2015 February

Securities class actions remain popular

For regulated entities, an enforcement action by a government agency is practically guaranteed to result in a parallel consumer class action.

Nowhere is that more clear than for publicly traded companies regulated by the Securities and Exchange Commission (SEC). Securities class actions were considered to be so rampant that in 1995, Congress enacted the Private Securities Litigation Reform Act (PSLR) to curb what the industry believed were abusive practices.

While the statute raised the bar for private enforcement actions, it certainly did not close the courtroom doors to plaintiffs. Although there are fewer suits brought today, complaints are still filed lockstep with an agency enforcement action and in significant enough numbers to keep companies on their toes.

Industry watchers predicted that a seminal case decided by the U.S. Supreme Court last term, Halliburton Co. v. Erica P. John Fund (Halliburton II), would result in a decrease in class actions filed. That case involved a popular theory known as “fraud on the market,” where plaintiffs were not required to demonstrate that each individual class member relied on any allegedly misleading statements if the security at issue could be shown to be “efficient,” or with a market price reflecting all of its publicly available information.

While the Court did not toss the theory, the justices held that defendants can rebut the presumption prior to class certification. The June decision appeared to have little impact on the figures for 2014 filings. For example, NERA Economic Consulting reported that 221 securities class actions were filed last year, compared to 222 in 2013 and 212 in 2012.

Interestingly, although the number of complaints in securities class actions has not fluctuated much over the last few years, the aggregate amount of investor losses has declined, NERA found. 2014 saw a drop to $154 million from $159 million in 2013, down significantly from $243 million in 2012 and $248 in 2011. Are certain industries facing more lawsuits than others? NERA reported that one quarter of all of the securities class actions were filed against companies in the health technology and services area. Other major players: the finance industry, in second place with 19 percent of the suits, followed by the electronic technology and service sector with 13 percent.

Securities class action plaintiffs are also continuing a trend of settling prior to trial. Of all the pending and newly filed cases in 2014, just one lawsuit was actually tried to verdict (resulting in a plaintiff victory). Almost half of the cases ended on the defendant’s motion to dismiss (48 percent last year with an additional 21 percent dismissed in part), NERA found; 75 percent of the cases that survived settled prior to the class certification stage of litigation.

Read the U.S. Supreme Court’s opinion in Halliburton II.

February 23rd, 2015|Lawsuit|

Asset searches: who can get bank information and why

Accessing bank account information can be vitally important, particularly for those engaged in a lending transaction seeking to fulfill due diligence requirements. But getting your hands on the information can be a challenge.

Asset searches are not illegal. However, certain methods to obtain bank or investment account information can be, such as pretext calling. The simplest way to obtain financial information is via the account holder, a designated representative, or a party with a valid court order. The first two options are unlikely to be forthcoming. As for the third choice, obtaining a court order to access such information can be time-consuming and costly.

Access to financial information is regulated by both federal and state laws. For example, the Gramm-Leach-Bliley Act (GLBA) prohibits obtaining customer information from a financial institution under false pretenses and imposes an obligation on financial institutions to protect customer information. Generally, a “customer” is defined as an individual consuming goods or services for personal or household use, although some authorities have included sole proprietors, partnerships of five or fewer, and other small businesses to receive the same privacy protections. For businesses, the issue of data protection is governed by contract. While the consumer protection provisions of laws like the GLBA would not apply, it does not mean that financial institutions can freely share their information.

International asset searches present their own set of problems. Other countries – particularly those in the European Union – have strict data privacy laws that prohibit any access to personal information as well as the transfer of data across national borders. Federal law also comes into play, with the Foreign Corrupt Practices Act presenting potential liability issues if an entity searching for asset information obtained the information by illegal means (such as bribing a banking or government official).

What about judgments? While a judgment cannot by itself force a bank or brokerage firm to disclose account information, it allows a creditor to use the court to seize the debtor’s assets. With a judgment in hand, a creditor can file for an order of examination which will require the debtor to disclose – under oath – the location of assets, details about income, or other relevant information. However, the judicial process of obtaining a judgment reveals the intent of the creditor and can give the debtor time to empty an account or move assets prior to the court entering an order. Judgments can also be tricky to enforce. State law governs judgments with specifics varying in each jurisdiction. In California, a creditor must obtain a writ of execution directing a levying officer (usually a sheriff) to serve the writ on the named institution. The institution must then freeze the specific account(s) or, in certain situations, turn over the balance in the account. Serving a writ of execution in California was recently simplified to allow service on a “central location” designated by a bank with nine or more locations in the state or accept service at any branch without such a designated office.

Long-arm statutes can be used to reach accounts in a jurisdiction other than where the judgment originated. A debtor can object to the attempt and courts typically impose a test of whether the debtor or third party (like the bank or brokerage holding the assets) has connections with the court or creditor, which, at a minimum, can delay the process and make it more expensive.

For assets like stocks, bonds, and commodities, creditors can again obtain a court order that can liquidate the account into cash to be turned over to the creditor. It should be noted that certain types of accounts (notably retirement accounts) cannot be reached, even in cases of fraud. To preserve an account balance, a creditor can serve a levy on a brokerage in order to put a hold on the account while waiting for a court order.

Public records – ranging from property records to litigation – can also help locate or confirm a debtor’s assets. One important consideration: it is essential to vet any company that purports to be able to obtain financial account information. Many misleading claims and offers about obtaining such information can be found on the Internet and creditors should ensure that any data obtained was in accordance with applicable law and regulations.

February 23rd, 2015|Criminal Activity, Employment Decisions, Guidance|

Going global: international background checks

As the business world increasingly goes global, even small or medium-sized companies may have international outposts or employees located beyond the U.S. border. In addition, with security – both physical and digital – an important issue, employers want to know everything they can about their employees.

Many employers are turning to international background checks. But a criminal record or a credit report like those used in the United States can get lost in the translation.

First up: cultural norms. What may seem perfectly routine and acceptable in the United States may confuse or offend those in other countries. For example, things like credit checks and drug tests are virtually unheard of abroad and cultural differences may yield what might by American standards be unusual answers in a personality test. A second important consideration: the law. Just as the U.S. has the Fair Credit Reporting Act (FCRA) and other regulations setting the boundaries of background checks, foreign jurisdictions have their own laws of the land. The French Labor Code, for example, requires that its “works council” review employment screening procedures prior to an employer’s use.

One huge legal complication can be found in the area of privacy law. The European Union imposes restrictions on obtaining information about employees or applicants, the way in which such information can be used, and how the information can be shared or transmitted. To alleviate some of the liability concerns, the U.S. has entered into a Safe Harbor framework with the European Commission, which requires compliance with seven principles of data security. And while the EU leads the pack, other countries (like Australia, Canada, Hong Kong, and Japan) also pose challenges with their strict regulation of privacy.

Having an applicant sign a consent form to release information may be of little help as several EU countries also recognize a presumption against enforcement of such agreements on the basis that employees and applicants have limited bargaining power in the employment context. Alternatively, employers may have better luck by having applicants do the work themselves, providing their own background information to avoid implicating data privacy laws. Of course, this raises authentication and accuracy questions.

The collection of criminal information can also present logistical challenges. Many countries do not have an organized court system, and records, if available, may have to be searched on a regional or town-by-town basis, or at multiple agencies (like the police, the court venue and a government agency, for example). Certain countries offer what is known as a “police certificate” which will confirm the information about an applicant found in police records. Some countries, like Poland, have banned the collection of criminal records altogether; Spain prohibits the possession of records but an applicant could, in theory, show an employer his or her record.

If the screening is being conducted by a consumer reporting agency located in the United States, the FCRA requirements also come into play. International background checks are not impossible, but they do pose a number of legal and cultural risks that can be tackled with the right planning and professional assistance from an experienced background screening company.

February 23rd, 2015|Criminal Activity, Educational Series, Employment Decisions, Fraud|

Privacy laws gain momentum in Congress

President Barack Obama has made data security a priority in recent weeks.

Speaking at the Federal Trade Commission (FTC) in January, the President announced three pieces of legislation: the Student Digital Privacy Act (which would prohibit the sale of sensitive student data for non-education purposes), the codification of the Consumer Privacy Bill of Rights issued by the White House in 2012, and the Personal Data Notification & Protection Act.

Implicating businesses across the country, the Data Notification Act would establish nationwide, uniform data breach notification rules that would preempt the existing collection of 47 different state laws. Criminal penalties for hackers would also be strengthened and companies would be required to notify consumers of a breach within 30 days.

Broader than prior proposals of federal data breach notification bills, the Act defines “sensitive personally identifiable information” to include a range of data, like an individual’s first and last name or initial and last name in combination with two other items like a home address or telephone number, birthdate, or mother’s maiden name, a Social Security number by itself, and a user name or e-mail address in combination with a password or security question answer that would permit access to an online account.

The notice provisions allow companies to inform consumers of a breach by mail, telephone, and e-mail, under certain conditions. When more than 5,000 individuals are affected in a single state, media notice is required; if more than 5,000 total individuals (regardless of residence) are impacted, the company must also notify credit reporting agencies and the federal government.

Although the bill designates the FTC as the primary enforcement agency, with the authority to promulgate rules pursuant to the law, the measure also requires the agency to coordinate with the Consumer Financial Protection Bureau (CFPB) where a data breach relates to “financial information or information associated with the provision of financial products or services.”

Some exemptions are included in the proposed bill. A business that does not access, store, or use covered data for more than 10,000 individuals during a 12-month period is exempt from the individual notice requirements. Safe harbor is also provided for companies that conduct a “risk assessment” that determines the data breach did not result in – and will not result in – harm to affected individuals. The business must notify the FTC of its “risk assessment” results and affirmatively indicate its intent to invoke the safe harbor.

A few days after he presented the proposal, President Obama reiterated his intent to pass data security measures in his State of the Union address, sending a message that he is focused on cybersecurity and privacy in the coming legislative session. Recent high-profile cyberattacks and data breaches (think Sony and Target) have also led to support from lawmakers and consumers, giving the bill momentum, but the question of its passage remains uncertain.

Learn more about Personal Data Notification & Protection Act

February 23rd, 2015|Legislation|