What Founders Should Know About Credit Union Investments

Fintech’s Untapped Market: Credit Unions and CUSO Investment

If you’re building a Fintech, Insurtech, or similar service tech startup, credit unions may not be the first market you think of, but they should be. Beyond being valuable customers, they can also be an important source of investment capital.

Credit unions are not-for-profit financial institutions that are owned and operated by their members. Unlike traditional banks, they focus on returning value to members through lower loan rates, higher savings yields, reduced fees, and paying member dividends. Membership is usually limited to certain communities, like employees of a specific company, members of a labor union, or residents of a particular area (which credit unions call “field of membership”).

What Is a Credit Union Service Organization (CUSO)?

A CUSO is a business entity owned by one or more federally insured credit unions. It is designed to provide services that reduce operating costs, improve efficiency, or deliver innovative products to credit union members. CUSOs allow credit unions to collaborate and expand their offerings, especially in fast-evolving sectors like Fintech and Insurtech.

Can Credit Unions Invest in Startups?

Yes. According to the National Credit Union Administration (NCUA), which regulates credit unions, in 2021 there were over 1,000 active CUSOs that attracted more than $4 billion in investments and over $1 billion in loans. Those numbers highlight how engaged credit unions are in supporting innovation.

Why Are Credit Unions a Unique Market Opportunity for Service Tech Startups?

What makes this particularly attractive for Service Tech startup companies is that a credit union can be both a customer and an investor. When a product aligns with their mission to serve members, they may not just adopt it, they may help fund it.

What Are the Regulatory Requirements for Receiving Credit Union Investment?

There are some important federal regulatory requirements to keep in mind. The NCUA stipulates that, to receive investments from credit unions, the majority of your startup’s revenue must come from credit union clients. They also maintain a list of approved products and services that CUSOs can offer, focused on those that directly benefit credit union members. These include, but are not limited to, financial planning, investment, insurance, and mortgage offerings.

State chartered credit unions (as opposed to federally chartered credit unions) typically have their own state regulatory schemes they must follow. State requirements generally have similarities to federal ones, but present additional requirements state regulators find important in assuring a credit union’s overall financial health.

Is a CUSO the Right Fit for Your Startup?

Many startups choose to form a dedicated CUSO subsidiary. This structure helps meet the revenue and service requirements, operate within the regulatory framework, and build a focused channel for both revenue and capital from the credit union ecosystem.

To explore whether a CUSO structure is appropriate for your business model or to better understand the regulatory considerations involved, contact a member of Varnum’s Startup Practice Team.

Why Sellers Need an M&A Attorney

Chris George Joins Calder Capital's Sell-Side Update

When selling a business, having experienced legal counsel is critical to protecting your interests, limiting liability, and maximizing the final sale value. In a recent conversation hosted by Calder Capital, Varnum partner Chris George sat down with Garrett Monroe to discuss the key legal considerations sellers should be aware of during M&A transactions.

Key topics covered in the discussion include:

  • Legal strategies to minimize post-closing liability;
  • Structuring the deal to align with your goals;
  • Navigating due diligence and disclosure obligations;
  • Common pitfalls sellers encounter—and how to avoid them; and
  • The importance of early legal counsel involvement in the transaction process.

Chris draws from his extensive experience representing sellers in a wide range of industries to provide practical, actionable guidance for business owners considering an exit.

Watch the full interview on YouTube:

For more information about how Varnum’s Mergers and Acquisitions Practice Team can assist with your transaction, contact Chris George.

What Startups Should Know About Early-Stage Equity Term Sheets

What Startups Should Know About Early-Stage Equity Term Sheets

If your company is preparing to raise its first round of institutional capital, congratulations. That’s a major milestone. At this stage, it’s critical to ensure that both you and your prospective investors are aligned on the structure and terms of the investment. That’s where a term sheet comes in.

In this comprehensive guide,  we’ll explore:

  • Why the name of the financing round (for example, “seed” vs. “Series A”) matters
  • Key differences between Seed and Series A financing
  • What is typically included in an early-stage equity financing term sheet
  • What founders should look out for when issuing preferred stock

Why the Name of the Round Matters

The name of your financing round is more than a formality, it sets expectations.

  • Seed Round: suggests your company is in the early stages of development, likely pre-revenue or just beginning to gain traction.
  • Series A Round: implies more maturity, such as a validated product, growing user base, and early revenue, indicating the company is ready to scale.

Investors often rely on these labels to assess your company’s progress, risk profile, and potential return. Choosing the right naming convention can help manage expectations and align your fundraising strategy with industry norms.

Seed vs. Series A Financing: Key Differences

A seed financing round typically follows friends-and-family or angel investments and represents the first institutional capital. Investors in these rounds may include angel investors, seed-stage venture firms, or angel groups. Key characteristics of a seed round include:

  • Smaller investment amounts (typically $500,000 to $2 million)
  • Simpler deal terms
  • Fewer governance rights and investor protections

Even if a seed round’s structure resembles a Series A, especially if you’re issuing equity rather than SAFEs or convertible notes, founders often prefer to use the “seed” label. Why? It allows the company to reserve the “Series A” designation for a future round, ideally at a higher valuation once the business has matured.

Series A Financing Overview

Series A financing generally follows a successful seed round and is triggered once a company has achieved meaningful traction, such as strong user growth, early revenue, or product-market fit. Series A rounds are typically:

  • Larger in size ($2 million to $15 million or more)
  • Led by institutional venture capital firms
  • Structured with more complex terms, such as:
    • Board representation
    • Liquidation preferences
    • Anti-dilution protections

At this stage, the company is transitioning from startup to scale-up.

What is Included in an Early-Stage Term Sheet?

While the specifics vary depending on investors and company leverage, most early-stage preferred stock term sheets include the following key provisions:

Price Per Share / Pre-Money Valuation

The term sheet will often include either a price per share or a pre-money valuation from which the price per share is calculated. While a higher valuation might seem ideal, it can also mean higher expectations, greater pressure to grow rapidly, and more difficult future funding rounds.

A higher valuation only benefits founders if it’s realistic and paired with founder-friendly terms. It’s essential to evaluate the entire term sheet, not just the headline valuation.

For more on this topic, check out our related advisory: Understanding Pre-Money vs. Post-Money Valuation.

Maximum Offering Amount

This is the total amount of capital the company aims to raise in the round. Along with the valuation, it helps investors calculate the ownership percentage they’ll receive if the round is fully subscribed. The number should balance capital needs, dilution tolerance, and investor interest.

Offering Period

The offering period defines the window in which shares may be sold, ensuring the financing doesn’t remain open indefinitely. This is important because the company’s valuation may change significantly over time.

Liquidation Preferences

In the event of a liquidity event such as a sale, IPO, or liquidation, preferred shareholders typically have two options:

  1. Receive their original investment before common shareholders receive any proceeds; or
  2. Convert their preferred shares to common stock and participate in the distribution on an as-converted basis.

In some cases, investors receive both: their initial investment plus a share in the remaining proceeds (“participating preferred” stock). While this was more common in earlier markets, non-participating preferred has become more standard in later-stage deals or more competitive fundraising environments.

Anti-Dilution Provisions

These provisions protect investors from dilution if the company raises capital in a down round, at a lower valuation than the previous round. Two common structures are:

  • Weighted Average: More founder-friendly; adjusts the conversion price proportionally.
  • Full Ratchet: More investor-protective; resets the conversion price to match the new round.

The terms used often reflects the company’s stage and the negotiating power of each party.

Board Representation

Investors often negotiate for the right to appoint one or more members to the company’s board of directors. It’s common for both preferred and common shareholders to appoint directors, with remaining board seats filled by mutual agreement.

Voting Rights

Term sheets typically specify how preferred shares vote, often alongside common shares on a one-vote-per-share basis. In certain cases, preferred holders may vote separately on key issues.

Some term sheets also include protective provisions that require majority approval from preferred shareholders or their board representatives. These provisions give preferred shareholders a type of veto power over certain company actions, such as issuing new equity, selling the company, or amending the certificate of incorporation.

Participation Rights

Preferred investors almost always receive a right of first refusal to purchase their pro-rata share in future fundraising rounds. This helps protect their ownership from dilution.

Other Common Term Sheet Provisions

Additional rights commonly found in  term sheets include:

  • Drag-along and Tag-along Rights – Govern how shareholders participate in company sales
  • Registration Rights – Important in the context of a future IPO
  • Dividend Rights – Determine how and when dividends are paid to preferred holders
  • Conversion Rights – Allow preferred shares to convert to common stock at a preset ratio

A full explanation of these terms is beyond the scope of this guide, but founders should be aware of their presence and potential impact.

Term sheets often include a provision requiring the company to reimburse the lead investor’s legal fees, usually subject to a cap (e.g., $25,000 to $50,000). This is standard practice and should be factored into your fundraising budget.

Final Thoughts for Founders

Term sheets for preferred stock equity financings can vary significantly based on the company’s stage, investor preferences, and market conditions. However, the concepts outlined in this guide represent the core elements that startups are likely to encounter when negotiating early-stage investment deals.

If you have questions about any of these provisions, or if you’re preparing to raise capital and need support negotiating a term sheet, reach out to a member of Varnum’s Venture Capital and Emerging Companies Practice Team. We’re well-equipped to provide strategic, practical advice tailored to your company’s goals.

First-of-Its-Kind: Teen Privacy Law Passes in Arkansas

Arkansas Expands Online Privacy Laws to Teens

On April 22, 2025, Arkansas enacted the Arkansas Children and Teens’ Online Privacy Protection Act (HB 1717, Act 952), making it the first state to expand core federal children’s privacy protections to teens. The law, effective July 1, 2026, applies to for-profit websites, online services, apps, and mobile applications that are directed to children (under 13) or teens (ages 13-16), or that have actual knowledge they are collecting personal information from these groups.

The Act establishes a two-tiered framework: parental consent is required to collect personal information from children, while either the teen or their parent may consent in the case of users aged 13 to 16. Operators must also provide clear notice of their data practices, respect deletion and correction requests, and implement reasonable security measures. The statute broadly defines personal information to include not only contact details and identifiers, but also biometric data, geolocation, and any information linked or reasonably linkable to a child, teen, or parent.

The law prohibits targeted advertising to minors using their personal information and limits data collection to what is necessary for the specific service or transaction. Operators are not required to implement age verification, but are expected to comply where they have actual knowledge of a user’s age. Importantly, enforcement authority is vested exclusively in the Arkansas Attorney General; the law does not create a private right of action.

HB 1717 reflects growing state-level momentum to address youth privacy concerns amid the absence of federal privacy reform. Businesses that operate online platforms accessible to Arkansas users, particularly those relying on personalized advertising or handling sensitive data, should evaluate their compliance posture now to prepare for the law’s 2026 effective date.

Varnum’s Data Privacy Practice Team is available to help your organization assess its obligations under Arkansas’ new law, align with regulatory requirements, and develop a compliant data strategy.

Connelly v. U.S.: A Reminder About Corporate Owned Life Insurance

Supreme Court Ruling Impacts Corporate-Owned Life Insurance

Many businesses have used corporate owned life insurance (COLI) and buy-sell agreements as key elements of their succession planning. However, it may be time to consider whether these programs are creating unnecessary risk. Although these programs generally have not been problematic in the past, a recent Supreme Court case has potentially changed the analysis.

COLI is a life insurance policy owned by the company on the life of an employee, with some or all the benefits payable to the company. This life insurance can provide a significant cash benefit at a time when the company may be looking to fund the repurchase of shares from a deceased owner. Historically, practitioners have excluded insurance proceeds from a business’s valuation when those proceeds are contractually designated for repurchasing shares under a buy-sell agreement. This exclusion arises because the buy-sell agreement creates a liability that offsets some or all of the proceeds.  Although excluding the value of the insurance proceeds from the value of the business was relatively common, the IRS had sometimes argued that the value of the insurance should be included in the value of the company.

In Connelly v. U.S., the Supreme Court unanimously held that the proceeds from COLI need to be included in some valuations of the company that received the proceeds. When the value of the COLI is added for tax and valuation purposes, there are several possible implications. First, the increased value from including the COLI may have to be reflected in a higher purchase obligation under the buy/sell obligation associated with the COLI than would otherwise be necessary. Second, the value of the COLI may need to be included in company valuations related to deferred and executive compensation payments. Third, the inclusion of COLI proceeds as an asset on the company’s balance sheet may impact the company’s investment or lending agreements. And fourth, the increased value of the company needs to be reflected when valuing the decedent’s company equity for estate tax purposes and in any tax planning for surviving owners.

After Connelly v. U.S., companies and business owners should reassess how COLI and buy-sell agreements interact. If a COLI and a buy-sell agreement are already in place, now is a good time to review them to determine if changes need to be made. If so, make those changes before it’s too late. For companies that do not have COLI and a buy-sell agreement in place, it is a good time to determine if your business should have these arrangements in place now that the Supreme Court has settled the question.

If you have questions about COLI, buy-sell agreements, and their implications for your business, contact a member of Varnum’s Employee Benefits, Corporate, or Estate Planning Practice Teams.

EGLE Expected to Lower PFAS Maximum Contaminant Levels in or before 2026

EGLE Plans Lower PFAS Limits Ahead of 2027 EPA Enforcement Deadline

Regulations of PFAS (per- and polyfluoroalkyl substances) have been evolving quickly, and more changes are on the way in Michigan. 

In 2020, Michigan established some of the nation’s first drinking water standards for PFAS, setting limits with Maximum Contaminant Levels (MCLs).[1] For example, the MCL for PFOA (perfluorooctanoic acid) is 8 parts per trillion (ppt) and PFOS (perfluorooctanesulfonic acid) is 16 ppt. 

However, federal regulations will cause EGLE (Department of Environment, Great Lakes, and Energy) to lower Michigan’s MCLs even more. In April 2024, the U.S. Environmental Protection Agency (EPA) passed a national drinking water MCL under the Safe Drinking Water Act, establishing a threshold for PFAS in drinking water of 4 ppt for five kinds of PFAS (including PFOA and PFOS), as well as regulating four PFAS collectively when present as a mixture.[2] These national MCLs will take effect in 2027.[3] In 2029, the national MCLs become enforceable, triggering penalties and increased monitoring frequencies.

In Michigan, the EPA has delegated its authority to the state to enforce the Safe Drinking Water Act.[4] This means that EGLE is the primary agency in charge of creating and enforcing drinking water regulations. Because this authority is delegated, state limits on contaminants in drinking water must be at least as restrictive as federal limits.[5] Thus, Michigan will need to enact new MCLs on or before 2027.

In recent conversations, EGLE has stated it intends to update the state’s MCLs on or before 2026, which will be at or below the EPA’s level of 4 ppt for each type of PFAS. However, EGLE will not start the process until the Michigan Supreme Court decides a case filed by 3M against the state, which challenges the state’s current MCLs. According to the state, the outcome of the case could dictate the process that EGLE needs to use for implementing the new MCLs and affect the timeline for the new rules. Either way, new rules are forthcoming.    

Any municipal or private subject to the Safe Drinking Water Act should be prepared to meet the forthcoming (lower) MCLs regulations. Varnum’s Environmental and Natural Resources Practice Team continues to monitor developments. Contact Kyle Konwinski, C.J. Biggs, or your Varnum environmental attorney today to learn more about the requirements of these upcoming PFAS regulations and how they may impact your business or organization.

[1] Michigan PFAS Action Response Team

[2] U.S. Environmental Protection Agency

[3] Id.

[4] U.S. Environmental Protection Agency

[5] Id.

FTC Signals Major Shift: Children’s Privacy a Top Enforcement Priority

FTC Prioritizes Children's Data Privacy

The Federal Trade Commission (FTC) has made clear that protecting children’s privacy is now a top enforcement priority under its new leadership. Recent statements from FTC Commissioner Melissa Holyoak reinforce that businesses handling children’s data should prepare for heightened regulatory scrutiny.

Speaking in Washington, D.C., during the International Association of Privacy Professionals (IAPP) Global Privacy Summit, Commissioner Holyoak emphasized that children’s privacy remains a significant enforcement priority for the FTC. Central to this renewed focus is the enforcement of the Children’s Online Privacy Protection Act (COPPA), with the agency already advancing significant updates to the rule.

The FTC is not the only regulatory body focusing on children’s privacy. Also speaking at the IAPP Global Privacy Summit, many representatives of state regulatory bodies focused on enforcing state data protection laws, similarly echoed the desire to focus on higher-risk activities. The focus includes paying closer attention to governing the processing of teens’ personal information online as well as practices related to the sale of data from minors. For companies that have historically leveraged the age threshold under COPPA for bifurcating data collection practices between children and others, this may pose a challenge as data related to teens is not within the scope of that original COPPA threshold but would be the focus of regulatory enforcement at the state level. Given the heightened focus regulators across the board are placing on this scenario, companies dealing with data related to teens should consider mapping out specific use cases where this may be an initial step, analyzing the potential risk of each individually.

Businesses that collect, use, or share children’s data should act now to evaluate and strengthen their privacy practices to mitigate regulatory risk. Varnum’s Data Privacy and Cybersecurity Practice Team stands ready to help your organization navigate these developments, strengthen your compliance strategies, and stay ahead of regulatory risk.

The Changing Landscape of Dispute Resolution for Website Operators

The Changing Landscape of Dispute Resolution for Website Operators

Historically, many website operators have included a provision in their published website terms and conditions or terms of use (Terms) governing how a website visitor is able to resolve disputes with the website operator. Recently, due to a proliferation of privacy-related litigation relating to the use of tracking technologies embedded on websites, website operators are reconsidering the most effective ways to address the dispute resolution mechanism included in the Terms.

Why Has Arbitration Historically Been the Industry Standard?

Arbitration has long been the preferred method for website operators to handle disputes with website visitors because it offers some key advantages over other mechanisms for dispute resolution, such as mediation and litigation:

  • Efficiency: Arbitration proceedings typically proceed to a resolution faster than court litigation does, which reduces the time and resources spent on resolving disputes.

  • Lower Costs: Arbitration is generally less expensive than litigation because it requires lower legal fees and preparation costs compared to traditional trials, and decisions are generally not appealable.

  • Confidentiality: The private nature of arbitration helps protect companies’ reputations.

  • Control: Companies can select the arbitrator and establish their own rules for the proceedings, which provides a tailored approach to dispute resolution.

What is Causing This Change?

These benefits have made mandatory arbitration provisions a staple in website Terms.  However, the benefits of maintaining mandatory arbitration provisions appear to be waning. This shift can be largely attributed to the rise in tracking-technology litigation, as website operators face privacy-related challenges by plaintiffs under federal laws such as the Electronic Communications Privacy Act (ECPA) and the Video Privacy Protection Act (VPPA), as well as state laws like California’s Invasion of Privacy Act (CIPA). While the use of tracking technologies, such as cookies and pixel tags, are common features of websites, increased complaints about these tools pose a significant challenge for website operators that rely on traditional arbitration provisions.

Mass arbitrations, which are the filing of hundreds or even thousands of individual claims on behalf of website visitors, have created administrative burdens and high costs for website operators, as website operators generally pay for most or all of the arbitration fees. Because of this strategy, website operators are recognizing the need to adapt to the complexity and volume of data-privacy actions by reevaluating their default dispute-resolution strategy. This reevaluation includes revising arbitration clauses to include mechanisms like bellwether processes, where a small number of cases are resolved first in order to guide the resolution of subsequent cases. Notably, at least one court has refused to compel arbitration of a class action against a website operator on the grounds that its arbitration agreement, including the mass-arbitration bellwether provision, was unenforceable because it was “permeated by provisions which are unconscionable and violative of New Jersey public policy.”[1] Another option is to require informal dispute resolution before arbitration, such as mediation. Additionally, some website operators are considering opting out of mandatory arbitration altogether, or at least carving out data-privacy disputes from the general arbitration provision, to allow disputes to be handled by the courts; this might result in more litigated class actions than in the past. 

What Options Do Website Operators Have?

There are several strategic options to address these challenges. For example, website operators may consider revising arbitration clauses, opting out of arbitration altogether, and utilizing alternative dispute-resolution mechanisms. Each of these approaches have distinct pros and cons:

Option
Pros
Cons
Revise arbitration clauses
Streamlines mass claims, potentially reducing administrative burdens and costs with bellwether processes. Alternatively, if privacy-related claims are carved out, this would allow the website operator to maintain the benefits of the arbitration provision while mitigating the risks of mass arbitrations stemming from privacy-related complaints.
Remains costly. The revised clauses may be challenged and struck down in court, limiting their effectiveness.
Opt out of mandatory arbitration
Allows disputes to be handled by the courts. The burdens of dealing with numerous individual claims can be ameliorated with class actions.
Exposes companies to the possibility of larger payouts, increased public/media scrutiny. Heightened legal risks.
Utilize alternative dispute-resolution mechanisms (e.g., mediation[2] or an ombudsman program[3] )
Flexible, less adversarial, and more suitable for resolving certain types of less complex disputes.
May not be suitable for complex cases. Outcomes are somewhat less predictable, in line with their increased informality.

Each option requires careful consideration based on the website operator’s industry, size, customer base, and the legal environment in which it operates.  For example, revising an arbitration clause might involve carving out privacy-related claims from the provision’s scope. Accordingly, it is important for website operators to discuss tailoring strategies with an experienced attorney.

The approach that any individual company might take to tailoring its website Terms is highly dependent on a variety of factors, including its specific industry, operational scale, customer demographics, and the regulatory environment it is subject to and operates within. Varnum’s experienced data privacy team can help your business navigate this changing landscape and assess the risks and benefits of possible approaches. Varnum is well-equipped to assist in that decision-making process, offering comprehensive guidance so you can make informed decisions about dispute resolution strategies, ensuring alignment with both legal requirements and business objectives.

[1] See Achey v. Cellco P’ship, 475 N.J. Super. 446, 450; 293 A.3d 551, 553–554 (App. Div. 2023).

[2] The Program on Negotiation at Harvard Law School’s website explains that the goal of mediation “is for a neutral third party to help disputants come to a consensus on their own. Rather than imposing a solution, a professional mediator works with the conflicting sides to explore the interests underlying their positions.”

[3] An organizational ombuds “operates in a manner to preserve the confidentiality of those seeking services, maintains a neutral/impartial position with respect to the concerns raised, works at an informal level of the organizational system (compared to more formal channels that are available), and is independent of formal organizational structures.”