Consilium agrees position on IFR and IFD – moving to a new prudential regulatory regime for investment firms

by Dentons


What’s happening and why now?

On January 7, 2019 the Council or “Consilium” of the European Union, which is part of the EU bicameral legislature and represents the executive governments of the EU’s Member States, announced1 that it had endorsed the European Commission’s (the Commission) legislative proposals for prudential requirements for investment firms: the Investment Firms Regulation (IFR) and the Investment Firms Directive (IFD), originally proposed December 2017. The aim of the proposals is to create a new, simpler and more risk-sensitive prudential capital regime for MiFID Investment Firms built around quantitative metrics, called “K-Factors,” that define regulatory capital levels in a more proportionate manner than existing rules (CRR/CRD IV), which were drafted with the banking sector in mind and which are themselves subject to reform work during 2019 in the form the EU’s “Banking Package” i.e. CRR 2/CRD V, SRMR 2 and BRRD 2. The IFR/IFD framework makes a number of technical amendments to CRR/CRD IV as well as the MiFID II/MiFIR frameworks, including in respect of general rules on third-country access and extraterritorial application of principles of EU financial services law (or supervisory outcomes) to such third-country firms. It remains to be seen, given all the other tabled amendments to that framework whether the EU will publish a fully consolidated version reflecting all changes in the pipeline. 

This Client Alert provides an overview of the Consilium’s tabled changes and how the 6,000+ firms affected by the IFD and IFR, notably those that provide “bank-like” activity will be regulated for prudential capital purposes. While some smaller firms may not face much change, it is those “Class 1” firms, i.e., those that provide “bank-like” services and which are domiciled in or operating through the Eurozone and its Banking Union that may, in addition to higher prudential capital requirements, also become subject to supervision by the European Central Bank (ECB) in its role at the helm of the Single Supervisory Mechanism (SSM) either due to their size or pursuant to a supervisory decision in accordance with Art. 4(a) IFD – the introduction by the Consilium of that power is also in keeping with how the ECB-SSM can decide to include specific entities within its supervisory remit. 

This Client Alert should be read in conjunction with the first part of our Eurozone Hub’s coverage on this development.2 Key changes and likely further developments are highlighted herein. In terms of the legislative process, the Consilium’s agreed position on IFR/IFD3 will now be finalized between the Council and the Parliament (the former have already voted on its position on September 24, 2018) presumably prior to the European Parliamentary elections in May 2019. This would mean that the IFR/IFD Regime would enter into force by mid to late 2019 at the earliest with a new five-year transition period allowing affected firms time to transition. With all that is set to be advanced additionally in the EU’s regulatory and supervisory pipeline, as flagged in our earlier coverage, many firms may want to take early pre-emptive action either to source new regulatory capital or to put in place arrangements to limit risks that could flow into the K-Factors. This forward planning may lead to firms looking at rearranging regulated activities and who does what and where. 

What is certain is that the IFR/IFD framework will also change the supervisory tone of national competent authorities (NCAs) as well as the ECB-SSM, as the IFR/IFD introduces much more prescriptive requirements on cooperation and data-sharing between authorities as well as cross-border supervisory inspections. This would mark a major departure and shift in how supervision is administered in practice for MiFID Investment Firms and begin to move much closer to reflect the current set-up of the ECB-SSM, including a greater sharing of supervisory data with monetary authorities, including in their financial stability as well as payment and settlement systems oversight roles. 

What does the IFR/IFD aim to create?

In summary, the IFR/IFD framework aims to create a more risk-focused regime that is tailored and reflective of the activities of an Investment Firm rather than to continue to treat all Investment Firms in an identical fashion pursuant to CRR/CRD IV. Two core concepts that change how current prudential requirements apply to Investment Firms are at the heart of the proposal:

1. Creating classes of Investment Firms

These can be distinguished between those that are:

  • Class 1 Firms = systemic firms that undertake “bank like activity” and which will be reclassified as credit institutions and continue to be subject to the full CRD IV/CRR Framework, as amended by the EU’s Banking Package and for the Banking Union, how those rules are applied by the SSM. The IFR/IFD regime will not apply to Class 1 Firms.
  • Class 2 Firms = other non-systemic Investment Firms whose activity places these above quantitative thresholds that are used to categorize Class 3 entities.
  • Class 3 Firms = smaller and non-interconnected entities to which a simplified version of the regime applies.

2. Setting of capital requirements in a manner that is more proportionate to the risks specific to the Class of Investment Firms. The “Class” that an Investment Firm will fall into will trigger the relevant minimum amount of regulatory capital levels.

3. Standardizing relevant conduct of business obligations, supervisory tools and internal model governance. All Classes of Investment Firm are required to comply with additional conduct of business requirements—predominantly internal governance, risk management, reporting, remuneration and other conduct of business matters that seem to be duplicative of measures already legislated for in MiFID II/MiFIR (or to a certain degree CRR/CRD IV) as well as other legislation. The key difference is that the IFD, where the bulk of these requirements are stipulated, tasks the EBA and ESMA to publish Guidelines setting out further compliance expectations.  The IFD also sets out how the EU’s Supervisory Review and Evaluation Process (SREP), an integral part of the supervisory cycle, will be applied to firms in scope of the IFR/IFD. Similar rules are set out in how competent authorities review investment firms’ compliance with permissions to use internal models, given the ECB-SSM’s own efforts in expanding—while also streamlining—how these parts of the Single Rulebook are applied to BUSIs, it is conceivable that some of the lessons learned and supervisory principles and processes could be mapped over to how the new IFR/IFD framework might be applied to firms. 

The allocation to a specific Class is driven by both the type of MiFID Investment Activity pursuant to MiFID II/MiFIR (i.e., qualitative consideration) and the K-Factor values (i.e., quantitative considerations). For many firms, especially for so called “exempt CAD” advisory firms such as those relocating from the UK, the initial capital could go from EUR 5,000 to 75,000. For the breadth of other Investment Firms, the increases could go from EUR 50,000 to 75,000, possibly 150,000 up to a maximum of EUR 5 million for so-called Class 1 Investment Firms and/ or credit institutions. Those dealing on own account and  (and the key word is “and”) underwriting of financial instruments will have initial capital set at EUR 750,000. 

In short, K-Factors are clearly costly in terms of increased own fund requirements but will also likely be costly in terms of investment in systems and resources needed to identify, mitigate and manage risks generally as well as those specifically relevant to the K-Factors. A number of affected firms will most likely look to recoup the costs elsewhere.

The following presents an overview of the K-Factors, which have been grouped into three categories, reflecting three risk types:

K-Factor Type Overall K-Factor(s).4 Description
Changes made by the Consilium proposal set out in bold and italic

Risk to Client (RtC)


Assets under management - under both discretionary portfolio management and non-discretionary (advisory) arrangements that are of an “on-going nature.”

The Consilum proposal introduces and defines the term “investment advice of an on-going nature” as “investment advice involving a continuous or periodic assessment of a client portfolio of financial instruments on the basis of a contractual arrangement.”

The definition of “financial instrument” was amended to that of MiFID II from CRD IV.

Moreover, the revisions also call for AUM to be calculated on the first as opposed to within the first 14 business days of each calendar month.


Client money held.

Moreover, the revisions also call for CMH to be calculated over a six-month as opposed to a three-month horizon, and in the case of missing actual data use proxies by reference to the data supplied as part of the license application.


Assets safeguarded and administered.

The Consilium’s revisions also call for AUM to be calculated on the first as opposed to within the first 14 business days of each calendar month.


Client orders handled - execution only in name of customer and reception and transmission of orders.

Risk to


Net position risk - based on the market risk requirements of the CRR II Proposal and made appropriate for investment firms (only applicable to trading book positions).


The Consilium proposal amends this substantially from: Clearing member guarantee – amount of initial margins posted with a clearing member, where the execution and settlement of transactions of an investment firm dealing on own account take place under the responsibility of a general clearing member.

To: “Clearing margin given to the amount of total margin required by a clearing member or qualifying CCP, where an execution and settlement of transactions of an investment firm dealing on account take place under the responsibility of a clearing member.”

Moreover, the Consilium proposal defines “clearing member” with reference to EMIR but limits it those undertakings that are established in an EU Member State. This may have some spillover effects on various clearing relationships/documentation.

Risk to Firm (RtF)


Daily trading flow - value of transactions where the firm is trading on own name (on own account or in execution of client orders) (only applicable to trading book positions.)


Trading counterparty default - based on the BCBS proposals for counterparty credit risk and simplified for investment firms (only applicable to trading book positions.) Takes into account OTC derivatives, “long-settlement transactions,” “repurchase transactions” (repurchase and reverse repurchase transactions that are Securities Financing Transactions for the purposes of the same named Regulation - SFTR), and “securities or commodities lending or borrowing transactions.”

Changes proposed by the Consilium explicitly now reference “Securities Financing Transactions” for the purposes of the SFTR as well as “loans granted by the investment firm on an ancillary basis as part of an investment service” – and this would cover a breadth of activity of non-SFTR covered margin lending as well as prime brokerage related credit facilities.


Concentration - taking inspiration from the CRR large exposures regime for trading book and simplified for investment firms (only applicable to trading book positions.)

What are the Consilium’s changes to the proposed K-Factors and the “other” obligations?

The Consilium’s proposed changes, including as set out in the table above, provide technical clarifications to the various K-Factors and “other” obligations set out in the IFR/IFD, namely that:

1. A much more refined approach to defining which Investment Firms will be treated as Class 1 Firms than under the previous proposal. This includes those that are authorized and supervised pursuant to MiFID II to carry out any of the activities of:

  • Dealing on own account; or
  • Underwriting of financial instruments and/or placing of financial instruments on a firm commitment basis,

and where:

  • The total value of the “consolidated assets of the investment firm” exceeds EUR 15 billion, calculated as an average of the last 12 consecutive months and excluding the value of individual assets of any subsidiaries carrying out the activities in point 1 are established outside the EU; or
  • The total value of the consolidated assets of the Investment Firm is less than EUR 15 billion, and the Investment Firm is part of a group in which the total value of the consolidated assets of all undertakings in the group that carry out any of the activities in points 1 (a) and (b) exceed EUR 15 billion, calculated as an average of the last 12 consecutive months and excluding the value of individual assets of any subsidiaries carrying out the activities in point 1 established outside the EU; or
  • The Investment Firm, which must have a total value of consolidated assets exceeding EUR 5 billion as an average of the last consecutive 12 months) is subject to a decision by the competent authority (NCA or ECB-SSM) pursuant to Art. 4(a) IFD taking it into scope of the IFR/IFD framework as a Class 1 Firm.  A decision may be granted if there are grounds to suggest that not supervising it as a Class 1 Firm could lead to at least any of the following: the potential for systemic risk in the event of the firm’s failure, its roles as a clearing member or on the basis of the complexity of the nature of the firm and its interconnectedness with the financial system including the significance of its cross-border activities.5We would imagine that Art. 4(a) IFD measure will be the primary means of bringing MiFID Investment Firms that are connected to BUSIs into the scope of Banking Union supervision.

The above does not apply to any of the following:

  1. A “commodity and emission allowance dealer”
  2. A “collective investment undertaking” – and one assumes this applies to the management company
  3. An insurance undertaking – it is not clear whether this also applies to reinsurance undertaking or any other firm covered by Solvency II or the IORPS 2 Directive i.e. pension funds – where not covered by a collective investment undertaking.

2. In borrowing from the concepts of threshold triggers, as introduced say by EMIR, Investment Firms are required to notify the competent authority, which may be a NCA plus the ECB-SSM, without undue delay where it breaches the threshold. A Class 1 Firm which no longer meets the thresholds over a period of 12 consecutive months, or where a competent authority decides it no longer meets the thresholds will be downgraded to a Class 2 Firm.

3. The Consilium’s proposals in the IFR welcomingly also permit prudential consolidation in accordance with existing EU principles, either on the basis of applying for a consolidated treatment or a waiver. This means that Art. 5 IFR would permit certain entities that are part of a group subject to consolidated supervision or themselves the parent undertaking of the group may “benefit” from consolidated prudential regulatory treatment. New additions in Art. 7 IFR require, in keeping with the CRR/CRD IV regime, that both the parent undertaking and the subsidiaries set up a “proper organization structure and appropriate internal control mechanisms to ensure that data required for consolidation are duly processed and forwarded.”

4. The change to the terminology in RtC from “Customer” to Client would suggest that this is not just relevant to “Retail Clients” but applies to a much wider base.

5. Changes to the K-CMG factor are fundamental in nature and may redefine both the quantitative prudential requirements but also have qualitative impact that requires redocumenting arrangements and relationships.

6. Client money that is deposited with a bank account or a custodian in the name of the client but where the investment firm has access to these funds via a “third party mandate” will not count towards the K-CMH factor i.e. the client money held. The issue with this change is that it is unclear as to what constitutes a “third-party mandate”.

7. The K-RtM factor i.e. risk to market indicator for Investment Firms which deal on own account is based on the rules for market risk for positions in financial instruments, in foreign exchange and in commodities in accordance with CRR (as amended by CRR 2).  The original proposed wording had permitted that firms could apply the CRR Standardized Approach if under a EUR 300 million threshold. This threshold has been eliminated so that firms can pick to apply the CRR Standardized Approach, the Revised Standardized Approach or the use of Internal Models.

8. Changes in the IFD introduce requirements that facilitate information sharing between the relevant competent authorities, often in other Member States, as to the operations of the Investment Firm, clearing member and/or CCP.

9. “Small and non-interconnected” i.e. Class 3 Investment Firms are to be exempted from the requirement to hold one third of their fixed overheads requirements in liquid assets, and the corresponding haircuts on the Commission Delegated Regulation on the Liquid Coverage Ratio. Those non-exempted “small and non-interconnected firms” and those which are not licensed to carry out trading or underwriting activities are permitted to include items related to trade debtors and fees or commissions receivable within 30 days as liquid assets, provided they do not exceed one-third of the minimum liquidity requirement, do not count towards additional liquidity requirements set by a NCA and are subject to a 50% haircut.

10. The Consilium also makes relevant changes in the definition of an “ancillary services undertaking” which now means an undertaking the principal activity of which consists of owning or managing property [undefined term], managing data-processing services or a similar activity which is ancillary to the principal activity of one or more investment firm.” This raises a number of questions as to whether it may cover a wider set of business that may historically be outside the scope of the EU’s financial services regulatory perimeter.

11. In order to ensure that the refined definition of “Trading Book,” which now includes financial instruments and commodities (it is unclear whether physical commodities) held by an investment firm (we assume “held” includes custody and other arrangements including when (sourced) on loan) either with trading intent or in order to hedge positions held with trading intent, the Commission proposal defines “positions held with trading intent” which includes any of the following:

  • Proprietary positions and positions arising from client-servicing and market-making
  • Positions intended to be resold short-term
  • Positions to benefit from actual or expected short-term price differences between buying and selling price differences or from other price or interest rate variations.

12. The Consilium’s proposed changes also amend the counterparty type specific risk factors that apply to various types of entities—notably exposures to central governments, central banks and public sector entities are no longer risk free. Other “refinements” include changes to how the replacement costs of certain transactions are treated, including securities financing transactions where both legs of the transactions are securities.

13. In order to prevent anti-avoidance and regulatory arbitrage, competent authorities (NCAs and ECB-SSM) are instructed to “endeavor to avoid situations where Investment Firms would structure their operations to avoid the thresholds set in [the IFR], or to unduly limit [the competent authorities] discretion to subject [the Investment Firms] to the requirements of the [CRR/CRD IV Framework]” and thus categorize those as Class 1 Firms.

14. The Consilium has also revisited the requirements for NCAs to monitor and require the public disclosure of the remuneration arrangements of “high earners.” These were already quite detailed, and the Consilium deleted reference to details permitting those arrangements be published on an aggregate as opposed to a more granular basis. While the IFR is clear that Investment Firms should disclose their levels of regulatory capital publicly, their prudential requirements, their governance arrangements as well as their remuneration policies and practices, it will remain to be seen whether affected firms (primarily Class 2 and Class 3 that issue financial instruments that qualify as AT 1 for capital purposes will find grounds to dispute this requirement.

15. The EBA and ESMA are also tasked to maintain a list of “all forms of funds or instruments in each Member State that qualify as such own funds.”

16. The Consilium also makes changes to Part 7 of the IFR requiring that Class 1 and Class 2 Investment Firms report to the competent authorities on a quarterly basis. Class 3 firms may, subject to available derogations, report annually rather than quarterly. The original requirement was for regulatory reporting on level of composition of own funds, capital requirements (incl. calculations), balance sheet and revenue breakdown by investment services and applicable K-Factor, liquidity requirements and concentration risk was to be disclosed annually.  All firms are required to report annually their concentration risks in respect of various exposures on an individual and aggregate basis.

How do the Consilium’s changes affect the EU’s equivalence regime

In limited cases the European Commission may grant an “Equivalence Decision” communicating that, in its assessment the regulatory and/or supervisory regime of a non-EU country i.e. a “third-country” such as the UK post-Brexit is (fully or partially) equivalent to the corresponding EU regime. Equivalence Decisions, under current rules, may be withdrawn at short notice, even if granted for an indefinite period, and the European Commission is strengthening generally how it reviews, assesses and grants or withdraws its Decisions. If a third-country’s entirety of parts of its supervisory framework or authorities are deemed equivalent, then a third-country entity may benefit from “comparably” relaxed rules of access to EU financial markets.  Changes by the Consilium to the IFR clarify that an equivalence decision for firms subject to the IFR/IFD framework should:

“…consider specific prudential, organizational or business conduct requirements as equivalent only where the same effect is achieved… the Commission may, where appropriate adopt equivalence decisions limited to specific services and activities or categories of services and activities…” as listed in Section A of Annex 1 of MiFID II.

More interestingly, the Consilium uses the IFR to amend the last sub-paragraph of Article 46(4) MiFIR that permits third-country access rights using national regimes in the absence of a Commission Equivalence Decision. The proposed changes confirm existing rules that limit third-country entities (with or without branch) to only being able to provide investment services or perform investment activities together with ancillary services to MiFID eligible counterparties and professional clients – as opposed to retail clients as is currently the case. That being said, this provision would still have to be considered in light of the above and the EU’s prescriptive Supervisory Principles on Relocations (SPoRs),6 which favor compelling firms to establish subsidiaries as opposed to rely on this provision.

Moreover, the Consilium’s proposed amendments to the IFR/IFD framework further clarifies that the following would not constitute permitted “reverse solicitation” where:

“…without prejudice to intragroup relationships, where a third-country firm, including through an entity acting on its behalf or having close links with such third-country firm or any other person acting on behalf of such entity, solicits clients or potential clients in the [EU] it shall not be deemed as a service provided on the own exclusive imitative of the client. An initiative by such clients shall not entitle the third-country firm to market new categories of investment product or investment services to that client.”

Lastly, the IFR changes proposed by the Consilium cement rules on how ESMA may undertake monitoring and on-site inspections of third-country firms, including coordination with third-country authorities as well as existing EU rules on the supervision of EU branches of third-country institutions where the EU branch is considered as “significant”. The Consilium also proposes that ESMA be tasked with publishing an annual list of third-country branches active in the EU, including the name of the parent entity. This requirement is in addition to the IFD setting out more prescriptive reporting obligations that branches will have to report to NCAs annually in terms of their operations but new data items relating to governance arrangements as well as details on key function holders. We would expect that the ESAs will publish further information on the type and granularity of these new data items.

Extending ESMA’s, EBA’s and NCAs’ MiFIR (temporary) intervention powers to third-country entities?

The Consilium also (oddly) uses the IFR to make amendments to ESMA’s,  EBA’s and NCAs’ current (temporary) intervention powers, which have been used at the time of writing by ESMA and certain NCAs in respect of certain retail options and CFDs (see coverage from our Eurozone Hub) to  apply temporary intervention powers to third-country firms providing services or performing activities in the EU. The extension of powers means that ESMA/EBA/NCAs would be able to withdraw registration or temporarily prohibit or restrict the activities of such third-country entity in a similar fashion as to how such powers may already be applied to EU entities.

Outlook and next steps

The Consilium has introduced a number of fundamental changes to what was already a very complex overhaul of the EU’s prudential capital regime for MiFID Investment Firms. The IFR/IFD is potentially more “sophisticated” in how firms can, once they factor in which Class they belong to, calculate their prudential requirements. This will likely also mean that firms will want to, regardless of the end-state of the IFR/IFD will already want to:

  • Map and scenario plan what type of Class they might fall into and what Class their counterparties might fall into and set internal barriers to ensure they remain in a given Class and their set prudential regulatory requirements
  • Consider which prudential consolidation measures they might apply for and whether their systems and controls may be deemed to be “suitable” to avail of possibly more favorable treatment
  • Consider whether arrangements need to be put in place to facilitate exchange of data sets as it relates to investment firms, clearing members and/or CCPs
  • Take note that ECB-SSM may, when permitted, streamline the application and also the elimination of national options and derogations introduced by IFR/IFD.

If this proposal stays as is, and we do expect some change (mostly clarifications rather than backtracking)—and we are happy to advise on how to draft that in a sounder manner—then we do foresee that this could shift competition amongst peers in an established sector of intermediaries, investors and pools of capital, liquidity and financial product innovation. This could have a far greater set of unintended consequences than many EU and Eurozone supervisory policymakers may actually desire. That being said, given the (renewed) overarching desire to scrutinize the “non-banking financial sector” (i.e. the sector formally known as “shadow banking”) more closely, the IFR/IFD is, for policymakers, the “perfect” legislative instrument to do just that.

With the breadth of the European System of Financial Supervision i.e. NCAs and European Supervisory Authorities (EBA, ESMA an EIOPA) all scheduled (at some point) to receive greater powers due to a range of related reform initiatives, and with the ECB-SSM’s mandate growing, there is a perception that those institutions would be able to set, agree and then supervise the new IFR/IFD framework and its K-Factors without disagreement. That remains to be seen, especially in light of much more complex calculations and supervisory discussions in a new framework, which is supposed to deliver a prudential regime that is more proportionate to the risks faced and generated by MiFID Investment Firms.

  1. See here.
  2. See the first part of our dedicated coverage on the original proposal in this development from our Eurozone Hub available here.
  3. Additions are highlighted in bold and underline in the following documents:
    1. IFR available here
    2. IFD available here
  4. Relevant components and coefficients not discussed
  5. It remains to be seen whether this concept, which at present is undefined, would follow how the SSM determines significance for the purposes of whether a BUSI is directly or indirectly ECB-SSM supervised. Those criteria are to fulfil at least one of the following or where the ECB-SSM decides it needs to apply high-supervisory standards consistently:
    1. Size – the total value of assets exceeds EUR 30 billion – NB the IFR/IFD thresholds are lower i.e. at EUR 15 billion or 5 billion;
    2. Economic importance – for the specific country or the EU economy as a whole – NB the IFR/IFD has the same criteria;
    3. Cross-border - the total value of its assets exceeds EUR 5 billion, and the ratio of its cross-border assets/liabilities in more than one other Banking Union Member State to its total assets/liabilities is more than 20% - the IFR/IFD does not have this granular level of criteria even if it looks at cross-border exposure; 
    4. Public financial assistance - The BUSI has received direct public financial assistance from the European Stability Mechanism or the European Financial Stability Facility – NB this is not catered for in the IFR/IFD; or
    5.“one of three” – the BUSI is one of the most three significant banks in a particular Member State – NB a conceptual equivalent is not catered for in the IFR/IFD.
  6. Click here for more.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dentons | Attorney Advertising

Written by:


Dentons on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at:

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit
  • New Relic - For more information on New Relic cookies, please visit
  • Google Analytics - For more information on Google Analytics cookies, visit To opt-out of being tracked by Google Analytics across all websites visit This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at:

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.