The PPP Affiliation Rules: Thoughts on a Workaround

On March 27, 2020, President Trump signed into effect the Coronavirus Aid, Relief, and the Economic Security Act (the “CARES Act”), which includes, among other relief provisions, the Paycheck Protection Program (the “PPP”) aimed at providing liquidity to help small businesses maintain their existing payroll by making certain (forgivable, in part) loans available through the Small Business Administration (SBA). On April 2, 2020, the SBA issued its Interim Final Rules regarding the administration of the PPP, which provides the framework under which businesses with under 500 employees (generally) can take advantage of the PPP, if they certify that “current economic uncertainty makes this loan request necessary”.

Venture and PE Back Entities and the Affiliate Attribution Problem

Unfortunately, for a large swath of the small business community, including many start-ups, the rules around PPP eligibility present a significant roadblock to their participation. Since the program is administered by the SBA, the SBA’s general rules and regulations are applicable to the program. One particular aspect of those rules, regarding how to count ‘employees’—the so called “Affiliation” rules—is problematic in that it may require attribution and aggregation of employees with other ‘affiliates’. In this context, it is suggested that affiliates may have to include any investors who hold a ‘controlling interest’ in the company and any other companies in whom that investor also holds a controlling interest.

With that level of attribution, it becomes highly likely that any given investor (often, PE, VC or even Angel) backed company will quickly exceed the 500 employee maximum level under the PPP, and, therefore, will not be eligible to participate. With time being of the essence, and an already limited (and rapidly dwindling) level of available PPP funds to access, it is imperative that these businesses—often some of the US’ most promising young enterprises, including in the biotechnology space—proactively find a safe and compliant way to participate in this important economic stimulus (or ‘emergency distress relief’, depending on your perspective) program.

Defining ‘Control’

At the heart of the problem here is what constitutes a ‘control investor’ under the applicable SBA regulations. We will not attempt, in this column, to explicate the nuances around every direct and edge case that might constitute control. Others have done a great job summarizing and explaining the same (including an excellent rule / example chart here). Suffice it for our purposes to say, however, that ‘control’ can be expressed or implied as a result of any of the following conditions:

  • Common Ownership – Ownership of >50% of voting equity.
  • Present Effect – The rules will give present effect to potential future events, such as the exercise of options, warrants, etc., that could affect control.
  • Common Management – Where sister entities share controlling executive officers and/or directors, for example.
  • Identity of Interest (Family Relationships) – Where sister entities are owned / controlled by close family members.
  • Identity of Interest (Economic Dependence) – Where a company derives 85%+ of its revenues over the previous 3 fiscal years from another entity.
  • Identity of Interest (Common Investments) – Where management / shareholder groups have substantial investment and economic overlap with other entities.
  • Newly Organized Concern – Applicable where a key stakeholder in one entity begins to perform work for another, and maintains substantial overlap of resource usage from the old entity.
  • Successor-in-Interest – Applicable in cases involving a consummated strategic transaction, where the successor may be aggregated with the predecessor entity.
  • Totality of Circumstances – When the facts and circumstances suggest that two companies are very closely intertwined, they may be deemed affiliated.

As mentioned above, in the event that a control condition exists, then it is highly likely that attribution with an investor and with the investor’s other portfolio companies will exist, such that the employee headcount metric for any given company could be significantly increased, resulting in PPP ineligibility.

Suggesting a ‘Workaround’ Framework


            In our view, the best and most logical outcome here is for the Treasury and the SBA to directly fix this problem—either by updating their rules and guidance, or by issuing waivers. As of this writing, we remain hopeful of the probability of that outcome.

            However, in the event that this does not happen, it may fall to business and legal advisers to consider creative ways that their clients may stay outside of the attribution rules, and still fit within the letter and spirit of the PPM framework.

            We would suggest that there are three obvious ways to potentially deal with (portions of) this issue, and they all involve the full participation of the investor community.

  • Note – For the sake of brevity and clarity, the following analysis is based on and assumes a Delaware domiciled for-profit corporation, which has adopted standard NVCA investment documentation, and which requires a simple majority of preferred holders to effect charter / material document modifications or waivers (that being the ‘Requisite Holders’).

            What We Believe Can be Solved For by Action…

            Solving for any of the control issues detailed above is almost certainly going to require manipulation of existing provisions in companies’ Certificates of Incorporation and possibly Bylaws (collectively, the “Charter”), as well as certain collateral shareholders rights agreements (inclusive, broadly, of the typical Investors Rights Agreement, Right of First Refusal (“ROFR”) and Co-Sale, and Voting Agreement). Collectively, these documents contain a number of provisions that are, generally, prophylactically protective of investors’ rights, that may cause attribution control issues. Specifically, investors are often granted dedicated board seats and certain investor protective provisions (veto rights) over certain key material company transactions. Depending on the existing deal in place, investors may also have conversion rights that give them effective voting control (under the ‘Present Effect’ prong), which are likely baked into the Charter documents.

            Individually or collectively, these rights almost certain cement a ‘control’ relationship, that would put any such company squarely in the attribution dead-zone described above.

            We believe, however, that a mix of the following techniques could be effective in rebutting a number of these presupposed conditions.

            Charter Amendments

            The most obvious and robust place to start unwinding disqualifying ‘control conditions’ is in the company’s Certificate of Incorporation (and any corresponding provisions in the company’s Bylaws, if any). In the standard NVCA form, this will also certainly involve direct amendments to the Board of Directors composition / voting section, as well as the Preferred Stock Protective Provisions Section (both usually contained in Section 3 of the NVCA model form of Amended and Restated Certificate of Incorporation).

            What we would suggest is that an abrogation of the rights contained in those Sections may be directly necessary in order to comply with certain of the control conditions detailed in the rules. Each situation could, of course, be slightly different, so a universal approach is likely impossible, but the principals around what would need to be changed should be fairly universal.

            Or, what if a more universalist approach, is possible? For example, what if, a company and investors representing the Requisite Holders could agree to some form of the following new, ‘temporary’ Article in a standard Certificate:

            FOURTEENTH:        For purposes of the rules of the US Department of the Treasury and the Small Business Administration (to the extent applicable) (the “Rules”), in connection with any loan obtained by the Company under the Paycheck Protection Program (PPP), for so long as any principal or interest may be outstanding under such loan, all holders of [Series A Preferred Stock] agree that the provisions contained in Article FOURTH, Section B of this Certificate related to preferential voting by such holders on any matters, including, but not limited to matters related to the Board of Directors and any special protective provisions shall be fully suspended, and that such holders shall, in lieu of such rights, be entitled to vote on any or all such matters on a theoretical as-converted to common stock basis only. This provision shall be automatically abrogated, and shall be of no further force or effect, upon the earlier of (i) the repayment, forgiveness, novation or other extinguishment of such loan and the Company’s obligations with respect thereto, or (ii) any modification of the Rules that would no longer necessitate the same, as a condition of participation by the Company in the program(s) underlying such loan.

            The benefits of this approach are obvious. It is relatively simple and easy to implement. But would it be respected by any examining authorities, and be sufficiently ‘unambiguous’ not to fall foul of the law of unintended consequences on other matters? These may not be answerable without some leap of faith (which, of course, will put a lump in legal counsel’s throat). But we would suggest that, if the now fairly standard Certificate provision dealing with Section 500 of the California Corporations Code (dealing with certain repurchases) is working in Delaware Certificates, then there is no obvious reason why some version of this approach should not also work.


            Waivers are the fastest and easiest way to deal with required corporation actions. The model NVCA Certificate provides a simple and easy to use waiver provision for use by the preferred Requisite Holders (See Article FOURTH, Section B.8.). In theory, this provision could be used, in a blanket fashion, to obtain well designed and thorough waivers from preferred holders to address one or more blocking control conditions (including all those mentioned above). Another benefit of waivers is that they are much easier to update, modify, repeal, etc., in the event that the same is required by any regulatory authority, and/or the underlying conditions for their need have ceased to exist.

            However, effecting by waiver everything which is necessary to mitigate away control condition risk seems unlikely. For one thing, it may not be obvious how the regulatory authorities (or a Delaware court, for that matter), would treat a ‘waiver’ of an otherwise obviously codified right in the Certificate (such as a Board seat nominating right), and such an approach seems like a recipe for corporate governance ambiguity. Further, it is not obvious how the regulatory authorities would view a waiver, that may otherwise have legal revocability, in light of the ‘Present Effect’ and ‘Totality of Circumstances’ prongs; and may choose to look through the same.

            Accordingly, although useful (and, in the case of non-Charter documents, perhaps perfectly adequate), we would suggest that the Charter Amendment approach is an obviously more robust and defensible approach, if possible to actuate.

            Business Structuring / Recusals

            It is somewhat less clear whether provisions that provide conditions of control that are contained within collateral company documents (such as, e.g., the IRA, Voting Agreement and ROFR Co-Sale), as opposed to the Certificate and Bylaws, would also have to be amended, or whether waiver would be sufficient; especially since these documents are a matter of contractual private relationships, not public record. However, in the interests of caution, we would suggest that corresponding amendments and/or waivers also be cascaded down to these documents. Afterall, there is no point in committing to this strategy and amending a company’s Charter only to fumble the ball on technicalities at the five yard line. Accordingly, we would recommend corresponding changes / waivers to these documents as well.

            Further, in order to deal with certain remaining prongs of the control relationship tests, we would suggest that intelligent business structuring and recusal strategies can be actuated (and documented) in order to solve for issues presented by the ‘Common Management’, ‘Identity of Interest – Family Common Investments’, and ‘Newly Organized Concern’ prongs. For example, careful investor divestiture of interest in certain entities (choosing carefully, obviously), recusal or resignation from certain boards / management roles for sister entities and/or a rethinking of certain strategic plans of portfolio companies may all be useful techniques to deal with issues in these verticals.

            What May Not be Solved For…

            Some of the control conditions above will simply have to mechanically ‘not be the case’, as they can’t practically be solved for in legal documentation alone. Those would include, self-evidently, the ‘Common Ownership’, ‘Identity of Interest – Family Relationships’, ‘Identity of Interest – Economic Dependence’ and ‘Successor in Interest’ tests. Accordingly, not every business is going to be eligible here, no matter what is undertaken.

            Further, the ‘Present Effect’ rule presents a possibly serious problem here as well. Charter amendments and waivers are clever, but, if they contain obvious snap-back provisions that make them, essentially, perfunctory in nature, then it is likely that any examining authority would view them with a jaundiced ‘substance over form’ eye. We would suggest that any changes that have true substantive effect, and are not reversable for the life of the PPP loan should be respected as satisfying the spirit of the program, and, thus, out of reach of the Present Effect prong, but, admittedly, this is, perhaps, a tautological conclusion.

            Lastly, the ‘Totality of Circumstances’ test (a perpetual law school and legal profession favorite!) is never going to be completely solvable. If it walks like a duck and quacks like a duck, it’s a duck. However, what we would suggest is that if this prong is to be solved for, it will have to come from the Treasury / SBA itself in public guidance (i.e., something akin to a ‘no action letter’, for properly structured workarounds). Doing so would send a strong signal to the business and legal community that the government is not hostile to this process, and, in fact, encourages its use.

Investor ‘Buy-in’; the Big Unknown

There is no practical way to implement the foregoing without buy-in from the investor community. None.

If investors are not willing to work with their portfolio companies to actuate a mixture of the foregoing strategies (as different use cases require), then the possibility of the same is a purely academic exercise. And many of these choices may be difficult and imperfect, under the heat of the moment on a compressed timeframe. For example, how can an investor reasonably and responsibly choose, in, say, 72-hrs, which of its portfolio companies has the ‘best chance’ to succeed and should pursue the PPP program, and in which of those it should simply resign its Board seat? … Investors will have to pivot to a mindset of trust, greater good and long-term thinking to effectively hedge risk in such matters.

However, we would suggest that this is likely in the best interests of basically all investor portfolio companies and the investors themselves. For most businesses, there would appear to be very little downside to participation in the PPP. In fact, for most, it may be a crucial survival lifeline, at a minimum, and possibly even a booster rocket to spur growth and innovation (which the US always, always needs more of, in the best and worst of times). If the alternative is the failure of one or multiple investor portfolio companies, then we would suggest that the waiver or abrogation of certain investor rights, temporarily, is a trifling matter to accept.

We would also suggest that, if pressed, most investors will accept the foregoing logic (with the admittedly very large caveat assumption, of course, that their own fund charter documents will even permit them to do so). In fact, we would suggest that the investor (PE, VC and Angel communities) will likely embrace at least some of the solutions to this dilemma (the foregoing, and others that will undoubtedly be forwarded in the days to come), in light of the unappetizing alternatives that are very much in play here.

Having said that, it is impossible to predict in advance. As an admitted digression, but by way of example, we have been arguing to anyone who would listen for 8+ years now that it is time to do away with Legal Opinion delivery in Series A rounds, as nothing but a pointless, expensive waste of scarce time and resources, but we are still swimming upstream against larger law firms on that fight! Here is to hoping that times may be changing in creative and cost-effective legal practice.

Will it Work? The Fine Print…

The foregoing is a suggested framework for businesses and legal practitioners to begin to think about how venture backed small businesses, who would otherwise be eligible to participate in the PPP, may be able to take advantage of the program without violating the letter or the spirit of the program.

Unfortunately, as with many matters that are new and cutting edge, and with rough contours (and, as of the date of this writing, this one has a lot), the question of whether or not this framework will work—from a business and/or legal perspective—is unknowable. Accordingly, we are not offering this framework as a ‘silver bullet’ of any kind, or offering any legal advice to any party, with respect hereto. The truth is, we just don’t know.

However, we are hopeful that this framework will spark a conversation around creative ways to address these roadblocks, which may, or may not, include some mixture of the foregoing techniques. We posit that it is likely that a framework that is workable for investors, businesses, counsel, the SBA and the US Treasury will be rolled-out, and likely in the next 3-4 weeks, at most. The stakes are too high for these parties not to work together.

We would suggest that the most robust (and still most likely) solution to this issue is for the Treasury and SBA to issue the necessary amendments, waivers or modifications of the regulatory framework. However, if this does not occur, then we fully expect that industry will find one or more solutions to fit quality, investor backed small businesses into the definitional framework of the PPP.


In the days and weeks to come, if we do not see a systemic fix to these issues—which, at present, are working to exclude a huge and hugely important sector of the US small business ecosystem—we will be developing and rolling out suggested documents for our clients who may be able to take advantage of these techniques. At such time, we will also make those documents publicly available, to the extent that it is prudent and helpful to do so.

In the meantime, we welcome all inquiries from businesses who may potentially benefit by participation in the PPP and are looking for forward pathways, and, of course, any and all constructive criticism from industry on the usability of the foregoing framework.

*     *     *

Dated April 7, 2020

Written by Jeff Bekiares, Ed Khalili and Stan Sater

If you are a business that has questions about the Paycheck Protection Program (PPP) and how the laws impact your business, contact our Founders Legal team at [email protected], [email protected], or [email protected].

The Benefits of the GDPR Two Years In

The General Data Protection Regulation (the “GDPR”), promulgated by the European Commission, was adopted in April 2016 and became effective in May 2018. Rarely mentioned with positivity in the past two years, the GDPR standardizes data protection laws across the European Union and applies to companies located outside of the EU that offer goods or services or are monitoring the behavior of persons inside the EU. 

The Benefits of the GDPR for Companies

Not only does the GDPR call for the adherence to seven fundamental privacy principals (lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability), but it also calls for increased technical measures for businesses to update and strengthen their data protection practices. Instead of mindlessly gathering any and all data, businesses should gather more purposeful data. Data mapping and inventory exercises challenge businesses to fully understand the data the business holds and how it fits into the broader organization. For many businesses, this is the first time the business will actually take the time to truly know and understand the data it holds. This data knowledge is useful in particular for mapping data strategies going forward. By raising awareness of the importance of well-maintained data, the GDPR has allowed organizations to make more informed decisions around strategic business partners and future avenues of growth.

Data Processing Inventory: Article 30 requires controllers and processors to create and maintain a formal, written record of its processing activities subject one exception:  when the organization has less than 250 employees and the processing is not likely to result in a risk for the rights and freedoms of data subjects, is not occasional, or is not of special categories of data. The records maintained by the processor must include the personal data processing activities done on behalf of a controller and to provide the controller a copy of the report upon request. While not a granular report of each data element in a business’s repository, it provides a high-level snapshot of how the business processes personal data.

Data Protection Impact Assessments (DPIA): Under Article 35, if processing personal information is likely to result in a high risk to data subjects’ rights and freedoms, the controller should perform a DPIA. Practically speaking, the DPIA is a risk assessment exercise meant to identify and minimize risks relating to the controller’s personal data processing activities.

Privacy Notices: Businesses are also required to publicly post a privacy notice detailing the source of the personal data, the legal basis for processing the personal data, the period for which the personal data will be retained, and the third-party recipients of the data. Further, the privacy notice must be provided in a manner that is concise, transparent, intelligible and easily accessible using clear and plain language.

Data Processing Agreements: Article 28 provides that controllers may only engage with a processor who provides sufficient guarantees of compliance with the obligations of the GDPR. Specifically, Article 28(3) of the GDPR requires a contractual agreement between controllers and processors regarding the parties’ roles and the processor’s obligations to comply with certain provisions in the GDPR. 

While these measures, and the GDPR in general, certainly increase the costs of doing business, it can be a competitive advantage for companies that commit to real compliance. Not only can a business become a preferred vendor by showing its commitment to data protection, but also it is an opportunity to build customer loyalty by being transparent about how they use personal data. 

Leveraging GDPR for Trends in the US

The GDPR kicked off this new wave of data privacy and data protection laws. Particularly in the US, which lacks an omnibus federal data protection law, many States have proposed their own data protection laws. Most recently, this was seen with the passage of the California Consumer Privacy Act (the “CCPA”) that was heavily influenced by the GDPR. Despite the COVID-19 pandemic, the California Attorney General has reiterated that the enforcement date of the CCPA is still July 1, 2020. The California Attorney General is currently working on the third draft of his CCPA regulations before a final draft is due by July 1.

For companies that have never undergone data protection compliance exercises, it can be daunting but we can leverage our existing data protection knowledge to quickly get in front of these issues as they come up in the day to day business operations.

Dated April 8, 2020

Written by Stan Sater and Jeff Bekiares

*    *    *

If you are a business that has questions about data protection laws and how the laws impact your business contracts, contact our Founders Legal team at [email protected]m and [email protected].

Part Two: Managing Equity Incentive Plans in a Volatile Market

This blog post is part two of two discussing equity incentives and ways for employees to liquidate a portion of their shares while the company remains private. Part One discussed the issuance of equity incentives to employees and other key personnel. Focusing now on already issued and vested equity incentives (for illustrative purposes hereof, we will focus on stock options), this blog post discusses the potential internal transactions that can provide liquidity to these vested employees and personnel.

The Broader Trend to Stay Private

In the last decade, the pre-IPO marketplace has grown significantly, being dominated by an increase in venture capital firms and private placement agents, brokers, and banks. With the increase in private market capital and willing buyers of private-company securities, the trend for post-2008 financial crisis startups has been to delay an IPO for as long as possible. High valuation startups such as Uber, Lyft, Slack, and Zoom all went public in 2019 into an all-time high in the public markets. When these companies go public, not only do the founders, venture capitalists, and investment banks make money, but also the employees who were granted stock options under the company’s equity incentive plan. While these companies stay private longer, secondary private-company marketplaces have evolved to purchase private-securities from employees or early-stage investors. Given the recent market volatility surrounding COVID-19, we expect valuations of private companies to be revised downward, companies to remain private, mergers and acquisitions deals to slow, venture capital deal terms to favor the venture capitalists, and cash strapped employees looking to sell their illiquid shares to weather personal financial volatility. The current financial markets signal that now is the time for liquidity and financial security. Liquidity and financial security are not only important to companies but also the companies’ employees. Conversely, with a drawdown in valuations, some existing investors in a private company might want to acquire more shares and provide liquidity to existing shareholders while the markets are not encouraging a sufficient liquidity event at a desirable valuation.

Structuring the Tender Offer

A tender offer is a transaction that can be utilized to allow an investor to buy a company’s shares from employees with vested stock options or company common stock. Tender offers are often structured in one of two ways: (1) share buybacks by the company or (2) a secondary sale by an existing shareholder(s) to a third-party purchaser. Under the first option, the company uses either cash on its balance sheet or cash from a prior equity financing to buy back shares. However, many states (for example, Delaware and California) have statues that limit the amount of capital that a company may use to buy back its shares. Meanwhile, these statutory restrictions do not apply to secondary sales to third-party purchasers, which makes secondary sales often the preferred route for many companies. Third parties who are considering initiating a tender offer should be aware that there are strict tender offer securities rules which must be adhered to in the conduct of any such offering.

Considerations in Secondary Sales

Valuation: Tender offers will always affect a company’s 409A valuation. The degree to which any transaction will impact the valuation depends on the terms of the transaction, the parties involved in the transaction, the size of the transaction, and the methods used by the valuation firm.

Share Restrictions: Restrictions on the sale or transfer of shares, such as rights of first refusal, or state corporate law ‘control share acquisition statutes’, are often imposed on shareholders. Therefore, potential sellers must review the organizational documents they signed or are otherwise bound by (i.e., the company’s bylaws, certificate of incorporation, and shareholders agreements, for example) to determine if there are obstacles to transfer unique to the company.

Securities Laws: Secondary sales must also comply with federal and state securities laws. Part of compliance with securities laws is the proper disclosure of information to potential buyers. When it comes to the disclosure of information, on the one hand, sellers may have signed a confidentiality agreement with the company to protect against the disclosure of confidential information to third parties including prospective buyers. However, this restriction must be balanced with whether or not the seller has material, non-public information which would impact the transaction.

Summary: Compliance with securities laws, a thorough review of the applicable transfer restrictions, and the company disclosing material information will all help sellers obtain a higher price for their otherwise illiquid shares.

Companies wanting to hold off on a liquidity event and get through this financial volatility while providing employees and other common stock holders an opportunity to achieve personal liquidity should consider the avenue of a secondary sale.

Dated April 7, 2020

Written by Stan Sater and Jeff Bekiares

*      *      *

If you are a business that has questions about secondary sales of private company common stock or tender offers, contact our Founders Legal team at [email protected] and [email protected].

Part One: Managing Equity Incentive Plans in a Volatile Market

This blog post is part one of two discussing equity incentives and ways for employees to liquidate a portion of their shares while the company remains private. Most companies are in the middle of granting 2020 annual equity awards. This granting of equity awards is happening simultaneously with the COVID-19 outbreak and the larger volatility on business operations and financial markets. The purpose of this blog is to highlight some considerations when granting equity awards in light of recent events.

409A Valuations

The threshold consideration is the overall value of the company, which then flows through to the value of any equity incentives being granted, impacting such matters as the strike price and the number of incentives being issued to eligible recipients (such as, e.g., employees, contractors, advisors, and directors). Although it is not required by law to do so, typically, a company will conduct a 409A valuation to derive the fair market value of the company and its common stock, to provide a base for determination of the value of any equity incentives to be issued (although other factors may be taken into account as well). A 409A valuation is often (but not always) different from a company’s post-money valuation following a financing round because investors typically receive preferred stock. Nonetheless, it is generally good practice to commission a new 409A valuation every 12 months, before the company issues its first common stock options, after raising a round of venture financing, and/or when there is a material event that may impact the value of the company.

Equity Incentives

Equity incentive plans are standard features of startups granting an equity interest in the company to employees and other personnel allowing them to share in the upside potential of the company. A well-crafted omnibus equity incentive plan is going to give the company the optionality to issue (a) Incentive Stock Options (ISO), (b) Non-qualified Stock Options (NQSO), (c) Restricted Stock and (d) Restricted Stock Units. Within the equity incentive plan, the committee appointed by the board of directors to administer the plan should have the authority, among other matters, to determine when the awards are to be granted under the plan and the applicable grant date; to determine the number of shares of common stock subject to each award; to determine the instrument to grant the employee or personnel; and to amend the awards including the time of vesting. 

So, if the 409A valuation returns a lower than expected valuation (especially given the current market) requiring the company to use more shares from the equity incentive pool than anticipated, the company could consider certain alternatives, such as, for example:

  • Grant restricted stock units (RSUs), which command a higher value based on how the RSUs are structured, thereby requiring fewer shares to grant to come to an equivalent value;
  • Make the equity awards contingent on shareholders approving an increase in the size of the equity incentive pool at the annual meeting;
  • Delay the grant until the after the annual meeting of shareholders, if an increase in the size of the equity incentive pool is approved; or
  • Provide the option to have the awards cash-settled (which itself does come with some tax and accounting downsides).

It might also be an option to reprice the options if the equity incentive plan permits or pending shareholder approval. If the repricing involves any change in the award other than a reduction in the exercise price, such as exchanging options for RSUs, the company must comply with securities laws and the corresponding tender offer requirements. If a repricing is not an option, the company could also consider granting supplemental awards. However, the granting of supplemental awards does come with accounting difficulties and would adversely affect the company’s dilution levels.

It is also worth mentioning that there could be ‘upside’ to a lower than expected 409A valuation, in light of recent events, as it relates to equity incentive base pricing. With lower base pricing, there is an opportunity for companies to issue equity incentives that are credibly (and, more importantly, tax defensibly) less valuable than they were even one month ago. If one believes that the price of equities and company valuations are, currently, artificially low as a result of the COVID-19 scare, then, by the time they return to normality, the previously issued equity incentives will be more valuable in the hands of key employees and other recipients. Explanation the company’s theory of the same could be a useful recruiting tool for key employees in these uncertain times.

Our View

Boards and management teams should consult with their legal, tax, and accounting advisors before changing their equity incentive plans as changes can force the company down different paths. As well, the boards and management teams should make decisions based on potential reactions from all stakeholders who are dependent on the future of the company. The next few months are shaping up to be volatile economic times but that also means time for introspection and internal brand strengthening to come out stronger on the other side.

Looking past the issuance of equity and incentive compensation, Part 2 of this blog post is going to cover companies conducting internal tender offers for those seeking to sell a portion of their vested options while the company remains private and weathers this financial volatility.

Dated April 6, 2020

Written by Stan Sater and Jeff Bekiares

*      *      *

If you are a business that has questions about equity incentive plans, contact our Founders Legal team at [email protected] and [email protected].



With so many companies’ runways depleting in these unprecedented times, many companies are seeking relief through the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”). One attractive program falling within the U.S. Small Business Administration’s (SBA’s) Section 7(a) loan program is called the Paycheck Protection Program (the “PPP”), where a business can receive a forgivable loan in amount up to 2.5 X its average monthly payroll for the prior year.

To be eligible for an SBA loan a business must meet the size qualifications for a “small business concern”, or alternatively, in the case of PPP, employ fewer than 500 employees. A businesses qualification as a “small business concern”, however, can be frustrated by a business’s association with other companies or investors as provided under 13 CFR §121.301.

These affiliation rules consider the amount of control or power a third party has to control the applicant. While the rules are somewhat nuanced and consider the totality of circumstances, businesses can conduct a simple back-of-the-envelope exercise to help determine eligibility:

  • Do any of our investors own 50% or more of the outstanding shares of our company?
  • Do any of our investors have the right to purchase (through options, warrants, or other means) 50% or more of the outstanding shares of our company?
  • Do any of our investors control a majority of our board of directors?
  • Do any investors have the right to prevent a quorum or otherwise block action by the board of directors or shareholders?

Where your company has to answer any of these questions in the affirmative, you will likely need to add in the number of employees and annual receipts of your investor (and the investors affiliates) to determine your eligibility as a “small business concern”. A notable exception to this rule applies where a company is classified under NAICS Sector 72 (food services, etc.). Additionally, there is some speculation that the Treasury will release guidance simplifying the guidelines for PPP eligibility, and potentially loosening the affiliation rules for these extraordinary circumstances such that a small business that is not controlled by a single outside shareholder will be eligible. Accordingly, if you fall into this camp, please stay posted.

Where your company can answer all of these questions in the negative, and where your company meets the prior referenced size qualifications, you company will qualify as a “small business concern” eligible for the PPP and other SBA Section 7(a) loans. In this case, we implore you to reach out to your SBA approved lender as soon as possible to submit your loan application.

Please acknowledge that this write-up is meant for informational purposes only and is not intended as legal advice.

By David H. Pierce

Data Processing Addendums for California

Earlier this month, the California Consumer Privacy Act became effective with many companies scrambling to become compliant with the law. While there are many ambiguities in the law and the California Attorney General is still finalizing his draft regulations, companies are continuing to create their legal frameworks to comply with the law nonetheless. Part of this compliance framework is the data processing addendum (“DPA”).


The data processing addendum concept was introduced when the General Data Protection Regulation (“GDPR”) was passed into law in Europe in 2016. Since the GDPR became effective in May 2018, the DPA concept has been ingrained in the contractual framework for data processing activities done on behalf of others. While DPAs are generally required under Article 28 of the GDPR, a DPA is not necessarily required by the CCPA, but there is a growing understanding of its benefits for data processing contracts between businesses, service providers, and third-parties.


Notably, the contract requirements come from the combination of the definitions of “service provider,” “third party,” and “business purpose.” A “service provider” “processes personal information on behalf of a business…for a business purpose pursuant to a written contract…and the contract prohibits the entity from retaining, using, or disclosing” it for a purpose other than the specified business purpose(s). “Business purpose” means “the use of personal information for the business’s or a service provider’s operational purposes, or other notified purposes.” Finally, a “third party” is defined by what it is not. A “third party” is not (1) a business that “collects” personal information from a consumer; or (2) a service provider with the contractual restrictions described above and, in this paragraph, (or any other “person” with the same such contractual restrictions). Additionally, a third party will not be considered a third party if it is included in the written contract between the business and the service provider. Therefore, despite being two separate defined terms, the definitions of service provider and third party should be read together.


The written contract required by the CCPA is meant to bring down some of the business’s obligations to its service providers so that it may comply with its obligations to California consumers who exercise their rights as provided by the CCPA. Specifically, a service provider must contractually agree that it is prohibited from (i) “selling” (as defined by the CCPA) the personal information it acquires from the business and (ii) retaining, using or disclosing the personal information outside of the direct business relationship with the business or for any other purpose than what is specified in the contract. Further, the service provider must “certify” that it understands its contractual restrictions and will comply with them.


If you are a business or service provider, updating all of your service provider contracts could be cumbersome and costly. Rather, the addition of a DPA to your contract playbook could cut down on time-consuming negotiations while clearly establishing relationships that comply with new data protection regimes.


January 10, 2020


Written by Stan Sater and Jeff Bekiares


*    *    *

If you are a business that has questions about CCPA compliance or applicability issues, contact our Founders Legal team at [email protected] or [email protected]



Equity Compensation in the Gig Economy

Last week, Uber sent a letter to the Securities and Exchange Commission (the “SEC”) seeking an amendment to Rule 701 promulgated under the Securities Act of 1933. Rule 701, which was recently modified in July 2018, allows non-reporting companies (i.e. startups and other privately held companies) to issue securities for compensatory purposes to eligible recipients (including employees, consultants, advisors, etc.) without registering such issuances with the SEC. In the letter, Uber stated its preference for the term “entrepreneurial economy” over the commonly used term “gig economy”. Presenting itself as a company that has “empowered millions of individuals around the world to take control of their lives through [their] technology platform”, Uber provides brief recommendations to expand the scope of Rule 701 to allow them to issue equity to its drivers.

Under the revised Rule 701(e), an issuing company must release financial statements, risk factors and other disclosures if the aggregate sales price or amount of securities sold by the company under Rule 701 during any consecutive, rolling 12-month period exceeds $10 million.

Aware that Rule 701 has not been updated since 1999 and the changing nature of business, SEC Chairman Jay Clayton stated in a press release, “The rule as amended, and the concept release, are responsive to the fact that the American economy is rapidly evolving, including through the development of both new compensatory instruments and novel worker relationships – often referred to as the ‘gig economy.’ We must do all we can to ensure our regulatory framework reflects changes in our marketplace, including our labor markets.”

It is well known that Uber has consistently and continually identified its drivers as independent contractors rather than employees not only in the press but also in court. Most recently, the United States District Court for the Eastern District of Pennsylvania held that Uber drivers were independent contractors. As Rule 701 is currently constituted and interpreted, it allows for issuances of restricted stock to ‘consultants’ as an eligible class of persons, but not to ‘independent contractors’. For obvious reasons, this interpretation doesn’t work within Uber’s framework, as it is cross-purposes with its essential argument that its workforce, is comprised of independent contractors. Thus, its recent letter to the SEC is an attempt to open the Rule 701 framework to be more inclusive as to eligible persons (among other matters).

Interestingly, Uber competitor Juno previously tried offering restricted stock units to its independent contractor drivers that would be redeemable when Juno went public or was sold, which it was sold to Gett in 2017. However, Juno ended the program due to implementation difficulties, a clear example of the complexity and expense which can be involved in internal company securities issuances.

Fellow “gig economy” company, Airbnb also sent a request to the SEC on September 21, 2018 to allow it to issue company stock to its hosts. Additionally, it offered suggestions to expand Rule 701(c) to include “persons with substantial, but non-traditional relationships with the issuer”.

Given the growth of the sharing economy, such changes to Rule 701 would seem to be a positive step toward the democratization of equity ownership; allowing more people to participate in the wealth generated from these companies when (and if!) they do go public.

It is unclear if the Uber and Airbnb requests are a peace offering to drivers and hosts or signaling that the dominant “gig economy” companies are truly maturing as they look into the IPO route. Regardless, other platforms based on the “gig economy” relying on alternative contractual relationships between companies and individuals who work with them could follow similar incentive packages, which could include other options like unit appreciation rights plans or restricted stock units, to attract necessary platform employees.

How the SEC will react to these entreaties is not yet certain. Clearly, the SEC is warm to the idea of updating and modernizing key Securities Act transaction exemptions to take current market realities into account, and the seemingly logical (but limited) expansion of eligible persons under Rule 701 is an appealing step in that direction. However, it would also represent another channel of securities distributions that essentially fly below the radar of regulatory and public scrutiny; and, in a world where the long-term trend away from IPOs seems to be unidirectional, the SEC may not wish to allow for more shade to darken the picture frame.

Commentary by Stan Sater  & Jeffrey Bekiares, Esq.  Jeff is a securities lawyer with over 8+ years of experience, and is co-founder at both Founders Legal and SparkMarket. He can be reached at [email protected]



, ,

Do ICO’s Seek an Expectation of Profit Solely from the Efforts of Others?

In our most recent blog post, we discussed the second prong of the Howey test – a “common enterprise” – and the US Circuit Courts’ fragmentation on the issue and lack of uniform definition. In this third and final part of our series pulling apart the Howey Test, we’re looking at the third and fourth prongs of the Test. These final two prongs, typically read together, are (collectively) “with an expectation of profits solely from the efforts of others”. The expectation of profits element focuses on the type of return that the investor seeks on their investment. This return inquiry is easily satisfied by an increase in capital or participation in earnings on invested funds. As mentioned, however, the return or profit must depend on the “efforts of others”, which goes to the passive nature of the investment return. Remember, the Howey company was selling plots of land on its citrus grove to people who had no intention of farming the land and depended on the Howey company to produce profits. These investors were expecting a passive return with no intention of consuming the oranges produced (i.e., this was not a pre-sale for the underlying future oranges which goes to consumptive use v. speculative use).


The SEC Wants to Talk About Your Control Issues


The “solely from the efforts of others” inquiry is a fact-specific analysis of the economic realities of the transaction. In sum, the more an investor controls the business operations of the project, the less likely an investment contract exists. The critical question to ask is whether the efforts of individuals other than the investor are “the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise”. In determining an investor’s control over the profitability of the investment, a court may look at:

  • the investor’s contribution of time and effort to the success of the project;
  • the investor’s rights under the investment agreement;
  • the investor’s access to information about the project; and
  • and the investor’s level of sophistication.

This analysis brings into focus the timing of the investment. If promoters promoted the investment and then made no further efforts after the investment, it is likely that no investment contract exists.

In the modern context of security ‘token’ sales that we have been examining, an appreciation in value via secondary market trading, in theory, should not be used as weighing in favor of the token being an investment contract. Additionally, a court may consider the adequacy of financing of the investment as well as the level of speculation and the nature of the risks in the transaction.


Getting Over Control Issues


With respect to securitized token offerings, it’s fun to talk about monetary gains, decentralization, openness, lambos, etc., but more time needs to be spent around architecting the proper token governance schemes. Because this is a fact-specific analysis, each token project must think granularly in terms of why a token is necessary; what does the token do; what is a token purchaser receiving (voting rights, effectively a license to use the network, ability to contribute to the network, etc.); how is this information being communicated (i.e., Telegram, Reddit, Twitter, Slack, Medium, YouTube, Podcasts, etc.); and how knowledgeable are the pre-functional platform investors (accredited investors, professional knowledgeable investors, ordinary public investors).

Unfortunately, there is no bright-line rule, and there is likely not going to be one for some time. In the decade since cryptocurrency has existed, only two cryptocurrencies (Bitcoin and Ethereum) have been declared not securities.


Exploring the Other Side


We have talked in this series of posts, in some detail, about transparency from the team building the network, but next, we should finish by focuses on how traditional finance disclosures work for large, private investors.

Meltem Demirors, a prominent cryptocurrency investor, has openly talked about the notion of this “shitcoin waterfall”. The shitcoin waterfall is when an ICO raises a pre-pre-sale round from VCs at a very steep discount. Then, the project raises a pre-sale where the initial investors now have tokens that are valued at 50-100x more than the previous round. The white paper is likely then revised with “crypto-famous” investors listed as advisors, and the white paper reads like any other marketing brochure. Next, the project does an ICO followed by an exchange listing for the general public. Coinciding with the exchange listing, these early investors are dumping their heavily discounted tokens on the average consumer. Meanwhile, most ICOs fail within four months.

Should large, early investors in an ICO be subjected to disclosures about token exits? Such disclosures would help regulators evaluate whether or not these early investors are pumping and dumping coins on the average retail investors. The same is true with self-dealing issues in respect to projects and team members contributing back into their ICO for more of their tokens, thereby inflating the ICO raise. While we share in the enthusiasm and promises of cryptocurrency, current ICO practices are less than noble or open to everyone despite what is propagated at overpriced conferences. As more empirical data comes to light, the legal landscape will begin to adjust for these projects.


Series Post-Script


The broad variables discussed throughout this series of blog posts on the Howey test offers arguments on why some tokens are considered securities and the gaps in the legal knowledge that need to be overcome. As noted in Coin Center’s recent Framework for Securities Regulation of Cryptocurrency, “the Howey test happens to also be an effective guide for determining whether a token possess heightened risks to users. The more a given token’s software and community variables allow it to fit the definition of a security, the more need there may be to protect its users with regulation.”. In theory, the more decentralized and transparent the network, the less risky it is to hold the token as it functions more like a commodity as price fluctuation is due to the market rather than one entity behind the project.

The reason we started the blog series with the facts of Howey was because the facts are easily substitutable. However, there is a mental shift around digital things that must be explained to regulators and token issuers in order to advance the ecosystem. Sometimes, acting and failing to act can have the same consequences; a didactic that the SEC already knows very well in its views on disclosure. For now, an understanding of the past and careful self-regulation based on our understanding of prior law will have to do.


Commentary by Stan Sater  & Jeffrey Bekiares, Esq.  Jeff is a securities lawyer with over 8+ years of experience, and is co-founder at both Founders Legal and SparkMarket. He can be reached at [email protected]


, ,

What is a Common Enterprise and is Bitcoin or Ethereum one?

In our most recent blog post, we discussed the first prong of the Howey test – an “investment of money” – through the lens of so-called ‘airdrops’. Moving on to the second prong – a “common enterprise” – requires us to take a step back and consider multiple angles. While courts, generally, have been quick to find a common enterprise despite the U.S. Courts fragmentation on the test, new cryptocurrency based projects, as open-source, add a level of consideration that is worth exploring.


Not Split – Fragmented

The circuits are fragmented in evaluating the “common enterprise” element, and we are left with three approaches: (1) horizontal commonality, (2) broad vertical commonality, and (3) narrow vertical commonality.

The horizontal commonality test is relatively straightforward. The test requires a pooling of funds in a common venture and a pro rata distribution of profits. The test is not worried about any promoters (which, in this context, means the issuer and its principal(s)). Thus, an investor’s assets must be joined with other investors where each investor shares the risk of loss and profits according to their investment. To date, the U.S. Circuit Courts of Appeal that follow the horizontal commonality test include the First, Second, Third (affirmed, but no opinion by the Third Circuit Court), Fourth, Sixth, and Seventh Circuits. Note – We have only include the circuit courts because these courts are one tier below the U.S. Supreme Court regarding what decisions hold the most weight in the U.S. legal system.

Vertical commonalty focuses on the vertical relationship between the investor and the promoter. Under this test, a common enterprise exists where the investor is dependent on the promoter’s efforts or expertise for investment returns. There are two approaches the vertical commonality:  (1) broad vertical commonality, and (2) narrow vertical commonality.

The only requirement under broad vertical commonality test is that “the investors are dependent upon the expertise of efforts of the investment promotor for their returns”. This test is perhaps the easiest to satisfy because there is typically always an information asymmetry between the promoter and the investor. The key question to ask, therefore, is does the investor rely on the promoter’s expertise? Both the Fifth and Eleventh Circuits follow the broad vertical commonality test.

The narrow vertical commonality test only finds support from one circuit – the Ninth Circuit. Under this test, the court only looks at whether or not the investor’s profits are linked with the profits of the promoter. Put another way, a common enterprise exists if the investor’s success or failure is directly correlated with that of the promoter’s.


Where Does That Leave Us?

When we look at Bitcoin and Ethereum, we have to ask who exactly are the ‘promoters’? One of the primary concerns in regulating securities is information asymmetries that lead to investors being taken advantage of by promoters. Remember, the Securities and Exchange Commission (SEC) has a three-part mission:  (1) protect investors; (2) maintain fair, orderly, and efficient markets; and (3) facilitate capital formation. Therefore, companies offering securities must tell the truth about its business, what securities they are selling, and the risks involved in investing in the company’s securities.

Evaluating Bitcoin and Ethereum under the same test, a central organization, clearly, does not exist. For Bitcoin, there was no ICO and has perhaps been sufficiently decentralized since its inception according to the SEC. For Ethereum, perhaps at the ICO stage, a central entity existed that investors relied on, making it (possibly) a security. However, we are now three years removed from that, and Ethereum has been, to all intents and purposes, deemed to be not a security. In the current state, anyone can write proposals on GitHub, fork the code, contribute upstream to Ethereum, etc. In truly permissionless, decentralized systems, has everyone become a ‘promoter’? The investment of money is not in a common enterprise, but rather an investment of money for tokens to participate in the growth of a network or base protocol. Unlike the familiar examples above, however, the issue with most ICOs is that the platforms are not built and there is a core team that is developing the software pre-release in a silo. Therefore, the investor is dependent on the team for the network to be built, and the funds from the ICO are going towards the team to continue the development of the network.

Many people in cryptocurrency are expecting the next big announcement to come from the SEC or the CFTC. We believe, however, that the next large moment of legal clarity will come, rather, from the courts via the numerous civil lawsuits developing. The U.S. Supreme Court has, to date, declined to take on this circuit court fragmentation directly. Perhaps this is because the facts and circumstances of the prior cases do not warrant a novel decision around the commonality question. However, the way we have seen cryptocurrency evolving and expect it to continue evolving, the time has come to settle the issue of what is a common enterprise.

Commentary by Stan Sater  & Jeffrey Bekiares, Esq.  Jeff is a securities lawyer with over 8+ years of experience, and is co-founder at both Founders Legal and SparkMarket. He can be reached at [email protected]


, ,

Do Crypto Currency Airdrops pass the Howey Test?

Continuing on our journey of securities law and cryptocurrency, it’s time to start pulling apart the Howey test. In an academic paper following the Howey Test’s 64th anniversary, the test was equated to that house that the home owners have continued building new additions that are clearly additions, sometimes awkward, and “the consensus of neighbors with taste is that the house should be torn down and rebuilt from scratch.”

What better way to start than by contemplating what is an “investment of money”? In my previous post, “investment of money” is presumably an investment of anything of value. An investment is the commitment of the item of value with the expectation of receiving some additional profit. This prong seems simple enough, is rarely litigated, and not of much concern; however, of more concern to the crypto community is the concept of airdrops.

An airdrop is when a token project distributes tokens into the token recipient’s cryptocurrency wallet for no monetary contribution in exchange. Most of the time, the airdrop is for the Ethereum blockchain; however, airdrops have occurred on Stellar, NEO, Waves, and EOS (to name a few) and bitcoin holders have received airdrops via Bitcoin hard forks. Airdrops continue to be a source of token distributions for a number of reasons. For the token issuer, it is an easy way to gain a broad network of token holders. Once listed on an exchange, the token holders are free to trade thereby creating a “liquid” market and market cap for the token project as well as a source of income for the token project as an airdrop usually constitutes some minority percentage of the token supply. I say “usually” because an $8M airdrop earlier this month ran out of tokens and has since announced a token buy-back program. Airdrops, as a token generation event, appear to be a way to create demand for your token and to skirt the uncertainty around ICOs and securities laws. Unfortunately, this is not the case.


No Investments of Money and Securities Law

Like everything in cryptocurrency right now, it’s all new and there is nothing like it that regulators can compare it to. Well, you can continue thinking that; however, where airdrops, or free distributions of securities are concerned, the SEC has seen this movie before. On July 21, 1999, the SEC issued four cease-and-desist proceedings relating to the issuance of “free” stock. The SEC claimed in its press release, “Free stock is really a misnomer in these cases. While cash did not change hands, the companies that issued the stock received valuable benefits. Under these circumstances, the securities laws entitle investors to full and fair disclosure, which they did not receive in these cases.” The valuable benefits for these companies were “a fledgling public market for their shares, increasing their business, creating publicity, increasing traffic to their websites, and, in two cases, generating possible interest in projected public offerings.” The reason the valuable benefits to the company are mentioned is because Section 2(a)(3) of the Securities Act defines a “sale” to “include every contract of sale or disposition of a security or interest in a security, for value.” Therefore, these companies were selling unregistered securities to the public.

Given that tokens are airdropped into your cryptocurrency wallet and it is then your choice to trade them or use them as the network prescribes, is subjecting the token distribution to securities laws necessary? Yes, airdrop scams do exist taking the form of impersonating real airdrops, fake profiles and project name confusion, marketing gimmicks, requesting private keys. The SEC’s role is to protect the integrity of markets through full and fair to disclosure to prevent fraud. So, is subjecting airdrops to securities laws using the above history of free stocks necessary to achieve the SEC’s purpose or is another regulatory body like the FTC more equipped to handle such an issue?

However, as of now, when contemplating an airdrop as a token distribution model, securities law still applies. While the SEC is warming up to the notion that utility tokens can exist. However, the economic realities of the transaction must still be contemplated. An SEC review is substance over form. Unfortunately, giving away things for “free” is not so free.


Commentary by Stan Sater  & Jeffrey Bekiares, Esq.  Jeff is a securities lawyer with over 8+ years of experience, and is co-founder at both Founders Legal and SparkMarket. He can be reached at [email protected]


House Hits Refresh on JOBS and Investor Confidence Act of 2018

On July 17, 2018, the U.S. House of Representatives passed a near-unanimous bill (406-4) to update the Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”). The JOBS Act, passed with much fanfare in 2012, was designed to help small businesses, entrepreneurs, and investors by updating and modernizing, in a number of respects, the way that capital is formed for these stakeholders. Unfortunately, in the six years since its passage, many of those constituencies have for the JOBS Act wanted in crucial ways, and have viewed its work as unfinished. Accordingly, calls for an overhaul have been steady and growing.

Which brings us to the present, and the passage of an overwhelmingly bipartisan bill from the House of Representatives, titled the JOBS and Investor Confidence Act of 2018 (the “Act”), which seeks to further reform regulations which have been viewed as holding back investments in small businesses and start-ups.

Major Takeaways for Investors and Startups

Update to “accredited investor” definition: The $1 Million ‘net worth test’ as part of the definition of “accredited investor” in the Securities Act of 1933 is amended to be adjusted for inflation every five (5) years using the Consumer Price Index for all Urban Consumers.

The Act also expands the definition of accredited investor beyond simply the net worth and income tests to include registered brokers and investment advisers as well as natural persons who have “professional knowledge” of a subject related to a particular investment, and whose education or job experience is verified by the Financial Industry Regulatory Authority (“FINRA”) or an equivalent self-regulatory organization (“SRO”).

Reg D Modification: The Act requires the SEC, within six (6) months after the Act is enacted, to amend Reg D to exclude presentations made to angel investor groups and others from the definition of ‘general solicitation’.

Special Purpose Crowdfunding Vehicles: Crowdfunding investors can now form “crowdfunding vehicles” advised by investment advisors to invest as a group rather than as disparate, individual shareholders.

Analysis / Impact

These changes would be significant steps forward for the startup space (Note: the Act must, of course, still be passed by the Senate, signed into law and implemented). With fast-moving and highly technical investment opportunities like cryptocurrency, the definition of “professional knowledge” is changing. It is nice to see a shift toward an understanding that professional knowledge is inherently valuable and can give well-informed individuals access to early investments into start-ups, and businesses at all stages of the capital formation life cycle.

The Reg D modification seems to be an extension of the shifting view in securities regulation away from focusing on ‘offers’ and, instead, focusing on ‘sales’. The clarification that activities such as demo days and pitch events do not constitute general solicitation under Reg D would seem to be a recognition of a reality that already exists in those environments and brings lower level ‘testing the waters’ activities into the sunshine. The new exemption is provided so long as:  the event advertising does not reference or specify offerings of securities and the event sponsor is not offering investment advice to event participants nor is engaging in investment negotiations, charging fees, or receiving certain compensation; and the information provided does not extend beyond the type and amount of securities being offered, the amount of securities already subscribed for, and the issuer’s intended use of the securities offering proceeds. With the growth of incubators and accelerator programs, the ambiguity between general solicitation and pitches has been questioned numerous times. The clarity offered in the Act finally adds some guardrails to that grey area.

Finally, the Special Purpose Crowdfunding Vehicle seeks to address one of the most significant issues with equity offerings under Reg CF (although, from the author’s perspective, many more still exist!). Currently, using crowdfunding platforms like Angelist, accredited investor groups often form a special purpose vehicle using Reg D to invest jointly in a company. The obvious benefit to the issue is that there is only one shareholder on the cap table rather than thousands. The cost and difficulty in getting shareholder approval from thousands of disparate investors every time shareholder consent is required has kept many companies from utilizing Reg CF.

With respect to non-accredited investors, the Act addresses this issue by allowing small investors to form a special purpose vehicle guided by a sophisticated investor who, additionally, has a fiduciary duty to represent their interests and negotiate on the small investor groups’ behalf. Similarly to accredited investors forming special purpose vehicles under Reg D, a special purpose vehicle for crowdfunding would represent one shareholder on the issuing company’s cap table. Although it seems to be a hopeful aspect that qualified intermediaries will actually find it lucrative to act in this capacity and will wish to do so (which will remain to be seen), nevertheless, this addition provided by the Act may allow companies that are shying away from Reg CF to use it more going forward.

We will be following this Act closely as we continue advising our start-up and investor clients on these and other developments in unlocking innovation and growth in small businesses.

Commentary by Stan Sater  & Jeffrey Bekiares, Esq.  Jeff is a securities lawyer with over 8+ years of experience, and is co-founder at both Founders Legal and SparkMarket. He can be reached at [email protected]



Should My Company Have a Privacy Shield Certification?

We are now two months into Europe’s new General Data Protection Regulation (“GDPR”), which extends the jurisdictional scope of European data protection law. As a result, GDPR applies extraterritorially to any organization that can be reached by an EU citizen. GDPR imposes harsher data protection requirements that give way to substantial penalties for non-compliance, which include administrative fines up to 4% of annual worldwide revenue. These steep fines have forced businesses across the U.S. (and the world) to reconsider their EU business strategy. Additionally, many companies are compelled by their clients or partners to comply with GDPR. Fortunately, and for the time being, there is an alternative regulatory mechanism that allows U.S. businesses to conform to EU data transfer laws.

The EU-U.S. and Swiss-U.S. Privacy Shield

In July 2016, the U.S. Department of Commerce and the European Commission approved the EU-U.S. Privacy Shield Framework while the Swiss Administration approved the Swiss-U.S. Privacy Shield in July 2017 (collectively, the “Privacy Shield”). The Privacy Shield, which serves as an adequacy decision under GDPR, is a data protection framework that allows companies on both sides of the Atlantic to transfer personal data from the EU to the U.S. The Privacy Shield replaced the U.S.-EU Safe Harbor Framework (the “Safe Harbor”) after the Safe Harbor was struck down by the Court of Justice of the European Union in October 2015. The Privacy Shield’s purpose is to bridge the different privacy protections afforded to U.S. and EU citizens. The Privacy Shield Principles include the data subject’s right to be informed; limitations on the use of the data subject’s data for different purposes; obligations to secure the data subject’s data; obligations to protect the data subject’s data if transferred to another company; the data subject’s right to access and correct their data; the data subject’s right to file a complaint and obtain a remedy; and redress in case of access by U.S. public authorities. Companies may undertake Self-Certification (often with the assistance of counsel) and the U.S. Department of Commerce is in charge of issuing Self-Certification determinations. U.S. Participants in the Privacy Shield are subject to the Federal Trade Commission’s broad jurisdiction.

Should I Get Self-Certified?

In light of the stricter regulation of European data transfers to the U.S., not complying with the necessary data protection laws may impact your ability to adequately cater to European customers, or to partner with or provide services to other US entities that are subject to GDPR. Accordingly, for many businesses, there are significant motivators to comply.

A company may be eligible to certify to the Privacy Shield if it transfers EU or Swiss personal data to the U.S., or receives or accesses EU or Swiss personal data. At the core, seeking Privacy Shield Self-Certification is a business decision requiring an understanding of how and at what frequency your business interacts with EU data.

While thousands of companies are enjoying the benefits of the Privacy Shield, it is worth noting that on July 5, 2018, the members of European Parliament called for a suspension of the Privacy Shield unless the U.S. fully complies with GDPR by September. All eyes will be on the European Commission as the September Privacy Shield annual review approaches.

Compliance is a moving target. The regulatory framework for privacy worldwide is evolving. Numerous government and consumer agencies, as well as public advocacy groups, have called for new regulation coupled with changes in industry practices. Further, new laws and regulations will be adopted in and around the United States, as most recently seen in California, and existing laws and regulations may be interpreted in new ways. Navigating the data privacy regulatory landscape is complex and requires continual monitoring.

Contact the Authors at [email protected] and [email protected] to discuss these and other issued related to data privacy, intellectual property, and technology law.