COVID Testing Fraud: Examples, Warnings, Guidelines, Recent Charges

Introduction

Fraudsters and criminals have wasted no time capitalizing on the public fear and sentiment of the novel coronavirus pandemic (“COVID-19”). Common fraudulent schemes include fake cures, free testing materials in exchange for personal information, billing frauds, coding frauds, loan frauds, and other testing frauds.

This has caused a direct increase in federal scrutiny as well as multiple legislative actions such as paid-leave guarantees and the establishment of the Paycheck Protection Program (“PPP”). Thus, the COVID-19 pandemic has put all companies in every industry sector at risk of a federal investigation.

In addition to understanding COVID-19-related frauds and their warning signs, it is also important to be aware of the latest federal responses. As explained by fraud defense attorneys, this article expands upon some of these considerations.

COVID-19 Testing Frauds

COVID-19 testing frauds are fraudulent scams or schemes involving testing supplies, testing services, test results, etc. These types of frauds can be civil or criminal at the federal level. Civil frauds or civil offenses do not involve the intent to defraud someone.

Despite this, there are still offenses that individuals and companies can be subject to for unintentionally defrauding someone. Criminal frauds or criminal offenses require the intent to defraud. This “intent” requirement can be explicit, inferred, or imputed with actual or constructive evidence.

Because continuous testing for COVID-19 for many individuals is very important, federal authorities have found it necessary to scrutinize this process as well as the suppliers of COVID-19 equipment and the labs that offer testing services.

Laboratories have faced a particularly high level of scrutiny from federal agencies due to their intricate involvement in COVID-19 diagnostic, testing, and processing services. Certain mistakes can be deemed fraud and lead to intense federal investigations and multiple fines and penalties for those labs and individuals involved.

Examples of COVID-19 Testing Frauds

Some examples of testing frauds relating to COVID-19 include the following:

  • Collecting payments from the government for tests and not providing the results;
  • Fraudulently billing federal government benefit programs for COVID-19 testing;
  • Making false statements about the results of COVID-19 tests;
  • Making false statements about the authorization of COVID-19 tests;
  • Making false statements in order to win contracts for COVID-19 testing kits;
  • Collecting payments for COVID-19 testing kits that are never delivered;
  • Using COVID-19 tests from abroad that are not authorized to be used as tests within the United States; and
  • Selling fraudulent testing kits.

“The COVID-19 pandemic has created many legal risks and obligations for companies that are already struggling to stay afloat. In addition to new laws and compliance obligations, the risk of an impending federal investigation for COVID-19 testing fraud is a real possibility. All companies—especially healthcare entities and laboratories—face this risk and need to therefore ensure that their interests, rights, and reputation are properly safeguarded. Retaining an attorney experienced COVID-19 testing fraud and the federal process is your first and best defense.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.

Federal Agency Warnings and Guidelines Regarding COVID-19 Frauds

Many U.S. federal agencies have released warnings, guidelines, and other alerts that aim to inform the public about what to expect and how to prepare for various COVID-19-related consequences. Below are a few examples:

  • The Food and Drug Administration (“FDA”): The FDA’s focus remains on increasing the availability of tests to the public, vaccines, and devices to help fight the pandemic such as ventilators and personal protective equipment. In addition, the FDA is also monitoring the human and animal food supply as well as taking prompt action in response to fraudulent COVID-19 products.
  • The Federal Trade Commission (“FTC”): The FTC’s consumer advice focuses on informing consumers of what to watch out for and how to spot potential frauds. For instance, if anyone charges you for help signing up for the vaccine, it is a fraud; COVID-19 vaccines are free. Also, if someone offers you a COVID-19 vaccine for a fee, it is a fraud; only state and federal approved locations offer the COVID-19 vaccine.
  • The Securities and Exchange Commission (“SEC”): The SEC’s Office of Investor Education and Advocacy has issued an Investor Alert warning investors about investment frauds such as claims that a certain product or service will stop the virus. The SEC is focused on examining social media content and Internet promotions that claim that a certain product of a company will prevent, detect, or cure the virus and that the stock of these companies will surge in price. These frauds are displayed as “research reports” but are nevertheless fraudulent schemes.
  • The Department of Justice (“DOJ”): The DOJ has informed the public that it is committed to investigating, detecting, and prosecuting conduct relating to COVID-19. It warns that criminals and fraudsters will likely use new tools and methods to perpetrate their crimes around the world. The DOJ has a special “National Center for Disaster Fraud Hotline” where individuals can report the nature of a suspected fraud/scam as well as a complaint form for individuals to fill out.

Recent DOJ Investigation and Charges for COVID-19 Fraud

The Department of Justice is one of the leading federal agencies that has been the leader in investigating and prosecuting COVID-19-related testing frauds. The DOJ recently brought charges against fourteen people for an alleged COVID-19-related healthcare fraud scheme that led to over $143 million in false billings.

The charges are against a telemedicine company executive, marketers of the business, medical business owners, and a physician. Specifically, on May 26, 2021, the DOJ brought criminal charges against these individuals in a total of seven federal districts across the nation.

The defendants in this case exploited the pandemic by offering COVID-19 tests to Medicare beneficiaries, drive-through testing sites, and medical offices in order to induce the recipients to provide their personal identifying information (and saliva and a blood sample). The defendants misused the information they received from the recipients and submitted unrelated, medically unnecessary claims to Medicare for very expensive tests.

Some cases involved COVID-19 tests that were not provided to the beneficiaries or that were not reliable. The proceeds from this fraudulent scheme were laundered through shell corporations and the defendants used these proceeds to purchase luxury real estate and exotic automobiles.

In other cases, the defendants allegedly exploited CMS policies that provided increased access to care by submitting false and fraudulent claims to Medicare for telemedicine visits that never occurred. Medical professionals allegedly offered and paid bribes in exchange for their referral of medically unnecessary testing. The DOJ’s Fraud Section is committed to prosecuting this and other cases that capitalize on the pandemic in order to fraudulently gain a financial benefit.

Conclusion

COVID-19 has created a host of new legal and regulatory requirements as well as compliance obligations for companies and individuals. Failure to follow these regulations or conform to these compliance obligations could lead to fraud allegations.

Several federal agencies including the SEC and DOJ have been both eager and successful at investigating and prosecuting COVID-19 testing frauds.

Companies that need to be especially attentive to federal laws and compliance obligations in the midst of the virus include laboratories and other testing service companies. These entities run a high risk of a federal investigation because of the nature of their business, which entails individual testing, diagnostic, and processing services.

Oberheiden P.C. © 2021

Article By Dr. Nick Oberheiden of Oberheiden P.C.

For more articles on COVID-19 testing, visit the NLR Coronavirus News section.

Legal Implications of Blockchain in Supply Chain: What’s Law Got to Do With It?

Blockchain in Supply Chain: Article 6

The advent of new technology brings along with it the murkiness of how the American legal system will treat such technology.  Before the rise of blockchain for instance, businesses were uncertain how courts would treat electronic records and signatures until the federal legislature enacted the E-Sign Act on June 30, 2000.1 To provide even more clarity to businesses, the National Conference of Commissioners on Uniform State Laws drafted the Uniform Electronic Transactions Act (the “UETA”)2 to provide states with a framework to enact laws governing the enforceability of electronic records and signatures.  Now, almost every state in the U.S. has adopted some form of the UETA,3 and industry heavily relies on electronic contracting.

The legislative process has already begun for blockchain technology. Arizona and Tennessee both enacted laws stating that (1) a blockchain technology signature is considered an electronic signature, and (2) a blockchain technology record is considered an electronic record.  Further, these laws say that courts may not deny a contract legal validity because the contract contains a “smart contract” term.4  Other states are also attempting to adapt their current commercial laws to blockchain technologies.  Wyoming, for example, is breaking ground by addressing blockchain’s impact on the attachment, perfection, and priority rules of Article 9 of the Uniform Commercial Code.5  Similarly, Delaware and Maryland have amended their general corporation and limited liability company laws to permit the use of blockchain technologies for creating and maintaining company records with respect to equity interests.6

Beyond when and how legislatures and courts will solidify blockchain technology as a valid platform for contracting, there are other possible legal questions and ramifications for the use of blockchain in the supply chain. Some possible areas of legal considerations follow below.

Potential Modifications to Contract Terms in Supply Agreements

As companies begin to implement blockchain solutions, drafters should give thought as to what contract terms to adjust in supply agreements and other commercial contracts related to the use of blockchain in the supply chain.  Some potential modifications to consider follow:

Blockchain Governance

Parties to a supply agreement will need to decide whether a supply agreement should detail which transactions can (or must) occur on the blockchain, or whether the parties should set forth which transactions should occur on the blockchain in a separate agreement governing the implementation, governance, funding and maintenance of the supply chain blockchain. Flexibility will be important as blockchain technology continues to evolve and becomes more prevalent, so it may be most practical for both parties to execute an addendum listing transactions that the parties can agree to update.

Requirements on Suppliers and Sub-suppliers

A buyer may consider whether it would be beneficial to contractually require its suppliers to join the buyer’s supply chain blockchain.  A buyer could take this approach a step further and extend it to sub-suppliers as well. A contract could require both the supplier and its suppliers to join the buyer’s supply chain blockchain, which would provide the buyer a deeper visibility into its supply chain. For smaller suppliers and sub-suppliers, the ability to keep up and participate in this evolving area may present a challenge that impacts their ability to compete for certain business.

Confidentiality

With multiple member blockchains, the parties may want to explicitly state whether or not a receiving party adding certain confidential information of a disclosing party to the blockchain would be considered a permitted disclosure by the receiving party.  The parties must also consider the contract’s provisions on removal and return of confidential information at the end of a contract with the immutability of blockchain in mind.

Purchase Orders and Payment Terms

If a buyer must place purchase orders or releases through the blockchain system, the parties will need to revise the ordering mechanism of the contract to reflect this process.  Additionally, if the parties plan to handle payment by blockchain smart contracts, the parties will need to revise the traditional approach of invoicing after shipment and paying within a certain period to account for the terms of any smart contract.

Product Acceptance

If the buyer will make payment automatically via smart contract at the time of product acceptance, the supply agreement should be very precise as to when product acceptance occurs.

Indexing and Shipping Costs

Many supply chain contracts use some form of indexing for raw materials or other cost inputs to adjust pricing periodically. Blockchain has the potential to significantly streamline this process by allowing parties to modify contract pricing that is linked to an index faster and easier by using a smart contract to rewrite the new price to the ledger and automatically update payments via blockchain based on the new contract pricing. Although traditionally raw materials have been the focus of indexing provisions, given the recent massive fluctuations in freight and container costs, contracting parties can share risk for fluctuating shipping costs by indexing through blockchain technology as well.

Force Majeure

When drafting force majeure provisions, the parties may want to explicitly define whether issues with the blockchain such as smart contract malfunction or compromise of a party’s access to the blockchain would be considered a force majeure event that can be relied upon by a party to excuse from performance under the contract. In most cases, parties may want to align this issue with whether existing language covers IT system issues.  If such issues are included as force majeure events, the parties should consider adding a threshold requirement that a party cannot claim force majeure for issues resulting from the party’s own failure to maintain industry-appropriate protective measures.

Effect of Termination

In the event of termination of a supply agreement, the parties will want to explicitly set forth any requirements to unwind the blockchain or terminate the related smart contracts. Alternatively, the effect of termination provisions could point to a separately executed agreement specifically dedicated to blockchain governance which would cover the rights and responsibilities of the parties if the supply agreement dictates the parties must unwind the blockchain.

Conflicts

In the resolving conflicts section of the supply agreement, which provides the order of precedence of contract terms in the event of conflicting language, the parties should detail how to resolve a conflict between a coded smart contract or other blockchain terms and conditions and the text of the supply agreement.

Entire Agreement

When drafting the entire agreement section of a supply agreement, the parties will want to identify what, if any, terms and conditions set forth in the applicable blockchain network are part of the agreement between the parties and then provide that all other terms are not part of the agreement.

Service Level Credits

For logistics agreements, the parties may want to define key performance indicators (KPIs) or service level agreements (SLAs) based on data from the blockchain, because that data is considered trusted.  For instance, the parties could define processing time to receive inventory to a warehouse (i.e. “dock-to-stock” time) as the difference between the date and time of receipt of product at the warehouse and the date and time of stock of product in the warehouse, in each case, based on the data uploaded by any applicable IoT device to the supply chain blockchain.

Data Privacy Considerations for Blockchain

While blockchain is considered a highly secure means of data storage, paradoxically, some of blockchain’s other attributes (being decentralized and immutable), pose a compliance barrier with many data privacy regulations, such as the California Consumer Privacy Act of 2018 (Cal. Civ. Code § 1798.105) (“CCPA”) and the EU’s General Data Protection Regulation (“GDPR”).

Blockchain’s decentralized platform makes it tricky to determine which privacy laws apply.  The nature of a decentralized platform permits processing of an individual’s information in any number of locations around the world, because an individual’s personal data (such as a person’s full name, social security number, or email address) could be located on different nodes, each of which could exist in a different jurisdiction.  As each jurisdiction regulates the processing of personal data differently, attempting to manage the plethora of privacy laws, some of which may conflict with others, could be a daunting, if not impossible and cost-prohibitive effort.

The immutable nature of blockchain also poses a potential issue for data privacy.  For instance, Article 17 of the GDPR as well as the CCPA set forth the “right to be forgotten.”  The GDPR and CCPA require that processors of personal data erase the personal data of a person under certain circumstances, including if the person withdraws consent for the processing of their personal data.7

Because of the decentralized and immutable nature of blockchains, some potential approaches to handling personal data related to transactions on the blockchain are to store the personal data completely off the blockchain, or store only a hash of the personal data (a one-way mathematic function that represents the personal data, but from which the personal data cannot be determined) on the blockchain while storing the actual data on a private encrypted database.  Taking another approach, programmers could write smart contracts to allow for the revocation of access rights or deletion of information on the blockchain.8  Companies would have to customize any supply chain blockchain solution for data privacy compliance issues based on what personal data will be stored, what jurisdictions the data will be stored in, and the nature of the related blockchain concept.

Blockchain Hash Creation

Smart Contracts

Smart contracts are not necessarily contracts in the traditional sense.  Rather, a smart contract is a computer program stored on a blockchain that performs an action when triggered by an event. Smart contracts take the agreement of two adverse parties to the next level.  When two parties execute a traditional written agreement, they are promising to act in accordance in that agreement.  When two parties implement a smart contract, it is not a mere promise; they have already effected an outcome.

As previously discussed, certain states such as Arizona and Tennessee have laid the groundwork for courts to enforce smart contracts.  If blockchain continues to become more prevalent in business, the need for decisive regulations will pressure other states to follow suit and address smart contracts through legislation.

See Article 5 of this “Blockchain in Supply Chain” series for more information on smart contracts.

Antitrust Considerations for Blockchain

Blockchain provides an avenue for competitors to cooperate, particularly in a consortium or other permissioned structure.  As with any collaboration or joint venture among competitors, such collaboration raises potential antitrust risks and can create a slippery slope to claims of collusion and anticompetitive exclusionary conduct, among other anticompetitive practices.

For most blockchain collaborations among actual or potential competitors, the greatest practical antitrust risk involves collusion and implicates Section 1 of the Sherman Act.9  Section 1 prohibits agreements that unreasonably restrain trade, such as agreements among competitors to fix prices, rig bids or allocate customers or markets.  Oftentimes, courts can infer such anticompetitive agreements based on the exchange of competitively sensitive information among the participants.  Blockchain participants therefore must be mindful of the heightened antitrust risks that come into play should the blockchain arrangement involve the sharing of competitively sensitive information, such as pricing, costs, output or customer specific information.

To minimize this antitrust risk, particularly in a blockchain consortium involving competitors, participants should either avoid the exchange of competitively sensitive information altogether or narrowly tailor the information exchanged and adopt other appropriate safeguards where reasonable. Safeguards to consider include setting up permissions so that only intended recipients of data have access to a block of information and adopting read permission restrictions to prevent employees who have responsibility over pricing, marketing, strategy and competitively important strategic decisions from accessing competitively sensitive information shared on the blockchain.  Aggregating or anonymizing sensitive data or limiting the information exchange to historical information only (instead of current or future data) could also minimize the antitrust risks associated with any information exchange that is necessary to the blockchain arrangement. In any event, participants in a blockchain arrangement should be prepared to articulate why the participants need to exchange the specified type or level of information to achieve pro-competitive benefits of the blockchain arrangement.

Consortium blockchain participants may also face antitrust liability under Section 1 if they reach an agreement to exclude competitors from the blockchain collaboration where accessing a blockchain has become essential to doing business in a particular market or industry. Participants should document and consistently enforce well-defined and reasonable criteria for membership.  Participants should also exercise additional caution in restricting membership if development of the blockchain technology or any related applications involve standard-setting or the adoption of standard, essential patents, both of which present unique antitrust risks.

Relatedly, antitrust scrutiny may also extend to the way in which consortium members approve transactions.  Nodes (or members of the supply chain) validate transactions to be added to a blockchain in accordance with certain pre-determined validation rules.  Then, nodes only add transactions to a blockchain if the rules for adding a block to the blockchain are satisfied (“consensus”).  Antitrust risk can increase where these consensus mechanisms prioritize clearance of transactions by certain members or decline to validate transactions by particular parties without a legitimate and objective basis for doing so. Participants should ensure the validation and consensus mechanisms use objective criteria and that no single participant controls these processes.

In addition to the most prevalent antitrust risks highlighted above, participants should consider other potential antitrust complications when forming or participating in a collaboration with competitors to develop blockchain technology and related applications.  Participants should be mindful of these risks and consult antitrust counsel early in the process as they harness the benefits of blockchain technology to meet their supply chain needs.

1The Electronic Signatures in Global and National Commerce Act (E-Sign Act), FDIC Consumer Compliance Examination Manual – January 2014

2 Final Act, With Comments: Uniform Electronic Transactions Act (1999), Uniform Law Commission (last retrieved on September 8, 2021)

3 Uniform Electronic Transactions Act (UETA), Practical Law (last retrieved July 22, 2021)

4 ARS § 44-7061; TN Code § 47-10-202

5 Wyoming’s Digital Assets Amendments: Marked Out or Missed Out? A Review of Recent Amendments to Article 9 of the Wyoming UCC, American Bar Association (October 1, 2019)

6 Id.

7 Art. 17 GDPR and Cal. Civ. Code § 1798.105

8 GDPR & Blockchain: At the Intersection of Data Privacy and Technology, BDP (Iast retrieved July 22, 2021)

9 15 U.S.C. § 1

Co-authored by Vanessa L. Miller. Aaron K. Tantleff. Peter Vogel. Eugenia Wang. Kathleen E. Wegrzyn.

© 2021 Foley & Lardner LLP

Legal Implications of Facebook Hearing for Whistleblowers & Employers – Privacy Issues on Many Levels

On Sunday, October 3rd, Facebook whistleblower Frances Haugen publicly revealed her identity on the CBS television show 60 Minutes. Formerly a member of Facebook’s civic misinformation team, she previously reported them to the Securities and Exchange Commission (SEC) for a variety of concerning business practices, including lying to investors and amplifying the January 6th Capitol Hill attack via Facebook’s platform.

Like all instances of whistleblowing, Ms. Haugen’s actions have a considerable array of legal implications — not only for Facebook, but for the technology sectors and for labor practices in general. Especially notable is the fact that Ms. Haugen reportedly signed a confidentiality agreement or sometimes call a non-disclosure agreement (NDA) with Facebook, which may complicate the legal process.

What are the Legal Implications of Breaking a Non-Disclosure Agreement?

After secretly copying thousands of internal documents and memos detailing these practices, Ms. Haugen left Facebook in May, and testified before a Senate subcommittee on October 5th.  By revealing information from the documents she took, Facebook could take legal action against Ms. Haugen if they accuse her of stealing confidential information from them. Ms. Haugen’s actions raise questions of the enforceability of non-disclosure and confidentiality agreements when it comes to filing whistleblower complaints.

“Paradoxically, Big Tech’s attack on whistleblower-insiders is often aimed at the whistleblower’s disclosure of so-called confidential inside information of the company.  Yet, the very concerns expressed by the Facebook whistleblower and others inside Big Tech go to the heart of these same allegations—violations of privacy of the consuming public whose own personal data has been used in a way that puts a target on their backs,” said Renée Brooker, a partner with Tycko & Zavareei LLP, a law firm specializing in representing whistleblowers.

Since Ms. Haugen came forward, Facebook stated they will not be retaliating against her for filing a whistleblower complaint. It is unclear whether protections from legal action extend to other former employees, as is the case with Ms. Haugen.

Other employees like Frances Haugen with information about corporate or governmental misconduct should know that they do not have to quit their jobs to be protected. There are over 100 federal laws that protect whistleblowers – each with its own focus on a particular industry, or a particular whistleblower issue,” said Richard R. Renner of Kalijarvi, Chuzi, Newman & Fitch, PC, a long-time employment lawyer.

According to the Wall Street Journal, Ms. Haugen’s confidentiality agreement permits her to disclose information to regulators, but not to share proprietary information. A tricky balancing act to navigate.

“Big Tech’s attempt to silence whistleblowers are antithetical to the principles that underlie federal laws and federal whistleblower programs that seek to ferret out illegal activity,” Ms. Brooker said. “Those reporting laws include federal and state False Claims Acts, and the SEC Whistleblower Program, which typically feature whistleblower rewards and anti-retaliation provisions.”

Legal Implications for Facebook & Whistleblowers

Large tech organizations like Facebook have an overarching influence on digital information and how it is shared with the public. Whistleblowers like Ms. Haugen expose potential information about how companies accused of harmful practices act against their own consumers, but also risk disclosing proprietary business information which may or may not be harmful to consumers.

Some of the most significant concerns Haugen expressed to Congress were the tip of the iceberg according to those familiar with whistleblowing reports on Big Tech. Aside from the burden of proof required for such releases to Congress, the threats of employer retaliation and legal repercussions may prevent internal concerns from coming to light.

“Facebook should not be singled out as a lone actor. Big Tech needs to be held accountable and insiders can and should be encouraged to come forward and be prepared to back up their allegations with hard evidence sufficient to allow governments to conduct appropriate investigations,’ Ms. Brooker said.

As the concern for cybersecurity and data protection continues to hold public interest, more whistleblower disclosures against Big Tech and other companies could hold them accountable are coming to light.

During Haugen’s testimony during  the October 5, 2021 Congressional hearing revealed a possible expanding definition of media regulation versus consumer censorship. Although these allegations were the latest against a large company such as Facebook, more whistleblowers may continue to come forward with similar accusations, bringing additional implications for privacy, employment law and whistleblower protections.

“The Facebook whistleblower’s revelations have opened the door just a crack on how Big Tech is exploiting American consumers,” Ms. Brooker said.

This article was written by Rachel Popa, Chandler Ford and Jessica Scheck of the National Law Review. To read more articles about privacy, please visit our cybersecurity section.

Legal Marketing Budgets with Good2BSocial [PODCAST]

Rachel and Jessica meet with Guy Alvarez, founder and CEO of Good2BSocial, to review legal marketing budget changes since the beginning of the COVID-19 pandemic.

Please read on below for a transcript of our conversation, transcribed through artificial intelligence.

Rachel

Hello, and welcome to Legal News Reach, the official podcast for the National Law Review. Stay tuned for a discussion on the latest trends, legal marketing, SEO, law firm best practices, and more.

Rachel

So my name is Rachel, a web content specialist for the National Law Review.

Jessica

And my name is Jessica and I do about the same.

Rachel

In this episode, we’ll be taking a look at legal marketing budgeting post COVID-19, with Guy Alvarez, founder and CEO of Good2bSocial. Would you like to tell our listeners a little bit about yourself?

Guy

Sure, Rachel. So as you said, my name is Guy Alvarez. I am a former practicing attorney. And currently I am the founder and chief engagement officer at Good2bSocial. Good2bSocialis a digital marketing agency that specializes in the legal industry. And basically what we do is we help our clients, law firms, as well as legal vendors and others, to leverage digital technology to accomplish their business objectives.

Jessica

We’ve worked with you guys before just on various things. So this is great, we get to have you in here and talk to you today. I’m excited, I’m excited to get started. Some things that are on legal marketers’ mind at this point with the covid 19 pandemic, hopefully coming to a close, what is the way they can handle their marketing budget? How has the pandemic affected the budgeting?

Guy

A great question, Jessica. And that’s a question I get a lot from both small firms as well as large law firms. So obviously, what’s changed significantly with COVID is the inability to really see other people in person, right. So a lot of firms in the past have dedicated their marketing budget, a lot of it has gone into conferences, or trade shows, or live events. And obviously, for the most part, those things aren’t happening today. Or if they’re happening, they’re happening in a very limited way. Also, people don’t really like to travel or travel as much. So that’s also made an impact in terms of their marketing budget, from the business development side. A lot of budget in the past has gone to client entertainment, right? So lawyers taking out clients dinners, or sporting events or theater or things like that. And those things aren’t happening either. So what we’re seeing is really a shift in terms of budget from the real world into the virtual world. And as a result, we’re seeing law firms spend a lot of their budget on digital marketing, right ways that they can enhance their website, ways that they can communicate to their clients and prospects, their knowledge, their experience, and basically stay top of mind and develop strategic relationships. So we’ve seen a lot of investment into webinars, it looks like almost every law firm is doing webinars these days, law firms are spending money on and creating podcasts like this one. So we’re working with a lot of firms who have decided to create one or more podcasts and they want to put it out. And then also firms are spending money on online advertising. More and more firms are struggling to take a dip into online advertising, whether that is paid social media like LinkedIn, and Facebook and Instagram, as well as Google ads and other forms of online advertising.

Jess

How much in general should a law firm look to spend on their marketing budget?

Guy

Great question. Historically, we have seen firms spend somewhere between two to 3% of their overall marketing budget on marketing activities. What we’re seeing now is firms are investing more closer to five to 6%. And the reason for that is because beat they don’t have the ability to get in front of their clients in person. So they’re looking to spend money to get in front of their clients through digital means.

Jess

That seems kind of interesting, especially since it’s shifting to online versus in person. Is that normal that it would double even though it’s digital now instead of you know, the wining and dining that hadn’t before?

Guy

Unfortunately, I feel like a lot of firms don’t know what they’re doing. So they’re wasting a lot of money, right? They’re spending money on advertising online without really understanding how to do it. So I’ll give you a perfect example. A lot of firms, especially corporate law firms right now are experimenting with LinkedIn advertising because LinkedIn is a great way to get in front of a professional audience. If you go to LinkedIn or if you talk to the LinkedIn sales people, they’ll basically tell you to spend as much as you possibly can, so that you can reach your target audience. So let’s say, let’s say you’re trying to reach in House counsel in the state of California, right? Let’s say you have a firm, and you really want to reach in House Counsel, and you go to LinkedIn, and LinkedIn will give you a recommended budget of between, let’s say, eight, and $20 per click, you know, that’s what they want you to bid, right. And so if you talk to LinkedIn, they’ll say, Oh, well, in this case, you should fit the $20. That way, you can make sure that your ad is going to be seen by your target audience. But the reality is, it doesn’t really work that way. Sure, if you’re going to bid more money, there is a possibility that more people will see it. But that’s not necessarily the case, you could bid less money. And if you have a really good offer, or a really good ad or post, people aren’t going to click on it, and then more and more people aren’t going to see it. It’s the same as if like, let’s say you went to an art auction, right? And someone’s was auctioning a painting. And the auctioneer said, Okay, we’re going to start the auctioning at $1,000 for this painting. And you raise your hand and you say, you know, a million dollars? Well, why would you do that? What you don’t know yet, you know, maybe you put it in for $2,000 $3,000 $10,000. So that’s why firms are spending money, but they’re not spending it in a productive, efficient manner. And part of the reason for that is that they’re just not familiar with how paid LinkedIn or other forms of advertising online, really work. And so that’s why we’re seeing more and more money spent, but not necessarily the most efficient type of spending.

Jess

So this is kind of a good Segway into my next question that I had. So how do firms know how to spend for a new law firm versus an established one?  A new law firm probably isn’t going to have the necessary background and know how to spend their money wisely.

Guy

So there’s two ways that you can, you know, make sure that you’re doing the best you can. One is you can hire an agency like ours, who has experience and knowledge and knows what they’re doing and has done it a billion times. Or you can train your team, right? invest in training, invest in getting them up to speed, so that when, when they’re doing it, they know what they’re doing.

Jess

I’m not surprised to hear that from you. I’m sure how many people you work with,they need help knowing how to budget. And that’s great, because that’s what you guys are there for to help guide them through that.

Guy

Yeah, and they could spend a little bit of money with us managing it, but at the end of the day, they’re getting a much better bang for their buck, because they’re not wasting a ton of money. I’ll give you another example. I see a lot of law firms that are doing Google advertising. And Google advertising can be really expensive, right? But what they’re doing is when they create the ad, they’re linking their ad back to their websites. And that’s a big No, no, you don’t want to link an ad back to your website, you want to link the ad to a landing page, where the visitor really has the option of either filling out a form or picking up the phone. If you’re sending them back to your website, they might forget why they thought there, they might start to explore other things. And all of a sudden, you wasted a ton of money, and you’re not getting the results that you wanted. So that’s just another simple example, of firms not knowing how to spend their money and spending their money in a non efficient way.

Rachel

So to sort of go off of that, we’ve spoken a little bit about how law firms should allocate their budget, and how they can best use their marketing dollars. But I was wondering if you could talk a little bit about what are the most important areas to focus on right now in terms of legal marketing spend.

Guy

Or so as I said, a lot of the money that used to go to trade shows conferences, sponsorships, you know, it’s not being spent anymore, because, you know, people aren’t going to real world events. So from my perspective, the best way to spend money is to give your audience your target audience and it could be either existing clients or new potential clients is to communicate to them the knowledge and the experience that your firm and that your attorneys have. And that’s why content is so important. Right, a lot of firms I know are like, Oh, you know, we want to improve our search engine visibility, we want to, you know, but they don’t understand that the only way to do that is by creating really good, valuable content. That’s the number one priority. Same thing with social media, if you’re not creating client centric, valuable thought leadership content, you’re not going to have a very successful social media strategy. So really, the focus should be first and foremost, on creating that really great content. And the way to do that is to really understand what your audience is interested in. They’re not necessarily interested in your awards, or your new hires or your qualifications, sure, that matters to them down the road. But right now, what they’re most interested in is, what their business and the problems or issues that they’re facing. So the more that you can put yourself in the shoes of your clients or your prospects, and create content that’s going to be really valuable and interesting to them, the more you’re going to have success from a marketing perspective. So I think first and foremost, the investment should be around client centric, thought leadership content. That’s number one. Number two, is I think you need to invest in a way to measure everything you’re doing, right? If I’m spending a ton of money, and then I asked you, well, you know, how are you doing? What are you getting out of it? And you don’t have an answer, then how can you possibly improve on what you’re doing? So you need the tools and technology to properly measure the effectiveness of your legal marketing? expenditures. And a lot of firms don’t have that, right. Some firms might measure and say, Oh, yeah, we look at Google Analytics. And I said, Great, well, what do you do after that? What do you do with the data? We send it to our lawyers, okay. And then what happens? Nothing happens. So if all you’re doing is looking at data, and not analyzing it, and not coming out with some meaningful insights out of it, then you’re not really gaining much. So you need to invest in technology. And in people that understand what’s working, what’s not working, and what you can do to adapt or change so that you can get the results that you want.

Rachel

We talked a little bit about measuring ROI and measuring how these campaigns are performing. What metrics should they be paying attention to? And how can they really get started?

Guy

That’s a great, great question, right? A lot of times, I speak to marketers, and they’re really frustrated, cuz they say to me, God, you know, we just got, you know, 1000 new followers on LinkedIn, or we just got 20 new likes on Facebook, or we just improved our traffic, we’re getting now 2000 unique visitors to our website. But the lawyers don’t care, right. And the reason the lawyers don’t care is you need to be able to tie your metrics to actual business objectives, right? lawyers don’t care how many likes or follows or shares are bought, they don’t care. They care about, did we get any new business? Or were we mentioned in an article or publication, or you know that we get a new speaking opportunity? So you need to closely tie your digital metrics into real business objectives? In order to really be able to quantify, yes, we did this invested investment, and this is what resulted out of it. And I’ll give you another example. So as I said earlier, a lot of firms, especially over COVID, you know, have invested heavily on webinars, it looks like every firm was doing a webinar almost every day. But if you ask most of them, you know, what did you do after the webinar? How did you follow up, most of them may be sent out an email, thanking everyone. And that’s it. So now you spent all this time, effort and money in creating a webinar, and you did nothing to follow up. And so that is the types of things you need to do is make sure that you’re not only investing in the creation, but also measuring the execution afterwards and have a plan for how you’re going to be able to turn website or webinar visitors or registrations into potential clients.

Jess

That’s interesting. So that long game of follow up, is that one of the ways these firms can make sure that they’re getting the desired ROI Is that just one of the techniques? or What else could they implement?

Guy

Yeah, that that’s a very important technique, right? Because one of the things I tell law firms is, don’t think about it just because you weren’t you attend a webinar, it doesn’t necessarily mean you’re ready to hire someone, you know, you might just be interested in the topic, or maybe your boss has asked you about it, but they may not be ready to hire you. So you have to invest in the long term. And you got to make sure that okay, we did the way when it was about 100 registrations, and out of those 100 registrations 50 people showed up. So now you’re gonna have to have a strategy for those people that showed up, you should have a strategy for the people that didn’t show up. And what you want to do is you want to stay top of mind, so that when the timing is right, when they actually have the need, they’re going to be like, Oh, yes, this firm, that they continue to email me about this topic, they certainly know what they’re doing. Let me reach out to them. Right. So that is, that is definitely one of the ways to do that. The other thing is, you need to be able to repurpose your content, right? There is a process called cope, which talks about create once publish everywhere, right? What that means is for every piece of content you create, you should find a way to repurpose it. So if we’re doing this podcast right now, maybe we can take the transcript of the podcast and create a blog post. And maybe since we’re doing a podcast and a video, now we can chop up this video into little segments. And maybe out of that you can have, you know, 2030 different social media posts. So again, it’s really about how you’re investing in the content creation, find a way to repurpose it, because the other thing is, everyone likes to consume content in a different way. Some people like to read, some people like to listen to podcasts, other people like to watch videos, other people like to look at infographics. So you should be able to repurpose that content in as many different ways as possible, so that people can consume it in whatever way they choose to consume.

The follow up part seems to be just like an industry thing. I think they’re trying to pump out as much content, especially being new to webinars, I’m sure they’re just cranking those out doing a webinar series and not thinking about, well, how do we stay on people’s minds, the content is valuable, right, because the people go to the webinar to gain insight on that topic that they’re interested in. But once they leave, that has now no longer occupies the brain at that point,

Right, or they’ll make the mistake while they’re doing a webinar, but they don’t record it the right. And so just because you had 100 people show up, there’s a lot of value to that webinar. So you should take that webinar, you should post it to your website, you should email about it. I mean, again, it’s not just a one time thing. Every time you build content, it’s another asset that you can build on. So that eventually people will find you and hire you.

Jess

When these law firms that are having all these issues with their budgets, when they come to you guys and ask for your help to any firm that may listen to this episode with you guys on it, what do you want to tell them? like three things that your expertise, you know, is a tried and true? What would you want to say to them?

Guy

So that’s a really great question. You know, one of the things that we’re really different about other agencies and other companies like us, is we don’t take a cookie cutter approach to any of our clients, right? I have a lot of times prospective clients will call call me and say, okay, we need to, we need to do some SEO on our website, or we need to create a podcast, or we need to redesign our website. And I said, Okay, well tell me more about that. What Why do you want to do that? What are your what is the business objective, right? So just because they think of something that might not necessarily be the best way to accomplish what they’re trying to accomplish. So we start off with every one of our prospective clients, we start off by having them fill out a questionnaire, and then we do an audit of their digital properties to kind of see where they’re at, where their competitors are at, and what their business objectives are, and we don’t charge for that. That’s something that we do. And once we do that, then I have another conversation and I say, Okay, this is what we saw, this is what you told me, based upon that on that this is what we would like to do. And then we come up with a very specific strategy for them. That would enable them to accomplish their goals. And sometimes this gets frustrating for some clients or prospective clients are like, well, I just want to quote How much does it cost? And I’m like, I’m sorry, you I’m not just going to give you a call.  I need to understand more about what you’re trying to do, what your competitors are doing and where you’re at today. And, you know, that’s worked really well for us. So the one thing I would say is, if you come to us, you’re going to be treated as a unique, very distinct client. And we’re gonna develop a unique and intuitive strategy, just for you, that is going to be different from any other clients.

Jess

I think that’s definitely the biggest part of marketing. If you want to be different, you can’t do the same old tried and true, or maybe what used to work, you know, even with this post COVID environment, you got to change it up. And yeah, I’m glad you mentioned that every client’s needs are very specific. And budgeting is one of them. And I’m sure that changes how you approach marketing for them. So it’s interesting that you will look at all those metrics for free. And then you also have your own podcast, which is free for legal marketing, the legal marketing, 2.0 podcast. So you guys offer a lot of valuable insight for people. And that’s why we wanted to have you on this podcast so that if our clients or anybody else who listens knows that this is an option out there that they can use, because I think marketing is such a big thing, digitally, especially right now probably forever at this point.

Guy

Yeah, we’re big believers in in providing valuable information for free. You know, we publish a blog post every day, we do a weekly podcast, we do monthly webinars. We do other things. We publish free ebooks all the time. And the reason why is we want to educate our audience as much as possible, so that when they need someone, they may know a little bit about how to do it. But if they really want to do it, well, they’ll think of us first. And if they don’t, at least they get that really good information. And eventually that ends up helping them down the road to help sauce.

Rachel

So one thing that I was curious to get your point of view on is sort of the through line that we’re trying to focus our inaugural season our podcast on, which is sort of how legal marketing has both changed because of COVID. And also, where legal marketing is going post COVID are sort of in this weird Limbo state where we’re on the cusp of both things, going back to normal, or people starting to think about going back to normal. Also, things aren’t back to normal yet. So I was just curious, like, what have you seen change over the past year? And how do you see things changing more moving forward?

Guy

So it’s interesting, a couple of things. One is COVID has definitely accelerated the trend towards digital, there’s no question about that. So we were already starting to see that before COVID, more and more firms were investing in digital, you know, sprucing up their website, creating more content, blah, blah, blah. So that has definitely happened. It accelerated it to a point where a lot of CMOS and marketing directors that were complaining because they couldn’t get their attorneys to create content, all of a sudden, they were inundated by huge amounts of content, right? It was like they couldn’t put it out there quickly enough. You know, things settle down a little bit. So you’re starting to see less of that. But there’s still a ton of content that’s being created. And the problem is, you know, just throwing up a bunch of content and see what’s going to stick is really not a great strategy. So what I think is going to happen, what we’ve already started to see happen is firms are going to start to take a step back and say, wait a minute, it’s great that we’re creating content, but what’s the strategy behind it? You know, who do we really want to reach? We can’t market to everyone, right? So you got to really figure out like, what are the strengths of your firm? What are the markets that you really go out want to go after? What is your ideal client profile look like? You know, what are the types of companies that hire you, where you’re really profitable? And then so what they’re gonna start to look at is creating content and strip marketing strategies that focus on their ideal customer profiles, and then measuring everything that you do. So I think that’s really what’s going to ship is a focus on strategy, and narrowing that focus to your best potential client, and then creating strategies around those clients. So, you know, the only thing I would say is, you know, that’s the change into the digital world is, a lot of times I see firms get very stressed out about all these new technologies. And they want to make sure they don’t miss out on anything. And, you know, a few months back, everyone wanted to be on clubhouse/ Well, you know, clubhouse is a good new property, and there’s certainly value to it. But just because it’s out there doesn’t mean that you have to be on it, right. So I think the important thing is to really be measured in how you approach new technology and new channels. But most importantly, I think, if you’re going to improve your marketing, the one thing that I would recommend, is to focus in on your clients, and really gaining an understanding of what it is they really need. Right? That is the most valuable thing. And I don’t think that law firms spend enough time figuring that out, they don’t spend enough time doing research on their clients. Because if you talk to a client, they typically want three things. They want a firm that understands their industry, they want a firm that understands their business, and they want a firm that understands them, that individual that you’re dealing with. And the only way that you can do that is by spending some time doing research. And once you get that information, then you can create the nominal marketing strategies that really have an impact. So I think that’s something that firms are starting to realize. And I think that’s the right way to go. So if you’re a CMO at a firm, or marketing director of a firm, convince your lawyers to spend some time and some budget, really researching your existing clients, so that you can come up with strategies that are really going to make an impact.

Rachel

Great, thank you for giving that great takeaway. I think our listeners will be really interested to sort of really hone down on the direction that they should take their marketing, especially now that everything is going digital online, it’s more important than ever to have a strategy for that. So yeah, thank you for joining us today. That about wraps up our episode on legal marketing budgets, posts COVID-19. And Special thanks to Guy Alvarez with Good2bSocial for joining us.

Guy

Thank you, Jessica. And thank you, Rachel, it’s been a pleasure. And if any of your listeners want more information, go to good2bsocial.com. And check out our blog posts or podcasts, webinars, etc. Thank you.

Rachel

Thank you for listening to the National Law Review’s Legal News Reach podcast. Be sure to follow us on Apple podcasts, Spotify, or wherever you get your podcasts for more episodes. For the latest legal news, or if you’re interested in publishing and advertising with us, visit www.natlawreview.com We’ll be back soon with our next episode.

Copyright ©2021 National Law Forum, LLC

Article By Rachel Popa and Jessica Scheck of The National Law Review / The National Law Forum LLC

Click here for more episodes of Legal News Reach.

Multi-Level Marketing Gets Multi-Level Attention

Multi-level marketing has touched us all – whether it be purchasing beauty products, essential oils, or health supplements from a friend through social media, or receiving an invitation to join a team of seemingly successful people working their “side hustle.”  But multi-level marketing is now getting some additional multi-level attention, both in the media and in the court room.

With interest in documentaries on the rise throughout the pandemic, Amazon recently delivered with its four-part docu-series “LuLaRich.”  It follows the multi-level marketing company, LuLaRoe, which is known for its colorfully patterned clothing, messages of empowering women, and nearly $2 billion in purported sales in a single year.  But the docu-series also offers a glimpse at the dividing line between a multi-level marketing platform and a pyramid scheme, with the latter running afoul of the law.

Throughout its short existence, LuLaRoe has been no stranger to litigation.  Several class actions have been filed against it, including one with allegations that LuLaRoe’s leggings ripped as easily as wet toilet paper.  But most notable is a recent class action that was certified just last month by a Federal Court in Alaska. See, e.g., Katie Van et al. v. LLR Inc. dba LuLaRoe et al., No. 3:18-cv-00197, in the United States District Court for the District of Alaska.  The claims in Van allege that LuLaRoe charged sales tax on purchases to customers located in tax-free jurisdictions.  This was, allegedly, the result of a customized point-of-sale system that did not allow sales tax to be assessed based on the location to where the “retailer” (sales person) shipped the merchandise.  LuLaRoe addressed this by creating a “toggle switch” that allowed retailers to “turn off” the automatic tax charges and charge a different amount, including 0%.  However, some retailers used the toggle switch to override the collection of sales taxes on taxable transactions while others did not use the toggle switch to override sales taxes on transactions that were not taxable.  When LuLaRoe became aware of this, it allegedly disabled the toggle switch and asked retailers to leave the system’s sales tax box “checked,” while LuLaRoe developed a system that would compute and collect sales tax based on the address where the product was purchased and received.  The outcome: consumers in jurisdictions without sales tax (or no sales tax on clothing) were improperly billed for sales tax on their purchases, based on the taxes imposed by the retailer’s location, rather than the consumer’s location.  The certified class claim alleges LuLaRoe engaged in an unfair trade practice with the imposition of this non-existent sales tax.  And, while attempts at similar class actions against LuLaRoe have been made in the past, this class, with more than 10,000 potential class members, has now been certified.

With so many sales happening through social media controlled by individual retailers, multi-level marketing entities must address unique challenges, including the calculation and imposition of sales tax, especially when customers are located in different states (or even different countries) than their sales person, as was the case in Van.  Having the requisite resources – whether that be through staffing or usable technology and software – can be challenging when trying to keep up with the quick growth that often comes with multi-level marketing.  Additionally, a multi-level marketing entity’s approach to organizational structure, recruiting, compensation, and manufacturing warrants detailed attention and familiarity with state and federal law.

LuLaRoe’s story, while colorful and seemingly worthy of a hit docu-series, highlights the need to carefully navigate legal issues when operating or becoming involved with a multi-level marketing entity.  The potential for legal snags may be hidden in the seams.  And it’s never worth becoming too big for your (brightly patterned) britches when it comes to the law.

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.
For more class actions, visit the NLR Litigation section.

A Flurry of CFTC Actions Shock the Cryptocurrency Industry

The Commodity Futures Trading Commission (CFTC) sent shockwaves across the cryptocurrency industry when it issued a $1.25 million settlement order with Kraken, one of the industry’s largest market participants. The next day, the CFTC announced that it had charged each of 14 entities for offering cryptocurrency derivatives and margin trading without registering as a futures commission merchant (FCM). While the CFTC has issued regulatory guidance in the past and engaged in some regulatory enforcement activities, it has now established itself as a key regulator of the industry along with the US Securities and Exchange Commission (SEC), the US Department of Justice (DOJ) and the US Department of the Treasury (Treasury). Market participants should be aware that the CFTC will continue to take a more active role in regulation and enforcement of commodities and derivatives transactions moving forward.

The CFTC alleged that each of the defendants were acting as an unregistered FCM. Under Section 1a(28)(a) of the Commodity Exchange Act (the Act), 7 U.S.C. § 1(a)(28)(A), an FCM is any “individual, association, partnership, or trust that is engaged in soliciting or accepting orders for the purchase or sale of a commodity for future delivery; a security futures product; a swap . . . any commodity option authorized under section 6c of this title; or any leverage transaction authorized under section 23 of this title.” In order to be considered an FCM, that entity must also “accept[] money, securities, or property (or extends credit in lieu thereof) to margin, guarantee, or secure any trades or contracts that result or may result therefrom.” (See: 7 U.S.C. § 1(a)(28)(A)(II).) 7 U.S.C. § 6d(1), requires FCMs to be registered with the CFTC.

IN DEPTH

THE KRAKEN SETTLEMENT

On September 28, 2021, the CFTC issued an order, filing and settling charges against respondent Payward Ventures, Inc. d/b/a Kraken for offering margined retail commodity transactions in cryptocurrency—including Bitcoin—and failing to register as an FCM. Kraken is required to pay a $1.25 million civil monetary penalty and to cease and desist from further violations of the Act. The CFTC stated that, “This action is part of the CFTC’s broader effort to protect U.S. customers.”

The CFTC’s order finds that from approximately June 2020 to July 2021, Kraken violated Section 4(a) of the Act, 7 U.S.C. § 6(a)(2018) by offering to enter into, entering into, executing and/or confirming the execution of off-exchange retail commodity transactions with US customers who were not eligible contract participants or eligible commercial entities. The CFTC also found that Kraken operated as an unregistered FCM in violation of Section 4d(a)(1) of the Act, 7 U.S.C. § 6d(a)(1) (2018). According to the order, Kraken served as the sole margin provider and maintained physical and/or constructive custody of all assets purchased using margins for the duration of a customer’s open margined position.

Margined transactions worked as follows: The customer opened an individual account at Kraken and deposited cryptocurrency or fiat currency into the account. The customer then initiated a trade by selecting (1) the trading pair they wished to trade, (2) a purchase or sale transaction and (3) a margin option. All trades were placed on Kraken’s central limit order book and executed individually for each customer. If a customer purchased an asset using margin, Kraken supplied the cryptocurrency or national currency to pay the seller for the asset. If a customer sold an asset using margin, Kraken supplied the cryptocurrency or national currency due to the buyer. Trading on margin allowed the customer to establish a position but also created an obligation for the customer to repay Kraken at the time the margined position was closed. The customer’s position remained open until they submitted a closing trade, they repaid the margin or Kraken initiated a forced liquidation based on the occurrence of certain triggering events, including limitations on the duration of an open margin position and pre-set margin thresholds. Kraken required customers to exit their positions and repay the assets received to trade on margin within 28 days, however, customers could not transfer assets away from Kraken until satisfying their repayment obligation. If repayment was not made within 28 days, Kraken could unilaterally force the margin position to be liquidated or could also initiate a forced liquidation if the value of the collateral dipped below a certain threshold percentage of the total outstanding margin. As a result, actual delivery of the purchased assets failed to occur.

The CFTC asserted that these transactions were unlawful because they were required to take place on a designated contract market. Additionally, by soliciting and accepting orders for, and entering into, retail commodity transactions with customers and accepting money or property (or extending credit in lieu thereof) to margin these transactions, Kraken was operating as an unregistered FCM.

Coinciding with the release of the enforcement action against Kraken, CFTC Commissioner Dawn D. Sump issued a “concurring statement.” In it, she appeared to be calling upon the CFTC to adopt more specific rules governing the products that are the subject of the enforcement action. Commissioner Sump seemed to indicate that it would be helpful to cryptocurrency market participants if the CFTC clarified its position on the applicability of the Act, as well as registration requirements. The CFTC will likely issue guidance or rules to clarify its position on which cryptocurrency-related products trigger registration requirements.

CFTC CHARGES 14 CRYPTOCURRENCY ENTITIES

On September 29, 2021, the CFTC issued a press release and 14 complaints against cryptocurrency trading platforms. The CFTC is seeking a sanction “directing [the cryptocurrency platforms] to cease and desist from violating the provisions of the Act set forth herein.” Each of the platforms have 20 days to respond.

All of the complaints are somewhat similar in that the CFTC alleges that each of the cryptocurrency platforms “from at least May 2021 and through the present” have offered services to the public “including soliciting or accepting orders for binary options that are based off the value of a variety of assets including commodities such as foreign currencies and cryptocurrencies including Bitcoin, and accepting and holding customer money in connection with those purchases of binary options.”

The CFTC has taken the position that “binary options that are based on the price of an underlying commodity like forex or cryptocurrency are swaps and commodity options as used in the definition of an FCM.” (The CFTC has previously taken the position that Bitcoin and Ethereum constitute “commodities,” doing so in public statements and enforcement actions.) In a prominent enforcement action previously filed by the CFTC in the United States District Court for the Eastern District of New York, the court held that “virtual currency may be regulated by the CFTC as a commodity” and that it “falls well-within the common definition of ‘commodity’ as well as the CEA’s definition of commodities.” (See: CFTC v. McDonnell, et al., 287 F. Supp. 3d 213, 228 (E.D.N.Y. Mar. 6, 2018); CFTC v. McDonnell, et al., No. 18-cv-461, ECF No. 172 (E.D.N.Y. Aug. 23, 2018).) In the action the CFTC filed against BitMEX in October of 2020, it alleged that “digital assets, such as bitcoin, ether, and litecoin are ‘commodities’ as defined under Section 1a(9) of the Act, 7 U.S.C. § 1a(9). (See: CFTC v. HDR Global Trading Limited, et al., No. 20-cv-8132, ECF 1, ¶ 23 (S.D.N.Y. Oct. 1, 2020).)

The CFTC has previously taken the position that Bitcoin, Ethereum and Litecoin are considered commodities. However, in these recently filed complaints, the CFTC did not appear to limit the cryptocurrencies that would be considered “commodities” to just Bitcoin, Ethereum and Litecoin. Instead, the CFTC broadly referred to “commodities such as foreign currencies and cryptocurrencies including Bitcoin.” It remains to be seen which of the hundreds of cryptocurrencies on the market will be considered “commodities,” but it appears that the CFTC is not limiting its jurisdiction to just three. It is also an open question as to whether there are certain cryptocurrencies or cryptocurrency referencing financial products that the SEC and CFTC will determine are subject to the overlapping jurisdiction of both regulators, similar to mixed swaps under the derivatives rules.

The CFTC also singled out two of these cryptocurrency platforms, alleging that they issued false statements to the effect that it “is a registered FCM and RFED with the CFTC and member of the NFA.” The CFTC noted that neither of these entities were ever registered with the National Futures Association (NFA) and one of the NFA ID numbers listed “identifies an individual who was once registered with the CFTC but has been deceased since 2009.”

WHAT’S NEXT

While the SEC, Treasury and DOJ are often considered the most prominent federal regulators in the cryptocurrency space, this recent sweep by the CFTC is not the first time it has flexed its muscles. The CFTC went to trial and won in 2018, accusing an individual of operating a boiler room. In October 2020, the CFTC filed a case against popular cryptocurrency exchange BitMEX for failing to register as an FCM, among other counts. However, unlike those one-off enforcement actions, the recent actions targeting multiple market participants within two days is a big step forward for the CFTC. Cryptocurrency derivative trading has been rising in popularity over the last few years and it is unsurprising that the CFTC is taking a more active enforcement role.

It is expected that regulatory activity within the cryptocurrency space will increase from all US regulators, including the CFTC, SEC, Treasury and the Office of the Comptroller of the Currency, especially as cryptocurrency products are increasingly classified as financial products subject to regulation. While the CFTC and other regulators have issued some regulatory guidance, regulators appear to be taking a “regulatory guidance by enforcement action” strategy. Market participants will need to thoughtfully consider all relevant regulatory regimes in order to determine what compliance activities are necessary. As we describe, multiple classifications are possible.

© 2021 McDermott Will & Emery
For more on cryptocurrency litigation, visit the NLR Cybersecurity, Media & FCC section.

Protections for Employees Who Report Workplace Discrimination

While thousands of employees each year submit complaints of discrimination against their employers, many more experience workplace discrimination and do not submit a formal complaint or even report it internally. A 2016 study by the Equal Employment Opportunity Commission (EEOC) noted that three out of four individuals who experienced harassment never spoke with a supervisor, manager, or union representative about the harassment. Other studies estimate that only one percent of people who experience workplace discrimination file a formal discrimination charge.

Types of Discrimination Charges Filed

Even with a high level of underreporting of harassment and discrimination in the workplace, the EEOC reported that workers filed 67,448 charges of workplace discrimination in fiscal year 2020.[1] The EEOC breaks down the data by the characteristics of the individual who filed the complaint. The breakdown reflects the various bases for protection under federal anti-discrimination laws, specifically disability, race, sex, age, national origin, color, religion, and genetic information. In the EEOC data from fiscal year 2020, retaliation claims made up 55.8% of all charges filed, which was the most common claim asserted. Retaliation claims are often coupled with claims of discrimination because they generally require complaints about, or opposition to, discrimination in the workplace. Because of this overlap in claims and the reality that workers may have multiple characteristics or identities that entitle them to protections, the total of the percentages of the types of claims asserted is greater than 100%.

Following retaliation claims, discrimination claims based on disability were the most common in fiscal year 2020, making up 36.1% of all workplace discrimination claims. Fiscal year 2020 may have seen an even greater increase in disability-related charges due to the COVID-19 pandemic. The EEOC continues to update its guidance periodically on the impact of COVID-19 on workplace discrimination laws related to disability. Discrimination based on race made up 32.7% of claims, and discrimination based on sex made up 31.7%.

The breakdown by category is consistent with charge filing patterns in past years. One study conducted by the Center for Employment Equity of the University of Massachusetts Amherst analyzed all discrimination charges filed with the EEOC (or a comparable state agency) from 2012 to 2016. It determined that discrimination charges based on disability and race were the most common and that disability-related claims had become more frequent than charges based on other protected categories. In an article published by staff at the Center for Employment Equity, they determined that 63% of employees who filed a complaint eventually lost their jobs.

Protections from Retaliation

The data from the EEOC and Center for Employment Equity underscores an unfortunate reality for employees who come forward to report discrimination—they face the possibility of retaliation by their employer, which, at its most extreme, results in a loss of their job. Fortunately, there are legal protections in place for employees who face retaliation for complaining about workplace discrimination.

Employees who engage in protected activity, either by participating in an investigation of workplace discrimination, complaining of workplace discrimination, or opposing discrimination in the workplace, are protected from retaliation. This means that an employer cannot take any “materially adverse action” against these employees. Such actions include anything that would deter a reasonable worker from coming forward to complain about discrimination in the workplace.  This includes actions short of termination, like demotions or salary reductions. The law protects not only current employees and applicants, but also former employees and third parties who have a close relationship with the employee who experienced discrimination. Employees who face retaliation for reporting discrimination in the workplace may be entitled to monetary compensation for the harm caused by the retaliation, including back wages, reinstatement to their former position if they were terminated, compensation for emotional distress caused by the employer’s actions, and reimbursement of their attorneys’ fees and costs.

While no employee should face retaliation for reporting workplace discrimination or harassment, the data demonstrates that it is an unfortunate reality in workplaces. If you believe you have faced discrimination, harassment, or retaliation, you should contact an employment attorney to determine your options and how to proceed.

Importance of Seeking Legal Counsel

The Center for Employment Equity’s analysis highlighted another reality faced by employees who filed discrimination charges with the EEOC. Upon examining the outcome of each charge and excluding charges that were closed because of administrative reasons, it noted that monetary benefits and changes to workplace practices were relatively infrequent. In less than 20% of charges, employees received a monetary benefit.  Less than 10% resulted in changes to employer practices. This data does not account for employees who made complaints of discrimination and were able to reach a resolution with their employer prior to filing a charge.

This data showing the poor outcomes from filing discrimination charges demonstrates the importance of seeking legal counsel if you believe that you have faced discrimination in the workplace. An attorney can advise you on the merits of your claim as well as the appropriate deadlines for filing a charge and lawsuit, and can advocate for you before the employer, both before and after submitting a discrimination charge. For current employees, such advocacy may help to shield you from retaliation or to exit from your employment on more favorable terms. In addition to seeking legal counsel, you can begin to take other steps to assist your case by doing the following:

  • Document the mistreatment you experience.

  • Create a detailed timeline of instances of discrimination, which will assist an attorney who may assess your potential claims.

  • Retain employment-related documents, like employee manuals; employment offer letters and agreements; and information concerning commission, equity, and benefits plans.

  • Do not record conversations without the consent of the other party and without first seeking advice from legal counsel. Each state has different recording law statutes that require all parties or at least one party to consent to recording. It is important not to violate these laws, which can carry civil and sometimes criminal liability.

This list only identifies basic steps that you can take if you believe you have experienced discrimination or harassment in the workplace. If you have faced workplace discrimination, you should consult with an employment attorney for advice on your potential claims

[1] The number of charges filed has decreased steadily in recent years, with 72,675 charges of workplace discrimination filed with the EEOC in fiscal year 2019 and 76,418 filed in 2018. There may be multiple explanations for this decrease, though this year’s decline may be in part explained by the COVID-19 pandemic, which left many employees without work for much of 2020 and required others to work remotely.

This article was written by Alia Al-Khatib of Katz, Marshall & Banks, LLP.
For more articles regarding workplace discrimination, please visit our Labor and Employment News section.

What the Top 200 US Law Firms Do Right: Trends in Thought Leadership & Social Media Strategy

Writing thought leadership content is an important part of many law firms’ marketing strategiesThought leadership content allows attorneys to share their expertise, connect with current and future clients and create a brand for themselves. However, articles and blog posts are not the only way attorneys can share their thought leadership. Video, podcasts and social media posts are additional avenues for attorneys to pursue.

According to the 2021 Thought Leadership Index from Passle, a professional services marketing platform dedicated to legal and consultancy firms, law firms created 60 percent more content in 2020 than the year before. Passle’s report analyzed thought leadership and social media activity from the top 200 US law firms in 2020, finding that these firms created over 70,000 pieces of content last year, with many firms shifting their focus to YouTube.

The report found that by volume alone, Baker McKenzie produced the most thought leadership content in 2020 with 4,164 posts, or .88 per attorney. Squire Patton Boggs followed at 2,794 posts, or 1.82 per attorney.

When it comes to social media, Baker McKenzie came out on top again with 310,000 followers on LinkedIn, while personal injury practice Morgan & Morgan came out on top with YouTube video views of over 8 million. The firms with the most followers on Twitter included White & Case with 64,000 followers, DLA Piper with 41,000 and Latham & Watkins with 37,000.

The National Law Review sat down with James Barclay, CEO of Passle Inc., and Sam Page, Marketing Director for Passle to discuss the trends from the report, and how law firms and their attorneys can apply these insights to their own thought leadership and social media efforts.

How Can Law Firms Create More Thought Leadership Content?

At first, producing regular thought leadership content may seem like an intimidating task. Firms must develop a strategy for content production, and perhaps more importantly, find time for attorneys to produce that content. However, with the right knowledge and careful planning, the process becomes less daunting. In a profession with ever-growing workloads and ever-shrinking turnaround times, how can a law firm enable attorneys to produce effective thought leadership?

To streamline the thought leadership creation process, it is critical to understand what kind of content creates the most value for a law firm. The term “thought leadership” may call to mind significant investments of time – white papers and lengthy reports, which show a depth of knowledge and are great for SEO  – but this is not necessarily the case. According to Passle, effective thought leadership can also range from 100 to 300 words.

“The audience for a lawyer, as a general counsel, is other lawyers inside large businesses,” Mr. Page said. “Those people are really busy themselves. They don’t have a lot of time. They won’t read multi-page reports with 50,000 words. So the effective content that you see a lot of people creating is short.”

“It has to come from the lawyers,” Mr. Barclay added. “They’ve got thousands of hours of experience. That means that when they talk about a subject, they get right to the nub of it. And it’s usually that the more niche it is, the better, because that’s what their clients pay them by the minute for.”

Ensuring attorneys have a stake in the content they create is a vital aspect of thought leadership. “If you can make it quick and easy for lawyers to create authentic, timely, expert-led content, then those lawyers will find their voice and they’ll use their voice, and they enjoy it,” said Mr. Barclay.

The simplest way to accomplish this is to build around the firm’s pre-existing goals and items. Many attorneys in the United States and the United Kingdom use thought leadership as a tool for appraisals, as it allows them to demonstrate to clients their areas of special expertise. Further, thought leadership can also be a mechanism for promotion. Mr. Barclay explained:

“If you’re running an event, do a video and say, ‘Come to our event.’ It takes two minutes and it’s authentic because it’s your attorney who’s speaking,” he said.

Law firms may also choose to develop governance and approval processes for the thought leadership is published. Many attorneys suffer from impostor syndrome, which sometimes cripples their ability to produce timely content. Official protocols and workflows not only maintain a high quality of work, they also allow lawyers to develop their voice in a streamlined environment.

Ultimately, the metric for success is much lower than one might expect. According to Passle’s report, in 2020, the average law firm produced 800 total pieces of thought leadership content. This amounts to only 0.8 pieces of content per attorney. Though generating content on a regular basis might seem a herculean task, these statistics show that an effective thought leadership plan is relatively low-commitment. In practice, if every attorney at a firm produced one thought leadership insight a month, that law firm would already be well ahead of their  competitors.

How to Create a Successful Law Firm Social Media Strategy

Another important aspect of thought leadership content creation is social media. Having a presence on platforms such as LinkedIn, Twitter and YouTube allows law firms and their attorneys to have a platform to showcase their expertise and connect with current and future clients. When it comes to thought leadership content, empowering attorneys to have a voice on social media can make a huge difference.

“It’s very difficult to tell a late 40s lawyer, ‘Go on Twitter. Get on Twitter or get on LinkedIn. You must do it.’ But if you say, ‘Hey, create something that’s going to be really interesting to Bob, Jennifer, Eileen, and your other key clients. Generate a piece of content, and then of course, make sure you share it with them and the best place to share it with them is LinkedIn. Then … that all makes sense,” Mr. Barclay said.

Attorneys and law firms can also think of social media as another asset the whole team can leverage. For lawyers in a certain niche, social media can be a powerful tool to bring in new clients and connect with existing ones.

“Attorneys don’t want to sell, they’re not salespeople. They want to talk about what they know. And then of course, what they know is really, really, really valuable to the people who they’re trying to influence,” Mr. Barclay said. “And that’s what’s neat about attorneys is that they’re not going online trying to sell something. They’re going online talking about their tiny little niche, and that’s exactly what their audience wants.”

One of the key things Mr. Barclay and Mr. Page said the top performing law firms do on social media is create an authentic image. For lawyers and law firms wanting to stand out in a crowd of others online, including a bit of personality into posts can go a long way. Lawyers can appear more authentic if they keep in mind who their clients are and what they need when creating their thought leadership content.

“It’s got to be authentic, it’s got to be timely and it’s got to showcase some of you. Again, folk don’t tend to employ a law firm, they don’t talk about their law firm, they talk about their lawyer. It’s a very personal one-to-one relationship,” Mr. Barclay said.

When it comes down to it, lawyers often need a reason to use social media, Mr. Page said. What often motivates lawyers to use social media is the ability to create content and have a voice. As the Passle report shows, the most successful law firms have both a strong social media presence and a solid content strategy.

“When lawyers have a voice, when they are able to create content, they have a reason to use social media. So if they are told to be on social and they just hover there without a purpose, it’s difficult to see a reason to do it, [and] it’s difficult to find any sort of outcome,” he said.

What Makes a Strong Law Firm Content Strategy?

In the new era of virtual engagement, it is vital that firms take steps to control their online presence. Mr. Barclay explains how focused, regularly published thought leadership articles are central to a firm’s success.

“Most attorneys we talked to don’t have hundreds of clients. 80 percent of their billable hours in any one year comes from 15, 20, 30 clients,” Mr. Barclay said. “If [you] can give them a great piece of authentic online content, then of course that’s a fabulous vehicle for recommendation referral, which is where new business comes from.”

By understanding these trends and taking control of their online presence, attorneys can easily communicate their expertise, maximize their referrals and increase their revenue. The most successful firms understand that small investment of 30 minutes to one hour can reap tremendous benefits. Oftentimes, the best way to facilitate these investments is through a group effort. The most successful law firms also empower not just the partners of the firm to create thought leadership, but associates and law clerks as well.

“The essence of those firms that reach the top of that list, is that they enable a wide range of their fee earners to create content,” Mr. Page said. “They’re not just relying on the select few partners that tend to come from a similar background, [and] have a similar way of thinking and a similar view of the world. The firms that succeed are generally the firms that enable their associates, or even their trainees, to create content and to have a voice within the firm.”

This article was written by Rachel Popa and Chandler Ford of the National Law Review.

How Government Contractors Can Prepare for a Government Shutdown

The federal government’s funding is slated to deplete on September 30th, 2021. Congress is currently debating the legislation that will allow operations to continue beyond this date, but it remains to be seen whether or not the government will experience a temporary shutdown. Regardless, the Office of Management and Budget signaled for agencies to prepare for a gap in funding, and President Joe Biden’s White House is preparing for this outcome.

“Government shutdowns impact government contractors in significant ways. Work and payments suddenly stop, and contractors have to decide what to do with their skilled and knowledgeable workers, who suddenly have nothing to do for a company whose cash flow has taken a sudden hit,” said Guy Brenner, a partner in the labor and employment law department and head of the Government Contractor Compliance Group at Proskauer Rose LLP. “This is particularly difficult given that the length of the shutdown is difficult to predict.”

A government shutdown presents unique challenges, not only for federal agencies, but for government contractors and subcontractors as well. These challenges include (but are certainly not limited to) employee pay and overtime, unemployment benefits, the furloughing of employees and more. As a result, it’s important government contractors remain informed and prepare themselves for next steps, should the shutdown indeed take place.

What Do Government Contractors Need to Know About the Shutdown?

In years past, government shutdowns complicated pay and backordered work, and the ongoing COVID-19 pandemic adds another layer to the impending decision on September 30, 2021. With a possible shutdown approaching, government contractors should consider their options under their existing contracts. The looming possibility of a government shutdown creates an air of uncertainty, but workers can mitigate the effects with proper preparation. This includes provisions of the Worker Adjustment and Retraining Notification Act of 1988 (WARN Act) which impacts larger employers.

Typically under the WARN Act, employers must notify employees within 60 days of an upcoming large-scale layoff. The WARN Act applies if there is an “employment loss,” which includes a layoff exceeding six months, an employment termination or a 50 percent reduction in hours in each month over six months.

Another consideration for government contractors during a shutdown is furloughing employees. Often contract workers who are furloughed are not paid their owed wages until after the shutdown has ended and a spending agreement is made, sometimes taking many months before issuing the payments. In some instances, such as during the shutdown of 2018/2019, lawmakers may vote against paying contractors for their furloughed time.

Another complication begins when government contractors take a hit during the shutdown and require workers to use their paid time off (PTO) as compensation rather than back pay. And those with PTO still fare better than contractors who are considered non-essential and cannot rely on PTO. What are the options for those workers?

In addition to furlough and PTO, another potential option for government contractors and their employees during the shutdown is unemployment benefits. However, some furloughed employees may not be eligible for unemployment benefits. Government contractors should check state laws to determine eligibility. Government contractors can find additional resources from the U.S. Department of Labor, including fringe benefits, paid sick leave and pay requirements.

How Can Government Contractors Prepare for a Shutdown?

Despite the uncertainty, government contractors can prepare in advance for a government shutdown. E-Verify, the online system used by employers to check the employment eligibility of new hires, is run by the Department of Homeland Security and may be unavailable during a shutdown. To prepare for this, government contractors should complete I-9 paperwork as soon as possible if E-Verify is unavailable.

Another consideration for government contractors during a shutdown is employee benefits. Furloughed employees may have their benefits affected if a government shutdown happens for a long period of time. The longest government shutdown on record was for 34 days in 2018-2019, which was a partial shutdown, whereas the government is facing a full shutdown this time since the government hasn’t passed any funding bills.

If the government shuts down and employees’ hours are reduced, they may lose COBRA health plan coverage. If this happens, government contractors must send qualifying event notices to affected employees, and employees must be given the option to continue coverage under the plan for the duration of the furlough at the employee’s expense for the maximum COBRA continuation period.

If the government is shut down and employees are furloughed, government contractors should tell employees not to do any work. If employees work while furloughed, they must be paid a salary for the entire week. Aside from furlough, government contractors may also decide to allow employees to work a reduced number of hours, but the process needs to be analyzed carefully and managed tightly, due to requirements for exempt employees, salary requirements, local regulations for a reduction in compensation, as well as contractual obligations, overtime exemptions and any foreign work authorizations.

Government contractors should consider incorporating the cost impacts of a shutdown into their planning and allow for it in their contracts. Contractors should plan to establish a line of communication with contracting officers ahead of time to discuss what work might be halted just in case they are unavailable if the government shuts down. Additionally, small businesses that rely on government funding can also prepare by speaking with their bank before any upcoming funding deadlines to ensure they have the cash flow to stay afloat during the shutdown.

What are the Next Steps for Government Contractors?

Government contractors can start preparing now for a government shutdown by completing necessary I-9 paperwork, determining furlough and unemployment benefit eligibility, determining WARN Act eligibility as well as planning for COBRA coverage interruptions.

“When the government shuts down, contractors can feel sudden and serious economic and workflow impacts, and naturally want to react quickly. But doing so without careful thought and planning may only solve one problem while creating an even bigger and potentially more costly one,” Mr. Brenner said. “Wage and hour, immigration, benefits, unemployment insurance, and lay off laws are all issues contractors need to consider before taking action.”

Copyright ©2021 National Law Forum, LLC
For more articles on the government shutdown, visit the NLRGovernment Contracts, Maritime & Military Law section.

Ransom Demands: To Pay or Not to Pay?

As the threat of ransomware attacks against companies has skyrocketed, so has the burden on companies forced to decide whether to pay cybercriminals a ransom demand. Corporate management increasingly is faced with balancing myriad legal and business factors in making real-time, high-stakes “bet the company” decisions with little or no precedent to follow. In a recent advisory, the U.S. Department of the Treasury (Treasury) has once again discouraged companies from making ransom payments or risk potential sanctions.

OFAC Ransom Advisory

On September 21, 2021, the Treasury’s Office of Foreign Assets Control (OFAC) issued an Advisory that updates and supersedes OFAC’s Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, issued on October 1, 2020. This updated OFAC Advisory follows on the heels of the Biden Administration’s heightened interest in combating the growing risk and reality of cyber threats that may adversely impact national security and the economy.

According to Federal Bureau of Investigation (FBI) statistics from 2019 to 2020 on ransomware attacks, there was a 21 percent increase in reported ransomware attacks and a 225 percent increase in associated losses. All organizations across all industry sectors in the private and public arenas are potential targets of such attacks. As noted by OFAC, cybercriminals often target particularly vulnerable entities, such as schools and hospitals, among others.

While some cybercriminals are linked to foreign state actors primarily motivated by political interests, many threat actors are simply in it “for the money.” Every day cybercriminals launch ransomware attacks to wreak havoc on vulnerable organizations, disrupting their business operations by encrypting and potentially stealing their data. These cybercriminals often demand ransom payments in the millions of dollars in exchange for a “decryptor” key to unlock encrypted files and/or a “promise” not to use or publish stolen data on the Dark Web.

The recent OFAC Advisory states in no uncertain terms that the “U.S. government strongly discourages all private companies and citizens from paying ransom or extortion demands.” OFAC notes that such ransomware payments could be “used to fund activities adverse to the national security and foreign policy objectives of the United States.” The Advisory further states that ransom payments may perpetuate future cyber-attacks by incentivizing cybercriminals. In addition, OFAC cautions that in exchange for payments to cybercriminals “there is no guarantee that companies will regain access to their data or be free from further attacks.”

The OFAC Advisory also underscores the potential risk of violating sanctions associated with ransom payments by organizations. As a reminder, various U.S. federal laws, including the International Emergency Economic Powers Act and the Trading with the Enemy Act, prohibit U.S. persons or entities from engaging in financial or other transactions with certain blacklisted individuals, organizations or countries – including those listed on OFAC’s Specially Designated Nationals and Blacked Persons List or countries subject to embargoes (such as Cuba, the Crimea region of the Ukraine, North Korea and Syria).

Penalties & Mitigating Factors

If a ransom payment is deemed to have been made to a cybercriminal with a nexus to a blacklisted organization or country, OFAC may impose civil monetary penalties for violations of sanctions based on strict liability, even if a person or organization did not know it was engaging in a prohibited transaction.

However, OFAC will consider various mitigating factors in deciding whether to impose penalties against organizations for sanctioned transactions, including if the organizations adopted enhanced cybersecurity practices to reduce the risk of cyber-attacks, or promptly reported ransomware attacks to law enforcement and regulatory authorities (including the FBI, U.S. Secret Service and/or Treasury’s Office of Cybersecurity and Critical Infrastructure Protection).

“OFAC also will consider a company’s full and ongoing cooperation with law enforcement both during and after a ransomware attack” as a “significant” mitigating factor. In encouraging organizations to self-report ransomware attacks to federal authorities, OFAC notes that information shared with law enforcement may aid in tracking cybercriminals and disrupting or preventing future attacks.

Conclusion

In short, payment of a ransom is not illegal per se, so long as the transaction does not involve a sanctioned party on OFAC’s blacklist. Moreover, the recent ransomware Advisory “is explanatory only and does not have the force of law.” Nonetheless, organizations should consider carefully OFAC’s advice and guidance in deciding whether to pay a ransom demand.

In addition to the OFAC Advisory, management should consider the following:

  • Ability to restore systems from viable (unencrypted) backups

  • Marginal time savings in restoring systems with a decryptor versus backups

  • Preservation of infected systems in order to conduct a forensics investigation

  • Ability to determine whether data was accessed or exfiltrated (stolen)

  • Reputational harm if data is published by the threat actor

  • Likelihood that the organization will be legally required to notify individuals of the attack regardless of whether their data is published on the Dark Web.

Should an organization decide it has no choice other than to make a ransom payment, it should facilitate the transaction through a reputable company that first performs and documents an OFAC sanctions check.

© 2021 Wilson Elser
For more articles about ransomware attacks, visit the NLR Cybersecurity, Media & FCC section.