Publications Archives

The California Supreme Court today held that courts lack the inherent authority to strike PAGA claims on the ground that they cannot be tried manageably. The Court emphasized, however, that trial courts have numerous other tools for narrowing complex PAGA actions, including limiting the evidence a plaintiff may present at trial.

“[S]triking a PAGA claim on manageability grounds alone … is inconsistent with a plaintiff’s statutory right to bring such a claim and is beyond a trial court’s inherent authority.”

Chief Justice Guerrero, writing for the Court

Background:

Luis Estrada sued his former employer, claiming various Labor Code violations, including violations related to meal periods. Estrada sought to represent classes of similarly situated employees and additionally sought penalties under the Private Attorneys General Act of 2004 (“PAGA”), California Labor Code section 2698 et seq. Following a bench trial, the trial court decertified the meal period classes, concluding that the claims presented too many individualized issues to be resolved in a class proceeding. The trial court also dismissed the PAGA claims seeking penalties based on those same meal-period claims for everyone other than the named plaintiffs, ruling that those claims could not be tried manageably.

The Court of Appeal held that the trial court had no authority to dismiss the PAGA claims on manageability grounds. In doing so, it broke from a previous Court of Appeal decision holding that trial courts have the inherent authority to strike unmanageable PAGA claims. The California Supreme Court granted review to resolve the conflict.

Issue:

Do courts have the inherent authority to strike PAGA claims if they cannot be tried manageably?

Court’s Holding:

No, but courts have numerous tools that can be used to manage PAGA cases, including limiting the evidence that a plaintiff can present at trial.

What it Means:

Both the California Supreme Court and the Ninth Circuit have now held that courts may not strike or dismiss PAGA claims on the ground that they cannot be tried manageably—even in cases in which class claims based on the same asserted Labor Code violations cannot be adjudicated in a manageable class action.
The Court’s opinion focused heavily on the distinction between class actions and PAGA actions, explaining that “class claims differ significantly from PAGA claims” and have “differing doctrinal bas[es].”
The Court emphasized, however, that its holding “does not preclude trial courts from limiting the types of evidence a plaintiff may present or using other tools to assure that a PAGA claim can be effectively tried.”
The Court also did not “foreclose the possibility that a defendant could demonstrate that a trial court’s use of case management techniques so abridged [its] right to present a defense that its right to due process was violated.”
The Court further explained that if a plaintiff’s case were “overbroad or unspecific,” such that she could not “prove liability as to all or most employees,” the PAGA claims could be narrowed through “substantive rulings,” including demurrers or motions for summary judgment.

The Court’s opinion is available here.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Supreme Court. Please feel free to contact the following practice leaders:

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 [email protected]	Allyson N. Ho +1 214.698.3233 [email protected]	Julian W. Poon +1 213.229.7758 [email protected]
Blaine H. Evanson +1 949.451.3805 [email protected]	Bradley J. Hamburger +1 213.229.7658 [email protected]	Michael J. Holecek +1 213.229.7018 [email protected]

Related Practice: Labor and Employment

Jason C. Schwartz
+1 202.955.8242
[email protected]

Katherine V.A. Smith
+1 213.229.7107
[email protected]

Related Practice: Litigation

Theodore J. Boutrous, Jr.
+1 213.229.7804
[email protected]

Theane Evangelis
+1 213.229.7726
[email protected]

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

An overview of labor and employee benefits considerations in M&A transactions, which can implicate financial liabilities and impact the value and long-term viability of a business.

As M&A transactions are negotiated, parties often focus on the business and revenue drivers of the target during the due diligence process and leave labor and employee benefit plan considerations as a secondary thought. However, employees are often the backbone of a business – employee and benefit plan matters can implicate serious financial liabilities and employee relations issues can impact the value and long-term viability of a business. Below, we highlight several labor and employee benefits considerations in M&A transactions.

Impact of Deal Structure on Employees and Benefit Plans

In a transaction structured as an acquisition of equity, the buyer acquires the target company’s (or a parent entity’s) equity interests, and typically inherits the target’s existing employees and employee benefit plans. Similarly, in a merger, the target becomes part of the buyer (or a subsidiary of the buyer). The continuity of the existing structure means target employees will generally automatically transfer employment to the buyer group while often remaining employed by their current employing entity, without any offer and acceptance process. This structure offers simplicity for the buyer from an on-boarding perspective, but demands a more thorough review of existing labor practices and benefit plans because the buyer will assume any legacy programs and historical liabilities. The scope of due diligence will include identifying (i) any potential employment practices or benefit plan concerns or non-compliance with applicable laws, and (ii) evaluating labor practices and benefit plans for post-closing integration with buyer practices and plans. In addition, a strategic buyer will need to determine how to handle duplicative benefit plans post-closing and may wish to require a seller to terminate certain plans pre-closing (or need to consider benefit plan mergers post-closing).

In contrast, in a transaction structured as an acquisition of assets, the buyer generally has more control and flexibility over which employees to hire and which benefit plans (if any) the buyer would like to assume. However, even if the buyer does not assume any benefit plans, the concept of successor liability for certain labor practices and benefit plans may still result in liability for the buyer. An asset structure also means the buyer will have to on-board target employees with an offer and acceptance process and employment agreements may need to be renegotiated. As part of this process, the buyer will also have to consider any employee relations issues as target employees face potential changes to their work environment and compensation and benefit structures.

Notably, in some mergers or equity deals, employees may be employed and benefit plans may be maintained at a parent level (rather than at the subsidiary being acquired). Such transactions are more akin to an “asset purchase” from a labor and benefits perspective as parent-level employees and benefit plans would not transfer automatically with the subsidiary target in the deal.

Potentially Costly Benefit Plan Liabilities

Thorough due diligence of benefit plans generally involves an examination of the target’s retirement plans and health and welfare benefits. Employee benefit plans are subject to a number of complex regulatory requirements, including the tax code, ERISA and the Affordable Care Act, which carry significant taxes and penalties in the event of noncompliance. Many of these laws also operate on a “controlled group basis,” meaning that benefit plan obligations at a parent or brother-sister entity can create exposure for the target. The due diligence process can help identify any potential legal risks and design strategies to mitigate such legal risks.

One area of particular concern is identifying whether the target (or any target employee) participates in any defined benefit pension plans or union (multiemployer) pension plans, or whether the target provides (or has promised to provide) any retiree health or other welfare benefits. Defined benefit pension plans are subject to strict funding requirements, and maintaining an under-funded plan may result in increased costs for the buyer post-acquisition due to unexpected increases in required contributions. Withdrawals (including partial withdrawals) from a union pension plan may also implicate significant withdrawal liabilities for an employer contributing to such a plan. In addition, if the target provides (or has promised to provide) any retiree welfare benefits, the buyer should take into account the future financial costs of such obligations, which can be quite significant depending on the covered population and the type of benefit. Thus, attention should be given during due diligence to the funding status of pension plans, any outstanding or potential withdrawal liability, and the extent of any retiree benefit commitments. Once such items are identified, the buyer can develop strategies for addressing these liabilities, including negotiating purchase price deductions or special indemnities.

Impact of Executive Compensation Arrangements and Code Section 280G

Due diligence should also cover the target’s executive compensation arrangements, including any equity arrangements, severance benefits, or other payments that might be triggered in connection with the transaction, to understand the potential future financial obligations and assess the compliance of such arrangements with regulatory requirements. Section 280G of the Internal Revenue Code (“Section 280G”) applies to certain payments (“parachute payments”) made to certain service providers of a corporation (“disqualified individuals”) in connection with a change in control. If parachute payments exceed three times the disqualified individual’s “base amount” (generally the average of the individual’s prior five-year compensation), Section 280G imposes a 20% excise tax on a portion of such payments and also prohibits the employer entity from taking a tax deduction for such payments. Transaction or retention bonuses, equity acceleration, and severance compensation and benefits are common payments that could be considered parachute payments.

Private Company Targets. There are several notable exceptions to Section 280G. One of the most commonly used exceptions for private corporations is to obtain shareholder approval of parachute payments. This process generally involves: (i) obtaining a waiver from each of the disqualified individuals waiving their right to excess parachute payments if such are not approved by the target’s shareholders, (ii) disclosing the details of such payments to all of the company’s shareholders, and (iii) obtaining the approval of at least 75% of the voting power of the target’s shareholders, excluding those receiving parachute payments. Depending on the number of disqualified individuals and shareholders involved, this process can be lengthy and involve additional negotiations. Thus, the parties should identify Section 280G payments early in due diligence so that any shareholder approval process is completed before closing. Where a transaction has a staggered sign and close, a covenant is also often included in the purchase agreement requiring sellers to solicit waivers and shareholder approval in accordance with 280G’s regulatory requirements (under Section 280G the consummation of the transaction cannot be contingent on actually obtaining such shareholder approval).

Public Company Targets. The shareholder approval exception is not available to public company targets. Thus, the parties should identify potential Section 280G payments early in the due diligence process to explore mitigation strategies. Common mitigation strategies involve: (i) using “cutback” provisions to reduce parachute payments to the maximum amount that avoids excise taxes or that results in a better net after-tax benefit for the individual, (ii) for transactions that will sign in one calendar year and close in a later calendar year, increasing the disqualified individuals’ “base amount” by accelerating certain compensation (such as annual bonuses and potentially equity vesting) to the year prior to the year of closing so that such amounts will be included in calculating the “base amount,” and (iii) obtaining valuations of any applicable restrictive covenants which can help to offset the value of excess parachute payments in certain circumstances.

Potential Exposure to Worker Misclassification Liability

Due diligence should also include a review of the target’s worker classification practices. Two primary worker misclassification issues can arise in the context of an M&A transaction: (1) misclassification of workers as exempt under the minimum wage and overtime requirements of the Fair Labor Standards Act (“FLSA”) and similar state laws; and (2) misclassification of workers as independent contractors. Claims brought by employees who have been improperly classified can result in significant liability—including liability for unpaid wages and benefits, liquidated damages, unpaid taxes, and attorney’s fees. These claims are often asserted as collective actions seeking damages on behalf of all affected employees.

Exempt or Non-Exempt Status. In order to comply with the FLSA and similar state laws, exempt employees often must meet separate salary level, salary basis, and job duties tests. To complete a fulsome analysis of these tests, the buyer should ensure that the target provides an employee census early in the diligence process that lists all of the target’s employees, their locations, job titles, compensation rate, compensation type (hourly, salaried, or commission), and classification under the FLSA (exempt or non-exempt). A complete employee census is the first step for identifying potential “red flags.” For any job titles that raise FLSA classification concerns, the buyer should request a job description and additional details to assess whether job duties align with requirements of an applicable exemption under the FLSA.

Independent Contractors. Although true independent contractors are not subject to the FLSA, an employee improperly classified as an independent contractor may have a viable claim for minimum wage, overtime pay, employee benefits coverages and other benefits typically reserved for employees. For this reason, an analysis of the target’s worker classification practices should include review of the use of independent contractors, including an independent contractor census reflecting the scope of work and the length of engagement of independent contractors, as well as an analysis of sample contracts between the target and its independent contractors. The Department of Labor (“DOL”) released a final rule on January 10, 2024, tightening the standard for evaluating the classification of workers. The rule, effective March 11, 2024, suggests that employers use a “totality of the circumstances test” made up of six equally-weighted factors: (1) the opportunity for profit or loss depending on managerial skill; (2) the investments by the worker and potential employer; (3) the degree of permanence of the work relationship; (4) the nature and degree of control over performance of the work and the work relationship; (5) the extent to which the work performed is integral to the potential employer’s business; and (6) the skill and initiative of the worker. No one factor controls; instead, an analysis of all six factors is needed in order to effectively evaluate a worker’s classification. The greater a target’s use of independent contractors, the more fact-intensive a due diligence inquiry into the nature of the parties’ working relationship must be. While the DOL’s new rule is likely to be the subject of legal challenges, it reflects a general trend subjecting independent contractor arrangements to closer scrutiny, increasing the need to carefully assess such arrangements in deal diligence.

Collective Bargaining Issues

If the target company or any of its employees are parties or subject to collective bargaining agreements (“CBAs”), work councils, or any other similar labor obligations with representative bodies, due diligence requires a careful analysis of the agreement’s terms to evaluate its potential impact on the transaction both pre- and post-closing. Examples of such terms include, but are not limited to: (1) provisions that require notice to and consent from the union prior to a sale or transfer of the business; (2) provisions that require recognition of the union; and (3) provisions that require the transferee or purchaser to continue providing certain benefits to the covered union members (such as pension plans). In addition, the buyer should note the status and term of any agreements. If a CBA has recently expired or its expiration is imminent, union negotiations and bargaining for a new CBA could impact the timeline of the transaction and thereby the date of closing, as well as give rise to other considerations.

In addition to examining any union agreements themselves, buyers must be aware of the practical considerations of purchasing a company with union labor obligations, including the scope of any union recognition on employees covered by the transaction. A buyer should also be aware of extra-contractual duties that could arise under federal labor law. For example, the National Labor Relations Board (“NLRB”) recently expanded its test for finding the existence of “joint-employer” status under a final rule to become effective on February 26, 2024. Under the new standard, two or more entities may be found to be joint employers of a group of employees (and, thus, jointly obligated to recognize a union as the representative of such employees) if two conditions are met: (1) each entity has an “employment relationship” with the employees; and (2) the entities “share or codetermine one or more of the employees’ essential terms and conditions of employment.” This new standard can be important to consider in transactions involving parent/subsidiary arrangements, joint ventures, and outsourced management (including between property owners and managers and between portfolio companies and private equity managers).

Another consideration—albeit less common—is that of a double-breasted operation (a practice often—but not exclusively—seen in the construction industry). Such an arrangement can occur when one parent company (or a common owner) operates both union and non-union businesses in the same market. Although permitted by federal labor law, these types of arrangements can be subject to additional scrutiny by the NLRB to ensure that the entities are truly separate and not alter egos of each other created to circumvent the CBA’s coverage of all employees. In the absence of adequate separation, the parent or common owner can be exposed to substantial liability flowing from application of collective bargaining obligations to its erstwhile non-union business operations.

Review of Pay and Payroll Practices

Due diligence should also include a review of the target’s pay and payroll practices, including the company’s policies on employee pay and timekeeping practices. The target should have a system to accurately record time worked and track other employee time, such as meal and break times (the specific requirements for which can vary based on state laws). In reviewing the target’s pay and timekeeping practices, a buyer should keep in mind any distinctions that could be susceptible to challenge. For example, does the target “round” reported time or require non-exempt employees to “clock in” for work electronically in a manner that arguably does not account for the time it takes for the individual to log in to a computer or otherwise perform “clocking in” tasks.

Another issue to consider is the target’s practices and recordkeeping related to employee bonuses. For example, if a bonus that is offered to a non-exempt employee qualifies as a “non-discretionary” bonus under DOL rules, the bonus should be included in the employee’s regular rate of pay for purposes of overtime pay calculation under the FLSA. Proper recordkeeping should allow the buyer’s counsel to confirm the target’s compliance with overtime rules where nuances exist.

Pre-Employment and Hiring Practice Compliance

Many companies require certain pre-employment screenings and testing, such as drug tests, background checks, or physical exams, to help screen and select job applicants. Aside from immigration compliance and anti-discrimination laws, most hiring practices are governed primarily by state law. Buyers must carefully assess potential liability stemming from the target’s pre-employment practices, paying particular attention to the laws of states where the target employs a sizeable number of workers. Improper administration or application of these tests may give rise to a variety of legal claims. Testing should be uniformly applied and comply with the Americans with Disabilities Act (“ADA”), and reasonable accommodations for disabled individuals must be provided. Finally, consideration of any privacy concerns or recordkeeping requirements related to the target’s pre-employment and hiring practices should also be a part of the due diligence process.

Employment Eligibility and Immigration Law Compliance. Due diligence should cover the target’s practices for ensuring immigration compliance, including Form I-9 completion and potential use of E-Verify to confirm a prospective employee’s eligibility to work in the United States, which may be required or restricted under applicable state and federal laws. If the target employs foreign workers and the buyer intends to hire or retain these workers, due diligence should also take into consideration the work status of each of these workers, including the existence or availability of applicable visas or other immigration-related approvals.

Background Checks. Because of the patchwork of state laws governing these subjects, a target’s use of criminal background checks, consumer or credit reports, or social media screening are all cause for additional scrutiny. For example, many states restrict an employer’s ability to inquire into an applicant’s criminal record or limit the employer’s ability to make hiring decisions solely based on an applicant’s criminal record. Additionally, obtaining information about an applicant from a company that compiles background information as a business may require the disclosure of specific information to the applicant in writing.

Medical Exams; Drug Tests. A target’s practices in conducting any pre-employment medical screenings should be closely examined. Under the ADA, job applicants cannot be required to submit to medical or physical examinations or alcohol tests prior to receiving (at least) a conditional job offer. Note, however, that according to EEOC guidance, employers may ask applicants to submit to drug tests before making a conditional job offer.

The following Gibson Dunn lawyers prepared this alert: Sean Feller, Krista Hanvey, Robert Little, Saee Muzumdar, Karl Nelson, Lucy Hong, Chris Celeste Nisttahuz, and Claire Piepenburg.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Mergers & Acquisitions, Private Equity, Executive Compensation & Employee Benefits, or Labor & Employment practice groups, or the following authors and practice leaders:

Executive Compensation and Employee Benefits:
Sean C. Feller – Los Angeles (+1 310.551.8746, [email protected])
Krista Hanvey – Dallas (+ 214.698.3425, [email protected])

Labor and Employment:
Karl G. Nelson – Dallas (+1 214.698.3203, [email protected])
Jason C. Schwartz – Washington, D.C. (+1 202.955.8242, [email protected])
Katherine V.A. Smith – Los Angeles (+1 213.229.7107, [email protected])

Mergers and Acquisitions:
Robert B. Little – Dallas (+1 214.698.3260, [email protected])
Saee Muzumdar – New York (+1 212.351.3966, [email protected])

Private Equity:
Richard J. Birns – New York (+1 212.351.4032, [email protected])
Wim De Vlieger – London (+44 20 7071 4279, [email protected])
Federico Fruhbeck – London (+44 20 7071 4230, [email protected])
Scott Jalowayski – Hong Kong (+852 2214 3727, [email protected])
Ari Lanin – Los Angeles (+1 310.552.8581, [email protected])
Michael Piazza – Houston (+1 346.718.6670, [email protected])
John M. Pollack – New York (+1 212.351.3903, [email protected])

Gibson Dunn has formed a Workplace DEI Task Force, bringing to bear the Firm’s experience in employment, appellate and Constitutional law, DEI programs, securities and corporate governance, and government contracts to help our clients develop creative, practical, and lawful approaches to accomplish their DEI objectives following the Supreme Court’s decision in SFFA v. Harvard. Prior issues of our DEI Task Force Update can be found in our DEI Resource Center. Should you have questions about developments in this space or about your own DEI programs, please do not hesitate to reach out to any member of our DEI Task Force or the authors of this Update (listed below).

Key Developments:

On January 1, Texas’s ban on DEI offices and programming at public colleges and universities took effect. The new law prohibits public higher education institutions from establishing DEI offices, contracting with third parties to perform the functions of a DEI office, requiring any DEI training as a condition of enrollment, or according any preference based on diversity metrics, in admissions or otherwise. Covered institutions must adopt policies for disciplining employees or contractors who violate the ban, and the institutions’ boards must certify compliance. The law provides for periodic auditing and offers equitable relief to students or employees required to participate in a training in violation of the law. Institutions that fail to cure violations identified by an auditor within 108 days will be ineligible for certain state funding and institutional enhancements.

On January 2, America First Legal (AFL) sent letters to the EEOC and the Office of Federal Contract Compliance Programs (OFCCP) seeking investigations of Sanofi Pasteur for alleged violations of federal law. In its letter to the EEOC, AFL cited a video released to X (formerly Twitter), that appears to record an internal company meeting in which Sanofi Senior Vice President and U.S. Country Lead Carole Huntsman discusses Sanofi’s diversity goals and lists specific ratios of new hires that should be Black and Latinx. AFL also referenced the company’s Diverse Slate Policy, which requires Sanofi’s recruiting team to include “a minimum of one person of color and one female in each slate presented to a hiring leader,” and sets percentage goals for employee representation by race. In its letter to the OFCCP, AFL argued that Sanofi has violated a nondiscrimination clause integrated into every federal contract and subcontract through 41 C.F.R. § 60-1.4(a)(1)–(2), and that it is therefore subject to sanctions by the Secretary of Labor, including cancellation of contracts and a declaration of ineligibility for future government contracts. AFL also referenced the Supplier Diversity program discussed in Sanofi’s Diversity, Equity & Inclusion 2022 Impact Report for North America, which identifies specific goals for contracting with women-owned businesses and for “total diversity spend,” and argued that the program “may signify discriminatory quotas and potential violations of law.”

On January 4, the Foundation Against Intolerance and Racism (“FAIR”) reported that it had sent a letter to the National Institutes of Health (“NIH”) on November 30, 2023, concerning the NIH’s Consortium Underrepresented Student Program (“CUSP”), a summer internship program for individuals from underrepresented groups. FAIR states that, at the time of its letter, the NIH’s application defined underrepresented to include individuals with disabilities, individuals from disadvantaged backgrounds, and individuals from certain ethnic groups. Use of these criteria, according to FAIR, violated the NIH’s own non-discrimination policy, as well as the Equal Protection Clause of the Fourteenth Amendment and Title VI of the Civil Rights Act. FAIR requested that the NIH remove the criteria prior to the CUSP program’s application deadline in mid-January. The NIH has since removed the term underrepresented from the name of the program, the application eligibility criteria, and the application itself. The CUSP program page now encourages individuals of all backgrounds to apply, including those from “populations underrepresented in the clinical and biological sciences, such as underrepresented racial and ethnic groups, individuals with disabilities, individuals from disadvantaged backgrounds, and women.”

On January 5, attorneys general from nineteen states, spearheaded by Kansas, Montana, and Tennessee, wrote a letter to the Department of Commerce to oppose the Department’s proposed Business Diversity Principles, which seek to advance “best practices related to diversity, equity, inclusion, and accessibility (DEIA) in the private sector.” The attorneys general claimed that the Principles violate the Equal Protection Clause and Title VII of the Civil Rights Act, stating that “federal law makes clear that well-intentioned racial discrimination is just as illegal as invidious discrimination.” The attorneys general asserted that any race-based initiatives in the Principles are patently illegal and will garner unnecessary litigation, and referenced several recent lawsuits in which defendant employers and law firms changed their race-based recruitment programs or settled. The letter asserted that it “speaks volumes about [such programs’] lack of legal footing” that “some of the nation’s leading law firms can[not] craft a colorable defense to race-based DEIA efforts.”

On January 11, Arkansas Republican Senator Tom Cotton sent letters to ten different recruiting firms he alleged may be “conspiring with companies to exclude ‘non-diverse’ candidates from the hiring pool.” Recipients included Robert Half, Kelly Services, Randstad North America, Korn Ferry, ManpowerGroup, Egon Zehnder, Spencer Stuart, Heidrick & Struggles, Russell Reynolds Associates, and Diversified Search Group. In his letter, Senator Cotton noted the tension companies face between improving diversity metrics sometimes needed to access investment capital and avoiding the recent wave of legal scrutiny over corporate DEI initiatives, and suggested that companies “are increasingly outsourcing the dirty work of diversity discrimination to recruiting firms.” Noting that these initiatives may violate Title VII, Senator Cotton assured letter recipients that “corporate DEI initiatives that discriminate based on race will soon suffer the same fate as affirmative action in academia.” Citing EEOC Commissioner Andrea Lucas’s June 2023 statement that corporate diversity programs “pose both legal and practical risks for companies,” Senator Cotton urged letter recipients “to refuse any request to racially discriminate in recruiting practices.”

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

Law360 Pulse, “Law Firm DEI Efforts At Crossroads Amid ’24 Litigation Threat” (January 2): Law360’s Ryan Boysen describes the shifting DEI landscape for law firms following the Supreme Court’s SFFA decision. Although Edward Blum recently expressed that AAER was done suing law firms (following AAER’s now-dismissed suits against Morrison Foerster, Perkins Coie, and Winston & Strawn), Boysen writes that “experts say law firms should remain vigilant in 2024.” Gibson Dunn Partner Jason Schwartz, head of the firm’s DEI Task Force and co-Chair of the firm’s Labor & Employment group, told Boysen that the “litigation around diversity and related topics that we’ve seen in the wake of SFFA is really only the beginning.” Schwartz also flagged that the “key issue heading into 2024 will be how Muldrow[, the Title VII case pending before the Supreme Court,] is decided,” concluding that “[i]f that ruling creates a lower bar for filing Title VII lawsuits, then you will see a lot of diversity programs being challenged in litigation.”
Wall Street Journal, “How the Push for Diversity at Colleges and Companies Came Under Siege” (January 4): WSJ’s Ray A. Smith and Lauren Weber describe the “legal, economic and geopolitical forces” threatening DEI initiatives. Smith and Weber spoke to DEI consultants about the potential long-term effects of the recent increase in opposition to DEI. Paradigm CEO Joelle Emerson said that many Fortune 500 companies are continuing their diversity and inclusion efforts but are planning to be “quieter” about their implementation. Johnny C. Taylor, Jr., CEO of the Society for Human Resources Management, has seen some companies begin moving away from certain DEI efforts, especially those that are “tied to numeral targets for hiring or promotions” or that base executive bonuses on those targets. Rory Lancman, director of corporate initiatives and senior counsel at the Louis D. Brandeis Center for Human Rights Under Law, notes that the DEI landscape is further complicated by diverging opinions on the Israel-Hamas war, which have garnered significant attention on college campuses and have caused tension in some workplaces.
Fortune, “The anti-DEI movement has gone from fringe to mainstream. Here’s what that means for corporate America” (January 4): Paradigm CEO Joelle Emerson discusses how, in her view, conservative activists have “weaponized” DEI, and what proponents of diversity initiatives can do to reframe the discussion. Notwithstanding the recent wave of litigation challenging DEI-related programs, “anti-diversity activists have been working towards this moment for decades,” writes Emerson. But she opines that the recent success of the anti-DEI narrative is due in part to the nature of the pro-DEI narrative—one that, in some cases, has not “always left room for conversations, questions, or nuance” and leads to “drawing a line in the sand, pro-DEI vs. anti-DEI.” The result, says Emerson, is that many corporate leaders who care about increasing representation of diverse voices are nonetheless concerned about being criticized for not going far enough, and worry about the legal ramifications of setting diversity goals. Emerson advocates for a return to fundamentals—“the actual principles of diversity, equity, and inclusion”—with renewed focus on the precise access and experience gaps DEI work is seeking to close.
Washington Post, “Conservative anti-DEI activists claim victory in Harvard leader’s fall” (January 5): The Post’s Julian Mark and Taylor Telford report on conservative activists’ response to the resignation of Harvard University President Claudine Gay. Gay recently came under fire for her Congressional testimony related to on-campus anti-Semitism, and has also faced accusations of plagiarism in her scholarly work. As Mark and Telford note, conservative activists and public figures have characterized Gay’s achievements as the result of her race and not her merit. In a post on X, activist Chris Rufo called Gay’s resignation “the beginning of the end for DEI in America’s institutions”; in his own post on X, hedge fund manager and Harvard alumnus Bill Ackman, who described DEI as “inherently a racist and illegal movement,” called Gay’s resignation “an important step forward for the University.” In an op-ed published in the New York Times, Gay stood by her scholarly work and characterized her resignation as part of a larger attack on DEI, stating that “the campaign against me was about more than one university and one leader.”
Harvard Business Review, “DEI Is Under Attack. Here’s How Companies Can Mitigate the Legal Risks.” (January 5): Kenji Yoshino and David Glasgow, both of the NYU School of Law and the Meltzer Center for Diversity, Inclusion, and Belonging, advocate for businesses to take a proactive approach in adapting to the shifting legal landscape surrounding DEI. Yoshino and Glasgow lay out a framework for identifying risk among DEI programs, noting that high-risk programs: (1) confer “a preference” on some individuals and not others; (2) give that preference to a legally protected group; and (3) confer, as part of that preference, some “palpable benefit” related to work. Applying this framework, Yoshino and Glasgow identify examples of high-risk programs, including enforcing hiring, promotion, or other quotas, using protected criteria as a tiebreaker in making employment decisions, targeting specific programs to specific protected groups, and linking managers’ compensation to meeting DEI targets. To mitigate risk, Yoshino and Glasgow recommend that companies seek to level the playing field for all candidates, focus on commonalities other than membership in protected groups, and identify ways to increase DEI buy-in untethered to any palpable benefits in the workplace.
Corporate Counsel, “Many Companies Doubling Down on DEI Despite Backlash” (January 10): Corporate Counsel’s Trudy Knockless reports on a new study by law firm Littler Mendelson, finding that companies have maintained their DEI commitments even while seeking to minimize legal risk in the wake of SFFA. Surveying over 320 senior corporate executives, the study found that 57% of respondents say their organizations have increased diversity efforts over the last year and 91% say DEI is as much of a priority as it was before the Supreme Court’s decision. Despite this commitment, the study also identified DEI as a challenge to corporations, as executives try to “find a balance” among competing priorities in the shifting legal and political landscape.
The New York Times, “D.E.I. Goes Quiet” (January 13): The New York Times’ Sarah Kessler asks whether the recent decrease in visibility of corporate DEI programs means companies have “pulled back” on DEI, or whether they have simply “changed how they approach and talk about it.” Kessler asked this question of Paradigm CEO Joelle Emerson, who suggested that the pushback against diversity programs has led some companies to rebrand their efforts as a broader attempt to improve workplace culture. Porter Braswell, founder of the professional membership network 2045 Studio, told Kessler that many companies are opening diversity programs to all employees and reframing them as opportunities to increase representation of diverse experiences. Experts have different opinions on this rebranding. Braswell said that what mattered was that the “end goals of these diversity initiatives and programs will not change.” But Misty Gaither, vice president of diversity, inclusion, equity and belonging at Indeed, advocated against walking back the use of the term DEI: “The data says that all of these positive things happen when you have diversity, equity and inclusion. So we’re not going to mask it or call it something different.”

Case Updates:

Below is a list of updates in new and pending cases:

1. Contracting claims under Section 1981, the U.S. Constitution, and other statutes:

Am. Alliance for Equal Rights v. Fearless Fund Mgmt., LLC, No. 1:23-cv-03424-TWT (N.D. Ga. 2023), on appeal at No. 23-13138 (11th Cir. 2023): AAER sued a Black women-owned venture capital firm with a charitable grant program that provides $20,000 grants to Black female entrepreneurs; AAER alleged that the program violates Section 1981 and sought a preliminary injunction. Fearless Fund is represented by Gibson Dunn.
- Latest update: On January 3, AAER filed its reply in support of its merits brief before the Eleventh Circuit. AAER reiterated that it had standing despite the use of pseudonymous declarations by members, and also claimed the fact that the members had never applied to the contest was irrelevant because Fearless Fund explicitly excluded non-Black non-female businesses. AAER also challenged Fearless Fund’s characterization of the program as legal affirmative action, arguing that the use of blanket racial categorizations lacked the structured, measurable benchmarks of a valid affirmative action program under 29 U.S.C. § 1608, and was not sufficiently tailored to meet strict scrutiny. AAER also reasserted that Fearless Fund’s program is a contract, and that any changes to the program’s rules made after the litigation began should not exempt Fearless Fund from liability. Finally, AAER argued that Fearless Fund’s program should be considered a contest rather than a charitable donation program, and that, as a result, it lacked the requisite expressive content to constitute protected speech under the First Amendment. Oral argument is scheduled for January 31, 2024.

Roberts & Freedom Truck Dispatch v. Progressive Preferred Ins. Co., et al., No. 23-cv-1597 (N.D. Oh. 2023): On August 16, 2023, plaintiffs represented by AFL sued defendants Progressive Insurance and Hello Alice, alleging that defendants’ grant program that awarded funding specifically to Black entrepreneurs to support their small businesses violated Section 1981.
- Latest update: On December 21, 2023, a coalition of four civil rights organizations filed a motion requesting leave to file an amicus brief on behalf of the defendants, which the court granted on January 2. In their brief, the civil rights groups argued that historical evidence from the 1866 Congress that passed Section 1981 shows that Congress’s overriding intent was to grant Black citizens the tools to be independent and empowered actors in the economy. Thus, they argued, interpreting the statute to impede voluntary private philanthropy like a grant program that supports Black economic mobility would subvert Congress’s intent and misread the statute. On January 3, the plaintiffs amended their complaint, adding new exhibits and pleading additional facts to support its contention that the grant program at issue is a contract and not a charitable donation. The defendants’ motion to dismiss the amended complaint is due February 7, 2024.

Do No Harm v. Vituity, No. 3:23-cv-24746-TKW-HTC (N.D. Fla. 2023): On December 8, 2023, Do No Harm, an advocacy group representing doctors and healthcare professionals, sued a nationwide physician partnership that runs a Bridge to Brilliance Incentive Program—a DEI and recruitment program that advertises a sign-on bonus and benefits specifically to qualified Black physicians. The plaintiff alleged the program violates Section 1981 as well as Section 1557 of the Affordable Care Act, which prohibits discrimination by healthcare providers receiving federal financial assistance. Do No Harm sought a temporary restraining order and preliminary injunction, barring the defendant from closing the application period on December 17, 2023.
- Latest update: On January 3, the parties voluntarily dismissed the case after Vituity ended the challenged incentive program. In a joint stipulation of dismissal, Vituity stipulated to having “already made the decision to end the Black Physician Leadership Incentive.” The company agreed that “moving forward, when applicable, while reviewing applications for incentives, Vituity may only take into consideration how race affected a physician’s life, be it through discrimination, inspiration, or otherwise,” paraphrasing language the Supreme Court used in SFFA v. Harvard to describe a permissible use of race in the school admissions context.

Landscape Consultants of Texas, Inc, v. City of Houston, No. 4:23-cv-3516 (S.D. Tx. 2023): Plaintiff landscaping companies owned by white individuals challenged Houston’s government contracting set-aside program for “minority business enterprises” that are owned by members of racial and ethnic minority groups. The companies claim the program violates the Fourteenth Amendment and Section 1981.
- Latest update: On December 20, the plaintiffs filed their opposition to the City of Houston’s motion to dismiss. As to their alleged injury-in-fact, the plaintiffs argued that they did not need to plead that they lost contracts due to the minority business enterprise policy; rather, they only needed to allege that the policy forced them to compete for contracts on an unequal basis. Further, the plaintiffs argued that Equal Protection claims do not require an allegation of racial animus when challenging a facially-discriminatory government program.

2. Employment discrimination under Title VII and other statutory law:

Farkas v. FirstEnergy Corp. et al., No. cv-23-986280 (Ohio Ct. Common Pleas Cuyahoga Cty.): On September 29, 2023, a white male former corporate counsel at FirstEnergy sued the company under Ohio’s antidiscrimination statute, alleging that he was fired in retaliation for expressing concerns about the company’s DEI programs.
- Latest update: On December 19, 2023, FirstEnergy filed its motion to dismiss the complaint under seal, arguing in the unsealed portions that the plaintiff failed to provide sufficient notice of the claims being asserted, that some of his claims are time-barred, and that he failed to state a claim under Ohio procedural law. The plaintiff filed his opposition, also under seal, on January 8.

Grande v. Hartford Board of Education et al., No. 3:24-cv-00010-JAM (D. Ct. 2024): On January 3, 2024, Plaintiff, a white male physical education teacher in the Hartford school district, filed suit against the Hartford School Board after allegedly being forced to attend mandatory DEI trainings. He claimed that he objected to the content of a mandatory professional development session focused on race and privilege, stating that he felt “white-shamed” after expressing his political disagreement with the training’s purposes and goals, and that he was thereafter subjected to a retaliatory investigation and was wrongfully threatened with termination. He claims the school’s actions constitute retaliation and compelled speech in violation of the First Amendment.
- Latest update: According to the docket, the defendant has not yet been served with the complaint.

3. Educational Institutions and Admissions (Fifth Amendment, Fourteenth Amendment, Title VI, Title IX):

Students for Fair Admissions v. U.S. Military Academy at West Point et al., No. 7:23-cv-08262 (S.D.N.Y. 2023), on appeal at No. 24-40 (2d Cir. 2024): On September 19, 2023, SFFA sued West Point Academy, arguing that affirmative action in its admissions process, including alleged racial “benchmarks” of “desired percentages” of minority representation, violates the Fifth Amendment of the U.S. Constitution by taking applicants’ race into account.
- Latest update: On January 3, 2024, the court denied SFFA’s request for a preliminary injunction. Although the court found that SFFA had standing to sue notwithstanding its reliance on pseudonymous members, it held that the organization failed to satisfy the factors warranting a preliminary injunction. For likelihood of success on the merits, the court emphasized that SFFA had a very high burden to prove a negative (that West Point was not likely to be able to justify its race-conscious admissions with a compelling government interest) with limited and speculative facts at the preliminary injunction stage. The court found that the speculative “patchwork” of putatively non-compelling interests and justifications that SFFA attributed to West Point in its complaint did not actually align with those offered by the government at oral argument, muddling rather than clarifying the legal issues. Further, the court stated that the Supreme Court’s instructions to give “great deference” to military authorities encouraged the court to be apprehensive of rendering a preliminary decision “without a full understanding . . . as to what exactly are the compelling interests asserted [and] to whom those compelling interests belong.” As a result, the court found that SFFA’s request for a preliminary injunction at most “creates questions of fact,” falling short of the “clear showing required for the extraordinary and drastic remedy sought.” On the other factors, the court found that SFFA did not establish irreparable harm because it appeared its pseudonymous members were still eligible for admission to West Point. The court also held that the public interest and the balance of the equities favored West Point because an injunction would disrupt West Point’s ongoing admissions cycle and potentially lead to withdrawn admission offers. On January 4, SFFA filed an emergency appeal to the Second Circuit, requesting immediate review of the district court’s decision.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Blaine Evanson, Molly Senger, Zakiyyah Salim-Williams, Matt Gregory, Zoë Klein, Mollie Reiss, Teddy Rube, Alana Bevan, Elizabeth Penava, and Mary Lindsay Krebs.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and authors:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, [email protected])

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, [email protected])

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, [email protected])

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, [email protected])

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, [email protected])

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group
Orange County (+1 949-451-3805, [email protected])

Data analytics technology has now matured to a point where companies should consider how to harness it for enhancing compliance around their corporate financial and sustainability disclosures.

I. INTRODUCTION AND SCOPE

As computing technology develops at a mind-boggling pace, companies are thinking more creatively about how to leverage data science and analytics, including through the use of artificial intelligence (AI) (collectively, data analytics technology) across their operations. This alert provides guidance and recommendations regarding one specific area where clients should consider this technology: managing and mitigating compliance risks associated with the company’s public financial and sustainability disclosures.

We first provide some background on data analytics and artificial intelligence. Second, we provide a brief overview of the extent to which large market capitalization (large-cap) companies are using data analytics technology. We also discuss how companies are leveraging AI for specific objectives and how regulators are thinking about and employing data analytics technology. Third, we highlight specific risks associated with public disclosures, filings, and other statements, and present some ideas for how companies can use data analytics technology to mitigate those risks. We also discuss the risks companies may face through activism and litigation because of how third parties are using these technologies.

We provide four recommendations for companies to consider—or consider further—as they seek to better manage disclosure risks by using data analytics technology. These recommendations include ways in which companies may leverage both traditional data analytics tools[1]—which often require data scientists manually to compile and examine reports—and tools incorporating machine learning and AI capabilities[2] such that portions of the analysis may be automated.[3] Broadly, these recommendations are centered around using data analytics technology to more proactively:

assess regulatory filings, investor disclosures, and public statements for areas of regulatory risk;
understand, prepare for, and respond to activism and litigation relating to public disclosures;
address fraud and non-compliance with corporate policies and procedures; and
identify and combat misinformation in news and media coverage about the company and its business.

These recommendations are intended at a high level and many of them may be implemented using either traditional data analytics tools or AI capabilities. Moreover, AI and the legal frameworks governing its development and use are rapidly evolving, and, while the information in this alert is accurate as of the date of its writing, we are confident that subsequent developments will warrant continued evaluation of the relevant factual, technological, and legal landscape. Ultimately, the purpose of the discussion and recommendations below is to assist companies as they consider how to use these tools to enhance compliance around the company’s public financial and sustainability disclosures.

II. RELEVANT TECHNOLOGY AND RELATED CONSIDERATIONS

Data Analytics

Data analytics (sometimes referred to as “data science” in the technology and academic sectors) involves the collection, transformation, and organization of data in order to draw conclusions, develop predictions, and support informed decision-making. Data analytics relies on data mining, data cleansing, data transformation, and data modeling to describe, predict, and improve performance. In the business context, data analytics has become an increasingly important tool for analyzing and shaping business processes, improving decision-making, and driving business results.

Broadly speaking, data analytics is commonly used in several ways:

Descriptive analytics identifies trends and patterns in current or historical data to describe the state of affairs in a specified time period.[4] In the business context, data analytics is used to analyze business information and develop insights to inform business decisions.
Diagnostic analytics uses data to identify, understand, and explain the reasons for past performance.[5]
Predictive analytics uses statistical modeling, forecasting, and machine learning to analyze data produced by descriptive or diagnostic analytics and to make predictions about the future based on that analysis.[6]
Prescriptive analytics uses machine learning and complex algorithms to build and test specific solutions to complex problems that can be implemented to solve business problems and drive improved results.[7]

Data analytics can be manual or automated, with automated processes relying on computers to generate results more efficiently, cost-effectively, and with minimal need for human intervention.

A recent example of non-AI data analytics tools that impact public companies is the Securities and Exchange Commission’s (SEC’s) Earnings Per Share Initiative, which uses “risk-based data analytics to uncover potential accounting and disclosure violations caused by, among other things, earnings management practices.”[8] Unlike other initiatives that focus on re-running financial data, the EPS initiative is using data analytics and other tools to uncover evidence of manipulation in reporting.[9] Although relatively simple compared to generative artificial intelligence (GAI), these data-based approaches can reveal large-scale manipulation due to human error (e.g., investigators review data to ensure that the proper ratio of the numeral “4” appears in data, as human manipulation tends to leave out the number 4, due to a tendency to round up or down).[10] Academic research on earnings management and accounting fraud has applied such methods or concepts to detect fraud by, for example, drawing correlations between CEO/CFO driving records and propensity for ostentatious lifestyles.[11] Regulators and analysts are using the methods developed in these papers to detect accounting fraud earlier and, according to the SEC’s latest budget request, it plans to put even more effort into developing its AI capabilities.[12]

Artificial Intelligence

AI is a technology through which various computing and analytics tasks can be automated. “An AI system is a machine-based system that is capable of influencing the environment by producing an output (predictions, recommendations or decisions) for a given set of objectives. It uses machine and/or human-based data and inputs to (i) perceive real and/or virtual environments; (ii) abstract these perceptions into models through analysis in an automated manner (e.g., with machine learning), or manually; and (iii) use model inference to formulate options for outcomes. AI systems are designed to operate with varying levels of autonomy.”[13] For example, AI systems can be used to automate any of the four types of data analytics described above. AI systems can be designed to automatically analyze data, identify issues, propose solutions, and predict how a solution will work. With that information in hand, human decision-makers can decide whether or not to take a proposed course of action. AI systems can also be designed to be fully automated. That is, once an AI system has identified a problem and proposed and tested a solution, it can decide whether to implement the solution without human intervention.

To be able to propose and test solutions to complex problems—and even take independent action—an AI system relies on training models that consume and process vast amounts of data. The lifecycle of an AI system involves several phases: “i) ‘design, data and models’; which is a context-dependent sequence encompassing planning and design, data collection and processing, as well as model building; ii) ‘verification and validation’; iii) ‘deployment’; and iv) ‘operation and monitoring’. These phases often take place in an iterative manner and are not necessarily sequential.”[14]

III. GENERAL USE CASES FOR ANALYTICS IN THE COMPLIANCE SPACE

Current State of the Use of Data Analytics Technology

Although companies are rapidly adopting data analytics technology, its use for managing risk and compliance has lagged somewhat. Deloitte conducted a recent study of large-cap companies by surveying members of the Society for Corporate Governance.[15] The study found that nearly half of all respondents reported that the use of AI tools was neither expressly permitted nor prohibited within their company. However, among large-cap respondents, only 25% reported that the use of AI tools is simply not addressed by company policies, with 36% of large-cap respondents reporting that they allow for AI use for specific purposes, and 14% of large-cap respondents permitting use for any purpose.[16]

Among large-cap respondents, 17% reported that they do not currently have any AI use framework, AI policy, or AI code of conduct in place, while 47% are “currently considering” implementing such policies and frameworks.[17] Notably, among all respondents (including mid- and large-cap), only 13% have specific AI-related policies or frameworks in place.[18] However, 57% of large-cap respondents are currently considering revising corporate policies (including privacy, cyber, risk management, etc.) to address the use of AI.[19]

Although AI use cases span many industries, the current focus of AI-related attention (including usage, strategy, impact, disruption, competitive advantage, and risk) for large-cap respondents was focused primarily on sales/marketing (55%), product development (48%), legal (42%), human resources (36%), risk (30%), and finance/accounting (21%).[20]

With respect to internal company management of AI, responsibility is primarily delegated to IT/tech (56% of large-cap respondents), a cross-functional working group (47% of respondents), and legal (34% of respondents). At the board level, 25% of large-cap respondents reported not expressly delegating authority for primary oversight of AI, 19% reporting that the topic has not yet been addressed at the board level, 19% placing responsibility with the audit committee (or similar), 13% of respondents place responsibility with the technology committee, another 13% placing authority with the full board, and notably only 3% placing responsibility with the risk committee.[21]

There is a risk that at least some employees are using AI in a way that is not on the companies’ radar. A recent survey by the Conference Board found that “56% of workers are using generative AI at work but only 26% of those respondents said their organization has a policy related to its use.”[22] This use of AI presents risks, but it also shows the promise that AI presents across a wide variety of corporate functions.

Risks and Opportunities in the Use of Environmental Data Analytics Technology

Despite a relatively low rate of adoption of data analytics technology by large companies, smaller companies and organizations are already building such tools, especially to push for additional environmental and sustainability measures. These tools are not just novelties. They pose potential risks to companies because governments across the world are requiring the disclosure of increasingly large amounts of environmental and sustainability data. Environmental activists and large, especially European, investors are likewise demanding the disclosure of sustainability data, including human rights, supply chain, and human capital information. This disclosure of ever-larger amounts of data combined with increasingly powerful computing technology creates an ever-more-risky disclosure environment for public companies.[23]

Some examples of tools that are publicly known include Climate TRACE, which tracks and inventories companies’ emissions in real-time;[24] GreenWatch, which compares companies’ green claims to emissions performance;[25] Datamaran, which reviews and analyzes corporate governance data to assess a company’s ESG performance and identify areas for improvement;[26] Manifest Climate, which compares companies’ data to reporting frameworks, regulations, and peers;[27] and JUST Capital, which uses AI to rank companies on the basis of “just” business behavior, emphasizing ESG factors.[28] BreezoMeter offers real-time air quality data, promoting environmental transparency and awareness.[29] ClarityAI provides sustainability data to allow users to invest, shop, and benchmark based on that data.[30] These tools create risks but also present opportunities.

Of course, companies could consider using some of these tools, such as Datamaran or Manifest Climate, to their own advantage, especially to evaluate their compliance with complex regulations and ESG rules, and to compare their disclosures and metrics to other peers. Additionally, companies could consider using tools such as SustainLab, which provides a comprehensive platform for sustainability data management and reporting;[31] Ecogain, which uses AI to assist companies in setting and achieving sustainability goals;[32] and Turntide Technologies, which uses AI to optimize energy consumption in buildings.[33] Such tools could, for example, help companies ensure they comply with their state and federal reporting requirements.

SEC Recognition of Opportunities for the Use of AI

As companies have increasingly begun to deploy AI, the SEC has begun to consider how AI can be used to enhance its compliance and enforcement efforts. The agency describes several uses of AI in its most recent budget request to Congress, which describes the SEC’s “broader undertaking to initialize and integrate machine-learning and artificial intelligence-supporting technology, with the ultimate goal to innovate and develop usable tools for the staff that deploy predictive and information visualization models to create data analytics efficiencies, particularly in the rulemaking context, where the staff routinely receives significant and diffuse feedback from market participants during open comment periods.”[34]

In a September 10, 2023 speech to the annual meeting of the North American Securities Administrators Association (NASAA), SEC Commissioner Mark T. Uyeda discussed some of the potential benefits of AI use, including decreased operational costs for companies and expanded access to investors.[35] Importantly, Commissioner Uyeda also discussed how AI can be used to improve compliance efforts by both companies and regulators. For companies, Commissioner Uyeda noted that they will be able to use AI to detect fraud, monitor data, flag risk indicators, and identify patterns in data much faster.[36] Such uses might reduce costs for companies, result in more accurate determinations of compliance violations, and inform decisions about whether findings need to be escalated, including to regulators and law enforcement.[37] For regulators, AI can help sift through the large volumes of data included in Exchange Act filings, for example. Regulators can use AI to evaluate those filings and identify areas of potential risk.

IV. RISK MANAGEMENT STRATEGIES AND RECOMMENDATIONS

The growing use of data analytics technology by activist organizations and regulators to challenge companies’ business practices and regulatory disclosures puts pressure on companies to consider what actions they might take to implement tools of their own to respond to and preempt such efforts. We discuss four risk areas below: public disclosures and statements, activism and litigation, fraud and non-compliance with corporate policies, and misinformation about the company in news and media coverage. These risk areas intersect and impact one another. Accordingly, companies should consider how to leverage the tools discussed below across risk areas where appropriate.

However, it is important to take all the recommendations below as intended: Not as a promotion of any particular method or product but as an encouragement to consider how data analytics technology can help a company mitigate the risks created by the increasingly data-driven scrutiny of corporate financial and sustainability disclosures.

Leverage Data Analytics Technology to Assess Regulatory Filings, Investor Disclosures, and Public Statements for Areas of Regulatory Risk

Public companies are required and urged to disclose large amounts of information, and those disclosures must comply with an increasingly complex array of regulatory and third-party oversight. These disclosures create the potential for hundreds of opportunities for simple human error and intentional or reckless misstatements or omissions that are always judged in hindsight. Ensuring compliance with these requirements can be challenging, even under established, longstanding regulatory regimes.

Existing disclosure requirements present sufficient compliance risks because as noted above, the SEC has already begun proactively using data analytics technology to identify non-compliance.[38] Compliance is even more challenging when regulators adopt new disclosure requirements, which has been happening at a torrid pace. Without a clear interpretation, an enforcement track record, or guidance from courts, new disclosure rules can create significant regulatory uncertainty, increasing risk for companies required to file under the new rules. For example, the SEC’s new rules on cybersecurity disclosures for public companies significantly changed the status quo—imposing a substantial burden and introducing complexity to incident response for all public companies.[39]

Additionally, in the coming months, the SEC is expected to finalize new rules that would require public companies to disclose in their 10-Ks a potentially expansive amount of data relating to environmental and climate risks.[40] Not to be outdone, the California Legislature recently passed two bills that will impose significant and mandatory climate-related reporting requirements for large public and private companies doing business in California.[41] The bills require annual disclosure of audited Scope 1, 2, and 3 greenhouse gas emissions and biennial disclosure of certain climate risks.[42] The European Union is also implementing several directives over the coming years that will require multinational companies to disclose environmental, social, and governance data[43] and extensive human rights impacts across their value chains.[44] These directives and rules collectively will result in significantly more disclosures and could—indeed, are intended to—heighten the compliance, investigation, and litigation risks for companies.

There are several ways companies could use data analytics technology to assess and mitigate the risks posed by current and coming disclosure requirements. As an initial matter, companies could use some of the third-party tools described above to test their data and disclosures.[45] Companies could use existing data sets of SEC comment letters and enforcement actions to develop their own lists of SEC hot topics and trends. Companies could use data analytics technology to compare the disclosures of peer companies and compare those disclosures against their own. This type of analysis could help companies identify whether peers are handling their disclosures differently and inform changes to their disclosures if the analysis identifies gaps. Especially in uncertain or new regulatory environments, such as the SEC’s new cybersecurity reporting rules and its proposed emissions reporting rules, evaluating and learning from the disclosures of peer firms is an important way to mitigate risk. Data analytics technology can make that process more efficient and dynamic.

Companies could also employ data analytics technology to learn from the mistakes peer companies have made with their disclosures. For example, companies could analyze SEC or Environmental Protection Agency (EPA) enforcement actions and identify the issues that triggered regulatory scrutiny. Data analytics technology could enable analysis of a vast number of relevant enforcement actions to discern key compliance errors or patterns of enforcement. Companies could also cross reference the disclosures of peer companies against SEC or EPA enforcement actions to identify which disclosures triggered investigation and enforcement.

Looking inward to the company’s own data, data analytics technology could be used to evaluate internal controls and monitor and analyze hotline or whistleblower complaints. Similarly, companies could employ data analytics technology to analyze their own historical disclosures and compare them against current enforcement priorities and new regulations to determine what the potential risks are and what, if any, sections of the disclosures need to be updated or modified.

Companies also can learn from financial analysts and academics, who have devised ways to identify fraudulent activity in financial statements. None of these methods are proven, but combined, analytical methods like pattern recognition, Benford’s Law,[46] textual analysis of disclosures,[47] and ratio analysis can be proactively employed to test the company’s own information. The requirement by the SEC that companies disclose much of their data using XBRL (eXtensible Business Reporting Language) format means that much of the companies’ key data is reported in machine-readable, structured data format. This makes it easier for investors and third parties to analyze,[48] but also for companies to perform their own analyses.

Caution is warranted as companies begin to incorporate the use of these tools. Recent reporting has highlighted the shortcomings of AI when it comes to analyzing disclosures such as SEC filings.[49] Indeed, researchers have found that as of this writing, AI models are only able to answer relevant questions about an SEC filing with 79% accuracy.[50] However, the use of AI for discrete tasks that have been shown to produce accurate results and the use of non-AI data analytics on larger tasks, like the methods described above, may be valuable ways to improve a company’s disclosure review process. Moreover, it will be important to continue to monitor AI’s capabilities as the technology in this space is developing quickly.

Leverage Data Analytics Technology to Understand, Prepare for, and Respond to Activism and Litigation Relating to Public Disclosures

Companies may also be able to use data analytics technology to mitigate activism and litigation risk. Increasingly, activists and other organizations are using data analytics technology to evaluate companies’ advertisements, press releases, and disclosure documents and to compare them against actual performance, regulatory frameworks, and desired policy goals. This analysis can often result in shareholder activism, litigation or regulatory scrutiny, and reputational damage to the company.

Climate activist organizations have taken a particular interest in this approach, leveraging a growing number of data analytics technology tools to evaluate and report on companies’ climate change and environmental activities. For example, Datamaran reviews and analyzes corporate governance data, including ESG risks and opportunities, to assess a company’s ESG performance and identify areas for improvement.[51] Climate TRACE independently tracks companies’ emissions in real time, and has been described as the “world’s first global emissions inventory.”[52] GreenWatch contrasts companies’ green or sustainability claims against their actual emissions performance, and has been advertised as AI to detect “greenwashing.”[53]

Another existing tool is provided by Manifest Climate, which compares company data to reporting frameworks and regulations, as well as to peers. Using a dashboard format, Manifest Climate promises to employ AI to help companies with sustainability compliance and strategy. Specifically, the tool is designed to help companies “identify their climate-related risks and opportunities, track peer action and market trends, and provide better disclosures aligned with global reporting standards and frameworks including TCFD, SEC, CSA, ISSB and more.”[54] It promises to allow companies to compare themselves to peers, identify sustainability actions the company is taking that it is not disclosing, and serve as a climate risk management solution. These offerings are examples of ways companies may benefit from AI applied to sustainability reporting. The tool, and the others discussed throughout this memo, show some of the early capabilities that third parties are likely to apply against companies’ data.

Companies can likewise use AI to evaluate activists’ claims, employing their own analytics to evaluate and respond to allegations regarding inaccurate or misleading statements in their marketing materials, on their websites, and in their public filings and statements. This is a useful defensive tool, not just to respond to claims made in activist campaigns or shareholder engagements, but also to claims made in the media that may affect corporate reputation, trigger shareholder proposals or proxy fights, or draw regulatory scrutiny.

Data analytics technology can also play a role in mitigating risk in specific litigation. For example, in support of claims based on misleading statements and or deceptive marketing, plaintiffs often pull statements from particular documents at particular times and use them out of context. Companies facing such a lawsuit could consider using data analytics technology to analyze those statements, support responsive filings, and build a more complete and accurate narrative. But it is critical that companies comply with court orders and any other applicable rules and requirements, including rules of professional conduct, when using AI in the litigation context and strictly avoid relying on AI-generated content for filings or strategy.[55]

That said, the proactive use of data analytics technology is becoming more important in light of the increasing government focus on sustainability disclosures. In addition to the SEC’s efforts discussed above, the Federal Trade Commission (FTC) provides another example of increasing government scrutiny that creates risk. Under section 5 of the Federal Trade Commission Act, the FTC has the authority to “prevent persons, partnerships, or corporations” from using “unfair or deceptive acts or practices in or affecting commerce.”[56] There is a risk that a company’s public sustainability statements may come under scrutiny for being allegedly unfair or deceptive.

For example, activists are placing particular emphasis on so-called “greenwashing” statements and are pressuring the FTC to step in. In fact, the FTC has taken some action in this area, requesting public comment on its Guides for the Use of Environmental Marketing Claims (Green Guides).[57] First issued in 1992 and most recently revised in 2012, the Commission’s Green Guides, 16 C.F.R. part 260, address the applicability of section 5 of the FTC Act to environmental advertising and labeling claims.[58] The Green Guides outline general principles applicable to all environmental marketing claims, and provide specific guidance regarding many common environmental benefit claims.[59]

The EU proposed Green Claims Directive likewise will expand the regulatory scrutiny over sustainability claims. The directive lists actions “which are to be considered misleading if they cause or are likely to cause the average consumers to take a transactional decision that they would not have otherwise taken” and expands the lists of “commercial practices which are considered unfair in all circumstances . . . to four practices associated with greenwashing.”[60] It also imposes detailed substantiation requirements on sustainability claims.

With respect to FTC requests for comments about rulemaking, companies could employ AI to mine the comment submissions for keywords or themes. AI may help identify instances where the company’s interests are specifically mentioned and in what context. It could also recognize patterns in the comment submissions that hone in on the issues most addressed by commenters to help focus the company’s responses on the key issues. Moreover, companies could use this approach with respect to analyzing any large agency docket or action in which they are interested, understanding the critical issues, and formulating a responsive strategy. Regardless, companies should monitor the market because these types of tools are improving in quality and sophistication.

As a more general matter, companies can use data analytics technology both proactively and defensively to ensure that their public statements do not run afoul of these developing rules and standards. As described above, companies could employ data analytics technology to analyze and learn from the public statements of other companies, especially those of competitors. Companies could use the results to evaluate whether their public statements conform to standard practice and whether any similar statements have drawn regulatory scrutiny. More defensively, in an environment where third parties are using AI tools to analyze a company’s public statements, companies can use AI tools to run their own internal analyses of public statements prior to publication to identify and remediate any potential issues likely to be seized on by regulators, plaintiffs, or activists.

Increase the Use of Data Analytics Technology to Address Fraud and Non-Compliance with Corporate Policies and Procedures

Fraud and non-compliance with corporate policies and procedures are not new risks for companies, but as regulators increasingly employ new tools to detect fraud—as noted above—it is imperative that companies leverage data analytics technology internally to mitigate risk. Using basic structured query (“SQL”) language tools, for instance, companies are already using data analytics technology to continuously monitor and audit vast and complex data streams, looking for anomalies or behavioral patterns that may indicate fraud. SQL queries can compare data across tables and use statistical functions to identify discrepancies or outliers in data. SQL can be used to generate summary reports, which can be used to identify trends and patterns in data. Queries can also be used to analyze trends in data over time by comparing data across audits performed in different time periods.[61] Major banks already use data analytics technology to identify credit card and banking fraud and to maintain compliance with anti-money laundering and other rules, so this is an area that is relatively advanced in terms of the availability of off-the-shelf tools.[62] Some companies have been using data analytics technology to identify employee fraud and monitor for anti-corruption compliance.[63] The results can be used to guide internal investigations and to inform recommendations on how to improve internal policies and controls.

Use Data Analytics Technology to Help Identify and Combat Misinformation in News and Media Coverage About the Company and Its Business

News media reports about a company’s substantive business and compliance efforts may pose significant potential risks. News reports can serve as a trigger for government investigations, regulatory action, and lawsuits, and regulators and plaintiffs’ attorneys have been known to leverage information contained in such reports. They can also significantly impact corporate reputation and stock prices. Data analytics technology offers an efficient and automated method to comb the internet for relevant reports, articles, or statements, identify any misstatements or inaccuracies, and flag issues for decision. Such information could enable a company to quickly correct the record on inaccurate news pieces, publish responses, or address misleading statements through its public disclosures.[64]

V. CONCLUSION

Data analytics technology has now matured to a point where companies should consider how to harness it for enhancing compliance around their corporate financial and sustainability disclosures. There is far more growth to come, but there are opportunities for assessing regulatory filings and public disclosures; understanding and responding to activism and litigation; addressing fraud and non-compliance with corporate policies and procedures; and identifying and combating misinformation in news and media coverage about the company and its business. As regulators, activists, and others ramp up their data-driven scrutiny of corporate financial and sustainability disclosures, companies may want to stay ahead of those efforts.

__________

[1] As generally understood in the technology sector, data analytics (also known as data science) is a technology-agnostic discipline in which the data collected, generated, and maintained by an organization is subjected to statistical analysis for the purposes of providing the organization with insights relevant to its operations and objectives such that it can guide decision-making and help solve other organizational problems. Data analytics can be used, for example, in product development, supply chain management, and financial modeling. Data analytics also may help to identify and mitigate legal and compliance risks, which are the focus of this memorandum. For more information, see generally, e.g., Thor Olavsrud, What is data analytics? Analyzing and managing data for decisions, CIO (June 7, 2022), https://www.cio.com/article/191313/what-is-data-analytics-analyzing-and-managing-data-for-decisions.html.

[2] In the context of this alert, we discuss the capabilities of AI only as related to the analysis and mitigation of compliance risks, such that companies may consider that AI is not entirely distinct from data analytics.

[3] “An AI system is a machine-based system that is capable of influencing the environment by producing an output (predictions, recommendations or decisions) for a given set of objectives.” OECD.AI Policy Observatory, OECD AI Principles overview, https://oecd.ai/en/ai-principles (last visited Oct. 2, 2023).

[4] See Olavsrud, supra note 1.

[5] Id.

[6] Id.

[7] Id.

[8] Securities and Exchange Commission, SEC Charges Gentex and Chief Financial Officer in Connection with EPS Initiative (Feb. 7, 2023), https://www.sec.gov/enforce/34-96819-s.

[9] See here. Silver Law Group, What To Know About The SEC’s “EPS Initiative” (June 16, 2023), here.

[10] See Dave Michaels, SEC Probes Whether Companies Rounded Up Earnings Per Share, Wall St. J. (June 22, 2018), https://www.wsj.com/articles/sec-probes-whether-companies-rounded-up-earnings-1529699702?mod=article_inline.

[11] David Woodcock, Accounting Fraud: Down, But Not Out, Law360 (Sept. 11, 2015, 10:38 AM EDT), https://www.law360.com/articles/700727. (“There are now thousands of academic research papers on earnings management and accounting fraud, on the motivations, financial impacts and detection methods, among other things. They apply methods or concepts like Benford’s Law, quadrophobia, Beneish M-Scores, F-Scores, and cash flow variances, and they draw correlations between CEO/CFO driving records and propensity for ostentatious lifestyles. Their work is being used by regulators and analysts to detect accounting fraud earlier.”). The point here is that the SEC’s use of these tools is not new, but it is increasing as the agency seeks to harness data analytics technology for use in its review of public company disclosures and accounting.

[12] Securities and Exchange Commission, SEC Fiscal Year 2024 Congressional Budget Justification Annual Performance Plan (SEC 2024 Budget), 26, at https://www.sec.gov/files/fy-2024-congressional-budget-justification_final-3-10.pdf (“In addition, the SEC intends to invest in artificial intelligence/machine learning (AI/ML) and other capabilities to address the growing volume of data it receives, processes, analyzes, and makes available to the investing public.”).

[13] OECD.AI Policy Observatory, supra note 3.

[14] Id.

[15] Natalie Cooper, Bob Lamm, & Randi Val Morrison, Board Practices: Artificial intelligence, Harvard Law School Forum on Corporate Governance (Sept. 2, 2023), https://corpgov.law.harvard.edu/2023/09/02/board-practices-artificial-intelligence/#more-158903

[16] Id.

[17] Id.

[18] Id.

[19] Id.

[20] Id.

[21] Id.

[22] Frederic Lee, Employee AI Use Outpacing Workplace Policies, Agenda Week (Sept 29, 2023), here.

[23] David Woodcock, ESG and The Board: Avoiding Risky Business, The Corporate Board (Sept./Oct. 2023) (“[S]ustainability and ESG reports highlighting corporate disclosures and commitments have grown considerably in length over the past few years. According to one study, these have grown from an average length of 102 pages in 2019 to 165 pages in 2022. Almost every large company produces one.”),

[24] Climate TRACE, https://climatetrace.org/ (last viewed Oct. 2, 2023).

[25] GreenWatch, http://greenwatch.ai/ (last viewed Oct. 2, 2023).

[26] Datamaran, https://www.datamaran.com/ (last viewed Oct. 2, 2023).

[27] Manifest Climate, https://www.manifestclimate.com/ (last viewed Oct. 2, 2023).

[28] JUST Capital, https://justcapital.com/ (last viewed Oct. 2, 2023).

[29] BreezoMeter, https://www.breezometer.com/air-quality-map/ (last viewed Oct. 2, 2023).

[30] ClarityAI, https://clarity.ai/ (last viewed Oct. 2, 2023).

[31] SustainLab, https://sustainlab.co/ (last viewed Oct. 2, 2023).

[32] Ecogain, https://en.ecogain.se/ (last viewed Oct. 2, 2023).

[33] Turntide Technologies, https://turntide.com/ (last viewed Oct. 2, 2023).

[34] SEC 2024 Budget, supra note 12, at 25 (noting the importance of two requested data analyst positions: “The positions are critical to the division’s effort to support the agency’s broader undertaking to initialize and integrate machine-learning and artificial intelligence-supporting technology, with the ultimate goal to innovate and develop usable tools for the staff that deploy predictive and information visualization models to create data analytics efficiencies, particularly in the rulemaking context, where the staff routinely receives significant and diffuse feedback from market participants during open comment periods.”); 26 (“In FY 2024, the SEC Cloud Center of Excellence will continue to help drive modernization efforts within the Commission. The cornerstone of this program is a cloud platform that will allow the SEC to increase mission capabilities and agility through the use of modern software tools to enable data visualization, artificial intelligence, and machine learning.”).

[35] Mark T. Uyeda, Remarks to the 2023 NASAA Fall Annual Meeting—Modernizing Investor Protection for the Digital Age, Securities and Exchange Commission (Sept. 10, 2023), https://www.sec.gov/news/speech/uyeda-remarks-nasaa-091023.

[36] Id.

[37] Id.

[38] See supra note 8 (discussing SEC’s EPS initiative).

[39] Client Alert, SEC Adopts New Rules on Cybersecurity Disclosure for Public Companies, Gibson, Dunn & Crutcher LLP (July 31, 2023), https://www.gibsondunn.com/sec-adopts-new-rules-on-cybersecurity-disclosure-for-public-companies/.

[40] SEC Proposes Rules to Enhance and Standardize Climate-Related Disclosures for Investors, U.S. Sec. & Exch. Comm’n (Mar. 21, 2022), https://www.sec.gov/news/press-release/2022-46.

[41] Client Alert, California Passes Climate Disclosure Legislation, Gibson, Dunn & Crutcher LLP (Sept. 27, 2023), https://www.gibsondunn.com/california-passes-climate-disclosure-legislation/.

[42] Id.

[43] Client Alert, European Corporate Sustainability Reporting Directive (CSRD): Key Takeaways from Adoption of the European Sustainability Reporting Standards, Gibson, Dunn & Crutcher LLP (Aug. 23, 2023), at https://www.gibsondunn.com/european-corporate-sustainability-reporting-directive-key-takeaways-from-adoption-of-european-sustainability-reporting-standards/.

[44] Client Alert, European Commission Proposes Far-Reaching Human Rights and Environmental Due Diligence Obligations, Gibson, Dunn & Crutcher LLP (Mar. 11, 2022), at https://www.gibsondunn.com/european-commission-proposes-far-reaching-human-rights-and-environmental-due-diligence-obligations/.

[45] Note the guidance in the concluding section on certain risks to consider when doing this, including confidentiality of sensitive company data.

[46] Benford’s Law as a Quality of Reporting Indicator, Ideagen Audit Analytics, https://blog.auditanalytics.com/benfords-law-as-a-quality-of-reporting-indicator/ (last visited Jan. 1, 2024).

[47] Loughran, Tim and McDonald, Bill, Textual Analysis in Finance (June 17, 2020), available at https://ssrn.com/abstract=3470272.

[48] Audit Analytics, https://www.auditanalytics.com/ (last visited Oct. 2, 2023).

[49] AI Models Only 79% Accurate When Asked About SEC Filings, PYMNTS (Dec. 19, 2023), https://www.pymnts.com/artificial-intelligence-2/2023/ai-models-only-79-accurate-when-asked-about-sec-filings/ (last visited Jan. 10, 2024).

[50] Id.

[51] Datamaran, supra note 26.

[52] Climate TRACE, supra note 24.

[53] GreenWatch, supra note 25.

[54] Manifest Climate, supra note 27.

[55] Peter Hayes, Attorneys Must Certify AI Policy Compliance, Judge Orders, Bloomberg Law (May 31, 2023) (discussing Judge Brantley Starr’s standing order on the use of AI), available at https://news.bloomberglaw.com/litigation/attorneys-must-certify-ai-policy-compliance-judge-orders.

[56] 15 U.S.C. § 45.

[57] Federal Trade Commission, Request for Public Comment, Guides for the Use of Environmental Marketing Claims, 87 Fed. Reg. 77766 (Dec. 20, 2022), https://www.regulations.gov/document/FTC-2022-0077-0001.

[58] Id.

[59] Id.

[60] European Commission, Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on substantiation and communication of explicit environmental claims (Proposed Green Claims Directive) (Mar. 22, 2023), https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52023PC0166&from=EN. This proposed directive is intended to work together with an earlier directive. See European Commission, Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL empowering consumers for the green transition through better protection against unfair practices and better information (Proposed Greenwashing Directive) (Mar. 30, 2022), https://eur-lex.europa.eu/resource.html?uri=cellar:ccf4e0b8-b0cc-11ec-83e1-01aa75ed71a1.0012.02/DOC_1&format=PDF.

[61] Muhammad Musa Mazhar, Audit Analytics: When writing few lines of SQL can help detect billion dollar fraud, LinkedIn (Dec. 22, 2022), https://www.linkedin.com/pulse/audit-analytics-when-writing-few-lines-sql-can-help-detect-mazhar/.

[62] See, e.g., J.P. Pressley, Why Banks Are Using Advanced Analytics for Faster Fraud Detection, BizTech (July 25, 2023), https://biztechmagazine.com/article/2023/07/why-banks-are-using-advanced-analytics-faster-fraud-detection#:~:text; Denis Francis, Imke Jacob, and Fadi Zoghby, The Data and Analytics Edge in Corporate and Commercial Banking, McKinsey Report (Mar. 23, 2023), https://www.mckinsey.com/industries/financial-services/our-insights/the-data-and-analytics-edge-in-corporate-and-commercial-banking; Jamie Dimon, Chairman and CEO Letter to Shareholders, JP Morgan Chase & Co. Annual Report 2022, https://reports.jpmorganchase.com/investor-relations/2022/ar-ceo-letters.htm (“We already have more than 300 AI use cases in production today for risk, prospecting, marketing, customer experience and fraud prevention, and AI runs throughout our payments processing and money movement systems across the globe. AI has already added significant value to our company. For example, in the last few years, AI has helped us to significantly decrease risk in our retail business (by reducing fraud and illicit activity) and improve trading optimization and portfolio construction (by providing optimal execution strategies, automating forecasting and analytics, and improving client intelligence).”).

[63] See, e.g., Angie Sullivan & Mathias Ward, Four ways to use data analytics to identify corruption red flags, Tableau, https://www.tableau.com/blog/identify-corruption-red-flags-using-data-analytics (describing four steps to using data analytics: (1) Identify corruption risk factors; (2) Design analytics to identify corruption red flags; (3) Risk rank transactions and perform testing; (4) Use analytics to provide proactive alerting of high-risk transactions).

[64] Even where companies already engage in proactive monitoring of the Internet for relevant material, AI could be used to perform or improve some of those functions.

The following Gibson Dunn attorneys assisted in preparing this update: Vivek Mohan, David Woodcock, Frances Waldmann, Hugh Danilack, and Samantha Yi*.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any of the leaders and members of the firm’s Artificial Intelligence, Securities Enforcement, or Securities Regulation and Corporate Governance practice groups, or the following authors:

Vivek Mohan – Palo Alto (+1 650.849.5345, [email protected])
David Woodcock – Dallas (+1 214.698.3211, [email protected])
Frances A. Waldmann – Los Angeles (+1 213.229.7914, [email protected])
Hugh N. Danilack – Washington, D.C. (+1 202.777.9536, [email protected])

Artificial Intelligence:
Cassandra L. Gaedt-Sheckter – Co-Chair, Palo Alto (+1 650.849.5203, [email protected])
Vivek Mohan – Co-Chair, Palo Alto (+1 650.849.5345, [email protected])
Robert Spano – Co-Chair, London/Paris (+44 20 7071 4902, [email protected])
Eric D. Vandevelde – Co-Chair, Los Angeles (+1 213.229.7186, [email protected])

Securities Enforcement:
Richard W. Grime – Co-Chair, Washington, D.C. (+1 202.955.8219, [email protected])
Mark K. Schonfeld – Co-Chair, New York (+1 212.351.2433, [email protected])
David Woodcock – Co-Chair, Dallas (+1 214.698.3211, [email protected])

Securities Regulation and Corporate Governance:
Elizabeth Ising – Co-Chair, Washington, D.C. (+1 202.955.8287, [email protected])
James J. Moloney – Co-Chair, Orange County (+1 949.451.4343, [email protected])
Lori Zyskowski – Co-Chair, New York (+1 212.351.2309, [email protected])

*Samantha Yi is an associate working in the firm’s Washington, D.C. office who currently is admitted to practice only in Maryland.

London partner Deirdre Taylor and associate Molly Heslop are the authors of “What Can Be Learned From Adobe-Figma Merger Termination” [PDF] published by Law360 on January 15, 2024.

Key practitioners from our Los Angeles, Orange County, San Francisco, Washington, D.C. and Palo Alto offices hosted Gibson Dunn’s annual complimentary MCLE briefing which provides 8.0 hours of CLE credit, including specialty subjects such as Ethics, Elimination of Bias, and Competence Issues.

The 3-day program included the latest developments at the United States Supreme Court and SEC, Antitrust Hot Topics, State Bar New Reporting Requirements, and AI amongst other timely topics.

If you have any questions about the program or indeed future programs, please contact [email protected].

Leading Teams with Empathy

PANELISTS:

Tiaunia Henry
Abbey Hudson
Jarrett Green

AI Regulation + Governance: Recapping the Year Behind, Previewing the Year Ahead

PANELISTS:

Vivek Mohan
Eric Vandevelde
Cassandra L. Gaedt-Sheckter
Frances Waldmann

Impact of Recent Supreme Court Decisions on Corporate DEI Programs

PANELISTS:

Cynthia Chen McTernan
Katherine Smith

Jones v. City of Los Angeles: Gibson Dunn Achieves Historic Civil Rights Victory

PANELISTS:

Katie Marquart
Courtney Johnson
Lauren Blas

We’re All Snitches Now: The New State Bar Reporting Rule

PANELISTS:

Joe Rose
Poonam Kumar

Antitrust Hot Topics: Increased Enforcement Activity in Recent Years

PANELISTS:

Chris Whittaker
Caeli A. Higney
Chris Wilson
Amy Feagles

Supreme Court Roundup

PANELISTS:

Samuel Eckman
Elizabeth Dooley

SEC Rulemaking and Related Developments

PANELISTS:

Kevin Bettsteller
Mike Titera
Aaron Briggs

MCLE CREDIT INFORMATION:

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 8.0 credit hours, of which 1.0 credit hour may be applied toward the Elimination of Bias requirement, 1.0 credit hour may be applied toward the Competence Issues requirement, 1.0 credit hours may be applied toward the Ethics requirement and 5.0 credit hours may be applied toward the General Practice requirement.

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 8.0 credit hours, of which 2.5 credit hours may be applied toward the areas of Ethics and Professionalism; 1.0 credit hour may be applied toward the areas of Diversity, Inclusion and Elimination of Bias and 4.5 credit hours may be applied toward the areas of Professional Practice. These courses are approved for transitional/non-transitional credit.

Gibson, Dunn & Crutcher LLP is authorized by the Solicitors Regulation Authority to provide in-house CPD training. This program is approved for CPD credit in the amount of 8.0 hours. Regulated by the Solicitors Regulation Authority (Number 324652).

Neither the Connecticut Judicial Branch nor the Commission on Minimum Continuing Legal Education approve or accredit CLE providers or activities. It is the opinion of this provider that this activity qualifies for up to 8.0 hours toward your annual CLE requirement in Connecticut, including 2.5 hours of ethics/professionalism.

Application for approval is pending with the Colorado, Illinois, Texas, Virginia and Washington State Bars.

From the Derivatives Practice Group: U.S. derivatives news has been slow during the last two weeks, but a few international developments may pique your interest.

New Developments

SEC Publishes Risk Alert: Observations Related to Security-Based Swap Dealers. On January 10, the SEC’s Division of Examination published a Risk Alert presenting examination and outreach observations concerning compliance with rules applicable to security-based swap dealers. The SEC stated that in sharing these observations, the Division seeks to remind security-based swap dealers of their obligations under relevant security-based swap rules and encourage security-based swap dealers to consider improvements in their compliance programs, as may be appropriate, to further compliance with Exchange Act requirements. The Risk Alert presents observations in the following areas: (1) reporting of security-based swap transactions and correction of reporting errors; (2) business conduct standards; (3) security-based swap trading relationship documentation and portfolio reconciliation; and (4) recordkeeping. [NEW]
CFTC Publishes Decentralized Finance Report. On January 8, the CFTC’s Digital Assets and Blockchain Technology Subcommittee of the Technology Advisory Committee (TAC) released a report entitled “Decentralized Finance.” The report discusses TAC’s view that the benefits and risks of DeFi depend significantly on the design and features of specific systems, and that one of its central concerns related to DeFi systems is the lack of, and some industry designs to avoid, clear lines of responsibility and accountability. TAC opined that this feature of DeFi systems may present the clearest ways in which DeFi poses risks to consumers and investors, as well as to financial stability, market integrity and illicit finance—according to TAC, it implicates no clear route to ensuring victim recourse, defense against illicit exploitation, or the ability to insert necessary changes and controls during periods of crisis and network stress. The report finds that government and industry should take timely action to work together, across regulatory and other strategic initiatives, to better understand DeFi.
CFTC Chairman Announces Division of Data Appointments to Continue the CFTC’s Focus on Mission Critical Data. On December 21, CFTC Chairman Rostin Behnam announced two appointments in the Division of Data (DOD) intended to enhance the CFTC’s analytic capabilities as the agency aims to increase innovation in its data-driven culture. Ted Kaouk has been named Chief Data Officer and Director of DOD. Dr. Kaouk will spearhead data integration initiatives and collaborate with the CFTC’s offices and divisions in an attempt to help the agency make informed policy decisions. John Coughlan will serve as the agency’s first Chief Data Scientist. He will work to advance DOD’s data science expertise and expand the agency’s use of artificial intelligence to more effectively oversee the derivatives markets and meet its own regulatory requirements.

New Developments Outside the U.S.

RBI Issues Circular on Risk Management and Interbank Dealings. On January 5, the Reserve Bank of India (RBI) issued a circular on risk management and interbank dealings. The RBI stated that it has reviewed the foreign exchange risk management facilities based on the feedback received from market participants and experience gained since the revised framework came into force. It has also consolidated the directions in respect of all types of foreign exchange transactions (including cash, tom and spot). The RBI explained that the directions contained in the Currency Futures (Reserve Bank) Directions, 2008 (Notification No. FED.1/DG(SG)-2008 dated August 06, 2008), and Exchange Traded Currency Options (Reserve Bank) Directions, 2010 (Notification No. FED.01/ED(HRK)-2010 dated July 30, 2010), as amended from time to time, are now being incorporated into the Master Direction – Risk Management and Inter-Bank Dealings. These revised directions will come into effect on April 5, 2024, replacing the existing directions in Part A (Section I) of the Master Direction – Risk Management and Inter-Bank Dealings dated July 5, 2016, as amended from time to time, superseding the notifications listed in Annex-II. [NEW]
Hong Kong Consults on Regulatory Regime for Stablecoins. On December 27, the Financial Services and the Treasury Bureau and the Hong Kong Monetary Authority (HKMA) jointly issued a public consultation paper on the legislative proposal for implementing the regulatory regime for stablecoin issuers in Hong Kong. Under the proposed regime, an issuer would be required to obtain a license from the HKMA if it issues a stablecoin that references the value of one or more fiat currencies in Hong Kong. The licensed issuer will have to fulfil certain financial resources requirements, and will be required to put in place an effective stabilization mechanism, such as maintaining a pool of high-quality and highly-liquid reserve assets with proper custody arrangement. The proposed regime further imposes governance, risk management and AML/CFT measures on licensees. Interested parties are encouraged to submit written comments on or before February 29, 2024. [NEW]
ESAs Propose to Extend Equity Option Margin Exemption by Two Years. On December 21, the European Supervisory Authorities (ESAs) – the European Securities and Markets Authority (ESMA), the European Banking Authority and the European Insurance and Occupational Pensions Authority – published draft regulatory technical standards (RTS) proposing a two-year extension (until January 4, 2026) to the exemption for equity options from bilateral margining under the European Market Infrastructure Regulation (EMIR). These RTS have to be endorsed by the European Commission and are subject to non-objection by the Council of the EU and the European Parliament before they enter into force. The draft RTS are accompanied by a statement from the ESAs that competent authorities “should not priorityse any supervisory or enforcement action” relating to bilateral margining for equity options until the entry into force of these amended RTS or the adoption of a long-term solution under EMIR 3, whichever occurs first.” [NEW]

New Industry-Led Developments

ISDA Updates OTC Derivatives Compliance Calendar. On January 3, 2024, ISDA updated its global calendar of compliance deadlines and regulatory dates for the over-the-counter (OTC) derivatives space. The updated calendar can be found on the ISDA website.
ISDA Submits Response to HMT, FCA and PRA on UK EMIR. On December 20, ISDA and UK Finance submitted a joint response to His Majesty’s Treasury (HMT), the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) on the reform of the UK EMIR. ISDA stated that ISDA and UK Finance submitted the response in an attempt to inform the next stage of the UK’s smarter regulatory framework reform package. In the response, the associations recommend a small number of clearly defined changes, seek certainty and permanence on current temporary exemptions and request an end to the current dependency on equivalence decisions for certain provisions (for instance, the intragroup exemption). [NEW]

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Derivatives practice group, or the following practice leaders and authors:

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, [email protected])

Michael D. Bopp, Washington, D.C. (202.955.8256, [email protected])

Michelle M. Kirschner, London (+44 (0)20 7071.4212, [email protected])

Darius Mehraban, New York (212.351.2428, [email protected])

Jason J. Cabral, New York (212.351.6267, [email protected])

Adam Lapidus, – New York (+1 212.351.3869, [email protected])

Stephanie L. Brooker, Washington, D.C. (202.887.3502, [email protected])

Roscoe Jones Jr., Washington, D.C. (202.887.3530, [email protected])

William R. Hallatt, Hong Kong (+852 2214 3836, [email protected])

David P. Burns, Washington, D.C. (202.887.3786, [email protected])

Marc Aaron Takagaki, New York (212.351.4028, [email protected])

Hayden K. McGovern, Dallas (214.698.3142, [email protected])

Karin Thrasher, Washington, D.C. (202.887.3712, [email protected])

Key provisions of this Act came into force on 26 December 2023 and could affect businesses around the world. It is therefore essential to have a clear understanding of the new laws and what they could mean for your organisation.

Following intensive debate, King Charles III gave royal assent to the Economic Crime and Corporate Transparency Act 2023 (“ECCTA”) on 26 October 2023. As we set out in our client alert of 18 September 2023,[1] and in an article for Börsen-Zeitung of 25 November 2023,[2] the UK Government has described the corresponding bill as the most significant reform of the “identification doctrine”, which governed the attribution of criminal liability to corporate entities for more than 50 years.

Key Takeaways

The new laws governing how criminal liability can be attributed to a corporate entity for economic crimes apply to offences from 26 December 2023 onwards.
The ECCTA states that the actions of senior managers can be attributed to the corporate entity. The definition of senior managers is broad.
The new offence of failure to prevent fraud, which only applies to large organisations, cannot come into force until guidance is published. It is anticipated guidance will be published in the course of 2024.
The new laws governing attribution and the new offence of failure to prevent fraud can apply to non-UK corporate entities and to conduct outside the UK.
UK law enforcement agencies may use these laws to cooperate closely with foreign agencies. The principle of double jeopardy may not necessarily prevent prosecutions in multiple jurisdictions.
International companies should consider the practical steps outlined in this client alert, including identifying which officers and employees might fall within the definition of senior managers, assessing the extent to which they are exposed to risk of fraud, considering existing fraud prevention procedures and ensuring clear records of training and policies are retained.

New Rules of Attributing Criminal Liability to Corporate Entities

The ECCTA introduces the concept of a “senior manager” which defines whose actions can be attributed to a corporate entity. It is anticipated that this will allow prosecutors to fix companies with criminal liability more easily, as they no longer have to rely on the vague and narrowly applied “identification doctrine” which relies on identifying “the directing mind and will of the corporation”.[3] The concept of “senior manager” will include any individual who plays a significant role in:

the making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised, or
the actual managing or organising of the whole or a substantial part of those activities.[4]

At present, the new attribution rules only apply to offences specified in schedule 12 of the ECCTA which are called “listed offences”[5] and include various economic crime offences such as cheating the public revenue, false accounting, money laundering, bribery or fraud. However, this list is apt to be extended to other offences in the future. Indeed, on 14 November 2023, the UK Government introduced the Criminal Justice Bill 2023 which seeks to extend the new attribution laws to all types of crime for which corporate liability may be appropriate.[6] This bill is being considered by the House of Commons and it is currently unclear if and when it may be passed.

Extraterritorial Effect

A key feature of the new attribution laws is their wide extraterritorial effect. Corporate entities may be held criminally liable for an offence, even if the offending took place outside the UK as long as the offending would constitute a criminal offence in the location where it took place (see section 196(3) ECCTA).[7] Consider the following example:

A pharmaceutical company has a UK headquarters and a subsidiary in Germany, which has been underperforming. The Head of Accounting is based in Munich and is also a member of the management board of the German entity. She overstates the revenue of the German subsidiary when submitting the annual accounts in order to “smooth things over” until business improves. Therefore, the accounts of the Group were significantly inflated.

In Germany, this could constitute the offence of false accounting under section 331 of the Commercial Code (Handelsgesetzbuch). In the UK, this conduct could constitute false accounting under the Theft Act 1968 which is an offence listed in schedule 12 of the ECCTA. This means that both the German entity and the UK headquarters could potentially face prosecution in the UK.

Because the ECCTA does not require the corporate entity or partnership to be incorporated or formed in the UK, on its face, the ECCTA does not expressly require any particular tie to the UK. However, when introducing section 196(3), Parliament pointed out that a UK connection is required: “…criminal liability will not attach to an organisation based and operating overseas for conduct carried out wholly overseas simply because the senior manager concerned was subject to the UK’s extraterritorial jurisdiction; for instance, because that manager is a British citizen. Domestic law does not generally apply to conduct carried out wholly overseas unless the offence has some connection with the UK. This is an important matter of international legal comity.”[8]

The extraterritorial ambit of the underlying offence will be relevant. As Parliament also noted, some offences, wherever they are committed, can be prosecuted against individuals or organisations who have certain close connections to the UK. Consider this example:

A telecommunications company has a UK headquarters and a subsidiary in Germany. The German subsidiary recently pitched for a large contract in India which, if successful, would boost its business and benefit the whole group. The German Head of Sales thought the pitch went well, but in order to be sure, he offers his contact in India an all-expenses paid holiday at a five star resort in Spain, on the understanding that the German subsidiary will be awarded the contract.

In Germany, this could constitute the offence of giving bribes in commercial practice (sec. 299 of the German Criminal Code). In the UK, this conduct could constitute the offence of bribing another person under the UK Bribery Act 2010 (“UKBA”) which is an offence listed in schedule 12 of the ECCTA. Both corporate entities, i.e. the German subsidiary and the UK headquarters, could potentially face prosecution in the UK. Prior to the ECCTA, it would have been difficult to prove that a Head of Sales was a directing mind and will of the company and prosecutors would arguably only have been able to bring charges for failure to prevent bribery.[9] However, it is likely that the Head of Sales would fall under the definition of senior manager and therefore allow the corporate entities to be prosecuted for the principal bribery offence,[10] despite their being no involvement by a board member.

It is also noteworthy that the new rules of attribution also apply to attempts or conspiracy to commit offences listed in schedule 12 as well as aiding, abetting, counselling or procuring the commission of those offences.[11] A senior manager may be based outside the UK but act as an accomplice to a UK offence. For example, a banker working for a Frankfurt bank could put the German bank at risk if he encouraged a London-based employee of its UK subsidiary to act in violation of the Financial Services and Markets Act 2000.

The new rules of attribution follow an international trend to hold legal entities more comprehensively accountable for criminal conduct committed by employees and other representatives. For instance, although German law does not recognise criminal liability of corporate bodies as such, the German Administrative Offences Act (Ordnungswidrigkeitengesetz, “OWiG”) allows a legal entity to be fined if certain “leading individuals” (Leitungspersonen) commit a criminal or an administrative offence. While some clarifications by the competent courts will be needed, the standard of a “leading individual” is arguably comparable with the notion of a “senior manager” now adopted under UK law.

The Offence of Failure to Prevent Fraud

The ECCTA introduces a new corporate offence of “failure to prevent fraud”[12] which, following a controversial debate between the House of Commons and the House of Lords, only applies to “large organisations”.[13] Before this offence comes into force, guidance must be published[14] and it is anticipated that this will happen in 2024.

Under the new offence, an organisation will be liable where a specified fraud offence is committed by an “associate” for the organisation’s benefit (an employee, subsidiary or agent, or a person who otherwise performs services for or on behalf of the organisation), and the organisation did not have reasonable fraud prevention procedures in place. Importantly, it does not need to be demonstrated that senior personnel ordered or knew about the fraud.

The new offence will apply to bodies corporate and partnerships wherever incorporated or formed.[15] However, the Government Factsheet envisages there being a UK nexus: “If an employee commits fraud under UK law, or targeting UK victims, their employer could be prosecuted, even if the organisation (and the employee) are based overseas.”[16] The offence is clearly intended to have a broad application and could, for example, apply to any organisation offering goods and services through a website or providing an internet marketplace accessible to consumers based in the UK.

In order for an organisation to be guilty of the offence of failure to prevent fraud, an offence listed in schedule 13 ECCTA has to be committed. The listed offences include, for example, the statutory offences of fraud, false accounting, false statements by company directors, fraudulent trading or the common law offence of cheating the public revenue.[17] This includes aiding, abetting, counselling or procuring the commission of a listed offence, but – in contrast to section 196(2) – does not extend to conspiracies.[18]

In order to understand the extraterritorial reach of the offence of failure to prevent fraud, the jurisdictional ambit of the underlying offences in schedule 13 should be considered. On the basis of the Criminal Justice Act 1993 and the common law principles, the courts of England and Wales can: “apply the English criminal law where a substantial measure of the activities constituting a crime take place in England, and restrict its application in such circumstances solely in cases where it can seriously be argued on a reasonable view that these activities should, on the basis of international comity, be dealt with by another country.” (see R v Smith (Wallace Duncan) (No. 4))[19]. Consider the following example:

An international construction firm incorporated in France planned to build and sell a number of holiday cottages across France. The holiday cottages were specifically marketed to and attracted a number of UK investors. The construction firm ran out of money making it highly unlikely that the cottages would be built. However, the managers directed their sales team to continue selling the cottages anyway. They also discussed the issue with the construction firm’s auditors which led to the auditors signing off accounts, knowing they did not reflect the true financial position of the construction company. The result was that many individuals in the UK who had invested in the properties lost considerable amounts of money.

In the example above, both the construction firm and the auditing company in France may be exposed to prosecution for the offence of failure to prevent fraud on the basis that UK victims were targeted. Given the changes to the “identification doctrine” set out above, there might also be an argument to prosecute both companies for the underlying offence of fraud by false representation,[20] given in the impact on UK victims.

The above example also raises the question of whether corporate entities will be prosecuted for both the underlying offence e.g. fraud by false representation, and the offence of failure to prevent fraud for the same conduct. The Crown Prosecution Service guidance indicates that this is possible in relation to offences under the UKBA[21] but it does not appear to have happened in practice.

The underlying legal concept of the new offence and of similarly structured offences under English law,[22] is comparable with certain provisions under civil law systems (e.g. section 130 of the German OWiG)[23] which aim to sanction improper supervision.

Cooperation between Law Enforcement Agencies

The current trend of national enforcement authorities working together in cross-border cases is likely to continue and may expand to use the new legal tools under the ECCTA. In the examples set out above, it is conceivable that at least the individuals and the subsidiaries in Germany may find themselves prosecuted by German criminal law enforcers – in addition to prosecution by UK authorities.

In particular, the EU-UK Trade and Cooperation Agreement (“EU-UK Agreement”) governs the relationship between the EU and the UK post Brexit. It contains provisions about cooperation in criminal matters between the UK and EU Member States,[24] including mutual judicial assistance, surrender, exchange of criminal record information, and confiscation. Furthermore, the EU-UK Agreement strives to ensure that special EU enforcement agencies like Europol and Eurojust cooperate with UK authorities. In addition to cooperation between the UK and EU Member States, the UK is also party of numerous other bilateral treaties on mutual legal assistance in criminal matters.[25]

In its Annual Report for 2022, Eurojust stated that the United Kingdom participated in 29 Joint Investigation Teams and 79 coordination meetings.[26] While many investigations of Eurojust concern crimes like human trafficking and smuggling, these figures suggest that UK law enforcement may also seek cooperation in cases relating to offences under the ECCTA.

The new Director of the SFO, Nick Ephgrave QPM has now been in place for just over three months, and it remains to be seen how he will guide the agency and use the new legal tools at his disposal and whether he continues the moves towards greater international cooperation. In the past, there have been several examples of successful cooperation between different enforcement agencies such as the settlement that Airbus SE reached with the UK, the United States and French authorities in 2020. All three settlement agreements were approved by the courts in each jurisdiction on the same day, indicating strong cooperation efforts between the three states involved.[27] In its judgment approving the DPA, the UK High Court stressed that international cooperation is crucial in cases of corporate wrongdoings across jurisdictions for many reasons, including to avoid forum shopping for settlements.[28]

The risk of an organisation being prosecuted in both the UK and other states for the same criminal conduct also depends on whether each jurisdiction applies the principle of double jeopardy. Generally, a defendant in the UK may argue that he should not be tried for the same offence in law and fact for which he was previously convicted or acquitted (autrefois acquit or autrefois convict). A UK conviction may not automatically prevent EU Member States from double prosecution, but only influence the sentencing in that other jurisdiction. International double jeopardy, however, is not uniformly accepted. Therefore, whether a jurisdiction will prohibit the prosecution of misconduct that was already resolved by a foreign court, must be determined on a case-by case basis, depending on which states are involved.[29]

Practical Steps

Following the new attribution laws in force since 26 December 2023 and in anticipation of the new offence of failure to prevent fraud likely coming into force later this year, we have set out some practical steps to be considered by corporate entities both inside and outside the UK.

Risk Analysis: companies should determine the business units most likely to be affected by the new regulations and the audience which may need particular training and supervision. This analysis may cover a variety of aspects such as:

the extent to which UK customers may be impacted by the business activities, predominantly with respect to selling goods or services to UK customers;
any other connection the entity has to the UK. This could include a subsidiary entity, a branch, employees working remotely or on secondment in the UK, as well as suppliers or other business partners in the UK;
identification of individuals who fall within the ECCTA definition of a “senior manager” whether they are based inside or outside the UK. Check whether the titles of individuals accurately reflect their roles, and whether the responsibilities of their managers are clearly defined and documented;

considering any parts of the business which are potentially vulnerable to the offences listed in schedules 12 and 13 of the ECCTA (e.g. offences under Financial Services and Markets Act 2000 may be particularly relevant for organisations offering financial services).

Recordkeeping: corporate entities should keep a clear record of policies, including previously applicable versions, and of conducted training. If needed, this might assist organisations in the future to show that reasonable prevention procedures were in place. These training materials and policies should reflect the outcome of the risk analysis mentioned above and address the practical realities of the relevant business units.

Culture: senior leadership teams may wish to consider whether any changes can be made to promote an open “anti-fraud” culture.

Whistleblowing: consider revising whistleblowing procedures to enable reporting of potential violations of foreign laws. This should assist with early identification of potential risks. Many enterprises in the EU are currently reviewing their procedures on whistleblowing in light of the EU whistleblowing directive and the respective implementation laws.[30]

Monitoring: the status and effectiveness of the compliance framework will need to be checked, regularly reviewed and continuously developed with regard to the risks arising from the ECCTA. This should include a regular testing of the threshold values for determining a “large organisation” as well as monitoring the catalogue of offences in schedules 12 and 13 of the ECCTA and associated legal risks. This will enable corporate entities to have a good overview of their current status and allow them to quickly assess whether they meet the requirements of the guidance once it is published. Obviously, a comprehensive review should take place once the UK Government has published its guidance on reasonable preventive measures, which we expect to happen in the course of 2024.

__________

[1] Expansion of Corporate Criminal Liability in the UK: Reform of the Identification Principle and New Offence of Failure to Prevent Fraud.

[2] London verschärft das Unternehmensstrafrecht.

[3] See our previous client alert, Expansion of Corporate Criminal Liability in the UK: Reform of the Identification Principle and New Offence of Failure to Prevent Fraud for further detail.

[4] Economic Crime and Corporate Transparency Act 2023, s 196(4).

[5] Economic Crime and Corporate Transparency Act 2023 schedule 12.

[6] Criminal Justice Bill, Committee debates: compilation pdf of sittings so far, page 68.

[7] Economic Crime and Corporate Transparency Act 2023 s 196(3).

[8] https://hansard.parliament.uk/Lords/2023-06-27/debates/EF8264AF-6478-470E-8B37-018C4B278F6E/EconomicCrimeAndCorp rateTransparencyBill.

[9] UKBA, s 7.

[10] UKBA, ss 1, 2, 6.

[11] Economic Crime and Corporate Transparency Act 2023, s 196(2).

[12] Economic Crime and Corporate Transparency Act 2023, s 199.

[13] As defined in Economic Crime and Corporate Transparency Act 2023, ss 201, 202. For further discussion see our previous client alert, Expansion of Corporate Criminal Liability in the UK: Reform of the Identification Principle and New Offence of Failure to Prevent Fraud.

[14] Economic Crime and Corporate Transparency Act 2023, s 219(8).

[15] Economic Crime and Corporate Transparency Act 2023, s 199(13).

[16] Factsheet: failure to prevent fraud offence of 26 October 2023.

[17] Schedule 13 ECCTA.

[18] Economic Crime and Corporate Transparency Act 2023, s 199(6).

[19] [2004] EWCA Crim 631.

[20] Section 2 Fraud Act 2006.

[21] Bribery Act 2010: Joint Prosecution Guidance of The Director of the Serious Fraud Office and The Director of Public Prosecutions.

[22] See, e.g. failure to prevent bribery under the UKBA or failure to prevent facilitation of UK tax or foreign evasion offences under the Criminal Finances Act 2007.

[23] Although OWiG, s 130 and the new UK offence sanctioning failure to prevent fraud have some similarities, there are also notable differences. Unlike ECCTA, s 199, the provision under German law is not limited to fraud offences and does not require that the person is acting with the intend to benefit anybody. Furthermore, unlike OWiG, s 130, the ECCTA establishes a direct criminal liability of the corporation itself. It is the responsibility of the corporation itself to prove that it had the necessary preventive procedures in place at the time the fraud offence was committed to avoid criminal liability. Under OWiG, s 130, the prosecution will take into account the preventive measures of the individual person obliged to exercise proper supervision.

[24] Pursuant to Article 633 (1) EU-UK Trade and Cooperation Agreement, the provisions on mutual assistance (Title VIII) are meant to supplement and facilitate the provisions of the European Convention on Mutual Assistance in Criminal Matters, done at Strasbourg on 20 April 1959 and its additional protocols.

[25] For a full list of all bilateral treaties, see https://www.gov.uk/government/publications/bilateral-treaties-on-mutual-legal-assistance-in-criminal-matters.

[26] European Union Agency for Criminal Justice Cooperation, Annual Report 2022 – Eurojust Activity Map, United Kingdom.

[27] See the respective press releases on 31 January 2020: U.S. Department of Justice; Serious Fraud Office, and the Parquet National Financier.

[28] SFO v Airbus SE, Case No: U20200108, 31 January 2020, para. 92.

[29] For an overview of national and international double jeopardy in various jurisdictions, see OECD, Resolving Foreign Bribery Cases with Non-Trial Resolutions, OECD Data Collection Questionnaire Results (2019) pp. 231 et seq.

[30] Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law. National implementation laws do not necessarily require that violations for foreign law can be reported, see e.g. section 2(1) no. 1 of the German Whistleblower Protection Act (Hinweisgeberschutzgesetz).

The following Gibson Dunn lawyers prepared this client alert: Matthew Nunan, Allan Neil, Patrick Doris, Benno Schwarz, Katharina Humphrey, Amy Cooke, Andreas Dürr, Rebecca Barry, Sam Firmin*, Vanessa Ludwig, and Julian Reichert.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work, any member of Gibson Dunn’s White Collar Defense and Investigations and Anti-Corruption and FCPA practice groups, or the following authors in Frankfurt, London and Munich.

London:
Matthew Nunan (+44 20 7071 4201, [email protected])
Allan Neil (+44 20 7071 4296, [email protected])
Patrick Doris (+44 20 7071 4276, [email protected])
Amy Cooke (+44 20 7071 4041, [email protected])
Rebecca Barry (+44 20 7071 4086, [email protected])
Sam Firmin* (+44 20 7071 4051, [email protected])

Munich / Frankfurt:
Benno Schwarz (+49 89 189 33-110, [email protected])
Katharina Humphrey (+49 89 189 33-155, [email protected])
Andreas Dürr (+49 89 189 33-219, [email protected])
Julian Reichert (+49 89 189 33-229, [email protected])
Vanessa Ludwig (+49 69 247 411-531, [email protected])

*Sam Firmin is a staff attorney working in the firm’s London office.

The rule, scheduled to take effect on March 11, 2024, defines independent contractor status more narrowly than the rule published in 2021 by the Trump Administration.

Today the U.S. Department of Labor released a final rule regarding who is an “independent contractor” under the Fair Labor Standards Act (“FLSA”), and thus not subject to the minimum wage and overtime requirements the FLSA applies to “employees.” The rule defines independent contractor status more narrowly than the rule published in 2021 by the Trump Administration. It is scheduled to take effect on March 11, 2024.

The rule largely hews to the Department’s October 2022 proposal. It codifies a six-factor, totality-of-the-circumstances test for who qualifies as an independent contractor. Under the rule, independent contractor status will be determined by looking to the following factors: the worker’s opportunity for profit or loss; the worker’s investments; the permanency of the relationship; the degree of control by the employer over the worker; whether the work is an integral part of the employer’s business; and the skill and initiative required to do the work. The test will not assign special weight to any of the six factors, and instead consider them “in view of the economic reality of the whole activity” in which the worker in question is engaged.

Apart from jettisoning the framework of the 2021 rule—which relied on five factors, not six, and gave particular weight to “control” and the “opportunity for profit or loss”—the new rule makes important adjustments to how the traditional factors were applied in the 2021 rule. For example, DOL will consider the worker’s investments on a relative basis with the employer’s investments. The Department states, “if the worker is making similar types of investments as the employer or investments of the type that allow the worker to operate independently in the worker’s industry or field, then that fact suggests that the worker is in business for themself,” and, like the proposal, indicates that the “dollar values” of the company’s and workers’ investments should be compared. The rule also reformulates the factor in the 2021 rule concerning whether a worker’s activities are part of an “integrated unit of production,” changing it to an assessment of whether the activity is important or “central” to a business’s operations, and rejecting many commenters’ assertions that this factor will nearly always weigh in favor of employee status and thus is not a useful indicator of the appropriate classification. Additionally, the Department will consider a worker’s “initiative” indicative of independent contractor status under several different aspects of its test.

Many commenters disagreed with the proposed rule’s provision that “[c]ontrol implemented by the employer for purposes of complying with legal obligations” and “safety standards” was “indicative” of employee status. In a notable change, the final rule provides that “[a]ctions taken by the potential employer for the sole purpose of complying with a specific, applicable Federal, State, Tribal, or local law or regulation are not indicative of control.” Still, the rule emphasizes that any action taken by the employer that goes beyond what is strictly required by law or regulation may be indicative of employee status. Moreover, the rule’s “sole purpose” language may still allow consideration of actions taken to ensure compliance with legal requirements.

The Department has also removed the provision of the 2021 rule that clarified that “the actual practice of the parties involved is more relevant than what may be contractually or theoretically possible.” Under the Department’s new rule, a company’s so-called “reserved” control can be more important than control the company actually exercises over workers.

In its release, the Department acknowledges that the rule is an “interpretive” rule and asserts that the rule will be entitled only to “Skidmore deference” from the courts, rather than the more robust “Chevron deference” that sometimes is given to federal regulations. Nevertheless, the rule is a substantial departure from the 2021 rule it replaces and, by the Department’s admission, the rule provides “broader discussion” of many factors than the Department has given before. Commenters representing a wide variety of industries and independent contractors have warned the Department that the rule could result in the misclassification of many independent contractors as employees and chill innovative and valuable work relationships to the detriment of established companies, startups, and workers alike.

The new rule is likely to face litigation. A coalition of industry groups successfully challenged the Department’s previous attempt to withdraw the 2021 rule, arguing among other things that DOL’s action was arbitrary and capricious. That suit remains pending before the Fifth Circuit Court of Appeals. See Coal. for Workforce Innovation v. Walsh, No. 1:21-CV-130, 2022 WL 1073346 (E.D. Tex. Mar. 14, 2022), appeal filed, No. 22-40316 (5th Cir. May 13, 2022).

In addition to litigation, Senator Bill Cassidy (R-La.) announced that he will introduce a Congressional Review Act (“CRA”) resolution to repeal the new rule, and Representative Kevin Kiley (R-Cal.) also stated that he would introduce a CRA resolution in the House. If passed by both houses of Congress, a CRA resolution would almost certainly be vetoed by President Biden.

The following Gibson Dunn attorneys prepared this update: Eugene Scalia, Jason Schwartz, Katherine Smith, Theane Evangelis, Michael Holecek, Jason Mendro, Andrew Kilberg, Alex Harris, Max Schulman, and Andrew Ebrahem*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment or Administrative Law and Regulatory practice groups, or the following authors and practice leaders:

Eugene Scalia – Co-Chair, Administrative Law & Regulatory Practice Group, Washington, D.C.
(+1 202.955.8210, [email protected])

Jason C. Schwartz – Co-Chair, Labor & Employment Practice Group, Washington, D.C.
(+1 202.955.8242, [email protected])

Katherine V.A. Smith – Co-Chair, Labor & Employment Practice Group, Los Angeles
(+1 213.229.7107, [email protected])

Helgi C. Walker – Co-Chair, Administrative Law & Regulatory Practice Group, Washington, D.C.
(+1 202.887.3599, [email protected])

*Andrew Ebrahem is admitted only in Virginia; practicing under the supervision of members of the District of Columbia Bar under D.C. App. R. 49.

We are pleased to provide you with Gibson Dunn’s ESG update for Winter 2023. This update covers the following key developments from November and December 2023.

I. GLOBAL

Institutional Shareholder Services (ISS) publishes 2024 Benchmark Policy Updates

On December 19, 2023, the proxy advisor ISS published its updated 2024 Benchmark Proxy Voting Policies, which will apply to shareholder meetings that take place on or after February 1, 2024. ISS have also published separate regional update documents announcing policy changes for each of the Americas, EMEA and Asia-Pacific. The main changes by ISS concern executive compensation, board composition and diversity, and risk oversight.

These updates by ISS follow the 2024 guidelines on proxy voting polices published earlier in November 2023 by Glass Lewis.

ICMA publishes new voluntary code of conduct for ESG ratings and data products providers

On December 14, 2023, the ICMA published a new voluntary Code of Conduct for ESG ratings and data products providers in line with IOSCO recommendations. Setting out 6 different principles, the Code introduces clear standards for ESG ratings and data product providers, and clarifies their interaction with wider market participants. The 6 principles concern: (1) good governance; (2) securing quality (systems and controls); (3) conflicts of interest; (4) transparency; (5) confidentiality (systems and controls); and (6) engagement (systems and controls).

The overarching aims of the Code are to: (1) improve the availability and quality of information provided to investors at product and entity levels; (2) enhance market integrity through increased transparency, good governance and sound systems and controls; and (3) improve competition through better comparability of products and providers.

ESG ratings and data products providers who sign up to the Code will need to make a public annual statement of application which explains their approach to implementing the Code. An implementation period of 6 months for ESG ratings providers, and 12 months for ESG data products providers, will then apply. By the time this period lapses, the 6 principles should be embedded within the provider’s organization. Providers that have agreed to adopt the Code will also be listed on the ICMA’s website.

Based heavily on the IOSCO recommendations, the ICMA intends for the Code to be applied internationally and a step towards creating a globally consistent regulatory framework. A hybrid event for stakeholders will take place at the London Stock Exchange on January 31, 2024 to discuss how the Code will work in practice.

Network for Greening the Financial System (NGFS) publishes Recommendations toward the development of scenarios for assessing nature-related financial risks

On December 13, 2023, the NGFS published a Technical Document providing recommendations toward the development of scenarios to assess nature-related economic and financial risks. The Technical Document is premised upon a two-part framework required for conducting forward-looking risk assessments: (1) envisioning consistent narratives to identify different hazards; and (2) exploring methods and tools e.g. models and data needs, to assess the impacts of such hazards and the ability to mitigate them. It also highlights the specificities of nature-related risks as opposed to climate-related risks, and discusses and outlines potential ways forward.

The NGFS intends for the Technical Document to pave the way for the future development of nature-related scenarios and the ability of central banks and supervisors to conduct comprehensive forward-looking nature risk assessments.

COP28 countries agree deal to transition away from fossil fuels

On December 13, 2023, representatives from nearly 200 countries reached a deal at the COP28 summit to transition away from fossil fuels in the effort to meet global net zero emissions by 2050. Specifically, governments are called upon to triple renewable energy capacity globally by 2030, accelerate efforts to reduce coal use, focus on technologies such as carbon capture and storage and low-carbon hydrogen production, and phase out fossil fuel subsidies. All countries will need to set “ambitious” emissions targets over the next 2 years to limit global warming to 1.5°C above pre-industrial levels. However, the agreement does recognize that targets should be set in light of “different national circumstances”, taking into account poorer nations.

IOSCO publishes a final report presenting supervisory practices across its members to address greenwashing

On December 4, 2023, the IOSCO published a final Report on Supervisory Practices to Address Greenwashing. The Report discusses the initiatives undertaken in various jurisdictions to address greenwashing, in line with IOSCO recommendations published in November 2021 (Report 1 and Report 2) and the subsequent Call for Action in November 2022, with the aim of increasing visibility of the roles that regulators are playing in this space. It also sets out the challenges hindering the implementation of these recommendations, including data gaps, transparency, quality, and reliability of ESG ratings, consistency in labelling and classification of sustainability-related products, evolving regulatory approaches, and capacity building needs.

The IOSCO highlighted that the main findings of the Report indicate the following:

There is no global definition of greenwashing.
Most jurisdictions have supervisory tools and mechanisms in place to address greenwashing in the area of asset managers and their products.
Educational, awareness measures and capacity building activities are being used as proactive tools to prevent greenwashing. However, addressing greenwashing also requires financial education initiatives, both at investor and industry levels.
The ESG ratings and data products markets are growing rapidly.
Steps are reportedly being taken by Affiliate Members Consultative Committee (AMCC) members to improve the consistency of terminology, which could lead to better classification of funds and labelling.
Enforcement measures such as infringement notices, fines, revocations of licenses, and suspension of businesses have been applied to greenwashing cases. Civil or criminal liability can also be applicable depending on the severity of the particular case.
The cross-border nature of sustainable finance investments requires adequate sharing of information, data and knowledge between countries.

International Organization of Securities Commissions (IOSCO) publishes a Consultation Report to promote the integrity and orderly functioning of the Voluntary Carbon Markets (VCMs)

On December 3, 2023, the IOSCO published a 90-day consultation report outlining a set of 21 ‘Good Practices’ to promote the integrity and orderly functioning of the VCMs. The proposed ‘Good Practices’ relate to regulatory frameworks, primary market issuance, secondary market trading, and use and disclosure of use of carbon credits. Although not legally binding, the IOSCO’s intention is that they help to support sound market structures and enhance financial integrity in the VCMs, allowing for carbon credits to be traded in an orderly and transparent way.

The proposed ‘Good Practices’ build on the Key Considerations included in the November 2022 Discussion Paper, the feedback received in response to that Discussion Paper, and IOSCO members’ knowledge and oversight of financial markets. They also draw upon existing good practices and principles for well-functioning markets, such as IOSCO’s Objectives and Principles of Securities Regulation (including the derivatives markets).

The deadline for comments from relevant regulators, authorities and market participants on the proposed ‘Good Practices’ is March 3, 2024.

COP28: the global climate summit convenes in United Emirates

The 2023 UN Climate Change Conference convened in Dubai over the first few weeks of December, with the spotlight on climate finance, gender-responsive climate action, the energy transition and climate mitigation. Notable developments on the finance front include the announcement by the UK, France, the World Bank, the African Development Bank Group, the European Bank for Reconstruction and Development, and the Inter-American Development Bank (IDB) of new commitments to expand the use of climate resilient debt clauses (CDRCs)—which allow the lenders to pause debt for countries that are faced with a natural disasters—in their lending. The UK announced the first ever CDRC to Senegal, the first in Africa. In addition, a consortium of multilateral development banks and funders, States and NGOs announced the issuance of Guiding Principles for Financing Climate and Health Solutions, which aim to foster collaboration between funders and accelerate the allocation of finance to countries and communities for climate and health solutions.

Elsewhere during the conference, the new Gender-Responsive Just Transitions & Climate Action Partnership was endorsed by over 60 state parties, making a series of commitments to support women’s economic empowerment and ensure women’s livelihoods are protected during the just transition.

Basel Committee proposes mandatory climate change disclosures by banks

On 29 November, 2023, the Basel Committee on Banking Supervision—the primary global standard setter for the prudential regulation of banks—issued a public consultation paper on its proposed Pillar 3 disclosure framework for climate-related financial risks. The consultation seeks the views of stakeholders on various qualitative and quantitative disclosure requirements that would complement the work of other standard setters, including the International Sustainability Standards Board (ISSB) and provide a global common disclosure baseline for internationally active banks. The Committee will use feedback from the consultation process to consider which requirements should be mandatory and which should be subject to national discretion.

International Capital Markets Association issues updates to Guidance Handbook

On November 29, 2023, the International Capital Market Association (ICMA) and Executive Committee of the Principles published an updated edition of the Guidance Handbook, which gives guidance on the Green Bond Principles (2014), Social Bond Principles (2017), Sustainability Bond Guidelines (2017) and Sustainability-Linked Bond Principles (2020). The updated edition includes further guidance on relabelling bonds as GSS bonds post-issuance, use of proceeds of GSS bonds, bonds issued by “pure play companies” (i.e. organisations that are mainly or entirely involved in environmentally and/or socially sustainable activities), impact reporting, and identifying target populations for the purpose of Social Bonds.

International Capital Markets Association (ICMA) and the Executive Committee of the Principles update the Guidance Handbook

On November 29, 2023, the ICMA and the Executive Committee of the Principles published an updated edition of the Guidance Handbook, replacing the January 2022 edition.

The Guidance Handbook provides market participants with sought-after additional information on how to interpret the Green Bond Principles, Social Bond Principles, Sustainability Bond Guidelines and Sustainability-Linked Bond Principles (collectively, the Principles), as well as advice on their practical application for transactions. The updated Guidance Handbook also now includes the Q&As initially published separately which concern secured green, social and sustainability bonds (GSS Bonds) (Chapter 3), sustainability-linked bonds (Chapter 4), and GSS bonds related to pandemics and social projects to support fragile and conflict states (Chapter 8). Further guidance is also provided on re-labelling (Chapter 1.18), net asset value (Chapter 2.1), pure play companies (Chapter 2.1), impact reporting (Chapter 2.3), and social bonds (Chapter 2.3).

The revised Guidance Handbook seeks to support market development and underpin market integrity. The ICMA intends for the Guidance Handbook to be widely circulated and used by the green, social, sustainability and sustainability-linked bond market (GSSS bond market).

Basel Committee consults on a disclosure framework for climate-related financial risk

On November 29, 2023, the Basel Committee on Banking Supervision published a public consultation paper on the disclosure of climate-related financial risks. In particular, the Committee is evaluating how a Pillar 3 disclosure framework would further its mandate to strengthen the regulation, supervisions and practices of banks worldwide to enhance financial stability. The Committee is also investigating the potential design of such a framework. Its initial proposals for the framework include qualitative and quantitative disclosure requirements, bank-specific metrics for quantitative climate disclosures, forecasts, and quantitative disclosure requirements subject to jurisdictional discretion.

The Committee intends for the disclosure framework to complement the work of other standard setters, including the International Sustainability Standards Board (ISSB), and provide a common disclosure baseline for internationally active banks.

The consultation is part of the Committee’s approach to addressing climate-related risks to the global banking system. The deadline for stakeholder feedback is February 29, 2024, with a revised or final proposal expected to be published in Q3-Q4 2024. The Committee is further contemplating a potential implementation date of January 1, 2026, one year after the effective date proposed by the ISSB and after the expiration of the ISSB’s proposed transitional arrangements.

Abu Dhabi launches its first ESG benchmark index

Ahead of the COP28 summit, on November 28, 2023 the Abu Dhabi Securities Exchange (ADX) announced the launch of its ESG benchmark index developed in collaboration with FTSE Russell. The benchmark is designed to provide investors with a tradable ESG benchmark that ranks companies according to ESG scores sourced from London Stock Exchange Group (LSEG) Data & Analytics. The companies will be measured on an annual basis based on their public reporting.

The index will initially include 24 companies that are listed on the ADX market and are constituents of the FTSE ADX General Index.

Global Reporting Initiative releases new draft climate and energy standards

On November 21, 2023, the Global Reporting Initiative (GRI) published two draft standards designed to support organisations in their accountability efforts relating to their climate change impacts. The first is a new draft Climate Change Standard to assist organisations in disclosing their climate change transition and adaption plans and actions and in explaining their use of carbon credits and GHG removals. The second is a draft revised Energy Standard, which includes an additional management disclosure on the role of the organisation’s energy policies and commitments in the transition to a decarbonised economy, as well as extended requirements on energy consumption and generation.

Both drafts are currently subject to public comment period; interested parties can submit online comments on the draft by February 29, 2024.

Glass Lewis publishes 2024 Benchmark Policy Guidelines, including guidelines for shareholder proposals and ESG-related issues

On November 16, 2023, the proxy advisor Glass Lewis published its 2024 Benchmark Policy Guidelines which apply to shareholder meetings held on or after January 1, 2024. The Guidelines set out Glass Lewis’ views on current market practice and its approach in different global markets for 2024, including the US, UK, France, Germany, Switzerland, MENA, China, Hong Kong, and Singapore.

The key changes seen in this year’s edition vary between markets but largely focus on areas including the following:

Director attendance levels;
Cyber risk oversight;
Executive ownership guidelines;
Utility of compensation clawback provisions;
Material weaknesses in internal controls over financial reporting;
Board accountability for climate-related issues;
Board oversight of ESG issues; and
Clarification on remuneration at financial institutions.

Glass Lewis has also published a 2024 edition of its Guidelines for Shareholder Proposals and ESG-Related Issues which apply globally. The main updates here concern board accountability for climate-related issues, consideration for engagement between companies and investors, and recommendations on non-financial reporting.

CFA Institute, PRI and GSIA announce harmonised definitions for sustainable investments

On November 1, 2023, the CFA Institute, Principles for Responsible Investment (PRI) and the Global Sustainable Investment Alliance (GSIA) issued a new paper containing harmonised definitions aimed at clarifying the language of responsible investment. In particular, the harmonised definitions serve to promote consistent and precise use of terminology with regard to five existing responsible investment terms: “screening”, “ESG integration”, “thematic investing”, “stewardship” and “impact investing”, and thereby to deepen understanding of the nuances of responsible investment approaches.

The paper is available on the each of the respective organizations’ websites: CFA Institute here, PRI here, and GSIA here.

International Bar Association publishes report on use of arbitration in ESG-related disputes

On October 30, 2021, the International Bar Association (IBA) published a Report on use of ESG contractual obligations and related disputes, based in part on a survey of in-house and counsel and compliance staff at large multinationals by the IBA’s ESG subcommittee. The report addresses use of ESG-related obligations in both commercial contracts and investment treaties, as well as the role of arbitration in the resolution of ESG-related disputes.

On the commercial front, the report notes the proliferation of ESG-specific requirements in commercial contracts in the past decade, including references to the Equator Principles, UN Guiding Principles on Business and Human Rights and the Green Loan principles, and the availability of model ESG clauses such as those developed by The Chancery Lane Project and American Bar Association. The report anticipates an increased inclusion of termination rights for breach of ESG obligations as regulation in this area increases.

On the investment front, the report finds that the language adopted in some modern model investment treaties indicates that States are seeking investment that furthers the E, S and G elements of their sustainability agenda, and that specific substantive ESG-related standards are making an appearance in model investment treaties. Further, that there are frequent carve outs for the State’s right to regulate on issues including ESG matters.

Finally, on the matter of dispute resolution, the report points to the survey’s finding that one of the most important factors in the choice of disputes resolution mechanisms to resolve ESG disputes is confidentiality. This, in turn, likely presages the increased use of arbitration to resolve ESG disputes (especially contractual disputes) in future.

II. UNITED KINGDOM

UK enacts The Greenhouse Gas Emissions Trading Scheme (Amendment) (No. 2) Order 2023

The Greenhouse Gas Emissions Trading Scheme (Amendment) (No 2) Order 2023 (SI 2023/1387) (Amendment No 2 Order) came into force on January 1, 2024. The Amendment No 2 Order was made on December 13, 2023 and, alongside the Greenhouse Gas Emissions Trading Scheme (Amendment) Order 2023 (SI 2023/850) and the Greenhouse Gas Emissions Trading Scheme Auctioning (Amendment) Regulations 2023 (SI 2023/994), is part of a package of legislation targeting reforms to the UK Emissions Trading Scheme (UK ETS).

The Amendment No 2 Order has implemented amendments to the UK ETS which concern the following:

Capping of free allocation for aviation at 100% of emissions;
Amending free allocation rules for electricity generators, including clarification of the definition of combined heat and power (CHP) plants and electricity generator, as well as an updated definition of electricity generator which only considers electricity exports for the baseline period 2019-2023 rather than all electricity exports since 2005; and
Clarification for carbon capture and storage (CCS) plants, including that an industrial installation that installs a capture plant is not disqualified from receiving free allocation.

FCA publishes 46^th Edition of Primary Market Bulletin featuring guidance on ESG stewardship and TCFD disclosure obligations compliance

On December 19, 2023, the FCA released its 46^th edition of the Primary Market Bulletin. This edition focuses on providing guidance in two areas:

1. Shareholder cooperation regarding ESG stewardship more generally and with respect to Article 10 of the UK Market Abuse Regulation (MAR), under which it is an offence to unlawfully disclose inside information.
The FCA advised that two pre-existing resources remain relevant to issues on shareholder activism, engagement and cooperation: (1) a letter from the FSA to the Association of British Insurers titled “Shareholder engagement and the current regulatory regime” dated August 19, 2009; and (2) the FSA’s Market Watch 20 dated May 20, 2007.

Further, the FCA clarified that the earlier outcome in the case of FCA v Sir Christopher Gent does not alter its approach to the MAR and should also not inhibit engagement between companies and their shareholders.

2. Procedures and policies by sponsors for compliance with the Task Force on Climate-Related Financial Disclosures (TCFD) disclosure obligations.
The FCA also discussed its assessment of how sponsors have made changes to their procedures to ensure listing applicants have systems in place to comply with the TCFD requirements. As required by the Listing Rules, premium and standard listed companies must include climate-related financial disclosures in their annual reports consistent with the TCFD disclosure requirements. The FCA’s findings were largely positive and the review found most sponsors had amended their policies to take into account the increased focus on climate-related matters.

The FCA further noted its expectations that sponsors should have sufficient skills, knowledge and expertise to interpret and apply relevant elements of the FCA Handbook. It also flagged the importance of sponsors providing their staff with appropriate training, including in relation to general developments in climate and sustainability-related disclosure.

Climate related risks features in the FRC’s areas of supervisory focus and priority sectors for 2024/25

On December 6, 2023, the Financial Reporting Council (FRC) announced its 2024/25 supervisory focus areas and priority sectors for both corporate reporting review and audit quality inspections. However, the FRC observed that it monitors companies and audits from all sectors, and the priority sectors are just one risk factor amongst many that are taken into a consideration when making its selections.

The FRC declared its 4 areas of supervisory focus to be: (1) risks related to the current economic environment, such as going concern, impairment, recoverability and recognition of tax assets/liabilities; (2) climate-related risks, including Task Force on Climate-related Financial Disclosures (TCFD); (3) implementation of IFRS 17 – Insurance Contracts; and (4) cash flow statements.

In addition, when selecting corporate reports and audits for review, the FRC has 5 priority sectors: (1) construction and materials; (2) food producers; (3) gas, water and multi-utilities; (4) industrial metals and mining; and (5) retail. The FRC has also stated that the financial services sector, including banking and insurance, will continue to be a focus of review and will be included annually in its selections.

Financial Conduct Authority publishes final rules on sustainability disclosure and investment labels

On November 28, 2023, the Financial Conduct Authority (FCA) published a Policy Statement containing its final rules and guidance on sustainability disclosure requirements (SDR) and investment labels, which aim to improve trust and transparency to the market for sustainable investment products. The new regime applies (albeit in different respects) to UK asset managers and to FCA-authorised firms who make sustainability-related claims about their products and services, and is for the benefit of both professional and institutional investors as well as “retail investors”, i.e. consumers.

The new regime comprises the following package of measures: (i) an anti-greenwashing rule to ensure that sustainability-related claims are fair, clear and not misleading, (ii) four new product labels to help consumers navigate the investment product landscape, (iii) naming and marketing rules for investment products to ensure accurate use of sustainability-related terms, (iv) consumer-facing information requirements to help consumers understand key sustainability product features, (v) detailed information requirements in pre-contractual, ongoing product-level and entity-level disclosures for the benefit of institutional investors and consumers, and (vi) requirements for distributors to ensure that product-level information such as labelling is made available to consumers.

Sustainability disclosure and labelling regime confirmed by the FCA

On November 28, 2023, the Financial Conduct Authority (FCA) announced in its Policy Statement the introduction of its new UK Sustainability Disclosure Requirements and a new investment labels regime to improve the trust, transparency and credibility of sustainable investment products, increase consumer protection through greater access to information when investing, and also minimise greenwashing by companies.

The new FCA regime will introduce the following measures:

1. From May 31, 2024, an anti-greenwashing rule for all FCA-authorised firms to ensure sustainability-related claims are fair, clear and not misleading. Final guidance providing further clarity on this rule is due to be published prior to the rule’s introduction once its public consultation closes on January 26, 2024;

2. From July 31, 2024, the application of 4 different product labels (Sustainability Focus, Sustainability Improvers, Sustainability Impact, and Sustainability Mixed Goals) to investment products to help investors understand what their money is being used for, based on clear sustainability goals and criteria;

3. From December 2, 2024, naming and marketing requirements for UK asset managers so investment products cannot be described as having a positive impact on sustainability when they do not; and

4. From December 2, 2025, ongoing product-level and entity-level disclosures for firms with assets under management exceeding £50 billion. Additionally, from December 2, 2026, entity-level disclosures will be extended to firms with assets under management exceeding £5 billion.

The measures do not yet apply to portfolio management products and services, and the FRC plans to consult on this in early 2024.

UK to set out regulatory rules for ESG ratings industry imminently

On November 8, 2023, Financial Times reported that the UK government will publish a formal proposal for regulation of agencies that evaluate companies’ environmental, social and governance performance as early as January 2024. The Treasury is said to be examining whether this will require new legislation or can be achieved through measures implemented under existing laws. The proposal will take into account responses from a consultation process which ended in June 2023, with a government response to the consultation due to be published by the Treasury “in due course”.

Ministers have not ruled out the possibility of the creation of a new supervisory body to take on this function, but it is more likely that the remit of the Financial Conduct Authority will be expanded. The FCA is currently developing a voluntary code of conduct for ESG ratings and data product providers (see our earlier update here).

The European Commission proposed new regulations for ESG rating providers on June 13, 2023. See also update on Hong Kong (below) on development of an ESG ratings and data providers code of conduct.

Financial Reporting Council indicates intention to drop proposed ESG-related changes to UK Corporate Governance Code

Following consultation with stakeholders on proposed revisions to the UK Corporate Governance Code (the governance code applicable to all companies with a ‘premium listing’ on the London Stock Exchange), the Financial Reporting Council announced on November 7, 2023 that it will only be taking forward a small number of its original 18 proposals, and will be abandoning the proposals relating to the role of audit committees on environmental and social governance, and to modifications to existing code provisions around diversity, over-boarding, and Committee Chairs engaging with shareholders. The updated Code will be published in January 2024.

This follows the announcement by the UK government, on October 16, 2023, that it was withdrawing the draft Companies (Strategic Report and Directors’ Report) (Amendment) Regulations following concerns by companies on burdensome and ever-increasing reporting requirements.

III. EUROPE

European Insurance and Occupational Pensions Authority (EIOPA) seeks feedback on its proposed approach to tackle greenwashing in the insurance and occupational pension sectors

EIOPA has launched a public consultation on its Consultation Paper on the Opinion on sustainability claims and greenwashing in the insurance and pensions sectors. The principles within the Opinion aim to pave the way for a more effective and harmonised supervision of sustainability claims across Europe and thereby limit the risk of greenwashing in the insurance and occupational pensions sectors. The deadline for submission of comments is March 12, 2024.

European Commission proposes to update free allocation rules to implement EU emissions trading system

The European Commission has opened a consultation process on the proposed updates to multiple regulatory acts under the Delegated Regulation for the implementation of the EU emissions trading system (ETS). The intention is to allow transitional EU-wide rules for harmonised free allocation of emission allowances. The consultation will close on January 2, 2024.

European Parliament’s Economic and Monetary Affairs Committee (ECON) adopts position on regulation to increase ESG ratings transparency and competition

On December 4, 2023, ECON adopted its position on a regulation by the European Commission aimed at enhancing transparency and competition in ESG ratings. ECON advocates for changes to the rules proposed by the European Commission – in particular:

breaking down the ESG rating into separate E, S and G factors to avoid rating obscuring poor performance on any of these individual metrics;
promoting the “double materiality” approach, i.e. whether the delivered rating addresses both material financial risk to the rated entity and the material impact of the rated entity on the environment and society;
increasing transparency on the methodologies, models and key rating assumptions which rating providers use in their ESG rating activities; and
boosting competition in favour of smaller rating providers.

The regulation aligns with other EU sustainability initiatives. On December 20, 2023, the Council of the EU has agreed its negotiating mandate on the proposal for a regulation on ESG ratings. In its negotiating mandate, the Council clarified the circumstances under which ESG ratings fall under the scope of the regulation, providing further details on the applicable exemptions.

European Securities and Markets Authority (ESMA) presents methodology for climate risk stress and considers use of ESG controversies to monitor greenwashing

On December 19, 2023, ESMA published two articles outlining (i) an approach to modelling the impact of asset price shocks from adverse scenarios involving climate-related risks, and (ii) exploring the use of ESG controversies for the purpose of monitoring greenwashing risk. ESMA is holding a webinar on the topics on February 7, 2024.

European Central Bank (ECB) and the European Systemic Risk Board (ESRB) publish report on climate-related financial stability risks

On December 18, 2023, the ECB and the ESRB published a joint report on the impact of climate change on the EU financial system. The reports sets out a framework for addressing risk by gathering evidence on the most important financial stability indicators and looks to develop a macroprudential strategy for addressing climate broader nature-related risks.

European Banking Authority (EBA) proposes voluntary EU label for green loans

On December 15, 2023, EBA published a response to the European Commission’s call for advice on green loans and mortgages. In its response, EBA suggests the introduction of a voluntary EU label for green loans based on a common EU definition and as well as the integration of the concept of a ‘green mortgage’ and its key sustainability features in the Mortgage Credit Directive. In particular, EBA proposes that:

such EU definition and labelling framework incorporate a degree of flexibility to facilitate market participants’ credible efforts in contributing to environmental objectives;
for the labelling framework to include information on the long-term benefits of investing in energy-efficient solutions, documentation requirements and availability of financial support schemes; and
when reviewing the Mortgage Credit Directive, the European Commission consider integrating the concept of green mortgages as well as the expected features of these loans.

Council of the EU and European Parliament strike deal on the Corporate Sustainability Due Diligence Directive; European Securities and Markets Authority (ESMA) consults on draft guidelines on enforcement of sustainability information

On December 14, 2023, the Council of the EU and the European Parliament reached a provisional agreement on the Corporate Sustainability Due Diligence Directive, which will oblige firms to integrate their human rights and environmental impact into their management systems. Eligible companies will be required to make investments, seek contractual assurances from partners, improve their business plans or provide support to their partners from SMEs in order to identify, assess, prevent, mitigate and remedy the negative impact of their activities on people and the planet. Companies’ business model will also have to comply with limiting global warming to 1.5°C. In addition, supervisory authorities will be able to launch inspections and impose penalties on non-compliant companies, including fines of up to 5% of their net worldwide turnover. As a next step, the provisional agreement needs to be endorsed and formally adopted by both institutions.

On December 15, 2023, ESMA published a consultation paper on a set of draft guidelines on enforcement of sustainability information, with responses sought by 15 March 2024. The main goals of the draft guidelines are to ensure that national competent authorities carry out their supervision of listed companies’ sustainability information under the Corporate Sustainability Reporting Directive (CSRD), the European Sustainability Reporting Standards and Article 8 of the Taxonomy Regulation in a converged manner; and to establish consistency in, and equally robust approaches to, the supervision of listed companies’ sustainability and financial information. ESMA says this will facilitate increased connectivity between the two types of reporting.

European Securities and Markets Authority (ESMA): “Update on the guidelines on funds’ names using ESG or sustainability-related terms – Postponement of Publication”

On December 14, 2023, ESMA has published a statement that it has postponed the adoption of the Guidelines on ESG and sustainability-related terms in fund names to ensure that the outcome of reviews of AIFMD and the UCITS Directive may be fully considered. In particular, the text of the provisional agreement resulting from the interinstitutional negotiations contains two new mandates for ESMA to develop guidelines specifying the circumstances where the name of an AIF or UCITS is unclear, unfair, or misleading. ESMA plans to adopt the Guidelines shortly after the date of entry into force of AIFMD and UCITS Directive revised texts.

European Securities and Markets Authority (ESMA) to launch and participate in Common Supervisory Action on ESG disclosures for Benchmarks Administrators

On December 13, 2023, ESMA announced that it will launch a common supervisory action (CSA) with national competent authorities (NCAs) on environmental, social and governance disclosures under the EU Benchmarks Regulation. This is ESMA’s first CSA in its role as a direct supervisor of benchmarks administrators. It will be carried out by ESMA and the NCAs during 2024 and until Q1 2025.

ESAs put forward amendments to sustainability disclosures for the financial sector

The three European Supervisory Authorities (European Banking Authority, European Insurance and Occupational Pensions Authority, and European Securities and Markets Authority – togethers the ESAs) are finalising amendments to the Sustainable Finance Disclosure Regulation (SFDR), proposing new social indicators, streamlined disclosure frameworks for adverse impacts, and additional product disclosures on greenhouse gas emissions reduction targets. The Final Report was published on December 4, 2023. Other revisions include improvements to “Do No Significant Harm” disclosures, simplified disclosure templates, and other technical adjustments regarding derivatives and sustainable investment calculations.

Loan Market Association (LMA) updates sustainable lending glossary

In December 2023, the LMA updated its sustainable lending glossary, produced in conjunction with the Loan Syndications and Trading Association and the Asia Pacific Loan Market Association. The glossary (which was first published in March 2020 and was last revised in August 2021) intends to assist the transparency of terms in the rapidly evolving sustainable lending market and provides an alphabetical list of terms, concepts, institutions, and agreements relevant to green and sustainable lending transactions.

European Green Bonds Regulation published in Official Journal

On November 30, 2023, the Official Journal of the EU has published Regulation (EU) 2023/2631 of the European Parliament and of the Council on European Green Bonds and optional disclosures for bonds marketed as environmentally sustainable and for sustainability-linked bonds. This Regulation lays down uniform requirements for issuers of bonds that wish to use the designation ‘European green bond’ or ‘EuGB’ for their environmentally sustainable bonds, and entered into force on December 2023, 2023, and will apply from December 21, 2024.

EU finalises European Green Bond Regulations

On November 30, 2023, Regulation (EU) 2023/2631 on European Green Bonds and optional disclosures for bonds marketed as environmentally sustainable and for sustainability-linked bonds was published in the Official Journal of the European Union. The Regulation provides for uniform requirements for issuers of environmentally sustainable bonds who intend to designate their bonds as “European green bonds” or “EuGB”. See our earlier update here.

EU Commission publishes proposal for carbon certification framework

On November 30, 2023, the EU Commission published its proposal for a new regulation establishing a voluntary EU certification framework for carbon removals. The proposal sets out quality criteria (“Qu.AL.ITY critera”) for carbon removal activities that take place in the EU, rules for the independent verification of carbon removals, and rules to recognise certification schemes that can be used to demonstrate compliance with the EU framework.

The proposal is now under discussion by the European Parliament and the Council, with the Commission due to develop tailored certification methodologies for the different types of carbon removal activities based on the QU.A.L.ITY criteria, supported by an expert group which will meet in the first quarter of 2023.

COP28: EU Parliament pushes for end of global fossil fuel subsidies by 2025

On November 21, 2023, the EU Parliament adopted a resolution calling, among other things, for the EU and all parties at COP28 to end all direct and indirect fossil fuel subsidies as soon as possible, and by 2025 at the latest. The resolution also called for an end to all environmentally harmful subsidies as soon as possible and latest by 2027, at both EU and Member State levels, and called on Member states to improve their national reporting of fossil fuel subsidies and plan for their phase-out in the upcoming revisions of their national energy and climate plans.

EU Parliament and Council agree to introduce “ecocide” offence

On November 16, 2023, it was announced that the Parliament and Council have reached a provisional agreement on a new EU directive that will impose new criminal sanctions for environmental harm. The directive was first proposed in December 2021, to replace the existing Environmental Crime Directive 2008 and establish minimum rules that bring the existing criminal regime into alignment with the objectives of the EU’s Green Deal.

The agreed directive will introduce “qualified offences” described by the Parliament as “comparable to ecocide”, whereby stricter sanctions are imposed for intentional acts that caused destruction, irreversible, widespread and substantial damage, or long-lasting widespread and substantial damage to an ecosystem of considerable size of environmental value, or to a natural habitat within a protected site, or to the quality of air, soil or water.

Specific new offences include timber trafficking, illegal recycling of polluting components of ships, and serious breaches of legislation on chemicals.

The provisional agreement is due to be formally adopted by both the European Parliament and the Council. The press releases of the Commission, Parliament and Council are available here, here and here.

European Parliament and Council agree on new EU Methane Regulation

On November 15, 2023, it was announced that the European Parliament and Council have reached a provisional agreement on a EU new regulation to reduce energy sector methane emissions in Europe and in global supply chains. The regulation was first proposed in December 2021, under the banner of the European Green Deal, with the aim of preventing avoidable release of methane into the atmosphere and minimise methane leaks by fossil energy companies operating in the EU.

The EU Methane Regulation, in its agreed form, will impose obligations on companies in the oil, gas and coal sectors, including requiring oil and gas companies to carry out regular surveys of their equipment to detect and repair methane leaks on the EU territory within specific deadlines, banning routine venting and flaring by the oil and gas sectors and limiting venting from thermal coal mines from 2027, and requiring companies in all three sectors to carry out an inventory of closed, inactive, plugged and abandoned assets with a view to monitoring and mitigating their emissions as soon as possible.

The regulation also targets methane emissions related to imported oil, gas and coal into the EU, including by establishing a methane transparency database where data on methane emissions reported by importers and EU operators is made available to the public, and by requiring the Commission to establish methane performance profiles of countries and companies to allow importers to make informed choices on their energy imports.

The provisional agreement is due to be formally adopted by both the European Parliament and the Council. The press releases of the Commission and Council are available here and here.

European Commission proposes postponement of pending European Sustainability Reporting Standards until June 2026

On October 24, 2023, the Commission published a proposal for a Decision postponing the deadlines for adoption of the second tranche of European Sustainability Reporting Standards (ESRS) (i.e. the sector-specific standards) which underpin the disclosure requirements of the EU’s new comprehensive sustainability rules in the Corporate Sustainability Reporting Directive (CSRD) . The current deadline is June 30, 2024, but the Commission is proposing a two-year delay until June 2026, in order to allow companies within the scope of the to focus on implementation of the first tranche of ESRS. These first-tranche standards were adopted on July 31, 2023 and are sector-agnostic, applying to all companies within scope of the CSRD. This is in response to a demand from the corporate sector.

The Commission also proposes that the adoption date for the ESRS to be used by certain non-EU companies with business in the EU be likewise postponed by two years, to June 2026.

The feedback period on the Commission proposal closes on December 19, 2023.

IV. NORTH AMERICA

New York State Department of Financial Services (NYFDS) adopted guidance for New York State-regulated banking and mortgage institutions related to climate change risks

On December 21, 2023, NYFDS adopted guidance aimed at assisting institutions with the management of material financial and operational risks from climate change. NYFDS has not currently set a timeline for implementing the guidance, but it will be issuing a request for information in 2024 in order to ascertain the steps regulated institutions are taking, or are planning to take, to identify, monitor, and control these risks.

BlackRock, Inc. (BlackRock) sued by U.S. state for allegedly misleading ESG representations

On December 18, 2023, Tennessee filed a consumer protection lawsuit in Tennessee state court against BlackRock, alleging the company had misled or made false representations to the state’s consumers regarding the incorporation of ESG into its investment strategy.

Commodity Futures Trading Commission (CFTC) proposes federal guidelines targeting voluntary carbon markets

As reported in our recent client alert, on December 4, 2023, the CFTC issued proposed guidance focused on the trade of voluntary carbon credit derivative contracts listed on CFTC-regulated exchanges. The guidance is directed at such exchanges and provides factors for them to consider in light of applicable regulatory standards, including requirements designed to support quality standards and appropriate governance and validation, among other topics. The public has until February 16, 2024 to comment on the proposed guidance.

U.S. Environmental Protection Agency’s (EPA) adopts final rule to targeting methane and other air pollutants from the oil and natural gas industry

On December 2, 2023, the EPA adopted a final rule consisting of several initiatives aimed at preventing an estimated 58 million tons of methane emissions between 2024 and 2038, a nearly 80% reduction of projected methane emissions without the rule. Among other things, the final rule will include new source performance standards to reduce methane and smog-forming volatile organic compounds from new or modified sources as well as emissions guidelines clarifying how states can use their existing program in plans for limiting methane emissions from existing sources.

A detailed summary of this final rule is summarized in our recent client alert.

California AB 1305 author shares his intent for first reporting deadline

In October, California adopted the “Voluntary Carbon Market Disclosures Act,” which imposes website disclosure requirements on (1) business entities that market or sell voluntary carbon offsets within California and (2) entities operating in California that make certain sustainability claims (e.g., achieving net zero emissions, carbon neutrality, or significant emission reductions, among others), with additional disclosure obligations if such entities purchase or use voluntary carbon offsets sold in the state. The statute provides that the required disclosures must be “updated no less than annually,” but does not specify when the first set of disclosures were required. The law became effective on January 1, 2024.

On November 30, 2023, the California Assembly member who authored AB 1305 submitted a letter to the Clerk of the Assembly stating his intention that the first annual disclosure should be posted by January 1, 2025, and to provide a more formal letter to the Assembly Daily Journal after the State Assembly reconvened in early January.

EPA Office of Environmental Justice and External Civil Rights receives funding for environmental and climate justice community change grants

On November 21, 2023, the Biden-Harris administration announced the funding of approximately $2 billion in the EPA’s Community Change Grants through the Inflation Reduction Act. The funds are described as “the largest single investment in environmental justice in history” and are to be used to support the deployment of community-driven clean energy projects, bolster climate resilience, and strengthen communities’ abilities to combat environmental and climate change challenges.

Glass Lewis announces several new and revised ESG-related proxy voting policies

On November 16, 2023, Glass Lewis published its updated voting policies for the U.S. The policies became effective on January 1, 2024. Noteworthy changes related to ESG topics include two new policies on cyber risk oversight and board oversight of environmental and social issues, and a revised policy on board diversity. The first new policy provides that, where a company has been materially impacted by a cyberattack, Glass Lewis may recommend votes against appropriate directors should Glass Lewis find the board’s oversight, response or disclosures concerning cybersecurity-related issues to be insufficient or if they are not provided to shareholders. In addition, when evaluating the board’s role in overseeing environmental and/or social issues, Glass Lewis will examine a company’s committee charters and governing documents to determine if the company has codified a meaningful level of oversight of and accountability for a company’s material environmental and social impacts. Glass Lewis also clarified that it will review a company’s disclosures for a rationale or plan to address the lack of board diversity, including a timeline on intended appointments, in making voting recommendations.

U.S. Federal Insurance Office (FIO) to collect information on homeowners’ insurance to assess climate-related financial risk to consumers

On November 1, 2023, the FIO published a public notice of its intention to collect zip-code-level insurance data from insurers as part of its effort to assess the possible impact of climate-related financial risks on Americans. Based on feedback to a prior proposal, the FIO revised its data collection request to reduce the estimated number of hours insurance companies need to comply with the request.

V. APAC

Partnership for Carbon Accounting Financials (PCAF) and China-based Green Finance Forum of 60 (GF60) forms partnership to harmonise greenhouse gas accounting methodologies for financial institutions in China

On December 21, 2023, PCAF announced that it has entered into a strategic partnership agreement with GF60 which is aimed at harmonizing greenhouse gas accounting methodologies for financial institutions in China, and enhancing the capability of such financial institutions to calculate the greenhouse gas emissions of their financial activities. PCAF will assist the Chinese financial sector in implementing PCAF standards and it observed that the collaboration will ultimately help to promote China’s progress in decarbonization.

GF60 is a non-profit international green finance and sustainability platform operated by the Shanghai Jinsinan Institute of Finance.

First ESG Disclosure Guidance for China’s insurance industry released

At a press conference held in Beijing on December 13, 2023, the Insurance Association of China (IAC) launched the Chinese insurance industry’s first ever Guidelines for Environmental, Social and Governance Information Disclosure by Insurance Institutions. Expected to help improve the quality of ESG disclosures in the insurance industry, the Guidelines set standards for insurance companies to disclose ESG information, including providing guidance both on disclosure content and disclosure methods.

The self-regulatory Guidelines take reference from international ESG disclosure standards such as the Global Reporting Initiative (GRI), Sustainability Accounting Standards Board (SASB), and the Stock Exchange of Hong Kong, whilst seeking to incorporate the unique characteristics of China and the Chinese insurance industry such as disclosure requirements for rural revitalization, insurance agent management and enhancement, sustainable insurance products, and green investment of insurance funds.

Philippines relaxes rules to encourage lending for green projects

On December 13, 2023, the Philippine central bank, Bangko Sentral ng Pilipinas, announced that it will temporarily allow banks to set aside lower reserves for sustainable bond sales and increase their lending capability. In particular, the reserve requirement rate for green, social, sustainability, and other sustainable bonds issued by banks will be gradually reduced from the current rate of 3% to 0%: the rate will fall to 1% in the first year after the change takes effect, before being cut to 0% in the second year. The central bank has also approved an additional 15% single borrower limit on loans to finance sustainable projects, including transition to decarbonization. Both measures will be in place for 2 years, subject to review, and constitute part of the central bank’s 11-point Sustainable Central Banking Strategy established to combat climate change.

Thailand Finance Ministry and investment management industry launches 22 new mutual funds to support Thailand’s ESG goals

At a joint press conference on December 8, 2023, Thailand’s Ministry of Finance, the Federation of Thai Capital Market Organizations (FETCO), Thailand’s Securities and Exchange Commission (SEC), the Stock Exchange of Thailand (SET) and Thailand’s Association of Investment Management Companies (AIMC) announced the launch of a new Thailand ESG Fund (Thai ESG Fund). The Fund consists of 22 new mutual funds with a fundraising target of 10 billion baht by the end of the year to accelerate sustainable development in Thailand, and progress towards carbon neutrality and net-zero greenhouse gas emissions. All Thai ESG Funds will largely invest in domestic assets such as debt securities or stocks of listed companies that meet disclosure requirements for emissions disclosures and reduction targets, and that are themed around environmental protection or sustainability.

Monetary Authority of Singapore (MAS) releases Code of Conduct for ESG Rating and Data Product Providers

On December 6, 2023, MAS published both its finalised Singapore Code of Conduct for ESG Rating and Data Product Providers and an accompanying Checklist for such providers to self-attest their compliance with the voluntary Code. It builds upon the recommendations from the International Organisation of Securities Commissions (IOSCO) for good practices by ESG rating and data product providers. A list of providers who have publicly adopted the Code will be available on the International Capital Market Association’s (ICMA) website, subject to the provider notifying the ICMA of their publication.

The industry Code seeks to establish baseline industry standards for transparency in methodologies and data sources, governance, and management of conflicts of interest that may compromise the reliability and independence of the products.

MAS are implementing the industry Code on a ‘Comply or Explain’ basis: ESG rating and data product providers are to state they comply with the principles and best practices set out in the Code or explain why they do not. Third party assurance or audit may also be sought by providers for their self-attestation on the Checklist. Providers are encouraged by MAS to disclose their adoption of the Code and publish a completed Checklist on their websites within 12 months of the Code’s publication.

Monetary Authority of Singapore taxonomy for sustainable finance

On December 3, 2023, the Monetary Authority of Singapore (MAS) launched the Singapore-Asia Taxonomy for Sustainable Finance, which sets out detailed thresholds and criteria for defining green and transition activities that contribute to climate change mitigation across eight focus sectors. Transition activities are those that do not meet the green thresholds now but are on a pathway to net zero or contributing to net zero outcomes. The taxonomy was drawn up with support and recommendations from the Climate Bonds Initiative. Whilst aimed at providing guidance for Singapore-based financial institutions, asset owners and investment managers, it is also expected to be used by companies, regulators, policymakers and other financial market participants seeking to identify and allocate capital to “green” and transition activities.

Hong Kong Stock Exchange and China Beijing Green Exchange sign MOU to promote green finance

On November 28, 2023, Hong Kong Exchanges and Clearing Limited (HKEX) announced the signing of a Memorandum of Understanding (MOU) with the China Beijing Green Exchange (CBGEX) – the designated trading platform for the Emissions Trading Scheme under the Beijing Municipal Government – to explore cooperation in areas such as building an ESG ecosystem, promoting green and sustainable finance, and contributing to the green development of the Belt and Road Initiative.

HKEX and CBGEX will be jointly exploring cross-border sustainable development, with a focus on addressing China’s growing demand for green infrastructure investments and its shift to a low-carbon economy. Both exchanges will also research green and transition finance, collaborate on capabilities building for ESG standards and information disclosure, and explore opportunities in the carbon market.

Hong Kong postpones mandatory climate disclosures for listed issuers

On November 3, 2023, the Hong Kong Stock Exchange (HKEX) announced that it would postpone the implementation of proposed Listing Rule amendments on climate-related disclosures from January 2024 to January 2025, after seeking market feedback on the proposed amendments (consultation paper here). The proposed new rules were informed by the new IFRS S2 Climate-related Disclosures promulgated by the International Sustainability Standards Board (ISSB). The HKEX is postponing implementation in order to allow issuers more time to familiarize themselves with the new climate-related disclosure requirements and to give itself time to take account of recommended approaches on scalability and phasing-in of disclosure requirements which the ISSB is providing global regulators in its upcoming ISSB Adoption Guide.

Australia announces Sustainable Finance Strategy

On November 2, 2023, the Australian Treasury released a consultation paper outlining its Sustainable Finance Strategy, which is aimed at mobilizing private investment needed in coming decades, enabling Australian firms to access the capital needed to finance their own transitions, ensuring that financial opportunities and risks presented by climate change are identified and well managed, and aligning Australia’s capital markets with emerging international standards on sustainable finance. This is consistent with the Australian government’s adoption of a “climate first” approach to sustainable finance reforms.

Key proposals cover:

Reporting: Implementing mandatory climate reporting requirements for large companies and financial institutions from July 2024 onwards, to ensure standardized disclosure of climate and other sustainability-related financial opportunities and risks.
Taxonomy: Developing an Australian sustainable finance taxonomy, to provide a comprehensive medium-term framework for understanding how certain economic activities and investments align with good sustainability outcomes, and to provide a consistent set of metrics for firms and investors to support credible transition planning.
Labelling: Improving sustainability labelling for investment products, to provide more consistent information on design and sustainability characteristics of products labelled as “green”, “sustainable”, “ESG”, or similar.
Sector Guidance on Emission Reduction: Developing national sectoral emissions reduction pathways, to provide firms and investors with clearer policy guidance on anticipated emissions reductions trajectories and priorities in key sectors, supporting more rigorous corporate transition planning and increasing accountability.

The consultation process ended on December 1, 2023 and the results will inform ongoing policy development and regulatory engagement on sustainable finance in Australia.

ICMA to form a working group to develop an ESG ratings and data providers code of conduct for Hong Kong Securities and Futures Commission

On October 31, 2023, the International Capital Market Association (ICMA) announced that it is convening a working group to lead the development of a voluntary code of conduct for ESG ratings and data product providers based in Hong Kong.

The code will be informed by the recommendations from the International Organization of Securities Commission’s report on “Environmental, Social and Governance Ratings and Data Product Providers”, and the working group is expected to release its draft code of conduct for public consultation in early 2024.

Please let us know if there are other topics that you would be interested in seeing covered in future editions of the monthly update.

Warmest regards,

Susy Bullock
Elizabeth Ising
Perlette M. Jura
Ronald Kirk
Michael K. Murphy
Selina S. Sagayam

Chairs, Environmental, Social and Governance Practice Group, Gibson Dunn & Crutcher LLP

The following Gibson Dunn lawyers prepared this client update: Lauren Assaf-Holmes, Grace Chong, Natalie Harris, Sophy Helgesen, Elizabeth Ising, Cynthia Mabry, Ian Mwiti Mathenge, Patricia Tan Openshaw, Selina S. Sagayam and Theresa Witoszynski.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Environmental, Social and Governance practice group:

Environmental, Social and Governance (ESG):
Susy Bullock – London (+44 (0) 20 7071 4283, [email protected])
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, [email protected])
Perlette M. Jura – Los Angeles (+1 213-229-7121, [email protected])
Ronald Kirk – Dallas (+1 214-698-3295, [email protected])
Michael K. Murphy – Washington, D.C. (+1 202-955-8238, [email protected])
Patricia Tan Openshaw – Hong Kong (+852 2214-3868, [email protected])
Selina S. Sagayam – London (+44 (0) 20 7071 4263, [email protected])

The final rule marks a significant transition in the regulatory oversight of the carbon capture and sequestration industry within Louisiana.

On December 28, 2023, the United States Environmental Protection Agency (EPA) signed a final rule giving the State of Louisiana primary enforcement authority (or “primacy”) over Class VI underground injection wells, which are used by the carbon capture and sequestration (CCS) industry to permanently sequester captured carbon in underground geological formations, within the state.[1] The final rule represents a long-sought and important win for Louisiana, which initially submitted its application for Class VI primacy to the EPA on September 17, 2021.[2] It also marks a significant transition in the regulatory oversight of the CCS industry within Louisiana, as the primary regulatory body for the CCS industry in the state shifts from the EPA to the Louisiana Department of Natural Resources (LDNR).[3] The Class VI permitting process under the LDNR is expected to be faster than the process under the EPA, leading to accelerated growth of the CCS industry within Louisiana. Louisiana now joins North Dakota and Wyoming among states with Class VI primacy.

Class VI Wells, Primacy and Federal Incentives

Class VI underground injection wells are specifically designed for the permanent geological sequestration of carbon dioxide, playing a crucial role in CCS technologies aimed at mitigating climate change.[4] Geological sequestration involves injecting captured carbon dioxide into underground rock formations, such as in deep saline formations, at depths and pressures high enough to keep the carbon dioxide in a supercritical fluid phase, which allows more carbon dioxide to be sequestered and is less likely to lead to the carbon dioxide escaping into the atmosphere or migrating into other underground formations.[5] Class VI wells are distinct from other injection wells in that they are exclusively dedicated to long-term storage of carbon dioxide that is either captured directly from the ambient atmosphere (in direct air capture CCS projects) or from industrial emissions or other anthropogenic sources (in point source CCS projects).

Federal income tax credits are available under the Inflation Reduction Act of 2022 (IRA) for the capture and utilization or sequestration of qualified carbon oxides (see our previous alert here). Significantly greater credits are awarded for “secure” geological sequestration of carbon oxides, and Class VI wells generally satisfy IRS and Treasury requirements for such secure sequestration. The IRA further enhanced the economic benefit of these credits by making it easier to monetize them, extending the benefit of new direct payment (see our previous client alert here) and transferability (see our previous client alert here) rules to these credits. Additional federal funding for CCS projects was also made available under the Infrastructure Investment and Jobs Act.[6]

Class VI wells are subject to stringent regulations under the Safe Drinking Water Act’s Underground Injection Control (UIC) program. Under the Act, the EPA is responsible for developing UIC requirements for injection wells of all classes that are intended to protect underground sources of drinking water, among other objectives. Any state, territory, or tribe can obtain primary enforcement authority over a given class of injection wells by adopting injection well requirements that are at least as stringent as the EPA’s requirements and subsequently applying to the EPA for primary enforcement authority over that class of injection well.[7] If the EPA approves the primacy application, the state, territory, or tribe will then implement and manage the permitting and compliance processes for the applicable class of injection well. However, if a state, territory, or tribe does not adopt its own injection well requirements or apply for enforcement authority over a given class of wells, then the EPA will remain responsible for implementing and enforcing the UIC requirements for that class of wells.

Permitting Backlog at the EPA Driving Interest in Class VI Primacy

As shown in the map below, many states have been granted primacy by the EPA over multiple classes of injection wells, particularly Class II injection wells, which can be utilized for CCS projects utilizing captured carbon for enhanced oil recovery projects.[8] However, prior to Louisiana, only North Dakota and Wyoming had successfully applied for primacy over Class VI wells. As a result, the EPA retains oversight over nearly all Class VI well permit applications in the US.

As of 1/1/24. Source: The United States Environmental Protection Agency

The EPA’s process for granting a Class VI well permit is rigorous and requires applicants to provide extensive (and expensive) data and modeling to show that the Class VI well will protect drinking water and prevent the escape or migration of carbon dioxide.[9] Although the EPA currently estimates that the Class VI permitting process for new permits will take about 25 months from start to finish, some Class VI permits have taken as long as six years to be approved.[10]

The EPA has also issued very few Class VI permits, leading to a backlog of pending permit applications. As of January 1, 2024, the EPA has only issued six Class VI permits, all for projects in Illinois, and of those six permits, only two have been utilized in connection with an active CCS project.[11] The EPA is nearing final approval of six additional Class VI well permits for CCS projects in Indiana and California, but these represent a fraction of the pending Class VI well permit applications before the EPA.[12] As of December 22, 2023, there were 63 permit applications covering 179 wells at some point in the EPA’s permitting process, and most applications are not close to approval, as shown in the attached CHART. (As of 12/22/23. Source: The United States Environmental Protection Agency.)

The permitting backlog at the EPA is one of the reasons Louisiana sought primacy over Class VI wells. Of the 63 pending permit applications before the EPA, approximately one-third were for CCS projects located in Louisiana, and the lengthy approval process was a major impediment to CCS projects in the state. Now that Louisiana has obtained primacy over Class VI wells, all pending permits before the EPA will be transferred to the LDNR for review, and the LDNR will have oversight of all future Class VI well applications in Louisiana. Many CCS industry participants have welcomed the switch to the review process under the LDNR, which is expected to be more efficient and to take a shorter period of time than the EPA’s process, a belief which is supported by the Class VI permit process in North Dakota, which has produced eight Class VI permits since North Dakota obtained Class VI primacy in 2018 (compared to the six Class VI well permits issued by the EPA nationwide since the UIC program was implemented in 2010).[13]

Class VI Requirements Adopted by Louisiana

The Class VI well requirements adopted by Louisiana are more stringent than the EPA’s requirements in several key areas, including:

requiring each individual Class VI well to be reviewed and permitted on its own, rather than issuing permits for multiple wells in a given project at once;
prohibiting the sequestration of carbon dioxide in salt caverns;
not granting waivers to injection depth requirements; and
requiring additional monitoring systems and operating requirements, over and above those required by the EPA.[14]

In addition, the EPA included several environmental justice requirements in the Memorandum of Agreement between Louisiana and the EPA, including an environmental justice review process. These requirements include:

adding steps to enhance the public’s participation in the permit application process;
analyzing environmental justice impacts on communities as part of the permitting process, including identifying environmental hazards, potential exposure pathways, and susceptible populations; and
incorporating mitigation measures to ensure Class VI wells do not increase environmental impacts and public health risks in already overburdened communities, such as installing carbon dioxide monitoring networks, carbon dioxide release networks, and enhanced pollution controls.[15]

Class VI applications before LDNR for review will need to be evaluated to ensure that they comply with Louisiana’s enhanced regulations and environmental justice requirements, and companies with pending Class VI applications that will be transferred to the LDNR may need to amend their applications if they do not meet these requirements.

Additional States Seeking Class VI Primacy

Louisiana’s successful primacy application over Class VI wells is likely to encourage other states to apply for Class VI primacy. Currently, only Texas, West Virginia, and Arizona are actively seeking Class VI primacy, but all three states are in the early stages of the primacy application process and are not expected to be given primacy in the near future.[16] Texas, for example, consolidated jurisdiction for Class VI wells under the Railroad Commission of Texas (RRC) in 2021 and submitted its formal application for primacy on December 19, 2022.[17] The EPA has reviewed Texas’s application for completeness, but the EPA still considers Texas to be in the “pre-application activities” phase of the primacy application process.[18] The RRC has adopted several amendments to the Texas Administrative Code to meet the EPA’s Class VI requirements, and the RRC submitted its final rules to the EPA in August 2023.[19]

States that seek Class VI primacy should pay close attention to Louisiana’s application for guidance on how to approach the primacy application process, especially with respect to the environmental justice requirements, as the EPA has indicated that Louisiana’s environmental justice commitments are a clear benchmark for any state that seeks Class VI primacy in the future.[20]

Conclusion

The recent signing of the final rule granting the State of Louisiana primary enforcement authority over Class VI wells signals a pivotal moment in the regulation of the CCS industry. This achievement, following a protracted application process, not only provides Louisiana with autonomy in overseeing Class VI wells but also signifies a significant shift from federal EPA oversight to the LDNR. With expectations of a more expedited and efficient permitting process under the LDNR, the decision is poised to catalyze accelerated growth in the CCS industry within the state.

[1] View here.

[2] Id.

[3] https://gov.louisiana.gov/index.cfm/newsroom/detail/4372

[4] https://www.epa.gov/uic/class-vi-wells-used-geologic-sequestration-carbon-dioxide

[5] “Sequestration of Supercritical CO2 in Deep Sedimentary Geological Formations”, Negative Emissions Technologies and Reliable Sequestration: A Consensus Study Report of The National Academies of Sciences, Engineering, and Medicine, pg. 320.

[6] View here.

[7] View here.

[8] The Underground Injection Control program consists of six classes of injection wells. Each well class is based on the type and depth of the injection activity, and the potential for that injection activity to result in endangerment of an underground source of drinking water (USDW). Class I wells are used to inject hazardous and non-hazardous wastes into deep, isolated rock formations. Class II wells are used exclusively to inject fluids associated with oil and natural gas production. Class III wells are used to inject fluids to dissolve and extract minerals. Class IV wells are shallow wells used to inject hazardous or radioactive wastes into or above a geologic formation that contains a USDW. Class V wells are used to inject non-hazardous fluids underground. Class VI wells are wells used for injection of carbon dioxide into underground subsurface rock formations for long-term storage, or geologic sequestration.

[9] https://www.epa.gov/uic/class-vi-wells-used-geologic-sequestration-carbon-dioxide#ClassVI_PermittingProcess

[10] Observations on Class VI Permitting: Lessons Learned and Guidance Available, Bob Van Voorhees et al. at 3 (https://www.ideals.illinois.edu/items/117640); see EPA Permit Tracker Chart.

[11] Id.; https://www.epa.gov/uic/table-epas-draft-and-final-class-vi-well-permits.

[12] https://www.epa.gov/uic/table-epas-draft-and-final-class-vi-well-permits.

[13] https://www.dmr.nd.gov/dmr/oilgas/ClassVI.

[14] View here.

[15] Id.

[16] Id.

[17] View here.

[18] View here.

[19] View here.

[20] Id.

The following Gibson Dunn attorneys prepared this update: Michael P. Darden, Rahul D. Vashi, Graham Valenta, Michael Cannon, Matt Donnelly, and Josiah Bethards.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have about these developments. To learn more, please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Oil and Gas, Tax, or Environmental Litigation and Mass Tort practice groups, or the authors:

Oil and Gas:
Michael P. Darden – Houston (+1 346.718.6789, [email protected])
Rahul D. Vashi – Houston (+1 346.718.6659, [email protected])
Graham Valenta – Houston (+1 346.718.6646, [email protected])

Tax:
Michael Q. Cannon – Dallas (+1 214.698.3232, [email protected])
Matt Donnelly – Washington, D.C. (+1 202.887.3567, [email protected])
Josiah Bethards – Dallas (+1 214.698.3354, [email protected])

Environmental Litigation and Mass Tort:
Stacie B. Fletcher – Washington, D.C. (+1 202.887.3627, [email protected])
David Fotouhi – Washington, D.C. (+1 202.955.8502, [email protected])
Rachel Levick – Washington, D.C. (+1 202.887.3574, [email protected])

Because of the Data Act’s extensive requirements, all companies should assess if any of their products or services will be caught by the Data Act, which will start applying from the second half of 2025.

The EU’s Data Act will enter into force on 11 January 2024. With the stated goal of ‘unlocking’ the EU’s data economy, the Data Act imposes a set of wide-ranging data sharing, product design and contractual obligations on providers of Internet of Things (‘IoT’) devices and related services, and on cloud computing providers. The obligations under the Data Act apply to all sectors of the economy, and to businesses of all sizes. Because of the Data Act’s extensive requirements, all companies should assess if any of their products or services will be caught by the Data Act. The obligations under the Act will start applying from the second half of 2025 so there is little time to prepare effective compliance strategies.

Executive summary

The Data Act rests on the general assumption that the vast majority of data generated by connected devices, services and cloud software is unused, or collected by a small number of large companies. Through this new legislation, the EU seeks to ‘unlock’ this data, facilitate moving data between one service and another, and make it accessible to users – and also to third party businesses if approved by the respective users.

The scope of the Data Act will apply to (i) manufacturers of connected products and providers of related services placed on the market in the EU; (ii) the users of such connected products or services in the EU; (iii) data holders that make data available to recipients in the EU; (iv) data recipients in the EU; (v) providers of data processing services offering services to customers in the EU; and (vi) EU institutions and public sector bodies accessing data under the regulation. The Data Act will therefore also apply to foreign companies that operate in EU markets, irrespective of their place of establishment or subsidiary presence in the EU.

The types of products and services covered by the Data Act are deliberately defined very broadly. ‘Connected product’ is defined as ‘an item that obtains, generates or collects data concerning its use or environment and that is able to communicate product data via an electronic communications service, physical connection or on-device access, and whose primary function is not the storing, processing or transmission of data on behalf of any party other than the user’. ‘Related service’ is defined as ‘a digital service, other than an electronic communications service, including software, which is connected with the product at the time of the purchase, rent or lease in such a way that its absence would prevent the connected product from performing one or more of its functions, or which is subsequently connected to the product by the manufacturer or a third party to add to, update or adapt the functions of the connected product’.

The Data Act will touch companies of all sizes in almost every sector of the European economy, including manufacturers of smart consumer devices, cars, connected industrial machinery, smart fridges and other home appliances, and any related services which interact with connected products such as streaming services or data analytics software. The Data Act will equally impact on cloud computing providers.

The Data Act will require availability and portability of data generated through the use of IoT devices (‘Connected Products’) or related services which connect to these devices. It also introduces far-reaching obligations aimed at allowing users to easily switch between cloud service providers, as well as regulating smart contracts.[1]

The Data Act has now been published in the Official Journal of the European Union and will enter into force on 11 January 2024. The provisions of the Data Act will begin to apply 20 months from the date of entry into force, meaning affected businesses will need to be ready to comply with the Act by 12 September 2025. Design requirements related to Connected Products will apply to products which are placed on the market in the Union after 12 September 2026.

The Data Act will also introduce a set of rules governing agreements relating to data access and use between companies and prohibiting contractual terms that are considered unfair or abusive. Where contracts are concluded after 12 September 2025, these provisions will automatically apply. For contracts concluded on or before 12 September 2025, these provisions will begin to apply from 12 September 2027.[2]

Because of the Data Act’s extensive scope and range of obligations, it is imperative that businesses start preparing now by reviewing their products, practices and policies to ensure compliance. The Data Act implementation will require significant product changes and revision of contract terms. For example, companies should start auditing their data storage policies and considering the changes required to implement the Data Act’s extensive data sharing requirements. Contracts governing data sharing and processing practices will also need to be reviewed and likely revised.

For some companies the Data Act will also open up novel business opportunities, and – as the rights under the Data Act are not limited to SMEs – large businesses will be empowered to benefit from this legislation and develop new business models based on third party data becoming accessible under the Data Act.

The main elements and implications of the Data Act are described further below.

IoT Devices and Services

The Data Act creates a legal obligation to make data generated from Connected Products available to users of such Connected Products, to third parties if requested by the user, and to public sector bodies in circumstances where there is an exceptional need to do so.

The scope of affected products and services is very broad. Connected Products include all devices and equipment which collect data concerning their use or environment and which can then communicate such data through an electronic communications service, a physical connection or on-device access. For instance, B2B connected products might include car braking systems, elevators, factory machines capable of collecting data or smart solar panels. In the B2C sphere, examples include home appliances such as smart fridges, smart speakers and cleaning robots, fitness trackers, medical devices, and modern cars. However, products which are primarily designed to display or play content, or to record and transmit content (e.g., personal computers, servers, tablets and smart phones, cameras) are outside the scope of the Data Act.

Obligations related to Connected Products also cover related services. These are digital services which are incorporated in, or inter-connected with, the product at the time of purchase or subsequently connected to the product by a manufacturer or a third-party, and which are essential for the product to perform its primary function. Notable examples include voice assistants, music streaming services which connect to a smart speaker, lifestyle advice applications connecting to fitness trackers, command and control software for industrial machines, and software used for energy optimization in buildings.

Manufacturers of Connected Products are recognised as ‘data holders’ in the Data Act. As regards data in scope of the Data Act, the regulation distinguishes between ‘product data’ and ‘related service data’. ‘Product data’ refers to data generated by the use of a connected product which is designed by the manufacturer to be retrievable by a user, data holder or a third party via an electronic communications service, a physical connection or on-device access. ‘Related service data’ covers ‘data representing the digitisation of user actions or of events related to the connected product, recorded intentionally by the user or generated as a by-product of the user’s action during the provision of a related service by the provider’. To fall within the scope of the Data Act, ‘related service data’ must be related to the use of the device in question.

Under the Data Act, data holders will be obliged to design Connected Products in a manner which provides users with simple and secure access to the data generated by their use. Access should be provided by default, or at the user’s request if direct access is not possible. Upon the user’s request, data holders must make data ‘readily available’, as well as the metadata that is necessary to interpret and use that data.

Further, if requested by the user, data holders must share data with third parties. Data holders must share the data under fair, reasonable and non-discriminatory terms. To incentivise the generation of valuable data, in B2B relations, data holders may request reasonable compensation when legally obliged to make data available to a data recipient.

One of the hotly debated topics during the Data Act negotiations was how to balance the protection of trade secrets against data sharing requirements. As a general rule, trade secrets must be protected and only disclosed if the data holder and user take all necessary measures prior to disclosure to protect confidentiality. The recitals to the Data Act provide that the obligation to disclose data should be interpreted in such a manner as to preserve the protections afforded under the Trade Secrets Directive (Directive (EU) 2016/943). Data holders should identify trade secrets prior to disclosure and should have the possibility to agree with users, or third parties of a user’s choice, on necessary measures to preserve their confidentiality, including by the use of model contractual terms, confidentiality agreements, strict access protocols, technical standards and the application of codes of conduct. Where there is no agreement on the necessary measures or where a user, or third parties of the user’s choice, fail to implement agreed measures or undermine the confidentiality of the trade secrets, the data holder should be able to withhold or suspend the sharing of data identified as trade secrets. In ‘exceptional circumstances’ and on a ‘case-by-case basis’, it may be possible for a data holder to refuse the request for access to data where it can be demonstrated that it faces a threat of ‘serious economic damage’ due to the disclosure of trade secrets. The text provides that serious economic damage ‘implies serious and irreparable economic loss’. This exception is likely to be strictly applied. Moreover, the open-ended nature of the exception does not allow affected businesses to rely on a clear legal standard and it remains to be seen how the exception will be interpreted by the CJEU.

Gatekeepers

The Data Act notes that ‘start-ups, small enterprises, enterprises that qualify as a medium-sized enterprises under Article 2 of the Annex to Recommendation 2003/361/EC and enterprises from traditional sectors with less-developed digital capabilities struggle to obtain access to relevant data’. On that basis, the Data Act’s aim is for such smaller companies to be the primary beneficiaries of the legislation. On the other hand, the Data Act prevents companies that are designated as gatekeepers under the EU’s Digital Markets Act from being able to receive data (with the exception of their cloud services).

Cloud Switching

The Data Act will have a significant impact on both public and private cloud computing services by requiring providers to facilitate switching across cloud and edge offerings.

The Data Act introduces a number of contractual, commercial and technical requirements to facilitate the transfer of data from one provider to another. Affected providers will be required to remove ‘obstacles to effective switching’ between their own and competing cloud services, which can be commercial, technical, contractual and organisational. They will also no longer be permitted to charge costs if a user wishes to remove its data from its current provider and switch to a new one. The Data Act, however, states that cloud services providers are not required to develop new technologies or services, disclose digital assets protected by intellectual property or take measures compromising the integrity and security of their service.

The cloud switching obligations in the Data Act leave scope for interpretation and the exact nature of their application is difficult to predict. Additionally, given the complexity of cloud switching, especially for certain types of workloads, it remains to be seen how regulators will approach the implementation of this requirement in practice given the apparently limited attention paid to the technical complexities when formulating vague and broad obligations. In order to build a defence, it likely will be important for a company that faces significant technical hurdles to comply with the requirements under the Data Act to develop strategies for the documentation of those hurdles and the efforts put into compliance.

Smart Contracts

One of the Data Act’s more controversial requirements concerns the design of smart contracts. A smart contract is defined very broadly as ‘a computer program used for the automated execution of an agreement or part thereof, using a sequence of electronic data records and ensuring their integrity and the accuracy of their chronological ordering’. The Data Act does not distinguish between just digital contracts and smart contracts utilizing distributed ledger technology, and may also potentially affect existing smart contracts on public blockchains.

Vendors of an application using smart contracts must ensure that smart contracts offer ‘access control mechanisms’ and a ‘very high degree of robustness’. They also need to ensure that smart contracts contain a kill switch which is a mechanism that can either destroy the contract or pause its operation ‘to terminate the continued execution of transactions.’

While the full extent of businesses affected by these requirements is difficult to ascertain, any provider of a smart contract application should carefully consider how to comply with the Data Act.

Interplay with the GDPR

Unlike Regulation (EU) 2016/679 (the “GDPR”), which applies to personal data only, the Data Act has a broader scope since it applies to both personal and non-personal data. As a consequence, and as clearly stated in Article 1(5) of the Data Act, this regulation is without prejudice to EU and national law on the protection of personal data and privacy, in particular the GDPR and the Directive 2002/58/EC (the “e-Privacy Directive”). This means that insofar as users are data subjects, all of the rights granted under the Data Act complement the rights granted under the GDPR such as the right of access and the right to data portability. However, in order to limit the risk of an interpretation or implementation of the Data Act that could be inconsistent with the existing data protection legal framework, the Data Act clearly provides that in the event of a conflict between the Data Act and EU law on the protection of personal data and privacy, or national law adopted in accordance with such EU law, such EU or national law should prevail.

Enforcement

While the Data Act introduces harmonized rules across the EU, it will be enforced by national authorities and it is left to the individual Member States to determine which authority (or indeed, authorities) they wish to designate for this purpose. The Data Act also leaves the determination of applicable penalties in the hands of Member States, subject to some minimum requirements set out in the text. Penalties must be ‘effective, proportionate and dissuasive’, and Member States must notify the Commission of the substance of these penalties by 20 months from the date of entry into force, i.e. by 12 September 2025.

The Commission will nevertheless support Member States in their enforcement by adopting guidelines and implementing legislation on, e.g., reasonable compensation for shared data, interoperability specifications, model contractual terms or harmonized smart contract standards. For those reasons, companies should put in place a coordinated and centralized EU-wide compliance strategy.

Why should you care?

The Data Act is an extensive and highly complex piece of legislation which will have wide-ranging implications across industries and enterprises of all sizes. Given the numerous exceptions, to an extent open-ended provisions and seemingly unclear definitions, a lot of uncertainty remains about how the Data Act will be enforced in practice. One thing is clear, however: affected businesses should begin preparing their compliance strategies and review product designs and relevant contractual frameworks right away. Such preparation will also require a closer analysis of the legal and technical issues relevant for each particular business and product as well as the interfaces to other relevant legal frameworks that may apply to, or limit, data flows under the Data Act, including the GDPR and, with respect to gatekeepers, the Digital Markets Act.

__________

[1] I.e., computer programs used for the automated execution of an agreement or part thereof, using a sequence of electronic data records and ensuring their integrity and the accuracy of their chronological ordering.

[2] Provided they are of indefinite duration or due to expire at least 10 years from 11 January 2024.

The following Gibson Dunn attorneys prepared this update: Ahmed Baladi, Nicholas Banasevic*, Stéphane Frank, Kai Gesing, Joel Harrison, Christian Riis-Madsen, Robert Spano, Ciara O’Gara, and Jan Przerwa.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Antitrust and Competition or Privacy, Cybersecurity & Data Innovation practice groups, or the authors:

Antitrust and Competition:
Nicholas Banasevic* – Managing Director, Brussels (+32 2 554 72 40, [email protected])
Rachel S. Brass – Co-Chair, San Francisco (+1 415.393.8293, [email protected])
Stéphane Frank – Brussels (+32 2 554 72 07, [email protected])
Kai Gesing – Munich (+49 89 189 33 180, [email protected])
Ali Nikpay – Co-Chair, London (+44 20 7071 4273, [email protected])
Cynthia Richman – Co-Chair, Washington, D.C. (+1 202.955.8234, [email protected])
Christian Riis-Madsen – Co-Chair, Brussels (+32 2 554 72 05, [email protected])
Stephen Weissman – Co-Chair, Washington, D.C. (+1 202.955.8678, [email protected])

Privacy, Cybersecurity and Data Innovation:
Ahmed Baladi – Co-Chair, Paris (+33 (0) 1 56 43 13 00, [email protected])
S. Ashlie Beringer – Co-Chair, Palo Alto (+1 650.849.5327, [email protected])
Joel Harrison – London (+44 20 7071 4289, [email protected])
Jane C. Horvath – Co-Chair, Washington, D.C. (+1 202.955.8505, [email protected])
Alexander H. Southwell – Co-Chair, New York (+1 212.351.3981, [email protected])
Robert Spano – London/Paris (+44 20 7071 4902, [email protected])

*Nicholas Banasevic is managing director in the firm’s Brussels office, an economist by background, and not admitted to practice law.

Heightened compliance challenges for international banks as U.S. authorities continue to ramp up Russia-related trade controls and diligence expectations.

On December 22, 2023, the Biden Administration took further action to add significantly to its Russia-related sanctions by issuing a new Executive Order (“EO”) 14114 that, among other things, now subjects foreign financial institutions (“FFIs”)[1] to secondary sanctions risks when they conduct or facilitate certain Russia-related transactions, even unwittingly. These new regulations are noteworthy not simply because they create new secondary sanctions risks for foreign banks and other financial institutions, but also because they expose these financial institutions to such risks based on the facilitation of trade of certain enumerated goods, and do so under a standard of strict liability. These new measures build upon an already expansive suite of economic sanctions, export controls and other regulatory measures the United States has implemented that target the Russian Federation, and follow through on the United States’ commitment to the G7 Leaders’ Statement of December 6, 2023.[2]

As discussed in further detail below, these particular secondary sanctions risks will, in some novel ways, add to the already complex and nuanced compliance challenges facing financial institutions when it comes to Russia-related trade activity, and signal yet another move by U.S. regulatory authorities to ratchet up diligence expectations on banks and other financial institutions in the trade finance space.

Specifically, EO 14114 amends previous EOs 14024 and 14068, which authorize portions of the Russian sanctions regime (namely, the Russian Harmful Foreign Activities Sanctions Regulations (“RHFASR”)).[3] The amendments to EO 14024 contain the new secondary sanctions provisions which aim to deter foreign banks from supporting certain Russia-related transactions and trade. The amendments to EO 14068 expand the current ban on importation into the United States of certain Russian-origin seafood, and set the stage for (but do not yet implement) similar expanded restrictions on other import-controlled goods such as diamonds.

Concurrent with the issuance of EO 14114, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”): issued two new substantive Determinations; issued two general licenses (“GLs”);[4] and published 12 new Russia-related FAQs and amended three existing FAQs (collectively with EO 14114, the “New Regulations”).[5] OFAC also published a compliance advisory for foreign financial institutions on the new secondary sanctions regulations (“Compliance Advisory”).

These measures are effective immediately, and we discuss the key elements and takeaways below.

New Secondary Sanctions Risks for Foreign Financial Institutions

Arguably the most significant impact of the New Regulations is the addition of ‘traditional’ financial institution-focused secondary sanctions[6] to the multitude of Russia sanctions that have been imposed in response to the war in Ukraine, which increases the overall sanctions risk for foreign financial institutions when engaging in certain Russia-related activities. Such secondary sanctions did not previously exist in the RHFASR program.[7]

Consistent with a number of previous U.S. government actions, this new executive order employs unprecedented provisions to continue to target Russia’s military-industrial base and attempt to isolate it and degrade its ability to procure materiel necessary for Russia’s war effort. Specifically, EO 14114 authorizes OFAC to impose secondary sanctions on foreign financial institutions that are deemed to have:

conducted or facilitated significant transactions for a certain class of persons sanctioned pursuant to EO 14024 (i.e., those persons designated as Specially Designated Nationals (“SDNs”) for operating or having operated in Russia’s technology, defense and related materiel, construction, aerospace or manufacturing sectors);[8] or
conducted or facilitated any significant transactions, or provided any service, involving Russia’s military-industrial base, including the direct or indirect sale, supply or transfer to Russia of certain items specified by the New Regulations, such as certain machine tools, semiconductor manufacturing equipment, electronic test equipment, propellants and their precursors, lubricants and lubricant additives, bearings, advanced optical systems and navigation instruments (such items, “Critical Items”).

OFAC’s FAQ 1151 provides guidance that Russia’s “military-industrial base” includes the Russian technology, defense and related materiel, construction, aerospace and manufacturing sectors as well as individuals and entities that support the sale, supply or transfer of Critical Items. This definition lends itself to potentially a very broad interpretation, and the New Regulations, taken together, appear to capture: (i) significant transactions with persons designated as SDNs within the enumerated sectors; (ii) significant transactions and services involving sanctioned or unsanctioned persons operating in those sectors more broadly, including maintaining accounts, transferring funds or providing other financial services to such persons, either inside or outside Russia to support Russia’s military-industrial base; and (iii) significant transactions with persons operating in any sector if the activity involves facilitating the sale, supply or transfer of Critical Items to Russia.[9]

FAQ 1151 applies the multi-factor test commonly used in other similar secondary sanctions provisions which provides wide interpretive latitude for OFAC to determine whether a transaction is “significant.” OFAC will consider “(a) the size, number, and frequency of the transaction(s); (b) the nature of the transaction(s); (c) the level of awareness of management and whether the transactions are part of a pattern of conduct; (d) the nexus of the transaction(s) to persons sanctioned pursuant to E.O. 14024, or to persons operating in Russia’s military-industrial base; (e) whether the transaction(s) involve deceptive practices; (f) the impact of the transaction(s) on U.S. national security objectives; and (g) such other relevant factors that OFAC deems relevant.”[10]

Critically, these New Regulations do not require that the foreign financial institution “knowingly” engages in the significant transactions covered by the provisions. This departs from the language that OFAC more commonly uses when crafting thresholds needed for the imposition of secondary sanctions. It thus seemingly requires more stringent and forward-leaning diligence protocols for banks that may want to fully assess their potential secondary sanctions risks by identifying transactions which could be caught under these new provisions. OFAC’s multi-factor “significance” test will still include a consideration of whether management teams at international financial institutions were aware that their institutions were processing targeted transactions. However, such awareness is only one factor to be considered, and assuming the test for “significance” is otherwise satisfied upon OFAC’s review, the prospect of a resulting strict liability secondary sanctions risk no doubt will alter the diligence and risk calculus for financial institutions who may still be dealing in legally permitted Russia-related trade.

The new Determination which implements these secondary sanctions provision also contains a list of the items which constitute Critical Items.[11] The New Regulations do not qualify Critical Items by references to U.S. export control laws nor do they appear to require the items in question to be of U.S.-origin or have any other U.S. nexus. This is consistent in approach with other secondary sanctions, which by express purpose are geared to cover activity without a U.S. nexus. And along these lines, OFAC has also clarified that financial institutions that engage in any of the proscribed transactions in non-USD currencies are still subject to secondary sanctions risk.[12] The implications of this are that a foreign bank, for example, which processes a significant transaction denominated in a non-USD currency on behalf of a non-U.S. customer supplying a wholly foreign-produced “Critical Item” to Russia will face secondary sanctions risks.

Consequences of Engaging in Covered Conduct

Upon a determination by OFAC that a foreign financial institution has engaged in the conduct described in the amended 14024 secondary sanctions provisions, OFAC can prohibit the opening of, or prohibit or impose strict conditions on the maintenance of, correspondent accounts or payable-through accounts in the United States, or impose full blocking measures on the institution.

For any entities subject to full blocking sanctions pursuant to the amended EO 14024, all property and interests in property of that institution that are in the United States or in possession or control of U.S. persons will be required to be blocked and reported to OFAC. Any entities that are owned, directly or indirectly, 50% or more by one or more sanctioned entities, individually or in the aggregate, will also be subject to the blocking sanctions.

In relation to banks for which the opening or maintaining of a correspondent account or a payable-through account is prohibited pursuant to the amended 14024, U.S. financial institutions will be required to close any correspondent account or payable-through account maintained for or on behalf of such banks within 10 days of the imposition of sanctions.

The newly issued GL 84 provides a temporary general authorization to U.S. financial institutions to engage in certain limited transactions to close the account accordingly.

Compliance Advisory for Foreign Financial Institutions and Enhanced Controls Considerations

As discussed above, the New Regulations create additional due diligence and risk considerations for foreign banks when engaging in Russia-related transactions. Such banks weighing these new secondary sanctions risks may want to evaluate Russia-related transactions for connections to Russia’s military-industrial base or to trade in Critical Items. This may involve additional due diligence on customers and the nature of items involved in such transactions. To assist in this complex task, OFAC issued a Compliance Advisory to provide guidance to foreign financial institutions on mitigating these risks under EO 14114, including practical guidance on how to identify sanctions risks and implement corresponding controls. In addition to the activities described in FAQ 1148 which could expose a foreign financial institution to secondary sanctions risk (discussed above), the Compliance Advisory also notes that helping companies or individuals evade U.S. sanctions on Russia’s military-industrial base is activity that could on its own expose a foreign financial institution to such risk under the new provisions. According to the advisory, such activity could include:

“offering to set up alternative or non-transparent payment mechanisms;
changing or removing customer names or other relevant information from payment fields;
obfuscating the true purpose of or parties involved in payments; or
otherwise taking steps to hide the ultimate purpose of transactions to evade sanctions.”

The Compliance Advisory advises institutions seeking to mitigate these new secondary sanctions risks to implement controls commensurate with their specific risk and current exposure to Russia’s military-industrial base and its supporters, and suggests a few examples of such controls.[13] It also refers to OFAC’s “Framework for OFAC Compliance Commitments” and previous agency alerts focused on Russia sanctions and export control evasion risks for further guidance on risk-based sanctions compliance controls, and suggests a few best practices, including working sanctions risks and information into traditional anti-money laundering controls.[14]

Appropriately tailoring and incorporating these suggested controls and best practices into an existing compliance framework operationally may require new, and increasingly sophisticated and nuanced risk assessments and control reviews given the unique issues presented by these New Regulations.

We also note that this Compliance Advisory builds upon a series of previous advisories issued by U.S. regulators addressing Russia-connected sanctions and export controls evasion risks, and in our view is thematically consistent with this previously published guidance, highlighting the cohesiveness of the United States’ whole-of-government approach to Russia. The Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) and the Commerce Department’s Bureau of Industry and Security (“BIS”), for example, have published three joint notices―on June 28, 2022, on May 19, 2023, and on November 6, 2023 —that urge financial institutions to employ risk-based controls to detect criminal activity and/or attempts to evade U.S. sanctions and export controls (and particularly those targeting Russia).[15] As with OFAC’s Compliance Advisory, the FinCEN-BIS joint notices contain specific guidance on transaction due diligence, including lists of compliance “red flags” and best practices, and financial institutions will want to familiarize themselves with these advisories in context as well.

Expanding the EO 14068 Import Bans

EO 14114 also expands the existing import restrictions in EO 14068 on Russian-origin seafood, to prohibit the importation into the United States of Russian-origin salmon, cod, pollock and crab[16] that was produced wholly or in part in Russia or harvested in Russian waters or by Russia-flagged vessels. This prohibition extends to such seafood that has been incorporated or substantially transformed into another product outside of Russia. While continued prohibitions despite a “substantial transformation” is very rare in OFAC regulations (to our knowledge it is only present in the Cuba sanctions program), newly issued GL 83 authorizes, until February 20, 2024, all transactions incident and necessary to the importation into the United States of seafood derivative products, pursuant to written contracts or agreements entered into prior to December 22, 2023. OFAC FAQ 1154 notes that the Agency intends to issue (but has not yet implemented) a similar Determination related to the importation of certain Russian diamonds processed in third countries.

Lastly, the New Regulations also clarify the import treatment of certain Russian-origin gold. Since June 28, 2022, pursuant to a Determination made under EO 14068, importation into the United States of Russian-origin gold has been prohibited. OFAC’s revised FAQ 1070 and a revised Determination clarify, however, that this prohibition does not extend to Russian-origin gold located outside Russia prior to June 28, 2022.

Conclusions and Key Takeaways

While financial institution-focused secondary sanctions provisions are certainly not new, as discussed above we see some noteworthy implications of these particular secondary sanctions provisions imposed under the New Regulations.

For one, by disincentivizing foreign financial institutions from processing transactions related to trade in Critical Items, even when the items would not be controlled for supply to Russia under existing U.S. export control laws, EO 14114 appears to create an extraterritorial U.S. export control-like regime, but through the use of secondary sanctions risks. This likely will create enhanced compliance considerations and challenges for financial institutions. Financial institutions, including foreign financial institutions, are already subject to a certain degree of compliance obligations under U.S. export controls when it comes to knowingly facilitating prohibited trade in items subject to U.S. export controls.[17] However, these entities have now become subject to an additional strict liability secondary sanctions risk when dealing with certain items not subject to the EAR (i.e., Critical Items), when they may be destined for Russia. As noted above, the consequences of secondary sanctions exposure can be much more severe than the consequences of violating U.S. export controls laws (i.e., full financial blocking measures are available under a sanctions action). Accordingly, the New Regulations will likely necessitate many foreign financial institutions reexamining their risk appetite and related controls when it comes to trade finance and other trade-related activity involving Russia.

This compliance challenge is compounded by two additional factors. First, the list of Critical Items is not tethered to U.S. export control classifications. This presents significant due diligence challenges and creates a degree of uncertainty as to the full scope of items that could fall within the list of Critical Items compared to those items subject to U.S. export controls. Second, as noted above, there are material differences in the culpable mental state standards required for compliance by financial intermediaries with U.S. export controls and the secondary sanctions risks under OFAC’s New Regulations (i.e., a “knowledge” standard under General Prohibition 10 of U.S. export controls versus this new strict liability risk under EO 14024). These two factors likely will create significant added challenges for any institution looking to implement a nuanced compliance and controls framework.

As with all secondary sanctions, banks ought to apply appropriate controls designed to identify and triage transactions for possible secondary sanctions risk, in line with their individual internal risk appetite and risk profile. However, with the more stringent strict liability standard doing away with any need for intent, mitigating secondary sanctions risks under the New Regulations may require more nuanced controls – and hence more resources – in order to apply an appropriately risk-tailored program. It is possible that, in turn, this may result in increased compliance and operational risks. Conversely, in an effort to simply avoid such increased risks and costs, banks may end up erring on the side of overcompliance.

__________

[1] A term defined broadly to include “any foreign entity that is engaged in the business of accepting deposits; making, granting, transferring, holding, or brokering loans or credits; purchasing or selling foreign exchange, securities, futures or options; or procuring purchasers and sellers thereof, as principal or agent. It includes depository institutions; banks; savings banks; money services businesses; operators of credit card systems; trust companies; insurance companies; securities brokers and dealers; futures and options brokers and dealers; forward contract and foreign exchange merchants; securities and commodities exchanges; clearing corporations; investment companies; employee benefit plans; dealers in precious metals, stones, or jewels; and holding companies, affiliates, or subsidiaries of any of the foregoing.” EO 14024 11(f), as amended by EO 14114.

[2] Available here.

[3] 31 C.F.R. Part 587.

[4] For the sake of completeness we note that OFAC issued on the same day a third GL 85, providing a temporary wind down license for certain transactions involving Expobank Joint Stock Company, which was sanctioned pursuant to WO 14024 on December 12, 2023.

[5] See OFAC Press Release, “Issuance of new Russia-related Executive Order and related Determinations; Issuance of Russia-related General Licenses and Frequently Asked Questions; Publication of Russia-related Compliance Advisory,” Dec. 22, 2023, available at https://ofac.treasury.gov/recent-actions/20231222.

[6] Note that we do not consider EO 14024 provisions authorizing SDN designations for persons providing ‘material support’ to other SDNs to be ‘traditional’ secondary sanctions for a variety of analytical, structural, practical and historical usage reasons.

[7] None of the executive orders authorizing the provisions of the RHFASR included secondary sanctions, nor did the secondary sanctions provisions of the Countering America’s Adversaries Through Sanctions Act (“CAATSA”), which amended The Support for the Sovereignty, Integrity, Democracy, and Economic Stability of Ukraine Act of 2014 and the Ukraine Freedom Support Act, apply to the executive orders authorizing the various components of the RHFASR. For reference, see the language of Sections 226 and 228 of CAATSA; the Ukraine-/Russia-Related Sanctions Regulations, 31. C.F.R. Part 589, Note 2 to § 589.209(c) and Note 2 to § 589.201; and related OFAC FAQs 541 and 547 (both of which were last amended over one year after the issuance of EO 14024).

[8] See OFAC FAQ 1126 for definitions of each of these sectors.

[9] See OFAC FAQ 1148.

[10] OFAC FAQ 1151.

[11] Determination Pursuant to Section 11(a)(ii) of E.O. 14024, as amended by E.O. of December 22, 2023 (Effective December 22, 2023).

[12] OFAC FAQ 1152.

[13] Examples form the Compliance Advisory include:

“Reviewing an institution’s customer base to determine exposure to the following:
- Any customers involved in the specified sectors of the Russian economy or who conduct business with designated persons in the specified sectors.
- Any customers that may be involved in the sale, supply, or transfer of the specified items to Russia or to jurisdictions previously identified as posing a high risk of Russian sanctions evasion.
Communicating compliance expectations to customers, including informing them that they may not use their accounts to do business with designated persons operating in the specified sectors or conduct any activity involving Russia’s military-industrial base. This may also include sharing the list of the specified items with customers, especially customers engaged in import-export activity, manufacturing, or any other relevant business lines.
Sending questionnaires to customers known to deal in or export specified items to better understand their counterparties.
Taking appropriate mitigation measures for any customers or counterparties engaged in high risk activity or who fail to respond to requests for information regarding activity of concern. These measures include restricting accounts, limiting the type of permissible activity, exiting relationships, and placing customers or counterparties on internal “do not onboard” or “do not process” watchlists.
On a risk-basis, obtaining attestations from customers that they do not operate in the specified sectors, engage in any sales or transfers of the specified items to Russia, or otherwise conduct any transactions involving Russia’s military-industrial base.
Incorporating risks related to Russia’s military-industrial base into sanctions risk assessments and customer risk rating criteria. This includes updating jurisdictional risk assessments as appropriate.
Implementing enhanced trade finance controls related to the specified items, including monitoring information collected as part of documentary trade.
Using open-source information and past transactional activity to inform due diligence and to conduct proactive investigations into possible sanctions and export control evasion.”

[14] Best practices from the Compliance Advisory include:

“Training staff on sanctions risks and common red flags. This includes not only compliance personnel but also front-line staff, senior management, and business lines (e.g., underwriters, relationship managers). It is especially important to train staff that while it is appropriate for customers to ask for guidance on how to comply with bank policies and sanctions, any request for assistance in evading sanctions should be treated as a serious red flag and result in appropriate mitigation measures.
Ensuring any identified risks or issues are escalated quickly to the proper level (e.g., senior risk committee) and promoting a “culture of compliance.”
Communicating clearly and frequently with U.S. and other correspondent banks on their due diligence expectations and requests for information.
Incorporating information and typologies from relevant FinCEN and OFAC alerts and advisories into automated and manual anti-money laundering controls. Of particular concern for Russian sanction evasion are:
- Customers conducting business with newly formed Russian companies or newly formed companies in third-party countries known to be potential transshipment points for exports to Russia.
- Companies or counterparties supposedly involved in production or import-export of sophisticated items with no business history or little-to-no web presence.
- Customers or counterparties using unusual or atypical payment terms and methods, such as large cash payments, frequent or last-minute changes to end-users or payees, or routing payments through third countries not otherwise involved in the transaction.”

[15] See FinCEN & BIS Joint Alert, FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Increased Vigilance for Potential Russian and Belarusian Export Control Evasion Attempts, June 28, 2022, available at https://www.fincen.gov/sites/default/files/2022-06/FinCEN%20and%20Bis%20Joint%20Alert%20FINAL.pdf; FinCEN & BIS Joint Alert, Supplemental Alert: FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Continued Vigilance for Potential Russian Export Control Evasion Attempts, May 19, 2023, available here; FinCEN & BIS Joint Alert, FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Announce New Reporting Key Term and Highlight Red Flags Relating to Global Evasion of U.S. Export Controls, Nov. 6, 2023, available here.

[16] See OFAC FAQ 1157, which defines salmon, cod, pollock and crab to include articles defined at the specified Harmonized Tariff Schedule of the United States (HTSUS) subheadings.

[17] See 15 C.F.R. § 736.2(b)(10) (“General Prohibition 10”).

The following Gibson Dunn lawyers prepared this alert: Adam M. Smith, David Wolber, Stephenie Gosnell Handler, Chris Timura, Dharak Bhavsar, and Audi Syarief.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. For additional information about how we may assist you, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or the following leaders and members of the firm’s International Trade practice group:

United States
Ronald Kirk – Co-Chair, Dallas (+1 214.698.3295, [email protected])
Adam M. Smith – Co-Chair, Washington, D.C. (+1 202.887.3547, [email protected])
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, [email protected])
David P. Burns – Washington, D.C. (+1 202.887.3786, [email protected])
Nicola T. Hanna – Los Angeles (+1 213.229.7269, [email protected])
Marcellus A. McRae – Los Angeles (+1 213.229.7675, [email protected])
Courtney M. Brown – Washington, D.C. (+1 202.955.8685, [email protected])
Christopher T. Timura – Washington, D.C. (+1 202.887.3690, [email protected])
Hayley Lawrence – Washington, D.C. (+1 202.777.9523, [email protected])
Annie Motto – New York (+1 212.351.3803, [email protected])
Chris R. Mullen – Washington, D.C. (+1 202.955.8250, [email protected])
Sarah L. Pongrace – New York (+1 212.351.3972, [email protected])
Anna Searcey – Washington, D.C. (+1 202.887.3655, [email protected])
Samantha Sewall – Washington, D.C. (+1 202.887.3509, [email protected])
Audi K. Syarief – Washington, D.C. (+1 202.955.8266, [email protected])
Scott R. Toussaint – Washington, D.C. (+1 202.887.3588, [email protected])
Claire Yi – New York (+1 212.351.2603, [email protected])
Shuo (Josh) Zhang – Washington, D.C. (+1 202.955.8270, [email protected])

Asia
Kelly Austin – Hong Kong/Denver (+1 303.298.5980, [email protected])
David A. Wolber – Hong Kong (+852 2214 3764, [email protected])
Fang Xue – Beijing (+86 10 6502 8687, [email protected])
Qi Yue – Beijing (+86 10 6502 8534, [email protected])
Dharak Bhavsar – Hong Kong (+852 2214 3755, [email protected])
Felicia Chen – Hong Kong (+852 2214 3728, [email protected])
Arnold Pun – Hong Kong (+852 2214 3838, [email protected])

Europe
Attila Borsos – Brussels (+32 2 554 72 10, [email protected])
Susy Bullock – London (+44 20 7071 4283, [email protected])
Patrick Doris – London (+44 207 071 4276, [email protected])
Sacha Harber-Kelly – London (+44 20 7071 4205, [email protected])
Michelle M. Kirschner – London (+44 20 7071 4212, [email protected])
Penny Madden KC – London (+44 20 7071 4226, [email protected])
Benno Schwarz – Munich (+49 89 189 33 110, [email protected])
Nikita Malevanny – Munich (+49 89 189 33 160, [email protected])
Irene Polieri – London (+44 20 7071 4199, [email protected])

Key Developments:

On December 19, 2023, a dues-paying member of the Wisconsin Bar filed a complaint against the Bar over its “Diversity Clerkship Program,” a summer hiring program for first-year law students. Suhr v. Dietrich, No. 2:23-cv-01697-SCD (E.D. Wis. 2023). The program’s application requirements had previously stated that eligibility was based on membership in a minority group. After SFFA v. Harvard, the eligibility requirements were changed to include students with “backgrounds that have been historically excluded from the legal field.” The plaintiff claims that the Bar’s program is unconstitutional after SFFA, even with the new race-neutral language, because, in practice, the selection process is still based on the applicant’s race or gender. The plaintiff also alleges that the Bar’s diversity program constitutes compelled speech and compelled freedom of association in violation of the First Amendment.

In December 2023, America First Legal (“AFL”) filed FOIA requests with two federal agencies, seeking records related to the agencies’ DEI practices and decision making. On December 13, 2023, AFL sent a FOIA request to the Federal Housing Finance Agency (“FHFA”) in connection with a proposed rule that uses “past discrimination” as a factor to be considered in determining whether a community is “underserved.” AFL’s FOIA request seeks all records showing the FHFA’s definition of the term “equity” as used in the proposed rule, as well as all records of communications and meetings with the Office of General Counsel relating to the proposed rule. Five days later, AFL filed another FOIA request, this time with the EEOC, in response to a recent Bloomberg Law News article about EEOC Commissioner Kalpana Kotagal, who recently made a statement that “[t]here are three commissioners who feel that DEIA programs’ continued implementation in the workplace are important.” AFL’s FOIA request seeks all records containing several words and phrases related to DEI and the SFFA case since January 1, 2023 from all EEOC commissioners and the General Counsel.

On December 12, 2023, AFL sent a letter to the EEOC, calling for the Commission to investigate IBM for discrimination in violation of Title VII. The letter describes a video leaked to X (formerly Twitter), in which IBM CEO Arvind Krishna appears to answer a question asked during an internal company meeting about the company’s commitment to DEI goals. Krishna remarked that executives “have to move forward by 1% on both underrepresented minorities,” which AFL construed to refer to goals for hiring women and racial minorities. In the video, Krishna also stated that executives’ bonuses depend in part on meeting these goals, and Paul Cormier, the chairman of IBM subsidiary Red Hat, added that Red Hat executives had been terminated for failing to meet company standards for diverse hiring. AFL asserts that these statements represent IBM’s enforcement of unlawful racial and national origin quotas. AFL sent a similar letter to IBM’s Board of Directors, claiming that IBM has violated Section 1981 by allocating set percentages of its spending to Black-owned businesses and has breached its fiduciary duty to shareholders by “necessarily pass[ing] over some of the most qualified candidates.”

On December 19, 2023, AFL sent the EEOC letters alleging that Hasbro’s and Mattel’s hiring and recruitment programs violate Title VII. The letters focus on data from the companies’ Form 10-K SEC filings and published DEI reports and allege that Hasbro and Mattel have unlawfully set goals for the hiring and advancement of women and racially diverse employees. AFL also sent letters to each company’s Board of Directors, making the same allegations. In the letter to the Mattel board, AFL claims that the company is damaging its goodwill and brand in breach of its fiduciary obligations by alienating parents through its sale of a children’s book that discusses gender as separate from biological sex.

On December 13, 2023, Hello Alice and Progressive Insurance filed their motions to dismiss in Roberts & Freedom Truck Dispatch v. Progressive Preferred Ins. Co., No. 23-cv-1597 (N.D. Ohio 2023). Hello Alice argued that the plaintiffs failed to state a claim because the challenged grant was not a “contract” under Ohio contract law, and because applying Section 1981 to Hello Alice’s grant program would violate the First Amendment since donating money qualifies as expressive conduct. Hello Alice also argued that the program is a permissible private voluntary affirmative action program as supported by Supreme Court precedent. Progressive Insurance echoed Hello Alice’s arguments and also argued that the plaintiffs did not have standing because (1) they did not show that they would have received the grant but for their race, and (2) the program concluded months before the plaintiffs filed their complaint. The plaintiff’s responses to the motions are due on February 14, 2024.

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

The Guardian, “Oklahoma governor signs order effectively banning diversity programs at public colleges” (December 14): The Guardian’s Adria R. Walker reports on the executive order signed by Oklahoma governor Kevin Stitt on December 13, 2023, which prohibits state agencies and public colleges and universities from using state funds, property, or resources to support DEI programming. The order directs state entities to review all DEI positions and initiatives and to “restructure” or “eliminate” those not essential to accreditation or university-wide student support. University of Oklahoma president Joseph Harrosz, Jr. released a statement in response to the governor’s order, indicating that the institution would comply with the order but confirming the university’s “unwavering” commitment to “access and opportunity for all of those with the talent and tenacity to succeed; being a place of belonging for all who attend; dedication to free speech and inquiry; and civility in our treatment of each other,” calling these “values [that] transcend political ideology.”
Forbes, “Elon Musk Says DEI ‘Must Die’ And Criticizes Diversity Schemes as ‘Discrimination’” (December 15): Forbes’ Robert Hart reports on anti-DEI comments made by Elon Musk on his social media platform X. On December 15, Musk opined that, although DEI is intended to “end discrimination,” it instead “replace[s] it with different discrimination.” Hart notes that, only days earlier, Musk also commented on video footage of statements by IBM leaders interpreted by AFL and others as tying IBM executive bonuses to meeting diverse hiring quotas; Musk called the practice “[e]xtremely concerning and obviously illegal.”
The Hill, “Congressional Black Caucus urges corporate America to recommit to diversity, equity and inclusion” (December 15): The Hill’s Cheyanne M. Daniels reports on the December 15 open letter sent by the Congressional Black Caucus (CBC) to corporate leaders, requesting that, by January 31, 2024, those leaders “reaffirm their commitments to diversity, equity, and inclusion, update [the CBC] on their racial equity investments, and work with the [CBC] to create legislative solutions that will help close the racial wealth gap.” In support of its request, the CBC cites several studies showing the lack of representation of racial and ethnic minorities on corporate boards and in corporate management, including a 2023 study by Deloitte and the Alliance for Board Diversity and a 2021 report by McKinsey. In its letter, the CBC also signals the forthcoming release of “an equity scorecard,” measuring diversity-related progress—or lack thereof—by major U.S. companies.
Reuters, “Some companies alter diversity policies after conservatives’ lawsuit threat” (December 18): According to Jody Godoy and Disha Raychaudhuri of Reuters, at least six major U.S. companies have changed the descriptions for their DEI initiatives in response to shareholder letters from AFL and the American Civil Rights Project complaining that the initiatives constitute reverse discrimination. Godoy and Raychaudhuri report that at least twenty-five companies received similar letters over the last two years. The authors identify that the changes made to these companies’ DEI initiatives primarily involve removing language that said certain programs were for underrepresented groups or modifying executives’ goals for increased racial representation in the work force.
Bloomberg Law, “Contested Nasdaq Board Diversity Rules Take Effect: Explained” (December 21): Bloomberg Law’s Andrew Ramonas reports that, as of December 31, 2023, most companies listed on Nasdaq will need to comply with its recent rules requiring diverse board members or an explanation for why the company does not meet this requirement. Since 2022, listed companies have had to disclose demographic data that board members voluntarily self-report. The new requirements have gone into effect despite two pending petitions for rehearing of the Fifth Circuit’s October decision upholding the rules in Alliance for Fair Board Recruitment v. SEC.

Case Updates:

Below is a list of updates in new and pending cases:

1. Contracting claims under Section 1981, the U.S. Constitution, and other statutes:

Alexandre v. Amazon.com, Inc., No. 3:22-cv-1459 (S.D. Cal. 2022): White, Asian, and Native Hawaiian plaintiffs, on behalf of a putative class of past and future Amazon “delivery service partner” program (DSP) applicants, challenged a DEI program that provides a $10,000 grant to qualifying delivery service providers who are “Black, Latinx, and Native American entrepreneurs.” Plaintiffs alleged violations of Section 1981 and California state civil rights law prohibiting discrimination.
- Latest update: On December 6, 2023, Amazon filed its motion to dismiss the amended complaint. Amazon argued the plaintiffs lack standing because the grant program is only available to DSPs and the plaintiffs are not DSPs and have never applied to become DSPs. Amazon also argued that the plaintiffs failed to state a claim under Section 1981 because they did not allege that Amazon impaired an existing contract or prevented plaintiffs from making a new one on account of race; the fact that the plaintiffs may have been deterred from contracting is not actionable under Section 1981. Additionally, Amazon argued that California civil rights law is inapplicable because it applies to the “proprietor/customer” relationship, not to business-to-business relationships. Finally, Amazon argued that California civil rights law actually allows diversity programs like Amazon’s because it is not invidious discrimination and instead promotes diversity.
Harker v. Meta Platforms, Inc. et al., No. 23-cv-7865 (S.D.N.Y. 2023): A lighting technician who worked on a set where a Meta commercial was produced sued Meta and a film producers association, alleging that Meta and the association violated Title VII, Sections 1981 and 1985, and New York law through a diversity initiative called Double the Line (DTL). Plaintiff also claims that he was retaliated against after raising questions about the qualifications of a coworker hired under the program.
- Latest update: On December 19, 2023, the defendants filed their motions to dismiss in response to the plaintiff’s first amended complaint. Meta and other defendants who operated the program but did not employ the production workers argued first that the plaintiff lacked standing because he did not apply to the position and was not eligible because the program was designed for candidates with less experience. Additionally, they argued that the plaintiff failed to state a Section 1981 claim because he had no contractual or employment relationship with them. And they argued that the plaintiff could not show that race was the but-for cause of his failure to be hired. Something Ideal, the production company that employed the plaintiff, additionally argued that the plaintiff failed to state a retaliation claim because merely asking questions about the DTL program was not protected activity, and he did not actually plead that he had attempted to be re-hired.
Landscape Consultants of Texas, Inc. v. City of Houston, No. 4:23-cv-3516 (S.D. Tex. 2023): Plaintiff landscaping companies owned by white individuals challenged Houston’s government contracting set-aside program for “minority business enterprises” that are owned by members of racial and ethnic minority groups. The companies claim the program violates the Fourteenth Amendment and Section 1981.
- Latest update: On December 13, 2023, defendant Midtown Management District, a political subdivision of Houston that implements the minority business enterprise program, filed its motion to dismiss. Midtown argued that, as a procedural matter, the plaintiffs’ Section 1981 claims should be dismissed because they were not alleged through Section 1983, which Midtown argues provides the relevant cause of action for relief against a local government entity. Midtown also argued that the plaintiffs failed to state a claim under Section 1981 because, under Fifth Circuit law, plaintiffs must demonstrate an actual loss of a contractual interest, and the plaintiffs never alleged they had ever bid on, negotiated, or attempted to secure a contract. Finally, Midtown argued that the plaintiffs failed to state a claim for an Equal Protection violation because they did not make specific factual allegations of disparate treatment or discriminatory intent.
Mid-America Milling Company v. U.S. Dep’t of Transportation, No. 3:23-cv-00072-GFVT (E.D. Ky. 2023): Two plaintiff construction companies sued the Department of Transportation, asking the court to enjoin the DOT’s Disadvantaged Business Enterprise Program (DBE), an affirmative action program that awards contracts to minority-owned and women‑owned small businesses in DOT-funded construction projects with the statutory aim of granting 10% of certain DOT-funded contracts to these businesses nationally. Plaintiffs allege that the program constitutes unconstitutional race discrimination in violation of the Fifth Amendment.
- Latest update: On December 15, 2023, the plaintiffs filed a motion for a preliminary injunction, requesting that the court prohibit the defendants from implementing or enforcing the DBE program’s race and gender requirements and its goals of minority participation. The plaintiffs reiterated their assertion that the DBE program discriminates based on race and gender and fails to meet the requirements of both strict and intermediate scrutiny, because it only targets general “societal” discrimination, rather than specific past episodes of governmental discrimination. As to the preliminary injunction factors, the plaintiffs asserted that their irreparable injury should be presumed because the program allegedly threatened constitutional rights, and that the public interest would be supported by enjoining the allegedly unconstitutional program.
Do No Harm v. Vituity, No. 3:23-cv-24746-TKW-HTC (N.D. Fla. 2023): On December 8, 2023, Do No Harm, an advocacy group representing doctors and healthcare professionals, sued a nationwide physician partnership, claiming its Bridge to Brilliance Incentive Program—a DEI and recruitment program which advertises a sign-on bonus and benefits specifically to qualified Black physicians—violates Section 1981 and Section 1557 of the Affordable Care Act, which prohibits discrimination by healthcare providers receiving federal financial assistance. Do No Harm sought a temporary restraining order (TRO) and preliminary injunction, barring the defendant from closing the application period on December 17, 2023.
- Latest update: On December 14, 2023, the court denied the plaintiff’s motion for a TRO, on the ground that the plaintiff misunderstood the deadline for applications to the program; it also rejected the plaintiff’s request to treat the motion for a TRO as a motion for a preliminary injunction against filling the roles. The court expressed doubt that the plaintiff had standing on the basis of a single member’s declaration. However, in a footnote, the judge stated that “it appears to be undisputed that the challenged program discriminates based on race” and found it noteworthy that the defendants defended the program as permissible under pre-SFFA precedents.

2. Employment discrimination under Title VII and other statutory law:

Langan v. Starbucks Corporation, No. 3:23-cv-05056 (D.N.J. 2023): On August 18, 2023, a white female former employee of Starbucks sued Starbucks, claiming she was wrongfully accused of racism and terminated when Starbucks unsuccessfully attempted to deliver T-shirts supporting the “Black Lives Matter” movement to her store, and accused the plaintiff of rejecting the delivery out of her alleged political opposition to the movement. The plaintiff alleged that she was discriminated and retaliated against on the basis of her race and disability as part of a programmatic favoring of non-white employees, in violation of Title VII, Section 1981, New Jersey antidiscrimination law, the ADA, the ADEA, and alleged state tort claims for emotional distress and negligent hiring.
- Latest update: Starbucks filed its motion to dismiss on December 8, 2023. Starbucks argued that the plaintiff’s New Jersey antidiscrimination and retaliation claims are barred by the statute of limitations because she failed to file within two years of bringing an administrative charge. Starbucks also argued that the plaintiff’s state common law tort claims are barred by the statute of limitations and that she did not plead sufficient facts to make out her claim of emotional distress. Finally, Starbucks argued that the plaintiff failed to plead a Section 1981 claim because she did not plead facts distinct from those supporting her Title VII claims and did not show that race was the but-for cause of the loss of a contractual interest.

3. Challenges to agency rules, laws, and regulatory decisions:

Alliance for Fair Board Recruitment v. SEC, No. 21-60626 (5th Cir. 2021): On October 18, 2023, a unanimous Fifth Circuit panel rejected challenges to Nasdaq’s Board Diversity Rules and the SEC’s approval of those rules. Petitioners Alliance for Fair Board Recruitment and National Center for Public Policy Research sought review of the SEC’s approval of Nasdaq’s Board Diversity Rules, which require companies that have contracted to list their shares on Nasdaq’s exchange to (1) disclose aggregated information about their board members’ voluntarily self-identified diversity characteristics (including race, gender, and sexual orientation), and (2) provide an explanation if fewer than two board members are diverse. The SEC approved the rules after determining that they were consistent with the Exchange Act. Petitioners challenged the rules on constitutional and statutory grounds. Gibson Dunn represents Nasdaq, which intervened to defend its rules.
- Latest update: On December 18, 2023, the SEC and Nasdaq filed responses in opposition to the plaintiff’s petition for en banc rehearing. The SEC argued that, because Nasdaq is a private entity, its actions can be challenged as unconstitutional only if they are “fairly attributable” to the government. However, the fact that the Commission approved Nasdaq’s rule does not make the rule attributable to the government, the SEC argued, because the Securities Exchange Act requires the Commission to approve all rules not inconsistent with the statute. The SEC also argued that the private non-delegation doctrine—which states that regulatory authority may not be delegated to a private entity—was inapplicable. Nasdaq, which is represented by Gibson Dunn, argued that the panel decision correctly held that under Supreme Court and Fifth Circuit precedent Nasdaq is not a state actor, and the Commission’s “yes-or-no” approval process was insufficient to make the action attributable to the SEC. Nasdaq also argued that its rules were consistent with statutory requirements of Section 6(b)(5) of the Exchange Act because they would provide information that would contribute to investors’ investment and proxy voting decisions.
Palsgaard v. Christian et al., No. 1:23-cv-01228-SAB (E.D. Cal. 2023): On August 17, 2023, community college professors in California filed suit, challenging the adoption of the state’s new DEI-related evaluation competencies and corresponding language in the faculty union contract for their local community college district. The plaintiffs allege that the regulations and contract language require them to endorse the state’s views on DEI concepts, and they challenge the regulations and language as compelled speech in violation of the First and Fourteenth Amendments. The plaintiffs sued officials of both the state board that adopted the competencies and the local community college district that negotiated the contract.
- Latest update: On December 25, 2023, the defendants filed their motions to dismiss. The State defendants first argued that the plaintiffs lack standing to sue because the regulations do not apply to the plaintiff professors but rather to the community colleges, which have discretion to implement them through policy and collective bargaining. Relatedly, the State defendants argued that the mere possibility that community colleges might implement the regulations did not sufficiently threaten a risk of harm that would give rise to an Article III injury. They also argued that the plaintiffs failed to state a First Amendment claim because the regulations express the Board’s view and do not include any enforcement mechanisms that would penalize the plaintiffs. Separately, the community college district defendants argued that the plaintiffs lacked standing to assert a pre-enforcement challenge to the regulations. They also argued that the plaintiffs’ collective bargaining agreement waived First Amendment challenges to the provisions at issue. To the extent that they were not waived, the community college district defendants argued that the policies did not violate the First Amendment because regulating plaintiffs’ teaching practices and measuring their proficiencies was not equivalent to regulating speech, and that teachers’ speech in their work capacity is within the realm of permissible regulation.

4. Board of Director or Stockholder Actions:

Ardalan v. Wells Fargo, No. 3:22-cv-03811 (N.D. Cal. 2022): On June 28, 2022, a putative class of Wells Fargo stockholders brought a class action against the bank related to an internal policy requiring that half of the candidates interviewed for positions that paid more than $100,000 per year be from an underrepresented group. The plaintiffs alleged that the bank conducted sham job interviews to create the appearance of compliance with this policy and that this was part of a fraudulent scheme to suggest to shareholders and the market that Wells Fargo was dedicated to DEI principles. The plaintiffs argued that this alleged practice constituted fraudulent misstatements in violation of Sections 10(b) and 20(a) of the Exchange Act in an attempt to maintain artificially high stock prices.
- Latest update: On April 4, 2023, Wells Fargo filed its motion to dismiss, arguing that the plaintiffs failed to state a claim, and, in the alternative, that they failed to adequately plead that Wells Fargo acted knowingly or with deliberate recklessness. On August 18, 2023, the district court granted the motion to dismiss, finding that the plaintiffs did not meet the pleading standards for their fraud claim. The plaintiffs filed an amended complaint on September 8, 2023, which Wells Fargo moved to dismiss on October 23, 2023, reiterating the arguments made in its prior motion.

5. Educational Institutions and Admissions (Fifth Amendment, Fourteenth Amendment, Title VI, Title IX):

Students for Fair Admissions v. United States Naval Academy, No. 1:23-cv-02699-ABA (D. Md. 2023): On October 5, 2023, SFFA sued the U.S. Naval Academy, arguing that consideration of race in its admissions process violates the Fifth Amendment.
- Latest update: On December 14, 2023, the district court heard oral argument on the plaintiff’s preliminary injunction motion and denied the motion from the bench. On December 20, the court issued an opinion, holding that SFFA did not show that it would succeed on the merits of its Equal Protection claim. The court found that SFFA failed to show that the defendants’ justification for race-conscious admissions policies did not satisfy strict scrutiny. Noting that SFFA v. Harvard excluded military academies from its ruling, the court stated that “compelling government interests may justify affirmative action at military academies.” The court also found that as part of the military, the defendants deserved deference that courts traditionally give the military regarding personnel decisions, in contrast to civilian institutions. The court found that the defendants’ use of race was narrowly tailored, as it appeared to be limited and never determinative, and there was evidence the Naval Academy had considered race-neutral alternatives that were ineffective. In denying preliminary relief, however, the court rejected defendants’ contention that SFFA’s reliance on unnamed plaintiffs failed to demonstrate organizational standing, reasoning that protecting members’ anonymity is a core purpose of the organizational standing doctrine.
Boston Parent Coalition for Acad. Excellence Corp. v. The School Committee of the City of Boston, No. 1:21-cv-10330-WGY (D. Mass. Apr. 15, 2021), on appeal at No. 21-1303 (1st Cir. 2021): In an attempt to increase diversity in admissions to three prestigious public schools in the wake of COVID-19, the Boston School Committee adopted an admissions plan for these schools that considered both the students’ grades and the median income of their home zip code. The plaintiff, an organization representing white and Asian students, sued the School Committee, claiming that the plan violated the Equal Protection Clause of the Fourteenth Amendment and Massachusetts state law. In April 2021, the district court found the plan to be constitutional. The plaintiff, who had sought a preliminary injunction, appealed the denial of that motion to the First Circuit, which denied the appeal. After discovering allegedly racist statements by School Committee members, the plaintiff moved for reconsideration of the district court’s judgment, which was denied. The plaintiff appealed again to the First Circuit, again challenging the program as unconstitutional.
- Latest update: On December 19, 2023, the First Circuit affirmed the denial of the reconsideration motion and again affirmed that Boston’s admissions policy for the schools was constitutional. In response to the plaintiffs’ claims that the policy disparately impacted white and Asian students, the First Circuit observed that the new policy “created less disparate impact, not more” than the schools’ previous admission policy, which solely ranked students by grades. Thus, Boston could not be liable under a theory of disparate impact for choosing “between equally valid, facially neutral selection criteria.” The First Circuit also held that, even if the intent of some of the policymakers may have been to increase diversity in the student population, the use of indicators like zip code and income was facially neutral and did not trigger strict scrutiny without more evidence of clearly race-conscious policies. The First Circuit grounded its reasoning in the language of SFFA v. Harvard, which, it found, “identified use of socio-economic status indicators” as a permissible tool for increasing racial diversity.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Blaine Evanson, Molly Senger, Zakiyyah Salim-Williams, Matt Gregory, Zoë Klein, Mollie Reiss, Teddy Rube,* Alana Bevan, Janice Jiang,* Marquan Robertson,* and Elizabeth Penava.*

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, [email protected])

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, [email protected])

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, [email protected])

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, [email protected])

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, [email protected])

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group
Orange County (+1 949-451-3805, [email protected])

*Teddy Rube, Janice Jiang, Marquan Robertson, and Elizabeth Penava are associates working in the firm’s Washington, D.C. office who are not yet admitted to practice law.

New Colorado laws impose sweeping changes to employment practices, such as pay transparency, paid family and medical leave benefits, sick leave, nondisclosure provisions, and more.

On January 1, 2024, a flurry of new employment laws, regulations, and programs will go into effect in Colorado. The laws affect a broad range of employment issues, from job posting requirements to the launch of benefits for the State’s family-leave insurance program. Read together, these laws and regulations continue to add to Colorado’s reputation as one of the most employee-friendly jurisdictions in the United States.

In light of these new laws, employers may wish to review their employment policies and practices as they move into 2024. Additional detail about the most notable aspects of these laws is provided below, including steps employers could consider taking to ensure compliance.

I. Ensure Equal Pay for Equal Work Act (EEPEWA) – Effective January 1, 2024

Signed into law on June 5, 2023, the Ensure Equal Pay for Equal Work Act (“EEPEWA”) – which amends Colorado’s pay transparency law, the Equal Pay for Equal Work Act (“EPEWA”) – goes into effect on January 1, 2024. The EEPEWA, together with the Equal Pay Transparency (“EPT”) Rules issued by the Colorado Department of Labor and Employment (“CDLE”), create significant, new disclosure and notice requirements for employers with even one employee in Colorado.

Steps to consider: Most notably, to comply with the amended requirements, covered employers may consider undertaking the following:

provide notice of each “job opportunity” to employees;
disclose how to apply and the application deadline, in addition to information about compensation and benefits, in both external and internal covered job postings;
disclose certain information about selected candidates to employees with whom the candidate will likely work, and about how employees can express interest in similar jobs in the future;
provide notice to eligible employees of career-progression positions, including the requirements to progress, compensation, benefits, responsibilities, further advancement, and full-time or part-time status; and
continue to preserve records of wages and job descriptions.

Additional detail about the amendments to Colorado’s pay transparency law is provided below.

A. The EEPEWA Requires Employers to Announce “Job Opportunities.”

Under the EEPEWA, employers are required to take reasonable steps to ensure that every “job opportunity” is announced, posted, or made known to all Colorado employees on the same day and before any selection decisions are made. But employers physically outside Colorado that have fewer than 15 remote employees in Colorado need only provide notice of remote job opportunities through July 1, 2029.

The EEPEWA defines a “job opportunity” as a “current or anticipated vacancy” for which an employer is considering or interviewing candidates, or that an employer has posted publicly. Notably, a “job opportunity” does not encompass either “career development” or a “career progression.” “Career development,” as defined in the statute, refers to changes in an employee’s terms of “compensation, benefits, full-time or part-time status,” or job title that recognize an employee’s performance or contributions. And “career progression” means a “regular or automatic” movement from one position to another based on objective metrics, such as time spent in a role.

B. The EEPEWA Requires Disclosing Information About Job Opportunities, Career Progression, and Selected Candidates.

The EPT Rules provide that employers should include in both external job postings and internal job-opportunity notices the application deadline and information about how to apply, in addition to the already-required information about compensation and benefits for any job that can be performed in or from Colorado.

Furthermore, within 30 days of selecting a candidate for a job opportunity, the EEPEWA requires the employer to make reasonable efforts internally to disclose certain information about the selected candidate – at a minimum, to employees who will work with the new hire. This includes (a) the candidate’s name, (b) their former job title (if the candidate was an internal hire), (c) their new job title, and (d) information on how employees can express interest in similar job opportunities in the future. The regulations provide a limited exception to some of these requirements where disclosure would pose risks to a selected candidate’s health or safety.

For positions that constitute “career progression,” moreover, the EEPEWA requires employers to make available to “eligible employees” information about the requirements for such progression, in addition to information about each position’s compensation, benefits, full-time or part-time status, responsibilities, and further advancement. In new regulations issued by the CDLE, “eligible employees” are defined as “those in the position that, when the requirements in the notice are satisfied, would move from their position to another position listed in the notice.” Career progression notices should be made available to eligible employees shortly after beginning any position within a career progression, though employers retain discretion in how to provide these notices (e.g., in an employee’s new hire packet, on a company intranet page accessible by all eligible employees, etc.).

C. The EEPEWA Requires the CDLE to Take Further Protective and Investigative Measures.

Finally, the EEPEWA requires the CDLE to create and implement systems to accept and mediate complaints regarding violations of the sex-based wage equity provision of the EPEWA and create new rules as necessary to accomplish this purpose. Previously, the EPEWA simply permitted the CDLE to take these measures, but did not make them mandatory.

Furthermore, the EEPEWA requires the CDLE to investigate complaints or leads related to sex-based wage inequity (employing fact-finding procedures from the EPEWA), promulgate rules as needed, and order compliance and relief if a violation is found. However, these enforcement actions will “not affect or prevent the right of an aggrieved person from commencing a civil action.” Moreover, the EEPEWA allows plaintiffs bringing sex-based wage discrimination claims to seek back pay going back twice as long as they could previously: up to six years instead of three.

II. Family and Medical Leave Insurance Program (FAMLI) – Benefits Begin January 1, 2024

In November 2020, Colorado voters approved Proposition 118, which required the establishment of a state-run paid Family and Medical Leave Insurance (“FAMLI”) program. The program is mandatory for most employers with one or more employees working in Colorado. While most Colorado employers and employees began paying into the program in 2023, the program will begin providing paid leave benefits to employees starting on January 1, 2024.

Under the FAMLI program, workers generally can take off up to twelve weeks in a one-year period to: (1) care for a new child during the first year after their birth, adoption, or foster care placement; (2) care for a family member with a serious health condition; (3) care for an employee’s own serious health condition; (4) make arrangements for a family member’s military deployment; and/or (5) obtain safe housing, care, and/or legal assistance in response to domestic violence, stalking, sexual assault, or sexual abuse. Individuals with serious health conditions caused by pregnancy or childbirth complications are entitled to up to four additional weeks of FAMLI leave.

Under the law, employees can take the leave continuously, intermittently, or in the form of a reduced schedule, and there is no minimum amount of time the employee must work with a company to be eligible for leave. Employers are required to preserve the employee’s job (or a similar job) for them upon their return if they have worked at the company for at least 180 days. Employees may also choose to use sick leave or other paid time off prior to accessing FAMLI benefits, but cannot be required to do so. In addition, an employer and an employee may mutually agree (in writing) that the employee may use any accrued PTO or other employer-provided leave as a supplement to FAMLI benefits, in an amount not to exceed the difference between the employee’s FAMLI wage replacement benefits and the employee’s average weekly wage. Finally, employees enrolled in the state-run program apply for leave directly to the FAMLI Division, meaning that employers will receive a notice from the FAMLI Division that an employee has applied for FAMLI leave, then whether that period of leave has been approved, without employer discretion to approve or reject such requests.

Steps to consider: Going into 2024, employers should continue to file their premium payments and wage reports, as was already required in 2023. Employers also can update their total employee headcounts by January 31, 2024, to ensure they are charged the correct premiums each quarter. In addition, employers may want to designate on the “My FAMLI+Employer” portal a dedicated point of contact at the company to receive the relevant documentation from the FAMLI Division when an employee files a claim. Employers also can consider training HR employees and managers who handle leave requests from Colorado employees regarding the employer’s obligations and policies pursuant to the FAMLI Act.

Further, employers should update their FAMLI notices with the most updated version, available here. And employers may wish to update their leave policies to address the FAMLI program, with an eye toward ensuring compliance with the FAMLI Act’s notice and non-retaliation requirements, as well as explaining how FAMLI benefits can be used in coordination with other leave benefits the employer may offer, including those under the federal Family and Medical Leave Act. Employers also may want to consider whether to opt into a private plan instead, now that such plans are available.

III. Colorado Overtime and Minimum Pay Standards Order (COMPS Order) – Changes Effective January 1, 2024

The CDLE adopted the 39th edition of Colorado’s wage-and-hour regulations – the Colorado Overtime and Minimum Pay Standards Order (“COMPS” Order) – on November 9, 2023, which will take effect on January 1, 2024.

The new Order is mostly consistent with COMPS Order #38, but there are a few significant changes. Most notably, the COMPS Order purports to expand the definition of “time worked” (i.e., time that employers must compensate employees for) to include even an activity (or combination of multiple activities consecutively) of less than one minute, depending “on the balance of the following factors, as shown by the employer: (A) the difficulty of recording the time, or alternatively of reasonably estimating the time; (B) the aggregate amount of compensable time, for each employee as well as for all employees combined; and (C) whether the activity was performed on a regular basis.” The Order also clarifies rules around tip sharing, among other updates.

Steps to consider: Importantly, the Division also published the 2024 version of Colorado’s wage-and-hour poster and notice, which most employers are required to post and otherwise provide to employees. So employers should update their existing posters/notices with the new poster/notice, which is available here. In addition, employers may wish to consider whether they need to update any of their policies and/or train any employees in connection with the changes created by COMPS Order #39.

IV. Job Application Fairness Act (JAFA) – Effective July 1, 2024

In June 2023, Governor Polis signed into law the Job Application Fairness Act (JAFA), which restricts employers’ ability to inquire initially about applicants’ age. The law covers all public and private employers in Colorado, regardless of company size or industry. It also covers individuals who are “an agent, a representative, or a designee of the employer.”

Under the law, employers cannot ask applicants on an initial application to disclose their date of birth, dates of attendance at an educational institution, dates of graduation from an educational institution, or other similar inquiries that would disclose age (e.g., asking which election they first voted in). Employers may still request additional application materials, such as school transcripts, but are required to notify applicants that they may redact age-related information prior to submission.

The JAFA includes limited exceptions to allow employer compliance with age requirements imposed by or pursuant to: (1) a bona fide occupational qualification related to public or occupational safety, (2) a federal statute or regulation, or (3) a state or local statute or regulation based on a bona fide occupational qualification. However, CDLE guidance makes clear that an employer verifying compliance in an initial application still cannot ask an individual’s specific age.

For example, federal and state law prohibits minors from selling or serving alcoholic beverages. For an initial application for such a position, the employer could ask whether the applicant would be at least 18 when starting work. Only after a job offer was extended could the employer ask the applicant to provide evidence of their specific age without redacting age information.

Steps to consider: In light of this new law, employers may wish to review their job application materials to ensure they do not include any prohibited age-related inquiries. Employers also could consider training hiring managers and interviewers regarding when they may and may not make age-related inquiries.

V. Sick Leave, Nondisclosure Limitations, and Other Changes – Already in Effect Since August 7, 2023

A number of other Colorado employment laws passed in 2023 already went into effect on August 7, 2023. We’ve briefly summarized the most notable of these laws below, with additional detail available in our prior client alert about these laws.

A. New Limits on Nondisclosure Provisions and Other Changes

Wide-ranging amendments to Colorado’s anti-discrimination law took effect on August 7. The amendments void nondisclosure provisions that limit an employee’s ability to disclose or discuss alleged discriminatory or unfair employment practices, unless the nondisclosure provision satisfies certain conditions. Employers who violate this law face a potential $5,000 penalty for each instance in which they include in an agreement a noncompliant nondisclosure provision, as well as potential liability for actual damages, costs, and attorneys’ fees.

The amendments also modified the definition of harassment and replaced the “severe or pervasive” standard for such claims. In addition, the amendments impose limitations on the circumstances under which an employer may assert an Ellerth/Faragher-type affirmative defense (providing employers a safe harbor from vicarious liability resulting from sexual harassment claims against a supervisory employee), including requiring that the employer communicated to supervisors and non-supervisors the existence and details of its complaint and investigation/remediation process.

In addition, the amendments made “marital status” a protected class in Colorado. The amendments also imposed new recordkeeping mandates, requiring employers to maintain personnel and employment records for a minimum of five years, and to “maintain an accurate, designated repository of all written or oral complaints of discriminatory or unfair employment practices.”

Steps to consider: Employers may wish to review any agreements that include nondisclosure provisions, such as separation agreements, settlement agreements, and so on, to ensure those agreements comply with Colorado’s new requirements. Employers also could consider taking steps to ensure they are complying with Colorado’s expanded recordkeeping obligations. In addition, employers may wish to consider whether to update their handbooks and other EEO-related materials to include information about Colorado’s revised definition of harassment, the company’s anti-harassment investigation/remediation process, and the inclusion of marital status as a protected class. Employers also could consider training managers and HR employees on these issues.

B. Expansion of Paid Sick Leave

Since August 7, Colorado employees are allowed to take paid “sick” leave for qualifying bereavement- and disaster-related needs, in addition to the other uses of paid sick leave already required under the prior version of Colorado’s sick leave statute. The CDLE consequently updated the required paid sick leave poster/notice, which is available here.

Steps to consider: Employers may wish to (1) incorporate Colorado’s updated paid sick leave notice into their onboarding documents for Colorado employees and (2) post and provide the updated paid sick leave notice to current Colorado employees by the end of 2023. While not expressly required, it may also make sense to inform or remind HR employees and managers who handle leave requests from Colorado employees that the State has expanded the uses for which employees may use paid sick leave. Employers also could consider whether to update their sick leave and/or PTO policies to address Colorado’s expansion of paid sick leave.

The following Gibson Dunn attorneys prepared this update: Jessica Brown, Marie Zoglo, and Ming Lee Newcomb.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and partners:

Jessica Brown – Partner, Denver (+1 303.298.5944, [email protected])

Jason C. Schwartz – Co-Chair, Washington, D.C. (+1 202.955.8242, [email protected])

Katherine V.A. Smith – Co-Chair, Los Angeles (+1 213.229.7107, [email protected])

Class action filings continue to rise and present substantial exposure to companies. This article previews several issues that will impact these cases in the year ahead, including significant circuit splits and procedural disputes.

I. Three Circuit Splits to Watch …

There are several emerging circuit splits that may be ripe for Supreme Court review, including on ascertainability, “fail-safe” classes, and personal jurisdiction.

A. Ascertainability—What Good Is a Class If You Can’t Tell Who’s In It?

For years, courts have grappled with whether a Rule 23(b)(3) class can be certified if it’s not ascertainable. After all, what good does it do to certify a class if there’s no easy way to tell who is part of it? Most circuits agree that at a minimum, Rule 23 requires that a class be defined using objective criteria. Many practical-minded judges have further recognized that the text, structure, and purpose of Rule 23 also require a reliable and administratively feasible way to determine who is, and who is not, part of a certified class. The Third Circuit recently joined the First and Fourth Circuits in adopting this heightened ascertainability requirement as a formal Rule 23(b)(3) prerequisite. In re Niaspan Antitrust Litig., 67 F.4th 118, 133–34 (3d Cir. 2023); In re Nexium Antitrust Litig., 777 F.3d 9, 19 (1st Cir. 2015); EQT Prod. Co. v. Adair, 764 F.3d 347, 358 (4th Cir. 2014).

But not all courts agree, with some holding that there is no heightened requirement to “ascertain” class members before certification. For example, in Cherry v. Dometic Corp., 986 F.3d 1296, 1304 (11th Cir. 2021), the Eleventh Circuit reasoned that “administrative feasibility” is just one of many factors that courts can consider when assessing certification. In this decision, the Eleventh Circuit joined the Second, Sixth, Seventh, Eighth, and Ninth Circuits in rejecting a strict “ascertainability” requirement in Rule 23(b)(3). See id. at 1302. In the Eleventh Circuit’s view, “administrative difficulties … do not alone doom a motion for certification,” and “manageability problems will rarely, if ever, be in themselves sufficient to prevent certification.” Id. at 1304 (cleaned up).

But is the Eleventh Circuit right? As the Third Circuit observed, if “members of a Rule 23(b)(3) class cannot be identified in an economical and administratively feasible manner, the very purpose of the rule is thwarted.” Niaspan, 67 F.4th at 132. Ascertainability thus goes part in parcel with the objectives that rule makers had in mind when drafting Rule 23. Being able to actually identify class members protects absent class members by ensuring a way to disseminate the “best notice practicable” under Rule 23(c)(2) and helping them understand who is, and is not, bound by a class judgment. See id. at 132 (citing Marcus v. BMW of N. Am., LLC, 687 F.3d 583, 593 (3d Cir. 2012)).

The purpose of the class device is to “save[] the resources of both the courts and the parties by permitting an issue potentially affecting every [class member] to be litigated in an economical fashion under Rule 23.” Califano v. Yamasaki, 442 U.S. 682, 701 (1979). Even in circuits that may not recognize formal ascertainability as a prerequisite to certification, defendants should continue to raise these issues because the Supreme Court may eventually weigh in.

B. Fail-Safe Classes—Do They Fail Rule 23?

Can a class be defined based on the merits of the claim? One problem with a “fail-safe” class is that it creates a “heads I win, tails you lose” proposition for defendants: by defining a class as including only those entitled to relief, such a class would “shield[] the putative class members from receiving an adverse judgment,” because “[e]ither the class members win or, by virtue of losing, they are not in the class and, therefore, not bound by the judgment.” Randleman v. Fidelity Nat’l Title Ins. Co., 646 F.3d 347, 352 (6th Cir. 2011).

Several circuits—including the First, Third, Sixth, Seventh, and Eighth—have adopted a bright-line rule prohibiting fail-safe classes. See Orduno v. Pietrzak, 932 F.3d 710, 716 (8th Cir. 2019); McCaster v. Darden Rests., Inc., 845 F.3d 794, 799 (7th Cir. 2017); Byrd v. Aaron’s Inc., 784 F.3d 154, 167 (3d Cir. 2015); In re Nexium Antitrust Litig., 777 F.3d 9, 22 (1st Cir. 2015); Young v. Nationwide Mut. Ins. Co., 693 F.3d 532, 538 (6th Cir. 2012). Other circuits stop short of a per se prohibition, but have recognized that such classes are inherently suspect. See Olean Wholesale Grocery Coop., Inc. v. Bumble Bee Foods LLC, 31 F.4th 651, 669 n.14 (9th Cir. 2022) (en banc); Cordoba v. DIRECTV, LLC, 942 F.3d 1259, 1276–77 (11th Cir. 2019); EQT Prod. Co. v. Adair, 764 F.3d 347, 360 n.9 (4th Cir. 2014).

But a minority of circuits have rejected such a prohibition. See In re Rodriguez, 695 F.3d 360, 370 (5th Cir. 2012). Earlier this year, the D.C. Circuit declined to impose a prohibition against fail-safe classes. In re White, 64 F.4th 302 (D.C. Cir. 2023). Although it recognized the majority of circuits forbid (or at the very least, strongly discourage) “fail-safe” classes, the D.C. Circuit reasoned that the existing Rule 23 framework adequately addresses these problems. Id. at 312. However, the court did recognize that the issue “is an important, recurring, and unsettled question of class action law.” Id. at 310. The Supreme Court denied a petition for writ of certiorari from this decision, but it may be only a matter of time before this issue reaches the High Court.

C. Personal Jurisdiction in Class Actions—Does the Bristol-Myers Squibb Rule Apply to Nationwide Classes?

Bristol-Myers Squibb Co. v. Superior Court, 582 U.S. 255 (2017), ruled that a California state court could not assert jurisdiction over the tort claims of non-California plaintiffs against a non-California defendant. Since that decision, lower courts have considered whether this “mass tort” rule applies in class actions. In recent years, the Third, Sixth, and Seventh Circuits have held that Bristol-Myers Squibb does not apply in this context, because defendants litigate only against named plaintiffs and not absent class members. See Fischer v. Fed. Express Corp., 42 F.4th 366 (3d Cir. 2022); Lyngaas v. Curaden AG, 992 F.3d 412 (6th Cir. 2021); Mussat v. IQVIA, Inc., 953 F.3d 441 (7th Cir. 2020). These courts reason that “the named representatives must be able to demonstrate either general or specific personal jurisdiction, but the unnamed class members are not required to do so.” Mussatt, 953 F.3d at 447.

These holdings have drawn dissents. In Lyngaas, Judge Thapar argued that courts “cannot just assume that jurisdiction over the class representative’s claims confers jurisdiction over the claims of the class” because, under Bristol-Myers, courts “lack[] the power to decide the absent class members’ claims if they arise from wholly out-of-state activity.” 992 F.3d at 441 (Thapar, J., concurring in part and dissenting in part). Likewise, Judge Silberman dissented from a D.C. Circuit decision holding that this question was not ripe at the pleadings stage: “the class action mechanism … is not a license for courts to enter judgments over claims which they have no power.” Molock v. Whole Foods Mkt. Grp. Inc., 952 F.3d 293, 307 (D.C. Cir. 2020) (Silberman J., dissenting).

Although no court has held that Bristol-Myers expressly applies in the class action context, some courts have applied it to FLSA claims. See, e.g., Fischer, 42 F.4th at 380; Canaday v. Anthem Cos., 9 F.4th 392 (6th Cir. 2021); Vallone v. CJS Sols. Grp., LLC, 9 F.4th 861 (8th Cir. 2021); but see Waters v. Day & Zimmermann NPS, Inc., 23 F.4th 84 (1st Cir. 2022) (holding that Bristol-Myers does not apply to collective actions). In March, the Supreme Court declined a cert petition raising the FLSA issue. Fischer v. Fed. Express Corp., 143 S. Ct. 1001 (2023).

II. … and Four Trends We’re Watching

The following issues involving Article III, “mass” arbitrations, arbitration waiver, and class settlements also continue to percolate in the courts.

A. Article III Injury and Standing in Class Actions

While the Supreme Court has provided guidance on the interplay between class actions and Article III standing, lower courts continue to delineate the metes and bounds of standing for statutory violations—as we have discussed in prior quarterly updates here, here, and here. This question of statutory standing dovetails with another trend we have observed in recent years, which is the continued prevalence of privacy class actions (e.g., class actions alleging data breach, data collection/tracking, statutory privacy claims).

TransUnion LLC v. Ramirez, 594 U.S. 413 (2021), has proved to be a significant decision. In that case, the Supreme Court held that every member of a class certified under Rule 23 must establish Article III standing to be awarded individual damages. It further explained that “an injury in law is not an injury in fact,” and “[o]nly those plaintiffs who have been concretely harmed by a defendant’s statutory violation” have standing. Id. at 427. Although all class members had suffered a statutory violation (for inaccurate information on their credit reports and the company’s failure to disclose information required under the Fair Credit Reporting Act), most did not experience a “physical, monetary, or cognizable intangible harm” necessary to establish a concrete injury under Article III (because the inaccurate credit information was not disclosed to third parties). Id.

While TransUnion requires absent class members demonstrate standing to receive monetary damages, that case involved a jury verdict awarding each class member (including those who were not concretely harmed) both statutory and punitive damages. The Supreme Court did not address how courts should treat motions to certify where the class contains some number of uninjured absent class members, but instead stated that “[p]laintiffs must maintain their personal interest in the dispute at all stages of litigation” and a plaintiff “must demonstrate standing ‘with the manner and degree of evidence required at the successive stages of the litigation.’” TransUnion, 592 U.S. at 431. Courts have disagreed on whether a class may be certified when a single absent class member cannot prove Article III standing.

The majority of courts have held that classes with absent class members who lack standing may be certified, but only if the number of uninjured class members is “de minimis”—though the precise limits remain unsettled. While these cases generally predate TransUnion, they are currently still seen as good law, though TransUnion’s impact is still uncertain. For example, the D.C. Circuit acknowledged that the few decisions involving uninjured class members “suggest that 5% to 6% constitutes the outer limits of a de minimis number” of class members who are uninjured. In re Rail Freight Fuel Surcharge Antitrust Litig.- MDL No. 1869, 934 F.3d 619, 625 (D.C. Cir. 2019). Other courts have similarly held that a class may be certified when the class includes a small number of uninjured class members, but not when the number is so large to defeat predominance.[1]

The Ninth Circuit, on the other hand, rejected the D.C. and First Circuits’ categorical rule precluding certification of a class that includes more than a de minimis number of uninjured class members. Olean Wholesale Grocery Coop., Inc. v. Bumble Bee Foods LLC, 31 F.4th 651, 669 (9th Cir. 2022) (en banc) (“[W]e reject the dissent’s argument that Rule 23 does not permit the certification of a class that potentially includes more than a de minimis number of uninjured class members.”). The en banc court reversed a panel decision adopting the “de minimis” requirement, though it emphasized that individual questions of class members’ injury—both as an element of the underlying claim and as a requirement of Article III—can sometimes predominate over common questions, precluding certification under Rule 23(b)(3). Id.

Similarly, courts have applied the standing requirement inconsistently in the settlement context. In Drazen v. Pinto, the Eleventh Circuit held that every settlement class member must have standing before settlement class can be certified. 41 F.4th 1354, 1359 (11th Cir. 2022), rev’d on other grounds, 74 F.4th 1336 (11th Cir. 2023) (en banc); id. at 1362 (“when a class seeks certification for the sole purpose of a damages settlement under Rule 23(e), the class definition must be limited to those individuals who have Article III standing”). The Second Circuit, on the other hand, certified a Rule 23(b)(2) class where absent class members lacked standing, reasoning that “[s]tanding is satisfied so long as at least one named plaintiff can demonstrate the requisite injury.” Hyland v. Navient Corp., 48 F.4th 110, 117 (2d Cir. 2022).

B. The Continued Rise in “Mass” Arbitrations

In recent years, the Supreme Court has repeatedly recognized that arbitration clauses and class action waivers must be enforced according to their terms. See, e.g., AT&T Mobility LLC v. Concepcion, 563 U.S. 333, 339-344 (2011); Lamps Plus, Inc. v. Varela, 139 S. Ct. 1407, 1415 (2019); Epic Systems Corp. v. Lewis, 138 S. Ct. 1612, 1630-32 (2018). Many plaintiffs’ lawyers have responded to these decisions by filing “mass” arbitrations, often on behalf of claimants who have had no business dealings with the respondents. The strategy is to rack up thousands or millions of dollars in filing fees (which typically are borne solely by the respondents), and to extort a windfall settlement from a company.

This issue recently came to a head in an Illinois case now on appeal, Wallrich v. Samsung Electronics America Inc., No. 22-C-5506, 2023 WL 5935024 (N.D. Ill. Sept. 12, 2023). The plaintiffs filed petitions to compel arbitration on behalf of nearly 50,000 consumers, resulting in an assessment of $4.125 million in initial filing fees by the American Arbitration Association (AAA). Id. at *3. When the defendant declined to pay, plaintiffs filed an action to compel the defendant to arbitration and pay the fees. After dismissing the portion of claimants who failed to properly allege venue, the district court ordered Samsung to pay the filing fees for the 35,000 remaining claimants. Id. at *13. This ruling disregarded evidence that the claimants were leveraging the court and arbitration proceedings to extract a windfall settlement, as well as the fact that compelling arbitration was improper, given that the claimants could either pursue their claims in court or proceed in arbitration by fronting the filing fees. See Mot. to Dismiss Petition to Compel Arbitration, Wallrich v. Samsung Electronics America Inc., No. 22-C-5506 (N.D. Ill.). The court also refused to engage with the question of whether claimants’ filing of mass arbitration was inconsistent with the arbitration agreement’s prohibition on collective actions. Wallrich, 2023 WL 5935024 at *9. This case is now on appeal and is one to watch in 2024.

Wallrich demonstrates that mass arbitration can sometimes impose significant costs on defendants. The risk on both sides of the coin seems to have led to a somewhat slower rise in mass arbitrations than some expected. One survey—the 2023 Carlton Fields Class Action Survey—found that only 3.9% of companies had experienced mass arbitrations in the prior 12 months. See Carlton Fields, 2023 Carlton Fields Class Action Survey, at 29, https://www.carltonfields.com/getmedia/d71bff8d-56f9-4448-89e1-2d7ee3f8fe6a/2023-carlton-fields-class-action-survey.pdf. Nevertheless, practitioners have observed a growth of mass arbitrations, particularly in the consumer and privacy areas, and it is important for defendants to carefully consider how their arbitration agreements may be implemented in the mass arbitration context.

C. Arbitration Waivers After Morgan v. Sundance

Courts continue to grapple with the question of when defendants waive their right to arbitration following the Supreme Court’s 2022 decision in Morgan v. Sundance, 142 S. Ct. 1708, 1714 (2022), which eliminated the longstanding requirement that a party opposing arbitration on the grounds of waiver needed to demonstrate prejudice. Since that decision, while the waiver analysis remains highly fact specific, we have seen that courts are more willing to find waiver. For example, in Hill v. Xerox Business Servs., 59 F.4th 457 (9th Cir. 2023), the Ninth Circuit in a 2-1 decision found that the defendant waived its right to arbitration against absent class members by not moving to compel at outset of the case—even though those absent class members were not yet parties to the proceeding, as no class had been certified. Other circuits have also been more inclined to find waiver. See, e.g., White v. Samsung, 61 F.4th 334 (3d Cir. 2023).

Other circuits are less so willing to find waiver, particularly as to absent class members. For example, the Eighth Circuit concluded that defendant did not waive its right to compel arbitration against absent class members because there were no arbitration agreements with the named plaintiffs, and the defendant moved to compel arbitration promptly after the class was certified. See H&T Fair Hills, Ltd. v. Alliance Pipeline L.P., 76 F.4th 1093 (8th Cir. 2023). The issue of waiver, particularly as to absent class members, thus remains an issue we are actively monitoring going into the next year.

D. Continued Judicial Scrutiny of Class Settlements

Many class actions are ultimately resolved through settlement. Perhaps sparked by vocal objectors—and fueled by high-profile class settlements that are larger than ever—we have continued to see courts taking on active roles in scrutinizing class settlements. See, e.g., Kim v. Allison, 87 F.4th 994 (9th Cir. 2023) (scrutinizing adequacy of named plaintiff). Some of the more frequently litigated issues concern the scope of releases in class settlement agreements; potential conflicts of interest between the lead plaintiffs, counsel, and absent settlement class members; and plans of distribution. See, e.g., In re Blue Cross Blue Shield Antitrust Litig., 85 F.4th 1070 (11th Cir. 2023) (analyzing class releases, adequacy of representation, and fairness of distribution plan). Awards of attorney fees in connection with class settlements also continue to draw objections, with courts keeping a close eye on whether such awards are justified and reasonable. See, e.g., In re Broiler Chicken Antitrust Litig., 80 F.4th 797 (7th Cir. 2023) (vacating fee award and remanding for “greater explanation” to justify award); Lowery v. Rhapsody Int’l, Inc., 75 F.4th 985 (9th Cir. 2023) (holding fees should be based on actual, not theoretical, recovery by class). Because parties should expect potential objectors to scour settlements for potential weaknesses, settling parties review settlement terms carefully to ensure they withstand the watchful eye of objectors and judges alike. Defects in class settlements can result in increased administrative expenses, undermine the certainty and finality that class settlements afford to all parties, and delay the distribution of settlement benefits to the class.

Another issue receiving attention is the practice of awarding incentive awards to named plaintiffs in class settlements. These awards arose several decades ago, and have been increasingly common in class settlements. The theory is that the named plaintiff and class representative should be compensated above and beyond the class recovery, to “incentivize” people to serve as class representatives and to recognize the time and effort spent in discovery and for lending their names to the lawsuit. These awards had been largely non-controversial until a few years ago, when the Eleventh Circuit held that such incentive awards are impermissible under a century-old Supreme Court case prohibiting payment of salaries or expenses for a plaintiff that initiated litigation to preserve securities owed to himself and other creditors. See Johnson v. NPAS Solutions, LLC, 975 F.3d 1244 (11th Cir. 2020) (citing Trustees v. Greenough, 105 U.S. 527 (1882), and Cent. R.R. & Banking Co. v. Pettus, 113 U.S. 116 (1885)). So far, it does not appear there’s much appetite for other circuits to follow the Eleventh Circuit’s approach, and incentive awards remain permissible in all other circuits. The Supreme Court also denied a petition for review of the Eleventh Circuit’s Johnson decision, suggesting that the Eleventh Circuit will remain the outlier for the foreseeable future.

One final issue that bears watching is the rise of fraud in class settlement administration. In recent years, there have been reports of fraudulent claims activity in connection with some class settlements, including the use of automated “bots” to submit fraudulent claims en masse from suspicious IP addresses or email domains. These efforts have picked up considerably over the last year. This type of sophisticated fraud jeopardizes settlement approval, harms legitimate class members, and undermines trust in the process. While these criminals are using increasingly sophisticated technology to perpetrate fraud, settlement administrators are developing new tools to detect and weed out fraud during settlement administration. Parties should ensure that administrators are capable to handle these sophisticated fraud efforts.

__________

[1] See, e.g., In re Asacol Antitrust Litig., 907 F.3d 42, 47, 51-58 (1st Cir. 2018) (denying class certification when thousands of class members suffered no injury); see also Krakauer v. Dish Network, L.L.C., 925 F.3d 643, 657–59 (4th Cir. 2019) (rejecting argument that uninjured class members should preclude certification because “there is simply not a large number of uninjured persons”); Messner v. Northshore Univ. HealthSystem, 669 F.3d 802, 825 (7th Cir. 2012) (recognizing “‘a class should not be certified if it is apparent that it contains a great many persons who have suffered no injury at the hands of the defendant,’” but acknowledging “[t]here is no precise measure for ‘a great many’”); Cordoba v. DIRECTV, LLC, 942 F.3d 1259, 1277 (11th Cir. 2019) (stating that when a large portion of the class does not have standing, individualized issues may predominate).

The following Gibson Dunn lawyers contributed to this update: Christopher Chorba, Kahn Scolnick, Michael Holecek, Wesley Sze, Emily Riff, and Lena Cohen.

Gibson Dunn attorneys are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Class Actions, Litigation, or Appellate and Constitutional Law practice groups, or any of the following lawyers:

Theodore J. Boutrous, Jr. – Los Angeles (+1 213.229.7000, [email protected])
Christopher Chorba – Co-Chair, Class Actions Practice Group – Los Angeles (+1 213.229.7396, [email protected])
Theane Evangelis – Co-Chair, Litigation Practice Group, Los Angeles (+1 213.229.7726, [email protected])
Lauren R. Goldman – New York (+1 212.351.2375, [email protected])
Kahn A. Scolnick – Co-Chair, Class Actions Practice Group – Los Angeles (+1 213.229.7656, [email protected])
Bradley J. Hamburger – Los Angeles (+1 213.229.7658, [email protected])
Michael Holecek – Los Angeles (+1 213.229.7018, [email protected])
Lauren M. Blas – Los Angeles (+1 213.229.7503, [email protected])

Any taxpayer seeking to transfer or receive a direct payment in respect of credits must complete a registration process and obtain a registration number for each eligible credit property before claiming the credit or refund.

On December 22, 2023, the IRS and Treasury unveiled their new pre-filing registration portal (available here) for transferrable and refundable tax credits under the Inflation Reduction Act of 2022 (the “IRA”)[1] and the CHIPS and Science Act of 2022 (the “CHIPS Act”). As discussed in greater detail in our earlier alerts about the transferability of IRA tax credits (available here) and the direct payment rules related to these credits (available here), any taxpayer seeking to transfer or receive a direct payment in respect of credits must complete a registration process and obtain a registration number for each eligible credit property before claiming the credit or refund. Without a registration number, no tax credit transfer or direct payment is permitted, so understanding the process for obtaining a registration number will be critical to taxpayers seeing to take advantage of IRA and CHIPS Act incentives.

In connection with rolling out the new pre-filing registration portal, the IRS provided detailed (64 pages, plus appendices) instructions (available here). These instructions explain how to access and use the pre-filing registration portal,[2] describe the information that must be submitted (including both general information applicable to all taxpayers using the portal and credit-specific information),[3] explain the process that taxpayers with multiple qualifying projects or facilities should use (including specifying procedures for bulk registrations),[4] describe the process that the IRS will utilize if it requires additional information from a taxpayer,[5] clarify which person is required to submit a registration (including addressing consolidated groups and disregarded entities),[6] and clarify the process that should be followed if facts change after a registration number is obtained.[7]

Although a comprehensive discussion of the portal and its explanatory instructions is beyond the scope of this alert, we have included ten, important observations below:

Lengthy Waiting Period Required – The instructions recommend that taxpayers make sure to budget 120 days for receipt of a registration number after submission, assuming no comments. This recommendation suggests that the IRS review period for submissions may be lengthy.

Get in Line Quickly – The instructions note that applications for registration numbers will be processed in the order in which the applications are received. Taxpayers seeking to transfer credits will want to move as quickly as possible to get in line.

Don’t Lose Your Spot in Line – If the IRS makes a follow-up request to an applicant before providing a registration number, but the applicant fails to respond that request in a timely fashion, the applicant will be pushed to the back of the line. For this reason, applicants should put in place processes to make sure they are carefully monitoring the IRS portal after submitting a request for a registration number.

One Registration Package Per Year – The portal allows only one registration package per taxable year per applicant. So, for example, even if an applicant has multiple facilities for which registration numbers are needed, that applicant can submit only one registration package. Once a package is submitted, no adjustments are allowed until the IRS has responded to the package. (An amended submission can be made, but only after the IRS has provided its response.)

Advisors May Not be Welcome – The portal requires the person applying for a registration for an entity transferor to certify that the person is “a corporate officer, partner, guardian, executor, receiver, administrator, trustee, or individual other than the taxpayer” and that they “have the legal authority to execute [the] authorization on behalf of the taxpayer.” The instructions go on to state that information submitted will be compared to information in IRS records and that errors in creating a portal account for a business result in a 24 hour lockout. Based on these statements, it is not clear whether an advisor can complete the registration on behalf of a taxpayer. It would be useful for the IRS to clarify whether representatives may assist in obtaining registration numbers.

Know Which EIN to Use – The instructions for the portal include detailed directions regarding employer identification numbers (“EINs”), including rules related to the EIN to use in the case of a disregarded entity (for disregarded entities owned by trusts/individuals, the disregarded entity’s name and EIN is used, and for disregarded entities owned by other taxpayers, the EIN and name of the regarded owner is to be used), and rules that apply to consolidated groups (the EIN for the consolidated parent must be utilized).

Collect Necessary Information and Documents in Advance – Applicants are required to submit detailed information, both about themselves and about the projects for which registration numbers are being sought. In addition, for many of the credits, various documents (or summaries of documents) are required. While this information (e.g., longitude and latitude coordinates that pinpoint a project location precisely (within inches)) and these documents will undoubtedly help guard against fraud, it is reasonable to anticipate that the burden on taxpayers will not be insignificant, and it will be important for applicants to collect all needed materials in order to make sure the submission process goes smoothly.

Bulk Submissions – The online application portal allows applicants to submit requests for registration numbers related to multiple facilities in bulk (using a spreadsheet that can be downloaded from the portal). This will be particularly useful for applicants that have many projects with many facilities (e.g., a wind farm), given that a separate registration number is required for each facility. As mentioned, however, each taxpayer is not allowed to have more than one application process outstanding at a particular time.

In-Service Dates Are Key. No pre-filing registration is allowed for a facility before the date on which the facility is placed in service. For tax credit transferees that demand that a registration number be obtained before the payment for tax credits, this feature may affect transactions or financings related to credits.

Watch Out for Traps – The pre-filing registration process prioritizes fraud prevention over flexibility. Thus, it is important to remember that a registration number is specific to a type of election (i.e., transfer vs. direct pay), type of credit, facility/property, tax period for the election, and the owner of the facility/property. If any of these changes, a new registration number will be required. For corporations, if a corporation has obtained a registration number and subsequently joins or leaves a consolidated group, a new registration number will be needed.

__________

[1] As was the case with the so-called Tax Cuts and Jobs Act, the Senate’s reconciliation rules prevented Senators from changing the Act’s name, and the formal name of the so-called Inflation Reduction Act is actually “An Act to provide for reconciliation pursuant to title II of S. Con. Res. 14.”

[2] The IRS and Treasury have partnered with ID.me, a third-party technology provider, to provide identity verification and sign-in services. The portal requires each taxpayer to create an account, and, if the person submitting the filing is not the taxpayer (e.g., in the case of transferors that are entities), mandates an authorization process, which requires submission of information about both the taxpayer and the person acting on behalf of the taxpayer

[3] All taxpayers must submit their name, address, entity type, bank account information (required for verification), tax period to which the election relates, types of tax returns filed by the taxpayer, and (if applicable) information about consolidated subsidiaries. In addition, information about the type of election being made (i.e., direct pay vs. transfer), key dates (including beginning of construction and placement in service) and facility/property location is required for many credits. Moreover, many credits require the submission of unique, credit-specific information or attestations. For example, for a taxpayer seeking to register production tax credits, an attestation is required that no investment tax credit under section 48 will be claimed for the facility/property.

[4] The portal requires that each taxpayer have no more than a single submission outstanding at a given time. The portal allows taxpayers who require numerous registration numbers to make a bulk submission using a specific format.

[5] Once a submission has been made, the IRS will utilize the portal to communicate with the taxpayer, although it is possible for taxpayers to opt into email alerts.

[6] The relevant rules are very specific, and not always intuitive, particularly the rules that apply to disregarded entities and consolidated groups. These rules are discussed in greater detail below.

[7] At a high level, and as discussed in greater detail later on in this alert, a new submission is generally required.

The following Gibson Dunn attorneys prepared this update: Mike Cannon and Matt Donnelly.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Tax or Power and Renewables practice groups, or the authors:

Tax:
Michael Q. Cannon – Dallas (+1 214.698.3232, [email protected])
Matt Donnelly – Washington, D.C. (+1 202.887.3567, [email protected])

Power and Renewables:
Peter J. Hanlon – New York (+1 212.351.2425, [email protected])
Nicholas H. Politan, Jr. – New York (+1 212.351.2616, [email protected])

The case is an example in which the UK Competition and Markets Authority focused on innovation theories of harm in its assessment. It also is notable in that the proposed remedies would effectively amount to a prohibition of the proposed merger.

On 18 December 2023, Adobe and Figma (together, the “Parties”) mutually agreed to terminate their $20 billion merger deal (the “Proposed Merger”), after they concluded that there was “no clear path” to get clearance from EU and UK antitrust regulators. This case is an example in which the UK Competition and Markets Authority (“CMA”) focused on innovation theories of harm in its assessment, and is further notable in that the CMA’s proposed remedies would effectively amount to a prohibition of the Proposed Merger.

Background

On 13 July 2023, the CMA announced that it had decided to refer the Proposed Merger for an in-depth Phase 2 investigation under the Enterprise Act 2002. In its Phase 1 investigation, the CMA found that the Parties compete in the supply of: (i) screen design software (where Figma has established a substantial share of the market and Adobe has been continually making investments), and (ii) creative design software (where Adobe is the industry standard and Figma is an emerging competitive threat).

The CMA provisionally concluded that the merger may be expected to result in a substantial lessening of competition (“SLC”) in the global markets for: (i) all-in-one product design software for professional users, and (ii) certain creative design software (vector and raster editing software).

Theories of harm considered by the CMA focused on innovation and potential competition

SLC in all-in-one product design software

In its assessment of the potential SLC in all-in-one product design software, the CMA noted that Figma accounts for over 80% of the relevant market by revenue, and that Adobe’s competing product, Adobe XD, has a market share of 5-10%. Also, Adobe had significantly reduced investment in Adobe XD prior to the Proposed Merger, and had also cancelled the development of a new product design software (Project Spice) which would compete more strongly with Figma in product design. The CMA provisionally found that, absent the Proposed Merger, Adobe would have continued to be a close competitor of Figma through its innovation efforts in an all-in-one product design software.

SLC in vector and raster editing software

The competitive harm identified by the CMA in the market for vector and raster editing software was expansive in that the Parties do not currently compete in this market; rather, Figma is a potential competitor of Adobe. The CMA’s provisional conclusion was rooted in the premises that Figma has the ability and incentive to develop vector and raster editing functionality, and Adobe perceived Figma to pose a competitive threat, and undertook actions to mitigate this threat, for example through product development.

Notably, the CMA considered that the markets for vector and raster editing software on the one hand and product design software on the other are adjacent. Particularly, Adobe and Figma’s platforms are characterised by network effects, which cause the value of their respective platforms to increase with the number of users, and, importantly, operate across markets. This means, for example, that the value of Figma’s vector and raster editing offerings is greater the more Figma is used for product design, and vice versa. This consideration of network effects is indicative of the new focus by competition regulators on mergers that involve several linked markets (or “ecosystems”), a theory of harm that was central in the European Commission’s prohibition of the Bookings / eTraveli merger.

Remedies proposed by the CMA

In response to its provisional findings, the CMA only presented two possible structural remedies, in keeping with its preferred stance, in its notice to the Parties:

Prohibition of the merger (being regarded by the CMA as a “feasible remedy” that provides a “comprehensive solution”); and
Divestiture of overlapping operations to eliminate the SLC in each of the markets in which the CMA provisionally identified an SLC.

Despite presenting these two options, the CMA acknowledged that, as substantially all of Figma’s business is carried out in the all-in-one product software market, which includes its leading product, Figma Design, this would effectively mean that any ‘partial’ divestiture involving Figma operations would in reality be substantially similar to prohibition of the Proposed Merger.[1]

Likewise, as the CMA remained of the belief that, absent the Proposed Merger, Adobe would have continued to compete with Figma in all-in-one product design and has a strong position in an adjacent market, any partial divestiture involving Adobe assets may not be sufficient to restore the conditions of competition that would have prevailed absent the Proposed Merger.[2]

The CMA also considered, given the nature of the relevant products in the digital design sector, there may be an unacceptably high level of composition risk relating to identification, allocation and transfer of assets arising from the carve-out of any divestiture package; for example, Adobe’s businesses are closely integrated with its operations in creative design.[3]

Increased reliance by CMA on parties’ internal documents

The CMA’s provisional findings in Adobe / Figma also demonstrate its continued reliance on the internal documents of parties when considering evidence for a proposed merger, despite the Parties’ submission in this case that such evidence had been “mischaracterised and misunderstood” by the CMA. Importantly, the CMA considered that some documents evidenced concerns by Adobe’s management over the competitive threat from Figma weeks before the Proposed Merger was announced. The CMA’s approach in this case is reflective of a wider trend of the CMA increasingly relying on internal documents in merger investigations.

Parallel European Commission investigation also focused on innovation and potential competition

In parallel to the CMA’s probe, the European Commission (“EC”) opened a Phase 2 investigation into the Proposed Merger on 7 August 2022, citing similar competition concerns to the CMA in the markets for the supply of product design and digital asset creation tools. In its statement of objections, the EC set out the provisional view that the Proposed Merger may significantly reduce competition in both of these markets, with reasoning that was substantially similar to the CMA’s. Following the abandonment of the Proposed Merger, Executive Vice-President Vestager commented that the Proposed Merger “would have terminated all current and prevented all future competition between [the Parties]”, emblematic of the EC’s continued focus on innovation and the safeguarding of potential future competition.

Conclusion

The approach of the CMA and EC in the Adobe / Figma case indicates an intention on the part of the agencies to continue to be seen as strong enforcers, particularly in the tech space and anywhere innovation or future competition could be seen to be put at risk through merger activity. It serves as a warning that it is important for legal teams to acknowledge the scale of risks that a deal may pose and to address those risks upfront and early.

Key steps for companies contemplating deals that may raise these kinds of risks include building in sufficient time at the outset for thorough internal document review to pick up potential sources of concern, stress-testing of efficiencies and pro-competitive arguments, and early consideration of possible remedy packages. Early substantive engagement with the agencies’ possible theories of harm and potential remedies will also be key. In this respect, the proposed amendments to the CMA’s Phase 2 processes are intended to encourage exactly this kind of engagement.

__________

[1] CMA Notice of possible remedies (28 November 2023), paragraph 27.

[2] CMA Notice of possible remedies (28 November 2023), paragraphs 28 – 29.

[3] CMA Notice of possible remedies (28 November 2023), paragraph 31.

The following Gibson Dunn attorneys prepared this update: Deirdre Taylor, Attila Borsos, Molly Heslop, and Konstantinos Flogaitis.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Antitrust and Competition, Mergers and Acquisitions, or Private Equity practice groups, or the following authors and practice leaders:

Antitrust and Competition:
Attila Borsos – Brussels (+32 2 554 72 11, [email protected])
Rachel S. Brass – San Francisco (+1 415.393.8293, [email protected])
Ali Nikpay – London (+44 20 7071 4273, [email protected])
Cynthia Richman – Washington, D.C. (+1 202.955.8234, [email protected])
Christian Riis-Madsen – Brussels (+32 2 554 72 05, [email protected])
Deirdre Taylor – London (+44 20 7071 4274, [email protected])
Stephen Weissman – Washington, D.C. (+1 202.955.8678, [email protected])

Mergers and Acquisitions:
Robert B. Little – Dallas (+1 214.698.3260, [email protected])
Saee Muzumdar – New York (+1 212.351.3966, [email protected])

Private Equity:
Richard J. Birns – New York (+1 212.351.4032, [email protected])
Wim De Vlieger – London (+44 20 7071 4279, [email protected])
Federico Fruhbeck – London (+44 20 7071 4230, [email protected])
Scott Jalowayski – Hong Kong (+852 2214 3727, [email protected])
Ari Lanin – Los Angeles (+1 310.552.8581, [email protected])
Michael Piazza – Houston (+1 346.718.6670, [email protected])
John M. Pollack – New York (+1 212.351.3903, [email protected])

Los Angeles partner James Zelenay and Denver associate Jeremy Ochsenbein are the authors of “Inside Higher Education’s New FCA Liability Challenges” [PDF] published by Law360 on December 21, 2023.

London and Paris partner Robert Spano, Washington, D.C. associate Emily Lamm and London associate Hayley Smith are the authors of “A Green Light for EU AI Act,” [PDF] published by the Daily Journal on December 19, 2023.