

On May 12, 2022, more than six months after the Equal Employment Opportunity Commission (“EEOC”) announced its Initiative on Artificial Intelligence and Algorithmic Fairness,[13] the agency issued its first guidance regarding employers’ use of AI.[14] The EEOC’s non-binding, technical guidance provides suggested guardrails for employers for the use of AI technologies in their hiring and workforce management systems.

The EEOC’s guidance outlines best practices and key considerations that, in the EEOC’s view, help ensure that employment tools do not disadvantage applicants or employees with disabilities in violation of the Americans with Disabilities Act (“ADA”). The guidance provides three ways in which an employer’s tools could be found to violate the ADA: (1) by relying on the tool, the employer fails to provide a reasonable accommodation; (2) the tool screens out an individual with a disability that is able to perform the essential functions of the job with or without an accommodation; and (3) the tool makes a disability-related inquiry or otherwise constitutes a medical examination.

e) EEOC Brings Age Discrimination Action Against Tutoring Software Company

On May 5, 2022, the EEOC filed a complaint in the Eastern District of New York alleging that a software company providing online English-language tutoring to adults and children violated the Age Discrimination in Employment Act (“ADEA”) by denying employment as tutors to a class of plaintiffs because of their age.”[15] Specifically, the EEOC alleges that the company’s application software automatically denied older, qualified applicants by soliciting applicant birthdates and automatically rejecting female applicants age 55 or older and male applicants age 60 or older. The EEOC seeks a range of damages, including back wages, liquidated damages, a permanent injunction enjoining the challenged hiring practice, and the implementation of policies, practices, and programs providing equal employment opportunities for individuals 40 years of age and older.

C. Data Privacy

1. Legislation and Regulation

a) American Data Privacy and Protection Act (H.R. 8152)

On June 21, 2022, members of Congress introduced a bipartisan federal privacy bill, H.R. 8152, the American Data Privacy and Protection Act (“ADPPA”).^{^[16]} The ADPPA aims to create a national framework that would preempt many, but not all, state privacy laws. The bill passed the U.S. House Energy and Commerce Committee on July 20, but is now increasingly unlikely to be passed during this Congressional session.^{^[17]} While ADPPA shares similarities with current state privacy laws, companies should pay attention to several proposed requirements that are particularly relevant to AI technologies.

i. Overview of ADPPA

The ADPPA proposes broad limitations on the kind of data processing that covered entities are allowed to engage in, [18] and also requires companies to provide certain rights to consumers, including a right to notice, a right to ownership or control (a right to access data, correct data, or have data deleted), and a right to opt out or object.[19]

The bill defines “covered entities” as entities subject to the FTC Act, common carriers under federal law, or nonprofits, that “alone or jointly with others” determine the purposes and means of collecting, processing, and transferring covered data.[20] The ADPPA covers a wide variety of personal data, including any data “linked” or “linkable” to an individual or a device, which is similar to the EU’s General Data Protection Regulation (“GDPR”) as well as state privacy laws such as the California Consumer Privacy Act (“CCPA”) or the Virginia Consumer Data Protection Act (“VCDPA”). “Covered data” under the ADPPA includes data that is linkable to a device, not just an individual. Additionally, the definition of “biometric information” does not include photographs or recordings, but does include fingerprints, voice prints, iris or retina scans, “facial mapping or hand mapping,” and gait. De-identified data, employee data, and publicly available information are among the enumerated exemptions.[21]

ii. Algorithmic Assessments

The bill contains new AI assessment obligations that would directly impact companies developing AI technologies. ADPPA would require covered entities and service providers that knowingly develop an algorithm to collect, process, or transfer covered data to produce an algorithm design evaluation (including training data), which must specifically consider any data used to develop the algorithm to reduce the risk of potential harms.[22]

Large data holders must conduct an additional annual impact assessment of any algorithm that is used to collect, process, or transfer covered data, and may cause potential harm to an individual. The assessments must describe the algorithm’s design process, purpose, foreseeable uses, data inputs and the outputs the algorithms generate, as well as steps taken to mitigate potential harms.[23] In particular, harms related to the following areas must be addressed: (1) individuals under the age of 17; (2) advertising for housing, education, employment, healthcare, insurance, or credit opportunities; (3) access to, or restrictions on the use of, a place of public accommodation; or (4) a disparate impact on the basis of protected characteristics.[24] Entities must use an external, independent researcher or auditor to the extent possible and both design evaluations and impact assessments must be submitted to the FTC within 30 days of completion.

Mirroring the risk-based approach adopted by the EU’s draft AI Act, the ADPPA contemplates that the FTC will promulgate regulations that would allow entities to exclude from their design evaluations and impact assessments any algorithms that present low or minimal risk for the enumerated harms.[25]

b) CPRA Draft Regulations

The California Privacy Protection Agency (“CPPA”) released its CPRA draft regulations on May 27, 2022.^{^[26]} The regulations were intended to be finalized by July 1, 2022, but public participation in the rulemaking process is still ongoing, with additional public hearings now scheduled for August 24 and 25, 2022.

In August 2020, the California Attorney General released the final regulations for the CCPA, the comprehensive state privacy law that will be replaced by the CPRA in January 2023. The May 2022 draft CPRA regulations redline the August 2020 CCPA regulations and mostly focus on the CPRA’s changes to the preexisting CCPA concepts. Key regulations addressed by this initial draft include those relating to dark patterns, expanded rules for service providers, third-party contracts, third-party notifications, requests to correct, opt-out preference signals, data minimization, privacy policy rules, revised definitions, and enforcement considerations.

One of the most conspicuous omissions concerns the lack of parameters for automated decision-making. The CPRA defines “profiling” as “any form of automated processing of personal information, as further defined by regulations pursuant to paragraph (16) of subdivision (a) of Section 1798.185 [of the CCPA], to evaluate certain personal aspects relating to a natural person and in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements,” leaving the contours relatively amorphous in scope.^{^[27]} Contrary to the scope defined by other comprehensive state privacy laws and GDPR, commenters have pointed out that the CPRA’s language casts an incredibly wide net that could be argued to cover everything from invasive facial recognition in public places to routine automated processes like calculators and spellcheckers that may process personal information. As expressed in many CPPA public record comments, numerous stakeholders hoped the initial set of regulations would at least clarify this definition, for example, by limiting it to automated technologies that could create a material impact on a person, similar to the GDPR.^{^[28]}

2. Cases

On April 18, 2022, the Ninth Circuit reaffirmed that scraping data in bulk from public websites, like LinkedIn profiles, likely does not breach the federal Computer Fraud and Abuse Act (“CFAA”).^{^[29]} In coming to its conclusion, the Ninth Circuit relied on 2021 U.S. Supreme Court precedent, Van Buren v. United States,^{^[30]} which narrowed what constitutes a CFAA violation to include only situations in which there is unauthorized access to a computer system—in other words where authorization is required and has not been given. The Ninth Circuit found that because there are no rules or access permissions to prevent access on a publicly available website, accessing that publicly available data cannot violate the CFAA.

a) Illinois’ Biometric Information Privacy Act (“BIPA”)

In the second quarter of 2022, we again observed a stream of lawsuits alleging claims under state biometrics laws, in particular, claims relating to the use of facial recognition technology under BIPA. Some notable developments:

The Northern District of Illinois determined that BIPA does not exclude photograph-derived facial information from its scope.^{^[31]} In Sosa et al. v. Onfido Inc., plaintiffs alleged that a biometric software company violated BIPA through software that scans uploaded photographs, extracts biometric identifiers, and determines if those photographs match uploaded identification cards. While the scans were of photographs, the court found that scanning face geography on photographs was effectively obtaining biometric identifiers because nothing in BIPA specifies that the scan must be “in person.”

Several technology companies settled BIPA lawsuits relating to the use of facial recognition software. On May 11, 2022, Clearview AI, Inc. settled a BIPA lawsuit filed in 2020 by the ACLU.^{^[32]} Under the settlement agreement, Clearview agreed to not sell its software to most private companies or individuals in the U.S.—a decision that will largely restrict its use in the U.S. to law-enforcement agencies. On May 25, 2022, seven plaintiffs in the consolidated class action filed against the insurance technology company, Lemonade Inc., were granted preliminary approval of a $4 million settlement. The lawsuit alleged that the company collected users’ facial data between June 2019 and May 2021 without first obtaining written consent or making mandatory disclosures required by BIPA.^{^[33]} As part of the settlement, Lemonade agreed to delete previously collected biometric data.

II. EU ENFORCEMENT, REGULATORY & POLICY DEVELOPMENTS

1. Digital Services Act

In July 2022, the new Digital Services Act (“DSA”), which would require major marketplace and social media platforms to provide insight into their algorithms to the government and to provide users with avenues to remove abusive content and disinformation, was adopted in the first reading by the European Parliament. The DSA must now go through the final stages of adoption before being finalized with an effective date of January 2024 at the earliest.[34] The DSA will impose different obligations on four categories of online intermediaries. The most stringent requirements apply to platforms and search engines with at least 45 million monthly active users in the EU – whether they are established inside or outside the EU – and require them to conduct risk assessments and independent audits, adopt certain crisis response mechanisms and heightened transparency requirements, provide access, upon request, to data for monitoring and assessing compliance, and establish a dedicated DSA compliance function. Accordingly, the DSA – which will be directly applicable in all 27 EU member states – will bring with it significant compliance obligations for large online businesses as well as increased accountability to relevant authorities.

2. The EU Parliament Adopts Special Report on AI

The European Parliament adopted a special report on AI, which sets out a list of demands to secure the EU’s position in AI, and points to research as one of the key means to achieving that goal.[35] The report was developed by the Parliament’s special committee on AI and will underpin work on the upcoming AI Act. The European Parliament’s aim is to support AI research in the EU by increasing public and private investment to €20 billion by 2030. Policymakers believe that “with clear regulations and an investment push,” the EU can catch up with the U.S. and China in terms of AI investment, technology development, research, and attracting talent.

_______________________________

[1] U.S. Dep’t of Commerce, Press Release, U.S. Department of Commerce Appoints 27 Members to National AI Advisory Committee (Apr. 14, 2022), available at https://www.commerce.gov/news/press-releases/2022/04/us-department-commerce-appoints-27-members-national-ai-advisory.

[2] Artificial Intelligence and Automated Systems Legal Update (1Q22), available at https://www.gibsondunn.com/artificial-intelligence-and-automated-systems-legal-update-1q22/.

[3] NIST, Building the NIST AI Risk Management Framework: Workshop #2 (Apr. 19, 2022), available at https://www.nist.gov/news-events/events/2022/03/building-nist-ai-risk-management-framework-workshop-2.

[4] Fed. Trade Comm’n, FTC Report Warns About Using Artificial Intelligence to Combat Online Problems (June 16, 2022), available at https://www.ftc.gov/news-events/news/press-releases/2022/06/ftc-report-warns-about-using-artificial-intelligence-combat-online-problems.

[5] Id.

[6] Fed. Trade Comm’n, Dissenting Statement of Commissioner Noah Joshua Phillips Regarding the Combatting Online Harms Through Innovation Report to Congress (June 16, 2022), available at https://www.ftc.gov/system/files/ftc_gov/pdf/Commissioner%20Phillips%20Dissent%20to%20AI%20Report%20%28FINAL%206.16.22%20noon%29_0.pdf.

[7] Letter to Hon. Lina Khan, Chair FTC (June 22, 2022), available at https://www.politico.com/f/?id=00000181-8b25-d86b-afc1-8b2d11e00000.

[8] S. 4201, 117^th Cong. (2021-2022); see also Press Release, Bennet Introduces Landmark Legislation to Establish Federal Commission to Oversee Digital Platforms (May 12, 2022), available at https://www.bennet.senate.gov/public/index.cfm/2022/5/bennet-introduces-landmark-legislation-to-establish-federal-commission-to-oversee-digital-platforms.

[9] H.R. 7585, 117^th Cong. (2021-2022).

[10] Cal. Ins. Comm’r, Bulletin 2022-5 (June 30, 2022), available at https://www.insurance.ca.gov/0250-insurers/0300-insurers/0200-bulletins/bulletin-notices-commiss-opinion/upload/BULLETIN-2022-5-Allegations-of-Racial-Bias-and-Unfair-Discrimination-in-Marketing-Rating-Underwriting-and-Claims-Practices-by-the-Insurance-Industry.pdf.

[11] Id.

[12] Id.

[13] EEOC, EEOC Launches Initiative on Artificial Intelligence and Algorithmic Fairness (Oct. 28, 2021), available at https://www.eeoc.gov/newsroom/eeoc-launches-initiative-artificial-intelligence-and-algorithmic-fairness.

[14] EEOC, The Americans with Disabilities Act and the Use of Software, Algorithms, and Artificial Intelligence to Assess Job Applicants and Employees (May 12, 2022), available at https://www.eeoc.gov/laws/guidance/americans-disabilities-act-and-use-software-algorithms-and-artificial-intelligence?utm_content=&utm_medium=email&utm_name=&utm_source=govdelivery&utm_term.

[15] EEOC v. iTutorGroup, Inc., No. 1:22-cv-02565 (E.D.N.Y. May 5, 2022).

[16] American Data Privacy and Protection Act, H.R. 8152, 117th Cong. (2022).

[17] The full text of the proposed statute is available here.

[18] Specifically, the legislation limits covered entities to collecting, processing, or transferring data based on what is “reasonably necessary and proportionate” to (1) provide or maintain a specific product or service requested by the individual to whom the data pertains, (2) deliver a communication that is reasonably anticipated by the individual recipient in the context of the individual recipient’s interactions with the covered entity, or (3) for one of the “permissible purposes” enumerated in the bill’s text. The bill would further prohibit the collection and processing of sensitive data “except where such collection or processing is strictly necessary to provide or maintain a specific product or service requested by an individual to whom the covered data pertains” or to effectuate one of the permitted purposes.

[19] The ADPPA would also impose requirements on relationships between covered entities and services providers and third parties, including requirements for contractual terms, and requires covered entities to implement certain accountability measures, like the appointment of data privacy and security officers.

[20] ADPPA § 2(9).

[21] ADPPA § 2(8).

[22] ADPPA § 207(c)(2).

[23] ADPPA § 207(c)(1).

[24] ADPPA § 207(c)(1)(B)(vi)(I)–(IV).

[25] ADPPA § 207(c)(5)(B).

[26] The full text of the proposed regulations is available here.

[27] Cal. Civ. Code § 1798.140(z) (emphasis added).

[28] The GDPR uses an impact to risk–based approach—only governing processing “which produces legal effects concerning him or her or similarly significantly affects him or her.” GDPR at Art. 22(1) (emphasis added). For example, this may include loan or employment applications.

[29] hiQ Labs Inc. v. LinkedIn Corp., No. 17-16783 (9th Cir. 2022).

[30] 141 S. Ct. 1648 (2021).

[31] Sosa et al. v. Onfido Inc., No. 20-cv-4247 (N.D. Ill. 2022).

[32] ACLU v. Clearview AI, Inc., 2020 CH 04353 (Cir. Ct. Cook Cty., Ill. 2022).

[33] Prudent v. Lemonade Inc. et al., 1:21-cv-07070 (S.D.N.Y. 2022).

[34] European Commission, The Digital Services Act package, available at https://digital-strategy.ec.europa.eu/en/policies/digital-services-act-package.

[35] European Parliament, Report – A9-0088/2022, REPORT on artificial intelligence in a digital age (Apr. 5, 2022), available at https://www.europarl.europa.eu/doceo/document/A-9-2022-0088_EN.html; see further Goda Naujokaityte, Parliament gives EU a push to move faster on artificial intelligence, Science Business (May 5, 2022), available at https://sciencebusiness.net/news/parliament-gives-eu-push-move-faster-artificial-intelligence.

The following Gibson Dunn lawyers prepared this client update: H. Mark Lyon, Frances Waldmann, Emily Lamm, and Samantha Abrams-Widdicombe.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Artificial Intelligence and Automated Systems Group, or the following authors:

H. Mark Lyon – Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com)
Frances A. Waldmann – Los Angeles (+1 213-229-7914,fwaldmann@gibsondunn.com)

Please also feel free to contact any of the following practice leaders and members:

Artificial Intelligence and Automated Systems Group:

J. Alan Bannister – New York (+1 212-351-2310, abannister@gibsondunn.com)
Patrick Doris – London (+44 (0)20 7071 4276, pdoris@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Co-Chair, Palo Alto (+1 650-849-5203, cgaedt-sheckter@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33 180, kgesing@gibsondunn.com)
Ari Lanin – Los Angeles (+1 310-552-8581, alanin@gibsondunn.com)
Carrie M. LeRoy – Palo Alto (+1 650-849-5337, cleroy@gibsondunn.com)
H. Mark Lyon – Co-Chair, Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com)
Vivek Mohan – Co-Chair, Palo Alto (+1 650-849-5345, vmohan@gibsondunn.com)
Alexander H. Southwell – New York (+1 212-351-3981, asouthwell@gibsondunn.com)
Christopher T. Timura – Washington, D.C. (+1 202-887-3690, ctimura@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com)
Michael Walther – Munich (+49 89 189 33 180, mwalther@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

This Client Alert provides an update on shareholder activism activity involving NYSE- and Nasdaq-listed companies with equity market capitalizations in excess of $1 billion and below $100 billion (as of the last date of trading in 2021) during 2021.

Announced shareholder activist activity increased relative to 2020. The number of public activist actions (76 vs. 63), activist investors taking actions (48 vs. 41), and companies targeted by such actions (69 vs. 55) each increased. Such levels of activism are comparable to those found prior to the market disruption caused by the COVID-19 pandemic, as reflected in public activist actions in 2019 (76 vs. 75), activist investors taking actions (48 vs. 49), and companies targeted by such actions (69 vs. 64). The period spanning January 1, 2021 to December 31, 2021 also saw several campaigns by multiple activists targeting a single company, such as the campaigns involving Kohl’s Corporation that included activity by 4010 Partners, Macellum Advisors, Ancora Advisors and Legion Partners Asset Management; Adtalem Global Education that included activity by Engine Capital and Hawk Ridge Capital; and Bottomline Technologies that included activity by Clearfield Capital Management and Sachem Head Capital Management. In addition, certain activists launched multiple campaigns during 2021, including Carl Icahn, Elliott Investment Management, JANA Partners, Land & Buildings and Starboard Value. Indeed, each of these investors launched four or more campaigns in 2021 and collectively accounted for 20 out of the 76 activist actions reviewed, or 26% in total. Proxy solicitation occurred in 18% of campaigns in 2021, relative to 17% in 2020. These figures represent modest declines relative to 2019, in which proxy materials were filed in approximately 30% of activist campaigns for the entire year.

By the Numbers—2021 Public Activism Trends

*Study covers selected activist campaigns involving NYSE- and Nasdaq-traded companies with equity market capitalizations of greater than $1 billion as of December 31, 2021 (unless company is no longer listed).

Additional statistical analyses may be found in the complete Activism Update linked below.

Notwithstanding the increase in activism levels, the rationales for activist campaigns during 2021 were generally consistent with those undertaken in 2020. Over both periods, board composition and business strategy represented leading rationales animating shareholder activism campaigns, representing 58% of rationales in 2021 and 51% of rationales in 2020. M&A (which includes advocacy for or against spin-offs, acquisitions and sales) remained important as well; the frequency with which M&A animated activist campaigns was 19% in both 2021 and 2020. At the opposite end of the spectrum, management changes, return of capital and control remained the most infrequently cited rationales for activist campaigns, as was also the case in 2020. (Note that the above-referenced percentages total over 100%, as certain activist campaigns had multiple rationales.)

Seventeen settlement agreements pertaining to shareholder activism activity were filed during 2021, which is consistent with pre-pandemic levels of similar activity (22 agreements filed in 2019 and 30 agreements filed in 2018, as compared to eight agreements filed in 2020). Those settlement agreements that were filed had many of the same features noted in prior reviews, including voting agreements and standstill periods as well as non-disparagement covenants and minimum- and/or maximum-share ownership covenants. Expense reimbursement provisions were included in half of those agreements reviewed, which is consistent with historical trends. We delve further into the data and the details in the latter half of this Client Alert.

We hope you find Gibson Dunn’s 2021 Annual Activism Update informative. If you have any questions, please reach out to a member of your Gibson Dunn team.

Read More

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this publication. For further information, please contact the Gibson Dunn lawyer with whom you usually work, or any of the following practice leaders, members, or authors:

Barbara L. Becker (+1 212.351.4062, bbecker@gibsondunn.com)
Dennis J. Friedman (+1 212.351.3900, dfriedman@gibsondunn.com)
Richard J. Birns (+1 212.351.4032, rbirns@gibsondunn.com)
Andrew Kaplan (+1 212.351.4064, akaplan@gibsondunn.com)
Daniel S. Alterbaum (+1 212.351.4084, dalterbaum@gibsondunn.com)
Joey Herman (+1 212.351.2402, jherman@gibsondunn.com)

Mergers and Acquisitions Group:
Robert B. Little – Dallas (+1 214-698-3260, rlittle@gibsondunn.com)
Saee Muzumdar – New York (+1 212-351-3966, smuzumdar@gibsondunn.com)

Securities Regulation and Corporate Governance Group:
Elizabeth Ising – Washington, D.C. (+1 202.955.8287, eising@gibsondunn.com)
Brian J. Lane – Washington, D.C. (+1 202.887.3646, blane@gibsondunn.com)
James J. Moloney – Orange County, CA (+1 949.451.4343, jmoloney@gibsondunn.com)
Ronald O. Mueller – Washington, D.C. (+1 202.955.8671, rmueller@gibsondunn.com)
Lori Zyskowski – New York (+1 212.351.2309, lzyskowski@gibsondunn.com)

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

On July 29, 2022, the New York Department of Financial Services (“DFS”) released Draft Amendments to its Part 500 Cybersecurity Rules; the Draft Amendments would update the Cybersecurity Rules in a manner consistent with the “catalytic” role it took in 2017 as the first state to codify certain cybersecurity best practices and guidance into explicit regulatory requirements for covered entities. The cybersecurity landscape has evolved in the past five years, and the Draft Amendments demonstrate that DFS continues to take a forward-leaning role in strengthening cybersecurity practices. The Draft Amendments propose increased expectations for senior leaders, heightened technology requirements, an expanded set of events covered under the mandatory 72-hour notification requirements, a new 24-hour reporting requirement for ransom payments and a 30-day submission of defenses, significant new requirements for business continuity and disaster recovery, and heightened annual certification and assessment requirements. Notably, the amended regulations propose a new class comprising larger entities which will be subject to increased obligations for their cybersecurity programs. Even the definition of a cybersecurity program has been expanded to include coverage of nonpublic information stored on those information systems—a substantial increase in covered information that will have significant downstream effects on reporting and certification requirements. The cybersecurity regulations by DFS were first released in March 2017 and went into full effect in March 2019, as previewed in our prior alert and subsequently discussed in our agency round-ups (2020 & 2021).

Key provisions of the Draft Amendments are highlighted below.

More Stringent Notification Obligations

The Draft Amendments establish additional requirements on top of DFS’s existing 72-hour notification requirements, including:

Requiring notification to DFS within 72 hours of unauthorized access to privileged accounts or the deployment of ransomware within a material part of the company’s information systems. These are in addition to the existing requirements to notify DFS within 72 hours of any cybersecurity events that require notice to a supervisory body or that have a reasonable likelihood of materially harming a material part of the company’s normal operations. Notably, these newly proposed requirements would significantly lower the notification threshold, as they could be triggered before any sign of actual data compromise or exfiltration.
A new 24-hour notification obligation in the event a ransom payment is made, and a 30-day requirement to provide a written description of why the payment was necessary, alternatives to payment that were considered, and all sanctions diligence conducted.

Heightened Requirements for Larger “Class A” Companies

Adhering to the mantra “with great data comes great responsibility,” the Draft Amendments also increase cybersecurity obligations for a newly defined class of larger entities, which are under DFS’s authority. These “Class A” companies are defined as entities with over 2,000 employees or over $1 billion in gross annual revenue average over the last three years from all business operations of the company and its affiliates. Under the Draft Amendments, Class A companies are required to comply with heightened technical requirements as well as risk assessments and audits. They must:

Conduct weekly systematic scans or reviews reasonably designed to identify publicly known cybersecurity vulnerabilities, and document and report any material gaps in testing to the board and senior management;
Implement an endpoint detection and response solution to monitor anomalous activity and a solution that centralizes logging and security event alerting;
Monitor access activity and implement a password vaulting solution for privileged accounts and an automated method of blocking commonly used passwords;
Conduct an annual, independent audit of their cybersecurity programs; and
Use external experts to conduct a risk assessment at least once every three years.

Increased Obligations on Company Governing Bodies

The original Part 500 regulations imposed a number of new obligations on companies’ governing bodies, including the need for a chief information security officer (“CISO”) or equivalent personnel, detailed cybersecurity reporting to the board, and written policies approved by a senior officer. The Draft Amendments enhance in a very meaningful way many of the Part 500 governance requirements, further indicating how important DFS views strong governance in the quest for effective cybersecurity. The Draft Amendments include obligations:

To ensure the boards of covered entities have sufficient expertise and knowledge, or be advised by persons with sufficient expertise and knowledge, to exercise effective oversight of cyber risk;
To provide the CISO with adequate independence and authority to appropriately manage cyber risks;
That the CISO will provide the board with additional detailed annual reporting on plans for remediating issues and material cybersecurity issues or events;
That the CISO will annually review the feasibility of encryption and the effectiveness of any compensating controls for any unencrypted nonpublic information;
That covered entities’ cybersecurity policies must be approved by the board on an annual basis; and
That add significantly to the annual certification requirements, requiring covered entities to not only certify to their compliance or acknowledge any noncompliance, but also provide sufficient data and documentation to accurately determine and demonstrate compliance, and have such certification or acknowledgment of noncompliance be signed by both the CEO and the CISO.

The Draft Amendments also provide an option for covered entities to submit written acknowledgement that, for the prior calendar year, they did not fully comply with their cybersecurity obligations. Covered entities who submit this acknowledgment will be required to identify all the provisions of the compliance rules that were not followed, describe the nature and extent of the noncompliance, and identify all the areas, systems, and processes that require material improvement, updating, or redesign.

These additional reporting requirements are substantial, and would greatly increase the burden on CEOs, CISOs, and other personnel involved in the preparation of these annual certifications or acknowledgements.

Expanded Requirements for Operational Resilience and Incident Response

The Draft Amendments expand measures directed at “operational resilience” beyond incident response plans, requiring covered entities to also have written plans for business continuity and disaster recovery (“BCDR”). Notably, the original Part 500 cybersecurity regulations were the first of its kind to stipulate detailed requirements for cybersecurity incident response plans. Again, DFS is breaking similar ground with BCDR plans, requiring proactive measures to mitigate disruptive events by, at a minimum:

Identifying business components essential to continued operations (documents, data, facilities, personnel, and competencies) and personnel responsible for implementation of the BCDR plans;
Preparing communications plans to ensure continuity of communications with various stakeholders (leadership, employees, third parties, regulatory authorities, others essential to continuity);
Maintaining procedures for the back-up of infrastructure and data; and
Identifying third parties necessary to continued operations.

Furthermore, DFS has proposed a significant revision to its requirements for incident response plans, requiring that they differentiate based on incident type (e.g., ransomware), while continuing to require that such plans address the previously enumerated areas (e.g., internal response processes; incident response plan goals; definitions of clear roles, responsibilities and levels of decision-making authority; communications and information sharing; identification of remediation requirements; documentation and reporting, etc.) as well as the newly added requirement to address recovery from backups.

Under the Draft Amendments, relevant personnel must receive copies of the incident response plan and BCDR plan, copies must be maintained offsite, and all personnel involved in implementation of the plans must receive appropriate training. In addition, covered entities are required to conduct incident response and BCDR exercises.

Enhanced Technology and Policy Requirements

The Draft Amendments strengthen technical requirements and written policy requirements for covered entities, codifying certain best practices in key cyber risk areas. The Draft Amendments specifically:

Clarify the definition of “privileged accounts” as covering any account that can be used to perform security-relevant functions that ordinary users are not authorized to perform, or affect a material change to technical or business operations. Under the proposals, privileged accounts must:
- Have multi-factor authentication (with exceptions for certain service accounts); and
- Be limited in both number and access functions to only those necessary to perform the user’s job;
- Be limited in use to only when performing functions requiring their use of such access;
Require stricter access management, including periodic review of all user access privileges and removal of accounts and access that are no longer necessary, as well as disabling or securely configuring all protocols that permit remote control of devices;
Require that emails are monitored and filtered to block malicious content from reaching authorized users;
Mandate penetration testing be conducted by an independent party at least annually, and also adjust the required frequency of vulnerability assessments from bi-annually to “regular[ly],” with Class A companies conducting weekly scans as noted above;
Require the use of strong, unique passwords—and Class A companies have additional requirements, as discussed above, relating to passwords and monitoring of access activity;
Require multi-factor authentication for remote access to the network and enterprise and third-party applications that access nonpublic information; and
Mandate that covered entities must maintain backups isolated from network connections.

The Draft Amendments also contain new measures for asset inventory and management, which may cost companies significant time and resources to implement. These measures require all covered entities to:

Implement written policies and procedures to ensure a complete and documented asset inventory for all information systems and their components (e.g., hardware, operating systems, applications, infrastructure devices, APIs, and cloud services); and
Have asset inventory that must, at a minimum, track each asset’s key information (e.g., owner, location, classification or sensitivity, support expiration date, and recovery time requirements).

The Draft Amendments further require additional written cybersecurity policies to include procedures for end of life management, remote access, and vulnerability and patch management. Notably, despite the prominence of recent supply chain cybersecurity attacks, there are not substantive changes to the Part 500 requirements relating to third-party service providers.

Increased Requirements for Risk Assessments, Impact Assessments

The Draft Amendments further expand the requirements for and definition of “risk assessment” to make clear that they must be:

Tailored to consider the “specific circumstances” of the covered entity, including size, staffing, governance, businesses, services, products, operations, customers, counterparties, service providers, vendors, other relations and their locations, as well as the geographies and locations of its operations and business relations; and
Updated at least annually.

While DFS has not changed the core cybersecurity functions that must be covered by the risk assessment per se, covered entities will need to ensure that it covers the broadened scope of “cybersecurity program” under the Draft Amendments (nonpublic information stored on the covered entity’s information systems). Furthermore, another substantial proposal is the requirement that covered entities must conduct impact assessments whenever a change in the business or technology causes a material change to the covered entity’s cyber risk.

Clarified Enforcement Considerations

Finally, the Draft Amendments contain two significant clarifications regarding the enforcement of the Part 500 Cybersecurity Rules:

A violation occurs by committing any act prohibited by the regulations or failing to satisfy a required obligation. This includes the failure to comply for more than 24 hours with any part of the regulations or the failure to prevent unauthorized access to nonpublic information due to noncompliance with the regulations.
DFS may consider certain aggravating and mitigating factors when assessing the severity of penalties, including: cooperation, good faith, intentionality, prior violations, number or pattern of violations, gravity of violation, provision of false or misleading information, harm to customers, accuracy and timeliness of customer disclosures, participation of senior management, penalties by other regulators, and business size.

Next Steps

This report is not an exhaustive list of the changes contained in the Draft Amendments, but it provides a high-level overview of the impact of the Draft Amendments on the Part 500 Cybersecurity Rules, should they be adopted. These recent Draft Amendments will go through a short pre-proposal comments period, which ends on August 18, 2022. After official publication of the proposed amendments, there will be a 60-day comment period. Pending further revisions, most of the amendments would take effect 180 days after adoption, while some requirements—i.e., notification requirements and changes to annual notice of certification—would take effect on an expedited timeframe of 30 days after adoption. Other requirements (e.g., regarding access controls) would take effect a year after adoption.

These amendments signal DFS’s continued focus on ensuring the Part 500 Cybersecurity Rules continue to raise the regulatory bar on covered entities’ cybersecurity programs in an era of a rapidly evolving cyber threat landscape. While many of the Draft Amendments reflect the current state of best practice guidance, covered entities will need to intentionally review the Draft Amendments and ensure they are well-positioned from a governance, technology, and budgetary perspective to ensure compliance.

This alert was prepared by Alexander H. Southwell, Stephenie Gosnell Handler, Terry Wong, and Dustin Stonecipher*.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any member of the firm’s Privacy, Cybersecurity & Data Innovation practice group:

United States
Matthew Benjamin – New York (+1 212-351-4079, mbenjamin@gibsondunn.com)
Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com)
S. Ashlie Beringer – Co-Chair, PCDI Practice, Palo Alto (+1 650-849-5327, aberinger@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202-887-3786, dburns@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650-849-5203, cgaedt-sheckter@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202-955-8657, sgans@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202-955-8510, shandler@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213-229-7269, nhanna@gibsondunn.com)
Howard S. Hogan – Washington, D.C. (+1 202-887-3640, hhogan@gibsondunn.com)
Robert K. Hur – Washington, D.C. (+1 202-887-3674, rhur@gibsondunn.com)
Kristin A. Linsley – San Francisco (+1 415-393-8395, klinsley@gibsondunn.com)
H. Mark Lyon – Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650-849-5345, vmohan@gibsondunn.com)
Karl G. Nelson – Dallas (+1 214-698-3203, knelson@gibsondunn.com)
Ashley Rogers – Dallas (+1 214-698-3316, arogers@gibsondunn.com)
Alexander H. Southwell – Co-Chair, PCDI Practice, New York (+1 212-351-3981, asouthwell@gibsondunn.com)
Deborah L. Stein – Los Angeles (+1 213-229-7164, dstein@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com)
Benjamin B. Wagner – Palo Alto (+1 650-849-5395, bwagner@gibsondunn.com)
Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415-393-8333/+1 650-849-5393, mwong@gibsondunn.com)
Debra Wong Yang – Los Angeles (+1 213-229-7472, dwongyang@gibsondunn.com)

Europe
Ahmed Baladi – Co-Chair, PCDI Practice, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
James A. Cox – London (+44 (0) 20 7071 4250, jacox@gibsondunn.com)
Patrick Doris – London (+44 (0) 20 7071 4276, pdoris@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com)
Bernard Grinspan – Paris (+33 (0) 1 56 43 13 00, bgrinspan@gibsondunn.com)
Penny Madden – London (+44 (0) 20 7071 4226, pmadden@gibsondunn.com)
Michael Walther – Munich (+49 89 189 33-180, mwalther@gibsondunn.com)
Vera Lukic – Paris (+33 (0) 1 56 43 13 00, vlukic@gibsondunn.com)

Asia
Kelly Austin – Hong Kong (+852 2214 3788, kaustin@gibsondunn.com)
Connell O’Neill – Hong Kong (+852 2214 3812, coneill@gibsondunn.com)
Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com)

* Dustin Stonecipher is an associate working in the firm’s Washington, D.C. office who is admitted only in Maryland.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.