While one of our lawyers predicts this will be the Year of the Data Breach, another anticipates the Year of the Whistleblower. Others highlight the impact that new technologies, accelerating competition, and regulatory changes will have on our clients. As we head into what will surely be an eventful year, our lawyers share their perspectives on the important actions to take in 2019.
Brexit aside, 2019 will be all about data and our clients’ handling of it, especially personal data. In particular, it will be the year of the data breach. We have already seen a rise in the number of reported breaches, and with the new regulations in place (and more yet to come), we are also likely to see the enforcing regulatory bodies wielding their increased powers and imposing the sanctions at their disposal, primarily the much publicized—and huge—financial penalties.
With this backdrop, a key action item for clients will be to review, refresh, and remediate as necessary, their compliance programs—as regards not just GDPR, but the laws applying in all international markets in which they operate. Often this involves adopting a global approach to privacy and cybersecurity, which allows for differentiation in the myriad of laws emerging around the world. A crucial component of any such compliance program is incident response. Clients need to ensure the entire business is prepared should it be hit by a cyberattack or, indeed, any form of data breach.
First, I ask clients if they are still playing whac-a-mole with the data protection laws that are proliferating around the globe. There are too many regulatory regimes now to have a separate compliance plan for each. Multinationals need to consolidate their compliance activities and take a global approach to meeting regulatory requirements around cybersecurity and privacy. We do this by building toward common elements found across laws in the U.S., Europe, Asia and elsewhere. Over the long run it saves clients money and enormous amounts of operational friction.
Second, I ask clients if they’re ready for the big one—a significant cyberattack that threatens their data and even their ability to operate as a business. If you’re a GC, it isn’t enough to lean on the incident response planning of your company’s IT security team. You need to know what your legal and compliance teams should be accounting for in those critical first few days of an incident. Incident response playbooks for legal and compliance teams are an important part of the preparations. So are the war game exercises that we facilitate.
Companies need to make sure they are on a track to compliance with cybersecurity and privacy regulations that are proliferating globally, including in the U.S., the EU, and China. Korean companies are export-focused and technology-intensive, so these developments will be particularly relevant to them. More broadly, Korean and all other companies need to sharpen their cybersecurity governance and incident response planning to get ahead of the increasingly dangerous digital threat landscape.
2019 looks set to be one of the most eventful years in recent memory, especially for M&A. Brexit Day (March 29) looms, but with careful planning it should not put off those contemplating transactions. While there will be caution in the week or two leading up to it, much can be done in the meantime to plan transaction processes. In addition, the increased protectionism from various governments we saw in 2018 looks set to continue. Early engagement by buyers can help them avoid last-minute pitfalls, while sellers need to be aware of potentially high-risk counterparties to avoid backing the wrong horse.
For listed companies, activist shareholders are likely to continue to be a growing presence. In 2018 we saw some large positions in established companies. However, we are now seeing a change in approach—and the best advice for boards is not to pull down the shutters, but instead engage proactively. Yes, such investors seek to challenge the status quo, but with respectful, early engagement the outcomes could be positive for boards and shareholders alike.
Lastly, tech M&A is likely to see sustained growth, with savvy players taking advantage of continued convergence across the TMT sectors. A good awareness of how to unlock value using technology will drive valuations and lead to increased diversity in auction processes.
With the choppiness in the equity markets and signs of pressure on potential future earnings, sponsors and their portfolio companies may need to have a renewed focus on debt levels and changing interest rates while continuing to try to reap benefits from the recent lowering of the corporate tax rate. Depending on a sponsor’s outlook with respect to an existing portfolio company, the window for the optimal exit may start to close based on earnings pressure (including due to international tariff impacts) and the increased cost of debt financing.
As Capitol Hill becomes increasingly informed on fintech subjects, the issues surrounding consumers, the use of cryptocurrency, initial coin offerings (ICOs), money laundering and investor fraud may spur U.S. Federal agencies to become more active. It is safe to say that the new Congress will not let crypto issues disappear, but will instead confront whether, and how, to apply existing laws, rather than creating new ones. At the same time, various financial agencies, including the IRS, are likely to clarify their rules and initiate enforcement actions to provide greater transparency in this developing market. There is a ton of activity on fintech, distributed ledger technologies (DLT), and blockchain technologies within the administration and in Congress, and an increasing need for fintech companies to engage with Congress and these agencies.
2019 will be the year of the whistleblower. With the U.S. Supreme Court’s decision in Digital Realty Trust, holding that whistleblowers must report directly to the Securities and Exchange Commission in order to avail themselves of certain protections, employees are less likely to report complaints internally before calling the government.
Companies should adjust to this new reality by encouraging internal reporting and being more proactive in addressing employee tips. This all begins before a tip comes in with establishing a fraud risk policy, performing a fraud risk assessment, and deploying fraud prevention and detection activities. Those measures provide the right framework for establishing a fraud reporting process for employees to follow as well as a coordinated approach to investigating tips and taking corrective action. And, of course, after whistleblower tips have been investigated and acted upon, companies should look for ways to improve the process going forward.
The number and categories of risks confronting companies across all industries are becoming more complex, nuanced, interrelated and multijurisdictional. The fundamental priority for all companies is to ensure that their boards of directors and senior management have taken appropriate steps to identify the risks facing the business and put in place implementable and auditable controls. This in turn requires a board with appropriate diversity in background, experience and expertise, and a management team that is informed, competent and poised to move definitively when an issue is spotted.
Bribery and corruption continue to be areas of focus and priority for enforcement authorities globally, and it is one area in particular for all companies to address. While the U.S. remains the leader in enforcement, other countries are following suit; many of those countries rank among the leading markets both for commercial expansion and corruption risk: China, India, Brazil, to name a few. Given the interconnectedness of corporate enterprises, legal exposure is rarely limited to one country and so corporate exposure is potentially expansive and multijurisdictional.
Bribery and corruption risk is one of a much longer list of legal, regulatory and operational risks that expose companies to potentially significant financial and reputational damage. All companies need to confront these challenges head on, with the right legal advisors to help develop controls that will be effective, implementable and auditable so that the company can demonstrate their effectiveness—to themselves, their boards and the enforcement authorities, if required to do so.
Early case assessment will be more critical than ever at the U.S. Patent Trial and Appeal Board (PTAB) in 2019 in view of SAS Institute, the move to the Phillips claim construction standard, and cases coming down from the Federal Circuit as to real party-in-interest (RPI) relationships. Petitioners need to start thinking critically about what specific claims it makes sense to challenge at the PTAB, taking into account non-infringement positions that are tied to claim construction, weaknesses in the prior art, and other issues, like indefiniteness, that may only affect a subset of claims (which may not even be important) but could doom a whole petition. Likewise, petitioners need to carefully avoid creating unintentional RPI relationships (with emphasis on unintentional) that could have consequences like an earlier one-year time bar. At the same time, patent owners need to be aware of these issues so they can take them into account for their responsive strategy.
Innovation for new technologies, products and services is the engine of growth for the overall economy as well as for enterprises, fueled by corporate R&D programs, partnerships and M&A. Identifying, understanding and extracting value from key IP assets generated from R&D, collaboration and M&A will continue to be a key activity for in-house legal and IP teams.
Continuously assessing key IP assets—both their own and those of third parties—enables corporations to prepare actionable strategic plans for identifying, evaluating, buying, licensing or selling IP assets on the best possible terms. Corporate management’s accelerating mandate to generate financial value from IP assets meets a relatively favorable legal landscape where the U.S. Supreme Court and the Federal Circuit have lately issued opinions strengthening important IP assets, slowly but surely changing the tide of patent law for stronger patent protection.
Our clients are cautiously assessing the extent to which the escalating political and economic tensions between China and the U.S. will impact their cross-border investment strategies. Regulators in Europe and other markets are also planning to step up their national security reviews of foreign investments. Heading into the new year, clients (particularly Chinese acquirers) looking to execute cross-border transactions should expect to face many challenges, including new rules and regulations, stricter controls and more aggressive scrutiny. To improve their chances of success for cross-border transactions, companies must work with their professional advisers to carefully strategize, structure and manage transactions, and all material issues should be identified and proactively addressed at the outset.
Companies need to be mindful of several China-related hot-button issues heading into 2019. First, under the recently released China Initiative, economic espionage, trade secret theft and FCPA cases involving Chinese companies that compete with U.S. companies will be vigorously investigated and prosecuted by the U.S. Second, cross-border investments in U.S. companies involving critical technologies will face heightened review under the FIRRMA pilot program, which expands CFIUS’ jurisdiction to cover certain non-controlling, non-passive investments in companies in certain industries. Both U.S. regulatory developments underscore the current administration’s priority to protect U.S. interests, particularly against Chinese activities. Chinese companies should proactively assess risks in these areas in existing or potential business endeavors.
Domestically in China, the new E-Commerce Law will take effect in January 2019. The law aims to extend consumer protection and provide stricter regulation of e-commerce, with a focus on IP, false advertising, data protection and cybersecurity. Companies defined as “e-commerce platform operators” should take measures early to review compliance under the new law.
There are four important points for asset managers to bear in mind for 2019. First, we are likely to be approaching the end of the credit cycle, so managers should be shoring up their funds with distressed lending strategies and personnel so that they are able to be nimble should credits require workouts.
Second, managers should implement any Brexit strategies now, including flip provisions in the AIFMS, so that they flip out of the UK and into Europe with minimum disruption to investors. Next, managers should be aware that investors are now much more savvy, so they need to be careful how they negotiate liens into their loan fund deals.
Finally, beware of leverage lines and risk retention. The new risk retention rules are now in place—with criminal liability in place for asset managers. Careful thought should be given to whether providing leverage lines constitutes a securitization under the new STS regulation that is now in force as of January 1.
Active managers have gone through a difficult period competing with static investment vehicles and their appropriate benchmarks. The lack of volatility in the marketplace and the growth of index-based static portfolio products, like index funds and ETFs, have combined to create a perfect storm of head wind for the active manager. The recent resurgence of stock market volatility may be precisely what active managers need to again outperform the relevant index and the static fund competition. If active managers can be successful utilizing the volatile market to create superior performance, they may be able to stem the tide of increased asset migration from their funds to ETFs and index funds. This too may facilitate increased market volatility giving them a further opportunity to outperform the competition. Those active managers that cannot outperform the benchmark and the static products in this period of increased volatility may find themselves further behind the competitive pack and may have a harder time catching up.
I expect 2019 to be another active year for life sciences and healthcare M&A, with biotech transactions continuing to be a hot area. Many dealmakers have been closely watching the window for biotech M&A, expecting it to close, but interest remains strong from both private equity and strategic buyers. The competition among those two buyer groups for healthcare assets will force dealmakers to be more creative in how they structure deals in order to get the transactions across the finish line. In terms of the types of deals we’re seeing, healthcare companies continue to shed non-core assets. That may signal a higher volume—but not necessarily higher value—of bolt-on acquisitions in the year ahead.
Innovator life sciences companies continue to see aggressive challenges to their patents protecting important pharmaceutical products, making it as important as ever for clients to continue developing a forward-looking strategy for their intellectual property portfolio in preparation for future litigation. This includes ensuring that each component of a patent portfolio has the appropriate scope of protection, and engaging in careful pre-suit analyses to be ready for an eventual challenge.
Biosimilar availability remains an area of interest, particularly while less expensive versions of popular biologic drugs have been made available in jurisdictions outside of the U.S. This is an area affecting innovator drug companies, whether in creating and protecting new biologics or in considering biosimilars for appropriate existing products. In the new year, there will be increasing public awareness and scrutiny of barriers to entry for biosimilars in the U.S. and litigation under the Biologics Price Competition and Innovation Act, making it important to think, plan, and act strategically on both sides of the issue, whether structuring and enforcing patents protecting biologics or implementing and proceeding with a biosimilar strategy.