The legal landscape is ever-changing, as new laws are passed or existing laws are interpreted or enforced differently. Brooks Pierce attorneys have identified some of the biggest potential legal issues that businesses need to be aware of in the coming months—from labor and employment to cybersecurity and federal investigations—and provided a high-level assessment of what company leaders need to know now to better prepare themselves for the future.
Labor and Employment
Federal agencies have identified more employee-friendly priorities since President Joe Biden took office in January 2021. Many of those initiatives are likely to develop further in 2022. We also see higher rates of collaboration among government agencies in the investigation of employee complaints. Multiple federal agencies have entered a Memorandum of Understanding (MOU) to enhance enforcement of federal employment laws. This makes it more likely that employers will be defending agency investigations on multiple fronts. For example, a charge of discrimination from the Equal Employment Opportunity Commission (EEOC) may be followed by a notice of investigation from the U.S. Department of Labor (DOL) Wage & Hour Division based on information uncovered by the EEOC.
For employers, we expect this means two things. First, there will be more agency investigations of workplaces than we have seen in recent years. Second, those investigations will likely be more intense than past administrations and may involve multiple government agencies.
Given these developments, employers should work with counsel to prepare their files, policies and procedures for a possible investigation. Employers who are notified of an internal complaint or government investigation should promptly involve legal counsel to avoid any inadvertent missteps. As always, employers should be aware of whistleblower laws, and consult with counsel before taking any actual or perceived adverse action against any employee who has engaged in “protected activity” under state or federal employment laws.
Data Privacy and Cybersecurity
2022 is poised to be the year we see real movement on a federal data privacy law. California's adoption of the California Consumer Privacy Act (CCPA) almost two years ago put some pressure on Congress to enact a federal standard. However, slow uptake by other states stalled the initial push a bit. In 2021, however, both Colorado and Virginia passed consumer privacy protection laws inspired by the CCPA that are set to go into effect in early 2023. As more states begin to adopt CCPA-like consumer privacy laws, there is a real threat that compliance with various state laws and requirements would be untenable for businesses. A federal law would solve that issue.
We also expect to see cyber liability insurance costs continue to climb rapidly throughout 2022. The proliferation of ransomware attacks, business email compromise scams and more traditional data breaches continue to drive up the costs of cyber insurance. Cyber insurers will increasingly tie the availability of reasonable coverage or discounts on premiums to a company's use of a variety of security requirements and mitigation tools. Companies should expect to be subjected to cybersecurity audits, inspections and similar actions before a provider will write a policy. Additionally, gone are the days of one-stop shopping for cyber coverage. Today's cyber policies and add-on plans are tailor-made for specific situations. More and more, we see policies with unexpected exclusions or limitations. For example, some providers are likely to exclude business email compromise from traditional cyber coverage because many of those incidents are due to "human factor" errors. A policy excluding incidents resulting from employee error would result in a coverage gap for many companies.
White Collar Defense & Investigations
In October 2021, U.S. Department of Justice Deputy Attorney General Lisa Monaco announced that the DOJ was returning to a tougher stance on white-collar crime, particularly offenses involving corporate misconduct. The DOJ released a detailed series of policy changes designed to root out repeat corporate misconduct and place a higher priority on prosecuting the individuals involved. For example, companies under investigation for misconduct by the DOJ will again need to provide lists of any individuals connected to the potential misconduct regardless of their position within the company, not just those “substantially involved.”
Another notable shift in this policy pertains to the significance a company's history of misconduct may play in an investigation. For the last several years, DOJ investigations would focus only on related misconduct – such as problems with the IRS when investigating potential tax violations. The DOJ will now examine the full regulatory, criminal and civil record to determine an appropriate resolution for a company that is the target or subject of a criminal investigation. For example, if a prosecutor is determining the resolution of a federal tax investigation for a target company, he or she should also take into account any non-tax prior misconduct—including prosecutions by another state, country or different branch of the federal government—the target company has been involved within the past.
The DOJ has also said it will enhance its use of independent corporate monitors to ensure companies are meeting their compliance standards. The DOJ will consider whether pretrial diversion (non-prosecution agreements and deferred prosecution agreements) is taken seriously enough by corporate offenders and if they are appropriate for recidivist companies.
These new policies mean that any company and its officers, executives and employees facing a DOJ investigation should prepare for tougher enforcement and more invasive investigation from federal agents and prosecutors.
Impact of Rising Interest Rates and Inflation on M&A Activity
For the last few years, we have seen a surge of M&A activity despite the COVID-19 pandemic. Persistently low interest rates have made debt relatively cheap, and dealmakers have been resilient. With the Federal Reserve sending signals that it will begin to raise interest rates soon, and ongoing inflationary pressures, we may start to see M&A activity slow. However, despite growing headwinds, the cost of financing remains low for the time being, there is a robust deals pipeline and buyer demand is holding strong thus far in 2022.
Representations and Warranties Insurance
Over the last several years, there has been increased demand for representations and warranties insurance (RWI) in mergers and acquisitions; in fact, there is a near-universal expectation that private equity-backed deals over a certain threshold will require RWI. Due to the increased demand for RWI and the general increase in deal volume, the cost of such policies has increased. Further, RWI underwriters are being more selective, inserting more restrictions and demanding greater quality of diligence in order to bind policies. In the current market, middle and lower-middle market deals may continue to face challenges in obtaining an appropriate RWI policy and parties may need to forego RWI for traditional indemnity structures.
COVID-19 Impact on Contract Provisions
Contract provisions in acquisition agreements are continuing to evolve as the COVID-19 pandemic evolves. During the pandemic, parties have focused on risk-shifting provisions in acquisition agreements, such as exceptions in the definition of Material Adverse Effect (MAE) and carve-outs to the interim operating covenants. Since 2020, many acquisition agreements have carved out impacts related to the COVID-19 pandemic in the definition of MAE or have excluded pandemic-related actions or omissions from the covenant requiring a seller to conduct its business “only in the ordinary course of business consistent with past practice.” As the pandemic shifts into an endemic phase, deal parties will need to re-evaluate how provisions regarding COVID-19 exceptions to MAE or “ordinary course of business” are interpreted. For example, actions taken by a company to respond to the pandemic may now be considered part of the company’s “ordinary course of business.”
