On July 27, 2023, the federal banking agencies (the Board of Governors of the Federal Reserve System (“Federal Reserve” or “Federal Reserve Board”), the Federal Deposit Insurance Corporation (“FDIC”) and the Office of the Comptroller of the Currency (“OCC”)) jointly issued the long-expected notice of proposed rulemaking that would replace the federal banking agencies’ risk-based capital framework for large banking organizations with a new framework—commonly referred to as the Basel III endgame reforms—that would implement international capital standards issued by the Basel Committee on Banking Supervision.[1] In parallel, the Federal Reserve Board issued a notice of proposed rulemaking that would revise the surcharge calculation applicable to U.S. global systemically important banks (“GSIBs”).[2]

The Proposed Rule would materially increase capital requirements applicable to banking organizations with total assets of $100 billion or more and would align the regulatory capital calculation (the numerator of regulatory capital ratios) and the calculation of risk-weighted assets (the denominator of regulatory capital ratios) across large banking organizations subject to the Proposed Rule. Although the Proposed Rule would apply directly to large banking organizations, it would have far broader indirect impacts on bank counterparties and customers and the broader financial markets.

Section 165 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”), as amended by the 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act (“EGRRCPA”),[3] requires the application of enhanced prudential standards[4] to bank holding companies and foreign banking organizations with $250 billion or more in total consolidated assets. Section 165 authorizes the Federal Reserve to apply enhanced prudential standards to banking organizations with assets between $100 billion and $250 billion, taking into consideration their capital structure, riskiness, complexity, financial activities (including those of their subsidiaries), size, and any other risk-related factors the Federal Reserve deems appropriate. In 2019, the federal banking agencies issued final rules establishing four categories for determining the applicability and stringency of prudential standards:[5]

Category I	Category II	Category III	Category IV
U.S. GSIBs (and their depository institution subsidiaries)	Banking organizations with ≥ $700 billion in total assets or ≥ $75 billion in cross-jurisdictional activity (and their depository institution subsidiaries)	Banking organizations with ≥ $250 billion in total assets or ≥ $75 billion in weighted short-term wholesale funding, nonbank assets, or off-balance sheet exposure (and their depository institution subsidiaries)	Banking organizations with ≥ $100 billion to $250 billion in total assets (and their depository institution subsidiaries)

The Proposed Rule would significantly reduce the differences that apply across the four categories established by the federal banking agencies in 2019 for determining the applicability and stringency of regulatory capital requirements for large banking organizations. In that connection, consistent with statements made by Federal Reserve Vice Chair for Supervision Barr during the spring turmoil promoting the application of standardized enhanced capital and liquidity requirements to a broader set of firms (see our prior Client Alert), large banking organizations should reasonably expect the federal banking agencies will issue additional proposals that would align standardized liquidity requirements applicable to banking organizations with total assets of $100 billion or more in a similar manner.

The Proposed Rule was not adopted unanimously. Members of both the Federal Reserve Board and the FDIC Board of Directors—including those who voted in favor of the Proposed Rule, like Federal Reserve Chair Powell and Governor Jefferson—raised concerns with specific aspects of the Proposed Rule as well as potentially significant unintended consequences to the financial system and broader U.S. economy. Concerns were also raised that the Proposed Rule would not comply with the tailoring requirements of Section 165 of the Dodd-Frank Act, as amended by EGRRCPA.[6]

Statements made by voting members accompanying the release of the Proposed Rule encourage robust industry engagement during the 120-day comment period and highlight the critical role that engagement in the rulemaking process with the federal banking agencies and other policymakers will play in shaping the substance of the final rule and in the federal banking agencies’ consideration of the myriad issues raised by the Proposed Rule, and may also form the basis for any future court challenges to the federal banking agencies’ final rule (see below under the section heading “Dissenting Votes” for additional discussion).

As with prior rulemakings, the Proposed Rule, if finalized, would include a three-year transition period beginning July 1, 2025 and the capital requirements under any final rule would not be fully phased in until July 1, 2028.

Comments on the Proposed Rule are due by November 30, 2023. The agencies have included 176 questions as prompts (almost all of which include multiple related sub-prompts) to solicit comments and data on all aspects of the Proposed Rule and its potential impacts—both intended and unintended—on large banking organizations, their counterparties and customers, the financial markets, financial stability and the broader U.S. economy, among others.

I. Key Aspects of the Proposed Rule

The Proposed Rule includes several notable changes that would materially increase capital requirements applicable to large banks.[7] In particular, the Proposed Rule would:

Apply revised, enhanced capital requirements to all banking organizations[8] with total consolidated assets of $100 billion or more and their depository institution subsidiaries (referred to herein as “banking organizations” or “large banks”), and to banking organizations with significant trading activity, while retaining the current U.S. standardized approach applicable to all banking institutions.
Align regulatory capital requirements for banking organizations with total consolidated assets of between $100 billion and $700 billion (Category III and IV firms) with those currently applicable to the largest banking organizations (Category I and II firms).
Expand application of the supplementary leverage ratio requirement to banking organizations subject to Category IV capital standards and apply the countercyclical capital buffer, if activated, to banking organizations subject to Category IV capital standards.
Subject Category III and IV banking organizations to the same treatment of accumulated other comprehensive income (“AOCI”), capital deductions and minority interest treatments as Category I and II banking organizations, including taking into account unrealized gains or losses on available-for-sale securities in their common equity tier 1 capital.
Replace internal-models-based capital requirements for credit and operational risk[9] (the advanced approaches) currently applicable to banking organizations subject to Category I and II capital standards with new standardized requirements (the “expanded risk-based approach”) that would apply to all banking organizations with $100 billion or more in total assets and replace the current market risk and credit valuation adjustment (“CVA”) risk requirements with revised approaches.
Maintain the current capital rule’s dual risk-based capital structure but expand its application to all banking organizations with total assets of $100 billion or more.
- Under the Proposed Rule, a banking organization would calculate two sets of risk-based capital ratios (common equity tier 1 capital ratio, tier 1 capital ratio, and total capital ratio) under both the (i) new expanded risk-based approach[10] and (ii) current standardized approach.[11] A banking organization’s common equity tier 1 capital ratio, tier 1 capital ratio, and total capital ratio would be the lower of each ratio of the two approaches to satisfy its minimum capital requirements. All capital buffer requirements would apply regardless of which approach produces the binding risk-based capital ratio.
With respect to credit risk, the Proposed Rule would eliminate the practice of relying on a banking organization’s internal models for credit risk and instead use the expanded risk-based approach. The Basel Framework and the UK and EU proposals limit—but do not eliminate entirely—banks’ ability to use internal credit risk models.
With respect to operational risk, the Proposed Rule would remove the advanced measurement approaches based on a banking organization’s internal models and introduce a standardized approach to capture a broad range of operational risks, such as fraud and litigation, but excluding strategic, reputational and climate risk.
- A banking organization’s operational risk capital requirement would be equal to its business indicator component multiplied by its internal loss multiplier. Similar to the current capital rule, risk-weighted assets for operational risk would be equal to 12.5 times the operational risk capital requirement.
- Under the Proposed Rule, the operational risk capital requirements would be higher for larger, more complex banking organizations under the business indicator component and those “that experienced larger operational losses in the past” under the internal loss multiplier, that “increases operational risk capital requirements based on a banking organization’s historical operational loss experience.”[12]
With respect to market risk, the Proposed Rule would introduce a (i) standardized methodology for calculating risk-weighted assets for market risk and (ii) new models-based methodology to replace the framework in the current capital rule. A banking organization’s total capital requirements for market risk would equal the market risk capital requirement multiplied by 12.5.
- The standardized measure for market risk would be the default methodology for calculating market risk capital requirements for all banking organizations subject to market risk requirements.
- A banking organization would be required to obtain prior approval to use the models-based measure for market risk to determine its market risk capital requirements. The Proposed Rule would restrict the use of internal models by requiring internal models to be subject to supervisory approval at the trading-desk level, and would introduce additional controls.
- The additional capital requirements for market risk would apply to all banking organizations (regardless of asset size) for which average aggregate trading assets and trading liabilities over the previous four calendar quarters equal or exceed $5 billion, or represent 10% or more of total assets at quarter end as reported on the most recent quarterly regulatory report.
- Any holding company subject to Category I, II, III, or IV standards or any subsidiary thereof, if the subsidiary engaged in any trading activity over any of the four most recent quarters, would be subject to the market risk capital rule.
With respect to CVA risk, the Proposed Rule would provide a (i) basic measure for CVA risk[13] and (ii) standardized measure for CVA risk[14] to calculate the risk-based capital requirement for CVA risk. After calculating the CVA capital requirement using either the basic measure or the standardized measure, a banking organization’s total capital requirements for CVA risk would equal the CVA capital requirement multiplied by 12.5.
- A banking organization would be required to use the basic measure for CVA risk unless it has received prior approval to use the standardized measure for CVA risk.
Amend the capital plan rule so that institutions subject to the capital plan rule—bank holding companies, U.S. intermediate holding companies, and savings and loan holding companies with total consolidated assets of at least $100 billion—would be subject to a single capital conservation buffer requirement which would include (i) the stress capital buffer, (ii) any applicable countercyclical capital buffer and (iii) any applicable GSIB surcharge. The capital conservation buffer would apply to the institution’s risk-based capital ratios whether such ratios were calculated under the expanded risk-based approach or the standardized approach.
Revise the calculation of the stress capital buffer to be calculated using the binding common equity tier 1 capital ratio as of the final quarter of the previous capital plan cycle regardless of whether such ratio was calculated under the expanded risk-based approach or the standardized approach.
- The Proposed Rule would require banking organizations subject to Category I, II, or III standards to calculate their risk-based capital ratios in company-run stress tests and capital plans using the method that results in the binding ratios as of the start of the projection horizon. Banking organizations subject to Category IV standards would be required to calculate baseline risk-based capital ratios in their capital plans and FR Y-14A submissions using the risk-weighted assets calculation that results in the binding ratios as of the start of the projection horizon.
Include a three-year transition period beginning July 1, 2025 for two provisions: (i) the expanded risk-based approach; and (ii) the AOCI regulatory capital adjustments for banking organizations subject to Category III or IV capital standards.
- All other elements of the calculation of regulatory capital would apply upon the effective date of the final rule.
- Any banking organization not subject to Category I, II, III, or IV standards that becomes subject to Category I, II, III, or IV standards during the proposed transition period, would be eligible for the remaining time that the transition provisions provide.
- Beginning January 1, 2028, no transition would be provided to banking organizations that become subject to Category I, II, III, or IV standards.

II. Issues with the Proposed Rule

There are several issues with the Proposed Rule that stakeholders should identify and seek to quantify with data during the 120-day comment period, some of which include:

The Proposed Rule would materially increase:
- risk-weighted assets across large holding companies by 20% and across depository institutions by 9% (25% for holding companies subject to Category I or II standards, 6% for domestic holding companies subject to Category III or IV standards, and 25% for intermediate holding companies of foreign banking organizations subject to Category III and IV standards);[15]
- common equity tier 1 capital requirements for large holding companies, including minimums and buffers, by an estimated 16% (19% for holding companies subject to Category I or II capital standards, 6% percent for Category III and IV domestic holding companies, and 14% for Category III and IV international holding companies of foreign banking organizations), and by an estimated 9% across depository institutions;[16]
- risk-based capital ratios related to lending activities by 30 basis points across large banking organizations;[17]
- risk-based capital ratios related to trading activities by 67 basis points across large holding companies;[18] and
- Total loss-absorbing capacity, or “TLAC,” requirements for U.S. GSIBs by an estimated 15.2%;[19]

These increased costs on large banks are likely to be passed on to bank counterparties and customers and could lead to a reduction in the provision of banking and financial services by large banks or a pullback by large banks from certain critical financial markets activities, which could have material adverse impacts to financial stability and the broader U.S. economy, particularly during times of stress.

Specific aspects of the trading book components of the Proposed Rule could lead to reduced large bank participation in certain financial markets—which would increase risk to financial stability and the broader U.S. economy by concentrating derivatives-related products and services in less transparent markets. As highlighted in the Coalition for Derivatives End-Users July 6, 2023 letter to the federal banking agencies (“Coalition Letter”),[20] a copy of which is attached hereto, the Proposed Rule would significantly increase capital requirements for the largest U.S. and non-U.S. banks that provide the bulk of derivatives-related products and services to corporations of all sizes and across many different, diverse sectors of the economy.
- Significant increases in capital requirements in recent years preceding the Proposed Rule already have caused banks to pull back from key capital markets activities, resulting in higher costs for borrowers, derivatives end-users and their customers, and other market participants, reduced competition and transparency in those markets, and signs of diminished liquidity and efficiency in some markets, particularly during periods of stress—all of which increase risk to financial stability. The Proposed Rule, as currently contemplated, could exacerbate these issues.
- Several members of the Federal Reserve Board and the FDIC Board cited similar concerns in their statements accompanying the release of the Proposed Rule (see below under the section heading “Dissenting Votes” for additional discussion).
It is anticipated the Proposed Rule would result in significant unintended consequences for large banks and the broader markets, the full extent of which are still under consideration. Federal Reserve Board staff acknowledged during the open meeting the “very important tradeoff between the benefit of increased resilience and the potential costs” of increased capital requirements and, in that connection, is actively seeking comment on all aspects of the Proposed Rule and undertaking an additional data collection—a process not always undertaken within the normal rulemaking process—to determine whether or not the Proposed Rule appropriately captures the risks identified in the proposal or a recalibration may be needed.
- In general, though, the federal banking agencies largely justified substantial increases in capital, increased costs to counterparties and bank customers, reductions in bank lending, large banks pulling back from critical financial markets activities, and other consequences of the Proposed Rule by summarily justifying those costs as being “offset by the expected economic benefits associated with the increased resiliency of the financial system.”[21]
As noted by FDIC Director McKernan in his statement accompanying the release of the Proposed Rule, the proposal “does not propose a fix to address the apparent issue, which was acknowledged in the Basel consultative documents, that the business-indicator approach overcapitalizes banking organizations with high fee revenue and expense.”[22] Similarly, Federal Reserve Governor Bowman highlighted in her statement the “punitive treatment for noninterest and fee-based income through the proposed operational risk requirements, exacerbated by the use of an internal loss multiplier that may result in an excessive overall capital charge for operational risk.”[23]
The Proposed Rule differs in certain respects from the implementation of the Basel III endgame reforms in other jurisdictions. Most notably, the Proposed Rule would eliminate large banks’ ability to use internal models when determining risk-weighted assets for credit risk, whereas, as noted above, the Basel Framework and the UK and EU proposals limit—but do not eliminate entirely—banks’ ability to use internal credit risk models. In addition, FDIC Director McKernan highlighted additional differences in his statement, including:
- The Proposed Rule would increase the risk weights for residential real estate exposures (by 20 percentage points to each of the corresponding Basel III risk weights), other real estate exposures not dependent on cash flows generated by the real estate (by 25 percentage points for exposures to individuals, 15 percentage points for exposures to small- or medium-sized entities), and retail credit exposures (by 10 percentage points);
- The Proposed Rule would require that, for a corporate exposure to be eligible for the reduced credit-risk-capital requirement for “investment grade” corporate exposures, the company (or its parent) must have securities outstanding on a public securities exchange, (although included in the Basel Framework, this was not included in the UK and EU proposals);
- The Proposed Rule “would not adopt the reduced Basel III credit-risk-capital requirements for exposures to small businesses, securities firms and other nonbank financial institutions, or highly capitalized banking organizations; or for short-term exposures to banking organizations;”
- The Proposed Rule’s operational risk capital requirements under the standardized approach for operational risk would establish a baseline of the internal-loss multiplier at “no less than one,” while other proposals have set the internal-loss multiplier equal to one; and
- With respect to CVA-risk-capital requirements, Director McKernan also raises concerns regarding the impact of the Proposed Rule on end-users: “The capital requirements for CVA risk would not include a tailored approach to commercial end-users. Some other implementing authorities have proposed a commercial end-user exemption for CVA-risk-capital requirements. What considerations should inform whether a commercial end-user exemption is appropriate? Is the absence of an alpha factor under [SA-CCR] for uncleared derivatives with commercial end-users sufficient to address any issues under the proposed capital requirements for CVA risk?”[24]
The Proposed Rule would effectively eliminate the tailoring requirements of Section 165 of the Dodd-Frank Act, as amended by EGRRCPA, which requires the Federal Reserve Board “shall … differentiate among companies on an individual basis or by category,”[25] and would result in consistent regulatory capital measures for all large banking organizations, without properly taking into account risk, size, business models and complexity. The elimination of the tailoring requirements could result in the final rule being subject to challenge if adopted substantially as proposed.
- By significantly reducing the differences that apply across the four categories for determining the applicability and stringency of regulatory capital requirements for banking organizations, large banks may be incentivized to combine with other large banks because any impacts from a regulatory capital standpoint of “stepping up” in category (e.g., Category IV to III) are significantly diminished. Indeed, the material increases in risk-weighted assets and costs associated with complying with the new capital requirements may incentivize more Category III and IV institutions to consider combinations.
- On the other hand, those banking organizations currently below the $100 billion asset threshold may be incentivized to remain below the $100 billion threshold given the significant consequences from a regulatory capital perspective of transitioning to Category IV. Institutions with less than $100 billion in total assets that are growing in size and are positioned to transition into Category IV must be prepared to adhere to the increased capital requirements, including on a pro forma basis, reflecting any remaining transition period. An inability to demonstrate adherence to the enhanced capital requirements would slow growth, either through prolonged merger application review and approval timelines or regulators throttling growth through other means.
GSIB Surcharge Proposal. The Proposed Rule would change how cross-jurisdictional exposure is calculated by including derivatives exposures in cross-jurisdictional claims and cross-jurisdictional liabilities, as applicable. This would materially increase the cross-jurisdictional exposure of many foreign banking organizations with operations in the U.S. which would result in seven foreign banking organizations that are currently subject to Category III or IV standards becoming subject to Category II standards, which would be materially impactful from a liquidity risk management and reporting standpoint.[26]

III. Dissenting Votes

The Proposed Rule was not unanimously approved by either the Federal Reserve Board or the FDIC Board, with the Federal Reserve voting 4-2 and the FDIC split along partisan lines with a 3-2 vote.[27]

An absence of unanimity and consensus among Federal Reserve Governors is rare and highly unusual. According to the Federal Reserve Board’s voting record on proposed and final regulations, including implementation of the Dodd-Frank Act, as well as banking applications, enforcement actions and supervisory matters on which the Federal Reserve Board has acted, since 2012, only 29 of 652 votes (4.45%) for proposed or final regulations, banking applications, enforcement actions and supervisory matters have not been unanimous.[28]

Even more unusual, though, were Chair Powell’s public statements citing certain concerns with the Proposed Rule—although voting in support thereof. In particular, Chair Powell raised concerns that the costs of higher capital could diminish large banks’ roles as financial intermediaries and liquidity providers in critical markets and push those activities to less regulated markets.[29] He also voiced concerns that the scope of the Proposed Rule “exceeds what is required by the Basel agreement, and exceeds as well what we know of plans for implementation by other large jurisdictions” and noted “the need to strengthen supervision and regulation for firms with assets between $100 billion and $250 billion” by tailoring rules to “reflect the size and risks of individual institutions.”[30] Chair Powell welcomed public comments on the Proposed Rule, noting that he would “be particularly interested in reviewing public feedback and analysis” in certain areas.[31]

Governor Bowman, who has been a consistent opponent of higher capital requirements for the sake of higher capital requirements, was more direct in her criticism of the Proposed Rule, saying “[i]n my view, there is insufficient evidence that the benefits produced by this proposal would justify the costs.”[32] Governor Bowman has consistently argued that banking organizations need better supervision and greater transparency in supervisory expectations with enforceable and timely consequences when expectations are not met, and reaffirmed this viewpoint in her statement accompanying the release of the Proposed Rule: “… capital charges are an indirect and inefficient tool to encourage strong risk management, particularly in the area of operational risk. I would appreciate hearing from the public on this issue, but in my mind, it would be preferable to address risk management concerns through improved supervision, demanding prompt remediation of risk management shortcomings, and taking enforcement actions when firms fail to remediate known issues.”[33]

Like Chair Powell and others, Governor Bowman also focused on the unintended economic consequences of the Proposed Rule and its potential significant impacts to large banks and their counterparties participating in critical financial markets activities:

The United States has deep debt and equity markets and supports businesses with a wide range of other products and services, including risk-management tools. These products and services are central for business financing and risk management and contribute to an efficient economy. Those who rely on these products and services will bear the cost of capital increases. For example, when a local government issues municipal bonds to finance local infrastructure, they may find that financing is more expensive, or in some cases unavailable. Manufacturers may find it harder to get loans to invest in equipment or facilities. Companies that operate on the international stage may find it more challenging to hedge their foreign exchange risks. Businesses may find it difficult to manage their interest rate risk exposures, or manage the risks of fluctuating commodity prices. We should be cautious about the disruption that capital increases could cause and look critically at whether these increases are justified by risks. And we should ask whether there are more efficient alternatives—like improved supervision—that could address some of the same underlying concerns.[34]

FDIC Vice Chair Hill raised substantially similar concerns in his statement, stating:

Altogether, when also considering – among other things – the impact of (1) the new operational risk charge, which is entirely new and additive to what will often be the binding stack, and (2) the revised market risk charge, which is expected to increase market risk-weighted assets by more than double for the large banks most heavily engaged in capital markets activities, the proposal would have a substantial impact on how banks allocate capital. The result will be some combination of higher prices for consumers, less availability of products and services, migration of U.S. activities out of the regulated banking sector, migration of international activities out of U.S. banks, and more fragile financial markets.[35]

Finally, FDIC Director McKernan, among other issues raised, noted that key aspects of the Proposed Rule were “driven by a single focus” of “pushing capital levels yet higher and higher” and included 29 additional questions with his statement for commenters to address, focused on issues including the dual-requirement structure; regulatory capital deductions for mortgage servicing assets for Category III and Category IV banking organizations; credit risk and credit risk mitigants; and market risk, operational risk and credit valuation adjustment risk.[36]

Each of Federal Reserve Governors Bowman and Waller and FDIC Vice Chair Hill and Director McKernan raised concerns with the authority for the Proposed Rule being in conflict with the tailoring requirements under Section 165 of the Dodd-Frank Act, as amended by EGRRCPA, and the federal banking agencies’ tailoring rules implementing Section 165.[37]

Governor Bowman: “The proposed revisions under consideration have not been directed by Congress and are not compelled by a new evolution or identified weakness in the U.S. banking system. … A core strength of our current bank regulatory framework is risk-based, tailored regulation. Today’s proposal represents a reversal of this longstanding approach. … I am also concerned that today’s proposal moves one step closer to eliminating the tailoring required by [EGRRCPA] from the prudential capital framework.”
Governor Waller: “Finally, as this proposal applies to all firms with more than $100 billion in assets, I am concerned that we are headed down a road where we would be no longer in compliance with section 165 of the Dodd-Frank Act, as amended by the [EGRRCPA], which mandates tailoring for firms above $100 billion in assets and provides that firms with between $100 billion and $250 billion in assets are not subject to enhanced prudential standards unless a standard is affirmatively applied to such firms based on specific factors set out by Congress. It is unclear to me whether this proposal meets that statutory bar.”[38]
Vice Chair Hill: “I oppose unwinding the tailoring of the capital framework for large banks. … Today’s proposal repudiates these concepts, by ‘aligning’ the capital rules for all banks with $100 billion or more in assets. … The proposal undoes almost all of the tailoring of the capital framework for large banks, and is a repudiation of the intent and spirit of [EGRRCPA]. It is further a troubling sign for future policymaking, a signal that regulators intend to treat all large banks alike, in defiance of Congressional directives and in contradiction to the objective of a diverse banking sector with banks of varying sizes, niches, and business models.”[39]
Director McKernan: “What requirements or restrictions on each agency’s authorities are implicated by the proposal? Does the proposal tailor or otherwise differentiate among banking organizations to the extent required by law?”[40]

These statements highlight a central issue with the Proposed Rule that raises the prospects that the Proposed Rule, if adopted substantially as proposed—particularly as it relates to the effective elimination of tailoring between and among Category I, II, III and IV banking organizations of varying capital structures, riskiness, complexity, financial activities, size and other risk-related factors—could be challenged under the Administrative Procedure Act.

In summary, the statements by Federal Reserve Chair Powell, Governors Bowman and Waller, FDIC Vice Chair Hill and Director McKernan, as well as various comment letters submitted by leading industry trade groups prior to the release of the Proposed Rule—the tone and tenor of which are reflected in the various dissenting statements, underscore both the significance of the Proposed Rule and the range and magnitude of the concerns raised thereby, for large banks, their counterparties and institutional and retail customers, potential homeowners, other industry stakeholders and the broader U.S. economy alike. If finalized as proposed, the Proposed Rule would impose significant “costs on banks, their customers, and the economy”[41] and “would create more economic instability, restrict job growth, decrease productive investment and hamper U.S. competitiveness in the global economy.”[42] If large banks reduce their participation in critical financial markets activities, the effect would be to increase risk to financial stability and the broader U.S. economy by reducing competition and pushing more activities to the unregulated nonbank sector. Moreover, as voiced by several dissenters, the Proposed Rule “undoes almost all of the tailoring of the capital framework for large banks, and is a repudiation of the intent and spirit of [EGRRCPA],”[43] which could result in the final rule being subject to potential challenge if adopted substantially as proposed.

IV. Conclusions

The Proposed Rule would have significant implications and costs for banks and the broader financial system. It is imperative that all stakeholders actively engage in the rulemaking process with the federal banking agencies and other policymakers to facilitate a thoughtful approach to the final Basel III endgame reforms that carefully weighs the costs and benefits of the Proposed Rule and to help design an adjusted and balanced framework that, on the one hand, promotes safety and soundness and resolvability, bolsters financial stability, provides clarity to the markets and reduces complexity and, on the other hand, does not diminish large banks’ critical roles as financial intermediaries, reduce bank participation in critical financial markets activities or the provision of banking services, increase concentration risk in less regulated, more opaque markets, increase costs to consumers and the real economy, and impede large bank counterparties’ and end-users’ ability to safely and efficiently mitigate and manage their commercial risks. Any approach failing to take into account and balance these various considerations and factors could have severe unintended consequences and long-term negative impacts to the broader U.S. economy.

Ultimately, the comment process will play a critical role in shaping the substance of the final rule and the federal banking agencies’ consideration of these matters, and may also form the basis for any future court challenges to the federal banking agencies’ final rule.

Annex A

Proposed Enhanced Capital Requirements

(changes to the capital requirements are shown in red below)

Category I

Category II

Category III

Category IV

U.S. GSIBs

≥ $700 billion total assets or ≥ $75 billion in cross-jurisdictional activity

≥ $250 billion total assets or ≥ $75 billion in weighted short-term wholesale funding, nonbank assets, or off-balance sheet exposure

≥ $100 billion total assets

TLAC/Long-term debt

G-SIB surcharge

Standardized and ~~advanced approaches~~ expanded risk-based approach*

Standardized approach and expanded risk-based approach*

Countercyclical buffer

No opt-out of AOCI capital impact

No opt-out of AOCI capital impact**

Enhanced supplementary leverage ratio

Supplementary leverage ratio

Enhanced public disclosure and reporting requirements

Operational risk management function that is independent of business line management

* expanded risk-based approach subject to a 72.5% output floor; binding ratio would be the lower of each ratio of the two approaches; expanded risk-based approach subject to three-year transition period according to the following:

Transition Expanded Total Risk-Weighted Asset Adjustment
Transition period	Percentage of expanded total risk-weighted assets
July 1, 2025 to June 30, 2026	80
July 1, 2026 to June 30, 2027	85
July 1, 2027 to June 30, 2028	90
July 1, 2028 and thereafter	100

** AOCI adjustment subject to three-year transition period according to the following:

Transition AOCI Adjustment
Transition period	Percentage applicable to transition AOCI adjustment amount
July 1, 2025 to June 30, 2026	75
July 1, 2026 to June 30, 2027	50
July 1, 2027 to June 30, 2028	25
July 1, 2028 and thereafter	0

Attachment

Coalition for Derivatives End-Users July 6, 2023 Letter to the Federal Banking Agencies, “Consideration of the Basel III Endgame Reforms and their Impact on the End-User Community”

July 6, 2023

Ms. Ann E. Misback
Secretary
Board of Governors of the Federal Reserve System
20th Street and Constitution Avenue NW
Washington, DC 20551

Ms. Debra Buie Decker
Executive Secretary
Federal Deposit Insurance Corporation
550 17th Street NW
Washington DC 20429

Mr. Michael J. Hsu
Acting Comptroller of the Currency Office of the Comptroller of the Currency
400 7th Street SW
Washington, DC 20219

Re: Consideration of the Basel III Endgame Reforms and their Impact on the End-User Community

The Coalition for Derivatives End-Users (the “Coalition”) respectfully submits this letter to express its concerns about aspects of forthcoming changes to capital requirements for large banks commonly referred to as the Basel III Endgame package of reforms, and to emphasize the need for the Federal Banking Agencies¹ to consider carefully the numerous effects the implementation of certain changes could have on the end-user community.

The Coalition represents end-user companies that employ derivatives primarily to manage commercial risks associated with their businesses. Hundreds of companies have been active in the Coalition on both legislative and regulatory matters and our message is straightforward: financial regulatory reform measures should promote economic stability and transparency without imposing undue burdens on derivatives end-users. Imposing unnecessary regulation on derivatives end-users would create more economic instability, restrict job growth, decrease productive investment and hamper U.S. competitiveness in the global economy—and may result in less hedging by end-users.

The use of derivatives to hedge commercial risk benefits the global economy by allowing a range of businesses—from manufacturing to healthcare to agriculture to energy to technology— to improve their planning and forecasting and offer more stable prices to consumers and more stable contributions to economic growth. Banking organizations that may be subject to the new Basel III Endgame capital requirements serve as critical counterparties to end-users for their derivatives transactions. They also serve as capital markets intermediaries, sources of stable credit, underwriters of corporate debt and equity securities and liquidity providers, and play other critical financial intermediary roles. Based on public statements from the heads of the Federal Banking Agencies, independent analyses of Basel III Endgame reform proposals underway in the EU and the UK and expected proposed changes here in the U.S., these new proposals could significantly increase capital requirements for the largest U.S. and non-U.S. banks that provide the bulk of derivatives-related products and services to corporations of all sizes and across many different, diverse sectors of the economy, including many Coalition members. These corporations use derivative products to hedge and mitigate commercial risks associated with their businesses, including interest rate risk, foreign currency risk and commodities risks. Coalition members’ ability to hedge and mitigate such commercial risks is crucial to their business operations and the broader U.S. economy and the Coalition has concerns that the availability and cost of and competition for the delivery of such products, could be materially adversely affected in the wake of changes implemented under the Basel III Endgame’s reforms. Therefore, we urge the Federal Banking Agencies to undertake a thoughtful approach to design an adjusted and balanced framework that, on the one hand, promotes safety and soundness and resolvability, bolsters financial stability and provides clarity to the markets and, on the other hand, does not diminish large banks’ critical role as financial intermediaries, mitigates potential impacts on derivatives end-users and minimizes potential downside to the broader U.S. economy.

We are particularly concerned that specific aspects of the trading book components of the Basel III Endgame reforms could lead to reduced bank participation in certain financial markets— which would increase risk to financial stability and the broader U.S. economy by concentrating these products in less transparent markets and would increase costs for end-users. If these issues are not appropriately calibrated and balanced by the Federal Banking Agencies against those bank- specific risks that the Federal Banking Agencies are intending to address through the Basel III Endgame reforms, the new rules will have serious consequences to end-users and far-reaching negative implications for the broader U.S. economy, economic growth, competition and financial stability.

It has been estimated that implementing the Basel III Endgame reforms could result in an approximately 57 percent increase in the capital requirements for banks’ trading activities.² This increase is planned despite the fact that Federal Reserve Vice Chair for Supervision Michael Barr has noted on several occasions in written testimony or other formal remarks, including as far back as his nomination hearing before the Senate Banking Committee and as recently as May 18, 2023, that capital and liquidity in the financial system is very strong, a sentiment echoed by current and former regulators.³ Indeed, Common Equity Tier 1 capital (the highest quality form of bank capital) levels at the largest U.S. banks grew more than three-fold between 2007 and 2023.4 This increase, combined with a range of other post-crisis reforms, has made the largest U.S. banks far safer and has reduced risks such banks pose to the broader economic and financial system and financial stability.

As you know, large U.S. banks play a central role in the U.S. and global financial system through, among other things, capital formation and liquidity provision to the U.S. capital markets. The U.S. capital markets fund nearly three-quarters of all U.S. economic activity, making them a crucial source of financing and risk management services for a wide range of end-users. Nevertheless, significant increases in capital requirements in recent years have caused banks to pull back from key capital markets activities, resulting in higher costs for end-users and their customers, reduced competition and transparency in those markets, and signs of diminished liquidity and efficiency in some markets, particularly during periods of stress—all of which increase risk to financial stability.

In our view, the Basel III Endgame reforms’ capital requirements for large banks would dramatically accelerate this trend, thereby increasing risk further. For example, the effects on trading activities resulting from the Fundamental Review of the Trading Book, Credit Valuation Adjustment and the Securities Financing Transaction minimum haircut floor portions of the Basel III Endgame reforms would force large banks to either pass on those costs of higher capital to end- users and their customers or simply withdraw from some capital markets activities altogether which, in the latter case, would increase concentration risk in less regulated, more opaque markets.

Moreover, the nearly 60 percent increase in the capital requirements for banks’ trading activities is expected to significantly impact commercial hedging activities. For example, the cost of hedging foreign exchange risks would likely increase, as would the costs of entering long-dated interest rate swaps. The higher costs would at least partially negate adjustments made to the Standardized Approach to Counterparty Credit Risk rule that were designed to protect the cost savings afforded to end-users as a result of previously enacted Congressional relief. To help facilitate efficient access to the derivatives hedging market, Congress exempted end-users that are hedging business risks from having to post margin on uncleared derivatives transactions and from having to clear derivatives transactions.⁵ These cost increases, coupled with the potential decrease in large bank participation in these markets, would hinder end-users’ abilities to effectively hedge and reduce business risks. This, in turn, would discourage capital investments, economic growth and job creation.

As the Federal Banking Agencies consider materially increasing both the overall and trading book-related capital requirements for the largest banks as part of the Basel III Endgame reforms, it is critical that the Federal Banking Agencies remain mindful of, and account for, the strong correlation between capital markets activities and the real U.S. economy and duly consider and balance the impact of any potential increases in bank capital requirements on the ability of end-users to effectively hedge important business risks at reasonable cost in highly regulated, more transparent markets. As an example, when an end-user hedges its interest rate, foreign exchange or commodity risk with a bespoke derivative product, that activity generates a derivative exposure for a large bank, that the bank will, in turn hedge. The Basel III Endgame reforms are likely to increase hedging costs, disincentivize prudent risk-management by corporations, and ultimately increase costs and risk and reduce investment in our economy. In that connection, we also request that the Federal Banking Agencies conduct and publish a broader cost-benefit analysis and assessment of both the economic benefits and costs of significantly increasing capital requirements above their already historically robust levels.

The Coalition stands ready to engage with the Federal Banking Agencies and other policymakers in this critically important work with the goal of ensuring that the final Basel III Endgame reforms carefully balance costs and benefits to create an adjusted and balanced framework that promotes safety and soundness and resolvability, bolsters financial stability, provides clarity to the markets and reduces complexity. At the same time, it is important that the new rules do not diminish large banks’ critical roles as financial intermediaries, impede end-users’ ability to safely and efficiently mitigate and manage their commercial risks or create unintended consequences to the detriment of the broader U.S. economy.

Thank you for your consideration of these very important issues to derivatives end-users.

Please contact Michael Bopp at 202-955-8256 or at mbopp@gibsondunn.com if you have any questions or concerns.

Yours sincerely,
Coalition for Derivatives End-Users

cc:

The Honorable Jerome H. Powell, Chairman
The Honorable Michael S. Barr
The Honorable Michelle W. Bowman
The Honorable Lisa D. Cook
The Honorable Philip N. Jefferson
The Honorable Christopher J. Waller
(Board of Governors of the Federal Reserve System)

The Honorable Martin J. Greunberg, Chairman
The Honorable Travis Hill, Vice Chairman
The Honorable Rohit Chopra, Director
The Honorable Michael J. Hsu, Director (addressee)
The Honorable Jonathan McKernan, Director (Federal Deposit Insurance Corporation)

¹ For purposes of this letter, the “Federal Banking Agencies” consist of the Department of the Treasury’s Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation.

² See PWC, “Basel III Endgame: The next generation of capital requirements,” at 1 (April 2023), available at: https://explore.pwc.com/baseliiiendgame/basel-iii-endgame-exsumm.

³ See, e.g., Nominations of Michael S. Barr, Jaime E. Lizarraga, and Mark Toshiro Uyeda, Hearing Before the S. Comm. on Banking, Housing, and Urban Affairs, 118^th Cong, at 15 and 18, available at: https://www.congress.gov/117/chrg/CHRG-117shrg48337/CHRG-117shrg48337.pdf; Oversight of Financial Regulators: Financial Stability, Supervision, and Consumer Protection in the Wake of Recent Bank Failures, Hearing Before the S. Comm. on Banking, Housing, and Urban Affairs, 118^th Cong. at 1 (statement of the Honorable Michael S. Barr, Vice Chair for Supervision, Board of Governors of the Federal Reserve System), available at: https://www.banking.senate.gov/imo/media/doc/Barr%20Testimony%205-18-23.pdf; see also, Transcript of Chair Powell’s Press Conference (March 22, 2023), available at: https://www.federalreserve.gov/mediacenter/files/FOMCpresconf20230322.pdf; Remarks by Secretary of the Treasury Janet L. Yellen at Financial Stability Oversight Council Meeting (April 21, 2023), available at: https://home.treasury.gov/news/press-releases/jy1431.

⁴ See SIFMA, “Identifying an Optimal Level of Capital and Evaluating the Impact of Higher Bank Capital Requirements on US Capital Markets” (May 15, 2023), available at: https://www.sifma.org/resources/news/identifying-an-optimal-level-of-capital-and-evaluating-the-impact-of- higher-bank-capital-requirements-on-us-capital-markets/.

⁵ See the Business Risk Mitigation Price Stabilization Act of 2015. “Forcing businesses to post margin not only ties up capital, but also makes it more expensive for firms to utilize the risk management tools that they need to protect their businesses from uncertainty. Today’s bill clarifies in statute that Congress meant what it said when it exempted end users from margin and clearing requirements. Specifically, it ensures that those businesses which are exempt from clearing their hedges are also exempt from margining those hedges.” 114th Congr. Rec. H-67- 68 (Jan. 7, 2015) (state of Rep. Mike Conaway).

[1] Federal Reserve, FDIC, OCC, Regulatory capital rule: Amendments applicable to large banking organizations and to banking organizations with significant trading activity (July 27, 2023), available at: https://www.federalreserve.gov/aboutthefed/boardmeetings/frn-basel-iii-20230727.pdf (the “Proposed Rule”). See also the consolidated “Basel Framework” available at: https://www.bis.org/basel_framework/.

[2] Federal Reserve, Regulatory Capital Rule: Risk-Based Surcharges for Globally Systemically Important Bank Holding Companies; Systemic Risk Report (FR Y-15), available at: https://www.federalreserve.gov/aboutthefed/boardmeetings/frn-gsib-20230727.pdf (the “GSIB Surcharge Proposal”).

[3] 12 U.S.C. § 5365.

[4] Under the Dodd-Frank Act, those enhanced prudential standards include enhanced risk-based and leverage capital, liquidity, risk management and risk committee requirements, a requirement to submit a resolution plan, single-counterparty credit limits, supervisory and company-run stress testing requirements, and other prudential standards that the Federal Reserve determines are appropriate.

[5] Federal Reserve, Prudential Standards for Large Bank Holding Companies, Savings and Loan Holding Companies, and Foreign Banking Organizations, 84 Fed. Reg. 59032 (Nov. 1, 2019); OCC, Federal Reserve, FDIC, Changes to Applicability Thresholds for Regulatory Capital and Liquidity Requirements, 84 Fed. Reg. 59230 (Nov. 1, 2019).

[6] See 12 U.S.C. § 5365(a)(2)(A) (requiring that the Federal Reserve, “in prescribing more stringent prudential standards under [Section 165], … differentiate among companies on an individual basis or by category, taking into consideration their capital structure, riskiness, complexity, financial activities (including the financial activities of their subsidiaries), size, and any other risk-related factors that the [Federal Reserve] deems appropriate.”).

[7] A visual depicting certain changes to the capital requirements applicable to banking organizations under the Proposed Rule is included as Annex A.

[8] The term “banking organizations” includes national banks, state member banks, state nonmember banks, federal savings associations, state savings associations, top-tier bank holding companies domiciled in the U.S. not subject to the Federal Reserve’s Small Bank Holding Company and Savings and Loan Holding Company Policy Statement, U.S. intermediate holding companies of foreign banking organizations, and top-tier savings and loan holding companies domiciled in the U.S., except for certain savings and loan holding companies that are substantially engaged in insurance underwriting or commercial activities and savings and loan holding companies that are subject to the Small Bank Holding Company and Savings and Loan Holding Company Policy Statement.

[9] As noted in the preamble to the Proposed Rule, “[a]lthough the proposal would remove use of internal models for calculating capital requirements for credit and operational risk, internal models can provide valuable information to a banking organization’s internal stress testing, capital planning, and risk management functions. Large banking organizations should employ internal modeling capabilities as appropriate for the complexity of their activities.” Proposed Rule, p. 18.

[10] Total risk-weighted assets under the expanded risk-based approach would equal the sum of risk-weighted assets for credit risk, equity risk, operational risk, market risk, and CVA risk, less any amount of the banking organization’s adjusted allowance for credit losses that is not included in tier 2 capital and any amount of allocated transfer risk reserves. An “output floor” of 72.5 percent of expanded total risk-weighted assets would serve as a lower bound on the risk-weighted assets under the expanded risk-based approach. See Proposed Rule, p. 23-24.

[11] For calculating standardized total risk-weighted assets, the Proposed Rule would revise the methodology for determining market risk-weighted assets and would require banking organizations subject to Category III or IV capital standards to use the standardized approach for counterparty credit risk (“SA-CCR”) for derivatives exposures. See Proposed Rule, p. 23.

[12] Proposed Rule, p. 199.

[13] The basic measure for CVA risk would include risk-based capital requirements for all CVA risk covered positions and eligible CVA hedges calculated using the BA-CVA, and any other additional capital requirement for CVA risk established by the banking organization’s primary federal regulator if the regulator determines that the capital requirement for CVA risk as calculated under the BA-CVA is not commensurate with the CVA risk of the banking organization’s CVA risk covered positions. See Proposed Rule, p. 446.

[14] The standardized measure for CVA risk would include risk-based capital requirements calculated under (1) the SA-CVA for all standardized CVA risk covered positions and standardized CVA hedges, (2) the BA-CVA for all basic CVA risk covered positions and basic CVA hedges, and (3) any additional capital requirement for CVA risk established by the banking organization’s primary federal regulator if the regulator determines that the capital requirement for CVA risk as calculated under the SA-CVA and BA-CVA is not commensurate with the CVA risk of the banking organization’s CVA risk covered positions. See Proposed Rule, p. 446-47.

[15] See Proposed Rule, p. 497, n. 463 and accompanying text.

[16] See Proposed Rule, p. 494-95, n. 465 and accompanying text.

[17] See Proposed Rule, p. 497.

[18] See Proposed Rule, p. 500.

[19] See Proposed Rule, p. 504.

[20] Coalition for Derivatives End-Users, “Consideration of the Basel III Endgame Reforms and their Impact on the End-User Community” (July 6, 2023). A copy of the Coalition Letter is attached hereto.

[21] Proposed Rule, p. 489.

[22] Statement by FDIC Director Jonathan McKernan (July 27, 2023), available at: https://www.fdic.gov/news/speeches/2023/spjul2723c.html (“Director McKernan Statement”). In addition to the Proposed Rule’s 176 questions as prompts (almost all of which include multiple related sub-prompts) to solicit comments and data on all aspects of the Proposed Rule and its potential impacts, FDIC Director McKernan’s statement includes an additional 29 questions as prompts (almost all of which include multiple related sub-prompts) to solicit comments and data.

[23] Statement by Federal Reserve Governor Michelle W. Bowman (July 27, 2023), available at: https://www.federalreserve.gov/aboutthefed/boardmeetings/bowman-statement-20230727.pdf
(“Governor Bowman Statement”).

[24] Director McKernan Statement.

[25] 12 U.S.C. § 5365(a)(2)(A) (emphasis supplied).

[26] See GSIB Surcharge Proposal, p. 46-47.

[27] Federal Reserve Board vote (votes in favor: Chair Powell, Vice Chair for Supervision Barr, Governor Cook, Governor Jefferson; votes against: Governor Bowman, Governor Waller); FDIC Board vote (votes in favor: Chairman Gruenberg; Director Hsu; Director Chopra; votes against: Vice Chair Hill, Director McKernan). The Federal Reserve voted unanimously to approve the GSIB Surcharge Proposal.

[28] See Board of Governors of the Federal Reserve System: Board Votes, available at: https://www.federalreserve.gov/aboutthefed/boardvotes.htm.

[29] See Statement by Federal Reserve Chair Jerome H. Powell (July 27, 2023), available at: https://www.federalreserve.gov/aboutthefed/boardmeetings/powell-statement-20230727.pdf.

[30] Id.

[31] Id.

[32] Governor Bowman Statement.

[33] Id.

[34] Id.

[35] See Statement by FDIC Vice Chair Travis Hill (July 27, 2023), available at: https://www.fdic.gov/news/speeches/2023/spjul2723b.html (“Vice Chair Hill Statement”).

[36] See Director McKernan Statement.

[37] As noted above, EGRRCPA amended Section 165 of the Dodd-Frank Act to raise the minimum asset threshold for application of enhanced prudential standards from $50 billion to $250 billion in total consolidated assets, while (i) providing the Federal Reserve discretion in determining whether an institution with assets of $100 billion or more must be subject to such standards and (ii) requiring a more tiered and tailored enhanced prudential standards regime for large banks. See 12 U.S.C. § 5365.

[38] Statement by Federal Reserve Governor Christopher J. Waller (July 27, 2023), available at: https://www.federalreserve.gov/aboutthefed/boardmeetings/waller-statement-20230727.pdf.

[39] Vice Chair Hill Statement.

[40] Director McKernan Statement.

[41] Governor Bowman Statement.

[42] Coalition Letter.

[43] Vice Chair Hill Statement.

Gibson Dunn’s Distressed Banks Resource Center provides resources and regular updates to our clients. Please check the Resource Center for the latest developments.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please feel free to contact the Gibson Dunn lawyer with whom you usually work, any member of Gibson Dunn’s Global Financial Regulatory, Financial Institutions, Derivatives, Public Policy or Administrative Law and Regulatory practice groups, or the following authors:

Jason J. Cabral – New York (+1 212-351-6267, jcabral@gibsondunn.com)
Michael D. Bopp – Washington, D.C. (+1 202-955-8256, mbopp@gibsondunn.com)
Jeffrey L. Steiner – Washington, D.C. (+1 202-887-3632, jsteiner@gibsondunn.com)
Adam Lapidus – New York (+1 212-351-3869, alapidus@gibsondunn.com)
Zachary Silvers – Washington, D.C. (+1 202-887-3774, zsilvers@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice. Please note, prior results do not guarantee a similar outcome.

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published a Revised Proposed Second Amendment to its Part 500 Cybersecurity Rules (“Revised Proposed Amendment”). This is the third draft NYDFS has put out for this round of amendments, following the initial Draft Proposed Second Amendment (released on July 29, 2022) and the issuance of the Proposed Second Amendment (released on November 9, 2022, and covered in our prior alert), and reflects NYDFS’ response to stakeholder comments.

We highlight seven key takeaways of the Revised Proposed Amendment:

Reduce requirements for audits, risk assessments, and penetration testing;
Reduce governance requirements;
Change notification requirements;
Expand requirements for multi-factor authentication;
Change requirements for incident response and business continuity and disaster recovery plans;
Clarify certification requirements; and
Clarify penalties.

Reduced Requirements for Audits, Risk Assessments, and Penetration Testing

In the initial Proposed Second Amendment, NYDFS imposed strict requirements that those conducting audits, risk assessments, and penetration testing be independent, including specifically requiring external experts to conduct audits and risk assessments. Public commenters focused on these requirements, noting concerns about potential costs (e.g., from hiring an outside vendor), limits on human capital (e.g., taking staff away from critical operations to ensure the independence of an internal party), and backlogs (e.g., due to the increased demand for external vendors). Appearing to acknowledge these concerns, and the implicit assumption that using external vendors does not guarantee additional value, NYDFS modified the independence requirements in the Revised Proposed Amendment. Specifically, the Revised Proposed Amendment includes three such modifications:

The definitions are revised to clarify that while Class A companies[1] need to conduct independent audits, such audits can now be conducted by internal auditors rather than only by external auditors, as long as the auditors are free to make their decisions without influence from the covered entity. This change realigns the Revised Proposed Amendment with the initial Draft Proposed Second Amendment from July 2022, which also specified that audits could be conducted by internal or external auditors.
The requirement that Class A companies use external experts to conduct risk assessments at least once every three years is removed. The relevant section no longer mentions experts and only requires risk assessments be reviewed and updated at least annually and whenever a change in the business or technology causes a “material change.”[2]
The scope of who can conduct penetration testing is expanded to include any “qualified internal or external party,” removing the requirement that the party be independent.

Reduced Governance Requirements

In the Proposed Second Amendment, NYDFS required that the board of directors have “sufficient expertise and knowledge,” or be advised by persons with sufficient expertise and knowledge, to effectively oversee cybersecurity risk management. Noting that the phrase “expertise and knowledge” is vague, NYDFS clarified that it did not intend to suggest that cybersecurity experts are required on the board, but meant that a board should have sufficient understanding of cybersecurity-related matters. NYDFS therefore revised this section to require effective oversight of the entity’s cybersecurity risk management and “sufficient understanding of cybersecurity-related matters to exercise such oversight, which may include the use of advisors.”

NYDFS also removed the requirement that senior governing bodies “provide direction to management” on cybersecurity risk management because of confusion that this implied the board should become involved in the day-to-day management of the covered entity’s cybersecurity program. NYDFS clarified that the board’s job is to determine the strategic direction of the entity, while the day-to-day management of the cybersecurity program should be handled by management.

Changes to Notification Requirements

The Revised Proposed Amendment expands the requirements around notification of cybersecurity events. Specifically, covered entities must notify NYDFS regarding security events that occur not only at the covered entity, but also those that occur at an affiliate or third-party service provider. This is a notable expansion of NYDFS’ notification requirement.

In its Assessment of Public Comments, NYDFS provided guidance clarifying that notification is required where cybersecurity events at third-party service providers: (i) require notice to a government body, self-regulating agency, or any other supervisory body; or (ii) have a reasonable likelihood of materially harming any material part of the normal operations of the covered entity. While NYDFS is not explicit about this, the same threshold can likely be applied to affiliates, which are defined in the Cybersecurity Regulation as “any person that controls, is controlled by, or is under common control with another person.” In response to public requests to clarify or delete the term “affiliate,” NYDFS commented that this term is clearly defined.

The requirement that, following initial notification, entities provide NYDFS with information requested to assist with investigating events within 90 days was met with objections from commenters suggesting it would be difficult or impossible to meet this deadline. In response, NYDFS relaxed this specific timetable requirement and the Revised Proposed Amendment now provides that requested information must be provided “promptly.”

Expanded Requirements for Multi-Factor Authentication

Requirements related to multi-factor authentication are notably expanded in the Revised Proposed Amendment to require multi-factor authentication for any individual who accesses a covered entity’s information system. There are exceptions to these requirements for small covered entities that meet certain criteria and where “reasonably equivalent or more secure compensation controls” are used, which must be reviewed by the chief information security officer and approved in writing at least annually. These expanded requirements for multi-factor authentication are now more aligned with those outlined in the FTC Safeguards Rule (a federal regulation requiring financial institutions develop, implement, and maintain an information security program to protect customer information). In its past enforcement actions, NYDFS has often alleged violations of the Cybersecurity Regulation’s provisions covering multi-factor authentication. Covered entities should therefore be careful to ensure compliance with these new expanded requirements.

Changes to Requirements for Incident Response and Business Continuity and Disaster Recovery Plans

On incident response plans, the Revised Proposed Amendment makes a number of changes, including narrowing the requirement that incident response plans address ways to specifically mitigate “disruptive” events to just “cybersecurity” events. NYDFS made this change to address concerns that “disruptive event” was undefined and therefore might include events that are not cybersecurity events. Signaling the importance of determining the root cause of a cybersecurity event, NYDFS also added a requirement that, as part of the incident response plan, covered entities prepare a “root cause analysis that describes how and why the event occurred, what business impact it had, and what will be done to prevent reoccurrence.”

There are also updates to the requirements around business continuity and disaster recovery (“BCDR”) plans, including specifying that BCDR plans should include procedures to enable the timely recovery of “critical data and information systems” rather than “data and documentation.” The Revised Proposed Amendment additionally specifies that covered entities must maintain “backups necessary to restoring material operations” that are “adequately protected from unauthorized alterations or destruction.”

Consistent with the Proposed Second Amendment, both incident response plans and BCDR plans must be tested at least annually.

Clarification of Certification Requirement

The Revised Proposed Amendment changes the obligation that covered entities submit written confirmation to NYDFS of compliance with the Part 500 requirements by qualifying that only “material” compliance “during the prior calendar year” must be certified. This materiality qualifier was added in direct response to a comment requesting it. Although NYDFS does not provide a specific definition for what constitutes “material” compliance, this update will presumably make it easier for covered entities to achieve certification.

The second change, made in response to concerns that remediation during the year would prevent a covered entity from submitting a certification of compliance, suggests that material compliance at the time of submission, or the last day of the prior calendar year, is not adequate to certify compliance. Where a covered entity does not fully comply with the requirements, they must submit a written acknowledgment identifying the requirements they did not materially comply with, describing such noncompliance, and providing a remediation timeline.

In several recent enforcement actions, NYDFS found violations of the certification requirement where covered entities that have been subject to cybersecurity events, raising concerns that NYDFS is imposing effectively a strict liability regime. Adding a materiality qualifier suggests that a threat actor’s success in obtaining unauthorized access to data does not itself evidence a violation of the Cybersecurity Regulation.

Clarification of Penalties

The Revised Proposed Amendment provides additional clarity on the factors NYDFS should consider in assessing any penalty by adding a new criterion—the extent to which the relevant policies comply with nationally recognized cybersecurity frameworks.

It is also worth noting that the Revised Proposed Amendment changes the transitional periods for several sections, extending most of the effective dates.

Next Steps

This alert is not an exhaustive list of the changes contained in the Revised Proposed Amendment, but provides a high-level overview of the updates from NYDFS’ Proposed Second Amendment. The Revised Proposed Amendment will be subject to an additional 45-day comment period, which ends on August 14, 2023. Pending further revisions, the amendment will take effect following the updated transitional periods.

The Revised Proposed Amendment demonstrates NYDFS’ continued efforts to weigh comments received while also ensuring covered entities are taking preventative measures to protect customer information and information technology systems from new and evolving threats. This underscores NYDFS’ risk-based approach to cybersecurity. Covered entities should review these requirements and ensure they have appropriate measures in place to comply if they are finalized.

________________________

[1] In the initial Draft Proposed Second Amendment, NYDFS established a group of larger companies it titled “Class A companies” to be subject to heighted compliance requirements. The Revised Proposed Amendment narrows the companies that qualify as “Class A companies” by revising this term’s definition to specify that when calculating the number of employees and gross annual revenue, affiliates should only include “those that share information systems, cybersecurity resources or all or any part of a cybersecurity program with the covered entity.”

[2] The definition of “risk assessment” is also revised to remove the requirement that such assessments “take into account the specific circumstances of the covered entity,” such as size, business, products, and location.

The following Gibson Dunn lawyers assisted in preparing this alert: Alexander Southwell, Vivek Mohan, Stephenie Gosnell Handler, Terry Wong, and Ruby Lang.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any member of the firm’s Privacy, Cybersecurity & Data Innovation practice group:

United States
S. Ashlie Beringer – Co-Chair, PCDI Practice, Palo Alto (+1 650-849-5327, aberinger@gibsondunn.com)
Jane C. Horvath – Co-Chair, PCDI Practice, Washington, D.C. (+1 202-955-8505, jhorvath@gibsondunn.com)
Alexander H. Southwell – Co-Chair, PCDI Practice, New York (+1 212-351-3981, asouthwell@gibsondunn.com)
Matthew Benjamin – New York (+1 212-351-4079, mbenjamin@gibsondunn.com)
Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202-887-3786, dburns@gibsondunn.com)
Gustav W. Eyler – Washington, D.C. (+1 202-955-8610, geyler@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650-849-5203, cgaedt-sheckter@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202-955-8657, sgans@gibsondunn.com)
Lauren R. Goldman – New York (+1 212-351-2375, lgoldman@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202-955-8510, shandler@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213-229-7269, nhanna@gibsondunn.com)
Howard S. Hogan – Washington, D.C. (+1 202-887-3640, hhogan@gibsondunn.com)
Kristin A. Linsley – San Francisco (+1 415-393-8395, klinsley@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650-849-5345, vmohan@gibsondunn.com)
Karl G. Nelson – Dallas (+1 214-698-3203, knelson@gibsondunn.com)
Rosemarie T. Ring – San Francisco (+1 415-393-8247, rring@gibsondunn.com)
Ashley Rogers – Dallas (+1 214-698-3316, arogers@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com)
Benjamin B. Wagner – Palo Alto (+1 650-849-5395, bwagner@gibsondunn.com)
Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415-393-8333/+1 650-849-5393, mwong@gibsondunn.com)
Debra Wong Yang – Los Angeles (+1 213-229-7472, dwongyang@gibsondunn.com)

Europe
Ahmed Baladi – Co-Chair, PCDI Practice, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com)
Joel Harrison – London (+44(0) 20 7071 4289, jharrison@gibsondunn.com)
Vera Lukic – Paris (+33 (0) 1 56 43 13 00, vlukic@gibsondunn.com)

Asia
Connell O’Neill – Hong Kong (+852 2214 3812, coneill@gibsondunn.com)
Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com)

In a recent landmark judgment, the EU’s Court of Justice (the Court) has sided with the European Commission (the Commission) on how the EU merger control rules should be interpreted and applied.

In a 2020 judgment, the lower EU General Court (GC) had faulted the Commission for an incomplete analysis and annulled the 2016 prohibition of the combination of mobile network operators Three and O2.[1] The 2020 GC judgment was widely seen as significantly raising the standard for when the Commission could challenge a merger.

The Court’s 2023 judgment now definitively establishes a number of key principles, and strengthens the Commission’s hand in its assessment of mergers in the EU. It has legitimized the Commission’s prior approach and underlined the margin of discretion afforded to the Commission in carrying out its assessment in certain respects. Continued vigorous merger control enforcement by the Commission can therefore be expected in the coming years.

I. Background

The revised EU Merger Regulation which entered into force in 2004 introduced an additional ground on which the Commission might take issue with mergers. As from 2004, the Commission was not only able to find that a merger created or strengthened a dominant position as had previously been the case, but could also (or alternatively) find that it would lead to a ‘significant impediment of effective competition’ (SIEC) in the EU internal market even without a finding of dominance. This additional ground was introduced to capture so-called “gap” cases.[2] The most prominent such “gap” cases in the years that followed related to the mobile telecommunications market. In a number of these cases, which generally involved the reduction of the number of mobile network operators in a given market from four to three, the Commission found that the proposed merger would lead to a SIEC through the removal of an important competitive constraint, without any finding of dominance.[3]

The Commission’s prohibition of the proposed merger between Three and O2 in 2016 was one such case. In its prohibition decision, the Commission found that the combination of Three and O2 would have created a new market leader in the UK mobile market and that, through the removal of an important competitor and with only two remaining mobile network operators able to challenge the merged company, the merger would have significantly reduced competition in the UK market.

The GC annulled this decision in full in 2020 following an appeal by CK Telecoms, the parent company of Three. The GC held that the Commission had failed to prove all three of its theories of harm to the requisite legal standard of “strong probability”. In particular, the GC held that: (1) the classification of a party as an “important competitive force” does not relieve the Commission from a full-fledged analysis of the elimination of important competitive constraints; (2) the merging parties were not “particularly” close competitors; and (3) “standard” efficiencies were not taken into account by the Commission in its quantitative price assessment. The judgment was widely viewed as significantly raising the requirements on the Commission to prove that a transaction should be prohibited.

II. The Court’s Judgment

The Three/O2 case was the first “gap” case since the entry into force of the revised Merger Regulation which had reached the Court. The judgment of the Court was therefore highly anticipated.

The Court,[4] annulled the judgment of the GC in full and referred the case back to it. In doing so, it established a number of important principles that the GC was required to apply in its review of the case, but which also apply more generally to the Commission’s review of mergers.

The Standard of Review is “More Likely Than Not” for All Cases

While the GC effectively raised the standard of proof required for the Commission to show a SIEC to the existence of “a strong probability”,[5] the Court made clear that the relevant standard of review is a “balance of probabilities” – irrespective of the type of merger or complexity of the theory of harm. Therefore, in order to prohibit a transaction, it is sufficient for the Commission to demonstrate, “by means of a sufficiently cogent and consistent body of evidence that it is more likely than not”[6] that the transaction leads to a SIEC. According to the Court, a higher burden of proof would be untenable given the forward-looking nature of the Commission’s assessment in its ex ante control of concentrations.[7]

The Commission Has a Certain Margin of Discretion

The Court sided with the Commission in giving it a certain margin of discretion in its interpretation of the legal framework for its substantive SIEC analysis – in particular with regard to economic matters. The judgment went on to highlight the forward-looking nature of the Commission’s assessment in ex ante merger control and implied that, as such, a very high burden of proof could reduce the effectiveness of the EU merger control regime. The Court nevertheless emphasized that the EU Courts should not refrain entirely from reviewing the Commission’s interpretation of EU law concepts when it comes to matters of economic analysis – and as such the Commission’s margin of discretion should not be unfettered.[8] While this does not mean that the EU Courts need to conduct their own economic analysis to verify the Commission’s findings, they must ascertain “whether the evidence relied on is factually accurate, reliable and consistent”, as well as whether this evidence contains all the necessary information and whether “it is capable of substantiating the conclusions drawn from it”.[9] To this end, the Court recalled that in the past EU Courts have interpreted concepts such as ‘dominant position’ or ‘relevant market’, and the concepts of ‘important competitive force’ and ‘close competitors’ are in a similar category.[10]

No Special Test for SIEC in Oligopolistic Markets

As regards the assessment of a SIEC in oligopolistic markets, the Court rejected the GC’s finding that the two conditions set out in recital 25 of the Merger Regulation must be fulfilled, namely: (1) the elimination of an important competitive constraint that the merging parties had exerted upon each other; and (2) a reduction of competitive pressure on remaining competitors. According to the Court, either prong is sufficient. A different interpretation would mean that the finding of a likely unilateral price increase following a merger would not in itself be sufficient to challenge a transaction.[11]

Specifically, the Commission had relied primarily on the concepts of “important competitive force” and “close competitors” to demonstrate a SIEC in the prohibition decision. For the GC, this was not enough. It found that in such a concentrated market, the Commission had to establish “particularly” close competition and find a stronger impact on pricing by Three rather than to call it an “important competitive force” based on what the GC considered to be a cursory reference to evidence and circumstances.[12]

The Court disagreed with the GC and emphasized that there are different ways the Commission could have demonstrated a SIEC in this case. As regards the definition of an ‘important competitive force’, the judgment made reference to the Commission’s Horizontal Merger Guidelines and specified that on a given oligopolistic market, a number of companies could be classified as an important competitive force.[13] The Court also rejected the exclusively price-focused approach of the GC, noting that such an assessment would be incomplete, in particular in markets where quality and innovation play a role.[14] The judgment also disagreed that only a merger between “particularly close competitors” could lead to a SIEC in the case at hand – it outlined that even where substitutability between the merging parties’ products is not particularly high, a lower level of substitutability between those parties’ products and those of the non-merging parties may lead to higher incentives to increase prices, and also that high pre-merger margins may suggest possible price increases as a result of the merger.[15]

No Such Thing as “Standard” Efficiencies

One of the more controversial elements of the GC judgment was its finding that, given that most mergers lead to efficiencies, the Commission must take “standard” efficiencies into account in its quantitative assessments.[16] The Court disagreed in strong terms, noting that no EU Regulations or Guidelines refer to a category of “standard” efficiencies.[17] According to the Court, while it is true that certain mergers may give rise to efficiencies, it is for the merging parties to demonstrate them. Reversing the burden of proof with regard to efficiencies would reduce the effectiveness of merger control.[18]

III. Implications of the Judgment

The judgment has strengthened the Commission’s hand in its assessment of mergers in a number of significant respects. First, it has clarified that all mergers, regardless of the pursued theory of harm or markets in which they occur, are subject to the “more likely than not” standard, which is more favorable to the Commission. Second, it has confirmed that the Commission enjoys a degree of flexibility in relation to the finding of a SIEC, and that the requirements to demonstrate a SIEC are not as high as the GC had previously identified. Finally, it has rowed back on the GC’s finding that all mergers are presumed to generate some efficiencies and has put the onus back on the merging parties to demonstrate that there are any such efficiencies. As a result, we can expect the Commission to be emboldened and continue to vigorously enforce merger control in the coming years.

________________________

[1] Case M.7612 — Hutchison 3G UK/Telefónica UK [2016].

[2] “Gap” cases are transactions in oligopolistic markets in which non-coordinated effects arise without the creation or strengthening of a dominant position.

[3] Between 2012 and 2014, under Commissioner Almunia, the Commission approved three four-to-three mergers subject to remedies, and hence where competition issues had been identified: Case M.6497, H3G/Orange Austria [2012], Case M.6992 H3G/Telefonica Ireland [2014], and Case M.7018 Telefonica Deutschland/E-Plus [2014]. Under Commissioner Vestager, the Commission blocked four-to-three mergers in Denmark and the UK (Case M.7419 TeliaSonera/Telenor/JV [2015] (withdrawn) and Case M.7612 H3G UK/Telefónica UK [2016]), and cleared a four-to-three merger in Italy, subject to divestment and entry of a new mobile operator on the market (Case M.7758 H3G Italy/Wind/JV [2016]). Currently pending: Case M.10896 Orange/Masmovil/JV.

[4] The Court sat in its Grand Chamber, which occurs in particularly complex or important cases.

[5] Case T-399/16, CK Telecoms UK v Commission, ECLI:EU:T:2020:217, para. 118.

[6] Case C-376/20 P, Commission v CK Telecoms UK, ECLI:EU:C:2023:561, para. 87.

[7] Ibid., para. 86.

[8] Ibid., para. 126.

[9] Ibid., para. 125.

[10] Ibid., para. 127.

[11] Ibid., para. 112.

[12] Case T-399/16, CK Telecoms UK v Commission, ECLI:EU:T:2020:217, para. 249 and 288.

[13] Case C-376/20 P, Commission v CK Telecoms UK, ECLI:EU:C:2023:561, para. 163.

[14] Ibid., para. 165.

[15] Ibid., para. 190.

[16] Ibid., para. 279.

[17] Ibid., para. 241.

[18] Ibid., para. 244.

The following Gibson Dunn lawyers prepared this client alert: Christian Riis-Madsen, Nicholas Banasevic, Attila Borsos, Stéphane Frank, Zuzanna Bobowiec, and Jan Przerwa.*

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Antitrust and Competition, Mergers and Acquisitions, or Private Equity practice groups, or the following authors and practice leaders:

Antitrust and Competition Group:
Christian Riis-Madsen – Brussels (+32 2 554 72 05, criis@gibsondunn.com)
Ali Nikpay – London (+44 (0) 20 7071 4273, anikpay@gibsondunn.com)
Rachel S. Brass – San Francisco (+1 415-393-8293, rbrass@gibsondunn.com)
Stephen Weissman – Washington, D.C. (+1 202-955-8678, sweissman@gibsondunn.com)

Mergers and Acquisitions Group:
Robert B. Little – Dallas (+1 214-698-3260, rlittle@gibsondunn.com)
Saee Muzumdar – New York (+1 212-351-3966, smuzumdar@gibsondunn.com)

Private Equity Group:
Wim De Vlieger – London (+44 (0) 20 7071 4279, wdevlieger@gibsondunn.com)
Federico Fruhbeck – London (+44 (0) 20 7071 4230, ffruhbeck@gibsondunn.com)
Scott Jalowayski – Hong Kong (+852 2214 3727, sjalowayski@gibsondunn.com)
Michael Piazza – Houston (+1 346-718-6670, mpiazza@gibsondunn.com)
Ari Lanin – Los Angeles (+1 310-552-8581, alanin@gibsondunn.com)
Richard J. Birns – New York (+1 212-351-4032, rbirns@gibsondunn.com)

*Nicholas Banasevic is managing director and Zuzanna Bobowiec is an associate in the Brussels office who are not admitted to practice law.

In a precedential decision on July 6, 2023, the Delaware Court of Chancery lowered stockholder-plaintiffs’ incentives to pursue meritless deal litigation by raising the standard that supplemental disclosures must meet to justify an award of attorneys’ fees from “helpful” to “material.” Anderson v. Magellan Health, Inc., et al. — A.3d —, C.A. No. 2021-0202-KSJM.

Much ink has been spilled regarding the shift in merger-related disclosure claims to federal court after the Delaware Court of Chancery announced in Trulia that it would approve disclosure-only settlements only where the additional information is “plainly material.” Because the merger tax levied by these strike suits continues to plague Delaware corporations—typically now in the form of a “mootness fee” to settle stockholder claims on an individual, rather than class-wide, basis—Delaware Chancellor Kathaleen St. J. McCormick recently announced in Anderson v. Magellan Health, Inc. that the Court of Chancery is raising the standard for pricing supplemental disclosures in mootness-fee proceedings from merely “helpful” to “material.” The Chancellor also provided guidance regarding the corporate benefit doctrine and how Delaware courts interpret case law applying it.

Under the corporate benefit doctrine, Delaware courts may award fees to plaintiffs’ counsel for the beneficial results they produce for a defendant corporation even without a favorable adjudication. In Magellan, the Court of Chancery revisited standards for pricing corporate benefits that it adopted in 2016. The Chancellor’s decision will likely reduce the overall amount of attorneys’ fees and expenses paid by corporations to resolve stockholder litigation providing no discernable benefit to stockholders, and may reduce the volume of meritless disclosure demands in M&A transactions.

Factual Background

The complaint filed in Magellan challenged Magellan Health, Inc.’s (the “Company”) 2021 acquisition by a managed care company (the “Buyer”). A Company stockholder claimed that certain deal protections from an abandoned sale process in 2019 impeded the more recent sale to the Buyer and were inadequately described in the Company’s proxy. The Company responded by loosening the deal protections and issuing supplemental disclosures, which mooted the plaintiff’s claims. Loosened deal protections and supplemental disclosures are common forms of non-monetary benefits.

In subsequent mootness-fee proceedings, the plaintiff petitioned the Court of Chancery for an award of attorneys’ fees and expenses. The plaintiff argued that its litigation resulted in corporate benefits worth more than $1 million. The Company argued in opposition that the benefits were worth approximately $100,000. After reexamining Delaware’s standards for pricing non-monetary corporate benefits, the court sided with the Company and awarded only $75,000 in fees and expenses.

Loosened Deal Protections

Delaware law recognizes a corporate benefit in this context because, “[a]s a theoretical matter, loosening deal protection devices makes topping bids more likely.” In Magellan, the plaintiff sought over $1 million in fees for causing the Company to waive don’t-ask-don’t-waive provisions that continued to bind three potential bidders from an abandoned 2019 sale process. Rejecting the plaintiff’s application of Delaware law, the court found that the waivers “d[id] not justify a fee award” because “the increased likelihood of a topping bid was close to zero.”

The court rejected the plaintiff’s application of Delaware law for two reasons. First, the plaintiff improperly omitted “the qualitative evaluation of the increased likelihood of a topping bid due to the plaintiff’s efforts.” Under a proper reading of Delaware precedent, the plaintiff was not entitled to full credit for the likelihood of a topping bid, only “the increased likelihood (if any) of a topping bid generated by the [w]aivers.” The plaintiff also erred in assuming the waivers increased the likelihood of a topping bid. In the court’s analysis of the likelihood of a topping bid, it found that two potential bidders had not expressed serious interest in the Company and the waiver released the third bidder only one day early.

Second, the plaintiff improperly relied on Court of Chancery decisions issued in 2014 or earlier for the resolution of claims challenging don’t-ask-don’t-waive provisions. The court found the plaintiff’s reliance on these decisions was misplaced because (i) they were “issued at a time when Delaware courts were still developing their views on don’t-ask-don’t-waive provisions,” (ii) “[e]ach involved far greater effort from the plaintiffs’ counsel than [the plaintiffs] invested in this case,” and (iii) “each achieved far more than [the plaintiffs] achieved here.” Finally, and perhaps most importantly, the court criticized the plaintiffs’ reliance on precedent decisions predating doctrinal shifts in 2015 and 2016—including the court’s decision in Trulia—and it characterized such precedents as “less useful in determining the value of otherwise comparable benefits.”

Supplemental Disclosures

Supplemental disclosures also can provide a compensable corporate benefit under Delaware law. According to the court, however, “developments in deal litigation since” 2016 warrant reexamining “the standard for pricing that benefit.”

In 2016, the Court of Chancery announced new standards for pricing supplemental disclosures in settlement-approval proceedings and mootness-fee proceedings. In Trulia, the court held that it would only approve disclosure-only settlements where the disclosures were “plainly material”—that is, where the supplemental disclosures procured met a higher materiality standard than the one applied when determining whether a disclosure claim is adequately pleaded. The court also concluded that mootness-fee proceedings were a preferable mechanism for pricing the corporate benefit resulting from the supplemental disclosures. In mootness-fee proceedings a few months later, however, the court declined to apply the defendant-friendly “plainly material” standard announced in Trulia. Instead, in Xoom, it “ratchet[ed] down the standard from ‘material’ to ‘helpful.’”

The effect of these decisions was significant. Trulia incentivized plaintiffs to repackage fiduciary duty claims as federal securities claims and file them in federal courts, which limited the Court of Chancery’s opportunities to clarify Delaware policy on disclosure-based mootness fees. Xoom incentivized plaintiffs to pursue weak or meritless disclosure claims expecting that defendants would rather issue supplemental disclosures and pay a mootness fee than expend the resources necessary to defend weak or meritless litigation.

Troubled by “a rule that seems to encourage the pursuit of legally meritless disclosure claims” and the resulting “merger tax of deal litigation” that “continues to plague Delaware corporations” in other courts, the Chancellor announced a new standard for pricing supplemental disclosures in mootness-fee proceedings. Barring disagreement by the Delaware Supreme Court, “mootness fees based on supplemental disclosures” are available under Delaware law “only when the information is material.”

Because the parties in Magellan had not argued for the heightened standard, however, the court applied Xoom one last time. The supplemental disclosures at issue were “marginally helpful” because they “provided a more easy-to-read summary of the existence, terms, and operation of the standstills, including why Magellan did not believe that certain of its standstill obligations impeded the sale process.” Based on “one post-Trulia academic survey” and “the limited set of court-ordered mootness fees awards post-Trulia,” the court valued the Company’s supplemental disclosures at $75,000.

Key Takeaways

Chancellor McCormick wrote the precedential decision in Magellan in response to the plaintiff’s “eye-popping request for $1,100,000,” which caught the attention of two professors who filed amicus briefs urging the Court of Chancery to “issue a written decision to warn other courts applying Delaware law of these policy concerns.” The following key takeaways should guide practitioners and jurists applying Delaware law.

When pricing mootness fees, courts applying Delaware law should apply a “materiality” standard rather than the “helpful” standard originally announced in Xoom. Because Delaware has adopted the federal standard for materiality in the stockholder disclosure context, this means that courts will only award mootness fees “if there is a substantial likelihood that a reasonable shareholder would consider” the supplemental disclosures “important in deciding how to vote” or tender shares.
Chancellor McCormick clearly instructed courts applying Delaware law to give less weight to corporate benefit cases pre-dating Trulia, because “Trulia and other doctrinal changes in Delaware law adopted around that time” drove “an overall decline in settlements and fee awards” that “renders pre-Trulia precedent less useful in determining the value of otherwise comparable benefits.” Practitioners and non-Delaware courts should be mindful of this guidance when relying on pre-Trulia corporate benefit cases applying the materiality standard.
It is hornbook law that plaintiffs are only entitled to compensation for the incremental value of a corporate benefit they cause. In Magellan, the Court of Chancery clarified how practitioners and courts should analyze the incremental value of loosened deal protections. In this context, pricing the incremental value created by a plaintiff requires a fact-specific “qualitative evaluation of the increased likelihood of a topping bid,” implicating the range of protections loosened, the nature and effect of each loosened protection, and the nature and extent of interest expressed by potential bidders who benefited from the loosened protections.
The decision will likely reduce the overall amount of attorneys’ fees and expenses paid by Delaware corporations to settle stockholder litigation providing no discernable benefit to stockholders. The falling price may also reduce the overall volume of demands for supplemental disclosures.

The Court’s opinion is available here.

The following Gibson Dunn attorneys assisted in preparing this client update: Jonathan D. Fortney, Brian M. Lutz, and Mark H. Mixon, Jr.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding the developments in the Delaware Court of Chancery. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Securities Litigation, Securities Regulation and Corporate Governance, Mergers and Acquisitions, or Private Equity practice groups:

Securities Litigation Group:
Christopher D. Belelieu – New York (+1 212-351-3801, cbelelieu@gibsondunn.com)
Jefferson Bell – New York (+1 212-351-2395, jbell@gibsondunn.com)
Michael D. Celio – Palo Alto (+1 650-849-5326, mcelio@gibsondunn.com)
Jonathan D. Fortney – New York (+1 212-351-2386, jfortney@gibsondunn.com)
Monica K. Loseman – Co-Chair, Denver (+1 303-298-5784, mloseman@gibsondunn.com)
Brian M. Lutz – Co-Chair, San Francisco/New York (+1 415-393-8379/+1 212-351-3881, blutz@gibsondunn.com)
Mary Beth Maloney – New York (+1 212-351-2315, mmaloney@gibsondunn.com)
Jason J. Mendro – Washington, D.C. (+1 202-887-3726, jmendro@gibsondunn.com)
Alex Mircheff – Los Angeles (+1 213-229-7307, amircheff@gibsondunn.com)
Jessica Valenzuela – Palo Alto (+1 650-849-5282, jvalenzuela@gibsondunn.com)
Craig Varnen – Co-Chair, Los Angeles (+1 213-229-7922, cvarnen@gibsondunn.com)
Mark H. Mixon, Jr. – New York (+1 212-351-2394, mmixon@gibsondunn.com)

Securities Regulation and Corporate Governance Group:
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
James J. Moloney – Orange County, CA (+ 949-451-4343, jmoloney@gibsondunn.com)
Lori Zyskowski – New York (+1 212-351-2309, lzyskowski@gibsondunn.com)

Mergers and Acquisitions Group:
Robert B. Little – Dallas (+1 214-698-3260, rlittle@gibsondunn.com)
Saee Muzumdar – New York (+1 212-351-3966, smuzumdar@gibsondunn.com)

Private Equity Group:
Richard J. Birns – New York (+1 212-351-4032, rbirns@gibsondunn.com)
Ari Lanin – Los Angeles (+1 310-552-8581, alanin@gibsondunn.com)
Michael Piazza – Houston (+1 346-718-6670, mpiazza@gibsondunn.com)

This update provides an overview of key class action-related cases during the second quarter of 2023 (April through June).

Part I recaps recent developments regarding the Federal Arbitration Act (“FAA”), including the Supreme Court’s decision requiring automatic stays pending appeals from denials of motions to compel arbitration and a Third Circuit opinion on the scope of the Section 1 exemption for interstate transportation workers.

Part II discusses Article III standing cases from the Seventh and Third Circuits.

Part III discusses a Sixth Circuit decision that rejects the juridical link doctrine, deepening the circuit split on this issue.

And Part IV discusses noteworthy cases from the Eleventh and Ninth Circuits on issues relating to class settlement approval.

I. The Supreme Court and Third Circuit Resolve Important Questions Relating to Arbitration

In Coinbase v. Bielski, 143 S. Ct. 1915 (2023), the Supreme Court held that appealing the denial of a motion to compel arbitration automatically stays district court proceedings pending resolution of that appeal. Please see our prior client alert for an analysis of this important decision, which helps protect defendants from losing the benefits of arbitration. As the Court recognized, absent these protections, the “potential for coercion is especially pronounced in class actions, where the possibility of colossal liability can lead to . . . ‘blackmail settlements.’” Id. at 1921.

In another decision that will be of interest to class action practitioners, the Third Circuit held that drivers who use the Uber app are not exempt from the FAA under the interstate transportation worker exception of Section 1. See Singh v. Uber Techs., Inc., 67 F.4th 550 (3d Cir. 2023). In this case, drivers appealed from orders compelling arbitration under Uber’s arbitration agreements, arguing that they are exempt from the FAA because it does not apply to “contracts of employment of seamen, railroad employees, or any other class of workers engaged in foreign or interstate commerce.” Id. at 553 (citing 9 U.S.C. § 1).

The Third Circuit disagreed with the drivers, holding that the last category—”workers engaged in foreign or interstate commerce”—applies only if “interstate movement of goods or passengers is a central part of the job description of the class.” Id. at 557 (citation and internal quotation marks omitted). The court reasoned that the “work of Uber drivers is centered on local transportation,” and even “[w]hen Uber drivers do cross state lines, they do so only incidentally, as part of Uber’s fundamentally local transportation business.” Id. at 553. With this opinion, the Third Circuit joins the First and Ninth Circuits, which similarly ruled that rideshare drivers do not qualify as “workers engaged in . . . interstate commerce” under FAA. See Cunningham v. Lyft, Inc., 17 F.4th 244 (1st Cir. 2021); Capriole v. Uber Techs., Inc., 7 F.4th 854 (9th Cir. 2021). Gibson Dunn represented Uber in this appeal.

II. The Seventh and Third Circuits Address Article III Standing in Putative Class Actions

Questions regarding Article III standing continue to arise in class action cases, with the Seventh and Third Circuits to be the latest courts to address standing this quarter.

In Pucillo v. National Credit Systems, Inc., 66 F.4th 634 (7th Cir. 2023), the Seventh Circuit affirmed a district court’s dismissal of a complaint for lack of Article III standing, holding that feelings of being “concerned,” “upset,” “confused,” and “alarmed” did not provide the plaintiff standing to sue for money damages under the Fair Debt Collection Practices Act (“FDCPA”). Id. at 636, 638, 642. The case involved debt collectors who sent two letters to the plaintiff demanding payment on a debt that had been discharged through bankruptcy proceedings. Id. at 636. The plaintiff filed suit against the debt collectors, relying on his emotional reactions to the letters. Id. The Seventh Circuit held that the plaintiff’s emotional responses were insufficient to support standing. Id. at 638. In addition, while the court agreed that contact with a credit rating agency or repeated automated phone messages might be sufficiently similar to the common law tort of intrusion upon seclusion to provide standing, the two letters sent to the plaintiff in Pucillo were not. Id. at 641–42. The court also found persuasive that the two letters sent by mail a year apart did not represent the “kind of abusive practice” the FDCPA was meant to address, noting that Congress’s “judgment is also instructive and important for determining whether an intangible harm constitutes injury in fact.” Id. (citing Spokeo, Inc. v. Robins, 578 U.S. 330, 341 (2016)).

By contrast, in Weichsel v. JP Morgan Chase Bank, N.A., 65 F.4th 105 (3d Cir. 2023), the Third Circuit held that a plaintiff who received a credit card renewal notice that allegedly failed to itemize annual fees in violation of the Truth in Lending Act (“TILA”) and Regulation Z had sufficiently alleged an Article III injury—even though his alleged injury had nothing to do with the purposes underlying the statutory cause of action. Id. at 108–10. The court reasoned the plaintiff had standing because he suffered a traceable, economic injury: he said he read and understood the non-itemized renewal notice and would not have paid the full annual fee if he had known it included an additional card fee. Id. at 111. At least in the Third Circuit’s view, it did not matter that the plaintiff’s alleged injury was not tied to TILA’s “underlying concrete interest,” which is to remind borrowers of an upcoming obligation. Id. at 112 (citation omitted). Instead, the court reasoned that “while a statutory violation gives Plaintiff his cause of action, that statutory cause of action is distinct from his Article III injury,” such that the plaintiff “need not allege any additional injury with a connection to the statute’s purpose.” Id. Nevertheless, the court agreed that the disconnect between his allegations and the purposes of the statute was sufficient to dismiss the complaint for failure to state a claim. Id. at 112–14.

III. Sixth Circuit Deepens Circuit Split by Rejecting “Juridical Link” Doctrine

Article III standing generally requires a plaintiff’s injuries to be “fairly traceable” to the defendant. But what about named plaintiffs in putative class actions—can they sue defendants who have not injured them if these defendants have injured other, similarly situated absent class members? Some courts have answered that question in the affirmative, relying on the so-called “juridical link” doctrine, which generally provides that a plaintiff may sue defendants that did not injure the plaintiff if all the defendants are “juridically linked” (such as through a “conspiracy” or “concerted scheme”) and if it would be “expeditious” to sue all the defendants in one action. See, e.g., Payton v. Cnty. of Kane, 308 F.3d 673, 678–79 (7th Cir. 2002). At least two circuits—the Second and Eighth—have previously rejected it. See Mahon v. Ticor Title Ins. Co., 683 F.3d 59 (2d Cir. 2012); Wong v. Wells Fargo Bank N.A., 789 F.3d 889 (8th Cir. 2015).

This past quarter, the Sixth Circuit in Fox v. Saginaw County, 67 F.4th 284 (6th Cir. 2023), joined these circuits in rejecting this doctrine. In Fox, the plaintiff claimed to have suffered an unconstitutional taking when his county took ownership of his property for failing to pay property taxes and sought to represent a class of other similarly situated property owners. Id. at 288. He sued not only the county in which the taking occurred, but also 26 other counties where putative class members suffered similar takings. Id. The Sixth Circuit held that the plaintiff lacked standing to sue the other counties because his own injury was not sufficiently traceable to the 26 other counties where he experienced no personal taking. Id. at 293. In so holding, the Sixth Circuit rejected the juridical link doctrine, which other courts have invoked to “allow[] a named plaintiff in a putative class action to sue defendants who have not injured the plaintiff if these defendants have injured absent class members.” Id. at 288. The Sixth Circuit found that juridical link doctrine conflicted with Supreme Court precedent on a number of basic principles, including “that a class-action request ‘adds nothing to the question of standing,’” id. (quoting Simon v. E. Ky. Welfare Rts. Org., 426 U.S. 26, 40 n.20 (1976)), that standing be determined “at the outset of the litigation” (rather than after a class is certified), id. at 294 (quoting Friends of the Earth, Inc. v. Laidlaw Env’t Servs. (TOC), Inc., 528 U.S. 167, 180 (2000)), and that the three-part standing test sets an “irreducible constitutional minimum,” id. at 294 (quoting Lujan v. Defs. of Wildlife, 504 U.S. 555, 560 (1992)).

IV. The Eleventh and Ninth Circuits Reverse Class Settlement Approvals

This past quarter, the Eleventh and Ninth Circuits reversed settlement class approvals, which reflects the continued trend towards greater scrutiny of class settlements.

In Williams v. Reckitt Benckiser LLC, 65 F.4th 1243 (11th Cir. 2023), the Eleventh Circuit vacated a class settlement that awarded injunctive and monetary relief to a class of individuals who purchased the defendants’ “brain performance supplements” on the ground that the plaintiffs lacked standing to pursue injunctive relief. Id. at 1247, 1253. The court explained that “even if a plaintiff can establish standing to pursue separate claims for monetary relief based on allegations of past harm, before a court may grant that plaintiff injunctive relief, the plaintiff must separately establish a threat of ‘real and immediate,’ as opposed to ‘conjectural or hypothetical,’ future injury.” Id. at 1253 (citations omitted). The named plaintiffs did not meet that standard because they did not “allege any ‘continuing, present adverse effects’ associated with prior purchases of [defendants’] [p]roducts,” or any “‘concrete plans’ to purchase [defendants’] [p]roducts again in the future.” Id. at 1255 (citation omitted). Because the named plaintiffs lacked standing to seek injunctive relief, the district court did not have jurisdiction to grant injunctive relief—even in the settlement context—and therefore should not have approved the settlement as drafted. Id. at 1256–57.

In Lowery v. Rhapsody International, Inc., 69 F.4th 994 (9th Cir. 2023), the Ninth Circuit reversed a $1.7 million attorneys’ fee award in a “claims-made” settlement where class members submitted claims for less than 0.3% of a capped $20 million settlement fund. Id. at 997, 1001. The court explained that district courts awarding fees “must consider the actual or realistically anticipated benefit to the class¾not the maximum or hypothetical amount¾in assessing the value of a class settlement” for purposes of evaluating the reasonableness of a fee award. Id. at 1001. On remand, the Ninth Circuit ordered the district court to “disregard the theoretical $20 million settlement cap and instead start with the $52,841.05 that the class claimed” because “[a]ny other approach would allow parties to concoct a high phantom settlement cap to justify excessive fees, even though class members receive nothing close to that amount.” Id.

The following Gibson Dunn lawyers contributed to this client update: Jessica Pearigen, Allie Miller, Yixian Sun*, Wesley Sze, Lauren Blas, Bradley Hamburger, Kahn Scolnick, and Christopher Chorba.

Gibson Dunn attorneys are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Class Actions, Litigation, or Appellate and Constitutional Law practice groups, or any of the following lawyers:

Theodore J. Boutrous, Jr. – Los Angeles (+1 213-229-7000, tboutrous@gibsondunn.com)
Christopher Chorba – Co-Chair, Class Actions Practice Group – Los Angeles (+1 213-229-7396, cchorba@gibsondunn.com)
Theane Evangelis – Co-Chair, Litigation Practice Group, Los Angeles (+1 213-229-7726, tevangelis@gibsondunn.com)
Lauren R. Goldman – New York (+1 212-351-2375, lgoldman@gibsondunn.com)
Kahn A. Scolnick – Co-Chair, Class Actions Practice Group – Los Angeles (+1 213-229-7656, kscolnick@gibsondunn.com)
Bradley J. Hamburger – Los Angeles (+1 213-229-7658, bhamburger@gibsondunn.com)
Lauren M. Blas – Los Angeles (+1 213-229-7503, lblas@gibsondunn.com)

*Yixian Sun is an associate practicing in the firm’s New York office who is not yet admitted to practice law in New York.

R (on the application of PACCAR Inc and others) (Appellants) v Competition Appeal Tribunal and others (Respondents), [2023] UKSC 28

In a greatly anticipated judgment of the UK’s Supreme Court (the “UKSC”), a 4-1 majority has ruled that litigation funding agreements (“LFAs”), under which the funder’s remuneration is calculated by reference to a share of the damages ultimately recovered, fall within the statutory definition of damages-based agreements (“DBAs”). Although the decision largely turns on principles of statutory interpretation, the consequences of the UKSC’s ruling are potentially significant:

Existing and future LFAs under which the funder’s remuneration is calculated by reference to a share of the damages ultimately received will now be unenforceable in England & Wales unless they comply with the conditions set out in the Damages-Based Agreements Regulations 2013 (the “Regulations”).
In the context of opt-out collective proceedings before the Competition Appeal Tribunal (the “CAT”), such LFAs will be unenforceable even if they comply with the Regulations as a result of a prohibition on DBAs for opt-out collective proceedings.

Although the full extent of its implications is not yet clear, the decision will undoubtedly have a significant impact on litigation funding in the UK, and in particular in collective proceedings before the CAT. It remains to be seen whether, in light of the decision, the UK Parliament will consider direct intervention to regulate this area.

I. Background to the UKSC Judgment and Procedural History

The case concerned the question of whether LFAs are to be classified as DBAs, and therefore subject to the UK legislation governing DBAs, including the Regulations and the Courts and Legal Services Act 1990 (the “CLSA”). Lord Henderson underscored the importance of this question in his judgment at the Court of Appeal stage in 2021 as follows:

The issue […] is in general terms whether funding agreements entered into with claimants by third parties who play no part in the conduct of the litigation, but whose remuneration is fixed as a share of the damages recovered by the client, are “damages-based agreements” within the meaning of the relevant legislation which regulates such agreements. If they are, the likely consequence would be that most, if not all, litigation funding agreements currently in existence would be unenforceable […].[1]

The UKSC was therefore asked to consider whether the principles governing DBAs extended to litigation funders as well as to solicitors. In essence: should a LFA be treated as the same type of agreement as a client-solicitor DBA, despite the fact the litigation funder will be a third-party to the proceedings?

The question mainly turned upon the definition of a DBA, which is found at section 58AA(3)(a) of the CLSA:

[A DBA is] an agreement between a person providing advocacy services, litigation services or claims management services and the recipient of those services which provides that—

(i) the recipient is to make a payment to the person providing the services if the recipient obtains a specified financial benefit in connection with the matter in relation to which the services are provided, and

(ii) the amount of that payment is to be determined by reference to the amount of the financial benefit obtained.[2]

Since 1 April 2013, DBAs have been a permitted form of fee arrangement for contentious proceedings in England & Wales.[3] But despite the introduction of DBAs being characterized as a positive development for flexibility and accessibility to justice for applicants,[4] DBAs in high-value English civil cases remain relatively rare.[5] Legal professionals have been reticent to embrace the practice due to the lack of certainty regarding compensation for their services, as well as the lack of clarity in the existing drafting of the Regulations that govern DBAs.[6]

a. The Competition Appeal Tribunal Phase

The case originates from a cartel decision by the European Commission (the “EC”), dated 19 July 2016. In that decision, the EC held that five major European truck manufacturing groups, ((1) DAF, (2) Daimler, (3) Iveco, (4) Volvo/Renault and (5) MAN)), infringed EU Competition Law by, inter alia, exchanging information on their respective future gross pricing.[7] Subsequently in 2018, Road Haulage Association Limited (“RHA”), a haulage trade association, and UK Trucks Claim Limited (“UKTC”), an SPV set up specifically to pursue the claim (together, the “Applicants”), brought proceedings in the CAT seeking damages from the manufacturers pursuant to section 47B of the UK Competition Act 1998.[8] Both the Applicants had LFAs in place. The CAT heard the case in June 2019, having ordered in December 2018 that the two applications be heard together.[9]

DAF contended that the Applicants’ LFAs constitute DBAs, with the consequence that they were unenforceable as they did not comply with the requirements under 58AA(3)(a) of the CLSA. Further, DAF contended that the Applicants did not satisfy the requirements for being authorised to bring the collective proceedings because section 47C(8) of the Compensation Act 2006 (the “CA”) stipulated that a DBA is unenforceable if it relates to opt-out proceedings.[10]

In its judgment dated 28 October 2019, the CAT found in favour of the Applicants.[11] DAF thereafter applied to the Court of Appeal for permission to apply for judicial review.

b. The Court of Appeal Phase

The Court of Appeal handed down its judgment on 5 March 2021,[12] dismissing DAF’s appeal and holding that it would not grant DAF permission to apply for judicial review on the substantive DBA issue.[13]

The Court of Appeal focused on the interpretation of the definition of “claims management services” in section 4(2)(b) of the CA; in particular, whether that term encompassed LFAs.[14] The phrase was imported into section 58AA(3)(a) of the CLSA’s DBA definition, as outlined above. The Court of Appeal determined that the definition of DBAs under these statutes did not include LFAs. DAF thereafter opted to appeal directly to the UKSC; permission to do so was granted in May 2022.

II. The UKSC Judgment

The case was heard on 16 February 2023.[15] By a majority of 4-1, the UKSC overturned the Court of Appeal’s judgment on 26 July 2023 and held that LFAs could amount to “claims management services” such that they are considered DBAs which must comply with the Regulations in order to be enforceable. As noted above, much of the UKSC’s analysis focused on English law rules of statutory interpretation.

Lord Sales (with whom Lords Reed, Leggatt and Stephens agreed) held that “claims management services”, as referred to in section 58AA(3)(a) of the CLSA, includes LFAs. Lord Sales focused on construing what he understood to be the original intention of the drafting and, as such, found that “Parliament used wide language […] deliberately and with the intention that the words of the definition of “claims management services” should be given their natural meaning.”[16] His Lordship concluded that the natural meaning included the role of litigation funders in financing claims, and noted that “[p]articipants in the third party funding market may have made the assumption that such arrangements are not DBAs and hence are not made unenforceable by section 58AA(2). But this would not justify the court in changing or distorting the meaning of “claims management services” as it is…”[17]

In a dissenting minority view, Lady Rose would have upheld the CAT and Court of Appeal’s position that LFAs did not constitute DBAs. Her Ladyship found that LFAs did not constitute “claims management services” because “the giving of financial assistance is only included in the term claims management services if it is given by someone who is providing claims management services within the ordinary meaning of that term.”[18] In reaching her conclusion, Lady Rose maintained that Parliament did not intend for 58AA(3)(a) of the CLSA to “to render unenforceable damages-based litigation funding agreements.”[19]

III. Implications of the UKSC Judgment

The UKSC’s judgment has significant implications for third party litigation funding in the UK. Parties involved in UK litigation that are supported by a third party funding agreement will need to assess whether their existing LFAs are (or might be considered) DBAs in light of the judgment and, if so, consider whether amendments are needed to ensure that they comply with the Regulations. There may be further risks for fully resolved cases under funding arrangements, in that amounts already paid to the funders may be challenged on the basis that the funding agreement could be deemed unenforceable.

For opt-out collective proceedings in the CAT, the implications of the UKSC’s judgment are more acute given the general prohibition on DBAs for such cases. It remains to be seen whether – and how – funders might seek to restructure LFAs in opt-out collective proceedings, so that they are not considered DBAs. It is likely that the judgment will, in the short term at least, create complications for funders and class representatives involved in current and future opt-out proceedings.

The wider and more long term impact of this decision on the litigation funding market in the UK (which has been strong and growing in recent years) remains to be seen.

_____________________________

[1] Paccar Inc. v RHA and UKTC [2021] EWCA Civ 299, para. 2 (emphasis added).

[2] The Courts and Legal Services Act 1990, section 58AA.

[3] The Damages-Based Agreements Regulations 2013.

[4] See Ministerial Foreword, Ministry of Justice, “Reforming Civil Litigation Funding and Costs in England and Wales – Implementation of Lord Justice Jackson’s Recommendations – The Government Response”, March 2011, p. 3-4.

[5] In the Civil Justice Council 2 September 2015 Press Release on DBA Recommendations, Professor Rachael Mulheron, Chairman of the CJC’s working party, noted: “DBAs have been used very sparingly by the legal profession since the Jackson reforms took effect in 2013. This has been unfortunate, given that the use of DBAs in contentious litigation was, arguably, the most novel aspect of those 2013 reforms.”

[6] Lord Justice Jackson proposed wide-ranging reforms to the civil litigation costs system in 2009 – these are widely referred to as the “Jackson Reforms” and included the introduction of DBAs addressed above. Following a public consultation, these were implemented in large part via the Legal Aid, Sentencing and Punishment of Offenders Act 2012 (“LASPO”) and the 2013 Regulations. In November 2014, the Ministry of Justice recognised that there were drafting issues with the Regulations and asked the Civil Justice Council to review them to consider possible improvements.

[7] Case AT. 39824 – Trucks, 19 July 2016; UK Trucks Claim Limited v Fiat Chrysler Automobiles N.V. and Others [2019] CAT 26, paras. 1-2.

[8] N.B: The UKTC application was brought against Iveco and Daimler; the RHA application against Iveco, MAN and DAF.

[9] UK Trucks Claim Limited v Fiat Chrysler Automobiles N.V. and Others [2019] CAT 26, paras. 1-2.

[10] Id., para. 15.

[11] Id., para. 110(1).

[12] Paccar Inc. v RHA and UKTC [2021] EWCA Civ 299.

[13] Id., paras. 105-107.

[14] The Compensation Act 2006, section 4(2)(b).

[15] The UKSC had, earlier, granted permission for the Association of Litigation Funders of England & Wales to make written submissions as an intervener, which it did (a reflection of the importance the appeal had to the litigation funding sector in this jurisdiction).

[16] R (on the application of PACCAR Inc and others) (Appellants) v Competition Appeal Tribunal and others (Respondents), [2023] UKSC 28, para. 72.

[17] Id., para. 91.

[18] Id., para. 254.

[19] Id., para. 253.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s global Litigation, International Arbitration, or Transnational Litigation practice groups, or any of the following authors in London:

Doug Watson (+44 20 7071 4217, dwatson@gibsondunn.com)
Piers Plumptre (+44 20 7071 4271, pplumptre@gibsondunn.com)
Ceyda Knoebel (+44 20 7071 4243, cknoebel@gibsondunn.com)
Dan Warner (+44 20 7071 4213, dwarner@gibsondunn.com)
Hannah Lewis (+44 20 7071 4059, hlewis@gibsondunn.com)

The False Claims Act (“FCA”) has had a somewhat mixed first half of 2023, marked by two Supreme Court decisions, significant decisions in the lower federal courts, and a large jury verdict for the government, but also by lower-than-usual recoveries by the government through settlements.

The June decisions by the Supreme Court settled circuit splits over scienter and the government’s dismissal authority in ways that generally aligned with expectations among the FCA bar as far as the core issues went, but that also highlighted key questions for the lower courts to resolve going forward. Meanwhile, the U.S. Department of Justice (“DOJ”) reached FCA resolutions totaling more than $485 million during the first half of the year, as well as an FCA judgment that by itself equaled approximately $487 million. Lower federal courts grappled with issues surrounding causation, the FCA’s public disclosure bar, and the standard for pleading FCA allegations with particularity under Federal Rule of Civil Procedure 9(b).

Below, we summarize recent enforcement activity, then provide an overview of notable legislative and policy developments at the federal and state levels, and finally analyze significant court decisions from the first half of the year. Gibson Dunn’s recent publications regarding the FCA may be found on our website, including in-depth discussions of the FCA’s framework and operation, industry-specific presentations, and practical guidance to help companies navigate the FCA. And, of course, we would be happy to discuss these developments—and their implications for your business—with you.

I. Noteworthy DOJ Enforcement Activity During the First Half of 2023

During the first half of 2023, DOJ announced 36 FCA resolutions totaling more than $485 million. By comparison, in the first half of 2022, there were 29 resolutions totaling over $500 million—but by year end, DOJ had collected over $2.2 billion in FCA recoveries for the year. While 2023 appears to be off to a slower start in dollar terms compared to prior years, the number of resolutions in the first half shows that the government is as active as ever in this space.

Below, we summarize the most notable settlements and judgments from the first half of this year, organized by industry and focused on key theories of liability at issue in the resolutions.[1] As usual, FCA recoveries in the healthcare and life sciences industries dominated enforcement activity during the first half of the year in terms of the number and value of settlements. DOJ, however, also announced notable resolutions in the government contracting and procurement space, described below.

In addition to the settlements summarized below, there also was a federal jury trial under the FCA during the first half of the year—a relative rarity given the treble damages and punitive liability the statute imposes. On May 15, a U.S. District Court Judge for the District of Minnesota entered a judgment of approximately $487 million against an ophthalmic supplies company and the company’s owner. Previously, on February 27, a jury had concluded that the defendants in the case violated the FCA and the Anti-Kickback Statute (“AKS”) by paying kickbacks to ophthalmic surgeons to incentivize them to use the company’s products in cataract surgeries for Medicare beneficiaries. The alleged kickbacks included luxury travel and entertainment, some of which was paid for out of what was referred to within the company as a “secret fund” and a “slush fund.” The jury found that the defendants’ conduct led to the submission of 64,575 false claims to Medicare, resulting in approximately $43,695,000 in damages to Medicare. Pursuant to the FCA, the court trebled these damages and imposed approximately $358,446,000 in statutory penalties—a number which may well be decreased under the Eighth Amendment’s prohibition on excessive fines, but will still stand as a daunting recovery. The underlying lawsuit was initially brought by a qui tam relator, whose share of the judgment was not disclosed in the press release.[2]

A. Healthcare and Life Science Industries

On January 9, a physicians group agreed to pay approximately $1.85 million to resolve allegations that it violated the FCA by billing the government for medically unnecessary cataract surgeries and diagnostics tests, tests that were incomplete or of no value, and office visits in which the level of service claimed was not provided. As part of the settlement, the physicians’ group entered into a five‑year Integrity Agreement and Conditional Exclusion Release with the Office of Inspector General for the Department of Health and Human Services (“HHS-OIG”). Under the agreement, HHS-OIG did not release its permissive exclusion authority and will provide such a release only after the physicians group has satisfied its obligations under the agreement. The settlement resolved a qui tam suit brought by a former employee; the former employee’s share of the recovery was not disclosed.[3]
On January 12, an orthopedic company and its owner agreed to pay approximately $1.8 million to resolve FCA allegations that between 2008-2015 the company submitted false claims for reimbursement for a particular knee agent when it was using a less expensive knee agent on beneficiaries of federal healthcare programs. The government alleged that the company and its owner profited from the use of the higher-priced products. The settlement resolved a qui tam suit brought by a medical device sales representative, whose share of the recovery was not disclosed at the time of the settlement.[4]

On February 7, a clinical laboratory services provider agreed to pay $19 million to resolve allegations that it caused the submission of false claims to Medicare in violation of the FCA. The government alleged that the company provided phlebotomy services to doctors who ordered laboratory testing from the company and two other third-party providers when it knew the third-party providers paid fees to the doctors to induce referrals. The settlement resolved a qui tam suit brought by two relators, who together received approximately $5.6 million of the settlement.[5]
On February 22, a company operating a long-term care hospital agreed to pay approximately $21.6 million to resolve claims that the company improperly billed Medicare. The government alleged that the company submitted claims for unauthorized services, services not provided, and services considered worthless. The settlement resolved a qui tam suit brought by an individual working at the long-term care hospital; the relator will receive $4,327,502 of the settlement amount.[6]
On February 27, a Pennsylvania physician, a university medical center, and a healthcare practice agreed to pay a total of $8.5 million to resolve allegations that the physician improperly billed for concurrent surgeries. Specifically, the government alleged that the physician regularly performed multiple complex surgical procedures at the same time, failed to participate in all of the “key and critical” portions of the surgeries, and forced patients to endure hours of medically unnecessary anesthesia time, as the physician moved between surgeries. In June 2022, a court had denied the defendants’ motion to dismiss the complaint. The settlement requires a corrective action plan for the physician and a third-party audit of the physician’s Medicare billings. Under the resolution, the university medical center has the ability to request guidance and/or an advisory opinion from the Centers for Medicare and Medicaid Services (CMS) regarding certain Medicare regulations related to surgical practices.[7]
On February 27, a New York nursing facility, its landlord, and several individuals agreed to collectively pay $7,168,000 to resolve allegations that the parties violated the FCA by submitting claims for payment for services the government claimed were worthless because of the facility’s alleged failure to maintain a license and ensure proper staffing and maintenance.[8]
On March 1, a medical equipment company agreed to pay $7 million to resolve allegations that it violated the FCA by making false statements in reimbursement claims submitted to three states’ Medicaid programs. The government alleged that the company failed to disclose all discounts it received from, or actual costs it paid to, manufacturers. As part of the settlement, the company entered into a five-year corporate integrity agreement (CIA) with HHS-OIG, which requires the company to implement a centralized risk assessment program and hire an independent review organization to complete annual reviews of its Medicare and Medicaid claims. The settlement resolved a qui tam suit brought by a former employee, who received approximately $1.05 million of the settlement.[9]
On March 3, a Florida medical center agreed to pay $4 million to resolve allegations that it improperly funded Florida’s share of certain Medicaid payments by making donations to a local unit of government that were then returned to the medical center as Medicaid reimbursements. The government alleged that between October 2014 and September 2015, the medical center assumed and paid the Medicaid contribution obligations of a local unit of government under the guise of a donation. These donations were allegedly designed to increase Medicaid payments received by the medical center, by freeing up funds for the local government unit to contribute to the state as part of the state’s share of Medicaid payments to the medical center.[10]

On March 23, a Texas-based provider of ophthalmology services committed to pay approximately $2.9 million to settle allegations that it violated the AKS, and in turn the FCA, by offering and paying kickbacks to optometrists in exchange for referrals of Medicare and Medicaid patients for cataract surgery. The alleged kickbacks included payments as well as free continuing education courses and travel and entertainment. The allegations stem from a qui tam lawsuit, but the relator’s share of the recovery was not disclosed at the time of the press release.[11]
On March 27, a clinical laboratory services provider agreed to pay $2.1 million to resolve allegations that it violated the FCA by overbilling the Department of Defense for genetic tests performed for military members by a third-party reference laboratory. The settlement resolved a qui tam suit brought by a former employee, who received $357,000 of the settlement.[12]
On March 29, a regional hospital system and two physicians agreed to pay a total of more than $69 million to resolve allegations under the FCA of improper financial relationships with eight referring physicians and a physician-owned investment group. The settlement resolves claims brought in a qui tam suit; the relator will receive a combined $12,384,927.36 from the government’s recovery.[13]
On April 19, a Virginia-headquartered healthcare company agreed to pay $3 million to settle allegations that it violated the FCA through fraudulent billing practices related to pediatric in-home health, personal care, and related services. The allegations include billing Virginia Medicaid for in-home healthcare services for pediatric patients who were actually hospitalized during that time, as well as billing for home health services that were not provided. The settlement also resolves claims brought by a qui tam relator. The United States and Virginia intervened in the qui tam case and obtained default prior to settlement.[14]
On April 20, an ophthalmologist agreed to pay approximately $1.17 million to resolve allegations that he violated the FCA by paying kickbacks to optometrists for referrals of Medicare beneficiaries to his practice for cataract surgeries. The settlement agreement resolved a qui tam lawsuit brought by two relators, who together will receive approximately $257,000 as a result of the settlement.[15]
On April 21, a Pennsylvania medical equipment company agreed to pay $5.3 million to resolve allegations that it violated the FCA by submitting false claims to federal healthcare programs for respiratory devices that patients did not need or use. The settlement resolved a qui tam suit brought by a former employee, who received approximately $950,000 of the settlement.[16]
On May 9, two Kentucky companies that perform urine drug tests and related services agreed to collectively pay approximately $1.7 million to resolve allegations that they improperly billed federal and state healthcare programs for urine drug tests that were performed pursuant to court order rather than for medical reasons. The settlement resolves allegations brought in a qui tam complaint. The two relators will receive approximately $295,000 of the recovery.[17]
On May 24, a Massachusetts hospital group agreed to pay over $5.7 million to resolve allegations that seven of its physician compensation plans, involving 44 doctors, violated the Stark Law and the FCA. The settlement resolved a qui tam suit brought by a whistleblower, who received 17% of the recovery. The settlement included language that required the hospital group to “admit, acknowledge, and accept responsibility for” certain facts—a requirement that has not become universal in DOJ settlements but that we have seen certain U.S. Attorneys’ Offices imposing with increasing frequency.[18]
On May 25, a Philadelphia-based primary care physician practice and two of its physicians agreed to pay a total of $1.5 million to settle allegations that they misrepresented to Medicare the severity of patients’ illnesses and the services provided to them. The practice allegedly submitted unsupported diagnosis codes, including morbid obesity and smoking cessation codes for patients who did not qualify for them. The settlement resolves a qui tam lawsuit filed by former employees of the practice.[19]
On May 25, a vascular surgeon agreed to pay up to $43.42 million to resolve allegations that his fraudulent billings to healthcare programs violated the FCA. The government alleged that the surgeon submitted false claims for procedures that he never performed and improperly used Modifier 59 to “unbundle” services that should have been billed together in a single claim. In a related criminal case, the surgeon was sentenced to 80 months in prison and ordered to pay $19.5 million in restitution. The FCA settlement resolved a qui tam suit, whose relator will receive up to $4,341,900 of the recovery.[20]
On May 31, a Detroit hospital system agreed to pay over $29 million to resolve allegations that it violated the FCA and the AKS by providing kickbacks to certain referring physicians. The settlement resolved a qui tam suit brought by a former employee of an affiliated medical school, who received approximately $5.2 million of the settlement.[21]
On June 15, a South Carolina healthcare system agreed to pay $36.5 million to resolve allegations that it violated the FCA, the Stark Law, and the AKS by tying payments to an orthopedic practice to the volume or value of the practice’s referrals. The settlement resolved a qui tam suit; the relator received approximately $10.2 million of the settlement.[22]
On June 15, two Jacksonville pharmacies agreed to pay $7.4 million (and more, in potential contingency amounts) to resolve allegations that they added an antipsychotic drug to topical pain creams to boost reimbursement as well as routinely waived patient copayments. As part of the settlement, the owner of the pharmacies entered into a three-year integrity agreement with HHS-OIG, which includes an annual claims review by an independent review organization. The settlement resolved two qui tam suits brought by two former employees; their share of the recovery had not been determined at the time of settlement.[23]
On June 16, a Maryland-based healthcare information technology company agreed to pay $1.7 million to settle allegations that it violated the FCA by billing the National Institutes of Health (NIH) for costs that were not eligible for reimbursement, including personal expenses unrelated to work on the contract at issue, in the form of luxury vehicles, housekeeping services, mortgage payments, and wedding costs. The settlement resolves qui tam lawsuits filed by multiple relators, of which two will receive $171,294.94, collectively, and the other will receive $171,294.94.[24]
On June 16, a diagnostic laboratories billing company based in Maryland agreed to pay $300,479.58 to resolve FCA allegations relating to billing for unnecessary respiratory pathogen panels run on seniors who received COVID-19 tests. According to the government, a diagnostics laboratory that tested senior living community residents for COVID-19 directed the billing company to bill Medicare for respiratory pathogen panels; the government alleged that the physician who purportedly ordered the tests was ineligible to treat Medicare beneficiaries and had not actually ordered the respiratory tests. Allegedly, the billing company used a different physician’s medical credentials and, without authorization, billed Medicare.[25]
On June 20, DOJ announced a $1.6 million settlement with two Georgia companies that own and operate a number of clinics and COVID-19 rapid testing sites. The settlement resolves allegations that the companies upcoded when billing Medicare for Evaluation and Management services for testing and treatment of patients with COVID-19 symptoms. Several relators filed complaints making these allegations; the settlement resolves all of those cases. As part of this resolution, the relators will receive $320,000.[26]
On June 21, DOJ announced that Alta Vista Healthcare & Wellness Centre, LLC (“Alta Vista”) and its management company agreed to pay $3.23 million to the United States and $596,700 to California to resolve allegations that Alta Vista had submitted false claims based on violations of the AKS. Alta Vista allegedly paid several physicians monthly stipends and provided them with travel and entertainment, in return for their referral of patients to Alta Vista. In parallel with the DOJ settlement, Alta Vista agreed to enter into a five-year CIA with HHS-OIG. The settlement resolves case filed in 2015 by a former Alta Vista employee, who received a $581,094 share of the total recovery.[27]
On June 29, a California county organized health system and three healthcare providers agreed to pay a combined $68 million to resolve allegations that they violated the FCA and the California False Claims Act. The settlements resolve allegations that the four defendants knowingly submitted or caused the submission of false claims to California’s Medicaid program (Medi-Cal) for “Enhanced Services” that were purportedly provided to Adult Expansion Medi-Cal members under the Affordable Care Act. The United States and California alleged that the payments were not “allowed medical expenses” permissible under the relevant contract; were pre-determined amounts that did not reflect the fair market value of any Enhanced Services provided; and/or were duplicative of services already required to be rendered. The United States and California further alleged that the payments were unlawful gifts of public funds in violation of the California Constitution. The relator in the case will receive approximately $12.56 million as his share of the federal recovery.[28]

B. Government Contracting and Procurement

On February 27, a South Carolina-based 3D printing company holding contracts with the National Aeronautics & Space Administration (NASA) and the Department of Defense (DOD) agreed to pay up to $4.54 million to resolve allegations that it violated the FCA by improperly transmitting controlled technical data to China. Between January 2012 and December 2017, and in connection with its NASA and DOD contracts, the company allegedly transmitted certain items and/or intellectual property to China without the appropriate license or authorization. The company also reached parallel settlements with the Department of State (DOS) and the Department of Commerce (DOC) over the alleged export control violations underlying the FCA case, worth $20 million and $2.77 million, respectively. The agreement with DOJ permits crediting of amounts paid to DOS and DOC against penalties owed to DOJ.[29]
On March 2, a paint manufacturer agreed to pay $1 million to resolve allegations that it participated in a scheme to defraud the federal Disadvantaged Business Enterprise (DBE) program in connection with a contract to paint a bridge in Philadelphia. The government alleged that the joint venture that was awarded the contract for the project worked with the paint manufacturer, rather than a qualified DBE as required by the contract—while nominally subcontracting with a DBE in what the government alleged was a sham arrangement.[30]
On April 24, a manufacturer of military communications equipment agreed to pay $21.8 million to resolve allegations that it violated the FCA by knowingly submitting and causing the submission of false claims to DOD by including in contract proposals the cost of certain parts twice. The government alleged that the manufacturer submitted contract proposals that double-counted the cost of low-cost common-stock items, such as nuts and bolts. In conjunction with the resolution, DOJ agreed to settle for just under $8 million a breach of contract lawsuit by the manufacturer against the United States alleging that in its effort to prevent the manufacturer from continuing to double-charge for common-stock items, DOD improperly prohibited the manufacturer from charging certain other costs.[31]
On May 30, a U.S. Postal Service (USPS) contractor and its parent company agreed to pay $2.75 million to settle allegations that they knowingly withheld funds owed to USPS and related to the agency’s change of address process, by allegedly deducting the contractor’s own costs before sharing revenue with USPS. Additionally, the contractor allegedly improperly allocated labor costs from one contract to another, increasing its profits and passing off a portion of its labor costs to USPS. The settlement resolves claims in a qui tam lawsuit brought by a former employee of the contractor.[32]
On June 20, DOJ announced the resolution of two cases involving alleged false statements by a project superintendent and a construction company in connection with the federal Route 6/10 Interchange Project. The company paid $1 million to resolve the FCA portion of the cases. The company’s construction contract for the project prohibited the removal, use, and transport of contaminated soil in the course of construction. DOJ alleged that the superintendent, a former employee of the company, misled state inspectors into believing that stone for the Route 6/10 Interchange Project had been tested as required by the construction contract and environmental standards, when in fact no tests had been performed. In parallel with DOJ’s civil settlement with the company, the company entered a non-prosecution agreement with DOJ, and the superintendent pled guilty to making false statements and was sentenced to one year of probation and a $40,000 fine.[33]
On June 29, a space and defense company based in Florida, its owner, and an Ohio-based affiliate agreed to pay $7,759,693.32 to resolve allegations that the company knowingly provided false information to the SBA to gain access to contracts set aside for small businesses. The government alleged that the company failed to accurately report distributions and payments the company had made to the owner’s family members and misreported the owner’s assets. According to the government, had the company provided correct information, it and its affiliate would not have been eligible for contracts it obtained with NASA, the U.S. Army, and the U.S. Air Force. The settlement resolves claims in a qui tam lawsuit brought by another space and defense company, which will receive $1,357,964 of the settlement amount.[34]
On June 30, a government contractor agreed to pay $80,944 to settle a civil fraud case alleging that it violated the Trade Agreements Act (TAA) and the FCA by fraudulently misrepresenting the country of origin for over a dozen printer toner products and offering them for sale, as TAA compliant, through a General Services Administration (GSA) Multiple Award Schedule (MAS) contract and an Air Force Blanket Purchase Agreement.[35]

C. Other

On April 10, a company that provides engineering services and staffing services agreed to pay approximately $9.9 million to resolve “reverse” FCA allegations that it underpaid visa fees owed to the federal government by seeking less expensive B-1 visas for foreign national employees, rather than more expensive H-1B visas. The settlement resolves claims brought in a qui tam suit; the relator’s share of the recovery was not disclosed at the time of the settlement.[36]

On May 11, an Alaska telecommunications company agreed to pay $40.24 million to settle allegations that it violated the FCA by inflating its prices in connection with the Federal Communications Commission’s (FCC) Rural Health Care Program. This program provides subsidies to rural healthcare providers for telecommunications services, awarded through a mandatory competitive bidding process. The government alleged that between 2013 and 2020, the company received more subsidy payments than it was entitled to by inflating its prices and failing to comply with FCC regulations. The company entered into a corporate compliance agreement with the FCC and resolved a pending administrative investigation with the FCC. The settlement resolved claims brought in a qui tam suit filed by a former director of business administration at the company, who will receive $6.4 million of the settlement amount.[37]
On May 12, a South Korean company agreed to pay $2.05 million plus interest to resolve its potential liability under the FCA in connection with an alleged customs avoidance scheme. The company also pled guilty to the scheme and was sentenced to a criminal fine of $250,000 and restitution in the amount of $2.05 million. The resolutions resolved allegations that from 2012 to 2019, the company evaded customs duties on clothing and apparel that it manufactured abroad and imported into the United States, by preparing an accurate invoice for U.S. purchasers and a false invoice for U.S. Customs that undervalued the goods. Accordingly, the government alleged that the company underpaid customs duties that it owed based on the true value of the goods. The FCA settlement resolves a qui tam suit whose relator will receive 18 percent of the settlement amount.[38]
On June 27, a think tank agreed to pay $501,161 to resolve allegations that it falsely certified that it was eligible to receive a Second Draw Paycheck Protection Program (PPP) Loan from the SBA. The Coronavirus Aid, Relief, and Economic Security Act (CARES Act) authorized forgivable loans to small businesses for job retention and certain approved expenses, through the PPP. Entities that applied for Second Draw PPP loans were required to certify that they were not primarily engaged in political or lobbying activities. According to the settlement, the think tank certified to the SBA that it was not a think tank primarily engaged in political or lobbying activities, when it had publicly stated otherwise on LinkedIn, in various sections of its website, and in press releases. The settlement resolves a qui tam suit filed by a relator, who will receive 10 percent of the recovery.[39]
On June 29, a mortgage company agreed to pay $23.75 million to resolve allegations that it violated the FCA by failing to comply with material program requirements when it originated and underwrote mortgages insured by the Department of Housing and Urban Development’s (HUD) Federal Housing Administration (FHA) or guaranteed by the Department of Veterans Affairs (VA). According to the settlement, the company falsely certified for FHA mortgage insurance and VA home loan guarantees a material percentage of loans that did not meet applicable requirements and, therefore, were not eligible under those programs, and HUD and the VA would not have insured or guaranteed the loans but for the company’s submission of false certifications. The relators in this case, two former employees of the company, will receive a total of $4,037,566 of the settlement proceeds.[40]

II. Legislative and Policy Developments

A. Senate Passes Amendments to the Program Fraud Civil Remedies Act

On March 30, 2023, the Senate passed the Administrative False Claims Act of 2023 (AFCA), which was co-sponsored by Senators Chuck Grassley and Dick Durbin. The bill would expand the scope of the existing Program Fraud Civil Remedies Act of 1986, a law that targets lower dollar‑value frauds against the government, provides for an administrative process for government agencies to use in pursuing such claims when DOJ declines to do so, and establishes conditions for judicial review.[41] The AFCA would raise the statutory ceiling for these smaller claims from $150,000 to $1 million, and would mandate the adjustment of the statutory ceiling for inflation. It also would allow the government to recover costs for investigating and pursuing cases within the scope of the statute.[42] The legislation has now moved to the House of Representatives for further action.[43]

B. Tax-Related Claims at the State Level

The first half of 2023 has witnessed notable developments related to the efforts of certain states to expand their false claims laws to cover claims predicated on non-payment of taxes. Such claims are unique to the state context, because the federal FCA expressly excludes them. Granted, most state FCAs do as well. Virginia’s Fraud Against Taxpayers Act, for example, tracks the federal statute’s language closely and provides that the law “shall not apply to claims, records, or statements relating to state or local taxes.”[44]

But a small minority of states do allow for tax-related claims to be brought under the False Claims Act—the most notable among them being New York, the District of Columbia, Illinois, and Indiana. Until recently, all of these states’ FCAs required affirmative false statements to the government as a condition of liability; they did not cover scenarios in which the defendant simply failed to file required taxes with the state altogether. In at least one jurisdiction, this principle was recently affirmed in a decision granting a motion to dismiss for failure to allege a false claim, record, or statement pursuant to the jurisdiction’s tax laws.[45]

In May of this year, New York became the first state to depart from this norm by amending its FCA to cover persons who improperly fail to file a tax return in New York. On May 3, 2023, 2023-S. 4009-C was signed into law by Governor Hochul.[46] With that amendment, the statute now applies to those who commit “tax law violations” rather than only those who submit false “claims, records, or statements made under the tax law.”[47] With this change, New York’s False Claims Act has become the most aggressive amongst the state Acts that address tax law violations.

The New York amendment follows two prior unsuccessful attempts by the state’s lawmakers to enact even more expansive changes. On December 31, 2021, Governor Hochul vetoed Senate Bill 4730, which had proposed expanding the application of the statute to tax-related “claims, records, or statements” to “claims, records, or statements, and obligations.”[48] In her veto statement, the Governor explained that the use of the word “obligations” was too broad and could encompass more than only non-filers.[49] Just over a year later, on January 30, 2023, Governor Hochul vetoed Senate Bill 8815, which added some limiting language related to scienter but still contained the vague “obligations” language, and provided “an undefined retroactive lookback period” that would not provide filers with sufficient notice of how the amendment would be applied.[50] The amendment that was eventually signed into law, in addition to eliminating the “obligations” language, also specified that the amendment would only be applied to future actions filed against “tax obligations knowingly concealed or knowingly avoided after May 1, 2020,” thereby eliminating the “undefined retroactive lookback period” contained in the previously proposed amendment.[51]

Notwithstanding the shortening of the lookback period, the New York amendment still has significant implications for companies and individuals with New York touchpoints. The statute covers both income taxes and other types of taxes as well—and, critically, it does not carve tax-based claims out of the provisions permitting suits by qui tam relators.[52] As a result, we can expect to see increased efforts by the plaintiffs’ bar to bring cases grounded in alleged technical non‑compliances with New York tax law, including mere failures to file tax returns. And while the amendment has faced its fair share of criticism from trade associations and other groups,[53] it remains possible that legislatures in other states that allow tax-based FCA liability will attempt similar expansions of their laws.

The New York amendment also could serve to re-invigorate attempts in states with no tax-based FCA liability to enshrine such liability in their statutes. Ohio will be one state to watch in that regard. In January 2022, Ohio House Bill 533 proposed extending the state’s FCA to cover claims brought under the state’s tax laws.[54] The bill was referred to the Committee on Civil Justice in February 2022, but has not made any progress since then.[55] Elsewhere, New York’s approach could continue to prove an outlier. After New York passed its amendment, Connecticut passed HB 6826, which expands the state’s FCA to cover most state programs and benefits, rather than only state-administered health and human services programs, but expressly carves out tax-based liability.[56] Connecticut lawmakers had—before New York’s amendment—unsuccessfully attempted an that would have allowed tax-based claims.[57]

C. HHS-OIG Incentives for States

HHS-OIG provides an incentive for states to enact false claims statutes in keeping with the federal FCA. If HHS‑OIG approves a state’s FCA, the state receives an increase of 10 percentage points in its share of any recoveries in cases involving Medicaid. Consistent with our reporting in prior alerts, the lists of “approved” and “not approved” state false claims statutes remain at 22 and 7, respectively.[58]

III. CASE LAW DEVELOPMENTS

A. Supreme Court Rules in Two Long-Awaited False Claims Act Cases

i. Supreme Court Rules that Subjective Standard Governs Scienter

Our 2022 Year-End False Claims Act Update also highlighted the Court’s decision to grant certiorari in United States ex rel. Schutte v. SuperValu Inc., 143 S. Ct. 1391 (2023), the consolidation of two decisions of the Seventh Circuit: United States ex rel. Schutte v. SuperValu Inc., 9 F.4th 455 (7th Cir. 2021), cert. granted, 143 S. Ct. 644 (Jan. 13, 2023), and United States ex rel. Proctor v. Safeway, Inc., 30 F.4th 649 (7th Cir. 2022), cert. granted, 143 S. Ct. 643 (Jan. 13, 2023). On June 1, 2023, the Court reversed the Seventh Circuit’s rulings in those cases, holding that knowledge under the FCA turns on a subjective standard—what the defendant actually knew and believed at the time of the alleged false claim—not on an objectively reasonable interpretation the defendant may have had after the fact. Schutte, 143 S. Ct. at 1399, 1401.

Defendants SuperValu and Safeway operated retail drug pharmacies nationwide. Id. at 1396. In both cases, Relators alleged that defendants misrepresented their “usual and customary” drug prices in the process of seeking reimbursement from Medicare and Medicaid over the course of several years. Id. at 1397. Rather than reporting the “usual and customary charges [for the drug] to the general public,” as CMS instructs, see 42 C.F.R. § 447.512(b)(2), which the Relators alleged were the heavily discounted prices the defendants provided to patients through cost-matching programs, the defendants allegedly submitted retail drug costs. Id.

The district court agreed with Relators that the discounted drug prices the defendants charged customers were the companies’ usual and customary prices, and that by failing to disclose the lower prices, the defendants had submitted false claims to the government. Id. at 1398. Ultimately, however, the district court granted summary judgment in favor of the defendants, finding that the defendants had not submitted false claims knowingly. Id. The Seventh Circuit affirmed, applying Safeco Insurance Co. of America v. Burr, 551 U.S. 47 (2007), to conclude that “[b]ecause SuperValu had an objectively reasonable understanding of the regulatory definition of U&C price and no authoritative guidance placed it on notice of its error, the Relators have not shown that SuperValu acted knowingly.” Schutte, 9 F.4th at 472.

The Supreme Court reversed, holding that “[w]hat matters for an FCA case is whether the defendant knew the claim was false.” 136 S. Ct. at 1396. Looking first to the text of the FCA and noting that “either actual knowledge, deliberate ignorance, or recklessness will suffice” to satisfy the “knowingly” element, the Court explained that “[t]hat three-part test largely tracks the traditional common-law scienter requirement for claims of fraud.” 143 S. Ct. at 1400. The Court explained its reliance on the common law by reference to its incorporation of common‑law concepts into the 2016 Escobar decision. Id. On the basis of this textual and common‑law analysis, the Court articulated the meaning of each of the FCA’s three alternatives for scienter, notably characterizing reckless disregard as occurring when a defendant is “conscious of a substantial and unjustifiable risk that [its] claims are false, but submit[s] the claims anyway”—but caveating this discussion by saying that it was not considering whether recklessness exists when a defendant submits claims despite “an unjustifiably high risk of illegality that was so obvious that it should have been known, even if the defendant was not actually conscious of that risk.” Id. at 1401 & n.5.

As noted in Gibson Dunn’s alert immediately following the Court’s decision, this decision will potentially make it harder for courts to resolve FCA cases at the pleading stage because measuring scienter according to contemporaneous subjective knowledge may be an inquiry that some courts deem to be too fact-intensive. And while the decision was unsurprising given the significant majority of federal appellate courts that had already held that a post hoc legal interpretation cannot vitiate a defendant’s contemporaneous, subjective belief, the decision also articulated a standard for “reckless disregard” under the FCA without much guidance for lower courts on when the standard is satisfied. We can expect that question to become a battleground in FCA cases now that the Court has foreclosed the so-called “Safeco” defense.

ii. Following SuperValu, Supreme Court Sends Sheldon Back to the Fourth Circuit and Olhausen to the Eleventh

In an order list, the Supreme Court sent two major wins for FCA defendants—the Fourth Circuit’s Sheldon v. Allergan decision and the Eleventh Circuit’s decision in Olhausen v. Arriva Medical—back to the appellate courts “for further consideration in light of United States ex rel. Schutte v. SuperValu.” Sheldon v. Allergan Sales, LLC, No. 20-2330, Dkt. No. 105 (4th Cir.); Olhausen v. Arriva Med., LLC, No. 22-374, Dkt No. 46 (11th Cir.). Now, both Circuits must further consider their rulings in light of SuperValu’s holding that scienter under the FCA turns on a defendant’s “subjective beliefs” about its conduct, even when those practices are “objectively reasonable.” In April 2022, the Eleventh Circuit held in Olhausen that a provider of mail-order diabetic testing supplies and other medical products had not acted with the requisite scienter to defraud Medicaid because “the Medicare rules that [the relator] alleged the Defendants violated are susceptible to multiple reasonable interpretations.” Olhausen v. Arriva Med., LLC, No. 21-10366, 2022 WL 1203023, at *2 (11th Cir. Apr. 22, 2022), cert. granted, judgment vacated sub nom. Olhausen v. Arriva Med., LLC, No. 22-374, 2023 WL 4278438 (U.S. June 30, 2023). In September 2022, an en banc Fourth Circuit examined the FCA’s scienter element in Sheldon, joining the then-growing number of circuits to incorporate the so-called “Safeco” defense into FCA cases. The Fourth Circuit had held that “a defendant cannot act ‘knowingly’ if it bases its actions on an objectively reasonable interpretation of the relevant statute when it has not been warned away from that interpretation by authoritative guidance”—an “objective standard” that “precludes inquiry into a defendant’s subjective intent.” Sheldon, 24 F.4th at 348. Shortly thereafter, in a per curiam order on rehearing en banc, the full Fourth Circuit reached an impasse and vacated the panel opinion and affirmed the district court. United States ex rel. Sheldon v. Allergan Sales, LLC, 49 F.4th 873 (4th Cir. 2022).

iii. Supreme Court Clarifies When the Government May Dismiss Qui Tam Cases Over the Objections of Relators

As discussed in Gibson Dunn’s 2022 Year-End False Claims Act Update, the Supreme Court heard oral argument in United States ex. rel. Polansky v. Executive Health Resources, Inc., 143 S. Ct. 1720 (2023) in December 2022. In June 2023, the Court issued its opinion in Polansky, clarifying when the government could dismiss an FCA suit over a relator’s objection, as long as it intervened sometime in the litigation. 143 S. Ct. at 1727. The FCA provides that “the Government may dismiss the action notwithstanding the objections of the person initiating the action if the person has been notified by the Government of the filing of the motion and the court has provided the person with an opportunity for a hearing on the motion.” 31 U.S.C. § 3730(c)(2)(A). In Polansky, the government initially declined to intervene in the relator’s suit during the investigative “seal period” after the relator had filed the complaint. Polansky, 143 S. Ct. at 1729. The government, however, later moved to dismiss without formally intervening. Id. The district court granted the request and dismissed the case. The Third Circuit affirmed, determining that although the government had declined to intervene during the seal period, the government’s motion to dismiss was reasonably construed as an intervention in the case. Id. The Third Circuit further determined that the district court had not abused its discretion in concluding that dismissal was warranted under Federal Rule of Civil Procedure 41(a), which governs voluntary dismissals. Id. at 1730.

The Supreme Court affirmed by a vote of 8-1. In an opinion authored by Justice Kagan, the Court held that “the Government may seek dismissal of an FCA action over a relator’s objection so long as it intervened sometime in the litigation, whether at the outset or afterward” and that, in resolving such motions, district courts “should apply the rule generally governing voluntary dismissal of suits: Federal Rule of Civil Procedure 41(a).” Id. at 1727. The Court explained that the government need not intervene during the seal period of the case to have the right to later dismiss it. The Court also made clear that the government cannot move to dismiss unless it intervenes at some point, which the Third Circuit deemed the government had done here through its motion to dismiss. The Supreme Court then explained that any motion for dismissal by the government is to be evaluated under Federal Rule of Civil Procedure 41(a), whose “standard varies with the case’s procedural posture.” Id. at 1733.

The Court added two caveats, namely: (1) unlike Rule 41(a), the FCA requires notice and an opportunity for a hearing before the government’s motion to dismiss may be granted; and (2) a court’s analysis of such a motion to dismiss under Rule 41(a) must “consider the[] interests” of the relator, and not only the defendant as in non‑FCA cases. Id. at 1734. According to the Court, a government motion to dismiss “will satisfy Rule 41 in all but the most exceptional cases.” Id. Thus, the district court had not abused its discretion in determining that the government had met this standard by “enumerat[ing] the significant costs of future discovery in the suit, including the possible disclosure of privileged documents,” and by “explain[ing] in detail why [the government] had come to believe that the suit had little chance of success on the merits.” Id. at 1735. Notably, the Court agreed with the district court’s assessment that the “billions of dollars of potential recovery” the government was foregoing “could not outweigh the Government’s reasonable view of the suit’s costs and benefits.” Id. (internal quotation marks removed).

Justice Thomas, in dissent, would have held that the government must intervene during the seal period in order to later dismiss the case. Perhaps more significantly, Justice Thomas also stated that “[t]here are substantial arguments that the qui tam device is inconsistent with Article II and that private relators may not represent the interests of the United States in litigation.” Id. at 1741 (Thomas, J., dissenting). According to Justice Thomas, the qui tam provisions of the FCA improperly “authorize a private relator to wield executive authority to represent the United States’ interests in civil litigation.” Id. Justice Kavanaugh, joined by Justice Barrett, authored a short concurrence suggesting agreement with Justice Thomas on this point and adding that “the Court should consider the competing arguments on the Article II issue in an appropriate case.” Id. at 1737 (Kavanaugh, J., concurring). Going forward, we will be watching closely to see whether this skepticism of the constitutionality of the qui tam provisions of the FCA takes root more deeply and broadly among the Justices.

Polansky should clarify the standard lower courts must apply in considering government motions to dismiss qui tam actions after years of divergent approaches. While this issue was previously the subject of a circuit split, the split was not so dramatic as to meaningfully deprive DOJ of dismissal power writ large; instead, the devil was in the details, as some courts purported to apply some level of scrutiny to government dismissal motions and thus created less predictability for defendants seeking to persuade the government to exercise its dismissal authority. While time will tell what exactly the lower courts deem to be the “extraordinary circumstance” justifying denial of a dismissal motion, id. at 1735, we are cautiously optimistic that U.S. Attorneys’ Offices around the country that previously had been more reluctant than others to exercise dismissal authority will see fewer risks in doing so when the considerations animating such a step are already present.

B. Circuit Split Deepens Over Proper Causation Standard for AKS-Predicated FCA Claims

The Anti-Kickback Statute imposes criminal liability on a person who knowingly and willfully pays, offers, solicits, or receives remuneration in return for referrals or orders of items or services reimbursed by federal health programs. In 2010, Congress amended the AKS to provide that “a claim that includes items or services resulting from a violation of [the AKS] constitutes a false or fraudulent claim for purposes of [the FCA].” 42 U.S.C. 1320a-7b(g) (emphasis added). Notwithstanding the statute’s use of language sounding in causation, the government and relators routinely take the position that all claims submitted by the recipient of an alleged kickback are false claims because they were “tainted” by the kickback, and that a greater showing of causation is not required. In March, the Sixth Circuit weighed in on a growing circuit split regarding what causation standard a plaintiff must satisfy to show that a false claim “resulted from” a violation of the AKS. In United States ex rel. Martin v. Hathaway, the Sixth Circuit joined the Eighth Circuit in concluding that the AKS imposes a “but-for” causation standard. 63 F.4th 1043, 1052–53 (6th Cir. 2023) (Sutton, J.) (citing United States ex rel. Cairns v. D.S. Medical L.L.C., 42 F.4th 828 (8th Cir. 2022)). As the Sixth Circuit explained, “the ordinary meaning of ‘resulting from’ is but-for causation” and this understanding applies absent strong textual or contextual indications to the contrary. Id. at 1052. This interpretation of the AKS’s causation standard is the same one reached by the Eight Circuit in the Cairns case, which we covered in our 2022 Year-End Update. See Cairns, 42 F.4th at 836. The court in Hathaway relied both on that case and on the Supreme Court precedent interpreting similar language in the criminal context on which Cairns itself had relied. See 63 F.4th at 1052 (citing Burrage v. United States, 571 U.S. 204, 210–11); 42 F.4th at 834. Applying a but-for causation standard, the Sixth Circuit in Hathaway concluded there is no violation of the FCA if “the alleged scheme did not change anything.” Id. at 1053. This is different than the position taken by the Third Circuit several years ago, which rejected a “but‑for” causation standard and instead determined that the FCA and AKS “require[] something less than proof that the underlying medical care would not have been provided but for a kickback.” United States ex rel. Greenfield v. Medco Health Solutions, Inc., 880 F.3d 89, 96 (3d Cir. 2018).

In Hathaway, one ophthalmologist (Dr. Shannon Martin) claimed that another ophthalmologist (Dr. Darren Hathaway) and a local hospital had violated the FCA by submitting claims for reimbursement that had been caused by kickbacks. According to the allegations, Hathaway was the owner of the sole ophthalmology business in a small town in Michigan that made its surgery referrals to the local hospital that also made its eye check-up referrals to Hathaway’s ophthalmology business. Hathaway, 63 F.4th at 1046. Martin was made a tentative offer of employment at the hospital. Id. According to Martin, Hathaway told the hospital that if it hired Martin, he would be forced to direct his surgical referrals elsewhere. Id. at 1046–47. The hospital responded by deciding not to hire Martin—allegedly “in return for Dr. Hathaway’s commitment to continue sending local surgery referrals,” thus “violat[ing] the Anti-Kickback Statute.” Id. at 1047. The government declined to intervene and the district court granted the defendants’ motion to dismiss. Id. Martin appealed. Id.

The Sixth Circuit affirmed the district court for two separate reasons. First, the Sixth Circuit concluded the complaint did not allege remuneration under the AKS. The complaint alleged that the hospital’s “refusal to hire Dr. Martin in return for Dr. Hathaway’s general commitment to continue sending surgery referrals for his patients” to the hospital constituted remuneration. Id. at 1051. The Sixth Circuit rejected this theory of remuneration because it did “not entail a payment or transfer of value to Dr. Hathaway,” which the Court deemed necessary for remuneration. Id. Because Hathaway had already been sending his surgery referrals to the hospital, “refusing to hire Dr. Martin . . . simply left things where they were.” Id. at 1052. Second, the Sixth Circuit concluded the complaint failed to allege but-for causation. Because Hathaway already made his referrals to the local hospital, the Sixth Circuit concluded that “[t]here’s not one claim for reimbursement identified with particularity in this case that would not have occurred anyway, no matter whether the underlying business dispute occurred or not.” Id. at 1053. The mere fact that surgeons at the hospital had submitted claims for reimbursement from the government after Martin’s tentative offer of employment was retracted was not enough to plead causation. Id. (“Temporal proximity by itself does not show causation.”).

C. Courts Continue to Grapple with Sufficiency of Pleading Under Rule 9(b)

DOJ’s or a relator’s FCA allegations must be pled with particularity under Federal Rule of Civil Procedure 9(b). Courts differ over what an FCA plaintiff alleging that false claims were presented to the government must do to allege presentment with particularity. The first half of 2023 witnessed the Second Circuit reaffirming a relatively stringent standard in this regard, in a case concerning alleged billing for unnecessary medical services.

i. Second Circuit Finds Blanket Allegations Insufficient to Satisfy Pleading Standard

In Doe 1 v. eviCore Healthcare MSI, LLC, No. 22-530-CV, 2023 WL 2249577, at *2 (2d Cir. Feb. 28, 2023), the U.S. Court of Appeals for the Second Circuit affirmed the district court’s denial of the Plaintiff’s claim for failure to plead fraud with sufficient particularity. Relators Jane Doe 1, Jane Doe 2—both former employees—and SW Challenger, LLC, brought 22 claims against eviCore Healthcare MSI, LLC (“eviCore”), including under the FCA. Relators alleged that eviCore contracted with private health insurance companies that cover Medicare and Medicaid beneficiaries to provide reimbursement determinations for medical services. Relators alleged that eviCore undertook a scheme to auto-approve requests related to certain providers, therapies, and populations, irrespective of the patient, and utilized an artificial intelligence program to approve certain requests based on flawed criteria and without manual review. As a result, Relators alleged, eviCore provided “worthless services” which caused those insurance companies to bill the government for unnecessary and fraudulently approved medical services. 2023 WL 2249577, at *1.

The district court granted eviCore’s motion to dismiss, including for failure to plead with sufficient particularity under Rule 9(b). The Second Circuit agreed with the district court’s determination that Relators “failed to identify even a single instance of a medical procedure, involving any particular patient on a specific date, that was fraudulent or unnecessary but that was nevertheless approved by eviCore,” and instead merely alleged that “the volume of eviCore’s approvals made it inevitable that fraudulent claims were approved.” Id. at *2. While the court’s analysis thus seems to align in principle with that of courts that require plaintiffs to plead “representative examples” of false claims, the court did not explicitly rely on that standard. In fact, the court stated that “Relators’ argument that their allegations created a strong inference of fraud is unpersuasive,” id. at *3—language seemingly more aligned with the majority rule that an FCA plaintiff need only plead details of a fraudulent scheme along with “reliable indicia” that false claims were submitted. Ultimately, the court did not make any definitive statements as to which standard it preferred, as it seemingly deemed the Relators’ allegations insufficient regardless of the exact level of detail required in the pleading.

D. Second Circuit Holds that FCA’s Public Disclosure Bar Prohibits Suit Even Where Defendant Is Named by Implication

The FCA bars qui tam suits with allegations similar to information already in the public domain, in an effort to incentivize relators to alert the government to potential cases to which it has not already been alerted. A relator may overcome this public disclosure bar by establishing that she is the “original source” of the information notwithstanding its public nature. 31 U.S.C. § 3730(e)(4). The statute defines “original source” as “an individual who either (i) prior to a public disclosure . . . has voluntarily disclosed to the Government the information on which allegations or transactions in a claim are based, or (2) who has knowledge that is independent of and materially adds to the publicly disclosed allegations or transactions, and who has voluntarily provided the information to the Government before filing an action” under the statute. Id. at § 3730(e)(4)(B). The Second Circuit in Piacentile v. U.S. Oncology, Inc., No. 22-18, 2023 WL 2661579, at *3 (2d Cir. Mar. 28, 2023), denied Relators’ appeal under the original source doctrine. In Piacentile, Relators alleged that U.S. Oncology, Inc. was involved in a kickback scheme carried out by pharmaceutical companies that resulted in the submission of false Medicare and Medicaid reimbursement claims. The district court found that three previously filed lawsuits had disclosed the existence of the kickback scheme at issue, naming one of the pharmaceutical companies later sued in the Piacentile case and “describ[ing] U.S. Oncology’s involvement in the scheme by implication.” 2023 WL 2661579, at *2. Applying the public disclosure bar, the district court dismissed the case.

The Second Circuit affirmed, holding that the public disclosure bar applies “even if the prior disclosure does not identify a defendant by name,” so long as it “set[s] the government squarely on the trail of a specific and identifiable defendant’s participation in the fraud.” Id. “‘[O]nce the government knows the essential facts of a fraudulent scheme, it has enough information to discover related frauds.’” Id. (citations omitted). The Second Circuit held that the previously filed complaints met this standard: they “provided notice to the government of the essential elements of the kickback scheme such that it would have been able to discover that U.S. Oncology—which the relators repeatedly described throughout this litigation as ‘one of [the defendant pharmaceutical company’s] major customers,’… participated in it.” Id. (citations omitted).

E. Fifth Circuit Finds No Retaliation Without Employer Knowledge of Protected Activity

The FCA prohibits retaliation against individuals for actions taken “in furtherance of an action under [the FCA] or other efforts to stop 1 or more violations of [the FCA].” 31 U.S.C. § 3730(h)(1). Courts typically apply this standard by requiring a showing, as part of a plaintiff’s prima facie case, that her employer knew of her FCA‑protected activity and retaliated against her because of it. In April, the Fifth Circuit reaffirmed this standard, particularly the knowledge requirement. In United States ex rel. Toledo v. HCA Holdings, Inc., No. 21-20620, 2023 WL 2823899, (5th Cir. Apr. 7, 2023), the Fifth Circuit affirmed the district court’s grant of summary judgment to Bayshore, an inpatient rehabilitation facility in Texas, in an administrator’s suit alleging she was fired for making complaints about alleged fraudulent claims. The administrator had served as Bayshore’s prospective payment system coordinator, and was responsible for sending information about the facility’s rehabilitation patients to CMS. Bayshore terminated the administrator when her new supervisor discovered that she had made coding errors on Inpatient Rehabilitation Facility Patient Assessment Instruments (IRF-PAIs) submitted to CMS. Even after Bayshore required the administrator to undergo one-on-one training, provided access to webinar trainings, and sent her to a three-day certification and training course, her supervisor discovered that she had continued to enter non-compliant codes, and she was terminated. The next day, she called an internal ethics hotline, alleging that Bayshore was engaging in fraudulent practices and insisting she was wrongfully terminated. Id. at *2. An internal investigation found these claims were unsubstantiated. Id.

In examining the administrator’s retaliation claim, the Fifth Circuit panel determined that even if the administrator had engaged in protected activity, (1) the relevant decisionmakers were unaware of any protected conduct and (2) such conduct did not contribute to her termination. Id. at *3. Neither the administrator’s single email addressing the use of group therapy to meet CMS therapy minute requirements, nor her single question about using data from late discharge paperwork on CMS forms, alerted her supervisor to allegedly protected activity. Id. A third communication, in which the administrator claimed she found a few patients admitted without a physician admit order, could have constituted protected conduct sufficient to alert her supervisor, but she still had not shown that the conduct contributed to her termination. Id.

F. Seventh Circuits Interprets Agreement with Insurer About When FCA Settlement Payments Are Covered

The first half of 2023 has seen the Seventh Circuit address a significant but infrequently‑examined issue related to the aftermath of FCA cases—insurance coverage for FCA settlements. In Astellas US Holding, Inc. v. Federal Insurance Co., 66 F.4th 1055 (7th Cir. 2023), the Seventh Circuit determined that Illinois public policy did not forbid insurance coverage of a settlement between the federal government and a company being investigated for potential FCA liability. The government had investigated Astellas for contributions made to patient assistance programs which aided in covering the cost for patients of a drug used to treat metastatic prostate cancer. Id. at 1059–60. Astellas and the government eventually settled the potential claims for $100 million, $50 million of which was labeled in the settlement agreement as “restitution to the United States” for tax purposes. Id. at 1060. Astellas sought coverage of the settlement amount through its liability insurance carriers, including Federal. Federal denied coverage, pointing to a provision of the insurance agreement between the parties that indicated a claim could not be based on a loss “for matters which may be deemed uninsurable under the applicable law.” Id. at 1061. Under Illinois law, compensatory payments are insurable, but “insurance coverage for losses incurred from settlement payments that are restitutionary in character” are not. Id. at 1063 (internal quotation marks omitted). The parties filed cross-motions for summary judgment and the district court granted summary judgment for Astellas.

The Seventh Circuit affirmed. The Seventh Circuit acknowledged that the “settlement payment here could be deemed uninsurable restitution if Federal could show that the payment disgorged either something that belonged of right . . . to the federal government or profit that Astellas made from the alleged scheme.” Id. at 1064 (internal citation and quotation marks omitted; alterations incorporated). But the Seventh Circuit ultimately determined that the settlement payment was not “restitutionary.” The Seventh Circuit concluded that it was Federal’s burden to show that the settlement was restitutionary in nature, but that it did not do so. As the Court explained, the “fact that a party has been accused of (let alone just investigated for) violating the False Claims Act or the Anti-Kickback Statute falls well short of establishing that its payment to settle such an accusation or investigation is uninsurable.” Id. at 1069. The Court further explained that it did not believe that the settlement was restitutionary in nature here given that “no court has ever interpreted the False Claims Act as allowing restitutionary remedies.” Id. at 1076. This decision could prove significant for FCA defendants facing similar insurability rules in the jurisdictions governing their insurance policies, particularly as it has become increasingly common for FCA settlement agreements to explicitly categorize a portion of the settlement amount as restitution to the government.

IV. CONCLUSION

We will monitor these developments, along with other FCA legislative activity, settlements, and jurisprudence throughout the year and report back in our 2023 False Claims Act Year-End Update, which we will publish in January 2024.

_______________________

[1] These summaries cover the period from January 1, 2023 through July 11, 2023.

[2] See Press Release, U.S. Atty’s Office for the Dist. of Minn., Court Enters $487 Million Judgment Against Precision Lens and Owner Paul Ehlen for Paying Kickbacks to Doctors in Violation of the False Claims Act (May 15, 2023), https://www.justice.gov/usao-mn/pr/court-enters-487-million-judgment-against-precision-lens-and-owner-paul-ehlen-paying.

[3] See Press Release, U.S. Atty’s Office for the Northern Dist. of Ga., Conyers doctor pays $1,850,000 to resolve allegations that she performed and billed for medically unnecessary cataract surgeries and diagnostic tests (Jan. 9, 2023), https://www.justice.gov/usao-ndga/pr/conyers-doctor-pays-1850000-resolve-allegations-she-performed-and-billed-medically.

[4] See Press Release, U.S. Atty’s Office for the Northern Dist. of Miss., Mitias to Pay $1.87 Million to Settle False Claims Act Allegations of Medicare and Medicaid Overbilling (Jan. 12, 2023), https://www.justice.gov/usao-ndms/pr/mitias-pay-187-million-settle-false-claims-act-allegations-medicare-and-medicaid.

[5] See Press Release, U.S. Atty’s Office for the Dist. of S.C., Labcorp to Pay the United States $19 Million to Settle Allegations Under the False Claims Act (Feb. 7, 2023), https://www.justice.gov/usao-sc/pr/labcorp-pay-united-states-19-million-settle-allegations-under-false-claims-act.

[6] See Press Release, U.S. Atty’s Office for the Southern Dist. of Tex., Medical center pays over $21M to settle alleged false claims (Feb. 22, 2023), https://www.justice.gov/usao-sdtx/pr/medical-center-pays-over-21m-settle-alleged-false-claims.

[7] See Press Release, U.S. Atty’s Office for the Western Dist. of Pa., James L. Luketich, M.D., University of Pittsburgh Medical Center, and University of Pittsburgh Physicians Agree to Pay $8.5 Million and Implement Monitoring Actions to Resolve False Claims Allegations (Feb. 27, 2023), https://www.justice.gov/usao-wdpa/pr/james-l-luketich-md-university-pittsburgh-medical-center-and-university-pittsburgh.

[8] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Landlord and Former Operators of Upstate New York Nursing Home Pay $7,168,000 to Resolve False Claims Act Allegations of Worthless Services Provided to Residents (February 27, 2023), https://www.justice.gov/opa/pr/landlord-and-former-operators-upstate-new-york-nursing-home-pay-7168000-resolve-false-claims.

[9] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Ky., Medical Equipment Company Pays $7 Million to Resolve False Claims Act Allegations (Mar. 1, 2023), https://www.justice.gov/usao-edky/pr/medical-equipment-company-pays-7-million-resolve-false-claims-act-allegations.

[10] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Florida’s Lakeland Regional Medical Center Agrees to Pay $4 Million to Settle Common Law Allegations for Impermissible Medicaid Donations (Mar. 3, 2023). https://www.justice.gov/opa/pr/florida-s-lakeland-regional-medical-center-agrees-pay-4-million-settle-common-law-allegations.

[11] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Tex., Ophthalmology Practice Agrees to Pay Over $2.9 Million to Settle Kickback Allegations (Mar. 23, 2023), https://www.justice.gov/usao-edtx/pr/ophthalmology-practice-agrees-pay-over-29-million-settle-kickback-allegations.

[12] See Press Release, U.S. Atty’s Office for the Dist. of Md., Laboratory Corporation of America Agrees to Pay $2,100,000 to Settle False Claims Act Allegations Related to Overbillings on Department of Defense Contracts (Mar. 27, 2023), https://www.justice.gov/usao-md/pr/laboratory-corporation-america-agrees-pay-2100000-settle-false-claims-act-allegations.

[13] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Mich., Covenant Healthcare System and Physicians Pay Over $69 Million to Resolve False Claims Act Allegations Related to Improper Financial Relationships (Mar. 29, 2023), https://www.justice.gov/usao-edmi/pr/covenant-healthcare-system-and-physicians-pay-over-69-million-resolve-false-claims-act.

[14] See Press Release, U.S. Atty’s Office for the Western Dist. of Va., 1st Adult & Pediatrics Healthcare to Pay $3 Million to Settle False Claims Act Allegations (April 19, 2023), https://www.justice.gov/usao-wdva/pr/1st-adult-pediatrics-healthcare-pay-3-million-settle-false-claims-act-allegations.

[15] See Press Release, U.S. Atty’s Office for the Dist. of R.I., Former Owner of RI Ophthalmology Chain to Pay $1.1M in Settlement of False Claims Inquiry by the United States (Apr. 20, 2023), https://www.justice.gov/usao-ri/pr/former-owner-ri-ophthalmology-chain-pay-11m-settlement-false-claims-inquiry-united-states.

[16] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Pa., Plymouth Meeting, Pa Company to Pay $5.3 Million to Resolve False Claims Act Allegations Related to False Billing For Respiratory Devices (Apr. 21, 2023), https://www.justice.gov/usao-edpa/pr/plymouth-meeting-pa-company-pay-53-million-resolve-false-claims-act-allegations.

[17] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Ky., Drug Testing Companies Agree to Collectively Pay $1.7 Million to Resolve False Claims Act Allegations (May 9, 2023), https://www.justice.gov/usao-edky/pr/drug-testing-companies-agree-collectively-pay-17-million-resolve-false-claims-act.

[18] See Press Release, U.S. Atty’s Office for the Dist. of Mass., Massachusetts Eye and Ear Agrees to Pay Over $5.7 Million to Resolve False Claims Act Allegations, (May 24, 2023), https://www.justice.gov/usao-ma/pr/massachusetts-eye-and-ear-agrees-pay-over-57-million-resolve-false-claims-act.

[19] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Pa., Primary Care Physicians to Pay $1.5 Million to Resolve False Claims Act Liability for Submitting Unsupported Diagnoses to the Medicare Advantage Program (May 25, 2023), https://www.justice.gov/usao-edpa/pr/primary-care-physicians-pay-15-million-resolve-false-claims-act-liability-submitting.

[20] See Press Release, Office of Public Affairs, U.S. Dep’t of Justice, Michigan Vascular Surgeon Sentenced to 80 Months in Prison for Health Care Fraud Conviction and Agrees to Pay UP to $43.419 Million to Resolve False Claims Act Allegations (May 25, 2023), https://www.justice.gov/opa/pr/michigan-vascular-surgeon-sentenced-80-months-prison-health-care-fraud-conviction-and-agrees.

[21] See Press Release, Office of Public Affairs, U.S. Dep’t of Justice, Detroit Medical Center, Vanguard Health Systems, and Tenet Healthcare Corporation Agree to Pay Over $29 Million to Settle False Claims Act Allegations (May 31, 2023), https://www.justice.gov/opa/pr/detroit-medical-center-vanguard-health-systems-and-tenet-healthcare-corporation-agree-pay.

[22] See Press Release, U.S. Atty’s Office for the Dist. of S.C., St. Francis to Pay the United States $36.5 Million to Settle Allegations Under the False Claims Act (June 15, 2023), https://www.justice.gov/usao-sc/pr/st-francis-pay-united-states-365-million-settle-allegations-under-false-claims-act.

[23] See Press Release, Office of Public Affairs, U.S. Dep’t of Justice, Two Jacksonville Compounding Pharmacies and Their Owner Agree to Pay at Least $7.4 Million to Resolve False Claims Act Allegations (June 15, 2023), https://www.justice.gov/opa/pr/two-jacksonville-compounding-pharmacies-and-their-owner-agree-pay-least-74-million-resolve.

[24] See Press Release, U.S. Atty’s Office for the Dist. of Md., Health Care Information Technology Contractor Agrees to Pay More Than $1.7 Million to Resolve False Claims Act Allegations for Charging Unallowable Costs to the National Institutes of Health (June 16, 2023), https://www.justice.gov/usao-md/pr/health-care-information-technology-contractor-agrees-pay-more-17-million-resolve-false.

[25] See Press Release, Office of Public Affairs, U.S. Dep’t of Justice, Lab Billing Company Settles False Claims Act Allegations Relating to Unnecessary Respiratory Panels Run on Seniors Receiving COVID-19 Tests (June 16, 2023), https://www.justice.gov/opa/pr/lab-billing-company-settles-false-claims-act-allegations-relating-unnecessary-respiratory.

[26] See Press Release, U.S. Atty’s Office for the N.D. of Ga., Georgia Urgent Care Chain Agrees to Pay $1,600,000 to Resolve False Claims Act Allegations (June 20, 2023), https://www.justice.gov/usao-ndga/pr/georgia-urgent-care-chain-agrees-pay-1600000-resolve-false-claim-act-allegations.

[27] See Press Release, Office of Public Affairs, U.S. Dep’t of Justice, California Skilled Nursing Facility and Management Company Agree to Pay $3.825 Million to Settle Allegations of Kickbacks to Referring Physicians (June 21, 2023), https://www.justice.gov/opa/pr/california-skilled-nursing-facility-and-management-company-agree-pay-3825-million-settle.

[28] See Press Release, Office of Public Affairs, U.S. Dep’t of Justice, California County Organized Health System and Three Health Care Providers Agree to Pay $68 Million for Alleged False Claims to California’s Medicaid Program (June 29, 2023), https://www.justice.gov/opa/pr/california-county-organized-health-system-and-three-health-care-providers-agree-pay-68

[29] See Press Release, U.S. Atty’s Office for the Northern Dist. of Tex., 3D Printing Company to Pay Up to $4.54 Million to Settle False Claims Act Allegations for Export Violations in Connection with NASA and DOD Contracts (Feb. 27, 2023), https://www.justice.gov/usao-ndtx/pr/3d-printing-company-pay-454-million-settle-false-claims-act-allegations-export#:~:text=A%203D%20printing%20company%20has,certain%20NASA%20and%20DOD%20contracts%2C.

[30] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Pa., Sherwin-Williams to Pay $1 Million to Resolve Alleged False Claims Act Violations Arising from Bridge Painting Project (Mar. 2, 2023), https://www.justice.gov/usao-edpa/pr/sherwin-williams-pay-1-million-resolve-alleged-false-claims-act-violations-arising.

[31] See Press Release, Office of Public Affairs, U.S. Dep’t of Justice, L3 Technologies Settles False Claims Act Allegations Relating to Double-Charging for Certain Material Costs (Apr. 24, 2023), https://www.justice.gov/opa/pr/l3-technologies-settles-false-claims-act-allegations-relating-double-charging-certain-0.

[32] See Press Release, U.S. Atty’s Office for the Western Dist. of N.C., Red Ventures, LLC And MYMOVE, LLC Agree To Pay $2.75 Million To Resolve False Claims Act Allegations Arising From Agreements With The U.S. Postal Service (May 30, 2023), https://www.justice.gov/usao-wdnc/pr/red-ventures-llc-and-mymove-llc-agree-pay-275-million-resolve-false-claims-act.

[33] See Press Release, U.S. Atty’s Office for the Dist. of R.I., Former 6/10 Construction Project Supervisor Sentenced for Making False Statements (June 20, 2023), https://www.justice.gov/usao-ri/pr/former-610-construction-project-supervisor-sentenced-making-false-statements.

[34] Press Release, Office of Public Affairs, U.S. Dep’t of Justice, Florida Contractors and Owner to Pay More than $7.7 Million to Resolve False Claims Act Allegations Relating to Procurement of Small Business Contracts (June 29, 2023), https://www.justice.gov/opa/pr/florida-contractors-and-owner-pay-more-77-million-resolve-false-claims-act-allegations.

[35] See Press Release, U.S. Atty’s Office for the Eastern D. of VA, Government Contractor Settles False Claims Act Allegations Based on Violations of the Trade Agreements Act (June 20, 2023), https://www.justice.gov/usao-edva/pr/government-contractor-settles-false-claims-act-allegations-based-violations-trade

[36] See Press Release, U.S. Atty’s Office for the Dist. of S.C., Larsen & Toubro Technology Services Pays $9,928,000 To Resolve False Claims Act Allegations (Apr. 10, 2023), https://www.justice.gov/usao-sc/pr/larsen-toubro-technology-services-pays-9928000-resolve-false-claims-act-allegations.

[37] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, GCI Communications Corp. to Pay More than $40 Million to Resolve False Claims Act Allegations Related to FCC’s Rural Health Care Program (May 11, 2023), https://www.justice.gov/opa/pr/gci-communications-corp-pay-more-40-million-resolve-false-claims-act-allegations-related-fcc.

[38] See Press Release, U.S. Atty’s Office, Dist. of N.J., South Korean Clothing Manufacturer Admits Evading U.S. Customs Duties and Enters Civil Settlement Agreement (June 12, 2023), https://www.justice.gov/usao-nj/pr/south-korean-clothing-manufacturer-admits-evading-us-customs-duties-and-enters-civil.

[39] See Press Release, U.S. Atty’s Office, Dist. of Mass., Think Tank Agrees to Pay More than $500,000 to Resolve Allegations That It Falsely Certified Its Eligibility to Receive PPP Loan (Jun. 27, 2023), https://www.justice.gov/usao-ma/pr/think-tank-agrees-pay-more-500000-resolve-allegations-it-falsely-certified-its.

[40] See Press Release, U.S. Atty’s Office, Northern Dist. of NY, Movement Mortgage to Pay $23.7 Million to Resolve Allegations it Caused the Submission of False Claims to Government Mortgage Programs (June 29, 2023), https://www.justice.gov/usao-ndny/pr/movement-mortgage-pay-237-million-resolve-allegations-it-caused-submission-false

[41] See generally 31 U.S.C. §§ 3801 et seq.

[42] News Release, Bipartisan Fraud Fighting Bill Unanimously Passes Senate, Chuck Grassley (Apr. 3, 2023), https://www.grassley.senate.gov/news/news-releases/bipartisan-fraud-fighting-bill-unanimously-passes-senate#:~:text=The%20Administrative%20False%20Claims%20Act%20(AFCA)%2C%20S.659,fraud%20committed%20against%20the%20government.

[43] Id.

[44] Va. Code Ann. §§ 8.01-216.3(D).

[45] District of Columbia v. Saylor, et al., No. 2021 CA 001319 (D.C. Super. Ct., Feb. 28, 2023) (order granting in part defendants’ motion to dismiss).

[46] Senate Bill S4009‑C, N.Y. St. Senate, https://www.nysenate.gov/legislation/bills/2023/S4009/amendment/C (last visited July 12, 2023).

[47] N.Y. State Fin. Law § 189(4)(a); S.B. 4009-C, 2023 Sess. (N.Y. 2023).

[48] Senate Bill S4730 Current Status, N.Y. St. Senate, https://www.nysenate.gov/legislation/bills/2021/S4730 (last visited July 12, 2023).

[49] Governor’s Veto Message No. 83 (N.Y. 2021).

[50] S.B. 8815, 2022 S. Sess. (N.Y. 2022); Governor’s Veto Message No. 199 (N.Y. 2023).

[51] N.Y. State Fin. Law § 189(4)(b).

[52] Id. § 189(4)(a)-(b).

[53] See, e.g., See, e.g., S.4009-B, Part KK/A.3009-B, Part KK, Bus. Council, https://www.bcnys.org/memo/s4009-b-part-kka3009-b-part-kk (Apr. 3, 2023).

[54] H.B. 533, 135th Gen. Assemb., § 2747.02(1) (Ohio 2022).

[55] House Bill 533 Status, Ohio Legislature, https://www.legislature.ohio.gov/legislation/134/hb533/status (last visited July 12, 2023).

[56] H.B. 6826, 2023 Gen. Assemb. (Conn. 2023).

[57] S.B. 426, 2022 Gen. Assemb. (Conn. 2022).

[58] State False Claims Act Reviews, HHS-OIG, https://oig.hhs.gov/fraud/state-false-claims-act-reviews/ (last visited July 12, 2023) (FCA Reviews); 42 U.S.C. § 1396h(a).

The following Gibson Dunn lawyers assisted in the preparation of this alert: Jonathan Phillips, Winston Chan, John Partridge, James Zelenay, Michael Dziuban, Chelsea Knudson, Blair Watler, John Turquet Bravard, Ben Gibson, Wynne Leahy, José Madrid, Adrienne Tarver, Chumma Tum, and Francesca Broggini.

Gibson Dunn lawyers regularly counsel clients on the False Claims Act issues. Please feel free to contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following members of the firm’s False Claims Act/Qui Tam Defense Group:

Washington, D.C.
Jonathan M. Phillips – Co-Chair (+1 202-887-3546, jphillips@gibsondunn.com)
F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com)
Joseph D. West (+1 202-955-8658, jwest@gibsondunn.com)
Geoffrey M. Sigler (+1 202-887-3752, gsigler@gibsondunn.com)
Lindsay M. Paulin (+1 202-887-3701, lpaulin@gibsondunn.com)
Gustav W. Eyler (+1 202-955-8610, geyler@gibsondunn.com)

San Francisco
Winston Y. Chan – Co-Chair (+1 415-393-8362, wchan@gibsondunn.com)
Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com)

New York
Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com)
Mylan Denerstein (+1 212-351-3850, mdenerstein@gibsondunn.com)
Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com)
Brendan Stewart (+1 212-351-6393, bstewart@gibsondunn.com)

Denver
John D.W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com)
Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com)
Monica K. Loseman (+1 303-298-5784, mloseman@gibsondunn.com)
Ryan T. Bergsieker (+1 303-298-5774, rbergsieker@gibsondunn.com)

Dallas
Andrew LeGrand (+1 214-698-3405, alegrand@gibsondunn.com)

Los Angeles
Nicola T. Hanna (+1 213-229-7269, nhanna@gibsondunn.com)
Jeremy S. Smith (+1 213-229-7973, jssmith@gibsondunn.com)
Deborah L. Stein (+1 213-229-7164, dstein@gibsondunn.com)
James L. Zelenay Jr. (+1 213-229-7449, jzelenay@gibsondunn.com)

Palo Alto
Benjamin Wagner (+1 650-849-5395, bwagner@gibsondunn.com)

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Decided July 31, 2023

Boermeester v. Carry, S263180

Yesterday, the California Supreme Court held that private universities do not need to provide students accused of misconduct with the right to cross examine accusers and other witnesses at live hearings during administrative disciplinary proceedings.

Background: The University of Southern California expelled student Matthew Boermeester after determining he violated USC’s policy against intimate partner violence. Boermeester filed a petition for writ of administrative mandate under Code of Civil Procedure 1094.5(b), alleging that he was deprived a “fair trial.” Specifically, he claimed that his common-law right to a fair procedure was violated when he was denied the right to attend a live hearing at which he or his attorney could directly cross examine his accuser and third-party witnesses.

The trial court disagreed with Boermeester and denied the petition. A divided Court of Appeal reversed, concluding that USC provided unfair procedures because USC did not provide Boermeester with the opportunity to cross examine critical witnesses at an in-person hearing.

Issue: The common-law right to fair procedure requires fair notice of the charges and a meaningful opportunity to be heard. Must private organizations provide in-person hearings with the right to cross examination in order to comply with the common-law right to a fair procedure?

Court’s Holding:

No. Private organizations are not required to provide accused individuals with the opportunity to directly or indirectly cross examine the accuser and other witnesses at a live hearing.

“[T]here is no absolute right to a live hearing with cross-examination in administrative proceedings, even where constitutional due process applies.”

Justice Groban, writing for the Court

Gibson Dunn submitted an amicus brief on behalf of the California Women’s Law Center and Equal Rights Advocates in support of respondent: University of Southern California

What It Means:

Although this case arose in the context of private university disciplinary proceedings, the Court’s reasoning appears to extend to administrative proceedings in other private organizations.
The opinion distinguishes between the procedures afforded to individuals in criminal trials versus private administrative hearings. Even “where constitutional due process applies,” “there is no absolute right to a live hearing with cross-examination” in private “administrative proceedings.”
Instead, private universities “must balance competing interests, including the accused student’s interests in a fair procedure and completing a postsecondary education, the accuser’s interest in not being retraumatized by the disciplinary process, and the private university’s interests in maintaining a safe campus and encouraging victims to report instances of sexual misconduct or intimate partner violence without having to divert too many resources from its main purpose of education.”
The Court recognized that there are “practical limitations” on the ability of private organizations to “function as courts” because they, for example, lack subpoena power, rely on voluntary participation of witnesses, and such administrative hearings “divert both resources and attention from” the organization’s main calling.
The Court expressly declined to consider under what circumstances an individual must be permitted to submit questions for an adjudicator to ask any accuser or third-party witnesses outside the presence of the individual under investigation.

The Court’s opinion is available here.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the California Supreme Court. Please feel free to contact the following practice leaders:

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 tdupree@gibsondunn.com	Allyson N. Ho +1 214.698.3233 aho@gibsondunn.com	Julian W. Poon +1 213.229.7758 jpoon@gibsondunn.com
Blaine H. Evanson +1 949.451.3805 bevanson@gibsondunn.com	Bradley J. Hamburger +1 213.229.7658 bhamburger@gibsondunn.com	Michael J. Holecek +1 213.229.7018 mholecek@gibsondunn.com

Related Practice: Litigation

Theodore J. Boutrous, Jr.
+1 213.229.7804
tboutrous@gibsondunn.com

Theane Evangelis
+1 213.229.7726
tevangelis@gibsondunn.com

On July 28, 2023, a new EU regulation regarding the cross-border access to electronic evidence in criminal proceedings was announced in the Official Journal of the European Union (the “Regulation”).[1] The Regulation, which will apply as of August 18, 2026, contains rules under which an authority of a EU Member State may issue a European Production Order or a European Preservation Order to request a service provider in another Member State to produce or to preserve electronic evidence regardless of the location of the data.[2] Failing to comply with such orders may involve severe sanctions for such service providers.

The Regulation is a considerable step forward for cross-border government investigations in the European Union. Currently, to obtain electronic evidence, EU Member State authorities must rely either on lengthy judicial cooperation procedures with the risk that data are moved or deleted or on the voluntary cooperation of service providers, a process which, according to the EU Commission, lacks reliability, transparency, accountability, and legal certainty.[3]

1. European Production Orders

Pursuant to the Regulation, a judicial authority of a Member State will be entitled to issue a European Production Order to request electronic evidence directly from a service provider located in another Member State. In the case of requesting traffic data[4] or content data,[5] a judge, a court or an investigating judge will be a proper issuing authority. If a Member State wanted to obtain subscriber data[6] or data for the sole purpose of identifying the user, a public prosecutor would also be entitled to issue a European Production Order. The Member States may define further competent issuing authorities, but in these case the Regulation requires a validation process.[7]

A European Production Order for obtaining traffic data or content data may be issued if these data are necessary and proportionate to the purpose of criminal proceedings relating to offenses punishable in the issuing State by a custodial sentence of a maximum of at least three years or to specific offenses[8] referenced in the Regulation. Further, a European Production Order requires that a similar order could have been issued under the same conditions in a domestic case. These data may also be requested for the execution of a custodial sentence or a detention order of at least four months, following criminal proceedings and imposed by a decision that was not rendered in absentia in cases where the person convicted absconded from justice.[9]

In the case of subscriber data or of data requested for the sole purpose of identifying the user, the same conditions apply, but in these cases European Production Orders may be issued for all offenses subject to a criminal investigation.[10]

A European Production Order will be addressed directly to the service provider,[11] but in certain cases of requesting traffic or content data the issuing authority must notify an enforcing authority based in the Member State where the service provider resides.[12] The enforcing authority will assess the case as soon as possible, but no later than ten days following the receipt of the notification, and decide whether it wants to invoke a ground for refusal, such as the protection of fundamental rights or of immunities and privileges.[13]

Upon receipt of a European Production Order, a service provider must expeditiously preserve the requested data and transmit them at the latest within ten days directly to the issuing authority or to the law enforcement authority designated on the order.[14]In cases of emergency, the service provider must transmit the data without undue delay and at the latest within eight hours following the receipt of the order.[15]

2. European Preservation Orders

By way of a European Preservation Order, a judge, a court, an investigating judge, a public prosecutor or – upon validation – another designated authority may order that a service provider located in another Member State preserve electronic evidence for the purposes of a subsequent request for production.[16]

Such an order may be issued for all criminal offenses if necessary for and proportionate to the purpose of preventing the removal, deletion or alteration of data with a view to issuing a subsequent request for production of those data and if it could have been issued under the same conditions in a similar domestic case. These orders may also serve for the execution of a custodial sentence or a detention order of at least four months, following criminal proceedings, imposed by a decision that was not rendered in absentia, in cases where the person convicted absconded from justice.[17]

In the case of a European Preservation Order, the service provider must preserve the requested data without undue delay. The obligation to preserve the data will cease after 60 days, unless the issuing authority confirms that a subsequent request for production has been issued. During that 60-day period, the issuing authority may extend the duration of the obligation to preserve the data by an additional 30-day period if necessary to allow for the issuing of a subsequent request for production.[18]

3. Notion of a Service Provider Offering Services in the Union

The Regulation applies to service providers which offer services in the European Union.[19] The Regulation defines a “service provider” as any natural or legal person that provides one or more of the following categories of services:

Electronic communications services;[20]
Internet domain name and IP numbering services, such as IP address assignment, domain name registry, domain name registrar and domain name-related privacy and proxy services;
Other information society services[21] that enable their users to communicate with each other; or make it possible to store or otherwise process data on behalf of the users to whom the service is rendered, provided that the storage of data is a defining component of the service provided to the user.[22]

Financial services such as such as banking, credit, insurance and re-insurance, occupational or personal pensions, securities, investment funds, payment and investment advice are not covered by the Regulation.[23]

A service provider in that sense offers services within the European Union if it enables natural or legal persons in a Member State to use the services listed above and if it has a substantial connection, based on specific factual criteria, to that Member State.[24] Such a substantial connection is considered to exist where the service provider has an establishment in a Member State, where there is a significant number of users in one or more Member States or where the service provider targets its activities towards one or more Member States.[25]

Pursuant to a EU Directive announced on the same day as the Regulation in the Official Journal of the European Union (the “Directive”), Member States will have to ensure that all service providers offering services in the European Union designate a legal representative or a designated establishment to receive, comply with, and enforce requests to gather electronic evidence.[26]

4. Sanctions, Enforcement, Conflict of Laws

The Regulation sets forth that Member States must enact rules on pecuniary penalties for infringements of the execution of European Production Orders or European Preservation Orders. These pecuniary penalties must be effective, proportionate and dissuasive. In that respect, Member States must ensure that pecuniary penalties of up to 2% of the total worldwide annual turnover of the service provider’s preceding financial year can be imposed.[27] Pursuant to the Directive, Member States will have to ensure that that both the designated establishment or the legal representative and the service provider can be held jointly and severally liable for non-compliance so that each of them may be subject to penalties.[28]

Apart from pecuniary penalties, the Regulation contains detailed rules on the enforcement by the enforcing state.[29] However, a service provider must inform the issuing authority and the enforcing authority if it considered that the execution of a European Production Order or of a European Preservation Order could interfere with immunities or privileges, or with rules on the determination or limitation of criminal liability that relate to freedom of the press or freedom of expression in other media, under the law of the enforcing State. In such cases, the issuing authority decides whether to withdraw, adapt or maintain the respective order. In addition, in the case of a European Production Order, the enforcing authority may raise a ground for refusal.[30]

A special review procedure applies, if a service provider invoked that complying with a European Production Order would conflict with an obligation under the law of a third country. Then, the service provider would have to file a “reasoned objection” within ten days after receipt of the European Production Order. If the issuing authority decided to uphold the order, a competent court of the issuing state would have to review the case. Importantly, if this court found that the law of the third country prohibits disclosure of the data concerned, the court would not automatically lift the European Production Order but rather balance relevant factors (some of which are set out in more detail in the Regulation[31]) to decide whether to uphold or lift the order.

______________________

[1] Eur-Lex, Regulation (EU) 2023/1543 of the European Parliament and of the Council of 12 July 2023 on European Production Orders and European Preservation Orders for electronic evidence in criminal proceedings and for the execution of custodial sentences following criminal proceedings, available under https://eur-lex.europa.eu/eli/reg/2023/1543/oj (last visited [July 31, 2023]).

[2] Article 1(1) of the Regulation.

[3] EU Commission, press release of November 29, 2022, https://ec.europa.eu/commission/presscorner/detail/es/ip_22_7246 (last visited [July 31, 2023]).

[4] Article 3 no. 11 of the Regulation.

[5] Article 3 no. 12 of the Regulation.

[6] Article 3 no. 9 of the Regulation.

[7] Article 4(1) and (2) of the Regulation.

[8] Article 5(4) of the Regulation.

[9] Article 5(2) and (4) of the Regulation.

[10] Article 5(2) and (3) of the Regulation.

[11] Article 7 of the Regulation.

[12] Article 3 no. 16, 17 and Article 8 of the Regulation. No notification is necessary where the offense has been committed, is being committed or is likely to be committed in the issuing State and the person whose data are requested resides in the issuing State.

[13] Article 12 of the Regulation.

[14] Article 10 of the Regulation.

[15] Article 10(4) of the Regulation.

[16] Article 5(3) of the Regulation.

[17] Article 6(2) and (3) of the Regulation.

[18] Article 11(1) of the Regulation.

[19] Article 2(1) of the Regulation.

[20] Article 2 no. 4 of Directive (EU) 2018/1972 establishing the European Electronic Communications Code.

[21] As referred to in Article 1(1) (b) of Directive (EU) 2015/1535 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services.

[22] Article 3 no. 3 of the Regulation.

[23] Article 3 no. 3 of the Regulation, see also Article 2(2) lit. b of the Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market.

[24] Article 3 no. 4 of the Regulation.

[25] Article 3 no. 4 of the Regulation.

[26] Eur-Lex, Directive (EU) 2023/1544 of the European Parliament and of the Council of 12 July 2023 laying down harmonised rules on the designation of designated establishments and the appointment of legal representatives for the purpose of gathering electronic evidence in criminal proceedings, available under https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32006L0123 (last visited [July 31, 2023]).

[27] Article 15 of the Regulation.

[28] Article 3(5) of the Directive.

[29] Article 16 of the Regulation.

[30] Articles 10(5) and 11(4) of the Regulation.

[31] According to Article 17(6) of the Regulation, the assessment shall in particular be based on the following factors, while giving particular weight to the factors referred to in points (a) and (b): (a) the interest protected by the relevant law of the third country, including fundamental rights as well as other fundamental interests preventing disclosure of the data, in particular national security interests of the third country; (b) the degree of connection between the criminal case for which the European Production Order was issued and either of the two jurisdictions, as indicated inter alia by: (i) the location, nationality and place of residence of the person whose data are being requested or of the victim or victims of the criminal offense in question; (ii) the place where the criminal offense in question was committed; (c) the degree of connection between the service provider and the third country in question; in this context, the data storage location alone shall not suffice for the purpose of establishing a substantial degree of connection; (d) the interests of the investigating State in obtaining the evidence concerned, based on the seriousness of the offence and the importance of obtaining evidence in an expeditious manner; (e) the possible consequences for the addressee or for the service provider of complying with the European Production Order, including the potential penalties.

The following Gibson Dunn attorneys assisted in preparing this update: Andreas Dürr, Kai Gesing, Katharina Humphrey, and Benno Schwarz.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following members of Gibson Dunn’s White Collar Defense and Investigations or Anti-Corruption and FCPA practice groups in Germany:

Corporate Compliance / White Collar Matters
Andreas Dürr (+49 89 189 33 219, aduerr@gibsondunn.com)
Ferdinand Fromholzer (+49 89 189 33 270, ffromholzer@gibsondunn.com)
Kai Gesing (+49 89 189 33 285, kgesing@gibsondunn.com)
Katharina Humphrey (+49 89 189 33 217, khumphrey@gibsondunn.com)
Markus Nauheim (+49 89 189 33 222, mnauheim@gibsondunn.com)
Markus Rieder (+49 89 189 33 260, mrieder@gibsondunn.com)
Benno Schwarz (+49 89 189 33 210, bschwarz@gibsondunn.com)
Finn Zeidler (+49 69 247 411 530, fzeidler@gibsondunn.com)
Mark Zimmer (+49 89 189 33 230, mzimmer@gibsondunn.com)

On July 26, 2023, the Securities and Exchange Commission (“SEC” or “Commission”), in a 3-to-2 vote, adopted a final rule requiring the disclosure of material cybersecurity incidents and cybersecurity risk management, strategy, and governance by public companies, including foreign private issuers. The Commission’s rule proposal, issued in March 2022,[1] was the subject of much commentary and criticism. In response, the Commission made important changes to the required disclosures regarding cybersecurity risk management, strategy, and governance, but the final rule will significantly change the status quo and will impose a substantial burden and introduce complexity to incident response for all public companies.

In summary, the final rule requires: (i) Form 8-K disclosure of material cybersecurity incidents within four (4) business days of the company’s determination that the cybersecurity incident is material; (ii) new annual disclosures in Form 10-K regarding the company’s cybersecurity risk management and strategy, including with respect to the company’s processes for managing cybersecurity threats and whether risks from cybersecurity threats have materially affected the company; and (iii) new annual disclosures in Form 10-K regarding the company’s cybersecurity governance, including with respect to oversight by the board and management. The annual disclosures are also required in foreign private issuers’ annual reports on Form 20-F, and material cybersecurity incident disclosure will be covered by Form 6-K.

The adopting release is available here, a Fact Sheet from the SEC is available here, and a two page summary prepared by Gibson Dunn is available here. The final rule will become effective 30 days after publication in the Federal Register.

Most public companies will be required to comply with the Form 8-K incident disclosure requirements beginning on the later of December 18, 2023 and 90 days after the final rule is published in the Federal Register.
Smaller reporting companies are eligible for an extension for complying with the Form 8-K incident disclosure requirements and have until the later of June 15, 2024 and 270 days after the date the final rule is published in the Federal Register.
All public companies will be required to comply with the new annual disclosure requirements beginning with the annual report on Form 10-K or 20-F for the fiscal year ending on or after December 15, 2023.

Set forth below is a summary of the final rule and some considerations for public companies.

I. Disclosure of Material Cybersecurity Incidents

Timing of Disclosure. The final rule adds new Item 1.05 to Form 8-K, which requires companies to determine whether a cybersecurity incident[2] is material “without unreasonable delay after discovery of the incident.” If a company determines that a cybersecurity incident is material, it is required to disclose the incident within four (4) business days of such determination.

Consistent with the SEC’s rule proposal, the final rule uses the date of the materiality determination as the trigger for when the four (4) business day time period begins to run, rather than the date of discovery of the incident—an important distinction.

The timeline for the materiality determination – which must be made “without unreasonable delay” – reflects a change from the rule proposal, which required the determination to be made “as soon as reasonably practicable” after discovery of an incident.[3] Commenters noted that the proposed standard could pressure companies to draw conclusions about incidents with insufficient information. While the SEC revised the timeline in the final rule, the adopting release notes that there may be instances where a company does not have complete information about the incident but knows enough to determine that the incident was material, such as when incidents impact key systems and information or involve unauthorized access to or exfiltration of large quantities of particularly important data. The adopting release states that, in such instances, the materiality determination should not be delayed.[4] Examples of unreasonable delay provided by the adopting release include deferring committee meetings for the responsible committee past the normal time it takes to convene its members or revising existing incident response policies and procedures to support a delayed materiality determination of an ongoing cybersecurity event.[5]

Scope of Disclosure and Materiality Determination. When disclosing the material cybersecurity incident, companies must disclose the material aspects of the nature, scope, and timing of the incident, and the material impact or “reasonably likely” material impact on the company, including on its financial condition and results of operations. If a company determines a cybersecurity incident is material, but the information that is required to be disclosed has not been determined or is unavailable at the time of the required filing, companies must later update the disclosure through a Form 8-K amendment. In contrast to the SEC’s rule proposal, which would have provided for updates to appear in subsequent quarterly reports on Form 10-Q, companies must disclose this information within four (4) business days after the company, without unreasonable delay, determines such information or after such information “becomes available.”

In the adopting release, the Commission indicated that companies should consider qualitative factors in assessing the material impact of an incident, and indicated that harm to a company’s reputation, customer or vendor relationships, or competitiveness, and the possibility of litigation or regulatory investigations or actions, were all examples of potential material impacts on a company.[6]

The final rule’s focus on the material aspects of the incident and material impacts on the company represents a narrowing in the scope of required incident disclosure, in comparison to the rule proposal, although compliance will likely present a significant burden to companies actively working to respond to a cybersecurity incident. The SEC’s rule proposal would have required disclosure of the specific details of the incident, such as remediation status, whether the incident was ongoing, and whether data were compromised, regardless of materiality. The final rule provides companies with slightly more flexibility, as the instructions to Item 1.05 note that companies “need not disclose specific or technical information” about incident response, systems, networks, or potential vulnerabilities “in such detail as would impede” response or remediation of the incident. However, commentary in the adopting release suggests that the SEC may nonetheless expect companies to disclose sensitive information where it is a significant factor in the determination that a cybersecurity incident is material.[7]

In the adopting release, the Commission took the view that this change in scope alleviates some of the concerns commenters raised about the difficulty of the four (4) business day reporting deadline. The Commission argued that the materiality analysis for most companies will include consideration of the financial impact, so the company will have already developed information about the impact on the company’s financial condition and results of operations when Item 1.05 is triggered by the materiality determination.[8] In rejecting a longer deadline suggested by commenters, the SEC asserted that “in the majority of cases registrants will have had additional time leading up to the materiality determination, such that disclosure becoming due less than a week after discovery should be uncommon.”[9]

Exceptions Permitting Reporting Delays. The Commission introduced two narrow exceptions that allow for a delay in reporting a material cybersecurity incident on Form 8-K. The only generally applicable exception permitting a delay in reporting applies only if the U.S. Attorney General notifies the SEC in writing that the disclosure poses a substantial risk to national security or public safety. Outside of extraordinary circumstances or an exemptive order issued by the SEC, the maximum delay permitted under this exception will be 60 days.[10]

The second exception is also extraordinarily limited, and applies only to companies subject to the Federal Communications Commission’s (“FCC’s”) notification rule for breaches of customer proprietary network information (“CPNI”). The FCC’s rule requires covered entities to notify the United States Secret Service (“USSS”) and Federal Bureau of Investigation (“FBI”) no later than seven (7) business days after reasonable determination of a CPNI breach and to refrain from disclosing the breach until seven (7) days have passed following notification to the USSS and FBI.[11] The SEC notes that the FCC has proposed amending the CPNI rule to remove this seven (7) business day waiting period, and suggests that this conflict may be eliminated if the FCC’s proposed rule is adopted.[12] The SEC’s final rule permits companies subject to the notification requirements to delay making the Item 1.05 disclosure up to seven (7) business days following notification to the USSS and FBI, with written notification to the SEC. This exception is being provided as, according to the SEC, this was the only Federal law or regulation that conflicted with Item 1.05.[13]

Additionally, as noted by Commissioner Uyeda during the meeting adopting the final rule, while not an exception built into Item 1.05, the adopting release gives deference to Rule 0-6 under the Securities Exchange Act of 1934 (the “Exchange Act”). Rule 0-6 provides for the omission of information that has been classified by an appropriate department or agency of the Federal government for the protection of the interest of national defense or foreign policy. The adopting release provides that if any information that a registrant would otherwise disclose under Item 1.05 (or pursuant to Item 106 of Regulation S-K, as discussed below) is classified, companies should comply with Rule 0-6, meaning that such information should not be disclosed.[14]

Broad Definition of “Cybersecurity Incident.” The final rule broadly defines a cybersecurity incident as “an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.”[15] The final rule also broadly defines “information system” to mean electronic systems “owned or used by” a company, which covers information resources owned by third parties.[16] The SEC’s adopting release reaffirmed the SEC’s view that an accidental incident is an “unauthorized incident” within the scope of the rule.[17] The SEC acknowledged that the use of the term “jeopardizes” requires a forward-looking assessment of whether the effect of an incident is or is reasonably likely to be material.

The final rule adds the concept of “a series of related unauthorized occurrences”[18] to the definition of “cybersecurity incident,” a situation it had proposed to address through a quarterly Form 10-Q reporting requirement. The change means that companies materially affected by a series of related intrusions will still be required to comply with Item 1.05, even when the material impact attributable to each individual intrusion is immaterial by itself. The SEC provided two examples of such a series that would necessitate disclosure under Item 1.05:[19]

The same malicious actor engages in a number of smaller but continuous cyberattacks related in time and form against the same company and collectively, they are either quantitatively or qualitatively material; and
A series of related attacks from multiple actors exploit the same vulnerability and collectively impede the company’s business materially.

Safe Harbors. Consistent with the rule proposal, an untimely filing under Item 1.05 would not result in a loss of Form S-3 eligibility and the failure to file the Item 1.05 Form 8-K would not be deemed to be a violation of Section 10(b) and Exchange Act Rule 10b-5.

II. Cybersecurity Risk Management, Strategy, and Governance Disclosure

Risk Management and Strategy Disclosure. The final rule introduces new Item 106 of Regulation S-K, which will require a description in the Form 10-K of a company’s processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats[20] in sufficient detail for a reasonable investor to understand those processes. Item 106 states that in providing such disclosure, a company should address, as applicable, the following non-exclusive list of disclosure items:

Whether and how any such processes have been integrated into the company’s overall risk management system or processes;
Whether the company engages assessors, consultants, auditors, or other third parties in connection with any such processes; and
Whether the company has processes to oversee and identify such risks from cybersecurity threats associated with its use of any third-party service provider.

Companies must also describe whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the company, including its business strategy, results of operations, or financial condition and if so, how.

The list of disclosure items under this caption represents a significant paring back from the rule proposal. In the adopting release, the SEC acknowledged concerns on the rule proposal’s prescriptiveness and its potential to affect a company’s risk management and strategy decision-making.[21] The Commission believes that the formulation in the final rule will not result in companies providing a level of detail that goes beyond material information or that could increase a company’s vulnerability.[22] Notably, the final rule requires disclosure of “processes” rather than “policies and procedures,” with the SEC noting that the former avoids disclosing operational details that could be used by malicious actors and removes the question of whether companies without written policies and procedures should disclose that fact.[23] Other changes aimed at reducing the prescriptiveness of the rule include the removal of the list of risk types (e.g., intellectual property theft, fraud, etc.) and the removal of certain disclosure items, such as the company’s activities undertaken to prevent, detect, and minimize effects of cybersecurity incidents, and the company’s business continuity, contingency, and recovery plans in the event of a cybersecurity incident.

Governance Disclosure. Item 106 also requires companies to describe the board of directors’ oversight of risks from cybersecurity threats. If applicable, companies must identify any board committee or subcommittee responsible for the oversight of risks from cybersecurity threats and describe the processes by which the board or such committee is informed about such risks. Importantly, the final rule omits the proposed requirement to disclose cybersecurity expertise within the board of directors, although the SEC noted that a company that has determined that board-level expertise is a necessary component to its cyber-risk management would likely provide that disclosure under Item 106.[24]

In addition, companies must describe management’s role in assessing and managing the registrant’s material risks from cybersecurity threats, with such disclosure addressing, as applicable, the following non-exclusive list of disclosure items:

Whether and which management positions or committees are responsible for assessing and managing such risks, and the relevant expertise of such persons or members in such detail as necessary to fully describe the nature of the expertise;
The processes by which such persons or committees are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents; and
Whether such persons or committees report information about such risks to the board of directors or a committee or subcommittee of the board of directors.

With respect to management’s expertise, the instructions to Item 106 provide that it may include “[p]rior work experience in cybersecurity; any relevant degrees or certifications; any knowledge, skills, or other background in cybersecurity.”

The final governance disclosure requirements also are significantly less prescriptive than under the rule proposal. Exclusions from the final rule include the proposed requirement to disclose whether and how the board integrates cybersecurity into its business strategy, risk management, and financial oversight, and details such as whether the company has a chief information security officer, the frequency of the board’s discussions on cybersecurity, and the frequency with which responsible management positions or committees report to the board on cybersecurity risk. However, the SEC indicated that details such as frequency of discussions or updates may be included in Item 106 disclosure to the extent relevant to an understanding of the board’s oversight of risks from cybersecurity threats.[25] While the requirement to disclose whether the company has a chief information security officer was also omitted from the final rule, the SEC noted that the remaining requirement to discuss which management positions or committees are responsible for assessing and managing cybersecurity risk “would typically encompass identification of whether a registrant has a chief information security officer, or someone in a comparable position.”[26]

Foreign Private Issuers. The final rule amends Form 20-F to include requirements parallel to Item 106 regarding a foreign private issuer’s risk management, strategy, and governance. In addition, the final rule adds “material cybersecurity incidents” to the items that may trigger a current report on Form 6-K. Under the new rule, foreign private issuers will be required to furnish on Form 6-K information about material cybersecurity incidents that the issuers disclose or otherwise publicize in a foreign jurisdiction, to any stock exchange or to security holders.

XBRL Requirements. All new disclosure requirements must be tagged in Inline XBRL (block text tagging for narrative disclosures and detail tagging for quantitative amounts) beginning one year after the initial compliance date for the applicable disclosure requirement.

III. Considerations and Next Steps

Companies should review their cybersecurity incident response playbooks to reflect the processes contemplated under the new Form 8-K requirements. Companies should review and test their procedures for responding to cybersecurity incidents and amend or supplement those procedures as appropriate to address the procedures and attendant documentation contemplated under the new Form 8-K reporting requirements. The final rule provides that the materiality determination for a given cybersecurity incident may not be “unreasonably delayed,” so companies should confirm that their disclosure controls and procedures provide for effective communication between the cybersecurity team, the legal team supporting cybersecurity, the legal team responsible for securities disclosure, and the disclosure committee, as well as for appropriate interaction with the board of directors or a responsible committee of the board. Maintaining clearly understood channels of communication will be important in fulfilling the need for a reasonable and timely assessment and escalation of detected cybersecurity incidents, and will assist companies in meeting the cybersecurity incident disclosure requirements. In addition, companies should confirm that their disclosure controls and procedures reflect the considerations discussed in the final rule’s adopting release for assessing materiality, including inputs to consider potential reputational harm and damage to customer and vendor relationships. Companies should plan to carefully document both their materiality analysis and the reasonableness of the time that it takes to assess materiality. As Commissioner Peirce noted during the meeting at which the SEC approved the final rule, the days and weeks following detection of a cybersecurity incident are incredibly demanding and stressful on companies, and the new SEC disclosure rules significantly heighten those pressures, but a well-documented playbook that is both sufficiently detailed and sufficiently flexible will serve companies well. In addition, while the final rule did not impose new insider trading procedures relating to cybersecurity incidents, companies should continue to carefully assess that topic during the course of their response to a cybersecurity incident and consider whether and when to suspend any purchases or sales of company securities by the company and by insiders.[27]

Only a narrow set of circumstances qualify for delaying the reporting of material cybersecurity instances and the delay may be difficult to obtain. As described above, the SEC retained the proposed requirement to disclose material cybersecurity incidents within four (4) business days of the company’s materiality determination with only narrow exceptions. The only generally applicable exception will require the Attorney General’s determination that disclosure poses substantial risk to national security or public safety. While the SEC stated that it has established an interagency communication process, we expect that there may be difficulty in a company obtaining a determination by the Department of Justice, through the Attorney General, that is provided to the Commission in writing within the four (4) business day window following the company’s materiality determination, at which point disclosure would be required. It is possible that companies will seek, and the Department of Justice will issue, such a notification of such determination to the Commission in only the most exceptional circumstances. For companies that regularly interact with agencies of the U.S. government responsible for national security, it is possible that certain incidents may be classified and consequently omitted from disclosure.

Companies may need to revisit their processes for managing cybersecurity risk. While the final rule is less prescriptive than the rule proposal, there are still a number of details regarding a company’s cybersecurity risk management processes that will need to be disclosed. Companies hoping to avoid disclosure of processes that lack features addressed in the final rule or that appear less robust than those of their peers may want to revisit their processes as they develop their disclosure. Specifically, companies should be aware of the need to describe their engagement of third parties in connection with the risk management process, any processes to oversee and identify risks associated with the use of third-party service providers, and the delegation of responsibility for cybersecurity risks between the board and management. While the SEC did not adopt the requirement to disclose cybersecurity expertise among board members, Commissioner Crenshaw stated that the Commission should continue to consider requiring such disclosure.[28]

Disclosures regarding material cybersecurity incidents and company’s risk management processes will require careful drafting. While some of the information required to be disclosed under the final rule has historically been disclosed to regulatory agencies and affected customers, the need to publicly disclose the information in an SEC filing will subject this information to much greater scrutiny and potential liability as a result of possible regulatory enforcement or litigation. These disclosures will require careful drafting to balance the obligation to timely disclose material information without material omission with the important business objective of avoiding unintentionally exposing weaknesses in a company’s cybersecurity profile that can be further exploited by malicious actors. While, as discussed above, incident disclosures do not require specific technical information, as Commissioner Peirce noted in her dissent,[29] disclosures could nonetheless provide attackers with important information, such as what the company knows about the incident and the potential financial impact, among other details, and may make it easier for attackers to identify targets. While the final rule allows companies a reasonable time to assess materiality, companies will be well served by avoiding a rushed drafting experience when preparing Form 8-K disclosures by involving inside and outside experts at an early stage. A careful review of companies’ cybersecurity incident response playbook, as addressed above, will also facilitate drafting the annual risk management and strategy disclosures. Companies’ disclosure controls and procedures should also address post-incident monitoring that allows them to address the highly fraught requirement to annually disclose how risks from previous cyber threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the company. Assuming the final rule’s publication in the Federal Register is not substantially delayed, companies will have less than six months to review their existing incident response plans, consider them in light of the new disclosure rules, and make updates as needed.

Companies should coordinate their disclosure of cybersecurity risk management, strategy, and governance with existing disclosures. One of the SEC’s stated objectives in adopting the final rule is to consolidate disclosure into a single location in company filings. As noted by the SEC, many companies address cybersecurity risks and incidents in the risk factor sections of their filings, and risk oversight and governance is often addressed in companies’ proxy statements. However, the new rule requires disclosure to appear in a newly designated item in Part I of the annual report on Form 10-K and does not allow the disclosures to be incorporated from the proxy statement. Therefore, companies should review their risk factor and proxy statement disclosures when drafting the new discussions of cybersecurity risk management, strategy, and governance for the Form 10-K in order to maintain consistency with the company’s past public statements regarding its cybersecurity governance and processes and to assess how those disclosures may be enhanced or revised going forward. We expect companies will continue to include disclosure of cybersecurity governance in their proxy statements, and therefore should consider whether any details disclosed in response to Item 106 should be incorporated into the proxy statement disclosure.

__________________________

[1] For our discussion of the rule proposal, see Gibson Dunn Client Alert, SEC Proposes Rules on Cybersecurity Disclosure (Mar. 11, 2022).

[2] The SEC adopted the definition of “cybersecurity incident” used in Regulation S-K for purposes of Item 1.05. Accordingly, “cybersecurity incident” is defined to mean an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through a company’s information systems that jeopardizes the confidentiality, integrity, or availability of a company’s information systems or any information residing therein. “Information systems” is defined to mean electronic information resources, owned or used by the company, including physical or virtual infrastructure controlled by such information resources, or components thereof, organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of the company’s information to maintain or support the company’s operations. Importantly, an unauthorized occurrence on or conducted through an information system that is used by, but not owned by, a company would still be considered a cybersecurity incident, meaning that companies may need to disclose cybersecurity incidents impacting information systems developed by a third party that the company uses.

[3] Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, 87 FR 16590, 16624 (Mar. 23, 2022).

[4] Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, Release No. 33-11216 (July 26, 2023) (“Adopting Release”) at 37-38.

[5] Id. at 38.

[6] Id. at 29-30.

[7] See Id. at 30.

[8] Id. at 31-32.

[9] Id. at 33.

[10] In extraordinary circumstances, disclosure may be delayed for a final additional period of up to 60 days if the Attorney General notifies the SEC in writing that disclosure continues to pose a substantial risk to national security. Public safety concerns alone would not be a sufficient basis to grant this additional 60-day delay. Id. at 34.

[11] See 46 CFR 64.2011(b)(1).

[12] Adopting Release, supra note 4, at 42 n.143.

[13] Id. at 41-42. This is despite the direct conflict that would arise should an “investigative agency,” such as the United States Secret Service, a component agency of the Department of Homeland Security, require a covered telecommunications carrier to delay disclosure consistent with 46 CFR 64.2011(b)(3). The SEC dismisses this conflict by suggesting that the Department of Homeland security may “work with the Department of Justice to seek a delay of disclosure,” presumably pursuant to a determination by the Attorney General. Id. at 42 n.145.

[14] Id. at 35 n.131.

[15] Id. at 169-170.

[16] Id. at 170.

[17] The Adopting Release mentions “chance technology outages” as an example of an accidental incident, which suggests that a crashed website (which, by definition, jeopardizes the availability of the company’s information systems) could meet the definition of a “cybersecurity incident.” Id. at 72.

[18] Id. at 169.

[19] Id. at 53.

[20] “Cybersecurity threat” is defined to mean any potential unauthorized occurrence on or conducted through a registrant’s information systems that may result in adverse effects on the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.

[21] Adopting Release, supra note 4, at 60.

[22] Id. at 61.

[23] Id.

[24] Id. at 85.

[25] Id. at 70.

[26] Id. at 69-70.

[27] The Adopting Release specifically pointed out that the 2018 interpretative guidance issued by the Commission addressing the application of insider trading prohibitions in the context of cybersecurity remains in place. Id. at 96.

[28] See Commissioner Caroline A. Crenshaw, “Statement on Cybersecurity Adopting Release” (Jul. 26, 2023), available here.

[29] See Commissioner Hester M. Peirce, “Harming Investors and Helping Hackers: Statement on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure” (Jul. 26, 2023), available here.

The following Gibson Dunn attorneys assisted in preparing this update: Matthew Dolloff, Nicholas Whetstone, Stephenie Gosnell Handler, Thomas Kim, Brian Lane, Julia Lapitskaya, Vivek Mohan, Ronald Mueller, Michael Scanlon, Alexander Southwell, Michael Titera, and Lori Zyskowski.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. To learn more, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Privacy, Cybersecurity and Data Innovation, Securities Regulation and Corporate Governance, or Securities Enforcement practice groups:

Privacy, Cybersecurity and Data Innovation Group:
Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com)
S. Ashlie Beringer – Co-Chair, Palo Alto (+1 650-849-5327, aberinger@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202-955-8510, shandler@gibsondunn.com)
Jane C. Horvath – Co-Chair, Washington, D.C. (+1 202-955-8505, jhorvath@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650-849-5345, vmohan@gibsondunn.com)
Ashley Rogers – Dallas (+1 214-698-3316, arogers@gibsondunn.com)
Alexander H. Southwell – Co-Chair, New York (+1 212-351-3981, asouthwell@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com)

Securities Regulation and Corporate Governance Group:
Elizabeth Ising – Co-Chair, Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
Thomas J. Kim – Washington, D.C. (+1 202-887-3550, tkim@gibsondunn.com)
Brian J. Lane – Washington, D.C. (+1 202-887-3646, blane@gibsondunn.com)
Julia Lapitskaya – New York (+1 212-351-2354, jlapitskaya@gibsondunn.com)
James J. Moloney – Co-Chair, Orange County (+1 949-451-4343, jmoloney@gibsondunn.com)
Ronald O. Mueller – Washington, D.C. (+1 202-955-8671, rmueller@gibsondunn.com)
Michael J. Scanlon – Washington, D.C. (+1 202-887-3668, mscanlon@gibsondunn.com)
Michael Titera – Orange County (+1 949-451-4365, mtitera@gibsondunn.com)
Lori Zyskowski – Co-Chair, New York (+1 212-351-2309, lzyskowski@gibsondunn.com)

Securities Enforcement Group:
Richard W. Grime – Co-Chair, Washington, D.C. (+1 202-955-8219, rgrime@gibsondunn.com)
Mark K. Schonfeld – Co-Chair, New York (+1 212-351-2433, mschonfeld@gibsondunn.com)
David Woodcock – Co-Chair, Dallas (+1 214-698-3211, dwoodcock@gibsondunn.com)

Over the last few years, market conditions have changed so dramatically that today, no matter its products or services, every company is also in the environmental business. Prompted by the real-world impacts of climate change, many consumers now demand environmental action from corporations and prefer to buy products marketed as environmentally friendly. Many companies therefore market their products as “net-zero” or “carbon neutral”—and make pledges to be, as a business, “net-zero” by a certain date. In support of these pledges, companies often buy carbon credits from voluntary carbon markets to offset or mitigate their carbon emissions voluntarily.

Voluntary carbon markets present opportunity, but also create financial, regulatory, and litigation risks. Because the voluntary markets are often fragmented, suffer from a lack of transparency and, above all, are not subject to any statutory common standards, there is a lack of trust in the credits issued under these system, which also limits the tradability of the credits.

This quarterly newsletter aggregates the knowledge and experience of Gibson Dunn attorneys around the globe as we help our clients across all sectors navigate the ever-changing landscape of voluntary carbon markets.

Read More

The following Gibson Dunn lawyers assisted in the preparation of this alert: Susy Bullock, Michael Cannon, Matt Donnelly, Abbey Hudson, Brad Roach, Lena Sandberg, Jeffrey Steiner, Adam Lapidus, Jonathan Cockfield, Arthur Halliday, Natalie Harris, Yannis Ioannidis, Alexandra Jones, Mark Tomaier, Richie Vaughan, and Alwyn Chan.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Environmental, Social and Governance (ESG), Environmental Litigation and Mass Tort, Global Financial Regulatory, Energy, or Tax practice groups, or the following authors:

Environmental, Social and Governance (ESG) Group:
Susy Bullock – London (+44 (0) 20 7071 4283, sbullock@gibsondunn.com)

Environmental Litigation and Mass Tort Group:
Abbey Hudson – Los Angeles (+1 213-229-7954, ahudson@gibsondunn.com)

Global Financial Regulatory Group:
Jeffrey L. Steiner – Washington, D.C. (+1 202-887-3632, jsteiner@gibsondunn.com)

Energy, Regulation and Litigation Group:
Lena Sandberg – Brussels (+32 2 554 72 60, lsandberg@gibsondunn.com)

Oil and Gas Group:
Brad Roach – Singapore (+65 6507 3685, broach@gibsondunn.com)

Tax Group:
Michael Q. Cannon – Dallas (+1 214-698-3232, mcannon@gibsondunn.com)
Matt Donnelly – Washington, D.C. (+1 202-887-3567, mjdonnelly@gibsondunn.com)

Interviewed on the Following the Rules podcast, London partner Matthew Nunan outlines the changes he believes are necessary to future-proof both the UK’s finance regulator, the Financial Conduct Authority (FCA), and the country’s top prosecution agency, the Serious Fraud Office (SFO), and explains why it’s vital for the two organizations to begin working together more effectively. “You would hope that they could have a straightforward conversation, which says, ‘What are we here to do? What are you here to do? And also, how can you help?’”

Matthew Nunan is the former head of wholesale enforcement at the FCA and spent six years as a case controller at the SFO. In the podcast, he also discusses how the UK’s accountability regime for senior City staff could be improved, where the City needs clarity from the government as to its Brexit plans, and much more.

This client alert provides an overview of shareholder proposals submitted to public companies during the 2023 proxy season, including statistics and notable decisions from the staff (the “Staff”) of the Securities and Exchange Commission (the “SEC”) on no-action requests.

I. Summary of Top Shareholder Proposal Takeaways from the 2023 Proxy Season

As discussed in further detail below, based on the results of the 2023 proxy season, there are several key takeaways to consider for the coming year:

Shareholder proposal submissions rose yet again. For the third year in a row, the number of proposals submitted increased. In 2023, the number of proposals increased by 2% to 889—the highest number of shareholder proposal submissions since 2016.
The number of executive compensation proposals significantly increased, along with a continued increase in environmental and social proposals. Executive compensation proposals increased notably, up 108% from 2022, with the increase largely attributable to proposals seeking shareholder approval of certain executive severance agreements. The number of both environmental and social proposals also increased, up 11% and 3% respectively, compared to 2022 and 68% and 24% respectively, compared to 2021. In contrast, governance proposals declined 14%, and civic engagement proposals declined 6%. The five most popular proposal topics in 2023, representing 43% of all shareholder proposal submissions, were (i) climate change, (ii) independent chair, (iii) nondiscrimination and diversity-related, (iv) shareholder approval of certain severance agreements, and (v) special meetings. Of the five most popular topics in 2023, all but one (shareholder approval of certain severance agreements replacing lobbying spending and political contributions) were also in the top five in 2022.
While the number of no-action requests dropped significantly, the percentage of proposals excluded pursuant to a no-action request rebounded from 2022’s historic low. Only 175 no-action requests were submitted to the Staff in 2023, representing a submission rate of 20%, down from a submission rate of 29% in 2022 and 34% in 2021. The overall success rate for no-action requests, after plummeting to only 38% in 2022, rebounded to 58% in 2023, but was still well below the 71% success rate in 2021, and marked the second lowest success rate since 2012. Success rates in 2023 improved for duplicate proposals (100% in 2023, up from 31% in 2022), procedural (80% in 2023, up from 68% in 2022), ordinary business (50% in 2023, up from 26% in 2022), and substantial implementation grounds (26% in 2023, up from with 15% in 2022), while success rates declined for resubmissions (43% in 2023, compared with 56% in 2022) and violation of law (33% in 2023, compared with 40% in 2022).
The number of proposals voted on increased yet again, but overall voting support decreased significantly, and less than 3% of proposals submitted received majority support. In 2023, over 54% of all proposals submitted were voted on, compared with 50% of submitted proposals voted on in 2022. Despite this increase, average support for all shareholder proposals plummeted to 23.3% in 2023, down from 30.4% in 2022. The decrease in average support was primarily driven by decreased support for both social and environmental proposals, with support for social (non-environmental) proposals decreasing to 17.2% in 2023 from 23.2% in 2022 and support for environmental proposals decreasing to 21.3% in 2023 from 33.8% in 2022. And in line with lower support overall, only 25 shareholder proposals received majority support in 2023, down from 55 in 2022.
More change is in store for the shareholder proposal process, as the SEC considers further amendments to Rule 14a-8, Congress homes in on reform of Rule 14a-8, and stakeholders challenge the SEC’s role in the process. In July 2022, the SEC proposed amendments to Rule 14a-8 that, if adopted, would make it significantly more challenging for companies to exclude shareholder proposals on substantial implementation, duplication, and resubmission grounds. The SEC targeted approval of these amendments by October 2023, which means the 2024 proxy season could see further changes in how companies approach no-action requests. Additionally, the Financial Services Committee of the U.S. House of Representatives recently formed a Republican ESG Working Group, which has identified reforming the Rule 14a-8 no-action request process as a key priority of the Working Group’s focus on reforming the proxy voting system for retail investors. And, as discussed below, legal action by two stakeholder groups, the National Center for Public Policy Research and the National Association of Manufacturers, could disrupt the shareholder proposal process altogether.
Proponents’ use of exempt solicitations grows again, and now others are joining the game. Exempt solicitation filings continued to proliferate, with the number of filings reaching a record high again this year and increasing almost 22% over last year and 64% compared to 2021. As in prior years, the vast majority of exempt solicitations filed in 2023 were filed by shareholder proponents on a voluntary basis—i.e., outside of the intended scope of the SEC’s rules—in order to draw attention and publicity to pending shareholder proposals. Interestingly, third parties have begun intervening in the shareholder proposal process by using exempt solicitation filings to provide their views on shareholder proposals submitted by unaffiliated shareholder proponents.

Read More

The following Gibson Dunn attorneys assisted in preparing this update: Elizabeth Ising, Thomas J. Kim, Julia Lapitskaya, Ronald O. Mueller. Michael Titera, Lori Zyskowski, Geoffrey Walter, Victor Twu, Natalie Abshez, Meghan Sherley, Michael Svedman*, and Nicholas Whetstone.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, or any of the following lawyers in the firm’s Securities Regulation and Corporate Governance practice group:

Aaron Briggs – San Francisco, CA (+1 415-393-8297, abriggs@gibsondunn.com)
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
Thomas J. Kim – Washington, D.C. (+1 202-887-3550, tkim@gibsondunn.com)
Julia Lapitskaya – New York, NY (+1 212-351-2354, jlapitskaya@gibsondunn.com)
Ronald O. Mueller – Washington, D.C. (+1 202-955-8671, rmueller@gibsondunn.com)
Michael Titera – Orange County, CA (+1 949-451-4365, mtitera@gibsondunn.com)
Lori Zyskowski – New York, NY (+1 212-351-2309, lzyskowski@gibsondunn.com)
Geoffrey E. Walter – Washington, D.C. (+1 202-887-3749, gwalter@gibsondunn.com)
David Korvin – Washington, D.C. (+1 202-887-3679, dkorvin@gibsondunn.com)

*Michael Svedman is an associate practicing in the firm’s Washington, D.C. office who currently is admitted to practice only in New York.

Texas is known for its business-friendly environment, with low taxes and minimal government regulation. But the state has faced criticism for years about its legal system being slow, unpredictable, and costly, hindering economic growth and development. While nearly thirty other states have created specialized business courts, Texas has not updated its judicial system since the late 1960s. Consequently, elected judges who may never have been exposed to large-scale commercial litigation are called upon to preside over such complex cases alongside run-of-the-mill family law disputes and personal injury claims. And, unlike their federal colleagues, they usually do so without the benefit of full-time clerks to work through what can be mountains of paper.

The predictable result of this combination of bet-the-company cases with small-dollar disputes is that state trial judges’ dockets can become overwhelmed when faced with a complex, large-scale mergers-and-acquisitions or securities issue. These cases often require in-depth research by the judge, lengthy judicial consideration of complex motions, and extremely detailed parsing of complex commercial agreements, all of which are time-consuming and resource-intensive, taking time from their regular dockets. Consequently, these cases can be subject to significant processing delays at the state trial court level. Similarly, the lack of a requirement for written opinions in all cases and the comparatively rare nature of complex commercial cases in state trial courts—for many state trial court judges the first of these massive cases heard in their courtroom may also be the last—has led to a lack of certainty and stability around these types of cases in Texas business law.

Thus, despite its world-class economy, Texas’s judicial system has sometimes led corporations and other business entities to incorporate and litigate in other states, such as Delaware or New York, which have specialized business courts where the timeline for dispute resolution is more certain.

However, following the recently concluded legislative session, specialized business courts are coming to Texas. Last month, Texas enacted House Bill 19 (HB 19), which will create a specialized business trial court: the Texas Business Court (TBC)[1].

The TBC’s stated primary objective is to provide a faster, more efficient, and more cost-effective dispute resolution mechanism for businesses. It will be a specialized trial court designed to handle complex commercial disputes and streamline the litigation process. In this way, the new court will change the procedures for commercial litigation in Texas, with significant implications for businesses and individuals.

Supporters argue that the TBC will provide a more specialized and tailored approach to handling commercial disputes. The new court will also have the power to hear cases from other jurisdictions, potentially making Texas more attractive for businesses seeking a more predictable and efficient legal system.

Specialization

The TBC will oversee cases concerning corporate governance disputes, certain contract and commercial transactions, and actions seeking declaratory or injunctive relief. The TBC will have jurisdiction over matters in which the amount in controversy exceeds $5 million in some cases and $10 million in others, excluding interest, statutory damages, exemplary damages, penalties, attorney’s fees, and court costs.

The specialized nature of the court is intended to streamline the litigation process, reducing the time and cost associated with resolving disputes. Currently, businesses must navigate a court system that may not have the same level of specialization in commercial litigation, resulting in additional costs and delays.

As the enacting legislation is currently written, the court will start with only five divisions that oversee major metropolitan areas. The governor would appoint judges to the business court for a two-year term, and judges can be re-appointed multiple times. As time goes on, additional divisions will come online until the TBC covers all 11 existing judicial administrative regions.

Judges

Like probate or criminal courts, the TBC will be a specialized court and have specialized judges with expertise in business law and commercial litigation. Instead of being elected like other Texas district judges, business court judges will be appointed by the governor. And instead of being open to any attorney who meets the minimum legal requirement to stand for election—just four years of legal practice—business court judges appointed to the TBC by the governor must meet a set of requirements designed to ensure they have the knowledge, skills, and ability to handle complex commercial cases smoothly and efficiently. As currently written, business court judges must have ten years of experience practicing complex civil business litigation, practicing business transaction law, or serving as a judge of a Texas state court with civil jurisdiction (or any combination thereof). These requirements are designed to ensure a baseline level of business law experience and expertise for complex commercial cases being adjudicated in the new TBC.

Importantly, judges on the TBC will have access to more resources and information, allowing them to make more informed decisions on cases. For example, they may have access to technical experts or business consultants who can provide specialized knowledge on a particular issue. This can speed up the decision-making process and ensure that the court’s rulings are accurate and informed.

TBC judges will also be required to issue written opinions in their cases. This requirement should go far towards building up a stable and predictable body of precedent for Texas business law and put businesses on notice as to how Texas judges actually apply that precedent.

Efficiency

The TBC will aim to provide a more efficient dispute resolution mechanism, which is critical for businesses looking to resolve disputes quickly and cost-effectively. The TBC will also allow for more streamlined discovery, which is a process of gathering evidence before trial. Currently, discovery in commercial cases can be extensive and costly, taking up valuable time and resources. This is especially true when there are no prior written opinions from the judges outlining their approach to discovery in large-scale, complex cases. The TBC will limit discovery to only what is necessary, reducing the time and cost of the litigation process.

Removal and Transfer

Under HB 19, businesses will have the opportunity to remove cases to the TBC within 30 days of receiving the initial notice of summons that named the party in state court. Removing the case to the TBC will not waive a defect in venue or constitute an appearance to determine personal jurisdiction. Similarly, a transfer provision in HB 19 allows for the judge of a court in which an action was initially filed to request the transfer of the case to the business court if it was within the business court’s jurisdiction.

These provisions will help prevent businesses from being hauled into state court for disputes which fall under the more specialized jurisdiction of the business court and will ensure fair and equal access to the TBC for all businesses and disputes which fall under its specialized jurisdiction.

Appeals

HB 19 also provides that the new statewide 15th Court of Appeals, created by additional legislation from the Texas Legislature last session, will have exclusive jurisdiction over all appeals from an order or judgment of the business court, or an original proceeding related to an action or order of the business court. The 15th Court of Appeals will be composed of judges elected in statewide elections. The creation of this new appellate court, in conjunction with the creation of the TBC, means that Texas business law will have consistent precedents generated at both the district and appellate levels.

Predictions

It is difficult to predict exactly what will happen to the number of lawsuits filed after the TBC is enacted, as there are several factors that could influence those numbers. However, it is likely that the TBC’s creation will increase the filings of commercial and business suits in Texas as business grow more confident in the revamped Texas judicial system.

First, it is likely that the establishment of the TBC will lead to more businesses choosing Texas as the preferred jurisdiction for their commercial disputes due to the TBC’s specialization, efficiency, and predictability. Such a result will naturally attract more lawsuits to Texas. Based on anecdotal evidence, it appears that many Texas companies will adopt mandatory venue clauses that will place their commercial lawsuits in the TBC. This could lead to an increase in the number of lawsuits filed in Texas, particularly from businesses based outside of the state.

Second, it is likely that the TBC’s specialization in business disputes could lead to a virtuous cycle of an ever-increasing number of disputes being resolved through the TBC. If businesses have confidence in the TBC’s ability to handle complex commercial disputes and see a body of strong precedent and caselaw being built up by the TBC and the 15th Court of Appeals, they may be more willing to initiate disputes in the TBC, or remove existing disputes to the TBC. As time goes on, this may lead to an increase in the number of lawsuits filed in Texas.

Third, the certainty offered by the TBC for business law issues moving forward will, over time, likely result in more businesses choosing to incorporate in Texas and more individuals choosing to start businesses in Texas. It is an unfortunate reality that some of these businesses eventually will become embroiled in litigation, and when they do they will likely take their cases to the TBC. This too probably will lead to an increase in the number of lawsuits filed in Texas.

Overall, the impact of the TBC on the number of lawsuits filed in Texas will depend on a variety of factors, including the court’s effectiveness in handling commercial disputes, the degree to which businesses trust the TBC, and the willingness of litigants to pursue lawsuits in a court with strict timelines and streamlined procedures. But the establishment of the TBC is a major change in Texas law that will affect businesses and litigants for decades to come.

__________________________

[1] Please see the enacted bill and Texas House Research Organization analysis for additional details.

The following Gibson Dunn attorneys assisted in preparing this client update: Trey Cox and John Daniel Rimann.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Appellate, Litigation, or Trials practice groups, or any of the following in Texas:

Gregg J. Costa – Co-Chair, Trials Group, Houston (+1 346-718-6649, gcosta@gibsondunn.com)
Collin J. Cox – Houston (+1 346-718-6604, ccox@gibsondunn.com)
Trey Cox – Dallas (+1 214-698-3256, tcox@gibsondunn.com)
Allyson N. Ho – Co-Chair, Appellate & Constitutional Law Group, Dallas
(+1 214-698-3233, aho@gibsondunn.com)
John Daniel Rimann – Dallas (+1 214-698-3178 , jdrimann@gibsondunn.com)

On July 19, 2023, a federal district court held in Ultima Servs. Corp. v. United States Dep’t. of Agriculture, No. 2:20-CV-00041 (E.D. Tenn.), that certain racial preferences in government contracting violate constitutional guarantees of equal protection. The case appears to be the first federal decision that extends Students for Fair Admissions v. Harvard and Students for Fair Admissions v. University of North Carolina (“SFFA”) to the government contracting context. Although the case has no precedential effect and does not address the legality of private entities’ use of racial preferences in procurement decisions or otherwise, future courts might apply Ultima’s reasoning to Section 1981 cases that challenge private companies’ efforts to diversify their supply chains.

A. Background

Section 8(a) of the Small Business Act instructs the Small Business Administration (the “Administration”) to contract with other agencies “to furnish articles, equipment, supplies, services, or materials to the Government, or to perform construction work for the Government.” 15 U.S.C. § 637(a)(1)(A) (the “8(a) program”). The Administration is further authorized to “arrange for the performance of such procurement contracts by negotiating or otherwise letting subcontracts to socially and economically disadvantaged small business concerns.” 15 U.S.C. § 637(a)(1)(B). A “socially and economically disadvantaged small business concern” is one that is majority-owned by “socially disadvantaged individuals”—”those who have been subjected to racial or ethnic prejudice or cultural bias because of their identity as a member of a group without regard to their individual qualities.” Id. § 637(a)(4)-(5). The Act vests the Administration with authority to determine “whether a group has been subjected to prejudice or bias.” Id. § 637(a)(8).

Acting pursuant to this authority, the Administration adopted a regulation, creating a “rebuttable presumption” that “Black Americans; Hispanic Americans; Native Americans … Asian Pacific Americans … [and] Subcontinent Asian Americans” are “socially disadvantaged.” 13 C.F.R. § 124.103(b)(1). Thus, businesses owned by members of these racial minorities are presumptively entitled to participate in the 8(a) program. Plaintiff Ultima, a small business owned by a white woman, filed suit, alleging that it was able and willing to perform on contracts set aside for the 8(a) Program, but was ineligible to do so because of the race of its owner.

B. Analysis

1. The District Court’s opinion

The court held that the 8(a) program violates the equal-protection component of the Fifth Amendment. The court determined that Ultima had standing “because in equal protection cases, the injury-in-fact is the denial of equal treatment resulting from the imposition of the barrier, not the ultimate inability to obtain the benefit.” This injury was redressable because a ruling prohibiting the Administration “from using the rebuttable presumption based on race would remove the race-based barrier that injures Ultima.”

The court then held that the 8(a) program failed to satisfy strict scrutiny. First, the Administration did not assert a compelling interest supporting the program’s racial classification. Quoting SFFA, the court reasoned that while the government “has a compelling interest in remediating specific, identified instances of past discrimination that violated the Constitution or a statute,” it also “must present goals that are sufficiently coherent for purposes of strict scrutiny.” But according to the court, “[t]he 8(a) program suffered a fatal lack of any stated goals.” For example, the Administration did “not identify a specific instance of discrimination” that it sought to remedy via the rebuttable presumption. Although the government argued that the rebuttable presumption was necessary “to remedy the effects of past racial discrimination in government contracting,” the court held that the government was just a “passive participant in such discrimination in the relevant industries in which Ultima operates” and did not “allow[] discrimination to occur in the industries relevant to Ultima.” Additionally, the Administration did “not examine whether any racial group is underrepresented in a particular industry relevant to a specific contract in the 8(a) program” and therefore could not “measure the utility of the rebuttable presumption in remedying the effects of past racial discrimination,” as the court believed to be required by SFFA.

Second, the court held that even if the Administration had a compelling interest in remediating specific past discrimination, the 8(a) program was not narrowly tailored to combatting discrimination. The court reasoned that SFFA “reaffirms that racially conscious government programs must have ‘a logical end point,’” but that the 8(a) program “has no termination date.” Further, the court believed the 8(a) program to be both underinclusive and overinclusive. It was underinclusive, the court reasoned, because it used what SFFA referred to as “imprecise” racial categories to determine “who qualifies for the rebuttable presumption”; the program excluded “Central Asian Americans and Arab Americans [who] have faced significant discrimination,” and viewed “Hasidic Jews who have faced similarly appalling discrimination [as] ineligible for the rebuttable presumption.” The court perceived the program to be overinclusive because it “swe[pt] broadly by including anyone from the specified minority groups, regardless of the industry in which they operate.” The court therefore enjoined the Government from using the rebuttable presumption of social disadvantage in administering the SBA’s 8(a) program.

2. Existing law governing contracting-discrimination claims against private companies

42 U.S.C. § 1981 (“Section 1981”) prohibits racial discrimination in making and enforcing contracts. To prevail on a Section 1981 claim, a plaintiff must satisfy three elements. First, he must show that the defendant intended to discriminate on the basis of race. Second, he must demonstrate that the racial discrimination “interfered with a contractual interest,” Denny v. Elizabeth Arden Salons, Inc., 456 F.3d 427, 435 (4th Cir. 2006)—for example, that there was a “refusal to enter into a contract with someone” on the basis of race, or an “offer to make a contract only on discriminatory terms,” Patterson v. McLean Credit Union, 491 U.S. 164, 176–77 (1989). See also, e.g., Domino’s Pizza, Inc. v. McDonald, 546 U.S. 470, 476 (2006) (Section 1981 “offers relief when racial discrimination blocks the creation of a contractual relationship, as well as when racial discrimination impairs an existing contractual relationship.”). Third, a plaintiff must establish that race discrimination was a “but-for” cause of his injury. Comcast Corp. v. Nat’l Ass’n of African Am.-Owned Media, 140 S. Ct. 1009, 1019 (2020).

A defendant can defeat a Section 1981 claim by demonstrating that it acted pursuant to a valid affirmative-action plan. See, e.g., Johnson v. Transportation Agency, Santa Clara County, California, 480 U.S. 616, 626–27 (1987); see also, e.g., Doe v. Kamehameha Sch./Bernice Pauahi Bishop Estate, 470 F.3d 827, 836–40 (9th Cir. 2006) (en banc) (applying Johnson in Section 1981 case). A valid affirmative-action plan must be remedial in nature, and must rest “on an adequate factual predicate justifying its adoption, such as a ‘manifest imbalance’ in a ‘traditionally segregated job category.’” Shea v. Kerry, 796 F.3d 42, 57 (D.C. Cir. 2015) (quoting Johnson, 480 U.S. at 631) (alteration omitted).

C. Implications for Section 1981 cases

Ultima was not a Section 1981 case. Indeed, in Ultima, the court dismissed the plaintiff’s Section 1981 claim because the statute does not apply to the federal government. As a result, Ultima does not change existing law governing private actors’ use of racial preferences in awarding contracts. Nevertheless, the case suggests that some federal courts will be receptive to challenges to other uses of racial preferences in government contracting, like state and local set-aside programs and requirements that contractors employ a certain number of minority employees. In addition, courts have held that “purposeful discrimination that violates the Equal Protection Clause also will violate § 1981.” Anderson v. City of Boston, 375 F.3d 71, 78 n.7 (1st Cir. 2004); see also Dunnet Bay Const. Co. v. Borggren, 799 F.3d 676, 696 (7th Cir. 2015) (“Racial discrimination by a recipient of federal funds that violates the Equal Protection Clause also violates Title VI and § 1981.”). Ultima therefore suggests that some future courts could hold that Section 1981 prohibits private companies that seek to diversify their supply chains from implementing plans similar to the 8(a) program.

Additionally, Ultima includes a footnote, in which the court observes that while “[t]he facts in Students for Fair Admissions, Inc. concerned college admissions programs … its reasoning is not limited to just those programs.” Ultima applied SFFA to a government contracting program, and a future court could apply the same reasoning to bring challenges to employer or corporate programs under Section 1981, Title VII, and other anti-discrimination statutes. That said, the precedential effect of Ultima is limited, and the decision could be overturned on appeal. In the meantime, Ultima could represent another sign of an increasing trend towards reverse-discrimination claims in employment and contracting.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Molly Senger, Zakiyyah Salim-Williams, Mylan Denerstein, Dhananjay Manthripragada, Lindsay Paulin, Matt Gregory, and Josh Zuckerman.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment or Government Contracts practice groups, the authors, or the following practice leaders and partners:

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group, New York
(+1 212-351-3850, mdenerstein@gibsondunn.com)

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer, Washington, D.C.
(+1 202-955-8503, zswilliams@gibsondunn.com)

Molly T. Senger – Partner, Labor & Employment Group, Washington, D.C.
(+1 202-955-8571, msenger@gibsondunn.com)

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group, Washington, D.C.
(+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group, Los Angeles
(+1 213-229-7107, ksmith@gibsondunn.com)

Dhananjay S. Manthripragada – Partner & Co-Chair, Government Contracts Group, Los Angeles
(+1 213-229-366, dmanthripragada@gibsondunn.com)

Lindsay M. Paulin – Partner & Co-Chair, Government Contracts Group, Washington, D.C.
(+1 202-887-3701, lpaulin@gibsondunn.com)

On 13 June 2023, the European Parliament published a draft report[1] (the “Parliament Proposal”) on the proposal made by the European Commission on 7 December 2022[2] (the “Commission Proposal”) which sets out contemplated amendments to the European Market Infrastructure Regulation (“EMIR”).

The Commission Proposal resulted from a targeted review of EMIR, relating in particular to the supervisory arrangements for central counterparties (“CCPs”), which the Commission was required to carry out by 2 January 2023.[3] As part of the standard EU legislative process, it was then up to the Parliament to be involved, which led to the Parliament Proposal.

The primary aim of the changes contemplated by the Commission and the Parliament, referred to as EMIR 3, is to improve the attractiveness and resilience of the EU clearing system and reduce the exposure of EU entities to third-country CCPs. EMIR 3 also draws lessons from some specific issues that became apparent during the recent energy crisis, and includes other targeted modifications of EMIR.

In this context, the Parliament Proposal does entail some key divergences from the Commission Proposal, which this alert outlines.

I. The active account requirement

This is arguably the most impactful and debated provision considered by EMIR 3.

The Commission Proposal included an obligation for financial counterparties (“FCs”) and non-financial counterparties (“NFCs”) subject to the clearing obligation (such NFCs being often referred to as “NFC+s”) to hold active accounts at CCPs established in the EU. It also required these counterparties to clear in such accounts at least a certain proportion of specific systemic derivative contracts, namely:

interest rate derivatives denominated in euro and Polish zloty;
credit default swaps (“CDS”) denominated in euro; and
short-term interest rate derivatives denominated in euro.

The relevant proportion to be cleared at EU CCPs was to be determined by ESMA through regulatory technical standards.[4]

This approach, known as the “quantitative” approach, has been criticized by various market participants, including ISDA,[5] on the grounds that it would prove costly and jeopardize the competitiveness of EU firms.

Taking these concerns into account, the Parliament Proposal maintains the active account requirement, but provides for it to be gradually phased-in with a two-step approach.

During the first phase, the quantitative approach would be replaced with a qualitative one. EU counterparties would be required to exchange initial and variation margins in an account at a EU CCP, and to regularly enter into new positions on that account. ESMA would be charged with establishing the frequency of trading needed for it to be considered “regular”, which could vary depending on the type of entity considered.[6] Eighteen months after the entry into force of EMIR 3, ESMA and the Joint Monitoring Mechanism[7] would produce a report assessing whether such qualitative approach proves sufficient to relocate clearing activities to the EU clearing system and thus protect the stability of the EU financial system.[8]
If, at the end of the first phase, the qualitative approach proves not to have been sufficient, then the second, quantitative phase would be implemented and ESMA would determine the proportion of derivative contracts to be cleared in the EU CCPs’ active accounts.[9]

In addition, the Parliament Proposal removes euro-denominated CDS from the list of derivatives subject to the active account requirement and instead refers to other categories of derivative contracts pertaining to clearing services to be identified by ESMA as being of substantial systemic importance.[10]

II. Exemption from reporting obligation for NFC intragroup transactions

In 2019,[11] EMIR was amended to include an exemption from the reporting obligation for over-the-counter derivatives between counterparties within a group, where at least one of the counterparties is a non-financial counterparty and the parent undertaking is established in the EU[12]. The rationale for such exemption was that NFC intragroup transactions were not seen as a posing a significant systemic risk. However, in light of some of the difficulties revealed during the energy crisis, the Commission Proposal removed this exemption to ensure more visibility on NFC intragroup transactions.[13]

The Parliament Proposal considers that such removal of the exemption could be premature, as it would lead to additional burdens for corporate end-users of derivatives, without the potential supervisory upside having been established. Consequently, the Parliament Proposal reinstates the exemption and encourages ESMA to prepare a cost-benefit analysis, before reassessing whether to remove the exemption.[14] We note that other jurisdictions, such as the United States, provide relief for non-financial companies from the reporting of intragroup transactions and that in the UK, any intragroup transaction where at least one counterparty is a non-financial counterparty (or would be qualified as a non-financial counterparty if it were established in the UK) may be exempt from the reporting obligation provided that specific circumstances are met.

III. Margining exemption for single-stock and equity index options

To ensure a level playing field for EU firms and avoid regulatory arbitrage with other jurisdictions where they are exempted from margining requirements (e.g., the United States), temporary exemptions for single-stock and equity index options have been repeatedly extended, so that they would not be subject to initial margin and variation margin requirements under EMIR. The exemption is now set to expire on 4 January 2024. We note that the UK regulators are consulting on extending the UK exemption further until 4 January 2026.

The Parliament Proposal contemplates including in EMIR 3 a phase-in approach in respect of these transactions. The exemption, which would now be directly included in the Level 1 text, would be of a temporary nature. ESMA would monitor the regulatory developments in other jurisdictions and report on them every two years. On the basis of the report, the Commission would determine whether maintaining the exemption is justified. If the Commission concludes that it is not, it will specify the adaptation period at the end of which parties will need to comply with margin requirements in respect of their single-stock and equity index options, such period not to exceed 30 months.[15]

IV. Clearing exemption for transactions resulting from PTRR services

The Parliament Proposal contemplates an exemption to the clearing obligation in respect of transactions resulting from post-trade risk reduction (“PTRR”) services. Such services, which include portfolio compression, portfolio optimisation and rebalancing services, are deemed by the Parliament to reduce systemic and operational risk.[16] To encourage the use of PTRR services, it is thus proposed to exempt from the clearing obligation transactions which result from them (as opposed to the original trades which are the subject of the PTRR services and which would remain subject to the clearing obligation to the extent applicable). However, strict conditions would need to be complied with for the exemption to apply. In particular, the PTRR services must be performed by a provider independent of the market participants, and be a market risk neutral exercise not contributing to price formation. In addition, parties intending to benefit from the exemption must notify their competent authorities thereof.[17]

V. Centralization with ESMA of the supervision of EU CCPs

The Parliament Proposal would empower ESMA with a direct supervisory role with respect to EU CCPs, transferring decision-making authority on many matters from national authorities to ESMA. The aim is, through such centralized supervision, to better monitor clearing services in an increasingly cross-border and interconnected context and reduce the potential differences in the interpretation of EMIR between the Member States.[18]

VI. Equivalence approach in respect of margining requirements

The Commission Proposal removed the equivalence mechanism set out in Article 13 of EMIR in respect of reporting, clearing and margining obligations. This mechanism provided that counterparties were deemed to comply with such obligations as set out in EMIR to the extent that they were already subject to equivalent requirements in the jurisdiction in which they were established. This dealt with duplicative or conflicting rules applicable in different jurisdictions, and thus avoided excessive burdens on participants.

Noting that it had proven useful for market participants, the Parliament Proposal reinstates such equivalence mechanism in respect of the sole risk-mitigation techniques set out in Article 11 of EMIR, in particular the margining obligation.[19]

VII. Reporting by counterparties established outside the EU

The Parliament Proposal extends to counterparties established outside the EU, but belonging to a group subject to consolidated supervision in the EU, the requirement to report to trade repositories the conclusion (i.e. the execution), modification or termination of their derivatives. The stated intention of such change is to cover the offshore activities of EU supervised groups.[20]

VIII. Transparency in respect of clearing costs of CCPs

Under the Parliament Proposal, clearing services providers (whether clearing members or clients) would be required to inform their clients of the costs associated with the clearing services of the different CCPs where clearing of the relevant position is possible.[21]

IX. Transparency and control in respect of risk-mitigation techniques

In this respect, the Parliament Proposal entails two new requirements.

FCs and NFCs shall be required to notify the European Banking Authority (“EBA”) and their competent authorities of their initial margin calculation models, at the latest 60 working days prior to first using them. If they find such models not to comply with the applicable conditions, such authorities may object to their use, in which case the relevant entities will be required to cease using them and instead use another model within a year.
FCs shall be required to report information on their risk-management procedures (including, where applicable, in relation to the initial margin models used) to the EBA and their competent authorities and disclose key information therein.[22]

X. No prior authorization for CCPs’ “business as usual” changes

Taking one step further the “non-objection procedure” put forward in the Commission Proposal, the Parliament Proposal would create a new subset of “business as usual” changes, which CCPs could make without prior authorization. The changes would, however, be reviewed and reported on by ESMA on a regular basis.[23]

XI. Next steps

As illustrated above, the revisions that may result from EMIR 3 may have broad impacts for EU market participants (and their affiliates), including for non-financial corporates. However, there are still a number of points which require further discussions for a compromise to be reached. The Council, Commission and Parliament will need to engage in further exchanges to ultimately produce an agreed text.

___________________________

[1] https://www.europarl.europa.eu/doceo/document/ECON-PR-749908_EN.pdf.

[2] Available here.

[3] Article 85(7) of EMIR.

[4] Article (I) (4) of the Commission Proposal.

[5] https://www.isda.org/a/a6ygE/ISDA-commentary-EMIR-3.pdf

[6] Amendments 30 to 32 of the Parliament Proposal.

[7] This new mechanism, introduced by the Commission Proposal, is intended to bring together the various bodies involved in the supervision of EU CCPs, clearing members and clients.

[8] Amendment 38 of the Parliament Proposal.

[9] Amendment 38 of the Parliament Proposal.

[10] Amendment 35 of the Parliament Proposal.

[11] Article 1(7) of Regulation (EU) 2019/834.

[12] This need for the parent undertaking to be established in the EU in order to benefit from the exemption has been clarified by the Commission (TR answer 51(m) in ESMA’s Q&A relating to EMIR – available here).

[13] Article (I)(5) of the Commission Proposal.

[14] Amendment 50 of the Parliament Proposal.

[15] Amendment 60 of the Parliament Proposal. It is worth noting that, on 13 June 2023, the EBA, EIOPA and ESMA sent a letter to the Commission, Parliament and Council seeking for a permanent treatment of single-stock and equity index options with respect to margin requirements, indicating that EMIR 3 provides a good opportunity to clarify this issue (available here).

[16] Amendment 3 of the Parliament Proposal.

[17] Amendment 29 of the Parliament Proposal.

[18] Explanatory statement included in the Parliament Proposal.

[19] Amendment 64 of the Parliament Proposal.

[20] Amendment 49 of the Parliament Proposal.

[21] Amendment 42 of the Parliament Proposal.

[22] Amendment 59 of the Parliament Proposal.

[23] Amendment 101 of the Parliament Proposal.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Global Financial Regulatory, Financial Institutions or Derivatives practice groups, or any of the following:

Paris:
Vincent Poilleux (+33 (0) 1 56 43 13 00, vpoilleux@gibsondunn.com)
Farida Ouriachi (+33 (0) 1 56 43 13 00, fouriachi@gibsondunn.com)
Emma Lavaysse di Battista (+33 (0) 1 56 43 13 00, elavaysse@gibsondunn.com)

United Kingdom:
Michelle M. Kirschner (+44 (0) 20 7071 4212, mkirschner@gibsondunn.com)
Martin Coombes (+44 (0) 20 7071 4258, mcoombes@gibsondunn.com)

United States:
Jeffrey L. Steiner – Washington, D.C. (+1 202-887-3632, jsteiner@gibsondunn.com)
Adam Lapidus – New York (+1 212-351-3869, alapidus@gibsondunn.com)

We are pleased to provide you with Gibson Dunn’s Accounting Firm Quarterly Update for Q2 2023. The Update is available in .pdf format at the below link, and addresses news on the following topics that we hope are of interest to you:

ALI CLE Holds Annual Accountants’ Liability Conference
PCAOB Proposes Expansive NOCLAR Auditing Standard
Supreme Court Holds Section 11 Plaintiffs Must Show They Bought Registered Shares
Supreme Court Holds States Can Require Corporate Consent to General Jurisdiction
Australian Government Investigating Accounting Partnerships
PCAOB Continues China Inspections
PCAOB Issues Spotlight Report on Professional Skepticism
Supreme Court Grants Certiorari in Challenge to SEC Administrative Proceedings
Other Recent SEC and PCAOB Regulatory Developments

Please let us know if there are topics that you would be interested in seeing covered in future editions of the Update.

Read More

Accounting Firm Advisory and Defense Group:

James J. Farrell – Co-Chair, New York (+1 212-351-5326, jfarrell@gibsondunn.com)

Ron Hauben – Co-Chair, New York (+1 212-351-6293, rhauben@gibsondunn.com)

Monica K. Loseman – Co-Chair, Denver (+1 303-298-5784, mloseman@gibsondunn.com)

Michael Scanlon – Co-Chair, Washington, D.C.(+1 202-887-3668, mscanlon@gibsondunn.com)

In addition to the Accounting Firm Advisory and Defense Practice Group Chairs listed above, this Update was prepared by David Ware, Timothy Zimmerman, Benjamin Belair, Monica Limeng Woolley, John Harrison, and Nicholas Whetstone.

In the current equity capital markets environment, offerings that avoid significant dilution can be advantageous. ATM offering programs provide public companies an efficient means of raising capital over time by allowing them to tap into the existing trading market for their shares on an as-needed basis. Rights offerings allow public companies to raise capital while offering all current shareholders the opportunity to participate equally, thereby allowing shareholders to avoid dilution when trading prices are relatively low.

Please join Gibson Dunn attorneys Boris Dolgonos, Brian Lane, Melanie Neary, and Robyn Zolman in a 60-minute briefing as they discuss recent developments in the uses and structures of ATM programs and rights offerings, including mechanics, advantages and disadvantages, securities law implications and disclosure requirements.

PANELISTS:

Robyn Zolman is Partner-in-Charge of the Denver office of Gibson, Dunn & Crutcher, where she practices in the firm’s Capital Markets and Securities Regulation and Corporate Governance practice groups. She advises clients with respect to SEC-registered and Rule 144A offerings of investment grade, high-yield and convertible notes, as well as initial public offerings, follow-on equity offerings, at-the-market equity offering programs, PIPE offerings and issuances of preferred securities. Ms. Zolman also regularly advises clients regarding securities regulation and disclosure issues and corporate governance matters, including Securities and Exchange Commission reporting requirements, stock exchange listing standards, director independence, board practices and operations, and insider trading compliance.

Boris Dolgonos is a partner in the New York office of Gibson, Dunn and Crutcher and a member of the Capital Markets and Securities Regulation and Corporate Governance Practice Groups. Mr. Dolgonos has more than 25 years of experience advising issuers and underwriters in a wide range of equity and debt financing transactions, including initial public offerings, high-yield and investment-grade debt offerings, leveraged buyouts, cross-border securities offerings and private placements. He also regularly advises U.S. and non-U.S. companies on corporate governance, securities laws, stock exchange rules and regulations and periodic reporting responsibilities. Mr. Dolgonos has represented public and private companies, investment banks and other financial institutions and sovereign entities in transactions across North and South America, Europe, Asia and Africa.

Brian Lane, a partner with Gibson, Dunn & Crutcher, is a corporate securities lawyer with extensive expertise in a wide range of SEC issues. He counsels companies on the most sophisticated corporate governance and regulatory issues under the federal securities laws. He is a nationally recognized expert in his field as an author, media commentator, and conference speaker. Mr. Lane ended a 16 year career with the Securities and Exchange Commission as the Director of the Division of Corporation Finance, where he supervised over 300 attorneys and accountants in all matters related to disclosure and accounting by public companies (e.g. M&A, capital raising, disclosure in periodic reports and proxy statements). In his practice, Mr. Lane advises a number of companies undergoing investigations relating to accounting and disclosure issues.

Melanie Neary is an associate in the San Francisco office of Gibson, Dunn & Crutcher. She currently practices in the firm’s Corporate Department. Ms. Neary’s practice is focused on capital markets transactions and mergers & acquisitions and includes representation of clients in connection with corporate governance and Exchange Act reporting matters. Ms. Neary received her J.D. from the University of Michigan Law School in 2016, where she was the Managing Editor of the Michigan Business & Entrepreneurial Law Review. While in law school, Ms. Neary worked in the Transactional Lab and Clinic, advising large organizations around the country and small organizations in the Ann Arbor community on transactional matters.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact CLE@gibsondunn.com to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

Gibson Dunn’s Supreme Court Round-Up provides an overview of cases decided during the October 2022 Term and other key developments on the Court’s docket. This past Term, the Court heard argument in 59 cases, released 58 opinions, and dismissed one case as improvidently granted.

Spearheaded by former Solicitor General Theodore B. Olson, the Supreme Court Round-Up keeps clients apprised of the Court’s most recent actions. The Round-Up previews cases scheduled for argument, tracks the actions of the Office of the Solicitor General, and recaps recent opinions. The Round-Up provides a concise, substantive analysis of the Court’s actions. Its easy-to-use format allows the reader to identify what is on the Court’s docket at any given time, and to see what issues the Court will be taking up next. The Round-Up is the ideal resource for busy practitioners seeking an in-depth, timely, and objective report on the Court’s actions.

To view the Round-Up, click here.

Gibson Dunn has a longstanding, high-profile presence before the Supreme Court of the United States, appearing numerous times in the past decade in a variety of cases. During the Supreme Court’s seven most recent Terms, 11 different Gibson Dunn partners have presented oral argument; the firm has argued a total of 17 cases in the Supreme Court during that period, including closely watched cases with far-reaching significance in the areas of intellectual property, securities, separation of powers, and federalism. Moreover, although the grant rate for petitions for certiorari is below 1%, Gibson Dunn’s petitions have captured the Court’s attention: Gibson Dunn has persuaded the Court to grant 34 petitions for certiorari since 2006.

* * * *

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Supreme Court. Please feel free to contact the following attorneys in the firm’s Washington, D.C. office, or any member of the Appellate and Constitutional Law Practice Group.

Theodore B. Olson (+1 202.955.8668, tolson@gibsondunn.com)
Amir C. Tayrani (+1 202.887.3692, atayrani@gibsondunn.com)
Kate Meeks (+1 202.955.8258, kmeeks@gibsondunn.com)
Jessica L. Wagner (+1 202.955.8652, jwagner@gibsondunn.com)

On July 19, 2023, the U.S. Federal Trade Commission (FTC) and Department of Justice (DOJ) (collectively, the Agencies) jointly released updated draft Merger Guidelines (Proposed Guidelines) for public comment.[1] The Proposed Guidelines address horizontal and vertical mergers and reflect the Biden Administration’s competition policy and existing enforcement priorities[2] while providing guidance about the Agencies’ recent efforts to expand the reach of antitrust and fair competition laws.[3] The Proposed Guidelines will not be formally effective for several months, but, in practice, they already reflect current enforcement policy in reality, and as such are a window into the Agencies’ thinking on competition analysis.

Notable provisions in the Proposed Guidelines that reflect changes from prior agency guidance include: (A) lower market share and concentration thresholds necessary to trigger the structural presumption that a transaction is anticompetitive, (B) de-prioritizing market definition as the starting place for analysis, (C) close scrutiny of transactions that may eliminate potential competition, (D) a framework for analyzing mergers involving multi-sided platforms, (E) a focus on potential harm to rivals, (F) attention to serial or “roll-up” acquisitions, (G) enhanced focus on labor market effects, and (H) expanded use of the FTC’s Section 5 authority.

Overall, the Proposed Guidelines reflect the Agencies’ increased skepticism of the benefits of mergers and acquisitions and a greater willingness to pursue new or revive older theories of competitive harm.

I. Background: The Proposed Guidelines reflect major policy changes.

Historically, the Agencies have jointly issued Guidelines to explain their enforcement policy, most recently in the 2010 Horizontal Merger Guidelines[4] and the 2020 Vertical Merger Guidelines.[5] In September 2021, the FTC withdrew the Vertical Merger Guidelines in favor of a new set of guidance to be developed with DOJ.[6] The new Proposed Guidelines touch on both vertical and horizontal merger enforcement.

II. The Proposed Guidelines reflect the Agencies’ current policy of enhanced scrutiny in merger analysis and pursuit of broader enforcement priorities.

The Proposed Guidelines reflect recent trends in merger review, including enhanced Agency scrutiny and expanded theories. The Proposed Guidelines seek to further these priorities by articulating a range of frameworks that the Agencies may use for assessing a merger’s legality.

A. Lower thresholds to trigger a structural presumption.

The lowering of the quantitative thresholds of market concentration necessary to trigger the presumption that a merger is anticompetitive is one of the most impactful policy changes articulated in the Proposed Guidelines. As a result of this change, the agencies may use the Proposed Guidelines as grounds to investigate more deeply transactions previously considered low-risk, and to discount pro-competitive features of the industry, regardless of the deal specifics. To apply a structural presumption, however, the Agencies would need to define the relevant market in which to evaluate the competitive effects of a proposed transaction.

While the Agencies have long used market concentration thresholds to guide antitrust analysis in merger review, the Proposed Guidelines utilize lower thresholds and ascribe greater weight to the attendant anticompetitive inferences.[7] Whereas the 2010 Horizontal Merger Guidelines characterize concentrations of seven competitors of equal share or more (utilizing the Herfindahl-Hirschman Index (HHI) index) as “unconcentrated”, the Proposed Guidelines would seek to label as “concentrated” any market with more concentration than, for example, 10 equal players. The specific proposed interplay of concentration and market shares is illustrated below.

B. Decreased focus on market definition in favor of competitive effects and other evidence.

While the 2010 Horizontal Merger Guidelines relied on market definition to focus the inquiry on the relevant competitive dynamics, the Proposed Guidelines eschew this approach. Instead, the Agencies may avoid defining markets and rely instead on non-traditional evidence, including evidence of competition between the merging parties (irrespective of alternative competitive threats), prior industry coordination (regardless of the parties’ participation), or recent mergers in the same market (regardless of whether prior transactions increased competition).

C. Close scrutiny of transactions that may eliminate potential competition.

Consistent with the Biden administration’s enforcement program, the Proposed Guidelines endorse an expansive view of the so-called “potential competition” doctrine, which describes transactions that may violate the antitrust laws by eliminating an “actual” or “perceived” potential competitor rather than a current market participant.[8] Under the Proposed Guidelines, a merger may be illegal where it eliminates “actual” potential competition, i.e., “the possibility that entry or expansion by one or both firms would have resulted in new or increased competition in the market in the future.”[9] The agencies may also investigate mergers that eliminate “perceived” potential competition, i.e., “current competitive pressure exerted on other market participants by the mere perception that one of the firms might enter.”[10]

The 2010 Horizontal Merger Guidelines neither distinguish between “actual” or “perceived” potential competition nor devote significant time to discussing them as an Agency priority, and the Agencies have found split Circuit opinions on frameworks for “actual” and “perceived” potential competition claims. The Proposed Guidelines set out a detailed framework under the most Agency-favorable Circuit views for analyzing potential competition issues. For example, the Proposed Guidelines suggest that, in challenging a deal that threatens to eliminate an “actual” potential entrant, the Agencies need only show whether one of the merging firms had a “reasonable probability” of entering the relevant market absent the merger.[11] This standard, while endorsed by some district courts, has been rejected by others (and at one time even the FTC itself) in favor of a more demanding showing of “clear proof.” Both here and elsewhere in the Proposed Guidelines, the Agencies rely on a generous and often selective reading of the relevant case law.

D. Framework for analyzing platform mergers.

The Proposed Guidelines set forth a framework for analyzing and challenging mergers involving competition between, on and to displace platform businesses (businesses that provide different products or services to two or more different groups or “sides” who may benefit from each other’s participation). The Proposed Guidelines provide that transactions involving platforms may attract scrutiny if 1) two platform operators are combining; 2) a platform operator acquires a platform participant; 3) it involves the acquisition of a company that facilitates participation on multiple platforms, or 4) it involves the acquisition by a platform operator of a company that provides important inputs for platform services (such as data enabling matching, sorting, or prediction).

E. Focus on potential harm to rivals.

Historically, the Agencies followed the Brown Shoe rule that antitrust law protections “competition, not competitors”, but the Proposed Guidelines highlight mergers’ potential to harm competitors. Where discussion of harm to competitors previously occurred primarily in a vertical context, the Agencies have expanded potential harms via potential foreclosure of products or services in “related” markets that could impact competition in an overlap product market. Most notably, the Proposed Guidelines indicate potential concerns may arise for related products rivals do not currently use but may in the future, and for circumstances where related products are or could be complementary to rivals’ competitive products and thus increase their value to customers.[12] Through the Proposed Guidelines, the Agencies have expanded theories of harm to include current and potential 3rd party competitors.

F. Investigations of serial or “roll-up” acquisitions.

The Proposed Guidelines also announce a new approach to analyzing multiple acquisitions by the same company. Traditionally, the Agencies have assessed a merger’s potential competitive effects independent of prior acquisitions, with an eye towards how future conduct will change because of the current merger. The Agencies now intend to investigate “pattern[s] or strateg[ies] of multiple small acquisitions, even if no single acquisition on its own would risk substantially lessening competition or tending to create a monopoly.”[13] This follows previously stated goals by the Agencies to bring enforcement actions against “roll-up” acquisitions, particularly in technology, pharmaceuticals, healthcare, and private equity investment.[14]

G. Enhanced focus on labor market effects.

The Proposed Guidelines expand the Agencies’ recent focus of mergers’ competitive effects in labor markets. In her recent Statement on the Proposed Guidelines, FTC Chair Lina Khan noted that “although antitrust law from its founding has been concerned about the effects of monopoly power on workers, merger analysis in recent decades has neglected to focus on labor markets.”[15] The Proposed Guidelines emphasize “labor markets are important buyer markets” that are separately subject to review, and downplay potential efficiencies created by firms combining operations.[16] The Agencies are already inquiring into potential labor market overlaps in Second Request investigations, as well as reviewing documents produced in merger investigations for evidence of wage fixing or no-poach agreements.

H. Expanded use of FTC Section 5 authority.

The Proposed Guidelines note several potential scenarios (and suggest more exist) where the FTC might exercise enforcement powers beyond the scope of the Sherman and Clayton Acts, reflecting Chair Khan’s often articulated intent to expand the FTC’s authority under Section 5 of the FTC Act.[17] The Proposed Guidelines leave the scope of this expanded enforcement authority open but note examples, such as otherwise lawful transactions whose acquisition structures, regulatory jurisdictions, or procurement processes might lessen competition.[18] As a result, the FTC may probe more widely into the acquisition dynamics and acquiring parties’ business structure during investigations and probe deeper into documents and interviews to root out potentially unique industry competitive conditions.

III. Practically, the Proposed Guidelines would bring greater antitrust scrutiny earlier in the regulatory review process and less certainty to merging parties.

Companies considering transactions should take note of the Proposed Guidelines and consider what changes to existing processes may be required. Companies should review due diligence templates with an eye toward early identification of items that may be the subject of regulatory scrutiny, including new and expanded areas of focus including labor markets, inputs to rivals, and past acquisitions. Companies may also want to proactively develop strong and persuasive advocacy that demonstrates the procompetitive aspects of a transaction and meets potential theories of competitive harm head-on. Finally, document creation and retention guidance continues to be of paramount importance as the number and types of documents that could be a focus item in merger investigations continues to grow, with potential changes to the HSR filing guidelines that may require submission of many additional documents related to the transaction.[19]

IV. Conclusion & Takeaways

The Proposed Guidelines are the latest in a larger trend of expanded and more aggressive antitrust enforcement by the Agencies in the current Administration, as we have noted in our prior Client Alerts regarding changes to the HSR merger notification form, FTC’s enforcement authority under Section 5 of the FTC Act, and interlocking directorates.[20] As with other efforts to expand the reach of the antitrust laws, the enforcement policies articulated in these Proposed Guidelines will be subject to review by federal courts. And, although prior Merger Guidelines have garnered widespread acceptance in the case law, to challenge proposed transactions based on novel theories articulated in these Proposed Guidelines, the Agencies will ultimately need to persuade federal courts that these theories are supported by legal precedent.

In light of this increasingly aggressive and unpredictable merger enforcement environment, firms considering transactions should continue to proactively consult with antitrust counsel to develop appropriate antitrust risk mitigation strategies. While the draft merger guidelines are simply guidance and may yet evolve in response to public comments, they are indicative of the theories that enforcers may study during a merger investigation.

Gibson Dunn attorneys are closely monitoring these developments and are available to discuss these issues as applied to your particular business.

___________________________

[1] Merger Guidelines (Draft for Public Comment), U.S. Dep’t of Justice & Fed. Trade Comm’n (July 19, 2023) (non-final draft for public comment purposes) (“Proposed Guidelines”).

[2] See, e.g., Exec. Order No. 14,036, 86 Fed. Reg. 36,987 (July 9, 2021). See also Fact Sheet: Executive Order on Promoting Competition in the American Economy, The White House (July 9, 2021).

[3] See Gibson Dunn Client Alerts: DOJ Signals Increased Scrutiny on Information Sharing (Feb. 10, 2023); FTC Proposes Rule to Ban Non-Compete Clauses (Jan. 5, 2023); FTC Announces Broader Vision of Its Section 5 Authority to Address Unfair Methods of Competition (Nov. 14, 2023); DOJ Antitrust Secures Conviction for Criminal Monopolization (Nov. 9, 2022); DOJ Antitrust Division Head Promises Litigation to Break Up Director Interlocks (May 2, 2022).

[4] Horizontal Merger Guidelines, U.S. Dep’t of Justice & Fed. Trade Comm’n (August 19, 2010).

[5] Vertical Merger Guidelines, U.S. Dep’t of Justice & Fed. Trade Comm’n (June 30, 2020).

[6] Press Release, Federal Trade Commission Withdraws Vertical Merger Guidelines and Commentary, Fed. Trade Comm’n, (Sept. 15, 2021).

[7] See Proposed Guidelines at 7 n.29 (“The first merger guidelines to reference an HHI threshold were the merger guidelines issued in 1982, which used the 1,800 HHI threshold for a highly concentrated market, and 100 HHI for a significant increase. Each subsequent iteration until 2010 maintained those thresholds. . . . . In practice, the Agencies tended to challenge mergers that greatly exceeded these thresholds to focus their limited resources on the most problematic transactions. The more permissive thresholds included in the 2010 Horizontal Merger Guidelines reflected that agency practice, rather than a judgment of the appropriate thresholds for competitive concem or the requirements of the law. The Agencies consider a threshold of a post-merger 1,800 HHI and an increase in HHI of 100 to better reflect both the law and the risks of competitive harm and have therefore returned to those thresholds here.”)

[8] See id. at 11–13.

[9] Id. at 13.

[10] Id. at 11.

[11] Id. at 11–12.

[12] See Proposed Guidelines at 14 (Section II. Guideline 5. Subsection A. “The Ability and Incentive to Weaken or Exclude Rivals”).

[13] Proposed Guidelines at 22 (Section II. Guideline 9. “When a Merger is Part of a Series of Multiple Acquisitions, the Agencies May Examine the Whole Series.”).

[14] See, e.g., Statement of Commissioner Rohit Chopra Regarding Private Equity Roll-ups and the Hart-Scott Rodino Annual Report to Congress, Fed. Trade Comm’n (July 8, 2020); Deputy Assistant Attorney General Andrew Forman, The Importance of Vigorous Antitrust Enforcement in Healthcare (June 3, 2022).

[15] Statement of Chair Lina M. Khan Joined by Commissioner Rebecca Kelly Slaughter and Commissioner Alvaro M. Bedoya Regarding FTC-DOJ Proposed Merger Guidelines, Fed. Trade Comm’n (July 19, 2023).

[16] See Proposed Guidelines at 26 (Section II. Guideline 11. “When A Merger Involves Competing Buyers, the Agencies Examine Whether It May Substantially Lessen Competition for Workers or Other Sellers.”).

[17] Statement of Chair Lina M. Khan Joined by Commissioner Rebecca Kelly Slaughter and Commissioner Alvaro M. Bedoya On the Adoption of the Statement of Enforcement Policy Regarding Unfair Methods of Competition Under Section 5 of the FTC Act, Fed. Trade Comm’n (Nov. 10. 2022); Statement of Chair Lina M. Khan Joined by Commissioner Rohit Chopra and Commissioner Rebecca Kelly Slaughter on the Withdrawal of the Statement of Enforcement Principles Regarding “Unfair Methods of Competition” Under Section 5 of the FTC Act, Fed. Trade Comm’n (July 1, 2021).

[18] Proposed Guidelines at 28 (Section II. Guideline 13. “Mergers Should Not Otherwise Substantially Lessen Competition or Tend to Create a Monopoly.”).

[19] See Gibson Dunn Client Alert: FTC Proposes Dramatic Expansion and Revision of HSR Merger Notification Form (June 29, 2023).

[20] See Gibson Dunn Client Alerts: DOJ Signals Increased Scrutiny on Information Sharing (Feb. 10, 2023); FTC Proposes Rule to Ban Non-Compete Clauses (Jan. 5, 2023); FTC Announces Broader Vision of Its Section 5 Authority to Address Unfair Methods of Competition (Nov. 14, 2023); DOJ Antitrust Secures Conviction for Criminal Monopolization (Nov. 9, 2022); DOJ Antitrust Division Head Promises Litigation to Break Up Director Interlocks (May 2, 2022).

The following Gibson Dunn lawyers prepared this client alert: Sophie Hansell, Kristen Limarzi, Josh Lipton, Michael Perry, Chris Wilson, Jamie France, Logan Billman, Zoë Hutchinson, Connor Leydecker, and Steve Pet.

Antitrust and Competition Group:
Rachel S. Brass – Co-Chair, San Francisco (+1 415-393-8293, rbrass@gibsondunn.com)
Stephen Weissman – Co-Chair, Washington, D.C. (+1 202-955-8678, sweissman@gibsondunn.com)
Ali Nikpay – Co-Chair, London (+44 (0) 20 7071 4273, anikpay@gibsondunn.com)
Christian Riis-Madsen – Co-Chair, Brussels (+32 2 554 72 05, criis@gibsondunn.com)

Mergers and Acquisitions Group:
Robert B. Little – Co-Chair, Dallas (+1 214-698-3260, rlittle@gibsondunn.com)
Saee Muzumdar – Co-Chair, New York (+1 212-351-3966, smuzumdar@gibsondunn.com)

Private Equity Group:
Richard J. Birns – Co-Chair, New York (+1 212-351-4032, rbirns@gibsondunn.com)
Ari Lanin – Co-Chair, Los Angeles (+1 310-552-8581, alanin@gibsondunn.com)
Michael Piazza – Co-Chair, Houston (+1 346-718-6670, mpiazza@gibsondunn.com)