A Proposed Global Minimum Corporate Income Tax Rate

In mid-May, the Biden Administration officially threw its support behind a minimum global corporate income tax rate of at least 15%.  The US proposal would be limited to the world’s 100 largest companies – those with revenues of over $20 billion.  The proposal would not depend on the company’s nationality (the US has made clear that it would not support any proposals that discriminate against US multinationals) and, since it would apply to digital services companies as well as to those selling tangible goods, would not be specific to any one sector.

Air in the OECD Sails?

OECD have been negotiating a new global taxation agreement to tackle ‘base erosion and profit shifting’.  Those negotiations are based around two Pillars. Pillar 1 would allow destination countries to impose tax on multinationals selling goods or providing services within their borders, rather than limiting the ability to tax to the countries in which such companies are head-quartered or have a physical presence (this Pillar is perceived to have particular relevance to digital service companies). Pillar 2 would introduce a global minimum corporate income tax rate, which would be implemented through a combination of controlled foreign corporation rules and undertaxed payment rules.

Why the Damascene Conversion?

Under the previous Administration, US support for OECD efforts was mixed at best and driven, in large part, by a desire to prevent digital service taxes (DST), which were perceived to discriminate against US multinationals.  DST proposals remain of concern to the Biden Administration, but the US’ renewed robust support for global minimum taxes adds momentum to the OECD effort.  An agreed minimum global corporation tax level would help level the playing field for US headquartered multinationals if the US corporate income tax rate were increased above the current 21% rate (to 28% as proposed to pay for the American Jobs Plan).

Initial Opposition

Whilst there was general support (including from the EU) for a corporation minimum tax of 15%, the US’ suggestion was above the OECD Pillar 2 rate which had been under consideration (apparently 12.5%).  Many countries view their ability to set a lower corporation tax rate as a key element of their economic attractiveness for international investors.

Of particular note, is Ireland’s current corporation tax rate of 12.5%.  Dublin argues that smaller countries (including Belgium, the NL and Luxembourg) need to be able to use tax policy as a legitimate policy lever to compensate for advantages of scale, resources and location enjoyed by larger countries – if larger countries struggle to compete, they should lower their tax rates, rather than forcing smaller countries to raise theirs.  Reforms to Pillars 1 and 2 would force Ireland to consider how to manage a potential €2 billion p.a reduction in corporation tax collections and how to reform its industrial strategy to offer international companies a reason to continue to base themselves there, beyond a low corporation tax rate.

But even a 15% rate would remain internationally competitive – lower than the US’ current 21% corporate income tax rate for its global multinationals (which itself is double the US’ current 10.5% minimum tax on American companies’ global intangible low-tax income – GILTI) and far below the administration’s new proposed US rate of 28%.  And the UK (traditionally Ireland’s closest competitor for US corporate investment), facing the double impact of leaving the EU and suffering the largest Coronavirus economic hit of any G7 country, has already announced plans to increase its corporation tax rate to 25%.


Although the US minimum 15% proposal has changed the mood (Japan, Australia, the EU and some of the larger individual Members State have welcomed the threshold), headwinds remain.  For example, any global agreement on taxation would need the support of the EU.  Implementing Directives involving tax would require unanimity and the EU’s record is not strong in this area – attempts to unify what companies are taxed on,  have been stalled since 2011…

Furthermore, while reaching agreement on Pillar 2 now may be possible, there is no apparent solution to the contentious Pillar 1 question about where companies (in particular digital service companies) will be required to pay taxes.  France’s Finance Minister commented on 26 May, “one condition is to have all big [important] digital companies, being included in the scope of the tax” – US acceptance of any changes in this area is conditional on an insistence that the approach must not discriminate against US multinationals.

For its part, the EU has indicated that it does not see an OECD agreement as an impediment to its proposed Digital Levy and plans to press ahead with a Proposal later this month; and a number of non-EU countries have already imposed, or plan to introduce a Digital Service Tax (including the UK, Brazil, Indonesia, India and Turkey).

Agreement on the Horizon?

Notwithstanding these potential obstacles, G7 Finance Ministers apparently made good progress in discussions at the end of May and aim to announce a common position during their formal meeting on 4-5 June.  That would enable G7 leaders to sign off a deal at their Summit in mid-June.  That would, in turn, put pressure on the G20 to agree to the plan in their meeting at the end of July – although many commentators view October as a more realistic timetable.

On balance, despite the objections, it seems likely that the US proposal of a minimum global corporation tax rate of 15% will be accepted at the G20 Summit.  If so, it will be seen as an indication that the international community is able to work together and find solutions to complex commercial issues.  If the proposal is accepted, it will have implications for multinationals (which may face higher tax bills) and for countries (which may see their competitive tax-rate advantage eroded).

Covington’s public policy teams will be following these developments and would be delighted to speak to clients who may have concerns or questions about them.

Final Countdown to POPIA Compliance – Five Critical Steps to Take Before July 1st, 2021

In Episode 12 of our Inside Privacy Audiocast, together with special guest Advocate Pansy Tlakula, Chairperson of the Information Regulator of South Africa, we discussed the Information Regulator’s mandate, and the implementation of data protection legislation in South Africa.  Now, with less than a month to go before South Africa’s Protection of Personal Information Act, 2013 (“POPIA”) is set to go into full effect on July 1, 2021, it is critical for organizations operating in South Africa to ensure that they are ready if and when the Information Regulator comes knocking.

It is only when organizations start their POPIA journey that they realize just how wide the POPIA net is cast, and that very few businesses fall outside of its reach.  The road to POPIA compliance should be viewed as a marathon, and not a sprint.  While implementing and maintaining an effective POPIA compliance program will take continued effort and resources well beyond the July 1, 2021 go-live date, here we outline five steps to which companies subject to POPIA should give their attention in the short term.

Step 1: Identify and Appoint an Information Officer

POPIA provides for a similar position as the GDPR’s data protection officer in the form of an “Information Officer.” Organizations subject to POPIA must identify an Information Officer who will be responsible (and who may be held personally liable) for, among other things, all of the organization’s data protection compliance requirements, working with the Information Regulator, establishing policies and procedures, and POPIA awareness and compliance training.

The “head” of the organization (i.e., the CEO, managing director, or “equivalent officer”) is automatically deemed the organization’s Information Officer, however, the organization can “duly authorise” another person in the business (who is at management level or above) to act as Information Officer.  Similarly, the organization can designate one or more employees (also at management level or above) to act as “Deputy Information Officers” to assist the Information Officer perform his or her responsibilities.  Both the Information Officers and Deputy Information Officers must be registered with the Information Regulator before the end of June 2021, via the Information Regulator’s Online Registration Portal, or by submitting the downloadable Manual Registration Form to the Information Regulator.

Step 2: Review the Organization’s Marketing Practices

While many organizations may not consider themselves to be engaging in so-called “direct marketing” practices, this concept is widely defined in POPIA to include “any approach” to a data subject “for the direct or indirect purpose of […] promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject […].”  POPIA provides data subjects with certain rights with respect to unsolicited “electronic communications” (i.e., direct marketing by means of automatic calling machines, fax machines, SMSs, or emails).  The processing of a data subject’s personal information for the purposes of direct marketing is prohibited, unless the data subject has consented to the processing, or the email recipient is an existing customer of the organization.

In practical terms, the organization must have obtained the data subject’s details through the sale of a product or service, and the marketing should only relate to similar products or services of the organization.  The data subject must be given a reasonable opportunity to object to the use of their personal information for marketing each time the organization communicates with the data subject for marketing purposes, i.e., recipients must be able to “opt-out” at any stage.  Potential new customers can only be marketed with their express consent, i.e., on an “opt-in” basis.

Step 3: Review the Organization’s Security Measures Aimed at Protecting Personal Information, and Understand What Steps Must Be Taken in the Event of a Data Breach

POPIA obliges organizations to take appropriate technical and organizational measures to safeguard the security and confidentiality of personal information – aimed at preventing any loss, damage to, or unauthorized destruction of personal information, including measures to prevent unlawful access to, or processing of personal information under the organization’s control.

There is a general data breach notification obligation under POPIA.  Where there are reasonable grounds to believe that a data subject’s personal information has been accessed or acquired by an unauthorized person, the organization, or any third party processing personal information under its authority (e.g., an outsourced payroll service provider), must notify the Information Regulator and the data subject of the data breach “as soon as reasonably possible,” unless the identity of the data subject cannot be established.  It is therefore crucial that organizations ensure that they have an effective data security incident protocol in place, which will allow them to comply with the breach notification obligations under POPIA, and avoid falling under additional scrutiny.

Step 4: Review the Organization’s Existing Data Transfer and Outsourcing Arrangements

POPIA generally applies not only to organizations that process personal information in South Africa, but also to any person or company that processes personal information on behalf of the organization – commonly referred to as a “processor.”  POPIA also applies to organizations outside of South Africa that process personal information in South Africa with the assistance of a third party (e.g., a channel partner, or outsourced service provider).  Where any processing of personal information is outsourced by an organization, it must, in terms of a written contract between it and the processor, ensure that the party processing personal information on the organization’s behalf establishes and maintains appropriate security measures as prescribed under POPIA.

POPIA contains a general prohibition on cross-border transfers of personal information.  However, this prohibition is subject to numerous exceptions, including: (1) where the data subject consented to the transfer; (2) the transfer is necessary for the performance of a contract between the company and the data subject; (3) the transfer is necessary for the conclusion or performance of a contract between the company and a third party that is in the interest of the data subject; or (4) the transfer is for the benefit of the data subject.  Where personal information is being transferred to a third party outside of South Africa, the company must ensure that the recipient of the personal information is subject to a law, binding corporate rules, or binding contract which provide an adequate level of protection that effectively upholds POPIA’s principles for reasonable processing, and that include provisions substantially similar to the conditions for the lawful processing of personal information, and for the further transfer of personal information under POPIA.

Step 5: Deliver POPIA Awareness Training

POPIA awareness training is a not only a valuable tool for organizations to promote compliance, it is also a requirement under the POPIA Regulations.  The Information Officer must ensure that awareness sessions are conducted regarding the provisions of POPIA, the POPIA Regulations, codes of conduct (where applicable), as well as any information that is obtained from the Information Regulator from time to time.

This post can also be found on CovAfrica, the firm’s blog on legal, regulatory, political and economic developments in Africa.

The Week Ahead in the European Parliament – Friday, May 28, 2021

Next week will be a committee week in the European Parliament.  Members of the European Parliament (“MEPs”) will gather virtually and in person in Brussels.  Several interesting votes and debates are scheduled to take place.

On Monday, the Committee on Security and Defense (“SEDE”) will have an exchange of views with the Commission Executive Vice-President Margrethe Vestager on the EU’s Action Plan on Synergies between Civil, Defense and Space Industries.  Presented on February 22, 2021, the Action Plan was already announced in the EU’s 2020 Industrial Strategy and aims to enhance complementarity between EU programs and instruments with regard to R&D.  It also seeks to promote further EU funding for R&D in the defense and space sector that can hold economic and technological dividends (spin-offs).  It will further try to facilitate the uptake of civil industry research in the context of European defense cooperation projects (spin-ins).  The Action Plan is available here.

On Tuesday, negotiators of the European Parliament, Council of the EU, and European Commission will attempt to find a compromise on the “public country-by-country reporting” Directive in their third round of trilogue negotiations.  The proposal is aimed at enhancing tax transparency and tackling base erosion and profit shifting.  The legislative proposal, dating back to 2016, would require certain multinationals to disclose the amount of income tax they accrued and the income tax they paid, in addition to the amount of accumulated earnings.  Reporting should also include an overall narrative at the group level explaining the material discrepancies between the accrued and amount paid.  The Parliament and Council have diverging views on these reporting requirements.  For example, the Parliament wants to demand subsidiaries of certain multinationals to disclose their fixed assets and number of employees, in an attempt to identify letterbox or storefront companies.  Certain Member States, however, argue that this reporting would create unnecessary risks for European companies in relation to third country tax administrations.  The Commission’s proposal is available here.  The European Parliament’s position is available here.

On Thursday, the Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) will debate on a draft Opinion of Rapporteur MEP Patrick Breyer (DE, Verts/ALE) on the Digital Services Act (“DSA”).  The proposal for a Digital Services Act is aimed at enhancing consumer protection online; establishing transparency and accountability frameworks for online platforms; and improving competitiveness within the Single Market.  LIBE will provide an Opinion to the Internal Market Committee (“IMCO”) who holds the main jurisdiction over the file.  Rapporteur Breyer suggests, among many other things: to phase out behavioral advertising to protect users and replace it with contextual advertising; to not make automated tools for content moderation and content filters mandatory.  The DSA should also ensure that the legality of online content should rest with the independent judiciary and not with administrative authorities and that online platforms should not be compelled to “de-platform” users (as such a decision would fail to ensure a decision by the judiciary and by pass the legally defined sanctions).  The draft Opinion is available here.

For the complete agenda and overview of the meetings, please see here.

Rescissions of Policy Statements Illustrate Continued About-Face at CFPB

On March 31, 2021, the Consumer Financial Protection Bureau (“CFPB”) rescinded a range of policy statements issued under the leadership of former Director Kathleen L. Kraninger.  These rescissions concerned one policy statement governing communications between institutions subject to CFPB supervision and their examiners, and seven policy statements issued during the COVID-19 pandemic to provide regulatory relief to affected institutions.  Click here to read our recent article on the ABA Business Law Today website analyzing these rescissions and what they may signal regarding the future of the Bureau.



UK Competition Appeal Tribunal adds a hurdle to reliance on the pass-on defence

The UK Competition Appeal Tribunal (“CAT”) has made it more difficult for defendants in follow-on competition damages claims to plead that a claimant has mitigated any overcharge by reducing the costs paid to other suppliers in a recent judgment (“Royal Mail/BT v DAF”).

The potential for pass-on to other suppliers as a defence received judicial approval in June 2020, in the Supreme Court judgment in Sainsbury’s v MasterCard.  Relying on that decision, a defendant in the Trucks litigation, DAF, sought leave to amend its Defence to plead that the claimants had, in response to increased prices resulting from the competition infringement, sought to mitigate any overcharge by negotiating with other suppliers for lower input costs and/or otherwise reducing its costs of supply. The CAT refused, finding that a defendant should raise this defence only where there is some plausible and known basis in fact for making the argument.

The case therefore clarifies (and restricts) the position following Sainsbury’s v MasterCard: a defendant cannot merely rely on “broad economic or business theory to support a reasonable inference that the claimant would in the particular case have sought to mitigate its loss”. The CAT concluded that this would put a significant and costly evidential burden on a claimant, in effect automatically requiring it to give burdensome disclosure and evidence about its business operations and procedures (potentially over many years) to prove that there was no such pass-on, and this cannot have been what the Supreme Court intended. Instead, a defendant must be able to point to identifiable facts or circumstances “on the basis of which an assertion that costs mitigation was causally linked to the overcharge carries a degree of conviction.” A general plea will be liable to be struck out.

In practice, this will be difficult for a defendant at the pleadings stage, as it will not normally have sufficient information about a claimant’s business operations. A defendant may know of specific circumstances from its own commercial dealings with the claimant, or have knowledge of the claimant’s interactions with other suppliers, but this will be quite rare. Alternatively, documents provided during disclosure may suggest there has been such mitigation. Defendants may be able to rely on these documents to amend their pleading (if the court does not consider it too late to do so), or they may support specific disclosure requests.

While the factors that will make such a plea more plausible will vary from case to case, the CAT suggested the defence might more likely arise: (i) where the overcharge can be shown to represent a significant proportion of the claimant’s overall costs, thereby triggering an internal response, (ii) the nature and/or amount of the overcharge is known to the claimant, (iii) it could be expected to have been relatively easy for the claimant’s business to reduce certain or general input costs in response to the overcharge, and/or (iv) other supplies made to the claimant by the defendant (or its associates) were renegotiated in the period following the overcharge alleged to have been caused by the anti-competitive conduct.

Major Cyber-Attack on Irish Health System Causes Commercial Concern

On May 20, 2021 there was a major ransomware attack on the Irish health system.  The centralized HSE (Health Service Executive) which provides and manages healthcare for the Irish population was targeted on May 14, and has seen significant disruption since.  It has described the attack as a ‘zero-day threat with a brand new variant of the Conti ransomware.’

The attack has been attributed to a Russian criminal group based in the St. Petersburg area, Wizard Spider.  This group of 80 hackers is believed responsible for the attack earlier this year on FatFace, the UK retailer who is reported as having paid a ransom of £1.45m.  The Minister with responsibility for eGovernment has described it as “possibly the most significant cybercrime attack on the Irish State”  and the Taoiseach (head of government) has repeatedly stated that the State will not pay a ransom.

It appears likely that the attack may have emanated from a phishing campaign exploiting the current stresses on healthcare workers and the Coving remote working structures in place across circa 80,000 HSE devices.  Emergency departments and urgent care centers remain operational as do many hospital services, however delays are accumulating.

In addition to patient files, the data stolen also includes HSE internal files, reportedly including on equipment purchase and minutes of meetings.  Contractors to the HSE may be impacted and their commercial arrangements potentially at risk of disclosure.  So far, the Financial Times has claimed it has seen screenshots of 27 HSE files released on the dark web in recent days.  The media attention has, to date, been on the human side (the 27 files disclosed so far include 12 patient files) more so than on the potential for commercial disclosures.  The issue is an evolving one as the hackers seek to pressure the Irish governments non-payment of ransom position.  They are now believed to have issued a deadline on May 24 for payment of the ransom.

The HSE have included the following information for suppliers in their overall health service disruption notice.

Information for HSE suppliers and contractors

The HSE have included the following information for suppliers in their overall health service disruption notice (available here):

“The HSE is experiencing difficulty with the communication of Purchase Orders to all Suppliers and Contractors due to the recent cyber-attack on HSE systems. An interim approach to support the processing of Purchase Orders is presently underway and updates in this regard will be posted here as available. The continued understanding and support of all Suppliers and Contractors is greatly appreciated during these unprecedented times.”

The National Cyber Security Centre, which is currently involved in the investigation and management of the incident, has issued an alert stating it is monitoring other networks to address the risk of further attacks (available here).  It also advises a useful short and snappy set of measures to be taken in the event of an attack.

European Commission Proposes New Artificial Intelligence Regulation

In April 2021, the European Commission released its proposed Regulation Laying Down Harmonized Rules on Artificial Intelligence (the “Regulation”), which would establish rules on the development, placing on the market, and use of artificial intelligence systems (“AI systems”) across the EU. The proposal, comprising 85 articles and nine annexes, is part of a wider package of Commission initiatives aimed at positioning the EU as a world leader in trustworthy and ethical AI and technological innovation.

The Commission’s objectives with the Regulation are twofold: to promote the development of AI technologies and harness their potential benefits, while also protecting individuals against potential threats to their health, safety, and fundamental rights posed by AI systems. To that end, the Commission proposal focuses primarily on AI systems identified as “high-risk,” but also prohibits three AI practices and imposes transparency obligations on providers of certain non-high-risk AI systems as well. Notably, it would impose significant administrative costs on high-risk AI systems of around 10 percent of the underlying value, based on compliance, oversight, and verification costs. This blog highlights several key aspects of the proposal.

Definition of AI systems (Article 3)

The Regulation defines AI systems as software using one or more “techniques and approaches” and which “generate outputs such as content, predictions, recommendations or decisions influencing the environments they interact with.” These techniques and approaches, set out in Annex I of the Regulation, include machine learning approaches; logic- and knowledge- based approaches; and “statistical approaches, Bayesian estimation, [and] search and optimisation methods.” Given the breadth of these terms, a wide range of technologies could fall within scope of the Regulation’s definition of AI.

Territorial scope (Article 2)

The Regulation would apply not only to AI systems placed on the market, put into service, or used in the EU, but also to systems, wherever marketed or used, “where the output produced by the system is used in the Union.” The latter requirement could raise compliance challenges for suppliers of AI systems, who might not always know, or be able to control, where their customers will use the outputs generated by their systems.

Prohibited AI practices (Article 5)

The Regulation prohibits certain AI practices that are deemed to pose an unacceptable level of risk and contravene EU values. These practices include the provision or use of AI systems that either deploy subliminal techniques (beyond a person’s consciousness) to materially distort a person’s behaviour, or exploit the vulnerabilities of specific groups (such as children or persons with disabilities), in both cases where physical or psychological harm is likely to occur. The Regulation also prohibits public authorities from using AI systems for “social scoring”, where this leads to detrimental or unfavourable treatment in social contexts unrelated to the contexts in which the data was generated, or is otherwise unjustified or disproportionate. Finally, the Regulation bans law enforcement from using ‘real-time’ remote biometric identification systems in publicly accessible spaces, subject to certain limited exceptions (such as searching for crime victims, preventing threat to life or safety, or criminal law enforcement for significant offenses).

Classification of high-risk AI systems (Article 6)

The Regulation classifies certain AI systems as inherently high-risk. These systems, enumerated exhaustively in Annexes II and III of the Regulation, include AI systems that are, or are safety components of, products already subject to EU harmonised safety regimes (e.g., machinery; toys; elevators; medical devices, etc.); products covered by other EU legislation (e.g., motor vehicles; civil aviation; marine equipment, etc.); and AI systems that are used in certain specific contexts or for specific purposes (e.g.; for biometric identification; for educational or vocational training, etc.).

Continue Reading

The Week Ahead in the European Parliament – Friday, May 21, 2021

Next week will be a committee week in the European Parliament.  Members of the European Parliament (“MEPs”) will gather virtually and in person in Brussels.  Several interesting votes and debates are scheduled to take place.

On Tuesday, the MEPs of the Committee on International Trade (“INTA”) will debate on the EU’s trade policy tools addressing the global overcapacity and additional duties in the steel and aluminum sectors.  Currently, the EU has safeguard measures in place which were imposed early 2019 to protect the European market against trade deflection after the U.S. imposed tariffs on steel and aluminum products.  The EU measures are set to expire mid-2021 and the EU must decide soon whether to extend them.  However, on May 17, 2021, the EU and U.S. issued a statement that they will hold talks to discuss solutions for the excess capacity in global steel production and “hold countries like China that support trade-distorting policies to account.”  They also committed not to impose measures that would negatively affect bilateral trade.   The joint statement is available here.

On Wednesday, the MEPs of the Committee in Industry, Research and Energy (“ITRE”) will debate the adoption of a draft report on the establishment of the European High Performance Computing Joint Undertaking (“EuropHPC JU”).  Part of the European Data Strategy, the European Commission proposed to renew the mandate and funding for the EuroHPC JU, which was established in 2018.  The EuroHPC JU is a legal and funding entity that helps the EU, Member States and associated countries to pool their resources and develop innovative supercomputing technologies and applications.  In her report, Rapporteur Maria Carvalho (PT, EPP) proposes to introduce a new “User Forum” with representatives of civil society, industrial and public users, EU social partners, SMEs organizations, etc. to facilitate a permanent dialogue between developers and the users of high performance computing infrastructures.  The draft report is available here.

On Thursday, the Special Committee on Beating Cancer will hold a public hearing together with the Special Committee on Artificial Intelligence on unlocking the potential of artificial intelligence in cancer research.  The committees have invited eight experts from the healthcare sector, academia, and consumer organizations.  The panel discussions will touch on the latest developments and experiences of AI in imaging, detecting and diagnosing cancer, as well as AI in cancer surgery and personalized medicine.  The hearings are part of an Own-Initiative Procedure of the European Parliament under the Rapporteurship of MEP Véronique Trillet-Lenoir (FR, RE) to develop a comprehensive and coordinated strategy to fight cancer in the EU.  The program of the event is available here.

For the complete agenda and overview of the meetings, please see here.

House Competition Bill Advances as Alternative to Senate Legislation

As the newly renamed United States Innovation and Competition Act (USICA) (formerly known as the Endless Frontier Act) is considered on the Senate floor, an alternative competition bill is making its way through the House.  The bipartisan National Science Foundation (NSF) for the Future Act (H.R. 2225) is aimed at strengthening American competitiveness through research and development (R&D) investments and improving science, technology, engineering, and mathematics (STEM) education and training.  Broadly speaking, the two bills are focused on the shared goal of expanding NSF R&D funding to best position the United States on the global stage, but the Senate and House bills contain a few key differences.

Led by House Science Committee Chairwoman Eddie Bernice Johnson (D-TX) and Ranking Member Frank Lucas (R-OK), the NSF for the Future Act’s key provisions include:

  • Creation of a Directorate for Science and Engineering Solutions within the NSF to support use-inspired research, facilitate commercialization of federally funded research, and expand the domestic pipeline of students and researchers in areas of national and societal importance. The Directorate would be responsible for establishing up to five research focus areas that take into account the following societal challenges: climate change, global competitiveness in critical technologies, cybersecurity, national security, STEM education and workforce, and social and economic inequality.
  • Expansion of NSF R&D investments, including in critical research-enabling equipment and infrastructure.
  • Improving STEM education and training, including investments in STEM education programs, expanded data collection on the STEM workforce, supporting policies to encourage mentoring and professional development of graduate students and postdoctoral researchers, and a pilot program to expand opportunities for students attending minority serving institutions.
  • Addressing security risks by requiring researchers receiving federal funding to prepare statements on possible security risks and providing guidance to researchers on training and resources that can be used to better understand and mitigate these risks.

In contrast to the Senate USICA, the House NSF for the Future Act is less costly, which may appeal to some skeptics of the Senate bill who have criticized the bill’s large price tag.  Overall, the House bill authorizes approximately $72.5B to the NSF over five years, as compared to the Senate bill whose latest version clocks in at over $160B over five years.  The USICA also creates a new NSF directorate—the Directorate for Technology and Innovation—but the Senate bill prescribes ten specific “key technology focus areas” while the House bill includes technology but also focuses more broadly on climate change, inequality, national security, and education and workforce issues.

The House has taken steps to advance the NSF for the Future Act, including a recent mark-up in the Subcommittee on Research and Technology of the House Science Committee.  During consideration of the bill, a number of amendments were offered and passed, including provisions to broaden geographic diversity in R&D and address cybersecurity training and workforce development needs.  The Subcommittee unanimously voted to report the bill favorably and it now advances for consideration by the full committee.

Renewed attention to these competition bills as they both make their way through Congress has revealed tensions in the two chambers on how best to accomplish their shared goal.  Representative Ro Khanna (D-CA), who co-sponsors both the House companion bill to the Senate bill (H.R. 2731), as well as the NSF for the Future Act, has expressed optimism that any differences between the USICA and the NSF for the Future Act could be worked out in conference.  Speaker Nancy Pelosi (D-CA) has directed committees to work on a direct House alternative to the Senate competition bill and committees are engaging in that process now.  The Senate is expected to vote on final passage of the USICA before the Memorial Day recess.  It will then be up to the House to pass its own alternative bill before the conferencing process can begin or to take up the Senate passed bill if it does, in fact, pass next week.

OCC to Reconsider June 2020 Community Reinvestment Act Final Rule

On Tuesday, May 18, 2021, the Office of the Comptroller of the Currency (“OCC”) announced that it will reconsider its June 5, 2020 final rule (“final rule”) overhauling its regulations implementing the Community Reinvestment Act (the “CRA”).  The final rule, which applies only to national banks, federal savings associations, and insured federal branches (“OCC-regulated banks”), made the first major revisions to CRA regulations in nearly twenty-five years and would have established new general performance standards based on more quantitative measures of CRA performance than the tests set forth in existing CRA regulations.  Our client alert summarizes key aspects of the final rule.

In connection with this announcement, the OCC also stated it will not object to OCC-regulated banks opting not to prepare for the provisions of the final rule that have a compliance date of January 1, 2023, or January 1, 2024.  Additionally, the agency will not implement or rely on the evaluation criteria in the final rule relating to (i) quantification of qualifying activities, (ii) assessment areas, (iii) general performance standards, (iv) data collection, (v) recordkeeping, and (vi) reporting.

Moreover, the OCC announced that it does not intend to finalize the December 4, 2020 notice of proposed rulemaking requesting comment on the evaluation measure benchmarks, retail lending distribution test thresholds, and community development minimums under the final rule’s general performance standards.  The OCC also discontinued its December 15, 2020 notice and request for comment seeking bank-specific CRA data, which the OCC would have used to determine these metrics under the final rule.

The OCC will continue to implement the provisions that had a compliance date of October 1, 2020.  For example, the agency will continue to publish lists of distressed and underserved areas based on the final rule definitions and provide bank type determinations based on the final rule’s asset thresholds.  In addition, the agency will accept requests for confirmation of activities qualifying for CRA credit under the final rule.

The OCC’s determination to reconsider the final rule comes as Michael Hsu steps in as Acting Comptroller of the Currency (see our blog post on this appointment).  In his opening statement before a House Committee on Financial Services hearing on May 19, 2021, Acting Comptroller Hsu identified three specific concerns with the final rule:  (i) circumstances have changed as a result of the COVID-19 pandemic, and the agencies should consider amending CRA regulations in light of the disproportionate impact of the pandemic on vulnerable groups; (ii) the public has provided valuable feedback in response to the Federal Reserve’s September 2020 advance notice of proposed rulemaking on CRA reform (which we summarized in a client alert); and (iii) the OCC has learned lessons through its partial implementation of the final rule.

Based on the outcome of the OCC’s review, Acting Comptroller Hsu stated that “all options are under consideration” – including rescinding or revising the final rule, and working with the other banking agencies on a joint CRA reform proposal.