Stacy Mitchell, Author at Gibson Dunn

On March 20, 2025, President Trump issued an Executive Order titled, “Eliminating Waste and Saving Taxpayer Dollars by Consolidating Procurement” and accompanying Fact Sheet titled, “President Donald J. Trump Eliminates Waste and Saves Taxpayer Dollars by Consolidating Procurement.”

The Executive Order plans to “return the General Services Administration to its original purpose” of carrying out an “economical and efficient system” for core domestic procurement services for “common goods and services,” and for Government-wide acquisition contracts (GWACs) for information technology (IT). To effectuate this purpose, the Executive Order consolidates these types of procurements within the GSA. The Policy section of the Executive Order explains the Administration’s position that consolidating procurements within a single agency will eliminate waste and save money compared to the current system, under which multiple agencies and subcomponents separately carry out distinct procurements for the same types of goods and services. The Fact Sheet characterizes the Executive Order as an expansion of previous efforts to terminate or economize more than 6,000 contracts.

Common Goods and Services

By May 19, 2025, agency heads must submit to the GSA Administrator proposals “to have [GSA] conduct domestic procurement with respect to common goods and services for the agency, where permitted by law.” The Executive Order defines “common goods and services” by reference to the Office of Management and Budget (OMB)-led Category Management Leadership Council definition, which encompasses ten categories:

Facilities & Construction, including construction-related and facility-related materials and services, as well as facilities purchases and leases;
Professional Services, including business administrative services, financial services, legal services, management and advisory services, marketing, public relations, research and development, social services, and technical engineering services;
IT, including software, hardware, consulting, security, outsourcing, and telecommunications;
Medical, including drugs, pharmaceutical products, healthcare services, and medical equipment and supplies;
Transportation and Logistics, including fuels, logistics support services, non-combat motor vehicles, package delivery, transportation equipment, and “Transportation of Things;”
Industrial Products and Services, including fire, rescue, and safety environmental protection equipment; hardware and tools; installation, maintenance, and repair materials; machinery and components; oils, lubricants, and waxes; and test and measurement supplies;
Travel, including employee relocation, lodging, and passenger travel;
Security & Protection, including ammunition, protective apparel and equipment, security animals, security services, security systems, and weapons;
Human Capital, including compensation, benefits, employee relations, human capital, strategy, policy, operations planning, talent acquisition, talent development; and
Office Management, including furniture and office management products and services.

The Executive Order requires that by June 18, 2025, the Administrator must submit a “comprehensive plan” to OMB for the procurement of “common goods and services” across the “domestic components of the Government.”

IT GWACs

GSA currently maintains IT GWACs for solutions such as systems design, software engineering, information assurance, and enterprise architecture solutions. On its webpage dedicated to IT GWACs, GSA states that the pre-competed contracts allow agencies to procure IT solutions more efficiently and economically. Other agencies, such as National Aeronautics and Space Administration (NASA) and National Institutes of Health (NIH), also maintain their own non-GSA IT GWACs.

Under the Executive Order, the Administrator must “rationalize Government-wide indefinite delivery contract vehicles for information technology for agencies across the Government, including as part of identifying and eliminating contract duplication, redundancy, and other inefficiencies.” The Director of OMB will issue a memorandum by April 3, 2025, providing further guidance to agencies on this section of the Executive Order. By April 19, 2025, the Director of OMB will designate the Administrator as the “executive agent” for all IT GWACs. The Administrator may consult with the Director of OMB to defer or decline the designation for a particular IT GWAC “when necessary to ensure continuity of service or as otherwise appropriate.”

Implications and Open Questions

The Executive Order gives significant discretion to GSA and OMB in implementing this consolidation of the government procurement system as related to “common goods and services” and IT GWACs. But the Order and Fact Sheet also raise many questions with important implications for contractors regarding how GSA and OMB will exercise that discretion, including:

How will GSA expand the use of GWACs and assume additional procurement responsibilities in light of its current pause on new procurements and reductions in force?
What constitutes a “domestic component of the Government”? To which agencies and which offices of which agencies will this Executive Order apply?
What will happen to other IT GWACs maintained by other agencies, such as NASA’s Solutions for Enterprise-Wide Procurement (SEWP), or NIH’s CIO-SP3 vehicles?

Accordingly, the scope and extent of the impact on contracts and future procurements remain to be determined. However, contractors can likely expect additional contract disruptions, such as performance delays, stop work orders, or terminations as GSA and other agencies move to implement these requirements; the potential for fewer contract opportunities as a result of consolidation efforts; and a greater need to justify the costs and value of their contracts to government customers.

The following Gibson Dunn lawyers prepared this update: Lindsay Paulin, Dhananjay Manthripragada, Joseph West, and Katie Rubanka.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Government Contracts practice group, or the following authors and practice leaders:

Lindsay M. Paulin – Partner & Co-Chair, Government Contracts Group,
Washington, D.C. (+1 202.887.3701, lpaulin@gibsondunn.com)

Dhananjay S. Manthripragada – Partner & Co-Chair, Government Contracts Group,
Los Angeles/Washington, D.C. (+1 213.229.7366, dmanthripragada@gibsondunn.com)

Joseph D. West – Partner, Government Contracts Group,
Washington, D.C. (+1 202.955.8658, jwest@gibsondunn.com)

Katie Rubanka – Associate, Government Contracts Group,
Washington, D.C. (+1 202.777.9409, krubanka@gibsondunn.com)

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Gibson Dunn’s DEI Task Force is available to help clients understand what these and other expected policy and litigation developments will mean for them and how to comply with new requirements.

On March 19, 2025, the Equal Employment Opportunity Commission (EEOC) issued guidance entitled “What You Should Know About DEI-Related Discrimination at Work,” which includes eleven questions and corresponding answers addressing the process for asserting a discrimination claim and the scope of protections under Title VII of the Civil Rights Act of 1964 (Title VII) as they relate to DEI programs. The EEOC and the Department of Justice (DOJ) also released a joint one-page technical assistance document entitled “What To Do If You Experience Discrimination Related to DEI at Work,” which provides examples of “DEI-related discrimination” under Title VII and directs employees who “suspect [they] have experienced DEI-related discrimination” to “contact the EEOC promptly.” As described in a press release the EEOC issued yesterday, these documents are designed “[t]o help educate the public about how well-established civil rights rules apply to employment policies, programs, and practices—including those labeled or framed as ‘DEI.’”

The EEOC’s longer question-and-answer guidance explains the process for bringing Title VII claims and discusses the scope of Title VII, including the categories of individuals it protects and the aspects of employment it governs.

The guidance explains that “Title VII protects employees, applicants, and training or apprenticeship program participants,” and “also may apply to interns.” The guidance emphasizes that “Title VII’s protections apply equally to all workers” regardless of whether they are part of a minority group. The EEOC states that it “does not require a higher showing of proof for so-called ‘reverse’ discrimination claims,” in reference to Ames v. Ohio Department of Youth Services (No. 23-1039), in which the Supreme Court is poised to consider whether “majority-group” plaintiffs must meet a “heightened” evidentiary standard for discrimination claims. The guidance explains that in the EEOC’s view, “there is no such thing as ‘reverse’ discrimination; there is only discrimination.”

In response to the question “When is a DEI initiative, policy, program, or practice unlawful under Title VII?” the guidance states that an employment action “may be unlawful” if it is “motivated—in whole or in part—by race, sex, or another protected characteristic.” It broadly defines potentially unlawful DEI initiatives as, among other things, programs that involve “[a]ccess to or exclusion from training (including training characterized as leadership development programs)”; “[a]ccess to mentoring, sponsorship, or workplace networking / networks”; “[i]nternships (including internships labeled as ‘fellowships’ or ‘summer associate’ programs)”; and “[s]election for interviews, including placement or exclusion from a candidate ‘slate’ or pool.” As to what may constitute an adverse action, the EEOC cites to Muldrow v. City of St. Louis, Missouri, et al., 144 S. Ct. 967, 974 (2024), to reiterate that workers bringing discrimination claims “only need to show ‘some injury’ or ‘some harm’ affecting their ‘terms, conditions, or privileges’ of employment,” and that “terms [or] conditions” should be “interpreted broadly.”

The guidance also addresses the unlawful “segregation” of employees, including in the context of employee resource and affinity groups. For example, the EEOC notes that employers may not “separate workers into groups based on” protected characteristics “when administering DEI or any trainings [or] workplace programming,” even if the separate groups “receive the same programming content or amount of employer resources.” The guidance further notes that “unlawful segregation can include limiting membership in workplace groups, such as Employee Resource Groups (ERG), Business Resource Groups (BRGs), or other employee affinity groups, to certain protected groups.” The guidance instructs that employers should instead make all trainings and workplace networks open to all employees.

The guidance further provides that employers may not “justify taking an employment action based on race, sex, or another protected characteristic because the employer has a business necessity or interest in ‘diversity,’ including preferences or requests by the employer’s clients or customers.” The EEOC states that “business interests in diversity and equity” have never “been found by the Supreme Court or the EEOC to be sufficient to allow race-motivated employment actions.”

Finally, the guidance addresses DEI-related training and suggests that such trainings “may” create a hostile work environment if there is evidence that the “training was discriminatory in content, application, or context.” The guidance further suggests opposing such trainings may constitute protected activity under Title VII “if the employee provides a fact-specific basis for his or her belief that the training violates Title VII.”

The shorter guidance document released yesterday—What To Do If You Experience Discrimination Related to DEI at Work—shares much of the same information in a one-page guidance document jointly authored by the EEOC and the DOJ.

The following Gibson Dunn lawyers prepared this update: Jason Schwartz, Greta Williams, Cynthia Chen McTernan, Naima Farrell, Zoë Klein, Anna McKenzie, Cate McCaffrey, Albert Le, and Godard Solomon.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s DEI Task Force or Labor and Employment practice group:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group,
Washington, D.C. (+1 202.955.8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group,
Los Angeles (+1 213.229.7107, ksmith@gibsondunn.com)

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group,
New York (+1 212.351.3850, mdenerstein@gibsondunn.com)

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer,
Washington, D.C. (+1 202.955.8503, zswilliams@gibsondunn.com)

Naima L. Farrell – Partner, Labor & Employment Group,
Washington, D.C. (+1 202.887.3559, nfarrell@gibsondunn.com)

Cynthia Chen McTernan – Partner, Labor & Employment Group,
Los Angeles (+1 213.229.7633, cmcternan@gibsondunn.com )

Molly T. Senger – Partner, Labor & Employment Group,
Washington, D.C. (+1 202.955.8571, msenger@gibsondunn.com)

Greta B. Williams – Partner, Labor & Employment Group,
Washington, D.C. (+1 202.887.3745, gbwilliams@gibsondunn.com)

Zoë Klein – Of Counsel, Labor & Employment Group,
Washington, D.C. (+1 202.887.3740, zklein@gibsondunn.com)

Anna M. McKenzie – Of Counsel, Labor & Employment Group,
Washington, D.C. (+1 202.955.8205, amckenzie@gibsondunn.com)

On March 2, 2025, the Department of the Treasury issued guidance announcing that it will not enforce any penalties or fines against U.S. citizens or domestic reporting companies or their beneficial owners pursuant to the Corporate Transparency Act (CTA). This guidance also announces that when the Department of the Treasury issues a proposed rulemaking regarding the CTA in the future, the rulemaking “will narrow the scope of the rule to foreign reporting companies only.”[1]

Entities that may be subject to the CTA that have not filed BOI reports should consult with their CTA advisors as necessary, now that the Department of the Treasury has announced it will suspend enforcement of the penalty provisions of the CTA and will propose amendments to the reporting rule providing that it will apply only against “foreign reporting companies.”

During litigation that temporarily enjoined enforcement of the CTA from December 2024 until February 18, 2025, the Financial Crimes Enforcement Network (FinCEN) issued guidance extending the required deadlines for companies subject to the CTA to deadline to March 21, 2025 or later.[2] On February 27, 2025, FinCEN then suspended the March 21, 2025 deadline, instead stating its intention to issue an interim final rule before March 21, 2025 that will extend beneficial ownership information (BOI) reporting deadlines for those companies required to submit such information.[3] Under the 2022 Reporting Rule that instituted the CTA, “each reporting company” – both domestic and foreign – was required to file BOI information by certain deadlines.[4]

The Department of the Treasury’s latest statement on March 2 announces that the Department will propose revisions to the reporting rule “that will narrow the scope of the rule to foreign reporting companies only.”[5] As currently defined, a “foreign reporting company” is “any entity” that is “[f]ormed under the law of a foreign country”; and “[r]egistered to do business in any State or tribal jurisdiction by the filing of a document with a secretary of state or any similar office under the law of a State or Indian tribe.”[6]

For additional background information, please refer to our Client Alerts issued on December 5, December 9, December 16, December 24, and December 27, 2024, January 24, 2025 February 19, and February 28, 2025.

[1] https://home.treasury.gov/news/press-releases/sb0038.

[2] https://fincen.gov/sites/default/files/shared/FinCEN-BOI-Notice-Deadline-Extension-508FINAL.pdf.

[3] https://www.fincen.gov/news/news-releases/fincen-not-issuing-fines-or-penalties-connection-beneficial-ownership.

[4] 31 C.F.R. § 1010.380(a).

[5] https://home.treasury.gov/news/press-releases/sb0038.

[6] 31 C.F.R. 1010.380(c)(ii); see also 31 U.S.C. 5336(a)(11)(A)(ii).

The following Gibson Dunn lawyers assisted in preparing this update: Kevin Bettsteller, Stephanie Brooker, Matt Gregory, Justin Newman, Dave Ware, Shannon Errico, Sam Raymond, and Connor Mui.

Gibson Dunn has deep experience with issues relating to the Bank Secrecy Act, the Corporate Transparency Act, other AML and sanctions laws and regulations, and challenges to Congressional statutes and administrative regulations.

For assistance navigating white collar or regulatory enforcement issues, please contact the authors, the Gibson Dunn lawyer with whom you usually work, or any leader or member of the firm’s Anti-Money Laundering, Administrative Law & Regulatory, Investment Funds, Real Estate, or White Collar Defense & Investigations practice groups.

Please also feel free to contact any of the following practice group leaders and members and key CTA contacts:

Anti-Money Laundering:
Stephanie Brooker – Washington, D.C. (+1 202.887.3502, sbrooker@gibsondunn.com)
M. Kendall Day – Washington, D.C. (+1 202.955.8220, kday@gibsondunn.com)
David Ware – Washington, D.C. (+1 202.887.3652, dware@gibsondunn.com)
Ella Capone – Washington, D.C. (+1 202.887.3511, ecapone@gibsondunn.com)
Sam Raymond – New York (+1 212.351.2499, sraymond@gibsondunn.com)

Administrative Law and Regulatory:
Stuart F. Delery – Washington, D.C. (+1 202.955.8515, sdelery@gibsondunn.com)
Eugene Scalia – Washington, D.C. (+1 202.955.8673, dforrester@gibsondunn.com)
Helgi C. Walker – Washington, D.C. (+1 202.887.3599, hwalker@gibsondunn.com)
Matt Gregory – Washington, D.C. (+1 202.887.3635, mgregory@gibsondunn.com)

Investment Funds:
Kevin Bettsteller – Los Angeles (+1 310.552.8566, kbettsteller@gibsondunn.com)
Shannon Errico – New York (+1 212.351.2448, serrico@gibsondunn.com)
Greg Merz – Washington, D.C. (+1 202.887.3637, gmerz@gibsondunn.com)

Real Estate:
Eric M. Feuerstein – New York (+1 212.351.2323, efeuerstein@gibsondunn.com)
Jesse Sharf – Los Angeles (+1 310.552.8512, jsharf@gibsondunn.com)
Lesley V. Davis – Orange County (+1 949.451.3848, ldavis@gibsondunn.com)
Anna Korbakis – Orange County (+1 949.451.3808, akorbakis@gibsondunn.com)

White Collar Defense and Investigations:
Stephanie Brooker – Washington, D.C. (+1 202.887.3502, sbrooker@gibsondunn.com)
Winston Y. Chan – San Francisco (+1 415.393.8362, wchan@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213.229.7269, nhanna@gibsondunn.com)
F. Joseph Warin – Washington, D.C. (+1 202.887.3609, fwarin@gibsondunn.com)

The new Rules come into effect from 3 April 2025.

Background:

On 21 February 2025, the Minister of Commerce officially decreed and published into law the Ultimate Beneficial Ownership Rules (UBO Rules). In line with steps taken by other financial centers and leading jurisdictions around the world, the UBO Rules require all companies in KSA, other than companies publicly listed in KSA, to disclose and maintain accurate information about their ultimate beneficial owners. The UBO Rules come into effect from 3 April 2025.

How does the UBO Rules define an Ultimate Beneficial Owner?

The UBO Rules define an “ultimate beneficial owner” as any natural person who meets the following criteria:
1. owns at least 25% of the company’s share capital whether directly or indirectly;
2. controls at least 25% o the voting shares in the company, whether directly or indirectly;
3. is entitled to appoint or remove a majority of the company’s board of directors, its manager or president, whether directly or indirectly;
4. ability to influence decision-making or the business of the company whether directly or indirectly; or
5. is a representative of any legal person to which any of above criteria applies.
The UBO Rules clarify that if an ultimate beneficial owner cannot be identified by applying the foregoing criteria, then the company’s manager or members of its board of directors or its president will be regarded as its ultimate beneficial owner.

Key obligations under the UBO Rules:

Some of the key obligations under the UBO Rules include the following:

Incorporation: The Ministry of Commerce will now require applicants to disclose information on their ultimate beneficial owners as part of the application process for incorporation of companies in KSA.

Annual Filings: In relation to those companies already established at the time the UBO Rules come into effect, such companies will be required to make annual filings disclosing their ultimate beneficial owners. Such filings are due on the anniversary of the date on which companies were registered with the Ministry’s commercial register.
Maintenance & Updates: All existing companies will be required to maintain an ultimate beneficial owner register and notify the Ministry of any changes in the identity of an ultimate beneficial owner.
Required Information: It remains unclear what information will be requested by the Ministry to validate the identity of an ultimate beneficial owner in a relevant KSA company. Unsurprisingly, the UBO Rules grant the Ministry with broad authority to require disclosure. The UBO Rules state that the Ministry will publish guidelines with respect to its procedures and requirements for the identification of ultimate beneficial owners.

Exemption from UBO Rules:

The following entities are exempted from the application of the UBO Rules:

Companies wholly owned by the state or any state-owned authorities whether directly or indirectly; and
Companies undergoing insolvency proceedings in accordance with the Bankruptcy Law.

Additionally, the Minister of Commerce may issue exemptions on a case-by-case basis. All companies exempted from the UBO Rules are nevertheless required to prove to the Ministry that they enjoy such an exempted status.

Penalties for Non-Compliance:

A person that is required to comply with the UBO Rules but fails to do so, including its obligations to disclose/update information to the Ministry with respect to ultimate beneficial ownership, may face a fine of SAR 500,000.

Investors with complex shareholding structures in KSA should be wary of these UBO Rules as indirect changes in their shareholding structures could trigger disclosure obligations with the Ministry in KSA. All investors in KSA must start thinking about introducing appropriate internal protocols to ensure full compliance with the UBO Rules.

The following Gibson Dunn lawyers prepared this update: Mohamed A. Hasan and Lojain AlMouallimi.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these developments. To learn more, please contact the Gibson Dunn lawyer with whom you usually work, or the authors in Riyadh:

Mohamed A. Hasan (+966 55 867 5974, malhasan@gibsondunn.com)

Lojain AlMouallimi (+966 11 827 4046, lalmouallimi@gibsondunn.com)

Gibson Dunn is closely monitoring regulatory developments and executive orders in this fast-paced environment for administrative law. Our lawyers are available to assist clients as they navigate the challenges and opportunities posed by the current, evolving legal landscape.

In just the first month of the new administration, President Trump has taken several actions to exercise Executive Branch control over “independent” agencies. Agencies generally have been considered “independent” from presidential control if a statute provides that the agency’s leader or leaders may be removed only for cause.[1] These include many powerful and important agencies, including the Securities and Exchange Commission (SEC), Federal Trade Commission (FTC), the Federal Communications Commission (FCC), National Labor Relations Board (NLRB), Federal Energy Regulatory Commission (FERC), Board of Governors of the Federal Reserve System, Equal Employment Opportunity Commission (EEOC), and many more.

In his recent Executive Order titled “Ensuring Accountability For All Agencies,” President Trump ordered all independent agencies to submit their major regulations for White House review and approval in the same manner that traditional Executive Branch agencies do, authorized the Office of Management and Budget (OMB) to review and adjust independent agencies’ use of funds to ensure consistency with the President’s policies, and ordered all Executive Branch officers and employees to adopt as “controlling” the interpretations of law advanced by the President and Attorney General. A number of President Trump’s other executive orders, including the order requiring each agency to establish its own Department of Government Efficiency (DOGE) Team and the order requiring review of all existing regulations, lack carveouts for independent agencies that past administrations have frequently included in similar directives. Separately, the acting Solicitor General has informed Congress that the Department of Justice will no longer defend the constitutionality of for-cause removal protections at certain agencies and will seek to limit or overturn Humphrey’s Executor—the Supreme Court decision upholding the independence of the 1930s version of the FTC. The acting Solicitor General also has stated that multiple layers of for-cause removal protections for administrative law judges are unconstitutional. President Trump has also fired agency leaders at the EEOC, NLRB, the Merit Systems Protection Board, and the Office of Special Counsel, though litigation is ongoing as to whether those terminations were lawful.

I. The President’s Historical Control Over Independent Agencies.

Since the Interstate Commerce Commission was established in the late 1800s and the FTC in 1914, Congress has protected some agency leaders from presidential removal on the theory that nonpolitical experts should be insulated from political pressure. Almost from the start, these limits on the President’s removal powers proved controversial, and in 1926 the Supreme Court ruled that the Constitution requires that the President be able to remove certain Executive Branch officials. Recent Supreme Court decisions have established only “two exceptions to the President’s unrestricted removal power.” The first exception applies to “multimember expert agencies that do not wield substantial executive power.” Notably, this exception tracks the Court’s 1935 decision in Humphrey’s Executor v. United States, which upheld removal protections for FTC commissioners because, as the 1935 Court framed it, the commissioners exercised primarily “quasi-judicial and quasi-legislative” functions. The second exception applies to “inferior officers with limited duties and no policymaking or administrative authority.”

The Court has rejected removal protections beyond these two exceptions, including double layers of protection for certain lower-level agency employees and removal protections for a single-member agency head. Today, independent agencies generally consist of multimember, partisan-balanced boards where statutes provide that leaders may be removed only for cause and not at the President’s pleasure.

The Trump Administration has taken an assertive view of the President’s removal powers and the corresponding power to control the entire Executive Branch, including independent agencies. It has asserted that a number of statutory removal protections for heads of independent agencies are unconstitutional because they wield substantial executive power and the President must be able to supervise all executive power. To the extent Humphrey’s Executor allows such removal protections, the Trump Administration has said that it will ask the Supreme Court to overrule that decision. Likewise, the Trump Administration has concluded that multiple layers of removal protections for administrative law judges (officials who preside over agency adjudications) are unconstitutional.

II. The Implications Of President Trump’s “Ensuring Accountability For All Agencies” Executive Order.

President Trump’s Order on “ensuring accountability” would subject independent agencies to significant political control across activities including rulemaking, legal interpretations, enforcement priorities, and expenditures. This Order has a number of implications that are discussed in turn below.

OIRA Review. The Order requires independent agencies to submit their major regulations to the Office of Information and Regulatory Affairs (OIRA) for review and approval in the same way traditional executive branch agencies have done for decades. OIRA is a division of OMB that reviews agency rules before they are issued to ensure the rules are consistent with principles of administrative law and consistent with the President’s policy priorities. While some independent agencies have informally and voluntarily cooperated with OIRA reviews in the past, this Order for the first time makes compliance with the OIRA process mandatory. The need to clear proposed and final rules through OIRA prior to publication could delay independent agencies’ ability to initiate and finalize rulemakings. As part of the review process, independent agencies will need to conduct a cost-benefit analysis under Executive Order 12866, which OIRA will review. By subjecting independent agencies’ economic analyses to OIRA review, the Order could improve the quality and consistency of the methodology underlying agencies’ estimates of the costs and benefits of their rules. In some instances, OIRA’s review could persuade agencies not to proceed with a planned rulemaking or could result in a White House directive that the rulemaking be halted.

Interpretation of Laws. The Order also provides that “[t]he President and the Attorney General . . . shall provide authoritative interpretations of law for the executive branch” and their “opinions on questions of law are controlling on all employees in the conduct of their official duties.” Further, no employee or officer “may advance an interpretation of the law as the position of the United States that contravenes the President or the Attorney General’s opinion on a matter of law, including but not limited to the issuance of regulations, guidance, and positions advanced in litigation, unless authorized to do so by the President or in writing by the Attorney General.”[2] Accordingly, when the President or Attorney General have provided an opinion or authoritative interpretation of any statute or regulation, the agency official generally may not advance a contrary interpretation of the law.

This is a meaningful limitation for independent agencies. President Trump has already advanced a number of legal interpretations through executive orders and memoranda, and traditionally, the Department of Justice (headed by the Attorney General) offers opinions on many legal issues. Although in the past independent agencies have often advanced their own legal interpretations in regulations and in litigation (at least until a case reached the Supreme Court, where the Solicitor General takes over)—sometimes in opposition to positions put forward by the Department of Justice—the Order requires them to adopt the views of the President and Attorney General moving forward.

Apportionment. The Order authorizes the Director of OMB to “review independent regulatory agencies’ obligations for consistency with the President’s policies and priorities” and to “adjust such agencies’ apportionments by activity, function, project, or object … to advance the President’s policies and priorities” including to “prohibit independent regulatory agencies from expending appropriations on particular activities, functions, projects, or objects, so long as such restrictions are consistent with law.”

This provision grants the Director of OMB control over independent agencies’ budgets, expenditures, and—to a significant extent—discretion. The “obligations,” “apportionments,” and “appropriations” are budgetary terms referring to various ways agencies are authorized to spend and do spend money. Notably, the Director’s authority to prohibit expenditures on certain activities could allow him to order nonenforcement of regulations or defunding programs that are inconsistent with the President’s policy preferences.

Exceptions for Monetary Policy and Other Legal Authorities. The Order exempts the Federal Reserve’s monetary policy from its scope. Accordingly, the Federal Reserve’s interest rate decisions will not be subject to OIRA review, though its banking regulatory functions are covered by the scope of the Order.

The Order also notes that it should not be read to affect “the authority granted by law to an executive department, agency, or the head thereof.”

Indirect Implications. The President’s assertion of Executive Branch control over independent agencies will have additional consequences not mentioned in the Order. As we previously noted, many of President Trump’s other executive orders do not include carve outs for independent agencies. Accordingly, the executive orders requiring cooperation with DOGE appear to apply to independent agencies. These orders include requirements to establish a DOGE team, share information with DOGE, engage in workforce-optimization efforts, and conduct comprehensive reviews of existing regulations and deregulation. In combination with the Order’s requirement that independent agencies follow the President’s interpretation of the law, independent agencies may also be required to adopt the President’s legal views as espoused in executive orders such as those that describe certain DEI and DEIA policies as illegal.[3]

Two of these orders may have particular significance for independent agencies:

“Ensuring Lawful Governance And Implementing The President’s ‘Department Of Government Efficiency’ Deregulatory Initiative.” This order requires agencies to identify all regulations that are potentially unlawful and then develop a plan to rescind or modify them. Specifically, in coordination with OMB, DOGE, and the Attorney General, agencies have sixty days to identify all regulations that: (1) are “unconstitutional” or “raise serious constitutional difficulties;” (2) “are based on unlawful delegations of legislative power;” (3) contravene the “the best reading of the underlying statutory authority or prohibition;” (4) violate the major-questions doctrine; (5) “impose significant costs upon private parties that are not outweighed by public benefits;” (6) “significantly and unjustifiably” impede innovation; or (7) “impose undue burdens on small business and impede private enterprise and entrepreneurship.” The OIRA Administrator (who has not yet been designated) shall then consult with agency heads to develop a Unified Regulatory Agenda to rescind or modify these regulations.

“Unleashing Prosperity Through Deregulation.” As we have previously discussed, this order requires that agencies identify at least ten existing regulations to repeal for every new regulation they promulgate, and it requires the total incremental cost of new regulations be “significantly less than zero.”

Because independent agencies have historically been exempt from similar deregulatory efforts, these orders could materially change the agencies’ longstanding regulatory processes.

III. Pending Litigation Regarding the President’s Control Over Independent Agencies.

The President’s assertion of control over independent agencies has already begun to attract legal challenges. These challenges could affect the practical consequences of the Order and of President Trump’s other actions regarding independent agencies. Currently, some of the most notable litigation has been brought by heads of independent agencies who were fired without an explanation or compliance with statutory notice requirements (e.g., without complying with a “for cause” removal restriction). For example:

Dellinger v. Bessent, 1:25-cv-00385 (D.D.C. filed Feb. 10, 2025), is a case by the Special Counsel leading the Office of Special Counsel (which oversees various whistleblower and government accountability projects), whom President Trump fired without explanation. The District Court issued a temporary restraining order reinstating Dellinger as the Special Counsel, the D.C. Circuit dismissed an appeal/denied mandamus for lack of jurisdiction, and the Supreme Court held the government’s appeal in abeyance until the temporary restraining order expires on February 26.

Wilcox v. Trump, No. 1:25-cv-00334 (D.D.C. filed Feb. 5, 2025), is a suit by a former Democratic member of the National Labor Relations Board whom President Trump fired without explanation. The case is currently before the U.S. District Court for the District of Columbia, and expedited summary judgment briefing is underway.

Harris v. Bessent, No. 1:25-cv-00412 (D.D.C. filed Feb. 11, 2025), is a suit by the former chair of the Merit Systems Protection Board, whom President Trump demoted and subsequently fired without explanation. The U.S. District Court for the District of Columbia issued a temporary restraining order reinstating Harris as the Chair. The Trump Administration has appealed the case to the D.C. Circuit and/or the Supreme Court, where it would likely have the same fate as Dellinger. Meanwhile, the plaintiff moved for a preliminary injunction in the district court.

IV. Conclusion

[1] Congress sometimes labels agencies as “independent” without providing any removal protections. See Collins v. Yellen, 594 U.S. 220, 248–50 (2021).

[2] The Executive Order just refers to “employees,” but defines employees according to 5 U.S.C. § 2105, which includes officers.

[3] A federal district court recently granted a preliminary injunction enjoining some of these orders, so the efficacy of these orders may be subject to change.

The following Gibson Dunn lawyers prepared this update: Michael Bopp, Stuart Delery, Eugene Scalia, Helgi Walker, Matt Gregory, Andrew Kilberg, Tory Lauterbach, Amanda Neely, Noah Delwiche, Maya Jeyendran, and Aaron Gyde.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Public Policy, Administrative Law & Regulatory, Energy Regulation & Litigation, Labor & Employment, or Government Contracts practice groups, or the following in Washington, D.C.:

Michael D. Bopp – Co-Chair, Public Policy Practice Group,
(+1 202.955.8256, mbopp@gibsondunn.com)

Stuart F. Delery – Co-Chair, Administrative Law & Regulatory Practice Group,
(+1 202.955.8515, sdelery@gibsondunn.com)

Eugene Scalia – Co-Chair, Administrative Law & Regulatory Practice Group,
(+1 202.955.8673, dforrester@gibsondunn.com)

Helgi C. Walker – Co-Chair, Administrative Law & Regulatory Practice Group,
(+1 202.887.3599, hwalker@gibsondunn.com)

Matt Gregory – Partner, Administrative Law & Regulatory Practice Group,
(+1 202.887.3635, mgregory@gibsondunn.com)

Andrew G.I. Kilberg – Partner, Administrative Law & Regulatory Practice Group,
(+1 202.887.3759, akilberg@gibsondunn.com)

Tory Lauterbach – Partner, Energy Regulation & Litigation Practice Group,
(+1 202.955.8519, tlauterbach@gibsondunn.com)

Amanda H. Neely – Of Counsel, Public Policy Practice Group,
(+1 202.777.9566, aneely@gibsondunn.com)

Gibson Dunn’s DEI Task Force is available to help clients understand what these and other expected policy changes will mean for them and how to comply with new requirements.

In Brief

On February 21, 2025, the United States District Court for the District of Maryland entered a preliminary injunction enjoining in part President Trump’s Executive Orders titled “Ending Radical and Wasteful Government DEI Programs and Preferencing” (EO 14151) and “Ending Illegal Discrimination and Restoring Merit-Based Opportunity” (EO 14173). Nat’l Ass’n of Diversity Officers in Higher Educ., et al., v. Donald J. Trump, et al., No. 1:25-cv-00333-ABA, Dkt. 44–45 (D. Md. 2025). The court opened its opinion by stating that

The term ‘DEI,’ of course, is shorthand for ‘diversity, equity, and inclusion.’ And ensuring equity, diversity, and inclusion has long been a goal, and at least in some contexts arguably a requirement, of federal anti-discrimination law. But the administration has declared ‘DEI’ to be henceforth ‘illegal,’ has announced it will be terminating all ‘“equity-related” grants or contracts’—whatever the administration might decide that means—and has made ‘practitioners’ of what the government considers “DEI” the targets of a “strategic enforcement plan.

Dkt. 45 at 2.

The court enjoined the government defendants from freezing or terminating existing “equity-related” contracts and grants (pursuant to EO 14151). With respect to EO 14173, the court enjoined the government defendants from (1) requiring federal contractors and grant recipients to certify that they do not “operate any programs promoting DEI that violate any applicable Federal anti-discrimination laws,” (2) requiring federal contractors and grant recipients “to agree that [their] compliance in all respects with all applicable Federal anti-discrimination laws is material” for purposes of the False Claims Act, and (3) bringing any enforcement action targeting “DEI programs or principles.” However, the court declined to “enjoin the Attorney General from … engaging in investigation” of DEI programs. Dkt. 44 at 62.

The preliminary injunction covers nine Cabinet-level departments, the Office of Management and Budget, and the National Science Foundation, but not President Trump. The Equal Employment Opportunity Commission (EEOC) is not a defendant and is not directly subject to the injunction. However, the injunction does cover “other persons who are in active concert or participation with” the defendant agencies. Dkt. 45 at § 3.

The preliminary injunction is nationwide and not restricted to the plaintiffs in the case. See Dkt. 44 at 60–62.

The government undoubtedly will appeal the decision to the U.S. Court of Appeals for the Fourth Circuit, which could reverse or narrow the injunction. The government also may seek a stay of the district court’s injunction while the appeal is pending. If it does not prevail before the Fourth Circuit (or only prevails in part), the government might seek an emergency stay from the Supreme Court. Accordingly, it is possible that the preliminary injunction will be lifted soon.

Digging Deeper

The plaintiffs—the National Association of Diversity Officers in Higher Education, the American Association of University Professors, Restaurant Opportunities Centers United, and the mayor and city council of Baltimore, Maryland—challenge one portion of EO 14151 and two portions of EO 14173. The plaintiffs sued President Trump and the following agencies: (1) the Department of Health and Human Services; (2) the Department of Education; (3) the Department of Labor; (4) the Department of the Interior; (5) the Department of Commerce; (6) the Department of Agriculture; (7) the Department of Energy; (8) the Department of Transportation; (9) the Department of Justice; (10) the National Science Foundation; and (11) the Office of Management and Budget.

First, the plaintiffs challenge EO 14151’s direction to agencies to “terminate, to the maximum allowed by law, … all [federal] ‘equity-related’ grants or contracts.” Exec. Order No. 14151, § 2(b)(i) (“Termination Provision”). The district court held that the plaintiffs had shown a likelihood of success on their claim that the Termination Provision violates the Due Process Clause of the Fifth Amendment because the term “equity-related” is impermissibly vague.

With respect to the Termination Provision, the court enjoined the agencies from “paus[ing], freez[ing], imped[ing], block[ing], cancel[ing] or terminat[ing] any awards, contracts or obligations …, or chang[ing] the terms of any” awards, contracts or obligations based on the Termination Provision. Dkt. 45 at § 3(a).

Second, the plaintiffs challenge section 3(b)(iv) of EO 14173 (referred to as the “Certification Provision” by the district court), which directs agencies to include two clauses in federal contracts and grants:

(A) A term requiring the contractual counterparty or grant recipient to agree that its compliance in all respects with all applicable Federal anti-discrimination laws is material to the government’s payment decisions for purposes of section 3729(b)(4) of title 31, United States Code; and

(B) A term requiring such counterparty or recipient to certify that it does not operate any programs promoting DEI that violate any applicable Federal anti-discrimination laws.

The court held that the plaintiffs had shown a likelihood of success on their claim that the Certification Provision violates the First Amendment, and enjoined the agencies from “requir[ing] any grantee or contractor to make any ‘certification’ or other representation pursuant to the Certification Provision.” Dkt. 45 at § 3(b). The phrase “other representation” appears to prohibit the agencies from requiring modifications of federal contracts to include the contract clauses described above.

Third, the plaintiffs challenge EO 14173’s instruction to the Attorney General to compile a report identifying, among other things, potential targets for “civil compliance investigations.” Exec. Order 14173, § 4(b)(iii). The district court refers to this as the “Enforcement Threat Provision.”

The court held that the plaintiffs had shown a likelihood of success on their claims that the Enforcement Threat Provision violates the First Amendment and the Due Process Clause of the Fifth Amendment because there is no guidance regarding the DEI programs or practices that the administration considers illegal.

The preliminary injunction prohibits the agencies from “bring[ing] any False Claims Act enforcement action, or other enforcement action, pursuant to the Enforcement Threat Provision, including but not limited to any False Claims Act enforcement action premised on any certification made pursuant to the Certification Provision.” Dkt. 45 at § 3(c). The court specifically declined to “enjoin the Attorney General from … engaging in investigation” of DEI programs or to prohibit the Attorney General from preparing a report identifying investigation targets. Dkt. 44 at 62.

Implications and Next Steps

As noted above, the district court’s preliminary injunction is not party-restricted and applies nationwide. However, the injunction is directed to the “Defendants” in the case. Dkt. 45 at § 3. The government is thus likely to take the position that agencies that are not defendants to the case—including the Departments of State, Defense, and Treasury, and the EEOC, Federal Communications Commission, and the General Services Administration—are not subject to the injunction except to the extent they “are in active concert or participation with” the defendant agencies. Moreover, agencies covered by the injunction might argue that the injunction does not prevent them from bringing actions against companies so long as such actions are not “pursuant to the Enforcement Threat Provision,” although this could be challenging.

As noted above, the Department of Justice is very likely to appeal this decision to the Fourth Circuit immediately, and it is possible that the Fourth Circuit will stay the district court’s order while the appeal is pending and then either reverse or narrow it after review by a merits panel. If it is unsuccessful or partially successful in the Fourth Circuit, the government might seek an emergency stay from the Supreme Court.

A separate challenge to EO 14151 and EO 14173, as well as EO 14168 (“Defending Women From Gender Ideology Extremism and Restoring Biological Truth to the Federal Government”), is pending in the United States District Court for the District of Columbia. See Nat’l Urban League, et al., v. Donald J. Trump, et al., No. 1:25-cv-00471 (D.D.C. 2025).

Finally, it is worth noting that regardless of the resolution of these cases, the Trump Administration will likely attempt to continue to pursue its policies with respect to DEI programs through other enforcement mechanisms, whether through the EEOC or other agencies.

Gibson Dunn is closely monitoring these challenges to President Trump’s executive orders, and is tracking all of the President’s executive orders here. Gibson Dunn’s DEI Task Force is available to help clients understand what these and other expected policy and litigation developments will mean for them and how to comply with new requirements.

The following Gibson Dunn lawyers prepared this update: Jason Schwartz, Katherine V.A. Smith, Zakiyyah Salim-Williams, Mylan Denerstein, Cynthia Chen McTernan, Molly Senger, Greta Williams, Blaine Evanson, Zoë Klein, and Maya Jeyendran.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s DEI Task Force or Labor and Employment, Government Contracts, or False Claims Act/Qui Tam Defense practice groups:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group,
Washington, D.C. (+1 202.955.8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group,
Los Angeles (+1 213.229.7107, ksmith@gibsondunn.com)

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group,
New York (+1 212.351.3850, mdenerstein@gibsondunn.com)

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer,
Washington, D.C. (+1 202.955.8503, zswilliams@gibsondunn.com)

Lindsay M. Paulin – Partner & Co-Chair, Government Contracts Group,
Washington, D.C. (+1 202.887.3701, lpaulin@gibsondunn.com)

Jonathan M. Phillips – Partner & Co-Chair, False Claims Act/Qui Tam Defense Group,
Washington, D.C. (+1 202.887.3546, jphillips@gibsondunn.com)

Jake M. Shields – Partner, False Claims Act/Qui Tam Defense Group,
Washington, D.C. (+1 202.955.8201, jmshields@gibsondunn.com)

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group,
Orange County (+1 949.451.3805, bevanson@gibsondunn.com)

Molly T. Senger – Partner, Labor & Employment Group,
Washington, D.C. (+1 202.955.8571, msenger@gibsondunn.com)

Greta B. Williams – Partner, Labor & Employment Group,
Washington, D.C. (+1 202.887.3745, gbwilliams@gibsondunn.com)

Zoë Klein – Of Counsel, Labor & Employment Group,
Washington, D.C. (+1 202.887.3740, zklein@gibsondunn.com)

Recent amendments to Massachusetts’ FCA mark a dramatic expansion of potential civil fraud liability for private equity firms and their investors.

I. Introduction

In a significant development for private equity firms that operate in the health care and life science spaces, lawmakers in Massachusetts greatly expanded the state’s civil fraud enforcement powers against private equity firms and other investors. On January 8, 2025, Massachusetts Governor Maura Healey signed House Bill 5159, “An Act Enhancing the Market Review Process” (the Act), into law. In addition to expanding reporting requirements for private equity transactions, the Act amends the Massachusetts False Claims Act (the MA FCA) to impose civil liability on any entity that “has an ownership or investment interest” in an entity that violates the MA FCA and fails to disclose that violation to the Commonwealth “within 60 days of identifying the violation.”[1]

The Act represents a dramatic expansion of potential civil liability for private equity firms and other investors (regardless of their location) whose companies do business with the Massachusetts government. The impetus for the Act appears to be increased concerns by state lawmakers over the patient care implications of private equity investment in the health care industry, but the Act sweeps broadly to cover investors in all industries. The Act also comes on the heels of ever-growing scrutiny of private equity firms by the U.S. Department of Justice, which has made clear during each of the last two administrations that enforcement of the federal False Claims Act (the federal FCA) against private equity firms is a DOJ priority.[2]

II. Overview of the MA FCA

The MA FCA prohibits various types of fraudulent conduct against the state and its political subdivisions.[3] Similar to the federal FCA, the MA FCA prohibits the knowing presentment of false or fraudulent claims for payment and the knowing use of material false records or statements in the submission of claims.[4] The MA FCA also contains a “reverse” provision, which, like its federal counterpart, prohibits the knowing use of a false or fraudulent statement that is material to an obligation to pay money to the Commonwealth, as well as the knowing concealment or improper avoidance of an obligation to pay money to the Commonwealth.[5]

Unlike the federal FCA, the MA FCA also imposes liability on any “beneficiary” of an “inadvertent submission of a false claim” to the Commonwealth or of “an overpayment from” the Commonwealth who “discovers the falsity of the claim or the receipt of overpayment” and does not disclose the claim or overpayment within 60 days of the date on which the beneficiary “identifie[s]” either one.[6]

The MA FCA applies to any person, whether or not a resident of Massachusetts, who engages in covered conduct as to claims for payment made to the Commonwealth, its political subdivisions, officers, employees, agents, representatives, and contractors, and/or as to funds the person receives or retains to which they are not entitled.[7] Like the federal FCA, the statute imposes treble damages and per-violation civil penalties.[8]

III. The Act’s Amendments to the MA FCA

The Act, which is set to go into effect on April 8 of this year, expands the scope of existing “beneficiary” liability under the MA FCA to apply explicitly to private equity firms and other investors. The Act amends the MA FCA to impose liability on any person who:

[i] has an ownership or investment interest in any person who violates [the MA FCA];

[ii] knows about the violation; and

[iii] fails to disclose the violation to the commonwealth or a political subdivision thereof within 60 days of identifying the violation.[9]

The Act defines “ownership or investment interest” as any:

(1) direct or indirect possession of equity in the capital, stock or profits totaling more than 10 per cent of an entity;

(2) interest held by an investor or group of investors who engages in the raising or returning of capital and who invests, develops or disposes of specified assets; or

(3) interest held by a pool of funds by investors, including a pool of funds managed or controlled by private limited partnerships, if those investors or the management of that pool or private limited partnership employ investment strategies of any kind to earn a return on that pool of funds.[10]

The Act thus appears to extend MA FCA liability to (1) private equity firms, (2) private equity managed funds, and (3) investors holding at least a 10% stake, directly or indirectly, in a company that has violated the MA FCA. Moreover, that liability is not for the submission of false claims or for any other violation of the MA FCA actually committed by a private equity firm—but instead for the failure to disclose to the Commonwealth a known violation of the MA FCA “within 60 days of identifying the violation.”

This is a dramatic departure from what is required to establish liability under the federal FCA, which, at minimum, requires a showing that a party “cause[d]” the submission of false claims.[11] In the private equity context, this typically requires proof that the private equity firm or its investors exercised control over the portfolio company and then ratified the company’s alleged violation of the FCA after becoming aware of it,[12] or was more actively involved in the company’s alleged misconduct—such as by approving or funding the alleged scheme.[13]

The liability risks under the MA FCA to private equity firms and investors are heightened even further by a number of ambiguities in the amended statute, including what it means to “identify” a violation that triggers the 60-day notice requirement. The term is not defined in the statute, but is used seemingly interchangeably with the term “knowing,” which is defined as “actual knowledge,” “deliberate ignorance,” or “reckless disregard” with “no proof of specific intent to defraud” required.[14] It is not clear whether this definition is meant to also define “identifying” or if that term is meant to have its own separate meaning. This is an issue that will likely be litigated under the statute, as a similar issue was in the federal context before the Centers for Medicare and Medicaid Services attempted to resolve it in a final rule issued this last November. We covered that rule and its implications for the health care industry in a client alert following the rule’s publication.

IV. Implications for Due Diligence and Compliance Controls

The Act’s amendments to the MA FCA underscore the importance of private equity firms conducting robust diligence in transactions involving companies that receive funds from the Commonwealth, particularly Medicaid funds and government contract monies. At the same time, especially given the ambiguity around the meaning of the term “identifying,” it remains to be seen whether the Commonwealth treats pre-closing knowledge of a potential FCA violation as sufficient to start the running of the 60-day disclosure clock. Pre-closing diligence should be robust enough to identify risk areas and areas for rapid, efficient post-closing diligence—but should stop short of the sort of detailed investigation into specific government interactions or payments that is more appropriate for post-closing diligence and that risks being mis-interpreted later as having imbued the acquiring firm with knowledge of an FCA violation. In parallel, private equity firms should consider seeking commercial terms that offset the risk of subsequent regulatory scrutiny borne of the Act’s broad sweep.

Post-closing, private equity firms should conduct thorough diligence into any FCA risk areas identified during pre-closing diligence. Post-closing efforts should be swift, given the Act’s short window for reporting violations following their “identif[ication].” While each set of facts and circumstances will be unique, if a potential FCA violation is discovered, firms should strongly consider proactive disclosure to the Commonwealth. Private equity firms must also remain vigilant in monitoring portfolio companies for any potential MA FCA violations. And, of course, firms should ensure that their portfolio companies have strong compliance programs, including mechanisms for conducting regular audits and risk assessments, as well as robust processes for ongoing monitoring and reporting so that violations can be identified early and dealt with appropriately and efficiently.

[1] Mass. Gen. Laws ch. 12 § 5B(a)(11), as amended by H.5159 § 29.

[2] See, e.g., Statement of Ethan Davis, Deputy Assistant Attorney General, DOJ’s Civil Division (June 2020) (Trump Administration) (“Where a private equity firm takes an active role in illegal conduct by the acquired company, it can expose itself to False Claims Act liability.”) (available at https://www.justice.gov/civil/speech/principal-deputy-assistant-attorney-general-ethan-p-davis-delivers-remarks-false-claims); Statement of Brian Boynton, Principal Deputy Assistant Attorney General, DOJ’s Civil Division (Feb. 2024) (Biden Administration) (“We have already had a few cases involving private equity firms. And given the significant role that private equity is increasingly playing in the healthcare field, we anticipate that their impact on healthcare billings will continue to grow as well.”) (available at https://www.justice.gov/opa/speech/principal-deputy-assistant-attorney-general-brian-m-boynton-delivers-remarks-2024).

[3] Mass. Gen. Laws ch. 12 § 5A.

[4] Mass. Gen. Laws ch. 12 § 5B(a)(1)–(2).

[5] Compare Mass. Gen. Laws ch. 12 § 5B(a)(9) with 31 U.S.C. § 3729(a)(1)(G).

[6] Mass. Gen. Laws ch. 12 § 5B(a)(10).

[7] See Mass. Gen. Laws ch. 12 §§ 5A, 5B.

[8] Mass. Gen. Laws ch. 12 § 5B(a).

[9] Mass. Gen. Laws ch. 12 § 5B(a)(11), as amended by H.5159 § 29.

[10] Mass. Gen. Laws ch. 12 § 5A, as amended by H.5159 § 27.

[11] 31 U.S. Code § 3729(a)(1)(A), (B).

[12] See, e.g., United States ex rel. Martino-Fleming v. S. Bay Mental Health Ctrs., 540 F. Supp. 3d 103, 130 (D. Mass. 2021) (private equity firm’s “knowing ratification of ‘the prior policy of submitting false claims by rejecting recommendations to bring South Bay into regulatory compliance constitutes sufficient participation in the claims process to trigger [False Claims Act] liability’” (citation omitted) (alteration in original)); cf. United States ex rel. Schagrin v. LDR Indus., LLC, 2018 WL 6064699, at *6 (N.D. Ill. Nov. 20, 2018) (“if the Greenspons knew that LDR—the company they owned and managed—was not paying customs duties, they can be liable under the False Claims Act for failing to rectify the situation”).

[13] United States ex rel. Carmen Medrano v. Diabetic Care RX, LLC, 2018 WL 6978633, at *11 (S.D. Fla. Nov. 30, 2018) (denying dismissal of claims against private equity firm because the complaint alleged that the firm “(i) approved of PCA’s decision to use marketers to generate referrals; (ii) knew that TRICARE was the source of the majority of PCA’s revenue; (iii) received monthly financial statements, which reported the monthly compounding revenue and the commission paid to the Marketers; and (iv) RLH funded $2 million in commissions to the Marketers in January 2015”).

[14] Mass. Gen. Laws ch. 12 § 5A.

The following Gibson Dunn lawyers prepared this update: Jake Shields, Winston Chan, Jonathan Phillips, Michael Dziuban, Danilo Risteski, and Nell Tooley.

Gibson Dunn lawyers regularly counsel clients on the False Claims Act issues and are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s False Claims Act/Qui Tam Defense practice group:

Washington, D.C.
Jonathan M. Phillips – Co-Chair (+1 202.887.3546, jphillips@gibsondunn.com)
Stuart F. Delery (+1 202.955.8515,sdelery@gibsondunn.com)
F. Joseph Warin (+1 202.887.3609, fwarin@gibsondunn.com)
Jake M. Shields (+1 202.955.8201, jmshields@gibsondunn.com)
Gustav W. Eyler (+1 202.955.8610, geyler@gibsondunn.com)
Lindsay M. Paulin (+1 202.887.3701, lpaulin@gibsondunn.com)
Geoffrey M. Sigler (+1 202.887.3752, gsigler@gibsondunn.com)
Joseph D. West (+1 202.955.8658, jwest@gibsondunn.com)

San Francisco
Winston Y. Chan – Co-Chair (+1 415.393.8362, wchan@gibsondunn.com)
Charles J. Stevens (+1 415.393.8391, cstevens@gibsondunn.com)

New York
Reed Brodsky (+1 212.351.5334, rbrodsky@gibsondunn.com)
Mylan Denerstein (+1 212.351.3850, mdenerstein@gibsondunn.com)

Denver
John D.W. Partridge (+1 303.298.5931, jpartridge@gibsondunn.com)
Ryan T. Bergsieker (+1 303.298.5774, rbergsieker@gibsondunn.com)
Monica K. Loseman (+1 303.298.5784, mloseman@gibsondunn.com)

Dallas
Andrew LeGrand (+1 214.698.3405, alegrand@gibsondunn.com)

Los Angeles
James L. Zelenay Jr. (+1 213.229.7449, jzelenay@gibsondunn.com)
Nicola T. Hanna (+1 213.229.7269, nhanna@gibsondunn.com)
Jeremy S. Smith (+1 213.229.7973, jssmith@gibsondunn.com)
Deborah L. Stein (+1 213.229.7164, dstein@gibsondunn.com)
Dhananjay S. Manthripragada (+1 213.229.7366, dmanthripragada@gibsondunn.com)

Palo Alto
Benjamin Wagner (+1 650.849.5395, bwagner@gibsondunn.com)

Ever since President Trump announced that he would create a Department of Government Efficiency (DOGE), clients have raised questions regarding how it would be established, what powers it would have, and how its work could affect their operations.

Gibson Dunn previously addressed some of those questions in a December 6, 2024 client alert based on information available at the time. Now that President Trump has taken office, more details are coming to light. In one of his first acts as president, on January 20, 2025, Trump signed an executive order titled “Establishing and Implementing the President’s ‘Department of Government Efficiency’” (the Order),[1] which brings additional clarity regarding some of the key questions about DOGE and raises others, as discussed below. In addition, recent administration actions, such as freezing (and subsequently unfreezing) federal spending and deferred resignation offers to federal employees suggest that the DOGE is having an impact.[2]

I. Formal Establishment of DOGE as USDS

Initially, then President-elect Trump said DOGE would operate from outside the government. Much ink was spilled on whether DOGE would be a federal advisory committee (FAC) governed by the Federal Advisory Committee Act (FACA), a non-profit entity, or some other kind of non-governmental organization. With the Order, however, he has established DOGE as a federal government entity operating out of the Executive Office of the President (EOP). The Order renames the U.S. Digital Service, an existing government entity also established by presidential directive, as the U.S. DOGE Service. For the sake of clarity, this Alert will refer to the new U.S. DOGE Service as “USDS” and the former U.S. Digital Service by its full name.

The U.S. Digital Service appears to have been an attractive office to replace with DOGE for several reasons. As a matter of optics, using the USDS as a vehicle for DOGE minimizes perception that this is an entirely new office. The office comes with an established funding stream.[3] And the U.S. Digital Service was part of the Office of Management and Budget, with which DOGE is working closely both to gather information across the government and to implement recommendations.

The U.S. Digital Service’s mission to improve federal government technology also aligns with at least some of DOGE’s goals. President Obama created the U.S. Digital Service after private sector technology experts saved HealthCare.gov in the wake of its failed initial launch.[4] Its purpose was to import “private sector best practices to the Federal Government.”[5] Its projects have included improvements to SSA.gov, building COVID-19 vaccine finder tools, simplifying VA.gov, and improving government technology procurement.[6] According to the Order, the purpose of the new USDS is to “implement the President’s DOGE Agenda, by modernizing Federal technology and software to maximize governmental efficiency and productivity.”

II. USDS Personnel

Although the Order offers some insight into USDS personnel, it also raises new questions.

A. USDS Leadership

Originally, Elon Musk and Vivek Ramaswamy were announced as the co-leads of DOGE, and Bill McGinley was announced as General Counsel. Ramaswamy and McGinley have both recently departed the team. Musk continues to lead DOGE, but his exact role is unclear. The Order establishes a USDS Administrator who will report to the White House Chief of Staff. It is possible Musk could fill that role, but no such public announcement has been made.

The White House recently did announce that Musk is serving as a special government employee (SGE). SGEs are often required to file financial disclosures and comply with federal employee criminal conflict of interest rules. In addition, the Federal Acquisition Regulation imposes conflict-of-interest restrictions that prohibit the award of contracts that arise out of an SGE’s activity where the SGE is in a position to influence the award, or another conflict of interest is determined to exist.[7] The head of the contracting agency may grant an exception to this policy only if there is “a most compelling reason to do so, such as when the Government’s needs cannot reasonably be otherwise met.”[8] Musk’s continued leadership of his companies, including government contractors SpaceX and Tesla, could raise significant conflict of interest concerns.

B. DOGE Employees and DOGE Teams

The Order instructs each federal agency to establish a DOGE Team of at least four employees selected by agency leaders in consultation with the USDS Administrator. This directive facially applies to both executive agencies and independent agencies like the Federal Trade Commission, Federal Communications Commission, Securities and Exchange Commission, and others. The Order specifies that these DOGE Team members may include SGEs.

The Order also establishes within USDS the U.S. DOGE Service Temporary Organization. This organization will terminate on July 4, 2026 and is tasked with advancing the President’s 18-month DOGE agenda. At this point it is unclear what unique purpose the temporary organization may fulfill as compared to the USDS, but the temporary status may make it easier to hire temporary employees or volunteers. The head of a temporary organization may appoint employees into the excepted service of the civil service, exempting them from some federal employee hiring requirements.[9] The head of a temporary organization also may accept volunteer services as well as detailees from government departments or agencies.[10]

The role of the current 230 U.S. Digital Service employees is unclear, and they are reportedly being reinterviewed.[11]

III. USDS Activities

The Order tasks the USDS administrator with a “Software Modernization Initiative to improve the quality and efficiency of government-wide software, network infrastructure, and information technology (IT) systems.” Priorities of this initiative include inter-operability between agencies, data integrity, and responsible data collection. The Order instructs agency heads to “ensure USDS has full and prompt access to all unclassified agency records, software systems, and IT systems.”

Another executive order titled “Hiring Freeze” tasks USDS with working with the OMB Director to produce a plan to reduce the size of the federal workforce, and effectuates a freeze on hiring federal civilian employees.[12] In support of that goal, on January 28, 2025, the administration offered federal employees a deferred resignation option.[13] The subject of the email, “Fork in the Road” was the same as that used by Elon Musk in a similar email to Twitter employees, suggesting Musk’s involvement with the resignation offer.[14]

Other recent administration actions appear to be advancing the DOGE agenda, as well. The General Services Administration, the Department of Energy, and likely other executive branch agencies have halted all new contracting awards with certain exceptions.[15] OMB issued a memorandum (before rescinding it) that some interpreted as freezing funding for all “financial assistance programs and supporting activities,” but OMB then clarified that the freeze applied only to discretionary payments for specific programs involving immigration, foreign aid, DEI programs, and gender issues that were already ordered paused via executive orders.[16]

IV. Transparency Requirements

Housing DOGE in the EOP may mean it is subject to fewer transparency requirements than it would have been as a federal advisory committee. As a government office, FACA disclosure requirements likely do not apply. Whether the Freedom of Information Act (FOIA) applies to the new USDS’s records remains an open question. The Order states that the USDS “shall be established in the Executive Office of the President.” As OMB is part of the EOP, it’s not clear whether the Order means to pull the USDS out of OMB. OMB is subject to FOIA and so is the EOP, except for any part of the EOP “whose sole function is to advise and assist the President.”[17] The Order states that the USDS Administrator “shall report to the White House Chief of Staff” suggesting the administration could argue that the USDS exists to advise and assist the president and is therefore exempt from FOIA. Hence, it is possible that the USDS will not be subject either to FACA’s or FOIA’s transparency requirements.

The U.S. Digital Service was subject to the Federal Records Act and Presidential Records Act according to its own privacy policy.[18] It remains to be seen if the Trump administration will amend that policy.

V. Challenges to DOGE

Minutes after Trump was inaugurated, public interest groups sued the administration seeking to enjoin DOGE from conducting its business.[19] The lawsuits were premised on the argument that DOGE is in fact a FAC and it is violating FACA requirements regarding its establishment, records preservation, and public access. Committees composed wholly of federal government employees, such as the original U.S. Digital Service, are not subject to FACA.[20] If DOGE is comprised solely of government employees and not private sector advisors as initially contemplated, FACA likely will not apply to it. If advisors remain outside the government, it is possible that a court could determine that some of the USDS activities fall under FACA.[21]

DOGE—or, now, USDS—is already having an impact, although it will take months or years to understand the full implications of its actions. Gibson Dunn will continue to monitor USDS’s activities and help clients understand their effect on the U.S. government, businesses, and individuals.

[1] Exec. Order, Establishing and Implementing the President’s “Department of Government Efficiency,” (Jan. 20, 2025), available here.

[2] Christ Megerian, Zeke Miller, and Lisa Mascaro, Trump White House Rescinds Memo Freezing Federal Money After Widespread Confusion, Associated Press (Jan. 29, 2025) https://apnews.com/article/donald-trump-pause-federal-grants-aid-6d41961940585544fa43a3f66550e7be; Scott Neuman, Trump Wants to Cut the Federal Workforce, NPR (Jan. 31, 2025), here.

[3] The U.S. Digital Service receives funding from the Information Technology Oversight and Reform account along with the Office of the Federal Chief Information Office. In recent years, the funds in this account have come from the American Rescue Plan Act.

[4] The White House Office of the Press Secretary, Fact Sheet: Improving and Simplifying Digital Services (Aug. 11, 2014), https://obamawhitehouse.archives.gov/the-press-office/2014/08/11/fact-sheet-improving-and-simplifying-digital-services.

[5] U.S. Digital Service, How We Work, https://www.usds.gov/how-we-work (last visited Jan. 21, 2025).

[6] U.S. Digital Service, Our Projects, https://www.usds.gov/projects (last visited Jan. 21, 2025).

[7] 48 CFR § 3.601.

[8] 48 CFR § 3.602.

[9] 5 U.S.C. § 3161.

[10] 5 U.S.C. § 3161(i).

[11] Natalie Alms, U.S. Digital Service Employees are Being Re-interviewed Under DOGE Transition, NextGov/FCW (Jan. 22, 2025), here.

[12] Exec. Order, Hiring Freeze, (Jan. 20, 2025), available here.

[13] Off. of Pers. Mgmt., Fork in the Road, https://www.opm.gov/fork.

[14] Garrett Haake and Amanada Terkel, Trump Administration Offers Roughly 2 Million Federal Worker a Buyout to Resign, NBC News (Jan. 28, 2025), here.

[15] Memorandum from Stephen Ehikian, Acting Adm’r. and Deputy Adm’r., Gen. Serv. Admin. to GSA Acquisition Workforce et al. (Jan. 24, 2025), here.

[16] Memorandum from Matthew J. Vaeth, Acting Dir. Off. Mgmt. and Budget to Heads of Exec. Dep’t and Agencies (Jan. 27, 2025), here; OMB Q&A Regarding Memorandum M-25-13 (Jan. 28, 2025), here.

[17] Meyer v. Bush, 981 F.2d 1288, 1291 n.1 (D.C. Cir. 1993) (quoting H.R. Rep. No. 1380, 93d Cong., 2d Sess. 14 (1974)).

[18] U.S. Digital Service, U.S. Digital Service Privacy Policy, https://www.usds.gov/privacy (last visited Jan. 22, 2025).

[19] Complaint, Am. Pub. Health Ass’n v. Off. Mgmt. Budget, No. 1:25-cv-00167 (D.D.C. Jan. 20, 2025); Complaint, Jerald Lentini v. Dep’t Gov. Efficiency, No. 1:25-cv-00166 (D.D.C. Jan. 20, 2025); Complaint, Public Citizen Inc. v. Donald Trump, No. 1:25-cv-164 (D.D.C. Jan 20, 2025); Ctr. for Biological Diversity v. Off. Mgmt Budget, No. 25-165 (D.D.C. Jan 20, 2025).

[20] 5 U.S.C. § 1001(2)(B)(i).

[21] FACA provides that the term “advisory committee” excludes “a committee that is composed wholly of full-time, or permanent part-time, officers or employees of the Federal Government.” 5 U.S.C. § 1001(2)(B)(i).

The following Gibson Dunn lawyers prepared this update: Michael Bopp, Amanda Neely, Aaron Gyde, and Anne Lonowski.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Public Policy, Administrative Law & Regulatory, Energy Regulation & Litigation, Labor & Employment, or Government Contracts practice groups, or the following in Washington, D.C.:

Michael D. Bopp – Co-Chair, Public Policy Practice Group,
(+1 202.955.8256, mbopp@gibsondunn.com)

Stuart F. Delery – Co-Chair, Administrative Law & Regulatory Practice Group,
(+1 202.955.8515, sdelery@gibsondunn.com)

Tory Lauterbach – Partner, Energy Regulation & Litigation Practice Group,
(+1 202.955.8519, tlauterbach@gibsondunn.com)

Amanda H. Neely – Of Counsel, Public Policy Practice Group,
Washington, D.C. (+1 202.777.9566, aneely@gibsondunn.com)

The memorandum could have implications for companies—including those in the technology sector—confronting questions relating to privacy, data, cybersecurity, and artificial intelligence.

On January 20, 2025, President Trump issued an executive memorandum ordering “all executive departments and agencies” to implement a regulatory freeze. This memorandum follows similar regulatory freeze memoranda issued by the Office of Management and Budget (OMB) on behalf of the president at the beginning of the Biden Administration in 2021 and issued by OMB on behalf of the president at the beginning of the Trump Administration in 2017. The memorandum:

Places a moratorium on the issuance, proposal, or publication of any new “rules” or “regulatory actions”, pending review by President Trump’s appointees;
Directs executive departments and agencies to immediately withdraw for review any rules sent to the OFR but not yet published in the Federal Register; and
Directs executive departments and agencies to consider postponing for 60 days the effective dates for any rules that have been published in the Federal Register or otherwise issued which have not taken effect.

The issuance of a regulatory freeze is not unusual for a new administration. However, the scope of President Trump’s memorandum—against the backdrop of the frenetic regulatory activity of the post-2024 election Biden administration—means that this memorandum may carry meaningful impact for a number of regulations that companies are already taking steps to comply with. Several of the rule moratoria could have implications for companies—including those in the technology sector—confronting questions relating to privacy, data, cybersecurity, and artificial intelligence (AI). For example, two potentially significant rules appear to be in procedural limbo as a result of the order:

The U.S. Commerce Department’s Bureau of Industry and Security’s (BIS) connected vehicles final rule, which bans certain imports and sales of vehicles from China (including Hong Kong) and Russia, as well as key hardware and software components, based on identified “undue or unacceptable risks” to U.S. national security and the safety and security of U.S. persons, was published in the Federal Register on January 16, 2025 and goes into effect on March 17, 2025.
The Commerce Department’s Information and Communications Technology and Services Supply Chain (ICTS) final rule, which permits the Secretary of Commerce to prohibit ICTS transactions or impose mitigation measures for ICTS transactions involving “persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries” posing certain “undue or unacceptable risks,” was published in the Federal Register on December 6, 2024 and goes into effect on February 4, 2025. Again, while both rules are directionally consistent with the Trump administration’s approach to China, it is possible their implementation could be delayed for review and potential modification under the regulatory freeze order.

The application of the regulatory freeze memorandum is complicated in practice. For example, the Department of Justice’s (DOJ) bulk U.S. sensitive personal data final rule, which seeks to ensure that U.S. persons’ sensitive personal data cannot be legally sold to foreign adversaries by preventing specified “countries of concern” and “covered persons” from obtaining in “covered data transactions” bulk sensitive personal data of U.S. persons and U.S. government-related data, was published in the Federal Register on January 8, 2025 and goes into effect on April 8, 2025. Under the regulatory freeze memorandum, DOJ may postpone the effective date for 60 days to review the rule. DOJ could also pursue notice and comment rulemaking to further delay the effective date, modify, or withdraw the rule. However, because the underlying statutory authority for the rule was the International Emergency Economic Powers Act (IEEPA), which grants the executive broad rulemaking authority and is not subject to the rulemaking requirements of the Administrative Procedures Act (APA), DOJ was not required to engage in rulemaking in the first place. Accordingly, DOJ and President Trump have more authority to modify, withdraw, or issue a new rule without formal rulemaking. While the rule is directionally consistent with the Trump administration’s tough-on-China stance, the future of this rule is uncertain and it is possible the rule could be delayed to allow the administration to review its specific provisions.

Below are two charts that cover some of the most relevant recent rulemaking in the areas of data privacy, cybersecurity, and AI, analyzed to reflect the impact of the regulatory freeze memorandum. The first chart focuses on rules issued by executive agencies led by cabinet secretaries. The second chart focuses on rules issued by independent agencies. The extent to which independent agencies are subject to the regulatory freeze memorandum is likely to be subject to litigation. Some independent agencies have taken steps consistent with the order set out in the memorandum, but it is not yet fully clear whether all independent agencies will view themselves as bound to do so. The scope of presidential authority over such agencies is expected to be an area of focus in this administration. For more detailed analysis of the implications of the Trump administration’s actions on independent agencies, please see our client alert here.

Executive Agencies Led By Cabinet Secretaries
Agency	Regulation	Status	Published in Federal Register?	Change Post Regulatory Freeze of January 20, 2025	Prognosis
DOJ	Bulk Sensitive Personal Data Rule	Final Rule: issued December 27, 2024 Effective date: April 8, 2025 (pending conclusion of Congressional review under Congressional Review Act)	Yes: January 8, 2025	Finalized, but DOJ may postpone the effective date for 60 days to review. Government could pursue notice and comment for further delay of effective date, modification, or withdrawal of rule. Because rule issued under IEEPA, no rulemaking was required in the first place. President has more authority to modify, withdraw, or issue new rule without formal rulemaking.	Uncertain. May be delayed.
DoC	Connected Vehicles Rule	Final Rule: issued January 14, 2025 Effective date: March 17, 2025	Yes: January 16, 2025	Finalized, but DoC may postpone the effective date for 60 days to review. Government could pursue notice and comment for further delay of effective date, modification, or withdrawal of rule. Because rule issued under IEEPA, no rulemaking was required in the first place. President has more authority to modify, withdraw, or issue new rule without formal rulemaking.	Uncertain. May be delayed.
DoC	IaaS NPRM	NPRM	Yes: January 29, 2024	Because not a final rule, to move forward, must be reviewed and approved by department or agency head appointed by President Trump.	Uncertain. Unlikely to move forward in current form.
DoC	ICTS Regulations	Final Rule: issued December 5, 2024 Effective date: February 4, 2025	Yes: December 6, 2024	Finalized, but DoC may postpone the effective date for 60 days to review. Government could pursue notice and comment for further delay of effective date, modification, or withdrawal of rule. Because rule issued under IEEPA, no rulemaking was required in the first place. President has more authority to modify, withdraw, or issue new rule without formal rulemaking.	Uncertain. Unlikely to be delayed given the effective date.
DoC	ICTS Licensing Procedures Regulations	ANPRM	Yes: March 29, 2021	To move forward, must be reviewed and approved by department or agency head appointed by President Trump.	Uncertain. Unlikely to move forward in current form.
DoC	AI Diffusion Rule	Interim Final Rule Effective date: January 13, 2025 Deadline for comments: May 15, 2025	Yes: January 15, 2025	Since the IFR is already in effect, the regulatory freeze memorandum likely will have little impact on this rule. DoC/BIS are not able to delay the effective date for 60 days because the IFR is already in effect. However, DoC/BIS (with Trump-appointed leadership) may revise the IFR and replace it with a non-interim final rule in response to any comments received before May 15, 2025.	Companies should take steps now to prepare to comply with the new regulations. The IFR is likely to face significant critique during the public comment period. Implementation will require coordination and cooperation among U.S. allies and may face pushback from countermeasures from affected countries and entities. Final rule likely to include changes. For more information about this IFR, please see Gibson Dunn client alert here.
DoD / GSA / NASA	Federal Acquisition Regulation: Controlled Unclassified Information	Proposed Rule Deadline for comments: March 17, 2025	Yes: January 15, 2025	DoD/GSA/NASA could postpone deadline for comments on proposed rule, but the regulatory freeze memorandum is unlikely to have material impact. Unclear if proposed rule deemed to raise “substantial questions of law, fact, or policy.” Because not a final rule, to move forward, must be reviewed and approved by department or agency head appointed by President Trump.	Likely to move forward in some form.
DHS/ CISA	Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements	Proposed Rule Deadline for comments: June 3, 2024	Yes: April 4, 2024	Because not a final rule, to move forward, must be reviewed and approved by department or agency head appointed by President Trump.	There is significant uncertainty regarding the role that CISA will play in the Trump Administration, and it appears unlikely that these rules will move forward as proposed. However, because CIRCIA requires CISA to promulgate regulations implementing the statute’s covered cyber incident and ransom payment reporting requirements for covered entities, we may see revised regulations from CISA under the Trump Administration.

Independent Agencies The extent to which independent agencies are subject to the regulatory freeze memorandum is likely to be subject to litigation.
Agency	Regulation	Status	Published in Federal Register?	Impact if Regulatory Freeze Memorandum Were To Apply	Prognosis
FTC	COPPA Rule	Final Rule: issued January 16, 2025 Effective date: 60 days after publication in the Federal Register	No: as of February 3, 2025	Since the rule is final but not yet published in the Federal Register, it could be subject to a regulatory freeze, if a majority of the Commissioners so decide.	Uncertain. See Gibson Dunn client alert here for more information about the COPPA Rule.
FTC	Negative Option Rule (“Click to Cancel”)	Final Rule: issued October 16, 2024 Effective dates: January 14, 2025 for some provisions; May 14, 2025 for most of the rule.	Yes: November 15, 2024	The final rule has not fully taken effect.	Currently pending a challenge in 8th Circuit. Gibson Dunn represents challengers consisting of an individual company and seven trade associations. The parties are currently briefing the merits of the rule challenge.
FTC	Non-Compete Rule	Final Rule: issued April 23, 2024 Effective date: September 4, 2024 (but rule vacated by district court; the rule is not currently in effect)	Yes: May 7, 2024	Since the final rule is published in the Federal Register and has been vacated, the regulatory freeze memorandum does not impact the rule.	A district court set aside (vacated) the rule nationwide on August 20, 2024. FTC’s appeal of that decision is currently pending in the Fifth Circuit. The rule remains invalid, pending the resolution of the appeal. A separate district court granted a preliminary injunction applicable only to the plaintiff in that case. FTC’s appeal of that decision is currently pending the Eleventh Circuit.
FTC	Premerger Notification; Reporting and Waiting Period Requirements (Hart-Scott-Rodino (HSR) Rules)	Final Rule: issued October 10, 2024 Effective date: February 10, 2025	Yes: November 12, 2024	The FTC and/or DOJ may postpone the effective date for 60 days to review.	The rule is currently being challenged in the United States District Court for the Eastern District of Texas. See here for more information.
FCC	CALEA Declaratory Ruling and NPRM	Declaratory Ruling Adopted: January 15, 2025 Released: January 16, 2025 NPRM Adopted: January 15, 2025 Released: January 16, 2025	Declaratory Ruling: No, as of February 3, 2025 NPRM: No, as of February 3, 2025	Declaratory Ruling: “Declaratory ruling” is a term used by the FCC. Courts have generally concluded that FCC declaratory rulings are “declaratory orders” under the APA, and thus adjudications.[1] Therefore, an FCC declaratory ruling would likely not be in scope, as the regulatory freeze memorandum covers “rules” under APA section 551(4), not adjudications under APA section 554(e). NPRM: Because not a final rule, to move forward, must be reviewed and approved by department or agency head appointed by President Trump.	Uncertain. In the waning days of the Biden administration, prior to assuming the Chairmanship, then FCC Chair-Nominee Brendan Carr issued a statement criticizing the Declaratory Ruling and Notice of Proposed Rulemaking, which was approved by the Commission’s Democrats on a party-line basis (3-2). How Chair Carr approaches the future of the Declaratory Ruling and NPRM remains to be seen.
CFPB	Request for Information Regarding the Collection, Use, and Monetization of Consumer Payment and Other Personal Financial Data	Notice and request for information: issued January 10, 2025 Comments must be received on or before April 11, 2025	Yes: January 15, 2025	If the regulatory freeze were to apply, to move forward, the rule must be reviewed and approved by a department or agency head appointed by President Trump.	Uncertain. As of February 1, 2025, President Trump removed Rohit Chopra, as Director of the CFPB. Treasury Secretary Scott Bessent has been designated as the Acting Director of the CFPB. On February 3, 2025, Secretary Bessent directed CFPB staff to stop all rulemaking and suspend the effective dates of rules not yet in effect. He also directed staff to stop any activity related to enforcement matters, litigation, and public communications.
CFPB	Required Rulemaking on Personal Financial Data Rights (Section 1033 of the Consumer Financial Protection Act Rule)	Final Rule: issued October 22, 2025 Effective date: January 17, 2025 Compliance dates: beginning April, 2026	Yes: November 18, 2024.	Since the final rule is published in the Federal Register and has gone into effect, the regulatory freeze memorandum does not impact the rule.	Uncertain. It is unclear whether CFPB leadership appointed by President Trump will seek to revise or rescind this rule. The issuance of a rule of some kind is required by statute. There is speculation that the CFPB may decide to keep the rule in place given the length of time it took to develop and its issuance under the statutory mandate. Alternatively, new leadership could elect to engage in notice and comment rulemaking either to reconsider certain aspects of the rule or to rescind it and issue a new rule. There is also some reporting that this rule may be a target for congressional review under the Congressional Review Act.[2] However, if Congress were to enact a joint resolution of disapproval, the CFPB could not reissue a rule “in substantially the same form” as the current rule.[3] Treasury Secretary Scott Bessent has been designated as the Acting Director of the CFPB. On February 3, 2025, Secretary Bessent directed CFPB staff to stop all rulemaking and suspend the effective dates of rules not yet in effect. He also directed staff to stop any activity related to enforcement matters, litigation, and public communications.

[1] See, e.g., City of Arlington, Tex. v. F.C.C., 668 F.3d 229, 241 & n.44 (5th Cir. 2012), aff’d, 569 U.S. 290 (2013); see also Emily S. Bremer, Declaratory Orders, Final Report to the Administrative Conference of the United States at 15 (Oct. 30, 2015).

[2] Katherine Hapgood, CFPB in Senate Banking Republican crosshairs for Congressional Review Act, PoliticoPro (Jan. 31, 2025), https://subscriber.politicopro.com/article/2025/01/cfpb-in-senate-banking-republican-crosshairs-for-congressional-review-act-00201742l.

[3] 5 U.S.C. § 801(b)(2).

The following Gibson Dunn lawyers prepared this update: Ashlie Beringer, Stephenie Gosnell Handler, Vivek Mohan, Wesley Sze, and Hugh Danilack.

Artificial Intelligence:

Keith Enright – Palo Alto (+1 650.849.5386, kenright@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, cgaedt-sheckter@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)
Robert Spano – London/Paris (+33 1 56 43 13 00, rspano@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)
Frances A. Waldmann – Los Angeles (+1 213.229.7914,fwaldmann@gibsondunn.com)

Privacy, Cybersecurity, and Data Innovation:

United States:
Ashlie Beringer – Co-Chair, Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)
Ryan T. Bergsieker – Denver (+1 303.298.5774, rbergsieker@gibsondunn.com)
Gustav W. Eyler – Washington, D.C. (+1 202.955.8610, geyler@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, cgaedt-sheckter@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202.955.8657, sgans@gibsondunn.com)
Lauren R. Goldman – New York (+1 212.351.2375, lgoldman@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, shandler@gibsondunn.com)
Natalie J. Hausknecht – Denver (+1 303.298.5783, nhausknecht@gibsondunn.com)
Jane C. Horvath – Co-Chair, Washington, D.C. (+1 202.955.8505, jhorvath@gibsondunn.com)
Martie Kutscher Clark – Palo Alto (+1 650.849.5348, mkutscherclark@gibsondunn.com)
Kristin A. Linsley – San Francisco (+1 415.393.8395, klinsley@gibsondunn.com)
Timothy W. Loose – Los Angeles (+1 213.229.7746, tloose@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)
Rosemarie T. Ring – Co-Chair, San Francisco (+1 415.393.8247, rring@gibsondunn.com)
Ashley Rogers – Dallas (+1 214.698.3316, arogers@gibsondunn.com)
Sophie C. Rohnke – Dallas (+1 214.698.3344, srohnke@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)
Benjamin B. Wagner – Palo Alto (+1 650.849.5395, bwagner@gibsondunn.com)
Debra Wong Yang – Los Angeles (+1 213.229.7472, dwongyang@gibsondunn.com)

Europe:
Ahmed Baladi – Co-Chair, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com)
Joel Harrison – Co-Chair, London (+44 20 7071 4289, jharrison@gibsondunn.com)
Lore Leitner – London (+44 20 7071 4987, lleitner@gibsondunn.com)
Vera Lukic – Paris (+33 (0) 1 56 43 13 00, vlukic@gibsondunn.com)
Lars Petersen – Frankfurt/Riyadh (+49 69 247 411 525, lpetersen@gibsondunn.com)
Robert Spano – London/Paris (+44 20 7071 4000, rspano@gibsondunn.com)

Asia:
Connell O’Neill – Hong Kong (+852 2214 3812, coneill@gibsondunn.com)
Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com)

This update provides an overview of key FCPA and other international anti-corruption enforcement, litigation, and policy developments from 2024, as well as our observations and analysis regarding the trends we are seeing from this activity.

There is substantial change afoot in Washington, and these are still early days, but whether enforcement of the Foreign Corrupt Practices Act (FCPA) will decline in a second Trump Administration remains to be seen. It is notable that predictions of FCPA underenforcement proved unfounded during the President’s first term. From what we encounter in our daily work on behalf of our clients, the statute’s dual enforcement groups at the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) remain committed and are riding the wave of a busy 2024, with dozens of prosecutions, numerous important policy announcements, and a record four-for-four showing in criminal trials. Moreover, international partners continue to enforce their foreign corruption statutes with increasing vigor. As the size of our annual update portends, there continues to be much to discuss regarding the FCPA and related international anti-corruption developments.

Gibson Dunn has maintained its industry-leading expertise in this space by virtue of the complex, cutting-edge anti-corruption challenges we have had the privilege of helping our clients navigate day in and day out for the past several decades. We were honored to continue our streak in 2024 of being ranked Number 1 in the Global Investigations Review “GIR 30” ranking of the world’s top investigations practices for the seventh consecutive year and the ninth time in the last ten years.

For additional analysis on anti-corruption enforcement and related developments from 2024, we invite you to register here and join us for our upcoming complementary webcast presentation on February 27, 2025: “2024 Year-End FCPA Update.” As usual, CLE credit will be offered.

OVERVIEW OF THE FCPA & OTHER U.S. LAWS TARGETING FOREIGN CORRUPTION

The FCPA’s anti-bribery provisions make it illegal to offer or provide money or anything else of value to officials of foreign governments, foreign political parties, or public international organizations with corrupt intent, for the purpose of obtaining or retaining business. These provisions apply to “issuers,” “domestic concerns,” and those acting on behalf of issuers and domestic concerns, as well as to “any person” who acts while in the territory of the United States. The term “issuer” covers any business entity that is registered under 15 U.S.C. § 78l or that is required to file reports under 15 U.S.C. § 78o(d) (typically referring to companies whose shares are listed on a national exchange). In this context, foreign issuers whose American Depositary Receipts (ADRs) or American Depositary Shares (ADSs) are listed on a U.S. exchange are “issuers” for purposes of the FCPA. The term “domestic concern” is even broader and includes any U.S. citizen, national, or resident, as well as any business entity that is organized under the laws of a U.S. state or that has its principal place of business in the United States.

In addition to the anti-bribery provisions, the FCPA also has “accounting provisions” that apply to issuers and in some cases those acting on their behalf, and that are comprised of two core components. First, the books-and-records provision requires issuers to make and keep accurate books, records, and accounts that, in reasonable detail, accurately and fairly reflect the issuer’s transactions and disposition of assets. Second, the FCPA’s internal accounting controls provision requires that issuers devise and maintain reasonable internal accounting controls aimed at preventing and detecting FCPA violations. Prosecutors and regulators frequently invoke these latter two sections when they cannot establish the elements for an anti-bribery prosecution or as a mechanism for compromise in resolution negotiations. Because there is no requirement that a false record or deficient control be linked to an improper payment, even a transaction that does not constitute a violation of the anti-bribery provisions can lead to prosecution under the accounting provisions if inaccurately recorded or attributable to an internal accounting controls deficiency.

Further, as discussed in our 2023 Year-End FCPA Update, in December 2023 the United States enacted the Foreign Extortion Prevention Act (FEPA). FEPA explicitly criminalizes the “demand side” of foreign bribery by prohibiting the receipt of corrupt payments by foreign officials, which the FCPA does not do. However, the practical impact of FEPA remains to be seen given that DOJ has long been prosecuting foreign officials for their receipt of bribes under the money laundering statute, as noted immediately below.

Finally, prosecutors from the FCPA Unit of DOJ (and, to a lesser extent, enforcers from the SEC’s FCPA Unit as to violations of the securities laws) frequently charge non-FCPA offenses such as money laundering, mail and wire fraud, Travel Act violations, securities fraud, tax violations, and even false statements, in addition to or instead of FCPA charges. The most prevalent among these “FCPA-related” charges, in the criminal context, is money laundering—a generic term used as shorthand for statutory provisions, including 18 U.S.C. § 1956, that generally criminalize conducting or attempting to conduct a transaction involving proceeds of “specified unlawful activity” or transferring funds to or from the United States, in either case to promote the carrying on of specified unlawful activity; to conceal or disguise the nature, location, source, ownership or control of the proceeds; or to avoid a transaction reporting requirement. “Specified unlawful activity” includes over 200 enumerated U.S. crimes and certain foreign crimes, including the FCPA, fraud, and corruption offenses under the laws of foreign nations. Although this has not always been the case, in recent history DOJ has frequently deployed the money laundering statutes to charge “foreign officials” who are not themselves subject to the FCPA. It is not unusual for DOJ to charge the alleged provider of a corrupt payment under the FCPA and the alleged recipient with money laundering, particularly if the recipient is employed by a state-owned enterprise. As noted above, at least for activity post-dating the passage of FEPA in December 2023, DOJ now has another prosecutorial tool to wield in its international anti-corruption enforcement efforts.

FCPA AND FCPA-RELATED ENFORCEMENT STATISTICS

The below table and graph detail the number of FCPA enforcement actions initiated by DOJ and the SEC, the statute’s dual enforcers, in each of the past 10 years.

Chart 1

Chart 2

Of course, as regular readers of these pages know, and as mentioned above, a substantial proportion of U.S. anti-corruption enforcement actions are predicated on “FCPA-related” charges arising from the same corruption investigations by the same prosecutors but not charged under the FCPA itself. Examples of “FCPA-related” charges include wire and mail fraud, securities fraud, tax offenses, and most significantly money laundering. Although this is predominantly a criminal phenomenon, 2024 saw two rare “FCPA-related” charges filed by the SEC in the Adani case discussed below. The below table and graph illustrate the past 10 years of FCPA plus FCPA-related enforcement activity.

Chart 4

KEY 2024 FCPA-RELATED ENFORCEMENT DEVELOPMENTS

As our longtime readers know, we endeavor in these pages not only to describe the year’s individual FCPA and related enforcement actions, but also to discern patterns, themes, and trends in this enforcement activity. With respect to 2024, we have identified seven developments of note:

DOJ reaches subsidiary-only resolutions with parent compliance guarantees;
DOJ further defines the poles in Corporate Enforcement Policy credit;
DOJ FCPA “declinations with disgorgement” continue as a trickle;
Rounding out the SEC FCPA enforcement docket;
Individual FCPA enforcement actions come in bunches;
Not quite “FCPA-related,” but still worthy of mention; and
DOJ’s FCPA Unit runs the table, going four-for-four at trial.

1. DOJ Reaches Subsidiary-Only Resolutions with Parent Compliance Guarantees

FCPA practitioners well understand that a key term in any criminal resolution negotiation is the defendant corporate entity or entities. Although there are many variations, one common approach that developed over the years was for the subsidiary(ies) most involved in the conduct to plead guilty, and for the parent company to enter into a deferred or non-prosecution agreement, at least where there was some alleged involvement by the parent. This approach allowed DOJ to secure the most serious form of resolution as to the most culpable corporate entity, while allowing the company (as a whole) to avoid the potentially dire collateral impacts that can accompany a guilty plea at the parent level.

Historically, DOJ has frequently insisted in FCPA cases upon at least some form of criminal resolution with the parent entity, even where the misconduct was principally concentrated in subsidiary businesses. There are certainly exceptions to this rule, notably including a three-subsidiary combination resolution Gibson Dunn negotiated to spare parent company Hewlett-Packard Company from criminal enforcement as described in our 2014 Mid-Year FCPA Update. But the exception crept ever closer to the rule in 2024, as fully one-third of FCPA corporate criminal prosecutions did not involve a parent-level defendant. Still, as described below, the parent companies were required to sign on to the subsidiary resolutions to guarantee the compliance and reporting obligations that typically accompany FCPA resolutions would be applied across the corporate enterprise and not only the subsidiary.

McKinsey and Company Africa (Pty) Ltd.

The most recent example of this phenomenon is DOJ’s resolution with the South African subsidiary of the multinational business consultant McKinsey & Company. On December 5, 2024, DOJ announced a deferred prosecution agreement with McKinsey and Company Africa arising from allegations that, between 2012 and 2016, the entity conspired to violate the FCPA’s anti-bribery provisions by agreeing to make corrupt payments to officials of two state-owned companies in South Africa. The South African McKinsey entity allegedly partnered with local South African consulting firms qualified under the Broad-based Black Economic Empowerment Act while knowing that those firms would use a portion of their fees to pay the purported bribes in exchange for confidential information about competitors and for steering contracts toward sole source awards to McKinsey rather than competitive tenders. In a related matter announced the same day, DOJ unsealed a December 2022 plea agreement with Vikas Sagar, the McKinsey partner allegedly at the center of the corruption scheme, pursuant to which Sagar agreed to plead guilty to one count of conspiracy to violate the FCPA’s anti-bribery provisions.

To resolve the corporate matter, the McKinsey South Africa entity entered into a three-year deferred prosecution agreement and agreed to pay a criminal fine of approximately $123 million, which reflects a 35% discount applied from the fifth percentile of the U.S. Sentencing Guidelines range for the company’s cooperation and remediation. Although it is now DOJ policy to impose forfeiture in addition to a criminal fine in non-issuer cases such as this, as discussed in our 2023 Year-End FCPA Update, DOJ did not do so here as McKinsey had already disgorged all revenues from the affected contracts to South African authorities. DOJ also agreed to credit up to half of the criminal fine against penalties McKinsey paid to South African authorities in a forthcoming resolution, providing the penalty is paid within 12 months. Finally, although not a party to the criminal case, parent McKinsey & Company co-signed the subsidiary resolution, agreeing to fulfill the cooperation, compliance program enhancement, self-reporting, and other compliance-related obligations across the whole of McKinsey’s global operations for the three-year term of the subsidiary’s deferred prosecution agreement. McKinsey’s FCPA resolution was followed less than 10 days later with a separate, larger criminal resolution arising from McKinsey’s consulting work in the opioids industry, announced on December 13, 2024.

Telefónica Venezolana C.A.

Working backward through the year, the second example of a subsidiary-only criminal resolution in 2024 was announced on November 8, when Telefónica Venezolana, the Venezuelan subsidiary of the Spain-based international telecommunications company Telefónica S.A., entered into a deferred prosecution agreement with DOJ to resolve allegations of bribery associated with a 2014 currency auction. According to DOJ, Telefónica Venezolana used a consultant to receive preferential access to the auction to exchange U.S. dollars for Venezuelan bolivars, knowing that the consultant would bribe Venezuelan government officials controlling access to the currency exchange. Telefónica Venezolana allegedly concealed its payments to the consultant by purchasing equipment at inflated prices from suppliers that entered into the consulting agreements on Telefónica’s behalf.

To resolve the matter, Telefónica Venezolana agreed to enter into a three-year deferred prosecution agreement alleging a conspiracy to violate the FCPA’s anti-bribery provisions and to pay a criminal fine of $85.26 million. Although not named as a defendant, parent Telefónica S.A. agreed to extend the subsidiary’s cooperation and compliance enhancement obligations for the three-year term to the full Telefónica enterprise. Notably, although parent Telefónica S.A. is a U.S. ADR issuer whose Brazilian subsidiary (also an ADR issuer) entered into a separate SEC FCPA resolution in 2019 as described in our 2019 Year-End FCPA Update, there was no parallel SEC resolution associated with the 2024 Venezuelan matter. Although it is not unusual for a listed company to resolve civil FCPA charges with the SEC and not criminal FCPA charges with DOJ, given the lower burden of proof and broader accounting theories available to the SEC, we are not familiar with any example of an issuer or its affiliate resolving with DOJ and not the SEC in an FCPA matter. It is presently unclear if Telefónica S.A. will enter into an SEC resolution associated with the Venezuela matter.

Raytheon Company

The third and final example of a subsidiary-only criminal FCPA resolution from 2024 was that with global defense contractor Raytheon. On October 16, 2024, DOJ and SEC announced parallel resolutions relating to allegations that, between 2012 and 2016, Raytheon authorized nearly $2 million in corrupt payments to a high-level official of the Qatari Air Force to secure air defense contracts through an alleged “sham subcontractor,” and failed to disclose these subcontractor payments as required by the Arms Export Control Act (AECA) and International Traffic in Arms Regulations (ITAR). The SEC additionally alleged that over a longer period Raytheon paid more than $30 million to a Qatari-based agent, who was a relative of the Qatari Emir, under circumstances that presented elevated corruption risk.

To resolve the criminal FCPA, AECA, and ITAR allegations, Raytheon entered into a three-year deferred prosecution agreement and agreed to pay a $230.4 million criminal fine plus approximately $36.7 million in forfeiture, though up to $7.4 million of the forfeiture amount was credited against the SEC resolution. In the SEC matter, parent company RTX Corporation consented to a cease-and-desist proceeding alleging FCPA anti-bribery, books-and-records, and internal controls violations, and agreed to pay $49.1 million in disgorgement and prejudgment interest plus a civil penalty of $75 million, though $22.5 million of that penalty is offset against the criminal fine. And in a separate but coordinated matter, Raytheon resolved allegations of major fraud against the United States in a second deferred prosecution agreement and civil False Claims Act settlement alleging that the company provided inaccurate pricing data to the U.S. Department of Defense associated with foreign defense contracts. In total, and coupled with an earlier consent decree reached with the State Department, Raytheon and RTX agreed to pay nearly $1 billion to resolve the FCPA and non-FCPA charges, and also agreed to retain a compliance monitor jointly focused on anti-corruption and government contracts pricing compliance. But in contrast to the SEC resolution, parent RTX is not a defendant in either of the criminal resolutions and agreed only to adhere to the compliance- and disclosure-related obligations of its subsidiary Raytheon.

2. DOJ Further Defines the Poles in Corporate Enforcement Policy Credit

2024 marks the second year of FCPA resolutions since the January 2023 release of the DOJ Criminal Division’s updated Corporate Enforcement and Voluntary Self-Disclosure Policy (Corporate Enforcement Policy), first covered in our 2022 Year-End FCPA Update and further tracked in our 2023 Year-End FCPA Update. Under the current Corporate Enforcement Policy, DOJ may grant up to a 50% discount from the criminal fine for cooperation and remediation in a case that was not self-disclosed by the defendant company, and up to a 75% discount if the matter does qualify as a voluntary disclosure but nonetheless warrants criminal prosecution as opposed to a “declination with disgorgement.” These discount percentages are up from 25% and 50%, respectively, available under prior DOJ guidance. Further, the January 2023 Corporate Enforcement Policy provides enhanced guidance as to whether the cooperation and remediation discount is applied from the bottom of the U.S. Sentencing Guidelines range as was typical pre-Corporate Enforcement Policy, or a higher point-of-departure if the corporate defendant has a relevant history of “prior misconduct.”

In announcing the Corporate Enforcement Policy, DOJ made clear that the maximum-available discount is not the default, and that companies will start from zero and have to build the case for a discount based on their cooperation and remediation. The first two years of application have borne this out, as the “perfect score” of 50% / 75% remains elusive and the range of discounts in FCPA matters have varied from as low as 10% to as high as 45%. Moreover, the “other half” of the equation—whether the discount is taken from the bottom of the Guidelines range or from a higher point of departure—has varied significantly as well, with five companies receiving a discount from the bottom of the range and six companies receiving the discount from a higher point, ranging from the 5th to the 30th percentile.

Focusing on 2024, there were eight corporate criminal resolutions, outside of the “declination with disgorgement” with Boston Consulting Group described below. As shown in the below chart, the Corporate Enforcement Policy “discounts” ranged from 10% to 45% and the point of departure ranged from the bottom of the Guidelines range to the 30th percentile. The average “effective Corporate Enforcement Policy discount,” adjusting for both the discount percentage and point of departure, was 19%, resulting in an average effective savings of $23,262,861.

A table summarizing the Corporate Enforcement Policy discount details across the eight non-declination DOJ corporate FCPA resolutions of 2024 is below, followed by an analysis of four resolutions that illustrate the poles of cooperation and remediation credit offered by DOJ: AAR Corp. (45%) and SAP SE (40%) at the high-end, and Trafigura (10%) and BIT Mining (10%) at the low-end. We also analyze a fifth resolution that illustrates the impact of the point of departure, as Gunvor’s 25% cooperation and remediation discount was effectively reduced to 2.5% by virtue of the discount being taken from the 30th percentile of the Guidelines range.

Company	Date	Resolution Type	Criminal Fine	Discount %	Guidelines Point of Departure	Effective CEP Discount (Savings)
SAP SE	01/10/24	DPA	$118,800,000	40%	10th percentile	34% ($61,200,000)
Gunvor S.A.	03/01/24	Guilty Plea	$374,560,071	25%	30th percentile	2.5% ($9,604,105)
Trafigura Beheer B.V.	03/29/24	Guilty Plea	$80,488,040	10%	5th percentile	5.5% ($4,684,490)
Raytheon Co.	10/16/24	DPA	$230,400,000	20%	20th percentile	4% ($9,600,000)
Telefónica Venezolana C.A.	11/08/24	DPA	$85,260,000	20%	5th percentile	16% ($16,240,000)
BIT Mining Ltd.*	11/18/24	DPA	$54,000,000	10%	Bottom	10% ($6,000,000)
McKinsey & Co. Africa (Pty) Ltd	12/05/24	DPA	$122,850,000	35%	5th percentile	32% ($57,150,000)
AAR CORP.	12/19/24	NPA	$26,393,029	45%	Bottom	45% ($21,624,296)

* BIT Mining’s criminal fine was reduced to $10 million based on a demonstrated inability to pay the fine amount.

AAR CORP.

The highest cooperation and remediation discount of 2024, tied for the highest in the two-year history of the current Corporate Enforcement Policy, goes to Illinois-based aviation services company AAR. On December 19, 2024, DOJ and the SEC announced joint FCPA enforcement actions alleging that, between 2015 and 2020, AAR made nearly $8 million in payments to agents while knowing that a portion of those fees would be provided to government officials in Nepal and South Africa to obtain confidential bidding information, preferential payment terms, and otherwise to influence the contract award processes for state-owned airlines in each country.

To resolve the SEC charges, AAR consented to a cease-and-desist order finding that the company violated the FCPA’s anti-bribery, books-and-records, and internal controls provisions and agreed to pay $29.2 million in disgorgement plus prejudgment interest. No penalty was imposed due to the criminal resolution. To resolve DOJ’s allegations, AAR entered a non-prosecution agreement with an 18-month term and agreed to pay a $26.4 million criminal fine plus forfeiture, although the forfeiture amount was offset by the SEC’s disgorgement order. The criminal fine reflected a 45% Corporate Enforcement Policy discount taken from the bottom of the applicable Guidelines range, based on AAR’s cooperation, remediation, lack of criminal history, and, most notably as discussed below, the company’s self-reporting of the conduct in question.

AAR reported the alleged conduct in question to DOJ and the SEC promptly after becoming aware of press reports of a local corruption investigation concerning the Nepalese conduct and before being contacted by either agency. Still, DOJ did not credit the self-report as a “voluntary disclosure” for Corporate Enforcement Policy purposes because of the press reports and because, unbeknownst to AAR, “an independent source” already had reported the Nepalese conduct to the government. Thus, the report did not occur “prior to an imminent threat of disclosure or government investigation” as required by the Corporate Enforcement Policy and Section 8C2.5(g)(1) of the Sentencing Guidelines. Still, DOJ stated that it “gave significant weight” to the self-reporting in its determination of the form of resolution (i.e., non-prosecution agreement), cooperation and remediation credit awarded (i.e., 45%), and term of post-resolution reporting (i.e., 18 months). Notably, the only other 45% Corporate Enforcement Policy discount awarded by DOJ in an FCPA case to date likewise involves an “imperfect voluntary disclosure,” as covered in our discussion of the Albemarle case in our 2023 Year-End FCPA Update.

Separate from the company, two individuals were prosecuted in 2024 for their alleged involvement in the AAR corruption scheme. Related to Nepal, Deepak Sharma, a former executive of a U.S.-based AAR subsidiary, pleaded guilty on August 1, 2024 to a one-count information charging conspiracy to violate the FCPA’s anti-bribery provisions and also settled related SEC charges on December 19, 2024. Sharma agreed to disgorge nearly $131,000 in compensation allegedly tied to the corrupt conduct, plus nearly $54,000 in prejudgment interest thereon, in connection with the SEC resolution and sentencing in the criminal case has yet to be scheduled. Separately, a third-party agent of AAR’s allegedly involved in the South African corruption, Julian Aires, pleaded guilty to a one-count information charging conspiracy to violate the FCPA’s anti-bribery provisions on July 15, 2024, and like Sharma there is currently no sentencing date set.

SAP SE

The other high-flier in 2024 FCPA Corporate Enforcement Policy discounts was German software company and U.S. ADS issuer SAP, which on January 10, 2024 reached joint FCPA resolutions with DOJ and the SEC arising from an alleged bribery scheme covering multiple countries. According to the criminal charging documents, between 2013 and 2018, SAP made payments to agents in South Africa and Indonesia while knowing that portions of those payments would be passed on to officials associated with multiple different governmental bodies in each country, as well as knowingly falsified certain records relating to additional third-party payments in South Africa with no identified business purpose. The SEC charging document additionally alleges public corruption in Ghana, Kenya, Malawi, and Tanzania, as well as an improper gift provided to a government official in Azerbaijan in 2022.

To resolve the criminal matter, SAP entered into a deferred prosecution agreement alleging conspiracy to violate both the FCPA’s anti-bribery and books-and-records provisions and agreed to pay a $118.8 million criminal fine, though $55.1 million of the fine was offset by payments made in connection with coordinated anti-corruption resolution with South African authorities as discussed below. The criminal fine reflects (i) a 40% discount applied from (ii) the 10th percentile of the applicable Guidelines fine range to reflect SAP’s cooperation and remediation, as well as its prior criminal and regulatory history. Regarding the first point, DOJ praised SAP for its prompt and thorough cooperation, as well as remediation that included withholding compensation from certain potentially culpable employees and managers, which additionally netted SAP a $109,000 fine reduction pursuant to DOJ’s Compensation Incentives and Clawbacks Pilot Program. Regarding the second point, DOJ contended the enhanced Guidelines departure point was warranted based on SAP’s prior FCPA resolution with the SEC in 2016 covered in our 2016 Mid-Year FCPA Update, as well as an export controls-related non-prosecution agreement with DOJ’s National Security Division in 2021. To resolve the SEC matter, SAP consented to the entry of a cease-and-desist order alleging violations of the FCPA’s anti-bribery, books-and-records, and internal controls provisions and agreed to pay approximately $98.5 million in disgorgement plus prejudgment interest, with an offset of about $59.5 million against the civil resolution with South African authorities.

Trafigura Beheer B.V.

At the low-end of the Corporate Enforcement Policy discount scale, DOJ announced an FCPA resolution with Swiss commodities trader Trafigura on March 28, 2024. According to DOJ, between 2003 and 2014, Trafigura participated in a conspiracy to make nearly $20 million in corrupt payments to officials of Petróleo Brasileiro S.A. – Petrobras (Petrobras) to obtain contracts and improper business advantages from the Brazilian state-owned oil company. This resolution represents yet another in a long string of FCPA prosecutions arising from the long-running “Operation Car Wash” (Lava Jato) investigation in Brazil, which we have been following in these updates for years. Specific to Trafigura, we covered a guilty plea to money laundering conspiracy charges by former Petrobras oil trader Rodrigo Berkowitz, a recipient of the alleged bribes, in our 2020 Year-End FCPA Update.

To resolve the instant corporate criminal matter, Trafigura pleaded guilty to one count of conspiracy to violate the FCPA’s anti-bribery provisions and agreed to pay a total of approximately $127 million, consisting of an $80.5 million criminal fine and $46.5 million in forfeiture. The company will receive an offsetting credit for up to one-third of the criminal fine, or about $26.8 million, for amounts paid to Brazilian authorities to resolve allegations related to the same conduct. The criminal fine reflects a 10% discount from the 5th percentile of the Guidelines range, for an effective discount of 5.5%. The slightly enhanced point of departure was based on a 2006 guilty plea to false statements in connection with the importation of oil to the United States and a 2010 conviction in the Netherlands relating to export and environmental law violations in Côte d’Ivoire. The relatively low 10% cooperation credit appears to be based on DOJ’s assertions that early in the investigation Trafigura “failed to preserve and produce certain documents and evidence in a timely manner,” and then later “was slow to exercise disciplinary and remedial measures” and took positions in resolution negotiations that “caused significant delays and required [DOJ] to expend substantial efforts and resources to develop additional admissible evidence.” Notably, Trafigura changed counsel during resolution negotiations.

Trafigura also was convicted of charges arising from a separate alleged corruption scheme in Angola following a criminal trial in Switzerland as described in our international section below.

BIT Mining Ltd.

The other low-end, 10% cooperation and remediation score awarded in 2024 comes from a joint DOJ / SEC FCPA resolution with Chinese cryptocurrency mining firm BIT Mining, announced on November 18. According to the charging documents, during a prior incarnation when it was known as 500.com and focused on the gaming industry, the company made between $2 and $2.5 million in corrupt payments to Japanese parliamentary members in an ultimately-unsuccessful effort to open an integrated resort with gambling and other entertainment options in Japan. Separately, on the same day DOJ unsealed an indictment charging the company’s former CEO, Zhengming Pan, with FCPA bribery and books-and-records violations associated with the conduct.

To resolve the corporate criminal charges, BIT Mining entered into a three-year deferred prosecution agreement with DOJ and agreed to pay a $10 million criminal fine, which was substantially reduced from the Guidelines-calculated fine of $54 million based on the company’s demonstrated inability to pay. Although less relevant given the inability-to-pay reduction, the $54 million calculation included only a 10% cooperation and remediation discount, with DOJ stating that although BIT Mining engaged in some cooperation and remediation, it was “reactive and limited in degree and impact.” To resolve the SEC’s parallel investigation, the company consented to the issuance of a cease-and-desist order alleging violations of the FCPA’s anti-bribery, books-and-records, and internal controls provisions and assessing a $4 million civil penalty. DOJ agreed to credit the SEC civil penalty against the $10 million criminal fine, such that BIT Mining will only pay $10 million in total.

For his part, Pan has not appeared before the Court to answer the indictment and may be in China.

Gunvor S.A.

The largest FCPA resolution of 2024 was announced by DOJ on March 1, 2024, with Swiss commodities trader Gunvor. According to DOJ, between 2012 and 2020, Gunvor representatives authorized nearly $100 million in corrupt payments through third-party agents for the benefit of high-ranking officials of Ecuadorian state-owned oil company Petroecuador in exchange for lucrative sole-source oil contracts. The corporate resolution followed guilty pleas to FCPA and FCPA-related charges entered by former Petroecuador official Nilsen Arias Sandoval, former Gunvor consultants Antonio Pere Ycaza and Enrique Pere Ycaza, and former Gunvor employee Raymond Kohut, as discussed in our 2021 and 2022 Year-End FCPA Updates.

To resolve the corporate matter, Gunvor agreed to plead guilty to one count of conspiracy to violate the FCPA’s anti-bribery provisions and to pay a criminal fine of more than $374.5 million plus forfeiture of more than $287.1 million. The $661 million resolution amount is not entirely for DOJ, however, as up to one quarter of the criminal fine (about $93.6 million) may be credited against related anti-corruption resolutions with each of Swiss and Ecuadorian authorities, for a total offset of up to $187.3 million, provided these payments are made within a year of the DOJ resolution. The criminal fine reflects a 25% discount for cooperation and remediation, but that discount was applied from the 30th percentile of the Guidelines range based on Gunvor’s “history of misconduct,” thus reducing the “effective discount” to 2.5%. Gunvor’s “prior misconduct” included an international corruption-related resolution with Swiss authorities concerning a scheme to bribe officials in the Republic of Congo and Cote d’Ivoire (discussed in our 2019 Year-End FCPA Update). This is illustrative of a developing trend where corporations’ prior non-U.S. legal resolutions are negatively impacting DOJ’s Sentencing Guidelines calculations. Gunvor’s is the highest Guidelines point-of-departure imposed in an FCPA matter since publication of the updated Corporate Enforcement Policy in January 2023, although not nearly as high as the 75th percentile applied against ABB in its third FCPA resolution discussed in our 2022 Year-End FCPA Update.

3. DOJ FCPA “Declinations with Disgorgement” Continue as a Trickle

In April 2016, DOJ rolled out an “FCPA Pilot Program” (the FCPA-specific predecessor to the current, Criminal Division-wide Corporate Enforcement Program) that provided significantly greater transparency regarding the Division’s expectations for voluntary self-disclosures, cooperation, and remediation in FCPA investigations to receive mitigation credit. Under these programs, a company that timely and voluntarily self-discloses FCPA-related misconduct before DOJ becomes aware of it, fully cooperates in the ensuing investigation, and appropriately remediates the misconduct may be eligible for a declination of criminal prosecution. However, a condition of such a “declination” is that the company disgorge illicit profits from the misconduct and admit to a public recitation of facts, leading us to coin the term “declination with disgorgement” to distinguish these from “true declinations” where the company persuades DOJ to take no enforcement action.

DOJ came out of the gate strong with five “declinations with disgorgement” in the first year of the then-FCPA Pilot Program, as discussed in our 2016 Year-End FCPA Update. But over the years, this favorable prosecutorial resolution tool has been deployed rather infrequently, which is all the more notable considering that DOJ has rejected several candidates that did voluntarily self-disclose FCPA-related conduct because the company reportedly (i) did not specify the conduct in sufficient detail during the initial disclosure call (ABB, discussed in our 2022 Year-End FCPA Update), (ii) delayed the self-report such that it was no longer “prompt” (Albemarle, discussed in our 2023 Year-End FCPA Update), or (iii) disclosed the conduct only after DOJ was already aware of it through other means (AAR, discussed above). In the first nine years of these DOJ disclosure programs, there have been only 19 “declinations with disgorgement” issued in FCPA matters as set forth in the below bar chart, as well as two in the past two years by the Fraud Section on charges unrelated to the FCPA.

Chart 5

The only FCPA-related “declination with disgorgement” of 2024 was reached with global consulting firm Boston Consulting Group, Inc. on August 27, 2024. According to the letter agreement, between 2011 and 2017, BCG paid approximately $4.3 million in commissions to a consultant to help the firm obtain contracts with two agencies of the Angolan government, allegedly while knowing that portions of those commissions would be used to improperly influence officials of these government agencies. BCG was required to disgorge $14.4 million in profits from the relevant contracts, but due to its prompt voluntary disclosure, cooperation in the ensuing investigation, and effective remediation (including clawing back equity and withholding bonuses and other compensation from culpable partners), the company was not criminally prosecuted.

4. Rounding Out the SEC FCPA Enforcement Docket

We always caution against overreliance on one-year statistical snapshots, as the ebbs and flows of FCPA enforcement are better measured across an arc of years rather than any arbitrarily defined 365-day period. Nonetheless, it is notable that when the SEC released its Enforcement Results for FY 2024, they showed the lowest number of FCPA enforcement matters in recent history: two. Those figures reflect the SEC’s fiscal year (October 1, 2023 to September 30, 2024), and thus differ from our calendar-year reporting, and already the SEC has brought three times as many actions (six) in the first quarter of their FY 2025 (still calendar year 2024 for us). Nonetheless, the pace of SEC FCPA enforcement is something to monitor, especially as the Agency resets its enforcement priorities with the new Administration.

In addition to the eight FCPA and FCPA-related enforcement actions brought by the SEC in conjunction with DOJ as reported elsewhere in this update, the SEC brought two SEC-only FCPA enforcement actions in 2024: Deere & Company and Moog Inc.

Deere & Company

On September 10, 2024, the SEC announced a settled FCPA enforcement action with Illinois-based agricultural equipment manufacturer Deere & Company, which may be more familiar to our readership by its trade name “John Deere.” According to the SEC, between 2017 and 2020, representatives of Deere’s then-newly acquired Thai subsidiary authorized corrupt payments to government officials in the Royal Thai Air Force and various agencies within the Ministry of Transport to secure government contracts. The SEC further alleged improper payments to representatives of a private customer in Thailand, charged as part of the FCPA enforcement action based on their purportedly inaccurate recording in Deere’s books and records. And in addition to corrupt payments, the SEC included allegations of inappropriately extravagant international trips disguised as “factory visits,” long a favorite theory of the SEC’s in FCPA enforcement actions.

Without admitting or denying the SEC’s allegations of books-and-records and internal controls violations, Deere consented to issuance of a cease-and-desist order and agreed to pay a $4.5 million civil penalty, plus approximately $5.4 million in disgorgement and prejudgment interest. The SEC noted the company’s significant cooperation and remediation efforts in response to the investigation. The SEC did cite Deere’s alleged failure to timely integrate the Thai subsidiary into the company’s then-existing compliance and controls environment after acquiring the subsidiary in 2017 as a major factor that allowed the scheme to go unchecked for several years, thus highlighting the compliance risks associated with integrating foreign companies into a U.S. issuer’s compliance program post-acquisition.

Moog Inc.

On October 11, 2024, the SEC announced a settled FCPA enforcement action with New York-based motion control systems manufacturer Moog. The SEC alleged that, between 2020 and 2022, representatives of one of the company’s Indian subsidiaries made payments to employees of government entities to influence them to exclude competitors from or otherwise skew competitive tenders in Moog’s favor.

Without admitting or denying the SEC’s allegations of books-and-records and internal controls violations, Moog consented to the issuance of a cease-and-desist order and agreed to pay disgorgement and prejudgment interest totaling nearly $600,000, plus a civil penalty of $1.1 million. The SEC’s order noted the company’s cooperation and remediation efforts in response to the investigation, which included voluntarily disclosing the misconduct. Gibson Dunn was co-counsel representing Moog in this matter.

5. Individual FCPA Enforcement Actions Come in Bunches

Individual accountability has long been a focus of senior leadership at both DOJ and the SEC, with respect to the FCPA and enforcement more broadly. DOJ has for years made good on this refrain, bringing far more FCPA and FCPA-related prosecutions against individuals than corporations in recent years. This trend was no different in 2024, with 70% (21 of 30) of FCPA or related enforcement actions brought by DOJ filed against individuals. By contrast, entering 2024 the SEC had not brought a single FCPA or related enforcement action against an individual in more than three years. But this year the SEC stepped up individual enforcement and brought four such actions. Across both agencies, another takeaway from 2024 FCPA enforcement is that the individual prosecutions tended to come in groups.

Adani Group Eight

The most prominent and prolific example of DOJ and SEC individual FCPA enforcement from 2024 came on November 20, 2024, when the dual enforcers announced parallel charges arising from an alleged $250 million bribery scheme involving one of the world’s largest solar energy projects and one of the world’s richest men. The defendants include Indian billionaire Gautam Adani, his nephew Sagar Adani, and Vneet Jaain, all executives at Indian renewable energy company Adani Green Energy, as well as Ranjit Gupta and Rupesh Agarwal, former executives of U.S. issuer Azure Power, and Cyril Cabanes, Saurabh Agarwal, and Deepak Malhotra, former employees of Canadian pension fund CDPQ (as well as in Cabanes’s case, a former board member of Azure Power). According to the charging documents, the defendants initiated a scheme in 2021 to allegedly pay $265 million in bribes to officials of the Solar Energy Corporation of India to cause local Indian municipalities to purchase power from a multi-billion dollar, 12 GW solar energy project operated by the defendants’ companies. DOJ and the SEC further allege that certain of the defendants obstructed justice by lying to investigators and destroying documents, as well as made false statements to U.S. investors in connection with capital raising efforts occurring after news of the investigation became public.

Gautam Adani, Sagar Adani, and Jaain are charged criminally with securities fraud and obstruction of justice, and the two Adanis are also charged by the SEC with civil securities fraud. Gupta and Rupesh Agarwal, Saurabh Agarwal, Cabanes, and Malhotra are all charged with conspiracy to violate the FCPA’s anti-bribery provisions, and all but Gupta are charged with obstruction of justice. Finally, the SEC charged Cabanes with FCPA bribery, in the first SEC FCPA enforcement action against an individual since 2020. None of the defendants are yet before the Eastern District of New York, where the criminal and civil charges have been filed, though the case has created a political storm as to whether India will agree to extradite these prominent businessmen. Given that the post-election indictment has now been followed by a change in DOJ administrations, it is possible that there will be political considerations on the U.S. side as well.

Smartmatic Four

On August 8, 2024, a grand jury in the Southern District of Florida returned an indictment charging three executives of election voting machine company Smartmatic—Roger Alejandro Pinate Martinez, Jorge Miguel Vasquez, and Elie Moreno—and former Chairman of the Commission on Elections of the Republic of the Philippines (COMELEC), Juan Andres Donato Bautista, for their role in an alleged corruption scheme involving the sale of voting machines used in the 2016 Philippine elections. According to the indictment, between 2015 and 2018, Pinate and Vasquez (with the assistance of Moreno) allegedly paid approximately $1 million in bribes to Donato from 2015 to 2018, who caused COMELEC to purchase voting machines from Smartmatic at inflated prices.

Pinate and Vasquez are each charged with FCPA bribery, and all four defendants are charged with money laundering. Pinate and Donato are before the court and presently facing an October 2025 trial date. Vasquez and Moreno have yet to enter an appearance, and DOJ is reportedly seeking their extradition.

Stericycle Two

In our 2022 Mid-Year FCPA Update, we covered a joint DOJ / SEC FCPA resolution with Illinois waste management company Stericycle, Inc. In 2024, two former Stericycle employees were charged arising out of the same alleged scheme to pay more than $10 million in bribes to government officials in Argentina, Brazil, and Mexico between 2011 and 2016. On February 9, 2024, Stericycle’s former Latin American Division Senior Vice President Mauricio Gomez Baez agreed to plead guilty to one count of conspiracy to violate the FCPA’s anti-bribery provisions. Six weeks later, on March 19, a grand jury sitting in the Southern District of Florida returned an indictment charging former Latin American Division Finance Director Abraham Cigarroa Cervantes with one count of conspiracy to violate the FCPA’s anti-bribery provisions and one count of conspiracy to violate the FCPA’s internal controls and books-and-records provisions.

Gomez was promptly sentenced to seven months in prison, at a June 21, 2024 sentencing hearing. Cigarroa has yet to appear before the court.

Single-Defendant Additions to Prior-Year Groupings

We frequently make the point that the full scope of FCPA enforcement is difficult to decipher, given that charges often remain under seal for years as defendants continue to cooperate or DOJ awaits their transit into the United States or an extradition-friendly nation. The former appears to have been the case when, on December 30, 2024, the U.S. District Court for the Southern District of Florida unsealed a criminal proceeding initiated by DOJ in October 2023 against Juan Ramon Molina Rodriguez, the former Titular Director of a Honduran governmental entity known as “TASA” that procured goods for, among other Honduran government entities, the National Police. On July 10, 2024, Molina pleaded guilty to a single-count criminal information charging him with conspiracy to commit money laundering, which alleges that, between 2015 and 2019, he and fellow TASA official Francisco Roberto Cosenza Centeno were corruptly influenced in the award of more than $10 million in TASA contracts by payments received from Carl A. Zaglin, Bryan Berkman, and Luis Berkman, executives of a Georgia-based manufacturer of law enforcement uniforms and equipment, made through companies owned by Florida resident Aldo N. Marchena. As reported in our 2021 and 2023 FCPA Year-End Updates, Zaglin, the Berkmans, Cosenza, and Marchena, as well as others involved in the alleged Honduran corruption scheme, have previously been charged with FCPA and FCPA-related money laundering offenses.

Molina’s sentencing is currently set for February 2025. Of the remaining defendants listed above, Bryan and Luis Berkman have each pleaded guilty and been sentenced, initially to 28 months and 38 months, respectively, although both had their sentences reduced to 14 and 29 months, respectively, based on substantial assistance in the ongoing DOJ investigations. Zaglin, Cosenza, and Marchena all are currently set for trial in the Southern District of Florida in April 2025.

On November 12, 2024, Miami-based investment advisor John Christopher Polit pleaded guilty to a one-count information charging him with conspiracy to commit money laundering. If that name sounds familiar, it is because he is the son of former Ecuadorian Comptroller General Carlos Ramon Polit Faggioni, whose indictment arising out of the Odebrecht bribery scandal was covered in our 2022 Mid-Year FCPA Update, and whose 2024 trial conviction is discussed in the following section. Polit the son admitted that, between 2010 and 2018, he laundered more than $16.5 million of his father’s bribery proceeds, causing them to “disappear” (though apparently unsuccessfully) through layered transactions beginning in Panama and continuing through Florida.

The younger Polit is currently scheduled to be sentenced before the Southern District of Florida in April 2025. Notably, he was convicted of related charges in Ecuador in 2018, but that conviction was subsequently reversed in 2021.

Finally, in another blast from the FCPA past, on October 23, 2024, a federal grand jury in the Southern District of Florida indicted Venezuelan television news network owner Raul Gorrin Belisario on money laundering charges—again. Our readers may recall that Gorrin was indicted in November 2018, along with numerous other defendants, on FCPA and money laundering associated with an alleged scheme to bribe two successive National Treasurers of Venezuela to obtain currency exchanges at favorable rates, as discussed in our 2018 Year-End FCPA Update and with the latest coverage in our 2022 Year-End FCPA Update. The 2024 indictment alleges a separate money laundering conspiracy associated with Venezuela’s state-owned energy company, Petróleos de Venezuela S.A. (PDVSA), but still involving currency exchange transactions and also involving numerous other defendants discussed in our FCPA updates dating back to 2018.

Even after the second indictment, Gorrin remains a fugitive, reportedly living in Venezuela.

As these individual enforcement actions reflect, Central and Latin America remain fertile grounds for international anti-corruption prosecutions. Of the 21 individual FCPA and FCPA-related prosecutions in 2024, 9 of the individual defendants were from or have ties to this region.

6. Not Quite “FCPA-Related,” But Still Worthy of Mention

Periodically, we break down the fourth wall and let our readers into the debates amongst our editorial team as to what qualifies as an FCPA / FCPA-related enforcement action. Given the breadth of the FCPA’s accounting provisions, which can and often do reach non-corruption-related conduct (particularly in SEC enforcement), as well as the panoply of non-FCPA, ancillary statutes that may be used to charge international corruption (particularly in DOJ enforcement), we wrestle each year with “shades of gray.”

One recurring source of controversy concerns international corruption prosecutions initiated without the clear involvement of DOJ’s FCPA Unit. Section 9-47.110 of DOJ’s Justice Manual provides that all FCPA (now including FEPA too) prosecutions require coordination with the Fraud Section of the Criminal Division, which houses DOJ’s FCPA Unit. Even investigations that could lead to FCPA charges are supposed to be coordinated with the FCPA Unit, though with 94 U.S. Attorneys’ Offices and numerous other components of Main Justice whose authority includes, for example, international money laundering and wire fraud charges, this requirement can be difficult to police. We are also familiar with examples of prosecutions coordinated with DOJ’s FCPA Unit in the background that, for a variety of reasons, never see an FCPA Unit attorney enter an appearance on the public docket.

Balancing all of these considerations, our statistical methodology is only to count non-FCPA charges related to international corruption as “FCPA-related” if there is public involvement by the FCPA Unit. Two international corruption cases from 2024 that we do not count in our statistics, but note to illustrate the point, follow.

On January 11, 2024, a grand jury sitting in the Central District of California returned an indictment charging Paulinus Iheanacho Okoronkwo, a Los Angeles-based attorney and dual U.S.-Nigerian citizen, with money laundering, tax evasion, and obstruction of justice. The underlying conduct alleged centers on a $2.1 million bribe Okoronkwo purportedly received while serving as an officer of Nigeria’s state-owned oil company, the Nigerian National Petroleum Corporation, to secure favorable drilling rights for Addax Petroleum, a Swiss-based subsidiary of China’s state-owned oil company Sinopec. Although this may walk, talk, and quack like an FCPA-related case, it is being prosecuted by the L.A. U.S. Attorney’s Office. Okoronkwo’s trial is currently scheduled to begin in April 2025.

On March 4, 2024, the U.S. Attorney’s Office for the Southern District of Florida announced a guilty plea by another former foreign official, this time former Venezuela National Guard Major Nepmar Jesus Escalona Enriquez. Escalona pleaded guilty to one count of money laundering conspiracy arising from allegations that, between 2010 and 2017, he falsified customs documents to deceive the Central Bank of Venezuela into releasing $1.7 million to the co-conspirators rather than going to finance food imports, and also paid bribes to other Venezuelan government officials to prevent detection of the scheme. Again, this is typically fodder for FCPA prosecutors, but in this instance was handled by the Miami U.S. Attorney’s Office and the Criminal Division’s Money Laundering and Asset Recovery Section. On May 23, 2024, Escalona was sentenced to one year and one day in prison as well as forfeiture of more than $840,000.

7. DOJ’s FCPA Unit Runs the Table, Going Four-for-Four at Trial

There was a time not so long ago when FCPA-related trials were a rarity. But as we have noted before, within roughly the last decade DOJ has enhanced its focus on individual prosecutions in international corruption. Individuals as a group are far more likely than corporations to take criminal charges to a jury of 12, thus leading over time to more FCPA-related trials in criminal matters. (The SEC still has yet to try an FCPA case in the more than 40 years the statute has been on the books, though Gibson Dunn client James J. Ruehlen and co-defendant Mark A. Jackson came within a week of trial before receiving no-admit, no-deny, injunction-only resolutions, as covered in our 2014 Mid-Year FCPA Update.)

2024 saw four FCPA-related trials, equaling the record set five years ago as we covered in our 2019 Year-End FCPA Update. DOJ FCPA Unit prosecutors, teaming up with colleagues from several U.S. Attorneys’ Offices, ran the table and obtained convictions in all four.

Oil Trader Javier Alejandro Aguilar Morales Convicted of Petroecuador and PEMEX-Related Corruption

We have been covering the criminal case against former Vitol Group oil trader Javier Alejandro Aguilar Morales since our 2020 Year-End FCPA Update. Aguilar was charged with FCPA bribery and money laundering-related offenses arising out of the payment of more than $1 million in alleged corrupt payments to officials of the state-owned oil companies of Ecuador and Mexico, Petroecuador and PEMEX.

On February 23, 2024, after an eight-week trial in the Eastern District of New York, the jury returned a unanimous verdict of guilty on all three counts. Aguilar subsequently moved for a judgment of acquittal and a new trial, but the Honorable Eric N. Vitaliano rejected that bid in a 32-page ruling issued on July 26, 2024. In addition to turning away various evidentiary arguments, including that the evidence of Aguilar’s knowledge of the corruption was more than sufficient to support a guilty verdict even though no one testified to using the word “bribe” with him, the Court addressed several issues of FCPA interest. First, although Judge Vitaliano found in a mid-trial ruling that two of the alleged “foreign official” bribe recipients—who worked for a U.S. procurement subsidiary of PEMEX—would not qualify as “public servants” under Mexican law, he nonetheless found that the jury could find as a mixed matter of law and fact that they were officials of an “instrumentality” of a foreign government for purpose of the FCPA. Second, and relatedly, Judge Vitaliano affirmed his prior ruling that Aguilar did not create a “lawful under foreign law” affirmative defense worthy of submission to the jury based on the argument that the PEMEX-affiliated officials were not “public servants” covered by Mexico’s anti-corruption law, because arguing that one specific Mexican law was not violated is not sufficient to establish that the payments were lawful in Mexico.

On August 21, 2024, Aguilar pleaded guilty to related, parallel FCPA charges arising from the PEMEX scheme that, as discussed in our 2023 Year-End FCPA Update, were severed and moved to the Southern District of Texas after Aguilar raised venue objections. After the trial conviction, Aguilar consented to have the case transferred back to Brooklyn and consolidated for sentencing before Judge Vitaliano. In announcing the Aguilar trial verdict, DOJ trumpeted the success of its wide-ranging investigation of corruption in the Latin American oil trading industry, which just pulling on this strand resulted in a deferred prosecution agreement with Vitol, plus the guilty pleas of seven individual co-conspirators in addition to Aguilar.

Former Ecuadorian Comptroller Carlos Ramon Polit Faggioni Convicted of Receiving Odebrecht-Related Bribes

We have been covering an ongoing stream of FCPA-related prosecutions arising from the blockbuster resolution with Brazilian construction conglomerate Odebrecht S.A. since our 2016 Year-End FCPA Update. This includes the 2022 indictment of former Ecuadorian Comptroller General Carlos Ramon Polit Faggioni on allegations that he received more than $10 million in bribes from Odebrecht and then laundered them through the U.S. financial system with the assistance of his son, John Christopher Polit, whose 2024 guilty plea is discussed above.

On April 23, 2024, following a two-week trial in the U.S. District Court for the Southern District of Florida, a jury found the senior Polit guilty of all six counts of money laundering. On October 1, 2024, he was sentenced to 10 years in prison and ordered to forfeit $16.5 million in proceeds. Polit has noted an appeal to the Eleventh Circuit Court of Appeals.

Former Mozambican Finance Minister Manuel Chang Convicted in “Tuna Bonds” Scandal

On August 8, 2024, after a four-week trial, a federal jury in the Eastern District of New York found Mozambique’s former Minister of Finance, Manuel Chang, guilty of FCPA-related wire fraud and money-laundering conspiracy charges. As we covered in prior updates, most recently in our 2023 Year-End FCPA Update, Chang was indicted in 2018 for allegedly receiving $7 million in bribes in exchange for guaranteeing on behalf of the Mozambican government that it was financially solvent, which induced banks to issue loans to state-owned companies for maritime projects that ultimately failed and resulted in significant losses. Chang was promptly arrested in South Africa, but underwent years of extradition litigation before he was finally extradited to the United States in July 2023.

The Honorable Nicholas G. Garaufis denied Chang’s post-trial motions for judgment of acquittal and new trial in a 45-page memorandum opinion issued on November 13, 2024. With respect to wire fraud, the Court found that DOJ proved a viable scheme to deprive the investors of money siphoned off from the loan proceeds through undisclosed kickbacks and false representations, including that there was no corruption involved in the deal, and that it was not just a scheme to deprive victims of “valuable economic information” such that it would be susceptible to challenge under the Supreme Court’s decision in Ciminelli v. United States, 598 U.S. 306 (2023). With respect to money laundering, Judge Garaufis found that the evidence presented to the jury concerning the circuitous payment flow through accounts not in Chang’s name was sufficient to support concealment, and the specified unlawful activities of wire fraud and bribery under Mozambican law. On January 17, 2025, the Court sentenced Chang to 102 months in prison and ordered Chang to forfeit $7 million.

Oil Trader Glenn Oztemel Convicted of Petrobras-Related Corruption

We reported in our 2023 Year-End FCPA Update on criminal charges against Freepoint Commodities trader Glenn Oztemel, his brother and fellow oil trader Gary Oztemel, and third-party agent Eduardo Innecco, all associated with an alleged corruption scheme relating to Brazilian state-owned oil company Petrobras. Glenn Oztemel proceeded promptly to trial and, on September 26, 2024, a federal jury in the District of Connecticut found him guilty on all seven counts of FCPA bribery and money laundering.

In June 2024, Gary Oztemel pleaded guilty to one count of money laundering arising from the alleged scheme and was sentenced to two years of probation (due, in part, to medical considerations), 100 hours of community service, and $310,000 in fines and forfeiture. Innecco has reportedly been arrested in France but is fighting extradition and is not yet before the Court.

2024 FCPA-RELATED ENFORCEMENT LITIGATION

As our readership knows, following the filing of FCPA or FCPA-related charges, criminal and civil enforcement proceedings can take years to wind their way through the courts. The substantial number of enforcement cases from prior years has led to an active year in enforcement litigation beyond the cases initiated in 2024 and trials covered above. We discuss below a selection of prior-year matters, beyond the four trials, that saw material enforcement litigation developments.

DOJ Voluntarily Dismisses FCPA-Related Prosecution of Maryland Attorney Jeremy Schulman

On August 30, 2024, the U.S. District Court for the District of Maryland granted DOJ’s request to dismiss with prejudice an 11-count indictment against Maryland attorney Jeremy Schulman. As we first reported in our 2020 Year-End FCPA Update, Schulman was charged with wire fraud, mail fraud, and money laundering offenses associated with his efforts to gain access to over $12.5 million in assets belonging to the Central Bank of Somalia that had been frozen in U.S. banks following the turmoil arising from the country’s civil war in 1991. DOJ alleged that Schulman, working with former Somali Central Bank Governor Ali Abdi Amalow, presented fraudulent banking documents to financial institutions that showed Schulman had the authority to recover the frozen assets on behalf of the Somali government, whereas Schulman maintained that he was acting with actual authorization from the Somali government.

Years of protracted and contentious litigation followed, with Schulman diligently pursuing access to exculpatory evidence. This tenacity paid off, when the Honorable Paula Xinis imposed evidentiary sanctions for DOJ’s handling of its main witness. This then set the stage for DOJ’s motion to dismiss the case, citing its “assessment of pre-trial evidentiary rulings.” The Schulman case clearly reflects dogged determination and superb advocacy on the part of defense counsel.

Cognizant Defendants’ Trial Continued for Foreign Witness Issues (Again)

We have long been reporting on the 2019 FCPA charges against former Cognizant Technology Solutions President Gordon Coburn and Chief Legal Officer Steven Schwartz, including most recently in our 2023 Year-End FCPA Update. The trial date has shifted numerous times due to evidentiary disputes, reassignment of the case following the retirement of the presiding judge, and foreign witness availability issues. It was scheduled to go to trial in the District of New Jersey in September 2024, but was delayed again based on the pace of the Indian government’s response to a Mutual Legal Assistance Treaty request for witness testimony sought by the defense. The current, and ninth, trial date is scheduled for March 3, 2025. This case has long been a treasure trove of pretrial motions practice, and we expect that the trial will similarly showcase many legal arguments pertinent to FCPA and white-collar practice generally.

Former Banker Asante Kwaku Berko Extradited to Stand Trial on 2020 Indictment

As we last covered in our 2022 Year-End FCPA Update, dual U.S. and Ghanian citizen and banker Asante Kwaku Berko was arrested in November 2022 at the request of U.S. authorities as he landed at Heathrow Airport and DOJ unsealed a six-count indictment from 2020 charging Berko with FCPA, money laundering, and failure to report a foreign bank account. The substantive allegations are that, between December 2014 and March 2017, Berko paid more than $700,000 to Ghanaian government officials to assist a Turkish energy company client of Berko’s secure approvals to build an electric power plant in Ghana. Years of extradition litigation ensued.

On June 7, 2024, the Hight Court of England and Wales agreed with Berko that there was no “duality” (i.e., analogous UK crime) for the bank account reporting offense, but allowed the extradition to go forward as to the FCPA and money laundering charges. The UK court rejected Berko’s argument that the United States lacked jurisdiction over the international corruption scheme.

Shortly thereafter, in July 2024, Berko was extradited to the Eastern District of New York and pleaded not guilty to the FCPA and money laundering offenses. No trial date has yet been set.

Select Post-Indictment Guilty Pleas

It is a fact of the U.S. litigation process that the vast majority of criminal cases resolve prior to trial, even as to those who push their case to indictment in the first instance. But even within this paradigm, the case of former Maxwell Technologies General Manager Alain Riedo stands out.

More than a decade ago, and as we discussed in our 2013 Year-End FCPA Update, Riedo was indicted on nine counts of violating the FCPA associated with his alleged participation in a scheme to make corrupt payments to employees of state-owned companies in China. But as a Swiss citizen residing in Switzerland, Riedo was never extradited to face the charges. For years the case was dormant, until March 7, 2024 when Riedo appeared in the U.S. District Court for the Southern District of California to plead guilty to a superseding information charging one count of violating the FCPA’s books-and-records provision. The court sentenced Riedo to two years of probation, with 300 hours of community service to be served in Switzerland, and imposed a $55,000 fine.

Although Riedo’s reasoning for answering the FCPA charges 11 years later is not stated on the record, it is generally true that outstanding arrest warrants and the accompanying Interpol “Red Notices” can be extremely limiting as to a defendant’s ability to travel internationally. Some defendants have been known to resolve outstanding criminal cases simply to be able to visit family members in the United States or other countries with extradition treaties.

Another 2024 post-indictment guilty plea worthy of mention is that of Paulo Jorge Da Costa Casqueiro Murta. As we last checked in our 2023 Year-End FCPA Update, this PDVSA corruption-related case has bounced back and forth between Judge Hoyt’s chambers in Houston and the Fifth Circuit several times since Casqueiro Murta was extradited in 2021, with the latest development heading into 2024 being a remand to the district court for an evidentiary hearing on a Speedy Trial Act violation before a different trial court judge.

But that evidentiary hearing never occurred, as the parties informed the Court that they had reached a resolution and, on May 21, 2024, Casqueiro Murta pleaded guilty to a superseding information charging one count of FCPA conspiracy. He was sentenced by the Honorable Gray Miller to time served—amounting to nine months in custody and four months in home confinement—an additional one year of supervised release, and a $105,000 fine.

2024 KLEPTOCRACY FORFEITURE ACTIONS

As we periodically report in these updates, the Money Laundering and Asset Recovery Section (MLARS) of DOJ’s Criminal Division has a Kleptocracy Asset Recovery Initiative that uses civil forfeiture actions to freeze, recover, and in some cases repatriate the proceeds of foreign corruption. 2024 was an active year for MLARS kleptocracy actions, including the following:

Over the course of 2024, DOJ continued to file additional civil forfeiture actions seeking the seizure of proceeds from the 1Malaysia Development Berhad (1MDB) corruption scandal we have been covering for years. These latest actions, which resolved claims against the assets of fugitive Low Taek Jho (Jho Low) and 1MDB’s former general counsel, “Jasmine” Loo Ai Swan, totaled a collective value of more than $200 million. To date, the U.S. government has reportedly seized and repatriated to Malaysia over $1.4 billion in assets associated with the scheme. As impressive as that figure is, the total alleged losses associated with the scheme exceed $4.5 billion.
On January 9, 2024, DOJ reached a civil forfeiture agreement with Olympia De Castro, ex-wife of Gustavo Adolfo Hernandez Frieri, who pleaded guilty in 2019 to participating in the PDVSA-related “Operation Money Flight” currency conversion exchange scheme, described in our 2018 Year-End FCPA Update. Hernandez was ordered to forfeit $12.3 million as part of his plea agreement, which DOJ sought through his properties. De Castro filed ownership claims over certain properties, leading to years of negotiations with DOJ that were finally resolved with a $2.95 million settlement allowing De Castro to keep one of the properties and consenting for forfeiture of the remaining properties.
On March 29, 2024, DOJ filed a civil complaint in the U.S. District Court for the Southern District of New York seeking to seize a $7.1 million condominium in Manhattan’s Trump International Hotel and Tower, alleging that the apartment was purchased with funds embezzled by sitting Republic of the Congo President Denis Sassou Nguesso. On May 14, Ecree LLC, a company managed by António José de Silva Veiga (reportedly a “fixer” for President Nguesso), filed a claim of interest to the apartment, and he subsequently moved to dismiss the complaint on grounds that DOJ failed to trace the apartment’s purchase to Nguesso or any illegal scheme. As of this writing, the motion to dismiss has been fully briefed, and a decision remains pending.
On July 8, 2024, DOJ announced a settled civil forfeiture action involving a Los Angeles mansion allegedly purchased using the proceeds of a corruption scheme involving former Armenian Finance Minister Gagik Khachatryan. According to a 2022 complaint filed in the U.S. District Court for the Central District of California, the home was purchased in 2011 by a trust benefiting Khachatryan’s sons using the funds of Sedrak Arustamyan, a prominent Armenian businessman who allegedly paid Khachatryan more than $20 million in bribes in exchange for favorable tax treatment for Arustamyan’s company. Pursuant to the settlement agreement, the mansion will be forfeited to the United States, which will then sell the property and retain 85% of the net proceeds, delivering the remainder to Khachatryan’s sons. In addition to the U.S. forfeiture action, the alleged bribe payments are the subject of a pending criminal action in Armenia, as we discuss below.
In our 2021 Year-End FCPA Update, we covered the indictment of Nouracham Bechir Niam and three other defendants, including Niam’s husband former Chadian Ambassador to the United States and Canada Mahamoud Adam Bechir, on FCPA and related charges stemming from an alleged bribery scheme related to the award of oil rights in the Republic of Chad. Separate from the criminal case, in 2015 DOJ moved to seize £22 million (~ $34.6 million) in funds allegedly linked to the scheme, and Niam filed a claim of interest. The forfeiture case was stayed in 2016, pending the criminal investigation leading to the indictment. But in October 2023, the Honorable Richard J. Leon of the U.S. District Court for the District of Columbia lifted the stay, and DOJ moved to dismiss Niam’s claim, alleging that as a continuing fugitive who has failed to appear to answer the criminal charges she should be barred from participating in the civil forfeiture case. On September 27, 2024, Judge Leon granted DOJ’s motion to dismiss, finding that Niam met the definition of “fugitive” under 18 U.S.C. § 2466 (a “fugitive disentitlement” statute specific to forfeiture actions) because she was “deliberately avoid[ing] prosecution in the United States while using United States courts to retrieve the proceeds of her crime.”
On November 12, 2024, DOJ filed a civil forfeiture complaint in the U.S. District Court for the Southern District of New York to recover millions of dollars in crypto assets linked to the FCPA charges against FTX and Alameda Research founder and CEO Samuel Bankman-Fried, who was convicted on non-FCPA charges in late 2023. As described in our 2023 Year-End FCPA Update, Bankman-Fried was indicted on FCPA charges associated with bribes allegedly paid to Chinese officials to unfreeze certain crypto assets, but the charges were severed and not part of the late 2023 trial because the initial extradition request did not include them. On March 29, 2024, following sentencing on the non-FCPA counts, DOJ moved to dismiss the FCPA count. This forfeiture action is against a crypto account, worth $18.5 million at the time of the complaint, allegedly used to launder $40 million in bribes paid to the Chinese government officials. According to a stipulation filed with and then entered by the Court on November 14, 2024, DOJ and other interest holders in the account reached an agreement to split the proceeds of the account 50/50.

2024 FCPA-RELATED POLICY DEVELOPMENTS

In addition to the many enforcement developments covered above, 2024 saw several important developments in FCPA-related policy areas. Examples discussed below include the creation of DOJ’s-own corporate whistleblower rewards pilot program, a separate pilot program holding out the prospect of non-prosecution for individuals who self-disclose their own criminal conduct, and new updates to DOJ’s Evaluation of Corporate Compliance Programs guidance.

DOJ’s Corporate Whistleblower Rewards Program

On August 1, 2024, DOJ launched a Corporate Whistleblower Awards Pilot Program, which allows so-called whistleblowers to submit information about certain corporate crimes to DOJ’s Criminal Division, and if that information leads to a forfeiture action, the reporter may be entitled to a cut of the proceeds. Our readers will immediately recognize this framework from well-established whistleblower bounty programs managed by the SEC, the Commodity Futures Trading Commission, and other civil enforcement agencies, but DOJ’s program is designed to fill in “important gaps in [these] existing federal whistleblower programs.” Specifically, this program targets information relating to crimes involving: (1) financial institutions; (2) international corruption involving non-issuers; (3) domestic corruption; and (4) health care fraud involving private insurers. The second category is of greatest interest to FCPA practitioners, as it supplements the SEC’s Dodd-Frank Whistleblower Program described in our 2010 Year-End FCPA Update, which applies only to “issuers,” and expands the universe of potential whistleblowers to those with information of corruption involving non-publicly traded domestic companies and foreign companies where there is a U.S. nexus.

The DOJ pilot program applies to forfeiture actions where the collection is greater than $1 million. A reporter with “original information” may receive up to 30% of the “net proceeds” (minus costs and victim distributions) up to the first $100 million collected, and 5% between $100 and $500 million. “Original information” must be “derived from the individual’s independent knowledge or analysis,” “non-public and previously not known to the Department,” provided “voluntarily” (e.g., not in response to governmental inquiry), and a “material” addition to the information DOJ already possesses. Certain information can never be “original,” including information obtained by virtue of an individual’s status as a corporate officer or director at a company, and confidential communications subject to the attorney-client privilege. Finally, individuals “who meaningfully participated in the criminal activity they report” are excluded from awards, as are those eligible under other award programs, DOJ employees and family members, and government officials.

The DOJ pilot program asserts that it encourages internal reporting by allowing a reporter to retain their eligibility if they report the information first internally through a company’s internal systems, provided they subsequently report to DOJ within 120 days of the first internal report. In a corresponding amendment to the Corporate Enforcement Policy, DOJ now will credit a company’s voluntary disclosure to DOJ even if DOJ was already aware of the matter through a jointly-reporting whistleblower, provided the company discloses the matter to DOJ within 120 days of receiving the whistleblower report through its internal system.

According to DOJ officials, the pilot program is off to a fast start. At the annual ACI Conference on the FCPA, DOJ MLARS Chief Molly Moeser (MLARS manages the DOJ whistleblower program) stated that DOJ received close to 300 tips in the first four months of the pilot program. The pilot program is effective for three years, unless extended. For more information on the Corporate Whistleblower Awards Pilot Program, please see our separate client alert, “Mind the Gap – The New DOJ Whistleblower Program.”

DOJ Pilot Programs on Individual Self-Disclosures

In a complementary development, on April 15, 2024, DOJ’s Criminal Division established a new Pilot Program on Voluntary Self-Disclosures for Individuals. Whereas the whistleblower rewards program described above holds out the carrot of monetary awards for (generally) non-culpable individuals, the individual self-disclosure pilot program holds out the carrot of non-prosecution for individuals who do bear greater individual culpability. As with the whistleblower rewards program, individuals are only eligible if they voluntarily provide original, non-public information not previously known to DOJ. Although this program is specific to the Criminal Division, numerous U.S. Attorney’s Offices have published their own programs as discussed below.

The focus of the individual self-disclosure pilot program is on criminal violations involving:
(1) financial institutions; (2) foreign corruption; (3) domestic corruption; (4) health care fraud; and (5) fraud against the United States. Individuals must submit a request for coverage to a specific DOJ email address before there is a request for information or governmental investigation. The program is not available for persons serving in roles equivalent to a CEO or CFO, government officials, those with prior disqualifying convictions, and generally anyone who organized or led the scheme in question. Further, an individual must agree to cooperate in the investigation and forfeit any illicit proceeds from the scheme.

As noted above, a number of U.S. Attorney’s Offices around the country with significant white collar criminal enforcement units have issued their own versions of individual self-disclosure pilot programs. These include the Eastern and Southern Districts of New York, the Central and Northern Districts of California, the District of Columbia, the District of New Jersey, the Northern District of Illinois, the Southern District of Texas, and the Southern District of Florida, among others. Although generally consistent, there is variation across these policies, and counsel is well advised to analyze the policies of the various offices with potential jurisdiction over a matter before selecting the office(s) to which to make any report.

DOJ Updates its Evaluation of Corporate Compliance Programs Guidance

As we first discussed in our 2017 Mid-Year FCPA Update, and then again most recently in our 2023 Year-End FCPA Update, from time to time DOJ’s Criminal Division updates its Evaluation of Corporate Compliance Programs (ECCP) guidance to provide transparency around how DOJ evaluates corporate compliance programs. The most recent revisions were posted on September 23, 2024, with three main changes: (1) evaluation and management of risks related to emerging technologies, such as artificial intelligence; (2) further emphasis on the role of data analytics; and (3) whistleblower protection and anti-retaliation. We summarize these updates below, but refer readers to our separate client alert, “DOJ Updates Its Evaluation of Corporate Compliance Programs Guidance Focused on AI and Emerging Technologies,” for additional analysis.

With respect to emerging technologies such as artificial intelligence, DOJ’s focus remains on the misuse of these technologies in criminal conduct, given their ability to “supercharge” corporate crime. The revised ECCP details DOJ’s expectations that companies tailor their compliance programs both to identify and manage the risks posed by artificial intelligence through, for example, protocols that document their use and assess the risk level posed by using this technology.

As it relates to data analytics, the ECCP revisions signal the continued importance of companies ensuring that compliance personnel have access to data sufficient to assess the effectiveness of their compliance program. Prosecutors are to assess whether a company is “appropriately leveraging data analytics tools” at its disposal, focusing on whether compliance personnel have the same access to emerging technologies as do business teams in the same company.

Finally, the ECCP counsels prosecutors to consider whether the company has an anti-retaliation policy, whether and how an entity “incentivize[s] reporting,” how employees who report misconduct are disciplined in comparison to others involved in the misconduct, and whether the company informs its employees of applicable whistleblower and anti-retaliation protections. The last aspect is by far the most controversial, as DOJ seems to suggest in the ECCP that companies should affirmatively train their employees on the availability of external whistleblower reward programs, which as a practical matter may have the effect of frustrating internal reporting.

In total, the ECCP addresses more than 300 compliance considerations, echoing almost as SEC regulations. But it has been DOJ championing and leading the way in this detailed anti-corruption compliance guidance.

2024 FCPA-RELATED LEGISLATIVE DEVELOPMENTS

As covered in our 2023 Year-End FCPA Update, in December 2023 Congress passed FEPA, which for the first time directly criminalizes the demand side of bribery by prohibiting the receipt of corrupt payments by foreign officials (although, as noted above, this has long been accomplished through ancillary statutes). On July 20, 2024, “technical” amendments to FEPA went into effect to, as Congressman Darrell Issa (R-CA) stated, remove “inconsistencies between the language of the FCPA and the FEPA.”

The first notable change is that the amendment moves FEPA from an oddly-placed subsection of the domestic bribery statute, 18 U.S.C. § 201, to its own standalone provision of Title 18, 18 U.S.C. § 1352. The amendments also serve to harmonize prior inconsistencies between FEPA and the FCPA as to extraterritorial application, the definition of “foreign officials,” and what type of conduct must be influenced to qualify as an “official act.”

There still has yet to be a (public) enforcement action under FEPA, but given the statute’s newness, that criminal statutes apply only prospectively to conduct occurring after their implementation, and that international corruption investigations generally take years to develop, the lack of early enforcement is not surprising. It will take years to assess the impact (or lack of impact) of FEPA.

2024 FCPA-RELATED PRIVATE CIVIL LITIGATION

As we report in each of these client updates, although the FCPA does not provide for a private right of action, civil litigants nonetheless frequently employ various causes of action arising out of FCPA-related conduct. As illustrated below, these civil lawsuits can stretch on for years after a company resolves enforcement liability. A selection of such matters with material developments in 2024 follows.

Select Civil Fraud/RICO Actions

Keppel Offshore & Marine – For years, we have been reporting on an assortment of civil lawsuits initiated by EIG Global Energy Partners against Keppel Offshore & Marine arising out of the latter’s involvement in the “Operation Car Wash” scandal in Brazil, resulting in a 2017 deferred prosecution agreement with DOJ as reported in our 2017 Year-End FCPA Update. EIG alleges that it lost its $220 million investment in a Petrobras-related offshore drilling venture after news of the corruption investigation broke. One fraud-related lawsuit filed against Keppel and Petrobras in the U.S. District Court for the District of Columbia was dismissed for lack of personal jurisdiction, which ruling was upheld by the D.C. Circuit, as last reported in our 2018 Mid-Year FCPA Update. In a separate fraud action against Keppel filed in the U.S. District Court for the Southern District of New York, on March 20, 2024, the Honorable Paul G. Gardephe granted Keppel’s motion for summary judgment, finding that Keppel had no actual knowledge of fraudulent representations Petrobras made to EIG and that Keppel did not otherwise aid or abet this fraud. EIG has noted an appeal to the Second Circuit.

Select Shareholder Lawsuits

Tenaris S.A. – As we initially reported in our 2020 Year-End FCPA Update, shareholders brought a securities class action against Luxembourg-based steel pipe producer Tenaris that alleged that the company’s public filings and employee codes of conduct were materially misleading in light of bribery allegations in connection with what became known as Argentina’s “Notebooks” scandal. The lawsuit followed charges against Tenaris’s CEO in Argentina for alleged bribes to Argentinian officials in return for their lobbying the Venezuelan government to prevent the nationalization of an asset of Tenaris’s Venezuelan subsidiary. The civil shareholder action survived the all-important motion to dismiss, at least in part, and on April 22, 2024, the Honorable Kiyo Matsumoto of the U.S. District Court for the Eastern District of New York approved a settlement pursuant to which Tenaris will pay $9.5 million, with 24,344 claimants eligible to receive what will amount to an average of $242 in compensation after attorneys’ fees.
Cognizant Technology Solutions Corp. – On May 3, 2024, the U.S. Court of Appeals for the Third Circuit, sitting en banc, upheld the 2022 dismissal of a shareholder derivative action brought against Cognizant and its board of directors predicated on alleged control lapses and corporate misstatements associated with the company’s resolution of an FCPA matter with DOJ and the SEC reported in our 2019 Year-End FCPA Update. The Third Circuit initiated en banc review sua sponte to consider the standard for reviewing dismissals of shareholder derivative actions for failure to establish demand futility in light of a growing trend in the federal circuit courts of appeal to review such dismissals de novo, as opposed to the abuse of discretion standard that had been the law of the Third Circuit. The en banc court decided to join the other circuits in applying de novo review to shareholder derivative actions dismissed for failure to establish demand futility, but even under this more exacting standard found that the Honorable Kevin McNulty of the District of New Jersey correctly dismissed the action.
Telefonaktiebolaget LM Ericsson – On September 3, 2024, the U.S. Court of Appeals for the Second Circuit affirmed the dismissal of a securities class action brought against Swedish telecommunications company Ericsson for alleged false statements concerning the strength of its anti-corruption compliance program and its compliance with a 2019 deferred prosecution agreement, which DOJ determined had been breached, leading to a guilty plea to FCPA charges in 2023 as reported in our 2023 Year-End FCPA Update. The U.S. District Court for the Eastern District of New York granted Ericsson’s motion to dismiss, reasoning that Ericsson’s generalized statements about its ethics and compliance program were legal puffery and did not contain sufficient specificity to be actionable. As to Ericsson’s statements about compliance with the deferred prosecution agreement, the court found that the statements were limited in scope to the FCPA investigations by the government, conveyed nothing about any internal investigations by the company, and in several instances were inactionable puffery warning investors about the possibility of future investigations and compliance failures. The Second Circuit agreed with these findings and affirmed the dismissal.

Other Civil Claims

Associated Energy Group LLC – An unusual variant in FCPA-adjacent litigation developed in July 2024, when defense contractor Associated Energy Group initiated bid protest litigation in the U.S. Court of Federal Claims seeking to block the Defense Logistics Agency’s award of a $500 million fuel supply contract for two U.S. military bases in Djibouti. The protestor’s theory is that the bid’s technical requirement that bidders hold a Petroleum Activities License issued by Djibouti’s Ministry of Energy effectively requires bribery and unfairly disadvantages those constrained by U.S. law because this license cannot be obtained without bribery, as the protestor allegedly found through its prior efforts to execute on this project. The United States moved to dismiss the bid protest, arguing that the lack of a license rendered Associated Energy Group ineligible to fulfill the contract under Djibouti law. On September 10, 2024, the Honorable Armando O. Bonilla denied the motion to dismiss, allowing the bid protest to proceed. Associated Energy Group filed an amended complaint in November, which remains under seal.

2024 YEAR-END INTERNATIONAL ANTI-CORRUPTION DEVELOPMENTS

World Bank

Multilateral development banks (MDBs), and in particular the World Bank, continued to engage in significant enforcement activity in 2024. As we have noted in past updates, while the sanctionable practices addressed by these debarments reflect the Bank’s emphasis on preserving the integrity of the contracting process for Bank-funded projects, the ramifications of Bank-led investigations and sanctions go far beyond those projects, including cross-debarments with other MDBs and, in some cases, referrals to state law enforcement authorities.

Continuing a trend we observed last year, the World Bank’s 2024 sanctionable practices enforcement emphasized corporate compliance enhancements as a condition of release from debarment. In three corruption-related corporate debarments, the Bank required that the companies develop an integrity compliance program consistent with Bank guidelines, though in other debarments the Bank imposed more discrete requirements, for example developing certain policies and instituting ethics training.

Bribery, Corruption, and Obstructive Practices. The May 14, 2024 debarment of Marseille for Engineering & Trading S.A.L. Offshore, a Jordanian company that provides engineering and consulting services, resulted in a 30-month debarment for alleged bribes offered to influence the bid evaluation process for an Iraqi reconstruction project. The debarment requires the company to develop an integrity compliance program consistent with Bank guidelines. The Bank also imposed such an obligation in the July 10, 2024 65-month debarment of Indonesian consulting firm LPPSLH Konsultan—for allegedly overbilling an Indonesian early childhood development project, improperly hiring a project official’s family member, and withholding documents material to the Bank’s investigation. Finally, demonstrating individual accountability in World Bank enforcement, on March 12, 2024 the Bank announced the two-year debarment of consultant Victor Uneojo Akuboh for his alleged participation in improper payments to Nigerian officials to influence their actions in connection with a Bank-funded social safety net project.
Undisclosed Agents. On June 26, 2024, the World Bank announced a 30-month debarment of the Kenyan member firm of a global Big Four accounting network for allegedly failing to disclose a conflict of interest relating to the involvement of an agent during the selection and implementation of four contracts in Somalia, as well as for allegedly paying an allowance to project officials. Similar to other debarments, the Bank imposed an obligation to develop an integrity compliance program consistent with Bank guidelines.

United Kingdom

Anti-corruption enforcement and policy developments out of the UK continued apace in 2024.

Petrofac Executives Charged with UAE Corruption

On February 15, 2024, the SFO charged Marwan Chedid and George Salibi, two former senior executives of UK-based energy services conglomerate Petrofac, with allegedly offering and paying over $30 million in bribes to agents in the United Arab Emirates between 2012 and 2018, to influence the awarding of oil facility contracts worth approximately $3.3 billion. The men have denied all charges and are scheduled to stand trial in October 2026.

Trial Acquittals in Airbus Bribery Scheme

On March 6, 2024, the SFO’s oldest active case was closed with a dull thud. Following a 12-year investigation, a London jury acquitted Jeffrey Cook and John Mason, respectively a former managing director and accountant of Airbus-owned defense company GPT Special Project Management, of charges that they passed almost £10 million in bribes to military officials in Saudi Arabia in connection with contracts to build a telecommunications network for the Saudi National Guard. GPT itself was fined £30 million after pleading guilty to one count of corruption in the matter, as reported in our 2021 Year-End FCPA Update. As for Cook and Mason, they defended themselves to the jury by arguing that the bribery scheme was known to the UK government and authorized by the Ministry of Defence. Cook was convicted, however, of a separate charge of receiving bribes during his time as a UK Ministry of Defence official prior to his work for GPT.

Conviction of Madagascar’s Former Presidential Chief of Staff

On May 10, 2024, following a two-week trial, a London court sentenced former top aide to Madagascar’s President Romy Andrianarisoa to three-and-a-half years in prison. Andrianarisoa was convicted of corruptly seeking £250,000 in bribes and an ownership stake in a local venture with Gemfields, a UK gemstones company. French businessman Philippe Tabuteau was also sentenced to two years and three months arising from the scheme after pleading guilty in September 2023. The pair allegedly requested the bribes in exchange for lucrative contracts that would allow Gemfields to operate in Madagascar, but rather than pay, Gemfields proactively notified the UK National Crime Agency (NCA), which placed an undercover agent posing as a consultant to negotiate with Andrianarisoa and Tabuteau on Gemfields’s behalf. The NCA commended Gemfields for swiftly bringing the matter to the NCA’s attention.

PV Energy Charges

On May 23, 2024, UK renewable energy company PV Energy Ltd and its director Peter Virdee were charged with UK Bribery Act violations associated with alleged bribes to a Member of Parliament in Antigua and Barbuda, to obtain a commercial benefit for PV Energy between January 2015 and June 2017. Virdee is charged with making the bribes and PV Energy with failure to prevent them. Reports are that Virdee has pleaded not guilty, and no plea was entered for PV Energy. The trial for both PV Energy and Virdee has been set for January 2027.

Glencore Individual Corruption Charges

On August 1, 2024, the former head of Glencore’s oil division, Alex Beard, was charged with two conspiracies to make corrupt payments to officials of government agencies and state-owned oil companies in Nigeria and Cameroon. The same day, former traders Paul Hopkirk and Ramon Labiaga were charged with conspiring to bribe public officials in Nigeria, and former trader Martin Wakefield and former operations manager Andrew Gibson with conspiring to bribe officials in Cameroon, Côte d’Ivoire, and Nigeria. Eight days later, on August 9, former executive David Perez was charged with conspiring to bribe officials in Cameroon and Côte d’Ivoire. One further defendant, who has not been named and remains outside the UK, was charged simultaneously with Perez. All those who have entered pleas have pleaded not guilty, and the estimated four-to-six-month trial is scheduled for 2027.

SFO Agrees to Civil Settlement to Resolve ENRC Claims

On October 8, 2024, the long running saga between Kazakh mining company Eurasian Natural Resources Corporation (ENRC) and the UK Serious Fraud Office (SFO) over the alleged leaking of information about a bribery investigation finally concluded when the parties reached a last-minute, pre-trial settlement. The SFO opened its investigation into ENRC in 2013 over suspected bribery and corruption, but closed the matter in 2023 after concluding that there was “insufficient admissible evidence to prosecute.” In a stunning move, ENRC sued the SFO and two individuals for allegedly leaking details about the investigation to various journalists between 2016 and 2020. The details of the settlement are largely confidential, but in related proceedings the SFO set aside £231 million, more than twice the agency’s annual budget, to cover potential damages.

London Court Awards Mozambique $2 billion Related to “Tuna Bonds” Deal

On July 29, 2024, the UK High Court ruled in favor of the Republic of Mozambique in its civil claim against shipbuilding company Privinvest and its chairman, Iskander Safa, for allegedly bribing former Mozambican Finance Minister Manuel Chang, whose U.S. trial conviction we discuss above, to secure government-guaranteed loans to build marine infrastructure. The default on the “Tuna Bonds” loans in 2016 led the International Monetary Fund to cut funding to Mozambique, an action that helped push the country into economic crisis. Privinvest was ordered to pay more than $2 billion to Mozambique, plus £20 million in litigation costs accumulated over the five-year dispute. On December 10, 2024, the High Court refused permission to appeal and Privinvest’s lawyers announced their intent to appeal directly to the Court of Appeal.

SFO Announces New Five-Year Strategy

On April 18, 2024, SFO Director Nick Ephgrave announced a five-year strategy in which he outlined his aspirations for the SFO “to be the pre-eminent specialist, innovative and collaborative agency which leads the fight against serious and complex fraud, bribery and corruption.” His vision includes leveraging new powers granted the SFO, including the new failure to prevent fraud offense as well as Criminal Overseas Production Orders. Director Ephgrave’s strategy also aligns with comments made by Director Ephgrave in his inaugural speech as Director of the SFO on February 13, in which he expressed a desire to reduce the time between investigation and prosecution, to avoid “decade-long investigations,” and plans to conduct dawn raids more frequently to “provide momentum” to investigations.

UK Home Office Issues ECCTA Guidance

On November 6, 2024, the UK Home Office issued guidance on the Economic Crime and Corporate Transparency Act 2023 (ECCTA), which will come into force on September 1, 2025. As reported in our 2023 Year-End FCPA Update, the ECCTA creates a new offense for “failure to prevent fraud” that imposes criminal liability on large organizations if a member of staff commits fraud intended to benefit the organization. The Home Office guidance clarifies certain aspects of the offense, provides examples of hypothetical scenarios in which the offense applies, and makes recommendations as to how companies should prepare for the new offense coming into force, including: (1) demonstrating top-level commitment to fraud prevention from senior management; (2) conducting regular risk assessments; (3) implementing proportionate, risk-based prevention procedures; (4) carrying out due diligence on associated persons and in relation to mergers or acquisitions; (5) ensuring adequate communication and training at all levels of the organization; and (6) conducting regular compliance reviews and monitoring. For more comprehensive analysis of this guidance, we refer readers to our separate client alert, “Publication of UK Government Guidance on Failure to Prevent Fraud Offence.”

Europe

European Union

On April 25, 2024, in response to the so-called “Qatargate” scandal we have discussed in recent updates, the European Parliament approved the creation of a new EU body for ethical standards to develop, update, and interpret common minimum standards for ethical conduct for all EU institutions. The “Qatargate” scandal concerned allegations of Qatar and Morocco corruptly seeking to influence votes and other official proceedings. The new body will also have the power to examine individual cases and issue recommendations.

On June 14, 2024, the Council of the European Union also agreed on a revised version of a proposal for a new directive targeted at addressing corruption at the EU level. As reported in our 2023 Year-End FCPA Update, the intent of the directive is to harmonize corruption offenses, sanctions, prevention, and enforcement across EU member states. Key changes to the proposed directive in 2024 include adjustments to the definitions of corruption offenses, such as narrowing the “abuse of functions” offense to apply only to the public sector, and clarifying the concept of “enrichment from corruption offenses.” The Council also emphasized the importance of respecting member states’ institutional autonomy and national constitutions, particularly in relation to privileges and immunities. These revisions are now set to be discussed in negotiations with the European Parliament to align on a definitive version of the directive. If adopted, member states will need to transpose the directive into national law, aligning their legal frameworks with EU standards on corruption prevention, enforcement, and whistleblower protection.

France

On December 9, 2024, a French court approved a judicial public interest agreement (CJIP) between the Parquet National Financier (PNF) and French nuclear power companies and former affiliates Areva SA and Orano Mining SAS to resolve allegations of bribery of public officials in Mongolia. Areva will pay approximately €4.8 million (~ $5.1 million) and the Orano Group will cooperate with audits by the Agence Française Anticorruption (AFA), paying for the cost up to a maximum of €1.5 million (~ $1.6 million).

Germany

In March 2024, ABB AG reached a settlement with Germany’s Mannheim Regional Court to resolve allegations that it paid bribes to win contracts in South Africa. This appears to be the final step to resolve investigations into ABB’s conduct in South Africa, which as we reported in our 2022 Year-End Update resulted in coordinated resolutions with DOJ and the SEC in the United States and criminal authorities in South Africa and Switzerland arising from bribes to a high-ranking official of a state-owned energy company in South Africa. In this latest resolution, ABB AG reportedly agreed to the confiscation of profits from the alleged bribes in the amount of €9.4 million (~ $10.2 million), however no separate fine was imposed on the company. ABB’s deferred prosecution agreement with DOJ credited the amount of an anticipated German resolution up to $11 million if agreed within one year, but in December 2023 DOJ reportedly agreed to extend that one-year limit such that ABB likely received credit for the German resolution payment.

Italy

On October 8, 2024, Italian prosecutors Fabio De Pasquale and Sergio Spadaro were each sentenced to eight months in prison for failing to disclose exculpatory evidence in a high-profile corruption trial involving Shell and Eni that centered on the $1.3 billion acquisition of a Nigerian oil field. The prosecutors alleged that much of the money was used to bribe Nigerian politicians and officials, but all defendants were acquitted by an Italian court, as covered in our 2021 Year-End FCPA Update. The defendants were convicted of withholding evidence that could have undermined the credibility of a cooperating defendant, but their sentences have been suspended pending appeal in what has become a very controversial case.

Poland

In January 2024, Poland’s Anti-Corruption Agency reported that nine people, including a former Deputy Minister, had been indicted in the Cash-for-Visa scandal, which we initially discussed in our 2023 Year-End FCPA Update. In a parallel ongoing parliamentary committee investigation, former prime minister Mateusz Morawiecki denied any wrongdoing. On June 5, 2024, legislators asked a court to force the former CEO of oil refiner Orlen, Daniel Obajtek, to testify after he failed to appear before a parliamentary committee. On November 26, 2024, the parliamentary committee announced that it will send evidence of alleged breaches of law by the former prime minister and other senior members of his government to prosecutors.

Spain

On May 23, 2024, the Spanish Tax Administration Agency announced charges against eight unnamed individual defendants in connection with an alleged scheme to launder over €10 million
(~ $1 million) in proceeds of corruption from Equatorial Guinea. Some reports have connected the conduct to Gabriel Mbaga Obiang Lima, who was the Minister of Mines at the time of the alleged conduct and is also a son of Equatorial Guinea’s President Teodoro Nguema Obiang Mangue. President Obiang was previously convicted of corruption in France in 2017, as reported in our 2017 Year-End FCPA Update, and reached an agreement with MLARS in 2014 to forfeit $30 million in assets purchased with the alleged proceeds of corruption as reported in our 2014 Year-End FCPA Update.

Switzerland

On April 4, 2024, the Swiss Office of the Attorney General (OAG) issued a summary penalty order against PKB Privatbank for allegedly failing to prevent the laundering of funds stemming from corruption at Brazilian state-owned oil company Petrobras. The bank initially came under scrutiny as a result of the Operation Car Wash scandal and is the third lender convicted of violating the Swiss criminal code’s requirement for businesses to take all reasonable organizational measures to prevent certain offenses including money laundering and bribery. The order requires the bank to pay a penalty of $830,000, which is in addition to a prior Swiss Financial Market Supervisory Authority (FINMA) order to disgorge $1.4 million in profits associated with funds linked to Operation Car Wash.

On August 28, 2024, PetroSaudi executives Tarek Obaid and Patrick Mahony were convicted in the Federal Criminal Court in Bellinzona of fraud, criminal mismanagement, and money laundering. As reported in our 2023 Year-End FCPA Update, the two men were charged with embezzling $1.8 billion from the Malaysian state fund 1MDB. Obaid received a seven-year sentence, and Mahony received a six-year sentence, and the former executives were further ordered to pay $2 billion plus interest to 1MDB. Both individuals have declared they will appeal.

On November 29, 2024, the OAG announced the indictment of Swiss bank Lombard Odier, as well as an unnamed former employee, on charges that it failed to prevent a criminal organization allegedly run by Gulnara Karimova from laundering illicit proceeds between 2008 and 2012. The OAG previously indicted Karimova, daughter of Uzbekistan’s former president, in September 2023, as reported in our 2023 Year-End FCPA Update. The indictment accused her of participating in a criminal organization known as “The Office,” from which she allegedly engaged in money laundering, acceptance of bribes as foreign public official, and forgery of documents between 2001 and 2013. Lombard Odier has denied the allegations in the indictment, and stated that the bank has cooperated with the OAG’s investigation, which was opened following a disclosure from the bank.

Finally, in December 2024 Trafigura AG, its former Chief Operating Officer Mike Wainwright, former Angolan official Paulo Gouveia Junior, and an unnamed intermediary went on trial before the Federal Criminal Court in Bellinzona associated with allegations that, between 2009 and 2011, Trafigura caused the payment of $5 million in bribes to Angolan officials in exchange for ship chartering and oil bunkering contracts. We reported on the original charges in our 2023 Year-End FCPA Update. The three-week trial concluded in December and, on January 31, 2025, the Court convicted all four defendants: Trafigura of not having the required internal controls (between 2009 and 2011) to prevent the alleged bribery, and Wainright, Gouveia, and the intermediary of collectively facilitating and receiving the alleged bribes. Trafigura was sentenced to forfeit $145 million in profits and pay a $3.29 million fine; Wainright was sentenced to 22 months in prison (10 suspended), pending appeal; Gouveia was sentenced to pay a $1.2 million penalty and $5.2 million in confiscation; and the unnamed intermediary was sentenced to 24 months in prison (12 suspended), pending appeal.

Eastern Europe and Central Asia

Armenia

As noted in our Kleptocracy Initiative discussion above, in 2024 DOJ announced a settled civil forfeiture action involving a Los Angeles mansion belonging to the family of Gagik Khachatryan, the former Finance Minister of Armenia. But criminal charges against Khachatryan and Armenian businessman Sedrak Arustamyan have been proceeding in Armenia since 2019, when both were charged with money laundering, and Khachatryan also charged with abuse of office and embezzlement, with a total alleged damage to the state of $41 million. These proceedings stalled in 2024, however, as Khachatryan has asked for permission to travel abroad for medical treatment, and the European Court of Human Rights has directed the Armenian government to explain why they would not allow him to travel for medical care.

Georgia

Georgia had been focused on improving its anti-corruption enforcement regime as part of its EU accession process, but it is not clear whether these efforts will continue after the Georgian government announced in November that it was suspending the accession process. The European Commission Staff’s Georgia 2024 Report, released before Georgia announced suspension of the accession process, suggested that Georgia had regressed in meeting membership requirements, including as it relates to combatting corruption. That said, in May 2024, the Georgian parliament adopted amendments to the Law on the Fight Against Corruption that aimed to strengthen Georgia’s Anti-Corruption Bureau and the protection of whistleblowers.

Kazakhstan

In 2024, the Anti-Corruption Service of Kazakhstan recovered approximately 195 billion tenge
(~ $405.8 million) from defendants in completed criminal cases. A significant portion of this amount, $98.5 million, was recovered from Kairat Satybaldyuly, a Kazakh businessman and relative of former President Nazarbayev, in what is viewed as the biggest anti-corruption case since the resignation of former President Nazarbayev. The Anti-Corruption Service stated that the funds were returned as part of the criminal case against Satybaldyuly, who was convicted for abuse of power and embezzlement in September 2022. Satybaldyuly’s ex-wife, Gulmira Satybaldyuly, faces extortion and other charges related to the same investigation.

Moldova

Like Georgia above, Moldova’s EU accession negotiations have also involved a significant anti-corruption component. But unlike Georgia, the European Commission Staff’s 2024 Report for Moldova praises the country’s recent progress, including steps to strengthen the independence of, and clarify the division of responsibilities between, its principal anti-corruption enforcement agencies. Moldova also created panels of specialized judges focusing on corruption cases in the Chisinau Court while working to implement a specialized anti-corruption court. Moldova also adopted several measures to enhance the system of mandatory declaration of assets, including a new methodology for verifying assets and personal interests, and to strengthen the role and functionality of Moldova’s National Integrity Authority, the agency responsible for monitoring wealth and conflict of interest compliance of public officials.

Russia

The main anti-corruption news to come out of Russia this year was the untimely death of anti-corruption activist and outspoken Kremlin critic Aleksei Navalny in February 2024. Navalny died while serving a nine-year sentence in Russian prison on contempt and embezzlement charges that were widely believed to have been politically motivated.

Meanwhile, the Russian government continues to assert that it is robustly combatting corruption. In December 2024, Russia’s top prosecutor Igor Krasnov reported that corruption in Russia is getting worse, with an estimated 30% more bribes paid in 2024 than in 2023 and more than 30,000 officials disciplined for bribery. To facilitate enforcement, two months earlier, the Constitutional Court of Russia removed statute of limitations restrictions for corruption-related asset seizures.

Finally, in what has become known as the “Defense Ministry Purge,” numerous military officials have been arrested on bribery charges since April 2024. These include Russia’s Deputy Defense Minister Timur Ivanov, former Defense Minister Sergei Shoigu, Chief of the Defense Ministry’s Main Personnel Directorate Lieutenant General Yury Kuznetsov, former Deputy Defense Minister Dmitry Bulgakov, Deputy Chief of the Russian Military General Staff Lieutenant General Vadim Shamarin, and former Deputy Defense Minister Pavel Popov.

Ukraine

Ukraine has continued to focus its wartime anti-corruption activities on weeding out corrupt government officials and implementing reforms to meet the requirements for accession to international organizations. Despite these efforts, corruption was mentioned as a reason for NATO’s rejection of Ukraine’s request to begin the accession process in the summer of 2024. According to the European Commission Staff’s Ukraine 2024 Report, although Ukraine’s key anti-corruption institutions have strengthened their expertise in tackling complex crime schemes and systemic corruption, case prioritization and confiscation of assets are areas for improvement. The report also highlighted several legislative actions and key milestones, including the Law on Lobbying creating a comprehensive framework for regulating lobbying with penalties and oversight administered by the National Agency on Corruption Prevention, and the first two anti-corruption whistleblower awards in October 2024.

Headlining Ukraine’s latest anti-corruption enforcement efforts is the dismissal of Deputy Energy Minister Oleksandr Kheylo. Kheylo is accused of demanding a $500,000 bribe in exchange for allowing several state-owned mining companies to evacuate equipment from the war zone coal mines in the Donetsk region. Additionally, on November 14, 2024, Ukraine’s High Anti-Corruption Court sentenced a member of the Ukrainian parliament in absentia for attempting to bribe the Head of the State Agency for Reconstruction and Development of Infrastructure with bitcoin in exchange for allocating reconstruction funds to a university headed by the defendant.

The Americas

Brazil

On February 26, 2024, Singaporean oil and gas rig builder Seatrium announced that it reached a provisional agreement with three Brazilian enforcement agencies to settle allegations of corrupt payments made by its predecessor company, Sembcorp Marine, arising from the long-running “Operation Car Wash” scandal. The company has agreed to pay BRL 670.7 million (~ $134.2 million) and abide by compliance obligations to resolve the claims of Petrobras-related corruption. Two employees have been criminally charged in Singapore as discussed below.

On March 11, 2024, Canadian chemicals producer Chemtrade announced that its Brazilian subsidiary has agreed to pay BRL 2 million (~ $400,000) to settle allegations that it breached Brazil’s anti-corruption law. The settlement stems from an investigation by Brazil’s Ministry of Development, Industry and Foreign Trade into Chemtrade Brasil’s purchase of 16 monthly import reports between 2015 and 2017, which contained information allegedly obtained through improper payments to government officials. Now more than 10 companies have been penalized in connection with “Operation Spy,” an investigation by Brazil’s Federal Police, tax agency, and Federal Prosecutor’s office into purchases of confidential trade information through bribes to Brazil’s Federal Revenue Service.

Ecuador

As noted above, in March 2024 Gunvor reached an FCPA resolution with DOJ arising from alleged bribes to officials of Ecuadorian state-owned oil company Petroecuador, with the prospect of a credit to the criminal fine for up to $93.6 million paid to Ecuadorian authorities associated with the same conduct, provided the penalty was paid within 12 months. Sure enough, three months later, on June 11, 2024, Ecuador’s State Attorney General’s Office announced that Gunvor had paid $93.6 million to resolve its claims associated with the bribery allegations.

Peru

On October 21, 2024, former Peruvian President Alejandro Toledo Manrique was sentenced to 20-and-one-half years in prison in connection with bribes received from Brazilian construction company Odebrecht S.A. The conviction is part of a string of cases stemming from Odebrecht’s extensive corruption scheme, covered since our 2016 Year-End FCPA Update. Former president Toledo’s sentence concludes a long-running legal battle that led to his extradition from the United States on April 19, 2023. A Peruvian court convicted Toledo on collusion and money laundering charges in connection with accepting $35 million in bribes from Odebrecht in exchange for a contract to build a major highway in the South American nation.

Middle East & Africa

South Africa

On January 11, 2024, South Africa’s National Prosecuting Authority announced that it had resolved bribery allegations with SAP for ZAR 2.2 billion (~ $118 million) in disgorgement and “punitive reparation payments,” which, after crediting part of the payments to U.S. authorities as discussed above, resulted in a total payment of approximately $114 million.

On April 3, 2024, South Africa passed the Judicial Matters Amendment Act, which among other things amended the Prevention and Combatting of Corrupt Activities Act of 2004 to create a new failure to prevent corruption offense. Similar to the UK’s failure to prevent corruption law, there is an affirmative defense if the company had “adequate procedures” to prevent corruption.

On April 19, 2024, the National Prosecuting Authority published guidance on a new corporate alternative dispute resolution mechanism that will be available to companies charged with corruption and corruption-related offenses. This non-trial resolution mechanism is similar to non-prosecution agreements utilized in the United States and certain other jurisdictions, and will not require court approval. According to the guidance, the National Prosecuting Authority will consider a number of criteria when determining whether matter is appropriate for pre-trial resolution, such as timely and voluntary disclosure of the alleged unlawful activity, cooperation in the ensuing investigation, willingness to pay restitution, the nature of the unlawful activities, the company’s prior history of any misconduct, the effectiveness of the company’s compliance program, the likelihood of significant negative collateral effect from conviction on the company, and the interests of any victims.

Saudi Arabia

On July 23, 2024, Saudi Arabia’s Council of Ministers approved the Saudi Oversight and Anti-Corruption Authority (Nazaha) Law, which requires immediate dismissal of any government employee convicted of corruption. The law establishes a rebuttable presumption that a government employee is guilty of corruption if the employee amasses wealth disproportionate to his or her income and that increase is linked to corruption. In those circumstances, the employee bears the burden of proving the legitimacy of the acquired assets. This burden shifting dynamic is also applied to close family members of the employee.

Asia and Australia

China

China’s financial sector continued to face an extensive anti-corruption purge in 2024, with numerous high-profile arrests and indictments. In January 2024, former chairman of China Everbright Group Shuangning Tang was arrested for alleged embezzlement and receiving bribes. In April 2024, the former chairman of a major financial institution, Liange Liu, pleaded guilty to soliciting and accepting improper payments totaling RMB 121 million (~ $16 million). In May 2024, two former senior executives of a different significant financial institution, Liyan An and Hongli Zhang, were expelled from the Communist Party over influence-peddling allegations. In the cryptocurrency space, Qian Yao, the People’s Bank of China’s inaugural Director of Digital Currency Research and Director of the Technology Supervision Department of the China Securities Regulatory Commission, has been accused of taking large bribe payments from technology companies seeking his support.

China’s energy sector also found itself in the spotlight amid high-profile corruption scandals. In April 2024, former Deputy General Manager of China National Petroleum Corporation Wenrong Xu was charged with accepting bribes. In May 2024, the Central Commission for Discipline Inspection announced that it has begun an investigation into Meisheng Qi, former chairman of the China National Offshore Oil Company for suspected “serious disciplinary violations,” a phrase commonly used to refer to bribery allegations.

On the legislative front, on March 1, 2024 the Chinese government introduced anti-corruption-related amendments to its Criminal Law. The revisions increase penalties for bribe-giving, bringing them in line with those for bribe-taking, and impose liability on private-sector employees for corruption-related offenses that were previously only applicable to employees of state-owned enterprises. The revised legislation also introduces seven corruption-related “aggravating factors” that the judiciary must consider at sentencing, including whether there were multiple bribe payments, whether the bribes were paid within certain industries (for example, the healthcare sector), and whether the bribes were made from the proceeds of other crimes.

In May 2024, the Chinese government introduced amendments to the State Secrets Law and published the implementing regulations of the International Criminal Judicial Assistance Law, both of which will impact companies’ efforts to manage internal investigations, cross-border data transfers, and responses to enforcement agencies. In particular, the implementation regulations of the International Criminal Judicial Assistance Law provide clarity on the government approval process Chinese parties must follow if they wish to cooperate with a foreign government in connection with a criminal proceeding.

India

A landmark ruling in 2024 by the Supreme Court of India invalidated a controversial political funding scheme operated by the government-run State Bank of India. Under the scheme, companies and individuals could purchase bonds and redeem them anonymously in an account held by a designated political party, a practice that was widely viewed as posing elevated risks of corruption. As part of the Supreme Court’s ruling, information regarding the buyers and sellers of these bonds was released, resulting in investigations of dozens of companies associated with a total of INR 24.71 billion (~ $292 million) in donations to political parties.

The now-former Chief Minister of the State of Delhi (and prominent anti-corruption crusader) Arvind Kejriwal was arrested by the Enforcement Directorate in March on corruption and money laundering charges relating to a policy introduced by the Delhi Government to end the existing state liquor monopoly and allow private-sector vendors. Federal enforcement authorities allege that Kejriwal’s political party accepted bribes of INR 1 billion (~ $12 million) in return for granting liquor licenses to private vendors following passage of the law in 2021.

Singapore

On March 28, 2024, Singaporean authorities announced charges against Wong Weng Sun and Lee Fook Kang, two former executives of Sembcorp Marine (now known as Seatrium), for allegedly making $44 million in improper payments to further the company’s business interests with Petrobras in Brazil. As noted above, the company reached a provisional agreement with Brazilian authorities in February 2024.

In October 2024, courts in Singapore sentenced former cabinet minister Subramaniam Iswaran to 12 months’ imprisonment after he was found guilty of corruption and obstruction of justice. The court found that Iswaran received improper gifts worth SGD 403,300 (~ $313,200) from two businessmen (Kok Seng Lum and Beng Seng Ong) over a seven-year period. Subramanian, who oversaw Singapore’s tourism industry until his resignation following the charges, received gifts from Ong, a Malaysian property developer who owned the rights to the Formula One race that Iswaran brought to Singapore. On October 4, 2024, the Singapore Attorney-General declined to file charges against Lum.

South Korea

Korea’s Anti-Corruption and Civil Rights Commission announced amendments to the Whistleblower Protection Act that took effect on August 7, 2024. The amendments require organizations to provide guidance to potential whistleblowers, abolish limits on monetary rewards provided to “internal whistleblowers” (defined as any employee or contracting party of a public institution, corporation, entity, or organization), and mandate discipline of anyone who breaches whistleblower confidentiality or otherwise takes retaliatory action against a whistleblower.

Thailand

In May 2024, Thailand’s National Anti-Corruption Commission recommended charges against four former executives of Thai state-owned oil and gas company PTT Exploration and Production Public Co. Ltd. for their alleged involvement in receiving bribes from Rolls-Royce Motor Cars Ltd. Thai authorities initiated their investigation following Rolls-Royce’s January 2017 FCPA resolution with DOJ, as we reported in our 2017 Mid-Year FCPA Update.

Vietnam

In April 2024, a court in Vietnam sentenced My Lan Truong, the chairwoman of real estate developer Van Thinh Phat Holdings Group, to death after finding her guilty of embezzling 304 trillion dong (~ $12.4 billion) from Saigon Commercial Bank over a period of 11 years. The court accused Lan of utilizing shell companies and individual proxies to exert effective control over the bank and approve hundreds of loans for herself, as well as paying bribes to ensure her loans were not scrutinized. Lan was separately convicted in October 2024 on financial fraud charges including obtaining property by fraud, money laundering, and illegal cross-border money transfers. In December 2024, a court ruled that Lan may be spared the death penalty and instead receive a life prison sentence if she repays three-fourths of the embezzled funds.

Australia

In March 2024, the Australian parliament passed the Crimes Legislation Amendment (Combatting Foreign Bribery) Bill 2023, criminalizing the corporate failure to prevent bribery of foreign officials. The new law came into effect in September 2024 and imposes criminal liability on Australian companies where an “associate” of the company bribes a foreign official to obtain profit or gain in favor of the company. The term “associate” is broadly defined to include an employee, contractor, agent, subsidiary or other controlled entity, or a person who otherwise performs services on behalf of the company. Under the law, companies can be held strictly liable for the conduct of their associates; for example, the prosecution need not prove that the associate acted within their scope of their authority or that the company authorized or intended a bribe payment to be made. Similar to the UK “failure to prevent bribery” offense on which this law is modeled, however, the Australian law also introduces an affirmative “adequate procedures” defense.

The following Gibson Dunn lawyers participated in preparing this update: F. Joseph Warin, John Chesley, Patrick Stokes, Benno Schwarz, Bryan Parr, Alexander Moss, Allison Lewis, Michael Diamant, Katharina Humphrey, Allan Neil, Oleh Vretsona, Oliver Welch, Alena Aniscenko, Kathryn Harris Bloom, Karla Böltz, Marija Bračković, Sarah Burns, Morgan Carter, Josiah Clarke, Elizabeth Dabanka, Abby Dugan, Rommy Flores, Mary Aline Fertin, Kate Goldberg, Sarah Hafeez, John Harrison, Valentin Held, Anna Helmer, Melina Kronester, Nicole Lee, Joshua Lim, Jiayi Lin, Ramona Lin, Lora MacDonald, José Madrid, Nikita Malevanny, Andrei Malikov, Aquila Maliyekkal, Shannon Summer, Jacob McGee, Megan Meagher, Jaclyn Neely, Ning Ning, Kyle Parrott, Marquan Robertson, Julian Reichert, Alexandra Sage, Kelly Skowera, Enno Schley, Ellie Schwietering, Ty Shockley, Pedro Soto, Laura Sturges, Karthik Ashwin Thiagarajan, Katherine Tomsett, Bonnie Tong, Todd Truesdale, Tim Velenchuk, Nicole Waddick, Simon Wörrlein, Dillon Westfall, Yujia Wu, and Sara Zamani.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. We have more than 110 attorneys with FCPA experience, including a number of former federal prosecutors and SEC officials, spread throughout the firm’s domestic and international offices. Please contact the Gibson Dunn attorney with whom you work, or any of the following leaders and members of the firm’s Anti-Corruption & FCPA practice group:

Washington, D.C.
F. Joseph Warin (+1 202.887.3609, fwarin@gibsondunn.com)
David P. Burns (+1 202.887.3786, dburns@gibsondunn.com)
Stephanie Brooker (+1 202.887.3502, sbrooker@gibsondunn.com)
Courtney M. Brown (+1 202.955.8685, cmbrown@gibsondunn.com)
John W.F. Chesley (+1 202.887.3788, jchesley@gibsondunn.com)
Daniel P. Chung (+1 202.887.3729, dchung@gibsondunn.com)
M. Kendall Day (+1 202.955.8220, kday@gibsondunn.com)
Michael S. Diamant (+1 202.887.3604, mdiamant@gibsondunn.com)
Melissa L. Farrar (+1 202.887.3579, mfarrar@gibsondunn.com)
Adam M. Smith (+1 202.887.3547, asmith@gibsondunn.com)
Patrick F. Stokes (+1 202.955.8504, pstokes@gibsondunn.com)
Oleh Vretsona (+1 202.887.3779, ovretsona@gibsondunn.com)
Ella Alves Capone (+1 202.887.3511, ecapone@gibsondunn.com)
Nicole Lee (+1 202.887.3717, nlee@gibsondunn.com)
Lora Elizabeth MacDonald (+1 202.887.3738, lmacdonald@gibsondunn.com)
Bryan Parr (+1 202.777.9560, bparr@gibsondunn.com)
Pedro G. Soto (+1 202.955.8661, psoto@gibsondunn.com)
Alexander “Sandy” Moss (+ 1 202.887.3615, amoss@gibsondunn.com)
Allison Lewis (+ 1 202.887.3693, alewis@gibsondunn.com)

New York
Zainab N. Ahmad (+1 212.351.2609, zahmad@gibsondunn.com)
Lisa A. Alfaro (+55 11 3521 7160, lalfaro@gibsondunn.com)
Barry Berke (+1 212.351.3860, bberke@gibsondunn.com)
Reed Brodsky (+1 212.351.5334, rbrodsky@gibsondunn.com)
Jordan Estes (+1 212.351.3906, jestes@gibsondunn.com)
Dani James (+1 212.351.3880, djames@gibsondunn.com)
Darren LaVerne (+1 212.351.3936, dlaverne@gibsondunn.com)
Michael Martinez (+1 212.351.4076, mmartinez2@gibsondunn.com)
Karin Portlock (+1 212.351.2666, kportlock@gibsondunn.com)
Jaclyn Neely (+1 212.351.2692, jneely@gibsondunn.com)
M. Jonathan Seibald (+1 212.351.6216, mseibald@gibsondunn.com)

Denver
Ryan T. Bergsieker (+1 303.298.5774, rbergsieker@gibsondunn.com)
Robert C. Blume (+1 303.298.5758, rblume@gibsondunn.com)
John D.W. Partridge (+1 303.298.5931, jpartridge@gibsondunn.com)
Laura M. Sturges (+1 303.298.5929, lsturges@gibsondunn.com)

Los Angeles
Michael M. Farhang (+1 213.229.7005, mfarhang@gibsondunn.com)
Douglas Fuchs (+1 213.229.7605, dfuchs@gibsondunn.com)
Nicola T. Hanna (+1 213.229.7269, nhanna@gibsondunn.com)
Poonam G. Kumar (+1 213.229.7554, pkumar@gibsondunn.com)
Marcellus McRae (+1 213.229.7675, mmcrae@gibsondunn.com)
Debra Wong Yang (+1 213.229.7472, dwongyang@gibsondunn.com)
Rommy L. Conklin (+1 213.229.7966, rconklin@gibsondunn.com)

San Francisco
Winston Y. Chan (+1 415.393.8362, wchan@gibsondunn.com)
Thad A. Davis (+1 415.393.8251, tadavis@gibsondunn.com)
Charles J. Stevens (+1 415.393.8391, cstevens@gibsondunn.com)
Zachariah J. Lloyd (+1 415.393.8319, zlloyd@gibsondunn.com)

Palo Alto
Benjamin Wagner (+1 650.849.5395, bwagner@gibsondunn.com)

London
Patrick Doris (+44 20 7071 4276, pdoris@gibsondunn.com)
Charlie Falconer (+44 20 7071 4270, cfalconer@gibsondunn.com)
Sacha Harber-Kelly (+44 20 7071 4205, sharber-kelly@gibsondunn.com)
Michelle Kirschner (+44 20 7071 4212, mkirschner@gibsondunn.com)
Allan Neil (+44 20 7071 4296, aneil@gibsondunn.com)
Philip Rocher (+44 20 7071 4202, procher@gibsondunn.com)

Paris
Benoît Fleury (+33 1 56 43 13 00, bfleury@gibsondunn.com)
Bernard Grinspan (+33 1 56 43 13 00, bgrinspan@gibsondunn.com

Munich
Katharina Humphrey (+49 89 189 33 155, khumphrey@gibsondunn.com)
Benno Schwarz (+49 89 189 33 110, bschwarz@gibsondunn.com)
Mariam Pathan (+49 89 189 33 228, mpathan@gibsondunn.com)

Hong Kong
Oliver D. Welch (+852 2214 3716, owelch@gibsondunn.com)
Becky Chung (+ +852 2214 3837, bchung@gibsondunn.com)
Ning Ning (+852 2214 3763, nning@gibsondunn.com)

Singapore
Oliver D. Welch (+852 2214 3716, owelch@gibsondunn.com)
Karthik Ashwin Thiagarajan (+65 6507 3636, kthiagarajan@gibsondunn.com)

Our update provides key takeaways from President Trump’s Executive Order and its potential impact on various energy initiatives as well as the M&A and capital markets outlook for energy companies.

On January 20, 2025, President Donald Trump signed executive order “Unleashing American Energy“ (the Executive Order). This update discusses key takeaways from the Executive Order and the potential impact of the Executive Order on various energy initiatives as well as the M&A and capital markets outlook for energy companies. For a broader discussion of the twenty-six executive orders President Trump signed on January 20, 2025 and the major regulatory and policy issues energy industry experts will be monitoring in the coming days, please refer to Trump 2.0 on Energy: Ten Items to Watch.

1. Overview of the Executive Order

The Executive Order is intended to reverse years of what the new administration characterizes as “burdensome and ideologically motivated regulations” which have impeded the development of America’s abundant energy and natural resources. By implementing new policies and revoking several executive orders from prior administrations, the Executive Order seeks to promote and encourage energy exploration and development by revising the permitting process, revoking or revising regulations, and promoting domestic mining, amongst other changes.

2. Impact on Oil & Gas Leasing and Permitting

The Executive Order lays out policies of the United States which include (a) encouraging energy exploration and production of Federal lands and waters, including on the Outer Continental Shelf, in order to meet the needs of US citizens and solidify the United States as a global energy leader and (b) establishing the United States’ position as the leading producer and processor of non-fuel minerals, thus creating jobs and prosperity at home.

The heads of all federal agencies are ordered to review, revise, or rescind all existing regulations, orders, guidance documents, policies, or other agency actions, that impose an undue burden on the identification, development or use of domestic energy resources, particularly “oil, natural gas, coal, hydropower, biofuels, critical mineral, and nuclear energy resources.” Agency heads are instructed to develop and begin implementing action plans to suspend, revise or rescind any such unduly burdensome agency actions within 30 days of the Executive Order (Feb. 19, 2025).

The chair of the Council of Environmental Quality (CEQ) is ordered to provide guidance on implementing the National Environmental Policy Act (NEPA) and propose rescinding burdensome NEPA regulations in order to expedite and simplify permitting. Further, the Executive Order directs various federal agencies to eliminate delays within their permitting process. In doing so, the Executive Order intends to streamline the NEPA judicial review process and promote the permitting and construction of critical infrastructure whilst providing greater certainty in the Federal permitting process.

These changes are expected to streamline and promote domestic exploration and production on both onshore and offshore federal oil and gas leases. While challenges from environmental groups are likely, we expect significantly more federal lease sales to be conducted, including in federal lands that had never previously been considered for sale. Environmental review of well and pipeline permit applications will still occur, but the process will likely be overhauled and permit approvals will likely be granted significantly faster in an effort to promote resource development.

3. Pause on Inflation Reduction Act Funding on Various Energy Projects

Pursuant to the Executive Order, all agencies are to immediately pause the disbursement of funds appropriated through the Inflation Reduction Act (Public Law 117-169, IRA) or the Infrastructure Investment and Jobs Act (Public Law 117-58, IIJA). On January 21, 2025, the acting director of the Office of Management and Budget (OMB) issued guidance clarifying that the pause only applies to funds supporting programs, projects or activities that contravene the policies of the Executive Order and that agency heads may disburse funds as they deem necessary after consulting with OMB. Given that the Executive Order indicates a lack of support for solar and wind, while remaining silent on geothermal or carbon capture, utilization, and storage (CCUS), IRA and IIJA funding for geothermal and CCUS projects may not be suspended for long, if at all. However the future of federal funding for solar and wind-related projects is more uncertain.

It is important to note that a pause on federal funding under the IRA is not tantamount to a revocation of tax credits under the IRA. For further discussion on the impact to IRA Tax Credits, please refer to Trump 2.0 on Energy: Ten Items to Watch.

4. Changes to Environmental Analyses and Carbon Monitoring

The Executive Order aims to streamline the permitting process, reduce regulatory burdens, and shift the focus away from certain climate-related metrics. As touched on in Section 2 above, it does so in part by revoking prior Executive Orders related to Environmental regulations under NEPA and directing agencies to make changes related to consideration and calculation of greenhouse gas emissions.

Revocation of Executive Order 11991: Revokes Executive Order 11991 (Carter, May 24, 1977), which amended Executive Order 11514 (Nixon, March 5, 1970). Executive Order 11991 tasked CEQ with issuing regulations to federal agencies for implementing the procedural provisions of NEPA, and directed that federal agencies comply with those regulations unless such compliance would be inconsistent with statutory requirements.
NEPA Implementation: Tasks the Chairman of CEQ with providing guidance to expedite and simplify the permitting process under the NEPA. Agencies are required to prioritize efficiency and certainty in the permitting process, minimizing delays and ambiguity.
Adherence to Legislated Requirements: Agencies must adhere strictly to legislated requirements for environmental considerations, using robust methodologies and avoiding arbitrary or ideologically motivated methods.
Disbanding the Interagency Working Group on the Social Cost of Greenhouse Gases (IWG): The IWG is disbanded, and all its guidance, instructions, and documents are withdrawn. This includes the withdrawal of the Technical Support Document on the social cost of carbon, methane, and nitrous oxide.
Elimination of the Social Cost of Carbon Calculation: The calculation of the social cost of carbon is deemed arbitrary and potentially harmful to the U.S. economy. The EPA Administrator is directed to issue guidance to address these issues, including the potential elimination of the social cost of carbon calculation from federal permitting or regulatory decisions.
Review of EPA’s Endangerment Findings: The EPA Administrator, in collaboration with other agencies, is to review the legality and applicability of the EPA’s findings on greenhouse gases under the Clean Air Act.
Review of Agency Actions: Agency heads must review existing regulations and actions to identify those that burden domestic energy development, and create and implement plans to suspend, revise, or rescind identified burdensome actions, in collaboration with OMB and the National Economic Council (NEC).
Revocation of Executive Orders: Revokes a dozen of President Biden’s Executive Orders related to environmental justice, climate change, and the environment.

There are various agency deadlines related to the above NEPA and carbon monitoring changes which will need to be achieved as part of the Executive Order.

Within 30 days:
- Agency heads must develop and begin implementing action plans to suspend, revise, or rescind burdensome actions.
- The Chairman of CEQ must provide guidance on implementing NEPA.
- Agencies must submit reports identifying instances where enforcement discretion can advance policy goals.
Within 60 days:
- The EPA Administrator must issue guidance addressing the inadequacies of the social cost of carbon calculation.

The Executive Order mandates a review and revision of regulations that are seen to burden domestic energy development, which could lead to faster permitting processes and reduced compliance costs for energy companies. CEQ is expected to be stripped of its power to issue binding NEPA regulations for federal agencies. Because most agencies have their own regulations to implement NEPA, this change will not eliminate NEPA reviews. The elimination of the social cost of carbon calculations is intended to lessen the importance of climate change analysis in permitting decisions. Industry should prepare for streamlined regulatory requirements and potential shifts in the rigor required to prepare environmental analyses and environmental impact statements, with agencies tasked with focusing on efficiency and adherence to strict legislative text and these new guidelines. We expect NEPA litigation to increase as environmental groups challenge these executive orders. Energy sector companies should stay informed about changes to ensure compliance and leverage opportunities for expedited project approvals over the coming months as these agencies undergo a potentially major overhaul of NEPA and carbon reporting.

5. Impact on LNG Export Projects

The Executive Order directs the Secretary of Energy to “restart reviews of applications for approvals of liquified natural gas (LNG) export projects,” which, coupled with President Trump reversing the Biden administration’s pause on LNG permits on day one of his second term by rolling back President Biden’s executive order that paused granting LNG export authorizations, suggests an emphasis on increasing LNG exports by the current administration. LNG exports are a key driver for investment in natural gas assets, midstream projects, and CCUS, thus such a change should be positive for investment and dealmaking in these areas.

For further discussion on the future of LNG under the Trump administration, please refer to Trump 2.0 on Energy: Ten Items to Watch.

6. Impact on Mergers & Acquisitions and Antitrust in the Energy Industry

While the Executive Order promises to reduce administrative hurdles to traditional energy projects, we expect oil and gas companies to operate largely consistently with the approach they have taken in the post-pandemic era, with an emphasis on capital discipline, efficient returns, and consolidation. The Executive Order will likely enhance the value of companies with asset bases that include large portfolios of leases on federal lands or in the Outer Continental Shelf, but from a dealmaking perspective, the administration’s attitude shift toward traditional energy is likely to also be seen in the antitrust review process. With the change in political leadership and an emphasis on encouraging investment in natural resources in the name of energy security, the Federal Trade Commission (FTC) is unlikely to be as hostile to mergers and acquisitions in the energy industry as the previous administration. For example, the FTC conducted large-scale Second Request investigations into a range of industry transactions as part of its antitrust reviews under the Hart-Scott-Rodino (HSR) Act, following requests from Democratic leadership in the Senate for thorough investigations of industry transactions. With that said, the FTC cleared most industry transactions without challenge, despite the costs imposed through extensive investigations. Furthermore, the career FTC staff that has reviewed transactions in the industry for a number of years will likely remain in place, suggesting that changes in the substantive review of industry transactions are likely to be modest. Nonetheless, the potential for fewer Second Requests and quicker HSR approvals would be beneficial to an energy consolidation wave that industry experts suggest has not yet crested.

7. Impact on Energy Industry Capital Raising and Public Company Regulation

The reduction in environmental reporting and carbon monitoring under the Executive Order, in combination with the policy objectives stated in the Executive Order and other directives from the Trump administration, indicate that the outlook for energy capital markets and public company regulation under the second Trump administration is positive. Both going public and operating as a public company should be less time-consuming and costly than it was under the Biden administration. A majority of the U.S. Securities and Exchange Commission (SEC) commissioners (including the nominated chair, former Commissioner Atkins) will be appointed by President Trump and, judging from the first Trump administration, will set an agenda that is supportive of capital raising and focused on reducing the burden of being publicly traded. For example, the climate disclosure rules adopted by the Biden administration’s divided SEC (and stayed pending challenge in federal court) are likely to be repealed, saving energy companies a significant amount of G&A expense and reducing the risk of litigation. As another example, based on experience with the SEC review process under the first Trump administration, we expect the process and waiver requests to be faster and more commercial, further facilitating capital markets transactions. We also can expect rule proposals that are focused on making it easier for private companies to raise capital from a broader investor base. For capital intensive businesses in the energy industry, a relatively fast, predictable process with as little unnecessary expense as possible, is important. As such, we expect the backlog of private energy companies who have been waiting to IPO to seize the opportunity to access the capital markets while the process is easier, being a public company is less costly, and the broader business climate for the industry is supportive. In addition, we expect public energy companies to take advantage of this improved regulatory climate to access the capital markets more often than in recent years. Regardless, investor pressures to live within free cash flow, maintain low leverage and pay dividends to shareholders will continue to impact decision making with respect to equity and debt capital markets transactions.

Despite all this optimism, it remains true that capital markets for the energy industry are only as strong as the capital markets themselves. Other significant events, such as war, pandemic, inflation, labor shortages, or supply cost increases from tariffs, could have an adverse impact on the equity markets or the energy industry generally. Similarly, any increases in the deficit and inflation could cause interest rates to rise again, increasing the cost of accessing the debt capital markets. Even so, energy capital markets generally thrive on stability and low volatility and the regulatory environment under the second Trump administration appears to be conducive to this.

The following Gibson Dunn lawyers prepared this update: Rahul Vashi, Hillary Holmes, Harrison Tucker, Adam Whitehouse, and Zain Hassan.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have about these developments. To learn more, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Oil & Gas, Energy Regulation & Litigation, Environmental Litigation & Mass Tort, Power & Renewables, Cleantech, Antitrust & Competition, Capital Markets, or Mergers & Acquisitions practice groups:

Oil and Gas:
Michael P. Darden – Houston (+1 346.718.6789, mpdarden@gibsondunn.com)
Rahul D. Vashi – Houston (+1 346.718.6659, rvashi@gibsondunn.com)
Graham Valenta – Houston (+1 346.718.6646, gvalenta@gibsondunn.com)

Energy Regulation and Litigation:
William R. Hollaway – Washington, D.C. (+1 202.955.8592, whollaway@gibsondunn.com)
Tory Lauterbach – Washington, D.C. (+1 202.955.8519, tlauterbach@gibsondunn.com)

Environmental Litigation and Mass Tort:
Stacie B. Fletcher – Washington, D.C. (+1 202.887.3627, sfletcher@gibsondunn.com)
David Fotouhi – Washington, D.C. (+1 202.955.8502, dfotouhi@gibsondunn.com)
Rachel Levick – Washington, D.C. (+1 202.887.3574, rlevick@gibsondunn.com)

Power and Renewables:
Peter J. Hanlon – New York (+1 212.351.2425, phanlon@gibsondunn.com)
Nicholas H. Politan, Jr. – New York (+1 212.351.2616, npolitan@gibsondunn.com)

Cleantech:
John T. Gaffney – New York (+1 212.351.2626, jgaffney@gibsondunn.com)
Daniel S. Alterbaum – New York (+1 212.351.4084, dalterbaum@gibsondunn.com)
Adam Whitehouse – Houston (+1 346.718.6696, awhitehouse@gibsondunn.com)

Antitrust and Competition:
Rachel S. Brass – San Francisco (+1 415.393.8293, rbrass@gibsondunn.com)
Kristen C. Limarzi – Washington, D.C. (+1 202.887.3518, klimarzi@gibsondunn.com)
Cynthia Richman – Washington, D.C. (+1 202.955.8234, crichman@gibsondunn.com)

Capital Markets:
Andrew L. Fabens – New York (+1 212.351.4034, afabens@gibsondunn.com)
Hillary H. Holmes – Houston (+1 346.718.6602, hholmes@gibsondunn.com)
Stewart L. McDowell – San Francisco (+1 415.393.8322, smcdowell@gibsondunn.com)
Peter W. Wardle – Los Angeles (+1 213.229.7242, pwardle@gibsondunn.com)

Mergers and Acquisitions:
Robert B. Little – Dallas (+1 214.698.3260, rlittle@gibsondunn.com)
Saee Muzumdar – New York (+1 212.351.3966, smuzumdar@gibsondunn.com)
George Sampas – New York (+1 212.351.6300, gsampas@gibsondunn.com)

This update summarizes key amendments to the COPPA Rule and related FTC Commissioner statements, as well as key proposals that the FTC declined to adopt, and it positions these developments in the broader legal landscape related to children’s privacy and safety online.

On January 16, 2025, the Federal Trade Commission (FTC or Commission) voted 5-0 to approve long-awaited updates to the Children’s Online Privacy Protection Rule (COPPA Rule or Rule),[1] which was last updated over a decade ago, in 2013. The FTC had proposed amendments to the COPPA Rule in a Notice of Proposed Rulemaking (NPRM) in January 2024,[2] following a 2019 request for comment[3] on the effectiveness of the 2013 amendments. While the updated COPPA Rule does not include some of the more sweeping amendments proposed, it imposes significant new obligations regarding the collection, use, and disclosure of personal information from children under 13. Many of these updates effectively codify positions that the Commission has taken in COPPA enforcement actions under the prior COPPA Rule.

As described in detail below, key updates to the COPPA Rule include:

Requiring separate parental consent for data sharing with third parties for targeted ads and other non-integral purposes. Requiring covered operators to obtain separate verifiable parental consent to disclose children’s personal information to third-party companies for targeted advertising or other purposes that are not “integral” to the operator’s websites or online services;
Requiring data minimization and a data retention policy. Limiting the retention of children’s personal information to only the time reasonably necessary to fulfill the specific purpose for which it was collected, prohibiting the retention of children’s personal information indefinitely, and requiring adoption of a written data retention policy;
Clarifying definitions of child-directed and mixed audience services. Clarifying which online services may be covered by the Rule by amending the definition of “website or online service directed to children” to include a non-exhaustive exemplary list of evidence the FTC may consider in analyzing audience composition and intended audience, and adding a new, standalone definition of “mixed audience website or online service”;
Expanding the definition of covered information. Expanding the definition of “personal information” to include biometric identifiers and government-issued identifiers beyond Social Security numbers;
Expanding parental notice requirements. Clarifying and expanding the scope of disclosures required in direct notices and online privacy notices, including: the identities and categories of any third parties with which the operator shares children’s personal information; how specifically the operator uses persistent identifiers to support its internal operations and what measures are in place to avoid using persistent identifiers for unauthorized purposes; and when an operator collects an audio file of a child’s voice pursuant to the audio file exception, a description of how the operator uses audio files and a disclosure that such files are deleted immediately after responding to the request for which they were collected;
Enumerating additional methods to obtain verifiable parental consent. Enumerating additional methods that satisfy the requirement to obtain verifiable parental consent before collecting personal information from children or using or disclosing such information, including using a text message coupled with an additional step, such as a confirmatory text message following receipt of consent (the “text plus” method);
Enhancing data security requirements. Clarifying the reasonable security measures required to protect personal information from children, which include, at a minimum, establishing a written data security program; and
Increasing oversight and transparency of Safe Harbor programs. Enhancing oversight of, and transparency regarding, Safe Harbor programs, including by requiring that such programs disclose their membership lists and report additional information to the FTC.

Significant proposals the FTC dropped include changes that would have codified requirements for educational technology companies operating in a school environment, and those that would have prohibited the use of push notifications and similar engagement techniques without separate parental consent.

The amended COPPA Rule will become effective 60 days after its publication in the federal register, and covered operators will have until one year after the publication date to comply, except with respect to certain provisions regarding Safe Harbor programs.[4] We note, however, that businesses should continue to monitor updates regarding the publication of the updated Rule, given the possibility for delay or withdrawal under the Trump administration or the new FTC leadership.[5] Although the FTC’s vote approving the final Rule was unanimous, then-incoming Chair Andrew Ferguson issued a strongly worded concurring statement identifying three “serious problems” with the amendments that he ascribed to “the outgoing administration’s irresponsible rush to issue last-minute rules two months after the American people voted to evict them from office,” and calling for “[t]he Commission under President Trump [to] address these issues and fix the mess that the outgoing majority leaves in its wake.”[6]

Despite some uncertainties, companies that knowingly provide services to children under 13 or that have offerings that could be considered attractive to children should revisit their existing compliance strategies to mitigate the substantial risk of liability for non-compliance with the updated COPPA Rule, which include civil penalties up to $53,088 per violation for 2025.[7] Given historical and continued bipartisan consensus that the privacy and safety of children online is a priority in light of developing technologies,[8] we expect rigorous oversight and enforcement by the FTC, including under the new administration.

Gibson Dunn has extensive experience advising and defending multinational companies on COPPA and youth-related strategies, including regulatory investigations and engagement strategies, product counseling, and litigation matters. We stand ready to advise companies on compliance with the updated COPPA Rule, and on federal, state, and international youth privacy and safety laws more broadly.

A. COPPA Background

Congress enacted COPPA in 1998, and the FTC’s COPPA Rule implementing COPPA first went into effect in 2000 and was last amended in 2013.

Importantly, COPPA applies only to online services that are directed to children under 13 or that are collecting, using, or sharing personal information of a user with actual knowledge that a particular user is under 13. More specifically, COPPA applies to (1) “operators of commercial websites and online services” that are “directed to children under 13 that collect, use, or disclose personal information from children”; (2) “operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13”; and (3) to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children.”[9] COPPA’s primary goal is to give parents control over their children’s personal information and how that information is collected and processed.[10]

The COPPA Rule imposes several requirements on covered operators of websites and online services, including requirements to provide clear direct notice to parents and to obtain verifiable parental consent before collecting personal information from children or using or disclosing such information.[11] The Rule also confers other rights on parents, including the right to request that covered operators delete their children’s personal information,[12] and it imposes several additional obligations on covered operators, including for example with respect to security measures[13] and data retention.[14]

B. Key Amendments to the COPPA Rule

The following sections detail key amendments to the COPPA Rule.

a. Companies Covered By the COPPA Rule

The amended COPPA Rule “clarifies” the definition of “website or online service directed to children” by adding to the non-exhaustive exemplary list of evidence the FTC may consider in analyzing audience composition and intended audience “consideration of marketing or promotional materials or plans, representations to consumers or to third parties, reviews by users or third parties, and the age of users on similar websites or services.”[15] The latter example may be particularly challenging for companies to address since it relies on extraneous information outside a service’s control (and for the same reason, would not appear to be probative of a company’s intent to direct its service to children).

The amended Rule also includes a new, standalone definition of “mixed audience website or online service,” which the FTC confirmed is not intended to expand the scope of child-directed websites and online services, and does not change which websites or online services are directed to children.[16] The 2013 COPPA amendments and the FTC’s subsequent COPPA FAQ guidance introduced the concept of “mixed audience” websites and online services as a subcategory within the definition of “website or online service directed to children,” but did not define this term.[17] Under the updated Rule, “mixed audience” websites and online services are defined as those directed to children but that do not target children as their primary audience, and that do not collect personal information from any visitor other than to assess whether a visitor is a child.[18] Unlike other child-directed websites and online services, mixed audience websites and online services are permitted to collect information from visitors in a neutral manner in order to determine whether a visitor is a child.[19] Once a mixed audience website or online service determines that a visitor is 13 or over, it may collect personal information from the visitor without obtaining verifiable parental consent. The mixed audience website or online service may not deny access to visitors who are under 13, but may require verifiable parental consent or offer an experience that does not collect their personal information.

b. Expanded Definition of “Personal Information”

As amended, “personal information” under COPPA now explicitly includes (1) biometric identifiers, defined as an “identifier that can be used for the automated or semi-automated recognition of an individual, such as fingerprints; handprints; retina patterns; iris patterns; genetic data, including a DNA sequence; voiceprints; gait patterns; facial templates; or faceprints”; and (2) government-issued identifiers beyond Social Security numbers, including state ID cards, birth certificates, and passport numbers.[20]

c. Direct Notice & Verifiable Parental Consent

Direct Notice. The amended COPPA Rule clarifies and expands what companies must include in their direct notice disclosures to parents prior to collecting from and using their children’s personal information. Specifically, companies should ensure their direct notice disclosures:

Include information on “how the operator intends to use [a child’s personal] information;”[21]
Disclose the identity or categories of third parties the company shares personal information with, the purposes for sharing with those third parties, and that a parent can consent to the collection of and use of the child’s information, without consenting to its disclosure;[22] and
Are provided in every instance in which a company seeks parental consent.[23]

Online Privacy Notice. Companies must also post clear, prominent links to online notices of their information practices regarding children.[24] As with the direct notices, the COPPA Rule amendments expand what must be included in the online notices to include:

The identities and categories of any third parties to which the operator discloses personal information and the purpose for such disclosure;[25]
The specific internal operations for which the operator uses persistent identifiers, and the policies or practices the operator has in place to avoid using persistent identifiers for unauthorized purposes;[26]
When an operator collects an audio file of a child’s voice pursuant to the audio file exception (discussed below), a description of how the operator uses the audio files, and that such files are deleted immediately after responding to the request for which they were collected;[27] and
The operator’s data retention policies for personal information collected from children.[28]

Verifiable Parental Consent. The amendments enumerate additional methods that satisfy the requirement to obtain verifiable parental consent before collecting personal information from children or using or disclosing a child’s personal information,[29] including:

Processing any transaction requiring a parent to use a credit card, debit card, or other online payment system, provided that the transaction “provides notification of each discrete transaction to the primary account holder”–not just those transactions which include a monetary fee, as previously required;[30]
Using a knowledge-based authentication process (i.e., questions of sufficient number and difficulty that a child could not reasonably ascertain the answers);[31]
Matching an image of a face to a verified photo identification, such as a driver’s license (with the image and photo ID being promptly deleted thereafter);[32] and
Using a “text plus” method that may be used when an operator does not disclose personal information from children to a third party, where (similar to the “email plus” method already available) subject to certain disclosure and confirmation requirements, a company uses a text message to obtain consent.[33]

The amendments also modify and expand exceptions to the COPPA Rule’s verifiable parental consent requirement. Of particular note is an exception for when a company collects an audio file containing a child’s voice as a replacement for written words, and no other personal information, and uses the audio file only to respond to a child’s specific request such as to execute a search or implement a verbal instruction, and the file is deleted immediately thereafter.[34] This exception is meant to provide flexibility for companies who rely on voice-assist technology.[35] Such a practice must be disclosed in an online notice.[36]

d. Separate Consent for Information Disclosures to Third Parties for Targeted Advertising and Other Non-Integral Purposes

The amended COPPA Rule requires separate parental consent for the disclosure of a child’s personal information to a third party for targeted advertising or other uses, “unless such disclosure is integral to the website or online service” such as disclosures necessary to provide the product or service.[37] Covered operators also cannot condition access to their website or service on obtaining such consent.[38] This amendment, in particular, will have significant implications for online services that may be perceived to be attractive to children that leverage third-party advertising technologies in their services.

e. Data Retention and Deletion

The COPPA Rule includes directives regarding the retention and deletion of personal information from children, including that a covered operator may retain such information “for only as long as is reasonably necessary to fulfill the purpose(s) for which the information was collected.”[39] Notably, the amendments prohibit companies from retaining children’s personal information indefinitely.[40] As discussed below, there is disagreement within the Commission surrounding this requirement, including as to what “indefinitely” means in this context.

The amendments further instruct that companies must establish a written data retention policy that specifies the purposes for which a child’s information is collected, the business need for retaining the information, and the timeframe for deleting it.[41] These policies must now be provided in online notices, as described above.[42]

f. Confidentiality, Security, and Integrity of Personal Information

COPPA requires covered operators to “establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children,”[43] and the amendments clarify the steps covered operators can take to comply with this “reasonable procedures” standard.

At a minimum, a covered operator’s safeguards must be “appropriate to the sensitivity of the personal information collected from children and the operator’s size, complexity, and nature and scope of activities.”[44] To comply, an operator must, among other requirements, designate employees to manage the program, assess the program at least annually, and implement necessary safeguards based on those assessments.[45] Notably, these requirements generally mirror the requirements contained in Commission orders requiring the implementation of a comprehensive information security program.

Additionally, covered operators that disclose children’s personal information to third parties must “take reasonable steps to determine that such entities are capable of maintaining the confidentiality, security, and integrity of the information” and obtain written assurances from the third parties that they will do so.[46]

g. Safe Harbor Programs

Under the COPPA Rule, the Commission may approve Safe Harbor programs–i.e., self-regulatory guidelines submitted by industry groups which implement the same or greater protections for children as in COPPA. The FTC amended the COPPA Rule to “enhance oversight of, and transparency regarding” these Safe Harbor programs by requiring they conduct annual independent assessments of their members’ compliance, including the members’ data privacy and security practices, disclose their membership lists, and maintain and submit to the FTC records of complaints about, and disciplinary actions against, the program’s members.[47] Existing COPPA Safe Harbor programs must submit proposed modifications within 6 months of the publication of the amended COPPA Rule in the federal register.[48]

C. Key Proposed Changes Not Adopted in Amended COPPA Rule

The amended COPPA Rule does not include certain amendments that the FTC proposed in its January 2024 NPRM, which were the subject of nearly 300 public comments, and which would have imposed significant compliance obligations relating to push notifications or engagement techniques and on educational technology companies.

a. Push Notifications/Engagement Techniques

The COPPA Rule includes an exception to obtaining verifiable parental consent “[w]here the purpose of collecting a child’s and a parent’s online contact information is to respond directly more than once to the child’s specific request, and where such information is not used for any other purpose, disclosed, or combined with any other information collected from the child.”[49] The NPRM’s proposal sought to prohibit companies from using this exception to “encourage or prompt use of a website or online service,” in order to address children’s overuse of online services due to engagement-enhancing techniques such as push notifications, in-game notices, or website pop-ups.[50]

Though the FTC stated it remains “deeply concerned” about push notifications and other techniques designed to prolong a child’s time spent online, the Commission was persuaded by concerns regarding the inconsistency between the proposed language and the COPPA statute, as well as First Amendment concerns regarding the breadth of the restriction, and thus did not amend COPPA to include this proposal.[51]

b. Educational Technology Requirements

The FTC also excluded several requirements proposed in the NPRM that would have been applicable to educational technology (ed tech) companies. The NPRM proposed including new definitions of “school” and “school-authorized education purpose,” as well as new provisions governing the collection of information from children in schools, and codifying the FTC’s existing guidance that allows ed tech companies to obtain consent from schools, rather than parents, to collect personal information from students for educational purposes.[52] The FTC chose not to adopt these proposed amendments “[t]o avoid making amendments to the COPPA Rule that may conflict with potential amendments to [the Department of Education’s Family Education Rights and Privacy Act] regulations.”[53] However, the Commission specifically noted that they “will continue to enforce COPPA in the ed tech context consistent with its existing guidance.”[54]

c. Other Exclusions

The final COPPA Rule also excluded other proposed amendments, including one that would have modified the exception to the parental consent requirement when companies collect persistent identifiers (and no other personal information) to provide support for the internal operations of the website or online service, such as for contextual advertising or personalization.[55] The FTC also declined to expand the definition of personal information to include avatars generated from a child’s image. And the FTC declined to amend the Rule to require companies disclose specifically the types of personal information collected, as well as details on how that personal information in particular is used, agreeing with commenters that “that level of detail could be superfluous.”[56]

D. An Uncertain Future

While the Commission vote approving the final COPPA Rule was unanimous, the future of the Rule remains uncertain. Former-Chair Lina Khan and then-incoming Chair Andrew Ferguson issued separate concurring statements about the Rule, and Commissioners Alvaro Bedoya and Rebecca Slaughter issued a joint concurring statement.

Former-Chair Khan’s concurring statement emphasized that these updates were long-awaited, especially given the dramatic rise in children’s smartphone and social media use since the Rule was last amended.[57] She characterized the updates as “complementing” the FTC’s enforcement efforts, potentially “boost[ing]” enforcement efforts by state attorneys general,[58] and welcoming Congress’ efforts to legislate in this area.[59]

In his concurring statement, Commissioner Ferguson characterized the amendments as “the culmination of a bipartisan effort initiated when President Trump was last in office” and voted to issue the final Rule because the amendments “contain several measures improving data privacy and security protections for children”–but he identified “three major problems” with the amendments.[60] He argued against the requirement that all new third-party data sharing should require a separate consent from parents, and against the prohibition on indefinite retention of data.[61] He also advocated for an exception for collecting children’s information for the limited purpose of age verification.[62] He was blunt in his critique that “these issues are the result of the Biden-Harris FTC’s frantic rush to finalize rules on their way out the door” and foreshadowed an intent to revisit the amendments in stating that “[t]he Commission under President Trump should address these issues and fix the mess that the outgoing majority leaves in its wake.”[63]

In their joint concurring statement, Commissioners Bedoya and Slaughter disagreed with Commissioner Ferguson regarding the prohibition against indefinite data retention, arguing such a requirement is necessary for companies that take the position that it is “reasonably necessary” to keep personal information indefinitely.[64]

E. FTC Enforcement Risks

Notwithstanding disagreement among Commissioners on certain details of the COPPA Rule amendments, companies can expect the FTC to continue to vigorously scrutinize data practices involving children. The FTC historically has focused its enforcement efforts on potential harms to children online, even where business practices are not subject to COPPA, under Section 5 of the FTC Act (Section 5). The FTC has also enforced against companies for violations of both COPPA and Section 5, often resulting in steep monetary penalties.

For example, in 2022, the FTC secured an agreement with Epic Games, Inc. (the creator of the video game Fortnite) to pay a record-breaking $520 million to settle allegations that Epic violated both COPPA and Section 5.[65] More recently, on January 17, 2025, another video game developer agreed to pay $20 million and make various product and other changes to settle FTC allegations that its practices related to loot boxes violated COPPA and Section 5[66]–although notably, Commissioners Ferguson and Holyoak dissented on three of four counts brought under Section 5.[67]

Further, some in Congress continue to push for federal legislation, including the Children and Teens’ Online Privacy Protection Act (COPPA 2.0),[68] which would extend the application of COPPA to youth under 16, ban targeted advertising to minors, and place more responsibility on companies to ensure children’s online safety. Senator Markey, the author of the bill and an author of COPPA, noted in a statement applauding the updated COPPA Rule that “Congress must still pass [COPPA 2.0] to extend these protections to teenagers, block targeted advertising to kids and teens, and give young people an eraser button to delete their personal information.”[69]

F. Additional Youth Privacy and Safety Developments and Enforcement Risks

These federal changes reflect a broader trend toward enhancing privacy and safety protections for children. Various U.S. states and jurisdictions worldwide are also increasingly focused on children and youth, implementing laws and taking actions under existing laws against companies with a substantial youth user base.

a. State Youth Laws and Enforcement

State lawmakers have made clear that protecting children’s online privacy and safety is a top priority, including by amending omnibus state privacy laws to include youth-specific provisions, enacting broader “age-appropriate design” laws applicable to any online service “reasonably likely to be accessed by children,” and enacting social media-specific laws requiring enhanced protections and often parental consent to children under 18 who use social media services. Many of these laws have been challenged successfully on First Amendment and other grounds, but other laws are spawning aggressive enforcement.

Among these state laws are Texas’ Securing Children Online Through Parental Empowerment Act (SCOPE Act), the majority of which came into effect on September 1, 2024,[70] and the California Protecting Our Kids from Social Media Addiction Act, only parts of which are currently set to take effect on March 6, 2025.[71] The Texas SCOPE Act takes a restrictive approach to collection and use of children’s data, while the California law is the first aiming to protect children from social media “addiction.” Both laws are shaping the youth legal landscape, setting templates for other states to follow, but the California law is currently being challenged, and we anticipate continued constitutional challenges asserting that other such laws restrict expressive speech. Even so, regulators are not slowing down their efforts pending these challenges.

For example, in October 2024–just one month after the Texas SCOPE Act came into effect–the Texas Attorney General’s Office announced its first action under the law seeking up to $10,000 per violation.[72] The Texas Attorney General’s Office also recently announced the launch of investigations into over a dozen companies in connection with the SCOPE Act and Texas’ omnibus privacy law that includes youth-specific provisions.[73]

Enforcement authorities also have sought to hold companies liable for alleged online harms to children under general state consumer protection laws prohibiting unfair and deceptive practices, which are not subject to the same constitutional concerns. Additionally, parents and families of children, as well as school districts, have similarly leveraged general consumer protection and other laws to pursue claims against online companies relating to purported youth harms, resulting in extensive multidistrict and class action litigation in this area.

b. Global Focus on Youth Privacy and Safety

Global lawmakers and regulators are also focused on youth privacy and safety online. Omnibus privacy laws outside the U.S. do not accord special treatment to children’s data, but some contain some similar restrictions to COPPA, such as requiring parental consent to process children’s data (e.g., the European Union (EU)’s General Data Protection Regulation) or prohibiting online platforms from targeting ads to children under 18 (e.g., the EU’s Digital Services Act (DSA), a sweeping EU regulation). As in the U.S., there is a similar global trend towards more prescriptive and aggressive laws concerning youth online activity.

For example, under the DSA, in-scope platforms can be fined up to 6% of global annual turnover by the European Commission (EC), which is the primary enforcing authority, for failing to conduct required risk assessments considering the impact of new features and service on harm to minors, among other concerns. The EC has already requested information from, and in some instances launched investigations into several companies in connection with, the collection and use of minors’ data under the DSA.[74] Similarly in the UK, Ofcom has been appointed to enforce the UK Online Safety Act (OSA) and has published drafts for consultation and finalized versions of its mandatory Codes of Practice. In addition, in recent years, many EU privacy regulators have been focused on enforcing against companies whose services can be accessed by children, and the UK Information Commissioner’s Office steadily continues to enforce its Children Code, also known as its Age Appropriate Design Code, which it published in 2020. And in APAC, Australia recently took steps to ban youth under the age of 16 from creating social media accounts–although implementing regulations have yet to be published.[75]

These laws underscore the challenges global companies will face in restructuring their compliance plans within tight timeframes.

The privacy and safety of children online are top concerns for the FTC, other enforcement authorities, lawmakers, and families worldwide. To that end, companies that conduct business online should take care to assess their legal obligations and practical risks under the amended COPPA Rule, as well as under youth-related laws across jurisdictions, given increased regulatory attention to child-directed services and features under an expanding landscape of child-focused regulation.

Again, Gibson Dunn has extensive experience advising multinational companies operating online services on a wide variety of regulatory and law enforcement investigation, enforcement, strategic counseling, litigation, and appellate matters relating to child and teen privacy and safety. We are closely monitoring developments within the youth legal landscape, and we are available to discuss these issues as applied to your particular situation.

[1] Press Release, Fed. Trade Comm’n, FTC Finalizes Changes to Children’s Privacy Rule Limiting Companies’ Ability to Monetize Kids’ Data (Jan. 16, 2025), https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-finalizes-changes-childrens-privacy-rule-limiting-companies-ability-monetize-kids-data; see also Fed. Trade Comm’n, Children’s Online Privacy Protection Rule, Final Rule Amendments (Jan. 16, 2025), https://www.ftc.gov/system/files/ftc_gov/pdf/coppa_sbp_1.16_0.pdf.

[2] Children’s Online Privacy Protection Rule, 89 Fed. Reg. 2034 (proposed Jan.11, 2024) (to be codified at 16 C.F.R. pt. 312).

[3] Press Release, Fed. Trade Comm’n, FTC Seeks Comments on Children’s Online Privacy Protection Act Rule (July 25, 2019), https://www.ftc.gov/news-events/news/press-releases/2019/07/ftc-seeks-comments-childrens-online-privacy-protection-act-rule.

[4] Children’s Online Privacy Protection Rule, supra note 1, at 1.

[5] On January 20, 2025, President Trump issued an order imposing a regulatory freeze on all executive agencies. See White House, Regulatory Freeze Pending Review (Jan. 20, 2025), https://www.whitehouse.gov/presidential-actions/2025/01/regulatory-freeze-pending-review/. While the extent to which independent agencies like the FTC are subject to the order may be subject to litigation, the presidential memorandum signals skepticism regarding actions taken by such agencies in the final days of the Biden administration. The FTC may choose to take steps consistent with Section 2 of the memorandum, which would involve withdrawal of the final COPPA Rule for review by a Republican majority (which, if re-approved, would then be sent to the federal register for publication). Accordingly, the publication in the federal register and implementation of the COPPA Rule should be monitored, as it could be subject to other actions taken to delay or revoke it, such as through the Congressional Review Act. See 5 U.S.C. §§ 801 et seq.

[6] See Andrew N. Ferguson, Comm’r, Fed. Trade Comm’n, Concurring Statement of Commissioner Andrew N. Ferguson COPPA Rule Amendments Matter Number P195404 (Jan. 16, 2025), https://www.ftc.gov/system/files/ftc_gov/pdf/ferguson-coppa-concurrence-revised.pdf.

[7] See Adjustments to Civil Penalty Amounts, 90 Fed. Reg. 5580 (Jan. 17, 2025) (to be codified at 16 C.F.R. pt. 1). The FTC annually adjusts the civil penalty amount applicable to COPPA violations based on inflation, pursuant to the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015. See Press Release, Fed. Trade Comm’n, FTC Publishes Inflation-Adjusted Civil Penalty Amounts for 2024 (Jan. 11, 2024), https://www.ftc.gov/news-events/news/press-releases/2024/01/ftc-publishes-inflation-adjusted-civil-penalty-amounts-2024?utm_source=govdelivery. Accordingly, civil penalty violation amounts will rise in future years.

[8] See, e.g., S.2073, Kids Online Safety and Privacy Act, 118th Cong. (as passed by Senate, July, 30, 2024).

[9] Fed. Trade Comm’n, Complying with COPPA: Frequently Asked Questions (Jan. 2024), https://www.ftc.gov/business-guidance/resources/complying-coppa-frequently-asked-questions.

[10] Id.

[11] 16 C.F.R. §§ 312.4 – 312.5. All citations to the COPPA Rule are to the COPPA Rule as amended, unless otherwise stated.

[12] Id. at § 312.6.

[13] Id. at § 312.8.

[14] Id. at § 312.10.

[15] Id. at § 312.2.

[16] Children’s Online Privacy Protection Rule, supra note 1, at 9-10.

[17] 16 C.F.R. § 312.2; Complying with COPPA: Frequently Asked Questions, supra note 10.

[18] Children’s Online Privacy Protection Rule, supra note 1, at 8.

[19] Id. at 9.

[20] 16 C.F.R.§ 312.2. Examples of biometric data include “fingerprints; handprints; retina patterns; iris patterns; genetic data, including a DNA sequence; voiceprints; gait patterns; facial templates; or faceprints.”

[21] Id. at § 312.4(c)(1)(iii).

[22] Id. at § 312.4(c)(1)(iv).

[23] Id. at §§ 312.4(a) – (c)(1).

[24] Id. at § 312.4(d).

[25] Id. at § 312.4(d)(2).

[26] Id. at § 312.4(d)(3).

[27] Id. at § 312.4(d)(4).

[28] Id. at § 312.4(d)(2).

[29] Id. at § 312.5(a)(1).

[30] Id. at § 312.5(b)(2)(ii).

[31] Id. at § 312.5(b)(2)(vi)

[32] Id. at § 312.5(b)(2)(vii).

[33] Id. at § 312.5(b)(2)(ix). See also id. at § 312.2 (modifying the definition of “online contact information” to include a “mobile telephone number” in order to “give [companies] another way to initiate the process of seeking parental consent quickly and effectively.” Children’s Online Privacy Protection Rule, supra note 1, at 16).

[34] 16 C.F.R. § 312.5(c)(9).

[35] See, e.g., 106. Fed. Trade Comm’n, Enforcement Policy Statement Regarding the Applicability of the COPPA Rule to the Collection and Use of Voice Recordings (Oct. 20, 2017), https://www.ftc.gov/system/files/documents/public_statements/1266473/coppa_policy_statement_audiorecordings.pdf.

[36] 16 C.F.R. § 312.5(c)(9).

[37] Id. at § 312.5(a)(2); Children’s Online Privacy Protection Rule, supra note 1, at 106.

[38] 16 C.F.R. § 312.5(a)(2).

[39] Id. at § 312.10.

[40] Id.

[41] Id.

[42] Id.

[43] Id. at § 312.8(a).

[44] Id. at § 312.8(b).

[45] Id. at § 312.8(b)(1)-(3).

[46] Id. at § 312.8(c).

[47] Children’s Online Privacy Protection Rule, supra note 1, at 159. See generally 16 C.F.R. § 312.11.

[48] 16 C.F.R. § 312.11(g).

[49] Id. at § 312.5(c)(4).

[50] Children’s Online Privacy Protection Rule, supra note 1, at 116.

[51] Id. at 118-19. The American Civil Liberties Union argued the proposal was inconsistent with the COPPA statute given the statute states regulations “shall” permit operators to respond “more than once directly to a specific request from a child” when parents are provided notice and an opportunity to opt out. Id. at 117-18.

[52] Id. at 3-4. See also Complying with COPPA: Frequently Asked Questions, supra note 10, Section N.

[53] Children’s Online Privacy Protection Rule, supra note 1, at 4.

[54] Id.

[55] Id. at 56-61.

[56] Id. at 88-89.

[57] Lina M. Khan, Chair, Fed. Trade Comm’n, Statement of Chair Lina M. Khan Regarding the Final Rule Amending the Children’s Online Privacy Protection Rule Commission File No. P195404 (Jan. 16, 2025), https://www.ftc.gov/system/files/ftc_gov/pdf/statement-of-chair-lina-m-khan-re-coppa-amendments-1-16-2025.pdf.

[58] Id. at 1.

[59] Id. at 4.

[60] Andrew N. Ferguson, Comm’r, Fed. Trade Comm’n, Concurring Statement of Commissioner Andrew N. Ferguson COPPA Rule Amendments Matter Number P195404 (Jan. 16, 2025), https://www.ftc.gov/system/files/ftc_gov/pdf/ferguson-coppa-concurrence-revised.pdf.

[61] Id. at 1-3.

[62] Id. at 3.

[63] Id.

[64] Alvaro M. Bedoya, Comm’r, Fed. Trade Comm’n, Statement of Commissioner Alvaro M. Bedoya Joined by Commissioner Rebecca Kelly Slaughter Notice of Final Rulemaking to Update the Children’s Online Privacy Protection Rule (COPPA Rule) (Jan. 16, 2025), https://www.ftc.gov/system/files/ftc_gov/pdf/bedoya-coppa-statement-2025-01-16.pdf.

[65] Press Release, Fed. Trade Comm’n, Fortnite Video Game Maker Epic Games to Pay More Than Half a Billion Dollars over FTC Allegations of Privacy Violations and Unwanted Charges (Dec. 19, 2022), https://www.ftc.gov/news-events/news/press-releases/2022/12/fortnite-video-game-maker-epic-games-pay-more-half-billion-dollars-over-ftc-allegations.

[66] Press Release, Fed. Trade Comm’n, Genshin Impact Game Developer Will be Banned from Selling Lootboxes to Teens Under 16 without Parental Consent, Pay a $20 Million Fine to Settle FTC Charges (Jan. 17, 2025), https://www.ftc.gov/news-events/news/press-releases/2025/01/genshin-impact-game-developer-will-be-banned-selling-lootboxes-teens-under-16-without-parental.

[67] Andrew N. Ferguson, Comm’r, Fed. Trade Comm’n, Statement of Commissioner Andrew N. Ferguson Concurring in Part and Dissenting in Part In the Matter of Cognosphere, LLC, (Jan. 17, 2025), https://www.ftc.gov/system/files/ftc_gov/pdf/ferguson-cognosphere-concurrence.pdf.

[68] In September 2024, the House Energy and Commerce Committee passed COPPA 2.0 by a voice vote. In July 2024, the U.S. Senate passed the Kids Online Safety and Privacy Act, which included COPPA 2.0, by a 91-3 vote. In July 2023, the Senate Commerce, Science, and Transportation Committee unanimously passed COPPA 2.0. See Press Release, Ed Markey, Sen. of Mass., Senator Markey Celebrates FTC’s Update to Children’s Online Privacy Rule, (Jan. 16, 2025), https://www.markey.senate.gov/news/press-releases/senator-markey-celebrates-ftcs-update-to-childrens-online-privacy-rule.

[69] Id.

[70] See Securing Children Online through Parental Empowerment (SCOPE) Act, H.B. 18, 88th Leg., R.S. (2023).

[71] See Protecting Our Kids from Social Media Addiction Act, S.B. 976, 88th Leg. (2024).

[72] See Press Release, Ken Paxton, Att’y Gen. of Tex., Attorney General Ken Paxton Sues TikTok for Sharing Minors’ Personal Data In Violation of Texas Parental Consent Law (Oct. 3, 2024), https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-sues-tiktok-sharing-minors-personal-data-violation-texas-parental.

[73] See Press Release, Ken Paxton, Att’y Gen. of Tex., Attorney General Ken Paxton Launches Investigations into Character.AI, Reddit, Instagram, Discord, and Other Companies over Children’s Privacy and Safety Practices as Texas Leads the Nation in Data Privacy Enforcement (Dec. 12, 2024), https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-launches-investigations-characterai-reddit-instagram-discord-and-other.

[74] See Press Release, Eur. Comm’n, Commission opens formal proceedings against Meta under the Digital Services Act related to the protection of minors on Facebook and Instagram (May 15, 2024), (IP/24/2664); see also Press Release, Eur. Comm’n, Commission opens formal proceedings against TikTok under the Digital Services Act (Feb. 18, 2024), (IP/24/926).

[75] Press Release, Austl. eSafety Comm’r, Social Media Age Restrictions (Dec. 20, 2024), https://www.esafety.gov.au/about-us/industry-regulation/social-media-age-restrictions.

The following Gibson Dunn lawyers prepared this update: Ashley Rogers, Ryan T. Bergsieker, Natalie Hausknecht, Vivek Mohan, Lore Leitner, Ashlie Beringer, Svetlana Gans, Alexus Leach, Nick Carey, Samantha Abrams-Widdicombe, Amy Shao, and Jayee Malwankar.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Privacy, Cybersecurity & Data Innovation practice group:

United States:
Ashlie Beringer – Co-Chair, Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)
Ryan T. Bergsieker – Denver (+1 303.298.5774, rbergsieker@gibsondunn.com)
Gustav W. Eyler – Washington, D.C. (+1 202.955.8610, geyler@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, cgaedt-sheckter@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202.955.8657, sgans@gibsondunn.com)
Lauren R. Goldman – New York (+1 212.351.2375, lgoldman@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, shandler@gibsondunn.com)
Natalie J. Hausknecht – Denver (+1 303.298.5783, nhausknecht@gibsondunn.com)
Jane C. Horvath – Co-Chair, Washington, D.C. (+1 202.955.8505, jhorvath@gibsondunn.com)
Martie Kutscher Clark – Palo Alto (+1 650.849.5348, mkutscherclark@gibsondunn.com)
Kristin A. Linsley – San Francisco (+1 415.393.8395, klinsley@gibsondunn.com)
Timothy W. Loose – Los Angeles (+1 213.229.7746, tloose@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)
Rosemarie T. Ring – Co-Chair, San Francisco (+1 415.393.8247, rring@gibsondunn.com)
Ashley Rogers – Dallas (+1 214.698.3316, arogers@gibsondunn.com)
Sophie C. Rohnke – Dallas (+1 214.698.3344, srohnke@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)
Benjamin B. Wagner – Palo Alto (+1 650.849.5395, bwagner@gibsondunn.com)
Debra Wong Yang – Los Angeles (+1 213.229.7472, dwongyang@gibsondunn.com)

Europe:
Ahmed Baladi – Co-Chair, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com)
Joel Harrison – Co-Chair, London (+44 20 7071 4289, jharrison@gibsondunn.com)
Lore Leitner – London (+44 20 7071 4987, lleitner@gibsondunn.com)
Vera Lukic – Paris (+33 (0) 1 56 43 13 00, vlukic@gibsondunn.com)
Lars Petersen – Frankfurt/Riyadh (+49 69 247 411 525, lpetersen@gibsondunn.com)
Robert Spano – London/Paris (+44 20 7071 4000, rspano@gibsondunn.com)

Asia:
Connell O’Neill – Hong Kong (+852 2214 3812, coneill@gibsondunn.com)
Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com)

Gibson Dunn’s Workplace DEI Task Force aims to help our clients develop creative, practical, and lawful approaches to accomplish their DEI objectives following the Supreme Court’s decision in SFFA v. Harvard. Prior issues of our DEI Task Force Update can be found in our DEI Resource Center. Should you have questions about developments in this space or about your own DEI programs, please do not hesitate to reach out to any member of our DEI Task Force or the authors of this Update (listed below).

Key Developments

On January 20, President Trump issued an executive order titled “Defending Women from Gender Ideology Extremism and Restoring Biological Truth to the Federal Government,” which defines “sex” as “an individual’s immutable biological classification as either male or female” and directs federal agencies to “enforce laws governing sex-based rights, protections, opportunities, and accommodations to protect men and women as biologically distinct sexes.” The order also directs federal agencies to ensure that funds awarded via federal grants do not promote “gender ideology,” a term it defines to include “the idea that there is a vast spectrum of genders that are disconnected from one’s sex” and that “replaces the biological category of sex with an ever-shifting concept of self-assessed gender identity.” More information on this executive order can be found in our January 21, 2025 client alert.

Also on January 20, President Trump issued an executive order titled “Ending Radical and Wasteful Government DEI Programs And Preferencing,” which directs the termination of all DEI programs, policies, and activities in the federal government, including for federal contractors and grantees, and directs the termination of “equity-related” grants or contracts. The order also directs agencies to create a list of all federal contractors who have provided DEI trainings to federal employees and federal grant recipients who received grants to “provide or advance DEI, DEIA, or ‘environmental justice’ programs, services, or activities since January 20, 2021.” More information on this executive order can be found in our January 21, 2025 client alert.

On January 21, President Trump issued an executive order titled “Ending Illegal Discrimination and Restoring Merit-Based Opportunity.” The order rescinds several executive actions issued by prior administrations, including Executive Order 11246, which imposed affirmative action obligations on federal contractors in addition to non-discrimination requirements. Federal contracts and grants must now include (1) a clause requiring the recipient to agree that compliance “with applicable Federal anti-discrimination laws” is a “material” term of the contract or grant, and (2) a certification that the contractor or grant recipient “does not operate any programs promoting DEI that violate any applicable Federal anti-discrimination laws.” The order also directs agency heads to submit to the White House within 120 days recommendations for enforcing federal civil-rights laws and encouraging the private sector to end “illegal discrimination and preferences, including DEI.” Agencies must identify “up to nine” large companies or non-profits for “potential civil compliance investigations.” More information on this executive order can be found in our January 22, 2025 client alert.

Also on January 21, President Trump issued an Executive Order titled “Keeping Americans Safe in Aviation.” The order directs the Secretary of Transportation and the Federal Aviation Administrator to “immediately return to non-discriminatory” and “merit-based hiring.” The order rescinds any previous DEI initiatives by the Federal Aviation Administration “in favor of hiring, promoting, and otherwise treating employees on the basis of individual capacity, competence, achievement, and dedication.” The Secretary of Transportation and the Federal Aviation Administrator are instructed to review “past performance and performance standards of all individuals in critical safety positions” and to replace individuals who fall below those standards.

On January 21, President Trump named Commissioner Andrea R. Lucas as Acting Chair of the EEOC. Lucas, previously an attorney at Gibson Dunn, has served as an EEOC Commissioner since 2020. She is the EEOC’s only current Republican appointee. Upon her appointment, Acting Chair Lucas stated, “Consistent with the President’s Executive Orders and priorities, my priorities will include rooting out unlawful DEI-motivated race and sex discrimination; protecting American workers from anti-American national origin discrimination; defending the biological and binary reality of sex and related rights, including women’s rights to single‑sex spaces at work; protecting workers from religious bias and harassment, including antisemitism; and remedying other areas of recent under-enforcement.” In the past three years, Lucas has initiated 38 commissioner charges, more than any other commissioner.

On January 23, Texas Attorney General Ken Paxton and nine other State Attorneys General issued a letter to financial institutions including BlackRock, Goldman Sachs, Morgan Stanley, JPMorgan Chase, Bank of America, and Citigroup, warning that their DEI and ESG commitments could lead to enforcement actions if found to violate legal, contractual, or fiduciary obligations. The Attorneys General stated they would extend to each financial institution “an opportunity to avoid a lengthy enforcement action” by responding to thirty-five questions related to the institutions’ DEI and ESG efforts. The Attorneys General expressed concern that the institutions “appear to have embraced race- and sex-based quotas and to have made business and investment decisions based not on maximizing shareholder and asset value, but in the furtherance of political agendas.”

On January 10, following a four-day bench trial, the U.S. District Court for the Northern District of Texas held that American Airlines violated ERISA by allowing its investment manager, BlackRock, to invest its employees’ 401(k) Plan in environmental, social, and governance (“ESG”) objectives, which the court defined to include companies’ efforts to “promot[e] racial and gender diversity, equity, and inclusion (‘DEI’) programs and hiring practices.” The court made detailed findings of fact about Blackrock’s ESG-related initiatives, American’s corporate ESG goals, and the relationship between the two companies—which the court described as “incestuous,” noting that Blackrock was one of American’s largest investors and had “financed approximately $400 million of American’s corporate debt at a time when American was experiencing financing difficulties.” The court concluded that, due to American’s non-pecuniary interest in ESG and its relationship with BlackRock, the company “failed to loyally investigate BlackRock’s ESG investment activities” and ensure its employees’ 401(k) Plan was invested in a manner that furthered their best financial interests. However, because the court concluded that American acted “according to prevailing industry practices,” it found no violation of the fiduciary duty of prudence occurred. The court requested further briefing on damages and remedies.

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

The New York Times, “The Cheat Sheet on Trump’s First Week” (January 25): Sarah Kessler of The New York Times DealBook writes that “President Trump made it clear his attacks on diversity, equity and inclusion programs won’t be restricted to the federal government,” and that “[i]n general, legal experts consider policies that provide opportunities or benefits to a specific group based on race or gender to be vulnerable” to challenge by the new administration. “Executives are anxious to find out which agencies will conduct investigations and enforcement actions, and what they may do to make examples out of target companies,” said Jason Schwartz, the labor and employment co-chair at Gibson Dunn. According to Kessler, the biggest question in boardrooms is which companies will be the first targets. Schwartz said checking the list of “woke companies” on the website of America First Legal, a Trump-aligned group, might be “a good starting place for hints.”
ABC News: ABC News anchor Linsey Davis interviews Gibson Dunn’s Jason Schwartz about the impact of President Trump’s executive orders.
Bloomberg, “Companies Parse What Makes a DEI Program Illegal Under Trump” (January 23): Clara Hudson, Isabel Gottlieb, and Andrew Ramonas of Bloomberg write that President Trump’s recent executive order targeting DEI “will further galvanize corporate diversity rollbacks” and “accelerate shifts” in how companies address diversity, including by prompting “more businesses to shut down their diversity teams or fold them into other areas of their operations.” Bloomberg reports that these rollbacks had already started, stating that “[w]hile much of corporate America has steadfastly pursued diversity initiatives,” many businesses have altered or eliminated diversity initiatives following “mounting conservative attacks” and the Supreme Court’s SFFA They report that many companies had renamed or rebranded their programs, but that President Trump’s recent order “aims to blunt” that strategy by calling out any diversity program “whether specifically denominated ‘DEI’ or otherwise.” The authors quote Gibson Dunn’s Jason Schwartz, who recommends that companies consider whether they can broaden the eligibility requirements for their DEI initiatives while still meeting program objectives. Schwartz says that corporate “goals remain the same”—to attract “the best talent from the broadest, most robust diverse pipeline.”
The Washington Post, “In first days, Trump deals ‘death blow’ to DEI and affirmative action” (January 23): Julian Mark, Taylor Telford, and Susan Svrluga of The Washington Post report on President Trump’s initial actions, which they describe as seeking to “eviscerate the surviving remnants of affirmative action” and put a “hard stop” to DEI initiatives in the federal government. They report on Trump’s actions in his first week in office, which include “order[ing] U.S.-run diversity offices to close and scores of their workers to [be] put on administrative leave,” and “suspend[ing] dozens of contracting programs aimed at minorities and women.” The article quotes the EEOC’s three Democratic members, who said that President Trump’s rescission of the 1965 executive order directing federal contractors to take “affirmative action” measures has removed “a source of protection” for “millions of Americans.” In reference to President Trump’s direction that the Attorney General and agency heads identify “nine potential civil compliance investigations” of large entities, including publicly traded corporations, large nonprofits, and universities with endowments over $1 billion, the article quotes Gibson Dunn’s Jason Schwartz, who describes the order as a direction to “find nine big whales and make examples of them.” The article also quotes Schwartz’s description of a provision in the order that may have been designed to create a basis for False Claims Act liability: “They are handing out sheriff’s badges to private citizens to sue about government contractor DEI programs,” Schwartz said. The article quotes Noah Feldman, a constitutional law professor at Harvard Law School, who says these actions indicate that President Trump is “testing the boundaries” of the Supreme Court’s affirmative action rulings and attempting to extend their reach from educational institutions into the private sector. According to Ricardo Mimbela, an ACLU spokesperson, the ACLU is “analyzing” the executive orders and assessing how to “protect people’s fundamental rights.”
CBS News, “Group of Attorneys General Urge Walmart to Reconsider Ending DEI Initiatives” (January 14): CBS News’s Christian Olaniran reports on the January 9 letter to Walmart CEO Doug McMillon, sent by thirteen Democratic state attorneys general, expressing “concern regarding Walmart’s recent decision to step away from its commitments to diversity, equity, and inclusion.” The letter highlighted the company’s recent decisions to “phase out supplier diversity programs, close down the Center for Racial Equality, end training for staff, and remove the words ‘diversity’ and ‘DEI’ from company documents and employee titles.” The letter acknowledged that corporations have faced “anti-DEI pressure,” but argued that the “decision to jettison DEI initiatives is not required by law” and that companies with diverse leadership “overperform” compared to those without. Olaniran’s reporting also referenced recent changes in DEI policies at other companies, including McDonald’s and Meta.
The Washington Post, “Target Becomes Latest Company to Roll Back DEI Programs” (January 24): Hannah Ziegler and Julian Mark of The Washington Post report on Target’s decision to scale back many of its DEI initiatives in the wake of “a tougher legal environment for those programs and new threats from the White House.” In a January 24 press release, the company stated that it intended to make several changes to its policies including, among other things, ending its three-year DEI goals, ceasing to participate in external diversity-focused surveys, ensuring its employee resource groups are open to all; and evolving its supplier diversity efforts. The company stated “[w]e remain focused on driving our business by creating a sense of belonging for our team, guests and communities through a commitment to inclusion.”

Case Updates:

Below is a list of updates in new and pending cases:

1. Contracting claims under Section 1981, the U.S. Constitution, and other statutes:

Desai v. Paypal, No. 1:25-cv-00033-AT (S.D.N.Y. 2025): On January 2, 2025, Andav Capital and its founder Nisha Desai sued PayPal, alleging that PayPal unlawfully discriminates by administering its investment program for minority-owned businesses in a way that favors Black and Latino applicants. Desai, an Asian-American woman, alleges PayPal violated Section 1981, Title VI, and New York state anti-discrimination law by failing to fully consider her funding application and announcing first-round investments only in companies with “at least one general partner who was black or Latino.” She seeks a declaratory judgment that the investment program is unlawful, an injunction barring PayPal from “knowing or considering race or ethnicity” in administering the program, and damages.
- Latest update: The docket does not yet reflect that PayPal has been served.
Do No Harm v. Pfizer, Inc., No. 23-15 (2nd Cir. 2022): On September 15, 2022, Do No Harm filed suit against Pfizer, alleging that Pfizer’s Breakthrough Fellowship Program unlawfully excludes white and Asian-American applicants on the basis of race in violation of federal and state laws. On December 16, 2022, the U.S. District Court for the Southern District of New York dismissed the case after finding Do No Harm lacked standing to seek a preliminary injunction when it “failed to identify a single injured member by name” who could demonstrate that they were willing and able to apply to the fellowship. On March 6, 2024, a panel of the Second Circuit upheld the dismissal. On March 20, 2024, Do No Harm filed a petition for rehearing.
- Latest update: On January 10, 2025, the Second Circuit reversed the dismissal of Do No Harm’s lawsuit, concluding “that the district court applied the wrong standard in dismissing” Do No Harm’s case for lack of standing because “[t]he burden for establishing standing at the dismissal stage is lower” than that for a preliminary injunction. The Second Circuit remanded the case to the district court to assess standing “applying the standard applicable at the pleading stage.”
Hierholzer v. Guzman, No. 24-1187 (4th Cir. 2025): In January 2023, Marty Hierholzer alleged that the Small Business Administration (SBA) discriminated on the basis of race when it denied his application to SBA’s 8(a) program. Through the 8(a) program, the SBA provides financial assistance to small businesses owned by “socially and economically disadvantaged individuals.” SBA regulations provide a rebuttable presumption of social disadvantage to members of certain racial groups and an opportunity for members of other groups to establish social disadvantage and 8(a) eligibility. Hierholzer is of Scottish and German descent. The U.S. District Court for the Eastern District of Virginia held that Heirholzer’s claims were moot after a separate district court ruling out of Tennessee enjoined the SBA from using the rebuttable presumption standard. The court also found Hierholzer lacked standing because he did not allege 8(a) eligibility and did not sufficiently plead economic or social disadvantage. Heirholzer appealed to the Fourth Circuit.
- Latest update: On January 3, 2025, the Fourth Circuit held that the district court erred in treating Hierholzer’s claims as moot because the decision enjoining the SBA’s rebuttable presumption “has not resulted in a final judgment.” However, the Court found Hierholzer lacked standing because, even if the presumption were enjoined, Hierholzer failed to plausibly allege that he could satisfy other race neutral eligibility requirements for the program.

Brooke Henderson, et al. v. Springfield R-12 School District, et al., No. 23-01374 (8th Cir. 2023): On August 18, 2021, two educators sued a Springfield, Missouri school district alleging that the district’s mandatory equity training violated their First Amendment rights. The educators claimed that the equity training constituted compelled speech, content and viewpoint discrimination, and an unconstitutional condition of employment. The at-issue Fall 2020 equity training included sessions on anti-bias, anti-racism, and white supremacy. On January 12, 2023, the district court granted the defendants’ motion for summary judgment. The plaintiffs appealed the decision to the U.S. Court of Appeals for the Eighth Circuit. Oral argument was held on February 15, 2024. Counsel for the plaintiffs argued that the training compelled educators to engage in political speech, while counsel for the defendants argued that the educators were not compelled because they did not face punishment. On September 13, 2024, a panel of the Eighth Circuit unanimously held that the plaintiffs’ fear of punishment was too speculative to constitute injury under the First Amendment and affirmed the decision below. On November 27, 2024, the Eighth Circuit granted a petition for rehearing en banc.
- Latestupdate: On January 15, 2025, oral argument was held before the court en banc. Counsel for the plaintiffs argued that the equity training was compelled speech in violation of the First Amendment because silence was not an option—the training required the plaintiffs to take a stand or to face consequences in the form of being labelled unprofessional. Counsel for the defendants argued the plaintiffs would not face punishment if they stayed silent; the point of the training was merely to encourage discussion.

American Alliance for Equal Rights v. McDonald’s Corporation et al., No. 3:25-cv-00050 (M.D. Tenn. 2025): On January 12, 2025, the American Alliance for Equal Rights (AAER) filed a complaint against McDonald’s and International Scholarship & Tuition Services, Inc. (ISTS), alleging that they operate a college scholarship program that “discriminates against high-schoolers based on their ethnicity,” in violation of § 1981. AAER alleges that the HACER scholarship program, which ISTS administers on McDonald’s behalf, “is open only to Hispanics.” AAER claims that the program “flatly” bars non-Hispanic students from applying “based on their ethnic heritage” and is therefore unlawful. AAER seeks declaratory and injunctive relief barring consideration of race, ethnicity, ancestry, or nationality in consideration of scholarship applications, as well as a preliminary injunction to stop the program from closing the application window for current applicants on February 6, 2025. Gibson Dunn represents McDonald’s in this action.
- Latest update: McDonald’s deadline for responding to the motion for preliminary injunction is February 3, 2025.

2. Challenges to statutes, agency rules, and regulatory decisions:

Do No Harm v. Gianforte, No. 6:24-cv-00024-BMM-KLD (D. Mont. 2024): On March 12, 2024, Do No Harm filed a complaint on behalf of “Member A,” a white female dermatologist in Montana, alleging that a Montana law requiring the governor to “take positive action to attain gender balance and proportional representation of minorities resident in Montana to the greatest extent possible” when making appointments to the twelve-member Medical Board violates the Equal Protection Clause. Do No Harm alleges that since ten seats are currently held by six women and four men, Montana law requires that the remaining two seats be filled by men, which would preclude Member A from holding the seat. On May 3, 2024, Governor Gianforte moved to dismiss the complaint for lack of subject matter jurisdiction, arguing that Do No Harm lacks standing because Member A has not applied for or been denied any position. Gianforte also argued that the plaintiff’s pre-enforcement challenge was not ripe because his administration does not interpret the statute as a quota. On May 24, 2024, Do No Harm filed an amended complaint, describing additional Members B, C, and D, who are each “qualified, ready, willing, and able to be appointed” to the board. On June 7, Gianforte moved to dismiss the amended complaint, arguing again that the pseudonymous members lacked standing and that the case still was not ripe because the statute imposed only reporting requirements regarding diversity, so it posed no threat to the new members.
- Latest update: On January 10, 2025, Magistrate Judge De Soto recommended that the case be dismissed for lack of subject matter jurisdiction. Magistrate Judge De Soto found Do No Harm lacked standing because it did not allege “facts demonstrating that at least one Member is both ‘able and ready’ to apply for a Board seat in the reasonably foreseeable future.” For the same reasons, the Magistrate Judge found the case unripe.
Do No Harm v. Edwards, No. 5:24-cv-16-JE-MLH (W.D. La. 2024): On January 4, 2024, Do No Harm sued then-Governor Edwards of Louisiana over a 2018 law requiring a certain number of “minority appointee[s]” to be appointed to the State Board of Medical Examiners. Do No Harm brought the challenge under the Equal Protection Clause and requested a permanent injunction against the law. On February 28, 2024, Governor Edwards answered the complaint, denying all allegations including allegations related to Do No Harm’s standing. On December 20, 2024, Governor Jeff Landry—who replaced Governor Edwards—moved to dismiss for lack of subject matter jurisdiction. He contended that, because he signed a declaration indicating that he does not intend to enforce the challenged law, the plaintiff’s claims are moot. Governor Landry also argued that the suit is barred by sovereign immunity.
- Latest update: On January 10, 2025, Do No Harm filed an opposition to the motion to dismiss, asserting that Governor Landry’s declaration did not moot the case because the statute remains on the books and a “future governor will be bound to enforce the racially discriminatory aspects of [the law] regardless of Governor Landry’s declaration.”
Simon et al. v. Kay Ivey, et al. 25-cv-00067 (N.D. Al. 2025): On January 14, 2025 three professors and three students within the University of Alabama system and the Alabama NAACP filed a complaint against Alabama Governor Kay Ivey and the University of Alabama Board of Trustees, alleging that Alabama Senate Bill 129, which bans DEI programs at state agencies, local boards of education, and public universities, violates the First and Fourteenth Amendments. The Alabama NAACP alleges that the law “censor[s] dissenting viewpoints” by limiting the teaching of and prohibiting the funding of student groups and school offices associated with “divisive concepts.” SB 129 covers several “divisive topics,” including that race, gender, or identity makes one “inherently superior or inferior,” that moral character is determined by race, color, religion, sex, ethnicity, or national origin, and “that fault, blame, or bias should be assigned to members of a race, color, religion, sex, ethnicity, or national origin, on the basis of race, color, religion, sex, ethnicity.” The plaintiffs allege that SB 129’s limitations constitute viewpoint discrimination in violation of the First Amendment, undercut their right to freedom of association, are void for vagueness, and violate the Equal Protection Clause by intentionally discriminating against Black people, “specifically Black students and Black educators, who are more likely to benefit from discussions on these topics.” Plaintiffs request that the law be declared unconstitutional and both preliminarily and permanently enjoined.
- Latest update: The docket does not yet reflect that the defendants have been served.
National Association of Scholars v. Granholm, No. 25-cv-00077 (W.D. Tex. 2025): On January 16, 2025, the National Association of Scholars—a group of professors, faculty, and researchers at colleges and universities across the United States—sued the United States Department of Energy, alleging that the Department’s Office of Science unlawfully requires research grant applicants to show how they would “promote diversity, equity, and inclusion in research projects” through its Promoting Inclusive and Equitable Research plan. The Association alleges that requiring grant applicants to show how they would promote DEI in their projects violates applicants’ First Amendment rights by requiring them to express ideas with which they disagree, that the Department lacked statutory authority to adopt the plan, and that the plan violates the procedural requirements of the Administrative Procedure Act. The Association seeks declaratory and injunctive relief.
- Latest update: The docket does not yet reflect that the defendants have been served.

Legislation Updates:

On January 23, Congressman Tom Tiffany (R-WI) introduced the Fairness, Anti-Discrimination and Individual Rights Act (H.R. 711), referred to as the “FAIR Act.” If enacted, the bill would prohibit intentional discrimination or preferential treatment on the basis of race, color, or national origin by the federal government or its agents with respect to “[any] Federal contract or subcontract[,] federal employment[,] or any other federally conducted program or activity.” In addition, the bill would prohibit the federal government from encouraging or requiring “preference” on the basis of race, color, or national origin. It defines “preference” to include any advantage such as “a quota, set-aside, numerical goal, timetable, or other numerical objective.” The bill’s prohibitions extend to state and private entities that receive federal aid, including educational institutions that receive federal funding. The bill also calls for an audit of all federal agencies and departments within six months of its enactment to ensure compliance, and it creates a private right of action for individuals who believe they were discriminated against.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Blaine Evanson, Molly Senger, Zakiyyah Salim-Williams, Zoë Klein, Cate McCaffrey, Jenna Voronov, Emma Eisendrath, Felicia Reyes, Allonna Nordhavn, Laura Wang, Maya Jeyendran, Kristen Durkan, Ashley Wilson, Lauren Meyer, Kameron Mitchell, Chelsea Clayton, Albert Le, Emma Wexler, Heather Skrabak, and Godard Solomon.

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, ksmith@gibsondunn.com)

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, mdenerstein@gibsondunn.com)

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, zswilliams@gibsondunn.com)

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, msenger@gibsondunn.com)

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group
Orange County (+1 949-451-3805, bevanson@gibsondunn.com)

From the Derivatives Practice Group: Happy New Year! In late 2024, ISDA released the first version of the Equity Derivatives Clause Library. Not surprisingly, the regulatory agencies were quiet over the holidays.

New Developments

Customer Advisory: Avoiding Fraud May be Your Best Resolution. A new CFTC customer advisory suggests adding “spotting scams” to your list of New Year’s resolutions. The Office of Customer Education and Outreach’s Avoiding Fraud May be Your Best Resolution says that with scammers robbing billions of dollars from Americans through relationship investment scams, resolving to be careful about who you trust online, staying informed, and learning all you can about trading risks are admirable 2025 resolutions.
CFTC Approves Final Rule on Margin Adequacy, Treatment of Separate Accounts of a Customer by Futures Commission Merchants. On December 20, 2024, the CFTC announced a final rule to implement requirements for futures commission merchants related to margin adequacy and the treatment of separate accounts of a customer. The rule finalizes the Commission’s proposal, published in the Federal Register in March, to codify the no-action position in CFTC staff letter 19-17 regarding separate account treatment.
CFTC Approves Final Rule Regarding Safeguarding and Investment of Customer Funds. On December 17, the CFTC announced that it approved a final rule amending the CFTC’s regulations that govern how futures commission merchants and derivatives clearing organizations safeguard and invest customer funds held for the benefit of customers engaging in futures, foreign futures, and cleared swaps transactions. The amendments revise the list of permitted investments in CFTC Regulation 1.25 and make other related changes and specifications. The amendments also eliminate the CFTC requirement that an FCM deposit customer funds with depositories that provide the CFTC with read-only electronic access to such accounts. The compliance date for the revisions is 30 days after the final rule is published in the Federal Register, except for the revisions to the Segregation Investment Detail Reports (“SIDR”) specified in CFTC Regulations 1.32, 22.2(g)(5), and 30.7(l)(5), and the revisions to the customer risk disclosure statement required under CFTC Regulation 1.55. The compliance date for the revisions to the SIDR and the risk disclosure statement is March 31, 2025.
CFTC Grants QC Clearing LLC DCO Registration. On December 17, 2024, the CFTC announced that it issued QC Clearing LLC an Order of Registration as a derivatives clearing organization under the Commodity Exchange Act. QC Clearing LLC permitted to clear, in its capacity as a DCO, fully collateralized positions in futures contracts, options on futures contracts, and swaps.

New Developments Outside the U.S.

ESMA Launches Selection of the Consolidated Tape Provider for Bonds. On January 3, ESMA announced the launch of the first selection procedure for the Consolidated Tape Provider (“CTP”) for bonds. Entities interested to apply are encouraged to register and submit their requests to participate in the selection procedure by February 7, 2025.The CTP aims to enhance market transparency and efficiency by consolidating trade data from various trading venues into a single and continuous electronic stream. This consolidated view of market activity is intended to help market participants to access accurate and timely information and make better-informed decisions, leading to more efficient price discovery and trading. [NEW]
ESMA Publishes Feedback Received to Proposed Review of Securitization Disclosure Templates. On December 20, ESMA published a Feedback Statement summarizing the responses it received to its Consultation Paper on the securitization disclosure templates under the Securitization Regulation (“SECR”). Overall, respondents acknowledge the need for further improvements to the securitization transparency regime but recommend postponing the template review due to concerns about its timeline in relation to a broader SECR review. [NEW]
ESMA Consults on the Internal Control Framework for Some of its Supervised Entities. On December 19, ESMA launched a consultation on draft Guidelines related to the Internal Control Framework for some of its supervised entities. ESMA said that the proposed draft Guidelines build on the Internal Control Guidelines currently in place for Credit Rating Agencies and extend them to include also Benchmark Administrators, and Market Transparency Infrastructures (Trade Repositories, Data Reporting Services Providers and Securitization Repositories). The draft Guidelines outline ESMA’s expectations for the components and characteristics of an effective internal control system, intended to ensure: a strong framework, detailing the internal control environment and informational aspects, and effective internal control functions, including compliance, risk management, and internal audit. The draft Guidelines also explain how ESMA applies proportionality in its expectations regarding the internal controls for a supervised entity. According to ESMA, the consultation is primarily aimed at ESMA supervised entities and prospective applicants for ESMA supervision.
ESMA Releases Last Policy Documents to Get Ready for MiCA. On December 17, ESMA published its last package of final reports containing Regulatory Technical Standards and guidelines ahead of the full entry into application of the Markets in Crypto Assets Regulation. Specifically, the package includes Regulatory Technical Standards on market abuse and guidelines on reverse solicitation, suitability, crypto-asset transfer services, qualification of crypto-assets as financial instruments and maintenance of systems and security access protocols.

New Industry-Led Developments

ISDA Publishes Equity Definitions Clause Library. On December 20, ISDA announced it has published version 1 of the ISDA Equity Derivatives Clause Library. The ISDA Equity Derivatives Clause Library provides drafting options with respect of certain clauses that parties can choose to include in an equity derivatives transaction that incorporates the 2002 ISDA Equity Derivatives Definitions. [NEW]

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, jsteiner@gibsondunn.com)

Michael D. Bopp, Washington, D.C. (202.955.8256, mbopp@gibsondunn.com)

Michelle M. Kirschner, London (+44 (0)20 7071.4212, mkirschner@gibsondunn.com)

Darius Mehraban, New York (212.351.2428, dmehraban@gibsondunn.com)

Jason J. Cabral, New York (212.351.6267, jcabral@gibsondunn.com)

Adam Lapidus – New York (212.351.3869, alapidus@gibsondunn.com )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, sbrooker@gibsondunn.com)

William R. Hallatt , Hong Kong (+852 2214 3836, whallatt@gibsondunn.com )

David P. Burns, Washington, D.C. (202.887.3786, dburns@gibsondunn.com)

Marc Aaron Takagaki , New York (212.351.4028, mtakagaki@gibsondunn.com )

Hayden K. McGovern, Dallas (214.698.3142, hmcgovern@gibsondunn.com)

Karin Thrasher, Washington, D.C. (202.887.3712, kthrasher@gibsondunn.com)

Trade association CTIA has successfully challenged the Federal Communications Commission’s “net neutrality” rule on behalf of the wireless-communications industry.

The U.S. Court of Appeals for the Sixth Circuit set aside the order in full, agreeing with arguments pressed by CTIA and a broader industry coalition that the FCC lacks statutory authority to impose heavy-handed common-carrier regulations on broadband Internet access service.

In the Communications Act of 1934, as amended, Congress enacted a light-touch regulatory regime for “information services” under Title I, and a much more expansive common-carrier-type regulatory regime for “telecommunications services” under Title II. Similarly, for mobile services, Congress subjected “private mobile services” only to light-touch regulation, while imposing common-carrier-type regulations on “commercial mobile services.” For many years, the FCC correctly treated broadband generally, and mobile broadband in particular, as an “information service” and “private mobile service” subject only to light-touch regulation. The FCC briefly departed from that approach in 2015, but quickly restored its original position in 2018; the D.C. Circuit deferred to the FCC’s position both times under the doctrine of Chevron deference, without resolving which approach reflected the better reading of the statute.

In May 2024, the FCC adopted a new order purporting to resurrect its 2015 approach by classifying broadband as a “telecommunications service” and mobile broadband as a “commercial mobile service”—thereby subjecting both fixed and mobile broadband to heavy-handed, innovation-stifling regulation designed for common carriers. CTIA and other industry groups challenged the order as unlawful, arguing (among other things) that the FCC’s new classification violated the plain text of the Communications Act, and that the Supreme Court’s decision overruling Chevron meant that the court could not defer to the FCC.

On January 2, 2025, a unanimous panel of the Sixth Circuit set aside the FCC’s order in full, agreeing with arguments pressed by CTIA and other industry groups. Looking to the plain language of the statute, the court held that broadband providers “offer only an ‘information service’ under 47 U.S.C. § 153(24), and therefore, the FCC lacks the statutory authority to impose its desired net-neutrality policies through the ‘telecommunications service’ provision of the Communications Act, id. § 153(51).” The court held that broadband satisfies the statutory definition of an “information service” because it allows users to retrieve and otherwise utilize information via telecommunications, and rejected the FCC’s counterarguments. The court went on to hold that the FCC’s reclassification of mobile broadband as a common-carrier “commercial mobile service” was likewise unlawful under the plain language of the statute, which requires a commercial mobile service to be “interconnected with the public switched network,” i.e., the 10-digit telephone network. Because mobile Internet service is not a service interconnected with the phone network, the court agreed with CTIA that mobile broadband “may not be regulated as a common carrier.”

The Sixth Circuit’s ruling is a significant victory for broadband providers generally and for the wireless-communications industry specifically, and it represents one of the first examples of a court applying the Supreme Court’s Loper Bright decision to reject an agency’s interpretation of a statute and foreclose future reliance on that interpretation. As the court explained, its interpretation of the plain text of federal law brings an end to “the FCC’s vacillations” over the appropriate classification of broadband. It thus brings greater stability to the industry and locks in place Title I’s light-touch regulatory framework, which fosters a dynamic broadband ecosystem, drives investment and innovation in next-generation networks, and promotes vibrant competition. The decision, CTIA – The Wireless Ass’n v. FCC, No. 24-3508 (6th Cir.), is available here.

CTIA was represented by partners Helgi Walker, Jonathan Bond, Russell Balikian, with associates Max Schulman, Trenton J. Van Oss, and Nathaniel Tisa. This case marks the fourth time that Gibson Dunn partner Helgi Walker has successfully defended industry’s position on net neutrality regulation.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding the decision and its impact on the wireless-communications industry. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Administrative Law and Regulatory practice group, or the following practice leaders and members:

Eugene Scalia – Washington, D.C. (+1 202.955.8210, escalia@gibsondunn.com)
Helgi C. Walker – Washington, D.C. (+1 202.887.3599, hwalker@gibsondunn.com)
Stuart F. Delery – Washington, D.C. (+1 202.955.8515, sdelery@gibsondunn.com)
Russell Balikian – Washington, D.C. (+1 202.955.8535, rbalikian@gibsondunn.com)
Jonathan C. Bond – Washington, D.C. (+1 202-887-3704, jbond@gibsondunn.com)

A Survey of Disclosures from the S&P 100 During the Four Years Following Adoption of the Securities and Exchange Commission Rule.

Human capital resource disclosures by public companies have continued to be a focus since the U.S. Securities and Exchange Commission (the “Commission”) adopted the new rules in 2020, not only for companies making the disclosures, but employees, investors, and other stakeholders reading them. This alert updates the alert we issued in November 2023, “Form 10-K Human Capital Disclosures Continue to Evolve,” available here, and reviews disclosure trends among S&P 100 companies categorized into 28 topic areas. Each of these companies has now included human capital disclosure in their past four annual reports on Form 10-K. This alert also provides practical considerations for companies as we head into 2025.

Overall, our findings indicate that companies are generally making only minor changes to their disclosures year over year, and these minor changes generally included shortening of company disclosures, maintaining or decreasing the number of topics covered, and including slightly less quantitative information in some areas.[1] Specifically, we identified the following trends regarding the S&P 100 companies’ human capital disclosures compared to the previous year:

Length of disclosure. Fifty-seven percent of surveyed companies decreased the length of their disclosures, 34% increased the length of their disclosures, and the length of the remaining 9% remained the same.
Number of topics covered. Forty-one percent of surveyed companies decreased the number of topics covered, 13% increased the number of topics covered, and the remaining 46% covered the same number of topics.
Breadth of topics covered. Across all companies, the prevalence of 10 topics increased, nine topics decreased, and nine topics remained the same.
- The most significant year-over-year increases in frequency involved Culture Initiatives (30% to 35%) and Pay Equity (48% to 50%) disclosures.
- The most significant year-over-year decrease involved COVID-19 disclosures, which declined in frequency from 34% to 1%. Other year-over-year decreases related to disclosures addressing Diversity Targets and Goals (21% to 14%), Diversity in Promotion (29% to 26%), Quantitative Diversity Statistics regarding Gender (63% to 60%), and Community Investment (28% to 25%).
Most common topics covered. This year, the topics most commonly discussed generally remained consistent with the previous two years. For example, Talent Development, Diversity and Inclusion, Talent Attraction and Retention, Employee Compensation and Benefits, and Monitoring Culture remained the five most frequently discussed topics. The topics least discussed this most recent year, however, changed slightly from that of the previous year as COVID-19 disclosures, and Diversity Targets and Goals dropped into the five least frequently covered topics.
Industry trends. Within the technology and finance industries, the trends that we saw in the previous year regarding the frequency of topics disclosed generally remained the same.

I. Background on the Requirements

As we previously discussed in our client alert titled “Discussing Human Capital: A Survey of the S&P 500’s Compliance with the New SEC Disclosure Requirement One Year After Adoption,” available here, on August 26, 2020, the Commission voted three-to-two to approve amendments to Items 101, 103, and 105 of Regulation S-K, including the principles-based requirement to discuss a registrant’s human capital resources to the extent material to an understanding of the registrant’s business taken as a whole.[2] Specifically, public companies’ human capital disclosure must include “the number of persons employed by the registrant, and any human capital measures or objectives that the registrant focuses on in managing the business (such as, depending on the nature of the registrant’s business and workforce, measures or objectives that address the development, attraction, and retention of personnel).”

Notably, since 2021 the Commission’s agenda list has included new human capital disclosure rules that were expected to be more prescriptive than the current rules,[3] in part, because one of the main criticisms of the existing human capital rules is lack of comparability across companies. The future of these rules is even less clear now as Chair Gensler who pushed for these rules (along with other rules, such as climate change) announced that he will be leaving the SEC in January 2025 in light of the new incoming administration. In the meantime, as our survey demonstrates, while company human capital disclosures vary—which is expected under the principles-based regime—comparability across the disclosures exists. The next four sections show the relevant data from our survey.[4]

II. Disclosure Topics

Our survey classifies human capital disclosures into 28 topics, each of which is listed in the following chart, along with the number of companies that discussed the topic in each of 2021, 2022, 2023, and 2024. Each topic is described more fully in the sections following the chart.

A. Workforce Composition

Among S&P 100 companies, 58% included disclosures relating to workforce composition in one or more of the following categories:

Full-time/part-time employee split. While most companies provided the total number of full-time employees, only 14% of the companies surveyed included a quantitative breakdown of the number of full-time versus part-time employees or salaried versus hourly employees, consistent with the previous two years. Similarly, 66% of companies provided statistics on the number of seasonal employees and/or independent contractors or a breakdown of employees by business segment, job function, or geographical location, the same as the previous year, and up from and 60% in 2021.
Unionized employee relations. Of the companies surveyed, 38% stated that some portion of their workforce was part of a union, works council, or similar collective bargaining agreement.[5] These disclosures generally included a statement providing the company’s opinion on the quality of labor relations, and in many cases, disclosed the number of unionized employees.
Quantitative workforce turnover rates. Although a majority of companies discussed employee turnover and the related topics of talent attraction and retention in a qualitative way (as discussed in Section II.B. below), only 19% of companies surveyed provided specific employee turnover rates (whether voluntary or involuntary), consistent with the previous two years.

B. Diversity

Among S&P 100 companies, 97% included disclosures relating to diversity in one or more of the following categories:

Diversity and inclusion. This was the most common diversity-related disclosure topic, with 97% of companies including a qualitative discussion regarding the company’s commitment to diversity, equity, and inclusion (“DEI”), consistent with the previous two years and up slightly from 91% in 2021. The depth of these disclosures varied, ranging from generic statements expressing the company’s support of diversity in the workforce to detailed examples of actions taken to recruit and support underrepresented groups and increase the diversity of the company’s workforce.
Priorities within diversity. Companies disclosed different areas of focus for diversity efforts and programming within the organization. The most common disclosure was diversity in the company’s hiring practices (60% of companies in 2024, up dramatically from 47% in 2021), followed by diversity in the retention or development of the company’s current workforce (58% of companies in 2024, up slightly from 50% in 2021), diversity in the company’s promotion practices (26% of companies in 2024, down from a high of 31% in 2022), and finally diversity in the company’s suppliers (15% of companies in 2024, up slightly from 10% in 2021). A decreasing minority of companies also discussed, in qualitative or quantitative terms, the companies’ commitments to aspirational diversity goals or targets (14% of companies in 2024, down from a high of 24% of companies in 2022), with such decrease likely due to the heightened legal risk associated with DEI programs following the June 2023 United States Supreme Court decision in Students for Fair Admissions v. Harvard.
Quantitative diversity statistics. Many companies also included a quantitative breakdown of the gender or racial representation of the company’s workforce: 60% included statistics on gender and 56% included statistics on race or ethnicity (down slightly compared to 2023, but up significantly from 47% and 42%, respectively, in 2021). Companies generally provided gender statistics on both a global and U.S. basis, whereas nearly all companies provided race or ethnicity statistics for their U.S. workforce only. Most companies provided these statistics in relation to their workforce generally, regardless of position; however, an increased subset (40% in 2024, compared to 25% in 2021) included separate statistics for different classes of employees (e.g., managerial, vice president and above, etc.). Similarly, 12% of companies also provided separate statistics for their boards of directors (compared to 10% in each of 2023 and 2022 and 4% in 2021). Some companies also included numerical goals for gender or racial representation, either in terms of overall representation, promotions, or hiring—11% of companies included these diversity goals or targets (compared to 15% in 2023, 18% in 2022, and 14% in 2021).

C. Recruiting, Training, Succession

Among S&P 100 companies, 99% included disclosures relating to talent and succession planning in one or more of the following categories:

Talent attraction and retention. These disclosures were generally qualitative and focused on efforts to recruit and retain qualified individuals. While general statements regarding recruiting and retaining talent were very common, with 96% of companies including this type of disclosure (relatively flat in the prior two years, but up significantly from 66% in 2021), quantitative measures of retention, like workforce turnover rate, were uncommon, with only 19% of companies disclosing such statistics (as noted above).
Talent development. Disclosures related to talent development were the most common category, with 98% of companies including a qualitative discussion regarding employee training, learning, and development opportunities, up from 83% in 2021. This disclosure tended to focus on the workforce as a whole rather than specifically on senior management. Companies generally discussed training programs such as in-person and online courses, leadership development programs, mentoring opportunities, tuition assistance, and conferences. Some companies discussed quantitative figures related to talent development, such as the number of hours employees spent on learning and development or the company’s investment in development resources, with 19% of companies including this type of disclosure.
Succession planning. Only 33% of companies surveyed addressed their succession planning efforts, which may be a function of succession being a focus area primarily for executives rather than the human capital resources of a company more broadly. However, this is up from 27% of companies who discussed succession planning in 2021.

D. Employee Compensation[6]

Among S&P 100 companies, 92% included disclosures relating to employee compensation, up from 77% in 2021. All of those companies included a qualitative description of the compensation and/or benefits program offered to employees, with a small minority providing quantitative measures such as minimum or average wages or investment in benefits (17% of companies surveyed in 2024, up from 12% in 2021). Of the companies surveyed, 50% addressed pay equity practices or assessments (up from 37% in 2021), and substantially fewer companies included quantitative measures of the pay gap between racially or ethnically diverse and nondiverse employees or male and female employees (17% of companies surveyed in 2024, up from 12% in 2021).

E. Health and Safety

Among S&P 100 companies, 77% included disclosures relating to health and safety in one or both of the following categories:

Workplace safety. Of the companies surveyed, 55% included qualitative disclosures relating to workplace health and safety, down from 63% in 2022, typically consisting of statements about the company’s commitment to safety in the workplace generally and compliance with applicable regulatory and legal requirements. However, 9% of companies surveyed provided quantitative disclosures in this category, generally focusing on historical and/or target incident or safety rates or investments in safety programs. These quantitative disclosures tended to be more prevalent among industrial, energy, and manufacturing companies.
Employee mental health. In connection with disclosures about benefits provided to employees, including benefits intended to support employees’ general wellness or wellbeing, 54% of companies disclosed initiatives taken to support employees’ mental or emotional health and wellbeing, up from 37% in 2021.

F. Culture and Engagement

In addition to the many instances where companies included general descriptions of their commitment to company culture and values, 83% of S&P 100 companies discussed specific initiatives they were taking related to culture and engagement in one or more of the following categories:

Culture and engagement initiatives. Specific disclosures relating to practices and initiatives undertaken to build and maintain their culture and values have increased steadily each year, with 35% of the companies surveyed providing such disclosure, up from 18% in 2021. These companies most commonly discussed efforts to communicate with employees (e.g., through town halls, CEO outreach, trainings, or conferences and presentations) and to recognize employee contributions (e.g., awards programs and individualized feedback). Many companies also discussed culture in the context of diversity-related initiatives designed to help foster an inclusive culture.
Monitoring culture. Of the companies surveyed 69% provided disclosures about the ways that companies monitor culture and employee engagement, up from 54% in 2021. Companies generally disclosed the frequency of employee surveys used to track employee engagement and satisfaction, with some reporting on the results of these surveys, sometimes measured against prior year results or industry benchmarks, and ways in which company management or the board utilized survey results.
Flexible Work Opportunities. About one-third of S&P 100 companies describe flexible working arrangements, including remote or hybrid work or scheduling adjustments to accommodate different ways of working, with 34% of companies provided such disclosure in 2024, compared to 16% in 2021. Although many of these companies discussed this topic in previous years, past mentions of measures related to flexible work environments were generally in connection with COVID-related safety concerns, whereas recent discussions are increasingly related to talent acquisition and retention.
Community investment. Some companies disclosed information about community investment, partnerships, donations, or volunteer programs sponsored by the company, with 25% of companies surveyed providing such disclosure in 2024, compared to 28% in 2023 and 18% in 2021. Many companies discussed their community investment efforts as offshoots of or in conjunction with their diversity, equity, and inclusion efforts.

G. COVID-19

The number of S&P 100 companies that included information regarding COVID-19 and its impact on company policies and procedures or on employees dropped to only one companies making such disclosure, compared to 34% in 2023 and 70% in 2022. This sharp decline in COVID-19 disclosures is consistent with a more general trend of companies discussing COVID-19 less frequently as a result of its decreasing significance and illustrates the expected evolution of disclosure resulting from a principles-based framework.

H. Human Capital Management Governance and Organizational Practices

Just over half of S&P 100 companies (54% of those surveyed, compared to 40% in 2021) addressed their governance and organizational practices (such as oversight by the board of directors or a committee and the organization of the human resources function).

III. Industry Trends

One of the main rationales underlying the adoption of principles-based—rather than prescriptive—requirements for human capital disclosures is that the relative significance of various human capital measures and objectives varies by industry. This is reflected in the following industry trends that we observed:[7]

Technology Industries (E-Commerce, Internet Media & Services, Hardware, Software & IT Services, and Semiconductors). For the 22 companies in the Technology Industries, at least 63% discussed each of talent development and training opportunities, talent attraction, recruitment and retention, employee compensation, employee mental health, and diversity. Compared to the S&P 100 as a whole, relatively uncommon disclosures among this group included part-time and full-time employee statistics (5%), succession planning (9%), supplier diversity (5%), diversity in retention and development (41%), quantitative diversity statistics regarding race/ethnicity and gender (41% and 45%, respectively), and unionized employee relations (18%). However, these industries continued to see increased rates of disclosure compared to the S&P 100 for quantitative turnover rates (41%), flexible work opportunities (45%), culture initiatives (45%), and qualitative pay equity (59%).
Finance Industries (Asset Management & Custody Activities, Consumer Finance, Commercial Banks, and Investment Banking & Brokerage). For the 13 companies in the Finance Industries, a large majority continued to include quantitative diversity statistics regarding race (85%) and gender (92%) (matching that of the last two years) and qualitative disclosures regarding employee compensation (92%), and, compared to other industries, a relatively higher number discussed diversity in hiring (85%), employee mental health (77%), flexible work opportunities (69%), pay equity (69%), and quantified their pay gap (46%). Relatively uncommon disclosures among this group included part-time and full-time employee statistics, unionized employee relations, quantitative workforce turnover rates, diversity targets and goals, quantitative new hire diversity, supplier diversity, and workplace safety (in each case less than 16%).
Pharmaceutical Industries (Biotechnology & Pharmaceuticals). For the eight companies in the Pharmaceutical Industries, at least 87% discussed each of diversity, workplace safety, monitoring culture, talent attraction and retention, talent development, and employee compensation. Compared to the S&P 100 as a whole, relatively uncommon disclosures among this group included succession planning (13%), quantitative pay gap (0%), and diversity targets and goals (0%). However, these industries continued to see increased rates of disclosure compared to the S&P 100 for supplier diversity (38%), workplace safety (88%), culture initiatives (50%), and flexible work opportunities (75%).

IV. Disclosure Format

The format of human capital disclosures in S&P 100 companies’ annual reports on Form 10‑K continued to vary greatly.

Word Count. The length of the disclosures ranged from 106 to 1,809 words, with the following statistical trends in the past four years:

	2024	2023	2022	2021
Minimum word count	106	106	109	105
Maximum word count	1,809	2,094	1,995	1,931
Median	913	1,035	959	818
Mean	946	1,002	976	825

Metrics. The disclosure requirement specifically asks for a description of “any human capital measures or objectives that the registrant focuses on in managing the business” (emphasis added). Our survey revealed that companies are increasingly providing quantitative metrics, with 84% of companies providing disclosure in at least one of the quantitative categories we discuss above (compared to 87% in 2023, 80% in 2022, and 67% in 2021) and only 8% electing not to include any type of quantitative metrics beyond headcount numbers (compared to 7% in 2023, 10% in 2022 and 14% in 2021).

Graphics. Although the minority practice, 26% of companies surveyed also included tables, charts, graphics or similar formatting used to draw attention to particular elements, compared to 26% in 2023, 24% in 2022 21% in 2021, which were generally used to present statistical data, such as diversity statistics or breakdowns of the number of employees by geographic location.

Categories. Most companies organized their disclosures by categories similar to those discussed above and included headings to define the types of disclosures presented.

V. Upcoming Rulemaking and Investor Advisory Committee Recommendations

At its meeting on September 21, 2023, the Commission’s Investor Advisory Committee (“IAC”) approved subcommittee recommendations (the “IAC Recommendations”) to expand required human capital management disclosures.[8] The IAC Recommendations contain prescriptive disclosure requirements—many of which have been previously considered as part of the 2020 rulemaking—for various quantitative metrics in the business description of Form 10-K under Item 101(c) of Regulation S-K (including headcount, turnover, compensation, and demographic data) as well as narrative disclosure in Management Discussion and Analysis. For details regarding the IAC Recommendations, please refer to “Form 10-K Human Capital Disclosures Continue to Evolve,” available here.

According to the most recent Regulatory Flexibility agenda, a human capital management rule proposal that was originally slated for October 2021 was expected to be issued in October 2024.[9] However, no rule was ever proposed, and many expect regulatory priorities to change with the upcoming shift in the administration, including SEC Chair Gary Gensler’s upcoming departure on January 20, 2025. We therefore do not expect that the Commission will be adopting IAC’s recommendations in the near term as Republican commissions have in the past generally favored principles-based disclosure over prescriptive disclosure requirements.

VI. Comment Letter Correspondence

Comment letter correspondence from the staff of the Division of Corporation Finance (the “Staff”), which often helps put a finer point on principles-based disclosure requirements like this one, has shed relatively little light on how the Staff believes the new requirements should be interpreted. Consistent with what we found at this time in the prior three years, the comment letters, all of which involved reviews of registration statements, were generally issued to companies whose disclosures about employees were limited to the bare-bones items companies have discussed historically, such as the number of persons employed and the quality of employee relations. From these companies, the Staff simply sought a more detailed discussion of the company’s human capital resources, including any human capital measures or objectives upon which the company focuses in managing its business. There were also a few comment letters where the Staff asked companies to clarify statements in their human capital disclosures or expand their human capital disclosures based on related risks identified in their risk factors.[10] Based on our review of the responses to those comment letters, we have not seen a company take the position that a discussion of human capital resources was immaterial and therefore unnecessary.

VIII. Conclusion

Based on our survey, companies continue to be thoughtful about their human capital disclosures—expanding their disclosures in some areas (e.g., culture initiatives and pay equity) and reducing them in others (e.g., COVID-19, diversity targets and goals, diversity in promotion, and community investment)—in response to ever-changing circumstances. That is precisely what principles-based disclosure rules are designed to elicit.

To that end, as companies prepare for the upcoming Form 10-K reporting season, they should consider the following:

Confirm (or reconfirm) that the company’s disclosure controls and procedures support the statements made in human capital disclosures knowing that controls in the HR department may not be as rigorous as accounting controls. These disclosures create legal liability risks and should be treated accordingly.

Companies may want to compare their own disclosures against what their industry peers did these past four years, including specifically any notable changes to disclosures made in the past year.

Remind stakeholders internally that these disclosures likely will continue to evolve. This is especially true with the change in administration that could result in companies focusing on fewer or different issues. The types of measures and objectives that a company focuses on in managing its business and that are material to each company may also change in response to current events, as was shown by essentially the complete removal of COVID-19 related disclosures from 10-K filings the past two years and the decrease in disclosures relating to diversity targets and goals over the same period.

If you continue to disclose targets, expect the SEC staff to ask you to disclose the progress that management has made. You may wish to reconsider the utility in disclosing specific targets.
Addressing in the upcoming disclosure, if not already disclosed, the progress that management has made with respect to any significant objectives it has set regarding its human capital resources as investors are likely to focus on year-over-year changes and the company’s performance versus stated goals.
Addressing significant areas of focus highlighted in engagement meetings with investors and other stakeholders. In a 2024 survey, human capital management was one of the top five issues (aside from financial performance) most important to investors when evaluating companies.[11]
Revalidating the methodology for calculating quantitative metrics and assessing consistency with the prior year. Former Chairman Clayton commented that he would expect companies to “maintain metric definitions constant from period to period or to disclose prominently any changes to the metrics.”

[1] Data provided is as of November 10, 2024 and is based on the companies currently included within the S&P 500, so some statistics are slightly different than they were in the prior surveys. The categorization data necessarily involves subjective assessment and should be considered approximate.

[2] See 17 C.F.R. § 229.101(c)(2)(ii).

[3] Agency Rule List – Spring 2024 Securities and Exchange Commission, Office of Information and Regulatory Affairs (2024), available here.

[4] Note that companies often include additional human capital management-related disclosures in their ESG/sustainability/social responsibility reports, on their websites, and in their proxy statements, but these disclosures are outside the scope of the survey, which is focused on disclosures included in Part I, Item 1 of annual reports on Form 10-K.

[5] While never expressly required by Regulation S-K, as a result of disclosure review comments issued by the Division of Corporation Finance over the years and a decades-old and since-deleted requirement in Form 1-A, it has been a relatively common practice to discuss collective bargaining and employee relations in the Form 10-K or in an IPO Form S-1, particularly since the threat of a workforce strike could be material.

[6] Our survey reviewed the employee compensation disclosures contained in Part I, Item 1 of each company’s Form 10-K and did not separately review any employee compensation information included in companies’ financial statements or the notes thereto.

[7] For purposes of our survey, we grouped companies in similar industries based on both their four-digit Standard Industrial Classification code and their designated industry within the Sustainable Industry Classification System. The industry groups discussed in this section cover 43% of the companies included in our survey.

[8] Available at https://www.sec.gov/files/spotlight/iac/20230921-recommendation-regarding-hcm.pdf.

[9] Agency Rule List – Spring 2024 Securities and Exchange Commission, Office of Information and Regulatory Affairs (2024), available here.

[10] See, e.g., comments issued to Concentra Group Holdings Parent, Inc. (available at https://www.sec.gov/Archives/edgar/data/2014596/000000000024003738/filename1.pdf) and PACS Group, Inc. (available at https://www.sec.gov/Archives/edgar/data/2001184/000000000024000134/filename1.pdf).

[11] See PwC’s Global Investor Survey 2024, available at https://www.pwc.com/gx/en/issues/c-suite-insights/global-investor-survey.html.

The following Gibson Dunn attorneys assisted in preparing this update: Brian Lane, Julia Lapitskaya, Ronald Mueller, Michael Titera, and Meghan Sherley.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Securities Regulation and Corporate Governance or Labor and Employment practice groups, or any of the following practice leaders and members:

Securities Regulation and Corporate Governance:
Elizabeth Ising – Co-Chair, Washington, D.C. (+1 202.955.8287, eising@gibsondunn.com)
James J. Moloney – Co-Chair, Orange County (+1 949.451.4343, jmoloney@gibsondunn.com)
Lori Zyskowski – Co-Chair, New York (+1 212.351.2309, lzyskowski@gibsondunn.com)
Aaron Briggs – San Francisco (+1 415.393.8297, abriggs@gibsondunn.com)
Thomas J. Kim – Washington, D.C. (+1 202.887.3550, tkim@gibsondunn.com)
Brian J. Lane – Washington, D.C. (+1 202.887.3646, blane@gibsondunn.com)
Julia Lapitskaya – New York (+1 212.351.2354, jlapitskaya@gibsondunn.com)
Ronald O. Mueller – Washington, D.C. (+1 202.955.8671, rmueller@gibsondunn.com)
Michael Scanlon – Washington, D.C.(+1 202.887.3668, mscanlon@gibsondunn.com)
Michael A. Titera – Orange County (+1 949.451.4365, mtitera@gibsondunn.com)

Labor and Employment:
Jason C. Schwartz – Co-Chair, Washington, D.C. (+1 202.955.8242, jschwartz@gibsondunn.com)
Katherine V.A. Smith – Co-Chair, Los Angeles (+1 213.229.7107, ksmith@gibsondunn.com)

On December 3, 2024, a federal district court in Texas ruled that the Corporate Transparency Act (CTA) is likely unconstitutional and preliminarily enjoined its enforcement nationwide. Accordingly, the rule’s requirements cannot currently be enforced against entities that would otherwise be subject to the rule. Thus, as it currently stands, reporting companies that were required to make a CTA filing by the end of the year are not required to do so, although that posture could change very quickly depending on the government’s next steps. This update briefly describes the ruling and what it means for CTA compliance moving forward.[1]

The Corporate Transparency Act, enacted in 2021, requires all corporations, limited liability companies, and certain other entities created (or, as to non-U.S. entities, registered to do business) in any U.S. state or tribal jurisdiction to file a beneficial ownership interest (BOI) report with the U.S. Financial Crimes Enforcement Network (FinCEN) identifying, among other information, the natural persons who are beneficial owners of the entity.[2] A regulation, the Reporting Rule, helps implement the CTA by specifying compliance deadlines—including a January 1, 2025 deadline for companies created or registered to do business in the United States before January 1, 2024—and detailing what information must be reported to FinCEN.[3]

On March 1, 2024, the U.S. District Court for the Northern District of Alabama ruled that the CTA is unconstitutional.[4] The court permanently enjoined the government from enforcing the CTA, but only as to the plaintiffs in that case.[5] The government appealed, and the Eleventh Circuit heard oral argument on September 27. The Eleventh Circuit’s decision in that case remains pending.

The December 3, 2024 Ruling

Six plaintiffs, among which include a small business named Texas Top Cop Shop, Inc. and the National Federation of Independent Business (NFIB), brought a lawsuit challenging the constitutionality of the CTA and the Reporting Rule on various grounds. On December 3, 2024, Judge Amos L. Mazzant of the U.S. District Court for the Eastern District of Texas granted the plaintiffs’ motion for a preliminary injunction.[6] Like the Northern District of Alabama, the court held that the CTA exceeds Congress’s enumerated powers. Specifically, in a 79-page opinion, Judge Mazzant ruled that it was likely that the plaintiffs would be able to prove that:

The CTA is not a proper exercise of Commerce Clause power because it does not regulate a channel or instrumentality of interstate commerce or any activity that substantially affects commerce[7]; and
The CTA cannot be justified under the Necessary and Proper Clause because, contrary to the government’s assertions, it is not rationally related to any enumerated power to regulate commerce, conduct foreign affairs, or collect taxes.[8]

The court’s reasoning about the scope of the Commerce Clause, Necessary and Proper Clause, foreign affairs power, and taxing power echoed that of the Northern District of Alabama. While the Northern District of Alabama enjoined enforcement of the CTA against only the plaintiffs in that case, the Eastern District of Texas went further. Observing that an injunction pertaining to plaintiff NFIB’s approximately 300,000 members would be tantamount to a nationwide injunction, the court concluded that it was appropriate to preliminarily enjoin enforcement of the CTA and the Reporting Rule nationwide.[9] Moreover, the court invoked its power under the Administrative Procedure Act’s stay provision, 5 U.S.C. § 705, to “postpone the effective date of” the Reporting Rule.[10]

Potential U.S. Government Response

The government has 60 days to appeal the district court’s preliminary injunction to the U.S. Court of Appeals for the Fifth Circuit, though it may do so earlier.[11] The government may also ask the district court or the Fifth Circuit for an emergency stay of the district court’s preliminary injunction in full or in part during the pendency of any appeal. Any such emergency application would be considered by the Fifth Circuit on an expedited basis. If the Fifth Circuit leaves the district court’s order in place, the government could then seek emergency relief in the Supreme Court, which could also stay the injunction pending appeal.

In the meantime, FinCEN will likely issue a notice clarifying its position on the impact of the district court’s order, including potentially extending the January 1, 2025 filing deadline.

Ultimately, the validity of the CTA is unlikely to be resolved nationwide without Supreme Court review or unanimous decisions from the federal courts of appeals who consider the question. Notably, district courts in Michigan,[12] Oregon,[13] and Virginia[14] have denied similar requests for preliminary injunctions against enforcement of the CTA. The Eastern District of Virginia, for example, concluded that the CTA is an exercise of Congress’s Commerce Clause power because it regulates an activity—operating a corporate entity as a going concern—that in the aggregate substantially affects interstate commerce.[15]

What the Ruling Means for Entities Subject to the CTA

Given the district court’s nationwide preliminary injunction and stay of the Reporting Rule’s effective date, the rule’s requirements cannot currently be enforced against entities that would otherwise be subject to the rule. Thus, as it currently stands, reporting companies that were required to make a CTA filing are not required to do so.

Given the possibility of either the Fifth Circuit or the Supreme Court staying the district court’s order pending appeal, however, reporting entities’ legal obligations are subject to change on short notice, and as a general matter companies should not assume that the January 1, 2025 deadline will ultimately be extended without further guidance from FinCEN. If either the Fifth Circuit or Supreme Court stay the district court’s order pending appeal, the Reporting Rule will become enforceable again, and the rule’s deadlines will become effective as to all entities that are not parties to the litigation in the Northern District of Alabama—though FinCEN may adjust those deadlines depending on how long the district court’s order remains in effect. It also remains to be seen whether the incoming administration will continue to defend the constitutionality of the CTA or not, although as a general rule the Department of Justice typically defends the constitutionality of federal statutes regardless of administration.[16]

Entities that believe they may be subject to the Reporting Rule should closely monitor this matter, and consult with their CTA advisors as necessary, to understand whether and when they need to comply with the Reporting Rule’s requirements and to allow for sufficient lead time in advance of any filing deadline.

We note that this ruling deals only with the federal CTA passed by Congress, not similar legislation passed by states such as New York, which have enacted similar requirements.[17] Gibson Dunn will continue to monitor CTA developments closely.

[1] Prior alerts by Gibson Dunn explaining the Corporate Transparency Act are available at: https://www.gibsondunn.com/top-12-developments-in-anti-money-laundering-enforcement-in-2023; https://www.gibsondunn.com/the-impact-of-fincens-beneficial-ownership-regulation-on-investment-funds; https://www.gibsondunn.com/the-corporate-transparency-act-reminders-and-key-updates-including-fincen-october-3-faqs.

[2] See William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. 116-283, Div. F., § 6403 (adding 31 U.S.C. § 5336).

[3] 31 C.F.R. § 1010.380.

[4] Nat’l Small Business United v. Yellen, 721 F. Supp. 3d 1260 (N.D. Ala. 2024); see https://www.gibsondunn.com/corporate-transparency-act-declared-unconstitutional-what-it-means-for-you.

[5] Nat’l Small Business Union et al. v. Yellen et al., No. 5:22-cv-01448, Dkt. 52 (N.D. Ala. 2024).

[6] Texas Top Cop Shop, Inc. et al. v. Garland et al., No. 4:24-CV-478, Dkt. 30 (E.D. Tex. Dec. 3, 2024).

[7] Id. at 35–53.

[8] Id. at 53–73.

[9] Id. at 74–75, 77.

[10] Id. at 78.

[11] Fed. R. App. P. 4(a)(1)(B).

[12] Small Business Ass’n of Mich. et al. v. Yellen et al., No. 1:24-cv-00314-RJJ-SJB, Dkt. 24 (W.D. Mich. Apr. 26, 2024).

[13] Firestone et al. v. Yellen et al., No. 3:24-cv-1034-SI, Dkt. 18 (D. Ore. Sept. 20, 2024).

[14] Cmty. Ass’ns Inst. et al. v. Yellen et al., No. 1:24-cv-1597 (MSN/LRV), Dkt. 40 (E.D. Va. Oct. 24, 2024).

[15] Id. at 14; see also Firestone, supra note 13, at 12–14.

[16] See https://www.gibsondunn.com/tools-of-transition-procedural-devices-could-help-president-elect-implement-agenda.

[17] See S.995-B/A.3484-A

The following Gibson Dunn lawyers assisted in preparing this update: Kevin Bettsteller, Stephanie Brooker, Matt Gregory, Justin Newman, Dave Ware, Sam Raymond, Chris Jones, and Connor Mui.

For assistance navigating white collar or regulatory enforcement issues, please contact the authors, the Gibson Dunn lawyer with whom you usually work, or any leader or member of the firm’s Anti-Money Laundering, Administrative Law & Regulatory, Investment Funds, Real Estate, or White Collar Defense & Investigations practice groups.

Please also feel free to contact any of the following practice group leaders and members and key CTA contacts:

Anti-Money Laundering:
Stephanie Brooker – Washington, D.C. (+1 202.887.3502, sbrooker@gibsondunn.com)
M. Kendall Day – Washington, D.C. (+1 202.955.8220, kday@gibsondunn.com)
David Ware – Washington, D.C. (+1 202-887-3652, dware@gibsondunn.com)
Ella Capone – Washington, D.C. (+1 202.887.3511, ecapone@gibsondunn.com)
Sam Raymond – New York (+1 212.351.2499, sraymond@gibsondunn.com)
Chris Jones – Los Angeles (+1 213.229.7786, crjones@gibsondunn.com)

Administrative Law and Regulatory:
Stuart F. Delery – Washington, D.C. (+1 202.955.8515, sdelery@gibsondunn.com)
Eugene Scalia – Washington, D.C. (+1 202.955.8673, dforrester@gibsondunn.com)
Helgi C. Walker – Washington, D.C. (+1 202.887.3599, hwalker@gibsondunn.com)
Matt Gregory – Washington, D.C. (+1 202.887.3635, mgregory@gibsondunn.com)

Investment Funds:
Kevin Bettsteller – Los Angeles (+1 310.552.8566, kbettsteller@gibsondunn.com)
Shannon Errico – New York (+1 212.351.2448, serrico@gibsondunn.com)
Greg Merz – Washington, D.C. (+1 202.887.3637, gmerz@gibsondunn.com)

Real Estate:
Eric M. Feuerstein – New York (+1 212.351.2323, efeuerstein@gibsondunn.com)
Jesse Sharf – Los Angeles (+1 310.552.8512, jsharf@gibsondunn.com)
Lesley V. Davis – Orange County (+1 949.451.3848, ldavis@gibsondunn.com)
Anna Korbakis – Orange County (+1 949.451.3808, akorbakis@gibsondunn.com)

White Collar Defense and Investigations:
Stephanie Brooker – Washington, D.C. (+1 202.887.3502, sbrooker@gibsondunn.com)
Winston Y. Chan – San Francisco (+1 415.393.8362, wchan@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213.229.7269, nhanna@gibsondunn.com)
F. Joseph Warin – Washington, D.C. (+1 202.887.3609, fwarin@gibsondunn.com)

In this update, we explore the possible impacts of the 2024 presidential election on emissions regulations for light- and heavy-duty motor vehicles and on- and off-road engines, known collectively as “mobile sources.”

Based on actions during President-elect Trump’s previous term, we anticipate that the second Trump Administration will move swiftly to rescind and replace federal rules regarding mobile source emissions and seek to limit California’s authority to regulate such emissions. Below we outline the anticipated implications for industry of forthcoming changes to the existing federal and California regulations, related anticipated litigation, and potential compliance and enforcement considerations for industry.

The key takeaways for industry are:

The second Trump Administration is likely to deny pending requests by California for authorization to adopt and enforce its own mobile source emissions regulations and to revoke existing preemption waivers allowing California to issue mobile source greenhouse gas (GHG) standards in particular.
If these waivers are later restored, manufacturers may face retroactive enforcement by the California Air Resources Board (CARB), which has recently stated in other contexts that it will seek to enforce its regulations back to the state law effective date upon the receipt of a preemption waiver or authorization.
New litigation surrounding the denial or revocation of California’s waivers is likely to arise, but any cases seeking to restore California’s waivers will be heard by a judiciary—including a Supreme Court—shaped by the appointees of the first Trump Administration.
From an enforcement perspective, the U.S. Environmental Protection Agency (EPA) will retain primacy for mobile source enforcement even if the next Trump Administration moves back to a policy focused on state-first enforcement. If the EPA de-prioritizes GHG enforcement, the balance of the enforcement docket may shift to criteria pollutant cases, such as enforcement related to NOx or PM emissions.

Federal Rules

During the first Trump Administration, the U.S. Environmental Protection Agency (EPA) undertook efforts to change mobile source emission rules, in particular by replacing an increasingly strict GHG emissions regime from the Obama Administration with rules that did not become more stringent year-over-year. We anticipate that during President-elect Trump’s second term, his administration may move again to reduce the stringency of the previous administration’s emissions regulations pertaining to GHGs.

First Trump Administration Recission of Federal Rules

In August 2018, the EPA, along with the National Highway Traffic Safety Administration (NHTSA), initiated a rulemaking to amend the existing tailpipe emissions standards and fuel economy requirements for passenger cars and light trucks and establish new standards for model years 2021 through 2026.[1] This action, which was finalized in April 2020, froze the federal GHG emissions and fuel economy standards at model year 2020 levels through 2026.[2]

Lessons for the Second Trump Administration

During the second Trump Administration, we anticipate that the EPA will again take action to rescind the previous administration’s vehicle and engine emissions standards, particularly GHG standards. Based on campaign statements and Project 2025, an extensive suite of policy proposals from major conservative groups including many appointees from President-elect Trump’s first administration,[3] the EPA will likely rescind the Biden EPA’s model year 2027 through 2032 light- and medium-duty vehicle emissions standards.[4] The Trump Administration’s replacement rule will likely slow the rate at which the GHG standards ramp up.[5] We also anticipate that the Trump Administration’s replacement rule will significantly reduce the pressure on manufacturers to meet emissions standards through the sale of electric vehicles (although this seems less certain given the anticipated role that Tesla CEO Elon Musk will have in the second Trump Administration).[6]

Project 2025 also contemplates that NHTSA will amend its fuel economy standards and return to the minimum average fuel economy standards specified by Congress for model year 2020 vehicles, including levels aimed at achieving a fleet-wide average of 35 miles per gallon.[7] NHTSA may also reconsider existing fuel economy credits for electric vehicles.[8]

California Rules

Outlook for Section 209 Waivers

Under the Clean Air Act, states are expressly preempted from adopting or enforcing emissions standards for new motor vehicles and engines.[9] However, a statutory exemption exists for California: EPA has authority under Section 209 to issue a preemption waiver to California to establish, and enforce, its own standards for new motor vehicle and engine emissions that are at least as strict as the federal standards, if certain statutory criteria are met.[10] Currently, eight California rules are under waiver or authorization review by EPA, including the following CARB rules with significant compliance implications and costs for the regulated industry:

California Rule	Federal Register Notice
Heavy-Duty Omnibus Low NOx Waiver Request	87 Fed. Reg. 35765 (Jun. 13, 2022)
Commercial Harbor Craft Authorization Request	88 Fed. Reg. 25636 (Apr. 27, 2023)
Advanced Clean Car II Waiver Request	88 Fed. Reg. 88908 (Dec. 26, 2023)
In-Use Locomotive Authorization Request	89 Fed. Reg. 14484 (Feb. 27, 2024)
Advanced Clean Fleets Waiver Request	89 Fed. Reg. 57151 (Jul. 12, 2024)

In addition, for some other recent rules, such as the Zero-Emissions Forklift Rule, which mandates a complete transition to powertrains with no tailpipe emissions, CARB has not yet submitted a waiver application to the EPA.

If these waiver and authorization requests are not finalized during President Biden’s lame-duck period, they likely will be denied by a Trump EPA. Based on the Trump EPA’s approach during the first administration, it is likely that President-elect Trump’s EPA will revoke existing waivers granted to California. The ability of California to secure waivers or authorizations from the EPA during the second Trump Administration based on new requests is also questionable.

In particular, campaign statements and Project 2025 indicate that the next Administration will revoke any Section 209(b) waiver that does not apply only to California-specific issues such as ground-level ozone, including any waiver to issue vehicle GHG standards.[11] President-elect Trump campaigned on a platform that no state should have the authority to ban gasoline-powered cars, which implicates California’s waiver that has been used to order the phase-out of gas-powered vehicles and transition to electric vehicles beginning in model year 2026 through model year 2035.[12]

CARB Response to Waiver Recission and Restoration During the First Trump Administration

Looking back to the first Trump Administration may provide a preview of future conflict between CARB and the Trump EPA regarding Section 209 waivers. During the first Trump Administration, in August 2018, the EPA proposed to withdraw CARB’s previously granted Section 209(b) waiver for its Advanced Clean Cars regulation.[13] In September 2019, the EPA finalized this rule, revoking California’s Section 209(b) waiver to enforce unique state motor vehicle GHG standards for model years 2021 through 2025.[14]

During the interim period between the Trump EPA’s initial proposal to revoke California’s waiver and the actual revocation, CARB modified its existing GHG rules for model years 2021 through 2026 to state that, should the EPA change federal emission standards, vehicle and engine manufacturers who complied with the federal standards would no longer be considered in compliance with the significantly differing California standards.[15] In other words, CARB declared that it would no longer accept compliance with federal emissions standards as a safe harbor if the EPA were to revise the federal rules. In doing so, California departed from a prior deal struck with industry and EPA in promulgating the first harmonized GHG program at the outset of the Obama Administration (which, in turn, resolved years of litigation relating to state regulation of GHGs from motor vehicles).[16]

Next, in the summer of 2019, CARB and four automakers announced their entry into “Framework Agreements.”^[17] The Framework Agreements imposed alternative GHG standards for model year 2021 through 2026 light-duty vehicles, and were described by the Trump EPA as “a voluntary agreement with four automobile manufacturers that amongst other things, requires the manufacturers to refrain from challenging California’s GHG and [Zero-Emission Vehicle] programs, and provides that California will accept automobile manufacturer compliance with a less stringent standard” than either the existing California program or the federal regulations promulgated in 2012.[18]

As a result, during the period when CARB’s waiver was revoked, manufacturers were subject to significant regulatory uncertainty. Some manufacturers complied with the federal regulations, which EPA and NHTSA maintained were the only lawful regulations. Other manufacturers entered into agreements with CARB to comply with the requirements of the Framework Agreement. Overlaying all of this, CARB’s own original GHG emissions standards remained the law in California, and CARB maintained that their waiver was improperly revoked, raising the specter of retroactive enforcement should it be restored.[19]

In March 2022, under President Biden, the EPA reinstated California’s Section 209(b) waiver to issue and enforce motor vehicle GHG standards.[20] OEMs expressed concern that CARB could seek to retroactively enforce its separate standards for the period during which California’s waiver had been revoked.[21] This was particularly challenging because, during the period where CARB’s waiver was withdrawn, many manufacturers followed the federal regulations and made decisions that fixed their vehicle production strategies for model years 2021 and 2022, leaving them with a lack of lead time to comply with CARB’s regulations after its waiver was reinstated.

Potential CARB Retroactive Enforcement in the Second Trump Administration

The potential for retroactive enforcement will remain a challenge in the new Trump Administration. CARB has indicated in several contexts that it will seek to enforce state law retroactively upon the receipt of EPA waiver or authorization. For example, CARB’s Advanced Clean Fleets (ACF) waiver request is still pending with EPA,[22] but in December 2023, CARB issued an “Enforcement Notice” stating that it “reserves all of its rights to enforce the ACF regulation in full for any period for which a waiver is granted” including back to the effective date of the rule under California law.[23] In comments on the EPA waiver proceeding on this rule, one comment rightfully pointed out that “to apply the waiver retroactively violates both the [Clean Air Act] and basic principles of due process” and observed that CARB has increasingly sought to assert this position for its rules pending waiver determinations.[24] In October 2024, CARB clarified that it would not retroactively enforce certain aspects of the ACF regulation, but this clarification did not comprehensively address all ACF requirements.[25] Notably, CARB has not provided similar clarifications for other rules.

During a second Trump Administration, CARB may renew its threats of retroactive enforcement for regulations between the period of a regulation becoming California law and receipt of a waiver or authorization from EPA. This would lead to significant regulatory uncertainty (and due process concerns) for automakers and engine manufacturers, as a Trump EPA is likely to delay or deny California’s waiver and authorization requests. Furthermore, if existing waivers are rescinded and then restored by a later administration, manufacturers may again face the situation where federal regulations were technically the sole law of the land, but California alleges the waiver revocation was improper, its regulations were still valid, and that it can retroactively enforce following the restoration. This Damocles’ sword could hang over industry’s head until the issue of California’s authority is decided by the U.S. Supreme Court or the next Democratic Administration.

Waiver Litigation

EPA’s decision to reinstate CARB’s waiver is also currently being challenged in federal court by a group of states and fuel producers. Petitioners argue that the EPA exceeded its authority under the CAA and violated a constitutional requirement to treat states equally in terms of their sovereign authority.[26] The DC Circuit held that the Petitioners did not have standing to raise the statutory claims, and it rejected Petitioners’ constitutional claim on the merits.[27] Although the petition for certiorari remains pending before the Supreme Court, a Trump Administration revocation could render this case moot by again revoking the California waiver.

However, even if the existing litigation is mooted, new waiver litigation is likely to arise. Specifically, in the event that the Trump EPA denies or revokes any of California’s waivers, new litigation will almost certainly commence to challenge such decisions, including litigation brought by the State of California.[28]

In those cases—or if the existing waiver litigation proceeds to the Supreme Court—the second Trump Administration will have an advantage that the first Trump Administration did not: the benefit of a federal judiciary, and a Supreme Court, shaped by President-elect Trump’s first term.[29] In addition, the Supreme Court’s 2024 decision in Loper Bright provides the courts with greater latitude to question agency decisions that previously may have received the benefit of Chevron deference.[30] As a result, cases trying to restore California’s waivers may face more of an uphill battle during the second Trump Administration than during the first.

Implications for Enforcement

Federal Enforcement

During the first Trump Administration, EPA policy emphasized coordination with states and allowing state agencies to take the lead in enforcement. Even under a state-focused enforcement policy, EPA remains the lead for any enforcement pursuant to Title II of the Clean Air Act relating to mobile sources and fuels, especially if California’s waivers to enforce its own mobile source emission standards are delayed, denied, or revoked. Thus, EPA’s Office of Enforcement and Compliance Assurance (OECA) will retain primacy for Title II enforcement even if the next Trump Administration moves back to a policy focused on state-first enforcement.

Furthermore, where GHG enforcement becomes less of a priority, OECA may then seek to fill its enforcement docket with criteria pollutant cases. For vehicle and engine manufacturers, this could include enforcement related to NOx or PM emissions, for example. Enforcement actions under the first Trump Administration included three major mobile source cases focused on criteria emissions all of which were focused on non-U.S. manufacturers.

CARB Enforcement

As discussed above, the recission and reinstatement of CARB’s Advanced Clean Cars waiver created significant uncertainty for manufacturers regarding enforcement risks, as the fundamental issues of which regulations were in effect, and when, were in question. To date, this dilemma and the related due process concerns created by this positioning have not been squarely addressed in the context of enforcement or an as-applied constitutional challenge.

Should a similar situation develop during the second Trump Administration, another potential method for manufacturers to seek certainty on enforcement is to enter into an agreement with CARB where CARB agrees to exercise its enforcement discretion with respect to certain regulatory terms in exchange for support for CARB’s legal positions and regulations. CARB has taken this approach not only on a manufacturer-by-manufacturer basis as mentioned above, but also entered into an agreement with a trade association and a coalition of manufacturers in the association’s membership.[31] But such an approach could face retaliation by the Trump Administration: during President-elect Trump’s first term, the U.S. Department of Justice briefly sought to investigate the manufacturers involved in these agreements for violations of antitrust law.[32]

Conclusion

In his second term, President-elect Trump is likely to target California’s authority to regulate mobile source emissions, and especially GHG emissions. Lessons from the first Trump Administration indicate that CARB may respond by taking an aggressive position on retroactive enforcement to induce manufacturers to comply with California regulations during any waiver revocation period. The question of CARB’s authority to retroactively enforce mobile source emissions regulations, and the related due process concerns, has not been decided by a court or squarely addressed in litigation.

Meanwhile, even if EPA’s enforcement program shifts Title I enforcement to the states, Title II mobile source emissions enforcement will remain a federal concern. In particular, mobile source criteria pollutant cases, and especially those targeting foreign manufacturers, are likely to continue to remain part of OECA’s docket throughout President-elect Trump’s second administration.

[1] See The Safer Affordable Fuel-Efficient (“SAFE”) Vehicles Rule for Model Years 2021-2026 Passenger Cars and Light Trucks, 83 Fed. Reg. 42986 (proposed Aug. 24, 2018).

[2] See The Safer Affordable Fuel-Efficient (“SAFE”) Vehicles Rule for Model Years 2021-2026 Passenger Cars and Light Trucks, 85 Fed. Reg. 24174 (Apr. 30, 2020). Under the direction of the Biden Administration, in March 2022, EPA instituted stricter GHG standards for model years 2023 through 2026. Revised 2023 and Later Model Year Light-Duty Vehicle Greenhouse Gas Emissions Standards, 86 Fed. Reg. 74434 (Dec. 30. 2021). In April 2024, the Biden EPA promulgated model year 2027 through 2032 light- and medium-duty vehicle emissions standards, including GHG standards. Multi-Pollutant Emissions Standards for Model Years 2027 and Later Light-Duty and Medium-Duty Vehicles, 89 Fed. Reg. 27842 (Apr. 18, 2024). Currently, no major federal rules are pending for non-road engines or vehicles, or other Title II sources.

[3] BrieAnna J. Frank, Project 2025 is an effort by the Heritage Foundation, not Donald Trump | Fact check, USA TODAY (July 10, 2024, 12:05 PM ET), https://www.usatoday.com/story/news/factcheck/2024/07/10/trump-project-2025-heritage-foundation-fact-check/74340278007/.

[4] See Mandy M Gunasekara, Environmental Protection Agency, in Project 2025: Presidential Transition Project, 417, 426 (Paul Dans and Steven Groves, eds., 2023), static.project2025.org/2025_MandateForLeadership_CHAPTER-13.pdf.

[5] Id.

[6] See Ryan Hanrahan, Trump Vows to ‘End the Electric Vehicle Mandate’ in GOP Acceptance Speech, Farm Policy News (July 22, 2024), https://farmpolicynews.illinois.edu/2024/07/trump-vows-to-end-the-electric-vehicle-mandate-in-gop-acceptance-speech/.

[7] See Diana Furchtgott-Roth, Project 2025 Chapter 19 Department of Transportation 627 (2024), static.project2025.org/2025_MandateForLeadership_CHAPTER-19.pdf.

[8] See id.

[9] See 42 U.S.C. § 7543.

[10] 42 U.S.C. §§ 7543(b), (e). Clean Air Act Section 209(b), 42 U.S.C. § 7543(b), pertains to preemption waivers for on-road vehicles and engines. Under Section 209(e), 42 U.S.C. § 7543(e), EPA may issue authorization for California to adopt and enforce its own non-road vehicle or engine emission standards.

[11] See Gunasekara, supra note 3.

[12] Alexandra Ulmer and David Shepardson, Trump says no state would be allowed to ban gasoline-powered cars if he is elected, Reuters (Oct. 4, 2024), https://www.reuters.com/business/autos-transportation/trump-says-no-state-would-be-allowed-ban-gas-powered-cars-if-he-is-elected-2024-10-03/.

[13] See The Safer Affordable Fuel-Efficient (“SAFE”) Vehicles Rule for Model Years 2021-2026 Passenger Cars and Light Trucks, 83 Fed. Reg. at 42999.

[14] See The Safer Affordable Fuel-Efficient Vehicles Rule Part One: One National Program, 84 Fed. Reg. 51310, 51337 (Sept. 27, 2019).

[15] See In re Air Resources Board, OAL Matter No. 2018-1114-03, Cal. Office of Admin. Law, (Dec. 12, 2018), https://www.arb.ca.gov/regact/2018/leviii2018/form400dtc.pdf.

[16] See Letter from Mary D. Nichols, Chairman, CARB, to U.S. EPA and U.S. Dep’t of Transp. (July 28, 2011), https://www.epa.gov/sites/default/files/2016-10/documents/carb-commitment-ltr.pdf (“California commits to propose to revise its standards on GHG emissions from new motor vehicles for model-years MYs 2017 through 2025, such that compliance with the GHG emissions standards adopted by EPA for those model years that are substantially as described in the July 2011 Notice of Intent, even if amended after 2012, shall be deemed compliance with the California GHG emissions standards . . . .”).

[17] Press Release, CARB, California and major automakers reach groundbreaking framework agreement on clean emission standards (July 25, 2019), https://ww2.arb.ca.gov/news/california-and-major-automakers-reach-groundbreaking-framework-agreement-clean-emission. Later, CARB also agreed to allow an additional OEM to enter into a Framework Agreement. See CARB, Framework Agreements on Clean Cars, https://ww2.arb.ca.gov/resources/documents/ framework-agreements-clean-cars (last visited Nov. 11, 2024).

[18] The Safer Affordable Fuel-Efficient Vehicles Rule Part One: One National Program, 84 Fed. Reg at 51329 n.211. In contemporaneous public statements, CARB explained that they offered the Framework Agreements to manufacturers that “support[ed] . . . California’s authority to set vehicle emissions standards” after EPA had indicated its intent to revoke CARB’s Section 209(b) waiver. Media Advisory, CARB, Mary Nichols to Explain Why CARB Is Not Attending the 2019 Los Angeles Auto Show (Nov. 20, 2019), https://ww2.arb.ca.gov/news/media-advisory-mary-nichols-explain-why-california-air-resources-board-not-attending-2019-los. The Framework Agreements were finalized in August 2020 after the revocation of California’s waiver under Section 209(b) of the Clean Air Act to regulate GHG emissions.

[19] See Letter from CARB Regarding Revised 2023 and Later Model Year Light-Duty Vehicle Greenhouse Gas Emissions Standards, Docket ID No. EPA-HQ-OAR-2021-020, to Michael Regan, EPA Administrator, at 9 (Sept. 27, 2021), https://ww2.arb.ca.gov/sites/default/files/2021-10/2021-9-27-final-carb-my-2023-26-usepa-ghg-stds-ccessible.pdf; see also Union of Concerned Scientists v. Nat’l Highway Traffic Safety Admin., No. 19-1230, consolidated with Nos. 19-1239, 1241, 1242, 1243, 1243, 1246, 1249, 1174, and 1178, (D.C. Cir., filed Dec. 26, 2019).

[20] California State Motor Vehicle Pollution Control Standards, 87 Fed. Reg. 14332 (Notice of Decision, Mar. 14, 2022).

[21] See, e.g., Toyota Motors North America, Comment Letter on California State Motor Vehicle Pollution Control Standards; Advanced Clean Car Program; Reconsideration of a Previous Withdrawal of a Waiver of Preemption, Docket No. EPA-HQ-OAR-2021-0257(July 6, 2021 at 4–5) (raising concerns of retroactive enforcement in public comments to EPA’s proposed reconsideration of California’s waiver).

[22] See Opportunity for Public Hearing and Public Comment; California State Motor Vehicle Pollution Control Standards, 89 Fed. Reg. 57151 (Jul. 12, 2024).

[23] CARB, Advanced Clean Fleets Regulation, Enforcement Notice (Dec. 28, 2023) https://ww2.arb.ca.gov/sites/default/files/2023-12/231228acfnotice_ADA.pdf.

[24] Truck and Engine Manufacturers Association, Comment Letter on California State Motor Vehicle Pollution Control Standards; Advanced Clean Fleets Regulation; Request for Waiver of Preemption and Authorization; Opportunity for Public Hearing and Comment, EPA-HQ-OAR-2023-0589 (Sept. 12, 2024) (“. . . to apply the waiver retroactively violates both the CAA and basic principles of due process. The Due Process Clause of the U.S. Constitution requires a government to provide individuals with “an opportunity (1) to know what the law is and (2) to conform their conduct accordingly. Landgraf v. USI Film Prods., 511 U.S. 244, 265 (1994). Retroactive laws contravene “the bedrock due process principle that the people should have fair notice of what conduct is prohibited.” PHH Corp. v. CFPB, 839 F.3d 1, 46 (D.C. Cir. 2016), reinstated in relevant part, 881 F.3d 75, 83 (D.C. Cir. 2018) (en banc). . . . Accordingly, applying CARB’s regulations retroactively would undermine due process generally and as specifically incorporated into the CAA’s preemption waiver provisions. As a result, it is clear that California has no authority to apply its mobile source standards until after a waiver is granted.”).

[25] CARB, Advanced Clean Fleets Regulation, Enforcement Notice (Dec. 28, 2023, updated Oct. 25, 2024) https://ww2.arb.ca.gov/sites/default/files/2024-10/241025acfnotice_ADA.pdf (stating CARB has “decided to exercise its enforcement discretion” to refrain from enforcement action as to certain aspects of the rule “until U.S. EPA grants a preemption waiver . . . or[]determines a waiver is not necessary.”).

[26] See Ohio v. EPA, 98 F.4th 288, 293 (DC Cir. 2024), petition for cert. filed, No. 24-450 (U.S. Oct. 22, 2024).

[27] Id. at 294.

[28] See Press Release, Office of Governor Gavin Newsom, Governor Newsom convenes a special session of the Legislature to protect California values (Nov. 7, 2024), https://www.gov.ca.gov/2024/11/07/special-session-ca-values/ (calling for the California Legislature to allocate additional funding for state agencies “to pursue robust affirmative litigation against any unlawful actions by the incoming Trump Administration, as well as defend against federal lawsuits aimed at undermining California’s laws and policies.”).

[29] See Blanca Begert and Alex Nieves, It’s Already Trump’s World. California Is Just Living In It., Politico (Oct. 15, 2024 5:00 AM EDT), https://www.politico.com/news/2024/10/15/trump-california-environment-supreme-court-00183585.

[30] Loper Bright Enterprises v. Raimondo, 603 U.S. ___, 144 S. Ct. 2244 (2024).

[31] Press Release, CARB, CARB and truck and engine manufacturers announce unprecedented partnership to meet clean air goals (July 6, 2023), https://ww2.arb.ca.gov/news/carb-and-truck-and-engine-manufacturers-announce-unprecedented-partnership-meet-clean-air.

[32] See, e.g., Timothy Puko and Ben Foldy, Justice Department Launches Antitrust Probe Into Four Auto Makers” Wall St. J. (Sept. 6, 2019, 5:55 PM ET), https://www.wsj.com/articles/justice-department-launches-antitrust-probe-into-four-auto-makers-11567778958.

The following Gibson Dunn lawyers prepared this update: Stacie Fletcher, Rachel Levick, and Veronica J.T. Goodson.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Environmental Litigation and Mass Tort practice group:

Environmental Litigation and Mass Tort:

Stacie B. Fletcher – Washington, D.C.
(+1 202.887.3627, sfletcher@gibsondunn.com)

Rachel Levick – Washington, D.C.
(+1 202.887.3574, rlevick@gibsondunn.com)

Raymond B. Ludwiszewski – Washington, D.C.
(+1 202-955-8665, rludwiszewski@gibsondunn.com)

Veronica J.T. Goodson – Washington, D.C.
(+1 202.887.3719, vgoodson@gibsondunn.com)

The Final Rule brings the standard for determining when a person has “identified” an overpayment in line with the FCA’s knowledge standard and formalizes a six-month good-faith investigation period—but risks for providers remain.

Introduction

On November 1, 2024, the federal Centers for Medicare and Medicaid Services (CMS) issued a Final Rule (the “Final Rule“) regarding the identification, reporting, and return of overpayments by Medicare participants. The Final Rule applies to participants in Medicare Parts A through D––providers, suppliers, managed care organizations, Medicare Advantage organizations, and prescription drug plan sponsors. The Final Rule will be published in the Federal Register on December 9, 2024, and will go into effect on January 1, 2025.

Under the Affordable Care Act (ACA), recipients of federal health care program funds must report and return any overpayments within 60 days of “identifying” them. The Final Rule starts the 60-day clock for return of overpayments when an entity “knowingly receives or retains an overpayment,” replacing a prior standard—rejected in a 2018 court decision—that had started the clock at the point when an entity “should have determined through . . . reasonable diligence” that it received an overpayment. The Final Rule also introduces a 180-day suspension of the 60-day clock to allow for “good-faith” internal investigations into potential overpayments. Prior to the Final Rule, CMS had suggested that “most” such investigations should be completed within 180 days, but did not make that a formal deadline. However, investigations undertaken in good faith can last well over six months, and in finalizing the rule, CMS declined to reconsider the 180-day timeline or allow for extensions. Because the Final Rule also provides that the period for investigating overpayments ends at the latest when the 180-day suspension period ends, entities may face FCA challenges based on claims that investigations lasting longer than 180 days were not conducted in “good faith.”

Background

An “overpayment” occurs when CMS reimburses an entity for health care goods or services in excess of the amount to which the entity is entitled. Under the ACA, an entity must report and return an overpayment 60 days after the date on which the overpayment is “identified.”[1] The ACA does not specify what it means to “identify” an overpayment. An overpayment not returned by the appropriate deadline is considered an “obligation” under the “reverse” provision of the federal False Claims Act (FCA), which prohibits knowing and improper avoidance of an obligation to pay money to the government.[2]

In a series of regulations promulgated in 2014 and 2016, CMS stated that a Medicare participant “identifies” an overpayment when it “has determined, or should have determined through the exercise of reasonable diligence, that [it] has received an overpayment.”[3] This was essentially a negligence standard, and meant that reverse FCA liability could be premised on something less than recklessness, which is the minimum level of scienter the FCA requires. For several years, the CMS regulations remained intact, and in fact met with deference by some courts—most notably in the case of Kane ex rel. United States v. Healthfirst, Inc., 120 F. Supp. 3d 370 (S.D.N.Y. 2015). There, in analyzing reverse FCA allegations regarding Medicaid overpayments, the court credited CMS’s definition of “identified” in the Medicare context.[4]

Change came in UnitedHealthcare Ins. Co. v. Azar, which struck down the “reasonable diligence” standard.[5] The district court there held that the standard impermissibly created potential FCA liability based on mere negligence as to an obligation to return an overpayment, when the FCA itself requires at least reckless disregard.[6] In response to the UnitedHealthcare decision, CMS proposed a rule in late 2022 that—for the entire Medicare program—defined “identified” by reference to the relatively more stringent definition of “knowing” and “knowingly” contained in the FCA itself.[7]

Both the UnitedHealthcare decision and the 2022 Proposed Rule, however, left a key question unanswered, namely: how can providers avoid being charged with “knowledge” of an overpayment—within the meaning of the FCA—if they take longer than 60 days to conduct a good-faith investigation to determine whether overpayments have occurred? Particularly in large organizations with high volumes of claims, the running of that clock without any action to return monies to the government is very often a sign that a good-faith investigation into potential overpayments remains underway, not that overpayments were quickly identified and are being concealed or disregarded.

While the Final Rule provides a measure of clarity, it ultimately does not answer this question—and in fact, it creates new risks for providers facing potential FCA challenges.

Changes Effectuated by the Final Rule

At the most basic level, the Final Rule codifies the UnitedHealthcare court’s holding by providing that the 60-day clock for repayments begins when an entity “knowingly receives or retains an overpayment,” and explicitly incorporates the FCA’s definition of the word “knowingly.”[8]

The Final Rule also introduces a new provision ostensibly aimed at affording Medicare participants time to conduct internal investigations into potential overpayments. In 2015, CMS acknowledged that such investigations could take around 180 days, but prior to now the agency had not implemented either a requirement that such investigations be completed in that timeframe or an explicit provision tolling the deadline for return of overpayments pending such investigations.[9] The Final Rule, dovetailing off of CMS’s observation in 2015, provides for a maximum 180-day suspension of the 60-day clock to allow providers to conduct internal investigations.[10] In particular, the 180-day suspension applies if a provider has identified at least one overpayment and conducts a “good-faith investigation to determine the existence of related overpayments.”[11]

While the 180-day period seems aimed at providing greater clarity around CMS’s expectations for the timeline for investigating potential overpayments, a six-month investigation period is likely to prove a poor fit for many Medicare participants. Smaller providers facing relatively straightforward overpayment issues may have little trouble completing investigations in 180 days. But larger institutions such as hospitals—for which potential overpayments could span multiple providers and disease states and involve a variety of personnel over long periods of time—are likely to face significant challenges investigating and calculating potential overpayments on a six-month timeframe. Such investigations require time not only by compliance personnel but also by caregivers themselves, who are expected to provide information to aid in the investigation while juggling the non-stop realities of patient care and the operation of the enterprise itself. Even a fast-moving investigation in this sort of setting could easily take more than six months to yield conclusions.

That much could perhaps be addressed by a longer investigation period, at least for large institutional providers. But the Final Rule exacerbates the challenges for such providers by providing that the investigation period closes either when the aggregate overpayments have been identified and calculated or when 180 days have passed.[12] Because the Final Rule states that only a “good-faith” investigation will trigger the 180-day suspension period, the rule creates a risk that the government—or FCA relators—will argue that any investigation longer than 180 days was not conducted in “good faith,” and thus that any provider that does not return putative overpayments within 60 days after the expiration of the 180-day window has acted “knowingly” and faces reverse FCA liability for that reason. As the previous CMS guidance did, the Final Rule leaves open what types of information or scenarios would trigger an obligation to investigate short of having “actual knowledge” of the potential overpayment.

The comments CMS received on the Proposed Rule pointed to the challenges of completing an investigation of potential overpayments within six months. CMS acknowledged that they “heard from many commentators on the issue of time needed for investigations and calculations of overpayments,” and that some comments proposed that the rule include a process to extend the 180-day period for complex investigations, or include an 8-month investigation suspension.[13] Nonetheless, CMS stated that general support for codification of an investigatory period led them to believe that they had “appropriately balanced the needs of providers and suppliers with the required statutory mandates.”[14] It remains to be seen whether or not courts agree with that assertion—particularly in the wake of the Supreme Court’s Loper Bright decision, which empowers federal courts to independently evaluate, rather than defer to, federal agencies’ interpretations of the statutes they implement.[15] For now, Medicare participants undertaking complex overpayment investigations may be faced with a difficult choice in some cases: investigate for longer than 180 days and risk an accusation of “bad faith,” or somehow make a repayment to the payor before the potential overpayment is confirmed and/or quantified. The dilemma appears designed to force on providers a commitment of resources to quickly investigate potential overpayments that may not be available in all cases. Among other questions about how the Final Rule will be implemented, it remains to be seen whether CMS, Medicare Administrative Contractors, and/or potential FCA enforcers will be willing to consider a provider’s facts and circumstances in cases where investigative deadlines cannot be met. Additionally, while this Final Rule is specific to Medicare, FCA cases in other regulatory contexts regularly present the question of the appropriate timeline for internal investigations to identify potential overpayments. It remains to be seen whether the 180-day suspension period and the “good faith” requirement—and the risks they pose—have broader implications for defendants facing FCA investigations and litigation outside the health care arena.

Gibson Dunn will continue to monitor developments related to the Final Rule. And, of course, we would be happy to discuss these developments—and their implications for your business—with you.

[1] 42 U.S.C. § 1320-7k(d).

[2] Id.; 31 U.S.C. § 3729(a)(1)(g).

[3] See, e.g., 42 C.F.R. § 422.326(c) (Medicare Advantage rule); 42 C.F.R. § 401.305(a)(2) (Part A and B rule), 42 C.F.R. § 423.360(c) (Part D rule).

[4] 120 F. Supp. 3d at 383-93.

[5] 330 F. Supp. 3d 173 (D.D.C. 2018), rev’d on other grounds sub nom. UnitedHealthcare Ins. Co. v. Becerra, 16 F.4th 867 (D.C. Cir. 2021).

[6] UnitedHealthcare Ins. Co. v. Azar, 330 F. Supp. 3d at 191.

[7] Contract Year 2024 Medicare Parts A, B, C, and D Overpayment Provisions, 87 Fed. Reg. 79452, 79559 (Dec. 27, 2022).

[8] Dep’t of Health & Hum. Servs., Centers for Medicare & Medicaid Servs., RIN 0938-AV33 and 0938-AU96, at 2446 (emphasis added).

[9] Medicare Program; Contract Year 2015 Policy and Technical Changes to the Medicare Advantage and the Medicare Prescription Drug Benefit Programs, 79 Fed. Reg. 29,844, 29,923 (May 23, 2014).

[10] Dep’t of Health & Hum. Servs., Centers for Medicare & Medicaid Servs., RIN 0938-AV33 and 0938-AU96, at 2447.

[11] Id.

[12] Id.

[13] Id. at 1871-72.

[14] Id. at 1871.

[15] Loper Bright Enterprises v. Raimondo, 144 S. Ct. 2244, 2273 (2024).

The following Gibson Dunn lawyers prepared this update: Jonathan Phillips, Winston Chan, Michael Dziuban, and Heather Skrabak.

Washington, D.C.
Jonathan M. Phillips – Co-Chair (+1 202.887.3546, jphillips@gibsondunn.com)
Stuart F. Delery (+1 202.955.8515,sdelery@gibsondunn.com)
F. Joseph Warin (+1 202.887.3609, fwarin@gibsondunn.com)
Gustav W. Eyler (+1 202.955.8610, geyler@gibsondunn.com)
Lindsay M. Paulin (+1 202.887.3701, lpaulin@gibsondunn.com)
Geoffrey M. Sigler (+1 202.887.3752, gsigler@gibsondunn.com)
Joseph D. West (+1 202.955.8658, jwest@gibsondunn.com)

San Francisco
Winston Y. Chan – Co-Chair (+1 415.393.8362, wchan@gibsondunn.com)
Charles J. Stevens (+1 415.393.8391, cstevens@gibsondunn.com)

New York
Reed Brodsky (+1 212.351.5334, rbrodsky@gibsondunn.com)
Mylan Denerstein (+1 212.351.3850, mdenerstein@gibsondunn.com)

Denver
John D.W. Partridge (+1 303.298.5931, jpartridge@gibsondunn.com)
Ryan T. Bergsieker (+1 303.298.5774, rbergsieker@gibsondunn.com)
Robert C. Blume (+1 303.298.5758, rblume@gibsondunn.com)
Monica K. Loseman (+1 303.298.5784, mloseman@gibsondunn.com)

Dallas
Andrew LeGrand (+1 214.698.3405, alegrand@gibsondunn.com)

Palo Alto
Benjamin Wagner (+1 650.849.5395, bwagner@gibsondunn.com)

From the Derivatives Practice Group: The CFTC Global Markets Advisory Committee will hold a virtual meeting on November 21 to discuss expanding the use of non-cash collateral through the use of distributed ledger technology.

New Developments

CFTC Warns of Potential Dangers for Messaging App Users. On October 31, the CFTC Office of Customer Education and Outreach released a customer advisory alerting messaging app users to beware of schemes to defraud them of assets, specifically crypto assets. Fraudsters are exploiting the default settings of commonly used messaging apps, telephone networks, and mobile devices to lure users into crypto pump-and-dump schemes and other scams. [NEW]
Commissioner Pham Announces CFTC Global Markets Advisory Committee Meeting on November 21. CFTC Commissioner Caroline D. Pham, sponsor of the Global Markets Advisory Committee (“GMAC”), announced the GMAC will hold a virtual public meeting Thursday, Nov. 21, from 9:30 a.m. to 10:30 a.m. EST. At this meeting, the GMAC will hear a presentation by the Tokenized Collateral workstream of the GMAC’s Digital Asset Markets Subcommittee on expanding use of non-cash collateral through use of distributed ledger technology and consider a recommendation from the Subcommittee. The meeting will also include a presentation by the Utility Tokens workstream of the Digital Asset Markets Subcommittee summarizing their work to-date on defining utility tokens and developing guidance for market participants. [NEW]
SEC Adopts Rule Amendments and New Rule to Improve Risk Management and Resilience of Covered Clearing Agencies. On October 25, the SEC adopted rule amendments and a new rule to improve the resilience and recovery and wind-down planning of covered clearing agencies. The rule amendments establish new requirements regarding a covered clearing agency’s collection of intraday margin as well as a covered clearing agency’s reliance on substantive inputs to its risk-based margin model. The new rule prescribes requirements for the contents of a covered clearing agency’s recovery and wind-down plan. The rule amendments require that a covered clearing agency that provides central counterparty services has policies and procedures to establish a risk-based margin system that monitors intraday exposures on an ongoing basis, includes the authority and operational capacity to make intraday margin calls as frequently as circumstances warrant (including when risk thresholds specified by the covered clearing agency are breached or when the products cleared or markets served display elevated volatility), and documents when the covered clearing agency determines not to make an intraday call pursuant to its written policies and procedures. [NEW]
SEC Division of Examinations Announces 2025 Priorities. On October 21, the SEC’s Division of Examinations released its 2025 examination priorities. The Division of Examinations indicated that it will continue to focus on whether security-based swap dealers (“SBSDs”) have implemented policies and procedures related to compliance with security-based swap rules generally, including whether they are meeting their obligations under Regulation SBSR to accurately report security-based swap transactions to security-based swap data repositories and, where applicable, whether they are complying with relevant conditions in SEC orders governing substituted compliance. For other SBSDs, the Division of Examinations said that it may focus on SBSDs’ practices with respect to applicable capital, margin, and segregation requirements and risk management. The Division of Examinations also indicated that it expects to assess whether SBSDs have taken corrective action to address issues identified in prior examinations. Additionally, the Division of Examinations advised that it may begin conducting examinations of registered security-based swap execution facilities in late fiscal year 2025.

New Developments Outside the U.S.

ESAs Publish 2024 Joint Report on Principal Adverse Impacts Disclosures Under the Sustainable Finance Disclosure Regulation. On October 30, the European Supervisory Authorities (“ESAs”) published their third annual Report on disclosures of principal adverse impacts under the Sustainable Finance Disclosure Regulation (“SFDR”). The Report assesses both entity and product-level Principal Adverse Impact disclosures under the SFDR. These disclosures aim at showing the negative impact of financial institutions’ investments on the environment and people and the actions taken by asset managers, insurers, investment firms, banks and pension funds to mitigate them. [NEW]
The ESAs Finalize Rules to Facilitate Access to Financial and Sustainability Information on the ESAP. On October 29, the ESAs published the Final Report on the draft implementing technical standards (“ITS”) regarding certain tasks of the collection bodies and functionalities of the European Single Access Point (“ESAP”). The requirements are designed to enable future users to be able to access and use financial and sustainability information effectively and effortlessly in a centralized ESAP platform. [NEW]
ESMA Consults on Amendments to MiFID Research Regime. On October 28, ESMA launched a consultation on amendments to the research provisions in the Markets in Financial Instruments II (“MiFID II”) Delegated Directive following changes introduced by the Listing Act. The Listing Act introduces changes that enable joint payments for execution services and research for all issuers, irrespective of the market capitalization of the issuers covered by the research. The Consultation Paper includes proposals to amend Article 13 of the MiFID II Delegated Directive in order to align it with the new payment option offered. [NEW]
ESMA Responds to the Commission Rejection of Certain MiCA Technical Standards. On October 16, ESMA responded to the European Commission proposal to amend the Markets in crypto-assets Regulation (“MiCA”) Regulatory Technical Standards (“RTS”). In their response, ESMA emphasized the importance of the policy objectives behind the initial proposal.
ESAs Respond to the European Commission’s Rejection of the Technical Standards on Registers of Information under the Digital Operational Resilience Act and Call for Swift Adoption. On October 15, the ESAs issued an Opinion on the European Commission’s rejection of the draft ITS on the registers of information under the Digital Operational Resilience Act. The ESAs raise concerns over the impacts and practicalities of the proposed EC changes to the draft ITS on the registers of information in relation to financial entities’ contractual arrangements with ICT third-party service providers.
ESMA, ECB and EC Announce Next Steps for the Transition to T+1 Governance. On October 15, ESMA, the European Commission and the European Central Bank announced the next steps to support the preparations towards a transition to T+1 in a Joint Statement. ESMA stressed in the Joint Statement that they believe a coordinated approach across Europe is desirable, with efforts to reach consensus on the timing of any move to T+1.

New Industry-Led Developments

ISDA Letter to FASB on Share-based Payment from a Customer in a Revenue Contract. On October 21, ISDA submitted a response to the Financial Accounting Standards Board (“FASB”) on File Reference No. 2024-ED100, Derivatives Scope Refinements and Scope Clarification for a Share-based Payment from a Customer in a Revenue Contract. ISDA believes the FASB’s proposal will improve the application and relevance of the Derivatives and Hedging (Topic 815) and Revenue from Contracts with Customers (Topic 606) guidance and has provided potential refinements to the guidance in the letter. [NEW]
Central Database of Reporting Entity Contact Details for EU and UK EMIR. On October 17, ISDA produced a central database of contact details to assist members resolve reconciliation breaks with counterparties for EU and UK European Market Infrastructure Regulation (“EMIR”) reporting. The central database was created by contributing firms’ submissions and includes details such as entity names, legal entity identifiers and reporting contact emails.
ISDA, GFXD respond to ESMA on Order Execution Policies. On October 16, ISDA and the Global FX Division of the Global Financial Markets Association responded to a consultation paper from ESMA on “Technical Standards specifying the criteria for establishing and assessing the effectiveness of investment firms’ order execution policies.” In the response, the associations discuss the requirement for pre-selected execution venues, mandatory consumption of consolidated tapes and categorization of financial instruments under the Markets in Financial Instruments Regulation, among other issues.

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, jsteiner@gibsondunn.com)

Michael D. Bopp, Washington, D.C. (202.955.8256, mbopp@gibsondunn.com)

Michelle M. Kirschner, London (+44 (0)20 7071.4212, mkirschner@gibsondunn.com)

Darius Mehraban, New York (212.351.2428, dmehraban@gibsondunn.com)

Jason J. Cabral, New York (212.351.6267, jcabral@gibsondunn.com)

Adam Lapidus – New York (212.351.3869, alapidus@gibsondunn.com )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, sbrooker@gibsondunn.com)

William R. Hallatt , Hong Kong (+852 2214 3836, whallatt@gibsondunn.com )

David P. Burns, Washington, D.C. (202.887.3786, dburns@gibsondunn.com)

Marc Aaron Takagaki , New York (212.351.4028, mtakagaki@gibsondunn.com )

Hayden K. McGovern, Dallas (214.698.3142, hmcgovern@gibsondunn.com)

Karin Thrasher, Washington, D.C. (202.887.3712, kthrasher@gibsondunn.com)