• Data Encryption Protocols. Ensure that targets have strong protocols for data encryption, anonymization and secure storage. • AI Training. Review how AI training materials and other data are developed (e.g., scraping of websites) and individuals’ consent for the use of data, including in AI databases. • AI Transparency. Assess the target’s AI systems’ transparency and accountability mechanisms, ensuring they are designed with privacy and security in mind. • AI Bias. Understand processes that are in place to protect against inherent bias in training materials and the potential for “hallucinations” in AI output. Once an investment is made, PE sponsors should encourage management teams to embrace a culture of data privacy and security within portfolio companies, emphasizing regular audits, assessments prior to rolling out new use cases, employee training and a proactive approach to identifying and addressing potential vulnerabilities (e.g., via regular penetration and vulnerability tests). These steps should help investors mitigate risks post-transaction and demonstrate responsible and impactful investment in what will be a radically transformed future of healthcare. 7. The Federal Corporate Transparency Act: Impact on PE BY CHRIS CLIMO, RINEY GREEN & RYAN THOMAS The Corporate Transparency Act (CTA) became effective January 1, 2024. It requires corporations, limited liability companies and limited partnerships operating in the United States to provide certain identifying information about any individuals who are an entity’s major owners and senior officers to the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). These new reporting requirements will add administrative burden and may require reporting companies to invest additional dollars in human capital to comply with such requirements in 2024. Under the CTA, a business (called a “reporting company”) that does not qualify for one of 23 specific statutory exemptions must submit a confidential online report to FinCEN disclosing certain unique identification details (name, date of birth, residential address and driver’s license or passport image and number) regarding each individual who is defined as a reporting company’s “beneficial owner.” The CTA classifies a beneficial owner as any individual who either owns or controls, directly or indirectly, at least 25% of a company’s ownership interests or exercises “substantial control” over a company. By FinCEN regulation, a reporting company’s “senior officers” are deemed to be “beneficial owners.” The “substantial control” test of beneficial ownership will present challenging interpretive issues and administrative hurdles as companies strive to comply with the CTA’s new reporting obligations. Willful non-compliance with the CTA reporting obligations can lead to civil and criminal monetary fines (up to $10,000) and imprisonment (up to two years) for individuals and companies. FinCEN has recently announced that companies should “consider putting in place mechanisms” to ensure compliance with the CTA disclosure obligations. PE organizations and sponsors that currently file an annual Form ADV with the Securities and Exchange Commission (SEC) (typically PE groups with aggregate portfolio company investments valued in excess of $150 million) will be entitled to CTA exemptions (available to SEC-registered investment advisers and certain “pooled investment vehicles”) for many of their affiliated investment funds, general partner and management entities listed on their Form ADV. It’s less likely, however, that the investment fund, general partner and management entities affiliated with smaller-sized PE organizations that don’t qualify for “venture capital” treatment under SEC regulations will be eligible for an exemption from the CTA disclosure obligations unless any of those entities separately meets the criteria for the “large operating company” exemption.
6 | BASS, BERRY & SIMS
Powered by FlippingBook