The Business Law Section meets during the year and plans CLE seminars, programming, and initiatives to support this area of practice and bar members. The Section drafts, proposes, and reviews legislation such as improvements to the Business Corporation Act, the Uniform Partnership Act, the Limited Liability Companies Act, the Uniform Commercial Code, and the Non-profit Corporation Act. Committees monitor developments in their specific areas.

Eran is an AI, cybersecurity, and intellectual property lawyer as well as a Fellow at Stanford Law School, a member of the Advisory Board of Stanford Law School’s Stanford Artificial Intelligence & Law Society, an adjunct professor of law at the University of Minnesota Law School, and a member of the Scientific Council of the Israeli Association for Ethics in Artificial Intelligence.

In his practice, Eran counsels clients on a wide variety of matters related to AI, cybersecurity, privacy, technology law, trademarks, patents, and copyright issues. Eran also serves in a variety of cybersecurity thought leadership roles and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to set, promote, and sustain cybersecurity best practices.

At Stanford Law School, Eran writes and lectures on the intersect between law and AI and is a frequent speaker at Stanford's annual Digital Economy Best Practices Conference. He has been cited in Oxford University Professor Marcus Du Satoy’s book The Creativity Code: Art and Innovation in the Age of AI and has been interviewed on AI, cybersecurity, privacy, and technology law by Bloomberg Law, BBC, Canadian Broadcasting Corporation (CBC) radio, KABC radio, Minnesota Public Radio, Twin Cities Business magazine, Star Tribune, Minnesota Lawyer, TheStreet.com, Quartz magazine, and Stanford University Radio, KZSU FM.

The book delivers a comprehensive analysis of the legal framework governing business and commerce in Minnesota, from choosing the right business entity and understanding tax implications to resolving shareholder disputes and navigating secured transactions.

For more information or to order, go to LexisNexis Minnesota Business and Commercial Law.

Susan is ranked in Chambers USA among the top corporate/M&A attorneys in Minnesota. She represents clients in general corporate, taxation, and nonprofit matters, drawing from a diverse background in government, accounting, and law to serve as a holistic business advisor. Susan regularly counsels clients on mergers and acquisitions, business formation, joint ventures, and general corporate matters, and she frequently assists with tax controversies, audits, appeals, planning, and structuring, as well as researching tax law and drafting legal appeals and memoranda. Susan also serves on the Maslon board of directors.

Katie, chair of the Corporate & Securities Group, assists clients across a broad range of corporate and transactional legal needs. She has managed and negotiated complex mergers & acquisitions, corporate reorganizations, buy-sell agreements, and business succession agreements. Her expertise also includes negotiating, drafting, and revising commercial contracts, with particular focus on technology-related agreements. In addition, she ensures clients remain up to date and compliant on data retention, website terms of use, and website privacy policies.

Terri, a business attorney and mediator, focuses her practice on M&A, restructurings and shareholder business divorces, and mediation of commercial disputes. She currently serves as a senior counsel with Maslon.

Yujin advises clients on contract drafting and negotiation, compliance issues, and general corporate law. Her background in international trade informs her approach to common and uncommon business challenges and how to successfully manage them.

Jessica assists clients in general corporate law, nonprofit formation, contracts, and mergers and acquisitions. Prior to attending law school, Jessica earned her master’s degree from Georgetown University in art and museum studies, and gained valuable experience as a museum collections and exhibitions manager and as a grant writer.

Matthew is an accomplished attorney and seasoned entrepreneur who returned to private practice after a decade of successfully running his own business. As the principal co-founder and board chair of Bauhaus Brew Labs, Matt has personally walked in the shoes of business owners, honing his capabilities in business finance, commercial transactions, strategic planning, and regulatory issues.

Laura is a Corporate & Securities Group associate who collaborates with corporate clients to achieve their business goals while protecting their legal interests. Laura focuses on mergers and acquisitions, contract drafting and negotiation, and legal compliance. She has a passion for helping small business owners and finds that these relationships are the driving force behind her work.

"I am looking forward to learning more about Minnesota businesses, the challenges they face, and the issues that will shape the future of our state," Katie said. "I'm especially excited about the visits we will make to businesses throughout the state and the opportunity to talk with industry leaders."

Katie assists clients across a broad range of corporate and transactional legal needs. She has managed and negotiated complex mergers & acquisitions, corporate reorganizations, buy-sell agreements, and business succession agreements. Her expertise also includes negotiating, drafting, and revising a variety of commercial contracts, with particular focus on technology-related agreements. She ensures clients remain up to date and compliant on data retention, website terms of use, and website privacy policies, and she protects her clients' intellectual property interests in the areas of copyrights and trademark application and management.

Clients also rely on Katie's expertise in corporate governance issues; she frequently acts as outside general counsel, providing guidance on entity formation, operating agreements, shareholder control agreements, ownership disputes, employment disputes, and the drafting of company policies regarding communications, signing authority, spending authority, and related matters.

The shockwaves from the CrowdStrike incident continue to spread, and naturally companies are feeling increasingly vulnerable.

Fortunately, there is a way for companies to minimize possible future damage in the event of a similar cyber attack. A good place to start is to focus on your cybersecurity supply chain management policies and procedures.

Review Your Cybersecurity Contracts

Each vendor that provides cybersecurity products or services to your company, as Crowdstrike did for many, should have an agreement that governs the relationship. The agreement should be structured and customized based on what that vendor provides and not reflect a one-size-fits-all approach. Some vendors provide mission-critical products or services, others do not. For those that do, a more cautious and thorough approach to the contract review and negotiations is advisable.

An agreement based on the vendor’s standard form is likely to contain language that is favorable to the vendor, including very limited (if any) indemnification provisions and a low liability cap. Companies should make sure that the agreements require the vendor be liable for and indemnify the company for damages arising from these cyber attacks (with no liability cap or a super cap for these damages) and have adequate cyber insurance. The vendor knows best what could go wrong in the deal, so it is reasonable to demand it has appropriate mitigation measures in place and explicitly identifies those measures in the agreement. Excusing the vendor’s performance (i.e., carve-out from liability or indemnification provision) should be limited only to incidents that are outside of its reasonable control.

An incident outside of a vendor’s reasonable control is what the force majeure clause is for. It is typically found towards the end of the main part of the agreement and is often overlooked. Again, if you are working off the vendor’s form, watch out for language that lets the vendor use it to get off the hook. The key is to carefully word the clause in such a way that the vendor’s ability to use it as a means to excuse its obligations is very limited. Consider, for example, a cybersecurity error by someone in the vendor’s own supply chain. The vendor might want to use that as an excuse for offloading any liability, but that should not be allowed to count as a force majeure incident. Preventing something like this from derailing the vendor’s services is usually within the vendor’s control, and the language in the clause should reflect that. Another thing a force majeure provision can give you is the right to terminate the agreement if the vendor cannot perform its obligations due to a cyber attack and its failure remains ongoing for a period of time you specify.

Your IT and security teams should also review the security standards in the agreement to ensure that the vendor has appropriate physical, administrative, and technical controls. If the contract involves a mission-critical product or service or touches key data, systems, or infrastructure, the company should consider having its own mandatory security terms to which the vendor must agree.

Negotiating these agreements requires consideration of many variables: the vendor’s size, its financial and operational capacity, the size of its end user base, its track record, your risk tolerance, the value of the contract, alternative service providers, etc. That information should help determine, for example, which checklists to use, what language to avoid, and what to require. This will help ensure the agreement you sign fits your needs.

We Can Help

Maslon attorneys can guide businesses needing legal assistance with their cybersecurity supply chain management and other complex issues. Reach out to us to ensure you are prepared to minimize possible damage in the future.

For more information or to register, go to Minnesota CLE: 2024 Midwest Legal Conference on Data Privacy & Cybersecurity.

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

The co-author of The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association, Eran is a fellow at Stanford Law School, a member of the advisory board of the Stanford Artificial Intelligence Law Society, and a member of the Scientific Council of the Israeli Association for Ethics in Artificial Intelligence. He also serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersect between the law and artificial intelligence. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices.

Step 1: Review Your Privacy Policy

The easiest thing to do right away is look at your privacy policy’s version date. If more than six months have passed since it was updated, you have updates to make. (If you do not see a version date, assume it needs updating.)

Next, consider whether you should complete this update internally or need to outsource. Internal business leaders and other resources are no doubt best positioned to lead these efforts. When engaged early, effective outside counsel can add value and help minimize risk by (1) ensuring everything is appropriately covered, (2) providing key insights into what similarly situated companies are doing, and (3) issue-spotting based on the current litigation landscape.

Step 2: Conduct a Privacy Impact Assessment (PIA)

Once the privacy policy update process is complete or underway, we recommend running a privacy impact assessment (PIA). This is a process for assessing and ensuring compliance with applicable legal, regulatory, and internal policy privacy requirements. At a high level, a PIA will help you promptly identify risks in your privacy practices and evaluate possible mitigation measures before an urgent need to do so arises.

Step 3: Develop a Cadence for Repeating Steps 1 and 2

Complying with privacy laws in the U.S. requires an ongoing commitment. Setting up a process to routinely and periodically review and update your privacy policies and procedures is not just a good idea, but increasingly legally required.

We Can Help

Maslon can help your company update its privacy policy and related procedures and conduct a PIA to ensure you remain compliant.

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

The co-author of The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association, Eran is a fellow at Stanford Law School, a member of the advisory board of the Stanford Artificial Intelligence Law Society, and a member of the Scientific Council of the Israeli Association for Ethics in Artificial Intelligence. He also serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersect between the law and artificial intelligence. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices. To that end, Eran serves as general counsel of InfraGard (Minnesota Chapter) and as a member of the Governance Committee of the InfraGard National Members Alliance, a public-private sector organization affiliated with the FBI. He also serves on the advisory board of MN Cyber, an organization dedicated to position Minnesota as a national leader in cybersecurity.

The event is sold out.

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

The co-author of The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association, Eran is a fellow at Stanford Law School, a member of the advisory board of the Stanford Artificial Intelligence Law Society, and a member of the Scientific Council of the Israeli Association for Ethics in Artificial Intelligence. He also serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersect between the law and artificial intelligence. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices. To that end, Eran serves as general counsel of InfraGard (Minnesota Chapter) and as a member of the Governance Committee of the InfraGard National Members Alliance, a public-private sector organization affiliated with the FBI. He also serves on the advisory board of MN Cyber, an organization dedicated to position Minnesota as a national leader in cybersecurity.

The new incident disclosure requirements will be applicable to material incidents—defined below—occurring after Dec. 18, 2023. Smaller reporting companies have an additional 180 days before they need to comply with this requirement. Most companies will need to file annual reports in accordance with the new rule starting Dec. 15, 2023, with certain smaller companies commencing reporting on June 15, 2024.

What Do I Need to Disclose?

The definition of a cybersecurity incident includes "a series of related unauthorized occurrences." "Related" events include those orchestrated by the same threat vector or the exploitation of the same vulnerability. Identifying "related" cyber occurrences requires a robust cybersecurity infrastructure.

The incident response plan, the forensics team, and legal counsel play an important role in determining whether incidents are "related." Periodic (at least once a year) table-top exercises should be conducted in order to make sure the organization is prepared to deal with an incident.

Using Form 8-K, companies must disclose the material aspects of any incident, including its nature, scope, and timing, as well as the incident's material impact or the material impact that is reasonably likely.

How Quickly Do I Need to Disclose a Cybersecurity Incident?

The SEC emphasized the importance of timely disclosure once a breach is determined to be "material." Barring a delay arising from national security or public safety concerns, companies will now be required to disclose material breaches in a Form 8-K within four business days from the time of determination, rather than from the initial discovery of the breach.

A quick determination of whether a cybersecurity incident is "material" can be tough to make. To meet this requirement, companies must have robust cyber detection and response capabilities along with effective, up-to-date supply chain management practices. This entails having in place proper incident detection tools (such as those aligned with the National Institute of Science and Technology Cybersecurity Framework), relevant policies and procedures (such as an IT policy, incident response plan, information security policy, and supply chain management protocols), competent legal counsel, and proven forensic capabilities to assist in quickly making the right determinations.

All the material aspects of the incident should be identified in the incident response plan, and the disclosure should follow the information contained in the plan.

Third-Party Breaches

Public companies must pay attention not only to their own cybersecurity incidents but those experienced by entities in their supply chain to determine if any cause them a material impact, in which case the above disclosure requirements apply.

This requires periodic review of the company's current supply chain management practices. Companies should ensure that they have the right to conduct periodic audits and other assessments.

Annual Disclosure Requirements

In addition to disclosing incidents in real time, companies will be required to describe their processes for assessing, identifying, and managing material risks from cybersecurity threats in their annual reports on Form 10-K or Form 20-F, as applicable. Companies are not required to disclose specifics regarding their cybersecurity incident response plans or detailed information around their cybersecurity infrastructure, networks, or vulnerabilities if such disclosure is likely to hinder their ability to effectively address and resolve cybersecurity incidents.

Adhering to the NIST Cybersecurity Framework or another well-known and respected cybersecurity framework can help facilitate these processes.

Do I Still Need Experts on My Board of Directors?

The SEC's final rule no longer requires the identification of board members with cybersecurity expertise. Instead, it instructs companies to disclose the relevant expertise of any members of management or committees responsible for assessing and managing registrants' material cyber risks.

This elevates the importance of having a chief information security officer (CISO) who reports to the board. The CISO should have proven experience in managing cybersecurity incidents.

We Can Help

Maslon can assist your company in improving its cybersecurity game to ensure it is aligned with the SEC's vision. Contact us with questions or concerns.

First Step to Take

The privacy impact assessment (PIA) is a process for assessing and ensuring compliance with applicable legal, regulatory, and internal policy privacy requirements. The law does not prescribe how to conduct this assessment, leaving companies free to use whichever method is reasonably designed to yield the proper results. In other words, as long as the selected PIA method enables your company to: (1) promptly identify risks and the likely effects of processing personally identifiable information (PII), and (2) evaluate existing and possible mitigation measures, then the selected PIA method should be legally acceptable.

Companies that have a track record of doing business in the European Economic Area, Switzerland, or the United Kingdom are already familiar with the PIA, as this is a requirement under the General Data Protection Regulation (GDPR) and similar laws. In the United States, however, this is a relatively newer requirement. Some U.S. state privacy laws (California, Colorado, Virginia, and Connecticut) have begun embracing the PIA, but others (such as Utah) have not. Unfortunately, this makes it more difficult to assess compliance.

Tips for Compliance

One of the best practices to deal with the challenge of conflicting privacy laws by jurisdiction is to opt in to a most-restrictive policy approach. Under this, your company opts to comply with certain provisions that, while they are not required within the geographical scope of your sales and marketing activities, still make sense from an operational perspective.

Alternatively, your company can opt to conduct a state-by-state determination and fashion its compliance policies and procedures accordingly. However, because the PIA is a proven and useful method for identifying and promptly mitigating risks associated with data processing activities (including, collection, use, retention, security, and disposal), the case for using it is a strong one.

Does My Company Need a PIA?

Not all data processing activities require a PIA. For example, if your company is not processing PII, there is no need to conduct a PIA. Companies can also opt to conduct a PIA only where the data processing activities involve higher risk. Colorado, Connecticut, and Virginia laws, for example, require data owners (referred to as “data controllers”) to use a PIA for high risk processing activities such as targeted advertising, sales of PII, and financial services. California does not yet define the type of processing activities that require a PIA, except that it notes that it should be used where the processing presents a “significant risk” to consumer privacy or security; this will likely be clarified as time goes on.

Is It Worth the Time and Expense?

Implementing a PIA culture into your company can be a time-consuming task. But the benefits of increasing operational efficiency, lowering your company’s risk profile, mitigating complaints involving the processing of PII, and generally enhancing public trust in your company’s handling of PII likely outweigh the costs.

How Did We Get Here?

The first comprehensive state privacy law was introduced by California in 2018 in the form of the California Consumer Privacy Act (CCPA). It was not long before more states followed suit. Today there are eight more privacy laws to contend with and 12 more working their way through the legislative process.

We Can Help

Maslon can help your company implement a PIA on a case-by-case basis or with a broader policy level approach.

1. Carefully review your agreement with the application service provider. Make sure you understand the scope of protection provided in case the application produces harmful results. If the protection is not enough, point it out and negotiate more favorable terms.
2. Understand the data “pedigree” you are using. Make sure your service provider or data broker uses data that is diverse, representative, and free from discrimination.
3. Be transparent about your use of AI. Inform candidates about how their job application data is being used and allow them to opt out of an AI process.
4. Don’t let AI have the final word. Allow for human judgment, intuition, critical thinking, and soft skills to guide any official hiring decision.

We Can Help
 
Contact Maslon for advice and direction on any questions you have about the use of AI in your company or organization.

For more information or to register, go to IE University: Encouraging Responsible AI Development

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

The co-author of The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association, Eran is a fellow at Stanford Law School and a member of the advisory board of the Stanford Artificial Intelligence Law Society. He also serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersect between the law and artificial intelligence. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices. To that end, Eran serves as general counsel of InfraGard (Minnesota Chapter) and as a member of the Governance Committee of the InfraGard National Members Alliance, a public-private sector organization affiliated with the FBI. He also serves on the advisory board of MN Cyber, an organization dedicated to position Minnesota as a national leader in cybersecurity.

Eran has been interviewed on artificial intelligence, cybersecurity, privacy, and technology law for Bloomberg Law, BBC, Canadian Broadcasting Corporation (CBC), KABC Radio, WCCO Radio, Minnesota Public Radio, the Star Tribune, TheStreet.com, Stanford University Radio, KZSU FM, Twin Cities Business magazine, and Quartz.

For more information or to register, go to: 2022 Midwest Legal Conference on Privacy & Data Security.

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

The co-author of The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association, Eran is a fellow at Stanford Law School and a member of the advisory board of the Stanford Artificial Intelligence Law Society. He also serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersect between the law and artificial intelligence. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices. To that end, Eran serves as general counsel of InfraGard (Minnesota Chapter) and as a member of the Governance Committee of the InfraGard National Members Alliance, a public-private sector organization affiliated with the FBI. He also serves on the advisory board of MN Cyber, an organization dedicated to position Minnesota as a national leader in cybersecurity.

During the presentation, titled "The Things That Can Get You in Trouble: IoT, AI, and Cybersecurity All Rolled Into One," Eran will discuss the use and benefits of using AI with Internet of Things (IoT) devices and in cybersecurity applications.

To register, go to: 2022 AIPLA Mid-Winter Institute.

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

The co-author of The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association, Eran serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersection between the law and artificial intelligence. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices. To that end, Eran serves as general counsel of InfraGard (Minnesota Chapter) and as a member of the Governance Committee of the InfraGard National Members Alliance, a public-private sector organization affiliated with the FBI. He also serves on the advisory board of MN Cyber, an organization dedicated to position Minnesota as a national leader in cybersecurity.

To register, go to Stanford Webinar Registration.

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

The co-author of The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association, Eran is a fellow at Stanford Law School and a member of the advisory board of the Stanford Artificial Intelligence Law Society. He also serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersect between the law and artificial intelligence. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices. To that end, Eran serves as general counsel of InfraGard (Minnesota Chapter) and as a member of the Governance Committee of the InfraGard National Members Alliance, a public-private sector organization affiliated with the FBI. He also serves on the advisory board of MN Cyber, an organization dedicated to position Minnesota as a national leader in cybersecurity

To register, go to: "Artificial Intelligence, Internet of Things, and the Law," New Technology and the Law Seminar.

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

The co-author of The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association, Eran is a fellow at Stanford Law School and a member of the advisory board of the Stanford Artificial Intelligence Law Society. He also serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersect between the law and artificial intelligence. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices. To that end, Eran serves as general counsel of InfraGard (Minnesota Chapter) and as a member of the governance committee of the InfraGard National Members Alliance, a public-private sector organization affiliated with the FBI. He also serves on the Advisory Board of MN Cyber, an organization dedicated to position Minnesota as a national leader in cybersecurity.

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

In addition, Eran is a Fellow at Stanford Law School and a member of the advisory board of the Stanford Artificial Intelligence Law Society. He also serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersect between the law and artificial intelligence and is the co-author of the book The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices. To that end, Eran serves as general counsel of InfraGard (Minnesota Chapter), a public-private sector organization affiliated with the FBI. He also serves on the Advisory Board of MN Cyber, an organization dedicated to position Minnesota as a national leader in cybersecurity.

Eran has been interviewed on artificial intelligence, cybersecurity, privacy, and technology law for Bloomberg Law, BBC, Canadian Broadcasting Corporation (CBC), KABC Radio, WCCO Radio, Minnesota Public Radio, Star Tribune, TheStreet.com, Stanford University Radio, KZSU FM, Twin Cities Business magazine, and Quartz.

To learn more or to register, go to: Minnesota State Bar Association, "Beyond the Barking Dog - Ethics and Security Issues in Remote Practice."

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

In addition, Eran is a Fellow at Stanford Law School and a member of the advisory board of the Stanford Artificial Intelligence Law Society. He also serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersect between the law and artificial intelligence and is the co-author of the book The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices. To that end, Eran serves as general counsel of InfraGard (Minnesota Chapter), a public-private sector organization affiliated with the FBI. He also serves on the Advisory Board of MN Cyber, an organization dedicated to position Minnesota as a national leader in cybersecurity.

To learn more or to register, go to: Minnesota CLE, 2021 Midwest Legal Conference on Privacy & Data Security.

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

In addition, Eran is a Fellow at Stanford Law School and a member of the advisory board of the Stanford Artificial Intelligence Law Society. He also serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersect between the law and artificial intelligence and is the co-author of the book The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices. To that end, Eran serves as general counsel of InfraGard (Minnesota Chapter), a public-private sector organization affiliated with the FBI. He also serves on the Advisory Board of MN Cyber, an organization dedicated to position Minnesota as a national leader in cybersecurity.

Eran has been interviewed on artificial intelligence, cybersecurity, privacy, and technology law for Bloomberg Law, BBC, Canadian Broadcasting Corporation (CBC), KABC Radio, WCCO Radio, Minnesota Public Radio, Star Tribune, TheStreet.com, Stanford University Radio, KZSU FM, Twin Cities Business magazine, and Quartz.

To learn more or to register, go to: Minnesota CLE, Advising Businesses That Sell Goods or Services Online.

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

In addition, Eran is a fellow at Stanford Law School and a member of the advisory board of the Stanford Artificial Intelligence Law Society. He also serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersect between the law and artificial intelligence and is the co-author of the book The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices. To that end, Eran serves as general counsel of InfraGard (Minnesota Chapter), a public-private sector organization affiliated with the FBI. He also serves on the Advisory Board of MN Cyber, an organization dedicated to position Minnesota as a national leader in cybersecurity.

To learn more, go to: Minnesota Department of Transportation, Connected and Automated Vehicles.

Eran is an experienced attorney concentrating his practice on cybersecurity, artificial intelligence, and intellectual property law. He counsels clients on a wide variety of matters related to cybersecurity, privacy, technology law, artificial intelligence, trademarks, patents, and copyright issues.

In addition, Eran is a Fellow at Stanford Law School and a member of the advisory board of the Stanford Artificial Intelligence Law Society. He also serves in a variety of cybersecurity thought-leadership roles in which he publishes and lectures on the intersect between the law and artificial intelligence and is the co-author of the book The Law of Artificial Intelligence and Smart Machines, a publication of the American Bar Association. Eran is a graduate of the FBI's Citizen Academy and works closely with the FBI, Department of Justice, Secret Service, and colleagues from the private and academic sectors to promote and sustain cybersecurity best practices. To that end, Eran serves as general counsel of InfraGard (Minnesota Chapter), a public-private sector organization affiliated with the FBI. He also serves on the Advisory Board of MN Cyber, an organization dedicated to position Minnesota as a national leader in cybersecurity.

Eran has been interviewed on artificial intelligence, cybersecurity, privacy, and technology law for Bloomberg Law, BBC, Canadian Broadcasting Corporation (CBC), KABC Radio, WCCO Radio, Minnesota Public Radio, Star Tribune, TheStreet.com, Stanford University Radio, KZSU FM, Twin Cities Business magazine, and Quartz.

• Term. The minimum term to repay any non-forgiven proceeds for any new PPP loans is extended from 2 to 5 years (the interest rate remains at 1%). For existing loans, lenders and borrowers will have to agree to an extension.
• Covered Period. Under the prior program rules, for the loan to be forgiven, a borrower needed to use loan proceeds on specified eligible expenses during the 8-week period after receiving the loan or the 8-week period starting on the date of the first payroll cycle after receiving the loan. Now, current PPP borrowers can opt to extend the period to 24 weeks following receipt of loan proceeds, or elect to keep the original 8-week period. Any new PPP borrowers will have a 24-week covered period, but such period cannot extend beyond December 31, 2020. It is unclear at the time how the move to a 24-week covered period will impact the $15,385 cap payment to any individual employee during the 8-week period (i.e. $100,000 annualized for the 8-week period), referenced in the SBA Rules and Loan Forgiveness Application. Updated guidance from the SBA is expected. Importantly, the extension of the covered period does not extend the deadline to apply for a PPP loan, with applications for new PPP loans being accepted through June 30, 2020.
• Payroll Cost. To qualify for loan forgiveness, borrowers now must spend 60% of loan proceeds on payroll costs (previously, the SBA imposed a 75% requirement), and may use up to 40% of loan proceeds on interest payments on mortgage obligations (excluding prepayments of or payments of the principal), rent payments, or utility payments. Importantly, although this 60/40 requirement provides additional flexibility, it now appears to be a "cliff." The borrower must spend a minimum of 60% of its loan on payroll costs or none of the loan will be forgiven (i.e. if you spend 41% of loan proceeds on rent and utilities, the entire loan becomes ineligible for forgiveness).
• Rehire Safe Harbor. Previously, to be eligible for full loan forgiveness, a borrower was required to restore its full-time equivalent employee ("FTE") level and restore reduced wages (reduced by more than 25%) to the February 15, 2020 levels by June 30, 2020. This date is extended to December 31, 2020.
• Employee Availability Exemption. New under the Act, borrowers will be now exempted from a proportional reduction in loan forgiveness due to a reduction in the number of FTEs if, in "good faith," the borrower is able to document that between February 15, 2020, and December 31, 2020, the borrower was unable to (1) rehire employees who had been employed on February 15, 2020, or hire similarly qualified employees for unfilled positions on or before December 31, 2020; or (2) return to the same level of business activity at which such business was operating at before February 15, 2020, due to compliance with federal guidance related to the maintenance of standards for sanitation, social distancing, or any other worker or customer safety requirement related to COVID–19.
• Extended Deferral Period. The Act removes the previous 6-month period to defer PPP loan payments and provides instead for deferral until the borrower applies for forgiveness. However, in the event the borrower fails to apply for forgiveness within 10 months after the last day of the covered period for PPP loan forgiveness, the borrower must then begin making payments of principal, interest, and fees on the loan.
• Defer Payroll Taxes. Borrowers may now defer payment of payroll taxes incurred between March 27 and December 31, 2020 (previously, borrowers were prohibited from both obtaining a PPP loan and utilizing this tax deferral under the CARES Act).

Next Steps

In light of these reforms, current borrowers should consider taking the following steps:

1. Reach out to your lender to request a loan term extension if you think any portion of the loan might not be forgiven.
2. If you elect to use the 24-week covered period, recalculate your payroll costs for the 24-weeks from your loan origination date. If you reduce the amount of loan proceeds you are using on payroll costs, ensure you are still using at least 60% of the proceeds on payroll.
3. If you anticipate difficulties in eliminating the reduction in the number of FTEs by December 31, 2020 (i.e., hiring similarly qualified or re-hiring the same employees to your pre-February 15, 2020 numbers), or you have concerns about the ability for your business to return to the same level of business activities by such time, thoroughly document any evidence supporting these concerns and your related business decisions. For example, document all written job offers, rejections and job postings, and all steps your business is taking to comply with OSHA, CDC, and HHS procedures.

We Can Help

Please contact Maslon's Corporate & Securities Group if you have questions or need assistance taking advantage of the relief provided under the CARES Act, as amended by the Paycheck Protection Program Flexibility Act of 2020.

Ordinarily, to be eligible for an SBA Section 7(a) business loan, businesses must be unable to obtain credit elsewhere. The PPP waives this "credit elsewhere" test, thereby expanding greatly the pool of potential business applicants. However, the PPP requires that a business certify in good faith that "[c]urrent economic uncertainty makes [its] loan request necessary to support [its] ongoing operations."

Prior to April 23, 2020, the SBA had offered little guidance on the meaning of this certification. But in the wake of high-profile publicly held companies returning their PPP loan proceeds, the SBA clarified on April 23, 2020, that this certification requires businesses to "take into account their current business activity and their ability to access other sources of liquidity sufficient to support their ongoing operations in a manner that is not significantly detrimental to the business." The SBA stated further that "it is unlikely that a public company with substantial market value and access to capital markets will be able to make the required certification in good faith, and such a company should be prepared to demonstrate to the SBA, upon request, the basis for its certification." Unfortunately, neither "substantial market value" nor "access to capital markets" was defined.

Key Considerations
This guidance raises potential issues for businesses who have already received PPP loans. Business recipients of a PPP loan must consider whether, in light of the SBA's new guidance, its certification of need ("necessary to support ongoing operations") remains accurate and made in good faith. This applies with equal force to private and publicly held companies.

However, the language in the SBA's new guidance raises especially difficult issues for publicly held companies. Despite meeting PPP size and affiliation requirements, publicly held companies need to consider whether they have "substantial market value" and "access to capital markets" given the lack of definitions of these terms. Further, the SBA's requirement that businesses analyze "their ability to access other sources of liquidity sufficient to support their ongoing business operations" appears to directly contravene the waiver of the "credit elsewhere" test.

While the SBA's language does not preclude all publicly held companies from obtaining a PPP loan, given the SBA's explicit example of an ineligible business as one that is publicly held, these companies must take extra precaution in analyzing their certification of need. Without further clarification on what constitutes "substantial market value," even publicly held companies with relatively small market capitalization must analyze whether they remain eligible.

Consequences of Bad Faith
Making a false statement in connection with obtaining a PPP loan can lead to serious consequences, including, but not limited to, criminal liability. However, on April 24, 2020, the SBA issued a supplemental Interim Final Rule on the PPP, providing a safe harbor for any business that applied for a loan prior to April 24, 2020, but now believes it is ineligible for lack of need. So long as such business applicant repays the loan in full by May 7, 2020, the SBA will deem the business to have made its certification in good faith.

Best Practices for Good Faith
Reports are emerging that some public companies of relatively large size are determining that they can retain their PPP loans despite the unclear language of the SBA guidance, while other companies are repaying their loans. Companies retaining the loans may have relied on language in the guidance that they are eligible if they are not able to "access other sources of liquidity sufficient to support their ongoing operations in a manner that is not significantly detrimental to the business." Given the requirement that the certification must be made in good faith, we encourage companies that conclude that they are eligible to obtain or retain the PPP loans in light of the SBA's guidance to carefully document their analysis in support of this conclusion.

We Can Help
Please contact Maslon's Corporate & Securities Group if you have questions or need assistance analyzing your eligibility for a loan under the Paycheck Protection Program.

President Trump signed into law an updated version of the CARES Act (the "Act") on March 27, 2020. The Act provides an estimated two trillion dollars' worth of relief for individuals and businesses in an effort to mitigate the effects of the ongoing COVID-19 pandemic. The Act makes available emergency funds in the form of loans, credits, and grants to businesses of all sizes.

Given the emergent situation, the Act was drafted and passed expeditiously, which resulted in certain provisions (and programs) lacking detail or otherwise requiring further rulemaking. The summary below provides our current understanding of the Act, but as more details are made available (i.e., rules are promulgated by the applicable government bodies and/or insight is gained from our experience with the Act), Maslon will provide updates. 

Update: The summary below has been updated to include information on the Main Street Lending Program announced on April 9, 2020, and to reflect clarifications found within the Interim Final Rule for the Paycheck Protection Program released on April 2, 2020 (the "Interim Final Rule"). The full Interim Final Rule is available at sba.gov.

Scroll down to view the full information on key resources available to businesses, including provision eligibility and processes, or use the below links to go directly to the section which interests you most:

• Business Loans
  • Paycheck Protection Loans for Small Businesses
  • Expansion of SBA Disaster Loans
  • Direct Loans for Eligible Businesses
  • Mid-Size Direct Lending Program (Pending)
  • Main Street Lending Program
• Tax Credits
  • Employee Retention Tax Credits
  • Delay of Payment of Employer Payroll Taxes
  • Net Operating Losses
• Additional Provisions

Business Loans

Paycheck Protection Loans for Small Businesses

The most significant financial resource available for small businesses under the Act is the "Paycheck Protection Program" (the "Program"). Employers with 500 or fewer employees can obtain loans under this Program through the Small Business Administration ("SBA") Section 7(a) loan program to pay for payroll costs and other expenses (e.g., interest on mortgage loans and other secured debt, rent and utility costs) from February 15, 2020, through June 30, 2020. Payroll costs include employee salary (up to $100,000/year for an individual employee), wages, commissions, payment for vacation, parental, family, medical, or sick leave, health and retirement benefits payments, and other costs.

The SBA clarified in the Interim Final Rule that payments made to independent contractors do not constitute payroll costs. The SBA clarified in the Interim Final Rule – Additional Eligibility Criteria and Requirements for Certain Pledges of Loans that payroll costs also include partnership draws. Partnerships and limited liability companies filing taxes as a partnership may report the self-employment income of general active partners as payroll costs (up to $100,000 annualized) on a PPP loan application filed by or on behalf of the partnership. A partner cannot submit a separate loan application as a self-employed individual. The Interim Rule is inconsistent on whether the payroll cost calculation is based upon the trailing twelve months prior to submitting a loan application or the prior calendar year. Maslon will provide additional updates as more guidance becomes available.

Loan Eligibility

Loans under the Program are available to the following businesses as long as the business was operational as of February 15, 2020, had employees, and paid wages and payroll taxes:

• Businesses with up to 500 employees, including part time employees.
• "Small business concerns" are generally eligible for SBA loans, which are independently owned and operated for-profit companies with a place of business in the U.S. (and that operate primarily within the U.S. or make significant contributions to the U.S. economy through the payment of taxes or use of American products, materials, or labor). This would generally exclude nationally-recognized companies. Whether a business is an eligible small business concern is determined by established SBA regulations, based upon limits on either revenue or employee count. Such limits vary by industry. Refer to the SBA's Table of Small Business Size Standards Matched to NAICS Codes, available at sba.gov.
• Businesses in the Accommodation and Food Service Industries (e.g., full-service restaurants, hotels) are eligible provided that if the business has more than one physical location, it does not employ more than 500 employees at each location.
• SBA "affiliation rules"—meaning that the SBA generally counts the employees or annual receipts of a business's affiliates when determining eligibility—are also waived for: (1) businesses in the Accommodation and Food Service Industries that employ not more than 500 employees; (2) franchises; or (3) businesses that receive financial assistance from a small venture investment company licensed under the SBA. For example, if a restaurant owner owns 51% of another restaurant business, the general SBA rule that the employees or receipts of the second restaurant is/are counted in determining the business's eligibility is waived.

Loan Details

• Non-seasonal businesses (in existence between February 15, 2020, through June 30, 2020) may obtain loans for up to $10 million. However, the amount of the loan a non-seasonable business is eligible for would be the lesser of: (1) The average monthly payroll costs (as described above) during the year prior to making the loan x 2.5; or (2) $10 million. Note, however, that the outstanding amount of any loan made under the SBA's Disaster Loan Program between January 31, 2020, and the date upon which such loan may be refinanced as part of the Program will be added to the preceding sub-section (1), which could further increase the loan money available to a business.
• Standard fees for SBA Section 7(a) loans are waived for loans made under the Program. The SBA's "credit elsewhere" test (i.e., the requirement that a small business is unable to obtain credit elsewhere) is also waived for these loans.
• Loans are required to be without recourse, must be unsecured, and cannot require a personal guarantee. 
• No yearly or guarantee fees for the loan, and all prepayment penalties are waived.
• The SBA clarified in the Interim Final Rule that the interest rate for a loan is 1%.
• The SBA clarified in the Interim Final Rule that loan payments are deferred for six months. Interest will continue to accrue during the deferment period.
• The SBA clarified in the Interim Final Rule that least 75% of the loan amounts must be used for payroll costs.
• The SBA clarified in the Interim Final Rule that loan maturity is 2 years.
• Because payroll costs only include employee cash compensation and partnership draws up to $100,000/year, businesses should take care not to use loan proceeds to pay any portion of these items in excess of $100,000. For example, if an employee earns $120,000/year, the employer may use loan proceeds to pay $100,000 on a pro rata basis of the employee’s salary, but must pay the remaining $20,000 on a pro rata basis using other funds. For purposes of loan forgiveness, this means a maximum of $15,385 per individual of loan proceeds may be used during the eight-week covered period.
• Please note that if PPP funds are used for unauthorized purposes, the SBA will direct businesses to repay those amounts. Knowingly misusing these funds may subject the business, shareholders, partners, and/or members to additional liability, such as fraud charges.

Loan Forgiveness

• Loans used for eligible expenses incurred during the 8-week period following the date of origination may be forgiven. In addition to payroll costs, eligible expenses include mortgage and other secured-debt interest payments, rent, and utilities, so long as those expenses existed as of February 15, 2020. For non-seasonal employers, the amount eligible for forgiveness is reduced by the following formulas:
  1. For reductions in employees, the maximum amount eligible for forgiveness, multiplied by:
     1. The average number of full-time equivalent employees ("FTEs") per month, calculated by the average number of FTEs for each pay period within a month, for the period between February 15, 2020, through June 30, 2020, divided by either, at the election of the employer:
        • The average number of FTEs per month employed from February 15, 2019, to June 30, 2019; or
        • The average number of FTEs per month employed from January 1, 2020, to February 29, 2020.
  2. For reductions in wages, the amount of any reduction in total salary or wages of any employee for the period between February 15, 2020, through June 30, 2020, that exceeds 25% of the employee's salary or wages during the employee's most recent full quarter of employment before the period before February 15, 2020.
• Employers who have terminated employees or reduced employee wages may be relieved from these forgiveness reduction penalties if they rehire employees or make up for wage reductions by June 30, 2020. Specifically, the above calculations to reduce amounts eligible for forgiveness will not apply if an employer either:
  1. Reduces its number of employees between February 15, 2020, and April 26, 2020, but subsequently "eliminated the reduction in the number of full-time equivalent employees"; or
  2. Conducts a salary reduction between February 15, 2020, and April 26, 2020, but subsequently raises salaries to pre-February 15, 2020, levels by June 30, 2020.
• Loan funds used to pay additional wages to tipped employees are also eligible for forgiveness. The Act is unclear if this includes tips and base wages or just base wages.
• Any forgiven amounts will not be considered taxable gross income.
• The SBA is required to issue regulations on the specifics of loan forgiveness (and deferment) under the Program within 30 days of the Act's enactment (i.e., by April 26, 2020).
• The SBA clarified in the Interim Final Rule that forgiveness for non-payroll costs (e.g. mortgage interest, utilities) is limited to 25% of the total amount forgivable.

Loan Process

• To obtain a loan under the Program, eligible businesses should apply through participating lenders offering SBA loans. In applying, the business must make good faith certifications that:
  1. The uncertainty of current economic conditions makes the loan necessary;
  2. Acknowledge the funds will be used for the allowable expenses (i.e., applicable payroll costs, mortgage, and other secured loan interest, rent, and utilities);
  3. The eligible business does not have a duplicate SBA loan application pending; and
  4. The eligible business has not received any duplicative loan amounts under the Program at any time after February 15, 2020, through the date on which the business obtains a loan through the Program.
• A business may not obtain multiple loans through the Program for the same purpose (i.e., loans that are duplicative of other loans received under the Program).
• Self-employed individuals, sole proprietors, and independent contractors applying for loans under the Program are required to provide certain documentation to prove eligibility, such as payroll tax filings, Forms 1099-MISC, and income and expenses from the sole proprietorship. Beyond the additional documentation requirements, the application process for these individuals is the same as for other businesses.

Expansion of SBA Disaster Loans

The Act also expands business access to economic injury disaster loans ("EIDL") through the SBA Economic Injury Disaster Loan Program. This expansion will be in effect between January 31, 2020, through December 31, 2020. These types of loans were previously available only for small business concerns, as defined by SBA, but are now temporarily available to business concerns with up to 500 employees.

Loan Eligibility

• Small business concerns, defined above; or
• Businesses with up to 500 employees.

Loan Details

• Unlike the Paycheck Protection Program, the Act does not provide for forgiveness of EIDLs.
• The amount available under an EIDL is based upon cash flow projections and demonstrated need, with a cap at $2,000,000.
• Loans may be used to pay expenses incurred in the ordinary course of business. Ordinary expenses include, but are not limited, to:
  1. Providing sick leave to employees unable to work because of the ongoing pandemic;
  2. Maintaining payroll;
  3. Meeting increased supply chain costs;
  4. Rent and mortgage payments; and
  5. Repaying debts that cannot be paid due to lost revenue.
• In general, existing rules applicable to the terms of EIDLs apply. However, two existing requirements are revised for EIDLs obtained through December 31, 2020. Specifically, for loans made during this period:
  1. Personal guarantees are not required for loans up to $200,000; and
  2. The SBA will not require that the business is unable to obtain credit elsewhere.
• Interest rates are subject to change, but currently set at 3.75%.
• Term lengths of EIDLs are either 15 or 30 years.

Loan Advance

• A business applying for an EIDL in response to COVID-19 may request an emergency advance from the SBA for up to $10,000. The advance must be paid by the SBA to the business within three days after receipt of the application.
• An advance received does not have to be repaid by the business, even if the SBA ultimately denies the business's application for an EIDL.

Direct Loans for Eligible Businesses

The Act also provides $500 billion for loans, loan guarantees, and investments in the Federal Reserve's lending facilities to support "eligible businesses" particularly distressed by the ongoing pandemic, which include air carriers and U.S. businesses that have not received "adequate economic relief" in the form of other loans or loan guarantees under the Act. Note that loans under this program are not generally available to businesses that may have been adversely affected by COVID-19. Rather, particular industries that are most affected (e.g., airlines) would be eligible. The $500 billion is allocated as follows: $25 billion in loans and loan guarantees for air carriers; $4 billion in loans and loan guarantees for cargo air carriers; $17 billion in loans and loan guarantees for businesses critical to maintaining national security; and $454 billion for loans, loan guarantees, and investments in support of facilities established by the Federal Reserve.

Loan Eligibility

The business must:

• Be created or organized in the U.S.; and
• Have significant operations in and a majority of its employees based in the U.S.

Loan Details

• The loan must be entered into directly by the eligible business as the borrower and cannot be forgiven.
• The interest rate of the loan must be based on the risk and the current average yield on outstanding marketable obligations of the United States of comparable maturity.
• Any business receiving a direct loan is prohibited for 12 months after the term of the loan, from:
  1. For any officer or employee whose total compensation exceeded $425,000 in calendar year 2019, providing:
     1. Compensation to such individual over such amount over any consecutive 12 months during the covered period; or
     2. Severance benefits exceeding more than two times such 2019 compensation amount.
  2. For any officer or employee whose total compensation exceeded $3,000,000 in calendar year 2019, providing compensation that exceeds the sum of:
     1. $3,000,000, plus
     2. 50% of the amount in excess over $3,000,000 that the officer or employee received in calendar year 2019.
• Air Carriers and related contractors (e.g., persons that perform catering functions or other functions at an airport directly related to the air transportation of persons, property, or mail) are subject to the same executive compensation limits outlined above, except that the limits apply to the two-year period ending on March 24, 2022, rather than the 12 months following the term of the loan.
• Businesses that receive a loan may not conduct a stock buyback beyond the term of the loan, and must maintain at least 90% of its employment levels as of March 24, 2020, until September 30, 2020.

Mid-Size Direct Lending Program (Pending)

The Act also directs the Treasury Secretary to create a program to provide financing to banks and other lenders who make direct loans to mid-size businesses. Additional guidance on this program will be issued by the Treasury Secretary, including guidance that may permit receiving warrants, stock options, common or preferred stock or other equity under the program without triggering an ownership change under Section 382 of the Internal Revenue Code of 1986 (i.e., allowing more favorable treatment and flexibility regarding net operating loss carryforwards).

Loan Eligibility

The business:

• Have between 500 to 10,000 employees;
• Be created or organized in the U.S.; and
• Have significant operations in and a majority of its employees based in the U.S.

Loan Details

• Loans made under the to-be created program are capped at a 2% (annualized) interest rate. During the first 6 months after a direct loan is made, or for such period set by the Treasury Secretary, no principal or interest will be due and payable.
• Loans may be used for employee retention purposes, and funds must be used to retain at least 90 percent of the business's workforce, at full compensation and benefits, until September 30, 2020.

Loan Process

• To apply for a loan under this program, an eligible business must make a good faith certification that:
  1. The uncertainty of economic conditions makes the loan necessary to support the ongoing operations;
  2. The funds received will be used to retain at least 90 percent of the business's workforce, at full compensation and benefits, until September 30, 2020;
  3. The business intends to restore not less than 90 percent of the workforce of the business that existed as of February 1, 2020, and to restore all compensation and benefits to the workers of the business no later than 4 months after the termination of the public health emergency declared on January 31, 2020;
  4. The business is domiciled in the United States with significant operations and employees located in the United States;
  5. The business is not a debtor in a bankruptcy proceeding;
  6. The business is created or organized in the United States or under the laws of the United States;
  7. The business will not pay dividends with respect to the common stock of the eligible business, or repurchase an equity security that is listed on a national securities exchange of the business while the direct loan is outstanding, except to the extent required under a contractual obligation that is in effect as of the date of the Act's enaction;
  8. The business will not outsource or offshore jobs for the term of the loan and 2 years after completing repayment of the loan;
  9. The business will not do away with existing collective bargaining agreements for the term of the loan and 2 years after completing repayment of the loan; and
  10. The business will remain neutral in any union organizing effort for the term of the loan.

Main Street Lending Program

On April 9, 2020, the Federal Reserve announced preliminary details of the Main Street Lending Program, a lending program established pursuant to Section 4003(C)(3)(d)(ii) of the CARES Act, which permits the Federal Reserve to make programs aimed at providing financing to small and mid-sized businesses affected by the COVID-19 pandemic. This program offers potential relief for businesses too large to take advantage of the Paycheck Protection Program ("PPP") (which is an SBA-based lending program for small companies). More details about this program can be found at: CARES Act: The Main Street Lending Program Offers Relief for Small and Mid-Sized Businesses.

Tax Credits

Employee Retention Tax Credits

The Act creates a tax credit each quarter to offset 50% of each employee's qualifying wages, including qualifying health care plan costs, on up to $10,000 of wages paid per employee (i.e., up to $5,000 in actual credit per employee). This employee retention tax credit is available for wages incurred from March 12, 2020 – December 31, 2020, but is unavailable for paid sick leave or expanded FMLA wages paid under the Families First Coronavirus Response Act (FFCRA). Notably, this credit is in addition to the payroll tax created under the FFCRA.

Employer Eligibility

• The credit is available to employers, who do not receive a loan under the Paycheck Protection Program discussed above, whose (1) operations were shut-down or partially suspended due to a COVID-19 related shut down order, or (2) gross receipts fell more than 50% when compared to the same quarter in the previous year.
• For employers eligible for the credit due to a decline in gross receipts, eligibility ends with the calendar quarter in which the gross receipts exceed 80 percent of the calendar quarter in the previous year.
• Private employers of all sizes may apply for the credit; however, employers with more than 100 full-time employees, may only receive the tax credit for employee wages where the employee was not providing services due to one of the reasons listed above. Employers with 100 or fewer employees qualify for the credit, regardless of whether the business is shut down pursuant to a shut-down order.

Claiming Credit

• The tax credit only offsets employment taxes owed by an employer. To the extent 50% of the qualifying wages exceed the employer's employment tax liability, the employer will be refunded the difference. The Treasury Secretary is expected to issue further guidance, forms, and regulations for these tax credits, including provisions allowing businesses to receive advance payment of the credit.
• The CARES Act also facilitates reimbursement for employee wages paid pursuant to the Families First Coronavirus Response Act ("FFCRA").
• Employers can claim the credit each quarter they are eligible through December 31, 2020.

Delay of Payment of Employer Payroll Taxes

To provide further assistance to employers, the CARES Act authorizes deferral of 2020 payroll taxes to 2021 and 2022. Half of the deferred 2020 employment taxes must be paid by December 31, 2021. Any remaining amount owed for 2020 employment taxes is due to the IRS by December 31, 2022. Like the employee retention tax credits, this deferral is unavailable to employers who receive a small business "paycheck protection" loan. Note, there is also no provision in the Act that the IRS "trust fund recovery penalty" (which is equal to 100% of unpaid employment taxes) is being altered in any way. This penalty may be assessed against any person (including officers, employees, members, and directors) who is responsible for managing and paying employment taxes on behalf of the employer and who willfully fails to collect or pay such taxes. Accordingly, if a business is unable to pay the deferred taxes after the deferral period (e.g., due to insolvency and bankruptcy), key officers and employees may remain liable for payroll taxes.

Net Operating Losses

The Act also suspends certain deduction limits previously imposed by the Tax Cuts and Jobs Act (TCJA), including:

• Allowing Net Operating Losses (NOLs)—which occur when a businesses's allowable deductions exceed its taxable income within a tax period—arising in 2018, 2019, and 2020 to be carried back for up to five years (under the TCJA, no carrybacks were permitted);
• Suspending the TCJA's 80 percent cap on NOL carryovers for three years (cap would not apply to taxable years beginning in 2018, 2019, and 2020); and
• Suspending certain rules relevant to farming losses for NOLs arising in taxable years beginning in 2018, 2019, and 2020.

Additional Provisions

The Act includes a number of additional provisions for the benefit of unemployed workers, financial institutions, community banks, the health care industry (including medical device companies), and borrowers of federally backed mortgage loans. For more information about these and other provisions, reach out to Maslon's Corporate & Securities Group.

We Can Help

Please contact Maslon's Corporate & Securities Group and Labor & Employment Group if you have questions or need assistance taking advantage of the relief provided under the CARES Act.

The process related to Paycheck Protection Program ("PPP") loans under the CARES Act is moving quickly. Lenders may begin processing PPP loans as early as Friday, April 3, 2020, but it's unlikely all lenders will be ready to process and/or fund loans by this time. Although PPP loans will be available through June 30, 2020, eligible businesses should apply as soon as possible given concerns that the allocated funds may not cover demand. Funds will be given on a first come, first serve basis.

On April 2, the U.S. Small Business Administration ("SBA") published its Interim Final Rule, which provides guidance on the implementation of the PPP, including a helpful Q&A section. Comments on the Interim Final Rule will be accepted through the Federal eRulemaking Portal for 30 days after date of publication of the Interim Final Rule in the Federal Register. The SBA will provide further guidance through SBA notices and a program guide, which will be posted to the SBA’s website. While full details about the PPP are still forthcoming, current guidance provides the following information:

Proactive Steps to Apply

Eligible businesses can apply through existing SBA Section 7(a) loan program lenders or through any participating federally insured depository institution, federally insured credit union, and Farm Credit System institution. Additional lenders will be able to make PPP loans once approved and enrolled in the PPP. It is anticipated that lenders will provide their specific application process information once available, which may be as soon as Friday, April 3, 2020.

Register to Submit Application

If a business believes it may be eligible for a PPP loan, it should connect as soon as possible with a PPP lender to get registered. Applications for a PPP loan will be specific to each lender, and you should obtain the proper forms from your lender. While businesses cannot yet apply, businesses may be able to "get a spot in line" to submit applications by reaching out to lenders now.

Assemble Potentially Required Application Documentation

While PPP loan application processes will be specific to each lender, the SBA has issued a sample application form to assist businesses in preparing for the lender's application. Based on the sample application form provided and traditional SBA loan rules, we suggest you assemble the following documentation to get a head start, keeping in mind that actual document requirements may vary across lenders. If you have an existing relationship with an SBA-approved lender, consider reaching out to that lender first for a PPP loan, as the lender likely already has on file potentially required documentation, which may speed up the application process.

• Traditional SBA Loan Documentation Requirements:
  • Articles or Certificate of Incorporation/Organization for each borrower;
  • Bylaws/Operating/Member Control Agreement for each borrower; and
  • Driver's licenses for all owners.
• Payroll Expense Verification Documents:
  • IRS Form 941 Employers Quarterly Tax Return and Form 944 Employers Annual Tax Return (if filed);
  • Payroll summary report form provided with corresponding bank statements or employee paystubs as of February 15, 2020 (or corresponding period) with corresponding bank statements;
  • 1099s for independent contractors;
  • Statement that all employees are United States residents or detailed list of employees outside the United States with their salaries (whose wages must be excluded); and
  • Profit and loss statement for the prior 12 months.
• Most recent mortgage statement or rent invoice and lease.
• Documentation of the average monthly payroll based on the 12 months between April 2019 to March 2020, reduced for payroll individuals that exceed $100,000 on an annualized basis (i.e., average payroll, capped at $100,000 (annualized) per employee).
  • Average payroll should be separated by category: Salary, Hourly, Commissions, Vacation, Sick Leave, Group Health Care (both union / non-union), and Retirement Contributions (both union / non-union).
• Total monthly rent (or mortgage interest) over the prior 12 months.
• Total amount spent on utilities over the prior 12 months (Electricity, Gas, Water, Transportation, Telephone, and Internet, etc.).
• Total interest on other debt obligations incurred before February 15, 2020.
• Entity's tax EIN and full legal name (you can find this on your tax return).
• Personal financial statements may be requested for all owners.

Potential Disqualifiers

Based on questions borrowers must answer on the SBA sample application form, the following factors may disqualify certain businesses from PPP loans. As more information is made available, we will clarify this list:

• If the business or any of its owners are presently involved in any bankruptcy;
• If the business or any of its owners are presently suspended, debarred, proposed for debarment, declared ineligible, or are voluntarily excluded from participation in the PPP by a federal department or agency;
• If the business or any of its owners, or any business owned or controlled by any of them, have ever taken a loan from the SBA or any other federal agency that is currently delinquent or that has defaulted in the last seven years and caused a loss to the government;
• If any 20% or more owner of the business is currently subject to an indictment, criminal information, arraignment, or any other means by which formal criminal charges are brought in any jurisdiction;
• If any 20% or more owner of the business is currently incarcerated, on probation, or on parole; and
• If any 20% or more owner of the business has, within the last seven years, pleaded guilty to, pleaded nolo contendere, been placed on pretrial diversion, been placed on any form of parole or probation, or been convicted of any felony or misdemeanor against a minor.

We Can Help

Please contact Maslon's Corporate & Securities Group if you have questions or need assistance applying for a PPP loan.