This article was republished on insideARM on January 9, 2025.

On January 7, the Consumer Financial Protection Bureau (CFPB or Bureau) finalized its rule aimed at removing an estimated $49 billion in medical bills from the consumer reports of approximately 15 million Americans. Specifically, the Bureau’s rulemaking as finalized removes an existing exception in Regulation V that permitted lenders to obtain and use information on medical debts. The final rule is scheduled to take effect 60 days after its publication in the Federal Register. However, the upcoming change in administration may very well impact its implementation.

Key Provisions of the Final Rule

The CFPB’s new rule amends Regulation V, which implements the Fair Credit Reporting Act (FCRA), to end the exception that previously allowed lenders to use certain medical information in making lending decisions. This means lenders will no longer be able to consider medical debts or information about medical devices, such as prosthetic limbs, as collateral for loans.

The final rule also prohibits consumer reporting agencies from including medical debt information on consumer reports and credit scores sent to lenders. However, lenders will still be able to consider medical information for legitimate uses such as verifying medical-based forbearances or medical expenses that a consumer needs a loan to pay.

The rule also aims to enhance consumer privacy protections by ensuring that sensitive medical information is not used inappropriately in the financial system. According to the final rule: “Medical information is uniquely sensitive and intimate information, and it thus advances the purposes and objectives of the FCRA to protect consumers’ privacy by limiting the circumstances under which consumer reporting agencies may furnish medical debt information.”

Our Take:

The upcoming change in administration may significantly impact the Bureau’s ability to finalize these rules, including through Congress’ potential use of the Congressional Review Act (CRA). The CRA provides Congress with the ability to reject recent federal regulations within 60 legislative days by a simple majority vote in both chambers. If CRA legislation is signed by the President, then the rule would be rescinded, and the CFPB would be prohibited from issuing a substantially similar rule without explicit legislative authorization. In addition, a legal challenge will surely follow from stakeholders asserting that the rule is arbitrary, capricious, and promulgated in violation of the Administrative Procedure Act.

The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) issued an Advance Notice of Proposed Rulemaking (ANPRM) on January 3, 2025, seeking public input to inform the potential development of a rule to secure the information and communication technology and services (ICTS) supply chain for unmanned aircraft systems (UAS), commonly known as drones.

Stakeholders with any exposure to the UAS supply chain, including research organizations, manufacturers of components or larger systems, distributors, users, and others, should follow these developments and consider submitting comments.

Background and Purpose

The rapid development of advanced technology has made UAS commonplace across the U.S., but their proliferation and increasingly sophisticated capabilities have also raised national security concerns. BIS warns that foreign adversaries, particularly the People’s Republic of China (PRC), may exploit vulnerabilities in the UAS ICTS supply chain for malign purposes such as espionage or sabotage. The concerns include adversaries’ ability to gain remote access to or manipulate drones, potentially exposing sensitive U.S. data or compromising critical infrastructure.

This outreach by BIS on the potential regulation of UAS supply chain security is the latest in a string of recent rulemakings under the agency’s still relatively new ICTS authority. This authority was actually initiated under the first Trump administration, pursuant to Executive Order (EO) 13873, “Securing the Information and Communications Technology and Services Supply Chain.” However, it was only during the middle of the Biden administration that BIS assumed this mission, and the office director was only appointed last year.

Now that the ICTS office at BIS is fully up and running, the pace of its regulatory activity is accelerating, and one can expect an aggressive approach in this area under the coming Trump administration.

Key Details

The ANPRM outlines several areas where BIS seeks public feedback, including:

• Definitions: Feedback is sought on how UAS and related components should be defined to ensure clarity and precision in the expected regulations. For example, commenters could propose appropriate definitions for flight control systems, communication modules, or data storage devices, along with whether/how to exclude off-the-shelf parts or those that otherwise do not pose a significant security risk.

• Risk Assessment: BIS invites stakeholders to highlight scenarios in which UAS technology could present security risks, such as by enabling unauthorized access to U.S. critical infrastructure or sensitive data, or outline specific high-risk use cases, such as drones employed in military or law enforcement operations.

• Foreign Adversary Evaluation: Comments are requested on the risks posed by specific foreign adversaries. For instance, industry participants could provide evidence of supply chain dependencies on manufacturers in high-risk jurisdictions or offer perspectives on how the risk profiles of adversaries like the PRC differ from those of other countries.

• Approval Processes: BIS seeks feedback on potential mechanisms for requesting approval to engage in otherwise restricted ICTS transactions. A licensing and advisory opinion procedure was left out of BIS’s recent final rule establishing the ICTS regulatory regime. Commenters might propose a fast-track review process for low-risk transactions, such as those involving academic research, or suggest criteria for exceptions, including the use of secure, independent audit trails for data access.

• Economic Impact: BIS is interested in understanding the potential economic implications of the proposed UAS regulations on different stakeholders. For example, drone manufacturers might detail the cost burden of shifting supply chains to avoid foreign adversary-linked components, while small businesses could discuss how compliance costs might affect their ability to remain competitive.

• Mitigation Measures: The agency is exploring feasible risk mitigation strategies to reduce vulnerabilities while avoiding outright prohibitions. Suggestions might include implementing robust encryption standards for data transmission, requiring firmware updates to be sourced from trusted suppliers, or mandating audits for suppliers in foreign jurisdictions.

Public Participation and Next Steps

BIS encourages stakeholders to provide comments by March 4. Comments can be submitted through the Federal eRulemaking Portal at https://www.regulations.gov under docket number BIS-2024-0058, or via email to UnmannedAircraftSystems@bis.doc.gov (include “RIN 0694-AJ72” in the subject line).

Conclusion

BIS is still at a relatively early stage in considering how to regulate the UAS sector for national security purposes and would welcome useful comments on any aspect of this expected rulemaking. Stakeholders should give serious consideration to engaging now, as it will become increasingly difficult to influence the process after it moves forward.

By engaging with BIS in a timely and thoughtful manner, industry participants can contribute to a balanced approach that mitigates security risks while supporting economic growth and technological innovation.

To learn more about the potential impacts of this expected rulemaking on your organization, or how to engage with BIS, please ‎reach out to Pete Jeydel or Ryan Last.

As we begin a new year, it is the perfect time for companies subject to any government agreement to renew their focus on compliance. These binding resolutions require ongoing diligence to avoid civil and potentially criminal penalties as you remain a subject to ongoing government scrutiny — even after a resolution.

Violating the terms of non-prosecution agreements, deferred prosecution agreements, assurances of discontinuance, consent judgments, or any other government agreement can result in renewed investigations, increased fines, or additional legal penalties.

On January 7, 2021, the Department of Justice (DOJ) filed a criminal information charging Boeing with one count of conspiracy to defraud the U.S. in violation of 18 U.S.C. § 371 in connection with the Federal Aviation Administration’s Aircraft Evaluation Group’s evaluation of the Boeing 737 Max Airplane Maneuvering Characteristics Augmentation System. See Government Status Report & Proposed Plea Agreement at 4, United States v. Boeing Co., No. 4:21-cr-00005-O (N.D. Tex. July 24, 2024), ECF 221. The same day, Boeing entered into a deferred prosecution agreement (DPA) with the U.S. Attorney’s Office for the Northern District of Texas (USAO) and the DOJ, Criminal Division, Fraud Section, to, among other things, pay a $243.6 million penalty and “implement a compliance and ethics program designed, implemented, and enforced to prevent and detect violations of the U.S. fraud laws throughout its operations.” Id. In exchange for Boeing’s compliance with the terms of the DPA, the U.S. agreed to dismiss the charges after the three-year DPA expired. The DPA provided, however, that if the U.S. determined during the six-month period following the end of the term of the DPA that Boeing had breached the DPA during the DPA term, the U.S. could pursue remedies for the breach, including by prosecuting Boeing for any federal criminal violation of which the DOJ and the USAO have knowledge, including, but not limited to, the charges in the information. Id. at Attachment A-1-2.

Boeing took significant steps to comply with the DPA, including, but not limited to, appointing its first chief compliance officer and increasing the “independence, capability, and effectiveness of its compliance program” and its annual compliance risk management process. Id. at 10. Boeing also implemented policies and procedures to manage and coordinate communications with its regulators.

Despite Boeing’s efforts, the government determined that Boeing did not comply with the terms of the DPA and did not have a centralized compliance function. The government determined that Boeing failed to “sufficiently extend its anti-fraud ethics and compliance program over its quality and manufacturing process.” Id. at 11. The government declared a breach of the DPA on May 14, 2024 — on the eve of the expiration of the six-month monitoring period following the three-year DPA. Id. at Attachment A-1-4.

In July 2024, the parties submitted a plea agreement to the court, which included at least a three-year independent compliance monitor, a $455 million investment into Boeing’s compliance program, and a $487.2 million criminal monetary fine. Id. at 8. The District Court rejected the parties’ plea agreement in December 2024 because it was too lenient and did not provide the court enough control over the independent monitorship, as well as a host of other reasons. United States v. Boeing Co., No. 4:21-cr-00005-O (N.D. Tex. Dec. 5, 2024), ECF 282. Following the court’s rejection, on January 4, 2025, it ordered the parties to continue to meet and confer and provide the court with an update on how they plan to proceed in this matter by no later than February 16, 2025.

Both Boeing’s and the government’s actions throughout this saga highlight the importance of maintaining a culture of compliance within day-to-day business operations as well as on a global scale in relation to all government agreements.

Following violations of government agreements, courts lack both sympathy and patience for companies. Courts seek to enforce harsh punishments to prevent a company’s further violations and to deter other companies subject to similar agreements.

Independent corporate monitorships can pose a significant burden on businesses as companies attempt to comply with the monitorship and proceed with daily business operations. Compliance with an independent monitor requires clear communication and direct partnership between the monitor and the business leaders.

Achieve your compliance New Year’s resolution by ensuring that your team is thoroughly reviewing the terms of any agreement entered into with governmental authorities. Common obligations include specific reporting requirements, adherence to operational restrictions, and independent monitorship. Maintain and enhance your compliance programs to prevent corruption and minimize the possibility of False Claims Act and Foreign Corrupt Practice Act violations.

For more guidance on compliance strategies, please contact Troutman Pepper Locke.

Taylor Swift: TIME’s 2023 Person of the Year, Billboard’s second greatest pop star of the 21st century, and a global icon. Yet even she isn’t immune to the constraints of copyright law.

What inspired Taylor Swift to re-record her first six albums? To understand this saga and her motivations, on this inaugural episode of No Infringement Intended, we’re diving into the intricacies of music copyright law and the business realities of the entertainment industry.

Click here to read the full article on IP Watchdog.

On January 2, 2025, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) Export Enforcement published its 2024 Year in Review, spotlighting key accomplishments in protecting U.S. national security. In this report, BIS highlights its expanded enforcement capabilities, impactful actions against illicit procurement networks, and collaborations with industry, academia, and international partners.

Key Highlights of the 2024 Year in Review

1. Disruptive Technology Strike Force Expansion

BIS expanded the geographic reach of its Disruptive Technology Strike Force by adding new units in Texas, Georgia, and North Carolina, and incorporating the Defense Criminal Investigative Service as a partner, now totaling 17 location units. In 2024, the Strike Force brought 15 new criminal cases involving sanctions violations, smuggling conspiracies, and illegal technology transfers, culminating in 26 cases since its inception.

Notable actions include:

• A $5.8 million penalty was assessed on a global technology company that designs and manufacturers electrical and electric components due to unauthorized exports to Chinese military-linked entities.
• Expansion of the BIS Entity List by adding parties attempting to enhance China’s quantum computing capabilities.

2. Collaborations Targeting Illicit Procurement Networks

BIS collaborated with the U.S. Department of Justice, U.S. Federal Bureau of Investigation, and international partners to dismantle significant procurement networks linked to adversaries such as Russia, China, Iran, and North Korea that attempted to procure controlled, sensitive U.S. technologies.

Major enforcement actions in 2024 included:

• Guilty pleas from multiple individuals for exporting electronic components to Russia for nuclear and missile development.
• A $3.3 million penalty on a California company for exporting controlled items to Russia.
• Arrests and charges against individuals aiding China’s semiconductor development and Iran’s military programs.

3. Innovative Strategies to Curb Diversion Risks

To counter high-priority national security item diversions to Russia, BIS introduced groundbreaking measures:

• Entity List designations for 16 addresses in Hong Kong and Türkiye linked to shell companies that allegedly diverted $130 million in controlled goods.
• Guidance for exporters, including “red flag” letters and screening best practices.

4. Strengthened Partnerships

BIS deepened collaboration with domestic and international stakeholders, completing more than 1,440 end-use checks across 60 countries. Key initiatives included publishing joint G7 guidance to prevent Russian export control evasion.

5. Enhanced Academic and Industry Outreach

BIS continued its Academic Outreach Initiative, expanding its reach to 40 universities and publishing compliance resources tailored to academic institutions. It also issued new guidance for freight forwarders and financial institutions, aligning export compliance with best practices.

6. Strengthened Antiboycott Enforcement

BIS launched the Boycott Requester List to aid compliance efforts and penalize companies for violations. It imposed nearly $400,000 in aggregated penalties on four companies and removed more than 40 entities from the list after corrective actions.

7. Entity List Designations

More than 340 parties from China, Russia, Iran, and other nations were added to the Entity List for activities contrary to U.S. security and foreign policy interests. We note that BIS’s mantra is that its Entity List is intended to educate offenders and correct behaviors, but also to penalize intentional violations of the Export Administration Regulations and other regulations under its mandate.

Implications for Industry and Academia

BIS’s 2024 accomplishments underscore the importance of developing and maintaining robust compliance programs for U.S. exporters, manufacturers, and academic institutions. U.S. exporters, both commercial and academic, must remain vigilant in identifying and addressing risks, such as unauthorized exports, diversion schemes, and boycott-related requests.

BIS recommends that U.S. exporters: (1) conduct thorough due diligence on all parties in export transactions; (2) regularly update compliance programs to incorporate BIS guidance and enforcement trends; and (3) monitor Entity List changes and BIS advisories for actionable insights.

BIS Export Enforcement’s 2024 Year in Review exemplifies its commitment to safeguarding U.S. technologies and promoting national security through strategic enforcement, collaboration, and innovation. Businesses and academic institutions should leverage these insights to bolster their export compliance efforts and avoid regulatory pitfalls.

Conclusion

This paper is intended as a guide only and is not a substitute for specific legal or tax advice. Please reach out to the author for any specific questions. We expect to continue to monitor the topics addressed in this paper and provide future client updates when useful.

The Federal Trade Commission (FTC) and the Department of Justice, Antitrust Division (DOJ) announced a record-setting $5.6 million gun-jumping fine related to Verdun Oil Company II LLC’s acquisition of EP Energy LLC. Although the parties agreed to divest certain operations pursuant to a 2022 consent decree to address competition issues, the current action did not allege new concerns about the post-closing effects of the transaction on competition. Instead, the sole issue raised in the DOJ’s complaint is the manner in which the parties operated during the Hart-Scott-Rodino (HSR) waiting period and the interim period, between execution of the purchase agreement and closing.

The HSR Act requires that parties to transactions of a certain size submit notification and information to the FTC and the DOJ and observe an initial 30-day waiting period while the agencies review the transaction. Before the termination or expiration of the HSR waiting period, the parties are forbidden to shift beneficial ownership, control, risks, or benefits of the to-be-acquired business or assets to the acquirer.

The FTC alleged that, for a three-week period before the end of the HSR waiting period, EP allowed Verdun and an affiliate to assume operational and decision-making control over significant aspects of EP’s day-to-day business operations. Further, the buyer received regular operational reports and had access to EP’s competitively sensitive information (CSI) for approximately three months. The FTC pointed to, for example, contractual provisions that gave Verdun approval rights over EP’s ongoing and planned crude oil development production activities and EP’s ordinary-course expenditures exceeding $250,000.

Similar provisions are often included among interim covenants to protect the buyer’s anticipated investment and to ensure the buyer’s valuation remains valid through closing. According to the enforcement agencies, the buyer exercised control by forcing the target to change its business plans before the end of the HSR waiting period. The complaint quotes an email from the target to the buyer as evidence of the buyer’s control over the target’s operations: “Please confirm that you approve the … [s]hut down all currently planned fracs until after the close. [S]hutting down these fracs we have sold more oil than we will be able to deliver and [you] accept[] the contractual and reputational ramifications of not delivering these barrels.” The agencies allege that the buyer “began actively supervising the target’s well-design and planning activities,” and even changed the target’s site design plans and vendor-selection process. The parties’ employees allegedly coordinated on pricing for certain customers, and neither party allegedly attempted to restrict access to CSI.

The crux of the agencies’ concern is that the parties allegedly disregarded their strategic and operational separateness. This action serves as a reminder that the HSR waiting period is mandatory, the parties must limit disclosure of CSI to only what is essential for valuation, due diligence, and integration planning. Most importantly, the buyer may not control the operations of the target, particularly when the target is an actual or potential competitor.

The Troutman Pepper Locke antitrust team closely monitors developments at the federal and state antitrust enforcement agencies and provides the legal guidance necessary to identify potential risks and efficiently realize the benefits of transactions.

On July 29, 2021, both the SEC and the U.S. Attorney for the Southern District of New York announced charges against Trevor Milton, the founder, former CEO and former executive chairman of Nikola Corporation, a company engaged in the development of electric trucks. The complaint and indictment allege a series of misleading and inaccurate public statements by Milton on social media and elsewhere leading up to and after the company’s merger with a special purpose acquisition company (SPAC) through which Nikola became a public company, which included related private placements (PIPEs).

The alleged facts paint a picture of an executive unfettered by the truth and concerned primarily with sustaining stock market enthusiasm, and in particular retail investor enthusiasm, for Nikola’s stock by delivering positive news. According to the complaint and indictment, through private social media posts, podcasts and interviews, in addition to official Nikola press releases and Twitter posts that he controlled, Milton made statements that inaccurately portrayed the company’s prototype truck as being fully functioning; inaccurately characterized the company’s hydrogen production capabilities; inaccurately characterized the company’s access to electricity needed to produce hydrogen; inaccurately described the development of a pickup truck that did not yet exist; and inaccurately described “billions and billions and billions and billions of dollars in orders” for the company’s trucks. The alleged misstatements are described in detail in the complaint (available here) and the indictment (available here).

The falsity of many of these statements came to light in September 2020, when a financial research firm with a short position in the stock published a report alleging, among other things, that the prototype truck demonstration had been staged. Ten days later, Milton resigned his position at Nikola.

On one level, the allegations are a simple case of enforcing anti-fraud rules under a fairly extreme set of facts, where a corporate executive was driving up his company’s stock price by knowingly making demonstrably false statements out of concern for market reaction. But there may also be lessons for executives at any public company.

Caution Should be Used in All Public Statements

The actions against Milton are a reminder that public statements by corporate officers in relatively informal settings, outside of SEC filings, can be used as a basis for Rule 10b-5 sanctions. A company’s lawyers may scrutinize annual and quarterly reports to ensure that they contain appropriate cautionary statements. In contrast, private tweets, other social media postings and statements in podcasts or interviews are often made without compliance in mind. In Milton’s case, he encouraged investors to follow him on Twitter to get “accurate information” about Nikola “faster than anywhere else.” In practice, he used Twitter to announce corporate initiatives that he had not vetted internally, to answer investor questions with misleading or outright false information, and even to double down on prior false statements.[1]

Moreover, according to the allegations, Milton responded to other senior executives’ expressions of concern about his social media presence and his public statements by asserting that these other executives “did not understand current capital market dynamics or what he was trying to accomplish with retail investors, and that he needed to be on social media to put out good news about Nikola to support its stock price.” Retail investor frenzy driven by social media and retail-oriented trading platforms such as Robinhood does not give companies a pass from the application of the securities laws. The SEC has emphasized that it will monitor these situations for manipulation or other misconduct.

Effective Governance and Controls Remain a Responsibility of Public Companies

The actions against Milton offer a number of lessons for companies:

• Strong independent board oversight, as mandated by the Sarbanes-Oxley Act, where effective and not offered as window-dressing, can protect both the company and its management team from conduct that may lead to trouble down the road. Responsible CEOs can welcome this oversight. Upon the merger with the publicly traded SPAC, Milton switched roles from CEO to executive chairman. While the company’s board met Nasdaq independence standards, Milton nevertheless appeared to exercise nearly total control over the company. He personally hired the CEO, CFO and chief legal officer. When a board member encouraged him to appoint additional independent directors with public company experience, Milton is alleged to have responded that “the most important [thing] is that I fully control the board at all times and have people who work well with my personality…. No one sees the future like I do….” The inability to rein him in indicates a failure of effective oversight.
• “Tone at the top” and a culture of compliance are important aspects of an effective governance and control structure. These were noticeably lacking as a result of Milton’s activities. Although he appears to have been warned on multiple occasions, including following the well-publicized investigation into Elon Musk’s social media statements, about the dangers of using social media, these warnings allegedly were not heeded. Despite social media training being scheduled for all senior executives, Milton did not attend, and such a failure sends a troubling message through the ranks.
• Executive compensation programs that reward higher stock prices without regard to underlying financial metrics can sometimes create skewed short-term incentives. SEC rules require disclosure about risks posed by a company’s compensation structure, and compensation committees have an oversight role in managing the risk posed by financial incentives. Milton’s compensation package included a significant number of RSUs that would vest only if Nikola’s stock price reached certain milestones for 20 consecutive trading days during a three-year period. Milton received the maximum payout under that award in August 2020, the month before his false statements were publicized.

***

If you have any questions about this or related topics, your regular Locke Lord contact or any of the authors can discuss these matters with you.

[1]              In its Section 21(a) report concerning Netflix, Inc. and its CEO, Reed Hastings, available here, the SEC has given guidance on the use of social media channels to deliver information to investors under Regulation FD. While Milton was not charged with Regulation FD violations, this guidance should be considered in addition to the anti-fraud rules.

On August 6, 2021, the U.S. Securities and Exchange Commission approved Nasdaq’s proposed rule regarding diversity of boards of directors.[1] The approved rule requires that most companies listed on Nasdaq (i) “[p]ublicly disclose board-level diversity statistics using a standardized template,” and (ii) “[h]ave or explain why they do not have at least two diverse directors.”[2]

The Rule

Nasdaq’s new rule requirements will typically require disclosure of the board’s diversity using a standard matrix. This disclosure can either be made in the company’s proxy or information statement or, alternatively, through the company’s website. If the company choose to disclose via its website, it “must submit such disclosure concurrently with the filing [of its proxy or information statement] and submit a URL link to the disclosure through the Nasdaq Listing Center, within one business day after such posting.”[3]

In addition, the rule requires that boards, with limited exceptions, maintain two diverse directors, including at least one director who self-identifies as female and at least one director who self-identifies as an underrepresented minority or LGBTQ+.[4] If a company has not met the diversity requirements, it must then provide an explanation why it has not met the requirements. A company is not subject to delisting or other penalties for failure to meet the requirements, so long as it has provided an explanation. Nasdaq has stated that it will not assess the merits of the explanation. Nasdaq has defined an underrepresented minority as “Black or African American, Hispanic or Latinx, Asian, Native American or Alaska Native, Native Hawaiian or Pacific Islander, or Two or More Races or Ethnicities” and LGBTQ+ as “lesbian, gay, bisexual, transgender, or as a member of the queer community.”[5]

There is a transition period for companies to comply with the new diversity requirements.[6] For listings on the Nasdaq Global Select Market and the Nasdaq Global Market, companies will need to have one diverse director by August 7, 2023 and two diverse directors by August 6, 2025, or if later, the date the company files its proxy or information statement for the annual shareholder meeting during the 2023 and 2025 calendar years, respectively. For companies listed on the Nasdaq Capital Market, such requirements will apply August 7, 2023 (or during the calendar year 2023) and August 6, 2026 (or the calendar year 2026), respectively. Notwithstanding the transition period for compliance with the new diversity requirements, companies will be required to begin using and disclosing the diversity matrix by the later of August 6, 2022 or the date the company files its proxy statement or its information statement for its annual meeting during the 2022 calendar year.[7]

While many companies will of course need to comply with the requirements of the rule, there are also several exceptions. Notably, as a response to public comments, companies with five or fewer directors may satisfy the diversity requirements with one diverse director, and would not need to otherwise explain a lack of diversity.[8] There are also modifications and exceptions for foreign issuers, smaller reporting companies, and SPACs.[9]

Effect of the Rule

The Nasdaq rule and its approval by the SEC should promote diversity in the make-up of corporate boards. Although, as Nasdaq has made clear, the rule is not a mandate for diversity, the requirement for disclosure if the targeted diversity is not achieved will encourage companies to meet the diversity target rather than to have to explain to shareholders and the marketplace why they have not done so. The rule also fosters transparency regarding the status of board diversity. As SEC Chair Gensler has stated, the rule reflects calls from investors for greater transparency and “will allow investors to gain a better understanding of the Nasdaq-listed companies’ approach to board diversity, while ensuring that those companies have the flexibility to make decision that best serve their shareholders.”[10]

To assist companies achieve diversity, Nasdaq is offering a board diversity referral service that will allow companies to access “a network of board-ready diverse candidates.”[11]

With the SEC’s recent approval of the Nasdaq rule, it remains to be seen what action the New York Stock Exchange will take regarding board diversity.

Practical Considerations

Companies listed on Nasdaq should begin to assess their own situation under the new rule and determine what actions they might need to take to comply. If diverse directors will need to be added, board recruitment steps should begin sooner rather than later because board recruitment can be a lengthy and intensive process. Alternatively, if the explanatory disclosure route will be followed, a company should begin to consider how it will explain its failure to comply and what shareholder relations actions might be necessary.

Companies also should consider how they will obtain the required disclosure information for the diversity matrix if they are not already receiving that information in their D&O questionnaires or otherwise. This should begin by reviewing the company’s form of D&O questionnaire to see what additional information will be needed to meet the detailed information called for in the diversity matrix.

If you have any questions about these or related topics, your regular Locke Lord contact or any of the authors can discuss these matters with you.

[1] NASDAQ’s Board Diversity Rule: What NASDAQ-Listed Companies Should Know, NASDAQ (updated Aug. 16, 2021) (available here).

[2] Id.; Nasdaq Rule 5605(f), 5606.

[3] Nasdaq Rule 5605(f)(6).

[4] Nasdaq Rule 5605(f)(2)(A).

[5] Nasdaq Rule 5605(f)(1).

[6] Nasdaq Rule 5605(f)(7).

[7] Nasdaq Rule 5606(e).

[8] Nasdaq Rule 5605(f)(2)(D).

[9] Nasdaq Rule 5605(f)(2).

[10] Statement on the Commission’s Approval of Nasdaq’s Proposal for Disclosure about Board Diversity and Proposal for Board Recruiting Service (Aug. 6, 2021) (available here).

[11] Securities Exchange Act Release No. 34-92590 (Aug. 6, 2021) (available here).

Derivative actions play an important role in policing corporate insider conduct and compliance by directors and controlling stockholders with their fiduciary duties. A derivative action enables a stockholder, upon satisfaction of applicable requirements, to bring litigation on behalf of the corporation challenging, for example, conflict of interest transactions, the adequacy of consideration in a merger or the board’s attention to the corporation’s legal compliance. In Delaware and several other states, before a stockholder may bring a derivative action it must make a demand on the board in order to give the board, as part of its responsibility to manage the affairs of the corporation, an opportunity to decide whether the demanded litigation is in the best interests of the corporation, unless, importantly, demand is excused because it would be futile due to the interests of a majority of the board in the matter. If demand is excused, the demanding stockholder can proceed with the derivative action; if demand is required, the court will then review the reasonableness of a board’s decision not to pursue the matter.  Other states, like the approach of the Model Business Corporation Act (the “MBCA”), require a demand in all cases (a so-called “universal demand”), leaving it to the court in reviewing the board’s decision how to deal with the demanded litigation to factor in the independence and disinterestedness of the directors in connection with the court’s evaluating the board’s conduct and decision-making.

Unlike many states, whose corporate statutes (often modeled on the MBCA) deal with derivative proceedings, Delaware’s law regarding derivative actions is judicially made, either through case law or court rules. The Delaware courts recently addressed several issues related to derivative actions, in some cases clarifying existing rules or establishing new rules.

Demand Futility

In United Food & Commercial Workers Union v. Zuckerberg,[1] the Delaware Supreme Court restated and simplified the test for determining whether demand on the board is excused as futile.  It adopted a three-part test that looks to (i) whether the director received a material personal benefit from the alleged misconduct that is the subject of the demand, (ii) whether the director faces a substantial likelihood of liability on any of the claims that would be the subject of the demand, and (iii) whether the director lacks independence from someone who received a material personal benefit from the alleged misconduct that would be, or who would face a substantial liability on any of the claims that are, the subject of the demand.  If the answer to any of the questions is “yes” for at least half of the members of the board, then demand is excused as futile.

Judicial Review of Board Decisions

A recent Delaware Court of Chancery decision, Diep v. Sather,[2] addressed the standard of judicial review applicable to a decision of a special litigation committee to dismiss a derivative claim.  The decision confirms that the court first evaluates the independence and good faith of the committee, the reasonableness of its investigation and the bases supporting its conclusions.  The court then applies its own independent business judgment to determine whether dismissal is in the best interests of the corporation, but as a practical matter the court will give deference if the committee’s determination is within the range of reasonable outcomes.

Derivative v. Direct Claims

In another important decision, the Delaware Supreme Court, in Brookfield Asset Management, Inc. v. Rosson,[3] overruled a decision that had been in effect for 15 years that, as an exception to the general rule, permitted a direct claim for breach of fiduciary duty against a controlling stockholder for alleged overpayment and dilution of minority stockholders’ interests. The effect of this decision is to leave these claims to be pursued exclusively as derivative claims.

Key Lessons

These recent Delaware decisions rationalize and create a new framework for the rules applicable to derivative actions. On the one hand, they make those rules easier to apply. On the other, they shift the balance of authority by narrowing the ability of stockholders of Delaware corporations to bring derivative actions and give more control to boards over the decision of whether bringing the demanded action is in the corporation’s best interests.

---

[1] 2021 WL 4344361 (Del. Sept. 23, 2021)

[2] ‎2021 WL 3236322 (Del. Ch. July 30, 2021)‎

[3] ‎2021 WL 4260639 (Del. Sept. 20, 2021)‎

On September 22, 2021, the SEC released its Sample Letter to Companies Regarding Climate Change Disclosure (“Letter”). The Letter is not only important for what it will seek, but for what it portends. The Letter invokes the 2010 Climate Change Guidance^[1] (“Guidance”) which provided an overview of potential disclosure obligations related to climate change, including the impact of climate change legislation and rulemaking, business trends, and physical impacts. The SEC’s release of the Letter is a preview of coming attractions, namely, a heightened focus on disclosures relating to climate change and likely more broadly, ESG matters. The Letter’s text also makes clear that the SEC will take a much greater interest in reviewing publicly available documentation apart from SEC filings for potential enforcement.

The Letter makes three main points. First, the SEC will closely review corporate sustainability/ESG reports (“Reports”) often found on corporate websites, regardless of whether linked or incorporated by reference into an SEC filing. Where a Report is more detailed than formal disclosures, the SEC may seek explanation as to the reasoning behind the differentiation. This could not only lead to heightened enforcement, but also compel additional disclosures to conform to the Report. In the alternative, issuers may seek to revise their Reports keeping in mind the same liability standards as an SEC filing would entail.

Second, regarding a company’s risk factors disclosure, the Letter makes clear companies should make a materiality determination regarding climate change risk. Upon a finding of materiality, disclosures should contemplate financial and operational impacts on business, as well as regulatory risks that could affect compliance, business operations, and credit risk, as well as litigation and transaction risks. In pointing to international accords, which presumably include the United Nations convention adopted in 2015 known as the “Paris Agreement,”^[2] the SEC staff expresses the view that international accords are to be considered in a materiality determination.

Third, the same general disclosure principles will apply to the Management’s Discussion and Analysis section. The Letter may require revisions to disclosures to identify and quantify material climate related capital projects, compliance costs, and carbon credits/offsets. The Letter also indicates an expectation, that where material, a discussion should include the effect of climate related legislation/regulation, including international accords, as well as indirect physical consequences. Importantly, the SEC seeks a quantification as well as an analysis of compliance costs and identification of past and/or future compliance costs.

Analysis

The Letter is important for several reasons. First, the SEC appears to be signaling that neither separate legislation nor rulemaking is needed to require disclosures regarding climate change and potentially other ESG matters – so long as the traditional securities materiality standard is at issue.

Second, the SEC is looking beyond formal filings for evidence that could lead to enforcement. While the Letter speaks in terms of corporate social responsibility reports, it is reasonable to expect potential reviews of webpage materials and investor presentations.

Third, the Letter’s express statement seeking quantification of compliance costs relating to climate change may very well require more than a broad brush analysis. For example, for industries with significant methane emissions, an analysis of applicable air emissions regulatory frameworks will likely be necessary.

Risk Mitigation

Given the SEC’s movement on these disclosure issues, Companies should review all current “postings” including website statements and Reports for, among other things, disclosures exceeding those conveyed in SEC filings. Issues to consider include statements of “materiality” that are not tied to SEC materiality standards, such as those associated with ESG reporting regimes. Further, statements about GHG emissions and climate change that tie to objective standards, such as time frames to reduce emissions and similar statements should be reviewed. Disclosures should be harmonized and unless necessary for SEC reporting, Reports should try to avoid using “materiality” terminology, unless it is material under SEC standards. In all events, disclaimers should be utilized where necessary, and should be nuanced to take into account those matters that may be ESG-specific. Where corporate efforts are articulated Companies should consider framing the goals as aspirational, not defined with objective targets, which ultimately may not be met.

To mitigate risk from an operational standpoint, Companies should consider making an applicability determination regarding methane and other “climate based” regulations to operations, because these regulations are in part based on the potential effects of climate change. Regulatory applicability can be a moving target. For example, on June 30, 2021, Congress repealed a Trump administration rule that removed methane from certain regulatory frameworks governing “new sources” in the oil and natural gas sector, including the New Source Performance Standard known as Reg. OOOOa. The reintegration of methane into Reg. OOOOa and the likelihood of technical amendments to it could lead to the need for increased source identification, emissions quantification, permitting, control requirements, as well as leak detection, and equipment repair. Both the cost and effect on business operations may need to be analyzed for materiality. And that is just one industry sector. At this time, Companies should expect revisions not only to the air emissions rules cited above, but new and/or enhanced air regulation and permitting of new and perhaps existing sources of methane. Industries that may be more acutely affected include those conducting certain fossil fuel operations, such as upstream and midstream companies, as well as those in the agricultural sector.

---

 

[1] Commission Guidance Regarding Disclosure Related to Climate Change

[2] Paris Agreement  Further, On September 24, 2021 the International Organization for Standardization (ISO) issued the London Declaration to accelerate a successful achievement of the Paris Agreement.