Bridge Collapses and Contractual Uncertainty: Navigating Force Majeure

Bridge Collapses and Contractual Uncertainty: Navigating Force Majeure

In the aftermath of a catastrophic event, such as the Francis Scott Key Bridge collapse, the immediate focus rightfully rests upon the human toll and the urgent need for rescue, recovery, and support. However, amidst these pressing humanitarian concerns, it is important to recognize the concurrent commercial implications that arise from such tragedies. The disruption to shipping and logistics triggered by this disaster requires careful attention, as businesses grapple with the practical challenges and legal complexities of navigating force majeure clauses.

Understanding Force Majeure Provisions

Force majeure clauses are designed to allocate responsibility for events beyond a party’s control, excusing performance when such events delay or prevent it. Whether a shortage of parts due to shipping delays resulting from a port closure warrant invoking a force majeure clause depends on contractual language and specific circumstances. In the absence of such a clause, jurisdictional laws or common law principles may offer similar remedies.

Force majeure clauses vary widely in content and scope. Some enumerate specific qualifying events, while others adopt a broader approach encompassing any uncontrollable event. Given this variability, it is crucial for suppliers to seek legal guidance to assess the language of specific force majeure provisions.

Legal Considerations in Michigan

In Michigan, the defense of impossibility is narrowly recognized, particularly under the Michigan Commercial Code (MCC), which acknowledges the defense of impracticability concerning the sale of goods. Impracticability may excuse delayed or non-delivery of goods due to compliance with regulations or unforeseeable events. However, suppliers may not always rely on this defense, especially if the contract imposes greater obligations on them.

Notice Requirements

Invoking force majeure typically requires providing notice to the unaffected party, with varying requirements across contracts. Some contracts mandate notice within a specified timeframe from the event’s occurrence, while others stipulate prompt notification without specific timelines. Notices may need to detail the expected consequences and duration of the force majeure event, and failure to adhere to notice requirements can jeopardize a party’s claim.

Given the unpredictable impact of events like the Francis Scott Key Bridge collapse in Baltimore on supply chains, some suppliers may choose to issue proactive force majeure notices, acknowledging evolving disruptions and their implications for contract performance.

Mitigation Obligations

Even when an event falls under a contract’s force majeure provision, the affected party must take reasonable steps to mitigate foreseeable consequences. Failure to do so may undermine a force majeure claim, particularly if alternative means of fulfilling obligations were available.

Conclusion

It seems unlikely that a court would reject a force majeure argument for a surprisingly shocking event such as a container ship running into the Francis Scott Key Bridge. However, one should be aware that the inclusion of a force majeure clause in a Supply Agreement does not automatically mean if a catastrophic event occurs that your performance is excused.

The details of the event and the language of the force majeure clause can greatly impact your performance as well as the required performance your vendor/customer. If a supplier finds itself in a position where it is difficult to meet contractual obligations due to lack of a required product, it may be time to review supply contracts to understand its rights under a force majeure clause or other legal protections.

IC3 Internet Crime Report Reveals Intensifying Cyberthreats in 2023

Summary of FBI's 2023 Internet Crime Report

On March 6, 2024, the FBI’s Internet Crime Complaint Center (IC3) released its Internet Crime Report for 2023. The report offers key insights into the cyberthreat landscape based upon aggregated data from complaints reported during the last calendar year. As with prior IC3 annual reports, the 2023 report reveals alarming increases in both the frequency and financial impact of online fraud perpetrated by cybercriminals and nation-states against individuals, businesses, government agencies, and public infrastructure.

What is the IC3?

Established in May 2000, the IC3 operates an online portal (www.ic3.gov) to receive complaints from the general public on a wide array of internet-facilitated crimes. The IC3 analyzes and disseminates intelligence from the portal for investigative and law enforcement purposes, and also uses the data to promote awareness through public service announcements, industry alerts, and annual reports.

Total Complaints Reported in 2023

In 2023, the IC3 received 880,418 complaints with total reported losses of $12.5 billion. The number of complaints in 2023 increased nearly 10% from 2022, and over 88% compared to 2019. Total reported losses in 2023 rose nearly 22% from 2022, and over 257% since 2019.

Complaints And Lossess Over The Last Five Years

Source: IC3 2023 Internet Crime Report

Most Frequently Reported Crime Types in 2023

As with 2019-2022, by far the most frequently reported crime in 2023 was “phishing/spoofing,” which the IC3 defines as “[t]he use of unsolicited email, text messages, and telephone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials.” Phishing accounted for approximately 34% of all complaints reported, followed by personal data breach, non-payment/non-delivery, extortion, and tech support scams.

Reported Monetary Losses in 2023

The highest reported losses in 2023 were, by far, attributable to “investment scams,” with losses of $4.57 billion, up 38% from 2022. Investment fraud with reference to cryptocurrency accounted for over 86% of these losses. The IC3 defines an “investment” scam as a “[d]eceptive practice that induces investors to make purchases based on false information. These scams usually offer those targeted large returns with minimal risk. (Retirement, 401K, Ponzi, Pyramid, etc.).” The IC3 issued several public service announcements on these threats in 2023, with particular emphasis on cryptocurrency investment schemes.

Source: IC3 2023 Internet Crime Report

Complaints involving business email compromise (BEC) accounted for the second-highest total losses in 2023—over $2.9 billion, up 7.5% from 2022. The IC3 describes BEC as “a sophisticated scam targeting both businesses and individuals performing transfers of funds. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” According to the report, BEC scams have historically involved compromised vendor emails, requests for W-2 information, targeting of the real estate sector, and requests for large amounts of gift cards, but have increasingly used custodial accounts held at financial institutions for cryptocurrency exchanges or third-party payment processors. The IC3 recommends two-factor or multi-factor authentication and careful scrutiny of email communications as best practices to combat BEC.

Complaints of government impersonation and tech and customer support scams accounted for reported losses of over $1.3 billion in 2023. Such scams heavily target older adults. Individuals over the age of 60 accounted for 40% of these complaints and 58% of the losses.

Ransomware complaints were also prevalent in 2023, affecting 14 of 16 critical infrastructure sectors, most notably the healthcare and public health, critical manufacturing, government facilities, information technology, and financial services sectors.

Geographic Breakdown of Reported Complaints in 2023

California led all states in both complaints (77,271) and losses ($2.16 billion), followed by Texas (47,305 complaints, $1.022 billion losses) and Florida (41,061 complaints, $874.7 million losses). Complaints also poured in from outside the United States, including 288,355 complaints from the United Kingdom, 6,061 from Canada, and 3,405 from India.

IC3 Recovery Asset Team

The report touts the IC3’s Recovery Asset Team (RAT). Established in February 2018, RAT interfaces with financial institutions and assists FBI field offices with the freezing of domestic funds transfers using a tool known as a Financial Fraud Kill Chain (FFKC). An FFKC is a process used to recover international wire transfers of at least $50,000.00 within 72 hours after the wire has occurred, where a SWIFT recall notice has been initiated. In 2023, RAT initiated FFKCs on 3,008 reported incidents with potential losses at stake of $758.05 million. Of these, monetary holds were successfully placed on $538.39 million­­—a 71% success rate. However, the funds successfully frozen by RAT amount to just 4.3% of total reported losses in 2023, underscoring the substantial obstacles faced by law enforcement in effectively combatting cyberthreats.

IC3 Appeals for Increased Public Reporting

The IC3 assesses that these statistics are actually a “conservative” depiction of cybercrime in 2023. To support this, the IC3 notes anecdotally that the FBI infiltrated the Hive ransomware group’s infrastructure and determined that only 20% of Hive’s victims had reported to law enforcement. Thus, in addition to promoting two-factor or multi-factor authentication and best practices in handling email communications, the IC3 urges increased public reporting as the best defense against the rising tide of cyberthreats, stating:

“The information submitted to the IC3 can be impactful in the individual complaints, but it is most impactful in the aggregate. That is, when the individual complaints are combined with other data, it allows the FBI to connect complaints, investigate reported crimes, track trends and threats, and, in some cases, even freeze stolen funds. Just as importantly, the IC3 shares reports of crime throughout its vast network of FBI field offices and law enforcement partners, strengthening our nation’s collective response both locally and nationally.

To promote public awareness and as part of its prevention mission, the IC3 aggregates the submitted data and produces an annual report on the trends impacting the public as well as routinely providing intelligence reports about trends. The success of these efforts is directly related to the quality of the data submitted by the public through the www.ic3.gov interface. Their efforts help the IC3, and the FBI better protect their fellow citizens.”

If you or your business have been victimized by an internet-facilitated crime and are seeking to recover misappropriated funds, every moment is critical. IMMEDIATELY notify all financial institutions involved in the relevant transactions, file a complaint at www.ic3.gov, contact your nearest FBI field office, and contact local law enforcement.

Tips to Avoid Common Retirement Plan Errors

Master Your Retirement Plan: Avoid Common Errors

Being on the wrong side of ERISA and Internal Revenue Code requirements creates one headache after another. To prevent common errors, you need to make sure your plan document satisfies these requirements, but you also need to make sure you are following the terms of your plan document. Here are some common errors and helpful tips for avoiding them.

1. Plan Documents: A simple error with a big impact.

Make sure your plan has the required documentation. This seems simple and it can be, but it is also one of the most common errors. Your plan documents must comply with ERISA and Internal Revenue Code requirements. For example, you must sign and date the plan document, sign and date any amendments, adopt amendments in the way your plan requires, and disclose your Summary Plan Description (SPD) to participants and beneficiaries as required by law.

2. Eligibility: Wait, was Jim eligible to participate last year?

Errors about who is eligible to participate, and when they begin participation, are also common. Your plan document defines eligibility, so refer to it often and avoid late enrollment of eligible participants. Plan documents often also exclude certain employees, either because they are covered by another plan or because they simply are not eligible. For instance, seasonal and temporary employees are often excluded from retirement plans, and union employees sometimes have separate plans to reflect the terms of their collective bargaining agreement. You need to correctly and consistently apply these exclusions.

3. Timing is Everything: Making contributions.

Plan documents usually set forth the deadlines by which contributions must be made. These deadlines may vary depending on the type of contribution (for instance, employee elective deferrals must be deposited as soon as reasonably possible, whereas employer contributions may have a later deadline). Contributions deposited after the deadline are deemed to be late. Making late contributions, or otherwise failing to make consistently timely contributions, may require corrections that include government filings, self-correction and additional contributions for lost earnings. To avoid errors, determine with your payroll provider how early you can reasonably make contributions and set procedures to help ensure deposits are consistently made by that date.

4. Loans: Write down the rules and follow them.

401(k) plans may allow participants to take loans but aren’t required to offer loans. If they do, the loan procedures must be in writing. The plan administrator (or the loan administrator, if separate) should always follow the written procedures, especially with regard to repayment terms, the maximum number of loans, and the terms and process for taking loans. Failure to follow the loan procedures or other failures involving loan payments may often require correction.

5. Fiduciary Duties: Document, document, document.

The importance of documentation cannot be overstated. Fiduciaries for retirement plans are entrusted with certain responsibilities for plan participants and beneficiaries, and with great fiduciary duties come great potential liabilities! Fulfilling these responsibilities is only part of the obligation. How fiduciaries meet these responsibilities matters, as does documenting compliance with the fiduciary duties. Documentation provides a clear picture of how decisions are made and why—it provides rationale at the time of the decision and can help prevent later speculation by those not part of the process. It also helps avoid the risk that a fiduciary will comply with fiduciary duties in the moment but will be unable to prove it when a claim is made.

These are only some common errors we see in retirement plans. Often, preventing these errors is simple, and preventative measures are easier to take than corrective steps. If you have any questions about compliance, how to correct these errors and others, or other employee benefits matters, please contact your Varnum Employee Benefits team.

Federal Court Strikes Down the Corporate Transparency Act as Unconstitutional

Federal Court Strikes Down the Corporate Transparency Act as Unconstitutional

On March 1, 2024, the federal judge presiding over the lone case testing the validity of the Corporate Transparency Act (CTA) struck down the CTA as unconstitutional. As we have explained, through the CTA, Congress imposed mandatory reporting obligations on certain companies operating in the United States, in an effort to enhance corporate transparency and combat financial crime. Specifically, the CTA, which took effect on January 1, 2024, requires a wide range of companies to provide personal information about their beneficial owners and company applicants to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). More than 32.5 million existing entities are expected to be subject to the CTA, and approximately 5 million new entities are expected to join that number each year. By mid-February, approximately a half million reports had been filed under the CTA according to FinCEN.

The CTA’s enforceability is now in doubt. In National Small Business United d/b/a National Small Business Association v. Yellen, the Honorable Liles C. Burke of the United States District Court for the Northern District of Alabama held that the CTA exceeded Congress’s authority to regulate interstate commerce, and that the CTA was not necessary to the proper exercise of Congress’ power to regulate foreign affairs or its taxing power. The Court issued a declaratory judgment—stating that the CTA is unconstitutional—and enjoined the federal government from enforcing the CTA’s reporting requirements against the plaintiffs in that litigation. A nationwide injunction, which would have raised its own enforceability concerns, was not included in the Court’s ruling.

The Court focused on three aspects of the CTA. First, the Court highlighted that the CTA imposes requirements on corporate formation, which is traditionally left to state governments as matters of internal state law. Second, the Court observed that the CTA applies to corporate entities even if the entity conducts purely intrastate commercial activities or no commercial activities at all. Third, the Court concluded that the CTA’s disclosure requirements could not be justified as a data-collection tool for tax officials as that would raise the specter of “unfettered legislative power.”

What the Decision Means for Entities Subject to the CTA

The Court’s decision creates uncertainty on entities’ ongoing obligations under the CTA.  Although the Court purported to limit its injunction to the parties in the litigation before it, the lead plaintiff in the suit is the National Small Business Association (NSBA). In its opinion, the Court held that the NSBA had associational standing to sue on behalf of its members. Based on precedent, this means the Court’s injunction likely benefits all of the NSBA’s over 65,000 members. If so, the government is prevented from enforcing the CTA’s reporting requirements against any entity that is a member of the NSBA.

Regardless of membership in the NSBA, however, the Court’s declaratory judgment that the CTA is unconstitutional also raises serious doubts about the government’s ability to enforce the CTA’s reporting requirements. This could amount to a de facto moratorium on CTA enforcement, depending on the government’s view of the decision.

What Happens Next

The government will likely appeal this decision, but the Court’s injunction and declaration will remain in effect unless a stay is granted. To receive a stay, the government will first likely need to file a motion in the district court, which will consider (1) how likely it is that the government will succeed on appeal; (2) whether the government will be irreparably harmed without a stay; (3) whether a stay will injure other parties interested in the litigation; and (4) whether a stay would benefit the public interest. If the district court denies a stay, the government will be able to seek a stay from the Atlanta-based United States Court of Appeals for the Eleventh Circuit.

The government has 60 days to appeal, though it will likely file its appeal sooner given the grant of an injunction and decision’s far-reaching consequences. The grant or denial of stay should be resolved in the coming weeks, but the timing of any final decision from the Court of Appeals is uncertain. In 2023, the median time for the Eleventh Circuit to resolve a case was over 9 months. However, the key deadline by which tens of millions of companies otherwise must file their initial report under the CTA is January 1, 2025.

Varnum’s Corporate Transparency Act Task Force will monitor all developments in National Small Business United.  Contact any member of Varnum’s CTA Taskforce, or your Varnum attorney to learn more.

Navigating Health Care Data Management: Proposed Changes to HIPAA’s Privacy Rule

Proposed Changes to HIPAA's Privacy Rule

The Health Insurance Portability and Accountability Act (HIPAA) contains Standards for the Privacy of Individually Identifiable Health Information (Privacy Rule). The Privacy Rule applies to covered entities (i.e., (i) a health plan; (ii) a health care clearinghouse; and (iii) a health care provider who transmits any health information in electronic form in connection with a transaction for which DHHS has adopted standards). More specifically, the Privacy Rule broadly establishes national standards to protect individuals’ protected health information (PHI), by requiring certain safeguards, setting limits and conditions on the uses and disclosures of PHI, as well as giving individuals rights over their PHI. PHI is defined as individually identifiable health information (IIHI) that is:

    • (i) transmitted by electronic media;

    • (ii) maintained by electronic media; or

    • (iii) transmitted or maintained in any other form or medium.

In January 2021, the Department of Health and Human Services (DHHS) issued a Notice of Proposed Rulemaking (NPRM) which proposes to modify the Privacy Rule. According to DHHS, the NPRM sought to modify HIPAA’s Privacy Rule to support individuals’ engagement in their health care, remove barriers to coordinated care, and decrease regulatory burdens on the health care industry. The NPRM estimated that the total savings from the proposed reform would be roughly $3.2 billion over five years.

NPRM Spotlight: Proposed Changes to the Right of Individuals to Access Their PHI

Of the nine different sections contained in the NPRM, the most extensive proposed changes involve changes to an individual’s right to access their PHI. These proposed changes include:

Adding definitions for electronic health record (EHR) and personal health application:

The NPRM defines an EHR as “an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff.” Further, the NPRM proposes to define personal health application as “an electronic application used by an individual to access health information about that individual in electronic form, which can be drawn from multiple sources, provided that such information is managed, shared, and controlled by or primarily for the individual, and not by or primarily for a covered entity or another party such as the application developer.” As stated in the NPRM, these proposed definitions would clarify the proposed modifications to the right of access.

Strengthening the access right to inspect and obtain copies of PHI:

DHHS proposes to enable individuals to use personal resources, such as taking notes, videos, and photographs, to view and capture PHI in a designated record set. These proposed changes are seen as a way to eliminate “persistent barriers” that individuals face when trying to inspect and/or obtain copies of their PHI.

Modifying the implementation requirements for requests for access and timely action in response to requests for access:

  • Requests for access: The NPRM prohibits a covered entity from imposing unreasonable measures on an individual exercising the right of access that create a barrier to or unreasonably delay the individual from obtaining access.
  • Timeliness: The NPRM requires that access be provided “as soon as practicable,” but in no case later than 15 calendar days after receipt of the request, with the possibility of one 15 calendar-day extension. 

Addressing the form of access:

When a covered entity offers a summary in lieu of access, the covered entity must inform the individual that they retain the right to obtain a copy of the requested PHI if they do not agree to receive the summary.

Addressing the individual access right to direct copies of PHI to third parties:

The NPRM creates a separate set of provisions for the right to direct copies of PHI to a third party.

Adjusting permitted fees for access to PHI and ePHI:

DHHS plans to change the access fee provisions of the Privacy Rules to establish a fee structure with elements based on the type of access request.

Notice of access and authorization fees:

DHHS proposes to add additional regulations requiring covered entities to provide advance notice of approximate fees for copies of PHI requested under the access right and with an individual’s valid authorization.

Impact of HIPAA Privacy Rule Update: Covered Entities

A final rule implementing these proposed changes to the Privacy Rule has not yet been announced. However, the final rule is expected to be posted in 2024. Although the proposed HIPAA Privacy Rule updates aim to relieve the administrative burden imposed on covered entities, in the short term, it undoubtedly will cause significant work for covered entities seeking to comply with these updates. To comply, covered entities will likely incur costs, update various policies and procedures, and also update workforce member training.

Interested parties are encouraged to contact Varnum’s Health Care Team for assistance navigating and complying with the evolving HIPAA Privacy Rules.

Tennessee and Virginia State Attorneys General Sue the NCAA

Tennessee and Virginia State Attorneys General Sue the NCAA

State Attorneys General Allege NCAA’s NIL Regulations Violate Federal Antitrust Law

The Tennessee and Virginia attorneys general (AGs) filed a joint lawsuit alleging the NCAA’s NIL regulations violate federal antitrust law. In a press release published by Virginia’s attorney general, he stated that both Virginia and Tennessee “allege that the NCAA’s restrictions on the ability of current and future student-athletes to negotiate and benefit from their…[NIL] rights violate federal antitrust law and is harmful to current and future student-athletes.” The lawsuit comes just one day after it was reported that the University of Tennessee is under NCAA investigation for potential NIL violations.

The current lawsuit also comes roughly three years after the Supreme Court’s Alston decision, which held that the NCAA could no longer prohibit college athletes from earning compensation from their NIL. Following this decision, the NCAA announced interim NIL policies (which remain in effect), in addition to various states and universities that have also enacted their own NIL regulations. Both Tennessee and Virginia’s state legislature enacted their own respective NIL regulations, and both generally provide that the states have an interest in protecting prospective and current college athletes’ NIL opportunities. The states’ NIL statutes also expressly prohibit athletic associations, including the NCAA, from “interfering with athletes’ ability to earn NIL compensation.”

The lawsuit alleges “the NCAA is thumbing its nose at the law. After allowing NIL licensing to emerge nationwide, the NCAA is trying to stop that market from functioning.” The lawsuit also points to a recent NCAA proposal which permits current athletes to pursue NIL compensation, but bans prospective college athletes from discussing potential NIL opportunities until they enroll at the university. The AGs claim that by “prohibiting such interactions, the NCAA’s current approach restricts competition among schools and third parties (often NIL ‘collectives’) to arrange the best NIL opportunities for prospective athletes.”

As laid out in the complaint, the AGs assert that the “NCAA has started enforcing rules that unfairly restrict how athletes can commercially use their [NIL]…at a critical juncture in the recruiting calendar.” Currently, Florida State University, the University of Florida, and the University of Tennessee are all under NCAA investigation for potential NIL violations. The AGs assert that the NCAA’s NIL “anticompetitive restrictions violate the Sherman Act, harm the States and the welfare of their athletes, and should be declared unlawful and enjoined.” Importantly, the AGs asked the court for a temporary restraining order and preliminary injunction that would prohibit the NCAA from enforcing its NIL recruiting rules. A decision is expected in the coming days.

The lawsuit also comes at a time when NCAA President Charlie Baker and other interested parties have pleaded with federal lawmakers to enact federal NIL legislation, which would provide an antitrust exemption allowing the NCAA to govern without being sued for alleged antitrust violations. However, Congress has yet to act.

Interested parties should contact Varnum’s NIL Practice Team to ensure they are in compliance with applicable (and potentially changing) NCAA, state, and institutional regulations.

Corporate Transparency Act: Reporting Challenges for Foreign-Owned Companies

Corporate Transparency Act: Reporting Challenges for Foreign-Owned Companies

On January 1, 2024, the beneficial ownership information reporting rule (BOI Rule) issued under the Corporate Transparency Act (CTA) came into effect, ushering in new reporting requirements for companies formed in the U.S. or registered to do business in the U.S. (collectively, reporting companies). 

The CTA and BOI Rule require the collection and disclosure of information identifying the individuals who beneficially own or exercise substantial control over reporting companies. While this task will be a burden for all types of reporting companies, the CTA and BOI Rule pose unique challenges for some foreign-owned companies, which often have complicated beneficial ownership structures, regular changes to management teams, a strong commitment to compliance measures, and a desire to avoid corporate liability and personal liability for members of their management team.

New CTA Reporting Requirements

As explained in a prior advisory, the new beneficial ownership information (BOI) reports will include: (a) for the reporting company, the name, trade name, address and employer identification number (EIN) or taxpayer identification number (TIN) of the reporting company; (b) for each individual who beneficially owns or controls 25% or more of the equity of the reporting company or exercises substantial control over the reporting company (each, a beneficial owner), his or her full legal name, date of birth, complete U.S. residential address, and information from (along with an image of) the individual’s unexpired U.S. passport, state driver’s license or other government-issued identification document; and (c) for certain individuals responsible for the formation of a reporting company on or after January 1, 2024, similar information to that required of beneficial owners.

The CTA and BOI Rule require reporting companies formed or registered to do business in the U.S. on or after January 1, 2024 to file a BOI report with the Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of Treasury within 90 days of its formation or registration (or, if formed or registered to do business in the U.S. on or after January 1, 2025, within 30 days of its formation). Reporting companies formed or registered to do business in the U.S. prior to January 1, 2024 receive a slight reprieve – they need to file a BOI report on or before January 1, 2025.

Once a reporting company has filed an initial BOI report, it must file an updated BOI report within 30 days of any change in the information required to be reported to FinCEN, including changes to reported BOI.

Limited Exemptions for Foreign-Owned Companies

The CTA includes 23 exemptions from the BOI reporting requirements; however, only a handful of them are likely to apply to foreign-owned companies, including the following:

Large Operating Company

Entities that directly employ more than 20 full time employees in the U.S., have an operating presence at a physical office in the U.S., and have filed a federal income tax return or information return demonstrating more than $5 million in gross receipts or sales from sources within the U.S. are classified as “large operating companies” and are exempt from BOI reporting. However, any failure to maintain employment or revenue figures will trigger filing requirements. Additionally, the company will need to be the owner or lessee of real property in the U.S., distinct from unaffiliated businesses, at which it conducts business to satisfy the “physical office” requirement—post office boxes and registered agent addresses will not suffice.

Publicly-Traded Company

Entities that have issued securities registered under Section 12 of the Securities Exchange Act of 1934 (1934 Act) or that are required to file supplementary and periodic information under Section 15(d) of the 1934 Act are exempt; however, this exemption will not cover entities that are listed only on a foreign exchange that do not have reporting obligations under the 1934 Act.

Subsidiary of Exempt Company

Entities whose ownership interests are entirely controlled or wholly owned, directly or indirectly, by certain enumerated exempt entities are themselves exempt, meaning that if a qualifying parent company is exempt, its subsidiaries may also avoid reporting requirements.

Importantly, no “upward” exemption to BOI reporting requirements exists for holding companies.

Reporting Challenges for Foreign-Owned Companies

Foreign-owned reporting companies that are not eligible for an exemption should keep the following issues in mind as they work with advisors to build a compliance plan for CTA reporting:

Analyzing all Members of Corporate Family

Foreign companies often establish a U.S. corporate presence by creating a holding company organized under the laws of Delaware or another U.S. state, with operations conducted through one or more subsidiaries. A compliance plan will be necessary for each entity formed under the laws of a U.S. state or registered to do business in a U.S. state to ensure that it is either exempt or that proper measures have been taken to comply with reporting requirements. Because privately held holding companies do not qualify for an exemption, reporting may be required at that level even if operating entities lower in the family tree are exempt as a “large operating company” or (for lower-tier entities) a “subsidiary” of any large operating company.

Monitoring Triggers for Updates

  1. Some foreign-owned companies rotate executives through director, officer and managerial roles with their U.S. subsidiaries after a limited period of time. These changes will trigger requirements to file updated BOI reports within 30 days of the change. Further, regular changes in U.S. leadership underline the importance of having a compliance plan in place for incoming executives to ensure that all necessary updates to BOI reports are timely filed.
  2. For purposes of filing BOI reports, beneficial ownership of equity is reported by looking through legal entities to identify individual owners or controllers of equity. Changes to a capitalization table of a parent entity organized and operating entirely outside of the U.S. may therefore trigger an obligation to file an updated BOI report in this country.

Inactive Entities

Foreign companies may own U.S. subsidiaries that were previously active but no longer conduct substantial business. While there is an exemption from reporting requirements for certain inactive entities, it is not available to companies owned by foreign persons. Owners of inactive entities should consider dissolving these entities prior to the deadline of any BOI report to avoid incurring reporting obligations or penalties for non-compliance.

Data Protection and Confidentiality

Reporting companies should consider how they will comply with data protection obligations and confidentiality requirements associated with the collection of personally identifiable information gathered pursuant to the CTA. It may be beneficial to designate a third-party provider to collect and store this information or direct persons to obtain a FinCEN identifier to mitigate risks associated with data protection, which can be costly. Companies may also need to consult local counsel in certain foreign jurisdictions to ensure that the collection and transmission of sensitive data from persons outside the U.S. is conducted in accordance with local law.

Access to Information for Disclosure

Foreign-owned reporting companies should consider including language in their formation and governance documents, employment agreements and employee handbooks that requires individuals to provide information necessary to facilitate CTA compliance. As changes to ownership of foreign parents may trigger update reporting obligations, similar measures may need to be considered with respect to parent companies. The reporting company should be prepared to take action to compel such disclosure, where possible, to avoid liability to the company and personal liability to senior officers.

Penalties for Non-Compliance; Personal Liability for Senior Officers

Those who disregard the CTA may be subject to civil and criminal penalties. A person who willfully fails to file a correct and complete initial BOI report or an updated BOI report required by law is subject to a fine of $500 per day (up to a maximum fine of $10,000) and is subject to imprisonment for up to two years.  FinCEN has stated that senior officers of entities that willfully violate the CTA and BOI Rule may be held liable under these penalty provisions.

Varnum’s Corporate Transparency Act Taskforce of attorneys and other professionals can assist you. Contact Greg Wright of our Business and Corporate practice team, any member of Varnum’s CTA Taskforce, or your Varnum attorney to learn more.

 

 

Under the Regulatory Microscope: Private Investment in Health Care-Related Entities

Trends and Developments Impacting Health Care Investing

Although ownership and control of health care providers engaged in the practice of medicine has traditionally been limited to either non-profit enterprises or licensed medical professionals (and their regulated, professional enterprises), the industry in recent decades has seen an escalating infusion of capital from enterprises including private equity firms, and business structures have been created to accommodate funding from non-licensed, for-profit entities. Given the continued for-profit commercialization of health care and its $4 trillion plus market share, it is unlikely such private investment in the health care ecosystem will voluntarily slow in the foreseeable future.

Recent calls for greater regulatory scrutiny of such investments in certain health care-related entities, such as medical practices and health care systems, further complicate the already complex regulatory landscape for for-profit health care enterprises, their owners and medical professionals.

Michigan Medical Group Asks Michigan Attorney General to Investigate Ownership of For-Profit Health Care Organizations

The Michigan State Medical Society, which represents thousands of Michigan physicians, recently sent a letter to Michigan Attorney General Dana Nessel asking her to investigate what it argues are “widespread violations” of Michigan’s Corporate Practice of Medicine doctrine. The Attorney General’s office stated that it is reviewing the allegations and determining if and how to proceed. Whether the Attorney General initiates a widespread investigation of certain health care organizations’ compliance with the Michigan Corporate Practice of Medicine doctrine remains to be seen.

Michigan Corporate Practice of Medicine Doctrine: The Basics

Michigan’s Corporate Practice of Medicine doctrine, as explained in more detail in this advisory, prohibits unlicensed individuals from owning entities that engage in the practice of medicine in Michigan. Put differently, most entities intending to operate a medical practice must generally be owned by individuals who hold a license to practice medicine. While there is a recognized doctrinal exception enabling non-profit health care entities, such as certain health care systems, to employ licensed individuals providing medical care, there is no such exception permitting private equity firms and other for-profit entities that are owned by non-licensed persons from owning Michigan medical practices. The basic policy rationale animating this legal principle, which the Michigan State Medical Society highlighted in its letter to the Attorney General, is that patients are best served when medical decisions are made by licensed medical professionals.

Sophisticated Structuring: The Use of Management Service Organizations

The Michigan State Medical Society argues in its letter that in part through their unique use of management service organizations (MSOs), private equity firms circumvent Michigan’s Corporate Practice of Medicine doctrine. MSOs, a separately established entity from the medical practice, are a common structuring device that are established to contract with the medical practice to provide non-medical administrative and management services. Frequently, in private equity acquisitions of businesses involved in medical practices, the private equity firm establishes an MSO that it wholly owns. In recognition of the requirements of the Michigan Corporate Practice of Medicine doctrine, the licensed individuals retain ownership of the professional entity that functions as the operating medical practice engaged in the practice of medicine while the MSO manages the business aspects of the medical practice. In effect, the management contract vests MSOs with management rights over the business of the medical practice.

Federal Regulator Challenges Private Equity Fund’s Health Care Roll-Ups

Investments in certain health care-related entities by private equity firms and other unlicensed individual investors has also garnered recent attention from federal regulators. On September 1, 2023, the Federal Trade Commission (FTC) initiated a suit against U.S. Anesthesia Partners, the leading provider of anesthesiology services in Texas, and Welsh Carson, a private equity firm that founded U.S. Anesthesia Partners. The FTC alleges Welsh Carson’s roll-up acquisition strategy aimed at consolidating anesthesiology services in Texas to profit from various synergies violates The Clayton Antitrust Act of 1914 and Federal Trade Commission Act of 1914, both antitrust laws designed to halt anticompetitive practices. Lina Khan, the chair of the FTC, explained “[t]he FTC will continue to scrutinize and challenge serial acquisitions, roll-ups, and other stealth consolidation schemes that unlawfully undermine fair competition and harm the American public.”

Both licensed medical professionals considering selling their practice and unlicensed investors, including private equity firms, considering investing in the health care sector, should carefully review these latest regulatory developments.

For assistance navigating the evolving regulatory landscape and ensuring your MSOs are compliant with applicable laws, contact a member of Varnum’s Health Care Team.