Richard Manfredi, Author at Gibson Dunn

The Guidance reflects a clear intent on the SFO’s part to tighten enforcement strategy, clarify procedural expectations, and encourage early and responsible engagement from corporates facing potential criminal exposure.

On 24 April 2025, the UK Serious Fraud Office (the SFO) issued new guidance (the Guidance) concerning the self-reporting of suspected offending, expectations around cooperation and the negotiation of Deferred Prosecution Agreements (DPAs).

The Guidance removes ambiguity in some key areas, introduces defined timelines for engagement and reinforces the SFO’s commitment to using DPAs as an enforcement tool where conditions are met. It also, however, leaves a number of open questions, particularly in relation to the timing of self-reports and judicial oversight.

Summary of the Guidance

1. DPAs

The Guidance now explicitly states that corporates which self-report and provide full cooperation will be invited to enter into DPA negotiations.[1] This represents a firm commitment by the SFO, removing the previous uncertainty around the benefits of early disclosure. The Guidance is a strong signal that timely transparency will be met with prosecutorial engagement.

It is important to note, however, that while the SFO may offer to negotiate a DPA, any such agreement must ultimately be approved by a judge. This judicial safeguard remains unchanged and is not explicitly addressed in the Guidance.

2. Self-Reporting: Timing

The Guidance stops short of attempting to define precise thresholds for when corporates should self-report. It states that a report is expected once “direct evidence” of offending emerges.[2] Yet the SFO offers no clarification of what constitutes such evidence. This leaves scope for continued uncertainty, particularly where preliminary findings of any internal investigation of potential misconduct may be incomplete, contested or circumstantial, such as where the availability of relevant defences has not yet been assessed. Corporates must therefore continue to exercise judgment in assessing whether internal red flags rise to a level warranting disclosure.

3. Defined Timelines for SFO Engagement

The Guidance provides clarity on the SFO’s process and timelines around self-reporting. This offers welcome predictability for corporates and reduces uncertainty at a time when corporates may also be facing complex issues and engagement with other internal and external stakeholders.[3]

A response will be issued by the SFO’s Intelligence Division within 48 business hours of a self-report made by the company.
A decision on whether to open an investigation will follow within six months.
DPA negotiations, if appropriate, should conclude within six months of the formal invitation to negotiate.

4. Cooperation: Expectations and Exemplary Conduct

The SFO emphasises that having self-reported and being cooperative are not one and the same.[4] The Guidance provides some non-exhaustive examples of cooperative conduct covering these areas:[5]

Preservation of evidence: Promptly and proactively preserving all digital and hard copy materials that may be relevant to the investigation.
Document identification and disclosure: Identifying and providing relevant documentation, including details of document custodians, material locations, overseas documents within the organisation’s control, potentially relevant third-party materials, and translations of foreign language documents.
Factual presentation: Setting out the facts concerning the suspected criminal conduct, including identification of all individuals involved, both internal and external to the organisation.
Internal investigation protocols: Where an internal investigation is undertaken, engaging with the SFO at an early stage regarding its scope, notifying the SFO in advance of any proposed steps (particularly interviews), providing regular updates and findings, and disclosing non-privileged interview records.
Transparency: Refraining from interviewing employees where requested, and promptly notifying the SFO of any interest or involvement from other regulatory bodies, law enforcement agencies or prosecuting authorities.

The Guidance addresses the issue of legally privileged material, which has been the subject of previous litigation. It states that corporates are not required, as a pre-condition of being considered to be cooperative, to waive legal professional privilege over material. However, it also states that doing so will be a significant cooperative act and weigh strongly in favour of being considered cooperative.[6] The issue of waiver of privilege is fraught with legal risk, and is one to be considered in the context of the implications of such waiver in all relevant jurisdictions where the company may face disputes.

Crucially, the SFO preserves the route to a DPA even where no self-report is made, provided the company subsequently engages in “exemplary cooperation”.[7] This is a high threshold, effectively requiring that the organisation involve the SFO in the internal investigation process from a very early stage and that the organisation fulfil at least all the cooperation steps set out in the Guidance.[8] This may provide a valuable (albeit potentially narrow) second chance for organisations that may have delayed disclosure to achieve a non-prosecution outcome, provided their subsequent conduct meets the requisite standard once the SFO is engaged.

5. Uncooperative Conduct

By contrast, the Guidance also helpfully clarifies what the SFO considers uncooperative conduct. This includes:[9]

Forum shopping: Unreasonably reporting offending to another jurisdiction for strategic reasons.
Exploiting legal disparities: Using differences between international law enforcement agencies or legal systems.
Lack of Transparency: Concealing individual involvement or the full extent of misconduct.
Delay tactics: Tactically delaying providing information or material.
Obstructive disclosure: Submitting excessive or unnecessarily voluminous material to hamper the SFO’s investigation.

The SFO emphasises that the nature and extent of the organisation’s cooperation is one of many factors which it will take into consideration when determining an appropriate resolution alongside those detailed in the Code for Crown Prosecutors, the Corporate Prosecutions Guidance and the DPA Code.[10]

Some Observations

1. Alignment with Legislative Developments

The Guidance is timely given the imminent introduction of the failure to prevent fraud offence under the Economic Crime and Corporate Transparency Act 2023 (discussed in more detail in our client alert of November 2024). This new offence seeks to make companies criminally liable where a specified fraud offence is committed by a person associated with the company (such as an employee or agent) with the intention of benefitting, for example, the company or its clients. The Guidance appears to reinforce the SFO’s public message that enforcement of this new offence is imminent.

2. Clarity and Certainty

For in-house counsel and compliance professionals, some of the most valuable aspects of the Guidance are its clarity on cooperation and the incentives for early engagement. The defined timelines will help organisations manage expectations and resources more effectively, notwithstanding some measure of lack of definition around “direct evidence”.

3. Global Enforcement Outlook

The publication of the Guidance is particularly noteworthy in the light of recent developments in the US. In February 2025, President Trump signed an executive order suspending enforcement of the Foreign Corrupt Practices Act for 180 days, citing the need to reduce compliance burdens on American businesses. As discussed in our client alert of February 2025, this move represents a shift from the long-held view that international anti-corruption efforts benefit US businesses by creating a level playing field and strengthening the rule of law.

Against this backdrop, the UK appears to be reaffirming its commitment to corporate accountability, particularly in the light of the new International Anti-Corruption Taskforce established by the UK, France and Switzerland in March 2025, which signals a heightened focus on coordinated cross-border enforcement. The SFO’s structured approach may seek to drive more self-reports from corporates that operate across jurisdictions.

A new openness at the SFO?

The Guidance provides welcome clarity on the circumstances in which a corporate may be invited to negotiate a DPA and outlines concrete expectations for cooperation. It removes some ambiguity and reinforces the message that the SFO wants corporates to act early and transparently when faced with suspected offending.

At a recent GIR Live event, SFO Director Nick Ephgrave reinforced this message, emphasising that companies should feel able to rely on the assurances offered in the Guidance: “No ifs, no buts, no maybes, it’s as good a guarantee as you can get; if you come and work with us, we will work with you.” In a more colourful aside, he likened his approach to Margaret Thatcher’s relationship with the leader of the former Soviet Union, adding: “That’s how I like to do business … I’d like you to look at me as the Mikhail Gorbachev of the SFO.” While the Guidance may be more in the nature of glasnost than any major perestroika, it is encouraging that the Director of the SFO is describing himself explicitly and publicly as “a man [companies] can do business with”.[11]

[1] Paragraph 2 of the Guidance.

[2] Paragraph 7 of the Guidance.

[3] Paragraphs 15-17 of the Guidance.

[4] Paragraph 19 of the Guidance.

[5] Paragraph 22 of the Guidance.

[6] Paragraphs 20 and 22 of the Guidance.

[7] Paragraph 19 of the Guidance.

[8] At paragraph 22 of the Guidance, the SFO states: “Corporates which take all these steps are likely to be assessed as providing exemplary co-operation.”

[9] Paragraph 23 of the Guidance.

[10] Paragraph 24 of the Guidance.

[11] See https://globalinvestigationsreview.com/article/look-me-the-mikhail-gorbachev-of-the-sfo-nick-ephgrave.

The following Gibson Dunn lawyers prepared this update: Allan Neil, Patrick Doris, Marija Bračković, and Victor Tong.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of Gibson Dunn’s White Collar Defense and Investigations practice group, or the authors:

Allan Neil – London (+44 20 7071 4296, aneil@gibsondunn.com)
Patrick Doris – London (+44 20 7071 4276, pdoris@gibsondunn.com)
Marija Bračković – London (+44 20 7071 4143 mbrackovic@gibsondunn.com)
Victor Tong – London (+44 20 7071 4054, vtong@gibsondunn.com)

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

This update provides an overview of key class action-related developments from the first quarter of 2025 (January through March).

Table of Contents

Part I reviews decisions from the Fourth and Eighth Circuits affirming the denial of class certification where plaintiffs failed to prove predominance under Rule 23(b)(3);
Part II summarizes a pair of decisions from the Fourth Circuit discussing Article III standing requirements at class certification, ahead of the Supreme Court’s forthcoming decision in Laboratory Corp. of America v. Davis; and
Part III highlights decisions from the Fourth and Ninth Circuits analyzing the enforceability of arbitration agreements.

1. The Fourth and Eighth Circuits Reinforce the Predominance Requirement

In two decisions from the past quarter, federal appellate courts rejected class certification under Rule 23(b)(3)’s demanding predominance requirement.

In Vogt v. Progressive Casualty Insurance Co., 129 F.4th 1071 (8th Cir. 2025), the Eighth Circuit reiterated that claims requiring an individualized look at consumers’ purchasing decisions make “poor candidates for class litigation.” Id. at 1074. The plaintiff bought a van and later learned that the insurance company that sold the van to the dealer had classified it as totaled but had sold it with a clean (rather than a salvage) title. Id. at 1072. The plaintiff brought a putative class action against the insurance company on behalf of purchasers of similarly mistitled vehicles. Id. The Eighth Circuit affirmed the denial of class certification because individual issues of reliance and causation would predominate. Id. The court explained that although “some putative class members bought their vehicles because they understood . . . that the vehicles were free of salvage title restrictions,” others “may have been satisfied with their purchase even if those restrictions applied” because salvage title cars still “have value.” Id. at 1073-74. Vogt illustrates that “common” issues often will not predominate even in cases involving uniform policies and measurable consumer spending.

In Mr. Dee’s Inc. v. Inmar, Inc., 127 F.4th 925 (4th Cir. 2025), the plaintiff companies bought coupon-processing services on behalf of retailers and later filed a putative class action claiming that the defendant had engaged in horizontal price-fixing resulting in higher fees. Id. at 927-28. In affirming the denial of certification for lack of predominance, the Fourth Circuit emphasized that the plaintiffs’ model did not show any impact of higher fees for 32% of the proposed class. “Whatever the resolution of the question posed in” Labcorp, the court concluded, “the presence of 32% of uninjured members in a proposed class [is] much too high” and would inevitably lead to many individualized proceedings. Id. at 933-34.

Mr. Dee’s and Vogt show different sides of the predominance coin—Vogt, for cases where the number of class members that would be subject to individualized proceedings is difficult to estimate, and Mr. Dee’s, where expert modeling provides some estimate of the number of uninjured class members.

2. The Fourth Circuit Discusses Article III Standing of Class Members Ahead of
the Supreme Court’s Decision in Labcorp

In two recent cases, the Fourth Circuit held that putative class representatives and absent class members lacked Article III standing, illustrating the ongoing importance of justiciability issues—especially given that the U.S. Supreme Court is poised to address whether a Rule 23(b)(3) class can be certified when some members of the proposed class lack any Article III injury.

In one case, the Fourth Circuit emphasized that a mere “risk” of economic harm is insufficient to satisfy Article III. In Alig v. Rocket Mortgage, LLC, 126 F.4th 965 (4th Cir. 2025), the plaintiffs sought to represent a class of homeowners who sued a mortgage lender, claiming that the lender shared their estimates of their homes’ market values with appraisers and so made the appraisals they bought “unreliable and worthless.” Id. at 970. The district court certified the class, but the Fourth Circuit reversed, holding that there was no evidence that class members actually did not receive fair or independent appraisals. Id. at 974-75. At best, exposing the appraisers to the homeowners’ estimates created “a risk of influence,” but that risk was not enough to create a concrete injury for standing. Id. at 975 (emphasis added).

Another case from the Fourth Circuit, Opiotennione v. Bozzuto Management Co., 130 F.4th 149 (4th Cir. 2025), reiterated Article III’s requirement that the party seeking relief suffer genuine, concrete harm. The plaintiff, who is over 50, claimed that property management companies discriminated by targeting Facebook ads for housing to users under 50. Id. at 151-52. But the district court dismissed the complaint for lack of standing, reasoning that the plaintiff did not allege that she requested housing information or was personally denied any housing opportunity based on her age. Id. at 154-55. In affirming the dismissal, the Fourth Circuit explained that the plaintiff had alleged that she was a member of a disfavored age group but not that she had suffered any concrete, personal injury due to her age. Id. at 153-56.

These decisions spotlight Article III standing ahead of the Supreme Court’s consideration of the interplay between that fundamental requirement and class actions in Laboratory Corp. of America v. Davis, No. 24-304. In late January 2025, the Court granted certiorari to decide “[w]hether a federal court may certify a class action pursuant to Federal Rule of Civil Procedure 23(b)(3) when some members of the proposed class lack any Article III injury.” Labcorp provides the Court with an opportunity to resolve a long-standing circuit split over how courts should approach the issue of uninjured class members at class certification—as we have discussed here. The Second and Eighth Circuits have applied a bright-line rule prohibiting certification if any members lack standing. The First, Seventh, and D.C. Circuits take a middle-ground approach, permitting certification if the number of uninjured members is “de minimis.” And the Ninth Circuit permits certification even when more than a de minimis number of class members lack standing. The decision in Labcorp is expected by late June.

3. The Fourth and Ninth Circuits Address Arbitrability and Assent

In a pair of recent cases, the Fourth Circuit took different approaches to clauses in arbitration agreements that allow the defendant to unilaterally change the agreement. In Johnson v. Continental Finance Co., 131 F.4th 169 (4th Cir. 2025), the court, applying Maryland law, held that a change-in-terms clause rendered an agreement illusory because such clauses are “so one-sided and vague that [they] allow[ ] a party to escape all of its contractual obligations at will.” Id. at 179. But a few days later, in Meadows v. Cebridge Acquisition, LLC, 132 F.4th 716 (4th Cir. 2025), the court held that a similar change-in-terms clause was not illusory, provided “the modifying party must give reasonable notice of modification.” Id. at 728.

Although there is apparent tension between the two cases, Judge Wynn, who concurred in both, attributed the different outcomes to differences in state law. Meadows, 132 F.4th at 735 (concurrence). Whether a change-in-terms clause is dispositive, in his view, depends on whether the state law views an arbitration provision as a “separate agreement that requires separate consideration in order to be legally formed.” Johnson, 131 F.4th at 182 (concurrence).

The Ninth Circuit also took on a pair of cases involving modern arbitration agreements. In Chabolla v. ClassPass Inc., 129 F.4th 1147 (9th Cir. 2025), the court considered the enforceability of an arbitration agreement formed through a sign-up website. Id. at 1151. The agreement was listed on the Terms of Use page, but this page was provided only as a link on login screens, and the website did not require users to read the terms before subscribing. Id. at 1154. The Ninth Circuit held that the agreement was unenforceable because it lacked reasonably conspicuous notice of and an unambiguous manifestation of assent to the terms. The court emphasized that one sign-up screen was insufficiently conspicuous because the notice was on the “periphery” of the page and that additional screens were ambiguous as to manifestation of assent because they prompted users only to “continue” or “redeem.” Id. at 1157–58.

In another case, Jones v. Starz Entertainment, LLC, 129 F.4th 1176 (9th Cir. 2025), the Ninth Circuit upheld an arbitration provider’s consolidation of thousands of mass individual arbitration demands. Id. at 1178. One plaintiff petitioned to compel individual arbitration in federal court, but the district court denied the petition and the court of appeals affirmed. The Ninth Circuit explained that federal courts had no authority to second-guess an arbitration provider’s interpretation of its rules, including to permit consolidation, and that consolidation did not present the same due process risks as in “class or representative arbitration.” Id. at 1182. The court also called out the obvious strategy behind plaintiffs’ counsel’s attempting to leverage individual arbitration fees to extract a large settlement. Specifically, the panel questioned “the true motivation underlying the mass-arbitration tactic deployed [in the case], which appear[ed] to be geared more toward racking up procedural costs to the point of forcing [the defendant] to capitulate to a settlement than proving the allegations . . . to seek appropriate redress on the merits.” Id.

The following Gibson Dunn lawyers contributed to this update: Jessica Pearigen, Katie Geary, Elizabeth Strassner, Matt Aidan Getz, Wesley Sze, Lauren Blas, Bradley Hamburger, Kahn Scolnick, and Christopher Chorba.

Gibson Dunn attorneys are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Class Actions, Litigation, or Appellate and Constitutional Law practice groups, or any of the following lawyers:

Theodore J. Boutrous, Jr. – Los Angeles (+1 213.229.7000, tboutrous@gibsondunn.com)

Christopher Chorba – Co-Chair, Class Actions Practice Group, Los Angeles (+1 213.229.7396, cchorba@gibsondunn.com)

Theane Evangelis – Co-Chair, Litigation Practice Group, Los Angeles (+1 213.229.7726, tevangelis@gibsondunn.com)

Lauren R. Goldman – Co-Chair, Technology Litigation Practice Group, New York (+1 212.351.2375, lgoldman@gibsondunn.com)

Kahn A. Scolnick – Co-Chair, Class Actions Practice Group, Los Angeles (+1 213.229.7656, kscolnick@gibsondunn.com)

Bradley J. Hamburger – Los Angeles (+1 213.229.7658, bhamburger@gibsondunn.com)

Michael Holecek – Los Angeles (+1 213.229.7018, mholecek@gibsondunn.com)

Lauren M. Blas – Los Angeles (+1 213.229.7503, lblas@gibsondunn.com)

Wesley Sze – Palo Alto (+1 650.849.5347, wsze@gibsondunn.com)

In Cunningham v. Cornell University, the Supreme Court held that “[P]laintiffs seeking to state a [prohibited transaction] claim must plausibly allege that a plan fiduciary engaged in a transaction proscribed therein, no more, no less.” However, the Court cautioned that “[t]o the extent future plaintiffs do bring barebones [prohibited transaction] suits, district courts can use existing tools at their disposal to screen out meritless claims before discovery.”

On April 17, 2025, the Supreme Court issued its decision in Cunningham v. Cornell University, which addresses the pleading requirements for prohibited transaction claims brought under the Employee Retirement Income Security Act of 1974 (ERISA). In Cunningham, the Court confronted the question of whether a plaintiff seeking to bring a claim must plead not only the elements of an ERISA Section 406 prohibited transaction, but also that the exemptions set forth in ERISA Section 408 do not apply. Justice Sotomayor, writing for a unanimous Court, answered this question in the negative, explaining that Section 408 “sets out affirmative defenses, so it is defendant fiduciaries who bear the burden of pleading and proving that a [Section 408] exemption applies to an otherwise prohibited transaction under [Section 406].”[1]

While confirming a relatively low bar for ERISA plaintiffs’ pleading requirements, the Court was also cognizant of the “serious concerns” raised by respondents that, under this standard, “plaintiffs could too easily get past the motion-to-dismiss stage and subject defendants to costly and time-intensive discovery.”[2] The Court emphasized that these concerns “cannot overcome the statutory text and structure” of ERISA but also noted various tools available to the district courts to “screen out meritless claims before discovery.”[3] In a concurring opinion, Justice Alito, with whom Justice Thomas and Justice Kavanaugh joined, encouraged district courts to “strongly consider” using these procedural “safeguards” “to achieve the prompt disposition of insubstantial claims.”[4]

Anticipating that plan sponsors and fiduciaries may have questions about the practical implications of the Court’s Cunningham decision, in this alert, we provide a brief overview of ERISA’s prohibited transaction framework, a summary of the background and key take-aways from the Cunningham decision, and a preview of what may be next for ERISA plan sponsors and fiduciaries after Cunningham.

Background on ERISA’s Prohibited Transaction Provisions

ERISA prohibits plan fiduciaries from causing a plan to enter into certain transactions with parties who may be in a position to exercise improper influence over the plan.[5] Specifically, Section 406 (29 U.S.C. § 1106) provides that, “[e]xcept as provided in [Section 408],” a fiduciary “shall not cause the plan to engage” in certain transactions with a “party in interest.” A “party in interest” is defined to include various entities that administer or support the administration of a plan, including the plan’s administrator, sponsor, officers, and other entities “providing services to [the] plan.”[6]

Examples of prohibited transactions identified in Section 406 include a direct or indirect: “sale or exchange, or leasing of any property between the plan and a party-in-interest;”[7] “lending of money or other extension of credit between the plan and a party-in-interest;”[8] and, “transfer to, or use by or for the benefit of a party in interest, of any assets of the plan.”[9]

The Cunningham case focused specifically on Section 406(a)(1)(C), which bars a plan fiduciary from “caus[ing] the plan to engage in a transaction, if he knows or should know that such transaction constitutes a direct or indirect . . . furnishing of goods, services, or facilities between the plan and a party in interest.”[10] As written, this provision, if construed broadly, could encompass many routine arms-length dealings between a plan and a third-party service provider (such as a third-party recordkeeper, claims administrator, investment manager, etc.) to the plan.[11]

Section 408 (29 U.S.C. § 1108), in turn, enumerates 21 exemptions to the prohibited transactions identified in Section 406. Section 408(b)(2)(A) exempts from Section 406 any transaction that involves “[c]ontracting or making reasonable arrangements with a party in interest for office space, or legal, accounting, or other services necessary for the establishment or operation of the plan, if no more than reasonable compensation is paid therefore.”[12]

The District Court’s and Second Circuit’s Decisions in Cunningham

The Cunningham lawsuit was brought in 2017 by a class of current and former employees of Cornell University who participated in the University’s defined-contribution retirement plans between 2010 and 2016.[13] During this time, Cornell contracted with two third-party service providers to provide recordkeeping services for the plans, which included tracking participants’ account balances and providing account statements, among other services.[14] Cornell compensated the recordkeepers using plan assets.[15] Plaintiffs sued Cornell and its plan fiduciaries alleging, among other claims, that defendants violated Section 406 by causing the plans to engage in prohibited transactions with the two service providers for recordkeeping services for the plans.[16]

Specifically, Plaintiffs claimed that the recordkeepers provided services to the plans and accordingly were “parties-in-interest” under ERISA, and that by allowing the recordkeepers to furnish services to the plans, Cornell engaged in prohibited transactions, unless it could prove an exemption.[17]

Cornell moved to dismiss plaintiffs’ prohibited transaction claims, and the district court granted the motion. The court held that a plaintiff, in addition to pleading the required elements of a prohibited transaction claim under Section 406, must also allege “some evidence of self-dealing or other disloyal conduct.”[18] The district court concluded that plaintiffs had not made that showing, and thus, dismissed their claim.

The Second Circuit affirmed, but on different grounds. The court rejected the district court’s conclusion that Section 406 “demand[s] allegations of ‘self-dealing or disloyal conduct.’”[19] But the court also noted that reading Section 406 in insolation would lead to “absurd results” because it “would appear to prohibit payments by a plan to any entity providing it with any services.”[20] The court held that plaintiffs must plead not only the elements of a prohibited transaction, but also that the applicable Section 408 exemption did not apply to the transaction.[21] And the court found that plaintiffs’ allegations failed to satisfy this standard.[22]

The Supreme Court Reverses and Remands

The Supreme Court granted certiorari in Cunningham to determine “whether a plaintiff can state a claim for relief by simply alleging that a plan fiduciary engaged in a transaction proscribed by [Section 406(a)(1)(C)], or whether a plaintiff must plead allegations that disprove the applicability of the [Section 408(b)(2)(A)] exemption.”[23] And, on April 17, 2025, in a unanimous decision, the Court concluded “that plaintiffs need do no more than plead a violation of [Section 406(a)(1)(C)], and [] therefore reverse[d].”[24]

The Court explained that Section 406(a)(1)(C) imposes a “categorical bar” on transactions that satisfy the three enumerated elements of that provision.[25] Accordingly, the Court held that, “under [Section 406(a)(1)(C)], plaintiffs need only plausibly allege each of those elements of a prohibited-transaction claim.”[26] In contrast, the Court found that Section 408’s exemptions are affirmative defenses because they are “set forth in a different part of the statute” and are “‘writ[ten] in the orthodox format of an affirmative defense.’”[27] Thus, the Court held, the Section 408 exemptions “must be pleaded and proved by the defendant who seeks to benefit from them.”[28]

Importantly, the Court also weighed Cornell’s assertion that “there will be an avalanche of meritless litigation” if plaintiffs need only plead the elements of Section 406 to state a prohibited transaction claim.[29] Although recognizing that Cornell raised “serious concerns” about “meritless litigation” that could “subject defendants to costly and time-intensive discovery,” the Court concluded that those concerns “cannot overcome the statutory text and structure.”[30]

Defendants are not without recourse, however. The Court explained that “district courts can use existing tools at their disposal to screen out meritless claims before discovery.”[31] These tools include invoking Federal Rule of Civil Procedure 7 to require that plaintiffs file a reply to a defendant’s answer and affirmative defenses that “‘put[s] forward specific, nonconclusory factual allegations’ showing the exemption does not apply.”[32] The Court also emphasized that “[d]istrict courts must also, consistent with Article III standing, dismiss suits that allege a prohibited transaction occurred but fail to identify an injury.”[33] And courts also “retain discretionary authority” to expedite or limit discovery to mitigate unnecessary costs and to impose Rule 11 sanctions against parties and counsel who lack a good faith basis for their claims.[34] The Court also recognized ERISA’s cost shifting provision that “gives district courts an additional tool to ward off meritless litigation.”[35]

In a concurring opinion, Justice Alito (joined by Justice Thomas and Justice Kavanaugh) recognized that the Court’s “straightforward application of established rules has the potential to cause . . . untoward practical results.”[36] Justice Alito noted that administrators of ERISA plans will “almost always find it necessary to employ outside firms to provide services the plan needs,” and because those firms become “parties in interest” under ERISA, their service to the plans are unlawful under Section 406, unless one of the exemptions in Section 408 applies.[37] The “upshot” Justice Alito explained, is that “all a plaintiff must do in order to file a complaint that will get by a motion to dismiss under Federal rule of Civil Procedure 12(b)(6) is to allege that the administrator did something that, as a practical matter, it is bound to do.”[38] And, “in modern civil litigation,” Justice Alito continued, “getting by a motion to dismiss is often the whole ball game because of the cost of discovery.”[39] Against this backdrop, Justice Alito encouraged district courts to “strongly consider” insisting that a plaintiff file a reply to an answer that raises one of the Section 408 exemptions as an affirmative defense “and employing the other safeguards that the Court describes” in its opinion to achieve “the prompt disposition of insubstantial claims.”[40]

What’s Next for Plan Sponsors and Fiduciaries

It remains to be seen whether the specter of an “avalanche of meritless litigation” will come to pass. For now, however, the Supreme Court has made clear that plaintiffs need only plausibly plead the three elements of a Section 406 prohibited transaction to survive a motion to dismiss. Plaintiffs need not also plead that a Section 408 exemption does not apply to their claims. As the Cunningham majority opinion and concurrence suggest, this standard may open the door to more claims against plan sponsors and fiduciaries.

Accordingly, sponsors and fiduciaries may want to consider reviewing their service provider agreements to assess whether the services their plans are receiving are necessary and the fees the plans are paying for those services are reasonable. Fiduciaries should also consider documenting their decision-making processes related to plan administration, particularly with respect to service provider selection and monitoring.

Additionally, the Court in Cunningham detailed a series of tools available to plan sponsors and fiduciaries to seek early dismissal of prohibited transaction claims, limit burdensome discovery, and shift the cost of litigating meritless claims to plaintiffs. The Court’s invocation of Rule 7(a)(7) as a potential solution for screening out meritless claims is particularly notable. This rarely used procedure may help defendants dispose of claims early, and without significant discovery. Specifically, Rule 7(a)(7) requires a party, “if the court orders” it, to file “a reply to an answer.”[41] Most commonly used in the context of qualified immunity, this procedure allows defendants subject to barebones claims to test whether plaintiffs can “put forward specific, nonconclusory factual allegations” that establish that an affirmative defense does not apply.[42] As the Supreme Court explained in Crawford-El v. Britton, the Rule 7(a)(7) reply mechanism, together with motions for a more definite statement under Rule 12(e), are the “two primary options” for resolving predicate issues like the application of an affirmative defense “prior to permitting discovery at all.”[43] However, even if a court ultimately decides that discovery is warranted, defendants could still pursue an order bifurcating discovery and potentially also an early dispositive motion targeting the claims. After Cunningham, these procedures may become part of a standard toolset for sponsors and fiduciaries defending prohibited transaction claims.

Finally, it is worth noting that the Cunningham decision does not purport to limit or otherwise relax the well-established pleading standards under Twombly and Iqbal. Thus, plaintiffs seeking to bring prohibited transaction claims must still allege facts that make the claims “‘plausible,’” not merely “‘conceivable.’”[44] The Court’s opinion also does not curtail its directive in Hughes v. Northwestern University that “the circumstances facing an ERISA fiduciary will implicate difficult tradeoffs, and courts must give due regard to the range of reasonable judgments a fiduciary may make based on her experience and expertise.”[45] Plan sponsors and fiduciaries targeted with prohibited transaction claims can and should draw on the Court’s language in Hughes to support dismissal of unmeritorious claims.

[1] Cunningham v. Cornell, No. 23-1007, 604 U.S. ___ (2025), Slip. Op. 1.

[2] Id. at 14.

[3] Id.

[4] Cunningham v. Cornell, No. 23-1007, 604 U.S. ___ (2025), Concurring Op. 3.

[5] 29 U.S.C. § 1106; see also Dept. of Labor, elaws – ERISA Fiduciary Advisor, Are some transactions prohibited? Is there a way to make them permissible?, available at https://webapps.dol.gov/elaws/ebsa/fiduciary/q4d.htm (last accessed Apr. 23, 2025).

[6] 29 U.S.C. § 1002(14).

[7] 29 U.S.C. § 1106(a)(1)(A).

[8] 29 U.S.C. § 1106(a)(1)(B).

[9] 29 U.S.C. § 1106(a)(1)(D).

[10] 29 U.S.C. § 1106(a)(1)(C).

[11] See Cunningham v. Cornell, No. 23-1007, 604 U.S. ___ (2025), Concurring Op. 1-2.

[12] 29 U.S.C. § 1108(b)(2)(A).

[13] Cunningham v. Cornell Univ., 86 F.4th 961, 969 (2d Cir. 2023).

[14] Id. at 970.

[15] Id.

[16] Id. at 970-71.

[17] Id. at 973.

[18] Cunningham v. Cornell Univ., 2017 WL 4358769, at *10 (S.D.N.Y. Sept. 29, 2017).

[19] Cunningham, 86 F.4th at 975.

[20] Id. at 973.

[21] Id. at 975.

[22] Id. at 978–70 (quoting Jones v. Harris Assoc. L.P., 559 U.S. 335, 346 (2010)).

[23] Cunningham v. Cornell, No. 23-1007, 604 U.S. ___ (2025), Slip Op. 6.

[24] Id.

[25] Id.

[26] Id.

[27] Id. at 6, 8 (quoting Meacham v. Knolls Atomic Power Lab’y, 554 U.S. 84, 102 (2008)).

[28] Id. at 8.

[29] Id. at 13.

[30] Id. at 14.

[31] Id.

[32] Id. (quoting Crawford-El v. Britton, 523 U.S. 574, 598 (1998)).

[33] Id. at 15.

[34] Id.

[35] Id.

[36] Cunningham v. Cornell, No. 23-1007, 604 U.S. ___ (2025), Concurring Op. 1.

[37] Id.

[38] Id. at 2.

[39] Id.

[40] Id. at 3 (quoting Crawford-El, 523 U.S. at 597).

[41] Fed. R. Civ. P. 7(a)(7).

[42] Crawford-El, 523 U.S. at 598 (quoting Siegert v. Gilley, 500 U.S. 226, 236 (1991) (Kennedy, J., concurring)).

[43] Id.

[44] See Ashcroft v. Iqbal, 556 U.S. 662, 680 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 547 (2007)).

[45] Hughes v. Nw. Univ., 595 U.S. 170, 177 (2022).

The following Gibson Dunn lawyers prepared this update: Eugene Scalia, Karl Nelson, Ashley Johnson, and Jennafer Tryck.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Labor & Employment or Executive Compensation & Employee Benefits practice groups, or the authors:

Labor & Employment:

Eugene Scalia – Washington, D.C. (+1 202.955.8673, dforrester@gibsondunn.com)
Jason C. Schwartz – Washington, D.C. (+1 202.955.8242, jschwartz@gibsondunn.com)
Katherine V.A. Smith – Los Angeles (+1 213.229.7107, ksmith@gibsondunn.com)
Karl G. Nelson – Dallas (+1 214.698.3203, knelson@gibsondunn.com)
Ashley E. Johnson – Dallas (+1 214.698.3111, ajohnson@gibsondunn.com)
Jennafer M. Tryck – Orange County (+1 949.451.4089, jtryck@gibsondunn.com)

Executive Compensation & Employee Benefits:

Michael J. Collins – Washington, D.C. (+1 202-887-3551, mcollins@gibsondunn.com)
Sean C. Feller – Los Angeles (+1 310.551.8746, sfeller@gibsondunn.com)
Krista Hanvey – Dallas (+1 214.698.3425, khanvey@gibsondunn.com)

As companies prepare to go public, the need for strong enterprise risk management (ERM) and financial reporting systems becomes critical for long-term success. Please join us for a presentation that provides a comprehensive guide to navigating the IPO process with an emphasis on establishing effective risk management strategies and robust financial systems. Attendees will gain insights into key considerations for planning and implementing enterprise risk management (ERM) frameworks and financial reporting systems that align with public company requirements.

This presentation is ideal for general counsel, legal professionals, corporate executives, and legal teams involved in the IPO process. It offers practical, legally focused strategies to ensure regulatory compliance and reduce risk exposure as companies transition to public markets.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hour, of which 1.0 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact CLE@gibsondunn.com to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour in the General Category.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

PANELISTS:

Andrew Fabens is a partner in the New York office of Gibson, Dunn & Crutcher. Mr. Fabens serves as co-partner in charge of the New York office, co-chair of Gibson Dunn’s Capital Markets Practice Group and is a member of Gibson Dunn’s Securities Regulation and Corporate Governance Practice Group.

Mr. Fabens advises companies on long-term and strategic capital planning, disclosure and reporting obligations under U.S. federal securities laws, corporate governance issues and stock exchange listing obligations. He represents issuers and underwriters in public and private corporate finance transactions, both in the United States and internationally. His experience encompasses initial public offerings, follow-on equity offerings, investment grade, high-yield and convertible debt offerings and offerings of preferred, hybrid and derivative securities. In addition, he regularly advises companies and investment banks on corporate and securities law issues, including M&A financing, spinoff transactions and liability management programs.

Michael J. Scanlon is a partner in the Washington, D.C. office of Gibson Dunn. He is a member of the firm’s Securities Regulation and Corporate Governance, Securities Enforcement, and Corporate Transactions Practice Groups, and has an extensive practice representing U.S. and foreign public company and audit firm clients on regulatory, corporate governance, and enforcement matters.

Michael advises corporate clients on SEC compliance and disclosure issues, the Sarbanes-Oxley Act of 2002, and corporate governance best practices, with a particular focus on financial reporting matters. He frequently represents both accounting firms and public company clients on SEC and PCAOB accounting and auditing matters, including financial statement materiality and restatement issues, internal control issues, auditor independence, and other accounting-related disclosure issues. Michael has represented large accounting firms in enforcement investigations conducted by the SEC, PCAOB, and state accountancy boards. He also is experienced in conducting internal investigations involving accounting irregularities for management, audit committees, and other Board committees, and represents clients on these matters before the SEC. Michael also represents several public company boards of directors and audit committees, as well as not-for-profit organizations, with respect to corporate governance and other compliance matters.

Patty Holman is a partner in the Orange county office of Deloitte in the Accounting & Reporting Advisory services practice.

Patty has extensive experience working with public and private companies of all sizes, serving as a trusted business advisor to leaders in the accounting and finance departments. She primarily focuses IPO readiness gap assessments and IPO execution services, mergers & acquisitions-related accounting and reporting, technical accounting, and SOX (internal controls) readiness and co-sourcing. Her experience covers a variety of industries, including technology, consumer products, manufacturing, real estate and aerospace and defense.

Patty is a Certified Public Accountant and holds a bachelor’s degree in business administration from the Haas School of Business at the University of California, Berkeley and a M.S. in Accountancy from the University of Notre Dame.

From the Derivatives Practice Group: This week, the SEC has a new Chairman, and the CFTC issued an important interpretative letter on certain FX products.

New Developments

Senate confirms Atkins as SEC chair. On April 9, the Senate voted 52-44 to confirm Paul Atkins as the next chair of the SEC. Atkins, a former SEC commissioner and a longtime financial industry consultant, was tapped in December by Donald Trump for the position. In his March 27 confirmation hearing before the Senate Banking Committee, Atkins indicated he would streamline the agency’s regulatory activity. Atkins is expected to be friendlier toward the financial industry than the previous SEC chair, Gary Gensler.
CFTC Releases Staff Letter Relating to Certain Foreign Exchange Transactions. On April 9, the CFTC’s Market Participants Division and Division of Market Oversight (“DMO”) issued an interpretative letter providing the Divisions’ views on the characterization of certain foreign exchange (“FX”) transactions as being “swaps,” “foreign exchange forwards,” or “foreign exchange swaps,” in each case, as defined in the Commodity Exchange Act. Specifically, the interpretative letter states: Window FX Forwards, as described in the letter, should be considered to be “foreign exchange forwards;” and Package FX Spot Transactions, as described in the letter, should not be considered to be “foreign exchange swaps” or “swaps.” [NEW]
Acting Chairman Pham Lauds DOJ Policy Ending Regulation by Prosecution of Digital Assets Industry and Directs CFTC Staff to Comply with Executive Orders. On April 8, CFTC Acting Chairman Caroline D. Pham praised a recently-announced Justice Department policy ending the practice of regulation by prosecution that has targeted the digital asset industry in recent years, and directed CFTC staff to comply with the President’s executive orders and Administration policy, consistent with DOJ’s digital assets enforcement priorities and charging considerations. The DOJ policy comes as Acting Chairman Pham has similarly refocused the CFTC’s enforcement resources on cases involving fraud and manipulation. [NEW]
CFTC Staff Issues No-Action Letter Regarding Pre-Trade Mid-Market Mark. On April 4, the CFTC’s Market Participants Division issued a no-action letter in relation to the Pre-Trade Mid-Market Mark (“PTMMM”) requirement in Regulation 23.431 for swap dealers and major swap participants. The CFTC first issued a no-action letter regarding the PTMMM requirement in 2012, shortly after the PTMMM compliance date, because it did not provide significant informational value and created costly operational challenges. Unlike prior no-action letters which provided relief nofor certain specified types of swaps, this relief under this no-action letter applies to all swaps and does not require advanced counterparty consent. [NEW]
Rahul Varma Named Acting Director of CFTC Division of Market Oversight. On April 2, CFTC Acting Chairman Caroline D. Pham announced Rahul Varma will serve as the Acting Director of the DMO. Varma joined the CFTC in 2013 as an Associate Director for Market Surveillance in DMO, with responsibility for energy, metals, agricultural, and softs markets. In 2017, he helped start the Market Intelligence Branch in DMO and served as its Acting Deputy Director. In 2024, he took on the role of Deputy Director for the combined Market Intelligence and Product Review branches.
CFTC Staff Withdraws Advisory on Review of Risks Related to Clearing Digital Assets. On March 28, the CFTC’s Division of Clearing and Risk (“DCR”) announced it is withdrawing CFTC Staff Advisory No. 23-07, Review of Risks Associated with Expansion of DCO Clearing of Digital Assets, effective immediately. As stated in the withdrawal letter, DCR determined to withdraw the advisory to ensure that it does not suggest that its regulatory treatment of digital asset derivatives will vary from its treatment of other products.
CFTC Staff Withdraws Advisory on Virtual Currency Derivative Product Listings. On March 28, DMO and DCR announced they are withdrawing CFTC Staff Advisory No. 18-14, Advisory with Respect to Virtual Currency Derivative Product Listings, effective immediately. As stated in the withdrawal letter, DMO and DCR determined that the advisory is no longer needed given additional staff experience with virtual currency derivative product listings and increasing market growth and maturity.
ICE and Circle Sign MOU to Explore Product Innovation Based on Circle’s USDC and USYC Digital Assets. On March 27, Intercontinental Exchange Inc. (“ICE”), a leading global provider of technology and data, and Circle Internet Group, Inc. (“Circle”), a global financial technology company and stablecoin market leader, today announced an agreement whereby ICE plans to explore using Circle’s stablecoin USDC, as well as tokenized money market offering US Yield Coin (“USYC”), to develop new products and solutions for its customers. Under the MoU, Circle and ICE plan to collaborate to explore applications for using Circle’s stablecoins and other product offerings within ICE’s derivatives exchanges, clearinghouses, data services, and other markets, to deliver innovation and build new markets and product offerings based on Circle’s products.
Updated FIA Disclosures For New CFTC Rules. On March 24, the FIA announced that is has published updated versions of the FIA Uniform Futures and Options on Futures Risk Disclosures Booklet and FIA Template Disclosures Regarding Separate Accounts for new CFTC rules. Both documents are available in the “Regulatory Disclosures” section of FIA’s US Documentation Library. The CFTC approved new rules in December revising the list of permitted investments for Futures Commissions Merchants (“FCMs”) and DCOs in CFTC Regulation 1.25 (“1.25 Rule”) and codifying no-action relief governing treatment of separate accounts (“Separate Accounts Rule”). The 1.25 Rule requires FCMs and Introducing Brokers to use a revised form of the 1.55 risk disclosure statement for customers onboarded on or after March 31, 2025. The revised disclosure statement reflects the scope of permissible investments, as modified by the 1.25 Rule. The FIA Uniform Futures and Options on Futures Risk Disclosures Booklet is intended to assist FCMs in delivering mandatory customer disclosures under CFTC, exchange and Self-Regulatory Organization rules. Among the disclosures contained in the booklet is the FIA Combined Risk Disclosure Statement. That document has been updated in accordance with the 1.25 Rule to reflect the modified list of permissible investments.

New Developments Outside the U.S.

ESMA Publishes Consultation on Clearing Thresholds. On April 8, ESMA published a consultation on a revised approach to clearing thresholds under the European Market Infrastructure Regulation (“EMIR”) 3. The consultation covers the following topics: proposals for a revised set of clearing thresholds; considerations for hedging exemptions for non-financial counterparties; and a trigger mechanism for reviewing the clearing thresholds. [NEW]
FCA Publishes Policy Statement on the Derivatives Trading Obligation and Post-trade Risk Reduction Services. On April 3, the UK Financial Conduct Authority (“FCA”) published policy statement PS25/2 on changes to the scope of the UK derivatives trading obligation (“DTO”) and an extension of exemptions from certain obligations under the UK Markets in Financial Instruments Directive (“MIFID”) and MIFIR. [NEW]
ESMA Consults on Transparency Requirements for Derivatives Under MiFIR Review. On April 3, ESMA asked for input on proposals for Regulatory Technical Standards (“RTS”) on transparency requirements for derivatives, amendments to RTS on package orders, and RTS on input/output data for the over-the-counter (“OTC”) derivatives consolidated tape. ESMA said that it is developing various technical standards further specifying certain provisions set out in the Market in Financial Instruments Regulation Review. The consultation paper covers the following three areas: transparency requirements for derivatives, RTS on package orders, and RTS on input/output data for the OTC derivatives consolidated tape. The consultation will remain open until 3 July 2025.
ESMA Publishes Annual Peer Review of EU CCP Supervision CCP Supervisory Convergence. On April 2, ESMA published its annual peer review report on the supervision of European Union (“EU”) Central Counterparties (“CCPs”) by National Competent Authorities (“NCAs”). The peer review measures the effectiveness of NCA supervisory practices in assessing CCP compliance with the European Market Infrastructure Regulation (“EMIR”) requirements on outsourcing and intragroup governance arrangements. ESMA indicated, for this exercise, the review of the functioning of CCP colleges remains overall positive. ESMA also said that the peer review identified the need to promote further supervisory convergence in respect of the definition of major activities linked to risk management.
The European Supervisory Authorities Publish Evaluation Report on the Securitization Regulation. On March 31, the Joint Committee of the European Supervisory Authorities published its evaluation report on the functioning of the EU Securitization Regulation. The report purports to put forward recommendations to strengthen the overall effectiveness of Europe’s securitization framework through simplification, while ensuring a high level of protection for investors and safeguarding financial stability. This report identifies areas where the regulatory and supervisory framework can be enhanced, supporting the growth of robust and sound securitization markets in Europe.
PRA, FCA Consult on Margin Requirements for Non-centrally Cleared Derivatives. On March 27, the UK Prudential Regulation Authority (“PRA”) and the Financial Conduct Authority published CP5/25 – Margin requirements for non-centrally cleared derivatives: Amendments to BTS 2016/2251. The consultation paper proposes to indefinitely exempt single-stock equity and index options from the bilateral margining requirements in the UK. In addition, it proposes to remove the requirement to exchange initial margin (“IM”) for legacy contracts once a counterparty falls out of scope of the margin requirements. It also proposes to permit UK firms, when transacting with a counterparty subject to the margin requirements in another jurisdiction, to use that jurisdiction’s threshold assessment calculation periods and dates of entry into the scope of IM requirements to determine whether those transactions are subject to IM requirements.
MAS Responds to Feedback on Proposed Changes to Capital Framework. On March 27, the Monetary Authority of Singapore (“MAS”) published its response to feedback received to the consultation paper on proposed amendments to the capital framework for approved exchanges and approved clearing houses. The consultation was later extended to licensed trade repositories. MAS’s response addresses liquidity requirements, eligible capital, and total risk requirements.
ESMA Makes Recommendations for the Supervision of STS Securitizations. On March 27, ESMA published its Peer Review Report on NCAs supervision of Simple, Transparent and Standardized (“STS”) securitizations. The Report looks into and provides recommendations on the supervisory approaches adopted by selected NCAs when supervising STS securitization transactions and the activities of their originators, sponsors and securitization special purpose entities. The Peer Review focused on the NCAs of France, Germany, Portugal, and the Netherlands.

New Industry-Led Developments

ISDA CEO Testifies Before House Financial Services Committee Task Force. On April 8, ISDA CEO Scott O’Malia testified on the implementation of mandatory US Treasury clearing before the House Committee on Financial Services Task Force on Monetary Policy, Treasury Market Resilience, and Economic Prosperity. The testimony highlighted several key issues that need to be resolved before the clearing mandate comes into effect, including recalibration of the supplementary leverage ratio to ensure banks have the balance sheet capacity to provide intermediation and client clearing services in the US Treasury market, making changes to the proposed Basel III endgame and surcharge for global systemically important banks to avoid a disproportionate capital charge for client clearing businesses, and ensuring the margining and capital treatment of client exposures reflects the actual risk of a client’s overall portfolio. [NEW]
ISDA Responds to ESMA Consultation on CCP Model Validation. On April 7, ISDA responded to ESMA’s consultation on the draft RTS under article 49(5) of the EMIR, on the conditions for an application for validation of model changes and parameters under Articles 49 and 49a of EMIR, which have been revised as part of EMIR 3. In the consultation paper, ESMA sets out proposed quantitative thresholds and qualitative elements to be considered when determining whether a model change is significant. In the response, ISDA noted that more information would be necessary to understand the rationale behind the thresholds that are proposed. ISDA provided comments on ESMA’s interpretation of ‘concentration risk’ and on the proposed lookback period for assessing whether a change in significant. [NEW]
Cross-product Netting Under the US Regulatory Capital Framework. On April 4, ISDA, the Futures Industry Association (“FIA”) and the Securities Industry and Financial Markets Association (“SIFMA”) developed a discussion paper to: (i) provide an overview of cross-margining programs developed by clearing organizations and their importance in the context of implementing recent market reforms with respect to US Treasury securities clearing; (ii) describe cross-product netting arrangements with customers as a means to effectively reduce risk and their relation to cross-margining programs; (iii) describe the treatment of cross-product netting arrangements under the current US regulatory capital framework; and (iv) propose potential targeted changes to US regulatory capital rules to more appropriately reflect the economics of, and facilitate firms’ use of, cross-product netting arrangements with customers, particularly with respect to transactions based on US Treasury securities. [NEW]
ISDA/IIB/SIFMA Request to Extend 22-14. On April 3, a joint ISDA/IIB/SIFMA letter requested reporting relief for certain non-US swap dealers in Australia, Canada, the European Union, Japan, Switzerland or the United Kingdom with respect to their swaps with non-US persons. The joint trade association letter, submitted to CFTC on 26 March 2025, requests an extension of the no-action relief in Letter 22-14 until the adoption and effectiveness of final rules addressing the cross-border application of Part 45/46. [NEW]
IOSCO Issues Final Report on Standards Implementation Monitoring for Regulator Principle. On April 2, IOSCO published a Final Report following its review of IOSCO Standards Implementation Monitoring (ISIM) for Regulator Principles 6 and 7, which address systemic risk and perimeter of regulation. IOSCO’s Objectives and Principles of Securities Regulation 6 and 7 stipulate that regulators should have or contribute to processes to identify, monitor, mitigate and manage systemic risk, as well as have or contribute to a process to review the perimeter of regulation regularly. This ISIM Review by IOSCO’s Assessment Committee found a high level of implementation across the 55 jurisdictions from both emerging and advanced markets. According to IOSCO, the report highlights some good practices and also identifies a few areas where there is room for improvement, observed primarily in some emerging markets. For example, the Report notes that some jurisdictions do not have clear responsibilities, definitions and regulatory processes with respect to systemic risk.
ISDA Sends Letter on Changes to the French General Tax Code. On March 31, ISDA, the Association for Financial Markets in Europe and the International Securities Lending Association sent a letter to the French tax authority about changes being made to Articles 119 bis A and 119 bis 2 of the general French tax code in the Loi des Finances pour 2025. In February, the French parliament passed budget legislation that broadened the application of withholding tax for both cleared and non-cleared derivatives involving payments related to manufactured dividends. In the letter, the associations request that detailed administrative guidelines are issued as soon as possible. The lack of guidelines makes it more difficult for the associations’ member firms to accurately determine the scope of the new legislation and calculation of the withholding tax when due. [NEW]
ISDA Responds to EC on Amendments to Taxonomy Regulation Delegated Act. On March 26, ISDA and the Association for Financial Markets in Europe submitted a joint response to the EC’s proposed changes to EU Taxonomy Regulation reporting. The associations indicated that they welcome the EC’s commitment in the context of the Omnibus sustainability package to reduce Taxonomy reporting burdens and provide swift relief to reporters. However, they also noted concerns over whether the proposals go far enough to achieve these objectives, opining that they would not provide sufficient reduction in reporting burdens for banks and their clients and they would not achieve meaningful disclosures. The responses sets our specific priority measures for consideration.

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Derivatives practice group, or the following practice leaders and authors:

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, jsteiner@gibsondunn.com)

Michael D. Bopp, Washington, D.C. (202.955.8256, mbopp@gibsondunn.com)

Michelle M. Kirschner, London (+44 (0)20 7071.4212, mkirschner@gibsondunn.com)

Darius Mehraban, New York (212.351.2428, dmehraban@gibsondunn.com)

Jason J. Cabral, New York (212.351.6267, jcabral@gibsondunn.com)

Adam Lapidus, New York (212.351.3869, alapidus@gibsondunn.com )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, sbrooker@gibsondunn.com)

William R. Hallatt, Hong Kong (+852 2214 3836, whallatt@gibsondunn.com )

David P. Burns, Washington, D.C. (202.887.3786, dburns@gibsondunn.com)

Marc Aaron Takagaki, New York (212.351.4028, mtakagaki@gibsondunn.com )

Hayden K. McGovern, Dallas (214.698.3142, hmcgovern@gibsondunn.com)

Karin Thrasher, Washington, D.C. (202.887.3712, kthrasher@gibsondunn.com)

The Monetary Authority of Singapore (MAS) has issued a consultation paper setting out proposed amendments to its anti-money laundering and countering the financing of terrorism (AML/CFT) Notices and Guidelines applicable to financial institutions and variable capital companies (VCCs).

The amendments aim to enhance AML/CFT measures, align with international standards and clarify existing supervisory expectations. The consultation period ends on 8 May 2025, with the amendments expected to take effect from 30 June 2025.

Proposed amendments

The proposed amendments—which apply across the financial sector to banks, merchant banks, finance companies, payment service providers, direct life insurers, capital markets intermediaries, financial advisers, the central depository, approved exchanges and recognised market operators, approved trustees, trust companies, non-bank credit and charge card licensees, digital token service providers (FIs) and VCCs—broadly cover the following areas:

Clarification of timelines for filing of suspicious transaction reports (STRs)

MAS proposes to amend the AML/CFT Guidelines to state that the filing of an STR should not exceed five business days after suspicion was first established, unless the circumstances are exceptional or extraordinary. In cases involving sanctioned parties and parties acting on behalf of or under the direction of sanctioned parties, FIs and VCCs should file the STRs as soon as possible and no later than one business day after suspicion was first established.

MAS also proposes to set out its supervisory expectations with respect to the controls and processes for timely review of suspicious transactions and mitigation of ML/TF concerns identified, such as the need for FIs and VCCs to identify, prioritise and promptly review concerns of higher ML/TF risks and escalate any such concerns to senior management where necessary.

MAS further intends to remove the requirement for FIs and VCCs to extend a copy of STRs filed to MAS for information and to replace it with a requirement for FIs and VCCs to extend a copy of STRs to MAS upon request.

Expanding the definition of money laundering (ML) to include proliferation financing (PF) and incorporating PF risk assessments in ML/TF risk assessments

MAS proposes to clarify that ML includes PF and that FIs and VCCs must include PF risk assessments in their ML/TF risk evaluations. This aligns with the latest Financial Action Task Force (FATF) Standards, which require FIs and designated non-financial businesses and professions to identify, assess, understand and mitigate PF risks. MAS further acknowledges that most FIs would likely already consider PF risks within their existing AML/CFT and sanctions compliance frameworks, in line with guidance issued by MAS over the years.

Updates to MAS Notice TCA-N03 for trust companies

MAS proposes to amend the wording of MAS Notice TCA-N03 to align with the Trustees Act 1967 and anticipated legislative changes, flowing from the revised FATF Recommendation 25. The amendments will broaden the definition of a trust relevant party and clarify the requirements for identifying all related parties to a legal arrangement and to collecting relevant information. Additionally, the amendments will mandate the collection of certain information about the legal arrangement, such as the full name, unique identifier, trust deed and the purpose for which the legal arrangement was established, in line with the FATF’s recommendations.

Other amendments to the AML/CFT Guidelines

MAS is also proposing further changes to clarify and reflect MAS’ supervisory expectations and guidance over the years. These amendments cover the areas of screening, source of wealth (SoW) and source of funds (SoF) establishment, as well as the characteristics of a higher-risk shell company. Key proposed amendments include:

Clarifying that ML/TF information sources for screening should include relevant search engines used in countries or jurisdictions closely associated with the person screened, and that screening should be conducted in the native language(s) of the person screened.
Ensuring processes are in place to share customer and related account information across business units, including customer due diligence and SoW information.
Providing staff with adequate guidance on identifying indicators of fraudulent or tampered data, documents, or information and ensuring timely application of appropriate ML/TF risk mitigation measures.
Various SoW and SoF-related clarifications, including the need for corroboration of SoW and SoF that are more material and/or present a higher risk for ML/TF and the assessment of the plausibility and legitimacy of SoW and SoF.
Clarifying the need to assess whether a further or supplementary STR is warranted when further suspicion is raised.
Including characteristics of a higher-risk shell company as examples of potentially higher-risk categories.
Including participation in a tax amnesty programme under examples of suspicious transactions related to tax crimes.
Replacing references to ‘settlors’ and ‘protectors’ with ‘trust relevant parties’ to reflect the expanded definition and replacing the term ‘trust’ with ‘legal arrangement’ in the Guidelines.

Concluding observations

The consultation paper underscores MAS’ ongoing efforts to maintain a robust and clear AML/CFT framework that meets international standards. The proposed amendments are also a significant step towards enhancing the effectiveness of AML/CFT measures across the financial sector. FIs and VCCs should thoroughly review these proposed amendments, evaluate their implications on current practices and provide feedback (if any) by 8 May 2025.

The following Gibson Dunn lawyers prepared this update: Hagen Rooke, Jun Qi Chin, QX Toh, and Nicholas Tok.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact any member of Gibson Dunn’s Financial Regulatory team, including the following:

Hagen H. Rooke – Singapore (+65 6507 3620, hhrooke@gibsondunn.com)
William R. Hallatt – Hong Kong (+852 2214 3836, whallatt@gibsondunn.com)
Jeffrey L. Steiner – Washington, D.C. (+1 202.887.3632, jsteiner@gibsondunn.com)
Michelle M. Kirschner – London (+44 20 7071 4212, mkirschner@gibsondunn.com)
Emily Rumble – Hong Kong (+852 2214 3839, erumble@gibsondunn.com)
Becky Chung – Hong Kong (+852 2214 3837, bchung@gibsondunn.com)
Jun Qi Chin – Singapore (+65 6507 3622, jqchin@gibsondunn.com)
QX Toh – Singapore (+65 6507 3610, qtoh@gibsondunn.com)
Nicholas Tok – Singapore (+65 6507 3621, ntok@gibsondunn.com)
Arnold Pun – Hong Kong (+852 2214 3838, apun@gibsondunn.com)
Jane Lu – Hong Kong (+852 2214 3735, jlu@gibsondunn.com)

Securities fraud trials are high-stakes proceedings that require careful navigation of complex legal, factual, and procedural challenges. From indictment to verdict, prosecutors and defense counsel deploy distinct strategies to shape the narrative, present evidence, and persuade the jury. This webcast breaks down the key phases of a federal criminal securities fraud trial, including pretrial motions, Rule 17 subpoenas, witness preparation, jury selection, expert testimony, cross-examinations, and jury addresses. Our panel also discusses recent trial trends, prosecutorial tactics, and defense strategies that can influence case outcomes.

MCLE CREDIT INFORMATION:

This program has been approved for credit by the New York State Continuing Legal Education Board for a maximum of 1.5 credit hour in the professional practice category. This course is approved for transitional and non-transitional credit.

Gibson, Dunn & Crutcher LLP certifies this activity is approved for 1.5 hour of MCLE credit by the State Bar of California in the General Category.

California attorneys may claim self-study credit for viewing the archived webcast. No certificate of attendance is required for self-study credit.

PANELISTS:

George J. Hazel is a partner in the Washington office and a member of the firm’s Litigation and White Collar Defense and Investigations Practice Groups. A former federal trial judge and criminal prosecutor, George brings a broad range of trial experience, having presided over approximately 50 jury trials in federal court and handled 20 jury trials and 30 bench trials as an attorney in federal and state court.

Barry Berke is renowned nationwide as a leading trial lawyer and white-collar criminal defense attorney. He is Co-Chair of the firm’s Litigation Practice Group and a member of the Trials and White Collar Defense and Investigations Practice Groups. Barry represents individuals and corporations in high-stakes trials, investigations, and complex litigation. He is a fellow of the American College of Trial Lawyers. Barry served as chief impeachment counsel to the U.S. House of Representatives during the Senate impeachment trial of the former President of the United States. As lead counsel, Barry was instrumental in preparing and presenting a case that garnered widespread recognition for its precise choreography and compelling presentation of factual evidence and constitutional arguments.

Jordan Estes is a partner in the New York office. A trial attorney and former federal prosecutor, she has been lead or co-lead counsel in 14 federal jury trials. She represents individuals and corporations in sensitive, complicated and often high-profile criminal and regulatory trials, hearings, investigations and other proceedings conducted by federal and state agencies, as well as in internal investigations. Jordan brings over a decade of experience in white-collar criminal law to her practice, including more than eight years with the U.S. Attorney’s Office for the Southern District of New York. Her extensive experience and proven track record make her a formidable advocate for her clients in the most challenging legal environments.

Dani R. James is a partner in the New York office. A former federal prosecutor, Dani defends clients in a broad range of white collar criminal and regulatory matters, including allegations of insider trading, market manipulation, public corruption, bid-rigging, tax fraud and violations of the Foreign Corrupt Practices Act. She represents executives, directors and officers, and other individuals, as well as companies, in sensitive, complicated and often high-profile criminal and regulatory trials, hearings, investigations and other proceedings conducted by federal and state agencies, including the U.S. Department of Justice, the Securities and Exchange Commission, the U.S. Attorney’s Office, the New York State Attorney General’s Office and the Manhattan District Attorney’s Office, among other agencies.

Europe

03/19/2025

European Data Protection Board | Approval Procedure | Binding Corporate Rules

The European Data Protection Board (“EDPB”) published a document outlining the cooperation procedure for approving Binding Corporate Rules (“BCRs”) for both controllers and processors.

Drawing from practical experience of the previous version of the Guidelines on BCR approval, the procedure presented aims to streamline the approval of BCRs, promoting consistent data protection practices across organizations operating within the EU.

For more information: EDPB Website

03/05/2025

European Commission | Publication | European Health Data Space Regulation

On March 5, 2025, the European Health Data Space Regulation was published in the Official Journal of the European Union.

The regulation aims to establish a common framework for the use and exchange of electronic health data across the EU. It will also enhance individuals’ access to and control over their personal electronic health data, for instance, patients will have the right to restrict the access for health professionals to all or parts of their personal electronic health data exchanged though EHDS infrastructures. The regulation will enter into force on March 26, 2025, and will become applicable two years later.

For further information: European Commission Website and Official Journal of the EU

03/05/2025

European Data Protection Board | Coordinated Enforcement | Right to Erasure

On March 5, 2025, the European Data Protection Board (EDPB) published that they are launching a Europe-wide review of the right to erasure.

This initiative involves 32 data protection authorities across Europe. The aim is to evaluate how well the right to erasure, which allows individuals to request the deletion of their personal data, is being implemented in practice. The assessment will be conducted using a standardized questionnaire to analyze and compare procedures established by various data controllers. The results will be published in a report by the EDPB, highlighting best practices and areas for improvement.

For further information: EDPB Website

03/04/2025

European Commission | EU Adequacy Decision | Article 45 GDPR

On March 4, 2025, the European Commission proposed the first EU adequacy decision under Article 45 GDPR for an international organization.

The European Commission proposed an EU adequacy decision for the European Patent Organisation (EPO). The decision, based on Article 45 GDPR, finds EPO’s data protection rules comparable to the EU’s. The EPO is an international organization comprising the member states of the EU and various other European states to grant patents. The adequacy decision will enable safe data flow between the EU and EPO. Once adopted, companies in the EU can transfer data such as for patent applications to EPO without extra safeguards. The draft will be reviewed by the European Data Protection Board (EDPB) and other EU bodies before final adoption.

For further information: European Commission Website

France

03/27/2025

French Supervisory Authority | Work Program | 2025 Priorities

As part of its mission to guide professionals towards compliance, the French Data Protection Authority (“CNIL”) issued the main guidance materials it will issue in 2025.

The CNIL regularly issues soft law guidance (e.g., recommendations, guidelines, code of practice) to clarify the applicable law and provide best practices. In 2025, the CNIL will issue fact sheets on artificial intelligence (help professionals balance innovation and data subject rights), recommendations on the use of pixels in emails, and continue clarifying the use of dashcams.

For more information: CNIL Website [FR]

03/25/2025

French Supervisory Authority | Public Consultation | Connected Vehicles and Location Data

The French Supervisory Authority (“CNIL”) is submitting for public consultation a draft recommendation on the use of location data of connected vehicles.

The CNIL indicated that location data is considered as highly personal data as it can reveal individuals’ frequently visited places, habits, or areas of interest. The draft focuses on the use of connected vehicles by private individuals and aims at helping main actors to ensure compliance with GDPR principles. The public consultation will end on 20 May 2025. Any public or private actor can participate in the consultation.

For more information: CNIL Website [FR]

03/21/2025

French Supervisory Authority | Investigation | 2025 Priorities

The French Supervisory Authority (“CNIL”) announced its 2025 data protection priorities.

This year, the CNIL announced that it will focus on enforcing rules with respect to mobile app data collection, local government cybersecurity, penitentiary data management, and the enforcement of the right to erasure.

For more information: CNIL Website [FR]

03/05/2025

French Supervisory Authority | Guidelines | Case Law and Doctrine

The French Supervisory Authority (“CNIL”) published its “Tables Informatiques et Libertés” and its recap books (“Cahiers récapitulatifs”) for the year 2024.

The Tables are designed to give access to data professionals and academics to the CNIL’s doctrinal positions as well as case law from national and European courts. This tool allows practitioners to easily find precedents based on thematic classification.

For more information: CNIL Website [FR]

03/06/2025

French National Cybersecurity Authority | Strategic Plan | 2025-2027

The French National Cybersecurity Authority (“ANSSI”) published its strategic plan for 2025-2027.

The plan developed by ANSSI focuses on four key areas: (i) amplifying and coordinating the cyber response to the growing threat, (ii) developing the expertise needed to counter cyber threats, (iii) promoting effective European and international cyber action, and (iv) reinforcing the consideration of societal issues in ANSSI’s actions.

For further information: ANSSI Website [FR]

Germany

03/27/2025

German Federal Court of Justice | Judgement | GDPR and Competition Law

On March 27, 2025, the German Federal Court of Justice (BGH) ruled (I ZR 186/17) that a breach of information obligations by the controller may give rise to claims for injunctive relief under the German Act Against Unfair Competition (UWG). These can be pursued by consumer protection associations by way of an action before the civil courts.

According to the BGH, the Unfair Competition Act (UWG) and the Injunctions Act (UKlaG) provide for a legal basis under Article 80 Abs. 2 DSGVO for consumer protection associations to pursue violations of the GDPR. Consumer associations can take legal action against breaches of information obligations under Art. 12(1) and Art. 13(1)(c) and (e) GDPR, even without specific authorization from affected individuals. Breaches of data protection information obligations may constitute unfair competition if material information is withheld.

For further information: BGH Website [DE]

03/27/2025

German Federal Court of Justice | Judgement | GDPR and Competition Law

On March 27, 2025, the German Federal Court of Justice (BGH) ruled in two cases (I ZR 222/19, I ZR 223/19) that a breach of GDPR regulations regarding special categories of data by the controller may give rise to claims for injunctive relief under the German Act Against Unfair Competition (UWG). These can be pursued by competitors by way of an action before the civil courts.

According to the BGH, the Unfair Competition Act (UWG) provides a legal basis for competitors to pursue violations of the GDPR. In the decisions, the BGH ruled that a violation of Article 9(1) GDPR can be pursued by a competitor by way of a competition law action before the civil courts under Article 8(3)(1) UWG.

For further information: BGH Website (I ZR 222/19 [DE], I ZR 223/19 [DE])

03/20/2025

German Federal Office for Information Security | Certification | Cybersecurity Act

The German Federal Office for Information Security (“BSI”) was designated by the European Commission as the German certification body under the Cybersecurity Act.

The BSI is now the body in charge of the approval of applications from manufacturers seeking to obtain a European cybersecurity certificate for products with a high assurance level under the Implementing Regulation on the adoption of European Common Criteria-based cybersecurity certification scheme (EUCC).

For more information: BSI Website [DE]

03/19/2025

Hamburg Supervisory Authority | Recommendations | Data Retention

The Hamburg Supervisory Authority (“HmbBfDI”) recommends organizations to review and delete outdated data as part of a “digital spring cleaning”.

The HmbBfDI particularly recalls that, with the Fourth Bureaucracy Relief Act (BEG IV) , the federal legislator has reduced some retention periods defined under the German Fiscal and Commercial Codes, requiring businesses to adjust their data retention policies accordingly. In particular, the data retention period for accounting documents under tax law is reduced from ten to eight years which also affects the right to erasure under the GDPR.

For more information: HmbBfDI Website [DE]

03/13/2025

German Data Protection Conference | Statement | Data Act

On March 13, 2025, the German Data Protection Conference (DSK) published a statement on the implementation legislation for the EU Data Act.

The DSK, the conference of the independent data protection supervisory authorities of the German federal states, has published a position paper on the German legislation for the implementation of the EU Data Act, emphasizing the need for harmonized regulations across member states to be implemented effectively and in harmony with the legal requirements from the European legislation. The DSK criticizes the current German draft legislation in various aspects and emphasizes the interplay of EU regulations and their implementation in each member state, even in the case of regulation with direct application.

For further information: DSK Website [DE]

03/12/2025

Hamburg Supervisory Authority | Guest Orders | Online Retail

The Hamburg Supervisory Authority (“HmbBfDI”) announced having ordered a Hamburg-based online retailer to allow guest orders, without requiring users to create a customer account.

The HmbBfDI notes that in a resolution dated March 24, 2022, the German Data Protection Conference (DSK) stated that requiring users to create a customer account to place orders is incompatible with the principle of data minimization. As part of its enforcement actions, the HmbBfDI examined multiple online shops in January 2025 and will continue to monitor their practices. Online shops which are considered a marketplace do not have to allow guest orders.

For more information: HmbBfDI Website [DE]

03/06/2025

Bavarian Supervisory Authority | Guidance | Article 28 GDPR

On March 6, 2025, the Bavarian Supervisory Authority (“BayLDA”) published an updated version of their guidance on the correct classification of data controllers and data processors.

The new guidance focusses on explaining the different legal criteria for proper classification of controllers and processors by providing detailed elaborations on the exact wording of the GDPR to facilitate case by case decisions.

For further information: BayLDA Website [DE]

03/2025

German Supervisory Authorities | Activity Reports

In March 2025, several Supervisory Authorities published their annual Activity Reports.

In addition to the increasingly important interplay between AI regulations and the GDPR, the reports also focus on data protection in employment contexts. By way of example, the Supervisory Authority of Bremen (LfDI Bremen) highlighted that video surveillance of areas frequented by employees is only permissible in non-sensitive areas and always demands an assessment of interests. The Bavarian Supervisory Authority (LDA Bayern) recommends that the publishing of images of employees after their employment ends should be contractually agreed upon in advance to ensure GDPR compliance.

For further information: LfDI Baden-Württemberg Website [DE], LfDI Bremen Website [DE], LfDI Sachsen Website [DE] and LDA Bayern Website [DE]

02/25/2025

Higher Regional Court of Stuttgart | Judgement | Data Processing and Employment

In a recent decision (2 ORbs 16 Ss 336/24), the Higher Regional Court of Stuttgart (OLG Stuttgart) dealt with the so-called employee excess in data protection law. Of practical relevance is the OLG’s classification of when employees, who process personal data for non-work purposes, become data controllers themselves.Thus replacing the employer as addressee of potential GDPR fines.

If the data protection breach is committed deliberately and intentionally for reasons unrelated to work, the employee may be considered as an independent controller not solely acting contrary to employer instructions.

For further information: Official Court Website [DE]

02/21/2025

Higher Administrative Court of Bavaria | Judgement | Access to Controller Agreements

On February 21, 2025, the Higher Administrative Court of Bavaria (VGH Bayern) ruled (7 ZB 24.651) that data subjects cannot demand access to data processing agreements as part of their information rights under Art. 15 GDPR.

Art. 15 GDPR only grants data subjects a right to access their own personal data. The court argues that the supervisory authorities and not the data subjects are responsible for monitoring the application of the GDPR, including the data processing agreements and its requirements between a controller and the processor.

For further information: Official Court Website [DE]

Ireland

03/07/2025

Irish Supervisory Authority | Complaints | Data Access Requests

The Irish Supervisory Authority (“DPC”) has published a blog post on how it handles complaints related to data subjects’ access requests.

The DPC states that it regularly deals with complaints from data subjects concerned that their access requests have not been fulfilled. The authority details how it determines the validity of the restrictions that organizations use to refuse access requests, emphasizing that each restriction must be justified on an evidential basis.

For more information: DPC Website

03/05/2025

Irish Government | AI Act | Designation of Competent Authorities

The Irish Government approved the designation of eight public authorities as competent authorities, responsible for implementing and enforcing the AI Act.

These authorities are the Central Bank of Ireland, the Commission for Communications Regulation, the Commission for Railway Regulation, the Competition and Consumer Protection Commission, the Data Protection Commission, the Health and Safety Authority, the Health Products Regulatory Authority, the Marine Survey Office of the Department of Transport. Additional authorities, as well as a lead regulator, will be designated through a forthcoming decision.

For further information: Irish Government Website

Netherlands

03/06/2025

Dutch Supervisory Authority | Public Consultation | Human Intervention in Algorithmic Decision-making

The Dutch Supervisory Authority (“AP”) launched a public consultation on the tools it has developed to enable meaningful human intervention in algorithmic decision-making.

The AP recalls that organizations using algorithmic decision-making must comply with the obligation to ensure human intervention. Such intervention must be meaningful — not merely symbolic — and designed to guarantee that decisions are made carefully, without discrimination. Organizations must also ensure that human intervention is not undermined by factors such as time pressure or lack of knowledge about the system.

For further information: AP Website [NL]

United Kingdom

03/28/2025

Information Commissioner’s Office | Guidance | Data Anonymisation

The Information Commissioner’s Office (“ICO”) has published new guidance on data anonymisation.

This guidance explains the distinction between anonymisation and pseudonymisation, discusses what should be considered when anonymizing personal data, provides good practice advice and case studies, and discusses technical and organisational measures to mitigate the risks to people. It applies to all mediums, including tabular data, free text, video, images, and audio.

For more information: ICO Website

03/27/2025

Information Commissioner’s Office | Fine | Hacker Attack

The Information Commissioner’s Office (“ICO”) imposed a fine of £3.07 million (approx. €3.67 million) on a computer software company for security failures that compromised the personal data of 79,404 individuals.

In 2022, the company suffered a ransomware attack that was initiated through a customer account. The attack affected personal data processed on behalf of multiple organizations, including the National Health Service and healthcare providers. The ICO found that the software provider failed to implement appropriate technical and organizational measures in accordance with Article 32 of the GDPR (e.g., lack of multi-factor authentication, insufficient vulnerability scanning, and inadequate patch management).

For more information: ICO Website

03/24/2025

Information Commissioner’s Office | Notice of Intent | Data Breach

The Information Commissioner’s Office (“ICO”) issued a notice of intent to fine a DNA testing company £4.59 million (EUR 5.5 million).

The ICO had launched a joint investigation with the Office of the Privacy Commissioner of Canada (“OPC”) after the company reported a data breach in October 2023. The breach concerned genetic information which the ICO considers is “among the most sensitive personal data that a person can entrust to a company”.

For more information: ICO Website

03/01/2025

Information Commissioner’s Office | Code of Practice | Children’s Data Protection

The Information Commissioner’s Office (“ICO”) has updated its Children’s Code of Practice to enhance the protection of children’s data in the digital world.

The revised code includes stronger guidelines for businesses regarding age-appropriate design and data minimization principles, aiming to ensure children’s privacy online. The code highlights the importance of high privacy by default settings, limitation of the processing of geolocation data, and switching off by default targeted advertisement for children.

For further information: ICO Code of practice and Press release

The following Gibson Dunn lawyers prepared this update: Ahmed Baladi, Vera Lukic, Kai Gesing, Joel Harrison; Thomas Baculard, Billur Cinar, Hermine Hubert, Christoph Jacob, and Yannick Oberacker.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Privacy, Cybersecurity & Data Innovation practice group:

Privacy, Cybersecurity, and Data Innovation:

United States:
Abbey A. Barrera – San Francisco (+1 415.393.8262, abarrera@gibsondunn.com)
Ashlie Beringer – Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)
Ryan T. Bergsieker – Denver (+1 303.298.5774, rbergsieker@gibsondunn.com)
Keith Enright – Palo Alto (+1 650.849.5386, kenright@gibsondunn.com)
Gustav W. Eyler – Washington, D.C. (+1 202.955.8610, geyler@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, cgaedt-sheckter@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202.955.8657, sgans@gibsondunn.com)
Lauren R. Goldman – New York (+1 212.351.2375, lgoldman@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, shandler@gibsondunn.com)
Natalie J. Hausknecht – Denver (+1 303.298.5783, nhausknecht@gibsondunn.com)
Jane C. Horvath – Washington, D.C. (+1 202.955.8505, jhorvath@gibsondunn.com)
Martie Kutscher Clark – Palo Alto (+1 650.849.5348, mkutscherclark@gibsondunn.com)
Kristin A. Linsley – San Francisco (+1 415.393.8395, klinsley@gibsondunn.com)
Timothy W. Loose – Los Angeles (+1 213.229.7746, tloose@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)
Rosemarie T. Ring – San Francisco (+1 415.393.8247, rring@gibsondunn.com)
Ashley Rogers – Dallas (+1 214.698.3316, arogers@gibsondunn.com)
Sophie C. Rohnke – Dallas (+1 214.698.3344, srohnke@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)
Benjamin B. Wagner – Palo Alto (+1 650.849.5395, bwagner@gibsondunn.com)
Frances A. Waldmann – Los Angeles (+1 213.229.7914,fwaldmann@gibsondunn.com)
Debra Wong Yang – Los Angeles (+1 213.229.7472, dwongyang@gibsondunn.com)

Europe:
Ahmed Baladi – Paris (+33 1 56 43 13 00, abaladi@gibsondunn.com)
Patrick Doris – London (+44 20 7071 4276, pdoris@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com)
Joel Harrison – London (+44 20 7071 4289, jharrison@gibsondunn.com)
Lore Leitner – London (+44 20 7071 4987, lleitner@gibsondunn.com)
Vera Lukic – Paris (+33 1 56 43 13 00, vlukic@gibsondunn.com)
Lars Petersen – Frankfurt/Riyadh (+49 69 247 411 525, lpetersen@gibsondunn.com)
Christian Riis-Madsen – Brussels (+32 2 554 72 05, criis@gibsondunn.com)
Robert Spano – London/Paris (+44 20 7071 4000, rspano@gibsondunn.com)

Asia:
Connell O’Neill – Hong Kong (+852 2214 3812, coneill@gibsondunn.com)
Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com)

In this webcast, Gibson Dunn attorneys provide an overview of the FCPA developments and emerging trends from 2024 and will discuss current and anticipated areas of focus for 2025, particularly given the change in Administration. Complementing our written 2024 Year-End FCPA Update, this webcast discusses in greater detail the year’s FCPA enforcement updates of note, including enforcement, compliance, and monitorship developments through the lens of particular resolutions and trials. We also discuss the SEC’s and DOJ’s increasing focus on compliance programs and what that means for companies in terms of law enforcement expectations and industry best practices.

MCLE CREDIT INFORMATION:

Gibson, Dunn & Crutcher LLP certifies this activity is approved for 1.5 hour of MCLE credit by the State Bar of California in the General Category.

California attorneys may claim self-study credit for viewing the archived webcast. No certificate of attendance is required for self-study credit.

PANELISTS:

John W.F. Chesley is a litigation partner in Gibson Dunn’s Washington, D.C. Office. He focuses his practice on white collar criminal enforcement and government-related litigation. He represents corporations, board committees, and executives in internal investigations and before government agencies in matters involving the Foreign Corrupt Practices Act, procurement fraud, environmental crimes, securities violations, sanctions enforcement, antitrust violations, and whistleblower claims. He also has significant trial experience before federal and state courts and administrative tribunals nationwide, with a particular focus on government contract disputes.

Melissa Farrar is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher. Her practice focuses on white collar defense, internal investigations, and corporate compliance. Melissa represents and advises multinational corporations in internal and government investigations on a wide range of topics, including the U.S. Foreign Corrupt Practices Act, the False Claims Act, anti-money laundering, and accounting and securities fraud, including defending U.S. and global companies in civil and criminal investigations pursued by the U.S. Department of Justice and the U.S. Securities and Exchange Commission. She also has experience representing U.S. government contractors in related suspension and debarment proceedings.

Patrick F. Stokes is a litigation partner in Gibson, Dunn & Crutcher’s Washington, D.C. office. He is the co-chair of the Anti-Corruption and FCPA Practice Group and a member of the firm’s White Collar Defense and Investigations, National Security, Securities Enforcement, Trials, and Litigation Practice Groups. Patrick’s practice focuses on internal corporate investigations, government investigations, enforcement actions regarding corruption, securities fraud, and financial institutions fraud, and compliance reviews. He has tried more than 30 federal jury trials as first chair, including high-profile white-collar cases, and handled 16 appeals before the U.S. Court of Appeals for the Fourth Circuit.

Bryan Parr is of counsel in the Washington, D.C. office of Gibson, Dunn & Crutcher and a member of the White Collar Defense and Investigations, Anti-Corruption & FCPA, and Litigation Practice Groups. His practice focuses on white-collar defense and regulatory compliance matters around the world. Bryan has extensive expertise in government and corporate investigations, including those involving the the Foreign Corrupt Practices Act and anticorruption. He has defended a range of companies and individuals in U.S. Department of Justice, SEC, and CFTC enforcement actions, as well as in litigation in federal courts and in commercial arbitrations. In his FCPA practice, Bryan regularly guides companies on creating and implementing effective compliance programs, successfully navigating compliance monitorships, and conducting appropriate M&A-related FCPA diligence and integration.

Attorney General Bonta seeks to remove any doubt that “[v]iolations of the FCPA remain actionable under California’s Unfair Competition Law (UCL)”—and that California may step up corruption-related enforcement if federal authorities’ priorities shift to other areas.

In a press release and legal alert issued on April 2, 2025, California Attorney General Rob Bonta reminded businesses operating in California that making payments to foreign officials to obtain or retain business remains illegal. While many questions arising from President Trump’s recent executive order pausing enforcement of the Foreign Corrupt Practices Act (FCPA) remain unanswered, Attorney General Bonta sought to remove any doubt that “[v]iolations of the FCPA remain actionable under California’s Unfair Competition Law (UCL)”—and that California may step up corruption-related enforcement if federal authorities’ priorities shift to other areas.

As discussed in our prior alert, in February 2025, President Trump announced a 180-day suspension of the initiation of FCPA investigations while the Department of Justice (DOJ) reviews current and past cases and revises its FCPA enforcement guidelines. The suspension followed memoranda issued by Attorney General Pamela Bondi that, among other things, directed the DOJ’s FCPA Unit to prioritize investigations concerning cartels and transnational criminal organizations over other cases. These developments collectively signaled a shift from the long-held, bipartisan view that international anti-corruption efforts generally benefit U.S. businesses and raised questions about FCPA enforcement going forward.

California Attorney General Bonta’s alert adopts the longstanding view by reiterating that “[i]llegal activity is still illegal” and that “[b]ribery erodes consumer confidence in the market and rewards corruption instead of competition.” Specifically, the alert cautioned that FCPA violations might invite legal action not only under California’s UCL, but also under other applicable state or federal tax and securities laws.

Broadly speaking, the UCL prohibits “unlawful, unfair or fraudulent” behavior across nearly all business practices.[1] For purposes of “unlawful” conduct, the UCL “borrows” violations of other laws, including federal laws such as the FCPA, and treats them as “independently actionable as unfair competitive practices.”[2] But under the UCL, even foreign bribery that does not meet all the elements of an FCPA violation may be actionable if it constitutes an unfair or fraudulent business act and has the requisite connection to California.

Both the Attorney General and private parties are authorized to pursue claims. The Attorney General may bring a suit under California’s UCL “in the name of the people of the State of California upon their own complaint or upon the complaint of a board, officer, person, corporation, or association.”[3] Although civil penalties, restitution, disgorgement and injunctive relief are permissible forms of relief following a UCL violation, compensatory damages generally are not.[4] Given these limited remedies under the UCL, it is uncertain whether private plaintiffs—who also have standing to sue if they have “suffered injury in fact” and “lost money or property as a result of” the business practice they challenge as unlawful or unfair[5]—will be interested in bringing FCPA cases under the UCL.

There is some, limited precedent for pursuing cases under the UCL that are based on a violation of the FCPA. In Korea Supply Co. v. Lockheed Martin Corp., the California Supreme Court accepted the Court of Appeal’s determination, without deciding conclusively, that a claim under the UCL may be predicated on an FCPA violation.[6] In that case, the plaintiff company alleged that an agent of an aerospace defense company allegedly bribed Korean officials to obtain a contract from the Republic of Korea in violation of the FCPA.[7] Although the California Supreme Court reversed the judgment and rejected the UCL claim on the grounds of the monetary relief sought,[8] it affirmed plaintiff’s separate cause of action based on the tort of interference with prospective economic advantage[9]—which suggests avenues outside the UCL may be available to private plaintiffs under California law for FCPA-type misconduct, depending on the circumstances of their claim.

One practical limitation to California-based anti-corruption enforcement may lie in the requirement of injury in California, as the UCL does not apply extraterritorially.[10] California courts have held that valid UCL claims must involve injury in California, either to in-state plaintiffs or by in-state conduct. For instance, in Yu v. Signet Bank/Virginia, a California-based plaintiff sued a Virginia bank under the UCL for unfair business practices that allegedly occurred in Virginia; here, the court concluded that “a defendant who is subject to jurisdiction in California and who engages in out-of-state conduct that injures a California resident may be held liable for such conduct in a California court.”[11] More recently, in Aghaji v. Bank of America, the California Court of Appeal (Second Appellate District, Division Four) once again maintained that out-of-state plaintiffs must “allege facts to show that the alleged violations occurred within California, because California’s unfair competition law does not apply extraterritorially.”[12] Although it is well-established that the UCL extends to out-of-state conduct affecting in-state residents, California courts have been less clear about the degree to which these effects must be “direct” ones. The courts appear to have largely sidestepped this question, instead emphasizing the need to show “injury in California” rather than the directness of the effect.[13]

While California is the first state to express an interest in state-level enforcement of FCPA-type misconduct under state laws, it may not be the last. To take one hypothetical example, there is a risk that a similar enforcement theory may be pursued under several provisions of New York’s consumer protection statute that protects consumers from deceptive and fraudulent practices. General Business Law (GBL) § 349(a), for example, prohibits “[d]eceptive acts or practices in the conduct of any business, trade or commerce in the furnishing of any service in the state.” This statute was intended to provide “authority to cope with the numerous, ever-changing types of false and deceptive business practices” that impact New York consumers,[14] and it “seeks to secure an honest market place where trust, and not deception, prevails.”[15] Much like its Californian counterpart, GBL § 349 “is intentionally broad, applying to virtually all economic activity,”[16] but to qualify as a prohibited act under GBL § 349, the deception of a consumer must occur in New York.[17] As another example, at least one private plaintiff has pursued claims arising from alleged kickbacks paid to Iraqi and Indonesia officials under Virginia’s antitrust laws where the alleged conduct demonstrated “a consistent course of business transactions . . . in Virginia.”[18]

The enforcement theory advanced by Attorney General Bonta may raise legal questions and practical challenges, but proving a predicate offense—such as a violation of the FCPA—is likely not one of them. The UCL reaches broadly to prohibit “any lawful, unfair or fraudulent business act or practice and unfair, deceptive, untrue or misleading advertising.”[19] The California Supreme Court has made clear that “a practice may violate the UCL even if it is not prohibited by another statute.”[20] Analogous competition laws of New York and Washington, D.C., for example, also reach trade practices that do not violate any statutes.[21]

While California and potentially other states consider pursuing a competition-oriented approach, certain European regulators and enforcement authorities have recently sought to reiterate their continued focus on enforcement and collaboration specific to anti-corruption. On March 20, 2025, France’s Parquet National Financier, Switzerland’s Office of the Attorney General, and the UK’s Serious Fraud Office announced the formation of an International Anti-Corruption Prosecutorial Taskforce that will focus on increasing operational exchanges and sharing best practices among the three agencies, with the potential to invite other like-minded international bodies to join.

Taken together, these developments underscore the continued importance for companies to maintain effective compliance programs that address risks relating to corruption, mitigate the corresponding liability that may arise under the FCPA, unfair competition laws, or other statutes, and require appropriate internal accounting controls. In the face of uncertainty, companies would be well served by reviewing their compliance programs and calibrating their compliance-related risk assessments to mitigate against changing risk calculi and enforcement realities.

We will continue monitoring and reporting on these developments as they evolve.

[1] Cel–Tech Communications, Inc. v. Los Angeles Cellular Telephone Co., 20 Cal. 4th 163, 180, 83 Cal. Rptr. 2d 548, 973 P.2d 527 (1999) (citing Cal. Bus. & Prof. Code § 17200).

[2] Korea Supply Co. v. Lockheed Martin Corp., 29 Cal. 4th 1134, 1143–44, 63 P.3d 937, 943 (2003).

[3] Cal. Bus. & Prof. Code § 17204.

[4] Bank of the West v. Superior Court 2 Cal. 4th 1254, 1266, 10 Cal. Rptr. 2d 538, 833 P.2d 545 (1992).

[5] Cal. Bus. & Prof. Code § 17204.

[6] Korea Supply, 29 Cal. 4th at 1144, n.5.

[7] Id. at 1159.

[8] Id. at 1140, 1166.

[9] Specifically, the Court found KSC sufficiently alleged that defendants’ unlawful acts to obtain the contract with the Korean government interfered with KSC’s business expectancy and satisfied the independent wrongfulness requirement for tortious interference, which allowed for monetary damages. Id. at 1159.

[10] See Sullivan v. Oracle Corp., 51 Cal. 4th 1191, 1207, 254 P.3d 237, 248 (2011).

[11] Yu v. Signet Bank/Virginia, 69 Cal. App. 4th 1377, 1391, 82 Cal. Rptr. 2d 304, 313 (1999) (emphasis added).

[12] Aghaji v. Bank of Am., N.A., 247 Cal. App. 4th 1110, 1119, 202 Cal. Rptr. 3d 619, 627 (2016).

[13] Speyer v. Avis Rent a Car Sys., Inc., 415 F. Supp. 2d 1090, 1099 (S.D. Cal. 2005), aff’d, 242 F. App’x 474 (9th Cir. 2007).

[14] Karlin v. IVF Am., Inc., 93 N.Y.2d 282, 291, 712 N.E.2d 662, 665 (1999).

[15] Goshen v. Mut. Life Ins. Co. of New York, 98 N.Y.2d 314, 324, 774 N.E.2d 1190, 1195 (2002).

[16] Id. (quotation marks omitted); see City of New York v. Smokes-Spirits.Com, Inc., 12 N.Y.3d 616, 911 N.E.2d 834 (2009).

[17] Goshen, 98 N.Y.2d 314, 325 (2002).

[18] NewMarket Corp. v. Innospec, Inc., No. 3:10CV503-HEH, 2011 WL 1988073 (E.D. Va. May 20, 2011) (denying defendants’ motion to dismiss).

[19] Cal. Bus. & Prof. Code § 17200

[20] Zhang v. Superior Ct., 57 Cal. 4th 364, 370, 304 P.3d 163, 167 (2013).

[21] See N.Y. Gen. Bus. Law § 349(g); Columbia Dist. Cablevision Ltd. P’ship v. Bassin, 828 A.2d 714 (D.C. 2003).

The following Gibson Dunn lawyers prepared this update: Winston Chan, Patrick Stokes, Oleh Vretsona, Bryan Parr, Zachariah Lloyd, Kio Bell, and Alice Wang.

Gibson Dunn’s White Collar Defense and Investigations Practice Group successfully defends corporations and senior corporate executives in a wide range of federal and state investigations and prosecutions, and conducts sensitive internal investigations for leading companies and their boards of directors in almost every business sector. The Group has members across the globe and in every domestic office of the Firm and draws on more than 125 attorneys with deep government experience, including more than 50 former federal and state prosecutors and officials, many of whom served at high levels within the Department of Justice and the Securities and Exchange Commission, as well as former non-U.S. enforcers.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of Gibson Dunn’s White Collar Defense and Investigations or Anti-Corruption and FCPA practice groups:

Washington, D.C.
F. Joseph Warin (+1 202.887.3609, fwarin@gibsondunn.com)
Stephanie Brooker (+1 202.887.3502, sbrooker@gibsondunn.com)
Matthew S. Axelrod – Washington, D.C. (+1 202.955.8517, maxelrod@gibsondunn.com)
Courtney M. Brown (+1 202.955.8685, cmbrown@gibsondunn.com)
David P. Burns (+1 202.887.3786, dburns@gibsondunn.com)
John W.F. Chesley (+1 202.887.3788, jchesley@gibsondunn.com)
Daniel P. Chung (+1 202.887.3729, dchung@gibsondunn.com)
M. Kendall Day (+1 202.955.8220, kday@gibsondunn.com)
Stuart F. Delery (+1 202.955.8515, sdelery@gibsondunn.com)
Michael S. Diamant (+1 202.887.3604, mdiamant@gibsondunn.com)
Gustav W. Eyler (+1 202.955.8610, geyler@gibsondunn.com)
Melissa Farrar (+1 202.887.3579, mfarrar@gibsondunn.com)
Amy Feagles (+1 202.887.3699, afeagles@gibsondunn.com)
Scott D. Hammond (+1 202.887.3684, shammond@gibsondunn.com)
George J. Hazel (+1 202.887.3674, ghazel@gibsondunn.com)
Jake M. Shields (+1 202.955.8201, jmshields@gibsondunn.com)
Adam M. Smith (+1 202.887.3547, asmith@gibsondunn.com)
Patrick F. Stokes (+1 202.955.8504, pstokes@gibsondunn.com)
Oleh Vretsona (+1 202.887.3779, ovretsona@gibsondunn.com)
David C. Ware (+1 202.887.3652, dware@gibsondunn.com)
Ella Alves Capone (+1 202.887.3511, ecapone@gibsondunn.com)
Lora Elizabeth MacDonald (+1 202.887.3738, lmacdonald@gibsondunn.com)
Bryan Parr (+1 202.777.9560, bparr@gibsondunn.com)
Pedro G. Soto (+1 202.955.8661, psoto@gibsondunn.com)

New York
Zainab N. Ahmad (+1 212.351.2609, zahmad@gibsondunn.com)
Barry H. Berke (+1 212.351.3860, bberke@gibsondunn.com)
Reed Brodsky (+1 212.351.5334, rbrodsky@gibsondunn.com)
Mylan L. Denerstein (+1 212.351.3850, mdenerstein@gibsondunn.com)
Jordan Estes (+1 212.351.3906, jestes@gibsondunn.com)
Dani R. James (+1 212.351.3880, djames@gibsondunn.com)
Darren LaVerne (+1 212.351.3936, dlaverne@gibsondunn.com)
Michael Martinez (+1 212.351.4076, mmartinez2@gibsondunn.com)
Osman Nawaz (+1 212.351.3940, onawaz@gibsondunn.com)
Karin Portlock (+1 212.351.2666, kportlock@gibsondunn.com)
Mark K. Schonfeld (+1 212.351.2433, mschonfeld@gibsondunn.com)
Orin Snyder (+1 212.351.2400, osnyder@gibsondunn.com)

Dallas
David Woodcock (+1 214.698.3211, dwoodcock@gibsondunn.com)

Denver
Ryan T. Bergsieker (+1 303.298.5774, rbergsieker@gibsondunn.com)
Robert C. Blume (+1 303.298.5758, rblume@gibsondunn.com)
John D.W. Partridge (+1 303.298.5931, jpartridge@gibsondunn.com)
Laura M. Sturges (+1 303.298.5929, lsturges@gibsondunn.com)

Houston
Gregg J. Costa (+1 346.718.6649, gcosta@gibsondunn.com)

Los Angeles
Michael H. Dore (+1 213.229.7652, mdore@gibsondunn.com)
Michael M. Farhang (+1 213.229.7005, mfarhang@gibsondunn.com)
Diana M. Feinstein (+1 213.229.7351, dfeinstein@gibsondunn.com)
Douglas Fuchs (+1 213.229.7605, dfuchs@gibsondunn.com)
Nicola T. Hanna (+1 213.229.7269, nhanna@gibsondunn.com)
Poonam G. Kumar (+1 213.229.7554, pkumar@gibsondunn.com)
Marcellus McRae (+1 213.229.7675, mmcrae@gibsondunn.com)
Eric D. Vandevelde (+1 213.229.7186, evandevelde@gibsondunn.com)
Debra Wong Yang (+1 213.229.7472, dwongyang@gibsondunn.com)

San Francisco
Winston Y. Chan (+1 415.393.8362, wchan@gibsondunn.com)
Jina L. Choi (+1 415.393.8221, jchoi@gibsondunn.com)
Charles J. Stevens (+1 415.393.8391, cstevens@gibsondunn.com)

Palo Alto
Benjamin Wagner (+1 650.849.5395, bwagner@gibsondunn.com)

London
Patrick Doris (+44 20 7071 4276, pdoris@gibsondunn.com)
Sacha Harber-Kelly (+44 20 7071 4205, sharber-kelly@gibsondunn.com)
Michelle Kirschner (+44 20 7071 4212, mkirschner@gibsondunn.com)
Allan Neil (+44 20 7071 4296, aneil@gibsondunn.com)
Philip Rocher (+44 20 7071 4202, procher@gibsondunn.com)

Paris
Benoît Fleury (+33 1 56 43 13 00, bfleury@gibsondunn.com)
Bernard Grinspan (+33 1 56 43 13 00, bgrinspan@gibsondunn.com)

Frankfurt
Finn Zeidler (+49 69 247 411 530, fzeidler@gibsondunn.com)

Munich
Kai Gesing (+49 89 189 33 285, kgesing@gibsondunn.com)
Katharina Humphrey (+49 89 189 33 155, khumphrey@gibsondunn.com)
Benno Schwarz (+49 89 189 33 110, bschwarz@gibsondunn.com)

Hong Kong
Oliver D. Welch (+852 2214 3716, owelch@gibsondunn.com)

Singapore
Oliver D. Welch (+852 2214 3716, owelch@gibsondunn.com)
Karthik Ashwin Thiagarajan (+65 6507 3636, kthiagarajan@gibsondunn.com)

Gibson Dunn is closely monitoring developments and is prepared to help companies consider and address the implications of potential changes to FDA’s funding structure and authorities, including through regulatory counseling, agency and legislative engagement, and litigation.

Following recent mass layoffs at the Food and Drug Administration and growing criticism from senior administration officials of FDA’s user fee funding programs, the life sciences industry can expect significant changes to both FDA’s ability to meet medical product user fee deadlines and the future of the user fee programs more broadly.

Although the reductions in force at FDA have not included medical officers responsible for product reviews, other key members of review teams have been terminated. These staffing changes are expected to have an immediate and sustained impact on FDA’s ability to meet current user fee performance goals. At the same time, concerns about FDA’s reliance on industry user fees from Robert F. Kennedy, Jr., Secretary of the Department of Health and Human Services, and other senior HHS officials, as well as an increasingly unpredictable legislative process in Congress, call into question whether the various medical product user fee programs, which start to expire as early as this year, will be renewed.

A shift away from user fee funding to appropriated funds would have a significant impact on the timing of agency medical product reviews and other life sciences industry interactions with the agency.

The Current User Fee Framework

A large portion of FDA’s regulatory activities are funded by industry-paid user fees. Medical product user fee acts, which must be renewed by Congress every five years, are in place for prescription drugs,[1] biosimilars,[2] approved generic drugs,[3] over-the-counter (OTC) drugs marketed under OTC monographs,[4] medical devices,[5] innovator animal drugs,[6] and animal drugs.[7]
User fees fund a range of FDA regulatory activities, depending on the particular user fee program, such as review of product submissions, research monitoring, and certain inspections. The use of those funds is specified in, and restricted by, the statutory text of the user fee provisions.[8]
Each user fee program assesses different types of fees on industry (e.g., for applications for marketing authorization, for establishments and facilities), and the fee structure may change as part of the renewal process.
Renewal of each user fee program involves a multi-step, months-long process. First, FDA and industry negotiate the proposed user fee structure and performance goals, with opportunity for public comment. Following those negotiations, FDA is required to transmit final recommendations for reauthorization to the committees of jurisdiction in Congress (the House Energy and Commerce Committee and the Senate Health, Labor, Education, and Pensions (HELP) Committee). Those recommendations include both proposed statutory changes and commitment letters that outline review timelines, program enhancements, and other goals. In considering the recommendations, the Committees hold a series of hearings and vote on their passage. The Committees typically also consider other pieces of FDA-related legislation to ride along with the user fee reauthorization package. The packages are then voted on by the full House and Senate.

All user fee acts are up for renewal between 2025 and 2028, with the vast majority requiring reauthorization in 2027—meaning that user fee act negotiation activities are either already in progress or are scheduled to commence soon.[9]

What Is Changing?

FDA likely will not be able to meet current user fee goals. FDA layoffs and certain retirement incentives have not targeted review staff in FDA’s medical product centers or staff that conduct inspections; however, reports indicate that some medical reviewers are looking to leave the agency due to recent agency tumult.[10] In addition, product reviews rely heavily on a broad spectrum of review team staff, many of whom have been dismissed, including project managers and labeling reviewers. Layoffs of other agency staff likely will have a ripple effect on product review times. For example, although staff that conduct inspections have not been the subject of reductions in force, the office that arranges travel for those inspections was eliminated. These staffing gaps are expected to result in delays in inspections, including those conducted in connection with user-fee funded product applications.[11] If FDA does decide to increase staffing to meet its needs, it may be difficult to find high-quality candidates, given uncertainty with respect to job security and agency morale. Finally, Secretary Kennedy has suggested that some HHS staff subject to layoffs will be reinstated. It is not clear whether that effort will include staff integral to the user fee review process, or whether those staff will choose to return and, if so, for how long.[12]
The future of FDA’s user fee programs is increasingly in doubt. Secretary Kennedy and FDA Commissioner Makary have expressed concerns about what they see as the improper influence of regulated industry over FDA. Secretary Kennedy in particular has suggested that user fees paid by industry may lead the agency to make decisions regarding marketing authorization and enforcement at the expense of the public health.[13] These statements raise uncertainty about the future of user fee programs at FDA.

In February, President Trump issued Executive Order 14212, which established the Make America Healthy Again (MAHA) Commission.[14] Part of the remit of the MAHA Commission, which is led by Secretary Kennedy and includes FDA Commissioner Makary, is to provide a report within 100 days of the order to, among other things, “restore the integrity of science, including by eliminating undue industry influence.”[15] Observers have noted that this report could provide for a change in how FDA is funded to eliminate industry funding.[16]

Other advisors to the White House and Secretary Kennedy have also opposed industry-funded user fees, including Calley Means, who has stated that “FDA “should stop being funded by pharma[ceutical companies]” and called for other measures to limit ties between FDA and industry, including limits on departing employees joining pharmaceutical companies.[17] Republican members of Congress aligned with the MAHA movement could follow suit as user fee programs approach expiration and discussions on reauthorizations ramp up.

Even if senior HHS and FDA leadership do allow for the renewal of user fee programs, without sufficient allocation of resources and support, the reauthorization processes could flounder. Managing the negotiations process and engaging with members of Congress and their staff involve significant agency resources and effort. Staff that had been working on forthcoming user fee negotiations reportedly were part of last week’s layoffs.[18]

Lawmakers in the Democratic caucus could also present obstacles to user fee program renewals. Senator Bernie Sanders — the highest-ranking member in the Democratic caucus on the Senate HELP Committee — has voted against user fee bills in the past,[19] and previously criticized user fees as enabling “industry, in a sense, [to] regulat[e] itself.” Without Ranking Member Sanders’ support, it will be difficult to move user fee reauthorizations through the HELP Committee.

Once relatively routine, the Congressional process for negotiating and passing future FDA funding legislation could become more unpredictable following precedent-breaking process during the last major reauthorization cycle. Moving legislation through Congress is always a challenge, even for so-called “must pass” legislation with respect to expiring programs such as user fees, but, until recently, user fee legislation had passed without significant issue. In 2022, however, during the last reauthorization cycle for prescription drug, medical device, biosimilar, and generic drug user fees, disagreements arose in the Senate over which riders carrying specific policy changes should be attached to the user fee package. As a result, action on user fee legislation was delayed and then tacked onto a continuing resolution approved by the House in late September, narrowly avoiding a lapse in the user fee programs, before reauthorization was secured in December.[20]

The OTC Monograph Drug User Fee Program (OMUFA), which is first up for reauthorization by September 30, 2025, may be a harbinger for potential FDA funding changes.[21] The Subcommittee on Health of the House’s Energy and Commerce Committee started hearings on OMUFA last week. Questions from Subcommittee members reflected general alignment on reauthorizing the OMUFA program, despite some concerns about how FDA has been implementing the program. The Senate HELP Committee has not yet scheduled a hearing on OMUFA reauthorization.

More trouble on the horizon for current user fee funding? Finally, we note the possibility that ongoing efforts to cut staffing and funding for FDA could force the agency to both refund user fees it has already collected and prevent it from collecting further fees. A lesser-known feature of user fee acts is a “trigger mechanism” put in place to ensure that user fees supplement, not replace, appropriation funds. For example, the Prescription Drug User Fee Act (PDUFA) requires that user fees, such as per-product program fees, be refunded if spending of appropriated funding for FDA salaries and expenses for prescription drug staff falls below a certain level.[22] Similarly, under the Medical Device User Fee Act (MDUFA), FDA cannot assess medical device user fees if appropriated funding spend for medical device salaries and expenses falls beneath a threshold.[23] While this mechanism has not been an issue historically, recent staffing cuts, coupled with a lack of administration support for FDA funding and user fee programs, could significantly interfere with agency product reviews.

[1] Prescription Drug User Fee Amendments of 2022 (PDUFA), 21 U.S.C. § 379g et seq.

[2] Biosimilar User Fee Amendments of 2022 (BsUFA), 21 U.S.C. § 379j-51 et seq.

[3] Generic Drug User Fee Amendments of 2022 (GDUFA), 21 U.S.C. § 379j-41 et seq.

[4] OTC Monograph Drug User Fee Program (OMUFA), 21 U.S.C. § 379j-71 et seq.

[5] Medical Device User Fee Amendments of 2022 (MDUFA), 21 U.S.C.§ 379i et seq.

[6] Animal Drug User Fee Amendments of 2023 (ADUFA), 21 U.S.C. § 379j-11 et seq.

[7] Animal Generic Drug User Fee Amendments of 2023 (AGDUFA), 21 U.S.C. § 379j-21 et seq.

[8] See generally, e.g., FDA, “FDA: User Fees Explained” (last accessed Apr. 4, 2025).

[9] OMUFA is currently set to be reauthorized in September 2025. PDUFA, BsUFA, GDUFA, MDUFA are currently set to be reauthorized in September 2027. ADUFA and AGDUFA are currently set to be reauthorized in September 2028.

[10] FDA reviewers, inspectors, and investigators excluded from $25K buyout offer, Regulatory Focus (Mar. 10, 2025); Trump layoffs to erode FDA drug review system, Reuters (April 4, 2025).

[11] Trump layoffs to erode FDA drug review system, Reuters (April 4, 2025).

[12] “RFK Jr says 20% of Doge’s health agency job cuts were mistakes,” The Guardian (Apr. 4, 2025).

[13] See, e.g., “RFK Jr vow to purge FDA sets up collision with Big Pharma,” Reuters (Nov. 15, 2024); “Trump’s US FDA User Fee Cycle: ‘An Underappreciated Threat,’” Pink Sheet (Nov. 16, 2024); “Trump nominates Marty Makary, a critic of some COVID-19 health measures, to lead the FDA,” NBC Washington (Nov. 22, 2024).

[14] Exec. Order 14212, § 3, 90 Fed. Reg. 9833 (Feb. 19, 2025).

[15] Id. § 5(a)(ix).

[16] See, e.g., “Trump establishes MAHA Commission, with medicines – and maybe user fees – in its crosshairs,” AgencyIQ by Politico (Feb. 13, 2025).

[17] See, e.g., “The move to protect abortion clinics in states,” Politico (Mar. 19, 2025); Tucker Carlson, “Calley & Casey Means: How Big Pharma Keeps You Sick, and the Dark Truth About Ozempic and the Pill,” YouTube (Aug. 16, 2024).

[18] Following layoffs, the future of FDA’s user fee programs is in extreme jeopardy, AgencyIQ (April 3, 2025).

[19] See Bernie Sanders, U.S. Senator for Vermont, “Issues” (last visited Apr. 4, 2025).

[20] See, e.g., “Sigh of relief as Congress reauthorizes user fee agreements,” Regulatory Focus (Sept. 30, 2022).

[21] Subcommittee on Health, Committee on Energy and Commerce, Examining the FDA’s Regulation of Over-the-Counter Monograph Drugs (Apr. 1, 2025).

[22] 21 U.S.C. 379h(f)(1).

[23] 21 U.S.C. 379j(g)(1).

The following Gibson Dunn lawyers prepared this update: Katlin McKelvie and Carlo Felizardo.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s FDA & Health Care or Consumer Protection practice groups:

Gustav W. Eyler – Washington, D.C. (+1 202.955.8610, geyler@gibsondunn.com)
Katlin McKelvie – Washington, D.C. (+1 202.955.8526, kmckelvie@gibsondunn.com)
John D. W. Partridge – Denver (+1 303.298.5931, jpartridge@gibsondunn.com)
Jonathan M. Phillips – Washington, D.C. (+1 202.887.3546, jphillips@gibsondunn.com)
Carlo Felizardo – Washington, D.C. (+1 202.955.8278, cfelizardo@gibsondunn.com)

From the Derivatives Practice Group: Rahul Varma was named acting director of the CFTC’s Division of Market Oversight this week and CFTC staff withdrew two advisories.

New Developments

Rahul Varma Named Acting Director of CFTC Division of Market Oversight. On April 2, CFTC Acting Chairman Caroline D. Pham announced Rahul Varma will serve as the Acting Director of the Division of Market Oversight (“DMO”). Varma joined the CFTC in 2013 as an Associate Director for Market Surveillance in DMO, with responsibility for energy, metals, agricultural, and softs markets. In 2017, he helped start the Market Intelligence Branch in DMO and served as its Acting Deputy Director. In 2024, he took on the role of Deputy Director for the combined Market Intelligence and Product Review branches. [NEW]
CFTC Staff Withdraws Advisory on Review of Risks Related to Clearing Digital Assets. On March 28, the CFTC’s Division of Clearing and Risk (“DCR”) announced it is withdrawing CFTC Staff Advisory No. 23-07, Review of Risks Associated with Expansion of DCO Clearing of Digital Assets, effective immediately. As stated in the withdrawal letter, DCR determined to withdraw the advisory to ensure that it does not suggest that its regulatory treatment of digital asset derivatives will vary from its treatment of other products. [NEW]
CFTC Staff Withdraws Advisory on Virtual Currency Derivative Product Listings. On March 28, DMO and DCR announced they are withdrawing CFTC Staff Advisory No. 18-14, Advisory with Respect to Virtual Currency Derivative Product Listings, effective immediately. As stated in the withdrawal letter, DMO and DCR determined that the advisory is no longer needed given additional staff experience with virtual currency derivative product listings and increasing market growth and maturity. [NEW]
ICE and Circle Sign MOU to Explore Product Innovation Based on Circle’s USDC and USYC Digital Assets. On March 27, Intercontinental Exchange Inc. (“ICE”), a leading global provider of technology and data, and Circle Internet Group, Inc. (“Circle”), a global financial technology company and stablecoin market leader, today announced an agreement whereby ICE plans to explore using Circle’s stablecoin USDC, as well as tokenized money market offering US Yield Coin (“USYC”), to develop new products and solutions for its customers. Under the MoU, Circle and ICE plan to collaborate to explore applications for using Circle’s stablecoins and other product offerings within ICE’s derivatives exchanges, clearinghouses, data services, and other markets, to deliver innovation and build new markets and product offerings based on Circle’s products.
Updated FIA Disclosures For New CFTC Rules. On March 24, the FIA announced that is has published updated versions of the FIA Uniform Futures and Options on Futures Risk Disclosures Booklet and FIA Template Disclosures Regarding Separate Accounts for new CFTC rules. Both documents are available in the “Regulatory Disclosures” section of FIA’s US Documentation Library. The CFTC approved new rules in December revising the list of permitted investments for Futures Commissions Merchants (“FCMs”) and DCOs in CFTC Regulation 1.25 (“1.25 Rule”) and codifying no-action relief governing treatment of separate accounts (“Separate Accounts Rule”). The 1.25 Rule requires FCMs and Introducing Brokers to use a revised form of the 1.55 risk disclosure statement for customers onboarded on or after March 31, 2025. The revised disclosure statement reflects the scope of permissible investments, as modified by the 1.25 Rule. The FIA Uniform Futures and Options on Futures Risk Disclosures Booklet is intended to assist FCMs in delivering mandatory customer disclosures under CFTC, exchange and Self-Regulatory Organization rules. Among the disclosures contained in the booklet is the FIA Combined Risk Disclosure Statement. That document has been updated in accordance with the 1.25 Rule to reflect the modified list of permissible investments.
CFTC Staff Issues Interpretation Regarding Financial Reporting Requirements for Japanese Nonbank Swap Dealers. On March 20, the CFTC’s Market Participants Division issued an interpretation concerning financial reporting obligations for nonbank swap dealers subject to regulation by the Financial Services Agency of Japan (“Japanese nonbank SDs”). On July 18, 2024, the CFTC issued a comparability determination and related comparability order granting substituted compliance in connection with the CFTC’s capital and financial reporting requirements to Japanese nonbank SDs, subject to certain conditions in the order (“Japanese Comparability Order”). One of the conditions in the Japanese Comparability Order, condition 9, requires each Japanese nonbank SD to file a copy of its home regulator Annual Business Report with the CFTC and the National Futures Association (NFA). The staff interpretation clarifies that Japanese nonbank SDs may satisfy condition 9 of the Japanese Comparability Order by filing with the CFTC and the NFA certain enumerated schedules of the Annual Business Report (In Scope Schedules), subject to the translation, U.S. dollar conversion, and deadline requirements of condition 9. The interpretation was issued in response to a request from the Securities Industry and Financial Markets Association on behalf of its Japanese nonbank SD members that rely on the Japanese Comparability Order.
SEC’s Division of Corporation Finance Releases Statement on Certain Proof-of-Work Mining Activities. On March 20, the SEC’s Division of Corporation Finance (“Corp Fin”) released a statement providing its views on certain activities on proof-of-work networks known as “mining.” Specifically, the statement addressed the mining of crypto assets that are intrinsically linked to the programmatic functioning of a public, permissionless network, and are used to participate in and/or earned for participating in such network’s consensus mechanism or otherwise used to maintain and/or earned for maintaining the technological operation and security of such network. Corp Fin said that participants in “Mining Activities” (as defined in the statement) do not need to register transactions with the SEC under the Securities Act or fall within one of the Securities Act’s exemptions from registration in connection with these Mining Activities. Commissioner Crenshaw released a related statement, noting that Corp Fin’s statement delivers “neither progress nor clarity” and suffers from issues of flawed logic and limited and imprecise application. Commissioner Crenshaw said that Corp Fin’s statement “leaves us exactly where we started,” because it does not obviate the need for a facts and circumstances application under the investment contract test set forth in SEC v. W.J. Howey Co., 328 U.S. 293 (1946).
CFTC’s Office of Customer Education and Outreach Releases New Advisory on Fraud Using Generative AI. On March 19, the CFTC’s Office of Customer Education and Outreach (the “OCEO”) released a customer advisory that says generative artificial intelligence is making it increasingly easier for fraudsters to create convincing scams. The OCEO advisory describes how fraudsters use AI to create fraudulent identifications with phony photos and videos that can appear very real if one is not familiar with the advances of AI technology. The fraudsters also are using AI to forge government or financial documents. An FBI public service announcement also warns the public about how criminals are using AI to commit fraud and how the technology is being used in relationship investment scams.

New Developments Outside the U.S.

ESMA Consults on Transparency Requirements for Derivatives Under MiFIR Review. On April 3, ESMA asked for input on proposals for Regulatory Technical Standards (“RTS”) on transparency requirements for derivatives, amendments to RTS on package orders, and RTS on input/output data for the over-the-counter (“OTC”) derivatives consolidated tape. ESMA said that it is developing various technical standards further specifying certain provisions set out in the Market in Financial Instruments Regulation Review. The consultation paper covers the following three areas: transparency requirements for derivatives, RTS on package orders, and RTS on input/output data for the OTC derivatives consolidated tape. The consultation will remain open until 3 July 2025. [NEW]
ESMA Publishes Annual Peer Review of EU CCP Supervision CCP Supervisory Convergence. On April 2, ESMA published its annual peer review report on the supervision of European Union (“EU”) Central Counterparties (“CCPs”) by National Competent Authorities (“NCAs”). The peer review measures the effectiveness of NCA supervisory practices in assessing CCP compliance with the European Market Infrastructure Regulation (“EMIR”) requirements on outsourcing and intragroup governance arrangements. ESMA indicated, for this exercise, the review of the functioning of CCP colleges remains overall positive. ESMA also said that the peer review identified the need to promote further supervisory convergence in respect of the definition of major activities linked to risk management. [NEW]
The European Supervisory Authorities Publish Evaluation Report on the Securitisation Regulation. On March 31, the Joint Committee of the European Supervisory Authorities published its evaluation report on the functioning of the EU Securitisation Regulation (SECR). The report purports to put forward recommendations to strengthen the overall effectiveness of Europe’s securitization framework through simplification, while ensuring a high level of protection for investors and safeguarding financial stability. This report identifies areas where the regulatory and supervisory framework can be enhanced, supporting the growth of robust and sound securitization markets in Europe. [NEW]
PRA, FCA Consult on Margin Requirements for Non-centrally Cleared Derivatives. On March 27, the UK Prudential Regulation Authority (“PRA”) and the Financial Conduct Authority published CP5/25 – Margin requirements for non-centrally cleared derivatives: Amendments to BTS 2016/2251. The consultation paper proposes to indefinitely exempt single-stock equity and index options from the bilateral margining requirements in the UK. In addition, it proposes to remove the requirement to exchange initial margin (“IM”) for legacy contracts once a counterparty falls out of scope of the margin requirements. It also proposes to permit UK firms, when transacting with a counterparty subject to the margin requirements in another jurisdiction, to use that jurisdiction’s threshold assessment calculation periods and dates of entry into the scope of IM requirements to determine whether those transactions are subject to IM requirements. [NEW]
MAS Responds to Feedback on Proposed Changes to Capital Framework. On March 27, the Monetary Authority of Singapore (“MAS”) published its response to feedback received to the consultation paper on proposed amendments to the capital framework for approved exchanges and approved clearing houses. The consultation was later extended to licensed trade repositories. MAS’s response addresses liquidity requirements, eligible capital, and total risk requirements. [NEW]
ESMA Makes Recommendations for the Supervision of STS Securitizations. On March 27, ESMA published its Peer Review Report on NCAs supervision of Simple, Transparent and Standardized (“STS”) securitizations. The Report looks into and provides recommendations on the supervisory approaches adopted by selected NCAs when supervising STS securitization transactions and the activities of their originators, sponsors and securitization special purpose entities. The Peer Review focused on the NCAs of France, Germany, Portugal, and the Netherlands.
ESMA Extends the Tiering and Recognition of the Three UK-Based CCPs. On March 17, ESMA announced its decision to temporarily extend the application of the recognition decisions under Article 25 of the EMIR for three CCPs established in the United Kingdom (“UK”). On January 30, 2025, the European Commission adopted a new equivalence decision in respect of the regulatory framework applicable to CCPs in the UK. Subsequently, ESMA has prolonged the tiering determination decisions and recognition decisions for the three recognized UK CCPs – ICE Clear Europe Ltd, LCH Ltd (as Tier 2) and LME Clear Ltd (as Tier 1) – that were adopted by ESMA on September 25, 2020, to align with the expiry date of the new equivalence decision. The application of the tiering determination decisions and recognition decisions is temporarily extended until 30 June 2028.
ESMA and Bank of England Conclude a Revised MoU in Respect of UK-Based CCPs Under EMIR. On March 17, ESMA and the Bank of England (“BoE”) signed a revised Memorandum of Understanding (“MoU”) on cooperation and information exchange concerning the three CCPs established in the UK (ICE Clear Europe Ltd, LCH Ltd and LME Clear Ltd) which have been recognized by ESMA under EMIR. ESMA said that, according to EMIR, one of the conditions for recognition of a third-country CCP (TC-CCP) by ESMA is the establishment of cooperation arrangements between ESMA and the relevant third-country authority. ESMA noted that the revised MoU follows the amendments introduced by EMIR 3 on the requirements concerning the content of such cooperation arrangements, in particular, cooperation in respect of systemically important TC-CCPs (Tier 2 TC-CCPs), and replaces the earlier version that ESMA and the BoE concluded in 2020.

New Industry-Led Developments

IOSCO Issues Final Report on Standards Implementation Monitoring for Regulator Principle. On April 2, IOSCO published a Final Report following its review of IOSCO Standards Implementation Monitoring (ISIM) for Regulator Principles 6 and 7, which address systemic risk and perimeter of regulation. IOSCO’s Objectives and Principles of Securities Regulation 6 and 7 stipulate that regulators should have or contribute to processes to identify, monitor, mitigate and manage systemic risk, as well as have or contribute to a process to review the perimeter of regulation regularly. This ISIM Review by IOSCO’s Assessment Committee found a high level of implementation across the 55 jurisdictions from both emerging and advanced markets. According to IOSCO, the report highlights some good practices and also identifies a few areas where there is room for improvement, observed primarily in some emerging markets. For example, the Report notes that some jurisdictions do not have clear responsibilities, definitions and regulatory processes with respect to systemic risk. [NEW]
ISDA Responds to EC on Amendments to Taxonomy Regulation Delegated Act. On March 26, ISDA and the Association for Financial Markets in Europe submitted a joint response to the EC’s proposed changes to EU Taxonomy Regulation reporting. The associations indicated that they welcome the EC’s commitment in the context of the Omnibus sustainability package to reduce Taxonomy reporting burdens and provide swift relief to reporters. However, they also noted concerns over whether the proposals go far enough to achieve these objectives, opining that they would not provide sufficient reduction in reporting burdens for banks and their clients and they would not achieve meaningful disclosures. The responses sets our specific priority measures for consideration. [NEW]
IOSCO Launches New Alerts Portal to Help Combat Retail Investment Fraud. On March 20, IOSCO announced the launch of the International Securities & Commodities Alerts Network (“I-SCAN”). IOSCO said that I-SCAN is a unique global warning system where any investor, online platform provider, bank or institution can check if a suspicious activity has been flagged for a particular company by financial regulators, which will submit alerts directly to I-SCAN, worldwide. According to IOSCO, I-SCN forms part of IOSCO’s Roadmap for Retail Investor Online Safety, an initiative which was launched in November last year.

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, jsteiner@gibsondunn.com)

Michael D. Bopp, Washington, D.C. (202.955.8256, mbopp@gibsondunn.com)

Michelle M. Kirschner, London (+44 (0)20 7071.4212, mkirschner@gibsondunn.com)

Darius Mehraban, New York (212.351.2428, dmehraban@gibsondunn.com)

Jason J. Cabral, New York (212.351.6267, jcabral@gibsondunn.com)

Adam Lapidus, New York (212.351.3869, alapidus@gibsondunn.com )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, sbrooker@gibsondunn.com)

William R. Hallatt, Hong Kong (+852 2214 3836, whallatt@gibsondunn.com )

David P. Burns, Washington, D.C. (202.887.3786, dburns@gibsondunn.com)

Marc Aaron Takagaki, New York (212.351.4028, mtakagaki@gibsondunn.com )

Hayden K. McGovern, Dallas (214.698.3142, hmcgovern@gibsondunn.com)

Karin Thrasher, Washington, D.C. (202.887.3712, kthrasher@gibsondunn.com)

Join us for a 30-minute briefing covering several M&A practice topics. The program is part of a series of quarterly webcasts designed to provide quick insights into emerging issues and practical advice on how to manage common M&A problems. Steve Glover, a partner in the firm’s Global M&A Practice Group, acts as moderator.

Topics discussed:

The FTC’s Decision to Impose a $5.6 Million “Gun Jumping” Penalty
How Buyers Can Mitigate Aiding and Abetting Risk
Reincorporation and the Status of Proposed Delaware Law Changes

MCLE CREDIT INFORMATION:

This program has been approved for credit by the New York State Continuing Legal Education Board for a maximum of 0.5 credit hours in the professional practice category. This course is approved for transitional and non-transitional credit.

Gibson, Dunn & Crutcher LLP certifies this activity is approved for 0.5 hours of MCLE credit by the State Bar of California in the General Category.

Gibson, Dunn & Crutcher LLP is authorized by the Solicitors Regulation Authority to provide in-house CPD training. This program is approved for CPD credit in the amount of 0.5 hours. Regulated by the Solicitors Regulation Authority (Number 324652).

California attorneys may claim self-study credit for viewing the archived webcast. No certificate of attendance is required for self-study credit.

PANELISTS:

Jamie France is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher and a member of the firm’s Antitrust and Competition Practice Group. Jamie represents clients in antitrust merger and non-merger investigations before the U.S. Federal Trade Commission, U.S. Department of Justice Antitrust Division, state Attorneys General, and international competition authorities, as well as in complex private and government antitrust litigation. She also counsels clients on a range of antitrust merger and conduct matters. Her experience encompasses a broad set of industries, including healthcare, technology, consumer goods, retail, pharmaceuticals, software, gaming, wood products, and chemicals. Jamie has been recognized in the 2024 edition of the Best Lawyers: Ones to Watch® in America for Antitrust Law and Litigation – Antitrust.

Harrison A. Korn is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher, where he is a member of the firm’s corporate department. Harrison advises public and private companies, private equity firms, boards of directors and special committees in a wide variety of complex corporate matters, including mergers and acquisitions, asset sales and other carve-out transactions, spin-offs, joint ventures, strategic investments and corporate governance matters, including securities law compliance. He also has substantial expertise advising public benefit corporations (PBCs).

Alexander L. Orr is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher where his practice focuses primarily on mergers and acquisitions. Mr. Orr advises public and private companies, private equity firms, boards of directors and special committees in a wide variety of complex corporate matters, including mergers and acquisitions, asset sales, leveraged buyouts, spin-offs, joint ventures, equity and debt financing transactions and corporate governance matters, including securities law compliance.

Julia Lapitskaya is a partner in the New York office of Gibson Dunn. She is a Co-Chair of the firm’s ESG: Risk, Litigation, and Reporting Practice Group and a member of the firm’s Securities Regulation and Corporate Governance Practice Group. Ms. Lapitskaya’s practice focuses on SEC, NYSE/Nasdaq and Securities Exchange Act of 1934 compliance, securities and corporate governance disclosure issues, corporate governance best practices, state corporate laws, the Dodd-Frank Act of 2010, SEC regulations, shareholder activism matters, ESG and sustainability matters and executive compensation disclosure issues, including as part of initial public offerings and spin-off transactions.

Stephen I. Glover is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher who has served as Co-Chair of the firm’s Global Mergers and Acquisitions Practice. Mr. Glover has an extensive practice representing public and private companies in complex mergers and acquisitions, joint ventures, equity and debt offerings and corporate governance matters. His clients include large public corporations, emerging growth companies and middle market companies in a wide range of industries. He also advises private equity firms, individual investors and others.

FDA v. Wages & White Lions Investments, LLC, No. 23-1038 – Decided April 2, 2025

Today, the Supreme Court held unanimously that the Food and Drug Administration did not unlawfully change position in denying marketing authorization for flavored e-cigarettes.

“[A] belief about how an agency is likely to exercise its enforcement discretion is not a ‘serious reliance interest.’”

Justice Alito, writing for the Court

Background:

The Family Smoking Prevention and Tobacco Control Act of 2009 (“TCA”) requires the makers of tobacco products to apply for and obtain premarketing authorization before introducing any “new tobacco product” to the market. 21 U.S.C. § 387j(a). In 2016, the FDA issued a rule that deemed e-cigarettes tobacco products subject to the TCA. However, the FDA delayed enforcement for existing e-cigarette products and set a September 2020 deadline for manufacturers to file applications for premarketing authorization. Before that deadline, the FDA issued a proposed rule concerning premarket tobacco product applications, and guidance concerning the types of scientific evidence that would be required for approval and manufacturers’ marketing plans.

Two companies submitted applications seeking approval to market and sell flavored e-liquids for use in e-cigarettes, but the FDA denied the applications because they had not provided sufficient evidence from scientific studies. The FDA did not consider the marketing plans submitted by the companies with their applications.

After the manufacturers sought judicial review, the en banc Fifth Circuit set aside and remanded the FDA’s denial orders. The court held that the FDA’s denial of the companies’ applications under standards different from those articulated in its pre-decisional guidance was arbitrary and capricious, and that the FDA’s failure to consider the companies’ marketing plans was unlawful and prejudicial (not harmless) error.

Issue:

Did the court of appeals err in setting aside and remanding the FDA’s denial orders as arbitrary and capricious?

Court’s Holding:

The FDA’s denial orders were not arbitrary and capricious and did not constitute an unlawful change in position from the FDA’s pre-decisional guidance. Further, the Fifth Circuit applied an incorrect harmless-error standard to the agency’s failure to consider the marketing plans.

What It Means:

The Court largely deferred to the FDA’s decision to deny manufacturer applications for approval to market and sell flavored e-liquids for e-cigarettes. The decision is an example of the Court giving broad latitude to agency action under the arbitrary and capricious standard of review.
The Court clarified the “change-in-position doctrine,” which applies when an agency changes course on a question of law or policy. The Court explained that an agency does not unlawfully change positions where its previous positions were “largely noncommittal” and the agency gives specific reasons for its actions, or where its previous statements do not directly contradict its later actions. Op. 29, 33, 38. The Court further reasoned that a regulated party’s mere “belief about how an agency is likely to exercise its enforcement discretion is not a ‘serious reliance interest.’” Op. 39–40.
The Court also clarified the “tension” between the harmless-error doctrine, under which courts can excuse agency errors that are not prejudicial, and the Chenery doctrine, under which courts may not uphold agency action with alternative reasoning not considered by the agency. Op. 41–46. The Court explained that courts may uphold agency action—and need not remand to the agency—where it is clear that the agency’s error had no bearing on the procedure used or the substance of the decision reached. The Court remanded to the Fifth Circuit to apply that standard in deciding whether the FDA’s failure to consider marketing plans was a harmless error.
The Court declined to address statutory and constitutional challenges to the FDA’s denial orders that were raised for the first time after certiorari was granted. Parties challenging agency action thus should be mindful of the need to preserve statutory and constitutional challenges at all stages of the litigation.

The Court’s opinion is available HERE.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the U.S. Supreme Court. Please feel free to contact the following practice group leaders:

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 tdupree@gibsondunn.com	Allyson N. Ho +1 214.698.3233 aho@gibsondunn.com	Julian W. Poon +1 213.229.7758 jpoon@gibsondunn.com
Lucas C. Townsend +1 202.887.3731 ltownsend@gibsondunn.com	Bradley J. Hamburger +1 213.229.7658 bhamburger@gibsondunn.com	Brad G. Hubbard +1 214.698.3326 bhubbard@gibsondunn.com

Related Practice: FDA and Health Care

Jonathan M. Phillips
+1 202.887.3546
jphillips@gibsondunn.com

Gustav W. Eyler
+1 202.955.8610
geyler@gibsondunn.com

John D.W. Partridge
+1 303.298.5931
jpartridge@gibsondunn.com

Related Practice: Administrative Law and Regulatory

Eugene Scalia +1 202.955.8210 escalia@gibsondunn.com	Helgi C. Walker +1 202.887.3599 hwalker@gibsondunn.com	Stuart F. Delery +1 202.955.8515 sdelery@gibsondunn.com
Matt Gregory +1 202.887.3635 mgregory@gibsondunn.com

This alert was prepared by partner Grace Hart and associate Aly Cox.

Medical Marijuana, Inc. v. Horn, No. 23-365 – Decided April 2, 2025

Today, in a 5-4 decision, the Supreme Court held that damages can be available under civil RICO for harm to business or property by reason of a racketeering activity, even when such harm stems from a personal injury.

“[A] plaintiff can seek damages for business or property loss regardless of whether the loss resulted from a personal injury.”

Justice Barrett, writing for the Court

Background:

More than five decades ago, Congress passed the Racketeer Influenced and Corrupt Organizations Act (“RICO”) to bolster efforts to fight organized crime. In addition to imposing criminal penalties for violating RICO, Congress also authorized “any person injured in his business or property by a violation of” RICO to bring a civil suit and recover triple damages. 18 U.S.C. § 1964(c).

Douglas Horn bought Medical Marijuana, Inc.’s hemp-based product after reading that it contained CBD but not THC, the active chemical compound in marijuana. After Horn failed a THC blood test, he was fired from his job as a commercial truck driver. Horn sued under RICO, alleging that the makers of the product had engaged in mail and wire fraud that caused him to suffer injury to his business or property. The district court granted summary judgment to the company, concluding that Horn sought recovery for a personal injury—unwitting consumption of THC—and so did not allege an injury to “business or property.” The Second Circuit reversed, holding that Horn could recover under RICO because his lost employment is an injury to business even if it flowed from a personal injury.

Issue:

Whether RICO’s civil-action provision permits recovery for injuries to “business or property” resulting from personal injuries.

Court’s Holding:

Yes. Injuries to business or property resulting from personal injuries can be recovered under RICO’s civil-action provision.

What It Means:

The Court interpreted the phrase “injured in his business or property” in RICO’s civil-action provision as “not preclud[ing] recovery for all economic harms that result from personal injuries.” Op. 19. Thus, injuries to business or property flowing from a personal injury may be recoverable under 18 U.S.C. § 1964(c).
The Court took pains to emphasize the narrowness of its decision: “The only question we address is the one squarely before us: whether civil RICO bars recovery for all business or property harms that derive from a personal injury.” Op. 5. The Court expressed no views on whether respondent suffered an antecedent personal injury at all, whether the term “business” includes “employment,” or whether an injury to “property” includes “all pecuniary loss.” Op. 4–5. The Court left these issues for another day.
In response to the dissent’s concern that today’s decision would “eviscerate RICO’s ‘business or property’ limitation,” the Court highlighted several guardrails that constrain civil RICO claims: (1) the requirement that there be “some direct relation between the injury asserted and the injurious conduct,” (2) the requirement that civil RICO plaintiffs establish a pattern of racketeering activity, and (3) the possibility that “business” does not “encompass every aspect of employment” or that “property” does not include “every penny in the plaintiff’s pocketbook.” Op. 17–18.

The Court’s opinion is available HERE.

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 tdupree@gibsondunn.com	Allyson N. Ho +1 214.698.3233 aho@gibsondunn.com	Julian W. Poon +1 213.229.7758 jpoon@gibsondunn.com
Lucas C. Townsend +1 202.887.3731 ltownsend@gibsondunn.com	Bradley J. Hamburger +1 213.229.7658 bhamburger@gibsondunn.com	Brad G. Hubbard +1 214.698.3326 bhubbard@gibsondunn.com

Related Practice: Litigation

Reed Brodsky +1 212.351.5334 rbrodsky@gibsondunn.com	Trey Cox +1 214.698.3256 tcox@gibsondunn.com	Theane Evangelis +1 213.229.7726 tevangelis@gibsondunn.com
Helgi C. Walker +1 202.887.3599 hwalker@gibsondunn.com

This alert was prepared by associates Elizabeth A. Kiernan and Bryston Gallegos.

We are pleased to provide you with the March edition of Gibson Dunn’s digital assets regular update. This update covers recent legal news regarding all types of digital assets, including cryptocurrencies, stablecoins, CBDCs, and NFTs, as well as other blockchain and Web3 technologies. Thank you for your interest.

ENFORCEMENT ACTIONS

UNITED STATES

SEC Drops Ripple Appeal
On March 25, Ripple Labs CLO Stuart Alderoty announced that the company will pay the SEC a $50 million civil penalty to resolve the agency’s enforcement action, and the agency and company will each drop their appeals of an adverse decision in the district court. The SEC brought the action initially in 2020. Last year, U.S. District Judge Analisa Torres ruled that secondary sales and other distributions of XRP are not securities transactions but ordered Ripple to pay $125 million for failing to register institutional sales of the XRP token, which she held were securities transactions. The SEC and Ripple cross-appealed these decisions to the Second Circuit. Law360; CoinDesk; Reuters.
DOJ Dismisses BitClout Crypto Fraud Case
Federal prosecutors have dropped their fraud case against the founder of crypto project BitClout, whom they had accused of defrauding a venture capital firm by misleading investors. According to a joint filing by the SEC and BitClout’s founder Nader Al-Naji, the SEC is also considering dropping a parallel action against Al-Naji. The Department of Justice’s order did not give a reason for the dismissal. Law360; Order Dismissing Criminal Complaint; Joint Letter.
DOJ Disrupts and Takes Down Russian Cryptocurrency Exchange and Indicts Foreign Nationals
On March 7, the DOJ announced that in coordination with German and Finnish law enforcement, it has taken down the online infrastructure of Garantex, a cryptocurrency exchange allegedly used to facilitate money laundering for transnational criminal organizations and sanctions violations. The coordinated action seized Garantex’s domain names and servers and froze over $26 million in funds. DOJ alleged that Garantex has processed at least $9 billion in cryptocurrency transactions since April 2019 and was operated by Lithuanian resident Alksej Besciokov and Russian national Aleksandr Mira Sera, who have been indicted for money laundering conspiracy and other charges that carry maximum penalties of 20+ years in prison. According to a subsequent news story, Besciokov was later arrested in India. DOJ Press Release; BBC.
Brooklyn Man Sentenced to 45 Months in Prison for $2M Crypto Fraud
On March 13, Thomas John Sfraga was sentenced by Judge Frederic Block of the Eastern District of New York to 45 months in prison and was ordered to pay $1,337,700 in forfeiture, with restitution pending. Allegedly posing as a serial entrepreneur, Sfraga allegedly solicited more than $2 million in investments from at least 17 victims for fake property flips and cryptocurrency ventures, promising returns up to 60% in three months. Sfraga then used such funds for personal expenses and to repay earlier victims. Press Release; Sentencing Memorandum.
Cryptocurrency Founder Convicted of Wire Fraud and Money Laundering
On March 12, Rowland Marcus Andrade, the founder and CEO of NAC Foundation, was convicted at trial of fraud and money laundering in the Northern District of California. By promoting a cryptocurrency, AML Bitcoin, Andrade allegedly defrauded tens of thousands of investors of over $10 million through making false statements about the AML Bitcoin’s technology and its business deals. He allegedly diverted over $2 million for personal use and laundered funds through multiple accounts. Andrade’s sentencing is scheduled on July 22. He faces up to 30 years in prison and potential forfeiture of all assets traceable to the crimes. Press Release; Law360.
Russian Cryptocurrency Manipulator Pleads Guilty and Forfeits $23 Million
On March 21, Aleksei Andriunin, a Russian founder of a market-making service company, and that company, Gotbit Consulting LLC, pleaded guilty in Massachusetts federal court. Andriunin and Gotbit both pled guilty to charges of conspiracy to commit market manipulation, and wire fraud, and agreed to forfeit $23 million in cryptocurrency. Andriunin allegedly developed codes to artificially inflate trading volume in order to list cryptocurrency on larger exchanges and has gained tens of millions of dollars through his fraudulent services. Gotbit Plea Agreement; Andriunin Plea Agreement; Law360.
SEC Closes Investigation into Crypto.com
On March 27, Crypto.com announced that it was informed by the SEC that the SEC ended its investigation into the company with no enforcement action. According to Crypto.com, it received a Wells notice from the SEC in August 2024, alleging that the company acted as an “unregistered broker-dealer and securities clearing agency under the federal securities laws.” In October 2024, Crypto.com filed a complaint seeking declaratory and injunctive relief against the SEC. Press Release; Complaint.
President Trump Pardons BitMEX Founders
On March 27, President Trump granted pardons to four former executives of the BitMEX global cryptocurrency exchange, as well as HDR Global Trading Limited, the entity that owned and operated BitMEX, all of which had pled guilty to violating the Bank Secrecy Act. The former executives, Arthur Hayes, Benjamin Delo, Samuel Reed and Gregory Dwyer, had received criminal sentences of probation and fines of more than $30 million for willfully failing to maintain anti-money laundering and know-your-customer programs. HDR had been sentenced to a $100 million fine in addition to its previous $100 million no-admit no-deny settlements with CFTC and FinCEN due to compliance failures. Pardons; Law360.

INTERNATIONAL

FCA Announces Sentencing of Individual for Unregistered Crypto-Asset Activity
On February 28, the UK Financial Conduct Authority announced that it has secured a four-year sentence for an individual for illegally operating crypto ATMs. The individual allegedly operated crypto ATMs at 28 different locations across the UK, despite being refused an FCA license for his business in 2021 due to concerns over compliance with regulations. This is the first sentence for unregistered crypto-asset activity in the UK. FCA Press Release.

REGULATION AND LEGISLATION

UNITED STATES

SEC Says Cryptocurrency Mining Doesn’t Trigger Securities Laws
On March 20, the SEC’s Division of Corporation Finance confirmed in a statement that cryptocurrency mining activities, including both self-mining and mining pools, do not involve the offer and sale of securities, and thus do not require registration or exemption under securities laws. Under the previous administration, SEC has declared that proof-of-stake blockchains fall under the regulation of securities laws. SEC Statement.
CFTC Withdraws Two Staff Advisories to Ease Crypto Oversight
On March 28, the CFTC announced its withdrawal of two staff advisories that imposed extra scrutiny on the clearing and trading of digital-asset derivatives, aiming to align the regulatory treatment of these products with other derivatives under its jurisdiction. The CFTC stressed that the same listing standards and risk-management principles still apply to all derivative products, and that the withdrawal would not affect its oversight of clearing and systemic risk. Press Release; Bloomberg.
In Bipartisan Votes, Congress Votes to Overturn Crypto Tax Reporting Rule
In a significant victory for the crypto industry, Congress has passed a joint resolution under the Congressional Review Act that will repeal a Treasury Department and IRS rule that would have subjected DeFi participants to onerous tax-reporting requirements for digital-asset transactions (DeFi Broker Rule). On March 11, the House voted 292-131 to pass the resolution, which was then passed by the Senate with a 70-28 vote on March 26. Once signed into law by President Trump, the resolution will not only effectively repeal the DeFi Broker Rule, but also will prohibit Treasury and the IRS from issuing a new rule that is “substantially the same” as the repealed rule absent new legislation. The resolution will not repeal the IRS’s July 2024 broker rule applicable to custodial digital asset trading platforms. Joint Resolution; Law360; CoinDesk; Cointelegraph.
Trump Order Establishes Strategic Bitcoin Reserve, and States Consider Doing the Same
On March 6, President Trump signed an Executive Order to establish a Strategic Bitcoin Reserve and a U.S. Digital Asset Stockpile. The order aims to position to United States as a leader in digital-asset strategy. The reserve will be funded with Bitcoin finally forfeited in criminal or civil proceedings and will not be sold, akin to a “digital Fort Knox” according to newly appointed “crypto czar,” David Sacks. Texas soon followed suit on March 6 when the Texas Senate passed S.B. 21, which would establish the Texas Strategic Bitcoin Reserve and allow the state to invest public money into digital assets. The bill is waiting to be voted by the House. Similarly, on March 5, New Hampshire’s H.B. 302, which would allow the state to invest up to 5% of state funds into bitcoin and other assets, was passed by the House committee and is pending for a full floor vote. Executive Order; White House Fact Sheet; Texas S.B. 21; New Hampshire H.B. 302.
Senate Banking Committee Votes to Advance Stablecoin Bill
On March 13, a bipartisan group of senators in the Senate Banking Committee, led by Senator Bill Hagerty (R-Tenn), voted to advance the “GENIUS Act” (Guiding and Establishing National Innovation for US Stablecoins) to the Senate. The Act aims to create a regulatory framework for stablecoins, defining when issuers fall under state or federal oversight. Senator Elizabeth Warren (D-Ma) expressed concern over the bill, cautioning that it could allow tech billionaires like Elon Musk to issue their own currencies to compete with the US dollar. The Block.
OCC Clarifies Certain Crypto Activities are Permissible for Banks
In an Interpretive Letter issued on March 7, the OCC reaffirmed that banks may engage in certain cryptocurrency-related activities, including crypto-asset custody, stablecoin transactions, and participation in independent node verification networks. The Letter removes existing requirements for banks to obtain supervisory nonobjection before engaging in such activities. According to Rodney Hood, the acting Chief of the OCC, the agency intends to align the regulations of novel and traditional bank activities. Interpretive Letter; Press Release.
FDIC Allows Banks to Engage in Crypto Activities without Prior Approval
On March 28, the FDIC issued a Financial Institution Letter clarifying that banks may engage in permissible activities without prior FDIC approval, as long as they manage the risks. The FDIC will coordinate with the President’s Working Group on Digital Asset Markets and the other banking agencies to issue further guidance or regulations. Press Release.
Tim Scott (R.-S.C.) Introduces FIRM Act Aimed at Debanking
On March 6, Senate Banking Chair Tim Scott introduced the Financial Integrity and Regulation Management (FIRM) Act to address concerns about the debanking of certain companies, particularly in the crypto industry. The bill aims to eliminate the use of reputational risk as a component of regulatory supervision, which Scott argues has been misused by federal regulators to carry out political agendas. The bill has passed out of the Senate Banking Committee and will next move to the Senate for a vote. Bill; Press Release; Axios.
OCC Ceases Examinations for Reputational Risk
On March 20, the OCC issued a statement that it will no longer examine national banks for reputational risk and is removing references to reputational risk from its Handbook and guidance issuances. Certain crypto companies have previously argued that examinations focused on reputational risk contributed to banks refusing to open accounts or otherwise work with crypto companies. This action indicates that the OCC may be seeking to ease the compliance path for banks engaging with crypto businesses. Press Release; Law360; Coindesk;
SEC Acting Chairman Directs Staff to Reexamine Proposed Crypto Custody Rule
During a March 17 speech, the SEC’s Acting Chairman, Mark Uyeda, said that the SEC is considering modifying or eliminating a crypto custody rule proposed by the prior administration that would have required registered investment advisors to custody digital assets with a qualified custodian, among other things. Given the concerns expressed by commenters, Uyeda said, “there may be significant challenges to proceeding with the original proposal.” Uyeda said that he had directed SEC staff to work with the SEC’s new crypto task force to “consider appropriate alternatives.” The Block; Reuters.
Nebraska Enacts New Law to Prevent Crypto ATM Fraud
On March 12, Nebraska Governor Jim Pillen signed into law legislation requiring kiosk operators to be licensed and make adequate disclosures to customers including warnings about crypto fraud. The law was passed after the U.S. Federal Trade Commission pointed out in a September report that there has been a massive increase in consumer losses due to scams involving Bitcoin ATMs. The Block.

INTERNATIONAL

Japanese Ruling Party Considers Slashing Crypto Capital Gains Tax Rate
On March 6, Japan’s ruling Liberal Democratic Party (LDP) proposed reducing the crypto capital-gains tax rate from a maximum of 55% to 20% and is seeking public feedback until March 31. The proposal aims to reclassify cryptocurrencies as “financial products” under a new regulatory framework, which would introduce a separate 20% tax rate similar to securities investments. The LDP’s proposal also includes deferring taxes on crypto-to-crypto swaps until the crypto is exchanged for fiat currency. CoinTelegraph; The Block.
South Korea Plans to Publish Institutional Cryptocurrency Investment Guideline
On March 12, following its statement in January that it would gradually lift the de facto ban on institutional investment in cryptocurrencies, the Financial Services Commission (FSC) of South Korea announced its plan to issue a two-phase guideline. The first part will be released in April to establish the framework and address anti-money-laundering issues. The second part, scheduled in the third quarter, will cover comprehensive instructions for public companies and professional investors. Coin Edition; The Block; Binance.
Bank of Russia Submits Proposal to Allow Cryptocurrency Investment by Selected Investors
On March 12, the Bank of Russia announced a proposal to allow “limited circle of Russian Investors” to trade cryptocurrency under a special experimental legal regime for three years, despite the country’s current ban on cryptocurrency to be used as payments. Eligible investors include those with securities and deposits exceeding 100 million rubles ($1.14 million) or with income for the past year exceeding 50 million rubles ($570K). Yahoo Finance; CoinTelegraph.
Dubai Financial Services Authority Seeks Expressions of Interest for Tokenization Regulatory Sandbox
On March 17, the Dubai Financial Services Authority invited firms to express interest in participating in its Tokenization Regulatory Sandbox, with submissions due by 24 April 2025. The initiative, part of the DFSA’s Innovation Testing Licence program, allows firms to test tokenized investment products and services in a controlled environment. The sandbox aims to facilitate a regulatory pathway from experimentation to full authorization. DFSA.
Dubai Virtual Assets Regulatory Authority Issues Reminder on AML/CFT Compliance for Virtual Asset Service Providers
On February 25, the Dubai Virtual Assets Regulatory Authority issued a compliance reminder to cryptocurrency companies in Dubai, including those operating in mainland and free zones, reminding them of their obligations under the UAE’s anti-money-laundering and combating the financing of terrorism framework. The circular also included a reminder for VASPs to adhere to the Travel Rule for transfers exceeding AED 3,500, ensuring that originator and beneficiary information is obtained, stored, and made available upon request. VARA.
EU Commission Publishes Regulations on Notification of Intention to Provide Crypto-Asset Services Under Markets in Crypto-Asset Regulations
On February 20, the EU Commission published two regulations to supplement the Regulation on Markets in Crypto-Assets ((EU) 2023/1114) (MiCA) in the Official Journal of the European Union. Regulation 2025/303 supplements MiCA by specifying the information to be included by certain financial entities in the notification of their intention to provide crypto-asset services, while Regulation 2025/304 supplements MiCA by laying down implementing technical standards with regard to standard forms, templates and procedures for the notification by certain financial entities of their intention to provide crypto-asset services. Both regulations came into force on March 12. Commission Delegated Regulation (EU) 2025/303; Commission Implementing Regulation (EU) 2025/304.
European Securities and Markets Authority Publishes Official Translations of its Guidelines on the Procedures and Policies Applicable to Transfer Services for Crypto-Assets
On February 26, the European Securities and Markets Authority (ESMA) published the official translations of its guidelines on the procedures and policies in the context of transfer services for crypto-assets. The guidelines apply to competent authorities and to crypto-asset service providers that provide transfer services for crypto-assets on behalf of clients within the meaning of Article 3(1)(26) of MiCA. They are intended to establish consistent, efficient and effective supervisory practices and to ensure the common, uniform and consistent application of the provisions in Article 82 of MiCA. The guidelines apply from 27 April 2025 (that is, 60 calendar days after the date of publication of the official translations on ESMA’s website). ESMA.
Monetary Authority of Singapore Responds to Parliamentary Question on Tightening of Regulations for Digital Payment Token Service Providers
On March 5, the Monetary Authority of Singapore (MAS) responded to a Parliamentary Question on the Singapore Government’s key considerations in deciding to tighten regulations for Digital Payment Token Service Providers including the prohibition of payments via locally issued credit cards. Minister of State Alvin Tan, speaking on behalf of Deputy Prime Minister and Chairman of the MAS, Gan Kim Yong, noted in his response that MAS continues to view cryptocurrencies as highly volatile and unsuitable for the general public. Using credit cards to buy them can lead to high-interest debt and compounded losses, therefore MAS prohibits digital payment token service providers from offering credit or leverage to retail customers. MAS Oral Reply.

CIVIL LITIGATION

UNITED STATES

Treasury Lifts Sanctions Against Tornado Cash
On March 21, the Department of Treasury removed the economic sanctions against Tornado Cash. Treasury soon filed a notice requesting briefing on mootness in Van Loon v. Department of the Treasury, which is on remand after the Fifth Circuit held that Treasury exceeded its statutory authority in designating Tornado Cash. On March 24, the plaintiffs responded, arguing the case is not moot and asking the court to enter final judgment. August 2022 Press Release; March 2025 Press Release; Treasury Notice; Plaintiff Response; CoinTelegraph.
Delaware Bankruptcy Court Grants Three Arrows Capital’s Amended $1.5B Claim in FTX Bankruptcy
On March 13, Judge John T. Dorsey held that liquidators for hedge fund Three Arrows Capital could amend its original complaint to bring a $1.53 billion bankruptcy claim in the FTX Trading Ltd. bankruptcy, over the objection of FTX. The Court held that the Three Arrows Capital liquidators did not learn until more than a year after filing the initial claim in June 2023 that Three Arrows had $1.53 billion in assets on the FTX platform. Because their initial claim was based on limited information, the liquidators were within their rights to amend the claim once more details became available. Opinion; Law360.
Western District of Texas Enters Default Judgment a gainst Bancor DAO
On March 13, Judge Robert Pitman of the Western District of Texas issued a default judgment against Bancor DAO, which operates the decentralized finance platform Bancor, after it failed to respond to a January 2024 online summons. The default judgment stems from a class-action lawsuit involving investors’ claims that they lost tens of millions of dollars due to Bancor’s allegedly failure to warn about liquidity issues during a 2022 withdrawal spike and its allegedly deceptive practices regarding claims that Bancor’s token was an unregistered security. CoinTelegraph; Law360.

SPEAKER’S CORNER

UNITED STATES

SEC Moves Quickly to Remake Crypto Policy
The SEC is actively working with the crypto industry to develop policy for overseeing digital-asset transactions. At the agency’s first crypto-focused roundtable on March 21, SEC commissioners assured attendees they are “earnestly” seeking to find a “workable framework.” The panel featured industry advocates and critics. Commissioner Hester Peirce indicated that non-fungible tokens may be the subject of the SEC’s next staff statement. On March 25, SEC announced four more roundtables between April to June, covering topics including crypto-trading regulation, crypto custody, tokenization and DeFi. All roundtables will be open to the public. Coindesk; Press Release.
OCC Chief Voices Opposition to Debanking and Support to Crypto and Fintech
On March 18, at the Consumer Bankers Association’s annual conference, the acting chief of the OCC, Rodney Hood, expressed his opposition to debanking and emphasized his commitment to reduce regulatory burdens on community banks, foster financial inclusion, and promote bank-fintech collaboration. Hood believes all customers should have fair access to financial services, including digital assets. According to Hood, the OCC will not interfere with bank’s account decisions or create hurdles to discourage banks from creating accounts with individualized risks. This signals a shift of OCC regulatory priorities since the new administration, as regulators used to caution banks against involving with cryptocurrency during the last administration. Law360.

OTHER NOTABLE NEWS

Crypto Leaders Meet at White House for First-of-its-Kind Crypto Summit
On March 7, President Donald Trump hosted the first “crypto summit” at the White House, gathering over two dozen leaders from the U.S. cryptocurrency industry. In the remarks given at the summit, President Trump reaffirmed his support for the growth of the crypto industry and emphasized that the United States should “stay in the front of this one” to secure its leading role in the global financial system. President Remarks; Reuters.
Ripple-Funded Non-Profit Launches
On March 5, the National Cryptocurrency Association (NCA), a new non-profit organization aimed at enhancing crypto literacy launched. NCA was seeded with $50 million in funding from Ripple and Ripple CLO, Stuart Alderoty, and aims to demystify cryptocurrency and provide resources for users, including educational materials and real-life stories. Business Wire; CoinDesk.

The following Gibson Dunn lawyers contributed to this issue: Jason Cabral, Kendall Day, Jeff Steiner, Sara Weed, Sam Raymond, Nick Harper, Raquel Alexa Sghiatti, Simon Moskovitz, Apratim Vidyarthi, and Gabriela Li.

FinTech and Digital Assets Group Leaders / Members:

Ashlie Beringer, Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)

Michael D. Bopp, Washington, D.C. (+1 202.955.8256, mbopp@gibsondunn.com

Stephanie L. Brooker, Washington, D.C. (+1 202.887.3502, sbrooker@gibsondunn.com)

Jason J. Cabral, New York (+1 212.351.6267, jcabral@gibsondunn.com)

Ella Alves Capone, Washington, D.C. (+1 202.887.3511, ecapone@gibsondunn.com)

M. Kendall Day, Washington, D.C. (+1 202.955.8220, kday@gibsondunn.com)

Sébastien Evrard, Hong Kong (+852 2214 3798, sevrard@gibsondunn.com)

William R. Hallatt, Hong Kong (+852 2214 3836, whallatt@gibsondunn.com)

Martin A. Hewett, Washington, D.C. (+1 202.955.8207, mhewett@gibsondunn.com)

Sameera Kimatrai, Dubai (+971 4 318 4616, skimatrai@gibsondunn.com)

Michelle M. Kirschner, London (+44 (0)20 7071.4212, mkirschner@gibsondunn.com)

Stewart McDowell, San Francisco (+1 415.393.8322, smcdowell@gibsondunn.com)

Hagen H. Rooke, Singapore (+65 6507 3620, hhrooke@gibsondunn.com)

Mark K. Schonfeld, New York (+1 212.351.2433, mschonfeld@gibsondunn.com)

Orin Snyder, New York (+1 212.351.2400, osnyder@gibsondunn.com)

Ro Spaziani, New York (+1 212.351.6255, rspaziani@gibsondunn.com)

Jeffrey L. Steiner, Washington, D.C. (+1 202.887.3632, jsteiner@gibsondunn.com)

Eric D. Vandevelde, Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)

Benjamin Wagner, Palo Alto (+1 650.849.5395, bwagner@gibsondunn.com)

Sara K. Weed, Washington, D.C. (+1 202.955.8507, sweed@gibsondunn.com)

We are pleased to provide you with the March edition of Gibson Dunn’s monthly U.S. bank regulatory update. Please feel free to reach out to us to discuss any of the below topics further.

KEY TAKEAWAYS

Federal Reserve Board Governor Michelle Bowman was nominated as the next Vice Chair for Supervision.
Debanking and reputational risk remain a focus:
- The Office of the Comptroller of the Currency (OCC) announced that it “will no longer examine its regulated institutions for reputation risk” and is “removing references to reputation risk from its Comptroller’s Handbook booklets and guidance issuances.”
- Federal Deposit Insurance Corporation (FDIC) Acting Chairman Travis Hill stated in a letter to House Financial Services Committee member Rep. Dan Meuser (R-PA) that the FDIC plans to “eradicate” reputational risk (or similar terms) from its regulations, guidance, examination manuals and other policy documents.
- The OCC’s and FDIC’s announcements follow Chair Powell’s commitment to the Senate Banking Committee during his February testimony to “revise the Federal Reserve’s supervision manuals to remove reputational risk.”
- The Senate Banking Committee voted to advance out of committee by a 13-11 vote the Financial Integrity and Regulation Management (FIRM) Act, which would eliminate reputational risk as a bank supervisory component.
The federal banking agencies and Congress began taking steps to revisit their approach to digital asset- and blockchain-related activities:
- The OCC announced that a range of crypto-related activities are permissible for national banks and federal savings associations and rescinded the requirement that OCC-supervised institutions receive supervisory nonobjection and demonstrate that they have adequate controls in place before they can engage in such crypto-related activities.
- The FDIC rescinded Financial Institution Letter (FIL) 16-2022 and clarified that FDIC-supervised institutions may engage in permissible crypto-related activities without prior FDIC approval.
- The Senate Banking Committee voted to advance out of committee by an 18-6 vote the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act of 2025.
The FDIC Board commenced acting on priorities outlined by Acting Chairman Travis Hill in his January 2025 statement.
- The FDIC Board approved a proposal to rescind the FDIC’s 2024 Statement of Policy on Bank Merger Transactions and reinstate the prior Statement of Policy on Bank Merger Transactions on an interim basis while the FDIC reevaluates its bank merger review process.
- The FDIC Board also withdrew three proposed rulemakings relating to brokered deposits, corporate governance, and the Change in Bank Control Act and withdrew authority for staff to publish in the Federal Register a proposed rule related to incentive-based compensation arrangements.
The federal banking agencies announced their intent to both rescind the 2023 Community Reinvestment Act (CRA) final rule and reinstate the CRA framework that existed prior to the October 2023 final rule.

DEEPER DIVES

Federal Reserve Board Governor Michelle Bowman Nominated as Next Vice Chair for Supervision. On March 17, 2025, the White House announced the nomination of Federal Reserve Board Governor Michelle Bowman as the next Vice Chair for Supervision following Governor Barr’s resignation from the same position effective February 28, 2025. Bowman has served on the Board of Governors since November 26, 2018, and her current term ends January 31, 2034. She was the first person to fill the community bank seat on the Board of Governors required by the Terrorism Risk Insurance Program Reauthorization Act of 2015, which amended Section 241 of the Federal Reserve Act. Bowman would serve in her role as Vice Chair for Supervision for a term of four years. Bowman’s nomination generally was met with support from industry trade groups and Republican leadership.

Insights. Since joining the Board of Governors, Governor Bowman has been consistent in her messaging for the need for appropriately tailored regulation; more transparency in bank supervision and bank application processes; increased focus on safety and soundness, as opposed to operational risk; and a comprehensive review and modernization of banking laws (see, e.g., ABA’s Conference for Community Bankers (Feb. 17, 2025); “Bank Regulation in 2025 and Beyond“ (Feb. 5, 2025); California Bankers Association (Jan. 9, 2025)). Most recently, on March 21, 2025, Governor Bowman issued a statement in connection with the approval of a branch application by Commonwealth Business Bank. In her statement, Governor Bowman noted the need for change to the Federal Reserve’s review of applications, noting that one single adverse comment resulted in a branch application normally acted upon under delegated authority being sent to the Board of Governors for review and approval, resulting in a six-month review and approval process. In the past, Governor Bowman has been an active dissenter on a board known for its desire for consensus—in the past three years and 2025, she has dissented to at least nine proposed or final rulemakings or supervisory guidance releases, including the Basel III endgame proposal, the proposal to amend the Bank Secrecy Act Compliance Program Rule, proposed revisions to interchange fees, climate-related guidance, resolution planning, CRA, the long-term debt proposal and third-party risk management guidance, often along the same lines she consistently echoes in her public statements (e.g., the need for tailoring and right-sizing, reducing complexity, rationalization and the need to avoid duplicative regulations).

Regulators and Lawmakers Take Steps to Remove Reputational Risk as a Supervisory Component. Leadership of the OCC and FDIC have committed to removing reputational risk considerations from their supervisory and regulatory toolboxes. On March 20, 2025, the OCC announced that it “will no longer examine its regulated institutions for reputation risk” and is “removing references to reputation risk from its Comptroller’s Handbook booklets and guidance issuances,” and on March 24, 2025, FDIC Acting Chairman Travis Hill indicated that the FDIC plans to “eradicate” reputational risk from its regulations, guidance, examination manuals and other policy documents. In addition, the Financial Integrity and Regulation Management Act (FIRM), co-sponsored by every Republican on the Senate Banking Committee, advanced out of committee. The FIRM Act is aimed to prohibit debanking for reputational risk concerns. The bill would require the bank regulatory agencies to report to Congress on their elimination of reputational risk as a component of supervision, as well as prohibit federal agencies from making new rules or guidance that includes reputational risk as a supervisory factor.

Insights. Although the focus on reputational risk stems from the administration’s efforts to curtail “debanking” of certain industries, institutions should anticipate that entry into the traditional banking sector may still be subject to hurdles because banks are not relieved of the burden on ensuring they are operating in a safe and sound manner and are not facilitating illegal or unlicensed activities. From a bank perspective, this will continue to require robust due diligence inquiries in order to address core risk assessments, like credit risk, market risk and legal and compliance risk, as banks increase their relationships in and exposure to certain markets – e.g., the digital assets space.

OCC and FDIC Clarify Bank Authority to Engage in Certain Crypto-Related Activities. On March 7, 2025, the OCC announced that “a range of cryptocurrency activities are permissible in the federal banking system.” OCC Interpretive Letter No. 1183 formally reaffirms interpretive letters issued during the prior Trump administration authorizing banks to provide crypto-asset custody services, hold dollar deposits serving as reserves backing stablecoins, and use digital assets to perform traditional bank-permissible activities, like payment activities. Interpretive Letter No. 1183 also rescinds OCC Interpretive Letter No. 1179, which required banks to receive supervisory nonobjection prior to engaging in crypto-related activities. Interpretive Letter No. 1183 reminds banks that any crypto-asset activities, like any other activities, must be conducted in a safe, sound, and fair manner and in compliance with applicable law. The OCC also withdrew its participation in joint statements on crypto-asset risks to banking organizations and liquidity risks resulting from crypto-asset market vulnerabilities.

On March 28, 2025, the FDIC followed suit, providing new guidance to FDIC-supervised banks engaging or seeking to engage in crypto-related activities. The FDIC rescinded FIL-16-2022, providing that FDIC-supervised institutions may engage in permissible crypto-related activities without receiving prior FDIC approval.

Insights. As we have previously highlighted, the federal banking agencies continue to signal increased receptivity to crypto-related activities and digital assets. Coupled with the GENIUS Act’s progression out of the Senate Banking Committee, the OCC’s and FDIC’s actions very clearly illustrate an appetite to further develop U.S. stablecoin and other digital assets offerings. Institutions considering new activity in the digital assets space should ensure both appropriate individualized risk assessments and requisite adaptation of control programs, but the current environment presents an opportunity for leaders in this space to work collaboratively with the OCC, FDIC and other agencies to align on practical and prudent expectations.

FDIC Board Begins Implementing Acting Chairman Hill’s Regulatory Priorities. Upon assuming his role, Acting Chairman Hill announced more than a dozen matters or topics that he expected the FDIC to address in short order. Since that time, the FDIC has made substantial headway in furtherance of a number of Acting Chairman Hill’s priorities (see above).

Insights. Given Acting Chairman Hill’s speedy pursuit of a number of regulatory and supervisory priorities, we expect the FDIC to similarly swiftly act on Hill’s remaining priorities. In addition to further action consistent with broad identified goals, like “[c]onduct[ing] a wholesale review of regulations, guidance, and manuals” and encouraging more de novo activity, the FDIC appears poised to take on some of the more specific priorities. This includes (1) modernizing implementation of the Bank Secrecy Act, consistent with Acting Chairman Hill’s letter to FinCEN last month regarding CIP requirements under the PATRIOT Act; (2) reviewing the supervisory appeals process; (3) improving the bidding process related to financial institution resolutions; and (4) working with other agencies to finalize tailored capital and liquidity rules.

OTHER NOTABLE ITEMS

Federal Banking Agencies Announce Intent to Rescind 2023 Community Reinvestment Act Final Rule. On March 28, 2025, the federal banking agencies announced, in light of pending litigation, their intent to issue a proposal to both rescind the CRA final rule issued in October 2023 and reinstate the CRA framework that existed prior to the October 2023 final rule.

Jonathan Gould Appears Before the Senate Banking Committee. On March 27, 2025, Jonathan Gould, the nominee to lead the OCC, appeared before the Senate Banking Committee. In his remarks, he advocated for banks to be allowed “to engage in prudent risk-taking” and echoed recent sentiments that reputational risk is often used as a pretext for other, more quantifiable, risks such as BSA/AML risk.

NYDFS Hires Former CFPB Official For Top Financial Enforcement Role. On March 13, 2025, the New York State Department of Financial Services (NYDFS) announced that Gabriel O’Malley would join the NYDFS to lead the Consumer Protection and Financial Enforcement Division, the NYDFS division that handles investigations, enforcement and consumer compliance examinations. Mr. O’Malley most recently served as the CFPB’s deputy enforcement director for policy and strategy.

Senate Votes to Overturn CFPB Overdraft Rule Capping Fees at Large Banks at $5. On March 27, 2025, the Senate passed a measure to overturn the CFPB’s December 2024 final overdraft rule under the Congressional Review Act on largely party lines; the House has not yet advanced the companion bill. The rule was slated to go into effect in October 2025 and apply to banks and credit unions with at least $10 billion in assets.

District Court Case Regarding the FDIC’s Use of Administrative Law Judges Advances to Tenth Circuit. Following the FDIC’s filing of a notice stating that it will not continue to defend the use of administrative law judges, the United States District Court for the District of Kansas nonetheless dismissed the action brought by CBW Bank, finding that the District Court lacked subject matter jurisdiction over the bank’s claims by virtue of 12 U.S.C. § 1818(i)(1). CBW Bank filed a notice of appeal on March 28, 2025.

Speech by Governor Barr on Small Business Lending. On March 24, 2025, Federal Reserve Board Governor Barr gave a speech titled “Helping Small Businesses Reach Their Potential.” In his speech, Governor Barr highlighted the critical role small businesses play in the U.S. economy and called for enhancements to “financial transparency,” citing the Truth in Lending Act and Regulation Z as examples of laws that do not extend to small businesses and highlighting state laws in California and New York as examples of statues that mandate clearer disclosures to small business owners.

Acting Comptroller Hood Discusses Financial Inclusion. On March 24, 2025, Acting Comptroller Hood gave remarks on financial inclusion at the National Association of Hispanic Real Estate Professionals’ Homeownership and Housing Policy Conference. In his remarks, Acting Comptroller Hood discussed the OCC’s Project REACh, which aims to advance financial inclusion by focusing on (1) affordable homeownership, (2) small businesses, (3) technology and (4) geographic-specific efforts aimed at combatting challenges unique to specific neighborhoods. Acting Comptroller Hood gave a similar speech titled “Innovation Fosters Financial Inclusion” at the National Community Reinvestment Coalition’s Just Economy Conference 2025.

FDIC Updates PPE List. On March 31, 2025, the FDIC updated the list of companies that have submitted notices for a Primary Purpose Exception (PPE) under the 25% or Enabling Transactions test.

OCC to Host Virtual Innovation Office Hours. The OCC announced that it would host virtual office hours with its Office of Financial Technology on May 6-8, 2025, to provide banks and fintechs the opportunity to “engage with OCC staff on matters related to bank-fintech partnerships, cryptocurrency activities, or other matters related to responsible innovation in the federal banking system.”

OCC Launches Digitalization Resources for Community Banks. The OCC launched a new Digitalization page on its website dedicated to resources to help banks meet their digitalization objectives.

FRBNY’s Liberty Street Economics Blog Examines Payment Systems Interoperability. On March 27, 2025, the Federal Reserve Bank of New York published a Liberty Street Economics blog post titled, “An Interoperability Framework for Payment Systems.” The first post in a two-part series examines concerns whether novel payment systems based on blockchain networks can be made interoperable.

OCC Withdraws Principles for Climate-Related Financial Risk Management for Large Financial Institutions. On March 31, 2025, the OCC announced it withdrew its participation in the interagency principles for climate-related financial risk management for large financial institutions.

The following Gibson Dunn lawyers contributed to this issue: Jason Cabral, Ro Spaziani, and Rachel Jackson.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work or any of the member of the Financial Institutions practice group:

Jason J. Cabral, New York (212.351.6267, jcabral@gibsondunn.com)

Ro Spaziani, New York (212.351.6255, rspaziani@gibsondunn.com)

Stephanie L. Brooker, Washington, D.C. (202.887.3502, sbrooker@gibsondunn.com)

M. Kendall Day, Washington, D.C. (202.955.8220, kday@gibsondunn.com)

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, jsteiner@gibsondunn.com)

Sara K. Weed, Washington, D.C. (202.955.8507, sweed@gibsondunn.com)

Ella Capone, Washington, D.C. (202.887.3511, ecapone@gibsondunn.com)

Sam Raymond, New York (212.351.2499, sraymond@gibsondunn.com)

Rachel Jackson, New York (212.351.6260, rjackson@gibsondunn.com)

Zack Silvers, Washington, D.C. (202.887.3774, zsilvers@gibsondunn.com)

Karin Thrasher, Washington, D.C. (202.887.3712, kthrasher@gibsondunn.com)

Nathan Marak, Washington, D.C. (202.777.9428, nmarak@gibsondunn.com)

Kensington Title-Nevada, LLC v. Tex. Dep’t of State Health Servs., No. 23-0644 – Decided March 28, 2025

On March 28, a unanimous Texas Supreme Court held that the Texas Administrative Procedure Act authorizes parties to challenge whether an agency rule applies to them.

The Texas Administrative Procedure Act “expressly allows parties who do not believe an administrative rule governs them to challenge its applicability in a judicial proceeding when that rule threatens to interfere with their rights.”

Chief Justice Busby, writing for the Court

Background:

A real estate company acquired property containing abandoned radioactive material. The company initially tried to clean up the material but stopped after municipal taxing entities obtained a lien on the material and threatened to sue the company for removing it. The Texas Department of State Health Services then began administrative proceedings against the company for possessing radioactive material without a license in violation of 25 Texas Administrative Code § 289.252(a)(2).

Faced with these conflicting government demands, the real estate company sought a declaration under Texas Government Code § 2001.038(a) that the Department’s licensing rule didn’t apply to it because it didn’t own or possess the abandoned radioactive material. In response, the Department filed a plea to the jurisdiction, arguing that the real estate company improperly challenged the application of the rule rather than its applicability. The trial court denied the plea, but the court of appeals reversed.

Issue:

Does Texas Government Code § 2001.038(a) authorize suits challenging whether parties are subject to an agency rule?

Court’s Holding:

Yes. The real estate company had constitutional standing to bring, and properly alleged, a rule-applicability challenge.

What It Means:

The Court’s decision preserves a pathway for challenging the applicability of agency rules directly in court without exhausting administrative remedies.
The Court held that parties have standing to request declaratory relief when an agency rule threatens to interfere with or impair their rights. Here, the Department sought to impose an administrative penalty against the real estate company for violating the licensing rule. And a declaration that the rule didn’t apply to the company would redress that financial threat.
The Court rejected the Department’s proposed distinction between a rule’s applicability and its application. Instead, the Court explained that Section 2001.038(a) authorizes “suits seeking a declaration of whether a rule applies to the plaintiff” even if those suits would also “yield guidance on . . . the outcome of [the rule’s] application.” Op. at 12. The trial court had jurisdiction here because the real estate company was challenging whether the rule applied to it—that the answer to that inquiry might involve factual disputes in an ongoing agency proceeding was beside the point.

Continuing to provide insight into the newly created Fifteenth Court of Appeals, the Court observed in a footnote that the Fifteenth Court would, in the future, hear these kinds of appeals under the Texas APA. It also underscored that the Fifteenth Court would “not [be] bound by precedent of the Third Court of Appeals.” Op. at 11 n.4.

The Court’s opinion is available here.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Texas Supreme Court. Please feel free to contact the following practice group leaders:

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 tdupree@gibsondunn.com	Allyson N. Ho +1 214.698.3233 aho@gibsondunn.com	Julian W. Poon +1 213.229.7758 jpoon@gibsondunn.com
Brad G. Hubbard +1 214.698.3326 bhubbard@gibsondunn.com

Related Practice: Texas General Litigation

Trey Cox +1 214.698.3256 tcox@gibsondunn.com	Collin Cox +1 346.718.6604 ccox@gibsondunn.com	Gregg Costa +1 346.718.6649 gcosta@gibsondunn.com
Mike Raiff +1 214.698.3350 mraiff@gibsondunn.com	Russ Falconer +1 214.698.3170 rfalconer@gibsondunn.com

This alert was prepared by Texas of counsels Ben Wilson and Kathryn Cherry and associates Elizabeth Kiernan, Stephen Hammer, and Joseph Barakat.

This Royalty Report provides an analysis of publicly reported royalty finance transactions for the last five years (2020 to 2024) in the life sciences sector, focusing on both traditional and synthetic royalty transactions. Traditional royalty transactions encompass monetizations of royalties under existing license agreements. Synthetic royalty transactions involve the sale of a portion of future product sales, rather than the sale of an existing future royalty entitlement.

INTRODUCTION

Methodology and limitations: We analyzed a total of 102 publicly announced royalty transactions over this time period involving the largest and/or most active funds in the space, consisting of the following: Royalty Pharma, HealthCare Royalty Partners (HCRx), Blackstone, OMERS, XOMA Royalty, CPPIPB, Oberland Capital, and DRI Capital. Survey data are based on publicly reported information, including in SEC filings, as well as data from 27 financing transactions executed by Gibson Dunn (representing approximately 30% of the total transactions reviewed during this period). While this is an expansive survey, it does not capture certain transactions that would not have been reported on EDGAR or announced in press releases. Additionally, global pharmaceutical companies are increasingly using clinical funding arrangements (often structured as a type of synthetic royalty financing transaction) to defray development costs and many of these transactions are not sufficiently material to require disclosure. This analysis highlights the growing complexity and dynamism of the pharmaceutical royalty finance market.

TRENDS AND MARKET OUTLOOK

Key Trends (2020-2024)

Rising Use of Synthetic Royalties: Emerging as a viable alternative to debt or equity financing transactions, with an average annual growth rate of 33% over the five-year period.
Increased Activity in recent years (2023 and 2024): Driven in particular by high-value deals and late-stage product transactions.
Milestone-Heavy Transactions: Growing preference for performance-linked payments, allowing buyers to lower their risk profile and allowing sellers to lower their cost of capital.

Factors Driving Market Dynamics

Economic Conditions: Depressed equity valuations have prompted more companies to seek non-dilutive capital, including through royalty financing. At the same time, a higher interest rate environment has increased discount rates that royalty finance providers apply when valuing royalty streams, which increased the cost of capital, likely moderating the volume of royalty financing transactions.
Clinical and Regulatory Process: Funds tend to focus on commercial-stage products, though opportunities exist for pre-approval products, in the form of debt, clinical funding arrangements, and/or where positive clinical data bolsters the investment thesis for a particularly de-risked asset.

Please click on the link below to view the complete Royalty Report:

READ MORE

The following Gibson Dunn lawyers prepared this update: Todd Trattner and Ryan Murr.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Life Sciences or Royalty Finance practice groups, or the authors:

Todd Trattner – San Francisco (+1 415.393.8206, ttrattner@gibsondunn.com)

Ryan Murr – San Francisco (+1 415.393.837, rmurr@gibsondunn.com)

From the Derivatives Practice Group: The FIA has published updated versions of the FIA Uniform Futures and Options on Futures Risk Disclosures Booklet and FIA Template Disclosures Regarding Separate Accounts to account for the CFTC’s changes to the 1.25 Rule and the Separate Accounts Rule.

New Developments

ICE and Circle Sign MOU to Explore Product Innovation Based on Circle’s USDC and USYC Digital Assets. On March 27, Intercontinental Exchange Inc. (“ICE”), a leading global provider of technology and data, and Circle Internet Group, Inc. (“Circle”), a global financial technology company and stablecoin market leader, today announced an agreement whereby ICE plans to explore using Circle’s stablecoin USDC, as well as tokenized money market offering US Yield Coin (“USYC”), to develop new products and solutions for its customers. Under the MoU, Circle and ICE plan to collaborate to explore applications for using Circle’s stablecoins and other product offerings within ICE’s derivatives exchanges, clearinghouses, data services, and other markets, to deliver innovation and build new markets and product offerings based on Circle’s products. [NEW]
Updated FIA Disclosures For New CFTC Rules. On March 24, the FIA announced that is has published updated versions of the FIA Uniform Futures and Options on Futures Risk Disclosures Booklet and FIA Template Disclosures Regarding Separate Accounts for new CFTC rules. Both documents are available in the “Regulatory Disclosures” section of FIA’s US Documentation Library. The CFTC approved new rules in December revising the list of permitted investments for Futures Commissions Merchants (“FCMs”) and DCOs in CFTC Regulation 1.25 (“1.25 Rule”) and codifying no-action relief governing treatment of separate accounts (“Separate Accounts Rule”). The 1.25 Rule requires FCMs and Introducing Brokers to use a revised form of the 1.55 risk disclosure statement for customers onboarded on or after March 31, 2025. The revised disclosure statement reflects the scope of permissible investments, as modified by the 1.25 Rule. The FIA Uniform Futures and Options on Futures Risk Disclosures Booklet is intended to assist FCMs in delivering mandatory customer disclosures under CFTC, exchange and Self-Regulatory Organization rules. Among the disclosures contained in the booklet is the FIA Combined Risk Disclosure Statement. That document has been updated in accordance with the 1.25 Rule to reflect the modified list of permissible investments. [NEW]
CFTC Staff Issues Interpretation Regarding Financial Reporting Requirements for Japanese Nonbank Swap Dealers. On March 20, the CFTC’s Market Participants Division issued an interpretation concerning financial reporting obligations for nonbank swap dealers subject to regulation by the Financial Services Agency of Japan (“Japanese nonbank SDs”). On July 18, 2024, the CFTC issued a comparability determination and related comparability order granting substituted compliance in connection with the CFTC’s capital and financial reporting requirements to Japanese nonbank SDs, subject to certain conditions in the order (“Japanese Comparability Order”). One of the conditions in the Japanese Comparability Order, condition 9, requires each Japanese nonbank SD to file a copy of its home regulator Annual Business Report with the CFTC and the National Futures Association (NFA). The staff interpretation clarifies that Japanese nonbank SDs may satisfy condition 9 of the Japanese Comparability Order by filing with the CFTC and the NFA certain enumerated schedules of the Annual Business Report (In Scope Schedules), subject to the translation, U.S. dollar conversion, and deadline requirements of condition 9. The interpretation was issued in response to a request from the Securities Industry and Financial Markets Association on behalf of its Japanese nonbank SD members that rely on the Japanese Comparability Order.
SEC’s Division of Corporation Finance Releases Statement on Certain Proof-of-Work Mining Activities. On March 20, the SEC’s Division of Corporation Finance (“Corp Fin”) released a statement providing its views on certain activities on proof-of-work networks known as “mining.” Specifically, the statement addressed the mining of crypto assets that are intrinsically linked to the programmatic functioning of a public, permissionless network, and are used to participate in and/or earned for participating in such network’s consensus mechanism or otherwise used to maintain and/or earned for maintaining the technological operation and security of such network. Corp Fin said that participants in “Mining Activities” (as defined in the statement) do not need to register transactions with the SEC under the Securities Act or fall within one of the Securities Act’s exemptions from registration in connection with these Mining Activities. Commissioner Crenshaw released a related statement, noting that Corp Fin’s statement delivers “neither progress nor clarity” and suffers from issues of flawed logic and limited and imprecise application. Commissioner Crenshaw said that Corp Fin’s statement “leaves us exactly where we started,” because it does not obviate the need for a facts and circumstances application under the investment contract test set forth in SEC v. W.J. Howey Co., 328 U.S. 293 (1946).
CFTC’s Office of Customer Education and Outreach Releases New Advisory on Fraud Using Generative AI. On March 19, the CFTC’s Office of Customer Education and Outreach (the “OCEO”) released a customer advisory that says generative artificial intelligence is making it increasingly easier for fraudsters to create convincing scams. The OCEO advisory describes how fraudsters use AI to create fraudulent identifications with phony photos and videos that can appear very real if one is not familiar with the advances of AI technology. The fraudsters also are using AI to forge government or financial documents. An FBI public service announcement also warns the public about how criminals are using AI to commit fraud and how the technology is being used in relationship investment scams.
CFTC Staff Withdraws Advisory on Swap Execution Facility Registration Requirement. On March 13, the CFTC Division of Market Oversight (“DMO”) announced it is withdrawing CFTC Letter No. 21-19, Staff Advisory Swap Execution Facility (“SEF”) Registration Requirement, effective immediately. As stated in the withdrawal letter, DMO determined to withdraw the advisory since it has created uncertainty regarding whether certain entities are required to register as SEFs.

New Developments Outside the U.S.

ESMA Makes Recommendations for the Supervision of STS Securitizations. On March 27, ESMA published its Peer Review Report on National Competent Authorities’ (“NCAs”) supervision of Simple, Transparent and Standardized (“STS”) securitizations. The Report looks into and provides recommendations on the supervisory approaches adopted by selected NCAs when supervising STS securitization transactions and the activities of their originators, sponsors and securitization special purpose entities. The Peer Review focused on the NCAs of France, Germany, Portugal, and the Netherlands. [NEW]
ESMA Extends the Tiering and Recognition of the Three UK-Based CCPs. On March 17, ESMA announced its decision to temporarily extend the application of the recognition decisions under Article 25 of the European Market Infrastructure Regulation (“EMIR”) for three central counterparties (“CCPs”) established in the United Kingdom (“UK”). On January 30, 2025, the European Commission adopted a new equivalence decision in respect of the regulatory framework applicable to CCPs in the UK. Subsequently, ESMA has prolonged the tiering determination decisions and recognition decisions for the three recognized UK CCPs – ICE Clear Europe Ltd, LCH Ltd (as Tier 2) and LME Clear Ltd (as Tier 1) – that were adopted by ESMA on September 25, 2020, to align with the expiry date of the new equivalence decision. The application of the tiering determination decisions and recognition decisions is temporarily extended until 30 June 2028.
ESMA and Bank of England Conclude a Revised MoU in Respect of UK-Based CCPs Under EMIR. On March 17, ESMA and the Bank of England (“BoE”) signed a revised Memorandum of Understanding (“MoU”) on cooperation and information exchange concerning the three CCPs established in the UK (ICE Clear Europe Ltd, LCH Ltd and LME Clear Ltd) which have been recognized by ESMA under EMIR. ESMA said that, according to EMIR, one of the conditions for recognition of a third-country CCP (TC-CCP) by ESMA is the establishment of cooperation arrangements between ESMA and the relevant third-country authority. ESMA noted that the revised MoU follows the amendments introduced by EMIR 3 on the requirements concerning the content of such cooperation arrangements, in particular, cooperation in respect of systemically important TC-CCPs (Tier 2 TC-CCPs), and replaces the earlier version that ESMA and the BoE concluded in 2020.
UK Drops Proposals to Publicize Enforcement Investigations if Public Interest Test is Met. On March 11, the UK Financial Conduct Authority (“FCA”) wrote to the Treasury Select Committee and House of Lords Financial Services Regulation Committee about its proposals to increase the transparency of enforcement investigations. The FCA indicated that, given continued industry concern over its proposals to publicize an investigation into a regulated firm carrying out authorized activity, where a public interest test is met, the FCA will not proceed with this. Instead, it will stick to its existing exceptional circumstances test to determine if it should publicize investigations into regulated firms. The FCA noted that it will take forward the following proposals and aim to publish a policy statement in the first half of this year: (i) Reactively confirming investigations announced by others; (ii) Public notifications that focus on the potentially unlawful activities of unregulated firms and regulated firms operating outside the regulatory perimeter; and (iii) Publishing greater detail of issues under investigation on an anonymous basis. ISDA said that the FCA’s proposal, which would have given it the ability to publicly name firms at the start of an investigation, caused concern across the industry. In their February 17 response to the proposal, ISDA and the Association for Financial Markets in Europe (“AFME”) highlighted concerns that the proposals would be harmful to UK competitiveness and growth and suggested a broader interpretation of the existing exceptional circumstances test could be used to meet the FCA’s objectives. This was the second consultation ISDA and AFME responded to on this subject. The first response, submitted on April 30, 2024, is available here.
ESMA Clarifies the Treatment of Settlement Fails with Respect to the CSDR Penalty Mechanism. On March 14, ESMA published a statement on the treatment of settlement fails with respect to the Central Securities Depositories Regulation (“CSDR”) penalty mechanism, following the major incident that affected TARGET Services (T2S and T2) last month. ESMA clarifies in the statement that National Competent Authorities (“NCAs”) do not expect Central Securities Depositories to apply cash penalties in relation to settlement failures for the days of February 27 and 28, 2025. As specified in an existing CSDR Q&A, cash penalties should not be applied in situations where settlement cannot be performed for reasons that are independent from the involved participants.

New Industry-Led Developments

IOSCO Launches New Alerts Portal to Help Combat Retail Investment Fraud. On March 20, IOSCO announced the launch of the International Securities & Commodities Alerts Network (“I-SCAN”). IOSCO said that I-SCAN is a unique global warning system where any investor, online platform provider, bank or institution can check if a suspicious activity has been flagged for a particular company by financial regulators, which will submit alerts directly to I-SCAN, worldwide. According to IOSCO, I-SCAN forms part of IOSCO’s Roadmap for Retail Investor Online Safety, an initiative which was launched in November last year.

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, jsteiner@gibsondunn.com)

Michael D. Bopp, Washington, D.C. (202.955.8256, mbopp@gibsondunn.com)

Michelle M. Kirschner, London (+44 (0)20 7071.4212, mkirschner@gibsondunn.com)

Darius Mehraban, New York (212.351.2428, dmehraban@gibsondunn.com)

Jason J. Cabral, New York (212.351.6267, jcabral@gibsondunn.com)

Adam Lapidus, New York (212.351.3869, alapidus@gibsondunn.com )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, sbrooker@gibsondunn.com)

William R. Hallatt, Hong Kong (+852 2214 3836, whallatt@gibsondunn.com )

David P. Burns, Washington, D.C. (202.887.3786, dburns@gibsondunn.com)

Marc Aaron Takagaki, New York (212.351.4028, mtakagaki@gibsondunn.com )

Hayden K. McGovern, Dallas (214.698.3142, hmcgovern@gibsondunn.com)

Karin Thrasher, Washington, D.C. (202.887.3712, kthrasher@gibsondunn.com)