Richard Manfredi, Author at Gibson Dunn

CCPA Regulations Are Now Effective

On Friday, August 14, 2020, California Attorney General Xavier Becerra announced that the state’s Office of Administrative Law (“OAL”) approved the final California Consumer Privacy Act (“CCPA”) regulations. As detailed in our alert on June 12, 2020, the Attorney General submitted final proposed regulations to the OAL on June 1, 2020, and OAL approval was required before the regulations could take effect. The approved regulations—which took effect immediately on August 14, 2020—largely track the final regulations proposed by the Attorney General. The OAL withdrew four provisions,[1] however, and the Attorney General made a number of non-substantive changes for accuracy, consistency, and clarity (the non-substantive changes are detailed by the Office of the Attorney General here). The OAL withdrew the following provisions, though certain of the revisions do not indicate any substantive reversal, as noted below:

Explicit Consent for Use of Personal Information for Different Purpose (formerly § 999.305(a)(5)): The OAG removed the requirement that notice and explicit consent is required to use a consumer’s personal information for a materially different purpose from the purpose disclosed at or before the collection of personal information. This provision was heavily debated during the public comment period, and while it would remove a significant burden on businesses seeking to make such a change with respect to explicit consent, the statute (Cal. Civ. Code § 1798.100(b)) still dictates that a “business shall not collect additional categories of personal information or use personal information collected for additional purposes without providing the consumer with notice consistent with” the CCPA.
Offline Notice of Opt-Out (formerly § 999.306(b)(2)): The OAL removed the requirement that businesses substantially interacting with consumers offline must provide an offline notice of a consumer’s ability to opt out of the sale of personal information, such as by providing a consumer with notice on a printed form or posting signage directing consumers to a notice.
Ease of Requesting to Opt-Out (formerly § 999.315(c)): The OAL removed the language requiring that the methods businesses use for submitting requests to opt-out “be easy for consumers to execute,” and “require minimal steps to allow the consumer to opt-out.” The withdrawn provision had also clarified that a “business shall not utilize a method that is designed with the purpose or has the substantial effect of subverting or impairing a consumer’s decision to opt-out.” Although this particular provision was removed, another provision, § 999.315(b), still encourages businesses to consider the “ease of use by the consumer when determining which methods consumers may use to submit requests to opt-out.”
Denying Requests by Unauthorized Agents (formerly § 999.326(c)): Although this subsection allowing businesses to deny a request from an agent that failed to submit proof of authorization to act on the consumer’s behalf was removed, a different provision, § 999.315(f), provides that “[a] business may deny a request from an authorized agent if the agent cannot provide to the business the consumer’s signed permission demonstrating that they have been authorized by the consumer to act on the consumer’s behalf.”

At least the first two provisions above were particularly scrutinized during the public comment period, and their exclusion from the final regulations makes requirements for businesses less onerous (for example, businesses required to provide an opt-out-of-sale mechanism may have struggled with a practical offline procedure for opting out of the sale of data). The OAL has offered little insight into its reasoning for withdrawing these provisions, however, and the Attorney General may resubmit these sections after further review and potential revision.

Regardless of the withdrawal of these particular provisions, in light of the official approval of the remainder of the regulations, and the Attorney General’s authorization to enforce them starting immediately, businesses would be well advised to familiarize themselves with the approved regulations. We remain available to advise accordingly.

Bill Extending Key CCPA Exemptions Moves Forward at the Legislature

Separately, on August 13, 2020, the California Senate Judiciary Committee agreed—with a unanimous 9-0 vote—to extend until January 2022 exemptions from certain CCPA requirements for personal information arising from business-to-business (“B2B”) transactions and employment, which are currently set to expire January 1, 2021.[2] The relevant bill, AB 1281, was significantly revamped from a prior bill on June 25, 2020, and now its sole proposal is to extend the foregoing exemptions until January 2022, unless the California Privacy Rights Act (“CPRA”) passes. The CPRA is an initiative that is set for a vote on the November 3, 2020 state ballot, as we discuss in more detail here, and would extend the same exemptions until January 1, 2023. AB 1281 now sits with the Senate Appropriations Committee and was scheduled for a vote on August 19, 2020, but the legislature adjourned its session without a vote on the bill. The next session is scheduled for Monday, August 24. As of now, it appears likely to pass, which means the CCPA would not start applying to employment and B2B-related personal information when the current exemption expires on January 1, 2021.

_____________________

[1] Cal. Code Regs. Tit. 11, Div. 1, Chap. 20 §§ 999.305 (a)(5); 999.306(b)(2); 999.315(c);999.326(c).

[2] See California Senate Committee Roll Calls, available at https://sjud.senate.ca.gov/sites/sjud.senate.ca.gov/files/roll_call_reports_all_bills.pdf.

The following Gibson Dunn lawyers assisted in the preparation of this client update: Alexander Southwell, Benjamin Wagner, Ryan Bergsieker, Cassandra Gaedt-Sheckter, Abbey Barrera, Julie Hamilton, and Tony Bedel.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, or any member of the firm’s California Consumer Privacy Act Task Force or its Privacy, Cybersecurity and Consumer Protection practice group:

California Consumer Privacy Act Task Force:
Benjamin B. Wagner – Palo Alto (+1 650-849-5395, [email protected])
Ryan T. Bergsieker – Denver (+1 303-298-5774, [email protected])
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650-849-5203, [email protected])
Joshua A. Jessen – Orange County/Palo Alto (+1 949-451-4114/+1 650-849-5375, [email protected])
H. Mark Lyon – Palo Alto (+1 650-849-5307, [email protected])
Alexander H. Southwell – New York (+1 212-351-3981, [email protected])
Deborah L. Stein (+1 213-229-7164, [email protected])
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, [email protected])

Please also feel free to contact any member of the Privacy, Cybersecurity and Consumer Protection practice group:

United States
Alexander H. Southwell – Co-Chair, PCCP Practice, New York (+1 212-351-3981, [email protected])
Debra Wong Yang – Los Angeles (+1 213-229-7472, [email protected])
Matthew Benjamin – New York (+1 212-351-4079, [email protected])
Ryan T. Bergsieker – Denver (+1 303-298-5774, [email protected])
Howard S. Hogan – Washington, D.C. (+1 202-887-3640, [email protected])
Joshua A. Jessen – Orange County/Palo Alto (+1 949-451-4114/+1 650-849-5375, [email protected])
Kristin A. Linsley – San Francisco (+1 415-393-8395, [email protected])
H. Mark Lyon – Palo Alto (+1 650-849-5307, [email protected])
Karl G. Nelson – Dallas (+1 214-698-3203, [email protected])
Deborah L. Stein (+1 213-229-7164, [email protected])
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, [email protected])
Benjamin B. Wagner – Palo Alto (+1 650-849-5395, [email protected])
Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415-393-8333/+1 650-849-5393, [email protected])

Europe
Ahmed Baladi – Co-Chair, PCCP Practice, Paris (+33 (0)1 56 43 13 00, [email protected])
James A. Cox – London (+44 (0)20 7071 4250, [email protected])
Patrick Doris – London (+44 (0)20 7071 4276, [email protected])
Bernard Grinspan – Paris (+33 (0)1 56 43 13 00, [email protected])
Penny Madden – London (+44 (0)20 7071 4226, [email protected])
Michael Walther – Munich (+49 89 189 33-180, [email protected])
Kai Gesing – Munich (+49 89 189 33-180, [email protected])
Alejandro Guerrero – Brussels (+32 2 554 7218, [email protected])
Vera Lukic – Paris (+33 (0)1 56 43 13 00, [email protected])
Sarah Wazen – London (+44 (0)20 7071 4203, [email protected])

Asia
Kelly Austin – Hong Kong (+852 2214 3788, [email protected])
Jai S. Pathak – Singapore (+65 6507 3683, [email protected])

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

The ongoing coronavirus has caused governments and populations to rethink how to conduct social interactions and in turn how to conduct business on a global scale. Despite the ongoing global public health crisis, the United States Government’s efforts to use its economic leverage to conduct foreign policy continues unabated. Indeed, throughout the first half of 2020, the United States continued to tighten the screws on Iran and Venezuela and has not shied away from using its economic arsenal in its escalating trade war with China.

As the global pandemic has deepened, there have been calls from some quarters, including from UN Secretary General António Guterres and UN High Commissioner for Human Rights Michelle Bachelet, for a temporary easing of sanctions—on humanitarian and public health grounds—against countries especially vulnerable to the spread of COVID-19, including Iran and Venezuela. U.S. officials have so far declined that invitation, citing the broad humanitarian exceptions already incorporated into U.S. sanctions measures. Underscoring the point, the United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) in April 2020 issued a fact sheet compiling all of the existing authorizations and exemptions for humanitarian trade and other assistance with respect to each comprehensively sanctioned jurisdiction, including Iran. This suggests that, for now at least, OFAC views its existing exemptions and authorizations as sufficient to meet the current public health emergency and has no intention or appetite for otherwise easing sanctions.

The pandemic has only further highlighted U.S.-China tensions and, unsurprisingly, the United States has continued to use sanctions and export controls not only to apply pressure in the escalating trade war but in response to China’s human rights abuses in Hong Kong and against the country’s Uyghur minority.

More broadly, the U.S. administration and OFAC have taken several measures to remind the world that compliance with economic sanctions remains of paramount importance despite the global upheaval. Even in the midst of the pandemic-induced chaos, OFAC still found time to issue an entirely new sanctions program addressing the humanitarian situation in Mali and has continued to take additional measures targeting Syria and North Korea. OFAC and BIS designations have continued apace, and the State Department has even gotten into the game by designating an increasing number of individuals as “Corrupt Actors” and “Human Rights Violators.” Taking a warning shot across the bow of the shipping industry, in May 2020, OFAC issued the latest in a series of industry advisories addressing deceptive practices in global maritime transportation, building upon previously published guidance relating to North Korea’s, Syria’s, and Iran’s illicit shipping practices. The advisory stresses that 90 percent of global trade involves maritime transportation, and that, even during a massive international public health crisis, participants must remain vigilant.

I. Major U.S. Program Developments

A. Iran

During the first half of 2020, the United States continued to increase sanctions pressure on the regime in Tehran while also seeking to enable the flow of humanitarian goods and services to the Iranian people to alleviate the suffering due to COVID-19. Notably, amid a spike in tensions between Washington and Tehran following the January 2020 killing of Iranian General Qassem Soleimani in a U.S. airstrike, the Trump Administration imposed secondary sanctions on some of the few remaining sectors of the Iranian economy not already subject to U.S. restrictive measures. Meanwhile, as Iran grappled with one of the first severe outbreaks of COVID-19, OFAC leveraged its existing authorities to facilitate the provision of aid to the Iranian people, including by opening a new Swiss channel for humanitarian trade and authorizing certain transactions to flow through Iran’s central bank.

On January 10, 2020, President Trump issued Executive Order 13902, which authorizes OFAC to designate entities operating in the construction, mining, manufacturing, or textiles sectors of the Iranian economy, as well as any other sector of the Iranian economy targeted by the U.S. Secretary of the Treasury. The order also authorizes the imposition of secondary sanctions against any non-U.S. person or company that knowingly engages in a significant transaction involving one of those targeted sectors. Following the expiration of a 90-day wind-down period on June 5, 2020, OFAC published guidance indicating how the agency expects to define those four sectors, as well as what types of dealings in goods and services are potentially sanctionable. For example, in light of the COVID-19 pandemic, OFAC clarified that the new manufacturing sanctions do not target persons or companies in Iran manufacturing medicines, medical devices, or products used for sanitation, hygiene, medical care, medical safety, and manufacturing safety (e.g., soap, hand sanitizer, ventilators, respirators, personal hygiene products, diapers, infant and childcare items, personal protective equipment, and manufacturing safety systems), solely for use within Iran and not for export abroad.

Additionally, consistent with longstanding U.S. policy in favor of legitimate humanitarian trade with sanctioned jurisdictions, the United States during the past six months also implemented several measures designed to facilitate Iran’s response to the coronavirus pandemic.

OFAC, building on a framework announced in October 2019 under which foreign governments and foreign financial institutions may establish approved payment mechanisms for humanitarian exports to Iran, in February 2020 announced that the first such payment channel has become operational. Developed in cooperation with the Swiss government, the Swiss Humanitarian Trade Arrangement is a voluntary mechanism under which OFAC will provide written confirmation, or “comfort letters,” to persons domiciled in Switzerland (including entities owned or controlled by U.S. persons), affirming that sales to Iran of food, agricultural commodities, medicine, and medical devices are not exposed to U.S. sanctions. To obtain these comfort letters, exporters must submit to stringent due diligence and reporting requirements to ensure that humanitarian exports are not improperly diverted to sanctioned parties. Given those exacting requirements, however, the number of transactions processed through the new Swiss payment channel so far remains relatively small.

In February 2020, OFAC issued Iran General License 8, which authorizes certain humanitarian transactions involving the Central Bank of Iran (“CBI”). Entities designated under OFAC’s counterterrorism authorities, including as of last year the CBI, are not only subject to the broad sanctions restrictions typically imposed on SDNs, but also may not participate in humanitarian trade with Iran—a category of activity generally exempt from sanctions restrictions. General License 8 therefore creates an exception under which both U.S. persons and non-U.S. persons are authorized to engage in certain transactions with the CBI involving sales to Iran of food, agricultural commodities, medicine, and medical devices. Notably, that exception is specific to the CBI and does not extend to transactions involving any other Iranian financial institution sanctioned under a U.S. counterterrorism authority, such as Executive Order 13224.

Moreover, as part of its “maximum pressure” campaign, the Trump administration has continued to tighten sanctions on Iranian transactions and activities that do not raise humanitarian concerns. In May 2020, the U.S. Department of State announced that, subject to a 60-day wind-down period that expires on July 27, 2020, the United States is ending sanctions waivers that have allowed non-U.S. persons to engage in certain activities involving Iran’s civil nuclear program. The United States in May and June also designated a steady stream of Iranian targets, including military front companies, senior law enforcement officials, ship captains, and metals producers. With a U.S. presidential election looming in November 2020, such Iran-related designations will likely continue apace throughout the months ahead.

B. Venezuela

Despite presiding over a collapsing economy, a deepening public health crisis, and the exodus of several million of its citizens, the regime of President Nicolás Maduro presently controls nearly all levers of power within Venezuela, including the country’s courts and armed forces. Expanding on earlier sanctions measures, the Trump administration during the first half of 2020 deployed an array of tools to deny the Maduro regime the resources and support necessary to sustain its hold on power—from indicting several of Venezuela’s top leaders to aggressively targeting virtually all dealings with Venezuela’s crucial oil sector.

In March 2020, the U.S. Department of Justice announced criminal indictments against President Maduro and 14 other high-level officials, including Venezuela’s chief justice and defense minister. The indictments allege a wide range of criminal conduct by Venezuela’s senior leadership, including overseeing a cartel that imported significant quantities of cocaine into the United States, corruption, money laundering, and sanctions evasion. While not formally a sanctions action, the announcement was notable because the United States, as a matter of policy, does not charge sitting heads of state—a restriction that was determined not to apply because the United States and nearly 60 other countries do not recognize Maduro as Venezuela’s rightful leader. In addition to constricting the officials’ ability to travel overseas for fear of being arrested and extradited, the indictments also potentially dim the prospects for a negotiated settlement to Venezuela’s political crisis if, upon ceding power, President Maduro and his top lieutenants face the prospect of being jailed in New York.

In addition to leveraging the criminal justice system, the Trump administration over the past six months repeatedly sanctioned (or threatened to sanction) non-U.S. persons for playing even an indirect role in bringing Venezuelan oil to market.

In February and March 2020, OFAC designated two subsidiaries of the Russian state-controlled oil giant Rosneft for brokering the sale and transport of Venezuelan crude—prompting Rosneft to announce shortly afterward that it will cease all operations in Venezuela and sell its Venezuelan assets to an unnamed company wholly owned by the Kremlin. However, this shift does not necessarily mean that Russia is abandoning its alliance with the Maduro regime or even its involvement in Venezuela’s oil industry. Rather, the transaction appears designed to protect Rosneft—the centerpiece of Russia’s oil sector—from the imposition of deeper U.S. sanctions by walling off all Venezuela-related dealings inside a special purpose entity that is perhaps less vulnerable to U.S. sanctions pressure than a large, publicly traded company.

In April 2020, OFAC further restricted dealings with Venezuela’s oil sector by narrowing one of the few remaining authorizations for U.S. companies to engage in dealings with the state-owned oil company Petróleos de Venezuela, S.A. (“PdVSA”). Since the United States imposed sanctions on PdVSA in January 2019, OFAC has issued, and repeatedly extended, a general license authorizing five named U.S. oil and oil field services companies to engage in all transactions and activities ordinarily incident and necessary to operations in Venezuela involving PdVSA and its various subsidiaries. This authorization was designed to enable specific empresas mixtas, which are joint ventures between large multinational energy companies and PdVSA, to continue operating.

The latest version of that license, issued on April 21, 2020, is more limited in scope—authorizing, until December 1, 2020, just certain “essential” activities involving those five companies’ joint ventures, including activities ordinarily incident and necessary to protecting the safety of personnel, preserving assets, and participating in shareholder and board meetings. OFAC now expressly excludes from the authorization a number of key activities, including (1) drilling, lifting, processing, purchasing, selling, or transporting Venezuelan-origin petroleum and petroleum products; (2) repairs or improvements to Venezuelan energy infrastructure; and (3) the payment of dividends to PdVSA entities. Moreover, the license for the first time provides for—but does not require—the wind down of the five companies’ dealings with PdVSA. By effectively prohibiting U.S. firms from extracting and selling Venezuelan-origin petroleum, this policy shift calls into question the continuing viability of the empresas mixtas more generally—at least after December 1, 2020. Though the general license could be renewed once more, if the five U.S. companies named in the license—and their non-U.S. peers, including a number of leading European energy firms with similar ventures—were ultimately to depart Venezuela, the United States stands to lose a foothold in an OPEC member state with enormous proven oil reserves.

Finally, reflecting the breadth of the Trump administration’s efforts to disrupt the Venezuela oil trade, OFAC in June 2020 repeatedly designated shipping companies and tankers for lifting Venezuelan crude. While these companies and their vessels were eventually de-listed following enhancements to their sanctions compliance programs and pledges to cease involvement with Venezuela’s oil sector for so long as the Maduro regime remains in power, these actions—coupled with reports of imminent plans by OFAC to designate dozens more vessels—have caused maritime companies to re-evaluate their exposure to Venezuela. Indeed, ship owners, managers and operators, flag registries, port operators, insurance companies, and financial institutions are now effectively on notice that, absent authorization from OFAC, any involvement in transporting Venezuelan oil is now highly risky.

C. Syria

As the almost decade-old conflict in Syria persists, the U.S. Government has continued to use economic sanctions as a means to pressure the Assad regime as well as other actors in the region who continue to commit human rights abuses against the Syrian civilian population. On June 17, 2020 the Caesar Syria Civilian Protection Act of 2019 (“Caesar Act” or the “Act”) went into effect (180 days since its signing by President Trump as part of the 2020 National Defense Authorization Act). The Caesar Act, named after the Syrian defector known as “Caesar” who smuggled out photographs of torture occurring under the Assad regime, was implemented by Congress to, in the words of Secretary Pompeo, “promote accountability for brutal acts against the Syrian people by the Assad regime and its foreign enablers.” The Act requires the President, at the 180-day mark, to take certain actions, including with respect to the Act’s sanctions provisions. The provisions strengthen secondary sanctions with respect to Syria by requiring the President to enact certain sanctions against foreign persons found to be acting in support of the Government of Syria or other sanctioned individuals or groups operating in Syria. Specifically, Congress has required the President to sanction foreign individuals and entities who knowingly:

provide financial, material, or technological support to: (i) the Government of Syria or a senior official; (ii) foreign military or paramilitary forces operating in Syria on behalf of the Syrian, Russian, or Iranian governments; or (iii) foreign persons already sanctioned under the United States’ Syria sanctions program;
sell or provide “significant” goods, services, or any other support that “significantly facilitates” the Syrian Government’s natural gas or petroleum production;
sell or provide aircraft or aircraft parts to foreign persons or forces operating in areas controlled by the Syrian government or otherwise associated with the Syrian government, or provides goods to services to any such foreign person;
provide “significant” construction or engineering services to the Syrian government.

Additionally, the Act requires the Treasury Secretary to determine, by June 17, 2020, whether the Central Bank of Syria (“CBS”) constitutes an institution of primary money laundering concern under the USA PATRIOT ACT, a law enacted passed in 2001 to strengthen U.S. measures to prevent, detect, and prosecute international money laundering and terrorist financing. A primary money laundering concern designation would require U.S. banks that deal with the CBS to take certain information gathering and record-keeping measures and, more significantly, could result in U.S. banks’ being prohibited from opening or maintaining correspondent or payable-through accounts that involve the CBS. However, as of date of this writing no such determination appears to have been made.

Also on June 17, 2020, the U.S. Treasury and State Departments designated 39 individuals and entities under the Caesar Act and Executive Order 13894 and one month later, on July 31, 2020, another 14 individuals and entities were designated under the same authorities. On June 5, 2020, OFAC promulgated new regulations implementing EO 13894 under 31 C.F.R. part 569. Interestingly, Syrian first lady Asma al-Assad and Assad’s adult son, Hafez al-Assad, were designated for the first time under this new authority. Syrian President Bashar al-Assad and other Syrian military officials were also named, but had previously been designated under authorities such as EO 13573 and EO 13582, which together provided for the designation of senior Syrian government officials and, more broadly, the Government of Syria. As we previously discussed in a client alert and last year’s update, EO 13894 was initially enacted in October 2019 in order address Turkey’s aggression in northern Syria, rather than members of the Assad regime itself.

D. North Korea

During the first half of 2020, the United States continued to mount pressure on the government of North Korea through the issuance of two separate sanctions advisories targeting the country’s illicit activities in the cyber and maritime sectors, amending and intensifying the North Korea Sanctions Regulations (“NKSR”), and bringing indictments against individuals for evading U.S. sanctions for the purpose of supporting the despotic regime’s nuclear program.

On April 15, the U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation (“FBI”) issued an advisory on the North Korean Cyber Threat and on measures that the U.S. Government encourages industry and individuals to take to protect themselves from cyber-enabled malicious activity. The advisory notes that North Korea has increasingly relied upon cybercrime as a means to generate revenue in the face of mounting international sanctions. According to a UN sanctions committee expert report, North Korea has attempted to steal as much as U.S. $2 billion through illicit cyber activities.

According to the advisory, cyberattacks sponsored by North Korean state-run organizations—including ransomware, spear phishing, and extortion campaigns—have targeted U.S. and international financial institutions, critical infrastructure, government and military networks, private industry, and individuals. Notable cyber incidents attributed to state-sponsored actors in North Korea include: the hacking of Sony Pictures in 2014, the theft of over $80 million from Bangladesh Bank in 2016, and the WannaCry 2.0 ransomware attacks in 2017.

The purpose of the advisory is to put industry and individuals on notice of the threat, to encourage commercial actors to adopt technical and behavioral measures to enhance their cybersecurity, and to encourage communication between industry and relevant U.S. Government agencies—including the Cybersecurity and Infrastructure Security Agency (“CISA”) and the FBI Cyber Division.

Among the measures companies are encouraged to take is to implement appropriate anti-money laundering/countering the financing of terrorism/counter-proliferation financing compliance standards and programs, such as those published by the Financial Action Task Force or required, in the United States, under the Bank Secrecy Act. U.S. enforcement agencies, including FinCEN, are particularly concerned about U.S. financial institutions’ involvement in digital currency platforms that provide anonymous payment and account services without transaction monitoring, suspicious activity reporting or customer due diligence.

Separately, on April 10, 2020, OFAC issued amendments to the NKSR, found at 31 C.F.R. part 510. These amendments followed Congressional legislation focused on applying further pressure to the isolated regime’s stagnant economy, implementing provisions of the North Korea Sanctions and Policy Enhancement Act of 2016 (“NKSPEA”) (as amended by the Countering America’s Adversaries Through Sanctions Act (“CAATSA”) and the National Defense Authorization Act for Fiscal Year 2020 (“2020 NDAA”). The amendments made several changes to the NKSR, including: implementing secondary sanctions for certain transactions; adding potential sanctions restricting the use of correspondent accounts for non-U.S. financial institutions that have provided significant services to SDNs; prohibiting non-U.S. subsidiaries of U.S. financial institutions from transacting with the government of North Korea or any SDN designated under the NKSR; and revising the definitions of “significant transactions” and “luxury goods.” Due to the rather limited size of the North Korean economy, these changes may not have a very large practical effect; however, these changes serve to remind the international community of the risks involved when dealing with North Korea.

These risks were made even more apparent when, on May 28, 2020, DOJ unsealed an indictment charging 28 North Korean and 5 Chinese individuals, acting on behalf of North Korea’s Foreign Trade Bank, for facilitating over $2.5 billion in illegal payments to support North Korea’s nuclear program. Though the prosecution is still in its early stages, the indictment is yet another reminder that U.S. enforcement agencies will continue to hold individuals and entities accountable—at times criminally accountable—for sanctions violations.

Rounding out the first half of the year, on July 16, 2020, OFAC announced that it had entered into a settlement agreement with UAE-based Essentra FZE Company Limited for violating the NKSR by exporting cigarette filters to North Korea using deceptive practices, including the use of front companies in China and elsewhere, and receiving payment into its accounts at a foreign branch of a U.S. bank. Significantly, OFAC found that Essentra FZE violated 31 C.F.R. § 510.212 by “causing” the U.S. bank to export financial services or engage in transactions involving North Korea. This enforcement action is reminiscent of OFAC”s 2017 settlement with CSE TransTel Pte. Ltd. (“TransTel”), a wholly owned subsidiary of CSE Global Limited (“CSE Global”). As we described in our 2017 Sanctions Year-End Update, OFAC in the CSE Global case appeared to expand its jurisdiction to cases in which non-U.S. parties “cause” U.S. entities (like financial institutions) to violate their sanctions obligations.

II. New Developments

A. China

Against the backdrop of the U.S.-China trade war, the United States has taken several sanctions measures in recent months targeting China’s aggression in its Xinjian region and in Hong Kong. In a volatile political season, there is significant pressure in the U.S. Congress to take steps to deter China’s alleged human rights abuses in its provinces, though it remains to be seen whether these sanctions measures will have any measurable economic impact. Moreover, recent weeks and months have seen a marked deterioration in the rhetoric used by the Trump administration to describe China’s actions, and the Chinese government has taken retaliatory measures that so far have been deemed largely symbolic. China experts report these events as a “turning point” in the U.S.-China relationship and as a downward “ideological spiral” and new “cold war.”

1. Human Rights & Forced Labor Concerns Regarding the Xinjiang Uyghur Autonomous Region

In June and July, the government took several measures aimed at confronting and punishing China’s alleged human rights abuses in the Xinjiang region. On June 17, 2020, the President signed the Uyghur Human Rights Policy Act, which condemns actions taken by the government of China with respect to Turkic Muslims and other Muslim minority groups in the Xinjiang Uyghur Autonomous Region (“XUAR”). The Act requires the President to submit a report to Congress within 180 days that identifies foreign persons, including Chinese government officials, who are responsible for gross violations of human rights in Xinjiang, including, as identified in the legislation, torture, arbitrary detention, abduction, and the operation of internment and forced labor camps. The Act requires the imposition of blocking sanctions and a visa ban on persons identified in the report.

Shortly after passage of the Act, the U.S. Departments of State, Treasury, Commerce, and Homeland Security issued the Xinjiang Supply Chain Business Advisory, a detailed guidance document for industry highlighting risks related to doing business with or connected to forced labor practices in Xinjiang and elsewhere in China. The Advisory states that businesses and individuals engaged in specified industries may face reputational or legal risks if their activities involve support for or acquisition of goods from commercial and governmental actors involved in illicit labor practices. The following activities were noted:

Selling or providing biometric devices, cameras, computers, items with surveillance capabilities, microchips and microprocessors, tracking technology, or related equipment, software, and technology; and
Involvement in joint ventures with PRC government officials and departments, or Chinese companies whose intellectual property has been known to aid the development or deployment of mass surveillance systems.

The Advisory recommends that businesses with supply chain links to Xinjiang assess their legal, economic, and reputational risks and take appropriate steps to implement reasonable human rights due diligence. The document provides many resources and links to internationally-recognized standards for conducting supply chain due diligence and establishing related corporate responsibility policies and procedures.

Ratcheting Up Designations

On July 9, OFAC designated the Xinjian Public Security Bureau and four current and former senior officials of the Chinese Communist Party (“CCP”) under authority delegated pursuant to the Global Magnitsky Act. The State Department announced complementary visa restrictions on three of the designated CCP officials. On July 31, the U.S. designated the Xinjiang Production and Construction Corps (“XPCC”), a paramilitary group associated with the CCP, as well as the XPCC’s former Political Commissar and Deputy Party Secretary and Commander, also pursuant to the Global Magnitsky Act. We discuss the designation of other entities using U.S. export control authorities in Section IV.G, supra.

In response to the July 9 designations, on July 13, China announced “corresponding sanctions” against four U.S. officials and the U.S. Congressional-Executive Commission on China, an independent U.S. Government agency created by statute in 2001. Though these sanctions have widely been described as “symbolic,” it could portend further retaliatory action by China in the future.

2. Hong Kong

The U.S. Government has taken several measures in early 2020 in response to China’s crackdown on ongoing protests in Hong Kong, opposing China’s proposed legislation that would impose serious criminal penalties on activities deemed to constitute separatism, subversion or collusion with a foreign government.

On May 28, 2020, U.S. Secretary of State Michael Pompeo reported to Congress that Hong Kong no longer warrants preferential treatment under U.S. law as it no longer maintains a “high degree of autonomy” from mainland China. The “de-certification” was announced in conjunction with the State Department’s annual report on the status of Hong Kong required under the United States-Hong Kong Policy Act of 1992, as amended by the Hong Kong Human Rights and Democracy Act of 2019. On July 14, 2020, President Trump issued an Executive Order formally revoking Hong Kong’s special trading status. The effects of this de-certification and revocation are discussed further below in Section IV.F, supra.

The State Department also announced visa restrictions on current and former members of the CCP believed to be responsible for “undermining Hong Kong’s high degree of autonomy,” as guaranteed by the 1984 Joint Declaration signed by Great Britain and Hong Kong and governing the terms of the transfer of Hong Kong back to Chinese sovereignty. Under the Joint Declaration, Hong Kong was to retain unchanged its internal economic, political, and legal institutions through the transfer, effective July 1, 1997, for a period of fifty years until 2047.

Hong Kong Autonomy Act authorizes additional sanctions

After Beijing officials enacted the national security law on an accelerated basis, the U.S. Congress responded with legislation that would authorize the U.S. Government to impose sanctions on foreign persons determined to have materially contributed to the failure of China to meet its obligations under the Joint Declaration, or its implementation in Hong Kong’s Basic Law, establishing the rights and freedoms particular to Hong Kong. President Trump signed the Hong Kong Autonomy Act on July 14, 2020.

The legislation requires the Secretaries of State and the Treasury to submit a report to Congress within 90 days of enactment identifying persons who have materially contributed to China’s actions in apparent violation of the Joint Declaration or the Basic Law. Blocking sanctions and visa restrictions are required within one year of the report. The Secretaries of State and the Treasury are also required to report to Congress if they have determined that any foreign financial institutions have knowingly conducted a significant transaction with a person identified under the Act. Sanctions for financial institutions include asset freezes, bans on banking or correspondent account transactions with U.S. financial institutions, and sanctions on individual officers, among other restrictions.

B. Select Designations

1. SDN List: Shanghai Saint Logistics Limited

On May 19, 2020, OFAC designated the China-based Shanghai Saint Logistics Limited (“Shanghai Saint Logistics”) for acting as a general sales agent for Iranian commercial airline Mahan Air, an entity sanctioned by OFAC under counterterrorism authorities in October 2011 and by the State Department under antiproliferation authorities in December 2019.

According to the U.S. Government, Mahan Air has, for years, transported terrorists and lethal cargo throughout the Middle East in support of Iran’s Islamic Revolutionary Guard Corps (“IRGC”) and the Assad regime in Syria. Mahan Air has also supported the Maduro regime by recently chartering flights to Venezuela for Iranian technicians and technical equipment (containing China-sourced materials).

As we pointed out in our 2019 Year-End Sanctions Update, OFAC’s July 2019 advisory warned non-U.S. persons that they could face designation or secondary sanctions penalties for dealing with Mahan Air. And the year before, U.S. Secretary of the Treasury Steve Mnuchin warned the aviation industry to “sever all ties and distance themselves immediately from this airline.” OFAC has backed up these warnings with action. In the past two years, OFAC has systematically targeted the non-U.S. actors supporting Mahan Air.

Shanghai Saint Logistics joins six other general sales agents (“GSAs”) that have already been blacklisted by OFAC for dealing with Mahan Air. A GSA is an agent providing services on behalf of an airline, typically under the airline’s brand. These services can include sales, marketing, freight handling, administrative services, and financial services. The now seven GSAs sanctioned for supporting Mahan Air span the globe, and include entities based in the United Arab Emirates, Malaysia, and Thailand.

Unsurprisingly, the designation of Shanghai Saint Logistics has not been received well by the government the People’s Republic of China (“PRC”). The PRC has called the designation “illegal” and has asked that the U.S. Government “change course and correct its mistake.” As a PRC Foreign Ministry spokesperson put it, “China stands consistently against U.S. unilateral sanctions and so-called long-arm jurisdiction.”

2. Cuba Restricted List: FINCIMEX and Travel Companies

Consistent with President Trump’s mandate to “identify the entities or subentities . . . that are under the control of, or act for or on behalf of, the Cuban military, intelligence, or security services or personnel,” the State Department has maintained a List of Restricted Entities and Subentities Associated with Cuba (the “Cuba Restricted List”) since November 2017. As we covered in our November 16, 2017 client alert, OFAC generally prohibits U.S. persons and entities from engaging in direct financial transactions with those entities and subentities on the Cuba Restricted List. BIS also has a general policy of denying applications to export or reexport items for use by such listed entities and subentities.

On June 12, 2020, the State Department added seven Cuban military-owned subentities—most operating in Cuba’s tourism industry—to the Cuba Restricted List: (1) a financial services company (FINCIMEX); (2) three hotels (Hotel Marqués de Cardenas de Montehermoso, Hotel Regis, Playa Paraíso Hotel); (3) two diving centers (Varadero, Gaviota Las Molas); and (4) a marine park for tourists (Cayo Naranjo dolphinarium). In announcing the additions, Secretary of State Pompeo stated that the profits generated by these seven subentities were being used to oppress the Cuban people and fund interference in Venezuela. A State Department senior official apparently characterized the additions as a “birthday present to Raul Castro” who turned 89 the day prior.

The listing of FINCIMEX, which handles remittances to Cuba and processes foreign-issued credit cards, is notable. FINCIMEX is the exclusive Cuban representative of Western Union, the vendor of choice for thousands of Americans who send money to their Cuban relatives. A Western Union spokesperson stated that, despite the FINCIMEX listing, “business and services from the U.S. to Cuba are operating as usual and [are] in compliance with U.S. law and regulations.” At this stage, it remains to be seen to what degree remittances to Cuba will be affected in practice. At the very least, this development is consistent with the Trump administration’s recent attempts to tighten remittance-related allowances, such as imposing $1,000 per quarter cap on remittances to Cuba as of September 2019. For more on these remittance-related restrictions, see our 2019 Year-End Sanctions Update.

3. Section 7031(c) Designations: Corrupt Actors and Human Rights Violators

Pursuant to Section 7031(c) of the Further Consolidated Appropriations Act of 2020, “[o]fficials of foreign governments and their immediate family members about whom the Secretary of State has credible information have been involved in significant corruption . . . or a gross violation of human rights [are] ineligible for entry into the United States.” Section 7031(c) designations can be made public or kept private by the State Department. A variation of this authority has existed in annual State-Department appropriations legislation since 2008. However, the Trump administration was the first to implement it when it publicly designated an allegedly corrupt former Albanian prosecutor under Section 7031(c) in February 2018.

Since then, the Trump administration has not been shy about adding to the Section 7031(c) list. Currently, more than 150 individuals (including immediate family members) from over thirty countries have been publicly designated. Thirty of these individuals were designated in the first three months of 2020. They include, for example: (1) thirteen former military personnel from El Salvador allegedly involved in the killing of six Jesuit priests and two others on November 16, 1989 on the campus of Central American University; (2) IRGC Commander Hassan Shahvapour, whose military units killed as many as 148 Iranian protestors in November 2019; and (3) Roberto Sandoval Castañeda, a former governor of the Mexican state of Nayarit, who misappropriated state assets and received bribes from narcotics trafficking organizations. Gibson Dunn will continue to monitor the use of Section 7031(c) designations, as well as other human-rights-based tools of foreign policy available to the President such as the Global Magnitsky sanctions.

III. Other U.S. Developments

A. International Criminal Court

As we have previously noted, the Trump administration has deployed sanctions in unprecedented ways and directed their force at surprising targets. On June 11, the President, unilaterally and without coordination with the United States’ European partners, issued an Executive Order authorizing sanctions against foreign persons determined to have engaged in any effort by the International Criminal Court (“ICC”) to investigate, arrest, detain, or prosecute United States or any U.S. ally personnel without the consent of the United States or that ally. Previously, on March 5, the ICC announced that it would authorize its chief prosecutor to open an investigation into alleged war crimes committed in Afghanistan, including any that may have been committed by U.S. personnel. The Executive Order refers to this decision and reiterates that the United States is not a party to the Rome Statute and has not consented to ICC jurisdiction. To date, no designations have been made under the order.

This action is somewhat reminiscent of the quickly-implemented, and just as quickly removed, sanctions against Turkey in October 2019—the first time that sanctions had been used to target government ministries of a NATO-member country. Unlike the October 2019 sanctions against Turkey, however, it is unlikely that this order will be revoked in the near future. The June 11 Executive Order demonstrates the continued willingness of the Trump administration to use sanctions to advance political and policy interests that traditionally have been outside the conventional use of sanctions.

B. New York Department of Financial Services

New York’s Department of Financial Services (“DFS”), the state’s key regulator in the financial industry, continues to bring enforcement actions against banks that have a New York presence for money laundering and sanctions violations. In its first action involving allegations of sanctions violations since its $405 million fine against Unicredit Group in April 2019, on April 20, 2020, DFS announced a $35 million dollar settlement with the Industrial Bank of Korea (“IBK”) for its failure to maintain adequate Bank Secrecy Act and anti-money laundering (“AML”) compliance programs. Among the compliance failures, DFS noted that IBK failed to detect a money laundering scheme that involved circumventing unspecified sanctions laws, with almost $1 billion clearing through New York banks.

Later that month DFS announced a $220 million settlement with Bank HaPoalim for knowingly facilitating clients’ tax evasion, and in July the regulator brought a $150 million action against Deutsche Bank for its failure to flag suspicious activities involving Jeffrey Espstein’s accounts as well as its failure to adequately monitor the activities of its clients Danske Estonia and FBME Bank, despite known risks associated with both banks. These actions, together with the appointment of a new DFS General Counsel with extensive background in AML and sanctions compliance, indicate that the state regulator will continue to devote significant resources to sanctions and AML enforcement; financial institutions with a New York presence should take heed that OFAC is far from being the only agency monitoring this space.

IV. Export Controls

Despite operating under work-from-home orders due to COVID-19 and a number of significant items still remaining on their to-do list, the staff at the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) has already had an extraordinarily busy year administering U.S. export controls on dual-use goods, software, and technology. BIS is continuing to evaluate how to identify and control exports of “emerging and foundational technologies,” as required by the Export Control Reform Act of 2018, with anticipated controls on emerging technologies expected any day and new proposals for foundational technologies reportedly in the pipeline as well. In the meantime, BIS has imposed a number of significant new controls on trade with China and Hong Kong and has suggested that more may be on the way. Alongside these developments, BIS has continued the use of its powerful Entity List designation tool to effectively ban U.S. exports to entities implicated by the Executive Branch’s interagency End-User Review Committee (“ERC”) in certain human rights violations in the XUAR and elsewhere in China.

These developments demonstrate that BIS is continuing to move away from its past as a purely technical agency and towards a much more dynamic future in which its authorities are used for foreign policy and national security objectives, not unlike OFAC. In some respects this is because the collateral impact of an SDN designation on a large company, such as Huawei, is too significant and disruptive to the global economy, and the more limited impact on being added to the Entity or Unverified Lists is more palatable. As such, as the trade war with China heats up and the potential for more designations of even more economically consequential actors becomes a reality, the administration (and the next one) will likely continue to rely on these “lesser” restrictions in place of adding these too-big-to-sanction entities to the SDN blacklist.

A. 0Y521 Series Classification for Geospatial SW

On January 3, BIS announced that it would be imposing new export controls on certain types of artificial intelligence software specially designed to automate the analysis of geospatial imagery in response to emergent national security concerns related to the newly covered software. Covered software includes products that employ artificial intelligence to analyze satellite imagery and identify user-selected objects. As a result of the new controls, a license from BIS is now required to export the geospatial imagery software to all countries, except Canada, or to transfer the software to foreign nationals. The only exception to this license requirement is for software transferred by or to a department or agency of the U.S. Government.

Implementing new export controls can often be a lengthy process, sometimes requiring international coordination. However, to implement this new license requirement, BIS deployed a rarely used tool for temporarily controlling the export of emerging technologies—the 0Y521 Export Controls Classification Number (“ECCN”). This special ECCN category allows BIS to impose export restrictions on previously uncontrolled items that have “significant military or intelligence advantage” or when there are “foreign policy reasons” supporting restrictions on its export. Although these controls would only last one year, items subjected to these controls can be moved to a more permanent ECCN before the expiration of the classification.

These controls on covered geospatial imagery software will last least until January 2021, and the United States will work with its allies over the course of 2020 to impose permanent, multilateral controls on this software. As noted above, we are also expecting BIS to publish a suite of new controls on “emerging technologies” in the near future. BIS has also indicated that it hopes to soon publish an Advanced Notice of Proposed Rulemaking on “foundational” technologies.

B. Expansion of Military End Use/User Rule

In response to U.S. Government concerns about significant overlap between the development of China’s military and commercial sectors, BIS announced a range of regulatory changes on April 28. The most significant of these changes was the expansion of U.S. controls on exports of items to military end users or for military end uses. Specifically, the new rule, which was implemented on June 29, strengthens the controls on exports to China, Russia, and Venezuela by:

Expanding the definition of “military end uses” for which exports must be authorized;
Adding a new license requirement for exports to Chinese “military end users”;
Expanding the list of products to which these license requirements apply; and
Broadening the reporting requirement for exports to China, Russia, and Venezuela.

1. Expanding Military End Uses Subject to Control

Exporters of certain goods, software, or technology that are subject to the Export Administration Regulations (“EAR”) previously required a license from BIS to provide those items to China, Russia, or Venezuela if the exporters knew or had reason to know that the items were intended, entirely or in part, for a “military end use” in those countries. This licensing requirement is separate from the EAR’s item-based licensing requirements that otherwise identify which items require export licenses when exported to specific countries and which are based on a range of national security and foreign relations policies. Under the separate, military end use and end user license requirement, “military end use” was defined to include the “use,” “development,” or “production” of certain military items. An export was considered to be for the “use” of a military item if the export is for the operation, installation, maintenance, repair, overhaul and refurbishing of the military item. The exported item had to perform all six functions in order to be considered a “use” item subject to the military end use restriction.

The new rule expands the definition of “military end use” in two important ways. Where the prior formulation only captures items exported for the purpose of using, developing, or producing military items, the revised rule also captures items that merely “support or contribute to” those functions. The revised rule also effectively broadens the definition of “use.” Rather than requiring that an item perform all six previously listed functions, an item that supports or contributes to any one of those functions will now be subject to the military end use license requirement. For example, a repair part for a military item that might not have required a license under the previous formulation (perhaps because it was not also required for the military item’s installation) would be subject to the updated license requirement.

2. Restricting Exports to Chinese Military End Users

Under the prior regulations, exports to military end users in Russia and Venezuela were subject to a specific license requirement. The new rule now also require licenses for exports of covered items to Chinese military end users.

Military end users covered by this license requirement not only include national armed services, police, and intelligence services, but also include “any person or entity whose actions or functions are intended to support ‘military end uses.’” Taken together with the newly broadened definition of “military end uses,” this restriction may apply to a significant number of private entities in China, even those that are engaged largely in civilian activities. For example, a manufacturing company that has an unrelated contract with a military entity could be considered a “military end user” subject to these strict licensing requirements. Given that applications for BIS licenses to export covered items for military end uses or end users face a presumption of denial, this restriction could have a significant impact on commerce with large swaths of the Chinese economy, where the U.S. Government has indicated its concerns about military-civilian collaboration in Chinese industry.

3. Expanding the List of Covered Items

The updated rule also expands the category of goods, software, or technology that require a license for military end use or end user exports. The previous military end use/end user license requirement applied to a relatively limited set of items specifically described in a supplement to the rule. The revised rule expands the scope of the item categories already listed and adds many new categories of covered items—including goods, technology, and software relating to materials processing, electronics, telecommunications, information security, sensors and lasers, and propulsion.

Many of the new items were previously subject to some of the EAR’s most permissive controls and did not generally require a license for export to China, Russia, or Venezuela. For example, mass market encryption software (ECCN 5D992)—a category which includes many types of software that incorporate or call on common encryption functionality—were not previously subject to the military end use restrictions but now are subject to the new controls.

4. Broadening the Reporting Requirement

BIS is also now requiring exporters to report more often and to provide more data on items provided to China, Russia, or Venezuela.

Under the previous rules, exporters were not required to provide Electronic Export Information (“EEI”) for shipments valued under $2,500. Exporters also were not required to provide the ECCN for shipments of items that were only controlled for export because of antiterrorism concerns—the most permissive and most frequently applied category of control on the EAR’s list of items controlled for export.

Under the new rules, there is no value threshold. EEI is generally required for all shipments to China, Russia, or Venezuela of items described on the Commerce Control List (CCL) regardless of value (i.e., all items except those classified EAR 99). Moreover, exporters are required to provide the ECCNs for all items exported to China, Russia, or Venezuela, regardless of the reason for control.

In announcing this change, U.S. Commerce Secretary Wilbur Ross noted that “[c]ertain entities in China, Russia, and Venezuela have sought to circumvent America’s export controls, and undermine American interests in general.” Secretary Ross vowed that the United States would “remain vigilant to ensure U.S. technology does not get into the wrong hands.” This amendment to the EEI reporting requirements—along with the other new licensing requirements—is designed to ensure that BIS and other U.S. Government trade enforcement agencies have increased visibility into shipments to jurisdictions of significant concern.

C. Removal of License Exception for Civilian End Use

On June 29, BIS also removed License Exception Civil End Users (“CIV”) from Part 740 of the EAR. This exception previously allowed eligible items controlled only for National Security (NS) reasons to be exported or reexported without a license for civil end users and civil end uses in countries included in Country Group D:1, excluding North Korea. NS controls are BIS’s second most frequently applied type of control, applying to a wide range of items listed in all categories of the CCL. Country Group D:1 identifies countries of national security concern for which the Commerce Department will review proposed exports for potential contribution to the destination country’s military capability. D:1 countries include China, Russia, Ukraine, and Venezuela, among others.

By removing License Exception CIV, the Commerce Department now requires a license for the export of items subject to the EAR and controlled for NS reasons to D:1 countries. As with the expansion of the military end use/end user license requirements described above, the Commerce Department has stated that the reason for the removal of License Exception CIV is the increasing integration of civilian and military technological development pursued by countries identified in Country Group D:1, making it difficult for exporters or the U.S. Government to be sufficiently assured that U.S.-origin items exported for apparent civil end uses will not actually also be used to enhance the military capacity contrary to U.S. national security interests.

D. Proposed Amendment of License Exception APR

BIS also proposed to amend the EAR’s License Exception Additional Permissive Reexports (“APR”), which currently allows the unlicensed reexport (the export of a U.S.-origin item from one non-U.S. country to another non-U.S. country) of an item subject to the EAR from trusted allies with similar export control regimes (i.e., listed in Country Group A:1, and Hong Kong) to countries presenting national security concerns (i.e., Country Group D:1, except North Korea). To be eligible for the exception, the reexport must also be consistent with the export licensing policy of the reexporting country and the item must be subject to only a subset of other controls (i.e., controlled only for antiterrorism, national security, or regional security reasons), among other limitations. The reexporting countries identified in Country Group A:1 include those countries that are participants with the United States in the Wassenaar Arrangement, a multilateral consortium that develops export controls on conventional weapons and dual-use items and underlies much of the U.S. export control regime. BIS’s proposed amendment would remove this portion of the license exception.

The Commerce Department explained that it has proposed this amendment because of concerns regarding variations in how the United States and its international partners, including those in Country Group A:1, perceive the threat caused by the policy of civil-military technological integration pursued by D:1 countries. Due to these alleged disparities, reexports under License Exception APR have occurred that reportedly would not have been licensed by BIS if the export had taken place directly from the United States.

This proposed rule change echoes recent changes affecting the scope of investment reviews by the U.S. Committee on Foreign Investment in the United States (“CFIUS”), by which the United States has similarly sought to incentivize foreign allies to harmonize their national security-related measures with those of the United States. In the new CFIUS rules implemented in February and previously described here, the Committee will require “excepted foreign states” to ensure their national security-based foreign investment review process meets requirements established by CFIUS in order to retain their excepted status.

E. Huawei Direct Product Rule

In addition to the broad new restrictions on Chinese trade described above, the United States has also focused specifically on restricting trade with Huawei Technologies Co. Ltd. (“Huawei”)—one of the world’s largest technology companies—on the basis of concerns about espionage and national security risks that U.S. officials allege its products may present. Among other U.S. Government initiatives to dissuade U.S. allies from partnering with Huawei and other Chinese telecommunications providers in the development and deployment of 5G networks, BIS has designated Huawei and over one hundred of its affiliates to the Entity List, which has significantly limited Huawei’s ability to source many products directly from the United States and the non-U.S. affiliates of many U.S. companies.

On May 15, BIS announced a new rule to further restrict Huawei’s access to U.S. technology. The rule amends the “Direct Product Rule” and the BIS Entity List to restrict Huawei’s ability to share its semiconductor designs or rely on foreign foundries to manufacture semiconductors using U.S. software and technology.

Although Huawei’s Entity List designation had already effectively cut off Huawei’s access to exports of most U.S.-origin products and technology, BIS has claimed that Huawei has responded to the designations by moving more of its supply chain outside the United States. Huawei and many of the foreign chip manufacturers that Huawei uses, however, still depend on U.S. equipment, software, and technology to design and produce Huawei chipsets.

BIS’s action expands one of the bases on which the U.S. can claim jurisdiction over items produced outside of the United States. Generally, under the EAR, the U.S. claims jurisdiction over items that (1) are U.S. origin; (2) foreign-made items that are being exported from the U.S., (3) foreign-made items that incorporate more than a minimal amount of controlled U.S.-origin content, and (4) foreign-made “direct products” of certain controlled U.S.-origin software and technology. Under the fourth basis of jurisdiction, also known as the Direct Product Rule, foreign-made items are subject to EAR controls if they are the direct product of certain U.S.-origin technology or software or are the direct product of a plant or major component of a plant located outside the U.S., where the plant or major component of a plant itself is a direct product of certain U.S.-origin software and technology. Items that are subject to EAR controls may require BIS licensing depending on the export classification of the item and its destination, the end use to which the item is being put, and the end user receiving it. Depending on the licensing policy BIS applies to particular exports, BIS can effect an embargo on the export of items subject to the EAR to particular countries, end uses, and end users.

BIS’s new rule allows for the application of a tailored version of the Direct Product Rule to parties identified on its Entity List, with a bespoke list of controlled software and technology commonly used by foreign manufacturers to design and manufacture telecommunications and other kinds of integrated circuits for Huawei. The rule imposes a control on foreign-produced items that are a direct product of an expanded subset of specific technology or software described by certain specified ECCNs and foreign-produced items that are the direct product of a plant or major component of a plant located outside the U.S. where the plant or major component is a direct product of the same expanded subset of U.S.-origin technology or software.

Specifically, the rule will make the following non-U.S.-origin items subject to the restrictions of U.S. export controls:

Items, such as chip designs, that Huawei and its affiliates on the Entity List produce by using certain software or technology that is subject to the EAR; and
Items, such as chipsets made by manufacturers from Huawei-provided design specifications, if those manufacturers are using semiconductor manufacturing equipment that itself is a direct product of certain software or technology subject to the EAR.

Combined with Huawei’s Entity List designation, this new rule will significantly restrict Huawei’s ability to export its semiconductor designs as well as to receive semiconductors from its foreign manufacturers. It will also curtail the ability of Huawei to receive semiconductors from the non-U.S. subsidiaries of U.S. companies that may have previously been eligible for export to Huawei without a license because they were produced from software and technology that would not have triggered export licensing through the normal operation of the Direct Product Rule. Taken together, these changes mean that BIS can now block the sale of many semiconductors manufactured by a number of non-U.S.-based manufacturers that Huawei uses across its telecom equipment and smartphone business lines.

F. Revoking Hong Kong’s Status under U.S. Export Controls

In response to China’s Hong Kong National Security Law—which the Trump administration considers an encroachment on Hong Kong’s special status—President Trump announced on May 29 that the U.S. would reevaluate its export controls imposed on Hong Kong to revoke any preferential treatment given the territory over mainland China. A month later, following statements by Secretaries Pompeo and Ross, BIS announced that it would be suspending license exceptions that treated Hong Kong differently than mainland China. The agency has not yet made any other adjustments to the treatment of Hong Kong-bound exports or to license exceptions that apply equally to Hong Kong and mainland China—although an Executive Order announced on July 14 will likely require further leveling of treatment for exports to Hong Kong and mainland China

As a result of the license exception suspension enacted on June 30, license exceptions that previously permitted unlicensed exports, reexports, or transfers to or within Hong Kong, but not to mainland China, no longer authorizes exports to Hong Kong. Such exports will now require specific authorization from BIS. For example, exports to Hong Kong of software and technology related to telecommunications equipment that would have previously been authorized under License Exception – Technology and Software under Restriction (“TSR”) may now require a specific license. Deemed exports (i.e., the transfer of technology or source code to a foreign person in the U.S.) may continue under affected licenses until August 28.

Other license exceptions affected (but not necessarily unavailable) may include those pertaining to replacement of parts and equipment (“RPL”), aircraft, vessels, and spacecraft (“AVS”), gifts (“GFT”), and baggage (“BAG”). Importantly the suspension of these license exceptions would not impact products that are not subject to the EAR (e.g., by virtue of their place of development or delivery only through the cloud), are specifically authorized by a BIS-issued license, or are authorized by a license exception that applies equally to both Hong Kong and mainland China.

G. Human Rights-Based Entity List Designations

As we highlighted in our 2019 Year End Review, the ERC, which is chaired by BIS, has been exceptionally active over the past several years. While the ERC, which is composed of representatives of Departments of Commerce, State, Defense, Energy and, where appropriate, the Treasury, has always had the power to designate companies and other organizations for acting counter to U.S. national security and foreign policy interests, these interests historically have been focused on regional stability, counterproliferation, and anti-terrorism concerns and violators of U.S. sanctions and export controls. Beginning in October last year, however, the ERC added human rights to this list of concerns, particularly as they relate to human rights violations occurring in the XUAR and other regions of China directed Uyghurs, Kazakhs, and other members of Muslim minority groups in China.

On October 9, 2019, the ERC placed the XUAR People’s Government Public Security Bureau, eighteen of its subordinates, and an additional eight businesses on its Entity List, thereby restricting their access to American exports. On June 5, 2020, BIS placed eight additional businesses and one governmental institute on the Entity List on the explicit basis of their human rights violations. Those added to the Entity List are largely surveillance or security companies, including certain artificial intelligence start-ups. Most recently, on July 22, BIS designated eleven additional entities. Nine appear to be in the apparel, accessories, and manufacturing sectors and were designated due to the ERC’s finding that were using forced labor. Two other entities were added for their involvement in conducting genetic analyses used to further the repression of Muslim minority groups in the XUAR.

As a result of these designations, almost all exports of items subject to the EAR require BIS’s prior review and authorization and most are subject to a policy presumption of denial.

The following Gibson Dunn lawyers assisted in preparing this client update: Judith Alison Lee, Adam Smith, Stephanie Connor, Chris Timura, Jesse Melman, R.L. Pratt, Scott Toussaint, Samantha Sewall and Audi Syarief.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the above developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s International Trade practice group:

United States:
Judith Alison Lee – Co-Chair, International Trade Practice, Washington, D.C. (+1 202-887-3591, [email protected])
Ronald Kirk – Co-Chair, International Trade Practice, Dallas (+1 214-698-3295, [email protected])
Jose W. Fernandez – New York (+1 212-351-2376, [email protected])
Marcellus A. McRae – Los Angeles (+1 213-229-7675, [email protected])
Adam M. Smith – Washington, D.C. (+1 202-887-3547, [email protected])
Stephanie L. Connor – Washington, D.C. (+1 202-955-8586, [email protected])
Christopher T. Timura – Washington, D.C. (+1 202-887-3690, [email protected])
Ben K. Belair – Washington, D.C. (+1 202-887-3743, [email protected])
Courtney M. Brown – Washington, D.C. (+1 202-955-8685, [email protected])
Laura R. Cole – Washington, D.C. (+1 202-887-3787, [email protected])
Jesse Melman – New York (+1 212-351-2683, [email protected])
R.L. Pratt – Washington, D.C. (+1 202-887-3785, [email protected])
Samantha Sewall – Washington, D.C. (+1 202-887-3509, [email protected])
Audi K. Syarief – Washington, D.C. (+1 202-955-8266, [email protected])
Scott R. Toussaint – Washington, D.C. (+1 202-887-3588, [email protected])
Shuo (Josh) Zhang – Washington, D.C. (+1 202-955-8270, [email protected])

Europe:
Peter Alexiadis – Brussels (+32 2 554 72 00, [email protected])
Attila Borsos – Brussels (+32 2 554 72 10, [email protected])
Nicolas Autet – Paris (+33 1 56 43 13 00, [email protected])
Susy Bullock – London (+44 (0)20 7071 4283, [email protected])
Patrick Doris – London (+44 (0)207 071 4276, [email protected])
Sacha Harber-Kelly – London (+44 20 7071 4205, [email protected])
Penny Madden – London (+44 (0)20 7071 4226, [email protected])
Steve Melrose – London (+44 (0)20 7071 4219, [email protected])
Matt Aleksic – London (+44 (0)20 7071 4042, [email protected])
Benno Schwarz – Munich (+49 89 189 33 110, [email protected])
Michael Walther – Munich (+49 89 189 33-180, [email protected])
Richard W. Roeder – Munich (+49 89 189 33-160, [email protected])

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

The COVID-19 pandemic has posed challenges for international students, and the universities and colleges they attend, as they prepare for the Fall 2020 school semester. Post-secondary education institutions responded to these challenges by considering the best interests, as well as the health and safety, of their students in shaping revised programming and remote learning opportunities. This Client Alert provides an overview of an Immigration and Customs Enforcement (“ICE”) policy that instructed international students they could not remain in the country if their schools provided only online classes; litigation brought against that policy, which led to a rescission of the challenged policy; and subsequent developments, including a new policy that would permit international students who were enrolled as of March 9, 2020 to reenter the country and attend an online-only school while prohibiting international students who would be new to the school from doing the same.

I. Overview of the Administration’s Challenged Policy

Citizens of foreign countries who wish to enter the United States to attend school must obtain a nonimmigrant F student visa. “F-1” students are international students who are enrolled in a “full course of study” in elementary, secondary, or post-secondary academic institutions. Ordinarily, a student may count no more than the equivalent of one class or three credits per term toward the “full course of study” requirement if the class is taken online. 8 C.F.R. § 214.2(f)(6)(i)(G).

On March 9, 2020, as the COVID-19 pandemic spread throughout the United States, ICE issued a guidance document stating that ICE “recognize[d] that schools are updating their emergency operations plans to minimize the potential impact of COVID-19 on the school,” including by “provid[ing] online instruction,” and that ICE intended to “be flexible with temporary adaptations.” Immigration & Customs Enforcement, Broadcast Message: Coronavirus Disease 2019 (COVID-19) and Potential Procedural Adaptations for F and M Nonimmigrant Students (Mar. 9, 2020). Four days later, ICE issued another guidance document to address the status of students whose schools “stop[ped] in-person classes” but would “offer[ ] online instructions.” Immigration & Customs Enforcement, COVID-19: Guidance for SEVP Stakeholders (Mar. 13, 2020). “Given the extraordinary nature of the COVID-19 emergency,” ICE exempted F-1 students from the rule that they must attend most classes in person, instead permitting F-1 students to attend only online courses and still remain in the United States. Id. At that time, many universities and colleges had suspended in-person instruction for the Spring 2020 semester. Following ICE’s guidance, many schools made plans to offer online instruction, in whole or in part, for the Fall 2020 semester.

On July 6, 2020, ICE abruptly rescinded its March guidance. ICE directed that “[s]tudents attending schools operating entirely online may not take a full online course load and remain in the United States.” Students enrolled in such program were instructed to “depart the country” or else “potentially face immigration consequences.” ICE also instructed schools to submit operational change plans within weeks and to reissue visa-related forms for each of their F-1 international students within a month.

This abrupt rescission wreaked havoc on the universities and colleges who had been scrambling to provide a meaningful and appropriate Fall semester while facing the challenge of COVID-19. These schools were already having to adapt to new safety and security concerns, as well as juggle putting together a meaningful curriculum, evaluating housing options for students, and addressing a myriad of other challenges. The July 6th rescission failed to acknowledge or account for any of those obstacles.

II. Challenging the Policy in Court

Shortly after ICE announced its new policy, Gibson Dunn filed a lawsuit in the U.S. District Court for the District of Oregon challenging the policy as violating the Administrative Procedure Act on behalf of 20 universities and colleges from the western United States. Univ. of Or. v. Dep’t of Homeland Security, No. 6:20-cv-01127-MK (D. Or.). The schools argued that in promulgating the policy, ICE failed to consider the serious harms arising from its action, including forcing students to quickly relocate across the globe in the middle of a pandemic where they could face challenging conditions and lose educational opportunities. The schools sought a temporary restraining order and a preliminary injunction.

Several other plaintiff groups also brought cases across the United States challenging ICE’s new policy. See State of California v. Dep’t of Homeland Security, No. 4:20-cv-04592 (N.D. Cal.); Regents of Univ. of Cal. v. Dep’t of Homeland Security, No. 4:20-cv-04621 (N.D. Cal.); President & Fellows of Harvard Coll. v. Dep’t of Homeland Security, No. 1:20-cv-11283 (D. Mass.); State of Washington v. Dep’t of Homeland Security, No. 2:20-cv-01070 (W.D. Wash.); John Hopkins Univ. v. Dep’t of Homeland Security, No. 1:20-cv-01873 (D.D.C.); Z.W. v. Dep’t of Homeland Security, No. 8:20-cv-01220 (C.D. Cal.).

In a July 14, 2020 hearing held in Harvard and MIT’s case brought in Massachusetts, a DHS attorney announced that the agency would be rescinding the policy.

III. Subsequent Developments

On July 24, 2020, pursuant to its representation to the court in the aforementioned case, ICE issued new guidance. According to the revised guidance, active F and M students who were “in valid F-1 or M-1 nonimmigrant status on March 9, 2020, including those previously enrolled in entirely online classes who are outside of the United States and seeking to re-enter the country this fall,” will be permitted to count online classes toward a full course of study and may re-enter the United States, as they were under the March guidance. Immigration & Customs Enforcement, Broadcast Message: Follow-up: ICE Continues March Guidance for Fall School Term (July 24, 2020). In so doing, ICE restored the status quo and gave schools flexibility in determining how to structure the upcoming semester.

The July 24 announcement, however, also included an important new limitation—“F and M students in new or initial status after March 9, 2020, will not be able to enter the United States to enroll in a U.S. school as a nonimmigrant student for the fall term to pursue a full course of study that is 100 percent online.” Id. ICE had not previously announced a policy regarding international students coming to the United States for the first time, but under the new guidance, those students are unable to enter or reside in the United States if their courses will be conducted fully online.

At this time, it is uncertain whether any schools will challenge the new July 24 guidance. Gibson Dunn will continue to monitor and assess any developments.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please feel free to contact the Gibson Dunn lawyer with whom you usually work, or the following authors:

Debra Wong Yang – Los Angeles (+1 213-229-7472, [email protected])
Matthew D. McGill – Washington, D.C. (+1 202-887-3680, [email protected])
Katherine Marquart – New York (+1 212-351-5261, [email protected])
Joshua M. Wesneski – Washington, D.C. (+1 202-887-3598, [email protected])
Amalia Reiss – Washington, D.C. (+1 202-955-8281, [email protected])
Aaron M. Smith – Washington, D.C. (+1 202-955-8263, [email protected])

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

This update provides an overview and summary of key class action developments during the second quarter of 2020 (April through June).

Part I discusses two significant decisions addressing Rule 23’s commonality and predominance requirements.

Part II analyzes a decision from this past quarter relating to equitable restitution, an oft-discussed issue in consumer class actions.

Part III covers recent decisions on the injury-in-fact requirement for Article III standing in class actions after Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016)—a subject of ongoing coverage in these class action alerts.

I. Federal Circuit Courts Continue to Emphasize the Rigorous Analysis Required at the Class Certification Stage

This past quarter, the Ninth and Third Circuits issued two decisions that emphasized the need for district courts to conduct a rigorous analysis in assessing whether Rule 23’s commonality and predominance requirements are satisfied.

The Ninth Circuit in Grodzitsky v. American Honda Motor Co., 957 F.3d 979 (9th Cir. 2020), issued a significant ruling that makes clear that district courts must assess expert testimony submitted in support of class certification under Daubert. Id. at 984. The district court in Grodzitsky had denied class certification on commonality grounds because the plaintiffs could not establish that an alleged defect in defendant’s vehicles was common to all putative class members. Id. Although plaintiffs offered expert testimony to support the existence of a common defect, the district court excluded that testimony under Daubert, finding deficiencies in the expert’s methodology and a lack of supporting studies or testing to corroborate the expert’s conclusions. Id. In affirming the district court’s denial of class certification, the Ninth Circuit held that the court had properly applied Daubert at the class certification stage, and that the exclusion of the expert’s testimony was fatal to certification given the “rigorous analysis” of commonality that the court was required to undertake. Id. at 986–87.

In another expert-focused class certification ruling, the Third Circuit in In re Lamictal Direct Purchaser Antitrust Litigation, 957 F.3d 184 (3d Cir. 2020), emphasized that Rule 23 requires a rigorous analysis of competing expert evidence. The plaintiffs there alleged that an agreement between two drug manufacturers to settle a patent dispute was an impermissible “reverse payment agreement” that violated antitrust laws. Id. at 189. Notwithstanding the complexity of individual factors relevant to the amount that a particular direct purchaser actually paid for the drugs, the plaintiffs relied on an expert’s model using an “average hypothetical price” to establish that the entire class suffered a competitive injury; the district court then relied on this model to certify a class of all companies that purchased drugs from the defendants. Id. at 193–94. The Third Circuit reversed the order granting class certification, holding that the district court abused its discretion by assuming that “averages are acceptable” to prove that “common issues predominated by a preponderance of the evidence.” Id. at 194. To the contrary, relying on averages without conducting the requisite analysis was not acceptable because that could “mask individualized injury.” Id.

The Third Circuit specifically rejected plaintiffs’ argument that the Supreme Court had held in Tyson Foods, Inc. v. Bouaphakeo, 136 S. Ct. 1036 (2016), that so-called “representative” evidence was sufficient to satisfy Rule 23’s predominance requirement unless “no reasonable juror could believe the common proof at trial.” Lamictal, 957 F.3d at 191–92. The Third Circuit emphasized that Tyson Foods was grounded in a special rule for certain actions under the Fair Labor Standards Act, and thus did not relieve plaintiffs in an antitrust action of their obligation to “prove their claim is capable of common proof by a predominance of the evidence” at the class certification stage. Id. at 192.

II. The Ninth Circuit Addresses the Availability Equitable Remedies in Consumer Class Actions Litigated in Federal Court

In an important decision addressing California’s consumer protection laws, the Ninth Circuit held in Sonner v. Premier Nutrition Corp., 962 F.3d 1072 (9th Cir. 2020), that federal courts cannot entertain equitable claims when an adequate legal remedy exists, even when state law would permit issuance of equitable relief. This is a potentially significant limitation on consumer class actions brought in, or removed to, federal courts within the Ninth Circuit.

The plaintiff in Sonner brought a putative class action against a dietary supplement manufacturer. The operative complaint alleged false advertising and demanded injunctive relief and restitution under California’s Unfair Competition Law (“UCL”) and Consumers Legal Remedies Act (“CLRA”), as well as damages under the CLRA. After the class was certified and after the plaintiff defeated the defendant’s motion for summary judgment, the plaintiff filed an amended complaint and dropped her CLRA damages claim to avoid a jury trial. The district court dismissed the claim for equitable restitution on the ground that the plaintiff “failed to establish that she lacked an adequate legal remedy for the same past harm for which she sought equitable restitution.” Id. at 1075–76.

The plaintiff argued that “state law alone decides whether she must show a lack of an adequate legal remedy before obtaining restitution . . . [and] the California legislature abrogated the state’s inadequate-remedy-at-law doctrine for claims seeking equitable restitution under the UCL and CLRA.” Id. at 1076. But the Ninth Circuit disagreed, holding that “federal courts must apply equitable principles derived from federal common law to claims for equitable restitution under [the UCL and CLRA].” Id. at 1074.

The Ninth Circuit went on to apply the Supreme Court’s decision in Guaranty Trust Co. of New York v. York, 326 U.S. 99 (1945), which held that because state law cannot expand a federal court’s equitable powers, “even if a state authorizes its courts to provide equitable relief when an adequate legal remedy exists, such relief may be unavailable in federal court because equitable remedies are subject to traditional equitable principles unaffected by state law.” Sonner, 962 F.3d at 1078–79. According to the Ninth Circuit, “the strong federal policy protecting the constitutional right to a trial by jury[,]” which the adequate-remedy-at-law doctrine is meant to vindicate, “outweighs [the] procedural interest” afforded by the CLRA and UCL. Id. at 1079.

Applying these principles, the Ninth Circuit concluded that the plaintiff failed to make a showing of an inadequate legal remedy because she sought “the same sum in equitable restitution [under the UCL] as she requested in damages [under the CLRA] to compensate her for the same past harm.” Id. at 1081.

III. Courts Wrestle with Article III Standing in Putative Class Actions

Over the past four years, the federal courts of appeals have issued a steady stream of decisions interpreting and applying the Supreme Court’s landmark Article III standing decision in Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016), to putative class actions. (For recent coverage of post-Spokeo decisions, please see the following quarterly updates: First Quarter 2020 Update on Class Actions, Year-End and Fourth Quarter 2019 Update on Class Actions, and Third Quarter 2019 Update on Class Actions). This past quarter was no exception, with two decisions finding that plaintiffs had Article III standing under Spokeo.

First, the Ninth Circuit held that even temporary financial loss can create an injury-in-fact for Article III purposes. In Van v. LLR, Inc., 962 F.3d 1160 (9th Cir. 2020), the plaintiff alleged that she was injured when, as a result of a related lawsuit, the defendant refunded certain improperly charged sales taxes (approximately $531) but failed to pay interest on the refunded funds (alleged to equal $3.76). The defendant moved to dismiss for lack of Article III standing, arguing that the plaintiff could not establish injury-in-fact because she had received a full refund of the tax charges and “her claim for interest alone was insufficient to establish standing.” Id. at 1161. The Ninth Circuit rejected this argument, holding that “the loss of a significant amount of money . . . for a substantial amount of time . . . is not too trifling to support standing.” Id. at 1162. The court likewise rejected the defendant’s argument that the lost time value of money, standing alone, was too speculative an injury to support Article III standing. Id. at 1162–63.

Second, the Seventh Circuit in Bryant v. Compass Group USA, Inc., 958 F.3d 617 (7th Cir. 2020), held that the alleged collection of an employee’s fingerprints without first obtaining her written consent, as required by the Illinois Biometric Information Privacy Act, was sufficiently concrete for Article III standing. Applying Spokeo, the Seventh Circuit reversed the district court’s ruling to the contrary, and emphasized that an injury need not be “tangible” in order to satisfy Article III’s concreteness requirement. Id. at 620. According to the Seventh Circuit, the plaintiff had not only alleged a concrete “invasion of her private domain,” but also an informational injury, insofar as information was withheld from her and “impaired her ability to use the information in a way the statute envisioned.” Id. at 624. The Seventh Circuit, however, held that the company’s failure to make its biometric retention schedule available to the public was not an injury-in-fact because the statutory duty to disclose was owed to the public generally, and the plaintiff therefore “did not suffer a concrete and particularized injury.” Id. at 626.

The following Gibson Dunn lawyers contributed to this client update: Christopher Chorba, Theane Evangelis, Kahn Scolnick, Bradley Hamburger, Michael Holecek, Lauren Blas, Wesley Sze, Emily Riff, and David Rubin.

Gibson Dunn attorneys are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Class Actions or Appellate and Constitutional Law practice groups, or any of the following lawyers:

Theodore J. Boutrous, Jr. – Co-Chair, Litigation Practice Group – Los Angeles (+1 213-229-7000, [email protected])
Christopher Chorba – Co-Chair, Class Actions Practice Group – Los Angeles (+1 213-229-7396, [email protected])
Theane Evangelis – Co-Chair, Class Actions Practice Group – Los Angeles (+1 213-229-7726, [email protected])
Kahn A. Scolnick – Los Angeles (+1 213-229-7656, [email protected])
Bradley J. Hamburger – Los Angeles (+1 213-229-7658, [email protected])

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

The Senior Managers and Certification Regime (“SMCR”) has applied to Financial Conduct Authority (“FCA”)-solo regulated firms since 9 December 2019. Individuals from across firms will no doubt remember the level of engagement required to prepare firms for the SMCR. Over six months on from implementation, firms are testing their SMCR implementation and assessing what is required to ensure continued compliance. This client alert:

provides a brief overview of the key changes that firms should have already implemented;
summarises key lessons from the FCA’s approach to enforcement of the regime against the banks; and
details the steps that firms should be undertaking prior to the extended deadline of 31 March 2021.

Reminder of key changes

Firms are split into three categories – limited scope firms, core firms and enhanced firms. Most solo-regulated firms are “core firms”.
Persons carrying out senior management functions (“SMFs”), such as the CEO and Head of Compliance, require prior FCA approval to perform their roles. Each senior manager has a “statement of responsibilities” detailing the areas they are responsible for.
Enhanced firms must also have a “responsibilities map”, setting out the firm’s management and governance arrangements.
“Prescribed responsibilities” are allocated to certain, but not all, senior managers.
Senior managers have a “duty of responsibility” to take reasonable steps to prevent, or stop, a breach of rules in their area. If they fail to do so, the FCA could hold them responsible for the breach and take enforcement action.
The Certification Regime covers specific functions that are not SMFs but can, nonetheless, have a significant impact on customers, the firm and/or market integrity. Certified staff do not need to be approved by the FCA. However, firms must check and certify that these employees are “fit and proper” to perform their role.
The conduct rules are a new set of enforceable rules that set basic standards of good personal conduct. They apply to almost every person who works in a financial services business. Some conduct rules apply to everyone within scope, while others only apply to senior managers. Firms must give training on the conduct rules and notify the FCA if they have taken disciplinary action against an employee for breach of them.
Firms must assess whether senior managers, non-executive directors and certified staff are “fit and proper”, on an ongoing and at least annual basis. As part of the initial fit and proper assessment, firms should request regulatory references to cover the last six years of employment.

Lessons from the FCA’s approach to the SMCR relating to banks

In undertaking an assessment of their firm’s implementation of SMCR, clients find it helpful to review the implementation issues encountered by banks and, in particular, the FCA’s review into the embedding of the SMCR in the banking sector. There are several points arising from the review of particular interest.

Dividing line between non-executive and executive directors

Some non-executive directors expressed concern that the regime expected too much from the board. They perceived a risk that the line between a non-executive and executive could become blurred as board members become more involved in operations of the business.

The FCA clarified, however, that the SMCR does not seek to redefine the roles of non-executives. In particular, it does not expect non-executives to act more like executive directors. Indeed, it views the oversight role of non-executive directors and their ability to challenge management as a key safeguard for the interests of firms’ stakeholders. The FCA did note that, especially in larger firms, the responsibilities of SMF non-executive directors are often likely to be considerable.

Meaning of “reasonable steps”

The FCA stated that a number of senior managers expressed concern around understanding the meaning of “reasonable steps” in the context of their business. In response to this, the FCA pointed to guidance in its Decision Procedure and Penalties Manual. In determining what would constitute taking “reasonable steps” to avoid a contravention occurring or continuing, the FCA will consider, amongst other things:

such steps that a competent senior manager would have taken at that time and in all the circumstances;
whether the senior manager exercised reasonable care when considering the information available to them;
the nature, scale and complexity of the firm’s business; and
whether the senior manager took reasonable steps to (i) ensure that any delegation of their responsibilities, where this was itself reasonable, was to an appropriate person with the necessary capacity, competence, knowledge, seniority and skill; and (ii) oversee the discharge of the delegated responsibility effectively.

However, the FCA noted that it is not possible nor helpful to provide an exhaustive list to cover every situation. It stressed that appropriate controls and processes are an important part of senior managers doing what they reasonably can to prevent misconduct, although they need to “think more broadly and…create an environment where the risk of misconduct is minimised, for example through nurturing healthy cultures”.

The SMCR and firm culture are intrinsically linked. SMCR implementation gave firms an opportunity to also take stock of their own culture, whereas before the SMCR arrived, culture was perhaps fairly low down on the agenda for some firms.

In its feedback on the review, the FCA does specifically discuss its findings relating to firms’ culture. Whilst it reported that firms have struggled to find appropriate ways of measuring culture, it was noted that many firms described a stronger tone and ownership from the top – there was a change in the level of detail, clarity and quality of conversations on culture and expected behaviours. All of the firms talked about the work they had done to create a culture of challenge, escalation and providing a safe environment for staff to raise issues.

Certification

The FCA noted that whilst there were positive developments, such as firms having widened their approach to assessment of staff beyond solely technical skills, most firms could not demonstrate the effectiveness of their assessment approach, use of subjective judgement or how they ensure consistency across the population.

There is no harm in solo-regulated firms taking the opportunity now to take a look at their certification procedures to ensure that they are sufficient (particularly given that firms still have time before the first certificates need to be issued for certified staff – see “Next steps for firms prior to 31 March 2021” below).

Conduct rules

In its findings, the FCA specifically flagged that the main weaknesses identified in the review related to the implementation of the conduct rules. Three key issues were particularly troubling to the FCA:

evidence suggested that firms had not sufficiently tailored their conduct rules training to staff’s job roles;
there was insufficient evidence to be confident that firms have clearly mapped the conduct rules to their values, to “bring the conduct rules to life”; and
firms were often unable to explain what a conduct rule breach looked like in the context of their business.

This is a clear signal to solo-regulated firms to ensure that they focus on ensuring proper implementation of the conduct rules. Indeed, the FCA states that it will increase its supervisory focus here. As noted below, firms are required to train all remaining staff on the conduct rules prior to them coming into force. Crucially, it is particularly evident from the FCA’s findings that such training be as tailored as possible.

Enforcement action to date

There has only been once successful enforcement action under the banking SMCR regime. This related to James Staley, the Chief Executive of Barclays Group (in May 2018). Mr Staley was fined a total of £642,430 for failing to act with due skill, care and diligence in the way he acted in response to a letter containing various allegations, received by Barclays in June 2016.

Whilst the FCA, therefore, has been relatively quiet from an enforcement perspective to date, firms should not be drawn into a false sense of security. This is particularly the case given that the extension of the regime brought within scope a significant number of firms (approximately 47,000). Additionally, a number of these firms are also more likely to be viewed as “low hanging fruit” by the FCA – some firms will perhaps have less sophisticated governance procedures in place (meaning potentially more breaches) and it will be much easier for the FCA to identify the decision-making processes of these solo-regulated firms when it is investigating breaches.

Post-31 March 2021, therefore, we anticipate an increase in enforcement action from the FCA against solo-regulated firms, as we move away from the implementation phase of the SMCR (indeed, we understand that there are currently a number of enforcement actions under way within the Enforcement Division and, therefore, we can expect related final notices in due course).

Next steps for firms prior to 31 March 2021

Initially, the rules set out below were set to apply as from 9 December 2020. On 30 June 2020, however, the FCA announced that, in light of the COVID-19 pandemic, the deadline for solo-regulated firms to undertake the first assessment of the fitness and propriety of their certified persons has been delayed until 31 March 2021.

In order to make sure that various SMCR deadlines remain consistent, the FCA also stated that intends to consult on extending the deadline for the following requirements from 9 December 2020 to 31 March 2021:

the date the conduct rules come into force for non-senior managers; and
the deadline for submission of information about directory persons to the register.

Firms should continue with their programmes of work in these areas and, if they are able to certify staff earlier than March 2021, they should do so. The FCA emphasised that firms should not wait to remove staff who are not fit and proper from certified roles.

The FCA will still publish details of certified employees of solo-regulated firms on the financial services register from 9 December 2020 and, where firms can provide this information before March 2021, they are encouraged to do so.

The below summary assumes (as will almost certainly be the case) that the deadlines discussed will indeed be extended.

Certification process

Firms need to check and certify that individuals holding certification functions are “fit and proper” to perform their role at least once a year.
Firms must complete certification assessments and issue certificates by 31 March 2021.

FCA Directory

The FCA has established a directory of individuals.
This will include all certified staff and directors who are not performing senior management functions (both executive and non-executive) as well as appointed representatives and sole traders who are undertaking business with clients and need a qualification to do so.
Solo-regulated firms must submit their data by 31 March 2021. It will include information such as employer details, the person’s role and workplace location. This should be done by completing a prescribed template and uploading it to the FCA’s online portal (known as CONNECT).

Conduct rules

Firms will be familiar with the training requirements for senior manager and certified staff.
Conduct rule staff must be trained on the conduct rules before 31 March 2021. Training is a key tenet of the SMCR, to ensure that all relevant persons sufficiently understand their responsibilities.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Financial Institutions practice group, or any of the following:

Michelle M. Kirschner – London (+44 (0)20 7071 4212, [email protected])
Martin Coombes – London (+44 (0)20 7071 4258, [email protected])
Chris Hickey – London (+44 (0)20 7071 4265, [email protected])

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

As the world reels from the COVID-19 pandemic and certain sectors of the economy struggle, False Claims Act (“FCA”) enforcement and litigation has largely plodded along during the first six months of 2020—and some areas reflect increasing activity. At the same time, the federal government’s stimulus efforts are sowing seeds for potentially significant future enforcement efforts, and the dire economic and employment landscape domestically may well catalyze whistleblower complaints.

As we have explained in prior alerts (available here and here), the federal government has spent record sums as part of COVID-19 stimulus and relief efforts; and whenever the government spends large amounts of money, activity under the FCA—the government’s primary tool for combating fraud against the government—is sure to follow. True to form, the government has already announced that FCA enforcement related to COVID-19 funding will be a priority in the months and years ahead, and we have begun to see the first wave of fraud prosecutions and investigations related to the government’s stimulus spending.

Meanwhile, enforcement efforts that started before the recent crisis have continued. And the courts, while somewhat slowed by shutdowns that have affected every court in the country, nevertheless produced notable opinions in the last six months that deserve careful attention for any company doing business, directly or indirectly, with the federal or state governments. As detailed below, these opinions address a wide range of issues, including the scope of the FCA’s falsity element (including in relation to whether and when differences in clinical judgments can serve as a predicate for liability), the contours of other key elements of the statute (e.g., scienter and materiality), and the public disclosure bar.

Below, we begin by summarizing recent enforcement activity, then provide an overview of notable legislative and policy developments at the federal and state levels, and finally we analyze significant court decisions from the past six months. Gibson Dunn’s recent publications regarding the FCA may be found on our website, including in-depth discussions of the FCA’s framework and operation, industry-specific presentations, and practical guidance to help companies avoid or limit liability under the FCA. And, of course, we would be happy to discuss these developments—and their implications for your business—with you.

I. NOTEWORTHY DOJ ENFORCEMENT ACTIVITY DURING THE FIRST HALF OF 2020

The first few months of 2020 featured a fairly typical number of FCA resolutions announced by DOJ. Unsurprisingly, there was a clear slowdown beginning in April as many government offices (and businesses) shuttered. This slowdown has resulted in lower overall recoveries compared to the pace during the first half of prior years. In a significant departure from past years, DOJ has announced only one nine-figure settlement this year (a $145 million settlement with a health information technology developer that was implicated in an alleged kickback scheme relating to prescriptions of opioid products).

Behind the scenes, however, neither the government nor the private relators’ bar seem to have lost focus on FCA enforcement as a result of COVID-19. Ongoing investigations are moving forward. And June has already seen a slight uptick in the number of resolutions announced (although the average amounts generally have been lower than in the beginning of 2020).

As usual, the majority of FCA recoveries from enforcement actions this year have involved health care and life sciences entities, including recoveries alleging violations of the Anti-Kickback Statute (“AKS”) and the Stark Law, which generally prohibit various types of remunerative arrangements with referring health care providers. Below, we summarize these and some of the other most notable settlements thus far in 2020.

In addition to the settlements summarized below, there was also a (comparatively rare) federal jury trial under the FCA during the first half of the year. In March 2020, a federal jury found after a nine-week trial that several individuals and their affiliated companies were liable for violations of the FCA, and awarded $10.85 million in single damages (which after statutory trebling and civil penalties resulted in a judgment of more than $32 million).[1] According to the government, the defendants submitted fraudulent Medicare cost reports when they billed Medicare for compensation paid to owners and executives who did not do reimbursable work for the hospital; the U.S. Attorney for the Southern District of Mississippi called the matter “one of the most egregious cases of Medicare fraud we have litigated in the State of Mississippi.”

A. Health Care and Life Science Industries

On January 15, a California-based manufacturer of durable medical equipment (“DME”) agreed to pay more than $37.5 million to resolve allegations that it violated the FCA by paying kickbacks to equipment suppliers, sleep laboratories, and other health care providers. The government alleged that the DME manufacturer induced patient referrals by, among other things, providing free patient outreach services and below-cost equipment and installation, as well as arranging for, and guaranteeing payments due on, interest-free loans for the purchase of its equipment. The company contemporaneously entered into a Corporate Integrity Agreement with the Department of Health and Human Services Office of Inspector General (“HHS-OIG”) that requires the company to implement additional controls around its product pricing and sales and conduct monitoring of its arrangements with referral sources.[2]
On January 21, a patient co-pay foundation based in Virginia agreed to pay $3 million to resolve allegations that it coordinated with three pharmaceutical manufacturers to enable them to provide kickbacks to Medicare patients taking the manufacturers’ drugs. DOJ alleged that the foundation designed and operated funds that directed money from the pharmaceutical manufacturers to patients to cover co-payments for drugs sold by those companies. The settlement amount was determined based on the foundation’s ability to pay. The foundation agreed to a three-year Corporate Integrity Agreement with HHS-OIG that requires the foundation to implement measures to ensure that it operates independently and that its interactions with donors comply with the law. The Integrity Agreement also requires compliance-related certifications from the foundation’s Board of Directors, and reviews by an independent review organization. The federal government previously entered into settlements with the three pharmaceutical manufacturers related to the same allegations.[3]
On January 27, a California-based health information technology developer entered into a deferred prosecution agreement and agreed to pay over $26 million in criminal fines and forfeit criminal proceeds of nearly $1 million, to resolve allegations that it obtained unlawful kickbacks from pharmaceutical companies in exchange for implementing clinical decision support alerts in its electronic health record software designed to increase prescriptions of the companies’ drug products. This represents the first criminal action against an electronic health records vendor. In a simultaneous civil settlement, the developer agreed to pay approximately $118.6 million to the federal government and states to resolve allegations that it accepted kickbacks from pharmaceutical companies and that it caused its users to submit false claims for federal incentive programs by misrepresenting the capabilities of its software. The civil settlement also resolved allegations that the developer obtained false certifications for its electronic health care software.[4]
On February 19, an operator of nursing facilities in Pennsylvania, Ohio, and West Virginia agreed to pay more than $15.4 million to settle allegations that it overbilled Medicare and the Federal Employees Health Benefits Program for medically unnecessary rehabilitation therapy services. The settlement also resolves allegations that the nursing facility operator received payments for ineligible services performed by employees who were excluded from federal health care programs. The relators who filed the case will receive approximately $2.8 million as their share of the recovery. The nursing facility operator also agreed to enter into a chain‑wide Corporate Integrity Agreement.[5]
On February 28, DOJ announced a second settlement related to the provision of unnecessary rehabilitation therapy services at nursing homes. A Tennessee-based provider of skilled nursing and rehabilitation services agreed to pay $9.5 million to settle allegations that it knowingly submitted false claims to Medicare for rehabilitation therapy services that were not reasonable, necessary, or provided by appropriately skilled personnel, and that it forged pre‑admission evaluations of patient need for skilled nursing services to Tennessee’s Medicaid Program. The two relators who filed the case will receive approximately $1.4 million and $145,000, respectively, as their share of the recovery.[6]
On February 28, a pharmaceutical company agreed to pay nearly $11.9 million to resolve allegations that it paid kickbacks to Medicare patients through a charitable foundation. The government alleged that the company violated the AKS and thus the FCA by making payments to the foundation for the purpose of using the foundation as a conduit to pay Medicare co-pay obligations of patients taking the company’s drug. The company also entered into a Corporate Integrity Agreement with HHS-OIG that will require, among other things, reviews by an independent review organization and compliance-related certifications from the company’s executives and Board of Directors.[7]
On March 17, a Pennsylvania doctor agreed to pay $2.8 million under the FCA and the Controlled Substances Act, as well as in civil forfeiture, relating to alleged distribution to patients of non-medically necessary drugs for which he then submitted claims to federal health care programs.[8]
On April 6, a New Jersey chiropractor agreed to pay $2 million to resolve allegations that he billed federal health care programs for unnecessary injections and knee braces and accepted kickbacks. This resolution followed an agreement reached with seven former clinics and their owners, which we discussed in our 2019 Year-End Update.[9]
On April 6, a Georgia-based biopharmaceutical company agreed to pay $6.5 million to resolve claims that it charged inflated prices to the U.S. Department of Veterans Affairs for human tissue graft products.[10] The company allegedly misreported its commercial pricing, enabling the company to charge inflated prices to the government.
On April 10, a rehabilitation services company agreed to pay more than $4 million to resolve allegations that it caused three skilled nursing facilities to submit claims for reimbursement for unnecessary or inaccurately recorded time allegedly spent on rehabilitation services. The company also entered into a five-year Corporate Integrity Agreement that requires training, auditing, and monitoring relating to the conduct at issue.[11]
On April 14, a rehabilitation company and related entities agreed to pay $10 million to resolve similar allegations that the company submitted claims to Medicare for rehabilitation therapy services that were improperly labeled as being for “Ultra High”—or the neediest—patients.[12]
On April 15, a lab company, an associated pain clinic, and two former executives agreed to pay $41 million to resolve FCA allegations that they engaged in unnecessary urine drug testing.[13] According to the government, the defendants developed and implemented a practice of automatically ordering expensive and unnecessary testing, without any physician making an individualized determination that the tests were medically necessary for particular patients.
On April 22, a non-profit hospital operator and affiliated physician group paid nearly $10 million to resolve allegations that they had engaged in unlawful referral arrangements in violation of the Stark Law, AKS, and FCA.[14] The hospital operator proactively self-disclosed its violations of the FCA to the government and cooperated in the investigation.
On April 27, a North Carolina-based laboratory agreed to pay $43 million to resolve FCA allegations that the company submitted claims for tests that were not medically necessary and engaged in other improper billing and compensation methods.[15]
On June 25, an Atlanta-based hospital system agreed to pay $16 million to resolve FCA allegations that it inappropriately billed federal health care programs for more costly inpatient care, rather than for outpatient care.[16] The government alleged that case managers overturned the judgment of treating physicians and billed Medicare and Medicaid for inpatient care despite the physicians’ recommendation that outpatient care was appropriate. The settlement also resolved allegations that the hospital system paid a commercially unreasonable sum to acquire a cardiology group in violation of the AKS.

B. Government Contracting

On January 3, a university based in New Jersey agreed to pay more than $4.8 million to resolve allegations that it submitted false claims for payment to the Department of Veterans Affairs to receive education benefits and funds pursuant to the Post-9/11 Veterans Education Assistance Act to which the university was not entitled. Three individuals previously pleaded guilty to related criminal charges.[17]
On January 31, two companies agreed to pay a collective $29 million to resolve FCA allegations that they rigged bidding in an auction to acquire a U.S. Department of Energy Loan. The government alleged that the companies pressured competing bidders to suppress bids during a live auction, thereby reducing the amount recovered in the auction and allowing the companies to acquire the loan for less than its fair market value. The relators who filed the case will receive approximately $5.2 million as their share of the recovery.[18]
On February 6, the successor to a local redevelopment agency based in Los Angeles, California, agreed to pay $3.1 million to resolve allegations that its predecessor violated the FCA by allegedly failing to comply with federal accessibility laws when it financed and helped develop affordable housing using federal funds. Since the events underlying the allegations, California has dissolved all redevelopment agencies, and the party to the settlement is working to wind down the affairs of its predecessor.[19]
On April 27, a Massachusetts university agreed to pay more than $1.3 million to resolve allegations of overcharging NIH grants.[20] The university self-disclosed concerns that one of its professors had overcharged NIH by overstating time and effort spent on statistical analysis support that the professor and her team provided to other professors on grant-related research.

II. LEGISLATIVE AND POLICY DEVELOPMENTS

A. COVID-19 Enforcement Policy

As we reported previously, DOJ has already confirmed that it will focus resources on COVID-19-related fraud. In a March 16 memorandum to all U.S. Attorneys and a March 20 press release, Attorney General William Barr announced that DOJ will prioritize the investigation and prosecution of coronavirus-related fraud schemes.[21] In addition, Attorney General Barr directed U.S. Attorneys to appoint a “Coronavirus Fraud Coordinator” in each district—responsible for coordinating enforcement and conducting public outreach and awareness—and also established a national system for whistleblowers to report suspected fraud.

Recent public remarks by DOJ Civil Division Principal Deputy Assistant Attorney General Ethan Davis—delivered in a June 28, 2020 speech—reaffirmed that the Civil Division’s Fraud Section has prioritized FCA actions involving fraud relating to COVID-19.[22] These remarks highlighted, in particular, intent to focus scrutiny under the FCA on several aspects of the stimulus funding under the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”), such as in connection with certifications of compliance with loan program requirements.

And DOJ has already begun taking action against COVID-19 related fraud, as promised. In one instance, DOJ filed criminal healthcare fraud charges against an officer of a medical technology company alleging in part that the defendant paid unlawful kickbacks and bundled medically unnecessary COVID-19 testing with other services billed to the government and thereby allegedly caused submission of false claims that were kickback-tainted, medically unnecessary, and/or otherwise not provided as represented.[23] Although the case involves only criminal charges, the underlying health care fraud allegations regarding unlawful billing and alleged kickbacks are what would likely form core FCA issues in a civil fraud action, and may be an indicator of what is to come.

B. Federal Legislative Developments

1. COVID-19 Legislation

There also have been several federal legislative developments thus far in 2020 that may spur FCA enforcement activities for years to come. We have covered these developments in detail in updates throughout the COVID-19 crisis (available here and here), and we summarize the key provisions here for ease of reference.

The most notable legislation is the CARES Act. The CARES Act, which is the largest emergency stimulus package in history, devotes $2.2 trillion worth of government funds to mitigate the effects of COVID-19.[24] The Act provides relief for businesses, industries, individuals, employers, and states in a number of ways, including a Small Business Administration (“SBA”) loan program offering up to $350 billion in relief, as well as economic stabilization programs to provide loans, loan guarantees, and funding for eligible industries, businesses, states, and municipalities.

DOJ has repeatedly signaled that it will devote significant resources to combating fraud related to COVID-19, including fraud involving CARES Act funds.[25] DOJ’s efforts will be complemented by the CARES Act’s creation of a new oversight committee called the Pandemic Response Accountability Committee (“PRAC”) to promote transparency and oversight of CARES Act appropriated funds.[26] The Act’s emergency appropriations included $80 million for the PRAC, which will be comprised of various agency Inspectors General to “(1) prevent and detect fraud, waste, abuse, and mismanagement; and (2) mitigate major risks that cut across program and agency boundaries.”[27]

2. Public Pronouncements Regarding DOJ’s Dismissal Authority

As in the past several years, public debate has continued in the first half of 2020 regarding DOJ’s use of its authority to dismiss FCA actions brought by qui tam relators. In a May 4, 2020 letter to Attorney General Barr, Senator Chuck Grassley (R-IA) stated that he could “confidently say,” as “the original author” of the 1986 amendments to the FCA, that the text of the FCA subjects DOJ’s dismissal decisions to judicial review.[28] As such, Senator Grassley stated, he “vehemently” disagreed with DOJ’s view, contained in a brief the Solicitor General recently filed in the Supreme Court, that DOJ’s dismissal decisions are “an unreviewable exercise of prosecutorial authority.”[29] DOJ has increasingly moved to dismiss FCA cases since January 10, 2018, when Michael Granston, then Director of the Civil Fraud Section, issued guidance on when DOJ should exercise its dismissal authority, a development we have discussed in prior updates (available here and here). It remains to be seen whether Senator Grassley’s letter will prompt any shift in DOJ’s approach.

DOJ itself has continued to make its dismissal authority a focal point of the Department’s public pronouncements. In January 2020, at the 2020 Advanced Forum on False Claims and Qui Tam Enforcement, then‑Deputy Associate Attorney General Stephen Cox emphasized that the FCA continues to be one of DOJ’s “most important tools” to fight health care, grant, financial, and government-contracting fraud.[30] He also discussed DOJ’s 31 U.S.C. § 3730(c)(2)(A) dismissal authority, noting that “if we see a qui tam action raising frivolous or non-meritorious allegations that the Department of Justice disagrees with or could not make in good faith, we should not let a plaintiff try the case on behalf of the United States.”[31] He further stated that DOJ’s “exercise of this authority will remain judicious, but we will use this tool more consistently to preserve our resources for cases that are in the United States’ interests and to rein in overreach in whistleblower litigation.”[32] This may be a signal that DOJ will become more aggressive in exercising its dismissal authority. However, it is also worth noting that Cox was recently confirmed as U.S. Attorney for the Eastern District of Texas, and another senior DOJ official, Jody Hunt, resigned from his position as Assistant Attorney General for the Civil Division effective July 3. It remains unclear whether these changes in senior DOJ personnel will beget a shift in DOJ’s approach to the exercise of its dismissal authority. We will continue to monitor and report on any such developments.

3. Final DOJ Rule Increasing Per-Claim Penalties

In late June, DOJ issued a final rule increasing FCA per‑claim penalties for the first time since 2018.[33] DOJ is required by law to adjust penalties to keep pace with inflation, and this change effectuates that mandate. Under the new penalty framework, for FCA penalties assessed after June 19, 2020 (and applicable to violations occurring after November 2, 2015), the minimum per‑claim penalty is now $11,665 (up from $11,181) and the maximum penalty is now $23,331 (up from $22,363).[34]

C. State Legislative Developments

We detailed HHS-OIG’s review and approval of state false claims statutes and other developments in state laws in our 2019 Mid-Year FCA Update and 2019 Year-End FCA Update.

As an incentive for seeking HHS-OIG approval, states can receive “a 10-percentage-point increase in their share of any amounts” recovered under the relevant laws.[35] To receive approval, state statutes must (among other requirements) contain provisions that are “at least as effective in rewarding and facilitating qui tam actions” as those in the federal FCA, and must contain civil penalties at least equivalent to those imposed by the federal FCA.[36] A similar requirement is that a given state’s statute must provide for civil penalty increases “at the same rate and time as those authorized under the [federal] FCA” pursuant to the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015.[37] Currently, the total number of states with approved statutes stands at twenty-one (California, Colorado, Connecticut, Delaware, Georgia, Hawaii, Illinois, Indiana, Iowa, Massachusetts, Montana, Nevada, New York, North Carolina, Oklahoma, Rhode Island, Tennessee, Texas, Vermont, Virginia, and Washington), while eight states have laws that have not yet been deemed to meet the federal standards (Florida, Louisiana, Michigan, Minnesota, New Hampshire, New Jersey, New Mexico, and Wisconsin).[38]

Several states also have proposed false claims act legislation in the first half of 2020. In the District of Columbia, the D.C. Council is considering a bill that would amend the District’s existing false claims act (D.C. Code Ann. § 2-381.01 et seq.) to expressly authorize tax-related false claims actions against persons who “reported net income, sales, or revenue totaling $1 million or more in a tax filing to which [the relevant] claim, record, or statement pertained, and the damages pleaded in the action total $350,000 or more.”[39] The bill would authorize treble damages for tax‑related violations, meaning District taxpayers could be liable for three times the amount not only of any taxes, but also of any interest and tax penalties.[40] Because D.C.’s current false claims statute excludes tax‑related claims from false claims liability, this bill, if passed, would represent a major policy shift.[41] The D.C. Council Committee of the Whole reported favorably on the bill on January 21, 2020, and recommended approval of the bill by the Council.[42]

The Pennsylvania legislature also is considering a false claims act bill that would enable private citizens to bring lawsuits on behalf of the state against anyone who “[k]nowingly presents or causes to be presented a false or fraudulent claim for payment or approval” or “[k]nowingly makes, uses or causes to be made or used, a false record or statement material to a false or fraudulent claim.”[43] The bill would also require the Attorney General to make recommendations to state agencies on how to prevent false claims violations from occurring.[44] The new law would empower the Pennsylvania Office of the Attorney General to enforce its provisions, including via civil investigative demands.[45] The bill largely mirrors the federal FCA and was first referred to the House Human Services Committee on May 21, 2020.[46] As of this update, it is pending review by the House Rules Committee, as the Pennsylvania General Assembly continues its 2019-2020 session.[47]

We also reported in our 2019 Mid-Year Update on a bill passed by the California Assembly, Assembly Bill No. 1270, which would alter the state’s false claim act considerably, including by amending the act to limit the definition of materiality to include only “the potential effect” of an alleged false record or statement “when it is made,” without consideration—contrary to the U.S. Supreme Court’s 2016 decision in Escobar[48]—of “the actual effect of the false record or statement when it is discovered.”[49] The amendments would also extend the act to tax-related cases where the damages pleaded exceed $200,000 and a defendant’s state-taxable income or sales exceed $500,000.[50] After the bill stalled in the State Senate, a California Assembly member (Mark Stone, D-Monterey Bay) introduced a substantially similar bill, Assembly Bill No. 2570.[51] The bill remains pending in the State Senate, which was scheduled to return from its summer recess on July 13 but on July 9 announced that the return would be delayed until July 27.[52] We will continue to monitor state legislation in these states and others for signs of further movement or revisions.

III. NOTABLE CASE LAW DEVELOPMENTS

The first half of 2020 saw a number of notable circuit court decisions, including several touching on the FCA’s reach, exploring Rule 9(b)’s heightened pleading requirements, and addressing notable topics such as litigation funding arrangements.

A. Third and Ninth Circuits Hold That Differences in Clinical Judgments May Satisfy “Falsity” Element under the FCA

One key area of developing FCA jurisprudence in recent years has been whether and when differences in medical opinions may satisfy the falsity element of FCA liability. Last year, the Eleventh Circuit held in United States v. AseraCare, Inc. that claims cannot be “deemed false” under the FCA based solely on “a reasonable difference of opinion among physicians” as to a medical provider’s clinical judgment, although the court left open the door for FCA claims where there is a showing of facts “inconsistent with the proper exercise of a physician’s clinical judgment.” 938 F.3d 1278, 1293 (11th Cir. 2019). Earlier decisions by the Tenth and Sixth Circuits, on the other hand, suggested that a mere difference of medical opinion between physicians may be sufficient in certain circumstances to show that a statement is “false” for purposes of FCA liability. United States ex rel. Polukoff v. St. Mark’s Hosp., 895 F.3d 730 (10th Cir. 2018); United States v. Paulus, 894 F.3d 267 (6th Cir. 2018).

The Third and Ninth Circuits entered the fray this year in a pair of similar decisions. First, the Third Circuit, in United States ex rel. Druding v. Care Alternatives, stated that a “physician’s judgment may be scrutinized and considered ‘false’” and that a “difference of medical opinion is enough evidence to create a triable dispute of fact regarding FCA falsity.” 952 F.3d 89, 100 (3d Cir. 2020). There, relators argued that defendants provided medically unnecessary hospice care to ineligible patients even though defendants maintained written certifications of necessity of care from a physician for each patient who was admitted to the hospice program. To prove the alleged “falsity” of the certifications, relators relied on expert testimony that the patients at issue did not, in fact, need hospice care—a conclusion disputed by defendants’ own experts. Id. at 91. The district court granted summary judgment to the defendants; because there was no evidence that any physician had certified hospice treatment was appropriate for any patient that the physician actually “believed was not hospice eligible,” the court reasoned that a mere disagreement among experts as to necessity of care could not establish that the admitting physicians’ clinical judgments were false. Id.

On appeal, the Third Circuit reversed, faulting the district court for conflating the elements of falsity and scienter, and concluding that “falsity” can be shown by mere differences in medical judgments. The court explained that a claim based on a medical conclusion regarding a patient’s care could be deemed “legally false,”—i.e., a claim that does not conform to certain regulatory requirements such as a requirement that any certification as to necessity of care be supported by a clinical diagnosis—and that in such circumstances, expert testimony would be relevant to determining falsity. Id. at 98.

Importantly, however, the Third Circuit recognized that the scienter element still serves as a “limit[ to] the possibility . . . [of] expos[ure] to liability under the FCA any time the Government could find an expert who disagreed with the certifying physician’s medical prognosis.” Id. at 96. Thus, even showing that opinions are “false” cannot serve to establish FCA liability absent evidence “that Defendant’s certifying doctor was making a knowingly false determination.” Id.

The Ninth Circuit reached a similar conclusion in Winter ex rel. United States v. Gardens Regional Hospital and Medical Center, holding that an FCA claim based on an alleged lack of medical necessity may be sufficient to survive a motion to dismiss. 953 F.3d 1108, 1117 (9th Cir. 2020). In Winter, the relator (a nurse) alleged that the defendant, a hospital provider, had “falsely certif[ied] that patients’ inpatient hospitalizations were medically necessary,” based on the relator’s opinion and on other evidence allegedly in the patients’ medical files. Id. at 1112. The district court granted defendants’ motion to dismiss, holding that because a relator “must show that a defendant knowingly made an ‘objectively false’ representation,” “a doctor’s clinical judgment cannot form the basis of an FCA suit” because “subjective medical opinions . . . cannot be proven to be objectively false.” Id.

The Ninth Circuit reversed, holding that differences in opinion may satisfy the falsity element. Like the Third Circuit, the Ninth Circuit faulted the district court for conflating scienter and falsity. Citing Druding and relying on the statutory text, the court explained that medical judgements can be “false” under the statute’s plain language, which does not “carve out an exception for clinical judgments and opinions.” Id. at 1117. The court explained that an opinion as to medical necessity may be “false,” for example, if the opinion is “dishonestly held” or is shown to be untrue by other evidence of a diagnosis in accordance with “standards of medical practice.” Id. The Ninth Circuit also disclaimed any conflict with the Eleventh Circuit’s AseraCare opinion, which it read as recognizing that clinical judgments can be false in some circumstances.

The Ninth Circuit emphasized that “falsity is a necessary, but not sufficient, requirement for FCA liability”—and that “after alleging a false statement, a plaintiff must still establish scienter” (i.e., that it was made with the requisite intent) for the statement to be actionable under the FCA. Id. at 1118. The court also cautioned, however, that at least at the pleadings stage, scienter may be “alleged generally” under Rule 9(b) and that “specific intent” to defraud is not required under the FCA. Id.

The decisions in Winter and Druding suggest that in cases premised on allegations regarding medical necessity, courts—at least in certain circuits—may allow claims based upon differences in opinions to proceed on the “falsity” element, at least under certain circumstances; but other elements (such as scienter, and materiality) still provide strong defenses. Unfortunately, this may limit defendants’ ability to secure dismissal of spurious suits at the pleading stage.

B. Fourth Circuit Rejects Qualified Immunity as a Defense to FCA Liability for Government Officials

When applicable, the doctrine of qualified immunity shields federal and state officials from damages for violating statutory or constitutional rights. The Fourth Circuit, in United States ex rel. Citynet, LLC v. Gianato, rejected qualified immunity as a defense to FCA claims under any circumstances. 962 F.3d 154, 160 (4th Cir. 2020). In Citynet, the relator alleged that certain state officials in West Virginia had defrauded the United States when obtaining federal funding to improve broadband connectivity for state residents. Defendants moved to dismiss based on qualified immunity, and although the district court deferred ruling on the merits of the defense, its decision nevertheless implicitly recognized that the doctrine “could [be] invoke[d] as a defense to claims of fraud brought under the FCA.” Id. at 156.

In an interlocutory appeal, the Fourth Circuit reversed, concluding that qualified immunity “may not be invoked as a defense to liability under the FCA.” As the court explained, the doctrine of qualified immunity is fundamentally “inconsistent” with “the FCA’s scienter requirement,” which is explicit that FCA liability “attaches only where a person has acted intentionally or recklessly.” Id. at 159. Because qualified immunity protects a government official only when the official acts “reasonably, but mistakenly,” and not when “acting intentionally or recklessly,” qualified immunity does not apply in the FCA context. Id. The court also relied on policy concerns behind application of the doctrine—namely that it is intended to protect the public interest—in rejecting its application in cases where the United States is defrauded. Id.

C. Seventh Circuit on AKS Liability

The Seventh Circuit’s recent ruling on what may constitute a “referral” subject to the AKS might have FCA implications. In Stop Illinois Health Care Fraud, LLC v. Sayeed, the relator alleged that in-home health care services providers and associated entities engaged in an illegal patient referral scheme. Under the alleged scheme, the provider purportedly purchased access to patient files from a non-profit senior care organization, in violation of the AKS and, by extension, the FCA. 957 F.3d 743, 745 (7th Cir. 2020). After a bench trial, the district court entered judgment for the defendants, concluding that there was no evidence that any remuneration was paid with the intent to induce “referrals.” Id. at 745. Among other arguments, relator argued at trial that the provider had violated the AKS when it entered into a contract with the non-profit under which it paid a monthly fee that was “intended to secure access to client information” in the non-profit’s files, which was then used by the provider to solicit business. Id.

On appeal, the Seventh Circuit held that the district court had not adequately addressed whether this “file-access theory” of liability could “constitute a prohibited referral under the Anti-Kickback Statute.” Id. at 746. The Seventh Circuit outlined that the term “referral” does not require “explicit direction of a patient to a provider” in a direct manner but rather, is to be understood as a “more inclusive” notion, to include “subtle” arrangements that involve even an “indirect means of connecting a patient with a provider.” Id. The court recognized that where a provider allegedly has provided something of value in exchange for access to files with patient information and then used that information to solicit clients, this set of facts “would allow, but perhaps not compel, a finding that [the arrangement] qualifies as a referral.” Ultimately, the Seventh Circuit remanded this “close question” for the district court to consider initially. Id.

The Seventh Circuit’s description of what could potentially constitute a “referral” subject to the AKS, and, by turn, implicate the FCA if billed to the government, may invite further theories of AKS and FCA liability in this arena.

D. Courts Continue to Interpret the FCA’s Materiality And Scienter Requirements Post-Escobar

Courts this year have continued to develop and refine jurisprudence regarding materiality, government knowledge, and scienter under the FCA in the wake the Supreme Court’s landmark decision on the implied certification theory of liability in Universal Health Services v. United States ex rel. Escobar, 136 S. Ct. 1989 (2016). Consistent with the Supreme Court’s directive in Escobar, courts have examined whether FCA plaintiffs have adequately alleged facts to satisfy the rigorous and demanding materiality standard at the pleadings stage.

Earlier this year, the Eleventh Circuit weighed in on both materiality and scienter—as well as a challenge to a relator’s status based on a litigation funding agreement. In Ruckh v. Salus Rehabilitation, LLC, the relator alleged that a nursing home facility and related entities were misrepresenting the services they provided and also failed to comply with Medicaid requirements (e.g., by upcoding claims). No. 18-10500, — F.3d —-, 2020 WL 3467393, at *4 (11th Cir. June 25, 2020). After a jury found the defendants liable for alleged FCA violations and awarded more than $100 million in damages before trebling, the district court granted a motion to set aside the verdict, finding relators had failed to provide sufficient evidence of materiality and scienter at trial.

On appeal, the Eleventh Circuit reversed and reinstated the verdict in part. As to materiality, while the defendants argued that instances of “upcoding” and similar practices were “recordkeeping mistakes the FCA does not punish,” the court held that “the jury was not required to believe the defendants’ position” and reasonably could have found this an “implausible explanation.” Id. at 12. As to scienter, despite the district court’s observation there was no evidence of a “massive, authorized, cohesive, concerted, enduring, top-down corporate scheme,” the court of appeals held that relator’s evidence showing company management was allegedly aware of and approved the practices at issue supported the jury’s finding that the defendants acted with scienter. Id. at 12-16.

The court upheld, however, a reduction of approximately $20 million in the jury verdict relating to a subset of the claims at issue. Those claims stemmed from patient files that lacked care plans allegedly in violation of applicable regulations. Id. at 16. The Eleventh Circuit reasoned that there was “no evidence” that the government sought reimbursement for these violations once it was made aware of them; nor was there evidence it ever “declines payment for, or otherwise enforces these types of violations.” Id. Moreover, the court held that Escobar compelled a finding in defendants’ favor because there was no evidence linking the absence of care plans to any “specific representations regarding the services provided” as is required by the Supreme Court’s opinion. Id. at 16-17.

On appeal, defendants sought to disqualify the relator based on a litigation financing agreement between the relator and a litigation funding entity that required the relator to assign 4% of her interest in any potential recovery to the entity. Defendants argued that the arrangement violated the FCA. Id. at 7-9. The court rejected this argument, concluding that while the FCA “does not expressly authorize relators to reassign their right to represent the interests of the United States in qui tam actions” neither did it “proscribe[] such assignment.” Id. at 9. The court reasoned that the FCA expressly “includes a number of restrictions, including on the conduct of qui tam actions and who may serve as a relator,” and noted that prohibition on entry into a litigation funding agreement was not among those enumerated restrictions. On this basis, the court declined to “engraft[] any further limitations onto the statute.” Id. at 12.

The Tenth Circuit also addressed the issue of materiality in United States ex rel. Janssen v. Lawrence Memorial Hospital, 949 F.3d 533 (10th Cir. 2020). There, the relator alleged a hospital violated the FCA by allegedly falsely certifying (1) the accuracy of data regarding patient arrival times required to be reported by Medicare and (2) compliance with a statutory requirement to provide FCA compliance information in an employee handbook. Id. at 546. The district court granted summary judgment to the defendants on materiality, finding there was no evidence that the alleged falsehoods influenced the government’s payment decisions. Id.

The Tenth Circuit affirmed, explaining that Escobar requires materiality to be assessed by looking “to the effect on the likely or actual behavior of the recipient of the alleged misrepresentation,” rather than the objective behavior of a reasonable person. Id. at 541. In cases alleging regulatory noncompliance, this requires looking to whether the government refused to pay in past similar instances, whether the noncompliance is minor or insubstantial, and whether compliance with the regulations at issue is a condition of payment. Id.

In rejecting the theory that recording inaccurate patient arrival times was material, the court relied on the fact that CMS was made aware of the data issue in 2014 through detailed allegations from a former employee, and “has done nothing in response and continues to pay [the] Medicare claims.” Id. at 542. The court also held that while there were “inaccuracies in [data] reporting” there were not “sufficiently widespread deficiencies” likely to affect the government’s payment decision. Moreover, the court noted that imposing FCA liability would “undermine” the separate CMS administrative program intended to handle such noncompliance. Id. at 543. As to the allegedly non-compliant employee handbooks, the court found that these were “precisely the type of garden-variety compliance issues that the demanding materiality standards of the FCA are meant to forestall.” Id. at 545. This issue, at best, was “limited” and did not represent a “wholesale failure” of the company’s compliance function (noting the defendant provided FCA training elsewhere). Id. Moreover, as with the reporting issues, the relator failed to show any likely effect of the noncompliance on the government’s payment decision. Id.

The Janssen opinion underscores that defendants can and should urge courts to rigorously enforce the FCA’s materiality requirement, lest the FCA become the “general antifraud statute and tool for policing minor regulatory compliance issues” that Escobar warned against.

By contrast, in United States ex rel. Drummond v. BestCare Laboratory Services, L.L.C., the Fifth Circuit rejected defendants’ scienter and falsity challenges. 950 F.3d 277 (5th Cir. 2020). There, a competitor-relator alleged that a clinical testing laboratory obtained millions in reimbursement for miles that its technicians never traveled. Id. at 277. The government intervened and argued, in relevant part, that the defendants sought payment for mileage driven by technicians purportedly to collect samples that were, in reality, shipped, and that the defendant counted a single shipment of multiple samples as separate mileage for each sample. Id. at 280.

On appeal, defendants argued the reimbursement practices at issue were lawful, relying on sub‑regulatory guidance in a CMS billing manual, or in the alternative, that there was a triable issue of fact as to scienter, because they had a “good faith” belief the practices were lawful based on their interpretation of the manual. Id. at 281. The Fifth Circuit rebuffed both arguments. As to the first, the court concluded that even if defendants had complied with the CMS manual, any “sub-regulatory guidance” in the manual would at best be a “policy statement” that has “no binding legal effect.” Id. at 281. As to scienter, the court held that the sub-regulatory guidance at issue—which expressly stated contractors could not bill “for miles not actually traveled by the laboratory technician”—made it clear there was “no way to read the Manual to suggest” defendants’ practices of billing for miles “not actually traveled by anyone” were lawful. Id.

E. Fifth and Eighth Circuits Explore Rule 9(b)’s Particularity Requirements in Affirming Dismissal of FCA Claims

While the Supreme Court has rejected multiple petitions to clarify the interplay of Rule 9(b) and the FCA, circuit courts have grappled with precisely how to apply Rule 9(b)’s particularity requirement in FCA cases. Rule 9(b) heightens the pleading standard for fraud claims, stating that a party “must state with particularity the circumstances constituting fraud or mistake.” Courts generally have recognized that an FCA plaintiff can satisfy Rule 9(b) either by pleading (1) representative examples of the false claims, or (2) the particular details of a scheme to submit false claims paired with reliable indicia that lead to a strong inference that claims were actually submitted.

In United States ex rel. Benaissa v. Trinity Health, the Eighth Circuit addressed the contours of what constitutes “reliable indicia” sufficient to support a strong inference that claims were actually submitted. No. 19-1207, — F.3d. —-, 2020 WL 3455795, at *4 (8th Cir. June 25, 2020). In Trinity, the relator—a trauma surgeon who operated at the defendants’ regional hospital system—alleged that the defendants compensated five physicians for referrals in violation of the Stark Law and AKS, rather than for their skills or credentials. After the district court dismissed the claims under Rule 9(b), the relator argued on appeal that he had pleaded the particular details of a scheme paired with “reliable indicia” supporting an inference that claims were submitted. Specifically, relator pointed to his allegation that defendant derived nearly 30% of its annual revenue from Medicare reimbursements and it was likely that at least some of the claims submitted would be for services provided by those particular physicians. Id. at *3.

The Eighth Circuit disagreed, and affirmed dismissal under Rule 9(b), holding that the relator lacked “firsthand knowledge of [defendant’s] billing practices” and had not pleaded any details about those billing indicating a reliable “basis for knowledge” that fraudulent claims were submitted, such as dates and descriptions of particular services coupled with “a description of the billing system that the records were likely entered into.” Id. at *4. The court rejected the notion that its ruling constricts would-be relators to a narrow class of only those “members of the billing department or the financial services department of a hospital.” Id. Acknowledging that such “an insider might have an easier time obtaining information about billing practices,” the court observed that it and other courts have held many other types of individuals can serve as relators—including physicians, EMTs, and nurse practitioners—so long as they plead “particular and reliable indicia that false bills were actually submitted as a result of the scheme”—such as “dates that services were fraudulently provided or recorded,” and “by whom.” Id.

The Eighth Circuit’s decision makes clear that mere generalized allegations—e.g., that a company is in receipt of a large amount of Medicare reimbursement and that every submitted claim by that company relating to certain physicians was false or fraudulent—do not satisfy Rule 9(b).

In United States ex rel. Integra Med Analytics, L.L.C. v. Baylor Scott & White Health, the Fifth Circuit explored whether and when statistical evidence can satisfy pleading requirements in an FCA case. No. 19-50818, — Fed. App’x —-, 2020 WL 2787652, at *4 (5th Cir. May 28, 2020). There, the relator alleged that a short-term care hospital system and its affiliates billed Medicare for medically unnecessary treatments and engaged in upcoding. The latter theory relied primarily on allegations regarding a statistical analysis of inpatient claims data that purportedly showed that the defendant coded for certain conditions at a higher rate than other hospitals, as well as alleged statements by a former employee that he was directed to fraudulently bill. Id. at *1-2. The Fifth Circuit affirmed the district court’s dismissal, holding that the allegations failed to satisfy either the plausibility requirement of Rule 8(a) or the particularity requirement of Rule 9(b). Id. at *4.

The court held that the relator’s “statistical analysis” did not satisfy either Rule 8(a)’s or Rule 9(b)’s pleading requirements, alone or in conjunction with other allegations. The court explained that the same statistical data showed that the rate of coding for the same procedures by other hospitals increased every year until the average was “within a few percentage points” of the defendants, which was due to an industry wide trend resulting from CMS guidance encouraging hospitals to “tak[e] full advantage of coding opportunities to maximize” Medicare payments as long as supported by documentation in the medical record. Id. at *3-4. Thus, the court held, while defendant’s higher than average billing rates were “consistent with” the submission of “fraudulent Medicare reimbursement claims to the government,” they were also consistent with the defendant simply “being ahead of most [other] healthcare providers in following new guidelines from CMS.” Id. at *3. The Fifth Circuit held that the relator’s allegations regarding medically unnecessary treatments and statements by former coding employees all failed to satisfy Rule 9(b) because the allegations were conclusory and “fail[ed] to state the content of” any allegedly fraudulent directives or guidance. Id. at *5.

The Fifth Circuit cautioned that its “conclusion does not exclude statistical data from being used to meet the pleading requirements of Federal Rule of Civil Procedure 8(a) and, when paired with particular details, Rule 9(b).” Id. at *4.

F. First and Sixth Circuits Explore Application of the Public Disclosure Bar and Original Source Exception

The FCA’s public disclosure bar requires dismissal of an FCA case “if substantially the same allegations or transactions” forming the basis of the action have been publicly disclosed, including “in a Federal criminal, civil, or administrative hearing in which the Government or its agent is a party,” unless the relator is an “original source of the information.” 31 U.S.C. § 3730(e)(4).

In United States ex rel. Holloway v. Heartland Hospice, Inc., the Sixth Circuit unanimously held that relators are “agents” of the government for purposes of the above language of the public disclosure bar, such that disclosure to a relator in a federal civil case may trigger the bar. The court therefore affirmed the district court’s dismissal of a case alleging substantially the same scheme as three prior qui tam suits involving the defendant’s parent company. 960 F.3d 836 (6th Cir. 2020). In that case, the relator—a former consultant for Heartland—alleged that the defendants certified patients as eligible for hospice under Medicare regulations even when the patients were not terminally ill, thereby “leech[ing] millions of dollars from the federal government in payments for unnecessary hospice care.” Id. at 839.

The court rejected three of the four categories of potential public disclosures identified by the defendant. Id. at 841. It explained that a DOJ settlement of FCA claims and a qui tam complaint filed against other entities, both of which involved similar schemes, did not constitute public disclosures because courts do not infer industry-wide disclosure from allegations against a particular company. The court also concluded that a report by HHS-OIG finding that 4% of claims “did not meet certification of terminal illness requirements” did not constitute a prior disclosure because the report contained “no insinuation of fraud, but at most noncompliance.” Id. at 844.

But the Sixth Circuit concluded that three qui tam complaints filed against defendants’ parent company and related entities triggered the public disclosure bar. The court rejected the relator’s contention that these cases were not “public” because the government did not intervene. As the Sixth Circuit observed, a qui tam relator is the government’s agent for purposes of the public disclosure bar because the government is the real party in interest and exerts a fair amount of control over qui tam litigation. Further, the complaints “disclosed” the fraud alleged in the complaint because they “depict[ed] essentially the same scheme.”

In United States ex rel. Banigan v. PharMerica Inc., meanwhile, the First Circuit clarified the meaning of the term “original source.” 950 F.3d 134 (1st Cir. 2020). There, the plaintiffs alleged that the defendant, one of the largest long-term care pharmacy companies in the United States, provided kickbacks to incentivize nursing homes to switch residents’ prescriptions from other manufacturers’ drugs to its own antidepressants. The purported kickbacks included contractual discounts, rebates, and bonuses. The district court dismissed the case, applying the public disclosure bar.

But the First Circuit reversed. Although the circuit court agreed with the district court that an earlier FCA action involving the same scheme triggered the public disclosure bar, it concluded that the relator was an “original source of the information,” and that dismissal was therefore inappropriate. Id. at 137.

As the circuit court explained, under the version of the public disclosure bar in effect prior to the 2010 amendments to the FCA, an “original source” must have both direct and independent knowledge of the information on which his allegations are based. Id. at 136 n.1, 138. The First Circuit rejected the argument that the relator’s knowledge was not “direct” because he had learned about the scheme from others, through email and word of mouth, rather than being someone who had participated in or observed the scheme in operation directly. The court also held that the relator could still qualify as an original source, despite first learning of the scheme only as it was winding down. Id. at 140. Focusing on the statutory text, the court stated that the statute requires direct and independent knowledge only of the information on which allegations are based, not direct and independent knowledge of the fraudulent acts themselves. Similarly, the court rejected any requirement that an original source have contemporaneous knowledge of the fraud. According to the court, that position lacks textual support, and such a requirement would discourage reports of fraud. Id.

IV. CONCLUSION

We will monitor these developments, along with other FCA legislative activity, settlements, and jurisprudence throughout the year and report back in our 2020 False Claims Act Year-End Update, which we will publish in January 2021.

_______________________

[1] Press Release, U.S. Atty’s Office for the So. Dist. of MS, Federal Jury finds Defendants Guilty of Submitting False Claims to Medicare under Civil False Claims Act (March 13, 2020), https://www.justice.gov/usao-sdms/pr/federal-jury-finds-defendants-guilty-submitting-false-claims-medicare-under-civil-false.

[2] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Resmed Corp. to Pay the United States $37.5 Million for Allegedly Causing False Claims Related to the Sale of Equipment for Sleep Apnea and Other Sleep-Related Disorders (Jan. 15, 2020), https://www.justice.gov/opa/pr/resmed-corp-pay-united-states-375-million-allegedly-causing-false-claims-related-sale.

[3] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Patient Services Inc. Agrees to Pay $3 Million for Allegedly Serving as a Conduit for Pharmaceutical Companies to Illegally Pay Patient Copayments (Jan. 21, 2020), https://www.justice.gov/opa/pr/patient-services-inc-agrees-pay-3-million-allegedly-serving-conduit-pharmaceutical-companies.

[4] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Electronic Health Records Vendor to Pay $145 Million to Resolve Criminal and Civil Investigations (Jan. 27, 2020), https://www.justice.gov/opa/pr/electronic-health-records-vendor-pay-145-million-resolve-criminal-and-civil-investigations-0.

[5] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Guardian Elder Care Holdings and Related Entities Agree to Pay $15.4 Million to Resolve False Claims Act Allegations for Billing for Medically Unnecessary Rehabilitation Therapy Services (Feb. 19, 2020), https://www.justice.gov/opa/pr/guardian-elder-care-holdings-and-related-entities-agree-pay-154-million-resolve-false-claims.

[6] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Diversicare Health Services Inc. Agrees to Pay $9.5 Million to Resolve False Claims Act Allegations Relating to the Provision of Medically Unnecessary Rehabilitation Therapy Services (Feb. 28, 2020), here.

[7] See Press Release, U.S. Atty’s Office for the Dist. of MA, Sanofi Agrees to Pay $11.85 Million to Resolve Allegations That it Paid Kickbacks Through a Co-Pay Assistance Foundation (Feb. 28, 2020), https://www.justice.gov/usao-ma/pr/sanofi-agrees-pay-1185-million-resolve-allegations-it-paid-kickbacks-through-co-pay.

[8] See Press Release, U.S. Atty’s Office for the Eastern Dist. of PA, Doctor Who Pleaded Guilty to Health Care Fraud for “Goodie Bags” Agrees to Resolve Civil Fraud and Controlled Substance Liability for $2.8 Million (Mar. 17, 2020), https://www.justice.gov/usao-edpa/pr/doctor-who-pleaded-guilty-health-care-fraud-goodie-bags-agrees-resolve-civil-fraud-and.

[9] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, New Jersey Chiropractor Agrees to Pay $2 Million to Resolve Allegations of Unnecessary Knee Injections and Knee Braces and Related Kickbacks (Apr. 6, 2020), https://www.justice.gov/opa/pr/new-jersey-chiropractor-agrees-pay-2-million-resolve-allegations-unnecessary-knee-injections.

[10] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, MiMedx Group Inc. Agrees to Pay $6.5 Million to Resolve False Claims Act Allegations of False Commercial Pricing Disclosures (Apr. 6, 2020), https://www.justice.gov/opa/pr/mimedx-group-inc-agrees-pay-65-million-resolve-false-claims-act-allegations-false-commercial.

[11] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Contract Rehab Provider to Pay $4 Million to Resolve False Claims Act Allegations Relating to the Provision of Medically Unnecessary Rehabilitation Therapy Services (Apr. 10, 2020), https://www.justice.gov/opa/pr/contract-rehab-provider-pay-4-million-resolve-false-claims-act-allegations-relating-provision.

[12] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Nursing Home Chain Saber Healthcare Agrees to Pay $10 Million to Settle False Claims Act Allegations (Apr. 14, 2020), https://www.justice.gov/opa/pr/nursing-home-chain-saber-healthcare-agrees-pay-10-million-settle-false-claims-act-allegations.

[13] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Reference Laboratory, Pain Clinic, and Two Individuals Agree to Pay $41 Million to Resolve Allegations of Unnecessary Urine Drug Testing (Apr. 15, 2020), https://www.justice.gov/opa/pr/reference-laboratory-pain-clinic-and-two-individuals-agree-pay-41-million-resolve-allegations.

[14] Press Release, U.S. Atty’s Office for the Western Dist. of VA, Centra Health Inc. and Blue Ridge Ear, Nose, Throat, and Plastic Surgery, Inc. Agree to Pay Nearly $10 Million to Settle False Claims Act Allegations (Apr. 22, 2020), https://www.justice.gov/usao-wdva/pr/centra-health-inc-and-blue-ridge-ear-nose-throat-and-plastic-surgery-inc-agree-pay?_sm_au_=iVVJ1pNS4QjFZ7VjFcVTvKQkcK8MG.

[15] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Testing Laboratory Agrees to Pay Up to $43 Million to Resolve Allegations of Medically Unnecessary Tests (Apr. 27, 2020), here.

[16] See Press Release, U.S. Atty’s Office for the Northern Dist. of GA, Atlanta hospital system to pay $16 million to resolve false claims allegations (June 25, 2020), https://www.justice.gov/usao-ndga/pr/atlanta-hospital-system-pay-16-million-resolve-false-claims-allegations.

[17] See Press Release, U.S. Atty’s Office for the Dist. of NJ, Caldwell University Agrees To Pay More Than $4.8 Million To Resolve Allegations Of Violating False Claims Act (Jan. 3, 2020), https://www.justice.gov/usao-nj/pr/caldwell-university-agrees-pay-more-48-million-resolve-allegations-violating-false-claims.

[18] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Purchaser of Department of Energy Loan to Pay $29 Million to Settle Alleged Bidding Fraud (Jan. 31, 2020), https://www.justice.gov/opa/pr/purchaser-department-energy-loan-pay-29-million-settle-alleged-bidding-fraud.

[19] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, CRA/LA Agrees to Pay $3.1 Million to Resolve Alleged Misuse of Federal Funds for Inaccessible Housing (Feb. 6, 2020), https://www.justice.gov/opa/pr/crala-agrees-pay-31-million-resolve-alleged-misuse-federal-funds-inaccessible-housing.

[20] Press Release, U.S. Atty’s Office for the Dist. of MA, Harvard University Agrees to Pay Over $1.3 Million to Resolve Allegations of Overcharging NIH Grants (Apr. 27, 2020), https://www.justice.gov/usao-ma/pr/harvard-university-agrees-pay-over-13-million-resolve-allegations-overcharging-nih-grants?_sm_au_=iVVJ1pNS4QjFZ7VjFcVTvKQkcK8MG.

[21] U.S. Dep’t of Justice, Memorandum from Attorney General William P. Barr (Mar. 16, 2020), https://www.justice.gov/ag/page/file/1258676/download; Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Attorney General William P. Barr Urges American Public to Report COVID-19 Fraud (Mar. 20, 2020), https://www.justice.gov/opa/pr/attorney-general-william-p-barr-urges-american-public-report-covid-19-fraud.

[22] See Office of Pub. Affairs, U.S. Dep’t of Justice, Principal Deputy Assistant Attorney General Ethan P. Davis delivers remarks on the False Claims Act at the U.S. Chamber of Commerce’s Institute for Legal Reform (July 6, 2020), https://www.justice.gov/civil/speech/principal-deputy-assistant-attorney-general-ethan-p-davis-delivers-remarks-false-claims.

[23] United States v. Mark Schena, Indictment (Jun. 8, 2020), https://www.justice.gov/opa/press-release/file/1283931/download.

[24] See Gibson, Dunn, & Crutcher LLP, Emergency Federal Measures to Combat Coronavirus (Mar. 18, 2020), https://www.gibsondunn.com/emergency-federal-measures-to-combat-coronavirus/.

[25] See, e.g., U.S. Dep’t of Justice, Memorandum from Attorney General William P. Barr (Mar. 16, 2020), https://www.justice.gov/ag/page/file/1258676/download.

[26] See Gibson, Dunn & Crutcher LLP, Senate Advances the CARES Act, the Largest Stimulus Package in History, to Stabilize the Economic Sector During the Coronavirus Pandemic (Mar. 26, 2020) (“CARES Alert”), https://www.gibsondunn.com/senate-advances-the-cares-act-to-stabilize-economic-sector-during-coronavirus-pandemic/.

[27] Id. (quoting CARES Act Section 15010(b)(1)-(2)).

[28] See Letter from Sen. Charles E. Grassley, Chair, S. Comm. on Fin., to Hon. William Barr, Att’y Gen. 1-2 (Sept. 4, 2019), https://www.grassley.senate.gov/sites/default/files/2020-05-04%20CEG%20to%20DOJ%20%28FCA%20Dismissal%20authority%29.pdf.

[29] See id. at 1.

[30] See Stephen Cox, Deputy Assoc. Att’y Gen., Keynote Remarks at the 2020 Advanced Forum on False Claims and Qui Tam Enforcement (Jan. 27, 2020), https://www.justice.gov/opa/speech/deputy-associate-attorney-general-stephen-cox-provides-keynote-remarks-2020-advanced.

[31] Id.

[32] Id.

[33] 85 Fed. Reg. 37004 (June 19, 2020).

[34] Id. at 37006.

[35] State False Claims Act Reviews, Dep’t of Health & Human Servs.–Office of Inspector Gen., https://oig.hhs.gov/fraud/state-false-claims-act-reviews/index.asp.

[36] Id.

[37] Id.

[38] Id.

[39] DC B23-0035, 23d Council (2019-2020), https://lims.dccouncil.us/Legislation/B23-0035.

[40] See D.C. Code § 2-381.02(a) (2013).

[41] See D.C. Code § 2-381.02(d) (2013) (stating that “[t]his section shall not apply to claims, records, or statements made pursuant to those portions of Title 47 of the District of Columbia Official Code that refer or relate to taxation”).

[42] See Council of the District of Columbia, Committee of the Whole Committee Report on Bill 23-35, “False Claims Act of 2020,” http://chairmanmendelson.com/wp-content/uploads/2020/01/B23-35-False-Claims-Committee-Packet.pdf.

[43] See HB 2352 Pennsylvania General Assembly Bill Information (2019-2020), here.

[44] Id.

[45] Id.

[46] Id.

[47] Id.

[48] Universal Health Servs. v. United States ex rel. Escobar, 136 S. Ct. 1989, 2002 (2016).

[49] See AB-1270 False Claims Act, California Legislative Information (2019-2020), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1270.

[50] Id.

[51] See AB-2570 False Claims Act, California Legislative Information (2019-2020) http://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB2570.

[52] Id.; see also Patrick McGreevy, California legislators delay return to Capitol as a lawmaker is hospitalized with COVID-19, L.A. Times (July 8, 2020), here.

The following Gibson Dunn lawyers prepared this client update: Stuart Delery, Jim Zelenay, John Partridge, Jonathan Phillips, Joseph Warin, Joseph West, Robert Blume, Ryan Bergsieker, Karen Manos, Charles Stevens, Winston Chan, Andrew Tulumello, Benjamin Wagner, Alexander Southwell, Reed Brodsky, Robert Walters, Monica Loseman, Geoffrey Sigler, Sean Twomey, Reid Rector, Alli Chapin, Meghan Dunn, Julie Hamilton and Jillian Katterhagen.

Gibson Dunn lawyers regularly counsel clients on the False Claims Act issues. Please feel free to contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following members of the firm’s False Claims Act/Qui Tam Defense Group:

Washington, D.C.
F. Joseph Warin (+1 202-887-3609, [email protected])
Stuart F. Delery (+1 202-887-3650, [email protected])
Joseph D. West (+1 202-955-8658, [email protected])
Andrew S. Tulumello (+1 202-955-8657, [email protected])
Karen L. Manos (+1 202-955-8536, [email protected])
Jonathan M. Phillips (+1 202-887-3546, [email protected])
Geoffrey M. Sigler (+1 202-887-3752, [email protected])

New York
Zainab N. Ahmad (+1 212-351-2609, [email protected])
Matthew L. Biben (+1 212-351-6300, [email protected])
Reed Brodsky (+1 212-351-5334, [email protected])
Alexander H. Southwell (+1 212-351-3981, [email protected])

Denver
Robert C. Blume (+1 303-298-5758, [email protected])
Monica K. Loseman (+1 303-298-5784, [email protected])
John D.W. Partridge (+1 303-298-5931, [email protected])
Ryan T. Bergsieker (+1 303-298-5774, [email protected])

Dallas
Robert C. Walters (+1 214-698-3114, [email protected])

Los Angeles
Timothy J. Hatch (+1 213-229-7368, [email protected])
James L. Zelenay Jr. (+1 213-229-7449, [email protected])
Deborah L. Stein (+1 213-229-7164, [email protected])

Palo Alto
Benjamin Wagner (+1 650-849-5395, [email protected])

San Francisco
Charles J. Stevens (+1 415-393-8391, [email protected])
Winston Y. Chan (+1 415-393-8362, [email protected])

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

On July 16, 2020, the Court of Justice of the European Union struck down as legally invalid the U.S.-EU Privacy Shield, which some companies have used to justify transfers of personal data from the EU to the U.S. The Court also ruled that the “Standard Contractual Clauses”(“SCCs”) approved by the European Commission, another mechanism many companies use to justify such transfers, remain valid with some caveats. The Court’s decision will force companies on both sides of the Atlantic to reassess their data transfer mechanisms, as well as the locations in which they store personal data.

This Client Alert lays out the key aspects and implications of the decision.

I. Context of the Decision

As a reminder, under the General Data Protection Regulation (“GDPR”), a transfer of personal data out of the EU may take place only if the third country ensures an adequate level of data protection, as determined by a decision of the European Commission. In the absence of an adequacy decision, the exporter may proceed to such data transfer only if it has put in place appropriate safeguards, which may be provided for by the standard contractual clauses adopted by the Commission. However, in recent years, the validity of these safeguards has been under attack, with the Court’s July 16 decision as the most recent significant milestone in that dispute. In large part these attacks have been based on concerns regarding U.S. government access to data on European residents transferred from the EU to the U.S.—concerns that became prominent following reports on government surveillance made public by former U.S. government contractor Edward Snowden.

In June 2013, Maximilian Schrems, a resident of Austria, lodged a complaint with the Irish supervisory authority, the Data Protection Commission (“DPC”) in order to prohibit the transfer of his personal data from the European subsidiary of a social media company to the parent corporation in the U.S. Schrems claimed that U.S. laws and practices do not offer sufficient protection against surveillance by U.S. authorities in relation to data transferred to the U.S. That complaint was initially rejected by the DPC on the ground that, in its Safe Harbour Decision 2000/520, the European Commission had found that the U.S. ensured an adequate level of protection. However, in an October 6, 2015 ruling (the so-called “Schrems I case”[i]), the Court declared that the Safe Harbour Decision 2000/520 was invalid.

In response, the European Commission adopted Decision 2016/1250 of July 12, 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield (“Privacy Shield”) in order to replace the Safe Harbour Decision and to attempt to improve the guarantees afforded to the EU-U.S. data transfers.

In light of the Schrems I case, Schrems reformulated his complaint and sought the suspension/prohibition of data transfers to the U.S. based on the Standard Contractual Clauses, which had been approved by the Commission in 2010[ii].

The DPC took the view that the assessment of that complaint was conditional on the validity of the SCCs. The DPC thus brought proceedings before the Irish High Court, which in turn referred 11 questions to the Court for a preliminary ruling.

Thus, the principal issues before the Court were the viability of the SCCs and the Privacy Shield as mechanisms for the transfer of personal data from the EU to the U.S.

II. Validity of the Standard Contractual Clauses

The Court first confirmed that the GDPR applies to the transfer of personal data to a third country for commercial purposes, even if, at the time of that transfer or thereafter, that data may be processed by the authorities of the third country in question for the purposes of public security, defense and State security.

The Court found that data subjects must be afforded a level of protection essentially equivalent to that guaranteed by the EU’s omnibus privacy law, the GDPR, read in light of the EU Charter of Fundamental Rights[iii]. The Court specified that the assessment of that level of protection must take into consideration both the contractual arrangements between the data exporter and the recipient and, as regards any access by the public authorities of that third country to the data transferred, the relevant aspects of the legal system of that third country.

As to the obligations of the local supervisory authorities within the EU (i.e., the data privacy regulators in individual EU Member States) in connection with such transfer, the Court held that, unless there is a valid Commission decision regarding the adequacy of the protections provided by the country to which the personal data is transferred, and where the data exporter established in the EU has not itself suspended or put an end to such a transfer, the relevant regulator must suspend or prohibit a data transfer pursuant to the SCCs if (i) the SCCs cannot be complied with in that country, and (ii) the protection of the data transferred required by EU law cannot be ensured by other means.

Upholding the validity of the SCCs, the Court found that the SCCs make it possible (i) to ensure compliance with the level of protection required by EU law and (ii) to suspend or prohibit transfers of personal data pursuant to such clauses in the event of breach of the clauses themselves or of it being impossible to honor them. The Court’s finding hinged, in part, on the fact that the SCCs impose an obligation on both the data exporter and the data recipient to verify, prior to any transfer, whether that level of protection is complied with in the concerned third country. In addition, the SCCs require the data recipient to inform the data exporter of any inability to comply with the SCCs, the exporter then being, in turn, obliged to suspend the transfer of data and/or to terminate the contract.

Put simply, then, the Court found that the SCCs remain a valid mechanism for transfer of personal data out of the EU, though there is some uncertainty about the use of such a tool for transferring personal data to the U.S.

III. Invalidity of the Privacy Shield

In contrast to its ruling affirming the validity of the SCCs generally, the Court found that the EU-U.S. Privacy Shield is not compliant with the requirements arising from the GDPR, read in light of the EU Charter of Fundamental Rights.

The Court noted that the Privacy Shield enshrines the position that the requirements of U.S. national security, public interest and law enforcement have primacy, thus condoning interference with the fundamental rights of EU data subjects. In this regard, the Court found that the limitations on the protection of personal data arising from U.S. domestic law fail to meet the requirements of EU law, because U.S. law does not adequately limit the personal data that U.S. public authorities may access and use through surveillance programs.

In addition, the Court indicated that, although U.S. law lays down requirements with which the U.S. intelligence authorities must comply when implementing the surveillance programs in question, the relevant provisions do not grant data subjects actionable rights before the courts against the U.S. authorities. With respect the requirement of judicial protection, the Court held that the Ombudsperson mechanism[iv] referred to in the Privacy Shield does not provide data subjects with any cause of action before a body which offers guarantees essentially equivalent to those required by EU law, such as to ensure both the independence of the Ombudsperson and their power to adopt decisions that are binding on U.S. intelligence services.

Thus, the Court found that Privacy Shield is no longer a justifiable mechanism for transferring personal data from the EU to the U.S.

IV. Consequences

Given the invalidity of the Privacy Shield, companies that have to date used the Privacy Shield as a tool to transfer personal data from the EU to the U.S. should assess whether such transfers may be justified using other means. We hope that the European Data Protection Board (“EDPB”)[v] will set a grace period to find an appropriate solution with U.S. authorities and allow companies to come into compliance, as was the case after the Schrems I ruling, when a three-month grace period was put in effect.

As the Court noted, the GDPR does provide for other mechanisms under which transfers of personal data to third countries may take place. However, such mechanisms cannot easily be implemented in practice (e.g., it may be difficult to obtain data subjects’ consent).

Many companies have relied to date, and will likely continue to rely on the SCCs for making transfers outside the EU. However, companies must do more than simply adopt the SCCs: the Court specified that the controller established in the EU and the recipient of personal data outside the EU are both required to verify, prior to any transfer, whether the level of protection required by EU law is respected in the relevant third country. In particular, the application of the SCCs to transfer personal data to the U.S. may be in question, as confirmed by the Irish DPC in its statement on the judgment of the Court of Justice of the EU.

It is difficult to predict how local supervisory authorities will respond to this uncertainty regarding the SCCs. One possibility is that supervisory authorities will assess independently the level of protection of data transferred to particular third countries, including the U.S. This would trigger significant legal uncertainty, in particular in the context of the EU-U.S. transfers. Alternatively, there may be a coordinated approach from the European supervisory authorities[vi], which may also, as suggested in the Court ruling, decide to request an opinion from the EDPB, which may adopt a binding decision.

It is also worth noting that the European Commission indicated in its report dated 24 June 2020 that it is currently working, in cooperation with the EDPB, on modernizing the mechanisms for data transfers, including the SCCs. Therefore, an updated version of the SCCs and associated guidance will likely be issued in the near future, adding yet another wrinkle to this issue.

While waiting for these future clarifications and decisions, in light of the above, we recommend companies currently relying on the Privacy Shield or SCCs consult with their data protection officer or counsel to evaluate tailored ways to minimize the risks associated with continued transfers of personal data out of the EU—particularly transfers of such data to the U.S.

_______________________

[i] Judgment of the Court of 6 October 2015 – Maximillian Schrems v Data Protection Commissioner (Case C-362/14).

[ii] Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council, as amended.

[iii] The Charter of Fundamental Rights brings together all the personal, civic, political, economic and social rights enjoyed by people within the EU in a single text.

[iv] The Privacy Shield Ombudsperson is a Privacy Shield mechanism to facilitate the processing of and response to requests relating to the possible access for national security purposes by U.S. intelligence authorities to personal data transmitted from the EU to the U.S.

[v] It is worth noting that, with respect to the Privacy Shield, in January 2019 the EDPB stated in its second annual joint review of the Privacy Shield that it “welcomes the efforts made by the US authorities and the Commission to implement the Privacy Shield, […] However, the EDPB still has a number of significant concerns that need to be addressed by both the Commission and the US authorities”.

[vi] The Irish DPC has specified that it looks forward “to developing a common position with [its] European colleagues to give meaningful and practical effect to today’s judgment”. Also, the German Federal Commissioner for Data Protection and Freedom of Information already stated that it will coordinate with its European colleagues. It is also noting the U.S. Secretary of Commerce expressed disappointment but has yet to articulate how the Department will move forward. “While the Department of Commerce is deeply disappointed that the court appears to have invalidated the European Commission’s adequacy decision underlying the EU-U.S. Privacy Shield, we are still studying the decision to fully understand its practical impacts,” said Secretary Wilbur Ross.

The following Gibson Dunn lawyers prepared this client alert: Ahmed Baladi, Ryan T. Bergsieker, James A. Cox, Patrick Doris, Penny Madden, Alexander H. Southwell, Michael Walther, Kai Gesing, Alejandro Guerrero, Vera Lukic, Sarah Wazen, Adelaide Cassanet, Clemence Pugnet and Selina Grün. Please also feel free to contact the Gibson Dunn lawyer with whom you usually work, the authors, or any member of the Privacy, Cybersecurity and Consumer Protection Group:

Europe
Ahmed Baladi – Co-Chair, PCCP Practice, Paris (+33 (0)1 56 43 13 00, [email protected])
James A. Cox – London (+44 (0)20 7071 4250, [email protected])
Patrick Doris – London (+44 (0)20 7071 4276, [email protected])
Penny Madden – London (+44 (0)20 7071 4226, [email protected])
Michael Walther – Munich (+49 89 189 33-180, [email protected])
Kai Gesing – Munich (+49 89 189 33-180, [email protected])
Alejandro Guerrero – Brussels (+32 2 554 7218, [email protected])
Vera Lukic – Paris (+33 (0)1 56 43 13 00, [email protected])
Sarah Wazen – London (+44 (0)20 7071 4203, [email protected])

Asia
Kelly Austin – Hong Kong (+852 2214 3788, [email protected])
Jai S. Pathak – Singapore (+65 6507 3683, [email protected])

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

On Thursday, July 9, 2020, the U.S. Supreme Court consolidated and agreed to review two closely watched cases, FTC v. Credit Bureau Center, LLC (case number 19-825) and AMG Capital Management, LLC v. FTC (case number 19-508), concerning whether Section 13(b) of the Federal Trade Commission Act (“FTC Act”) authorizes the FTC to seek an award of restitution.[1] With this grant of certiorari, the Court will address a circuit split that developed in August 2019, when the Seventh Circuit in FTC v. Credit Bureau Center, LLC broke with eight other circuits and explicitly overturned its own long-standing precedent in holding that the FTC cannot seek restitution under Section 13(b) of the FTC Act.

The implications of this review are significant. The FTC claims broad authority to regulate consumer protection violations, has increasingly targeted industry-leading companies in headline-grabbing matters, and regularly secures massive monetary remedies under Section 13(b). Credit Bureau Center calls the viability of the FTC’s approach into question, and if the Supreme Court affirms the decision, the FTC would be required to navigate a more complex procedural process in order to obtain monetary relief.

Section 13(b) provides that the FTC “may seek, and after proper proof, the court may issue, a permanent injunction” and does not reference monetary relief. Nevertheless, until the Seventh Circuit’s decision in Credit Bureau Center, every circuit court to consider the issue (including the Seventh Circuit thirty years ago in FTC v. Amy Travel Service, Inc.[2]) had held that Section 13(b) implicitly authorizes a wide range of equitable remedies, including restitution, rescission, and disgorgement involving monetary relief, through the word “injunction.” Many such courts have invoked the Supreme Court’s 1946 decision in Porter v. Warner Holding Co., which held in the context of a separate federal statute that a reference to “permanent or temporary injunction, restraining order, or other order” permitted district courts to use “all inherent equitable powers,” including monetary remedies such as restitution.[3]

When a panel of the Seventh Circuit reversed Amy Travel in Credit Bureau Center, it explained that “[a]n implied restitution remedy doesn’t sit comfortably within the text” of Section 13(b), contrasting restitution with injunctions, and describing the latter as forward-facing and the former as a “remedy for past actions.”[4] The panel noted that unlike two remedial provisions in the FTC Act that expressly authorize restitution when the FTC follows specific procedures, Section 13(b) lacks similar language, and to impliedly authorize restitution under Section 13(b) would render the other provisions “largely pointless.”[5] With respect to the decision’s departure from Amy Travel, the panel explained that in the ensuing three decades, “the Supreme Court has clarified that courts must consider whether an implied equitable remedy is compatible with a statute’s express remedial scheme” and instructed courts “not to assume that a statute with ‘elaborate enforcement provisions’ implicitly authorizes other remedies.”[6]

In contrast, in FTC v. AMG Capital Management, LLC, the Ninth Circuit held in December 2018 that Section 13(b) does, in fact, authorize monetary relief. Notably, Ninth Circuit Judge Diarmuid O’Scannlain issued a special concurrence to the majority opinion, calling on the court to hear the case en banc to reconsider its prior holding that Section 13(b) authorizes monetary relief, but the Ninth Circuit denied AMG’s petition for rehearing en banc in June 2019.[7]

Court watchers will not be surprised by the grants of certiorari, given this clear circuit split and the Court’s recent willingness to examine the disgorgement authority of the Securities and Exchange Commission (“SEC”) in Liu v. Securities and Exchange Commission,[8] decided only three weeks ago. In Liu, the Court held that even though the SEC Act of 1934 does not expressly permit disgorgement, this remedy is nonetheless available because the statute permits the SEC to obtain “equitable relief.”[9] The Court, however, also held that any disgorgement remedy must conform with principles of equity, identifying three ways in which the SEC’s disgorgement practices may test the bounds of equity practice: (1) ordering the proceeds of fraud to be deposited in Treasury funds instead of disbursing them to victims; (2) imposing joint and several liability; and (3) declining to deduct even legitimate expenses from the receipts of fraud.[10]

Following the decision in Liu, Credit Bureau Center and AMG each submitted a supplemental brief to the Court regarding Liu’s implications, both arguing that Liu does not conflict with their position because Section 13(b) of the FTC Act, unlike the SEC Act, does not authorize “equitable relief,” and instead speaks only in terms of an “injunction.”

If the Court sides with Credit Bureau Center and AMG, the decision will have significant practical consequences for the FTC. Without legislative intervention, to obtain restitution the agency would largely have to turn to Section 19 of the FTC Act, which explicitly authorizes the agency to obtain monetary relief including restitution, but sets forth a cumbersome and lengthy process, requiring the FTC to first prevail in an administrative proceeding and then seek legal and equitable relief (including restitution) in federal court thereafter.

The FTC has already issued a statement in response to the Court’s announcement that it will review these cases, stating that the Commission “look[s] forward to proving to the Supreme Court that the FTC Act empowers [the FTC] to fully protect consumers by ensuring that money unlawfully taken from them is rightfully returned.”[11] Interestingly, however, in January, FTC Chairman Joseph Simons stated that he would like Congress to clarify that Section 13(b) allows for monetary relief,[12] at least suggesting that the statute is not crystal clear on this issue. And in May 2019, FTC Commissioner Christine S. Wilson requested in congressional testimony that Congress clarify the FTC’s powers under Section 13(b).[13]

Despite the FTC’s stated optimism, several Justices have taken public positions suggesting that they may be open to the Seventh Circuit’s position. In a past oral argument, Justice Gorsuch stated that the Court had never approved lower-court precedent permitting an implied disgorgement remedy stemming from an injunction, and there was no statute governing this remedy, so the Court was “just making it up.”[14] Chief Justice Roberts and Justice Sotomayor have questioned the SEC’s authority to impose monetary penalties, specifically including disgorgement.[15] And in Liu, Justice Thomas argued in his dissent that disgorgement was not an available form of equitable relief in English Chancery Court at the time of the founding, and therefore should not be read into a statute permitting only “equitable relief.”[16]

On the other hand, as reflected in Liu, the Court appears willing to limit the enforcement authority of executive agencies, but reluctant to categorically take remedies off of the table. It is, of course, difficult to predict the how the Court might come out, but this is certainly a case worth watching.

The cases are set for argument in the Court’s October 2020 term. Our experienced teams of FTC, appellate, and trial lawyers—which have litigated these and similar issues in forums across the country—will continue to monitor the cases closely, and are available to discuss these and any related issues.

_______________________

[1] 591 U.S. 2.

[2] 875 F.2d 564 (7th Cir. 1989).

[3] 328 U.S. 395 (1946).

[4] 937 F.3d 764, 772 (7th Cir. 2019).

[5] Id. at 774.

[6] Id. at 767.

[7] 910 F.3d 417, 429-37 (9th Cir. 2018).

[8] 140 S. Ct. 1936 (2020).

[9] 15 U.S.C. § 78u(d)(5).

[10] Liu, 140 S. Ct. at 1946.

[11] Statement of Alden F. Abbott Regarding Supreme Court Orders Granting Review of Two FTC Matters (July 9, 2020), here.

[12] Matthew Perlman, FTC’s Antitrust Powers Under Indirect Attack, Law 360 (Jan. 21, 2020) available at https://www.law360.com/articles/1236118/ftc-s-antitrust-powers-under-indirect-attack.

[13] Oral Statement of FTC Commissioner Christine S. Wilson Before the U.S. House Committee on Energy and Commerce Subcommittee on Consumer Protection and Commerce (May 8, 2019), here.

[14] See Transcript of Oral Argument at 52, Kokesh v. SEC, 137 S. Ct. 1635 (2017).

[15] Id. at 7:20-8:2; 9:5-11; 33:12-18.

[16] 140 S. Ct. at 1950.

The following Gibson Dunn lawyers assisted in the preparation of this client update: Alex Southwell, Ryan Bergsieker, Elizabeth Papez, Kristen Limarzi, Ashley Rogers, Sophie Rohnke, Julie Hamilton, and Emily Riff.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, or any member of the firm’s Privacy, Cybersecurity and Consumer Protection or Antitrust and Competition practice groups, or the following authors:

Alexander H. Southwell – New York (+1 212-351-3981, [email protected])
Ryan T. Bergsieker – Denver (+1 303-298-5774, [email protected])
Elizabeth P. Papez – Washington, D.C. (+1 202-955-8608, [email protected])
Kristen C. Limarzi – Washington, D.C. (+1 202-887-3518, [email protected])
Ashley Rogers – Dallas (+1 214-698-3316, [email protected])

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

On December 11, 2020 the FDA granted Emergency Use Authorization for the Pfizer/BioNTech COVID‑19 vaccine candidate.[2] That vaccine, which appears to be more than 90% effective in preventing the virus’s spread,[3] was soon joined by a similarly effective vaccine developed by Moderna.[4]

With their blazing-fast production time and extraordinary efficacy, the COVID-19 vaccines are among our most impressive recent medical achievements. They may also be the most controversial. Despite near-universal healthcare consensus as to the vaccines’ overall safety and efficacy, early polling suggests deep skepticism, with many in the population indicating that, if offered the vaccine, they will refuse.[5] And in a time of endemic disinformation and controversy, this resistance may only deepen.

Given the choice, employers might prefer to stay on the sidelines in an effort to avoid the coming “vaccine wars.” Like it or not, however, America’s workplaces will be on the front lines and likely will find themselves caught between public health imperatives, liability fears, and a restive workforce. And while current guidance indicates that employers generally can mandate employee vaccination (subject to religious and medical exceptions), unless the Occupational Safety & Health Administration (OSHA) or other authority requires them to do so, employers will face strong and countervailing pressures in deciding whether or how to implement such policies.

This article offers a “Playbook” for employers to navigate these choppy waters. Below we set out key considerations, both for employers who want or ultimately may be required to pursue a mandatory vaccination program and for employers who wish to encourage voluntary compliance.

Each employment context, of course, will differ. A mandatory vaccination policy that works well for a close-quarters or contact-heavy workplace, such as a healthcare facility or even a meatpacking plant, might be too heavy handed for a low-contact team of remote computer coders. Likewise, different states, cities, and industries may adopt very different workplace vaccination rules, creating a thicket of regulation (this article limits its scope to nationally applicable federal regulation, but state and local rules may differ). Despite this variation, though, there are nevertheless strategies and insights that can offer guidance.

I. Deciding Who Decides: Should Employers Mandate Vaccination?

As a threshold question, employers will need to decide whether to require employees to be vaccinated or instead to make vaccination voluntary. Below are some key considerations in making this choice.

A. Why Require the Vaccine?

Protecting Workplace and Community Health: In the absence of a regulatory requirement, the single most important reason for a workplace vaccine mandate is that it will protect workers’ health and lives. Both the Pfizer/BioNTech and the Moderna COVID-19 vaccines have been found by the FDA to be “safe and effective” and have been supported by the VRBPAC, an FDA advisory panel of outside scientific and public health experts that has independently reviewed the data.[6] The upshot is that, based on the best evidence available, the vaccines now being rolled out will protect the health and lives of employees, customers, and communities.

To be sure, vaccinations will not ensure everyone’s safety: we do not yet have long-term data on the duration of immunity, even the most effective vaccine candidates will protect no more than 90 to 95% of patients, and bona fide medical or religious reasons mean that some individuals cannot be vaccinated. Accordingly, even in the best-case scenario, a significant minority of the population will still be exposed and dependent upon the development of herd immunity to protect them. But these caveats should not distract from this reality: by an order of magnitude, COVID-19 vaccines will be our most effective medical strategy to prevent transmission of the virus and save lives.

Ensuring Vaccines Become Vaccinations: These powerful health benefits, however, will only be realized if workers actually get the vaccine. In other words, as public health experts have noted, we must “turn vaccines into vaccinations.”[7] Here, a mandatory approach may be important because voluntary vaccine programs have often had relatively low compliance, even in industries like healthcare,[8] and even for vaccines that have been the subject of massive “persuasion” campaigns (such as for the flu).[9] Given the amount of disinformation surrounding the coronavirus in general and vaccines in particular, such opt-in rates may, without a mandate, be even lower here. Put another way, a mandatory vaccine policy likely will be vastly more successful than a voluntary one at ensuring workers actually get protected.

Reducing Costs of Absences, Lost Productivity, and Long-Run Medical Care: Because a mandatory vaccination program creates a more vaccinated workforce, it also can significantly reduce workplace costs. Vaccinated workers will be less likely to fall ill to COVID-19, impose fewer costs from absences or lost productivity, require fewer instances of acute medical care, and impose lower long-term health costs. This last point is an important one: COVID-19 might be best known for short-term (and often horrific) acute consequences, but its long-term health impacts are poorly understood, yet believed to be significant for some.[10] Therefore, the virus may lead to worker illness and impairment that can span for months or even years. A higher vaccination rate is likely to curb each of these costs.

Getting and Staying Open: A mandatory vaccination approach also makes it more likely that a business can open and stay open. Even if there are no medical consequences, a single positive COVID-19 test can lead an employer to fully stop operations, particularly in industries like dining and hospitality.[11] A highly vaccinated workplace reduces the likelihood of such stoppages. At the same time, high vaccination rates can accelerate a “return to normal” by making it safer for the workforce to return to the office or otherwise resume normal operations, and by creating a safer environment for customers.

Defend Against Civil Liability for COVID-19 Cases: Further, and especially as vaccination rates increase, an un- or under-vaccinated workforce may pose a liability risk, as individuals infected on premises look to pin the blame on employers.

Under tort law principles employers that fail to take reasonable care to protect employees (or, for that matter, vendors, visitors, customers, or others on premises) risk liability. Applying this concept, individuals who become sick based on alleged on-premises exposure can argue (and in some cases have argued) that a business’s negligent safety practices (whether related to personal protective equipment (PPE), vaccines, cleaning, or anything else) caused their illness.

For employees themselves, such COVID-19 suits are likely to be limited by workers’ compensation statutes. Indeed, companies are already seeing lawsuits seeking relief from employee injuries ranging from wrongful workplace exposure to COVID-19 to wrongful death from COVID-19.[12] In many cases, damages related to on-the-job COVID-19 exposure (or subsequent illness) will be considered occupational injuries and so are very likely covered under the relevant state’s workers’ compensation statutes. But employees’ lawyers will no doubt argue that this bar may not provide full protection, as evidenced by extensive (and, as of this writing, unsuccessful) efforts by federal lawmakers to provide businesses with greater immunity from employee COVID-19 claims,[13] as well as by a surge of interest in drafting (potentially unenforceable) employee COVID-19 liability waivers.[14]

More importantly, workers’ compensation statutes do not account for other stakeholders who may claim COVID-19 damages from exposure to an unvaccinated workforce. This includes suits by contractors, vendors, visitors, or customers—particularly in contact-intensive industries like education, lodging, hospitality, healthcare, or fitness where PPE may not provide sufficient protection.

A mandatory vaccination policy reduces these risks. First, and most obviously, mandatory vaccination makes it less likely individuals get sick in the first place, and therefore less likely anyone suffers legally actionable damages. Separately, the adoption and implementation of a mandatory vaccine plan can itself be important evidence of the high standard of care a company provided for those on premises, which also may be important in beating back potential liability.

Unless a broad liability shield is enacted by Congress, civil suits for COVID-19 infection damages, whether by employees, contractors, visitors, or customers, will remain a threat for the foreseeable future, and mandatory vaccination could be a key tool to address it.

Potential Protection Against Enforcement Action: Apart from civil liability from private plaintiffs, businesses without vaccine mandates could confront regulatory risk as well. Under OSHA’s “general duty” clause, for instance, employers are required to furnish each employee with a workplace free from recognized hazards that could cause serious harm.[15] While current OSHA guidance suggests this “general duty” can be satisfied by measures like PPE or distancing,[16] in the longer-run the agency might take the position that a robust vaccination program is required and that workplaces without such policies are not safe. This may be particularly true for healthcare and other industries where social distancing or similar measures may not be viable.

Further, even if OSHA does not enforce the “general duty” clause in this way, private litigants, unions, or others may seize on this language to argue that employers without mandatory vaccination policies are not providing a safe workplace.

B. Why Make the Vaccine Optional?

Employee Morale and Retention: Any “mandate,” as opposed to an optional program, would need to be carefully messaged and framed to the workforce. If the purposes behind the requirement are not explained (and even if they are), it may become a source of employee discontent or dissatisfaction. Day-to-day, such a requirement may lead employees opposed to the vaccine to view the company more negatively, and to respond accordingly.

Even with excellent messaging and buy-in, it is likely that some portion of the workforce, out of “anti-vaccine” belief, political views, or other reasons, will refuse to get the vaccine, and at the extreme may choose separation of employment rather than being vaccinated. And laws like the National Labor Relations Act (NLRA) could arguably protect various forms of employee protest as to the requirement, such as through social media campaigns.

Administrative Ease: Even for “mandatory” vaccines, by law those with medical conditions or sincerely held religious beliefs that preclude vaccination are entitled to make exemption requests and to seek appropriate reasonable accommodation (both possibilities discussed in detail below). Given the controversy around the vaccine, many workers may try to claim such exemptions. Without thoughtful processes, this could put Human Resources (HR) at risk of being overwhelmed by needing to decide, on a case-by-case basis, who qualifies for an exemption. In a voluntary program, by contrast, no (or much less) formal process is needed.

Less Liability Risk for Discrimination Claims: On this point, individuals who seek an exemption but are denied may pursue legal claims, such as on the grounds that they were unlawfully discriminated against under the Americans with Disabilities Act (ADA) based on a medical condition their employer did not treat with sufficient seriousness,[17] or under Title VII of the Civil Rights Act[18] for their religious beliefs. Careful applications of the exemption process will minimize this risk, but cannot eliminate it.

Potentially Less Necessary to Certain Industries: Finally, while in some industries, like healthcare or personal services, close contact is unavoidable, in others, it is less of a concern. For workplaces that do not require close contact, and so can more effectively avoid or mitigate the potential spread of the virus on-site, a vaccine mandate might be unnecessary.

II. Playbook For Employer Vaccine Policies

As the above shows, employers may have sound safety, business, and legal reasons to pick either a mandatory or a voluntary approach to a COVID-19 vaccine. But without attention to risk points, either approach can run into trouble. Here are ways to minimize the danger, no matter which approach employers take.

A. Assess the Right to Require Vaccinations

An employer’s first step is to confirm its right to require vaccinations. For obvious reasons, this is important to workplaces that want to mandate vaccines. But even workplaces that want to pursue voluntary vaccination policies may want to confirm this information, both because conditions may change over time, and also because, even if employers do not make vaccination a condition of employment, they may want to make it a condition for certain employment activities.

For most private-sector U.S. employers, current guidance strongly suggests that vaccinations can be required as a condition of employment for at-will employees. In its December 16, 2020 guidance on vaccination policies, the EEOC discusses at length the possibility that employers could “require” the vaccine, including how to best to “communicat[e] with employees about compliance with [an] employer’s vaccination requirement.”[19] This is in line with earlier approaches to (far less severe) pandemics. In the context of the H1N1 flu, for example, OSHA guidance indicates that, so long as a private employer makes appropriate religious and medical exceptions, an employer may require vaccination as a condition of employment.[20] Accordingly, employers are on strong ground to assume that, as a general matter, vaccination requirements are permissible.

That said, a given workplace may be subject to special conditions, so it is important to assess, at the outset, whether a vaccination requirement would be permissible. One example is if a collective bargaining agreement (CBA) governs the terms of employment, in which case it may speak to vaccine requirements.[21] Further, if employees are not at-will, but rather work under a contract, that contract may dictate whether a vaccine can be required.

Likewise, while to date no state or local law or regulation appears to impose any general bar to private employers requiring vaccination, the situation at the federal, state, and local level is evolving rapidly,[22] so employers should obtain legal advice and ensure no new rule (or relevant agency guidance or court decision) has changed the landscape before getting started.

B. Make a Plan to Process Exemption Requests

Even if employers choose to “mandate” a vaccine, they must still be prepared to provide legally required exceptions for employees who (1) cannot take the vaccine due to a medical disability or (2) seek an exemption from the vaccine based on sincerely held religious beliefs. Virtually all employers must comply with these important legal protections. But employers should also recognize that they can structure such requests, and the resulting accommodations, in a way that satisfies the law while ensuring that those who are not truly motivated by such concerns, but instead merely would prefer to be unvaccinated, do not take advantage of them.

1. Medical Exemptions

For medical reasons, some individuals may be unable to safely take the vaccine. We know, for example, that the vaccine should not be administered to individuals with a known history of a severe allergic reaction to any component of the vaccine. Under the ADA, if an employee claims to require an exemption based on a “disability,” [23] a workplace must engage in an “interactive process” with that individual to arrive, if possible, at a “reasonable accommodation” (which, potentially, would relieve the employee from having to get the vaccine).

Employee requests for medical exemptions should be treated like any other ADA request for accommodation.[24] However, if employers are concerned that vaccine qualms will lead to insincere accommodation requests, there are steps they can take. First, the ADA permits requests for reasonable documentation of the disability, which an employer can enforce.[25]

Second, workers with disabilities do not have the right to the accommodation of their choice, but rather to a “reasonable accommodation,” viz, one that “reasonably” accommodates their disability, and that does not impose an “undue hardship” on an employer.[26] For example, employees who cannot be vaccinated do not necessarily need to be offered the “accommodation” of simply not receiving the vaccine but then otherwise resuming work as normal, nor must they be offered the accommodation of continuing to work from home after their colleagues have returned to work. Rather, under appropriate circumstances, an employer might instead require unvaccinated employees to attend work, but continue to distance and wear masks and PPE, even after vaccinated employees may in the future be permitted to halt such measures.[27]

Other possible accommodations may include shifting unvaccinated workers to other workplace roles or positions, relocating work sites within a building, or requiring that employees work remotely even if they want to return.[28] This process will typically require a case-by-case assessment of the relevant facts.

In sum, employers should recognize that the ADA does not create an automatic right for anyone to “opt-out” of the vaccine, but only a right to a fair interactive process that leads to a reasonable accommodation.[29]

2. Religious Exemptions

The second major category for possible exemptions are accommodation requests based on sincerely held religious beliefs or religion-like philosophical systems.[30] Under Title VII, such beliefs must be taken into account, and if it would not pose “undue hardship,” a reasonable accommodation must be granted.

Compared to medical exemption requests, Title VII religious accommodation requests are (1) easier to establish, with employees permitted to substantiate the “sincerity” of their beliefs with little documentation; but (2) less demanding on employers, in that the accommodations granted need only be provided if they would impose “de minimis” burdens on the employer. Both of these distinctions are relevant to any COVID-19 vaccination mandate.

On the “sincerity” of the religious belief at issue, the EEOC has noted that an employer is entitled to “make a limited inquiry into the facts and circumstances of the employee’s claim that the belief or practice at issue is religious and sincerely held, and gives rise to the need for the accommodation.”[31] That said, an employee can provide sufficient proof of sincerity by a wide variety of means, including “written materials or the employee’s own first-hand explanation,” or verification of “others who are aware of the employee’s religious practice or belief.”[32] Beyond that, probing the “sincerity” of a religious belief is risky business. So to the extent employees provide such substantiation, and even if their interpretation of a religious tenet differs from that religion’s mainstream, employers would be wise, at that point, to accept it.

However, the EEOC has further made clear that employers are only obligated to accommodate “religious” beliefs or comprehensive religious-type philosophical systems, as opposed to other strongly held types of beliefs. For instance, there is no legal requirement to accommodate political, scientific, or medical views, or isolated ideas (such as “vaccines are dangerous”).[33]

Given these principles, workplaces with vaccine mandates may want to create standardized Title VII exemption-request forms that (1) expressly state and remind employees that political, social, scientific, or other non-religious views are not sufficient justification and that it is not appropriate to request a Title VII exemption on those grounds, but that (2) otherwise permit employees to explain, in their own words, their religious or religious-type beliefs and why those beliefs prevent vaccination. As noted, however, to the extent an employee then completes the form and provides such an explanation, the explanation generally should be credited.

However, for the accommodation itself, as in the ADA context, even a sincere religious exception does not guarantee the right to be accommodated, but only the right to a process that may, if legally required, lead to an accommodation. And unlike the medical context, where the “undue hardship” an employer must show to deny accommodation is a “significant difficulty or expense,”[34] in the Title VII context “undue burden” is defined to require only a showing of more than a “de minimis” cost on the business.[35]

Accordingly, in addition to requiring unvaccinated employees to keep using PPE and other measures even after the rest of the workforce returns to normal, an employer likely has much more latitude to indicate that, where the risk of non-vaccination imposes burdens on the company, non-vaccination will not be allowed.[36]

C. Build Buy-In and Plan for Conflict Diffusion

Even with the legal authority to impose a mandate, employers that go this route still must be sure to build employee buy-in for compliance. This is particularly important in light of concerns regarding how a vaccine requirement might impact employee morale or office culture.

The more a workforce understands why the employer chose a mandate, and the more they have the chance to feel “heard” on the subject, the less friction there will be (and the fewer workers will attempt to claim potentially unneeded exemptions). Best practices for building buy-in include:

Informing employees of the policy change in advance, so that they can meaningfully share their views.
Clear communication as to the purpose of the requirement: employee safety and allowing a return to normal.
Tying the vaccine mandate to concrete and visible changes (e.g., once the vaccine is in place, re-open formerly closed off recreation areas or office space).
Providing accurate and reader-friendly information on the vaccine. Given the amount of mis- or disinformation available, employers and HR in particular will play a key educational role.

On this point, given the incendiary rhetoric around vaccines and strong beliefs held by individuals on many topics related to vaccination, it is possible that the accommodation process, if not carefully handled, could lead to workplace tension. Workplaces should be aware of this risk and ensure that at no time does it rise to the level of impermissible discrimination or a hostile workplace.[37]

D. Minimize (and if Possible, Eliminate) Vaccination Costs to Employees

As a further way to ensure buy-in, whether for a mandatory or a voluntary program, employers should consider as many steps as possible to reduce the cost to employees of getting the vaccine. The vaccine itself will be provided, free of charge, by the federal government.[38] But unless already covered by employee insurance, employees may still be charged an “administrative fee.”[39] Employers should consider covering those or other incidental costs, even if otherwise “out of plan” for workers.

Another “cost” to employees is that of time—such as the time to travel off-site to get a vaccine. Accordingly, contracting with a third-party provider to conduct on-site vaccination can help reduce this cost, as it brings vaccines on-site. That said, the EEOC has recently clarified that, to the extent an employer either directly administers a vaccine or contracts with a third-party to do so on its behalf, it incurs special medical-privacy obligations that may pose additional record-keeping and compliance burdens.[40] Employers considering requiring or encouraging vaccines should carefully consider these tradeoffs in deciding whether or not to bring vaccination “in-house.”

Finally, for the small minority of workers who experience symptoms or bad reactions to the vaccine, employers should consider adopting a permissive approach to allowing (or extending further) paid sick leave to the extent necessary, even if a worker might otherwise not be entitled to it.

As shown above, such measures, while they may not be legally required in certain circumstances (depending on wage-hour and sick leave laws, among other things), are likely to be critical to increase and encourage buy-in.

E. Take a Thoughtful Approach to Continued PPE and Distancing Requirements

One common question will be whether a vaccination policy can or should supplant mask requirements, distancing, and other measures. Because the vaccines are not one-hundred percent effective, there is no guarantee that even a vaccinated employee will be fully protected. And because no one yet knows whether vaccinated individuals can still spread the virus, employers should be mindful of the safety of individuals who, for medical or religious reasons, are unable to be vaccinated. Finally, even the most optimistic projections indicate that, for at least some period of time, there will not be enough vaccines to cover everyone in the workforce.[41] Each of these considerations suggests that, at least in the short term, policies like masks and social distancing will still be necessary.

In the long run, however, providing the prospect of a return to relative normal for those who are vaccinated could be a powerful force toward boosting morale and commitment to a vaccination program, and toward getting greater employee buy-in.

F. Be Aware of Labor Law Issues

One further area to be aware of in rolling out a vaccine policy is the possibility of concerted labor action. Section 7 of the NLRA protects certain “concerted activity” regarding working conditions,[42] which might extend to protests or other labor action regarding a vaccine policy. Crucially, however, the NLRA does not protect non-compliance with workplace safety rules (such as employees attempting to style refusal to be vaccinated as a legally protected labor protest).[43] Further, to the extent there is a risk of labor activity against a vaccine mandate, employers should be aware that there is a countervailing risk of labor activity for a mandate, such as strikes by employees who refuse to come to work until their colleagues have been vaccinated.

G. Don’t Lean Too Hard (or Perhaps at All) on Waivers

Finally, for those employees who, whether by choice or a valid exemption, are not vaccinated, some employers are considering requiring a waiver indicating that the employee understands the medical risks of this decision and accepts any associated risk. Given the limitations on the enforceability and permissibility of such waivers, however, a robust disclosure may be a better format. OSHA, for instance, has long required an attestation for employees in the context of bloodborne pathogen vaccines acknowledging their understanding of the risks should they not be vaccinated.[44] Seeing the risks of declining the vaccine clearly laid out in writing may, at the margin, increase buy-in.

That said, as a liability protection device, there is reason to be skeptical about such disclosures or waivers. In many jurisdictions, courts will find that employee liability waivers for workplace illnesses and injuries are not enforceable or even permissible, given the perceived imbalance of bargaining power or the operation of state workers’ compensation laws (which in some cases are read to preclude such waivers).[45] Accordingly, while it may make sense to provide certain disclosures to unvaccinated employees, an actual waiver of liability may be prohibited or unenforceable.

* * *

As noted at the outset, no one size fits all, especially given the different levels of risk of infection spread in different industries and workplaces, as well as the fast-evolving legislative and regulatory environment around COVID-19. Consulting with experienced employment law counsel is essential to ensuring that your workplace can best address these complex and fast‑moving questions.

____________________

[1] An earlier version of this article originally appeared as a Gibson Dunn & Crutcher Client Alert titled, “An Employer Playbook for the COVID ‘Vaccine Wars’”, available at https://www.gibsondunn.com/wp-content/uploads/2020/12/an-employer-playbook-for-the-covid-vaccine-wars.pdf. For additional legal resources and guidance regarding the impact of COVID-19 in the workplace, see https://www.gibsondunn.com/coronavirus-covid-19-resource-center/.

[2] Jessica Glenza, “FDA approves Pfizer/BioNTech coronavirus vaccine for emergency use in US,” The Guardian (Dec. 11, 2020), available at https://www.theguardian.com/world/2020/dec/11/fda-approves-pfizer-biontech-covid-19-coronavirus-vaccine-for-use-in-us.

[3] Lauran Neergaard and Linda A. Johnson, “Pfizer says COVID-19 vaccine is looking 90% effective,” Associated Press (Nov. 10, 2020), available at https://apnews.com/article/pfizer-vaccine-effective-early-data-4f4ae2e3bad122d17742be22a2240ae8.

[4] Denise Grady et al., F.D.A. Authorizes Moderna Vaccine, Adding Millions of Doses to U.S. Supply, N.Y. Times (Dec. 18, 2020), available at https://www.nytimes.com/2020/12/18/health/covid-vaccine-fda-moderna.html; see also Denise Grady, “Early Data Show Moderna’s Coronavirus Vaccine Is 94.5% Effective,” N.Y. Times (Nov. 16, 2020), available at https://www.nytimes.com/2020/11/16/health/Covid-moderna-vaccine.html.

[5] See, e.g., RJ Reinhart, “More Americans Now Willing to Get COVID-19 Vaccine,” Gallup (Nov. 17, 2020), available at https://news.gallup.com/poll/325208/americans-willing-covid-vaccine.aspx (survey indicating that, as of late November, 42% of Americans would not agree to be vaccinated against COVID-19, up from 34% in July); Bill Hutchinson, “Over half of NYC firefighters would refuse COVID-19 vaccine, survey finds,” ABC News (Dec. 7, 2020), available at https://abcnews.go.com/Health/half-nyc-firefighters-refuse-covid-19-vaccine-survey/story?id=74582249.

[6] For an accessible introduction to this process, see FDA, “Vaccine Development – 101,” available at https://www.fda.gov/vaccines-blood-biologics/development-approval-process-cber/vaccine-development-101.

[7] See, e.g., Testimony to the Subcomm. on Oversight and Investigation of the H. Comm. on Energy and Commerce 1 (Sept. 30, 2020) (statement of Ashish K. Jha, Dean of Brown University School of Public Health), available at https://docs.house.gov/meetings/IF/IF02/20200930/111063/HHRG-116-IF02-Wstate-JhaA-20200930.pdf.

[8] See, e.g., Carla Black et al., CDC, Health Care Personnel and Flu Vaccination, Internet Panel Survey, United States, November 2017 (2017), available at https://www.cdc.gov/flu/fluvaxview/hcp-ips-nov2017.htm (noting a 60-70% flu vaccination rate among healthcare personnel).

[9] See, e.g., CDC, Flu Vaccination Coverage, United States, 2019–20 Influenza Season (Oct. 1, 2020), available at https://www.cdc.gov/flu/fluvaxview/coverage-1920estimates.htm.

[10] See, e.g., Rita Rubin, As Their Numbers Grow, COVID-19 ‘Long Haulers’ Stump Experts, J. of Am. Med. (Sept. 23, 2020), available at https://jamanetwork.com/journals/jama/fullarticle/2771111 (noting scientific studies estimating that approximately 10% of people who have had COVID-19 experience long-term symptoms, from fatigue to joint pain, and that these effects manifested even in individuals who were not initially seriously ill).

[11] See, e.g., “Some Savannah restaurants close due to positive COVID-19 cases,” WTOC (June 19, 2020), available at https://www.wtoc.com/2020/06/24/some-savannah-restaurants-close-due-positive-covid-cases/.

[12] See, e.g., Jean Casarez, “Wrongful death lawsuit filed against long-term care facility over staffer’s Covid‑19 death,” CNN (July 10, 2020), available at https://www.cnn.com/2020/07/10/us/wrongful-death-lawsuit-care-facility/index.html.

[13] See, e.g., “CEOs Seek Liability Shield in Next Relief Bill: Congress Update,” Bloomberg News (Dec. 22, 2020), available at https://www.bloomberg.com/news/articles/2020-12-22/trump-has-a-week-to-sign-massive-year-end-bill-congress-update.

[14] See discussion infra.

[15] 29 U.S.C. § 654.

[16] See generally U.S. DOL, OSHA Report 4045-06 2020, Guidance on Returning to Work (2020), available at https://www.osha.gov/Publications/OSHA4045.pdf.

[17] 42 U.S.C. § 12112 (barring discrimination on the basis of a “disability”). Because “disability,” as defined in the ADA and further defined in subsequent ADAAA, includes any “physical or mental impairment that substantially limits one or more major life activities of [an] individual,” id. § 12102, employees who do not wish to be vaccinated may argue that they have a disability that prevents them from being vaccinated.

[18] Id. § 2000e-2 (prohibiting discrimination on the basis of an “individual’s race, color, religion, sex, or national origin”).

[19] See, e.g., EEOC, What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws, (Dec. 16, 2020), at ¶¶ K2, K3, K5, available at https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws.

[20] See, e.g., OSHA, Standards Interpretation of Nov. 9, 2019, available at https://www.osha.gov/laws-regs/standardinterpretations/2009-11-09 (“[A]lthough OSHA does not specifically require employees to take the vaccines, an employer may do so”).

[21] Note, however, that to the extent OSHA or state regulators ultimately require, as a generally applicable workplace safety rule, that certain workplace vaccination policies be put into place, such health and safety rules would likely trump contrary (that is, more permissive) CBA terms. See discussion infra; see also United Steelworkers of America v. Marshall, 647 F.2d 1189, 1236 (D.C. Cir. 1980) (noting duty to bargain with unions over safety and health matters does not excuse employers from complying with OSHA safety standards); Paige v. Henry J. Kaiser Co., 826 F.2d 857, 863 (9th Cir. 1987) (same, as applied to California’s state-level OSHA equivalent).

[22] See, e.g., Joe Sonka, “Kentucky legislator pre-files bill prohibiting colleges from mandating vaccines,” Louisville Courier J. (Dec. 4, 2020), available at https://www.courier-journal.com/story/news/politics/ky-general-assembly/2020/12/04/kentucky-bill-would-prohibit-colleges-mandating-covid-19-vaccine/3827327001/.

[23] See 42 U.S.C. §12102 (defining “disability” to include any “physical or mental impairment that substantially limits one or more major life activities of [an] individual.”).

[24] See generally EEOC, What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws, (Dec. 16, 2020), at ¶ K5, available at https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws (setting out “interactive process” for employees seeking exemption from workplace COVID-19 vaccination requirements).

[25] See EEOC, Enforcement Guidance on Reasonable Accommodation and Undue Hardship under the ADA, EEOC-CVG-2003-1, Oct. 17, 2002 (“May an employer ask an individual for documentation when the individual requests reasonable accommodation? . . . Yes. When the disability and/or the need for accommodation is not obvious, the employer may ask the individual for reasonable documentation about his/her disability and functional limitations.”); see also EEOC, What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws, (Dec. 16, 2020), at ¶ K5, available at https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws (describing possibility, in context of COVID-19 vaccination requirement, of “obtain[ing] supporting documentation about the employee’s disability”).

[26] See EEOC, Enforcement Guidance on Reasonable Accommodation and Undue Hardship under the ADA, EEOC-CVG-2003-1 (Oct. 17, 2002), available at https://www.eeoc.gov/laws/guidance/enforcement-guidance-reasonable-accommodation-and-undue-hardship-under-ada; accord EEOC, What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws, (Dec. 16, 2020), at ¶ K5, available at https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws.

[27] For analysis of an analogous question, see, for example, EEOC v. Baystate Med. Ctr., Inc., No. 3:16-cv-30086, Dkt. No. 125 (D. Mass. June 15, 2020) (Order upholding policy that required unvaccinated healthcare workers to, as a condition of employment, wear masks even though vaccinated colleagues were not required to) [Order text accessible via PACER and CM/ECF and partially reprinted at Vin Gurrieri, “EEOC Religious Bias Suit Over Hospital Worker Firing Tossed,” Law360 (June 16, 2020), available at https://www.law360.com/articles/1283456/eeoc-religious-bias-suit-over-hospital-worker-firing-tossed]; see also Holmes v. Gen. Dynamics Mission Sys., Inc., No. 19-1771, 2020 WL 7238415, at *3 (4th Cir. Dec. 9, 2020) (suggesting that as “long as [a workplace safety] requirement is valid, any employee who is categorically unable to comply . . . will not be considered a ‘qualified’ individual for ADA purposes,” and so may independently be denied a particular requested accommodation on such basis) (internal punctuation and citation omitted).

[28] See generally EEOC, Enforcement Guidance on Reasonable Accommodation and Undue Hardship under the ADA, EEOC-CVG-2003-1 (Oct. 17, 2002), available at https://www.eeoc.gov/laws/guidance/enforcement-guidance-reasonable-accommodation-and-undue-hardship-under-ada; accord EEOC, What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws, (Dec. 16, 2020), at ¶ K5, available at https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws.

[29] See EEOC, What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws, (Dec. 16, 2020), at ¶ K7, available at https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws (“If an employee cannot get vaccinated for COVID-19 because of a disability or sincerely held religious belief, practice, or observance, and there is no reasonable accommodation possible, then it would be lawful for the employer to exclude the employee from the workplace.”).

[30] Specifically, EEOC guidance indicates such protections extend to “[r]eligious beliefs include theistic beliefs (i.e. those that include a belief in God) as well as non-theistic ‘moral or ethical beliefs as to what is right and wrong which are sincerely held with the strength of traditional religious views.’” EEOC, Questions and Answers: Religious Discrimination in the Workplace, EEOC-NVTA-2008-2 (July 22, 2008), available at https://www.eeoc.gov/laws/guidance/questions-and-answers-religious-discrimination-workplace/.

[31] Id.; accord EEOC, What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws, (Dec. 16, 2020), at ¶ K6, available at https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws (“If, however, an employee requests a religious accommodation, and an employer has an objective basis for questioning either the religious nature or the sincerity of a particular belief, practice, or observance, the employer would be justified in requesting additional supporting information.”).

[32] See EEOC, Section 12 Religious Discrimination, EEOC-CVG-2008-1 (July 22, 2008), available at https://www.eeoc.gov/laws/guidance/section-12-religious-discrimination.

[33] Id.

[34] See EEOC, Enforcement Guidance on Reasonable Accommodation and Undue Hardship under the ADA, EEOC-CVG-2003-1 (Oct. 17, 2002), available at https://www.eeoc.gov/laws/guidance/enforcement-guidance-reasonable-accommodation-and-undue-hardship-under-ada.

[35] EEOC, Questions and Answers: Religious Discrimination in the Workplace, EEOC-NVTA-2008-2 (July 22, 2008), available at https://www.eeoc.gov/laws/guidance/questions-and-answers-religious-discrimination-workplace/; accord EEOC, What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws, (Dec. 16, 2020), at ¶ K6, available at https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws.

[36] See, e.g., Robinson v. Children’s Hosp. Bos., No. CV 14-10263-DJC, 2016 WL 1337255, at *10 (D. Mass. Apr. 5, 2016) (finding that for Title VII purposes, healthcare worker’s requested accommodation of non‑vaccination based on religious beliefs would have imposed “undue hardship” on employer and so did not need to be granted).

[37] Likewise, employers must remain mindful that, to the extent employees exercise legally protected rights with respect to vaccination, they cannot be punished for doing so. See, e.g., EEOC, What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws, (Dec. 16, 2020), at ¶ K5, available at https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws (warning that, in the context of employees requesting disability accommodations related to COVID-19 vaccine mandates, “[m]anagers and supervisors are reminded that it is unlawful to disclose that an employee is receiving a reasonable accommodation or retaliate against an employee for requesting an accommodation”).

[38] Andrea Kane, “Federal government says it will pay for any future coronavirus vaccine for all Americans,” CNN (Oct. 28, 2020), available at https://www.cnn.com/2020/10/28/health/cms-medicare-covid-vaccine-treatment/index.html.

[39] Katie Connor, “Coronavirus vaccines may be free, but you could still get a bill. What we know,” CNET (Dec. 7, 2020), available at https://www.cnet.com/personal-finance/coronavirus-vaccines-may-be-free-but-you-could-still-get-a-bill-what-we-know/.

[40] See, e.g., EEOC, What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws, (Dec. 16, 2020), at ¶ K1, available at https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws (noting that while vaccination itself is not a “workplace medical examination,” such that it would trigger special ADA requirements, an employer’s administration of a vaccine, which would necessarily include “pre-screening questions,” likely would be such an “examination,” thus requiring the employer to show the pre-screening questions are “job-related and consistent with business necessity”); id. at K ¶¶ K2, K3 (noting that while requiring employees merely to show proof of vaccination is not a “disability-related inquiry” for ADA purposes, an employer that mandates vaccination and that administers the vaccine itself or contracts with a third party to do so must show that the administration of vaccines (and the pre-screening questions administration required), were prompted by a “direct threat to the health or safety” of the workplace); id. at K ¶¶ 8-9 (noting that to the extent employers administer vaccines directly or through contracted third parties, they may take on obligations under the Genetic Information Non-Discrimination Act (GINA)).

[41] Noah Higgins-Dunn, “Trump COVID Vaccine Chief Says Everyone in U.S. could be vaccinated by June,” CNBC (Dec. 1, 2020), available at https://www.cnbc.com/2020/12/01/trump-covid-vaccine-chief-says-everyone-in-us-could-be-immunized-by-june.html; see also Kathleen Dooling et al., “The Advisory Committee on Immunization Practices’ Updated Interim Recommendation for Allocation of COVID-19 Vaccine — United States, December 2020,” CDC Morbidity and Mortality Weekly Report (Dec. 22, 2020), available at https://www.cdc.gov/mmwr/volumes/69/wr/mm695152e2.htm (setting out CDC guidance for allocating scare vaccine resources, and indicating which sectors might have priority in allocation).

[42] 29 U.S.C. § 157.

[43] See, e.g., Board Opinion, NLRB Case No. 12-CA-196002, Argos USA LLC d/b/a Argos Ready Mix, LLC and Construction and Craft Workers Local Union No. 1652, Laborers’ International Union of North America, AFL‒CIO, Cases 12–CA–196002 and 12–CA–203177 (Feb. 5, 2020), at 4, available at https://apps.nlrb.gov/link/document.aspx/09031d4582f8f960 (finding, in the context of cellphone-while-driving rules, that workplace rules that “ensure the safety of [workers] and the general public” do not interfere with the exercise of Section 7 rights).

[44] See, e.g., OSHA Standard 1910.1030 App A – Hepatitis B Vaccine Declination (requiring workers who opt out of the bloodborne pathogen vaccine to attest that they understand the medical risks of declining a vaccine should they decide to do so).

[45] See, e.g., Richardson v. Island Harvest, Ltd., 166 A.D.3d 827, 828-29 (N.Y. App. Div. 2018) (reasoning that employers and employees are in unequal bargaining positions, and that therefore prospective liability waivers for negligent employer conduct would be held unenforceable).

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the lawyer with whom you usually work in the firm’s Labor and Employment practice group, or the authors:

Jessica Brown – Denver (+1 303-298-5944, [email protected])
Lauren Elliot – New York (+1 212-351-3848, [email protected])
Daniel E. Rauch – Denver (+1 303-298-5734 , [email protected])

Please also feel free to contact the following practice group leaders:

Labor and Employment Group:
Catherine A. Conway – Co-Chair, Los Angeles (+1 213-229-7822, [email protected])
Jason C. Schwartz – Co-Chair, Washington, D.C. (+1 202-955-8242, [email protected])

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.