JANUARY 202 2 VOLUME 1 8 / NUMBER 10 TODAYSGENER ALCOUNSEL.COM
Personal liability for company misdeeds
$199 SUBSCRIPTION RATE PER YEAR ISSN: 2326-5000 ISSUU.COM/TODAYSGC
• • • • • •
Hyperlinked content and e-discovery Collaborating with the CMO Former GC discusses risk management Preserving privilege for data breach investigations Keeping your IP when you lose an employee Canada limits foreign investment
TAKE A CLOSER LOOK AT:
A FLEXIBLE PARTY-CENTERED APPROACH TO INTERNATIONAL DISPUTE RESOLUTION. At the center of every dispute are the organizations and people involved. Our mission is to assist parties in resolving their disputes faster, and more cost-efficiently. That’s why we developed a party-centered suite of resolution services backed by the American Arbitration Association® that minimizes the impact a dispute has on business. See all the reasons to choose the ICDR® at icdr.org.
GLOBAL EXPERTISE Matters. icdr.org
|
+1.212.484.4181
©2021 American Arbitration Association, Inc. All rights reserved.
contents 4 EDITOR’S DESK E-DISCOVERY
8 LINKED CONTENT STRAINS E-DISCOVERY WORKFLOWS "Next-level" ESI is a daunting legal and technical challenge. By Tim Anderson and Ryan Gaudet
JANUARY 2022 Volume 18 / Number 10
COLUMN/CLIMBING THE LEGAL DEPARTMENT LADDER
14 STRENGTHENING THE GC-CMO RELATIONSHIP Highlight potential legal pitfalls before too much marketing team time has been invested. By Andrea Bricca
CYBERSECURITY
10 PRESERVING PRIVILEGE IN DATA BREACH INVESTIGATIONS One eye always on future litigation. By J. Randall Boyer HUMAN RESOURCES
12 KEEPING VALUABLE IP WHEN A KEY EMPLOYEE JUMPS TO A COMPETITOR Convert ideas into patentable conceptions. By Jeffrey D. Morton, April M. Wurster, Brandon Buck and Kevin M. Brown
FEATURES
16 THE ROLE OF THE GC: Q&A WITH IRA H. RAPHAELSON Risk management is art, not science. By Kevin Bolan and Ira H. Raphaelson 18 RISK OF PERSONAL LIABILITY DESPITE INCORPORATION Insolvency raises the stakes. By Kenneth A. Rosen, Wojciech F. Jung and Michael Papandrea 20 CANADA’S NEW NATIONAL SECURITY PRIORITIES Expanded criteria for foreign investment. By Andrew House and MacNeal Darnley JANUARY 202 2 TODAYSGENERALCOUNSEL.COM
3
EDITOR’S DESK
A
recent survey by the London-based insurance brokerage firm McGill and Partners highlights the increasing regulatory scrutiny of corporate directors and officers, and their
growing concern about personal liability. The cost of mounting a defense in regulatory litigation can be millions, and if an individual director or officer is found guilty, D&O insurers are typically off the hook. In this issue of Today’s General Counsel, Kenneth A. Rosen and his colleagues write about the risk of personal liability, especially in the case of insolvency. Claims against officers and directors have become common in bankruptcy, and regulators are eager to impose personal liability on "control persons" when taxes remain unpaid. In other articles, Tim Anderson and Ryan Gaudet discuss the impact of uncommon data sources on discovery, and J. Randall Boyer shows how a lawsuit filed under the California Consumer Privacy Act highlights the importance of conducting internal investigations in a way that shields them from discovery. In her column this month, Andrea Bricca writes about what’s at stake in the General Counsel’s relationship with the Chief Marketing Officer. In consumer-facing industries there are legal risks, as well as risks to the brand itself.
Bob Nienhouse, Editor-In-Chief bnienhouse@TodaysGC.com
4
TODAYSGENERALCOUNSEL.COM JANUARY 202 2
BACK TO CONTENTS
Mass arbitration claims without massive arbitration filing fees Contact us: FedArb has developed an approach that streamlines the mass arbitration process and reduces cost, while maintaining a focus on equitable outcomes for all parties: a Multidistrict Litigation-type panel to deal with issues common to all claims, and respected former jurists to address individual issues as needed.
650.328.9500 info@fedarb.com www.fedarb.com
Benefits of the FedArb Mass Arbitration Approach: • Consolidating common issues of fact and law speeds the process • Minimal front-end filing fees • Online claims submissions • Expedited claims payments to employees • An “opt-out” provision to ensure fairness
Join leading companies in proactively modifying employee arbitration procedures to reduce the cost and expedite mass arbitration claims. Learn more: www.fedarb.com/framework-for-mass-arbitration
EDITOR-IN-CHIEF Robert Nienhouse
MANAGING EDITOR
EXECUTIVE EDITOR
SENIOR EDITOR
David Rubenstein
Bruce Rubenstein
Barbara Camm
CHIEF OPERATING OFFICER
CONTROLLER
Stephen Lincoln
Manuel Rosas
DIGITAL EDITOR
DATABASE MANAGER
Catherine Lindsey Nienhouse
Patricia McGuinness
ART DIRECTION & PHOTO ILLUSTRATION MPower Ideation, LLC
CONTRIBUTING EDITORS AND WRITERS Tim Anderson Kevin Bolan J. Randall Boyer Andrea Bricca Kevin M. Brown Brandon Buck MacNeal Darnley Ryan Gaudet
Andrew House Wojciech F. Jung Jeffrey D. Morton Ira Raphaelson Kenneth A. Rosen Michael Papandrea April M. Wurster
EDITORIAL ADVISORY BOARD Dennis Block
GREENBERG TRAURIG, LLP
Thomas Brunner
WILEY REIN
Peter Bulmer
JACKSON LEWIS
Mark A. Carter
DINSMORE & SHOHL
James Christie
SUBSCRIPTION Subscription rate per year: $199 For subscription requests, email subscriptions@todaysgc.com
BLAKE CASSELS & GRAYDON
Adam Cohen
FTI CONSULTING
Jeffery Cross
FREEBORN & PETERS
Thomas Frederick
WINSTON & STRAWN
Jamie Gorelick REPRINTS For reprint requests, email Lisa Payne lpayne@mossbergco.com Mossberg & Company Inc.
WILMERHALE
Robert Haig
Thurston Moore
Robert Heim
Robert Profusek
Joel Henning
Art Rosenbloom
Sheila Hollis
George Ruttinger
David Katz
Jonathan S. Sack
Steven Kittrell
Victor Schwartz
KELLEY DRYE & WARREN
DECHERT
JOEL HENNING & ASSOCIATES
DUANE MORRIS
WACHTELL, LIPTON, ROSEN & KATZ
MCGUIREWOODS
HUNTON & WILLIAMS
JONES DAY
CHARLES RIVER ASSOCIATES
CROWELL & MORING
MORVILLO, ABRAMOWITZ, GRAND, IASON & ANELLO, P.C.
SHOOK, HARDY & BACON
Nikiforos latrou
Jonathan Schiller
Timothy Malloy
Robert Zahler
WEIRFOULDS
MCANDREWS, HELD & MALLOY
Steven Molo
BOIES, SCHILLER & FLEXNER
PILLSBURY WINTHROP SHAW PITTMAN
MOLOLAMKEN
All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, without the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients. Today’s General Counsel (ISSN 2326-5000) is published ten times per year by Nienhouse Group Inc., 30 S. Wacker Drive, Suite 2200, Chicago, Illinois 60606 Image source: iStockphoto | Copyright © 2022 Nienhouse Group Inc. Email submissions to editor@todaysgc.com or go to our website www.todaysgeneralcounsel.com for more information.
STAY CURRENT WITH OUR RESOURCE CENTER White Papers Webinars Product Guides Case Studies Industry Analysis And more!
Visit Today’s GC Resource Center
Click the Resources to tab to visit our library of free downloadable content provided by experts and vendors within the legal industry and stay current in a rapidly changing world.
TODAYSGCRESOURCES.COM @TodaysGC
Follow us
Like us
E-DISCOVERY
Linked Content Strains E-Discovery Workflows By TIM ANDERSON AND RYAN GAUDET
I
n March 2021, a U.S. district court judge made a significant ruling regarding the definition of hyperlinked content and the requirement to produce it in the context of other electronically stored information. In short, the judge determined, contrary to plaintiff’s arguments, that hyperlinked documents within emails, chat applications and cloud drives are not considered attachments. While this ruling was definitive and consistent with popular opinion in the e-discovery arena, it emphasized the uncertainty that is persistent among legal teams today regarding how uncommon data sources interact
8
with traditional e-discovery workflows and requirements. Non-traditional, nuanced and emerging electronically stored information (ESI) is seemingly endless. And while legal teams are barely keeping up with the pace of questions about discoverability and the collection challenges associated with collaboration, short-form and cloud-based data, they must also contend with an increasing range of review and production obstacles. Hyperlinked content is one of these “next-level” issues that we’re starting to see, and around which teams are likely to face, several complex legal and technical issues.
TODAYSGENERALCOUNSEL.COM JANUARY 202 2
Even with the recent ruling that hyperlinked documents do not qualify as attachments, expect an ongoing debate. Not everyone agrees about what constitutes an attachment. One school of thought suggests that if a file is linked in a message, it is an attachment and therefore should be included in the pool of data that is collected and reviewed in relation to the relevant message. However, links don’t operate the same way attachments do. Not every recipient has access, or the same type of access, and linked content is not static. Variations and new versions are being created all the time. Sometimes a shared link is BACK TO CONTENTS
not one document but an entire folder, in which case teams must determine whether every item in the folder is in scope for collection and review. The issue of access is particularly nuanced. In some systems, the primary interface for sharing links is in the system itself, so links are often sent as a notification within that system rather than a link copied and pasted into email. And each user who receives the link will have varying levels of access that restrict whether they may view, edit, download and/ or share the file or folder. Links are also often generated with time restrictions. A link may only remain active for a certain duration, or user access may become invalid after a certain period. This presents a significant preservation challenge. Does an organization have a duty to preserve something that was only activated for
Legal teams are barely keeping up with the pace of questions about discoverability. six months? How do existing governance protocols apply if the governance rules were set before this type of system came into use? And even if the legal team is able to preserve a linked item, how does counsel align the version history with the messages that included the links and the custodians’ varying access permissions to uncover facts during review? What is the time involved and the cost of doing so? In addition to navigating access and version history challenges, it may also be difficult for responding parties to convince the opposing BACK TO CONTENTS
side that linked content isn’t relevant. By extension, ESI protocols and requests are likely to become more targeted to include any content hyperlinked in an email, document or message thread that comes into scope. These issues will continue to present challenges for legal teams and e-discovery practitioners until a new context, definition and proportionality for linked content is set by the courts and industry standards groups.
REVIEW ISSUES Review presents another set of considerations. Technology assisted review (TAR) workflows are not equipped to ingest linked content, delineate it from other documents, and determine its relevancy as something other than a stand-alone document. Likewise, review platforms don’t currently have built-in tools to draw parallels between a collected message and a hyperlinked piece of content that was referenced within it, as they can with traditional attachments. In such circumstances, if linked content is loaded into the platform as an independent file, the review team must either create a workflow to “attach” the linked content to related messages, or else spend time manually reviewing and identifying connections. One key problem with linked content is that the intent of the individual who sent the link is not always clear. The response of the recipient is similarly unclear. A recipient may not respond to a message containing a link, but rather may visit the link and comment directly within the file. To deal with this, data and e-discovery experts will need to create new workflows and capabilities that use segmentation and rendering to understand in a
meaningful way how linked content interacts with the rest of a dataset. For teams that have not faced this issue before, these disruptions to standard e-discovery workflows could tip the scales of reasonableness in review time and cost. The expansion of the data footprint to include a widely diverse universe of ESI has required legal teams to make judgment calls over issues with which they have no prior experience. And because technical challenges are so nuanced, there is a high risk that teams will make incorrect (and costly) collection, processing, review and production decisions. Understanding the medium at hand and investing early on in expertise and workflows to prepare for issues that can occur is the surest way to maintain efficient and effective e-discovery when linked content or another uncommon form of data is involved.
Tim Anderson is a Managing Director in FTI Consulting’s Technology segment. He has more than 20 years of experience in legal technology and specializes in developing strategies for the preservation, collection, analysis, review and production of information stored in emerging enterprise data sources. tim.anderson@fticonsulting.com Ryan Gaudet is a director in the Technology segment at FTI Consulting. He has experience consulting with corporate legal departments, IT, compliance groups, outside counsel and government agencies for e-discovery, information governance and investigations. ryan.gaudet@fticonsulting.com
JANUARY 202 2 TODAYSGENERALCOUNSEL.COM
9
DATA PRIVACY & CYBERSECURIT Y
Preserving Privilege in Data Breach Investigations By J. RANDALL BOYER
F
orensic examination of data systems is critical when responding to a data breach. However, with lawsuits under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) emerging as an additional threat, companies doing business in California are well-advised to undertake these investigations in a way that shields them from discovery. A decision
10
from a CCPA case, In re Blackbaud, Inc., stands as a timely reminder. Blackbaud, Inc. is a cloud computing, account management and billing services company that was the victim of a ransomware attack in early 2020. The company paid the ransom in exchange for return of customer personal data and a promise that the hackers would destroy any and all copies of the data. Despite that promise, whether
TODAYSGENERALCOUNSEL.COM JANUARY 202 2
and to what extent personal data was divulged or retained remains unknown. The incident, unsurprisingly, spawned several lawsuits, including a CCPA class action filed in the Central District of California. The named plaintiff alleged that Blackbaud had not taken reasonably available steps to prevent the breach. These suits are currently proceeding in multi-district BACK TO CONTENTS
litigation in the District of South Carolina. The district court ordered Blackbaud to produce a forensic report its consultants had prepared while investigating the breach. The court ruled that plaintiffs should be able to consult the forensic report in preparation for their consolidated complaint. Unfortunately for Blackbaud, there is no argument about the report’s relevance. An investigatory report detailing how the breach
nominal involvement of counsel in internal investigations. Recent decisions in data privacy litigation have compelled disclosures of breach investigations — despite being lawyer-proximate — where the investigation’s primary purpose was to provide business advice. This can be complicated in the context of a data breach. A business may need advice on its information systems as much as it does on its legal situation. Still,
data is compromised, disclosures to regulatory and government agencies may be required. Similarly, there may be compelling reasons to involve law enforcement as part of an investigatory response. Companies may wish to do so despite the disincentives of looming CCPA and CPRA litigation. Businesses need to be cognizant of the risks associated with disclosure and make strategic choices about
Plaintiffs were able to prepare their consolidated complaint using Blackbaud’s own internal investigations as a roadmap. occurred, what data was compromised, what security measures failed, and presumably what future steps should be implemented would be highly pertinent. More problematic was that the report was prepared independent of potential litigation and disclosed to regulators. This precluded any argument that the report was attorney-client privileged material. Blackbaud tried to delay production of the report until after the pleading stage, arguing that plaintiffs’ needed to establish their standing prior to engaging in discovery, but the court was unpersuaded. Plaintiffs were able to prepare their consolidated complaint using Blackbaud’s own internal investigations as a roadmap. Blackbaud cannot be faulted for its haste to investigate. However, with statutes such as the CCPA and the CPRA now part of the landscape, businesses responding to data breaches need always keep one eye toward future litigation. This requires treating a data breach as a legal problem much sooner than the first filing of a lawsuit. Doing so entails more than BACK TO CONTENTS
there are things that businesses can do to bolster the argument that their investigations should be privileged and undiscoverable. These include: • Involving litigation counsel early. If the business undertakes its investigations absent counsel, there can be no argument later that those investigations are subject to the attorney-client privilege; • Having litigation counsel retain forensic experts. Litigation counsel’s retention, instruction and payment of outside experts maximizes the chances that the experts’ work product is privileged by allowing litigation counsel to direct the investigation with a view toward potential litigation; • Limiting distribution of written reports. Limiting the number of personnel “looped-in” on the report — and eliminating those outside the organization — makes it easier to both maintain and assert privilege; • Being strategic about disclosures to regulators and/or law enforcement. In certain industries, depending on what type of
if, what, how much and when information is disclosed. Data attacks are escalating in scope and number, and so are data breach lawsuits. Including the above suggestions as part of a response plan can protect data breach investigations from future disclosure, and put businesses in the best position to respond to the breach itself and the litigation that follows.
J. Randall Boyer is a litigator at Nossaman LLP. His practice focuses on class action defense and complex commercial litigation. He also counsels clients on corporate and employment strategies to avoid litigation. rboyer@nossaman.com
JANUARY 202 2 TODAYSGENERALCOUNSEL.COM
11
HUMAN RESOURCES
Keeping Valuable IP When a Key Employee Jumps To a Competitor By JEFFREY D. MORTON, APRIL M. WURSTER, BRANDON BUCK AND KEVIN M. BROWN
W
hat steps can a general counsel take to ensure that valuable intellectual property stays with the company when a key employee departs for a competitor? This issue was recently dealt with in Bio-Rad Labs., Inc. v. ITC (Fed. Cir. 2021). The court ruled that the employee’s ideas did not turn into a patentable invention until after the employee left Bio-Rad. Since the
12
Bio-Rad employment agreement had limited its assignment obligations to inventions conceived during the term of employment, the court ruled the inventions were not owned by Bio-Rad. The Bio-Rad decision suggests two steps that a general counsel can take to ensure valuable intellectual property isn’t transferred to an employee’s new employer: Convert the ideas into patentable
TODAYSGENERALCOUNSEL.COM JANUARY 202 2
inventions, and have a robust Confidential Information and Inventions Assignment Agreement (CIIAA). In Bio-Rad, the court refused to compel assignment to the former employer, in part because the “ideas” developed did not raise to the level of a “patentable conception” and were insufficient to trigger assignment. In practical terms, the distinction between BACK TO CONTENTS
an idea and a patentable conception is not clear. But what is clear, based on Bio-Rad, is that employers can try to convert departing employees’ ideas into patentable conceptions based on at least the following: (1) Have departing employees complete an invention disclosure form; (2) have departing employees update a trade secret registry; and (3) file a provisional or non-provisional utility patent application. Each of these methods requires departing employees to disclose, in writing, the ideas they have been developing. This documentation itself may be enough to demonstrate the conception of a patentable invention, and the brainstorming forced by documenting the ideas may help develop the idea to the point that it satisfies the “conception” requirement of invention. Having others, besides the departing employee, participate in the documentation process can help flesh out the idea, document implementation of the idea and future development ideas, and further secure an
Require departing employees to disclose, in writing, the ideas they have been developing. employer’s rights in the invention by having other employees listed as inventors. Additionally, in another recent Federal Circuit case, Dana-Farber Cancer Institute v. Ono Pharm. Co. (Fed. Cir. 2020), the court ruled that partial contributions by a researcher that eventually led to a patentable invention was enough to support joint inventorship. Thus, the more a company can BACK TO CONTENTS
document partial contribution, the more likely it will be considered a joint owner of a patent filed by a departing employee’s new employer. Based on Bio-Rad, general counsel should consider modifying CIIAA language to:
1
Capture “ideas.” It is generally a best practice that CIIAA language assign ideas, not just inventions.
2
Assign inventions that use the employer’s confidential/trade secret information. In many situations, it is a best practice that CIIAA language assigns innovations that are conceived with the use of the employer’s confidential/trade secret information post-employment. This is another good reason to create a trade secret registry.
3
Address post-employment inventions. The Bio-Rad employment agreement was explicitly limited to the term of employment. This suggests that the language of the CIIAA could be changed from “during the period of my employment” to “as a consequence of employment” or “as a consequence of my access to confidential and/or trade secret information” to limit the likelihood that an employee takes an invention to her or his new employer. Some courts are more likely to enforce an employment agreement that captures future inventions if the restrictive covenant is limited in duration and scope — and focused on protecting the company’s narrowly defined confidential and/or trade secret information — rather than limiting the former employee’s ability to work. To help deal with this, a company can limit the
duration of post-employment assignment obligations and narrowly define (and take active steps to protect) confidential and/or trade secret information.
Jeffrey D. Morton, Ph.D. is a partner in the San Diego office of Snell & Wilmer. He is the chair of the firm’s Life Sciences and Medical Technology Industry Group and serves as co-chair of its Technology Industry Group. jmorton@swlaw.com April M. Wurster is counsel in the San Diego office of Snell & Wilmer. She focuses her practice in intellectual property and life science. awurster@swlaw.com Kevin M. Brown is an associate in the San Diego office of Snell & Wilmer. He focuses primarily on employment law. kmbrown@ swlaw.com Brandon Buck is a law clerk in the San Diego office of Snell & Wilmer. bbuck@ swlaw.com
JANUARY 202 2 TODAYSGENERALCOUNSEL.COM
13
COLUMN/CLIMBING THE LEGAL DEPARTMENT L ADDER
Strengthening the GC-CMO Relationship By ANDREA BRICCA
A
ll companies are in the business of marketing to other businesses or directly to consumers. As the general counsel or chief legal officer, building your relationship with the chief marketing officer is imperative to helping the organization grow. Marketing is focused on selling the company’s products, bringing in new customers and clients, and building brand
14
recognition. The GC and CMO need to work together to protect the company, mitigate risks and maintain growth — all within public expectations and regulatory oversight. The logic of legal issues and the creativity of marketing can often be in opposition. For example, marketing favors persuasive language that entices people into acting, while legal prudence cautions
TODAYSGENERALCOUNSEL.COM JANUARY 202 2
against making promises that cannot be kept. To succeed, both sides must give and take, especially when it comes to privacy, data protection, advertising, jurisdictional oversight, and rapidly changing modes of connection with customers and clients. The key is to keep an open line of communication with the CMO about plans and goals. Understand where you can be of assistance, and where you BACK TO CONTENTS
can highlight potential legal pitfalls before too much marketing team time has been invested. Companies’ marketing budgets used to be spent on long-running print ads, or traditional media such as television and radio. Online marketing ads and email campaigns are now commonplace, and evolving fast. Along with these platforms come constantly changing and nuanced rules in areas such as privacy and data protection. The GC and CMO should work together to establish policy for their teams and the company as a whole. Any mishandling of sensitive company data
risk within different jurisdictions. In consumer-facing industries, it is crucial for marketing and legal to collaborate so nothing is said that could get the company sued. Making promises to the public that are not true has both legal and reputational risk. Nuance plays a role here. What makes your organization and its products and services unique can be seen differently by different customers, and marketing should to get this idea across in creative ways. Protecting the company’s brand is key. While you may have an IP-focused attorney on your team handling brand matters, your relationship
In consumer-facing industries, it is crucial for marketing and legal to collaborate so nothing is said that could get the company sued. related to the organization and/ or its customers is going to involve both executives. Often the importance of data security is built into an organization’s contracts. The CMO needs to be aware of risks involved in a data breach, particularly as it relates to customer data that marketing holds. The GC must have candid conversations with the CMO about how current law and regulation impacts emerging modes of communication to clients. Together, they can look for ways to innovate and protect the company. Within highly-regulated businesses in particular, the rules can shift from market to market, both nationally and internationally. Keeping abreast of regulations related to marketing and advertising is necessary. The GC and CMO must determine the delegation of shared responsibility for regular updates and evaluation of BACK TO CONTENTS
with the CMO has a cascading impact on the interaction of the teams. As with the chief human resource officer and the chief financial officer, the relationship a general counsel builds with the chief marketing officer strengthens the company’s leadership team, and keeps the company moving toward its goals while reducing the risk of legal missteps.
Andrea Bricca is a Partner with global legal search firm Major, Lindsey & Africa. She matches employers and lawyers to advance organizational and career goals. abricca@mlaglobal.com
READ TODAY Digital Magazine TABLET + DESKTOP + MOBILE
INSTANT ACCESS
LATEST LEGAL NEWS, ANALYSIS AND COMMENTARY
CURRENT BUSINESS DEVELOPMENTS FOR GCs AND IN-HOUSE COUNSEL
ISSUU.COM/TODAYSGC JANUARY 202 2 TODAYSGENERALCOUNSEL.COM
15
FEATURE
The Role of the GC: Q&A with Ira H. Raphaelson Kevin Bolan, a partner at White & Case LLP, recently discussed the role of the general counsel with his colleague Ira H. Raphaelson, who twice served as General Counsel of a public company.
As a General Counsel, what promotes successful risk management? Five concepts guided me when I was a general counsel. One, business judgments are for business people. Good lawyers try to help sharpen those judgments through risk management. Two, the medieval map of the “known” flat earth
16
had dragons at the ends of the world. Good lawyers help business people avoid the dragons. Three, you need a seat at the table. If you don’t develop clients within your business — finding out what they do, asking questions about why they do it that way, and inviting them to ask you questions — then you can’t understand where the
TODAYSGENERALCOUNSEL.COM JANUARY 202 2
dragons are. Four, speak truth to power, but without a big audience. Advising the boss is different than challenging the boss. You have to want to do the job more than you want to keep it, even more so post-Sarbanes-Oxley. Five, risk management is art, not science. It is definitely more than some stoplight-colored flow chart. BACK TO CONTENTS
If a seat at the table is key, what else is a “must”? You need clear direction from the chief executive officer, chief operations officer or chief administrative officer that only the general counsel, or someone on the general counsel’s team, hires external lawyers. A marketing person hiring the cousin of the purchasing agent doesn’t meet the SEC’s view of appropriate compliance controls. You also need clear direction from the chief executive officer or chief administrative officer that the legal department must sign off on all contracts, and that the compliance department must sign off on third-party relationships — customers, suppliers, agents. Corporations that weaken those functions undermine their controls.
Multinational businesses are required to navigate risks associated with laws banning bribery and corruption, money laundering, trade and anticompetitive behavior. Any tips? I advocated a unified theory of risk management concerning the Foreign Corrupt Practices Act, anti-money laundering statutes, sanctions and competition, that was focused on documented, riskbased due diligence. Who are you doing business with? Where is your counterpart’s or customer’s money coming from? Where is your money going and why? The answers to those questions are critical.
Corruption risks often arise from third-party relationships. What do you suggest companies do to manage those risks? Monitor before starting a relationship and while it is ongoing. Knowing who is on the other side of every transaction and BACK TO CONTENTS
documenting the diligence that went into selecting each counter-party is important. Businesses position themselves better by developing thoughtful policies to promote payment to vendors in the country where the work is done — from accounts in that country, in the currency of that country, in the name of the contracting vendor, and strictly according to the terms of the vendor’s contract. Discipline in consistently applying those policies can substantially reduce the risk of facilitating bribery, money laundering and tax evasion. The effort to minimize risk often drives corporate transactions and the creation of distinct corporate entities. But many FCPA cases are not really about bribery at all. They are often “controls” cases. Law enforcement is going to try to ascribe knowledge no matter what steps you take to insulate. The entire corporate family is better off asking diligence questions, knowing the answers and acting on them.
Competition compliance often focuses on, for example, information exchanges, which can increase the risk of unlawful collusion. What fundamentals would you emphasize in the competition context? Competition enforcement is expanding worldwide. The Biden administration seems to be embracing a paradigm shift in the direction of the EU’s focus on market dominance. Many countries now make extra-territorial subpoena demands, and try to enforce their legal regimes on companies based outside their countries. The weaponization of privacy, tax and competition law are all part of the same trend — using enforcement as a
mechanism for blocking foreign businesses from entering domestic markets. These concepts are being imported from one country to another. Understanding historical precedents and national variations on this theme will help address issues before they become enforcement inquiries. The United States and many other countries have adopted regimes to require government approval of investment in “key” industries. The exclusionary intent is clear.
Finally, what is your take on the new focus on environmental, social and governance principles? ESG is becoming a financing and competition precondition. Major private equity firms and pension funds are promoting various standards, and governments are implementing disclosure mandates. General counsel are well-advised to discuss the trends and company direction with their management and boards.
Ira Raphaelson is a Senior Counsel at White & Case LLP and a two-time public company General Counsel. He also currently serves as lead director of a public company and an adjunct professor of law. ira.raphaelson@whitecase.com Kevin Bolan is a partner in White & Case LLP’s Global White Collar Practice. He focuses his practice on criminal and civil litigation and arbitration, corporate compliance and governance matters. kevin.bolan@whitecase.com
JANUARY 202 2 TODAYSGENERALCOUNSEL.COM
17
FEATURE
Risk of Personal Liability Despite Incorporation By KENNETH A. ROSEN, WOJCIECH F. JUNG AND MICHAEL PAPANDREA the corporation may be blurred. When business is profitable and invoices are being paid in a timely manner, these problems rarely occur; but when a company faces financial distress, creditors begin to search for alternative sources of recovery — owners, officers, directors and related parties. Below are examples of areas where business owners and managers may face personal liability for corporate debts.
DIRECTOR AND OFFICER LIABILITY Claims against officers and directors have become common in bankruptcy cases. Breach of fiduciary duty claims are the most common, but other claims such as claims for unlawful stock repurchases or dividend payments may be asserted as well.
TRUST FUND TAXES
O
ne of the fundamental principles of corporate law is that the owners, directors and officers of a corporate entity generally are not personally responsible for the entity’s debts. Without this insulation from personal liability, individuals would be deterred from taking on risk. However,
18
there are circumstances in which this corporate shield is threatened — sometimes due to statutory or other legal exceptions, but often due to poor decisions and lack of oversight by management. These pitfalls are particularly common among small-to-midsize and family-owned businesses, where the lines between individuals and
TODAYSGENERALCOUNSEL.COM JANUARY 202 2
Governmental entities often impose personal liability on “control persons” when certain “trust fund” taxes (sales taxes or payroll withholding taxes) remain unpaid. Therefore, potential control persons — directors, officers, anyone with check-signing authority — should ensure that these obligations are remitted in a timely way.
REAL ESTATE When a debtor company leases the real estate on which it operates BACK TO CONTENTS
from an entity owned by its shareholders or related persons, creditors review the bona fides of the transaction — whether the lease is a true lease, or a disguised sale or secured transaction; whether the lessor is de facto owner of the real estate (especially where the lessor paid the mortgage or other expenditures typically paid by owners); and/or whether the terms were consistent with market terms.
CREDIT CARDS Using the company’s corporate credit card in resort areas, on excessive airfare or luxury hotels, or at certain merchants, are signs that the executive may be abusing
Governmental entities often impose personal liability on “control persons” when certain “trust fund” taxes remain unpaid. her or his privilege. Creditors may conduct a forensic investigation, and try to have these items repaid or characterized as taxable income.
LOANS IN LIEU OF PAYROLL Giving executives loans in lieu of paychecks reduces expenses of the business, improves the income statement, and creates an additional asset on the balance sheet in the form of a loan receivable. However, such loans may be viewed as tax-free income, and creditors may challenge this practice as artificially inflating a debtor’s financial condition to BACK TO CONTENTS
induce creditors to provide credit or other benefits to the company. In bankruptcy, creditors may try to characterize these insider loans as equity contributions, and the debtor company can be compelled to pursue repayment of the loans.
PAY BUT NO WORK Payments made to a family member who does not really work may be recoverable as a fraudulent conveyance because no value was received by the company in exchange for payment.
FREE LABOR AND THE EMPLOYMENT RETIREMENT INCOME SECURITY ACT (ERISA) Applicable laws may impose personal liability on owners/principals who fail to pay employees for their services. Additionally, ERISA fiduciaries may be found personally liable for losses to the plan resulting from any breach of fiduciary duties imposed under ERISA related to management of ERISA plans.
investors to search for sources of recovery. Owners, directors and officers would be wise to take legal steps that shield their assets in such circumstances.
Kenneth A. Rosen is a partner and Chair Emeritus in the Bankruptcy & Restructuring Department of Lowenstein Sandler LLP. krosen@lowenstein.com Wojciech F. Jung is a partner in the Bankruptcy & Restructuring Department of Lowenstein Sandler LLP. wjung@ lowenstein.com Michael Papandrea is an attorney in the Bankruptcy & Restructuring Department of Lowenstein Sandler LLP. mpapandrea@ lowenstein.com
FINANCIAL STATEMENTS AND STATEMENTS TO INDUCE CREDIT (E.G., CREDIT FRAUD) A borrower’s principal who knowingly and intentionally falsifies the borrower’s financial statements in order to facilitate extensions of credit from a lender can be held personally liable for the bank debt and face potential fraud claims. Similarly, if a person knowingly makes false or misleading representations about the financial condition of the company to obtain credit from a vendor, that person may be subject to personal liability. The bottom line is that personal liability is often sought when insolvency forces creditors and JANUARY 202 2 TODAYSGENERALCOUNSEL.COM
19
FEATURE
Canada’s New National Security Priorities By ANDREW HOUSE AND MACNEAL DARNLEY
F
or years, Canada’s security and intelligence community wrestled with the question of who poses a threat to the country’s national security. But in 2020, that transformed from “who” to “what.” The answer was a virus destructive not only of the human body but social cohesion and the institutions, processes and systems that keep Canadians alive and prosperous. By government standards, the Canadian response was relatively quick. In March 2021, Canada updated its 2016 Guidelines on the National Security Review of Investments and released a new Critical Minerals List. With these changes, Canada’s security priorities began to move away from a
20
near-exclusive focus on terrorism and espionage toward comprehensively securing the basic health and safety of Canadians. Critical medicines, medical protective equipment, ventilators and food security all became examples of a new understanding of essential security interests. In the months following the 9/11 attacks on the United States, concern about radicalization to violence topped Canada’s national security priorities. Canadians were shocked by 9/11, prompting passage of anti-terror legislation with unprecedented special investigative and detention powers. This policy direction was vindicated by the 2014 assault on Canada’s Parliament, resulting in the
TODAYSGENERALCOUNSEL.COM JANUARY 202 2
death of a member of Canada’s military and a threat to both the executive and legislative branches of government. Throughout the post-9/11 era, espionage and foreign influence continued to garner media and academic attention, as they have since the Cold War. Early signs of a broader Canadian view of national security appeared in the 2009 amendments to the Investment Canada Act — Canada’s primary tool for controlling inbound foreign investment — with the creation of the national security review process. The Act authorizes review of virtually any acquisition or establishment of a business in Canada by a non-Canadian that could be “injurious to national security.” If the government reasonably believes that an investment would be injurious, it may take any measures that it considers advisable, including blocking, unwinding or imposing conditions. However, the Act still does not define “national security.” For several years, foreign investors operated without a clear understanding of the circumstances in which a review might be initiated. In an attempt to demystify the process, the government issued guidelines in 2016. Nevertheless, the process remained opaque. The Guidelines did provide insight into the types of investments the government viewed as threatening, BACK TO CONTENTS
setting out broad, non-exhaustive factors relevant to determining whether an investment would be injurious to national security, including: • the effects on Canada’s defense capabilities and interests, and the transfer of sensitive technology or know-how outside of Canada; • the impact on the security of Canada’s critical infrastructure and supply of critical goods and services; • the potential to enable foreign surveillance or espionage; and • the potential to involve or facilitate the activities of illicit actors, such as terrorist organizations or organized crime.
2021 GUIDELINES In comparison to the 2016 Guidelines, the 2021 Guidelines on the National Security Review of Investments provide a more detailed and expansive list of factors that the government may consider. In addition to elucidating several existing factors, it added two new ones: • The exploitation of sensitive personal data. This allows the government to consider whether an investment would enable access to sensitive personal information, the exploitation of which could harm Canada’s national security. The 2021 Guidelines provide a non-exhaustive list of the types of personal data that may be considered sensitive: personally identifiable health or genetic data; biometric data; financial data; communications data; geo-location data; and personal data concerning government officials, including members of the military or intelligence community. BACK TO CONTENTS
• The impact on critical minerals. This allows the government to consider the impact of an investment in minerals listed in Canada’s new Critical Minerals List and their supply chains. The additions of sensitive personal data and critical minerals exemplify Canada’s new focus on the everyday needs of Canadians. As more facets of Canadian economic, social and political life are brought into the online space through the Internet and Internet-of-Things (especially in the Covid era), the protection of personal information and intellectual property has become an absolute necessity for Canadians. Equally, Canada’s Critical Minerals List itemizes 31 minerals “. . . considered critical for the sustainable economic success of Canada and our allies.” When the government determined which minerals should be listed, it prioritized those that are essential to domestic industry and security, particularly as we move further into the green and circular economy. The Prime Minister bolstered this focus in his December 2021 mandate letter to the Minister of Innovation, Science and Industry, where he directed the Minister to “use all tools, including the Investment Canada Act, to ensure the protection and development of our critical minerals.” To be sure, Canada continues to view terrorism and espionage as leading threats to Canada’s national security. For example, the 2021 Guidelines target espionage activities involving foreign states, declaring that Canada will subject all foreign investments by state-owned investors, or private investors assessed as being closely tied to foreign governments, to “enhanced scrutiny”— regardless
of the value of the investment. This enhanced scrutiny may increase because the Prime Minister has mandated the Minister of Innovation, Science and Industry to modernize the Investment Canada Act to “strengthen the national security review process and better identify and mitigate economic security threats from foreign investment.” Terrorism and espionage should never lose their prominence as security concerns, but the everyday health, safety and survival needs of Canadians are the new drivers of Canada’s national security priorities.
Andrew House is Co-Leader of Fasken’s National Security Group, practicing in the areas of Foreign Investment, Political Law, and Government Relations. He served from 2010-15 as Chief of Staff to successive ministers of Public Safety & Emergency Preparedness. ahouse@fasken.com MacNeal Darnley has a corporate/ commercial practice focused on mergers and acquisitions, securities, corporate reorganizations and corporate governance matters including management fiduciary liability and the protection of confidential business information and trade secrets. mdarnley@fasken.com
JANUARY 202 2 TODAYSGENERALCOUNSEL.COM
21
Join our upcoming webinars
DATA AWARENESS TO DATA INTELLIGENCE: LEVERAGING THE POWER OF AUTOMATION FEB
2
12PM CDT
Download Webinar
WHY YOUR DOCUMENT REVIEW PROCESS IS LIKELY BROKEN FEB
16
12PM CDT
Download Webinar Download an on-demand webinar
THE GENERAL COUNSEL REPORT 2022: LEADING WITH ENDURANCE WHILE FACING MOUNTING RISKS
Delivering high-quality content and topics that are valuable to increasing your business acumen. Listen/view at your own pace, and download substantive materials related to the topics.
Download Webinar
HOW TO SAVE TIME BY MANAGING RISK THROUGH STANDARDIZATION
View more On-Demand Webinars
Download Webinar
TODAYSGENERALCOUNSEL.COM/ WEBINARS @TodaysGC
Follow us
Like us