A compilation of time-sensitive and trending legal and regulatory issues that general counsels and business leaders should be aware of in 2016.
The Yates Memo – A Warning to Execs and Employees: Effects of Explaining the DOJ’s Efforts to Combat Corporate Wrongdoing and Hold Individual Accountable
In September 2015, the Deputy Attorney General issued a memo providing guidance to federal prosecutors investigating corporate misconduct. The new guidance focuses on reviewing individual conduct in the context of corporate investigations. Going forward, companies seeking any credit for cooperating in a government investigation will be required to disclose all relevant facts related to individual misconduct, and individuals will not be released from civil or criminal liability as a matter of course if a company reaches a settlement with the government. This is a significant revision to DOJ policy and highlights more than ever the importance of a robust ethics and compliance program.
New Overtime Requirements
In July of this year, the Department of Labor (“DOL”) revealed its long-anticipated proposed changes to the Fair Labor Standards Act’s overtime exemptions. If enacted in its current form, the proposed rule could be extremely costly for employers. The DOL’s primary proposed change more than doubles the salary threshold for the “white collar” overtime exemptions from $23,660 to $50,440, in an attempt to match the earning threshold at the 40th percentile of weekly earnings for full-time salaried employees. The DOL has estimated that the proposal could affect nearly 5 million workers, all of whom would become eligible for overtime pay. Although there is no deadline for the issuance of the final rule, it is expected to be released in 2016. Anticipating the final rule will be substantially similar to the DOL’s proposed rule, employers should be evaluating their workforces now to determine how to comply with the final rule and whether to implement strategic compensation changes regarding those positions most likely to be impacted.
The Increasing Pressure on Employee/Contractor Classification Risks.
With the pressures of increasing health care costs and the employer mandate under the Affordable Care Act, more and more companies are seeking creative staffing solutions to control labor costs in an increasingly competitive economy. By relying on independent contractor and staffing company relationships, however, employers are both relinquishing some elements of control over the employer-employee relationship while not necessarily eliminating the risks associated with that relationship. As part of broad agency policy initiatives, both the National Labor Relations Board and Department of Labor recently have taken a very broad view as to the elements of control and/or influence over the employment relationship required to hold one company jointly liable as an “employer” of persons who are classified as independent contractors and/or are employed by third parties, such as staffing and leasing companies. Therefore, companies who are using these kinds of alternative work arrangements should not assume safety in them, and instead should implement proactive strategies to minimize the increasing risk of clearly unintended employer liability.
Use of JVs to Best Achieve Business Development Objectives
Joint ventures (JVs) serve as an important means by which companies can achieve business development objectives, such as launching new products or services, entering new markets or geographic territories or expanding market share, at lower cost and lower risk than alternatives such as mergers and acquisitions afford, and in a more responsive and timely manner than could be achieved through organic growth. Particularly when companies are constrained by size, lack of access to IP, expertise or financing, high barriers to entry or a low appetite for transactional risk, JVs can provide growth opportunities that otherwise might not exist. Given continuing globalization of business models and the slow but steady recovery of the U.S. and many international economies, it then comes as no surprise that recent market surveys show JVs to be the preferred path to achieve business development objectives and usage of JV structures are expected to increase over the next several years. Notwithstanding such prevalence of JV usage, survey participants estimated 40 to 60 percent of the JVs they launched underperformed or ultimately failed. The most commonly cited causes for such undesired results are a failure to properly identify and address the risks that accompany complex JV arrangements, and to implement best practices at the early stages of JV planning and structuring. To avoid those pitfalls, companies considering JV formation should appoint a single empowered JV manager, dedicated to the project from inception through launch, who has a clear understanding of the strategic motives for their organization’s participation in the JV and ensures that the structure and terms of the JV, including those relating to governance, liability, sharing of profits and losses, transfer, buyout and exit rights, in each case support such strategic objectives. The extent to which that can be achieved will have a significant impact on whether the JV will succeed and deliver the expected value to their business organization.
Appropriate Preparation for Overseas Expansion through M&A
Due to the highly competitive M&A market in the U.S. and the desire of growing companies to participate in the global economy, companies are finding more compelling investment opportunities overseas than in the U.S. In fact, 84 percent of companies included in EY’s 2015 Capital Confidence Barometer, which was released in April, said overseas expansion is expected to be the focus of their mergers and acquisitions strategy over the next year. Similarly, 80 percent of business executives said that U.S. companies should expand internationally for long-term growth, according to a recent Wells Fargo study. The study also showed that larger companies favor expanding in China (31 percent), India (24 percent) and Brazil (24 percent), while smaller companies favor Canada, Mexico and China (each getting 17 percent). As a result, in house legal departments need to be prepared to help navigate the international M&A process. For example, lack of appropriate planning, communications and structure and lack of a firm understanding of what market based M&A terms are in foreign jurisdictions have lead U.S. buyers to fail to achieve growth overseas. In house legal departments need to be proactive and involved in the initial stage of every overseas M&A transaction by hiring local legal counsel and international financial accounting experts, along with gaining an immediate understanding of the culture and communications necessary to efficiently implement an M&A growth strategy overseas.
Positioning Your Company to Prevail in Arbitration
With litigation and eDiscovery costs on the rise, more companies are embracing arbitration to resolve their business disputes. But how do you avoid arbitration morphing into just another forum for full-blown litigation? And more importantly, how can you shape the arbitration process to maximize your advantage? The answer lies in how you draft the arbitration provisions in your contracts. Stop following the cut-and-paste, one-size-fits-all approach. Instead, let the answers to these four questions guide the terms you include in your provisions: (1) what would a likely dispute look like; (2) which party is better able to fund an arbitration; (3) which party is more likely to need a quick resolution of a likely dispute; and (4) which party will need more documents and depositions in discovery? The resulting language in your provision will help you lock in significant advantages when it comes time to arbitrate.
Take Steps Now to Address the Legal Risks of BYOD and BYOC
Workplace technology has become increasingly decentralized. By now, you’ve probably heard of “Bring Your Own Device” or BYOD programs where employees use their own mobile devices (smartphones, tablets, and laptops) for work. Lesser known, but increasingly prevalent, is the practice of “Bring Your Own Cloud” or BYOC, where employees, through personal accounts, use cloud service providers—like Dropbox, Evernote, or Box—for their work. Whether employees are authorized to use BYOD and BYOC or not, they are doing so. While the benefits are many, so are the risks. Smart companies need to take steps now to protect their intellectual property, address privacy and data security risks, and to prepare for the ediscovery challenges posed by BYOD and BYOC. A first step in this regard is to adopt a robust BYOD and BYOC policy that outlines acceptable uses, required security procedures, and obligations for ediscovery. This policy change should be concomitant with implementation of the appropriate technological safeguards, such as a mobile application management platform.
Non-breached Companies Now at Risk from “Liability Shift” in Payment Fraud
Data breaches are becoming increasingly prevalent and increasingly costly for businesses that find themselves to have been breached. That is nothing new. But, as of October 2015, there has been a monumental change in the way businesses that have not experienced a breach may be compelled to shoulder the fallout following the mass theft of payment card data. Specifically, those merchants that have not implemented point-of-sale terminals capable of accepted “chip” cards could find any revenue they receive associated with counterfeit card transactions stripped away under revised rules promulgated by the card brands. Understanding the EMV “liability shift” is essential to ensuring that your company is protecting its profits from the ever-expanding data breach threat.
Invalidation of the EU Safe Harbor: Let it Ride, or Take Action to Protect Your Company
On October 6th, the European Court of Justice (ECJ) issued a landmark ruling, in Schrems v. Data Protection Commissioner, effectively striking down the European Union/US Safe Harbor Program, utilized by more than 4,000 companies, as a means for lawfully transferring personal information from the European Union to the United States. The opinion is important for any company that transfers personal data to the US from the 28 EU Member States (or other countries that recognized the Safe Harbor program as a legitimate means for transferring personal data, such as Switzerland, Israel, and Dubai). European Data protection officials are threatening coordinated enforcement actions if a negotiated replacement for the Safe Harbor program or other lawful transfer mechanisms are not in place by the end of January 2016. Companies should identify what types of data and data flows they have coming from the EU or other countries, and consider the risk of waiting to see if a new Safe Harbor is completed vs. the necessity of implementing other legal strategies, such as binding corporate rules, standard contractual clauses, or consent, to facilitate continued transfers of personal data. Companies should also implement measures to ensure that contractors and subcomtractors are implementing measures to comply, and that business practices are modified to ensure that the company is following the practices that a model contract or other remedy may impose.
Selecting Cyber Insurance Requires Careful Computations
Data breaches and cyber-attacks are increasingly common occurrences, and the cost of a data breach continues to climb – IBM and the Ponemon Institute estimate that the average total cost of a single data breach was $3.79 million in 2014, with a cost-per record cost of $154. Companies continue to spend on data security to protect themselves, spending is expected to be more than $75 billion on data security in the US alone in 2015. One way to mitigate the costs and the risk is to consider purchasing cyber insurance as a means of protecting against potential costs arising from a breach or other covered events. Cyber insurance policies have been rapidly developing over the past several years, as some insurers and courts have taken the view that traditional commercial general liability policies do not necessarily cover data breaches. There is a wide range of cyber insurance options and companies should carefully consider what they are looking for in a cyber insurance policy, such as the level of support the insurer provides, deductibles, whether you can choose your own team in the event of a breach, policy costs and types of coverage. Given the wide range of risks and types of coverage, companies should consider hiring experienced counsel to evaluate the risk and ideal type of coverage for your business. Companies that already have cyber insurance should consider periodically reviewing their coverage, as cyber insurance as well as cyber risks continue to evolve and the company’s needs may have changed.
Atlanta Imposes New Sustainability Requirements for Commercial Buildings
The Atlanta City Council passed an ordinance in April 2015 to increase energy and water efficiency within the commercial sector by requiring energy and water use benchmarking and disclosure, and facility energy audits. The provisions for “retro-commissioning,” a process to identify and correct building system problems to maximize performance, are currently optional, but may become mandatory. Atlanta’s latest legal move, effective immediately, is a substantive step toward environmental regulation of privately owned buildings. The 2015 law applies to all privately held Class C (commercial), E (tax exempt), P (preferential) and V (conservation) (as defined by the Georgia Department of Revenue) properties that (i) exceed 50,000 gross square feet in total combined floor area, or (ii) are held in a condominium form of ownership governed by the same board of directors and total floor area exceeds 50,000 square feet. For private properties, the threshold is reduced to 25,000 gross square feet after Jan. 1, 2017. The obligations attach to “owners,” defined to include fee title owners, single tenant triple net lessees, net lessees with a 49-year or more term lease, condominium boards of directors, cooperative apartment corporation boards of directors, and agents authorized by any of the above. As of July 2015, owners of all covered properties must track and disclose total energy and water consumption, as well as output information such as greenhouse gas emissions, for the previous calendar year and continue to do so every Sept. 1 thereafter. Every 10 years, owners must perform an audit on energy and water use on the base building systems and file a summary report with the city. The audit should (1) analyze all reasonable measures, including capital improvements, that would reduce energy and water use and/or the cost of operating the building, and (2) recommend certain measures and analyze the expected energy and water savings. The list of all covered properties and much of the data will be publicly available. Although there are various exemptions available in the new law, including properties where more than 50 percent of the tenants are residential, building owners and tenants are advised to ensure that (1) there are adequate systems and tools in place to capture and measure all energy and water use as well as greenhouse emissions, (2) leases allow for/require the exchange of required information, (3) the public disclosure of information will be received in a productive manner, and (4) costs for retrofitting buildings are anticipated, in the event the law is amended to require renovation.