chevron-down Created with Sketch Beta.

The Business Lawyer

Fall 2024 | Volume 79, Issue 4

Corporate Compliance Survey

Stephen Martin Naughton

Summary

  • The survey discusses developments in six separate compliance-related areas.
  • Part I reviews guidance and directives issued by the United States Department of Justice (“DOJ”) since March 2023.
  • Part II examines significant compliance cases during that period and specifically those related to the Foreign Corrupt Practices Act, as well as analyzing significant legislative activity, particularly the Corporate Transparency Act (“CTA”) and the Foreign Extortion Prevention Act (“FEPA”).
  • Part III discusses developments in the treatment of corporate whistleblowers, and Part IV reviews and updates Professor McGreal’s treatment of the Caremark doctrine decisions.
  • Part V discusses the recently adapted SEC Climate Change Rules, and Part VI examines matters before the National Labor Relations Board (“NLRB”).
  • Part VII concludes with an update on the attorney-client privilege. 
Corporate Compliance Survey
iStock.com/vovol

Jump to:

This is the fifteenth survey from the Corporate Compliance Committee. This survey summarizes selected legal developments regarding corporate compliance and ethics programs, consisting of organizational codes of conduct, policies, and procedures designed to achieve compliance with applicable legal regulations and internal ethical standards. For an overview and introduction to this subject generally as well as updates from past years, please see prior surveys. This update assumes familiarity with the subject generally.

The survey discusses developments in six separate compliance-related areas since the Spring 2023 edition of The Business Lawyer. Part I reviews guidance and directives issued by the United States Department of Justice (“DOJ”) since March 2023. Part II examines significant compliance cases during that period and specifically those related to the Foreign Corrupt Practices Act, as well as analyzing significant legislative activity, particularly the Corporate Transparency Act (“CTA”) and the Foreign Extortion Prevention Act (“FEPA”). Part III discusses developments in the treatment of corporate whistleblowers, including the U.S. Supreme Court decision in Murray v. UBS Securities, LLC. Part IV reviews and updates Professor McGreal’s treatment of the Caremark doctrine and the Delaware Chancery courts’ decisions relating to that doctrine in three cases decided in the past year. Part V discusses the recently adapted SEC Climate Change Rules. Part VI examines matters before the National Labor Relations Board (“NLRB”), including its examination of various employer policies. Finally, Part VII concludes with an update on the attorney-client privilege relating to in-house attorneys and possible dual-purpose communications considering the In re Grand Jury case.

The author would like to acknowledge and thank Professor Paul McGreal for his outstanding contribution to previous surveys and numerous articles on the subject, as well as to his overall scholarship relating to the compliance profession. In following Professor McGreal in this exercise, the author understands how Pete Myers must have felt in October 1993.

I. DOJ Compliance Guidance

Corporate compliance has become a “system of self-governance established by a business organization seeking to conform its conduct to the demands of public policy.” Compliance consists of two elements: “management commitment to do the right thing” and “management steps to make this happen.” The government has provided periodic counsel to the corporate world on how to take such steps, with the Fraud Section of the U.S. Department of Justice (“DOJ”) last updating its Evaluation of Corporate Compliance Programs in March 2023 (the “2023 Evaluation Guidance”). A brief summary of the major pronouncements by the DOJ follows to provide a short history and context to the specific guidance provided in the past year.

The DOJ issued its inaugural Evaluation of Corporate Compliance Programs in February 2017 (the “2017 Evaluation Guidance”) as a resource for companies in their design and implementation of corporate ethics and compliance programs. The 2017 Evaluation Guidance provided 119 questions addressing a wide range of issues facing companies.

In April 2019, the Criminal Division of the DOJ revised and expanded the Evaluation document (the “2019 Evaluation Guidance”). In this iteration, the DOJ offered a streamlined analysis focusing upon just three core questions:

  • 1. Is the compliance and ethics program “well designed”?
  • 2. Is it “being implemented effectively”?
  • 3. Does the program “work in practice”?

In June 2020, the DOJ released its third evaluation guidance (the “2020 Evaluation Guidance”). This document followed the April 2019 Guidance closely but changed the second question from whether a compliance program was “being implemented effectively?” to “[i]s the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?”

While DOJ provided guidance in the form of revised Evaluation Guidance, DOJ leaders periodically gave additional instruction either through speeches or memoranda. In September 2021, Deputy U.S. Attorney General Lisa Monaco issued the “Monaco Memo.” One observer noted that the Monaco Memo signaled that the DOJ was implementing a “substantial shift toward a more aggressive approach in corporate crime matters—especially in terms of DOJ’s expectations for the pace of corporate internal investigations and related disclosures to DOJ.” In her memorandum, Monaco provided the following guidance:

  • Instructed DOJ to develop further guidance on investment in new technologies, including artificial intelligence;
  • Restored prior DOJ guidance—specifically the need for corporations to provide non-privileged information about all individuals involved in misconduct for eligibility for cooperation credit;
  • Emphasized relevance of the corporation’s full criminal, civil, and regulatory history in making charging decisions, even if dissimilar from the conduct at issue; and
  • Noted that prosecutors are free to require the imposition of a corporate monitor when they determine it is appropriate.

The 2023 Evaluation Guidance provides a detailed outline of numerous factors for prosecutors to consider in “making informed decisions as to whether and to what extent the corporation’s compliance program was effective at the time of the offense and is effective at the time of the charging decision or resolution.” To that end, prosecutors should ask three “fundamental questions”:

  • 1. Is the corporation’s compliance program well designed?
  • 2. Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?
  • 3. Does the corporation’s compliance program work in practice?

While the guidance was quite detailed, two major takeaways should be considered when reviewing the 2023 Evaluation Guidance.

First, the DOJ emphasized the importance of both clear consequence management procedures and compensation policies promoting compliance and deterring misconduct. This is particularly noteworthy when considered in conjunction with the DOJ’s Pilot Program discussed below. The Guidance specifically noted that:

In evaluating whether the compensation and consequence management schemes are indicative of a positive compliance culture, prosecutors should consider the following factors:

  • Human Resources Process—including who participates in making disciplinary decisions; how transparent is the process; are actual reasons for discipline communicated; is the process applied consistently.
  • Disciplinary Measures—including what types of discipline are taken; are policies in place to recoup compensation from wrongdoers; has the company made good faith efforts to follow its own policies where there has been misconduct.
  • Consistent Application—including fair and consistent application of disciplinary actions and incentives; compliance function’s monitoring of its investigative practices; similar instances of misconduct treated consistently; metrics used to track performance.
  • Financial Incentive System—including whether a company has considered the financial impact of its financial rewards and incentives system; if so, how does the company actually incentivize compliance and ethical behavior; is the compliance function involved in this process.

Second, one of the true points of emphasis of the 2023 Evaluation Guidance corresponded to corporations’ communication platforms. In a December 1, 2022, speech at the 39th American Conference Institute International Conference on the FCPA, Deputy Assistant Attorney General Nicole M. Argentieri cautioned that third-party messaging tools threaten “companies’ ability to ensure [that] they have a well-functioning compliance program and ability to access such communications when necessary.” This echoed guidance in the Monaco Memo, which instructed that “all corporations with robust compliance programs should have effective policies governing the use of personal devices and third-party messaging platforms.”

The 2023 Guidance noted that when prosecutors evaluate a compliance program, they will be required to evaluate a company’s “policies and procedures governing the use of personal devices, communication platforms, and messaging applications.” Companies must ensure that business-related communications are accessible and preserved to the greatest extent possible and that these policies are enforced “on a regular and consistent basis in practice.”

In parallel to the issuance of the 2023 Evaluation Guidance, the DOJ initiated the three-year Compensation Incentives and Clawbacks Pilot Program (the “Pilot Program”) for relevant future Criminal Division resolutions. The Program advocates that corporate resolutions include compliance-promoting behavior to the defendant company’s compensation systems. This Pilot Program includes guidelines for employee compensation, bonuses, and clawbacks from wrongdoers, specifically:

  • A prohibition on bonuses for employees who failed to satisfy compliance performance requirements;
  • Disciplinary measures for employees who violate applicable policies and others who had both (a) had supervisory authority over the employee(s) or business area engaged in the misconduct, and (b) knew of, or were willfully blind to, the misconduct; and
  • Incentives for employees who demonstrate full commitment to compliance processes.

The Pilot Program also provides that participating companies may qualify for a deferred reduction of fines and penalties through full cooperation, prompt remediation, and, critically, with the implementation of a clawback policy for employees who engaged in misconduct.

The DOJ also published its Revised Memorandum on the Selection of Monitors in Criminal Division Matters in March 2023 (known popularly as the “Polite Memo”). The Polite Memo augments 2018 guidance from the DOJ regarding the selection of corporate monitors, adding that:

  • 1. Monitors are not disfavored and will be used in appropriate circumstances;
  • 2. Prosecutors may consider additional factors when determining whether to impose a monitor, including whether:
    • a. The business organization acted in a manner that was consistent with DOJ’s voluntary self-disclosure policy;
    • b. Compliance personnel’s or the failure of compliance personnel to act contributed to the underlying misconduct;
    • c. The company properly investigated the misconduct and implemented adequate and necessary remedial measures;
    • d. The company's risk profile, at the time of resolution, reduces the likelihood of recidivism;
    • e. The company faces any unique risks or compliance challenges due to the nature of its industry, customers, and or geographic profile; and
    • f. The company is subject to oversight by industry regulators or is receiving a monitor from another domestic or foreign enforcement authority or regulator.
  • 3. Emphasis on DOJ’s commitment to focusing on diversity and inclusion when evaluating monitor candidates; and
  • 4. Increasing the period from two to three years before a monitor can be employed by, or affiliated with, the monitored entity.

On October 4, 2023, DAG Lisa Monaco announced a new DOJ policy, the Mergers & Acquisitions Safe Harbor Policy. In a continuation of the Department’s policy of encouraging voluntary self-disclosure, entities availing themselves of this safe harbor will not be prosecuted for wrongdoing by an acquired company under certain conditions. This policy motivates acquiring companies to disclose misconduct by the acquired company during the M&A due diligence process. To receive credit from the DOJ under this program, the acquiring company must:

  • Disclose misconduct threatening national security or involving ongoing, imminent harm immediately upon discovery;
  • Disclose possible misconduct within six months of the transaction closing date; and
  • Remediate disclosed misconduct within one year of the transaction closing date.

Both deadlines may be extended by the DOJ depending upon the complexity of the case. Companies should also note that the Safe Harbor Policy applies only to possible criminal conduct.

Other governmental agencies have furnished important and often extensive instruction on compliance-related matters. For example, the Office of Inspector General (OIG) of the Department of Health and Human Services published its General Compliance Program Guidance (“GCPG”) as a comprehensive (ninety-one-page) reference guide for healthcare stakeholders on November 6, 2023. The GCPG represents the first comprehensive compliance guidance by OIG, although it should be noted that the OIG previously published an outstanding risk assessment outline for healthcare stakeholders.

A remarkably detailed tome, the GCPG offers a user-friendly text of which practitioners—even outside the health care arena—should avail themselves. While developed specifically for the healthcare community, the GCPG provides an exhaustive reference guide with links for practitioners in all areas of the ethics and compliance profession. OIG emphasized throughout the document that the GCPG represents voluntary guidance and that the resource is “not intended to be one-size-fits-all, completely comprehensive or all-inclusive of compliance considerations and fraud and abuse risks for every organization.” The GCPG specifically includes quality and patient safety in its guidance and states that healthcare companies should incorporate quality and patient safety into their compliance programs.

For professional compliance officers, OIG’s stance on the independence of the CECO role is noteworthy for its candor. GCPG expressly addresses an organization’s chief ethics and compliance officer’s role and positioning specifying that “the compliance officer should not lead or report to the entity’s legal or financial functions, and should not provide the entity with legal or financial advice or supervise anyone who does.” The OIG leaves no doubt that compliance officers must be independent in practice and not merely in name.

A. Update to Guidance regarding Ephemeral Messaging

On January 26, 2024, the DOJ and the Federal Trade Commission (the “FTC”) announced that they were updating their guidance regarding a company’s preservation obligations, specifically relating to language in their "standard preservation letters and specifications for all second requests, voluntary access letters, and compulsory legal process, including grand jury subpoenas, to address the increased use of collaboration tools and ephemeral messaging platforms in the modern workplace." This action was announced because “companies have not always properly retained these types of documents during government investigations and litigation.”

Assistant Attorney General Kenneth A. Polite, Jr. explained that the DOJ would not accept at "face value" a company's unexplained failure to produce communications from off-network messaging apps. In that speech, Polite provided this analysis for Electronic Communication Channels (“ECCs”):

When a company permits the use of ECCs, how were its decisions affected by applicable laws and business functions? Has the company implemented mechanisms to preserve information within each ECC? Has the company implemented preservation or deletion settings in accordance with its policies for each type of employee? What rationale underlies each of those decisions?

These messages clearly underscore the DOJ’s emphasis upon diligent retention of ephemeral messaging: phone applications whose messages exist for short periods of time, like WhatsApp and Snapchat. In September 2022, the U.S. Securities and Exchange Commission (“SEC”) announced combined penalties of $1.1 billion against fifteen broker-dealers and one affiliated investment adviser for “widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications.” The Commission noted that the firms’ employees routinely communicated about business matters using text messaging applications on their personal devices but the firms did not “maintain or preserve the substantial majority of these off-channel communications, in violation of the federal securities laws.” In March 2023, Google was sanctioned for failing to preserve chat messages where Google failed to set a default hold on all such messages. Google also failed to monitor the preservation of that evidence.

What should a company do considering this “laser focus” by regulators on ephemeral messaging? Mark Helkamp, a partner of two of the true leading lights in the ethics and compliance industry, Kristy Grant-Hart and Ellen Hunt, suggested that companies use a risk-based approach, including:

  • Integrating ephemeral messaging platforms into the company’s information governance program;
  • Assessing the company’s use of ephemeral messaging platforms both domestically and abroad;
  • Assessing the compliance functionality of the ephemeral messaging technology implemented;
  • Adopting written policies (relative to ephemeral messaging);
  • Training and awareness campaigns of the ephemeral messaging policies and standard operating procedures (SOPs) that are clearly understood by employees;
  • Continuous monitoring to ensure employees are complying with ephemeral messaging policies; and
  • Conducting periodic audits of devices.

B. Pronouncement Regarding Artificial Intelligence

In a speech before the American Bar Association’s National Institute on White Collar Crime in San Francisco on March 7, 2024, Deputy Attorney General Lisa Monaco announced that, where artificial intelligence is “deliberately misused to make a white-collar crime significantly more serious, our prosecutors will be seeking stiffer sentences—for individual and corporate defendants alike.” Monaco continued, saying that the Department will consider a firm’s ability “to manage AI-related risks as part of its overall compliance efforts.” Monaco has directed the Criminal Division to “incorporate assessment of disruptive technology risks—including risks associated with AI—into its guidance on Evaluation of Corporate Compliance Programs.”

On April 4, 2024, five federal agencies joined the Justice Department in pledging to enforce civil rights laws in artificial intelligence. Those five departments, the Department of Education, Department of Health and Human Services, the Department of Homeland Security, the Department of Housing and Urban Development, and the Department of Labor, joined a pledge to “uphold America’s commitment to core principles of fairness, equality and justice as new technologies like artificial intelligence (AI) become more common in daily life.” Assistant Attorney General Kristen Clark of DOJ’s Civil Rights Division stated “[f]ederal agencies are sending a clear message: we will use our collective authority and power to protect individual rights in the wake of increased reliance on artificial intelligence.”

The DOJ has clearly led the agencies’ focus on artificial intelligence and its growing influence on business and daily life. Compliance officers must recognize this focus and acknowledge the steadily growing use and assimilation of artificial intelligence into all aspects of business operations. In her speech to the ABA’s National Institute on White Collar Crime, DAG Monaco announced the “Justice AI” initiative, a cooperative think tank of leaders in industry, academia, and law enforcement to consider the effects of artificial intelligence and how to address the ramifications of its use.

II. Significant Compliance and FCPA Cases and Legislative Activity

A. Rio Tinto

Rio Tinto paid illegal bribes to senior Guinean officials to secure or re-acquire mining rights in various regions. Rio retained a consultant with ties to a senior Guinean official responsible for mining rights. The two had attended the same school in Paris. The consultant sought $10.5 million as payment for four months’ work; Rio paid the consultant a total of $3.5 million, contingent on Rio Tinto retaining specific mining rights.

Shortly after Rio Tinto made an initial payment to the consultant, the consultant attempted to transfer $822,506 from its Swiss bank account to a Hong Kong company owned by a Guinean national with links to government officials. Payments to the consultant were not accurately reflected in Rio Tinto’s books and records, as required by the FCPA.

As a result of its misconduct, Rio Tinto agreed to pay a $15 million penalty for violations of the books and records and internal controls provisions of the FCPA.

B. Corficolombiana

A major Colombian finance company, Corficolombiana, entered into a three-year deferred prosecution agreement (“DPA”) and paid over $80 million in total to the DOJ ($40.6 million) and SEC ($40 million) for bribery payments it made totaling $23 million.

Corficolombiana and its client, Odebrecht, paid those bribes to Colombian officials in exchange for highway construction contracts worth as much as $350 million, without any formal tender or competitive bidding processes. To facilitate its scheme, Corficolombiana used layers of intermediaries to funnel payments for sham invoices and no-work contracts to bribe legislative and executive branch officials. The DOJ awarded a 30 percent discount to Corficolombiana for its significant cooperation and remediation.

Remedial measures cited by DOJ included Corficolombiana’s (i) timely disclosure of facts gleaned from its internal investigation; (ii) making of numerous detailed presentations to DOJ officials; (iii) production of essential documents in strict compliance with foreign data privacy laws; (iv) provision of sworn testimony from relevant witnesses the government could not interview; (v) proactive identification of additional facts not known to the government; and (vi) collection and production of a large volume of documents, including translations of those not in English.

C. Albemarle

In the largest FCPA settlement in 2023, Albemarle, a specialty chemicals company, entered into a non-prosecution agreement (”NPA”) for bribes paid in Vietnam, Indonesia, and India. Between 2009 to 2017, Albemarle paid bribes through third-party sales agents and subsidiary employees to secure valuable chemical catalyst contracts with state-owned refineries in Southeast Asia. The DOJ discounted the penalty to Albemarle because the company clawed back some of the bribes. Albemarle also received credit for paying a large SEC penalty of $103 million. Ultimately, the DOJ awarded a 45 percent discount from the bottom of the sentencing guideline range for Albemarle.

Albemarle’s reliance on third parties was often based on inadequate due diligence. For example, a third party in Vietnam demanded excessive and increased commission rates/payments. An agent in Indonesia told Albemarle officials he needed an increase in commissions to pay bribes to PERTAMINA officials, but Albemarle officials never reported that improper request.

Albemarle did not earn the full benefit of voluntary disclosure because it waited over sixteen months from the initial disclosure of improper conduct in Vietnam. Nonetheless, the DOJ recognized Albemarle’s extensive remediation after learning of the misconduct. Those steps included:

  • Initiating remediation before DOJ learned of the investigation;
  • Disciplining employees, eleven of whom were terminated, and withholding bonuses from sixteen employees;
  • Restructuring business operations to reduce reliance on third parties; and
  • Implementing data analytics and continuous monitoring and audit program.

D. Freepoint Trading

Freeport Trading, a commodities trading company based in Stamford, Connecticut, agreed to a three-year DPA with the DOJ on December 14, 2023. The case arose from individual prosecutions of a bribe recipient, the indictment of a Petrobras official, and subsequent prosecutions against two Freepoint traders in early 2023. The bribery scheme was funded through a fraudulent consulting agreement and inflated commission payments. As part of the agreement, Freepoint agreed to pay over $98 million in penalties and to disgorge more than $7.6 million to the Commodities Futures Trading Commission (“CFTC”).

Freeport paid bribes to officials at Petrobras, a state-owned Brazilian multinational oil and gas company, in exchange for confidential information and preferential treatment relating to lucrative fuel oil contracts. The firm had settled previously with the CFTC for $7.5 million, which was ultimately offset against the DOJ penalty.

E. SAP

In January 2024, DOJ announced a settlement with SAP, the multinational business operations software provider, arising from claims of FCPA violations in South Africa, Indonesia, Malawi, Kenya, Tanzania, Ghana, and Azerbaijan.

SAP entered into a three-year DPA. SAP received a 40 percent discount from the applicable sentencing guidelines because of its cooperation with the DOJ. While SAP did not voluntarily disclose the matter, it cooperated when reports of violations became public. SAP was credited for making employees and officers available for interviews, translating foreign language documents into English, and diligently preserving the electronic communications of employees whose conduct was in question.

Notably, the DOJ noted SAP’s commendable remediation work, including in-depth root cause analyses; enhancements to its compliance program; adjustments to compensation incentives; and withholding of bonuses. In an interesting post-settlement note, Matt Kelly of the Radical Compliance Blog wrote that SAP assigned one of its internal compliance professionals to be the company’s “monitorship compliance officer.” In explaining the arrangement, Kelly said that this “enhanced reporting” requirement “reflects how companies are responding to FCPA settlements these days, when those settlements require so much enhanced reporting to the Justice Department that the offending company might as well treat the arrangement as a monitorship anyway.”

F. Gunvor

On March 1, 2024, Gunvor S.A. pled guilty to one count of conspiring to violate the FCPA by bribing Ecuadorian officials and was ordered to pay $661 million in criminal penalties.

For nearly a decade, Gunvor representatives bribed high-level government officials at Ecuador’s state-owned oil company. Gunvor paid nearly $100 million in bribes as part of this scheme. The bribes included the purchase of an 18-karat gold Patek Philippe wristwatch for a high-ranking official at Petroecuador. The $661 million figure consists of a criminal monetary penalty of more than $374 million and to the forfeiture of more than $287 million in illicit profits. Gunvor received a credit of $93 million for its payments to the Swiss and Ecuadorian governments.

Owing to the seriousness of the misconduct at issue in the Gunvor case, the DOJ did not permit the firm to enter into a deferred or non-prosecution agreement. Instead, the DOJ required the company to plead guilty to one count of conspiracy under the FCPA.

G. Ericsson

On March 2, 2023, the DOJ announced that the Swedish telecommunications company Ericsson had agreed to plead guilty and pay more than $206 million after breaching the cooperation and disclosure provisions of a 2019 FCPA Deferred Prosecution Agreement.

DOJ first notified Ericsson that it had breached the DPA in October 2021 by “failing to provide certain documents and factual information.” Specifically, DOJ alleged that Ericsson withheld evidence relating to several foreign bribery schemes, impeding prosecutors’ ability to bring charges against those responsible. The DOJ’s March 2023 announcement reflected a decisive move—to rescind Ericsson’s DPA altogether. As with all DPAs, the DOJ was within its discretion to unilaterally assess Ericsson’s compliance, or non-compliance, with the agreement. Deemed to have breached the agreement, Ericsson elected to plead guilty to the original charges and pay a further criminal penalty of $206 million, in addition to the $520 million criminal penalty that it paid upon entering the DPA five years earlier.

In a press release announcing Ericsson’s guilty plea, Assistant Attorney Polite warned companies subject to DPAs that the DOJ “will closely scrutinize their compliance with all terms of corporate resolution agreements and that there will be serious consequences for those that fail to honor their commitments.”

H. Trafigura

Another commodities trading company, Trafigura (aka Trafigura Beheer B.V.), based in Switzerland, entered a guilty plea and agreed to pay $126 million as part of an agreement with the DOJ for FCPA violations in Brazil. This plea arose from Trafigura’s scheme to pay bribes to Brazil’s state-owned petroleum company, Petroleo Brasilerio S.A. (“Petrobas”), a familiar name to those following DOJ and other governmental settlements. The DOJ ultimately provided Trafigura with a 10 percent cooperation credit as the settlement noted that Trafigura failed to preserve and produce evidence in a timely manner.

One observer underscored the importance of the Trafigura investigation in the context of DOJ’s larger sweep of the commodities trading industry. Mike Volkov, a leading practitioner in the field, noted that the “DOJ’s success is reflected in its six separate corporate resolutions and twenty (20) individual convictions, resulting in over $1.7 billion in penalties.” In addition to the Freeport, Guvnor, and Trafigura cases discussed above, the DOJ’s commodities trading industry sweep included Sargeant Marine Inc. in 2020; Vitol Inc. in December 2020; and Glencore International AG in 2022.

Volkov noted that the global commodity trading companies have a “high-risk profile,” as they engage in large trading activities, typically involving state-owned enterprises. Beyond operating in a high-risk industry, Trafigura (like several of its competitors) failed to maintain any proper third-party due diligence or risk management program.

III. Key Learnings from DOJ Guidance and Settlements in the Past Year

  • 1. The DOJ continues its active encouragement of companies to self-disclose possible violations of law—a theme that the Department trumpets at every opportunity;
  • 2. Regulators really do not want to hear excuses about ephemeral messaging:

On January 26, 2024, DOJ’s Antitrust Division and the Federal Trade Commission (“FTC”) announced that they are “updating language in their standard preservation letters and specifications for all second requests, voluntary access letters, and compulsory legal process, including grand jury subpoenas, to address increased use of collaboration tools and ephemeral messaging platforms in the modern workplace.”

  • 3. The DOJ expects companies to invest substantially in compliance with an emphasis upon culture; and
  • 4. Regulators are trying to stay ahead of advances in technology and particularly with artificial intelligence.

IV. Legislative Update

Corporate Transparency Act

The Corporate Transparency Act (the “CTA”) (31 U.S.C. § 5336) represents the U.S. Treasury Department’s attempt to identify the true “beneficial owners” of businesses created in or registered to do business in the United States as part of the Anti-Money Laundering Act of 2020. The Act allows Treasury to get behind the array of shell companies designed to hide or camouflage who owns or controls the assets of various entities. The purpose of the Act is to require “entities to submit beneficial ownership information to FinCEN and provid[e] timely access to this information to law enforcement, financial institutions, and other authorized users . . . to help combat corruption, money laundering, terrorist financing, tax fraud, and other illicit activity.”

The Act requires “reporting companies” to disclose information regarding an entity’s beneficial owners, effective as of January 2024. Reporting companies may be organized domestically or abroad and include corporations, limited liability companies, and other entities created by filing a document with a secretary of state (or foreign equivalent). A qualifying legal entity must furnish identifying information to the Financial Crimes Enforcement Network (FinCEN)—a bureau of the U.S. Department of the Treasury—concerning the person or persons who beneficially own and control the entity.

Under the CTA, reporting companies must disclose any beneficial owner who has a significant (at least 25 percent) direct or indirect ownership stake or exercises a similar level of control over the company’s assets or equity. Updated reports must be filed under certain circumstances, such as when a beneficial owner changes their name or address or the entity comes under the substantial control of a previously undisclosed person (even if that person does not take an ownership interest).

Reporting companies created or registered to do business before January 1, 2024, must submit a Beneficial Ownership Information (BOI) Report to FinCEN by January 1, 2025. Reporting companies created or registered on or after January 1, 2024, have ninety calendar days from when the entity is notified that its registration has been made effective to file their respective BOI reports. Companies registered on or after January 1, 2025, will have just thirty days from when they have actual or public notice that the company’s registration is effective to file their initial BOI reports with FinCEN. FinCen estimates that over thirty million entities will file BOI reports this year under the CTA.

Court challenges to the Corporate Transparency Act were immediate. On March 1, 2024, Judge Liles C. Burke of the Northern District of Alabama ruled that the terms of the CTA were unconstitutional in National Small Business United v. Yellen, contending that it exceeded the constitutional limits of Congress’s legislative powers as it “cannot be justified as an exercise of Congress’s enumerated powers.” The trial court stayed reporting obligations under the CTA on a very limited basis, applying that ruling to only the parties expressly included in the Alabama case itself, holding that:

(all other) “reporting companies are still required to comply with the CTA and file beneficial ownership reports as provided in FinCEN’s regulations.”

FinCEN released a notice after Judge Burke’s ruling emphasizing the narrow application of the ruling. In its notice, dated March 4, 2024, FinCEN said that it will comply with the court’s order and “is not currently enforcing the [Act] against the plaintiffs in the action. . . . Those individuals and entities are not required to report beneficial ownership to FinCEN at this time.” FinCEN updated the March 4 Notice on March 11 to reflect that a notice of appeal was filed in the case to the U.S. Court of Appeals for the Eleventh Circuit. The bottom line remains that most entities who were not direct parties in the National Small Business Association case will probably need to file the necessary disclosures under the CTA as scheduled this year. As always, if in doubt, consult your attorney.

V. Foreign Extortion Prevention Act (“FEPA”)

On December 21, 2023, President Biden signed the Foreign Extortion Prevention Act (“FEPA”) into law. FEPA is intended to complement the Foreign Corrupt Practices Act of 1977 (“FCPA”), and addresses a perceived gap in the FCPA. While foreign bribery cases under the FCPA focused the government’s resources on prosecuting the payors of bribes, FEPA is designed to reach the “demand-side” of bribery by making it illegal for foreign officials to demand or receive improper payments.

Senator Sheldon Whitehouse (D-RI) has said that FEPA “sends a clear message to international kleptocrats and criminals seizing any and every opportunity to extort American businesses and undermine our national security that demanding a bribe from American companies will not be tolerated.”

Scott Greytak, Director of Advocacy for Transparency International U.S., commented on the expected impact of the FEPA:

Current U.S. law makes it a crime for an American or American company to offer a bribe to a foreign official yet does nothing to punish a foreign official who demands or accepts such a bribe. And research shows that the vast majority of bribe-demanding foreign officials are never criminally prosecuted by their home governments. When these corrupt officials face little threat of prosecution by either their home governments or the U.S. Government—while U.S. companies face serious criminal liability for their involvement in such schemes—we’re left with incomplete justice. It’s time for the United States to impose a cost on those who would threaten Americans’ safety and livelihood with bribe demands. FEPA would create a powerful new tool for fighting foreign corruption at its source and for protecting Americans and American businesses working abroad.

FEPA amended the federal domestic bribery statute (18 U.S.C. § 201) to designate foreign officials among those prohibited from soliciting, demanding, or receiving bribes. FEPA also includes a relatively broad definition of “foreign official” that extends to senior political party officials. A senior foreign political figure is any current or former individual who is a:

  • Senior official in the executive, legislative, administrative, military, or judicial branches of a foreign government (whether elected or not);
  • Senior official of a major foreign political party;
  • Senior executive of a foreign government-owned commercial enterprise;
  • A corporation, business, or other entity that has been formed by, or for the benefit of any such individual;
  • An immediate family member of any such individual; or
  • A person who is widely and publicly known to be a close associate of such individual.

Violation of FEPA may include (but is not limited to) fines and up to fifteen years of imprisonment.

As for immediate implications of the passage of the Act, compliance professionals should review and update their corporate policies and their training and awareness programs to reflect relevant changes. Interestingly, FEPA has no affirmative defenses. Moreover, unlike the FCPA, the FEPA does not contain an exception for facilitation payments.

VI. Whistleblowers

The United States Supreme Court unanimously ruled in favor of a whistleblower in Murray v. UBS Securities, LLC, on February 8, 2024. The Court held that to prove actionable retaliation under the Sarbanes-Oxley Act (18 U.S.C. § 1514A) (“SOX”) employees must prove only that their protected activity was a “contributing factor” in an employer’s adverse action against the employee. The Court specifically held that the employee does not need to prove that his or her employer acted with “retaliatory intent.” In the Murray case, the plaintiff claimed that his employer, UBS, fired him after he reported that two of his managers pressured him to change a report. As a research strategist for UBS, the plaintiff was required under SEC regulations to certify that his reports were “independently produced and reflected his own views.”

Trevor Murray filed suit, alleging that Section 1514A of SOX prohibits publicly traded companies from taking adverse employment actions against employees who “provide information, cause information to be provided, or otherwise assist in an investigation” regarding any conduct that the employee reasonably believes constitutes a violation of any SEC rule. In the underlying case, the jury found that UBS failed to prove that it would have fired the plaintiff even if he had not engaged in the protected activity. The jury awarded Murray $900,000 in damages and over $1.7 million in attorneys’ fees. On appeal, the Second Circuit vacated the award, holding that “retaliatory intent is an element of a Section 1514A claim.”

Justice Sotomayor, writing for the Court, held that Section 1514 A does not refer to or include a “retaliatory intent” requirement. Moreover, SOX’s “mandatory burden-shifting framework” transfers the burden to employers and that Congress decided that a whistleblower’s burden on intent is only to demonstrate the protected activity was a “contributing factor in the unfavorable personnel action.”

The Murray decision has several ramifications. First, cases brought under Section 1514A of SOX do not require retaliatory intent. As explained by one observer, the only proof required is that employer decisionmakers have “consciously considered and acted based on protected activity.” That said, intentional discrimination need be only a “contributing” factor.

Second, this holding is important, as several other federal whistleblower statutes track the causation language used in SOX. Some notable such federal statutes include the Affordable Care Act; the Anti-Money Laundering Act; the Consumer Financial Protection Act of 2010; the Consumer Product Safety Improvement Act; and the Criminal Antitrust Anti-Retaliation Act.

Whistleblower Incentive Programs

On March 7, 2024, the DOJ announced that it will create its own whistleblower program. The DOJ Whistleblower program is intended to supplement and not replace other similar federal programs, such as the incentive programs provided by the SEC, the Commodities Futures Trading Commission, and the Financial Crimes Enforcement Network.

The DOJ will provide financial incentives for a whistleblower or reporter who provides original, truthful, non-public information that is not already known to the government. The reporter cannot be involved in the criminal activity. The matter must be outside the scope of existing financial disclosure incentive programs, including other federal whistleblower regimes and federal qui tam statutes.

The DOJ Whistleblower program comes after two similar pilot programs were launched locally by the Southern District of New York and the Northern District of California. Both were modeled in part on the effective and well-publicized “first in” amnesty programs used by DOJ for antitrust matters.

Effective on February 13, 2024, the Southern District of New York launched a program designed to encourage early and voluntary self-disclosure of criminal conduct by individuals in matters involving certain non-violent offenses. As with other similar programs, the reporter must provide material information of which the government was not previously aware. In response, the government may grant a discretionary non-prosecution agreement.

VII. SEC Climate Change Rules

On March 6, 2024, the SEC issued its long-awaited rules relating to disclosures required for publicly traded companies in the United States and foreign private issuers in its final rule, entitled The Enhancement and Standardization of Climate-Related Disclosures for Investors (referred popularly as the “Climate Change Rules”). After nearly two years of deliberations, the Commission adopted final rules requiring disclosures in companies’ annual reports in their Forms 10-K and 20-F. Notably, the SEC did not adopt the controversial Scope 3 Green House Gas (“GHG”) emissions reporting requirements.

This treatment of the Climate Change Rules will not focus upon their technical environmental aspects. Instead, it will examine aspects of the Rules most relevant to directors, executives, and compliance officers charged with ethics and compliance oversight generally. Specifically, the new Climate Change Rules will require the following disclosures relating to Governance, Strategy and Risks (17 C.F.R. §§ 229, 1501–03, 229, 1507):

  • Disclosure of Board Oversight (Item 1501(a)). Companies must describe how their boards of directors will oversee climate-related risks. Companies must identify any board committee or subcommittee responsible for the oversight of climate-related risks and must disclose whether and how the board oversees progress against a target or goal or transition plan.
  • Disclosure of Material Impacts (Item 1502(b), (c), and (d)). Companies must disclose actual and potential material climate risks, whether short-term (i.e., within the next twelve months) or long-term (i.e., beyond the next twelve months). Companies must further disclose any climate-related risks and how such risks have had or are reasonably likely to have a material impact on a company’s results for its business, results of operations, or financial condition.
  • Time Horizons and Materiality Determination (Item 1502(a)). Companies must describe how any such climate-related risks have materially affected, or are reasonably likely to materially affect, a company's outlook, strategy, and business model. Companies must also describe how any such climate-related risks will materially affect new financial statements and note reporting expenditures and costs.
  • Risk Management Disclosure (Item 1503). Companies must describe board and management governance and practices related to climate-related risk identification, assessment, management, and oversight. Companies must also outline their processes for managing material climate risks.
  • GHG Emissions Disclosure (Item 1505). Companies must disclose Scope 1 and Scope 2 greenhouse gas emissions, if material, for accelerated and large accelerated filers only, with phased-in assurance by an independent GHG emissions air testation provider.
  • Targets and Goals Disclosure (Item 1504). Companies must disclose information regarding climate-related targets or goals that have materially affected or are reasonably likely to materially affect the company's results of operations, business, or financial condition. Companies must disclose material expenditures and material impacts on financial estimates.
  • The Carbon Offsets and Recs Disclosure Requirement (Item 1504(d)). Companies must disclose details of carbon offsets and renewable energy certificates (“RECs”) used as part of a plan to achieve climate-related targets.

These disclosures are assured through third-party attestations. The attestation provider will be subject to minimum qualifications and independence requirements.

In its Adopting Release, the SEC specifically addressed the issue of “materiality”:

As defined by the Commission and consistent with Supreme Court precedent, a matter is material if there is a substantial likelihood that a reasonable investor would consider it important when determining whether to buy or sell securities or how to vote or such that a reasonable investor would view omission of the disclosure as having significantly altered the total mix of information made available. The materiality determination is fact-specific and one that requires both quantitative and qualitative considerations.

Several lawsuits were filed immediately after the SEC adopted the Climate Change Rules. Those lawsuits primarily focused upon three main arguments: first, the Rules exceed the SEC’s statutory authority; second, they violate the First Amendment; and third, that they are arbitrary and capricious under § 706(2)(A) of the Administrative Procedure Act. These contentions reflected positions taken in the dissents of Commissioners Peirce and Uyeda in the three-to-two decision adopting the Rules. Ten states filed a petition for review in the Eleventh Circuit to block the SEC Climate Change Rules. Patrick Mooney, West Virginia’s Attorney General, argued that the SEC Climate Change Rules are “unlawful” because the SEC allegedly exceeded its rulemaking authority in requiring public companies to disclose climate-related risks. On March 21, 2024, the case challenging the SEC’s authority was assigned to the U.S. Court of Appeals for the Eighth Circuit. The SEC then issued a voluntary stay of its rules pending on April 5, 2024, stating:

[T]he Commission has discretion to stay its rules pending judicial review if it finds that “justice so requires.” The Commission has determined to exercise its discretion to stay the Final Rules pending the completion of judicial review of the consolidated Eighth Circuit petitions.

Given the SEC’s voluntary stay of the implementation of the Final Rules, this Survey will not treat the timing of the implementation of the Rules. One observer opined that the “case is likely to go on for some time. The litigation concerning the SEC’s conflict minerals rule went on for more than four years.” As the Ropes & Gray observers pointed out, while the SEC has stayed its Final Rules, footnote 8 in the stay order explicitly notes that the order does not stay the Commission’s 2010 climate guidance.

VIII. Caremark Update—Significant Delaware Court Cases in 2023 and 2024

In previous Surveys, Professor McGreal provided updates on Delaware state corporate law duty of directors, as established in In re Caremark International Inc. Derivative Litigation and its progeny. In fact, this tradition dates to the inaugural Survey. This Survey will continue that practice. Section A briefly reviews the origin and nature of the Caremark claim and its most important progeny, Section B examines the effects of the Marchand case and Section C analyzes recent Delaware decisions that have construed and applied Caremark since the last Survey.

A. The Caremark Claim

In its 1996 decision in In re Caremark International Inc. Derivative Litigation, the Delaware Court of Chancery addressed indicta a board of directors' duty to oversee a corporation's legal compliance efforts. As part of its duty to monitor a corporation, the board must make good-faith efforts to ensure that the corporation has adequate reporting and information systems. The court described the claim for breach of that duty as “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment[,]” with liability attaching only for a “sustained or systematic failure of the board to exercise oversight” or “an utter failure to attempt to assure a reasonable information and reporting system exists.”

Since the Caremark decision, this directive has evolved into what has become known as a Caremark claim. Considering that decision, courts have widely recognized a cause of action against boards for failing to take minimal steps to achieve legal compliance. As the phrases “systematic failure” and “utter failure” suggest, a board’s Caremark duty is relatively low. Only egregious lapses breach this duty, such as when board members ignore obvious red flags signaling illegal behavior, fail to appoint or convene an audit committee, or fail to address obvious concerns such as large loans to corporate insiders.

In Stone ex rel. AmSouth Bancorp v. Ritter, the Delaware Supreme Court formally embraced the Caremark claim. The court both confirmed the elements of a Caremark duty and clarified that breach of that duty constitutes a breach of a director’s duty of loyalty, holding that:

Caremark articulates the necessary conditions predicate for director oversight liability: (a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention. In either case, imposition of liability requires a showing that the directors knew that they were not discharging their fiduciary obligations. Where directors fail to act in the face of a known duty to act, thereby demonstrating a conscious disregard for their responsibilities, they breach their duty of loyalty by failing to discharge that fiduciary obligation in good faith.

Thus, the court in Stone adopted the Caremark duty and restated it as having two components. First, there is a director’s initial duty to address compliance and ethics. The director breaches this component of the Caremark duty by failing to take minimal action to establish a compliance and ethics program. Second, directors have an ongoing duty to address compliance and ethics. The director breaches this component of the Caremark duty if she learns of a specific gap or weakness in the organization’s compliance and ethics program but takes no action to address that failing.

B. Marchand—The Blue Bell Creamery Case

In its decision in the Marchand v. Barnhill case, the Delaware Supreme Court allowed the plaintiffs’ derivative suit for the board’s alleged failure to oversee operations at the ice cream manufacturer, Blue Bell Creamery, to proceed. Blue Bell manufactured ice cream that was contaminated with listeria, leading to three deaths and numerous illnesses. While the Marchand case did not indicate the red flags noted in the Caremark progeny, it did include Blue Bell’s board’s failure to have its own appropriate “board-level” compliance measures. Those failures included: 1. No board committee that addressed food safety; 2. No regular process that required management to keep the board apprised of food safety issues; 3. No schedule for the board to consider those risks on a regular basis; and 4. No process requiring management to report significant issues or matters to the board. Ultimately, the Delaware Supreme Court held the “complaint alleges particularized facts that support a reasonable inference that the Blue Bell board failed to implement any system to monitor Blue Bell’s food safety performance or compliance.”

C. Post-Marchand Delaware Decisions (2023–24)

This Survey considers three cases considered by the Delaware Chancery in the past fifteen months: In re McDonald’s Corp. Shareholder Derivative Litigation; Ontario Provincial Council of Carpenters’ Pension Trust Fund v. Walton; and Segway Inc. v. Cai.

1. In re McDonald’s Corp. S’holder Derivative Litig.

In McDonald’s, the Delaware Court of Chancery held that non-director officers may face liability for failing to exercise proper oversight and ignoring “red flags within their areas of responsibility.” The McDonald’s court assessed the McDonald’s board of directors’ response to allegations of serious misconduct by the company’s senior-most executives. Specifically, the complaint alleged that McDonald’s former global chief people officer, David Fairhurst—whose duties included overseeing human resources functions across the organization—consciously “turn[ed] a blind eye” to a culture of pervasive sexual harassment and misogyny at McDonald’s and that he had “breached his fiduciary duties by allowing a corporate culture to develop that condoned sexual harassment and misconduct.”

The court cited three principal examples supporting an inference that Fairhurst knowingly “acted in bad faith by consciously ignoring red flags” relating to sexual harassment at McDonald’s.

  • First and most damning was the fact that Fairhurst was credibly alleged to have committed acts of sexual harassment in 2016, 2018, and 2019, from which the court inferred that such an individual could have ignored similar misconduct by others.
  • Second, the complaint alleged that under Fairhurst’s supervision, the human resources department ignored complaints about sexual harassment and misconduct.
  • Third, despite more than a dozen EEOC complaints about harassment at the company, which were followed by walkouts, protests, and inquiries from numerous U.S. Senators, internal documents responsive to shareholders’ books and records demand showed that Fairhurst took no action to report these sexual harassment issues upward to the board.

Following McDonald’s, non-director officers may increasingly become the subject of Caremark claims alleging oversight failures by corporate boards. Further, non-director officers must report upward “sufficiently prominent” red flags that emerge within their areas of responsibility. In any case, the McDonald’s case made clear that compliance oversight and supervision duties owed by directors under the Caremark rule apply to corporate officers as well.

The McDonald’s case underscores the importance of incorporating anti-harassment training and reporting into the larger suite of compliance efforts expected of publicly traded companies. The court ultimately held in favor of the company’s board, highlighting their comprehensive corrective actions, which included:

  • a. hiring outside consultants;
  • b. revising the Company’s policies;
  • c. implementing new training programs;
  • d. providing new levels of support to franchisees; and
  • e. taking other steps to establish a renewed commitment to a safe and respectful workplace.

2. Ont. Provincial Council of Carpenters’ Pension Trust Fund v. Walton

In Ontario Provincial Council of Carpenters’ Pension Trust Fund v. Walton, the plaintiffs claimed that Walmart’s directors and officers continued to sell opioids despite their knowledge of the dangers of those products. In that case, the Delaware Court of Chancery denied a motion to dismiss a shareholder derivative action asserting Caremark claims against Walmart’s officers and directors relating to the company’s role in the opioid epidemic. The court’s decision was based largely on Walmart’s dubious legal strategy, which relied on extensive redaction and withholding of purportedly privileged documents. The Walton complaint alleged that the board knowingly permitted the company to fail to meet compliance obligations agreed to in a 2011 settlement agreement between Walmart and the United States Drug Enforcement Agency (“DEA”) to resolve claims that the company violated the federal Controlled Substances Act. Under the terms of the agreement, Walmart agreed to “implement and maintain a compliance program for all of its pharmacies.” Nonetheless, Walmart “failed to invest in and build out a system of compliance,” and instead “used the filling of opioid prescriptions to enhance its bottom line[]” through programs that paid bonuses to Walmart pharmacists based on the number of prescriptions filled. In November 2022, Walmart announced that it had reached a $3.1 billion nationwide opioid settlement.

Shareholders argued that Walmart’s directors and officers should be liable for the company’s actions relating to the opioid crisis and damages arising from it. The shareholders asserted three primary claims relating to the alleged misconduct:

  • A Massey Claim, which asserted that Walmart’s directors and officers knew that it was failing to comply with the above-mentioned legal obligations and consciously prioritized profits over compliance;
  • A Red-Flags Claim, which asserted that Walmart’s directors and officers consciously ignored a series of red flags that put the company on notice of its noncompliance and the potential corporate trauma that could ensue;
  • An Information-Systems Claim, which asserted that Walmart’s directors and officers knew of their obligation to establish a monitoring system to ameliorate a “core compliance risk” yet consciously failed to undertake a good faith effort to do so.

The court denied Walmart’s motion to dismiss claims relating to the DEA settlement and Walmart’s violations of the Controlled Substances Act based largely on the company’s poor document production. The Walton case recognizes the importance of complete responses to discovery under Delaware law under Caremark and its progeny.

3. Segway Inc. v. Cai

In Segway Inc. v. Cai, the Delaware Chancery Court reaffirmed that the standard for pleading against officers is the same as that for a director. Here, the Delaware Court of Chancery dismissed a Caremark claim of breach of the fiduciary duty of oversight brought by Segway Inc. against its ex-President and Vice President of Finance. Even in a post-McDonald’s Corp. Shareholder Derivative Litigation world, plaintiffs accusing an officer of breaching the duty of oversight are subject to the same pleading burden applicable to those accusing a director: a plaintiff must “allege sufficient facts to support a reasonable inference that the fiduciary acted in bad faith.” The Segway plaintiffs alleged that the ex-President “knew or should have known” about generalized “potential issues” with “some of [Segway’s] customers, which caused [Segway’s] accounts receivable to continually rise.” The court held that the plaintiffs failed to allege sufficient facts to support “a reasonable inference that the fiduciary acted in bad faith.” Bad faith is established under Caremark and Stone where the fiduciary:

(1) utterly fails to implement any reporting or information system or controls or (2) having implemented such a system or controls, consciously fails to monitor or oversee its operations, which disables them from being informed of risks or problems requiring their attention.

In rejecting the Segway plaintiffs’ claims, the court clarified that Caremark was not intended to “hold fiduciaries liable for everyday business problems. Rather, it is intended to address the extraordinary case where fiduciaries’ utter failure to implement an effective compliance system or conscious disregard of the law gives rise to corporate trauma.”

IX. NLRB Update

A. The Stericycle Case and the NLRB’s Current Test for Workplace Policies

In last year’s Survey, Professor McGreal provided a detailed history of the NLRB’s test for the review of an employer’s workplace policies. A short summary of that history follows to provide context for the NLRB’s action late last summer.

Prior to 2017, the NLRB reviewed workplace policies under the three-pronged test announced in the case of Lutheran Heritage Village-Livonia. Under that test, if a workplace rule does not explicitly restrict activity protected by section 7 of the National Labor Relations Act (the “NLRA”), a violation may be found if one of the following is shown: (1) Employees would reasonably construe the language to prohibit section 7 activity; (2) the rule was promulgated in response to union activity; or (3) the rule has been applied to restrict the exercise of Section 7 rights. The NLRB has interpreted the “reasonably construe” test quite broadly, essentially asking whether it was conceivable that an employee might understand a policy provision to restrict some protected employee activity.

In 2017, the NLRB decided the Boeing case, which replaced the Lutheran Heritage approach with a test that strikes the “proper balance between . . . asserted business justifications and the invasion of employee rights in light of the [National Labor Relations Act] and its policy.” The Boeing case announced a two-step analysis for evaluating employer policies. The first step balances the burden of the policies and the employees’ NLRA rights against the employer’s legitimate business interest in the challenged policy. In the second step, the NLRB places the general type of policy provision into one of three categories for purposes of future decision making: policies that were per se law lawful; policies that were subject to case-by-case analysis; or policies that were per se unlawful.

After reversing the Lutheran Heritage precedent, just six years later, the NLRB expressly reversed its holding in the Boeing case. In Stericycle, Inc., the National Labor Relations Board reinstated a modified version of the Lutheran-Heritage standard for the review of employer workplace rules. In Stericycle, the Board reversed its decision in Boeing Co. and created a new framework for evaluating whether employment policies are unlawful and constitute an unfair labor practice. The Stericycle ruling establishes an employee-friendly policy for all employers, holding that an employment policy will be considered presumptively unlawful if the policy could be interpreted to chill an employee’s rights under section 7 of the NLRA. Whether a policy could limit protected activities will not be reviewed under a “reasonable employee” test; instead, a policy will be analyzed based on someone who is “economically dependent” on the employer. An employer may rebut the presumption of unlawfulness if it can prove that the policy advances a legitimate, substantial business interest and a narrower rule would not advance that interest.

Miller Plastics

In Miller Plastic Products, the NLRB eased the standard for a single employee’s action to be considered “concerted” under the NLRA. The NLRA states that an employer “cannot discipline, discharge, or retaliate against an employee for engaging in protected concerted activity.” The NLRB has held that protected concerted activity is:

  • Two (2) or more employees seeking to address terms and conditions of employment; or
  • A single employee encouraging group action to address terms and conditions of employment.

Under the standard announced in Miller Plastic Products, an employee’s conduct will be considered protected concerted activity based on the totality of the circumstances surrounding the activity. Many actions by employees related to expressing concerns over the workplace that previously have not been considered concerted, may now be considered concerted and protected.

Cemex Construction Materials

In a major ruling and change in established practice, the NLRB dramatically changed the process for unions seeking recognition in the private-sector setting in Cemex Construction Materials. The Board established two types of mandatory union recognition that will bypass or override the results of secret ballot employee voting in NLRB-conducted elections. In these cases, unions are no longer required to file an election petition with the NLRB before an employer may be required to grant union recognition. Instead, a union may demand recognition based on a claim of “majority support,” leaving an employer with three possible responses:

  • Recognize the union without any NLRB election; or
  • File its own NLRB petition seeking an election; or
  • Do nothing and defend against a probable charge of refusal to bargain.

Although an employer may petition the NLRB for an election in response to such a union recognition demand, most unlawful employer conduct during the period preceding an election will prompt the Board to issue a mandatory bargaining order requiring union recognition.

Opposition to the NLRB’s New Joint-Employer Rule

On October 27, 2023, the NLRB published a final rule for addressing the Standard for Determining Joint-Employer Status. The NLRB’s new test broadened the standard adopted in 2020, which held that an entity could reach Joint-Employer status when it held “direct and immediate control[.]” In 2023, the NLRB broadened this test substantially, holding that a company reached Joint-Employer status when it possessed the authority to control at least one of these seven essential terms and conditions of employment:

  • 1. Wages, benefits and other compensation;
  • 2. Hours of work and scheduling;
  • 3. The assignment of duties to be performed;
  • 4. The supervision of the performance of duties;
  • 5. Work rules and directions governing the manner, means, and methods of the performance of duties and the grounds for discipline;
  • 6. The tenure of employment, including hiring and discharge; and
  • 7. Working conditions related to the safety and health of employees.

In its 2023 declaration, the NLRB noted that the 2023 rule “more faithfully grounds the joint-employer standard in established common-law agency principles.” The NLRB criticized the former rule, arguing that the “2023 rule considers the alleged joint employers’ authority to control essential terms and conditions of employment, whether or not such control is exercised, and without regard to whether any such exercise of control is direct or indirect.”

On March 8, 2024, Judge J. Campbell Barker of the United States District Court for the Eastern District of Texas granted summary judgment in favor of the plaintiffs and struck down the new Joint-Employer Rule in the case of U.S. Chamber of Commerce v. NLRB. The new rule was to become effective on March 11, 2024. The court found that the Board’s rescission of the prior rule was “arbitrary and capricious” and ruled that the new test was unlawfully broad because a company could be deemed a joint employer merely by having the right to exercise control over only one of the seven essential terms noted above.

Non-Compete Agreements

In a memorandum released on May 30, 2023, NLRB General Counsel Jennifer Abruzzo opined that, except in limited circumstances, non-compete agreements may violate Section 8(a)(1) of the NLRA. She based that conclusion upon several factors, including that non-competes:

  • deny employees the ability to quit or change jobs;
  • discourage employees from threatening to resign to negotiate better terms and conditions of employment;
  • chill employees from concertedly seeking or accepting employment with a local competitor; and
  • prevent employees from organizing to seek employment at another workplace which may allow them greater ability to engage in protected activity.

The memo continues by noting that, in the narrow circumstances in which non-compete agreements are legal, they must be narrowly constructed. Instead, non-compete agreements may be used only where “special circumstances” justify the infringement on employee rights. Examples of these special circumstances are agreements that restrict an employee’s managerial or ownership interests in a competitor or agreements involving independent contractors. A desire to avoid competition from a former employee or to protect proprietary or trade secret information does not generally constitute special circumstances. This position does not apply to supervisory employees, as they are not covered by the NLRA.

On April 23, 2024, the Federal Trade Commission adopted a Final Rule banning most non-compete clauses as an “unfair method of competition.” The FTC estimated that its ban would affect over 30 million workers nationwide. The final rule will be effective 120 days after publication in the Federal Register.

The FTC’s Final Rule prohibits future non-compete agreements, as well as rendering many existing non-competes unenforceable. The Rule does provide three narrow exceptions. First, the Rule does not invalidate existing non-compete agreements with “senior executives,” a group defined as someone earning more than $151,164 annually and who is in a “policy-making position.” Second, the Final Rule does not apply to non-compete agreements entered into in the course of a sale of a business. Third, in most cases, section 501(c)(3) organizations will be exempt from the Final Rule.

The FTC’s action was met with a swift response in the courts. Within hours of the FTC’s announcement, at least two lawsuits were filed in federal courts in Texas. Those cases tracked arguments made in the dissents from the final order. The plaintiffs in those cases contend that the FTC lacked the authority to prohibit non-compete agreements. Those cases seek orders enjoining the FTC action.

X. The Attorney-Client Privilege and Dual-Purpose Communications

After the publication of the last Survey in the Spring 2023 (the “Fourteenth Survey”), the United States Supreme Court considered the issue of what constitutes the proper privilege test for dual-purpose attorney-client communications. The case involved a grand jury subpoena to a company and its law firm requesting documents rising from a criminal investigation. The law firm claimed that those documents were protected by the attorney-client privilege. The district court rejected this argument, adopting the “primary purpose test” for attorney-client communications made for more than one reason. Under that test, the court considers whether the primary purpose of the communication is to “give or receive legal advice, as opposed to business or tax advice.” The district court found that the primary advice purpose of the documents in question was to obtain tax advice, not legal advice, and thus the attorney-client privilege did not attach. The Ninth Circuit affirmed.

Despite some build-up, the Supreme Court decision in the In re Grand Jury case was anticlimactic. After hearing oral arguments on the matter, the court dismissed the case, in a one-line per curiam order, stating that certiorari was “improvidently granted.” The dismissal left the issue in its status quo state prior to the ruling. The Fourteenth Survey outlined the treatment of the attorney-client privilege in relation to dual-purpose communications by various federal courts, which is summarized below:

First, the Ninth Circuit and other courts apply the “primary purpose” test described above.

Second, the Seventh Circuit has held that dual-purpose communications are not protected by the attorney-client privilege.

Third, somewhere in between the first two tests, the District of Columbia Court of Appeals held that a communication is protected if “obtaining or providing legal advice was one of the significant purposes.” In an opinion written by then Court of Appeals Judge Brett Kavanaugh, the District of Columbia Court of Appeals held that “[s]o long as obtaining or providing legal advice was one of the significant purposes of the internal investigation, the attorney client privilege applies, even if there were also other purposes for the investigation and even if the investigation was mandated by regulation rather than simply an exercise of company discretion.”

Two of the attorneys representing the law firm in the In re Grand Jury case, Max Rosen and Daniel Levin of Munger, Tolles & Olson, LLP, wrote an extensive analysis of the state of attorney-client privilege in relation to dual-purpose communications in the ACC Docket in December 2023. Their analysis posits four tests:

  • Test #1: If the primary purpose is non-legal, disclosure will be ordered;
  • Test #2: Significant (legal) purpose means a communication is protected;
  • Test #3: All things being equal, the communication is protected; and
  • Test #4: Context determines which test is applied.

Of course, practitioners must know the rules in their jurisdictions and recognize that privilege questions are notoriously fact-specific.

The author would like to thank Mike Volkov and Sam Finkelstein of the Volkov Law Group; Kristin Michaels of Neal Gerber & Eisenberg; and Lucas Bowerman, Loyola University (Chicago), JD 2024, for their assistance with this survey. Their help was remarkable, and the author greatly appreciates their insights and assistance.

    Author