Cybersecurity Risks to the Manufacturing Sector

The 2016 Manufacturing Report by Sikich finds that there has been a progressive growth in cyber-attacks in the manufacturing sector. This is consistent with the most recent IBM /X-Force Research 2016 Cyber Security Intelligence Index, which  notes that the manufacturing industry represents the second most attacked industry, just behind health care.

Manufacturing companies often don’t believe that they are targets since they do not hold vast amounts of consumer data. Therefore, they do not concentrate on cybersecurity and remain vulnerable. These two reports show that the risk of a cyber-attack is high and real to the manufacturing sector.

According to the Sikich report, the risks to the manufacturing sector include:

  • Operational downtime
  • Physical damage
  • Product manipulation
  • Theft of intellectual property and sensitive data

 These reports are a dose of reality to the manufacturing sector that it is under attack, and the threats and risks of cyber intrusions are real and are not dissipating. Addressing these risks and the potential devastating consequences are critical for any company in the manufacturing sector.

This post was authored by Linn Foster Freedman and is also being shared on our Data Privacy +Security Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.

Teamsters’ Central States Pension Plan: A Saga Becomes a Nightmare?

We have been watching, warning and posting about the saga of the troubled Central States Pension Plan (“CSPP”).  See The Gift-Giving Season? Three “Game-Changing” Employment Developments Impacting Manufacturers, Teamster Plan to Cut Pensions Presents Significant Issues for Manufacturers, and A Troubling Future Part One:  Teamsters’ Pension Rescue Plan.  Things were bad.  They got worse.

Created in 1955, the CSPP remains one of the largest and oldest multiemployer pension plans in the United States, funding the pensions of 400,000 active and retired Teamsters.  Shockingly, with the decline in the unionized trucking industry, only 15 percent of those with vested pension benefits are actively employed.  The rest are all inactive or retired.  This imbalance (the pensions of all 400,000 participants being funded by assets and contributions on behalf of a mere 60,000 active employees) has put the CSPP under severe financial stress.  Trustees estimate that the CSPP will become insolvent in less than nine years.  Currently, the CSPP is $17.5 billion short of the funds it needs to cover vested benefits.  (That works out to $47,750 for each participant.)

To make matters worse, the Pension Benefit Guarantee Corporation (“PBGC”), the “ultimate insurer” of the multiemployer pension plans in the U.S., does not have the resources to pay even the “minimum benefits” required if the CSPP were to become insolvent.

Mindful of the plight of the CSPP and other funds, in late 2014, Congress took controversial action.  Moving at warp speed in eight days, Congress adopted the 2014 Multiemployer Pension Reform Act – An Act which would permit troubled multiemployer pension funds to seek permission to cut the vested benefits of retirees.  In essence, Congress plotted a roadmap which could permit distressed pension plans to reduce the benefits being paid to retirees in order to avoid insolvency.  In September 2015, the CSPP became one of the first plans in the United States to take advantage of this new law.

Following a series of public hearings and submission of numerous comments, in May 2016, Special Master Kenneth Feinberg, issued his report rejecting the CSPP “Rescue Plan.”  In doing so, Special Master Feinberg relied on four key defects.  Read Special Master Feinberg’s Report here.    First, in his opinion, the Rescue Plan used an overoptimistic rate of return assumption (the CSPP assumed assets would earn a 7.5% return over  the next 50 years).  Second, the Plan assumed that all newly hired workers coming into the plan would be age 32, meaning that they likely would not receive benefits (and thus would not deplete assets) for at least 20 years.  Third, the impact of the benefit cuts would be harder on some participants than others and the unequal treatment was not justified or explained.  Fourth, the submission itself was unduly technical and virtually impossible for the average participant to understand.

Shortly after Special Master Feinberg issued his report, the CSPP announced that it had abandoned efforts to rescue the fund.

While the CSPP may be the largest multiemployer plan facing insolvency, there are others.  Five other multiemployer pension plans have benefit reduction plans pending before the Treasury Department, one had its plan rejected and a seventh plan voluntarily withdrew its application.  See Applications for Benefit Suspensions.

The number of multiemployer plans seeking benefit reductions under the Multiemployer Pension Reform Act, coupled with Treasury’s failure to approve a single application since the adoption of the Act, strongly suggests that Congress should look for another solution.  One might think that a Presidential Election year would be the opportunity to debate these issues, as support from organized labor may be critical to one side or the other and down ballot races.  But so far that debate seems lacking.  And time may be running out.  One pension fund (Road Carriers Local 707 Pension Fund) projects it will be insolvent by February 2017 – just a few days after our new president takes office.

How These Contract Provisions Can Reduce A Manufacturer’s Margins

One of the key aspects of any supply chain contract is the section regarding pricing.  Nothing is more important in a business deal than determining how much one manufacturer might pay another in a B2B transaction.

In situations where one party has more leverage, that party often includes pricing language that can really impact the economics of any deal.

One type of provision often reads as follows:

Notwithstanding anything in this Agreement to the contrary, the price of each Product will not exceed the lowest price at which Seller sells the same or substantially similar product in the same or lesser quantities to any other customer.

When I see these provisions, the first question I ask any client is whether such a provision is feasible from a business perspective.  We then talk about whether the products being sold are custom or “off the shelf” as that will impact whether this provision has been triggered.

Another provision that I am seeing more often is as follows:

Seller shall notify Buyer of cost savings implemented by Seller (e.g. Seller manufacturing productivity improvements) which do not result in a change in drawings, materials, design, fit or function of the Products.

This type of provision is becoming more common as buyers attempt to contractually drive down prices over time.  The issue here is that, over time, manufacturers often improve their margins by reducing the overhead associated with making a particular product.  In other words, manufacturers become more efficient and hence make more money.  Sellers often know this and demand notice of such cost savings so that they can be passed on.

For that reason, I often tell clients to scrutinize these types of provisions as they can jeopardize a company’s margin long-term.

Aerial Emissions Are Not “Disposal” Under CERCLA

Last year, we told you about a district court case in which air emissions from a lead smelter that ultimately settled on the land and in a water body gave rise to liability under the Comprehensive Environmental Response, Compensation, and Liability Act, 42 U.S.C. § 9601 et seq. (“CERCLA”). Last week, the Ninth Circuit overturned the district court’s decision, scaling back CERCLA liability to exclude such emissions.

The case involved emissions from Teck Cominco Metals’ smelter, located in British Columbia, Canada. Plaintiffs filed suit against Teck under CERCLA, arguing that emissions from the smelter were being deposited into the Upper Columbia River site in the United States. Plaintiffs claims that Teck was liable as a party that arranged for the disposal of hazardous substances under CERCLA. The district court agreed with the plaintiff but because the issue was one of first impression, it certified its holding to the Ninth Circuit to weigh in on the issue.

The Ninth Circuit reversed the district court’s decision, holding that the aerial emissions, which ultimately deposited onto the land and water, were not a “disposal” under CERCLA. According to the Ninth Circuit, the plaintiff’s theory was that Teck allowed hazardous substances to be deposited at the site by wind, as opposed to a direct deposit. Because of the intervention of this natural source, the Court held that it was not a disposal. Relying on prior case law, the Court held that “deposit”, a term included in the definition of “disposal”, means “putting down” or “placement,” not “the gradual spread of contaminants without human intervention.” The Court went on to say that if “aerial depositions” were considered “disposals,” “‘disposal’ would be a never-ending process . . . .”

The Ninth Circuit’s decision is in line with prior decisions interpreting the meaning of “disposal” in the context of both the Resource Conservation and Recovery Act, 42 U.S.C. § 6901 et seq. (“RCRA”) and CERCLA. These decisions support the notion that passive migration of hazardous substances or hazardous wastes does not constitute disposal under CERCLA or RCRA.

The Ninth Circuit opinion is Pakootas, et al. v. Teck Cominco Metals, Ltd., No. 15-35228 (9th Cir. Jul. 27, 2016).

Regulatory and Legislative Changes: No Summer Holiday Break

While you may have thought that the major party conventions and Olympic Games in Rio would have resulted in a break from significant legislative and regulatory changes, that simply does not seem to be the case.  Recent changes affecting manufacturers include the following:

The U.S. Department of Labor to increase civil penalties for ERISA violations.  You can read Robinson+Cole’s update here.  My special thanks to the Employee Benefits Group (Bruce Barth, Virginia McGarrity, Devin Karas and Jean Tomasco) for providing this timely update.

Connecticut’s General Assembly ended the 2016 session by adopting several new employment law regulations.  Among other things, the legislature allows employers to pay employee compensation via “payroll cards,” permits employers to pay by direct deposit, authorizes the use of electronic paystubs; permits bi-weekly payroll without the express approval of the CT DOL; further restricts the use of criminal background information; and extended further protections for employees serving in the military.  You may read the full summaries of these and other legislative changes here.

As reported here previously, the “Year of Change” forces manufacturers to stay on top of a rapidly changing landscape.

 

How The Failure To Comply With The Conflict Minerals Law Can Expose Manufacturers To Criminal Penalties

Last year, we provided an overview regarding the requirement that U.S. publicly traded companies disclose their use of “conflict minerals.”  As of 2014, the Government Accounting Office reported that 1,321 companies filed the requisite disclosure.  The GAO anticipated that over 6,000 companies could be affected by the rule.  That discrepancy can be explained either by:  (1) the GAO’s stats were off; or (2) a large number of companies did not make the filing.  The numbers for 2015 will be available next month and we will update our readers on whether the number of compliant companies has increased.

This coming fall, I will be presenting a webinar about conflict minerals compliance with the help of one of firm’s summer associate’s Nicole Mulé.  If you are interested in receiving an invitation, please email me at jwhite@rc.com.

In the meantime, a teaser.  Are privately held manufacturers impacted by this law?  The answer is yes.  First, from a business perspective, many publicly traded companies require that companies in their supply chain certify that they do not use conflict minerals.  Second, and more daunting, is that the Office of Foreign Asset Control (OFAC) has instituted sanctions for companies (even if they are not publicly traded) that import conflict minerals from the DRC region.   Such sanctions can range from substantial monetary fines to criminal penalties, including lengthy prison time.

I-9:  Ways to Avoid Identity Theft

This week, we thank members of Robinson+Cole’s Immigration Practice Group (Megan NaughtonJosh Mirer, Lauren Sigg, and Jennifer Shanley) for this post:

Employers are increasingly being contacted by individuals, their insurance and payroll providers, the IRS and/or police about employees who are possibly involved in identity theft.  If an employee steals a name and matching social security number and has a fraudulent identity document and social security card, this can be very difficult to detect.  A strong I-9 compliance process can assist in making sure an employer has done what it can to try to avoid this issue.  A number of steps that employers may wish to consider implementing:

I.  Compliance can begin during the interview – Ask applicants:

Do you have authorization to work in the U.S.?

II.  Let candidates know in the offer letter/application that they will need to complete the Form I-9 as a condition of employment

Language for offer letter:  Your employment is conditional upon your successful completion of the Form I-9 verifying both your identity and authorization to work in the U.S.

III.  Have an experienced/trained person be responsible for completing the I-9 forms with the employee

IV.  Question the validity of documents which seem suspicious

Permanent resident Cards should no longer indicate “INS” or “Immigration Naturalization Services” anywhere on them.  Cards should only have forward facing photos and not three quarter view photos.  They are called Permanent Resident Cards now and not Resident Alien Cards.  If you notice any of these issues, it is a red flag to question the Card.

Driver’s licenses can be difficult to verify as each state has its own document and they can be changed/updated frequently.  If you have reason to suspect a license may be fraudulent, it is acceptable to look for a sample license at the state’s website for assistance.  Some states/sites have helpful information online, including:

California: https://www.dmv.ca.gov/portal/wcm/connect/e090f7ec-64bc-4e87-afc8-e66895903b37/dl627e.pdf?MOD=AJPERES

Texas: https://chadhasty.wordpress.com/2009/04/23/texas-redesigns-your-drivers-license/

Connecticut: http://www.ct.gov/dmv/cwp/view.asp?a=805&q=379684

V.  Keep copies of documents, but do not make and keep copies of documents you don’t need

If you have a List A document, you should only have a copy of the List A document and not extra documents from List B and/or C.  If you don’t have a List A document, then, you would need copies of both the List B and List C documents.

VI.  Review the I-9 to verify that it is completed correctly and perform self-audits

VII.  Consider proper transmission and storage of the I-9

As sensitive personal information is contained on the Form I-9, careful employers will be cautious about where the I-9 is stored and where it might be duplicated.  Faxing or emailing Forms I-9 (unless the email is encrypted) can create risks of inadvertent disclosure.  Be cautious about an unsecure digital copy that could be created in a scanner or on someone’s email account.  Paper I-9 forms will be more secure if stored in a secure space under lock and key.

This post is also being shared on our Data Privacy +Security Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.

Your Customer Just Declared Bankruptcy: Recent Decision That All Suppliers/Vendors Should Be Aware Of

This week, we thank members of Robinson+Cole’s Business Reorganizations and Bankruptcy Group (Patrick Birney, Steve Boyajian and Mike Enright) for this post:

Suppliers and vendors sometimes find themselves unpleasantly surprised by the bankruptcy of a customer, leaving a trail of unpaid invoices and little hope of recovery. To make matters worse, after licking their wounds and recovering from the write-off, they may receive an even less welcome surprise—a letter from the bankruptcy trustee demanding money back for the bills that actually did get paid within 90 days prior to the customer’s bankruptcy. The only good news is that there are some defenses to such a claim. In a recent decision, The Unsecured Creditors Comm. of Sparrer Sausage, Inc. v. Jason Foods, Inc., No. 15-2356 (7th Cir. Jun. 10, 2016), the United States Court of Appeals for the Seventh Circuit eliminated most of the exposure faced by the supplier, who had been sued for a preference, when it concluded that lower courts had misapplied the ordinary course of business defense the supplier had raised below.

Preference claims are a popular source of recovery in bankruptcy cases, and a complaint is often filed against any vendor who received payments from a debtor in the 90 days preceding a bankruptcy filing. Generally speaking, these payments can be recovered to permit a pro rata distribution to include creditors who were not “preferred” by payment during the 90-day window. But preferential payments may not be recoverable by a debtor at all if the payments it received fit into the ordinary course of business defense. That’s not as simple as it sounds, and timing can be everything when analyzing the availability of the defense. The court will review how long it took to pay the invoices during the 90 days to decide whether the payments fit into the ordinary practices and experience of the supplier and the customer during better times. If they do fit, they probably will not be recovered, but if the time it took to pay them differed significantly from prior practice, the ordinary course of business defense likely will not work.

Sparrer Sausage had paid 23 invoices from Jason Foods, totaling $586,658.10, during the 90 days before Sparrer Sausage filed bankruptcy. When Jason Foods was sued to return these payments, it argued that the payments were made in the ordinary course of business. The bankruptcy court considered the ordinary course defense by analyzing the payment history between the parties before Sparrer Sausage’s financial distress began. Employing what is called the “average-lateness” method, the bankruptcy court determined that, before Sparrer Sausage’s financial distress began, it paid invoices issued by Jason Foods within 22 days and that, therefore, payments made between 16 and 28 days of an invoice fell within an acceptable range and were protected as payments made in the ordinary course. The bankruptcy court concluded that $306,110.23 of the payments to Jason Foods were made outside the ordinary course of business. After deducting $63,514.91 from this amount, for goods supplied by Jason Foods for which the debtor had not paid (utilizing another defense, “new value”), judgment entered against Jason Foods for $242,595.32.

Jason Foods appealed and the Seventh Circuit determined that the bankruptcy court sliced too thin when setting a time frame within which payments would be considered ordinary course. The court noted that Sparrer Sausage paid the vast majority of invoices within 14 to 30 days of issuance. There was no reason, for example, to conclude that payments made 14 days after issuance of an invoice were outside the ordinary course when the timing of those payments fit within the most common pattern during the course of Sparrer Sausage’s predistress relationship with Jason Foods. The Seventh Circuit noted that 88 percent of the payments made by Sparrer Sausage fell within, or just outside, the 14- to-30 day range. According to the Seventh Circuit, the narrower range employed by the bankruptcy court was arbitrary and failed to serve the purpose of the ordinary course defense, which is to protect “recurrent transactions that generally adhere to the terms of a well-established commercial relationship.”

Consistently monitoring customers’ payment habits for changes and requiring customers to remain within standard payment terms may help set the table for an ordinary course defense in the event of a customer’s bankruptcy; however, as Sparrer Sausage demonstrates, the ordinary course defense is quite subjective and intended to accommodate normal patterns of commerce long established between suppliers and their customers. In the event of a customer’s financial distress, there are other reliable means of avoiding losses on preference claims. Suppliers who anticipate a customer’s distress may wish to consider arrangements such as third-party guarantees, cash on delivery, or letters of credit to continue supplying goods.

The Chemistry Was Right For TSCA Reform

Thank you to my colleague, Emilee Mooney Scott, for her contributions to this post. Emilee is an associate in our Environmental & Utilities Practice Group.

In a rare bipartisan effort, Congress overwhelmingly passed a bill significantly reforming the chemical safety provisions of the Toxic Substances Control Act (“TSCA”) for the first time in its forty-year history.  The Frank R. Lautenberg Chemical Safety for the 21st Century Act (H.R. 2576) (“Lautenberg Bill”) represents the culmination of a years-long effort supported by environmental groups and the regulated community, and President Obama’s signature is expected in the coming days.

TSCA is the primary federal statutory scheme governing the safety of chemicals in commerce (it also contains provisions governing specific substances like asbestos and PCBs).  Under TSCA, EPA screens new chemical substances being introduced into commerce, requiring chemical manufacturers and importers to submit information and potential limitations on use.  By contrast, the EPA has had limited authority over existing chemical substances – until now.

Existing Substances: Greatly Expanded EPA Authority

The Lautenberg Bill sets forth a three-step process for EPA to evaluate, and potentially regulate, existing chemical substances:

  1. Prioritization:

EPA must conduct an initial risk-based screening process to identify substances that have a high priority for further study.  EPA must designate a substance as high-priority if it concludes that a particular substance may pose an “unreasonable risk of injury to health or the environment,” including impacts on sensitive populations like children and pregnant women under the “conditions of use,” i.e., the circumstances under which a “chemical substance is intended, known, or reasonably foreseen to be manufactured, processed, distributed in commerce, used, or disposed of.”  Substances not found to pose such a risk are to be designated low-priority substances and would not be subject to further evaluation or regulation.

EPA may not consider “costs or other nonrisk factors” in its prioritization process.  While the exact prioritization process will be laid out in an EPA rulemaking, by statute the prioritization process must take between 9 and 12 months per substance and must include opportunities for stakeholder participation and public comment.

  1. Risk Evaluation:

High-priority chemical substances are then subject to risk evaluations to determine whether the chemical substance in fact poses an unreasonable risk to human health or the environment.  Again, in conducting the risk evaluation, EPA may not consider costs or other nonrisk factors and must “take into account, where relevant, the likely duration, intensity, frequency, and number of exposures under the conditions of use of the chemical substance…”  EPA must clearly state the scope of the risk evaluation, and must complete the risk evaluation within 3 years of initiation.

  1. Risk Management:

For chemical substances determined to present an unreasonable risk to human health or the environment, EPA must develop a risk management rule.  EPA must  propose a risk management rule for the chemical substance within 1 year of the risk evaluation’s completion, and promulgate a final rule within 2 years of the risk evaluation’s completion (subject to the possibility of a 2-year extension).  Stakeholders will have an opportunity to weigh in on the proposed risk management rule as it is being finalized.

While EPA is not permitted to consider costs in the Prioritization and Risk Evaluation phases, EPA is directed to consider economic and practical factors in developing restrictions on a chemical substance, including “the reasonably ascertainable economic consequences of the rule” and the beneficial uses of the chemical substance.  In notable contrast to current TSCA, EPA is no longer required to use the “least burdensome” means of regulating a chemical substance.

The Lautenberg Bill provides timelines for EPA action on existing chemical substances:

  • Within the first six months after enactment, EPA must have at least 10 risk evaluations underway, on chemical substances drawn from the 2014 update of the TSCA Work Plan for Chemical Assessments.
  • Within the first year after enactment, EPA must develop rules for the prioritization of chemical substances (e., designation as either high or low priority for further evaluation), and for the risk evaluation process.
  • Within three years after enactment, risk management rules must be in place for certain high-priority chemical substances.

Other Notable Features of the Lautenberg Bill

While the regulation of existing chemical substances is the highlight, the Lautenberg Bill includes several other changes that manufacturers should be aware of, including:

  • The pre-manufacture notice process for initiating review of new chemical substances entering commerce is similar to current TSCA, but EPA will be required to more formally and rigorously evaluate the safety of such new chemical substances.
  • EPA will have enhanced authority to order testing of both new and existing chemical substances.
  • EPA will catalog the chemical substances presently in active commerce and re-set the inventory.
  • State programs in existence as of April 22, 2016 are not preempted, but new state regulation of chemical substances may be preempted depending on EPA’s actions with respect to the substance. Preemption was a major sticking point that had to be overcome to achieve the compromise Lautenberg Bill, and there will likely be further controversy (and perhaps litigation) as the states adapt to the new TSCA regime.

New Wage and Hour Requirements for Certain Employees of Manufacturers

In May, the U.S. Department of Labor (“DOL”) published its amended regulation regarding the so-called “White Collar” exemption from the Fair Labor Standards Act (“FLSA”).  As a result, manufacturers may either have to boost the wages of some employees or radically change the manner in which those employees are compensated.

Under the FLSA, employees must be paid at least minimum wage for all hours worked and time-and-one-half the employees’ hourly wage rate when the employees work more than 40 hours per week.  “White Collar” employees (bona fide executive, administrative and professional employees, certain computer programmers and some others) are “exempt” from these requirements if those employees are paid on a “salary basis,” perform exempt duties and otherwise meet the exemption requirements.  The revised regulations raise the minimum salary which must be paid to qualify for the exemption from $455.00 per week ($23,660.00 annually) to $913.00 per week ($47,476.00 annually).  Beginning in 2019, the minimum salary level will be adjusted upwards annually.

Employees who do not make the minimum salary, no matter what job duties they performed, must now be paid on an hourly basis and be paid overtime.  Employees affected by the amended regulations (those making $23,660.00 or more annually, but less than $47,476.00) must either have their salary raised or be treated as all other hourly workers.

Responding to the amended regulations will not simply be a mathematical exercise.  For those previously exempt employees making less than $47,476, manufacturers must now convert them to hourly workers and will have to consider other wage and hour issues associated with hourly workers.  Manufacturers must keep detailed time records for all such workers (starting time, ending time, hours worked per day, hours worked per week, among other things); generally must pay employees for all travel during the employees’ normal work schedule (even when the employees travel on a non-work day); and may be obligated to pay employees who perform services outside of their normal schedule (such as answering phone calls or emails on weekends).

Significantly, the new regulations did not change the “duties” test to require that more than fifty percent of the exempt employees’ work time be spent performing exempt duties, a change which could have dramatically affected employees working as foremen, leads, or first level supervisors.

Use the embedded links to view the DOL’s summary of the Rule, the text of the Rule or R+C’s related Client Alert.

The new regulations take effect on December 1, 2016, giving manufacturer’s a bit of time this summer and fall to consider the challenges presented.

LexBlog