Client Alert Archives

Ryan, LLC v. Federal Trade Commission

The United States District Court for the Northern District of Texas today granted summary judgment to Gibson Dunn’s client, Ryan, LLC, in its challenge to the Federal Trade Commission’s Non-Compete Rule. The Rule would have retroactively invalidated over 30 million employment contracts and preempted the laws of 46 states. The court set aside the rule, with nationwide effect, ordering that “the Rule shall not be enforced or otherwise take effect on its effective date of September 4, 2024 or thereafter.”

Ryan, LLC was the first party to challenge the lawfulness of the Non-Compete Rule. A group of trade associations led by the United States Chamber of Commerce intervened in the case to challenge the Rule as well. Ryan and the intervenors had previously won a preliminary injunction and stay of the Rule.[1]

The court today re-affirmed its core holdings that (1) the Rule exceeded the FTC’s statutory authority because the FTC does not have authority to promulgate substantive rules regarding unfair methods of competition and (2) the Rule is arbitrary and capricious, in violation of the Administrative Procedure Act, because the FTC failed to justify the nearly universal breadth of its ban. The court’s summary judgment order applies nationwide.

The court’s ruling means that the Non-Compete Rule will not take effect on September 4. The FTC cannot enforce it against anyone, non-competes that were enforceable before the rule remain enforceable, and businesses and workers are free to enter into new non-competes. The FTC may appeal the ruling to the Fifth Circuit. The FTC has not yet indicated whether or when it may appeal.

[1] A discussion of that preliminary injunction is available here.

Gibson Dunn lawyers Eugene Scalia, Allyson N. Ho, Amir C. Tayrani, Andrew Kilberg, Elizabeth A. Kiernan, Aaron Hauptman, and Josh Zuckerman represent Ryan, LLC.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Administrative Law & Regulatory, Labor & Employment, or Antitrust & Competition practice groups:

Administrative Law and Regulatory:
Allyson N. Ho – Dallas (+1 214.698.3233, aho@gibsondunn.com)
Eugene Scalia – Washington, D.C. (+1 202.955.8673, escalia@gibsondunn.com)
Amir C. Tayrani – Washington, D.C. (+1 202.887.3692, atayrani@gibsondunn.com)
Helgi C. Walker – Washington, D.C. (+1 202.887.3599, hwalker@gibsondunn.com)

Labor and Employment:
Andrew G.I. Kilberg – Washington, D.C. (+1 202.887.3759, akilberg@gibsondunn.com)
Karl G. Nelson – Dallas (+1 214.698.3203, knelson@gibsondunn.com)
Jason C. Schwartz – Washington, D.C. (+1 202.955.8242, jschwartz@gibsondunn.com)
Katherine V.A. Smith – Los Angeles (+1 213.229.7107, ksmith@gibsondunn.com)

Antitrust and Competition:
Rachel S. Brass – San Francisco (+1 415.393.8293, rbrass@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202.955.8657, sgans@gibsondunn.com)
Cynthia Richman – Washington, D.C. (+1 202.955.8234, crichman@gibsondunn.com)
Stephen Weissman – Washington, D.C. (+1 202.955.8678, sweissman@gibsondunn.com)

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

On August 13, 2024, the Federal Circuit issued a precedential decision on the issue of obviousness-type double patenting (ODP) and patent-term adjustment (PTA) in Allergan USA, Inc. et al., v. MSN Laboratories Private Ltd., et al., No. 24-1061 (Fed. Cir. Aug. 13, 2024). While the decision also addressed other issues, this update focuses on summarizing the Court’s holding on the ODP issue.

Allergan markets and sells eluxadoline tablets under the brand name Viberzi®. Allergan owns patents that cover the drug compound and composition; specifically, claim 40 of the ’356 patent recites the eluxadoline compound. The ’356 patent was awarded 1,107 days of PTA due to delays in its prosecution. All but 467 of those PTA days were disclaimed. Continuing applications were filed claiming the same priority date as the ’356 patent (the ’011 and ’709 patents). Neither received PTA, and each was therefore set to expire before the ’356 patent. Defendant argued based on In re Cellect, LLC, 81 F.4th 1216, 1228–29 (Fed. Cir. 2023), that the ’011 and ’709 patents were ODP references that rendered the ’356 patent invalid. The district court agreed, and Allergan appealed.

The Federal Circuit (Lourie, J., joined by Dyk[1] and Reyna, J.J.) reversed, concluding that the claims of the ’011 and ’709 reference patents were not proper ODP references that could be used to invalidate claim 40 of the ’356 patent. The Court held that a “first-filed, first-issued, later-expiring claim cannot be invalidated by a later-filed, later-issued, earlier-expiring reference claim having a common priority date.” The Federal Circuit distinguished the facts and questions presented in In re Cellect from Allergan and stated that “Cellect does not address, let alone resolve, any variation of the question presented here—namely, under what circumstances can a claim properly serve as an ODP reference—and therefore has little to say on the precise issue before us.” The Court then held that a “later-filed, later-issued” patent cannot be an ODP reference to “the first-filed, first-issued patent in its family,” stating: “[t]hat is the only conclusion consistent with the purpose of the ODP doctrine, which is to prevent patentees from obtaining a second patent on a patentably indistinct invention to effectively extend the life of a first patent to that subject matter.” The Court further asserted that “the first-filed, first-issued patent in its family . . . is the patent that sets the maximum period of exclusivity for the claimed subject matter and any patentably indistinct variants.”

The Court provided the following further rationale for its decision:

“When seeking patent protection, it is not atypical for a patent applicant to first seek to protect the most valuable inventive asset (e.g., a pharmaceutical genus claim) before filing continuing applications on enhancements or modifications to that inventive asset (e.g., a particular compound in that genus, a method of using the compounds of that genus, etc.). And it is unsurprising that prosecution of a first-of-its-kind invention can be protracted, requiring greater time and effort by the applicant and examiner alike, such that any eventual patent on that invention is awarded some amount of PTA. Nor is it surprising that, for one reason or another (e.g., the examiner’s newfound familiarity with the subject matter), a subsequently filed continuing application claiming the same priority date and covering a modification of that invention proceeds much more efficiently through prosecution such that any patent awarded to that modification receives little to no award of PTA. As a result, that later-filed, later-issued continuing, or “child,” patent, whether subject to a terminal disclaimer over the parent or not, generally expires no later than the parent patent. That child patent does not, then, result in any extension of patent term of the invention claimed in the parent patent given that it expires first. Nor can the parent patent be said to result in an extension of patent term of the invention claimed in the child patent when, as here, the claims in the child patent did not even exist until after the parent patent issued. To hold otherwise—that a first-filed, first-issued parent patent having duly received PTA can be invalidated by a later-filed, later-issued child patent with less, if any, PTA—would not only run afoul of the fundamental purposes of ODP, but effectively abrogate the benefit Congress intended to bestow on patentees when codifying PTA. That is because such a holding would require patent owners, in order to preserve the validity of the parent patent, to file a terminal disclaimer disclaiming any term of the parent that extends beyond that of the child, which, given that the patents share a priority date, would amount to the disclaimer of only PTA. That parent patent, then, would not receive the benefit of its congressionally guaranteed patent term, see 35 U.S.C. § 154(b), and would instead be limited to the, presumably shorter, term of its own child. Such a result would be untenable.”

After this decision, there could be more proceedings forthcoming, including a petition for panel rehearing, a petition for rehearing en banc, and/or a petition for certiorari. Please stay tuned for further developments on this front.

[1] Judge Dyk joined this portion of the majority opinion. He dissented with respect to other issues addressed by the Court, which have not been summarized in this update.

The following Gibson Dunn lawyers assisted in preparing this update: Robert Trenchard, Jane M. Love, Ph.D., and Kate Dominguez.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups, or the authors:

Robert W. Trenchard – New York (+1 212.351.3942, rtrenchard@gibsondunn.com)
Jane M. Love, Ph.D. – New York (+1 212.351.3922, jlove@gibsondunn.com)
Kate Dominguez – New York (+1 212.351.2338, kdominguez@gibsondunn.com)

Appellate and Constitutional Law:
Thomas H. Dupree Jr. – Washington, D.C. (+1 202.955.8547, tdupree@gibsondunn.com)
Allyson N. Ho – Dallas (+1 214.698.3233, aho@gibsondunn.com)
Julian W. Poon – Los Angeles (+ 213.229.7758, jpoon@gibsondunn.com)

Intellectual Property:
Kate Dominguez – New York (+1 212.351.2338, kdominguez@gibsondunn.com)
Y. Ernest Hsin – San Francisco (+1 415.393.8224, ehsin@gibsondunn.com)
Josh Krevitt – New York (+1 212.351.4000, jkrevitt@gibsondunn.com)
Jane M. Love, Ph.D. – New York (+1 212.351.3922, jlove@gibsondunn.com)

From the Derivatives Practice Group: This week, ESMA signed a Memorandum of Understanding with the British Columbia Securities Commission and updated its list of recognized third-country central counterparties to include those which are established in Canada and authorized or recognized by the British Columbia Securities Commission.

New Developments

CFTC Approves a Joint Rule Proposal to Establish Technical Data Reporting Standards. On August 8, the CFTC voted to jointly propose and request public comment on the establishment of technical data reporting standards with other financial regulatory agencies. The proposal would establish uniform data standards for the collections of information reported to the CFTC, Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Consumer Financial Protection Bureau, Federal Housing Finance Agency, Securities and Exchange Commission, and the Department of the Treasury. The proposal would also establish uniform data standards for data collected from these financial regulatory agencies on behalf of the Financial Stability Oversight Council. According to the CFTC, the proposed standards would promote interoperability of financial regulatory data across the financial regulatory agencies through the adoption of common identifiers for legal entities, financial instruments, and other data. In addition to proposing the use of common identifiers, the proposal would also further standardize the format and transmission of data to financial regulatory agencies. The CFTC explained that the proposed rule is part of the implementation of the Financial Data Transparency Act of 2022 (“FDTA”); although the CFTC is not specifically referenced in the FDTA, the Secretary of the Treasury designated the CFTC as a covered agency on May 3, 2024. Comments on the proposal are due 60 days following publication in the Federal Register.
CFTC Exempts Additional Singapore Recognized Market Operators from SEF Registration Requirements. On August 2, the CFTC announced it unanimously approved an amended order that exempts two recognized market operators (“RMO”s) authorized within Singapore from CFTC swap execution facility (“SEF”) registration requirements. The exempted RMOs are FMX Securities (Singapore) Pte. Limited and LMAX Pte. Ltd. Section 5h(g) of the Commodity Exchange Act provides that the CFTC may grant such an exemption if it finds that a foreign SEF is subject to comparable, comprehensive supervision and regulation by the appropriate governmental authorities in the facility’s home country. Likewise, the CFTC may revoke exempt status when a facility is no longer authorized or in good standing in its home country.
CFTC Approves Final Rule Allowing U.S. Introducing Brokers Direct Access to Registered Foreign Boards of Trade for the Submission of Customer Orders. On July 29, the CFTC announced it approved final rules amending Part 48 of its regulations. The final rules permit a foreign board of trade (“FBOT”), registered with the CFTC, to provide direct access to its electronic trading and order matching system to an introducing broker, located in the United States and registered with the CFTC, for the submission of customer orders to the FBOT’s trading system for execution. The final rules also establish a procedure for an FBOT to request revocation of its registration and remove certain outdated references to “existing no-action relief” in Part 48.

New Developments Outside the U.S.

ESAs’ Joint Board of Appeal Allows the Appeal Lodged by NOVIS and Remits the Case to EIOPA. On August 13, the Joint Board of Appeal of the European Supervisory Authorities (“ESAs”) unanimously decided that the appeal brought by NOVIS against the European Insurance and Occupational Pensions Authority (“EIOPA”) is admissible. The appeal was brought in relation to the EIOPA decision not to grant access to documents, which were requested by NOVIS. In its decision, the board of appeal acknowledged that requests for access to documents laid out in Regulation No 1049/2001 can be dismissed by way of exceptions to protect certain public and private interests. [NEW]
ESMA Recognizes CDS Clearing and Depository Services as Tier 1 CCP Following MoU with the British Columbia Securities Commission. On August 13, ESMA signed a Memorandum of Understanding (“MoU”) with the British Columbia Securities Commission and updated its list of recognized third-country central counterparties (“CCPs”) under the European Markets Infrastructure Regulation (“EMIR”). The MoU establishes cooperation arrangements, including the exchange of information, regarding CCPs that are established in Canada and authorized or recognized by the British Columbia Securities Commission, and which have applied for EU recognition under EMIR. [NEW]
ESAs’ Joint Board of Appeal Dismisses Appeal by Euroins Insurance Group AD Against the European Insurance and Occupational Pensions Authority. On August 7, the Joint Board of Appeal of the ESAs unanimously decided that the appeal brought by Euroins Insurance Group AD (“Euroins”) against the EIOPA is inadmissible. In its decision, the board of appeal found that EIOPA’s power to initiate an investigation is of an entirely discretionary nature. Furthermore, the board of appeal also asserted that the EIOPA Chairperson’s decision to initiate an investigation is not subject to the board of appeal’s review. Finally, the decision clarified that the board of appeal does not have the power to order EIOPA to re-assess an appellant’s request to open an investigation.
ESMA Publishes Data for Quarterly Bond Liquidity Assessment and the Systematic Internalizer Calculations. On August 1, ESMA published the new quarterly liquidity assessment of bonds and the data for the quarterly systematic internalizer calculations for equity, equity-like instruments, bonds and for other non-equity instruments under MiFID II and MiFIR.
ESMA Delivers Opinion on Global Crypto Firms Using their non-EU Execution Venues. On July 31, ESMA issued an Opinion to address the risks presented by global crypto firms seeking authorization under the Markets in Crypto Assets (“MiCA”) Regulation for part of their activities (crypto brokerage) while keeping a substantial part of their group activities (intra-group execution venues) outside the EU regulatory scope. The opinion calls for a case-by-case assessment, outlining the specific requirements that ESMA believes should be met regarding best execution, conflicts of interest, the obligation to act honestly, fairly, and professionally in the best interests of clients and the obligation relating to the custody and administration of crypto-assets on behalf of clients.
The FCA Publishes Consultation Paper on the Derivatives Trading Obligation and Post-Trade Risk Reduction Services. On July 26, the Financial Conduct Authority (“FCA”) published a consultation paper on aspects of the derivatives trading obligation (“DTO”) as part of HM Treasury’s Wholesale Markets Review. The FCA is consulting on proposals to (1) include certain overnight index swaps based on the US Secured Overnight Financing Rate within the classes of derivatives subject to the DTO; (2) expand the list of post-trade risk reduction services exempted from the DTO and from other obligations; and (3) the FCA’s intention to use its power to suspend or modify the DTO once its transitional powers expire. The consultation closes on September 30, 2024. The FCA will publish a policy statement with final rules in Q4 2024.
ESAs Publish Joint Final Report on the Draft Technical Standards on Subcontracting under DORA. On July 26, the European Supervisory Authorities published their joint Final Report on the draft Regulatory Technical Standards (“RTS”) specifying how to determine and assess the conditions for subcontracting information and communication technology (“ICT”) services that support critical or important functions under the Digital Operational Resilience Act (“DORA”). These RTS aim to enhance the digital operational resilience of the EU financial sector by strengthening the financial entities’ ICT risk management over the use of subcontracting.

New Industry-Led Developments

ISDA Letter on FICC’s Proposed Rulebook Changes. On August 1, ISDA submitted a letter to the SEC in response to the Fixed Income Clearing Corporation’s (“FICC”) proposed changes to its Government Securities Division Rulebook in accordance with the Securities Exchange Act of 1934. The comment letter addresses FICC’s proposal to modify its trade submission rules in relation to mandatory clearing of certain US Treasury transactions. The proposed rule changes: (i) adopt a requirement that each netting member must submit all eligible secondary market transactions to which it is a counterparty to FICC for clearance and settlement; (ii) adopt new initial and ongoing membership requirements and other measures to facilitate FICC’s ability to monitor a netting member’s compliance with the trade submission requirement; (iii) adopt disciplinary measures to address a netting member’s failure to comply with the trade submission requirement; and (iv) modify the FICC rules to facilitate the trade submission requirement.
Joint Association Letter on CFTC Block Thresholds and Cap Sizes. On July 29, ISDA, the Securities Industry and Financial Markets Association, the Securities Industry and Financial Markets Association Asset Management Group, the American Council of Life Insurers and the Investment Company Institute sent a letter to the CFTC requesting a public forum be provided to continue to evaluate the methodology for calculating the block thresholds and cap sizes under Part 43 of the CFTC’s regulations.

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Derivatives practice group, or the following practice leaders and authors:

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, jsteiner@gibsondunn.com)

Michael D. Bopp, Washington, D.C. (202.955.8256, mbopp@gibsondunn.com)

Michelle M. Kirschner, London (+44 (0)20 7071.4212, mkirschner@gibsondunn.com)

Darius Mehraban, New York (212.351.2428, dmehraban@gibsondunn.com)

Jason J. Cabral, New York (212.351.6267, jcabral@gibsondunn.com)

Adam Lapidus – New York (212.351.3869, alapidus@gibsondunn.com )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, sbrooker@gibsondunn.com)

William R. Hallatt , Hong Kong (+852 2214 3836, whallatt@gibsondunn.com )

David P. Burns, Washington, D.C. (202.887.3786, dburns@gibsondunn.com)

Marc Aaron Takagaki , New York (212.351.4028, mtakagaki@gibsondunn.com )

Hayden K. McGovern, Dallas (214.698.3142, hmcgovern@gibsondunn.com)

Karin Thrasher, Washington, D.C. (202.887.3712, kthrasher@gibsondunn.com)

Gibson Dunn’s Workplace DEI Task Force aims to help our clients develop creative, practical, and lawful approaches to accomplish their DEI objectives following the Supreme Court’s decision in SFFA v. Harvard. Prior issues of our DEI Task Force Update can be found in our DEI Resource Center. Should you have questions about developments in this space or about your own DEI programs, please do not hesitate to reach out to any member of our DEI Task Force or the authors of this Update (listed below).

Key Developments:

On July 23, 2024, America First Legal (AFL), the organization founded and run by former Trump policy advisor Stephen Miller, announced that it had filed a federal civil rights complaint with the EEOC against CrowdStrike. AFL alleges that “prohibited characteristics” are motivating CrowdStrike’s employment decisions under the guise of DEI, in violation of Title VII. The complaint points to CrowdStrike’s nine employee resource groups, including Women of CrowdStrike and Communidad. AFL contends that the lack of a resource group for “Men of CrowdStrike” or white employees is discriminatory. AFL also highlights CrowdStrike’s public proxy statement, which includes a “Board Diversity Matrix” that tracks the sex, gender identity, race, and ethnicity of its current directors. AFL sent a corresponding letter to CrowdStrike’s board of directors demanding that the company end its allegedly discriminatory workplace practices.

On July 29, 2024, Auburn University announced it will dissolve its Office of Inclusion and Diversity by August 15, 2024. Established in 2016 at the recommendation of students and staff, the office aimed to enhance the recruitment and retention of underrepresented groups and oversee educational and cultural programs. Auburn now joins four other Alabama state colleges in closing their diversity offices after Governor Kay Ivey signed a law banning DEI programs and the teaching of certain “divisive concepts” on March 19, 2024. One day later, on July 30, 2024, the University of Missouri also announced it will dissolve its Division for Inclusion, Diversity and Equity (IDE) by August 15, 2024.

On July 30, 2024, the court granted Starbucks’ motion to dismiss in Langan v. Starbucks Corporation, No. 3:23-cv-05056 (D.N.J. July 30, 2024). Langan, a white female former employee, filed a complaint against Starbucks claiming that she was wrongfully accused of racism and terminated after she rejected Starbucks’ attempt to deliver “Black Lives Matter” T-shirts to her store. The plaintiff brought claims for discrimination under Title VII, Section 1981, the New Jersey Law Against Discrimination (NJLAD), the Americans with Disabilities Act, and the Age Discrimination in Employment Act, as well as retaliation in violation of Title VII and the NJLAD and various torts. On December 8, 2023, Starbucks moved to dismiss the plaintiff’s NJLAD claims on the basis that they were barred by the statute of limitations. Starbucks also moved to dismiss the plaintiff’s tort claims and Section 1981 discrimination claim for failure to state a claim. In the ruling last week, the court granted Starbucks’ motion to dismiss in its entirety, agreeing that the NJLAD claims were untimely and that the plaintiff had failed to state her tort or Section 1981 claims. As to her Section 1981 claim, the court held that the plaintiff had not alleged that her termination was based on anything other than her “egregious” discriminatory comments and her violation of the company’s anti-harassment policy. The court granted the plaintiff leave to amend, and the plaintiff filed an amended complaint on August 11.

On July 29, 2024, the Equal Protection Project (EPP) filed a complaint with the U.S. Department of Education’s Office for Civil Rights (OCR) against the Mitchell Hamline School of Law (Hamline Law) in St. Paul, Minnesota. EPP alleges that Hamline Law’s hosting of the Minnesota Association of Black Lawyers (MABL) Law School Pathways mentorship program constitutes racial discrimination in violation of Title VI of the Civil Rights Act, as the program is exclusively available to Black students. The program selects ten to twenty juniors, seniors, and alumni from Minnesota universities and colleges each year as “MABL Pathways Scholars.” These scholars receive pre-law school programming, LSAT preparation, and academic mentoring in order “to empower Black students in Minnesota to succeed in law school and the legal profession.” In response to EPP’s complaint, Hamline Law said that it only hosts the program and does not administer it.

On July 29, 2024, Judge Trina Thompson in the Northern District of California denied a motion to dismiss a proposed securities class action against Wells Fargo in SEB Investment Management AB v. Wells Fargo & Co., No. 22-cv-03811-TLT (N.D. Cal. July 29, 2024). The lawsuit alleged that Wells Fargo engaged in sham practices related to interviewing diverse candidates, including interviewing candidates for positions that had already been filled. To support their allegations that Wells Fargo violated Section 10(b) of the Securities Act and Rule 10b-5, the plaintiffs identified eleven allegedly false or misleading statements related to Wells Fargo’s hiring program dating back to 2020. Wells Fargo argued that the plaintiffs had not adequately pled scienter, but the court held that plaintiffs had sufficiently alleged that Wells Fargo knowingly made false statements about its hiring practices sufficient to raise a strong inference of scienter. The court therefore denied Wells Fargo’s motion to dismiss.

On July 31, 2024, a three-judge panel of the Eleventh Circuit overturned the district court’s dismissal of a complaint of race discrimination against a City Commission and its Chairman in McCarthy v. City of Cordele, No. 23-11036 (11th Cir. July 31, 2024). The plaintiff sued the City Commission of Cordele, Georgia, and the newly-elected Chairman of the Commission, alleging that he was fired from his position as City Manager because he was white, in violation of Section 1981, Section 1983, Title VII, and the Equal Protection Clause of the Fourteenth Amendment. The district court granted the defendants’ motion to dismiss, holding that the plaintiff’s allegations did not support an inference of a racially discriminatory motive because the plaintiff did not adequately allege that the Commissioners who voted to fire him acted with a discriminatory intent, even though they were acting at the urging of the non-voting Chairman. The Eleventh Circuit found that the district court erred in separating the official actions of the Chairman from those of the Commission but that it correctly dismissed the claims against the Chairman in his individual capacity. The court therefore reversed the district court in part and remanded for further proceedings.

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

Wall Street Journal, “The Activist Pushing Companies to Ditch Their Diversity Policies” (August 3): The Wall Street Journal’s Joseph Pisani and Chip Cutter profile conservative activist Robby Starbuck, who has leveraged his 500,000 followers on X to rally opposition against DEI initiatives at various companies. Pisani and Cutter report that Starbuck’s criticism has led companies such as Tractor Supply and John Deere to scale back their DEI efforts, and that his newest target is Harley-Davidson, with additional companies also in his sights. In his campaign against Harley-Davidson, Starbuck criticized the company for its support of LGBTQ+ causes and its “total commitment to DEI policies.” According to Starbuck, “Everybody should just go to work, do their job, go home. You want to be an activist in your personal time? That’s your business.”
Forbes, “Amid DEI Backlash, Support From Workers Drops Slightly – But Remains Strong” (August 5): Forbes’ Jena McGregor reports on a recent shift in support for DEI initiatives amid growing political scrutiny. McGregor highlights a survey conducted by Seramount, a DEI consulting firm, which queried 3,000 employees about their perspectives on DEI efforts. McGregor says the survey reveals that while overall support for DEI remains robust, with 76% of respondents expressing a personal commitment to advancing DEI in their workplaces, this figure has decreased from 83% in 2021. Additionally, McGregor reports that Black employees’ views of their managers’ inclusion efforts have improved, with 70% describing their managers as inclusive in 2024, up from 65% in 2021. In contrast, the percentage of white employees who view their managers as inclusive fell from 74% in 2021 to 68% this year.
Wall Street Journal, “The Fight Against DEI Programs Shifts to Medical Care” (August 14): The Wall Street Journal’s Theo Francis and Melanie Evans report on a civil rights complaint filed against the Cleveland Clinic by Wisconsin Institute for Law and Liberty (WILL). The complaint alleges that the Cleveland Clinic discriminates on the basis of race by operating a program to prevent and treat strokes and other conditions in Black and Latino patients. WILL filed the complaint on behalf of Do No Harm, a “membership group for medical professionals and others opposing diversity, equity and inclusion initiatives.” Francis and Evans note that “[t]he allegation pushes the fight against race-based programs into untested legal territory, arguing that healthcare providers can’t use racial and ethnic demographics to target treatment, preventive care or patient education.” According to Gibson Dunn partner and co-head of the firm’s Labor and Employment practice group Jason Schwartz, telling medical institutions that they cannot help minority populations address significant medical risks could prove to be a tough sell. Schwartz says “[t]he rule is not that you have to help everyone or no one, whether it’s a charitable endeavor or a public health priority. That would shut down an awful lot of good works.”

Case Updates:

Below is a list of updates in new and pending cases:

1. Contracting claims under Section 1981, the U.S. Constitution, and other statutes:

Do No Harm v. American Association of University Women, No. 1:24-cv-01782 (D.D.C. 2024): On June 20, 2024, Do No Harm filed a complaint against the American Association of University Women (AAUW), alleging that the organization is violating Section 1981 by providing “Focus Group Professions Fellowships” to only “women from ethnic minority groups historically underrepresented in certain fields within the United States: Black or African American, Hispanic or Latino/a, American Indian or Alaskan Native, Asian, and Native Hawaiian or Other Pacific Islander.” Do No Harm is seeking a temporary restraining order and preliminary injunction prohibiting AAUW from closing the application window for the fellowships, and a permanent injunction prohibiting AAUW from considering race when selecting grant recipients.
- Latest update: On August 2, 2024, AAUW filed its opposition to the plaintiff’s motion for a TRO and preliminary injunction, arguing that Do No Harm lacks standing, that the fellowship program is protected by the First Amendment, and that the program is a valid affirmative action program.
Do No Harm v. Gianforte, No. 6:24-cv-00024-BMM-KLD (D. Mont. 2024):On March 12, 2024, Do No Harm filed a complaint on behalf of “Member A,” a white female dermatologist in Montana, alleging that a Montana law violates the Equal Protection Clause by requiring the governor to “take positive action to attain gender balance and proportional representation of minorities resident in Montana to the greatest extent possible” when making appointments to the twelve-member Medical Board. Do No Harm alleges that since the ten already-filled seats are currently held by six women and four men, Montana law requires that the remaining two seats be filled by men, which would preclude Member A from holding the seat. On May 3, 2024, Governor Gianforte moved to dismiss the complaint for lack of subject matter jurisdiction, arguing that Do No Harm lacks standing because Member A has not applied for or been denied any position. Gianforte also argued that the plaintiff’s pre-enforcement challenge was not ripe because his administration does not interpret the statute as a quota. On May 24, 2024, Do No Harm filed an amended complaint, describing additional Members B, C, and D, who are each “qualified, ready, willing, and able to be appointed” to the board. On June 7, Gianforte moved to dismiss the amended complaint, arguing again that the pseudonymous members lacked standing and that the case still was not ripe because the statute imposed only reporting requirements regarding diversity, so it posed no threat to the new members. On June 28, Do No Harm opposed the motion, asserting that the case is ripe and the members have standing because they will be disadvantaged in applications for upcoming openings, given the existing composition of the Board and the statute’s requirement to take “positive action” to achieve gender and racial balance.
- Latest update: On July 26, 2024, Governor Gianforte filed a reply in support of his motion to dismiss, reiterating his standing and ripeness arguments.

2. Employment discrimination and related claims:

Wood v. Red Hat, Inc., No. 2:24-cv-237-REP (D. Idaho 2024): On May 8, 2024, a white male former employee sued Red Hat, Inc., a subsidiary of IBM. In his complaint, the plaintiff alleges that his role was terminated “as a direct result of Red Hat’s DEI policies and efforts to diversify the workforce” and claims that, of the group of employees who were terminated at the same time, “21 of the total 22 individuals were white, and 21 were male.” The plaintiff alleges that he was retaliated against for opposing his employer’s stated goals of increasing diversity, which included setting hiring quotas of 30% female employees globally and 30% employees of color in the United States by 2028. The plaintiff brought claims under Title VII, Section 1981, and the Family and Medical Leave Act.
- Latest update: On July 29, 2024, the defendant filed a motion to compel arbitration and stay proceedings, arguing that the parties had a valid arbitration agreement that covers the dispute.
Beneker v. CBS Studios, Inc., et al., No. 2:24-cv-01659 (C.D. Cal. 2024): On February 29, 2024, a heterosexual, white male writer represented by AFL, sued CBS, alleging that its de facto hiring policy discriminated against him on the bases of sex, race, and sexual orientation. In his complaint, the plaintiff alleges that CBS violated Section 1981 and Title VII by refusing to hire him as a staff writer on the TV show “Seal Team,” instead hiring several black writers, female writers, and a lesbian writer. The plaintiff is requesting a declaratory judgment that CBS’s de facto hiring policy violates Section 1981 and/or Title VII, injunctions barring CBS from continuing to violate Section 1981 and Title VII and requiring CBS to offer him a full-time job as a producer, and damages. CBS filed a motion to dismiss on June 24, 2024, arguing that the First Amendment protects its hiring choices and that two out of three of the plaintiff’s Section 1981 claims were untimely. The plaintiff opposed on July 15, 2024, arguing that the First Amendment does not protect hiring decisions, even if CBS is engaged in a creative enterprise.
- Latest update: On July 29, 2024, CBS filed a reply in support of its motion to dismiss, reiterating its First Amendment and Section 1981 arguments.
Peters v. Federal Reserve Bank of Cleveland, No. 1:24-cv-01314 (N.D. Ohio 2024): On July 31, 2024, a plaintiff filed a lawsuit under Title VII alleging that the Federal Reserve Bank of Cleveland had denied him a series of promotions and instead promoted candidates from minority backgrounds, even though he was more qualified than those candidates. The plaintiff is seeking a permanent injunction preventing the bank from continuing to implement its allegedly discriminatory policies and ordering the bank to promote the plaintiff and pay him monetary damages.
- Latest update: The docket does not reflect that the defendant has been served.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Blaine Evanson, Molly Senger, Zakiyyah Salim-Williams, Matt Gregory, Zoë Klein, Mollie Reiss, Jenna Voronov, Alana Bevan, Marquan Robertson, Elizabeth Penava, Skylar Drefcinski, Mary Lindsay Krebs, David Offit, Lauren Meyer, Kameron Mitchell, Maura Carey, and Jayee Malwankar.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and authors:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, ksmith@gibsondunn.com)

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, mdenerstein@gibsondunn.com)

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, zswilliams@gibsondunn.com)

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, msenger@gibsondunn.com)

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group
Orange County (+1 949-451-3805, bevanson@gibsondunn.com)

This update highlights the issuance of staggering civil monetary penalties and key takeaways from CFIUS’s most recent annual report and provides our team’s perspectives on foreign direct investment review and enforcement trends moving forward.

On July 24, 2024, the Committee on Foreign Investment in the United States (CFIUS or the Committee) released its annual report covering calendar year 2023 (the Annual Report). Shortly thereafter, on August 14, 2024, CFIUS provided an update on civil monetary penalties issued in 2023 and 2024. The past year and a half was a time of meaningful rulemaking activity for CFIUS—and a banner year for enforcement, with CFIUS assessing a record number of penalties, in amounts ranging up to $60 million dollars. In a statement accompanying the penalty update, Assistant Secretary for Investment Security Paul Rosen warned: “In the last few years, CFIUS has redoubled its resources and focus on enforcement and accountability, and that is by design: if CFIUS requires companies to make certain commitments to protect national security and they fail to do so, there must be consequences.”

Below, we provide an overview of the decrease in global M&A and CFIUS filings in contrast with the increase in mitigation and enforcement, amidst a backdrop of efforts by the Committee to further expand its jurisdiction. We follow this discussion with our key takeaways for continued CFIUS compliance through the second half of 2024 and beyond.

1. CFIUS Filings Substantially Decreased, in Line with Global Market Slowdown

For the first time since the Foreign Investment Risk Review Modernization Act (FIRRMA) was implemented, the total number of CFIUS filings decreased. The drop was significant compared to the rates of change we have witnessed in recent years, with notices down nearly 19 percent and short-form declarations down over 29 percent.[1]

Year-Over-Year Comparison of the Number of CFIUS Filings

	2021	2022 (∆ from 2021)	2023 (∆ from 2022)
Notices	272	286 (↑5.1%)	233 (↓18.5%)
Declarations	164	154 (↓6.1%)	109 (↓29.2%)
Total Filings	436	440 (↑0.9%)	342 (↓22.3%)

As noted by CFIUS in the press release accompanying the Annual Report, this decline is ostensibly driven by the downswing in the global M&A market experienced in the latter half of 2022 and in 2023. Global deal volumes decreased for two consecutive years (by 37 percent in 2022 and 26 percent in 2023).[2] Similarly, expenditures by foreign direct investors to acquire, establish, or expand U.S. businesses continued to decrease (by 51 percent in 2022 and 16 percent in 2023).[3]

Another factor potentially driving the decrease in notices is transaction parties’ perception of the CFIUS process and outcomes. In a recent statement made to the United States Committee on Banking, Housing, and Urban Affairs, Assistant Secretary Paul Rosen reiterated the longstanding policy goals of “maintain[ing] an open investment environment” and “the status of the United States as the world’s top destination for foreign direct investment.” However, many transaction parties have been receiving more daunting comments on their draft CFIUS filings and more and longer question sets, incurring a higher cost to parties to participate in the filing process and—in a trend continuing from 2022—continued high rates of mitigation, which we discuss in further detail below. An overly onerous review process across transactions combined with a higher likelihood of mitigation for some minority investments can result in investors shying away from submitting voluntary notices, even if the transactions present heightened risk of a non-notified review and potential mitigation. This trend may continue into 2024 with transaction parties weighing the benefits of a CFIUS safe harbor against the costs of the review process and potential mitigation.

Although there were fewer filings in 2023, more of them were mandatory. While a CFIUS filing is voluntary for most transactions over which CFIUS has jurisdiction, filings are mandatory for certain investments in U.S. businesses that implicate critical technology, critical infrastructure, and/or sensitive personal data. In 2023, there was a slight uptick in the percentage of declarations that were submitted as mandatory filings. CFIUS does not share how many notices were mandatory, but we expect that more notices were mandatory as well.

2. Non-Notified Reviews Are Not Going Anywhere

As in prior years, CFIUS dedicated considerable time and resources to identifying “non-notified transactions” for which CFIUS had jurisdiction and the parties did not file a notice or declaration (whether mandatory or voluntary). CFIUS uses a variety of means to identify such transactions, including, as stated in the Annual Report, “interagency referrals, tips from the public, classified reporting, media reports, voluntary self-disclosures, congressional notifications, and multiple commercial and proprietary databases.”

The Annual Report shares that in 2023 the CFIUS non-notified team reviewed “thousands” of potential non-notified transactions, ultimately putting 60 of them forward for the Committee’s consideration. CFIUS requested notices for 13 such transactions.[4]

The number of non-notified transactions put forward for the Committee’s review has been decreasing for the past two years, due in part to a better resourced non-notified team having “caught up” on old transactions. However, while the total number of non-notified inquiries decreased, the percentage of inquiries resulting in a request for a filing increased—with over 20% of inquiries in 2023 resulting in a request for a filing, up from 13% in 2022.

Non-Notified Inquiries, 2020–2023

	2020	2021	2022	2023
Number of Inquiries	117	135	84	60
Number of Filings requested (%)	17 (14.5%)	8 (5.9%)	11 (13.1%) (plus eight from prior year cases)	13 (21.7%)

CFIUS remains committed to identifying and reviewing transactions that parties do not bring forward voluntarily, and non-notified filings remain subject to mitigation and other conditions up to and including divestment. For example, the MineOne transaction, which we discussed in more detail in a prior Gibson Dunn client alert, was initiated by a public tip and then became subject to a non-notified review that ultimately resulted in divestment. CFIUS will continue leveraging its non-notified resources to identify and place conditions on transactions that raise U.S. national security concerns. In April 2024, CFIUS published a proposed rule that would expand the types of information that the Committee can request during the non-notified process, further strengthening CFIUS’s non-notified capabilities.

Last, the Annual Report disclosed that CFIUS filed one “agency notice”, a rare occurrence, after the parties filed a notice that was rejected and then refused to resubmit a corrected notice. Unlike a standard filing or a non-notified review, an agency notice allows CFIUS to conduct a review without cooperation from the transaction parties. There were zero agency notices filed between 2020-2022, and this year’s anomaly serves as a stark reminder of the Committee’s power to initiate a unilateral review even if parties forgo a voluntary filing.

3. Record High Number of CFIUS Mitigation Agreements; Site Visits Continue Apace

CFIUS is authorized to review certain investments in U.S. businesses and, if it identifies a risk to national security, mitigate that risk through a variety of methods, one being entry into a mitigation agreement (e.g., a national security agreement) with the transaction parties. Each national security agreement contains a panoply of restrictions and requirements relating to, for example, corporate governance, protection of certain technology or data, the use of third-party vendors, product quality and supply assurance, various reporting and notification requirements, and day-to-day compliance policies and oversight. For each mitigation agreement, Committee members take on responsibilities to monitor it and enforce compliance—drawing down personnel and resources.

CFIUS is now monitoring a record number of mitigation agreements—246 total agreements, up from 214 in 2022. The Committee reported devoting additional staff and resources to support compliance monitoring, made possible by increased hiring in 2022 and 2023. However, the year-over-year requirements to monitor compliance will continue to increase as CFIUS adds more mitigation agreements (35 in 2023)[5] than it terminates (15 in 2023). As an indicator of the Committee’s commitment to active oversight, CFIUS conducted 43 site visits in 2023, representing just over 20% of the agreements that had been in force since 2022.

4. Enforcement-Bent Committee Issues Record Number of Penalties—Early Glimpse at 2024 Penalties Show Staggering Dollar Values

The Annual Report reflects CFIUS’s more recent shift in emphasis on enforcement. In 2023, the Committee assessed four civil monetary penalties for breaches of material provisions in mitigation agreements—a record number of penalties in one year. Notwithstanding this sharp rise, the level of consensus required to issue a penalty suggests these were the result of more egregious violations, not minor compliance foot-faults.

Year-Over-Year Comparison of Civil Monetary Penalties Through 2023

	2018	2019	2020-2022	2023
Number of Penalties	One	One	None	One	One	Two
Penalty Amount	$1 M	$750 K	–	$100 K	$200 K	$990 K
Type of Violation	Breach of mitigation agreement	Breach of interim order	–	Breaches of agreements
Snapshot of Violation	Failure to established required security policies and provide adequate reports to CFIUS.	Failure to restrict and adequately monitor access to protected data.	–	Failure to timely divest foreign acquirer’s interest and repeated violations of other mitigation agreement provisions.	Failure to timely divest foreign acquirer’s interest and repeated violations of other mitigation agreement provisions.	Failure to maintain website statement regarding foreign ownership, as required by CFIUS, possibly putting customers’ data and technology at risk.

Although noteworthy, the penalties do not come as a surprise. In October 2022, CFIUS released its first-ever guidelines for enforcement actions, focusing on three types of violations: (1) failure to submit a mandatory notice or declaration; (2) failure to comply with a mitigation agreement or other order (including divestiture); and (3) material misstatements or omissions in filings/submissions. The 2022 guidelines did not grant new authorities to CFIUS. Rather, they put transaction parties on notice that CFIUS was focused on enforcement and highlighted what the Committee would consider when issuing penalties. CFIUS resumed assessing penalties in 2023 and 2024, including an eye-popping $60 million penalty for breach of a mitigation agreement. More penalties are likely on the way in the last months of 2024.

Spotlight on 2024 Penalties
On August 14, 2024, CFIUS shared an update on penalties issued in 2023 and 2024—including the *largest penalty in CFIUS’s history*, and the first penalty for material misstatements provided in connection with CFIUS filings. Importantly, also for the first time in its history, CFIUS published the name of the parties involved in one of these matters—noteworthy as CFIUS filings and negotiations are confidential. CFIUS anticipated the questions this raises about its confidentiality obligations, highlighting in its update that in situations where (i) there is public disclosure of CFIUS matters and (ii) the Committee assesses public disclosure serves broader enforcement and national security goals, it may determine it is appropriate to disclose more information. We suspect the parties agreed to the disclosure pursuant to the terms of a settlement with the government. In its update, CFIUS highlighted the three new penalties assessed thus far in 2024:
Penalty Amount	$8.5 Million	$1.25 Million	$60 Million
Type of Violation	Breach of mitigation agreement	Material misstatements	Breach of mitigation agreement
Snapshot of Violation	Majority shareholders caused removal of independent directors, leading to vacancy of CFIUS-mandated Security Director position, and causing government security committee to be defunct, resulting in failure to perform required compliance oversight.	Forged documents and signatures, as well as material misstatements in the joint voluntary notice and supplemental information submitted to CFIUS during their review, impairing CFIUS’s ability to assess transaction risk.	Failure to take appropriate measures to prevent unauthorized access to sensitive data and report incidents promptly, resulting in harm to U.S. national security equities.

Notably, neither the Annual Report—nor the update for 2024—included any penalties for failures to make a mandatory filing. Instead, CFIUS noted, in the Annual Report, that it issued its “first ever formal determinations of noncompliance” in several cases. One reason for forgoing penalties for certain failures to make mandatory filings is the more recent change in how parties have structured minority investments, particularly in U.S. businesses that produce critical technologies. In prior years, businesses used “springing rights” whereby U.S. businesses would accept funding from foreign investors while deferring the investor’s acquisition of control, governance, or information access rights until after CFIUS review. In 2023, CFIUS issued a frequently asked question (FAQ) clarifying that the “completion date” for a transaction is the earliest date upon which the foreign person acquired any equity interest.[6] In practice, the FAQ means that parties cannot use a springing rights strategy to permit funding before filing because CFIUS does not view the issuance of initial passive equity and the subsequent grant of rights as distinct transactions. Now, transaction parties must submit a mandatory filing no later than 30 days prior to the transfer of the initial passive equity interest. As with the 2022 enforcement guidelines, the FAQ put parties on notice that CFIUS would take a more aggressive enforcement posture moving forward, and we could see the first monetary penalties for a failure to make a mandatory filing in 2024.

We fully expect this enforcement focus to continue through 2024 and beyond. In April 2024, CFIUS published a proposed rule to substantially increase the maximum civil monetary penalty for certain violations. As CFIUS expands its enforcement toolkit, U.S. businesses and their investors must update their compliance tools to match. In 2023, CFIUS received one voluntary self-disclosure (VSD) from a party for failure to submit a mandatory filing. CFIUS does not provide a well-established form or process for submitting VSDs, and this has never been an established practice for CFIUS practitioners in the past. However, it may become more commonplace as parties look to receive the benefit of mitigating a potential violation through self-disclosure and cooperation with the Committee.

5. CFIUS Continues Efforts to Expand its Jurisdiction, Particularly in Real Estate

One of the most important parts of the Committee’s work, while less clearly captured in the Annual Report statistics, is its work drafting new legislation, rules, and clarifications. In the press release accompanying the Annual Report, Assistant Secretary Paul Rosen noted that “2023 was a busy year for CFIUS in reviewing transactions for national security risk, monitoring compliance with mitigation agreements, expanding the reach of its jurisdiction, and enforcing against violations of CFIUS legal authorities” (emphasis added). Noteworthy policy initiatives in 2023 included:

CFIUS published the “completion date” FAQ, discussed above, which had a significant impact on the way that transaction parties structure investments.
In August 2023, the Department of Treasury (Treasury) issued a final rule updating the Part 802 real estate regulations by adding eight additional military installations. Despite the update, only three declarations and two notices were filed under Part 802 in 2023. However, CFIUS continued its efforts to broaden its jurisdiction and narrow the exception for greenfield investments by drafting further updated—and much more expansive—real estate regulations to be issued very soon in 2024, which we discussed in more detail in a prior Gibson Dunn client alert.

Separate from CFIUS, Treasury’s Office of Investment Security has also taken the lead on drafting regulations to implement President Biden’s August 2023 Executive Order “Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern”, the so-called “Outbound Investment” regime for which Treasury requested over $16 million dollars in the FY25 budget (and which we discussed in more detail in a prior Gibson Dunn client alert). Moreover, Treasury is not alone in focusing on the national security threat posed by certain types of foreign investment. The Office of the Director of National Intelligence and partner agencies recently issued a joint bulletin outlining a variety of threats posed by investment from certain foreign actors, including the theft of intellectual property, personal data, and technology by means of a variety of investment schemes. This joint bulletin is indicative of a wider U.S. government attempt to target and address investments by foreign actors with nefarious intents.

This year’s Annual Report included some striking but expected highlights, such as the downturn in filings and the substantial number of penalties assessed for breaches of mitigation agreements, as well as some unexpected news, such as the filing of an agency notice. Our top three takeaways follow.

Top Takeaways to Guide 2024 and Beyond:

CFIUS has a bite to match its bark. Recent CFIUS actions range from issuing clarifications of rules to proposing increases to the maximum penalty amounts—and parties must pay ever more attention to their obligations under the regulations and any mitigation agreements into which they enter. Transaction parties should consider themselves on notice that CFIUS is well-positioned to assess civil monetary penalties for failures to make a mandatory filing in 2024—and the penalty amounts may be substantial.
Non-notified reviews are as relevant as ever. CFIUS remains committed to expanding and leveraging its resources to identify and review non-notified transactions. Parties must continue to closely review the national security sensitivities of all transactions—not only those subject to a mandatory filing requirement—because transactions subject to voluntary filings can and do result in attention from CFIUS and serious mitigation measures, including divestment.
The Committee shows no signs of slowing down on policy-making initiatives and efforts to broaden its jurisdiction, and Committee members are using all tools at their disposal to further national security reviews. Despite it being an election year, Companies should prepare for 2024 to bring more legislation and rulemaking for CFIUS and Outbound Investment, and having a finger on the pulse of what is happening on the Hill is more important than ever.

[1] The total number of distinct transactions reviewed by the Committee is even lower than the sum of filings. The 233 notices include 34 that were withdrawn and refiled the same year and the 109 declarations include 20 that resulted in a request from the Committee to file a full written notice. After accounting for these duplicate filings, the Committee would have reviewed approximately 288 distinct transactions, down nearly 15 percent from the 337 distinct transactions reviewed in 2022.

[2] S&P Global, Global M&A by the Numbers: Q4 2023 (Feb. 22, 2024), available here.

[3] U.S. Bureau of Economic Analysis, New Foreign Direct Investment in the United States (July 12, 2024), available here.

[4] Per the Annual Report, three of the parties that received non-notified questions proactively filed a declaration or notice and are not counted among the 13.

[5] CFIUS also imposed mitigation requirements under one interim order and six withdrawal and abandonment letters.

[6] See the Frequently Asked Question “How does CFIUS determine the “completion date,” in assessing when a mandatory filing should be submitted, where the foreign person first acquires equity interest but will not receive control or covered investment rights until after CFIUS’s review?” found at CFIUS, CFIUS Frequently Asked Questions, available here (last accessed Aug. 15, 2024).

The following Gibson Dunn lawyers prepared this update: Michelle Weinbaum, Claire Yi, Chris Mullen, Mason Gauch, Stephenie Gosnell Handler, and David Wolber.

Gibson Dunn lawyers are monitoring the proposed changes to U.S. export control laws closely and are available to counsel clients regarding potential or ongoing transactions and other compliance or public policy concerns.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. For additional information about how we may assist you, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or the following leaders and members of the firm’s International Trade practice group:

United States:
Ronald Kirk – Co-Chair, Dallas (+1 214.698.3295, rkirk@gibsondunn.com)
Adam M. Smith – Co-Chair, Washington, D.C. (+1 202.887.3547, asmith@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, shandler@gibsondunn.com)
Christopher T. Timura – Washington, D.C. (+1 202.887.3690, ctimura@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202.887.3786, dburns@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213.229.7269, nhanna@gibsondunn.com)
Courtney M. Brown – Washington, D.C. (+1 202.955.8685, cmbrown@gibsondunn.com)
Samantha Sewall – Washington, D.C. (+1 202.887.3509, ssewall@gibsondunn.com)
Michelle A. Weinbaum – Washington, D.C. (+1 202.955.8274, mweinbaum@gibsondunn.com)
Mason Gauch – Houston (+1 346.718.6723, mgauch@gibsondunn.com)
Chris R. Mullen – Washington, D.C. (+1 202.955.8250, cmullen@gibsondunn.com)
Sarah L. Pongrace – New York (+1 212.351.3972, spongrace@gibsondunn.com)
Anna Searcey – Washington, D.C. (+1 202.887.3655, asearcey@gibsondunn.com)
Audi K. Syarief – Washington, D.C. (+1 202.955.8266, asyarief@gibsondunn.com)
Scott R. Toussaint – Washington, D.C. (+1 202.887.3588, stoussaint@gibsondunn.com)
Claire Yi – New York (+1 212.351.2603, cyi@gibsondunn.com)
Shuo (Josh) Zhang – Washington, D.C. (+1 202.955.8270, szhang@gibsondunn.com)

Asia:
Kelly Austin – Hong Kong/Denver (+1 303.298.5980, kaustin@gibsondunn.com)
David A. Wolber – Hong Kong (+852 2214 3764, dwolber@gibsondunn.com)
Fang Xue – Beijing (+86 10 6502 8687, fxue@gibsondunn.com)
Qi Yue – Beijing (+86 10 6502 8534, qyue@gibsondunn.com)
Dharak Bhavsar – Hong Kong (+852 2214 3755, dbhavsar@gibsondunn.com)
Felicia Chen – Hong Kong (+852 2214 3728, fchen@gibsondunn.com)
Arnold Pun – Hong Kong (+852 2214 3838, apun@gibsondunn.com)

Europe:
Attila Borsos – Brussels (+32 2 554 72 10, aborsos@gibsondunn.com)
Patrick Doris – London (+44 207 071 4276, pdoris@gibsondunn.com)
Michelle M. Kirschner – London (+44 20 7071 4212, mkirschner@gibsondunn.com)
Penny Madden KC – London (+44 20 7071 4226, pmadden@gibsondunn.com)
Irene Polieri – London (+44 20 7071 4199, ipolieri@gibsondunn.com)
Benno Schwarz – Munich (+49 89 189 33 110, bschwarz@gibsondunn.com)
Nikita Malevanny – Munich (+49 89 189 33 224, nmalevanny@gibsondunn.com)
Melina Kronester – Munich (+49 89 189 33 225, mkronester@gibsondunn.com)
Vanessa Ludwig – Frankfurt (+49 69 247 411 531, vludwig@gibsondunn.com)

In this update, we analyze the most important mid-year trends and developments in Anti-Money Laundering (AML) regulation and enforcement thus far in 2024.

Overall, 2024 has been very active, with many new key rules in the AML space. This update includes key rule-making priorities emphasized by enforcers, notable enforcement actions, and significant judicial opinions in the AML space.

NEW RULES/RULEMAKING

[*Note: This alert was published before FinCEN issued the final real estate and investment adviser rules. For a discussion of the final rules, see our piece at the NYU Compliance Blog.]

In the first half of 2024, the Financial Crimes Enforcement Network (FinCEN) has been active in releasing new proposed rules to, most notably, expand coverage of the Bank Secrecy Act (BSA) to certain residential real estate transactions and investment advisers, both industries which had long been FinCEN priorities. The agency also released a notable proposed rule to update AML Program requirements for all financial institutions, as well as continued to implement the Corporate Transparency Act (CTA), among other things.

1. FinCEN Proposes New Reporting Obligations for Residential Real Estate Transfers

On February 7, 2024, FinCEN issued a long-awaited Notice of Proposed Rulemaking (NPRM) to apply certain AML requirements to U.S. residential real estate transactions (hereinafter the “Real Estate Rule”).[1] The Real Estate Rule would require certain professionals involved in real estate closings and settlements to report information to FinCEN about non-financed transfers of residential real estate to certain legal entities and trusts.[2]

Specifically, the Real Estate Rule would cover non-financed transfers of various types of residential real estate, including single-family houses, townhouses, condominiums, and other buildings designed for occupancy by one to four families.[3] It would also cover non-financed transfers of certain vacant or unimproved land that is zoned for occupancy by one to four families, as well as transfers of shares of cooperative housing corporations.[4] A transaction is considered “non-financed” if it does not involve an extension of credit issued by a financial institution otherwise required to maintain an AML program.[5] Transfers resulting from death or divorce, as well as transfers to a bankruptcy estate and transfers resulting from a grant or revocation of an easement, would be exempted from the Real Estate Rule.[6]

The Real Estate Rule identifies persons required to file a report (“Reporting Persons”) through a “cascade” framework which assigns the reporting responsibility in sequential order to various persons who perform closing or settlement functions for residential real estate transfers.[7] The reporting obligation would first fall upon the person listed as the closing or settlement agent.[8] But if no individual executes that settlement function, the reporting obligation would then fall upon the following individuals in the following order: (1) the person that underwrites an owner’s title insurance policy; (2) the person that disburses the greatest amount of funds in connection with the reportable transfer; (3) the person that prepares an evaluation of the title status; or (4) the person who prepares the deed.[9] Alternatively, persons specified in this list can designate by written agreement who will serve as a Reporting Person for the transfer.[10] Reports filed for a covered transfer would be required to include certain information, including:[11]

Beneficial ownership information of the transferee receiving the property;
Information about individuals representing the transferee (such as legal name, current address, and tax identification number);
Information about the Reporting Person (such as legal name, current address, and tax identification number);
Information about the property being transferred (such as physical address and description of the section, lot, or block to be conveyed);
Information about the transferor (such as legal name, current address, and tax identification number); and
Information about any payments made (including total amount paid by the transferee entity or trust, the method of each payment made by the transferee entity or transferee trust, the accounts and financial institutions used for each such payment, and, if the payor is anyone other than the transferee entity or transferee trust, the name of the payor on the payment form).

Under the proposed rule, Reporting Persons would be required to file the disclosure report within 30 days of the date of the transfer.[12]

FinCEN accepted comments on the Real Estate Rule through April 16.[13] The NPRM also proposes an effective implementation date one year after the final version of the rule is eventually issued.[14]

2. FinCEN Proposes Substantial BSA Expansion to Investment Advisers

Just a week after announcing the Real Estate Rule, on February 13, 2024, FinCEN issued another long-awaited proposal to once again propose to extend BSA/AML coverage to certain investment advisers (hereinafter the “Investment Advisers Rule”).[15] The Investment Advisers Rule would add certain investment advisers to the list of businesses classified as “financial institutions” under the BSA.[16] Specifically, the Investment Advisers Rule would cover two types of advisers: (1) those that are registered or required to register with the U.S. Securities and Exchange Commission (SEC), and (2) those that report to the SEC as Exempt Reporting Advisers.[17]

As a result, covered investment advisers would be required to implement risk-based Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) programs, file Suspicious Activity Reports (SARs) with FinCEN, keep records relating to the transmittal of funds that equal or exceed $3,000, and comply with other obligations of financial institutions under the BSA.[18] The Investment Advisers Rule would also apply information-sharing provisions between and among FinCEN, law enforcement government agencies, and certain financial institutions.[19] Notably though, because investment advisers provide services to open-end investment companies such as mutual funds (which are already defined as “financial institutions” under the BSA), the Investment Advisers Rule would not require investment advisers to apply AML/CFT program or SAR filing requirements to mutual funds they advise.[20]

The Investment Advisers Rule also proposes to delegate examination/supervisory authority to the SEC, given the SEC’s expertise in supervising the investment adviser industry.[21]

FinCEN accepted comments on the Investment Advisers Rule through April 15.[22] The NPRM proposes an effective date of one year after the date the final rule is eventually issued.[23]

On May 13, 2024, FinCEN and the SEC also jointly issued an NPRM setting forth the proposed Customer Identification Program (CIP) requirements for the investment advisers that would be covered by the Investment Advisers Rule (hereinafter the “CIP Proposal”).[24] Specifically, covered investment advisers would be required to develop a CIP that includes risk-based procedures for determining and verifying the identity of customers to the extent reasonable and practicable, and the rule further requires that verification occurs within a reasonable time before or after a customer’s account is opened.[25] At a minimum, covered investment advisers would, like other financial institutions, be required to obtain each customer’s name, date of birth or formation, address, identification number, and any other information necessary to form a reasonable belief the adviser knows the true identity of each customer.[26]

Covered investment advisers would need to also include procedures in the CIP for recordkeeping of information used to verify a customer’s identity, as well as for notifying customers that the adviser is requesting information to verify their identities.[27] The CIP would also need to include procedures for determining whether a customer appears on any list of known or suspected terrorist organizations provided by a government agency.[28] The CIP Proposal does recognize that covered investment advisers may rely on other financial institutions to perform some or all required CIP duties, but it requires that such reliance occur pursuant to a written agreement and be reasonable under the circumstances.[29]

The comment period on the CIP Proposal ran through July 22, 2024. The NPRM proposes an effective date of 60 days after the final version of the rule is eventually issued, but it notes that compliance would only be required within six months of the effective date of the regulation.[30] The NPRM further notes compliance would not be required sooner than the corresponding compliance date of a final rule arising out of the Investment Advisers Rule.[31]

3. FinCEN Proposes Updates to AML Program Requirements

In June of 2024, along with issuing a series of proposals to extend or modify certain due diligence requirements,[32] FinCEN separately issued another long-awaited NPRM to implement updates to the AML Program requirements for financial institutions geared towards modernizing the regulations to better ensure that financial institutions implement effective and risk-based AML/CTF programs.[33] This too was a requirement of the Anti-Money Laundering Act of 2020 (AML Act). The proposed rule would add language to the AML program regulations to codify the regulatory expectation that AML programs must be “effective, risk-based, and reasonably designed…to identify, manage, and mitigate illicit finance activity risks.”[34] The NPRM would maintain the four AML program requirements that all financial institutions are currently, subject to, namely: (i) implementation of risk-based, written policies, procedures and controls to ensure ongoing compliance with the BSA; (ii) designation of one or more qualified individuals to be responsible for coordinating and monitoring day-to-day BSA compliance; (iii) periodic training of employees; and (iv) periodic, independent testing of the AML/CTF program by qualified persons. The NPRM also does not propose changes to the CIP and Customer Due Diligence (CDD) AML Program requirements that certain financial institutions are subject to. However, the NPRM proposes adding a few new requirements to the current AML program obligations for all financial institutions:

Risk Assessment Process: All financial institutions would need to establish a “dynamic and recurrent risk assessment process” to enable each institution to understand its particular AML/CTF risks and to reasonably manage and mitigate those risks.[35] As part of that process, financial institutions would need to periodically “identify, evaluate, and document” their AML/CTF risks, including by consideration of FinCEN’s BSA/AML Priorities, the institution’s business, operational, and customer characteristics, and SAR and other BSA reports filed by the institution.[36] FinCEN’s AML Priorities include focusing on specific predicate crimes that often generate illicit proceeds, including corruption, cybercrime, terrorist financing, fraud, transnational criminal organization activity, drug trafficking organization activity, human trafficking and human smuggling, and financing of certain state-sponsored weapons programs (known as proliferation financing).[37] If adopted, institutions would need to review these predicate offenses and consider ways in which their products, services, distribution channels, intermediaries, and payment patterns conceivably facilitate said crimes.[38] The resulting risk assessment, as periodically updated, should then inform how the institution’s AML/CTF Program and each of its components are developed and updated to include risk-based internal policies, procedures, and controls designed to mitigate identified risks.[39]

Board Approval and Oversight: All AML/CTF programs would need to be approved and overseen by the institution’s Board of Directors, or if the institution does not have a Board of Directors, an equivalent governing body. While some financial institutions are already required by the BSA or their functional regulator to have their AML/CTF programs approved by their Boards, this rule, if adopted, would extend that requirement to all financial institutions. It would also require Board approval of not just a primary AML/CTF Program document, but also “each of the components of the AML/CTF program.”[40] In the NPRM, FinCEN further explained that the oversight requirement would be distinct from the approval requirement and would require “appropriate and effective oversight measures…to ensure that the board (or equivalent) can properly oversee whether AML/CFT programs are operating in an effective, risk-based, and reasonably designed manner.”[41]

On-shore Compliance: The NPRM would implement the AML Act’s requirement that financial institutions with “the duty to establish, maintain, and enforce the AML/CFT program must remain the responsibility of, and be performed by, persons in the United States who are accessible to, and subject to oversight and supervision by FinCEN and [any] Federal functional regulator.”[42] FinCEN acknowledged that “financial institutions may currently have AML/CFT staff and operations outside of the United States, or contract out or parts of their AML/CFT operations to third-party providers located outside of the United States” for reasons such as cost or efficiency—all of which may conflict with the onshoring proposal as stated.[43] As such, the agency has “requested comment on a variety of potential questions that may arise for financial institutions as they address this statutory onshoring requirement, including questions about the scope of the statutory requirement and the obligations of persons that are covered.”[44]

As noted, a central purpose of this NPRM is to modernize the BSA regulations by clarifying and streamlining the AML Program requirements, including by making them more consistent across financial institution types, and by adding new requirements designed to make AML Programs more risk-based and effective. These changes may prove useful to regulated entities, as it may help them better understand their obligations and better appreciate what specific steps must be taken to develop an effective AML/CFT program. The comment period on this proposal runs through September 3, 2024, and the NPRM proposes an effective date of six months after the date the final rule is eventually issued.[45]

Following FinCEN’s lead, on July 19, 2024, other agencies (the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency) issued their own NPRMs designed to facilitate the creation of similar risk-based compliance programs.[46] Financial institutions subject to these agencies’ regulatory regimes will be tasked with similarly monitoring FinCEN’s AML/CFT priorities to look for ways to implement those requirements into its own internal auditing/risk-assessment processes.[47] Regulated financial institutions must subsequently update their risk assessments on a periodic basis to assure it accounts for risks newly flagged by FinCEN and other government authorities.

CTA DEVELOPMENTS[48]

As discussed in our last update, the Corporate Transparency Act (“CTA”) took effect on January 1, 2024.[49] As FinCEN continues to roll out the CTA, it has issued a number of pieces of notable guidance this year while, at the same time, private plaintiffs have begun to challenge the constitutionality of the act. We address both updates in turn.

4. Notable FinCEN Guidance

FinCEN maintains a Frequently Asked Questions (FAQs) website, where it offers guidance on compliance with BOI reporting.[50] We note two particularly important clarifications FinCEN has issued this year. First, in January, FinCEN provided important clarification on the scope of what is known as the “subsidiary exemption.”[51] The subsidiary exemption applies to subsidiaries whose “ownership interests” are “controlled or wholly owned” by certain exempt entities.[52] As written, the term “controlled” left room for uncertainty. Specifically, the qualifier “controlled or wholly owned” implies that while total ownership is required for the exemption, control may not be similarly limited. FinCEN addressed this in guidance on January 6 by explaining its position: “If an exempt entity controls some but not all of the ownership interests of the subsidiary, the subsidiary does not qualify [for the exemption]. To [instead] qualify, a subsidiary’s ownership interests must be fully, 100 percent owned or controlled by an exempt entity.”[53] FinCEN further added that “the exempt entity [must] entirely control[] all of the ownership interests in the reporting company, in the same way that an exempt entity must wholly own all of a subsidiary’s ownership interests.”[54] FinCEN’s clarification effectively narrows the exception and could require more subsidiaries to file reports with FinCEN.

Next, FinCEN offered clarification as to when dissolved entities are required to disclose BOI. Procedurally, uncertainty existed as to whether companies dissolved before the date of a reporting deadline needed to file. A new FAQ clarifies that if an entity is reportable and existed at any time during 2024, it needs to file, even if the entity is dissolved before the date a report would otherwise be due.[55] But if a reportable company ceased to exist before the CTA went into effect (i.e., January 1, 2024), then the entity does not need to file because it was never subject to the applicable reporting requirements.[56]

5. Constitutional Challenges to the CTA

Since the CTA’s enactment in January, there have been several challenges to the constitutionality of the CTA filed in federal court. Actions have been filed in the Northern District of Alabama,[57] the District of Maine,[58] the Western District of Michigan,[59] the Eastern District of Texas,[60] and the District of Massachusetts.[61]

In each of these cases, plaintiffs have levied many of the same objections. These primarily include that the CTA exceeds Congress’s authority by infringing on states’ exclusive power to regulate business entity formation within their borders, in violation of the Tenth and Fourteenth Amendments to the Constitution.[62] Moreover, plaintiffs argue that the mere fact of forming a “reporting company” (e.g., filing articles of incorporation) does not implicate foreign affairs or national security, and therefore is a power reserved to the states (not Congress). In addition, other plaintiffs allege violations of the Fourth Amendment’s prohibitions against unreasonable searches and seizures, and the Fifth Amendment’s guarantee of Due Process. With respect to the Fourth Amendment claim, plaintiffs argue that the compelled disclosure to FinCEN of BOI without reasonable suspicion, probable cause, or pre-compliance review constitutes illegal acts at the hands of the federal government.[63] The Due Process claim rests on the assertion that the CTA is unconstitutionally vague. Plaintiffs argue, among other points, that terms such as “beneficial owner” and “substantial control” are insufficiently defined, depriving regulated parties of sufficient notice as to what conduct triggers criminal liability.[64]

While decisions remain pending in most of these actions, on March 1, 2024, in the Northern District of Alabama, a federal judge granted summary judgment in favor of the plaintiffs.[65] Therein, the court concluded that the CTA unconstitutionally exceeds Congress’ enumerated powers.[66] The court proceeded to enter a permanent injunction barring the government from enforcing the CTA as to the plaintiffs in the case, but did not issue a national injunction barring enforcement of the law as to other entities.[67] In accordance with that ruling’s limited scope, FinCEN clarified that “reporting companies” must still generally comply with the CTA, and only the plaintiffs in the Alabama action need not submit BOI.[68] Oral argument on that appeal has been set for September 23, 2024.

Given the narrow scope of relief issued in the proceedings in Alabama—as well as the fact that decisions remain pending in the suits in Michigan, Maine, Texas, and Massachusetts—entities should generally assume (as FinCEN has itself indicated) that they remain subject to the CTA unless an applicable exemption applies.[69] Accordingly, the CTA continues to impose imminent deadlines for many entities as to which the law remains applicable.

PRIORITIES

The below updates include those areas that executive officials, particularly FinCEN, have targeted to boost AML measures through the first half of 2024.

6. Biden Administration Continues to Prioritize Prevention of the Financing of Terrorism

In the first half of 2024, the Biden administration has continued to prioritize investigations and enforcement in the national security area, particularly those implicating AML and terrorism. On June 26, 2024, for instance, FinCEN issued a final rule that identified Al-Huda Bank—an Iraqi bank FinCEN considers to be a conduit for terrorist financing—as a foreign financial institution of primary money laundering concern.[70] Alongside such a designation, the final rule FinCEN issued imposes a special measure severing Al-Huda Bank from the U.S. financial system by prohibiting domestic financial institutions and agencies from opening or maintaining a correspondent account for, or on behalf of, Al-Huda Bank.[71] Covered entities would be required to apply special due diligence to all of their foreign correspondent accounts—implementing measures designed to effectively prevent such accounts from being used to process transactions involving Al-Huda Bank.[72] This final rule comes on the heels of Treasury’s Office of Foreign Assets Control (OFAC) designating the chairman of Al-Huda Bank as having materially assisted, sponsored, or provided financial, material, or technological support to an Iranian foreign terrorist organization (FTO).[73]

In a similar vein, on May 8, 2024, FinCEN issued an advisory providing the private sector with information to assist in detecting potentially illicit transactions related to Iranian and Iran-backed FTOs.[74] The advisory highlights the various ways Iran raises and moves funds in support of FTOs and details the other typologies such FTOs use to raise revenue.[75] The advisory identifies various red flags financial institutions should identify and consider and provides a reminder of relevant BSA reporting obligations for financial institutions to follow.[76] On July 11, 2024, FinCEN issued a series of similar red flags designed to assist institutions detect, prevent, and report potential financing of Israeli extremist settlor violence against Palestinians located in the West Bank.[77]

7. FinCEN’s Broad and Expanding Mission

While FinCEN has been focused on priorities such as national security, in recent years it has also been focusing on a wider range of issues ranging from drug trafficking to environmental crimes to elder abuse to digital assets. We briefly discuss some of these priorities.

a. Drug Trafficking

In December 2023, the U.S. government announced a Treasury Department Counter-Fentanyl Task Force, including FinCEN.[78] In June 2024, FinCEN Director Andrea Gacki traveled to Arizona and led a “FinCEN Exchange,” focused on disrupting the fentanyl trade.[79] This trip came on the heels of a similar meeting the previous month, where the Director and senior leadership attended a roundtable in Iowa with Congressman Zach Nunn. The meeting focused on law enforcement priorities, emphasizing the agency’s efforts to “degrade and disrupt transnational criminal organizations that traffic opioids and other dangerous substances.”[80] The Arizona and Iowa meetings follow a March statement by the White House on its efforts to reduce opioid overdose deaths, including by “investing over $100 billion to disrupt the flow of illicit drugs.”[81]

Additionally, in June of 2024, Treasury issued an advisory alert to U.S. financial institutions—informing them of new alarming transaction trends in the fentanyl supply chain.[82] The alert aims to equip institutions with a better understanding of when certain transactions should raise red flags and require reporting. The report specifically informs institutions to monitor shell companies purportedly associated with textiles, food, or the electronics industry, as illicit suppliers frequently use entities of that variety to obfuscate their illegal transactions.[83] Of additional concern to FinCEN is the increased use of virtual currencies, like bitcoin, by Mexican-based cartels to purchase fentanyl’s precursor chemicals from Chinese-located suppliers.[84] The report also lists 14 red flags designed to assist financial institutions in detecting transactions related to the illicit production of fentanyl—including increased monitoring of transactions between Chinese sellers and Mexican buyers.[85] Companies obligated to file SARs should take note of these new guidelines and update AML policies with these specific considerations in mind.

b. Environmental Crimes

In April, FinCEN published a notice reminding financial institutions to be vigilant “in identifying and reporting suspicious activity related to environmental crimes,” which are frequently related to “fraud, human trafficking, and drug trafficking.”[86] Environmental crimes can include wildlife trafficking, illegal mining, and logging.[87] The notice references a prior threat analysis “[highlighting] wildlife trafficking as a transnational criminal organization-related concern,” asserting it often supports transnational criminal organizations linked to corrupt foreign governments.[88] SARs relating to wildlife trafficking increased each year from 2018 through October 2021, helping to identify “various levels of potential foreign government corruption.”[89] Wildlife trafficking, in particular, is a “low risk and high reward” crime and presents money laundering concerns.[90] The statutory authorization for the Presidential Task Force on Wildlife Trafficking was recently renewed through 2028.[91] The Task Force includes in its mission the goal of increasing cooperation between “law enforcement and financial institutions to identify [wildlife] trafficking activity.”[92]

c. Elder Exploitation

Elder exploitation continues to be an enforcement priority for FinCEN as well.[93] FinCEN reported detection of approximately $27 billion of attempted or completed instances of Elder Financial Exploitation (EFE) between June 2022 and June 2023.[94] In a trend report, FinCEN found scammers are increasingly avoiding in-person contact with banks and money transmitting businesses (e.g., wire transfer companies), which may “identify EFE activity more frequently [because] victims or perpetrators [conduct] transactions in person, and presumably [do] not permit the requested transactions.”[95] Instead, perpetrators are increasingly relying on methods not requiring direct contact with intermediaries, like peer-to-peer payment systems and digital payments.[96] The report highlights the “critical role of financial institutions” in detecting and deterring this type of activity.[97]

d. Cryptocurrency and Child and Human Trafficking

In February, FinCEN published a report identifying purported links between “convertible virtual currency” (CVC, or cryptocurrency), online child sexual exploitation (OCSE), and human trafficking.[98] The agency claims the number of OCSE and human trafficking-related SARs increased by about 400% from 2020 to 2021.[99] It also identified typologies used by individuals engaging in these activities, such as “CVC kiosks” (e.g., Bitcoin ATMs), mixers (a way to hide the parties in a CVC transaction), and peer-to-peer exchanges.[100] Most SARs related to OCSE and human trafficking that involve CVCs are linked to child pornography. Generally, the SARs describe possible purchases of child sex abuse materials using CVC, or attempts to exchange the CVC proceeds from those sales into fiat currency.[101] FinCEN indicated that bitcoin is the CVC of choice in an overwhelming majority of the reports. Bitcoin transactions are pseudonymous and readily traceable, but FinCEN warned that privacy-enhancing CVCs can present obstacles to a financial institution’s ability to detect these transactions.[102]

In general, firms and individuals should take note of FinCEN’s ever-expanding regulatory reach, even to areas not traditionally considered to be under the agency’s purview.

POLICIES

The first half of 2024 also featured a number of notable program announcements from the DOJ relating to AML, including its new whistleblower policy.

8. DOJ Announces New Programs to Foster Reporting of Corporate AML Violations and Other Crimes

In our inaugural edition, we noted that it will be important to watch the AML whistleblower space as FinCEN’s AML whistleblower program comes online. Indeed, in February 2024, FinCEN Director Gacki testified that FinCEN has already received over 100 tips.[103]

In parallel, DOJ has announced an individual voluntary self-disclosure program to further incentivize reporting of potential corporate misconduct. On April 15, 2024, the Criminal Division of DOJ announced the Pilot Program on Voluntary Self-Disclosure for Individuals (hereinafter the “Pilot Program”), which clarifies the circumstances under which DOJ will offer non-prosecution agreements (NPAs) to individuals who voluntarily disclose original information about corporate criminal misconduct.[104] The Pilot Program sets forth various criteria a reporting individual must satisfy in order to receive an NPA.[105] As to subject-matter, a reporting individual must disclose original information that is non-public and not otherwise known to the DOJ.[106] The original information must also relate to a specified list of offenses that includes:[107]

Violations by financial institutions involving money laundering or fraud;
Violations related to the integrity of financial markets;
Violations related to foreign corruption and bribery;
Violations related to healthcare fraud or illegal healthcare kickbacks;
Violations related to fraud or deception of the U.S. in relation to federally funded contracting (not including healthcare fraud); and
Violations relating to bribes or kickbacks paid to domestic public officials.

Beyond the subject-matter requirements, there are several other limitations on eligibility for an NPA through the Pilot Program. Disclosure of the original information must be voluntary, meaning it (1) must be made before any government request or inquiry into the issue, (2) the reporting individual must have no preexisting obligation to report the information to the Criminal Division, and (3) the disclosure must occur in the absence of any government investigation or threat of imminent disclosure of the information to the government or the public.[108] The disclosure must also be truthful and complete, including any misconduct that the reporting individual participated in or is aware of.[109] The reporting individual must agree to “fully cooperate” with and provide “substantial assistance” to DOJ in its investigation.[110] The reporting individual must also agree to repay any profits obtained from the reported misconduct and pay restitution to victims.[111] Finally, the reporting individual must not be involved in any terrorist activity, violent crime, or sexual offenses, and cannot be a Chief Executive Officer, Chief Financial Officer, or organizer of the scheme.[112]

The Pilot Program comes alongside the DOJ’s announcement of its financial reward program for corporate whistleblowers, which was formally enacted on August 1, 2024.[113] Please see our recent alert for further details. Companies following these developments should evaluate and continue to invest in compliance programs that help to identify misconduct and encourage internal detection and reporting of potential violations, particularly those relating to allegations of money laundering or other criminal activity.

ENFORCEMENT ACTIONS

Although FinCEN did not have any corporate enforcement actions in the first half of 2024, DOJ continues to be active in enforcing AML compliance, including in the digital assets industry.

9. DOJ Prosecutions

Alongside new DOJ policy initiatives, the first half of 2024 also featured a number of notable enforcement actions taken by DOJ in pursuit of its AML efforts.

a. Cryptocurrency Exchanges

On March 26, 2024, the United States Attorney for the Southern District of New York unsealed an indictment against global cryptocurrency exchange KuCoin, along with two of its founders.[114] The crux of the allegation is that the indicted individuals operated KuCoin as an unlicensed money transmitting business and conspired to violate the BSA by willfully failing to maintain an adequate AML program.[115] Specific failures included the absence of reasonable procedures in place for verifying the identity of customers, and failing to file SARs.[116] As an alleged money transmitting business and futures commission merchant, KuCoin had been subject to applicable FinCEN regulations and failed to implement them as required.

Similar conduct has led to a recent guilty plea by another cryptocurrency exchange. On July 10, 2024, the Southern District of New York separately announced that Bitcoin Mercantile Exchange (BitMEX) pled guilty to violations of the BSA.[117] Similar to the allegations levied against KuCoin, BitMEX admitted to willfully failing to establish, implement, and maintain an adequate AML program.[118] Formerly one of the leading cryptocurrency derivatives platforms, BitMEX admitted that because it operated in the United States, it knew it was required to implement adequate AML and KYC policies and chose to nevertheless “flaunt” those requirements.[119] Both the DOJ’s indictment of KuCoin and the guilty plea secured against BitMEX highlight the serious ramifications that non-compliance with FinCEN regulations can pose on an entity’s operations.

b. Individual Liability

The DOJ also recently obtained a guilty plea from Gyanendra Asre—a former member of the supervisory board for the New York State Employees Federal Credit Union—for causing the institution to facilitate illicit transactions.[120] Specifically, the DOJ alleged that Asre influenced the bank to violate the BSA’s reporting requirements while, among other things, processing bulk cash deposits and checks exceeding $100 million dollars. Asre executed the scheme “to bring lucrative and high-risk international financial business to a small, unsophisticated credit union,”[121] and pled guilty to failing to maintain an effective AML program. FinCEN separately assessed a $100,000 penalty for Asre’s violations of the BSA.[122]

Similarly, a former bank executive in Missouri pled guilty to assisting customers in evading BSA protocols, as well as submitting falsified currency transaction reports. Defendant Peter McVey, a longtime Kansas City banker, “worked with other bank officials and customers to submit fraudulent . . . forms to [FinCEN] and . . . knowingly accepted forged bank forms from customers.”[123] McVey’s activities assisted unscrupulous customers and he faces a maximum of 10 years in federal prison.

These recent prosecutions illustrate that DOJ has continued to focus on holding individuals criminally liable for violations of the BSA.

RELEVANT CASE LAW UPDATES

10. Recent Acquittal on Section 1957 Charges in Trial of Backpage Executives Highlights Potential Importance of Tracing Requirements

In April, a federal court in Arizona issued a notable money laundering decision in U.S. v. Lacey.[124] Michael Lacey, who had previously been convicted at trial, allegedly participated in a money laundering conspiracy stemming from the DOJ’s allegations that a website Lacey helped operate, Backpage.com, was primarily a tool for the promotion of prostitution in violation of the Travel Act.[125] Lacey moved for acquittal of his convictions under 18 U.S.C. § 1957, the money laundering statute prohibiting the use of illicit proceeds in a financial transaction of $10,000 or more.[126] The statute does not offer guidance on how to determine when use of these proceeds triggers liability if they are comingled with “clean” money in a single account, leading to a circuit split on the issue of tracing.[127]

Here, the government’s theory had been that “all” proceeds from Backpage.com resulted from criminal activity. But the court held that the government failed to sufficiently prove that fact at trial, given that some ad revenue purportedly came from legitimate sources.[128] This decision reaffirmed the Ninth Circuit’s unique tracing requirement—which “rejects the presumption that proof that some criminally derived funds exist in an account means that a subsequent transfer of funds … involves those [same] criminally derived funds.”[129] This decision stands in contrast to opinions from other circuits, some of which presume any money transferred from a mixed accounts is tainted.[130] But in the Ninth Circuit, even if the government shows a “great majority” of the funds in an account constitute illicit proceeds, this is insufficient to support a violation of Section 1957.[131]

Thus, in ordering the acquittal, the district court reaffirmed that Section 1957’s scope is somewhat cabined, at least in the Ninth Circuit.

CONCLUSION

2024 has thus far been notable in the AML enforcement space. We anticipate that the second half of the year will be similarly active, as litigation challenging the CTA continues to unfold, and FinCEN works to finalize the rules it has proposed in the first half of the year. We will continue to monitor these updates and report accordingly on steps individuals and entities should take to navigate the ever-changing regulatory regime.

The footnotes referenced in this update are available on Gibson Dunn’s website at the following link. Please click on a particular footnote above to view details. The complete update is available at the link below:

[1] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, FinCEN Proposes Rule to Combat Money Laundering and Promote Transparency in Residential Real Estate (Feb. 7, 2024), https://www.fincen.gov/news/news-releases/fincen-proposes-rule-combat-money-laundering-and-promote-transparency.

[2] 88 Fed. Reg. 12424 (Feb. 16, 2024), https://www.federalregister.gov/documents/2024/02/16/2024-02565/anti-money-laundering-regulations-for-residential-real-estate-transfers.

[3] Id. at 12430–31.

[4] Id.

[5] Id. at 12425.

[6] Id. at 12436.

[7] Id. at 12437–38.

[8] Id.

[9] Id.

[10] Id. at 12438–39.

[11] Id. at 12440–41.

[12] Id. at 12424.

[13] On July 8, 2024, FinCEN submitted its Final Rule to the Office of Management and Budget (“OMB”) for review, a final step in the rulemaking process prior to publication of the Final Rule in the Federal Register. OMB generally has 90 days to conduct its review.

[14] Id. at 12442.

[15] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, FinCEN Proposes Rule to Combat Illicit Finance and National Security Threats in Investment Adviser Sector (Feb. 13, 2024), https://www.fincen.gov/news/news-releases/fincen-proposes-rule-combat-illicit-finance-and-national-security-threats.

[16] 89 Fed. Reg. 12108, 12114 (Feb. 15, 2024), https://www.federalregister.gov/documents/2024/02/15/2024-02854/financial-crimes-enforcement-network-anti-money-launderingcountering-the-financing-of-terrorism.

[17] Id. at 12119.

[18] Id. at 12108, 12120.

[19] Id. at 12117.

[20] Id. at 12108.

[21] Id. at 12119.

[22] On July 15, 2024, FinCEN submitted its Final Rule to OMB for review prior to publication in the Federal Register.

[23] Id. at 12191.

[24] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, SEC, FinCEN Propose Customer Identification Program Requirements for Registered Investment Advisers and Exempt Reporting Advisers (May 13, 2024), https://www.fincen.gov/news/news-releases/sec-fincen-propose-customer-identification-program-requirements-registered.

[25] Id. at 44575.

[26] Id.

[27] Id. at 44578.

[28] Id. at 44585.

[29] Id. at 44578–79

[30] Id. at 44579.

[31] Id.

[32] These measures include a proposal to renew, without change, procedures to establish and maintain due diligence programs for foreign financial institutions and for private banking accounts. See Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, Agency Information Collection Activities: Proposed Renewal: Comment Request: Renewal Without Change of Due Diligence Programs for Correspondent Accounts for Foreign Financial Institutions and for Private Banking Accounts (June 11, 2024), https://www.fincen.gov/resources/statutes-regulations/federal-register-notices/agency-information-collection-activities-40. They also include a renewal, without change, of customer identification program requirements. See Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, Agency Information Collection Activities: Proposed Renewal: Comment Request: Renewal Without Change of Customer Identification Program Regulatory Requirements for Certain Financial Institutions (June 20, 2024), https://www.fincen.gov/resources/statutes-regulations/federal-register-notices/agency-information-collection-activities-41. And in March of 2024, FinCEN also issued a request for comments on whether alternative identification documents may lessen the need to collect full Social Security Numbers from consumers. See Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, FinCEN Seeks Comments on Customer Identification Program Requirement (Mar. 28, 2024), https://www.fincen.gov/news/news-releases/fincen-seeks-comments-customer-identification-program-requirement.

[33] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, FinCEN Issues Proposed Rule to Strengthen and Modernize Financial Institutions’ AML/CFT Programs (June 28, 2024), https://www.fincen.gov/news/news-releases/fincen-issues-proposed-rule-strengthen-and-modernize-financial-institutions.

[34] Id. at 55435.

[35] 89 Fed. Reg. 55428 at 55437.

[36] Id.

[37] Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, Anti-Money Laundering and Countering the Financing of Terrorism National Priorities (June 30, 2021), https://www.fincen.gov/sites/default/files/shared/AML_CFT%20Priorities%20(June%2030%2C%202021).pdf.

[38] 89 Fed. Reg. 55428 at 55436.

[39] Id.

[40] Id. at 55444.

[41] Id. at 55445.

[42] Id. at 55545; 31 U.S.C. § 5318(h)(5).

[43] 89 Fed. Reg. 55428, 55455 (July 3, 2024), https://www.federalregister.gov/documents/2024/07/03/2024-14414/anti-money-laundering-and-countering-the-financing-of-terrorism-programs.

[44] Id.

[45] Id. at 55446.

[46] Press Release, Interagency Statement on the Issuance of the AML/CFT Program Notices of Proposed Rulemaking (July 19, 2024), https://www.fincen.gov/sites/default/files/shared/Interagency-Statement-on-the-Issuance-of-the-AML-CFT-Program-Notices-of-Proposed-Rulemaking-FINAL.pdf.

[47] Id.

[48] We are providing this update for general information purposes only. This update is not intended as, does not constitute, and should not be relied upon as, legal advice. Because the CTA regulatory guidance is evolving rapidly, please consult with us for any necessary updates.

[49] 18 U.S.C. § 5336; Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, U.S. Beneficial Ownership Information Registry Now Accepting Reports (Jan. 1, 2024), https://www.fincen.gov/news/news-releases/us-beneficial-ownership-information-registry-now-accepting-reports.

[50] Fin. Crimes Enf’t Network, Beneficial Ownership Information Reporting: Frequently Asked Questions, https://www.fincen.gov/boi-faqs [hereinafter, “FinCEN BOI FAQs”].

[51] Id. at L.6.

[52] 31 C.F.R. § 1010.380(c)(2)(i)-(xxii).

[53] FinCEN BOI FAQs at L.6.

[54] Id.

[55] Id. at C.13.

[56] Id. at C.13.

[57] National Small Business United et al. v. Yellen et al., No. 5:22-cv-01448 (N.D. Ala. 2024).

[58] Boyle v. Yellen et. al, No. 2:24-cv-00081 (D. Me. 2024).

[59] Small Business Assn. of Mich., et al. v. Yellen, et al., 1:24-cv-00314 (D. Mich. 2024).

[60] Texas Top Cop Shop, Inc. et al. v. Garland, et al., No. 4:24-cv-00478 (E.D. Tx. 2024).

[61] Black Economic Council of Mass., et al., No. 1:24-cv-11411 (D. Mass. 2024).

[62] See, e.g., Boyle, No. 2:24-cv-00081, ECF. No. 1 (alleging Tenth Amendment claims); see, e.g., National Small Business United, No. 5:22-cv-01448, ECF. No. 1 (alleging Fourteenth Amendment, as well as additional constitutional challenges).

[63] Small Business Assn. of Mich., No. 24-cv-00314, ECF. No. 1.

[64] Id.

[65] National Small Business United, No. 5:22-cv-01448, ECF. No. 51.

[66] Id.

[67] National Small Business United, No. 5:22-cv-01448, ECF. No. 52.

[68] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, Notice Regarding National Small Business United v. Yellen, No. 5:22-cv-01448 (N.D. Ala.) (Mar. 4, 2024), https://www.fincen.gov/news/news-releases/updated-notice-regarding-national-small-business-united-v-yellen-no-522-cv-01448; see also National Small Business United et al. v. U.S. Dep’t of the Treasury et al., No. 24-10736 (11th Cir. 2024), ECF. No. 1.

[69] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, Notice Regarding National Small Business United v. Yellen, No. 5:22-cv-01448 (N.D. Ala.) (Mar. 4, 2024), https://www.fincen.gov/news/news-releases/updated-notice-regarding-national-small-business-united-v-yellen-no-522-cv-01448.

[70] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, FinCEN Finalizes Measure Against Iraq-based Al-Huda Bank to Combat Terrorist Financing (June 26, 2024), https://www.fincen.gov/news/news-releases/fincen-finalizes-financial-measure-against-iraq-based-al-huda-bank-combat.

[71] 89 Fed. Reg. 55051, 55054 (July 3, 2024), https://www.federalregister.gov/documents/2024/07/03/2024-14415/imposition-of-special-measure-regarding-al-huda-bank-as-a-financial-institution-of-primary-money.

[72] Id. at 55051.

[73] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, FinCEN Finds Iraq-based Al-Huda Bank to be of Primary Money Laundering Concern and Proposes a Rule to Combat Terrorist Financing (January 29, 2024), https://www.fincen.gov/news/news-releases/fincen-finds-iraq-based-al-huda-bank-be-primary-money-laundering-concern-and.

[74] FinCEN Advisory to Financial Institutions to Counter the Financing of Iran-Backed Terrorist Organizations (May 8, 2024), https://www.fincen.gov/news/news-releases/fincen-issues-advisory-iran-backed-terrorist-organizations.

[75] Id. at 3–6.

[76] Id. at 12–17.

[77] FinCEN Supplemental Alert: FinCEN Highlights Additional Red Flags Regarding Financing of Israeli Extremist Settler Violence Against Palestinians in the West Bank (July 11, 2024), https://www.fincen.gov/sites/default/files/shared/FinCEN-Alert-West-Bank-FINAL-508C.pdf.

[78] Press Release, U.S. Dep’t of the Treasury, U.S. Treasury Launches Counter-Fentanyl Strike Force (Dec. 4, 2023), https://home.treasury.gov/news/press-releases/jy1946.

[79] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, FinCEN Director Gacki’s Travel to Arizona for Engagements on Beneficial Ownership Information Reporting and FinCEN Exchange to Fight Fentanyl Trafficking (Jun. 13, 2024), https://www.fincen.gov/news/news-releases/readout-fincen-director-gackis-travel-arizona-engagements-beneficial-ownership; see also Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, FinCEN Exchange, https://www.fincen.gov/resources/financial-crime-enforcement-network-exchange (A “FinCEN Exchange” is an information sharing exercise between the government and local businesses “to better identify risks and provide FinCEN and law enforcement with critical information to disrupt money laundering, terrorism financing, and other financial crimes.”).

[80] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, FinCEN Director Gacki’s Travel to Iowa for Engagements on Fentanyl and Beneficial Ownership Reporting (Jun. 3, 2024), https://www.fincen.gov/news/news-releases/readout-fincen-director-gackis-travel-iowa-engagements-fentanyl-and-beneficial.

[81] Press Release, The White House, Biden-⁠Harris Administration Launches the White House Challenge to Save Lives from Overdose (Mar. 13, 2024), https://www.whitehouse.gov/briefing-room/statements-releases/2024/03/13/fact-sheet-biden-harris-administration-launches-the-white-house-challenge-to-save-lives-from-overdose.

[82] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, FinCEN Issues Supplemental Advisory on the Illicit Procurement of Fentanyl Precursor Chemicals and Manufacturing Equipment (June 20, 2024), https://fincen.gov/news/news-releases/fincen-issues-supplemental-advisory-illicit-procurement-fentanyl-precursor.

[83] FinCEN Advisory, Supplemental Advisory on the Procurement of Precursor Chemicals and Manufacturing Equipment Used for the Synthesis of Illicit Fentanyl and Other Synthetic Opioids (June 20, 2024), https://www.fincen.gov/sites/default/files/advisory/2024-06-20/FinCEN-Supplemental-Advisory-on-Fentanyl-508C.pdf.

[84] Id.

[85] Id.

[86] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, FinCEN Reminds Financial Institutions to Remain Vigilant to Environmental Crimes (Apr. 22, 2024), https://www.fincen.gov/news/news-releases/fincen-reminds-financial-institutions-remain-vigilant-environmental-crimes.

[87] Id.

[88] Financial Threat Analysis: Illicit Finance Threat Involving Wildlife Trafficking and Related Trends in Bank Secrecy Act Data 1, 2 (Dec. 2021), https://www.fincen.gov/sites/default/files/2021-12/Financial_Threat_Analysis_IWT_FINAL%20508_122021.pdf.

[89] Id. at 2.

[90] Id. at 2 (citing Interpol & UNEP Strategic Report on Environment, Peace and Security: A Convergence of Threats 53-54 (Dec. 2016), https://www.interpol.int/en/content/download/5099/file/UNEP-INTERPOL). The Interpol & UNEP report notes that the illegal ivory trade alone nets Sub-Saharan militias with about 4 to 12 million dollars annually (p. 41). See generally Money Laundering and the Illegal Wildlife Trade, Financial Action Task Force (Jun. 2020), https://www.fatf-gafi.org/media/fatf/documents/Money-laundering-and-illegal-wildlife-trade.pdf.

[91] James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, Pub. L. No. 117-263, § 5943(d)(2), 136 Stat 2395, 3471-2 (2022).

[92] 16 U.S.C. § 7631(a)(8).

[93] Press Release, Fin. Crimes Enf’t Network, U.S. Dep’t of the Treasury, FinCEN Issues Analysis on Elder Financial Exploitation (Apr. 18, 2024), https://www.fincen.gov/news/news-releases/fincen-issues-analysis-elder-financial-exploitation [hereinafter, “EFE Release”].

[94] Financial Trend Analysis: Elder Financial Exploitation: Threat Pattern & Trend Information, June 2022 to June 2023 (Apr. 2024), https://www.fincen.gov/sites/default/files/shared/FTA_Elder_Financial_Exploitation_508Final.pdf.

[95] Id.

[96] Id. at 5.

[97] EFE Release, supra, note 89.

[98] Financial Trend Analysis: Use of Convertible Virtual Currency for Suspected Online Child Sexual Exploitation and Human Trafficking: Threat Pattern & Trend Information, January 2020 to December 2021 (Feb. 2024), https://www.fincen.gov/sites/default/files/shared/FTA_Human_Trafficking_FINAL508.pdf.

[99] Id. at 2.

[100] Id. at 3.

[101] Id. at 7.

[102] Id. at 8.

[103] Press Release, Statement of FinCEN Director Andrea Gacki before the House Committee on Financial Services (Feb. 14, 2024), https://www.fincen.gov/news/testimony/statement-fincen-director-andrea-gacki-house-committee-financial-services.

[104] Press Release, U.S. Dep’t of Justice, Criminal Division Pilot Program On Voluntary Self-Disclosures For Individuals (Apr. 15, 2024), https://www.justice.gov/criminal/criminal-division-pilot-program-voluntary-self-disclosures-individuals.

[105] Memorandum, U.S. Dep’t of Justice, The Criminal Division’s Pilot Program on Voluntary Self-Disclosures for Individuals 2–3 (Apr. 15, 2024), https://www.justice.gov/criminal/media/1347991/dl?inline.

[106] Id. at 2.

[107] Id.

[108] Id. at 2–3.

[109] Id. at 3.

[110] Id.

[111] Id.

[112] Id.

[113] Dep’t of Justice Corporate Whistleblower Awards Pilot Program (Aug. 1, 2024), https://www.justice.gov/criminal/media/1362321/dl?inline.

[114] Press Release, U.S. Dep’t of Justice, Prominent Global Cryptocurrency Exchange KuCoin And Two Of Its Founders Criminally Charged With Bank Secrecy Act AND Unlicensed Money Transmission Offenses (Mar. 26, 2024), https://www.justice.gov/usao-sdny/pr/prominent-global-cryptocurrency-exchange-kucoin-and-two-its-founders-criminally.

[115] Id.

[116] Id.

[117] Press Release, U.S. Dep’t of Justice, Global Cryptocurrency Exchange BitMEX Pleads Guilty to Bank Secrecy Act Offense (July 10, 2024), https://www.justice.gov/usao-sdny/pr/global-cryptocurrency-exchange-bitmex-pleads-guilty-bank-secrecy-act-offense.

[118] Id.

[119] Id.

[120] Press Release, U.S. Dep’t of Justice, Anti-Money Laundering Specialist Pleads Guilty to Willful Failure to Implement Anti-Money Laundering Controls (Jan. 31, 2024), https://www.justice.gov/usao-edny/pr/anti-money-laundering-specialist-pleads-guilty-willful-failure-implement-anti-money.

[121] Id.

[122] Press Release, U.S. Dep’t of the Treasury, FinCEN, FinCEN Assesses $100,000 Civil Money Penalty against Gyanendra Kumar Are for Violations of the Bank Secrecy Act (Jan. 31, 2024), https://www.fincen.gov/news/news-releases/fincen-assesses-100000-civil-money-penalty-against-gyanendra-kumar-asre.

[123] Press Release, U.S. Dep’t of Justice, Former Banking Executive Pleads Guilty to Evading Anti-Money Laundering Regulations (Jan. 17, 2024), https://www.justice.gov/opa/pr/former-banking-executive-pleads-guilty-evading-anti-money-laundering-regulations.

[124] United States v. Lacey, No. CR-18-00422-001-PHX-DJH (D. Ariz. Apr. 23, 2024).

[125] Press Release, U.S. Dep’t of Justice, Backpage Principals Convicted of $500M Prostitution Promotion Scheme (Nov. 17, 2023), https://www.justice.gov/opa/pr/backpage-principals-convicted-500m-prostitution-promotion-scheme.

[126] 18 U.S.C. § 1957; see also Criminal Resource Manual, 2101 (Money Laundering Overview), U.S. Dep’t of Justice, https://www.justice.gov/archives/jm/criminal-resource-manual-2101-money-laundering-overview (“Prosecutions under 18 U.S.C. § 1957 arise when the defendant knowingly conducts a monetary transaction in criminally derived property in an amount greater than $10,000, which is in fact proceeds of a specified unlawful activity.”).

[127] See Audrey Spensley, Untangling Laundered Funds: The Tracing Requirement Under 18 U.S.C. § 1957, 75 Stanford L.R. 1157, 1160 (2023).

[128] Lacey, No. CR-18-00422-001-PHX-DJH at 57.

[129] Id. (citing United States v. Rutgard, 116 F.3d 1270, 1292-93 (9th Cir. 1997)).

[130] Id. at 56 (The Ninth Circuit “rejects the presumption that proof that some criminally derived funds exist in an account means that a subsequent transfer of funds out of that account [automatically] involves those criminally derived funds.”); see also Spensley, supra, note 123, at 1173 (the Second, Third, and Eleventh Circuits, for instance, presume any transaction from a comingled account is tainted).

[131]Lacey, No. CR-18-00422-001-PHX-DJH at 57.

The following Gibson Dunn lawyers assisted in preparing this update: M. Kendall Day, Stephanie Brooker, Chris Jones, Ella Capone, and Ben Schlichting.

Gibson Dunn has deep experience with issues relating to the Bank Secrecy Act, other AML and sanctions laws and regulations, and the defense of financial institutions more broadly. For assistance navigating white collar or regulatory enforcement issues involving financial institutions, please contact any of the authors, the Gibson Dunn lawyer with whom you usually work, or any of the leaders and members of the firm’s Anti-Money Laundering / Financial Institutions, White Collar Defense & Investigations, or International Trade practice groups:

Anti-Money Laundering / Financial Institutions:
Stephanie Brooker – Washington, D.C. (+1 202.887.3502, sbrooker@gibsondunn.com)
M. Kendall Day – Washington, D.C. (+1 202.955.8220, kday@gibsondunn.com)
Ella Alves Capone – Washington, D.C. (+1 202.887.3511, ecapone@gibsondunn.com)
Chris Jones – Los Angeles (+1 213.229.7786, crjones@gibsondunn.com)

White Collar Defense and Investigations:
Stephanie Brooker – Washington, D.C. (+1 202.887.3502, sbrooker@gibsondunn.com)
Winston Y. Chan – San Francisco (+1 415.393.8362, wchan@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213.229.7269, nhanna@gibsondunn.com)
F. Joseph Warin – Washington, D.C. (+1 202.887.3609, fwarin@gibsondunn.com)

Global Fintech and Digital Assets:
M. Kendall Day – Washington, D.C. (+1 202.955.8220, kday@gibsondunn.com)
Jeffrey L. Steiner – Washington, D.C. (+1 202.887.3632, jsteiner@gibsondunn.com)
Sara K. Weed – Washington, D.C. (+1 202.955.8507, sweed@gibsondunn.com)

Global Financial Regulatory:
William R. Hallatt – Hong Kong (+852 2214 3836, whallatt@gibsondunn.com)
Michelle M. Kirschner – London (:+44 20 7071 4212, mkirschner@gibsondunn.com)
Jeffrey L. Steiner – Washington, D.C. (+1 202.887.3632, jsteiner@gibsondunn.com)

International Trade:
Ronald Kirk – Dallas (+1 214.698.3295, rkirk@gibsondunn.com)
Adam M. Smith – Washington, D.C. (+1 202.887.3547, asmith@gibsondunn.com)

The U.S. government recently proposed rules to significantly expand export control restrictions on items used to perpetuate human rights abuses and to target military, intelligence, and related end users acting contrary to U.S. national security interests. The extensive nature of these proposed restrictions will require many companies to implement enhanced compliance programs.

On July 25, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) and the U.S. Department of State announced three proposed rules to add new controls on specific items (including commodities, software, and technology), services, end uses, and end users. Collectively, these rules propose significant restrictions on the export of items to many new classes of foreign end users in over 40 countries (in certain cases); impose additional restraints on the ability of U.S. persons to support foreign military, intelligence, and security end users; create new restrictions on facial recognition technology; and expand and refine the definition of “defense services” under the U.S. International Traffic in Arms Regulations (ITAR) to address concerns emanating from military, intelligence, and related end users, as well as to combat the use of certain items in perpetuating human rights abuses.

These proposed rules—published as three separate notices in the Federal Register[1]—build upon existing restrictions and, in part, implement provisions of the National Defense Authorization Act for Fiscal Year 2023 calling for prohibitions on U.S. persons assisting foreign military, security, and intelligence services that threaten national security interests and/or are complicit in human rights abuses. The proposed rules present yet another example of the U.S.’s continued efforts “to put human rights at the center of [its] foreign policy”[2] as discussed in our recent client alert on the Export Controls and Human Rights Initiative Code of Conduct and 2023 Year-End Sanctions and Export Controls Update.

Importantly, the proposed rules do not immediately create any new obligations and may undergo additional changes following the public comment period, though companies should begin preparing now to enhance their compliance policies and procedures. Comments on the proposed rules can be submitted directly to the relevant agency/department or at Regulations.gov until September 27, 2024.

Below we outline key provisions of the proposed rules and the changes they will bring to the U.S. Export Administration Regulations (EAR) administered by BIS and the ITAR administered by the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC).

I. Proposed Revisions to the EAR Targeting Prohibited End Users and End Uses

The EAR currently restricts the export, reexport, or transfer (in-country) of items falling within its jurisdiction intended for certain end users or intended for certain end uses. In certain instances, the EAR specifically identifies restricted parties on various lists, including, most prominently, the “Entity List.”[3] In recent years, BIS has expanded the number of lists to which parties may be named and has named certain parties to the Entity List with footnote-specific designations to impose additional restrictions. The number of disparate lists has led many in government and industry to call for a more streamlined approach. The proposed rules from BIS appear to, in part, address this concern while also expanding restrictions to a broader range of end users.

These expanded controls will likely pose particular diligence challenges for companies that utilize distributors or resellers or who otherwise sell their goods indirectly to various end users in the identified jurisdictions.

A. Revised and Expanded Restrictions on “Military End User” and “Military End Uses” (15 C.F.R. § 744.21)

The EAR currently prohibits the export, reexport, or transfer of certain items subject to the EAR to Burma/Myanmar, Cambodia, China, Nicaragua, or Venezuela whenever the exporting party has “knowledge”[4] that the item is intended, entirely or in part, for “military end users” or for “military end uses” without a license from BIS.[5] Such military end user and end use restrictions apply to all items subject to the EAR when intended for such end users/end uses in Russia or Belarus (and to certain specifically-named Russian/Belarusian entities located outside of Russia or Belarus).

The proposed rules would dramatically expand these prohibitions to all items subject to the EAR (including lower-controlled EAR99 items) and to all countries specified in Country Group D:5[6] and Macau whenever the party has “knowledge” that the item is intended, in whole or in part, for a “military end user” or “military end use,” as the terms are newly defined. Additionally, BIS would no longer list military end users on the non-exhaustive Military End User (MEU) List currently included as Supplement 7 to Part 744. Rather, such entities would be added to the Entity List with either a footnote 3 (for Russia/Belarus military end users subject to additional restrictions) or footnote 5 designation (for all other military end users).

The definition of “military end users” would be redefined to focus specifically on traditional and non-traditional military actors. National police, government intelligence, and reconnaissance organizations included in the current definition of “military end users” would fall under other types of restricted end users outlined below. Specifically, the term “military end user,” as proposed, would include the “national armed services (army, navy, marine, air force, or coast guard), the national guard, or any person or entity performing the functions of a ‘military end user,’ including mercenaries, paramilitary, or irregular forces.” BIS makes clear that this definition is meant to include private companies and non-state actors that are akin to traditional armed forces.

Similarly, the definition of “military end use” would be modified slightly to apply to any item subject to the EAR (1) incorporated into a defense article described on the U.S. Munitions List (USML) outside of the United States, (2) incorporated into items classified under “600 series” Export Control Classification Numbers (ECCNs), or (3) that “supports or contributes to the operation, installation, maintenance, repair, overhaul, refurbishing, ‘development,’ or ‘production,’ of defense articles described on the USML,” or items classified under “600 series” ECCNs.[7] As written, these restrictions would extend to end uses involving defense articles and “600 series” foreign items that are not themselves subject to the EAR.

BIS will review related license applications with (1) a presumption of denial in connection with exports, reexports, or transfers to or within Burma/Myanmar, China, Cuba, Iran, Macau, Nicaragua, North Korea, Syria, and Venezuela and (2) under the license standard of review outlined in 15 C.F.R. § 746.8(b)(1) for Belarus and Russia—currently a policy of denial[8] for all items subject to the EAR, including for foreign-produced items subject to the EAR by application of the Russia/Belarus-Military End User Foreign Direct Product (FDP) rule. A case-by-case review policy will apply to all other destinations, consistent with the standards of review outlined in 22 C.F.R. § 126.1 of the ITAR.

B. New Restrictions on “Military-Support End Users” (15 C.F.R. § 744.22)

The proposed rules create a new type of restricted end user known as a “military-support end user” defined as “any person or entity whose actions or functions support ‘military end uses,’” as defined above. Entities that BIS proactively identifies as fulfilling this definition will be identified on the Entity List with a new footnote 6, though, importantly, this list is not exhaustive, and the restrictions apply even to entities not so designated. Specifically, parties will be prohibited from exporting, reexporting, or transferring any items subject to the EAR and specified on the Commerce Control List (CCL)—i.e., those items described by an ECCN—to all countries specified in Country Group D:5[9] and Macau whenever the party has “knowledge” that the item is intended, entirely or in part, for a “military-support end user” without first obtaining a license from BIS (unless authorized under License Exception GOV for certain U.S. government activities). Unlike the restrictions on military end users/end uses, however, the restriction targeting “military-support end users” does not apply to EAR99 items. Thus, companies supplying non-EAR99 items will need to ensure proper diligence is conducted on entities that are military-adjacent or that are included in military supply chains (e.g., contractors, raw material providers, manufacturers) in the relevant jurisdictions.

BIS will review license applications with (1) a presumption of denial in connection with exports, reexports, or transfers to or within Burma/Myanmar, China, Cuba, Iran, Macau, North Korea, Syria, and Venezuela and (2) under a policy of denial for Belarus and Russia (including for items covered by the Russia/Belarus-Military End User FDP rule). License applications for all other destinations will be reviewed on a case-by-case basis review policy, consistent with the standards of review outlined in 22 C.F.R. § 126.1 of the ITAR.

C. Revised and Expanded Restrictions on “Intelligence End Users” (15 C.F.R. § 744.24)

Since 2021, the EAR has restricted the export, report, or transfer of items intended for certain “military-intelligence end users” or for “military-intelligence end uses.” The due diligence required to verify whether certain end users/end uses meet these definitions has often proved difficult for industry, particularly in countries where the line between military intelligence and civilian government services is blurred. Likely in part to address this issue, the proposed rule drops the “military” qualifier from the new restrictions and instead expands the applicable restrictions to both military and civilian intelligence end users.

Like the restrictions targeting “military-support end users” described above, the proposed rule prohibits parties from exporting, reexporting, or transferring any items subject to the EAR and specified on the CCL (i.e., all non-EAR99 items that are subject to the EAR) whenever the party has “knowledge” that the item is intended, entirely or in part, for an “intelligence end user” without first obtaining a license from BIS (unless authorized under License Exception GOV for certain U.S. government activities). The new “intelligence end user” definition includes “foreign government intelligence, surveillance, or reconnaissance organizations or other entities performing functions on behalf of such organizations.” In the proposed rule, BIS makes clear the intended breadth of this restriction, noting that “entities performing intelligence functions such as planning and directing, processing and exploiting, analyzing and producing, disseminating and integrating, surveilling, and evaluating and providing feedback” would fall within the new definition. Entities meeting the proposed definition will be identified on the Entity List with a new footnote 7 designation, though BIS makes clear this list is not exhaustive, and the restrictions apply even to entities not so designated.

Unlike other types of restricted end users discussed previously, the geographic scope of the proposed “intelligence end user” restriction is much broader and includes “intelligence end users,” from over 40 destinations included in Country Group D or E, that are not also listed in Country Group A:5 or A:6, wherever such entities may be located.[10] For example, if an intelligence end user from China (a Country Group D country) were located in the United Kingdom (a Country Group A and B country), the restriction would still apply.

As with the restrictions targeting “military-support” end users, BIS will review license applications with a (1) presumption of denial in connection with exports, reexports, or transfers to or within Burma/Myanmar, China, Cuba, Iran, Macau, North Korea, Syria, and Venezuela and (2) under a policy of denial for Belarus and Russia (including for items covered by the Russia/Belarus-Military End User FDP rule). License applications for all other destinations will be reviewed on a case-by-case basis, consistent with the standards of review outlined in 22 C.F.R. § 126.1 of the ITAR.

D. New Restrictions on “Foreign-Security End Users” (15 C.F.R. § 744.25)

The proposed rules also create another new type of restricted end user known as a “foreign-security end user.” Parties would be prohibited from exporting, reexporting, or transferring any items subject to the EAR and specified on the CCL (i.e., all non-EAR99 items) to all countries specified in Country Group D:5 or E whenever the party has “knowledge” that the item is intended, entirely or in part, for a “foreign-security end user” without first obtaining a license from BIS or unless authorized under certain provisions of License Exception GOV (applicable to certain U.S. and NATO activities). “Foreign-security end users” are defined as:

Governmental and other entities with the authority to arrest, detain, monitor, search, or use force in furtherance of their official duties, including persons or entities at all levels of the government police and security services from the national headquarters or the Ministry level, down to all subordinate agencies/bureaus (e.g., municipal, provincial, regional);
Other persons or entities performing functions of a “foreign-security end user,” such as arrest, detention, monitoring, or search, and may include analytic and data centers (e.g., genomic data centers) forensic laboratories, jails, prisons, other detention facilities, labor camps, and reeducation facilities; or
Entities designated with a footnote 8 designation on the Entity List.

While not as open-ended as some other restricted party definitions, the proposed definition of “foreign-security end user” will require parties to transactions to conduct sufficient due diligence on the nature of any potential end user to determine if the new restrictions will apply, as the definition includes many entities (e.g., forensic labs, certain data centers) that may appear at first glance merely civilian oriented. BIS does, however, provide some helpful guidelines, adding in supplemental notes that the definition does not include “civilian emergency medical, firefighting, and search-and-rescue end users,” including in certain situations where such services are integrated into a single public safety department. Importantly, when any end user otherwise fulfills the definition of a “military end user,” the more restrictive “military end user” prohibitions described above will apply.

BIS proposes to use an approach grounded in human rights in reviewing license applications, stating that all such applications will be assessed according to “whether there is an unacceptable risk of use in human rights violations or abuses.” Cases posing such “unacceptable risk” will be subject to a policy of denial, though no additional information is provided for what metrics BIS will use to determine what constitutes “unacceptable.” Considering human rights in license review policies would not be a novel approach for BIS. In the context of items controlled for crime control purposes, BIS has historically treated license applications favorably “unless there is civil disorder in the country or region or unless there is a risk that the items will be used to violate or abuse human rights,” a restriction that is expressly designed “to deter human rights violations and abuses, distance the United States from such violations and abuses, and avoid contributing to civil disorder in a country or region.”[11] In October 2020, BIS explicitly expanded this licensing policy beyond items controlled for crime control reasons to include those items controlled for any other reason (except for short supply reasons).[12]

E. “As Informed” Provisions

Finally, each of the proposed restrictions either maintains or includes an “as informed” provision, whereby BIS may inform individual parties individually or through separate notice in the Federal Register that a license requirement applies to specific end users. Such provisions already exist in many parts of the EAR (including with respect to restrictions on the activities of U.S. persons discussed below) and allow BIS to move quickly in response to pressing national security concerns. In recent years, such provisions were used to restrict the flow of semiconductors and associated items to certain end users in China prior to the release of more detailed regulations.

F. Overview of Proposed End User and End Use Restrictions

Below we provide a chart outlining the end users and end use restrictions contained in the proposed rules.

Table 1:

End User/ End Use	Proposed Definition	Restricted Jurisdictions	Restricted Items	License Exceptions	License Review
Military End Use (15 C.F.R. § 744.21)	Incorporation occurring outside the United States into a defense article described on the USML; incorporation into items classified under ECCNs under ‘‘600 series’’ ECCNs; or any item that supports or contributes to the operation, installation, maintenance, repair, overhaul, refurbishing, ‘‘development,’’ or ‘‘production,’’ of defense articles described on the USML, or items classified under ECCNs under ‘‘600 series’’ ECCNs. See 15 C.F.R. § 772.1 for relevant definitions.	Occurs in, or the product of the “military end use” is destined to Macau or a country specified in Country Group D:5.	Any item subject to the EAR (including EAR99 items) wherever a party has “knowledge” of a restricted end use.	License Exception GOV (b)(2)	Presumption of Denial: Burma/Myanmar, China, Cuba, Iran, Macau, Nicaragua, North Korea, Syria, and Venezuela. Policy of Denial: Belarus and Russia (including items subject to the Russia/Belarus-Military End User FDP Rule). Case-by-case: All other destinations, consistent with § 126.1 of the ITAR.
Military End User (15 C.F.R. § 744.21)	National armed services (army, navy, marine, air force, or coast guard), the national guard, or any person or entity performing the functions of a “military end user,” including mercenaries, paramilitary, or irregular forces (including those designated with footnotes 3 or 5 on the Entity List).	Macau; Country Group D:5 destinations.	Any item subject to the EAR (including EAR99 items) wherever a party has “knowledge” of a restricted end user.	License Exception GOV (b)(2)	Presumption of Denial: Burma/Myanmar, China, Cuba, Iran, Macau, Nicaragua, North Korea, Syria, and Venezuela. Policy of Denial: Belarus and Russia (including items subject to the Russia/Belarus-Military End User FDP Rule). Case-by-case: All other destinations, consistent with § 126.1 of the ITAR.
Military-Support End User (15 C.F.R. § 744.22)	Any person or entity whose actions or functions support “military end uses” (including those designated with a footnote 6 on the Entity List).	Macau; Country Group D:5 destinations.	Any item subject to the EAR specified on the CCL wherever a party has “knowledge” of a restricted end user.	License Exception GOV (b)(2)	Presumption of Denial: Burma/Myanmar, China, Cuba, Iran, Macau, North Korea, Syria, and Venezuela. Policy of Denial: Belarus and Russia (including items subject to the Russia/Belarus-Military End User FDP Rule). Case-by-case: All other destinations, consistent with § 126.1 of the ITAR.
Intelligence End User (15 C.F.R. § 744.24)	Any foreign government intelligence, surveillance, or reconnaissance organizations or other entities performing functions on behalf of such organizations (including those designated with a footnote 7 on the Entity List).	Country Groups D and E, excluding Israel and Taiwan.	Any item subject to the EAR (including EAR99 items) wherever a party has “knowledge” of a restricted end user.	License Exception GOV (b)(2)	Presumption of Denial: Burma/Myanmar, China, Cuba, Iran, Macau, North Korea, Syria, and Venezuela. Policy of Denial: Belarus and Russia (including items subject to the Russia/Belarus-Military End User FDP Rule). Case-by-case: All other destinations, consistent with § 126.1 of the ITAR.
Foreign-Security End User (15 C.F.R. § 744.25)	Any of the following: (1) Governmental and other entities with the authority to arrest, detain, monitor, search, or use force in furtherance of their official duties, including persons or entities at all levels of the government police and security services from the national headquarters or the Ministry level, down to all subordinate agencies/bureaus (e.g., municipal, provincial, regional);* (2) Other persons or entities performing functions of a “foreign- security end user,” such as arrest, detention, monitoring, or search, and may include analytic and data centers (e.g., genomic data centers) forensic laboratories, jails, prisons, other detention facilities, labor camps, and reeducation facilities;* or (3) Entities designated with a footnote 8 on the Entity List. *Does not include civilian emergency medical, firefighting, and search-and-rescue end users.	Country Groups D:5 and E.	Any item subject to the EAR specified on the CCL wherever a party has “knowledge” of a restricted end user.	License Exception GOV (b)(2), (c)(2)	Case-by-case: All relevant destinations on the basis of whether there is an unacceptable risk of use in human rights violations or abuses, consistent with § 126.1 of the ITAR. Applications for transactions that would pose such an unacceptable risk will be reviewed with a presumption of denial.

II. Proposed Revisions to the EAR Restricting U.S. Persons “Support” for Activities Contrary to U.S. National Security Interests (15 C.F.R. § 744.6)

In addition to restricting the flow of items subject to U.S. jurisdiction, BIS has long restricted the ability of “U.S. persons”[13] to support activities contrary to U.S. national security interests, even in the absence of items subject to the EAR. The proposed rules aim to (1) clarify the types of “support” targeted by the current and proposed restrictions, (2) restrict the types of activities U.S. persons can provide to “military end users,” “intelligence end users,” and “foreign-security end users,” and (3) propose a new restriction on “military-production activities.”

Given the breadth of these new restrictions, many U.S. companies and non-U.S. companies with U.S. employees will likely need to expand and enhance their diligence efforts to better understand the nature of their end users, particularly in the case of companies that use a distributor or reseller model. For example, cloud service providers—such as infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) providers—will need to carefully examine their due diligence procedures to ensure no U.S. persons are providing prohibited services or “support” to the restricted parties or otherwise related to the restricted activities outlined below, even when no items subject to the EAR are involved.

A. Revisions to Definition of “Support”

The EAR currently defines “support” is the context of U.S. person activities to include:

Shipping or transmitting from one foreign country to another foreign country any item not subject to the EAR a U.S. person knows will be used in or by any restricted end users or end uses as identified in 15 C.F.R. § 744.6(b)(1)-(5),[14] including the sending or taking of such item to or from foreign countries in any manner;
Transferring (in-country) any item not subject to the EAR a U.S. person knows will be used in or by any of the restricted end users or end uses as identified in 15 C.F.R. § 744.6(b)(1)-(5),
Facilitating such shipment, transmission, or transfer (in-country); or
Performing any contract, service, or employment a U.S. person knows may assist or benefit any of the restricted end users or end uses as identified in 15 C.F.R. § 744.6(b)(1)-(5), including, but not limited to: ordering, buying, removing, concealing, storing, using, selling, loaning, disposing, servicing, financing, transporting, freight forwarding, or conducting negotiations in furtherance of.[15]

The proposed rules would clarify and make explicit certain exclusions from these restrictions, consistent with BIS practice. Specifically, the proposed rules would exclude from the definition of “support” the following:

Activities involving items described in 15 C.F.R. § 734.3(b) that are deemed not subject to the EAR (e.g., items regulated by other U.S. government agencies, published informational materials, certain other published information and software);
Activities related to items enumerated on the USML (including services) subject to the ITAR;
Activities limited to administrative services, such as providing or arranging office space and equipment, hospitality, advertising, or clerical, visa, or translation services, collecting product and pricing information to prepare a response to a request for proposal, generally promoting company goodwill at trade shows, or activities by an attorney that are limited to the provision of legal advice (providing the U.S. person does not undertake such activities with “knowledge” that any items provided will support restricted end users or activities); and
Certain activities conducted for, on behalf of, or in connection with the U.S. Government.

Additionally, the proposed rules would exclude “commercial activities related to the movement of goods by common carriers,” but only for prohibitions targeting U.S. person activities involving “military end users,” “military-production activities,” “intelligence end users,” or “foreign-security end users,” as described in detail below.

B. Restrictions on U.S. Person Activities Involving Restricted End Users

Most prominently, BIS proposes restrictions on U.S. person activities to match those restrictions targeting certain end users discussed in Section I above. U.S. persons would be prohibited from providing support to “military end users,” “intelligence end users,” “foreign-security end users” and parties named to the Entity List with a footnote 6 designation (i.e., parties specifically designated as “military-support end users”).[16] Importantly, the prohibitions on U.S. person support apply even when no items subject to the EAR are involved (provided one of the exclusions discussed in the previous section do not apply). The same restrictions and licensing policies outlined in Table 1 above apply to the activities of U.S. persons when such activities involve the corresponding restricted end users.

C. Restrictions on Support for “Military-Production Activities”

U.S. persons are also restricted from supporting a new class of “military-production activities.” BIS defines “military production activities” to include (1) activities supporting incorporation into or (2) any other activity that supports or contributes to the operation, installation, maintenance, repair, overhaul, refurbishing, ‘‘development,’’ or ‘‘production’’[17] of the following types of items:

‘‘600 series’’ items, including foreign-origin items not subject to the EAR; or
Any other item that is either described on the CCL in other than a ‘‘600 series’’ ECCN, or designated EAR99, including foreign-origin items not subject to the EAR, when the U.S. person has knowledge that the item is ultimately destined to or for use by a “military end user.”

Notably, the restriction on supporting “military-production activities” includes services provided to private sector companies involved in military production such as contractors. Specific examples of covered activities provided by BIS in the relevant proposed rule include:

Assisting a defense contractor in a targeted country in producing an ECCN 0A606.a armored vehicle;
Assisting a defense contractor in a targeted country in installing an ECCN 8A002.g light system in an ECCN 8A620.a submersible vessel; and
Assisting an electronics company in a targeted country in developing ECCN 3A001 integrated circuits that have been ordered by the armed services of a targeted country.

Importantly, this restriction is only applicable to U.S. person activities that occur in or that result in a product intended for a country in country Group D:5 or Macau, thus tracking the same geographic scope as the restrictions targeting “military-support end users” discussed in Section I.

D. General Order 6 and Related Exclusions

In an attempt to clearly delineate between the parameters of the EAR and ITAR, the proposed rules include the addition of General Order 6 clarifying that the U.S. person restrictions of 15 C.F.R. § 744.6 do not restrict activities “when required for the performance of defense services subject to control under the ITAR” and authorized by DDTC. This provision is meant to eliminate perceived overlapping licensing requirements and to ensure that the relevant provisions of the EAR and ITAR work in concert to achieve national security priorities.

Relatedly, the “support” prohibitions discussed in 15 C.F.R. § 744.6 do not extend to the performance of official duties in furtherance of a U.S. Government program (including duties performed by “contract support personnel” in certain circumstances) and do not themselves prevent U.S. persons from serving in foreign military force or paramilitary organizations (though restrictions under other U.S. laws and regulations may apply).

III. Proposed Revisions to Control Facial Recognition Technology for Most Destinations

In addition to the end use / end user- and activity-based controls discussed above, BIS also proposes to add new item-based controls. The proposed rules would amend ECCN 3A981 on the CCL to specifically include “facial recognition systems.” Importantly, these controls would not apply to detection or authentication items (as opposed to identification items) or items that facilitate individual access to personal devices or facilities. Additionally, new corresponding software controls in ECCN 3D980 would apply to software ‘‘specially designed’’ for the ‘‘development,’’ ‘‘production’’ or ‘‘use’’ of commodities controlled by 3A980 and 3A981 and software “specially designed’’ for the “analysis and matching of voice, fingerprints, or facial features for facial recognition,” excluding software “solely for person or object detection or for individual authentication to facilitate individual access to personal devices or facilities.” These ECCNs, as well as ECCN 3E980 for corresponding technology, will remain controlled for crime control (column 1) purposes, thereby restricting the export, reexport, or transfer of such items to nearly all destinations other than certain European countries and U.S. allies (e.g., Australia, Canada, India, Japan, New Zealand, Türkiye, South Korea, and the United Kingdom). As with the restrictions discussed above, these new item-based controls reflect the U.S. government’s growing concern that many U.S. dual-use items are being exploited abroad to perpetrate human rights abuses.

IV. Proposed Revisions to the ITAR to Refine and Expand Definition of “Defense Services”

In conjunction with the EAR revisions discussed above, DDTC has similarly proposed revisions to the ITAR to (1) clarify and arguably expand the definition of “defense services” in 22 C.F.R. § 120.32 and (2) implement new controls over defense services related to intelligence assistance and foreign military assistance services that do not necessarily involve military articles.

A. Revised Definition of Defense Services

DDTC proposes to reorganize and revise the definition of “defense services” to explicitly include consulting activities and activities meant to disable or degrade defense articles, as well as to provide examples to clarify the intended breadth of the definition. Further, DDTC proposes to clarify that certain types of training and consulting provided to foreign persons—even in the absence of defense articles—are still restricted.

The proposed revised definition of “defense services” would include the following activities:

The furnishing of assistance, including training or consulting, to foreign persons in the development (including, e.g., design), production (including, e.g., engineering and manufacture), assembly, testing, repair, maintenance, modification, disabling, degradation, destruction, operation, processing, use, or demilitarization of a defense article; or
The furnishing of assistance, including training or consulting, to foreign persons, regardless of whether a defense article is involved, as described in USML Category IX(s)(2) or (3).

While DDTC frames these revisions as clarifications of existing coverage, parties should consider reviewing existing compliance policies to ensure alignment with the broad scope of activities that DDTC now explicitly considers “defense services.”

B. New Categories of Defense Services Added to Category IX of the USML (Military Training Equipment and Training)

The proposed rule also aims to replace existing controls on military training in USML Category IX(e)(3) with new controls under Category IX(s), which would correspond to the new definition of “defense services” and regulate certain military training activities even when no defense articles are involved. Category IX(s)(2) would specifically address intelligence assistance services that were provided for compensation. In the proposed rule, DDTC provides a non-exhaustive list of compensation types, including monetary payment, gifts, lodging, goods, services, political favors, and legislative or legal relief. DDTC notes the compensation requirement is explicitly meant to exclude from the new controls the activities of hobbyists or persons casually commenting on open-source, publicly available information (e.g., satellite imagery relevant to the invasion of Ukraine). Category IX(s)(3) would target military assistance services, even in the absence of defense articles. Both categories include exceptions as outlined in Table 2 below.

Table 2:

	Covered Activities	Exceptions
Proposed Category IX(s)(1)	Reserved for future regulations.	Reserved for future regulations.
Proposed Category IX(s)(2)	Assistance, including training or consulting, to a foreign government, unit, or force, or their proxy or agent, that creates, supports, or improves intelligence activities, including through planning, conducting, leading, providing analysis for, participating in, evaluating, or otherwise consulting on such activities, for compensation (unless an exception applies).	Furnishing of medical, translation, financial, insurance, legal, scheduling, or administrative services, or acting as a common carrier; Participation as a member of a regular military force of a foreign nation by a U.S. person who has been drafted into such a force; Training and advice that is entirely composed of general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities; Information technology services that support ordinary business activities not specific to a particular business sector; Any lawfully authorized investigative, protective, or intelligence activity of a law enforcement or intelligence agency of the United States or of a territory, possession, State, or District of the United States, including political subdivisions thereof; or Maintenance or repair of a commodity or software.
Proposed Category IX(s)(3)	Assistance, including training or consulting, to a foreign government, unit, or force, or their proxy or agent, that creates, supports, or improves the following (unless an exception applies): The organization or formation of military or paramilitary forces; Military or paramilitary operations, by planning, leading, or evaluating such operations; or Military or paramilitary capabilities through advice or training, including formal or informal instruction.	Furnishing of medical, translation, financial, insurance, legal, scheduling, or administrative services, or acting as a common carrier; Participation as a member of a regular military force of a foreign nation by a U.S. person who has been drafted into such a force; Training and advice that is entirely composed of general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities.

V. Looking Forward

The proposed rules represent significant changes to U.S. export controls under both the EAR and ITAR, and companies should begin preparing now to address forthcoming compliance responsibilities. Specific steps companies should consider taking include:

Provide Written Comments: As noted above, both BIS and the U.S. Department of State will accept written comments until September 27, 2024. Companies may provide comments directly to the relevant agency/department or at Regulations.gov.
Improve Human Rights Visibility and Awareness: As discussed in our prior client alert, companies should identify key personnel within their operations with responsibilities over human-rights related functions and engage with civil society to stay ahead of the enforcement curve.
Examine Restricted Party Screening Procedures: Companies should ensure they are adequately screening third parties (e.g., suppliers, distributors, customers) against all relevant restricted party lists to ensure prohibited transactions do not occur.
Review and Enhance End Party Due Diligence: In addition to conducting restricted party screening, companies will need to ensure transactions do not involve any categories of restricted end users or end uses, including entities not specifically named to the Entity List but that otherwise meet the requirements of restricted parties. In certain cases, companies may want to require End User Declarations from ultimate end users, as well as intermediate parties, to address diversion concerns.
Expand Scope of Due Diligence: Given the expanded geographic scope of the new end user and end use controls (in some cases to over 40 countries), companies will need to consider a greater number of jurisdictions for enhanced due diligence—especially for companies that utilize distributors or otherwise engage in indirect sales in these jurisdictions.
Update Compliance Terms in Transactional Documents: To address the proliferation of restricted end users and uses, companies may wish to revise contractual compliance terms, including to specifically require contracting parties to certify they are not providing items to restricted parties or for restricted end uses, provide for audit rights, and set forth consequences for non-compliance, including termination and indemnification. Companies should also educate their distributors and resellers on the new regulatory requirements and corresponding diligence required to remain compliant. Further, companies should consider requiring distributors and resellers to include similar compliance requirements in transaction agreements (i.e., “flow down” provisions) with downstream customers (e.g., end users, intermediate consignees).
Flag Sensitive Transactions: Companies should review and identify transactions that may involve prohibited end users and/or end uses or unauthorized defense services. Companies should proactively develop or update compliance plans to identify and prevent such restricted transactions. In some cases, companies may need to acquire licenses from BIS or DDTC before proceeding with certain transactions.
Establish Guardrails for U.S. Person Activities: Even when companies are not otherwise subject to U.S. export controls, restrictions can still apply to their U.S. person employees. Companies should identify any activities that may implicate such restrictions and establish clear policies and procedures to minimize the likelihood of any violations.

[1] See International Traffic in Arms Regulations: Revisions to Definition and Controls Related to Defense Services, 89 Fed. Reg. 60,980 (July 29, 2024); End-Use and End-User Based Export Controls, Including U.S. Persons Activities Controls: Military and Intelligence End Uses and End Users, 89 Fed. Reg. 60,985 (July 29, 2024); Export Administration Regulations: Crime Controls and Expansion/Update of U.S. Persons Controls, 89 Fed. Reb. 60,998 (July 29, 2024).

[2] Press Release, Export Controls and Human Rights Initiative Code of Conduct Released at Summit for Democracy, U.S. Dep’t of State (Mar. 30, 2023), https://www.state.gov/export-controls-and-human-rights-initiative-code-of-conduct-released-at-the-summit-for-democracy/; Press Release, Biden Administration and International Partners Release Export Controls and Human Rights Initiative Code of Conduct, U.S. Dep’t of Commerce (Mar. 30, 2023), https://www.bis.doc.gov/index.php/documents/about-bis/newsroom/press-releases/3257-2023-03-30-bis-press-release-echri-code-of-conduct/file.

[3] See 15 C.F.R. § 744.16; 15 C.F.R. Part 744, Supplement No. 4.

[4] “Knowledge” is defined under the EAR to cover actual knowledge and an awareness of a high probability, which can be inferred from acts constituting willful blindness. See 15 C.F.R. § 772.1.

[5] In certain cases, items may also be exported for certain U.S. government activities as outlined in License Exception GOV. See 15 C.F.R. §§ 740.11, 744.21.

[6] Destinations listed in Country Group D:5 are those subject to a U.S. arms embargo and include Afghanistan, Belarus, Burma/Myanmar, Cambodia, Central African Republic, China, Cuba, Democratic Republic of Congo, Eritrea, Haiti, Iran, Iraq, North Korea, Lebanon, Libya, Nicaragua, Russia, Somalia, South Sudan, Sudan, Syria, Venezuela, and Zimbabwe. See 15 C.F.R. Part 740, Supplement No. 1.

[7] The terms “600 series,” “development,” and “production” are specifically defined in 15 C.F.R. § 772.1.

[8] While a “presumption of denial” licensing policy means that a license may be granted in rare circumstances, a “policy of denial” is slightly more restrictive and implies that a license will not be granted by BIS in nearly all circumstances.

[9] See supra note 6.

[10] Destinations listed in Country Group D or E include Afghanistan, Armenia, Azerbaijan, Bahrain, Belarus, Burma/Myanmar, Cambodia, Central African Republic, China, Democratic Republic of Congo, Cuba, Egypt, Eritrea, Georgia, Haiti, Iran, Iraq, Jordan, Kazakhstan, Kuwait, Kyrgyzstan, Laos, Lebanon, Libya, Macau, Moldova, Mongolia, Nicaragua, North Korea, Oman, Pakistan, Qatar, Russia, Saudi Arabia, Somalia, South Sudan, Sudan, Syria, Tajikistan, Turkmenistan, United Arab Emirates, Uzbekistan, Venezuela, Vietnam, Yemen, and Zimbabwe. See 15 C.F.R. Part 740, Supplement No. 1. Currently only Israel and Taiwan fulfill the exception as destinations also included in Country Group A:6.

[11] Amendment to Licensing Policy for Items Controlled for Crime Control Reasons, 85 Fed. Reg. 63,007, 63,009 (Oct. 6, 2020) (emphasis added).

[12] Id.

[13] “U.S. person” is broadly defined to include citizens, permanent residents, and protected individuals (e.g., asylees) in the United States; any entity organized in the United States, including foreign branches; and any person located in the United States. See 15 C.F.R. § 772.1.

[14] Currently, 15 C.F.R. § 744.6(b)(1)-(5) restricts certain U.S. person activities that provide “support” for nuclear explosive devices, “missiles,” chemical and biological weapons, certain chemical weapons precursors, “military-intelligence end users,” and “military-intelligence end uses.” More detailed “support” restrictions related to the “development” and “production” of advanced-node integrated circuits and related items and semiconductor manufacturing equipment are outlined in 15 C.F.R. § 744.6(c)(2)-(3).

[15] See 15 C.F.R. § 744.6(b)(6).

[16] Importantly, the prohibition on U.S. person activities in “support” of footnote 6 entities is limited to only those entities explicitly designated as such and applies only to the items specified in the designated party’s entry on the Entity List. In this manner, the restriction on U.S. person activities is narrower than the corresponding end user restrictions discussed in Section I above.

[17] See 15 C.F.R. § 772.1 for relevant definitions.

The following Gibson Dunn lawyers prepared this update: Mason Gauch, Hayley Lawrence, Chris Mullen, Stephenie Gosnell Handler, Adam M. Smith, Chris Timura, Samantha Sewall, Michelle Weinbaum, and David Wolber.

This edition of Gibson Dunn’s Federal Circuit Update for July 2024 summarizes the current status of petitions pending before the Supreme Court and recent Federal Circuit decisions concerning preliminary injunctions, contempt orders, issue preclusion, motions to amend before the Patent Trial and Appeal Board (Board), and the meaning of “publicly disclosed” under the America Invest Act (AIA).

Federal Circuit News

Noteworthy Petitions for a Writ of Certiorari:

There were no new potentially impactful petitions filed before the Supreme Court in July 2024. We provide an update below of the petitions pending before the Supreme Court that were summarized in our June 2024 update:

In United Therapeutics Corp. v. Liquidia Technologies, Inc. (US No. 23-1298), after the respondent waived its right to respond, a response was requested by the Court. The response will be due on August 28, 2024.

There were no new updates in Chestek PLLC v. Vidal (US No. 23-1217) and Cellect LLC v. Vidal (US No. 23-1231). In Chestek, the response brief is still due August 14, 2024, and five amicus curiae briefs have been filed. In Cellect, the response brief is still due August 21, 2024, and seven amicus curiae briefs have been filed.

Other Federal Circuit News:

Release of Materials in Judicial Investigation. The Federal Circuit released additional materials in connection with the proceeding under the Judicial Conduct and Disability Act and the implementing Rules involving Judge Pauline Newman. The materials may be accessed at the following links:

Upcoming Oral Argument Calendar

The list of upcoming arguments at the Federal Circuit is available on the court’s website.

Key Case Summaries (July 2024)

Natera, Inc. v. NeoGenomics Laboratories, Inc., Nos. 24-1324, 24-1409 (Fed. Cir. July 12, 2024): Natera and NeoGenomics manufacture products used to detect circulating tumor DNA (ctDNA), the presence of which is called molecular residual disease (MRD), which can indicate cancer relapse. Natera sued NeoGenomics alleging that NeoGenomics’ product, RaDaR, infringed two of Natera’s patents relating to methods of amplifying targeted genetic material and for detecting variations in genetic material indicative of disease, such as ctDNA. Natera uses the claimed methods in its patents in its own Signatera product. Natera moved for a preliminary injunction, which the district court granted. The preliminary injunction barred NeoGenomics from making, using, selling, or offering for sale RaDaR, but carved out exceptions for patients already using RaDaR and for ongoing research projects, studies, and clinical trials.

The Federal Circuit (Moore, C.J., joined by Taranto and Chen, JJ.) affirmed the district court’s “carefully crafted” preliminary injunction. In particular, the Court concluded that the district court carefully considered the evidence before it in evaluating the irreparable harm to Natera, including that Natera and NeoGenomics directly compete in a two-player market for tumor-informed MRD testing products that would result in lost sales to Natera and harm to Natera’s market share. Because patients using MRD therapies require continuity of care, patients who begin using RaDaR will likely not switch to Signatera, which would not only cause Natera a loss of current sales, but also repeat business in the future. The Court also concluded that the district court did not err in concluding that the public interest weighs in favor of the injunction. Natera had the capacity to take on more patients and satisfy the demand for MRD tests. To avoid disruption to ongoing treatment and research, the district court did not enjoin use of RaDaR for existing patients and ongoing clinical trials and research projects.

Backertop Licensing LLC v. Canary Connect, Inc., No. 23-2367 (Fed. Cir. July 16, 2024): Lori LaPray is the sole owner of Backertop and is also the managing member of six other LLCs that have filed at least 97 patent infringement cases in the federal district courts. Backertop is seemingly associated with IP Edge (a patent monetization firm) and Maxevar (an affiliated consulting firm). The district court had concerns that IP Edge and Maxevar had perpetrated a fraud on the court by conveying patents to a shell LLC and filing false patent assignments with the USPTO to shield IP Edge and Maxevar from any potential liability they might face in asserting those patents in litigation. As a result, it ordered Ms. LaPray to disclose communications and documents relating to concerns regarding fraud on the court. Ms. LaPray produced several documents to the district court, but the district court had concerns regarding the legitimacy of the documents and set an in-person hearing to “assess her credibility.” Ms. LaPray refused to attend the hearing and did not attend a subsequent show cause hearing the district court set. The district court therefore found Ms. LaPray in civil contempt of court and imposed a fine of $200 per day until Ms. LaPray appeared in person in court.

The Federal Circuit (Hughes, J., joined by Prost and Stoll, JJ.) affirmed. Although civil contempt orders are generally interlocutory and non-appealable, the Federal Circuit determined that the law allowed Ms. LaPray, as the officer of Backertop and a non-party, to “immediately appeal the contempt order.” The Court then held that the district court’s order for Ms. LaPray to appear in person fell within the district court’s inherent powers. Contrary to Ms. LaPray’s arguments, the district court’s order did not conflict with Rule 45’s 100-mile requirement, which only applies to a party or attorney’s efforts to subpoena a person, and not to a court’s sua sponte order to appear. The Court also found the district court had not abused its discretion in ordering Ms. LaPray to appear in person and determined that it was an appropriate means by which to investigate potential misconduct by Backertop and potential fraud on the court by IP Edge and Maxevar.

Koss Corp. v. Bose Corp., Nos. 22-2090, 23-1173, 23-1179, 23-1180, 23-1191 (Fed. Cir. July 19, 2024): Koss sued Bose alleging infringement of patents directed to wireless earphone communication. Bose in turn petitioned for inter partes review (IPR) of Koss’s patent, and the district court litigation was stayed pending the IPRs. Koss now appeals the Board’s final written decisions. Separately, Koss also sued Plantronics for infringing its patents, including the same patents asserted against Bose, which proceeded in parallel with Bose’s IPRs. Plantronics moved to dismiss on grounds that all claims of the asserted patents were ineligible under 35 U.S.C. § 101. The district court granted the motion. Koss filed an amended complaint, and Plantronics again moved to dismiss the asserted claims as ineligible under Section 101. Before the district court could rule on the motion, Koss voluntarily stipulated to dismiss the case with prejudice, but did not ask the district court to vacate its earlier ruling holding that all claims were ineligible. The district court entered final judgment, and Koss did not appeal the Plantronics judgment. Bose then moved to dismiss these current appeals as moot because all claims had been determined to be ineligible.

The Federal Circuit (Hughes, J., joined by Stoll and Cunningham, JJ.) dismissed the appeals as moot. Koss argued that the district court’s ineligibility ruling in Plantronics became a nullity upon the filing of the amended complaint. The Federal Circuit determined this was incorrect, explaining that the ineligibility ruling became final and appealable when the district court entered final judgment after Koss stipulated to dismissal of its suit. As Koss chose not to appeal that judgment, there were no viable patent claims left to assert and no longer a live case or controversy, rendering the appeals moot.

ZyXEL Communications Corp. v. UNM Rainforest Innovations, Nos. 22-2220, 22-2250 (Fed. Cir. July 22, 2024): ZyXEL filed a petition for IPR of UNMRI’s patent directed to methods for constructing frame structures (organization of information transmitted across time and frequency) in orthogonal frequency-division multiple access (OFDMA) systems. ZyXEL contended that certain claims would have been obvious in view of the asserted prior art. UNMRI filed a contingent motion to amend and requested the Board’s preliminary guidance on its motion under the Board’s MTA Pilot Program. ZyXEL opposed the motion to amend, arguing that UNMRI had not complied with the regulation requiring it to identify written support for every claimed limitation in the substitute claims—not just the newly-claimed features—in its motion. In its preliminary guidance, the Board agreed and permitted UNMRI to file an extended reply brief addressing written description support and, correspondingly, allowed ZyXEL to respond in an extended sur-reply. The Board then granted UNMRI’s motion to amend to substitute its claims and determined that the substitute claims would not have been obvious.

The Federal Circuit (Dyk, J., joined by Prost and Stark, JJ.) affirmed-in-part, reversed-in-part, and remanded-in-part as to the appeal, and affirmed as to the cross-appeal. In particular, the Court affirmed the Board’s grant of the motion to amend. Specifically, the Court noted that the purpose of the MTA Pilot Program is to provide preliminary guidance and to allow the patentees to correct errors in its original motion. The MTA Pilot Program also allows a patentee to respond to the Board’s preliminary guidance in reply. Thus, the Court determined that the Board did not err in permitting UNMRI to use its reply brief to supplement the written description support that should have been, but was not, included in its original motion.

Sanho Corp. v. Kaijet Technology International Limited, Inc., No. 23-1336 (Fed. Cir. July 31, 2024): Kaijet petitioned for IPR of Sanho’s patent directed to a port extension apparatus for devices like laptops. The Board found all challenged claims unpatentable as obvious over prior art reference Kuo. Sanho contended that Kuo was not prior art because the inventor “publicly disclosed” the relevant subject matter of Kuo through the private sale of a device called the HyperDrive before Kuo’s priority date. The Board, however, concluded that the private sale was not a public disclosure, and therefore Kuo was prior art.

The Federal Circuit (Dyk, J., joined by Clevenger and Stoll, JJ.) affirmed. Section 102(b)(2)(B) provides that a “disclosure shall not be prior art” if “the subject matter disclosed had . . . been publicly disclosed by the inventor.” Sanho argued that a private sale should be considered a “disclosure” under the statute, and that the term “publicly disclosed” would necessarily include “disclosures,” such as private sales. The Court determined this interpretation was incorrect because “publicly disclosed” is not the same as “disclosed,” and the use of different phrases suggests Congress intended the phrases to have different meanings. Additionally, Section 102(b) was meant to provide protection for an inventor who publicly discloses his invention from later disclosures made by others, as public disclosure is a major objective for providing patent protection in the first place. Thus, the Court concluded that “publicly disclosed by the inventor” must require that the invention was made available to the public. As a result, the Court decided that Sanho’s private sale did not qualify as a public disclosure under Section 102(b)(2)(B), and thus the Board did not err in determining that Kuo was prior art.

The following Gibson Dunn lawyers assisted in preparing this update: Blaine Evanson, Audrey Yang, Vivian Lu, Julia Tabat, and Michelle Zhu.

Blaine H. Evanson – Orange County (+1 949.451.3805, bevanson@gibsondunn.com)
Audrey Yang – Dallas (+1 214.698.3215, ayang@gibsondunn.com)

From the Derivatives Practice Group: The CFTC has approved a joint rule proposal to establish technical data reporting standards, and final rules permitting a foreign board of trade to provide direct access to its electronic trading and order matching system to an introducing broker.

New Developments

CFTC Approves a Joint Rule Proposal to Establish Technical Data Reporting Standards. On August 8, the CFTC voted to jointly propose and request public comment on the establishment of technical data reporting standards with other financial regulatory agencies. The proposal would establish uniform data standards for the collections of information reported to the CFTC, Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Consumer Financial Protection Bureau, Federal Housing Finance Agency, Securities and Exchange Commission, and the Department of the Treasury. The proposal would also establish uniform data standards for data collected from these financial regulatory agencies on behalf of the Financial Stability Oversight Council. According to the CFTC, the proposed standards would promote interoperability of financial regulatory data across the financial regulatory agencies through the adoption of common identifiers for legal entities, financial instruments, and other data. In addition to proposing the use of common identifiers, the proposal would also further standardize the format and transmission of data to financial regulatory agencies. The CFTC explained that the proposed rule is part of the implementation of the Financial Data Transparency Act of 2022 (“FDTA”); although the CFTC is not specifically referenced in the FDTA, the Secretary of the Treasury designated the CFTC as a covered agency on May 3, 2024. Comments on the proposal are due 60 days following publication in the Federal Register. [NEW]
CFTC Exempts Additional Singapore Recognized Market Operators from SEF Registration Requirements. On August 2, the CFTC announced it unanimously approved an amended order that exempts two recognized market operators (“RMO”s) authorized within Singapore from CFTC swap execution facility (“SEF”) registration requirements. The exempted RMOs are FMX Securities (Singapore) Pte. Limited and LMAX Pte. Ltd. Section 5h(g) of the Commodity Exchange Act provides that the CFTC may grant such an exemption if it finds that a foreign SEF is subject to comparable, comprehensive supervision and regulation by the appropriate governmental authorities in the facility’s home country. Likewise, the CFTC may revoke exempt status when a facility is no longer authorized or in good standing in its home country. [NEW]
CFTC Approves Final Rule Allowing U.S. Introducing Brokers Direct Access to Registered Foreign Boards of Trade for the Submission of Customer Orders. On July 29, the CFTC announced it approved final rules amending Part 48 of its regulations. The final rules permit a foreign board of trade (“FBOT”), registered with the CFTC, to provide direct access to its electronic trading and order matching system to an introducing broker, located in the United States and registered with the CFTC, for the submission of customer orders to the FBOT’s trading system for execution. The final rules also establish a procedure for an FBOT to request revocation of its registration and remove certain outdated references to “existing no-action relief” in Part 48. [NEW]

New Developments Outside the U.S.

ESAs’ Joint Board of Appeal Dismisses Appeal by Euroins Insurance Group AD Against the European Insurance and Occupational Pensions Authority. On August 7, the Joint Board of Appeal (“the Board”) of the ESAs unanimously decided that the appeal brought by Euroins Insurance Group AD (“Euroins”) against the European Insurance and Occupational Pensions Authority (“EIOPA”) is inadmissible. In its decision, the Board found that EIOPA’s power to initiate an investigation is of an entirely discretionary nature. Furthermore, the Board also asserted that the EIOPA Chairperson’s decision to initiate an investigation is not subject to the Board’s review. Finally, the decision clarified that the Board does not have the power to order EIOPA to re-assess an appellant’s request to open an investigation. [NEW]
ESMA Publishes Data for Quarterly Bond Liquidity Assessment and the Systematic Internalizer Calculations. On August 1, ESMA published the new quarterly liquidity assessment of bonds and the data for the quarterly systematic internalizer calculations for equity, equity-like instruments, bonds and for other non-equity instruments under MiFID II and MiFIR. [NEW]
ESMA Delivers Opinion on Global Crypto Firms Using their non-EU Execution Venues. On July 31, ESMA issued an Opinion to address the risks presented by global crypto firms seeking authorization under the Markets in Crypto Assets (“MiCA”) Regulation for part of their activities (crypto brokerage) while keeping a substantial part of their group activities (intra-group execution venues) outside the European Union (“EU”) regulatory scope. The opinion calls for a case-by-case assessment, outlining the specific requirements that ESMA believes should be met regarding best execution, conflicts of interest, the obligation to act honestly, fairly, and professionally in the best interests of clients and the obligation relating to the custody and administration of crypto-assets on behalf of clients. [NEW]
The FCA Publishes Consultation Paper on the Derivatives Trading Obligation and Post-Trade Risk Reduction Services. On July 26, the Financial Conduct Authority (“FCA”) published a consultation paper on aspects of the derivatives trading obligation (“DTO”) as part of HM Treasury’s Wholesale Markets Review. The FCA is consulting on proposals to (1) include certain overnight index swaps based on the US Secured Overnight Financing Rate within the classes of derivatives subject to the DTO; (2) expand the list of post-trade risk reduction services exempted from the DTO and from other obligations; and (3) the FCA’s intention to use its power to suspend or modify the DTO once its transitional powers expire. The consultation closes on September 30, 2024. The FCA will publish a policy statement with final rules in Q4 2024. [NEW]
ESAs Publish Joint Final Report on the Draft Technical Standards on Subcontracting under DORA. On July 26, the European Supervisory Authorities published their joint Final Report on the draft Regulatory Technical Standards (“RTS”) specifying how to determine and assess the conditions for subcontracting information and communication technology (“ICT”) services that support critical or important functions under the Digital Operational Resilience Act (“DORA”). These RTS aim to enhance the digital operational resilience of the EU financial sector by strengthening the financial entities’ ICT risk management over the use of subcontracting.
ESMA Sets Out Its Long Term Vision on the Functioning of the Sustainable Finance Framework. On July 24, ESMA published an Opinion on the Sustainable Finance Regulatory Framework, setting out possible long-term improvements. ESMA considers that, in the longer-term, the Framework could further evolve to facilitate investors’ access to sustainable investments and support the effective functioning of the Sustainable Investment Value Chain. The opinion recommends several action items, including that all financial products should disclose some minimum basic sustainability information, covering environmental and social characteristics, and a product categorization system, based on a set of clear eligibility criteria and binding transparency obligations.

New Industry-Led Developments

ISDA Letter on FICC’s Proposed Rulebook Changes. On August 1, ISDA submitted a letter to the Securities and Exchange Commission in response to the Fixed Income Clearing Corporation’s (“FICC”) proposed changes to its Government Securities Division Rulebook in accordance with the Securities Exchange Act of 1934. The comment letter addresses FICC’s proposal to modify its trade submission rules in relation to mandatory clearing of certain US Treasury transactions. The proposed rule changes: (i) adopt a requirement that each netting member must submit all eligible secondary market transactions to which it is a counterparty to FICC for clearance and settlement; (ii) adopt new initial and ongoing membership requirements and other measures to facilitate FICC’s ability to monitor a netting member’s compliance with the trade submission requirement; (iii) adopt disciplinary measures to address a netting member’s failure to comply with the trade submission requirement; and (iv) modify the FICC rules to facilitate the trade submission requirement. [NEW]
Joint Association Letter on CFTC Block Thresholds and Cap Sizes. On July 29, ISDA, the Securities Industry and Financial Markets Association, the Securities Industry and Financial Markets Association Asset Management Group, the American Council of Life Insurers and the Investment Company Institute sent a letter to the CFTC requesting a public forum be provided to continue to evaluate the methodology for calculating the block thresholds and cap sizes under Part 43 of the CFTC’s regulations. [NEW]

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, jsteiner@gibsondunn.com)

Michael D. Bopp, Washington, D.C. (202.955.8256, mbopp@gibsondunn.com)

Michelle M. Kirschner, London (+44 (0)20 7071.4212, mkirschner@gibsondunn.com)

Darius Mehraban, New York (212.351.2428, dmehraban@gibsondunn.com)

Jason J. Cabral, New York (212.351.6267, jcabral@gibsondunn.com)

Adam Lapidus – New York (212.351.3869, alapidus@gibsondunn.com )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, sbrooker@gibsondunn.com)

William R. Hallatt , Hong Kong (+852 2214 3836, whallatt@gibsondunn.com )

David P. Burns, Washington, D.C. (202.887.3786, dburns@gibsondunn.com)

Marc Aaron Takagaki , New York (212.351.4028, mtakagaki@gibsondunn.com )

Hayden K. McGovern, Dallas (214.698.3142, hmcgovern@gibsondunn.com)

Karin Thrasher, Washington, D.C. (202.887.3712, kthrasher@gibsondunn.com)

We are pleased to provide you with the July 2024 edition of Gibson Dunn’s digital assets regular update. This update covers recent legal news regarding all types of digital assets, including cryptocurrencies, stablecoins, CBDCs, and NFTs, as well as other blockchain and Web3 technologies. Thank you for your interest.

ENFORCEMENT ACTIONS

UNITED STATES

SEC Sues Consensys over MetaMask
On June 28, the SEC sued Consensys Software Inc. (an Ethereum software provider) over its MetaMask cryptocurrency wallet, which is the most used wallet on Ethereum. The SEC alleged that MetaMask is an unregistered broker because it permits users to buy and sell digital assets directly in-app. Additionally, the SEC alleged that Consensys has offered and sold unregistered securities through its staking service, which provides consumers with “liquid staking tokens” via third-party providers Lido and Rocket Pool, in exchange for depositing assets to secure the Ethereum blockchain. Soon after filing this enforcement action, the SEC moved to dismiss or transfer the declaratory judgment action that Consensys previously filed against the SEC in Texas. SEC Press Release; CoinDesk; The Block; Law360.
SEC Drops Hiro And Stacks Investigation
On July 12, the SEC dropped its investigation of Hiro, formerly known as Blockstack, which launched Stacks—a Bitcoin layer-2 blockchain. Early on, Blockstack treated its tokens as securities and attempted to register them through various exemptions. In 2021, Hiro launched a new consensus mechanism and concluded that the network had become so decentralized that its coin no longer constituted a security. The SEC then began a three-year investigation of Hiro. The SEC has now closed that investigation, with SEC staff stating in a letter that they do “not intend to recommend an enforcement action by the SEC.” SEC 1; SEC 2; CoinDesk; CoinTelegraph; The Block.
FTX and CFTC Reach $12.7 Billion Settlement
On July 12, following months of negotiations, FTX and the U.S. Commodity Futures Trading Commission (CFTC) agreed to a $12.7 billion settlement, pending approval from the U.S. Bankruptcy Court for the District of Delaware. The CFTC filed suit against FTX, its former CEO Sam Bankman-Fried, and its sister company Alameda Research in December 2022, alleging that they made misrepresentations by marketing FTX.com as a digital commodity asset platform. According to the July 12 filing, the proposed settlement “resolves ongoing litigation and disputes with one of the largest creditors of the Debtors, avoids the cost and delay of further litigation, and mitigates a significant risk of diminution of the assets available for distribution to creditors.” The settlement agreement is divided into $8.7 billion in restitution and $4 billion in disgorgement. As part of the settlement agreement, the CFTC has also agreed to forgo pursuing a civil monetary penalty against FTX, prioritizing the payment of FTX’s creditors. TheBlock; Cointelegraph.
Two Former FTX Executives and Cooperators in Bankman-Fried Case Will Be Sentenced in the Fall
On July 9, U.S. District Judge Lewis A. Kaplan scheduled an October 30, 2024 sentencing hearing for Nishad Singh, a former engineering director at the now-defunct crypto exchange FTX, and set a November 20, 2024 hearing for Zixiao “Gary” Wang, who co-founded FTX with Sam Bankman-Fried. Singh and Wang were among the first to plead guilty to charges related to their roles in the collapse of FTX, and both testified for the government at the 2023 trial of Bankman-Fried. A sentencing date has not been set for Caroline Ellison, the former CEO of Alameda Research who also pleaded guilty and testified against Bankman-Fried. The Block; Law360; Cointelegraph.
BitMEX Pleads Guilty to Violating the Bank Secrecy Act
On July 10, cryptocurrency exchange and derivative trading platform BitMEX pleaded guilty in the Southern District of New York to a charge alleging the exchange violated the Bank Secrecy Act by willfully failing to maintain adequate anti-money laundering and customer identification programs between September 2015 and September 2020. BitMEX’s co-founders previously pleaded guilty to similar charges. The exchange will be sentenced on October 7, 2024 before U.S. District Judge John Koeltl. DOJ Press Release; Law360; CoinDesk.
Hydrogen Technology Executives Sentenced to Prison for Price Manipulation
On June 25, the CEO of Hydrogen Technology was sentenced to two years and 11 months in prison and the Head of Financial Engineering was sentenced to three years and nine months in prison for their involvement in manipulating the price of the company’s cryptocurrency, HYDRO, through wash trades and spoofing. According to the DOJ, the case marked the first time a federal jury found that a cryptocurrency was a security and that manipulating cryptocurrency prices was securities fraud. DOJ Press Release; CoinDesk .
Silvergate Bank Settles Charges with Federal and California Regulators
On July 1, Silvergate Capital Corporation, the parent of the crypto-friendly Silvergate Bank, agreed to pay $63 million to settle charges from the SEC, Federal Reserve, and the California Department of Financial Protection and Innovation. Silvergate Bank liquidated in 2023 following a run on deposits. Regulators sued Silvergate, alleging the bank misled the public and failed to implement adequate anti-money laundering programs. CoinDesk; The Block; Cointelegraph.
Paxful Co-Founder Pleads Guilty to Anti-Money Laundering Charge
On July 8, Artur Schaback, co-founder of peer-to-peer crypto trading platform Paxful pleaded guilty to one count of conspiracy to willfully fail to establish, develop, implement, and maintain an effective anti-money laundering program under the Bank Secrecy Act. The government alleged that between 2015 and 2019 Schaback operated a virtual currency platform without collecting sufficient know-your-customer data, failed to implement appropriate anti-money laundering policies, and did not file any suspicious activity reports despite knowing that the platform’s users were participating in criminal activities. Schaback is scheduled to be sentenced on November 4 and faces a potential maximum penalty of five years in prison. Additionally, as part of the plea agreement, Schaback will pay a $5 million fine and step down from Paxful’s board of directors. Plea Agreement; GIR; Coinspeaker.
Guo Wengui Convicted in U.S. in $1 Billion Fraud SchemeOn July 16, Guo Wengui (AKA Miles Guo), self-exiled Chinese billionaire and businessman, was convicted by a New York jury on several counts, including racketeering conspiracy, wire fraud, and money laundering, for soliciting investments in various entities through false statements and representations to hundreds of thousands of his online followers. Guo was previously arrested in March 2023 on suspicion of orchestrating a more than $1 billion fraud conspiracy that involved cryptocurrency. According to the DOJ following his arrest, Guo obtained more than $262 million in victim funds through the Himalaya Exchange, a purported cryptocurrency ecosystem. Guo’s sentencing has been scheduled for November 19. TheBlock; USAO Statement; BBC.
Abra Settles with 25 States for Unlicensed Money TransmissionOn June 26, Abra, a cryptocurrency investing platform, and its CEO settled a collective action with 25 state financial regulators for operating the Abra App without the required state money transmitting licenses. Under the settlement agreement, Abra will return up to $82.1 million in cryptocurrency to U.S. customers in the settling states. Abra also agreed to stop “accepting virtual asset Allocations from U.S. Abra Trade Account customers” and to stop “making buying, selling, or trading cryptocurrencies available to U.S. Abra Trade customers.” Conference of State Bank Supervisors; Reuters; CoinDesk.

INTERNATIONAL

Crypto Payment Company Payeer Faces $10M Fine in Lithuania
On July 7, the Lithuanian Financial Crime Investigation Service (FNTT) imposed fines of 9.29 million euros (approximately $10 million USD) on crypto exchange and e-commerce payment service company Payeer, alleging the company violated anti-money laundering regulations and allowed customers to transfer money through sanctioned Russian banks. According to the FNTT’s announcement, the fines were the largest ever imposed on a virtual asset service provider in Lithuania. FNTT Press Release; Cointelegraph.

REGULATION AND LEGISLATION

UNITED STATES

New Crypto Bill Seeks to Permit Payment of Federal Income Tax in Bitcoin
On June 25, Rep. Matt Gaetz (R-FL) introduced a bill to Congress that would allow for federal income tax to be paid with Bitcoin. In a statement promoting the bill, Rep. Gaetz explained, “By enabling taxpayers to use Bitcoin for federal tax payments, we can promote innovation, increase efficiency, and offer more flexibility to American citizens.” In 2022, Colorado was the first state to approve cryptocurrency payments for state income taxes. The Hill; Forbes.
SEC Approves Ethereum ETFs
On July 22, the SEC approved the first Ethereum spot exchange-traded funds (ETFs), marking the second cryptocurrency to gain spot ETF approval after Bitcoin spot ETFs were approved in January 2024. Many in the industry believe that these approvals, combined with the SEC’s closure of its Ethereum 2.0 investigation, indicate that the agency does not believe Ether is a security. CoinDesk; The Block; Financial Times.
IRS Releases New Rules for Custodial Cryptocurrency Brokers
On June 28, the IRS released final regulations governing cryptocurrency brokers who take possession of the digital assets sold by their customers (including exchanges, hosted wallet services, and digital assets kiosks). The new rules require such cryptocurrency brokers to disclose the movements and gains of customers’ assets. The rules apply to transactions starting from January 1, 2025. Brokers will be required to track cost basis for assets starting in 2026. Notably, the IRS reserved addressing issues regarding non-custodial services (including self-hosted wallets) for a later rulemaking. IRS News Release; CoinDesk; Reuters.
Congress Does Not Override White House Veto of SEC Bill
On July 11, the House of Representatives voted on whether to override President Biden’s veto of legislation overturning Staff Accounting Bulletin No. 121—an SEC guidance document making it difficult for banks to hold custodial digital assets. Although a majority of the House voted to overturn the veto, the vote fell short of the required two-thirds threshold. The same day, it was reported that the SEC was granting exemptions from SAB121 to certain unidentified financial institutions. CoinDesk; White House; SEC; The Block.

INTERNATIONAL

First Phase of the EU’s MiCA Regulation Goes into Effect, Targeting Stablecoins
On June 30, the first phase of the Markets in Crypto-Assets Regulation (MiCA) took effect, focusing on stablecoins. MiCA was initially approved by the EU in April 2023 to provide a uniform framework for digital assets. The new laws permit only regulated stablecoins to be used within the bloc, causing some exchanges to begin delisting non-compliant stablecoins. Additionally, MiCA prohibits issuers from issuing more stablecoins within the bloc if the “estimated quarterly average number and average aggregate value of transactions per day associated to its uses as a means of exchange within a single currency area is higher than 1 million transactions and EUR 200 000 000, respectively.” MiCA implementation will be a gradual process, with regulations impacting digital asset service providers coming in December 2024. MiCA Full Text; The Block; Cointelegraph.
ESMA Publishes Second Final Report Under the Markets in Crypto-Assets Regulation
On July 4, the European Securities and Markets Authority (ESMA) published the second Final Report under MiCA “covering eight draft technical standards that aim to provide more transparency for retail investors, clarity for providers on the technical aspects of disclosure and record-keeping requirements, and data standards to facilitate supervision by National Competent Authorities (NCAs).” This final report includes draft technical standards including sustainability indicators for crypto-asset consensus mechanisms and business continuity measures for crypto-asset service providers. Once finalized, these draft technical standards will be submitted to the European Commission, which will decide whether to adopt them within three months. ESMA Press Release; Final Report.
EBA Extends Travel Guidelines for Crypto Exchanges
On July 6, in an effort to ramp up its anti-money laundering measures, the European Banking Authority (EBA) announced the extension of Travel Rules guidelines (Regulation (EU) 2023/1113) for crypto-asset service providers (CASPs) and their intermediaries. These guidelines, which requires exchanges to collect and transmit information on the sender, recipient, and transaction nature, will become mandatory for all crypto exchanges operating within the EU by December 30, 2024. These requirements include declaring the CASPs’ policies on multi-intermediation and cross-border transfers, collecting users’ information for the transfer of funds or crypto assets, and identifying whether transactions are related to the purchase of services. Once effective, CASPs and their intermediaries will be given a two-month compliance period. Cointelegraph; JD Supra; Cointribune.
Bolivia Lifts Ban on Crypto Payments
On June 26, the Banco Central de Bolivia, Bolivia’s Central Bank, lifted the country’s ban on cryptocurrency payments in a move to help boost Bolivia’s economy and align Bolivia with the crypto policies other Latin American countries. Financial institutions may now transact with digital assets, but the government does not recognize any digital assets as legal tender. Bolivia’s ban dates back to 2014. Banco Central de Bolivia’s X Announcement; Cointelegraph.
South Korea Enacts First Comprehensive Cryptocurrency Regulation
On July 19, South Korea’s new set of cryptocurrency regulations went into effect. The Virtual Asset User Protection Act (VAUPA), including the related enforcement decree approved on June 25, 2024, is the country’s first comprehensive cryptocurrency regulation. VAUPA requires that local crypto exchanges store 80% of user deposits in cold wallets protected from cyberattacks. These cold wallets must be held separately from operation funds and must generate a return of 1% to 1.5% interest. Exchanges must also conduct real-time monitoring for abnormal trading activity and must maintain either insurance or reserve funds to prepare for hacks or liquidity crises. Coinpedia 1; Coinpedia 2; Korean Financial Services Commission; CoinMarketCap; Cointelegraph.
Russia Approves New Crypto Laws
On July 30, Russia passed two crypto laws. The first law, effective November 1, 2024, legalizes crypto mining for registered entities and individuals, while unregistered persons may mine only if they do not exceed specified energy consumption limits. The second law, effective September 1, 2024, provides for an experimental regime granting the Bank of Russia “powers to allow authorized companies to conduct cross-border settlements and exchange trading in digital currency.” Companies need to apply to participate in the experimental regime. CoinDesk.
Taiwan Amends Anti-Money Laundering Laws to Cover Crypto
On July 16, the Legislative Yuan, Taiwan’s parliament, passed amendments to its anti-money laundering (AML) laws. Under the new AML laws, entities and individuals providing crypto services could face two years of imprisonment or a fine of up to NT $ 5 million if they fail to complete AML procedures and registration. The laws apply to any service provider that operates in Taiwan and mandates that overseas providers create local entities for registration compliance. The Block.

CIVIL LITIGATION

UNITED STATES

Coinbase-Backed Lawsuits Seek Documents from the SEC and FDIC
On June 27, History Associates Incorporated, a research firm retained by Coinbase, initiated suits against the SEC and FDIC for failure to comply with Freedom of Information Act (FOIA) requests. In 2023, History Associates, at Coinbase’s direction, submitted FOIA requests to the SEC for documents concerning three closed digital-asset-related investigations. History Associates separately submitted a FOIA request to the FDIC related to “pause letters” sent by the agency to financial institutions asking them to cease their crypto activities. Both agencies withheld documents claiming that they are covered by FOIA exemptions. Coinbase and History Associates seek a court order to compel the agencies to disclose the requested records. History Associates v. SEC; History Associates v. FDIC; The Block; CoinDesk; Cointelegraph.
Artists Sue SEC Seeking Clarity Over NFTs
On July 29, law professor Brian Frye and songwriter Jonathan Mann filed suit against the SEC and its five commissioners in the U.S. District Court in the Eastern District of Louisiana to determine whether NFTs fall under the agency’s jurisdiction and what steps artists must take when creating and selling NFTs. Both have NFT projects in progress and are seeking a declaratory judgment from the court. The SEC’s NFT enforcement actions generally have settled, so courts have rarely had an opportunity to consider whether NFTs may be securities. TheBlock; Cointelegraph.

SPEAKER’S CORNER

UNITED STATES

Senator Lummis’s Draft Bitcoin Bill Proposes U.S. Treasury Bitcoin Reserve
On July 27, at the Bitcoin Nashville conference, Sen. Cynthia Lummis (R-WY) announced her intention to propose a bill titled “Boosting Innovation, Technology, and Competitiveness through Optimized Investment Nationwide Act of 2024” (“BITCOIN Act of 2024”) that would establish a Bitcoin Purchase Program for the U.S. Treasury. According to a draft of the bill that was shared with CoinDesk on July 31, the Bitcoin Purchase Program would buy no more than 200,000 bitcoin a year over a five-year period. States could also voluntarily participate in storing bitcoin holdings as part of the reserve. Part of the proposed plan to fund this program relies on adjustments made to gold certificates, with Federal Reserve banks returning their existing gold certificates to the U.S. Treasury. TheBlock; CoinDesk; Crypto News.
CFTC Chairman Asserts Agency Is Ready to Take on Oversight of the Cryptocurrency Market
On July 10, U.S. Commodity Futures Trading Commission Chair Rostin Behnam testified before the Senate Agriculture Committee seeking to assure the Senate that his agency is ready to protect retail investors if it is given oversight of the digital-asset market. Although multiple lawmakers pointed out that much of the agency’s oversight concerns institutional-focused products, Benham asserted that the CFTC already has a wealth of experience protecting retail investors in crypto markets through the agency’s enforcement efforts. According to Behnam, more than half of the agency’s enforcement docket during the past fiscal year consisted of crypto cases, and a significant portion of the agency’s suits deal with alleged fraud of retail investors. Behnam estimated that the CFTC would need around $30 to 35 million in the first year and $50 to 60 million in the second to properly oversee cryptocurrency markets. Law360.

OTHER NOTABLE NEWS

U.S. Senate Annual Report Pushes Blockchain for National Security Applications
On July 9, the United States Senate Committee on Armed Services issued a report for the 2025 fiscal year, in part assessing the viability of utilizing blockchain technology for supply chain security and other national security uses. According to the report, “blockchain technology has the potential to enhance the cryptographic integrity of the defense supply chain, improve data integrity, and reduce the risk of the manipulation or corruption of certain types of data by near-peer competitors.” The committee also wants to explore blockchain use cases “to achieve national security goals and to create secure, transparent, accountable, and auditable data related to supply chains.” With these goals in mind, the report directed the U.S. Secretary of Defense to provide a briefing on this subject by April 1, 2025. Committee Report; Cointelegraph.
First Cross-Agency Fraud Disruption Conference Convened to Combat Crypto Scams
American citizens lose billions of dollars each year to such scams. On July 11, the Commodity Futures Trading Commission and the Department of Justice Computer Crime and Intellectual Property Section announced a first-of-its-kind interagency Fraud Disruption Conference, which will focus on efforts to combat “pig butchering” scams, a common type of scam in which a victim is induced to transfer large sums of money (usually cryptocurrency) to a scammer pretending to be a new friend or romantic partner. Other participants in the conference include the Federal Bureau of Investigations, the Secret Service, the Securities and Exchange Commission, the Social Security Administration, the Treasury, the Drug Enforcement Administration, the Postal Inspection Service, and several US Attorney’s offices. CFTC 1; CFTC 2.

The following Gibson Dunn lawyers contributed to this issue: Jason Cabral, Kendall Day, Jeff Steiner, Sara Weed, Chris Jones, Jay Minga, Nick Harper, Justin Fishman, Tin Le, and Cody Wong.

FinTech and Digital Assets Group Leaders / Members:

Ashlie Beringer, Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)

Michael D. Bopp, Washington, D.C. (+1 202.955.8256, mbopp@gibsondunn.com

Stephanie L. Brooker, Washington, D.C. (+1 202.887.3502, sbrooker@gibsondunn.com)

Jason J. Cabral, New York (+1 212.351.6267, jcabral@gibsondunn.com)

Ella Alves Capone, Washington, D.C. (+1 202.887.3511, ecapone@gibsondunn.com)

M. Kendall Day, Washington, D.C. (+1 202.955.8220, kday@gibsondunn.com)

Michael J. Desmond, Los Angeles/Washington, D.C. (+1 213.229.7531, mdesmond@gibsondunn.com)

Sébastien Evrard, Hong Kong (+852 2214 3798, sevrard@gibsondunn.com)

William R. Hallatt, Hong Kong (+852 2214 3836, whallatt@gibsondunn.com)

Martin A. Hewett, Washington, D.C. (+1 202.955.8207, mhewett@gibsondunn.com)

Michelle M. Kirschner, London (+44 (0)20 7071.4212, mkirschner@gibsondunn.com)

Stewart McDowell, San Francisco (+1 415.393.8322, smcdowell@gibsondunn.com)

Mark K. Schonfeld, New York (+1 212.351.2433, mschonfeld@gibsondunn.com)

Orin Snyder, New York (+1 212.351.2400, osnyder@gibsondunn.com)

Ro Spaziani, New York (+1 212.351.6255, rspaziani@gibsondunn.com)

Jeffrey L. Steiner, Washington, D.C. (+1 202.887.3632, jsteiner@gibsondunn.com)

Eric D. Vandevelde, Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)

Benjamin Wagner, Palo Alto (+1 650.849.5395, bwagner@gibsondunn.com)

Sara K. Weed, Washington, D.C. (+1 202.955.8507, sweed@gibsondunn.com)

This update addresses several of the most pressing questions involving DOJ’s Whistleblower Pilot Program’s scope and functionality and offers strategies and considerations for navigating this new regime.

On August 1, 2024, the Department of Justice (DOJ) announced its new Corporate Whistleblower Awards Pilot Program (Pilot Program). As previewed by Deputy Attorney General Lisa Monaco earlier this year, longstanding whistleblower programs (such as those operated via the Securities and Exchange Commission, the Commodity Futures Trading Commission, the False Claims Act qui tam program, and the Financial Crimes Enforcement Network) have proven successful, but—from the standpoint of DOJ—have not addressed the full range of corporate and financial misconduct that DOJ seeks to prosecute. The Pilot Program is intended to fill those gaps.

In this update, we answer several of the most pressing questions involving the new Pilot Program’s scope and functionality, as well as offer strategies and considerations that existing and prospective clients should contemplate when navigating this new regime.

I. PILOT PROGRAM: HOW IT WORKS

What Is the Pilot Program?

The Pilot Program is a three-year initiative managed through DOJ Criminal Division’s Money Laundering and Asset Recovery Section (MLARS). The Pilot Program applies to individuals only,[1] with awards issued in DOJ’s sole discretion and funded from DOJ’s Asset Forfeiture Fund (DOJ’s Forfeiture Fund).[2] Awards are only available on forfeitures exceeding $1 million USD.

As will be explained in more detail below, the Pilot Program limits awards to misconduct involving specific offenses: including money laundering related crimes, both foreign and domestic corruption disputes, and health care fraud schemes involving non-governmental entities.[3] Whistleblowers cannot have meaningfully participated in the alleged criminal activity they seek to report, nor can whistleblowers relay information learned through their work as an internal auditor or compliance officer within a given corporation.[4]

Who Can Be a Whistleblower Under the Pilot Program?

Earlier this year, announcements about the Pilot Program had indicated that whistleblowers would be disqualified from receiving any recovery if they participated in any way in the alleged misconduct.[5] However, the now-operative version of the program makes clear that even those who “minimally” participate or are “least culpable” can still be eligible for an award.[6] Determining a whistleblower’s level of culpability is tied to definitions promulgated by the United States Sentencing Commission and will likely be subject to interpretive dispute in individual cases. For instance, we anticipate that purported whistleblowers (even ones who may be significant participants in the scheme) will try to argue that their level of culpability is only “minimal”—thereby positioning themselves as rightful recipients of the forfeited proceeds, or at least attempting to complicate DOJ’s decision making regarding whether to prosecute them individually.

The decision to allow awards to those with unclean hands will also expand the pool of individuals seeking to participate in the Pilot Program.

What Types of Information Must a Whistleblower Relay to Receive an Award?

Under the Pilot Program, individuals are required to provide “original information” to DOJ.[7] Such original information must be derived from the individual’s independent knowledge and must be information not previously known to prosecutors.[8] Importantly, this does not mean that a whistleblower must be the first individual to inform DOJ about alleged wrongdoing. DOJ may well be aware of the alleged misconduct, even to the point where the department already has initiated a criminal investigation. Instead, where a purported whistleblower’s information comes after DOJ has begun to investigate, a whistleblower will only qualify for a reward if DOJ determines that the intelligence is material in some aspect to the ongoing investigation, as well as if the specific information was previously unknown to the government.[9]

In addition to providing “original information,” a whistleblower will need to identify alleged misconduct concerning one of the four following subject areas. These include:

Violations by financial institutions related to money laundering schemes, anti-money laundering compliance violations (in violation of the Bank Secrecy Act), failures to register money transmitting businesses, and additional violations of fraud-related provisions.
Violations related to foreign corruption and bribery, as proscribed under the Foreign Corrupt Practices Act or the Foreign Extortion Prevention Act.
Violations of public corruption statutes—including actions by companies related to bribe payments or kickbacks remitted to covered public officials at both the local (i.e., Federal Program Bribery) and federal level.
Violations associated with federal health care offenses, with the information necessarily involving non-governmental benefit programs as opposed to allegations involving public ones.[10]

How Does the Pilot Program Interact with Other Whistleblower Programs?

Several of the Pilot Program’s subject matter areas overlap with those that are the focus of other federal whistleblower programs. For instance, as we discussed in a January 2021 client alert, the Treasury Department’s Financial Crimes Enforcement Network (or FinCEN), pursuant to the Anti-Money Laundering Act of 2020, provides for awards to whistleblowers who provide information about relevant money laundering violations—a key focus of the Pilot Program as well.[11] Similarly, the Securities and Exchange Commission (SEC) encourages tips regarding alleged bribery and improper payments to foreign officials—similarly tracking those areas of focus in the new Pilot Program.[12] A narrower pilot program recently launched in the Southern District of New York also focuses on soliciting information regarding a narrower set of federal corruption statutes.[13]

Other aspects of the Pilot Program’s covered subject areas (both for other corruption offenses and specific health care offenses) do not similarly overlap with existing federal whistleblower programs. Specifically, reporting instances of domestic public corruption against federal officials is not a current focus of the SEC’s program and reporting regarding health care offenses applies only to non-governmental entities under the Pilot Program, not the public programs covered by DOJ’s False Claims Act qui tam regime.

Whistleblowers will not be able to recover under the Pilot Program if they can recover under another award program (such as through submissions of similar misconduct to the SEC or FinCEN).[14] Nevertheless, the new Pilot Program is structured to incentivize whistleblowers to share their reports with multiple government agencies. As the Pilot Program specifies, “if an individual is unsure of whether they qualify for another U.S. government program or may qualify for … [the Pilot Program], they should submit information to both programs so that the Department can assess the information.”[15] Multiple federal agencies, including DOJ, stand to be apprised of the same alleged misconduct and could conceivably commence concurrent investigations, complicating the field that clients must navigate.

How Will Rewards Under Pilot Program Compare to Other Federal Whistleblower Programs?

Whistleblowers under the Pilot Program likely stand to gain less when compared to available recoveries under other whistleblower programs. Awards for the Pilot Program will be paid from DOJ’s Forfeiture Fund. Already, DOJ’s Forfeiture Fund averages approximately $1.8 billion in outlays per year, and the fund is typically used to (1) compensate victims and (2) pay for law enforcement expenses.[16] The Pilot Program maintains longstanding DOJ prioritization that victims must be paid first, with no award available for whistleblowers until victim compensation takes place.[17] Moreover, as currently structured, any awards paid under the Pilot Program must have been captured in an individual case, meaning that there will be no carryover from one matter to another and thus no freestanding whistleblower compensation fund that can be used to address shortfalls in the amounts that DOJ wishes to compensate a whistleblower. As a result of these and other limitations articulated in the program documents, we doubt that the awards available under the Pilot Program will come anywhere near the lucrative sums paid out by other programs, such as the SEC’s.

II. PILOT PROGRAM: KEY IMPACTS AND TAKEAWAYS FOR CORPORATIONS

The Pilot Program comes on the heels of other DOJ initiatives designed to incentivize corporations to collaborate with, and quickly convey alleged misconduct to, DOJ. A central example is the Corporate Enforcement and Voluntary Self-Disclosure Policy, which we summarized in a March 2023 client alert and incentivizes a corporation’s timely sharing of information to potentially earn presumptions from DOJ against charges for criminal conduct.[18] Given that individual whistleblowers can now earn financial rewards for disclosing similar information directly to DOJ, corporate clients may be unsure of how to address future compliance efforts and position themselves to consider voluntary self-disclosure and other well-deserved cooperation credits. In the remainder of this alert, we consider those questions and the broader implications for corporations that the Pilot Program poses.

Are Whistleblowers Required to Report Alleged Misconduct Through a Corporation’s Compliance Program Before Disclosing Information to DOJ?

No, the Pilot Program contains no specific requirement that whistleblowers first exhaust any internal reporting requirements before reporting information to DOJ. However, DOJ encourages whistleblowers to cooperate with their employers through use of existing internal compliance programs. For instance, the Pilot Program instructs whistleblowers that DOJ will consider whether to increase award amounts based on whether the individual first reported the misconduct through the corporation’s internal compliance program.[19] In turn, if a whistleblower deliberately withholds information from an employer corporation, such omissions stand to decrease the overall value of an informant’s reward as well.[20]

The details of how DOJ applies these factors to awards will be important. Without strong and explicit messaging to whistleblowers that they must first report matters through a corporation’s internal compliance program, DOJ risks undermining some of the very incentives the department previously put forth in the Corporate Enforcement and Voluntary Self-Disclosure Policy—specifically those regarding the benefits corporate entities stand to gain from developing robust compliance programs capable of investigating whistleblower complaints in the first instance.

The structure of the Pilot Program therefore creates an effective race to DOJ between the corporation and its whistleblower employee. This race is complicated because it is rare that any complaint is clear-cut—which means that a corporation is typically required to undertake substantial investigative efforts to ferret out the real gravamen of the complaint. It is not as obvious that individual whistleblowers are burdened by similar administrative requirements.

If Whistleblowers Relay Information to DOJ, Can Corporations Still Earn Criminal Declinations Under the Corporate Enforcement and Voluntary Self-Disclosure Program?

Yes. If a whistleblower makes an internal report to both the corporation and DOJ, the corporation can still qualify for a presumption of a declination. However, the corporation must self-report the conduct to DOJ within 120 days of receiving the whistleblower’s submission and must independently meet the other requirements for voluntary self-disclosure, including demonstrating to DOJ that the corporation exercised due diligence in identifying alleged problems and implementing appropriate remedial measures.[21]

A corporation will need to move relatively expeditiously to report the alleged misconduct in the requisite 120-day window.[22] And moving expeditiously to report alleged misconduct becomes even more important given that corporations are not eligible for a presumption of a declination if DOJ initiates contact before the corporate entity has the chance to disclose matters based on a whistleblower’s report.[23] Corporations should therefore begin to consider whether compliance updates are needed to streamline the consideration of reports and the analysis of voluntary disclosure, all without sacrificing a system’s overall thoroughness. The escalation processes within a company’s human resources, compliance, and legal departments will all be essential to assess. Gibson Dunn stands ready to assist in these efforts.

Will the Pilot Program Lead to More Government-Initiated Investigations of Corporations?

In general, we expect that the Pilot Program will increase the number of DOJ inquiries and investigations that a corporation will face. Employees, inspired by the promise of payment, may submit information to DOJ that would not (and should not) otherwise lead to government scrutiny absent the Pilot Program here. While we fully expect DOJ’s vetting processes to sift out meritless pursuits, corporations should brace for the possibility that increased tips will lead to increased government questions. To that end, corporations should continue to improve internal compliance systems and operate with a continued understanding that DOJ may soon request access to internal, potentially sensitive, information for investigative purposes.

Beyond inquiries from DOJ alone, we do expect that the Pilot Program—with its provision encouraging whistleblowers to submit information to a host of whistleblower programs in moments of doubt—will likely result in duplicate submissions to multiple agencies by whistleblowers. That DOJ will now be receiving information at the same time as other agencies with whistleblower programs could lead to increased coordination (or worse, competition) among agencies with overlapping enforcement authority—generating the need for corporations to engage in more complex decision-making to navigate multi-agency inquiries.

The Pilot Program may also present substantial challenges for corporations that have taken steps to impose zero tolerance disciplinary measures against employees who participate in any alleged wrongdoing. As currently crafted, the Pilot Program allows whistleblowers to reap rewards even where they participated, albeit minimally, in the underlying scheme.[24] However, any otherwise-appropriate termination decision taken by a corporation against such a whistleblower may run counter to the Pilot Program’s anti-retaliation provision—frustrating the chance that the corporation (though operating by objective standards and in good faith) would receive cooperation credit.[25]

III. CONCLUSION: CONSIDERATIONS FOR THE FUTURE

Though in its infancy, we expect the whistleblower bar to lobby Congress for certain changes to the Pilot Program. DOJ crafted the Pilot Program using language from a decades-old statute, 18 U.S.C. 524(c); and pursuant to that provision, DOJ maintains discretion over whether a whistleblower award is ultimately issued. That level of DOJ discretion stands in sharp contrast to FinCEN’s recently crafted whistleblower program—where the relative statutory provision mandated that officials pay tipsters.[26] That distinction may compel the whistleblower bar to lobby Congress for statutory amendments that similarly ensure that Pilot Program whistleblowers are assured of financial compensation in exchange for their proffered intelligence. Should that happen, we expect an even further potential increase in government inquiries and investigations—as the incentive to whistleblowers will become more assured.

As the Pilot Program continues to unfold, we will continue to monitor for relevant updates and report on steps that corporations should take to navigate the newfound program.

[1] Dep’t of Justice Corporate Whistleblower Awards Pilot Program (hereafter Pilot Program) § II.1.

[2] Id. § II.7.a.

[3] Id. § II.3.a-d.

[4] Id. § II.2.e.4.

[5] Dep’t of Justice: Office of Public Affairs, Deputy Attorney General Lisa Monaco Delivers Keynote Remarks at the American Bar Association’s 39th National Institute on White Collar Crime (Mar. 7, 2024), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-keynote-remarks-american-bar-associations.

[6] Pilot Program § III.3.b.i.

[7] Id. § II.2.

[8] Id. § II.2.a-b.

[9] Id. § II.2.c.

[10] Id. § II.3.a-d.

[11] Gibson Dunn: The Top 10 Takeaways for Financial Institutions From the Anti-Money Laundering Act of 2020 (Jan. 1, 2021), https://www.gibsondunn.com/wp-content/uploads/2021/01/the-top-10-takeaways-for-financial-institutions-from-the-anti-money-laundering-act-of-2020.pdf.

[12] U.S. Securities and Exchange Comm’n, Whistleblower Frequently Asked Questions, https://www.sec.gov/enforcement-litigation/whistleblower-program/whistleblower-frequently-asked-questions#faq-3.

[13] Southern District of New York, Whistleblower Pilot Program (Feb. 13, 2024), https://www.justice.gov/d9/2024-05/sdny_wb_policy_effective_2-13-24.pdf.

[14] Pilot Program § II.1.b.

[15] Id. § II.1.b.n.3.

[16] U.S. Dep’t of Justice: Asset Forfeiture Program, FY 2025 Performance Budget (Feb. 27, 2024), https://www.justice.gov/d9/2024-03/afp_fy_2025_pb_narrative_2.27.24_final_1.pdf.

[17] Pilot Program § III.2.c.

[18] U.S. Dep’t of Justice, Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy, https://www.justice.gov/criminal/criminal-fraud/file/1562831/dl.

[19] Pilot Program § III.3.a.iii.

[20] Id. § III.3.b.iii.

[21] U.S. Securities and Exchange Comm’n, Whistleblower Frequently Asked Questions, https://www.sec.gov/enforcement-litigation/whistleblower-program/whistleblower-frequently-asked-questions#faq-3.

[22] U.S. Dep’t of Justice: Criminal Division, Criminal Division Corporate Whistleblower Awards Pilot Program: Frequently Asked Questions (Aug. 1, 2024), https://www.justice.gov/criminal/criminal-division-corporate-whistleblower-awards-pilot-program.

[23] Id.

[24] Pilot Program § § III.3.b.i.

[25] Id. § IV.4.

[26] Gibson Dunn: The Top 10 Takeaways for Financial Institutions From the Anti-Money Laundering Act of 2020 (Jan. 1, 2021), https://www.gibsondunn.com/wp-content/uploads/2021/01/the-top-10-takeaways-for-financial-institutions-from-the-anti-money-laundering-act-of-2020.pdf.

The following Gibson Dunn lawyers prepared this update: M. Kendall Day, F. Joseph Warin, and Ben Schlichting.

Gibson Dunn has deep experience with issues relating to corporate compliance programs, investigations and enforcement actions. For assistance navigating white collar or regulatory enforcement issues, please contact the authors, the Gibson Dunn lawyer with whom you usually work, or any of the leaders and members of the firm’s White Collar Defense and Investigations practice group:

F. Joseph Warin – Washington, D.C. (+1 202.887.3609, fwarin@gibsondunn.com)
M. Kendall Day – Washington, D.C. (+1 202.955.8220, kday@gibsondunn.com)

Washington, D.C.
Stephanie Brooker (+1 202.887.3502, sbrooker@gibsondunn.com)
Courtney M. Brown (+1 202.955.8685, cmbrown@gibsondunn.com)
David P. Burns (+1 202.887.3786, dburns@gibsondunn.com)
John W.F. Chesley (+1 202.887.3788, jchesley@gibsondunn.com)
Daniel P. Chung (+1 202.887.3729, dchung@gibsondunn.com)
Stuart F. Delery (+1 202.955.8515, sdelery@gibsondunn.com)
Michael S. Diamant (+1 202.887.3604, mdiamant@gibsondunn.com)
Gustav W. Eyler (+1 202.955.8610, geyler@gibsondunn.com)
Melissa Farrar (+1 202.887.3579, mfarrar@gibsondunn.com)
Amy Feagles (+1 202.887.3699, afeagles@gibsondunn.com)
Scott D. Hammond (+1 202.887.3684, shammond@gibsondunn.com)
George J. Hazel (+1 202.887.3674, ghazel@gibsondunn.com)
Adam M. Smith (+1 202.887.3547, asmith@gibsondunn.com)
Patrick F. Stokes (+1 202.955.8504, pstokes@gibsondunn.com)
Oleh Vretsona (+1 202.887.3779, ovretsona@gibsondunn.com)
David C. Ware (+1 202.887.3652, dware@gibsondunn.com)
Ella Alves Capone (+1 202.887.3511, ecapone@gibsondunn.com)
Lora Elizabeth MacDonald (+1 202.887.3738, lmacdonald@gibsondunn.com)
Nicole Lee (+1 202.887.3717, nlee@gibsondunn.com)
Pedro G. Soto (+1 202.955.8661, psoto@gibsondunn.com)

New York
Zainab N. Ahmad (+1 212.351.2609, zahmad@gibsondunn.com)
Reed Brodsky (+1 212.351.5334, rbrodsky@gibsondunn.com)
Mylan L. Denerstein (+1 212.351.3850, mdenerstein@gibsondunn.com)
Karin Portlock (+1 212.351.2666, kportlock@gibsondunn.com)
Mark K. Schonfeld (+1 212.351.2433, mschonfeld@gibsondunn.com)
Orin Snyder (+1 212.351.2400, osnyder@gibsondunn.com)
Alexander H. Southwell (+1 212.351.3981, asouthwell@gibsondunn.com)

Dallas
David Woodcock (+1 214.698.3211, dwoodcock@gibsondunn.com)

Denver
Ryan T. Bergsieker (+1 303.298.5774, rbergsieker@gibsondunn.com)
Robert C. Blume (+1 303.298.5758, rblume@gibsondunn.com)
John D.W. Partridge (+1 303.298.5931, jpartridge@gibsondunn.com)

Houston
Gregg J. Costa (+1 346.718.6649, gcosta@gibsondunn.com)

Los Angeles
Michael H. Dore (+1 213.229.7652, mdore@gibsondunn.com)
Michael M. Farhang (+1 213.229.7005, mfarhang@gibsondunn.com)
Diana M. Feinstein (+1 213.229.7351, dfeinstein@gibsondunn.com)
Douglas Fuchs (+1 213.229.7605, dfuchs@gibsondunn.com)
Nicola T. Hanna (+1 213.229.7269, nhanna@gibsondunn.com)
Poonam G. Kumar (+1 213.229.7554, pkumar@gibsondunn.com)
Marcellus McRae (+1 213.229.7675, mmcrae@gibsondunn.com)
Eric D. Vandevelde (+1 213.229.7186, evandevelde@gibsondunn.com)
Debra Wong Yang (+1 213.229.7472, dwongyang@gibsondunn.com)

San Francisco
Winston Y. Chan (+1 415.393.8362, wchan@gibsondunn.com)
Charles J. Stevens (+1 415.393.8391, cstevens@gibsondunn.com)

Palo Alto
Benjamin Wagner (+1 650.849.5395, bwagner@gibsondunn.com)

London
Patrick Doris (+44 20 7071 4276, pdoris@gibsondunn.com)
Sacha Harber-Kelly (+44 20 7071 4205, sharber-kelly@gibsondunn.com)
Michelle Kirschner (+44 20 7071 4212, mkirschner@gibsondunn.com)
Allan Neil (+44 20 7071 4296, aneil@gibsondunn.com)
Matthew Nunan (+44 20 7071 4201, mnunan@gibsondunn.com)
Philip Rocher (+44 20 7071 4202, procher@gibsondunn.com)

Paris
Benoît Fleury (+33 1 56 43 13 00, bfleury@gibsondunn.com)
Bernard Grinspan (+33 1 56 43 13 00, bgrinspan@gibsondunn.com)

Frankfurt
Finn Zeidler (+49 69 247 411 530, fzeidler@gibsondunn.com)

Munich
Kai Gesing (+49 89 189 33 285, kgesing@gibsondunn.com)
Katharina Humphrey (+49 89 189 33 155, khumphrey@gibsondunn.com)
Benno Schwarz (+49 89 189 33 110, bschwarz@gibsondunn.com)

Hong Kong
Kelly Austin (+1 303.298.5980, kaustin@gibsondunn.com)
Oliver D. Welch (+852 2214 3716, owelch@gibsondunn.com)

This update provides an overview of key class action-related developments during the second quarter of 2024 (April to June).

Table of Contents

Part I discusses a Ninth Circuit decision reversing class certification because individualized causation issues predominated;
Part II reviews recent decisions from the Third and Seventh Circuits dismissing putative class claims for lack of standing;
Part III covers a Ninth Circuit decision affirming class certification without assessing the admissibility of expert opinions, creating a conflict with prior Ninth Circuit decisions and the case law of other courts of appeals; and
Part IV highlights Supreme Court and Ninth Circuit decisions clarifying the scope of the FAA’s transportation-worker exemption.

I. The Ninth Circuit Reverses Class Certification Because Individualized Causation Issues Would Predominate

The Ninth Circuit’s decision in White v. Symetra Assigned Benefits Service Co., 104 F.4th 1182 (9th Cir. 2024), reversing class certification on predominance grounds, will prove useful in future class actions presenting causation issues or other elements requiring individualized inquiry.

The district court in White certified two nationwide classes of about 2,000 people who, after receiving structured settlement annuities to resolve their tort claims, chose “factoring” arrangements in which they exchanged the right to future payments for a discounted lump sum. 104 F.4th at 1185. These factoring agreements are subject to approval by a state court, which must find the agreement “in the payee’s ‘best interest.’” Id. at 1187. In bringing class claims, the plaintiffs alleged that the defendants unlawfully induced them to enter detrimental factoring agreements using unfair and deceptive business practices. Id. at 1192-93. The district court certified the classes, focusing on the “common, uniform marketing materials that the defendants used to solicit annuitants for factoring transactions.” Id. at 1190 (cleaned up).

On interlocutory review under Rule 23(f), the Ninth Circuit reversed class certification, holding that “individual issues of causation will predominate over common ones when evaluating whether defendants’ acts and omissions caused the plaintiffs to enter factoring transactions and incur their alleged injuries.” White, 104 F.4th at 1192. Determining whether the defendants’ conduct actually induced each class member to enter a factoring agreement would require examination of “the unique circumstances that led the annuitant to consider factoring, the details of each plaintiff’s one-on-one communications with the defendants, and the disclosures made to each plaintiff.” Id. at 1195. The court would also need to “consider the state court proceedings that … approved the factoring transactions as in the annuitants’ best interest,” which “were necessarily individualized to each annuitant, and … would also differ across states.” Id. The Ninth Circuit concluded that, “[g]iven the personalized nature of the factoring transactions and the accompanying state court review process, the causal chain” was “too individualized” to support a finding of predominance. Id. at 1195-96.

II. The Third and Seventh Circuits Toss State-Law Claims for Lack of Standing

In two decisions this quarter, Lewis v. GEICO, 98 F.4th 452 (3d Cir. 2024), and In re Recalled Abbott Infant Formula Products Liability Litigation, 97 F.4th 525 (7th Cir. 2024), the Third and Seventh Circuits addressed Article III standing in putative class actions in the wake of the Supreme Court’s landmark decision in TransUnion LLC v. Ramirez, 594 U.S. 413 (2021).

In Lewis, the plaintiffs sued GEICO for breach of their insurance policy, claiming that GEICO applied an improper downward adjustment in estimating the value of their totaled car. The district court certified a class, but the Third Circuit vacated with instructions to dismiss for lack of standing. 98 F.4th at 458, 461. The court explained that the plaintiffs could not rely on the downward adjustment alone because it was not the end of the valuation process—GEICO had applied the adjustment but then increased its valuation of the plaintiffs’ car, and then applied a further upward adjustment in negotiating with the plaintiffs. Id. at 460. The Third Circuit explained that “to ignore these later steps and treat the [downward] adjustment alone as a harm … would impermissibly divorce their standing to sue from any real-world financial injury.” Id. at 460. And the court emphasized that even if the downward adjustment the plaintiffs challenged were illegal, the plaintiffs could not rely on such a “‘bare procedural violation[], divorced from any concrete harm.’” Id. at 461.

In Recalled Abbott Infant Formula, the Seventh Circuit affirmed dismissal of a putative class action for lack of standing. 97 F.4th at 527. Following a recall of infant formula, the plaintiffs brought various state-law claims based on an alleged risk that the products were contaminated. Id. at 527-28. The plaintiffs asserted economic injury based on two theories: (1) they did not get the benefit of their bargain because the formula was at risk of contamination, and (2) they paid a premium for the formula that they would not have paid had they known of the risk. Id. at 528. On appeal, the Seventh Circuit rejected both theories of standing. It explained that the plaintiffs’ “alleged injury is hypothetical or conjectural” because, at the time they bought the formula, there was “no known risk of contamination and no loss of the benefit of the bargain or premium price paid,” and once the plaintiffs became aware of the risk, “they were told not to use the formula, and Abbott offered a refund.” Id. at 529. The plaintiffs’ alleged injury was also not particularized because “they do not allege that any of the products they purchased were contaminated” or that contamination was “sufficiently widespread” to plausibly affect the products they purchased. Id.

III. The Ninth Circuit Holds That District Courts May Rely on Evidence Without Assessing Its Admissibility at Class Certification

In Lytle v. Nutramax Laboratories, Inc., 99 F.4th 557 (9th Cir. 2024), the plaintiffs sought certification of a class of people who bought a product that was labeled (allegedly misleadingly) as promoting canine joint health. Id. at 566. In support of their bid for certification, they offered an expert who proposed a model that would use a survey to establish classwide damages. Id. at 567. But at the time of certification, the expert had neither executed the survey and calculated damages nor even collected the data and formulated the questions he would use in the survey. Id. at 567, 575, 577. The district court certified the class anyway, finding that the proposed-but-unexecuted model was an acceptable way to measure classwide damages in mislabeling cases and that it was unnecessary to actually complete the survey to establish that damages are “capable” of classwide resolution. Id. at 567.

The Ninth Circuit affirmed. It held that plaintiffs may rely on evidence that is not “in an admissible form” to support class certification, stating that admissibility goes merely to the evidence’s weight. Lytle, 99 F.4th at 570-71. It also held that plaintiffs need not prove that classwide damages exist to obtain certification, id. at 571, because even if some plaintiffs ultimately cannot recover and some can, these categories can be separated at a later stage, id. at 572. And it held that the district court need conduct only a “limited” Daubert analysis at the class certification stage if an expert’s model is not “fully developed.” Id. at 576-77.

The decision in Lytle conflicts with the Ninth Circuit’s prior decision in Olean Wholesale Grocery v. Bumble Bee Foods, 31 F.4th 651 (9th Cir. 2022) (en banc), in which the Circuit held en banc that plaintiffs “may use any admissible evidence” to satisfy their burden at class certification. Id. at 665 (emphasis added). And Lytle’s approval of a more limited Daubert analysis at class certification contradicts Olean’s holding that “defendants may challenge the reliability of an expert’s evidence under Daubert” when opposing class certification. Id. at 665 n.7.

The decision in Lytle also deepens a circuit split on the role of Daubert and admissibility at class certification. On one side, the Eighth Circuit permits a limited Daubert analysis for Rule 23 purposes, In re Zurn Pex Plumbing Prod. Liab. Litig., 644 F.3d 604, 611-14 (8th Cir. 2011), and the Sixth Circuit has endorsed the use of at least nonexpert evidence that may not be admissible, Lyngaas v. Curaden AG, 992 F.3d 412, 428-29 (6th Cir. 2021). On the other side, the Third, Fifth, and Seventh Circuits all require a full-bore Daubert analysis and finding of admissible evidence before a class can be certified. Prantil v. Arkema Inc., 986 F.3d 570, 575-76 (5th Cir. 2021); In re Blood Reagants Antitrust Litig., 783 F3d 183, 186-88 (3d Cir. 2015); Am. Honda Motor Co. v. Allen, 600 F.3d 813, 815-16 (7th Cir. 2010).

The defendants in Lytle petitioned for rehearing and rehearing en banc, and the Ninth Circuit ordered a response. The petition remains pending as of this update.

IV. The Supreme Court and the Ninth Circuit Elaborate on the FAA’s Transportation-Worker Exemption

Finally, the Supreme Court and Ninth Circuit issued decisions this quarter analyzing Section 1 of the Federal Arbitration Act, which exempts “contracts of employment of seamen, railroad employees, or any other class of workers engaged in foreign or interstate commerce” from the Act’s pro-arbitration mandate. 9 U.S.C. § 1.

The Supreme Court previously held that the Section 1 exemption applies only to transportation workers. Circuit City Stores, Inc. v. Adams, 532 U.S. 105, 119 (2001). In Bissonnette v. LePage Bakeries Park St., LLC, 601 U.S. 246 (2024), the Court granted certiorari to address whether, to invoke the exemption, a worker must be employed in the transportation industry. And the Court held that “[a] transportation worker need not work in the transportation industry to fall within the exemption.” Id. at 256. The circumstances of the worker, rather than the industry in which he or she works, determine whether the exemption applies. Id. at 252-56.

The Ninth Circuit also considered the transportation-worker exemption in Fli-Lo Falcon, LLC v. Amazon.com, Inc., 97 F.4th 1190 (9th Cir. 2024). The plaintiffs there were delivery businesses, not individuals. The Ninth Circuit rejected their invocation of the Section 1 exemption, holding that “no business entity is similar in nature to the actual human workers enumerated by the text of the transportation worker exemption.” Id. at 1196.

The following Gibson Dunn lawyers contributed to this update: Jessica Pearigen, Alex Ogren, Elizabeth Strassner, Matt Aidan Getz, Wesley Sze, Lauren Blas, Bradley Hamburger, Kahn Scolnick, and Christopher Chorba.

Gibson Dunn attorneys are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Class Actions, Litigation, or Appellate and Constitutional Law practice groups, or any of the following lawyers:

Theodore J. Boutrous, Jr. – Los Angeles (+1 213.229.7000, tboutrous@gibsondunn.com)

Christopher Chorba – Co-Chair, Class Actions Practice Group, Los Angeles (+1 213.229.7396, cchorba@gibsondunn.com)

Theane Evangelis – Co-Chair, Litigation Practice Group, Los Angeles (+1 213.229.7726, tevangelis@gibsondunn.com)

Lauren R. Goldman – Co-Chair, Technology Litigation Practice Group, New York (+1 212.351.2375, lgoldman@gibsondunn.com)

Kahn A. Scolnick – Co-Chair, Class Actions Practice Group, Los Angeles (+1 213.229.7656, kscolnick@gibsondunn.com)

Bradley J. Hamburger – Los Angeles (+1 213.229.7658, bhamburger@gibsondunn.com)

Michael Holecek – Los Angeles (+1 213.229.7018, mholecek@gibsondunn.com)

Lauren M. Blas – Los Angeles (+1 213.229.7503, lblas@gibsondunn.com)

We are pleased to provide you with the July 2024 edition of Gibson Dunn’s U.S. bank regulatory update. Feel free to reach out to us to discuss any of the below topics further.

KEY TAKEAWAYS

The intersection of banks and partners remains at the regulatory and supervisory forefront and the Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC) issued a Joint Statement and accompanying Request for Information discussing risks associated with bank-fintech partnerships.
The FDIC issued a new proposal on brokered deposits that would fundamentally reverse the 2020 final rule and impact a wide range of financial institutions, including banks, broker-dealers, registered investment advisers, fintechs and neobanks, as discussed in more detail here.
The FDIC issued a new proposal to expand its authority to approve transactions subject to the Change in Bank Control Act (CIBCA).
The U.S. Supreme Court overruled Chevron v. Natural Resources Defense Council,[1] a landmark decision that had required courts to defer to agencies’ reasonable interpretations of ambiguous statutory terms, as discussed in more detail here.
The FDIC published its final rule with respect to the resolution plan requirements for large banks,[2] declaring an effective date of October 1, 2024, and making certain changes from the proposed rule including the creation of a new category of regulatory feedback (“significant finding”) and modifications to the resolution plan submission cycle. Acting Comptroller Hsu expressed his support for the Final Rule.

DEEPER DIVES

Federal banking agencies continue to focus on bank-fintech partnerships with Joint Statement and Request for Information relating to banking-as-a-service (BaaS) arrangements. On July 25, 2024, the FRB, FDIC and OCC (collectively, the Agencies) issued a Joint Statement cautioning regulated institutions about the risks associated with arrangements with third parties to deliver bank deposit products and services. The Agencies highlighted the following as key areas of risk: (i) operational and compliance risks; (ii) challenges created by growth of the program; and (iii) end user confusion and misrepresentations with respect to deposit insurance coverage. The Agencies draw on existing law and guidance, including safety and soundness standards[3] and Interagency Guidance on Third-Party Risk Management to recommend strategies for combating the identified risks. The Agencies emphasize that “…[e]ffective board and senior management oversight is crucial to ensure a bank’s risk management practices are commensurate with the complexity, risk, size, and nature of the activity and relationship, both when the relationship commences and as it evolves over time.” Accompanying the Joint Statement was a Request for Information on Bank-Fintech Arrangements Involving Banking Products and Services Distributed to Consumers and Businesses, which expands on those risks identified in the Joint Statement and invites comment on, among other topics, (a) descriptions of bank-fintech partnerships; and (b) risk management practices in connection with such relationships.

Insights. The Agencies’ Joint Statement and Request for Information again signals the heightened regulatory and supervisory focus on BaaS arrangements, as well as future rulemakings and/or additional guidance. Regulated institutions are expected to take a much more active role with respect to third-party risk identification, management, and monitoring, especially when the third parties in question support the delivery of regulated financial products, such as deposit accounts. Financial institutions considering partnering with fintechs should, at a minimum, continue to focus on ensuring that their risk management infrastructure meets the expectations of the Agencies as described in the Joint Statement and related guidance.

FDIC issues Interpretive Rule and Request for Information reversing 2020 brokered deposit rules. On July 30, 2024, the FDIC issued a Notice of Proposed Rulemaking proposing changes to the brokered deposit rules set forth at 12 C.F.R. Parts 303 (Filing Procedures) and 337 (Unsafe and Unsound Banking Practices). The Proposed Rule would make changes to the “deposit broker” definition and related “primary purpose” exception to such definition,[4] as well as the notice and application processes associated therewith.[5] Specifically, the Proposed Rule would eliminate the exclusive deposit arrangement carveout[6] and enabling transaction designated business test exceptions[7] from the definition of “deposit broker”, revise the 25% test designated business exception[8] for a primary purpose exception to only be available to broker-dealers and investment advisors and only if less than 10% of the total assets of such entity is under management is placed at one or more insured depository institutions (IDIs), and require that only IDIs file notices and applications to the FDIC for primary purpose exceptions.

Insights. The fundamental changes to the 2020 brokered deposit rules coupled with the FDIC’s Request for Information on Deposits (Deposits RFI) reflect concerns within FDIC on how they currently oversee the risks associated with different types of deposits. While much more will be written on these topics, we believe the conflation of the risks related to certain types of uninsured deposits and the risks of brokered deposits is a central issue. We also continue to be concerned with the over-extension of the restrictions on brokered deposits, as set forth in section 29 of the FDI Act, to banks that are well-capitalized. There is little disagreement within the industry that banks that fail to remain well-capitalized should not be relying on brokered deposits for growth. However, the FDIC and other Agencies have leveraged the definition of brokered deposits for other purposes – essentially defining a very diverse set of deposits to be inherently risky and penalizing banks that accept such deposits – be it in the form of assessments or, for the larger banks, the calculation of the liquidity coverage ratio and the net stable funding ratio. Instead of over-hauling such a recent regulation, the FDIC should first receive and release information relating to the Deposits RFI so that both the FDIC and the industry can consider the actual risks associated with different types of deposits prior to considering any changes to the current rule.

FDIC proposes to expand its authority to review certain bank merger applications under the CIBCA. On July 30, 2024, the FDIC issued a Notice of Proposed Rulemaking to amend the FDIC’s regulations under the Change in Bank Control Act (CIBCA). The CIBCA generally provides that no person, acting directly or indirectly, may acquire control of an insured depository institution (IDI) unless the person has given the appropriate federal banking agency prior notice of the proposed transaction, and the agency has not disapproved the transaction. The FDIC’s CIBCA regulations currently specify eight transactions that are exempt from providing prior notice to the FDIC, including if the transaction to acquire control of the IDI’s holding company is subject to notice to the FRB. The proposed rule would remove such exemption.

Insights. The FDIC has demonstrated material differences between it and the other federal bank regulators in areas such as corporate governance and bank consolidation. Thus, the implications of introducing another regulatory agency into CIBCA notices could be substantial and impact future investor appetite.

Federal financial services regulatory agencies issue final rule to help on automated valuation models. On July 17, 2024, the FRB, FDIC, OCC, the National Credit Union Administration (NCUA), the Consumer Financial Protection Bureau (CFPB), and the Federal Housing Finance Agency issued a final rule pursuant to the Dodd-Frank Act, designed to help ensure the credibility and integrity of models used in valuations for certain mortgages secured by a consumer’s principal dwelling. In particular, the final rule implements quality control standards for automated valuation models (AVM) used by mortgage originators and secondary issuers in valuing the consumer’s dwelling. The final rule requires institutions that engage in certain transactions secured by a consumer’s principal dwelling to adopt certain policies, practices, and procedures designed to ensure a high level of confidence, protect against data manipulation, and avoid conflicts of interest.

Insights. Automated valuation models are being used with increasing frequency, driven by advances in database and modeling technologies. While advances in AVM technology and data availability have the potential to reduce costs and turnaround times of the property valuation process, AVMs present heightened technology and operational risks for mortgage originators and secondary issuers. In particular, adopters of AVMs should take appropriate steps to ensure the credibility and integrity of the valuation outputs generated by the model. Adopters must also understand the inputs used by the model to ensure compliance with applicable nondiscrimination laws.

Acting Comptroller Hsu discusses trends reshaping banking. On July 17, 2024, Acting Comptroller Hsu spoke at the Exchequer Club regarding long-term trends reshaping banking and how the OCC is uniquely positioned to address them. The three trends Hsu identified were: the growing number and size of large banks, the complexity of non-bank relationships, and how polarization is enabling greater fragmentation of the U.S. financial system.

Insights. Notably, Acting Comptroller Hsu’s remarks pointed to the concept of preemption as “critical” to both national banking and combatting what he referred to as a worrisome trend of fragmentation at the state and local levels. The preemption issue is especially timely in light of the Supreme Court’s recent decision in Cantero v. Bank of America (discussed in our previous Client Alert), in which the Supreme Court considered which legal standard courts should use in determining whether the National Bank Act preempts state banking laws. In Cantero, the Supreme Court ultimately rejected the categorical tests advanced by both parties, holding that lower courts must instead determine whether the challenged state law significantly interferes with the exercise by a national bank of its powers, based on a “nuanced comparative analysis” of the Court’s applicable opinions. In his remarks, Acting Comptroller Hsu acknowledged that the OCC will need to embrace and develop a more nuanced analysis in defense of preemption in light of the Cantero decision, and we expect the Supreme Court’s rejection of the categorical standards advanced in Cantero to yield more preemption litigation in the lower courts.

FRB and Arkansas State Bank Department issue cease and desist order against Evolve Bank. On June 11, 2024, the FRB and Arkansas State Bank Department issued a cease and desist order against Evolve Bank & Trust and its parent company Evolve Bancorp, Inc. following a number of identified deficiencies, including with respect to the bank’s fintech partnerships involving deposit account offerings and payment processing products. The Agencies found that the bank was engaged in unsafe and unsound practices as a result of “failing to have in place an effective risk management framework for those [fintech] partnerships.” As a result of the order, Evolve Bank is restricted from establishing new fintech partnership programs or offering new products or services to fintechs unless Evolve Bank obtains the prior approval of the FRB and Arkansas State Bank Department.

Insights. The order against Evolve Bank, as well as other recent bank enforcement actions,[9] reflects the increasing focus of bank regulators on partnerships between fintechs and regulated financial institutions. Regulated institutions seeking to engage in such partnerships are expected to establish robust risk management frameworks to identify and manage safety and soundness risks and should expect increased regulatory focus on such relationships and control processes during exams.

FDIC approves deposit insurance application and merger application for Thrivent Bank. On June 20, 2024, the FDIC approved the deposit insurance application of Thrivent Bank, a proposed Utah-chartered industrial loan bank, as well as the associated merger of Thrivent Federal Credit Union, a federally chartered credit union, with Thrivent Bank. In connection with the approval, Thrivent Financial Holdings, Inc. and Thrivent Financial for Lutherans are required to enter into Capital and Liquidity Maintenance Agreements and Parent Company Agreements with the FDIC.

Insights. The FDIC’s first approval of an industrial loan bank in four years signals a willingness to consider industrial loan companies, which can be an attractive route for other growth-focused nonbanks and fintechs looking to obtain bank licenses of their own without impeding the broader operations of the parent organization. However, the FDIC is expected to continue to require a degree of prudential regulation over the bank’s parent companies through the application of similar capital and liquidity requirements and other parent agreements designed to oblige such parents to serve as a source of financial strength for the bank.[10]

Remarks by Acting Comptroller Michael J. Hsu relating to the use and risks of AI tools in the financial system. On June 6, 2024, Acting Comptroller Hsu spoke at the 2024 Conference on Artificial Intelligence and Financial Stability hosted by the Financial Stability Oversight Council regarding the systemic risk implications of AI in financial markets, as well as challenges and potential solutions for the accountability challenge associated with AI. Specifically, Acting Comptroller Hsu emphasized the need to pause development of AI tools at certain key phases in order to develop controls to ensure responsible innovation and trust, highlighted key financial stability risks associated with AI’s use as a weapon, including AI-enabled fraud, cyberattacks, and disinformation, and advocated for shared responsibility frameworks to combat the unique accountability problems presented by AI.

Insights. Acting Comptroller Hsu’s speech reflects the OCC’s continued focus on the development of AI-enabled tools in financial services and the associated risks to the U.S. financial system. Clearly, explainability, accountability, fraud risk, risk management and controls are top of mind for the OCC. Citing to the OCC’s Supervisory Guidance on Model Risk Management, Hsu noted that the OCC “expects banks to use controls commensurate with ‘a bank’s risk exposures, its business activities, and the complexity and extent of its model use.’” Moreover, by advocating for the development of a shared responsibility framework with support from self-regulatory agencies and network membership, the OCC may be signaling its intention to offer limited direct guidance in the short-term on the topic of AI-development, instead choosing to rely on broader guidance on risk-based approaches to providing financial services and engaging with third parties.

Prepared remarks of CFPB Director Rohit Chopra on fraud in consumer payments. On July 9, 2024, Rohit Chopra, Director of the CFPB, delivered remarks on fraud in consumer payments, which touched on three current vectors of fraud perpetrated against U.S. households: (i) scams from large-scale scam compounds in Southeast Asia targeting Americans via text, messaging applications and social media; (ii) the increasingly-common microtargeting of individuals by using generative AI to impersonate others or by exploiting available personal data; and (iii) via vulnerabilities in new and old payment mechanisms.

Insights. Addressing frauds in consumer payments has been a priority for the CFPB since 2021, and Director Chopra’s remarks highlight some of the actions that the CFPB is taking. With regard to fraud involving the exploitation of personal data, the CFPB is actively working on rules that would prevent data brokers from abusing or misusing personal data. With regard to fraud involving the exploitation of payment mechanism vulnerabilities, the CFPB’s proposed rule on digital wallets and payment apps is an example of the efforts that the CFPB is undertaking to supervise widely used consumer apps.

OTHER NOTABLE ITEMS

Supreme Court overrules Chevron, sharply limiting judicial deference to administrative statutory interpretation. On June 28, 2024, the U.S. Supreme Court overruled Chevron v. Natural Resources Defense Council, a landmark decision that had required courts to defer to executive branch agencies’, including bank regulators’, reasonable interpretations of ambiguous statutory terms. The Court’s opinion is available here. For more information, please see our Client Alert.

FDIC publishes final rule on resolution requirements for large banks. On June 20, 2024, the FDIC approved the final rule relating to resolution planning for insured depository institutions with $50 billion or more in total assets. The final rule is largely consistent with the proposed rule issued by the FDIC in August of 2023. However, the final rule creates a new category of regulatory feedback (“significant finding”) which falls short of qualifying as a “material weakness,” emphasizing that the difference between the two “is one of degree of severity…[a significant finding] is not of the same level of impact and urgency as a material weakness.” In addition, the FDIC loosened the requirement applicable to nine depository institutions with assets greater than or equal to $50 billion and global systemically important bank (GSIB) parents that would have required frequent interim supplement submissions. The final rule provides that such supplements are not required in calendar years when resolution plans are submitted or affiliates submit Dodd-Frank Act resolution plans. The final rule becomes effective on October 1, 2024.

FDIC and FRB announce results of resolution plan review for largest and most complex banks. On June 21, 2024, the FDIC and FRB announced the results of their joint review of the July 2023 resolution plan submissions of the eight largest and most complex banks, highlighting “shortcomings” raising questions with respect to the feasibility of the plans submitted by four of those institutions. Each of the shortcomings noted by the Agencies related to process for modeling the unwinding of derivatives and trading positions during resolution. The FDIC and FRB requested that the banks simulate such positions using scenario inputs different from those used in their 2023 resolution plans in both fast and slow run time frames, with the goal being to understand whether the banks could generate accurate analyses under time pressure and different resolution scenarios. The FDIC and FRB further provided that the remedial actions required to address the identified shortcomings should be addressed in the next resolution plan submission due on July 1, 2025. The FDIC and FRB also requested that all 2025 resolution plan submissions address topics of contingency planning and obtaining foreign government actions required to execute the proposed resolution strategy.

Supreme Court holds the Seventh Amendment entitles a defendant to a jury trial when the SEC seeks civil penalties for securities fraud. On June 27, 2024, the U.S. Supreme Court held that the Seventh Amendment to the Constitution requires the SEC to sue in federal court, not in the agency’s in-house court, when the SEC seeks civil penalties for fraud. The Court’s decision could have broader implications for other agencies, including the FRB, FDIC, OCC, CFPB and others, and other theories of liability. The Court’s opinion is available here. For more information, please see our Client Alert.

FRB publishes 2024 stress test results. On June 27, 2024, the FRB published its 2024 stress test results analyzing whether large banks are sufficiently capitalized and able to continue lending in the event of a severe recession. The FRB examined 31 banks in connection with its 2024 stress test and concluded that all have sufficient capital to absorb almost $685 million in losses and continue lending despite the adverse economic conditions. Under the severely adverse scenario, CET1 capital ratios remained above regulatory minimums throughout the projection horizon. Compared to the 2023 stress test results, the FRB noted (i) greater projected credit card losses due to increased balances and higher delinquency rates; (ii) higher projected corporate losses due to riskier corporate credit portfolios; and (iii) lower levels of pre-provision net revenue offset losses as a result of a decline in noninterest net revenue. The FRB’s 2024 stress test results signal that the large U.S. financial institutions remain well-capitalized and well-positioned to weather an economic downturn.

CFPB proposes interpretive rule to ensure workers know the costs and fees of paycheck advance products. On July 18, 2024, the CFPB issued a notice of proposed interpretive rule clarifying when the Truth in Lending Act, and by extension Regulation Z, applies to providers of “earned wage” credit to consumers. The proposed rule provides that “[e]arned wage products provide consumers with ‘the right to defer payment of debt or to incur debt and defer its payment’ because they incur a ‘debt’ when they obtain money with an obligation to repay via an authorization to debit a bank account or using one or more payroll deductions…” This model is contrasted with the scenario where “…an employee pays wages, [and] no later act of repayment is required, by deduction or otherwise.” The CFPB goes on to criticize so-called “no-cost” models that rely on tipping features or accelerated delivery fees.

CFPB publishes supervisory highlights from recent examinations of auto and student loan servicing companies. On July 2, 2024, the CFPB published its supervisory highlights report identifying violations of law and consumer harm in the areas of auto and student loan servicing and debt collection, including credit card debt collections.

Agencies finalize interagency guidance on reconsiderations of value for residential real estate valuations. On July 18, 2024, CFPB, FRB, FDIC, OCC and NCUA issued final guidance addressing reconsiderations of value (ROVs) for residential real estate transactions (the ROV Guidance). The ROV Guidance advises on policies and procedures that financial institutions may implement to allow consumers to provide financial institutions with information that may not have been considered during an appraisal or if deficiencies are identified in the original appraisal.

[1] See Chevron, U.S.A., Inc. v. Nat. Res. Def. Council, Inc., 467 U.S. 837 (1984).

[2] See 12 C.F.R. § 360 (Resolution and Receivership Rules).

[3] See e.g., 12 C.F.R. Parts 30 (OCC’s Safety and Soundness Standards) and 364 (FDIC’s Standards for Safety and Soundness).

[4] See 12 C.F.R. § 337.6(a)(5).

[5] See 12 C.F.R. § 303.243.

[6] See 12 C.F.R. § 337.6(a)(5)(ii)-(iii).

[7] See 12 C.F.R. § 303.243(b)(3)(i)(B).

[8] See 12 C.F.R. § 303.243(b)(3)(i)(A).

[9] For example, on May 21, 2024 the FDIC entered into a Consent Order with Thread Bank following compliance failures by the bank, including in connection with its fintech partnerships to offer BaaS and loan-as-a-service (LaaS) services.

[10] Note that during the Board of Directors of the FDIC’s July 30, 2024 meeting, the Board considered amendments to Part 354 (Industrial Banks) that would, among other changes, (i) make a parent company of an industrial bank subject to Part 354 if there is a change of control at the parent company or a merger in which the parent company is a resultant entity; and (ii) provide the FDIC with regulatory authority to apply Part 354 in other situations where an industrial bank would become a subsidiary of a company that is not subject to Federal consolidated supervision. In effect, these entities would be “Covered Companies” and would assume any resulting obligations to serve as a source of financial strength for their industrial bank under 12 U.S.C. § 1831o-1.

The following Gibson Dunn lawyers contributed to this issue: Jason Cabral, Ro Spaziani, Zach Silvers, Karin Thrasher, and Nathan Marak.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work or any of the member of the Financial Institutions practice group:

Jason J. Cabral, New York (212.351.6267, jcabral@gibsondunn.com)

Ro Spaziani, New York (212.351.6255, rspaziani@gibsondunn.com)

Stephanie L. Brooker, Washington, D.C. (202.887.3502, sbrooker@gibsondunn.com)

M. Kendall Day, Washington, D.C. (202.955.8220, kday@gibsondunn.com)

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, jsteiner@gibsondunn.com)

Sara K. Weed, Washington, D.C. (202.955.8507, sweed@gibsondunn.com)

Ella Capone, Washington, D.C. (202.887.3511, ecapone@gibsondunn.com)

Rachel Jackson, New York (212.351.6260, rjackson@gibsondunn.com)

Chris R. Jones, Los Angeles (212.351.6260, crjones@gibsondunn.com)

Zack Silvers, Washington, D.C. (202.887.3774, zsilvers@gibsondunn.com)

Karin Thrasher, Washington, D.C. (202.887.3712, kthrasher@gibsondunn.com)

Turrieta v. Lyft, Inc., S271721 – Decided August 1, 2024

In a rare split decision, the California Supreme Court held 5–2 today that a plaintiff bringing a representative action under the California Labor Code Private Attorneys General Act (PAGA) does not have a right to intervene in another PAGA action involving overlapping claims or to object to a proposed settlement.

“[A]n aggrieved employee’s status as the State’s proxy in a PAGA action does not give that employee the right to seek intervention in the PAGA action of another employee, to move to vacate a judgment entered in the other employee’s action, or to require a court to receive and consider objections to a proposed settlement of that action.”

Justice Jenkins, writing for the majority

Background:

Under PAGA, an employee “aggrieved” by a violation of the Labor Code can bring an action seeking penalties “on behalf of himself or herself and other current or former employees.” Cal. Lab. Code, § 2699(a). When aggrieved employees bring representative PAGA claims, they act as the agents or proxies of the State, which is deemed the real party in interest.

In 2018, Tina Turrieta brought a PAGA action against Lyft, claiming that she and other drivers using Lyft’s platform were being misclassified as independent contractors. In 2019, Turrieta and Lyft mediated and ultimately agreed to settle the dispute for $15 million, with Lyft agreeing to pay more than $3 million to the State’s Labor & Workforce Development Agency (LWDA). As PAGA requires, the parties gave the LWDA notice of their settlement.

Brandon Olson had brought his own PAGA action against Lyft based on the same misclassification claim. When Turrieta moved for approval of the settlement, Olson moved to intervene in Turrieta’s action. The trial court denied Olson’s motion to intervene and approved the settlement, ruling that Olson lacked standing to intervene since the State was the real party in interest. The trial court likewise denied Olson’s later motion to vacate the resulting judgment. And the California Court of Appeal affirmed, holding that Olson had an insufficient stake in Turrieta’s action to either intervene in the case or challenge the judgment.

Issue Presented:

Does the plaintiff in a representative PAGA action have the right to intervene, object to a proposed settlement, or move to vacate a judgment in a related PAGA action presenting overlapping claims?

Court’s Holdings:

No. A PAGA plaintiff does not have a right to intervene in the ongoing PAGA action of another plaintiff asserting overlapping claims, object to a proposed settlement, or move to vacate a judgment in that action.

What It Means:

The Court’s opinion will create a race to settlement or judgment in PAGA actions that involve overlapping claims. The first representative action to reach a settlement or judgment will resolve overlapping claims, and PAGA plaintiffs in other actions will have no automatic right to intervene or to move to vacate the first-in-time judgment.
The Court expressly reserved the question whether the State itself, separate from the representative plaintiff, could object to a proposed settlement. It also emphasized that although courts are not required to consider objections to a proposed settlement by nonparties, they could choose to do so as a matter of discretion.
In future cases, attention will shift to procedural maneuvers other than intervention, including (i) the right of “plaintiffs in overlapping PAGA actions [to] seek[] consolidation or coordination” and (ii) outreach by other PAGA plaintiffs to the LWDA at the settlement-approval stage.
Dissenting, Justice Liu suggested that allowing intervention by other PAGA plaintiffs would help ensure that proposed PAGA settlements are fair. But the majority explained there are countervailing policy concerns that do not support a right to intervention—including the fact that counsel for other PAGA plaintiffs may use intervention to derail settlement so they can recover higher fees themselves.
Justices Kruger and Groban concurred and wrote separately to emphasize (i) that the opinion does not foreclose intervention by private plaintiffs “to vindicate their own personal interests, as employees who have been aggrieved”; and (ii) that courts have “a duty to ensure the fairness and soundness of any settlement of PAGA claims.”

The Court’s opinion is available here.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the California Supreme Court. Please feel free to contact the following practice group leaders:

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 tdupree@gibsondunn.com	Allyson N. Ho +1 214.698.3233 aho@gibsondunn.com	Julian W. Poon +1 213.229.7758 jpoon@gibsondunn.com
Lucas C. Townsend +1 202.887.3731 ltownsend@gibsondunn.com	Bradley J. Hamburger +1 213.229.7658 bhamburger@gibsondunn.com	Michael J. Holecek +1 213.229.7018 mholecek@gibsondunn.com

Related Practice: Labor and Employment

Jason C. Schwartz
+1 202.955.8242
jschwartz@gibsondunn.com

Katherine V.A. Smith
+1 213.229.7107
ksmith@gibsondunn.com

Michele L. Maryott
+1 949.451.3945
mmaryott@gibsondunn.com

Related Practice: Litigation

Theodore J. Boutrous, Jr.
+1 213.229.7804
tboutrous@gibsondunn.com

Theane Evangelis
+1 213.229.7726
tevangelis@gibsondunn.com

This alert was prepared by Bradley J. Hamburger, Daniel R. Adler, Ryan Azad, and Matt Aidan Getz.

Gibson Dunn’s U.S. Supreme Court Round-Up provides summaries of cases decided during the October 2023 Term, a preview of cases set to be argued next Term, and highlights other key developments on the Court’s docket. During the October 2023 Term, the Court heard 61 oral arguments and released 59 opinions. The Court has granted 28 petitions thus far for the October 2024 Term.

Spearheaded by Miguel Estrada, the U.S. Supreme Court Round-Up keeps clients apprised of the Court’s most recent actions. The Round-Up previews cases scheduled for argument, tracks the actions of the Office of the Solicitor General, and recaps recent opinions. The Round-Up provides a concise, substantive analysis of the Court’s actions. Its easy-to-use format allows the reader to identify what is on the Court’s docket at any given time, and to see what issues the Court will be taking up next. The Round-Up is the ideal resource for busy practitioners seeking an in-depth, timely, and objective report on the Court’s actions.

View the Round-Up Here

Gibson Dunn has a longstanding, high-profile presence before the Supreme Court of the United States, appearing numerous times in the past decade in a variety of cases. Fifteen current Gibson Dunn lawyers have argued before the Supreme Court, and during the Court’s eight most recent Terms, the firm has argued a total of 21 cases, including closely watched cases with far-reaching significance in the areas of intellectual property, securities, separation of powers, and federalism. Moreover, although the grant rate for petitions for certiorari is below 1%, Gibson Dunn’s petitions have captured the Court’s attention: Gibson Dunn has persuaded the Court to grant 39 petitions for certiorari since 2006.

* * * *

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the U.S. Supreme Court. Please feel free to contact the following attorneys in the firm’s Washington, D.C. office, or any member of the Appellate and Constitutional Law Practice Group.

Miguel A. Estrada (+1 202.955.8257, mestrada@gibsondunn.com)
Katherine Moran Meeks (+1 202.955.8258, kmeeks@gibsondunn.com)
Jessica L. Wagner (+1 202.955.8652, jwagner@gibsondunn.com)
Reed Sawyers (+1 202.777.9412, rsawyers@gibsondunn.com)

Vidal v. Elster, No. 22-704 – Decided June 13, 2024

Today, the Supreme Court held that the Lanham Act’s prohibition on registration of trademarks that include a living person’s name without that person’s consent does not violate the First Amendment.

“We conclude that a tradition of restricting the trademarking of names has coexisted with the First Amendment, and the names clause fits within that tradition.”

Justice Thomas, writing for the Court

Background:

The Lanham Act establishes certain statutory requirements for trademark registration. One requirement is the Act’s “names clause”—no trademark may include “a name, portrait, or signature identifying a particular living individual except by his written consent.” 15 U.S.C. § 1052(c). In 2018, Steve Elster applied to register the mark “Trump too small,” a reference to then-President Donald J. Trump. The U.S. Patent and Trademark Office denied his request because he had not obtained written consent from President Trump.

Elster appealed, and the Federal Circuit reversed, holding that the names clause violated Elster’s right to free speech under the First Amendment. The Federal Circuit explained that the names clause is a content-based restriction, which is subject to heightened scrutiny under the First Amendment. And it held that the names clause does not satisfy heightened scrutiny here because there is no government interest in restricting speech critical of government officials in the trademark context.

Issue:

Whether the refusal to register a mark under the names clause violates the Free Speech Clause of the First Amendment when the mark contains criticism of a government official or public figure.

Court’s Holding:

No. The names clause does not violate the First Amendment because, while it is content based, it is viewpoint neutral and fits within historical tradition.

What It Means:

The Court underscored that today’s decision is “narrow” because it holds “only that history and tradition establish that the particular restriction before [the Court] . . . does not violate the First Amendment.” Other content-based trademark requirements that lack a similarly well-established history and tradition may still be vulnerable to First Amendment challenges.
Although the Court’s judgment was unanimous, the fractured opinions demonstrate the Court’s disagreement about how to assess the constitutionality of content-based trademark registration requirements. The majority focused on history and tradition. Justice Barrett in a separate opinion (joined by Justice Kagan in full and by Justices Sotomayor and Jackson in part) expressed the view that content-based restrictions should be upheld “so long as they are reasonable in light of the trademark system’s purpose of facilitating source identification.” Justice Sotomayor in a concurring opinion (joined by Justices Kagan and Jackson) said the Court should look to the “well-trodden terrain” of “trademark law and settled First Amendment precedent.”
Today’s ruling distinguished other recent Supreme Court decisions holding that restrictions on trademark registrations do violate the First Amendment when they discriminate based on viewpoint. See Matal v. Tam, 582 U.S. 218 (2017) (disparaging marks) and Iancu v. Brunetti, 588 U.S. 388 (2019) (immoral or scandalous marks). In contrast to those precedents, the Court held that a uniform rule against registering trademarks that include personal names without consent does not single out a trademark based on the specific motivating ideology or the opinion or perspective of the speaker.

The Court’s opinion is available here.

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 tdupree@gibsondunn.com	Allyson N. Ho +1 214.698.3233 aho@gibsondunn.com	Julian W. Poon +1 213.229.7758 jpoon@gibsondunn.com
Lucas C. Townsend +1 202.887.3731 ltownsend@gibsondunn.com	Bradley J. Hamburger +1 213.229.7658 bhamburger@gibsondunn.com	Brad G. Hubbard +1 214.698.3326 bhubbard@gibsondunn.com

Related Practice: Intellectual Property

Kate Dominguez +1 212.351.2338 kdominguez@gibsondunn.com	Y. Ernest Hsin +1 415.393.8224 ehsin@gibsondunn.com	Josh Krevitt +1 212.351.4000 jkrevitt@gibsondunn.com
Jane M. Love, Ph.D. +1 212.351.3922 jlove@gibsondunn.com	Howard S. Hogan +1 202.887.3640 hhogan@gibsondunn.com	Ilissa Samplin +1 213.229.7354 isamplin@gibsondunn.com

This alert was prepared by associates Daniel Adler and Jason Muehlhoff.

Key Developments:

The Northern District of Florida entered a permanent injunction on July 30 prohibiting the enforcement of Florida’s Stop WOKE Act, in Honeyfund.com Inc. v. DeSantis et al., No. 4:22-cv-00227 (N.D. FL. 2022). Among other things, the Stop WOKE Act would have prohibited employers from requiring employees to participate in trainings that identify certain groups of people as “privileged” or “oppressors.” The order follows an opinion from the Eleventh Circuit holding that the law constituted both content and viewpoint discrimination that did not survive strict scrutiny.

On July 23, Robby Starbuck, a conservative activist and social media personality, continued his attacks on corporate DEI initiatives by targeting Harley-Davidson. Starbuck posted a video on X claiming that the company has “gone totally woke,” and criticizing Harley-Davidson’s sponsorship of LGBTQ+ pride events and implementation of various DEI trainings. Starbuck encouraged his viewers to complain directly to Harley-Davidson about its policies and asked them to “use [their] voices and wallets to vote [their] values.”

On July 18, Do No Harm filed a complaint with the EEOC requesting that it investigate the Alliance for Regenerative Medicine (ARM) for allegedly operating a racially discriminatory internship program in violation of Title VII. Do No Harm alleged that ARM’s GROW RegenMed Internship Program violates Title VII because it is only open to individuals who “identify as Black/African American.” Do No Harm also challenged the program’s stated goal of increasing representation of Black employees and executives at ARM member organizations. Do No Harm complained that at least one of its members who is otherwise eligible for the internship program cannot apply because he is white and that the program’s hiring criteria unlawfully discriminate based on race.

On July 15, 2024, the Equal Protection Project (EPP) filed a complaint with the Office for Civil Rights (OCR) of the U.S. Department of Education against Indiana University (IU). The complaint alleged that IU administers several race-based scholarships that discriminate on the basis of race, color, and national origin, in violation of Title VI and the Equal Protection Clause of the Fourteenth Amendment. The EPP cites to 19 scholarships for the Kelley School of Business, the IU Indianapolis campus, and the McKinney School of Law that are intended for underrepresented minority students. The complaint requests that the OCR open an expedited and formal investigation into IU’s scholarship practices and impose remedial relief for those who have been excluded from applying for the University’s allegedly discriminatory scholarships.

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

Bloomberg Law, “Frustrated DEI Officers Risk Tackling Workplace Bias in Court” (July 17): Writing for Bloomberg Law, Khorri Atkinson highlights a complaint filed against Armstrong Teasdale LLP earlier this month by its former vice president of DEI, who is alleging race and sex discrimination in violation of Title VII. The plaintiff claims that Armstrong Teasdale withheld resources necessary for her to perform her job and subjected Black lawyers to a hostile work environment. Atkinson notes that other companies, including Morgan Stanley and United Airlines, have faced similar lawsuits from their DEI professionals, and says that the cases highlight that some DEI managers feel that they lack power, financial resources, and access to top executives, which Atkinson says “undermin[es] companies’ commitments to addressing inequality.”
USA Today, “DEI efforts may be under attack, but companies aren’t retreating from commitments” (July 17): USA Today’s Jessica Guynn reports on companies’ responses to the recent string of attacks on DEI initiatives by “anti-woke” conservative groups. While most companies have remained steadfast in their commitment to DEI, Guynn observes that some have responded to the criticism by pulling back on their DEI commitments, with “some even list[ing] diversity, equity and inclusion as a ‘risk factor’ in regulatory filings.” Joelle Emerson, co-founder and CEO of diversity strategy and consulting firm Paradigm, said that “most companies are continuing their [DEI] work, just less vocally.” Despite the recent criticism, Guynn says that DEI in corporate America is more important than it’s ever been, as leadership in the nation’s largest companies is still “predominantly white and male.”
Law.com, “Companies Deluged With Anti-ESG Shareholder Proposals” (July 18): Law.com’s Chris O’Malley reports on new data from consulting company Georgeson examining the sharp rise of anti-environmental, social and governance (ESG) proposals put to shareholder votes this year. According to O’Malley, ESG has become a “fractious issue” for many companies due to the abundance of conservative pushback on causes like diversity and LGBTQ+ rights. The Georgeson report identified 112 anti-ESG proposals between July 1, 2023 and May 17, 2024—up 19% from last year and nearly double the number of proposals from two years ago. Of these 112 anti-ESG proposals, 70% covered social matters, “such as the risks of championing racial- and gender-equality efforts.” O’Malley also highlighted some recent efforts by anti-ESG proponents, including the National Legal and Policy Center (NLPC)’s anti-ESG proposal to Mondelez International targeting Mondelez’s decision to pledge $500,000 to a pro-LGBTQ group. While Mondelez received strong support from its shareholders and ultimately maintained its pledge, NLPC said its efforts still reached the company’s decisionmakers, claiming that Mondelez “throttled back on its Pride marketing toward children” following NLPC’s proposal.
The Wall Street Journal, “Deere Slashes Diversity Initiatives After Backlash From Conservative Activist” (July 18): The Wall Street Journal’s Victoria Albert and Bob Tita report on John Deere & Co’s recent decision to dial back its diversity initiatives following scrutiny from Robby Starbuck. Starbuck’s campaign against John Deere consisted of a series of social media posts and videos challenging Deere’s “woke” company initiatives. Albert and Tita write that Deere is no stranger to taking up political causes, noting that the company’s founder was an outspoken abolitionist and a staunch supporter of civil rights and the integration movement, as well as various environmental causes. Still, the company maintains that its decision to deprioritize its DEI initiatives will best serve its customers and employees and is simply an opportunity to prove it is “always listening to feedback and looking for opportunities to improve.” Albert and Tita note that the National Black Farmers Association called for a boycott of Deere products and the immediate resignation of CEO John May in response to what the group called “the company’s ‘wrong direction’ on diversity and inclusion.”
Law360, “4 Lessons As 7th Circ. OKs Honeywell Firing Of DEI Protester” (July 19): Writing for Law360, Vin Gurrieri examines a recent decision from the U.S. Court of Appeals for the Seventh Circuit, Charles Vavra v. Honeywell International, Inc. Vavra alleged that Honeywell violated Title VII of the Civil Rights Act of 1964 when it fired him in retaliation for protesting “company-mandated unconscious bias training and other DEI-related communications that he believed discriminated against white workers.” The Seventh Circuit upheld the United States District Court for the Northern District of Illinois’s ruling granting summary judgment to Honeywell on Vavra’s claims, focusing on the fact that Vavra never viewed or participated in the training programs. Gurrieri discussed some takeaways from the Seventh Circuit’s decision, including cautioning that employers should not interpret the decision as a wholesale endorsement of implicit bias trainings. According to Gurrieri, the court simply made clear that a plaintiff must experience the training or at least know its contents to sustain a lawsuit. In addition, Gurrieri advised employers and DEI supporters alike to take note of the EEOC’s supportive stance on antidiscrimination trainings, as the agency submitted an amicus brief highlighting that courts have repeatedly “rejected the theory that antidiscrimination trainings categorically violate Title VII.”
The Wall Street Journal, “When Companies Speak Out on Hot Political Issues, They Often Get It Wrong” (July 23): Writing for The Wall Street Journal, Aviva Phillip-Muller of Simon Fraser University’s Beedie School of Business and Joseph Siev of University of Virginia’s Darden School of Business discuss corporate challenges in navigating discussions of political issues. The authors note that companies are often left with no choice but to respond to political events—such as the Black Lives Matter or #MeToo movements—because of consumer expectations. Phillip-Muller and Siev say that companies often make the mistake of trying to support both sides of an issue in an attempt to “please everyone—and offend no one.” The authors’ report finds that companies’ ambivalence on hot-button topics often results in “reduced respect from those who agreed with them while providing no benefit to those who disagreed.” Phillip-Muller and Siev conclude that the best path for some issues may be for companies to refrain from weighing in at all.
The Wall Street Journal, “Merit, Excellence and Intelligence: An Anti-DEI Approach Catches On” (July 24): The Wall Street Journal’s Callum Borchers discusses the rise of a new framework, Merit, Excellence and Intelligence (“MEI”), meant to serve as a counter to DEI. Alexander Wang, Chief Executive at Scale AI, helped popularize the term, which he says “means hiring the best candidates for open roles without considering demographics.” MEI has found support among some business leaders, including Coinbase CEO Brian Armstrong and Sequoia Capital partner Shaun Maguire. Borchers views its rise as a direct response to “frustration with corporate diversity initiatives.” Borchers says that MEI and DEI share a common root—the belief that unconscious bias taints hiring. But to MEI proponents, “hidden biases are problematic because they can lead to bad hires, not because they can produce a nondiverse workforce.” Human Resources professionals remain skeptical of MEI, noting that it pushes the needle away from equity. If nothing else, Borchers explains, DEI initiatives force companies to ensure there is company-wide attention to biases that may end up hurting certain types of applicants. According to Borchers, should MEI become the dominant framework, harmful biases in hiring may become prominent once again.

Case Updates:

Below is a list of updates in new and pending cases:

1. Contracting claims under Section 1981, the U.S. Constitution, and other statutes:

Californians for Equal Rights Foundation v. City of San Diego, No. 3:24-cv-00484 (S.D. Cal. 2024): On March 12, 2024, the Californians for Equal Rights Foundation filed a complaint on behalf of members who are “ready, willing and able” to purchase a home in San Diego, but are ineligible for a grant or loan under the City’s BIPOC First-Time Homebuyer Program. Plaintiffs allege that the program discriminates on the basis of race in violation of the Equal Protection Clause. On June 18, 2024, the City of San Diego and the Housing Authority of the City of San Diego filed a motion for judgment on the pleadings, arguing that the complaint does not include any allegations against it, and instead alleges a “fictitious [agency] relationship” with the other defendants, the Housing Authority of the City of San Diego and the San Diego Housing Commission.
- Latest update: On July 8, the parties filed a joint motion to dismiss the City and Housing Authority of San Diego as defendants and to deny the City and Housing Authority’s pending motion for the judgment on the pleadings as moot. On July 9, the court granted the joint motion.
Suhr v. Dietrich, No. 2:23-cv-01697-SCD (E.D. Wis. 2023): On December 19, 2023, a dues-paying member of the Wisconsin State Bar filed a complaint against the Bar and seven members of the Bar’s Board of Governors and staff challenging the Bar’s “Diversity Clerkship Program,” a summer hiring program for first-year law students. The program’s application requirements had previously stated that eligibility was based on membership in a minority group. After the Supreme Court’s decision in SFFA, the eligibility requirements were changed to include students with “backgrounds that have been historically excluded from the legal field.” The plaintiff claims that the Bar’s program is unconstitutional even with the new race-neutral language, because, in practice, the selection process is still based on the applicant’s race or gender. After reaching a partial settlement agreement with the defendants to remove the eligibility requirements concerning historically excluded backgrounds, the plaintiff filed an amended complaint, adding challenges to three mentorship and leadership programs that allegedly discriminate based on race, which are funded by mandatory dues paid to the Bar.
- Latest update: On July 19, 2024, the defendants filed a reply in support of their motion to dismiss, arguing that the Eleventh Amendment bars all claims against the individual defendants, as well as any claim for retrospective relief. The defendants further argued that the plaintiff’s claims were time-barred, and that the plaintiff had not identified “actionable non-germane activities” sufficient to state a freedom of association claim because their argument relied on the faulty premise that “any single instance of non-germane activity renders the State Bar unconstitutional.” Instead, the defendants argue, non-germane activity accounts for only 3.6% of total dues revenue, and the other challenged Bar activities are germane activities.

2. Employment discrimination and related claims:

Netzel v. American Express Company, No. 23-16083 (9th Cir. 2023): On August 23, 2022, a group of former American Express employees alleged that the company’s diversity initiatives discriminated against white workers and that the company retaliated against the same workers after they complained, in violation of Title VII and Section 1981. After the district court granted American Express’s motion to compel arbitration, the plaintiffs appealed to the Ninth Circuit, arguing in part that they should not be compelled to arbitrate because they seek “public injunctive relief” against alleged “racial discrimination . . . that specifically harms the general public,” a right they claim is not waivable under California law.
- Latest update: On July 22, 2024, the Ninth Circuit affirmed the district court’s ruling, holding that New York law governs the arbitration agreements, and, under that law, the agreements were not procedurally unconscionable. The court also held, relying on American Express’s representation, that the agreements permit arbitration of claims for public injunctive relief.
Gerber v. Ohio Northern University, No. 2023-1107-CVH (Ohio Ct. Common Pleas Hardin Cnty. 2023): On June 30, 2023, a law professor sued his former employer, Ohio Northern University, for terminating his employment after an internal investigation determined that he bullied and harassed other faculty members. On January 23, 2024, the plaintiff, represented by America First Legal, filed an amended complaint. The plaintiff claims that his firing was actually in retaliation for his vocal and public opposition to the university’s stated DEI principles and race-conscious hiring, which he believed were illegal. The plaintiff alleged that the investigation and his termination breached his employment contract, violated Ohio civil rights statutes, and constituted various torts, including defamation, false light, conversion, infliction of emotional distress, and wrongful termination in violation of public policy. On June 17, 2024, both parties filed motions for summary judgment.
- Latest update: On July 16, the court dismissed the University’s Provost, VP for Financial Affairs, Secretary to the Board of Trustees, and three members of the Board of Trustees as parties to the litigation based on affidavits establishing that “none of the movants possessed investigative duties or voting authority regarding the decision to terminate Plaintiff’s employment,” nor were present when the decision to terminate the plaintiff was made. The plaintiff filed a motion to reconsider the dismissals on July 16, which the court denied on July 17. The cross-motions for summary judgment remain pending.
Beneker v. CBS Studios, No. 2:24-cv-01659-JFW-SSC (C.D. Cal. 2024): On February 29, 2024, a straight, white, male writer sued CBS, alleging that the network’s de facto hiring policy discriminated against him on the bases of sex, race, and sexual orientation in violation of Section 1981 and Title VII. CBS declined to hire the plaintiff as a staff writer multiple times, but did hire several black writers, female writers, and a lesbian writer. The plaintiff requested a permanent injunction against the de facto policy, a staff writer position, and damages. CBS Studios and parent company Paramount Global moved to dismiss the complaint.
- Latest update: On July 15, 2024, the plaintiff opposed CBS’s motion to dismiss, arguing that CBS seeks to “expand the right to discriminate on the basis of race or sexual orientation when that status impinges on an organization’s expressive message, to a generalized right to discriminate on the basis of status alone.” The plaintiff also argued that CBS’s “fraudulent concealment” of its discrimination justifies tolling the statute of limitations, since CBS’s promises to promote the plaintiff delayed him recognizing that he was the victim of discrimination.

3. Challenges to agency rules, laws and regulatory decisions:

Alliance for Fair Board Recruitment v. SEC, No. 21-60626 (5th Cir. 2021): In August 2021, the Alliance for Fair Board Recruitment (AFBR) filed an administrative appeal with the Fifth Circuit, seeking review of the SEC’s approval of Nasdaq’s Board Diversity Disclosure Rule, which requires Nasdaq-listed companies to annually report aggregated statistical information about the board’s self-identified gender, racial, and LGBTQ+ characteristics. In October 2023, the court rejected plaintiff’s challenge to the rule on the grounds that Nasdaq, not the SEC, created the rule. The court granted AFBR’s petition for a rehearing en banc, and oral argument took place in May 2024.
- Latest update: On July 18, 2024, the court issued a letter asking the parties to file supplemental briefs regarding whether the petitioners’ challenge to the Board Recruiting Service Rule was moot. Nasdaq and the SEC both filed supplemental briefs taking the position that the petitioners’ challenge to the Board Recruiting Service Rule is now moot. The petitioners argue that the court can and should vacate the approval order in its entirety, which would vacate the SEC’s approval of the Board Recruiting Service Rule.
Do No Harm v. Lee, No. 3:23-cv-01175-WLC (M.D. Tenn. 2023): On November 8, 2023, Do No Harm sued Tennessee Governor Bill Lee under the Equal Protection Clause, seeking to enjoin a 1988 Tennessee law requiring the governor to “strive to ensure” that at least one board member of the six-member Tennessee Board of Podiatric Medical Examiners is a racial minority. On February 2, 2024, Governor Lee moved to dismiss the complaint for lack of standing. On June 28, 2024, Do No Harm filed a notice of supplemental authority, arguing that a similar case, American Alliance for Equal Rights v. Ivey, No. 2:24-cv-00104-RAH-JTA (M.D. Ala. 2024), supports its claims that anonymous members have individual standing.
- Latest update: On July 9, Governor Lee responded to plaintiff’s notice of supplemental authority, arguing that the Ivey court only found standing because the state bore a heavy burden of demonstrating mootness after standing was first established. There, at the time of the lawsuit, the governor had not yet selected the three appointees of racial minority status to the board. Here, by contrast, the quota was already filled at the time of the lawsuit, leaving the remaining seats open to applicants of any race. Thus, “at the time the suit was filed and continuing to today, Plaintiff’s members have the same opportunity to be appointed to the Board as any other applicant.”.
American Alliance for Equal Rights v. Ivey, No. 2:24-cv-00104-RAH-JTA (M.D. Ala. 2024): On February 13, 2024, AAER filed a complaint against Alabama Governor Kay Ivey, challenging a state law that requires the governor to ensure there are no fewer than two individuals “of a minority race” on the Alabama Real Estate Appraisers Board. The Board has nine seats, including one for a member of the public with no real estate background, which has been unfilled for years. Because there was only one minority member among the Board at the time of filing, AAER asserts that state law requires that the open seat go to a minority. AAER states that one of its members applied for this final seat, but was denied purely on the basis of race, in violation of the Equal Protection Clause of the Fourteenth Amendment. On March 29, 2024, Governor Ivey answered the complaint, admitting that the Board quota is unconstitutional and will not be enforced. On May 7, 2024, the court granted a motion to intervene by the Alabama Association of Real Estate Brokers (AAREB), a trade association and civil rights organization for Black real estate professionals.
- Latest update: On July 17th, the court denied AAER’s motion for judgment on the pleadings because both Governor Ivey and AAREB denied factual allegations about AAER’s member that are critical to its standing. The case is set for a bench trial on November 17, 2025.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and authors:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, ksmith@gibsondunn.com)

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, mdenerstein@gibsondunn.com)

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, zswilliams@gibsondunn.com)

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, msenger@gibsondunn.com)

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group
Orange County (+1 949-451-3805, bevanson@gibsondunn.com)

The Proposal would make a number of changes to the FDIC’s brokered deposits rules that could materially affect banks, neobanks, fintechs, and other third parties in the industry.

On July 30, 2024, the Federal Deposit Insurance Corporation (“FDIC”) issued a Notice of Proposed Rulemaking proposing significant changes to the FDIC’s brokered deposits rules (the “Proposal”).[1] The Proposal would make a number of changes highlighted below to the FDIC’s brokered deposits rules that could materially affect banks, neobanks, fintechs and other third parties in the industry, many of whom have crafted business models, started new businesses, or even undertook transformative acquisitions in reliance on the FDIC’s brokered deposits rules finalized in December 2020. Not to mention, the Proposal could materially affect consumers, particularly those who are underbanked or unbanked, and who rely on neobank and fintech apps for access, through bank partnerships, to traditional financial products and services. Comments on the Proposal are due within sixty (60) days of publication in the Federal Register.

I. Background

On December 15, 2020, the FDIC finalized its brokered deposits rules to modernize those regulations and establish a new framework for analyzing whether certain deposit arrangements qualify as brokered deposits (the “2020 Final Rule”).[2] The 2020 Final Rule promoted innovation between commercial banks and fintechs by providing clearer guidance on what constituted a deposit broker and, by extension, a brokered deposit.[3]

Fast forward to 2024 and the intersection of banks and non-bank financial services providers is at the regulatory and supervisory forefront and the environment for banks and bank-fintech partnerships has changed dramatically following the spring 2023 bank failures, current enforcement trends in the bank-fintech partnership space and the bankruptcy of Synapse Financial Technologies, Inc. The Proposal suggests an intent to address this current reality and pulls back on many of the changes to the brokered deposits framework implemented by the 2020 Final Rule.

Notably, at the time the 2020 Final Rule was finalized, then-Director Gruenberg sharply dissented.[4] The preamble to the Proposal references many of those same concerns as a basis for the changes under the Proposal.[5]

II. Key Aspects of the Proposal

The Proposal includes several notable changes that would materially impact the brokered deposits analysis for insured depository institutions (each an “IDI”) and their third parties.

Eliminates exclusive deposit arrangement carveout. The 2020 Final Rule provides that any entity that contracts or partners exclusively with one IDI, and is not placing or facilitating the placement of deposits at any other IDI, is not considered a “deposit broker” and, therefore, any deposits placed by the entity with the IDI are not brokered deposits. The Proposal would eliminate the exclusive deposit arrangement carveout by revising the FDIC’s brokered deposits regulations to restore their applicability to any third party that meets the definition of deposit broker, including those involved in placing deposits at only one IDI.[6]
Revises the definition of “deposit broker,” including adding a new prong to the definition related to fees paid to a third party. The Proposal would impact commonly used bank marketing practices by adding a new prong to the definition of “deposit broker” related to fees paid to a third party, specifically providing that a person is engaged in the business of placing or facilitating the placement of deposits of third parties if that person “has a relationship or arrangement with an IDI or customer where the IDI, or the customer, pays the person a fee or provides other remuneration in exchange for or related to the placement of deposits.”[7] Fees that would be covered under the Proposal would include fees for administrative services provided in connection with a deposit placement arrangement.[8]
Revises the analysis for determining when an agent or nominee meets the primary purpose exception. The Proposal would provide that the primary purpose exception to the “deposit broker” definition would apply “when an agent or nominee whose primary purpose in placing customer deposits at IDIs is for a substantial purpose other than to provide a deposit-placement service or FDIC deposit insurance with respect to particular business lines.”[9] This interpretation would align with how the FDIC historically interpreted the primary purpose exception before the 2020 Final Rule.[10] As part of this analysis and any corresponding application process for a primary purpose exception (“PPE”), the FDIC would analyze the intent of the third party and consider the relationship between the third party and the IDI, including whether fees were paid to the third party.[11]
Eliminates the enabling transactions PPE. The 2020 Final Rule created a PPE for third parties that place deposits to allow their customers to enable transactions (the “enabling transactions test”). Without any substantive discussion, the Proposal quickly eliminates the enabling transactions test and corresponding notice process, stating: “The current enabling transactions test would not satisfy the proposed primary purpose exception, because placing deposits into accounts with transactional features would not, by itself, prove that the substantial purpose of the deposit placement arrangement is for a purpose other than providing deposit insurance or a deposit-placement service. The FDIC believes that there is no relevant difference between an agent or nominee’s purpose in placing deposits to enable transactions and placing deposits to access a deposit account and deposit insurance.”[12] Under the Proposal, IDIs that currently rely on the enabling transactions test under the notice or application process could file an application under the general PPE application process.[13]
No reliance on PPE notices or applications. The Proposal provides that IDIs relying on an existing approved PPE application, 25% test designated exception notice or an enabling transactions exception notice or application would no longer be able to rely on such exceptions. As a result, IDIs would need to submit a new PPE application, rely on the new 10% Broker-Dealer Sweep Exception (described below) or rely on one of the preserved designated business exceptions from the 2020 Final Rule.[14]
Changes the PPE application process. The Proposal would update the PPE application process and would add additional factors to the FDIC’s review of those applications, including any fees paid to the third party and whether the third party has discretion to choose the IDI(s) to place customer funds. The Proposal also would provide that only IDIs, not third parties, must submit PPE applications.[15]
Proposes a Broker-Dealer Sweep Exception. The Proposal would amend the “25% test” to a 10% of assets under management test and rename it the “Broker-Dealer Sweep Exception.” Under the Proposal, the proposed Broker-Dealer Sweep Exception would be available only to a broker-dealer or registered investment adviser and only if less than 10% of its total assets under management, in a particular business line, is placed into non-maturity accounts at one or more IDIs. Prior notice would be required where no additional third party is involved in the sweep program. An application would be required for sweep programs that use one or more third parties.[16]
Removes “matchmaking activities” prong and replaces with “deposit allocation” prong. The Proposal would eliminate the “matchmaking activities” prong to the deposit broker definition and replace it with the new “deposit allocation” standard.[17] As a result, “deposit broker” would include a person who proposes or determines deposit allocations, including through the use of algorithmic or similar technologies.[18] Unlike the current “matchmaking activities” definition which excludes the provision of services to affiliated entities, the “deposit allocation” standard could be met in connection with the provision of services to affiliates.[19]
Retains remaining designated business exceptions. As noted, the Proposal would amend the 25% test and eliminate the enabling transactions test. The Proposal would retain the remaining designated business exceptions listed in the 2020 Final Rule, as well as the additional designated exception for non-discretionary custodians engaged in the placement of deposits.[20]

III. Key Concerns and Takeaways

While much more will be written on these topics, the fundamental changes to the 2020 Final Rule coupled with the FDIC’s Request for Information on Deposits (“Deposits RFI”)[21] reflect concerns within the FDIC on how they currently oversee the risks associated with different types of deposits.

Thematically, we believe that there are several key issues to confront (in addition to the responses to the alternatives in the Proposal and technical clarifications):

First, the restrictions on brokered deposits are derived from Section 29 of the FDIA, which relates to banks that are not well-capitalized. There is little disagreement within the industry that banks that fail to remain well-capitalized should not be relying on brokered deposits for growth. However, the FDIC and other agencies have leveraged the definition of brokered deposits for other purposes – essentially defining a very diverse set of deposits to be inherently risky and penalizing banks that accept such deposits – be it in the form of assessments or, for the larger banks, the calculation of the liquidity coverage ratio and the net stable funding ratio.
Second, the conflation of the risks related to certain types of uninsured deposits and the risks of brokered deposits is not supported by data. The Proposal cites to the FDIC’s 2011 Study on Core Deposits and Brokered Deposits, but even that study indicates that a higher proportion of brokered deposits relative to core deposits at a bank is correlated to—though not necessarily the cause of—greater probability and cost of failure. In addition, the data for that study are not reflective of today’s banking system. Instead of over-hauling such a recent regulation, it would be prudent for the FDIC to receive and release information relating to the Deposits RFI so that both the FDIC and the industry can consider the actual risks associated with brokered deposits. Once such data are analyzed, it would be worth considering whether the definition of a brokered deposit for purposes of institutions that are not well-capitalized should be broadly defined. And, if so, whether there should be different categories of such brokered deposits for other regulatory purposes to more accurately reflect the inherent risks.
Third, there are practical implications of these changes that could pose unintended consequences. For instance, the removal of affiliate considerations for exclusivity and deposit allocations does not reflect the reality of how banks and bank holding companies organize themselves (frequently in consideration of resolution planning). In addition, the burden of new notices for the PPE and ongoing reporting fail to address situations where there is a spot increase in cash held that is wholly unrelated to the business of the broker-dealer or the IDI that is swept the funds.
Fourth, the Proposal could materially affect consumers, particularly those who are underbanked or unbanked, and who rely on neobank and fintech apps for access, through bank partnerships, to traditional financial products and services. The Proposal acknowledges only that consumers “might experience changes in interest rates on those funds, or costs associated with placing those funds with different entities.”[22] The Proposal does not, however, take into account that the 2020 Final Rule was aimed, in part, at enabling banks through bank-fintech partnerships to reach new customers and extend their services to underbanked and unbanked populations. The Proposal would roll this back and could create harmful unintended consequences to those segments of the population through increased costs or decreased availability or access and could push the underbanked or unbanked to less reliable, less safe financial services providers.
Fifth, rulemaking this late in an election year could be vulnerable to reversal depending on the outcome of the election. The process to review and respond to comments submitted in the 60-day public comment period and to finalize the Proposal will take substantial time and may not be completed before the end of the current Administration. If the Proposal is not finalized by then, a new Administration with a different policy perspective could stop the process. In addition, if adopted in a final rule, the Proposal would qualify as a rule under the Congressional Review Act and therefore could be reviewed and disapproved by Congress in the event of a change in the Administration and control of Congress. Under the Congressional Review Act, disapproval would require each chamber to pass a resolution of disapproval by a bare majority and would also require approval by the new President. This is a streamlined legislative process that can be used in a new Congress to undo rules adopted shortly before an election.

IV. Conclusion

As with any proposal, it is imperative that all stakeholders actively engage in the rulemaking process with the FDIC and other policymakers to facilitate a thoughtful approach to the final rule. Recent Supreme Court decisions have increased a trend of judicial skepticism towards agency rulemakings, which could potentially make the Proposal vulnerable to legal challenge under the Administrative Procedure Act. The comment process will play a critical role in highlighting the myriad issues raised by the Proposal, its potentially broader unintended consequences, including impacts on consumers, namely the underbanked and unbanked, and may also form the basis for any future legal challenges to the FDIC’s final rule.

[1] FDIC, Unsafe and Unsound Banking Practices; Brokered Deposits Restrictions (July 30, 2024), available at: https://www.fdic.gov/system/files/2024-07/fr-npr-on-brokered-deposit-restrictions.pdf.

[2] FDIC, Press Release: FDIC Board Approves Final rule on Brokered Deposit and Interest Rate Restrictions (Dec. 15, 2020), available at: https://www.fdic.gov/news/press-releases/2020/pr20136.html. The 2020 Final rule was published in the Federal Register on January 22, 2021. See Unsafe and Unsound Banking Practices: Brokered Deposits and Interest Rate Restrictions, 86 FR 6742 (Jan. 22, 2021).

[3] Section 29 of the Federal Deposit Insurance Act (“FDIA”) does not define the term “brokered deposit.” The determination of whether an activity results in a brokered deposit turns on the definition of “deposit broker.”

[4] The 2020 Final Rule was approved by a vote of three to one, with then-Director Gruenberg dissenting. Then-Director Gruenberg’s dissenting statement is available at: https://www.fdic.gov/news/speeches/2020/spdec1520f.html.

[5] Compare Gruenberg Dissent (“This regulatory change opens up great risk to the banking system. Under this change, a bank could rely for one hundred percent of its deposits on a sophisticated, unaffiliated third party without any of those deposits considered brokered. The bank could fall below well capitalized and still rely on those third party placed deposits for one hundred percent of its funding without any of those deposits considered brokered, effectively an end-run around the statutory prohibition on less than well capitalized banks receiving brokered deposits. A bank could form multiple “exclusive” third party relationships to fund itself without any of those deposits considered brokered.”) with Proposal, p. 36 (“Under this change, an IDI can rely for one hundred percent of its deposits on an unaffiliated third party without any of those deposits considered brokered. The IDI can fall below well capitalized and still rely on those third party placed deposits for one hundred percent of its funding without any of those deposits being considered brokered, which provides an avenue for less than well-capitalized IDis to obtain and retain brokered deposits that appears to conflict with intent of the statutory prohibition. An IDI can form multiple “exclusive” third party relationships to fund itself without any of those deposits considered brokered. Thus, the current regulation exposes the banking system to the kind of risk the brokered deposit restrictions were intended to address.”)

[6] See Proposal, pp. 35-36.

[7] Proposal, p. 29. (emphasis added).

[8] See Proposal, p. 33.

[9] Proposal, p. 38.

[10] Id.

[11] See Proposal, pp. 38-39.

[12] Proposal, p. 54.

[13] See id.

[14] See Proposal, p. 28.

[15] See Proposal, pp. 41-44.

[16] See Proposal, pp. 47-53.

[17] See Proposal, p. 29.

[18] See Proposal, pp. 31-32.

[19] See Proposal, p. 32.

[20] See Proposal, p. 55.

[21] On July 30, 2024, the FDIC issued a request for information soliciting the public’s comments on deposit data that is not currently reported in the Call Report or other regulatory reports, including for uninsured deposits. See FDIC Request for Information on Deposits (July 30, 2024), available at: https://www.fdic.gov/system/files/2024-07/fr-request-for-information-on-deposits.pdf. Comments are due on the Deposits RFI within sixty (60) days of publication in the Federal Register.

[22] Proposal, p. 69.

The following Gibson Dunn lawyers prepared this update: Jason Cabral, Ro Spaziani, Stuart Delery, Matt Gregory and Zach Silvers.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please feel free to contact the Gibson Dunn lawyer with whom you usually work, any member of Gibson Dunn’s Global Financial Regulatory, Financial Institutions, Global Fintech and Digital Assets, Public Policy or Administrative Law and Regulatory practice groups, or the following authors:

Jason J. Cabral – New York (+1 212.351.6267, jcabral@gibsondunn.com)

Ro Spaziani – New York (+1 212.351.6255, rspaziani@gibsondunn.com)

This update summarizes recent enforcement activity, provides an overview of notable legislative and policy developments at the federal and state levels, and analyzes significant court decisions from the first half of the year.

I. Introduction

When the False Claims Act (“FCA”) is not making headlines on the Supreme Court’s docket, the flow of enforcement developments nonetheless remains constant. The first half of 2024 is a reminder that that flow can surge at any moment, bringing with it massive settlements for the government—over $1 billion over six months, in the case of 2024. Meanwhile, as the first half of 2024 also makes clear, there is never a dull moment when it comes to caselaw developments in the lower federal courts, and even when the U.S. Department of Justice (“DOJ”) is not being particularly vocal about its FCA enforcement priorities in speeches and publications, it often is taking steps in other enforcement contexts that have implications for the FCA.

In the first half of 2024, DOJ has continued its focus on FCA matters related to cybersecurity; has initiated pilot programs in criminal enforcement that have implications for qui tam whistleblower incentives; and has concluded settlements across a range of industries and legal theories, with the primacy of settlements in the healthcare industry continuing. Courts have grappled with issues such as FCA causation and the scienter required in FCA cases premised on violations of the Anti-Kickback Statute (“AKS”), and the Supreme Court granted certiorari in a case involving the definition of “claim” under the FCA.

Below, we summarize recent enforcement activity, then provide an overview of notable legislative and policy developments at the federal and state levels, and finally analyze significant court decisions from the first half of the year. Gibson Dunn’s recent publications regarding the FCA may be found on our website, including in-depth discussions of the FCA’s framework and operation, industry-specific presentations, and practical guidance to help companies navigate the FCA. And, of course, we would be happy to discuss these developments—and their implications for your business—with you.

II. Noteworthy DOJ Enforcement Activity During the First Half of 2024

2024 has been a notable half-year for FCA settlements by DOJ: during the first six months of the year, the government announced resolutions totaling over $1 billion.[1] That dollar figure is the highest for the first half of a calendar year—by a significant margin—in recent memory. It also includes two nine-figure settlements, whereas the first half of 2023 included none and the first half of 2022 included only one. While both of those nine-figure settlements grant DOJ claims in the bankruptcy cases of the settling counterparties and the government thus stands to recover significantly less than the settlements’ face values, the fact of resolutions valued at those figures remains a significant development.

Below, we summarize the most notable settlements and judgments from the first half of this year, organized by industry and focused on key theories of liability at issue in the resolutions. As usual, FCA recoveries in the healthcare and life sciences industries dominated enforcement activity during the first half of the year in terms of the number and value of settlements. DOJ, however, also announced notable resolutions in the government contracting and procurement space, described below.

A. Healthcare and Life Science Industries

As usual, the vast majority of FCA recoveries in the first half of 2024 involved entities and individuals in the healthcare and life sciences industries.

On January 4, a healthcare facility operator in Delaware agreed to pay $42.5 million to resolve allegations that the company provided ancillary service providers—including nurse practitioners and physician assistants—to assist with patients as an inducement to non-employee doctors to refer patients to the company’s hospitals. The complaint alleged that these arrangements violated the AKS and the Stark Law. The allegations underlying the settlement agreement stemmed from a qui tam suit brought by the company’s former chief compliance officer, who will receive an unspecified portion of the recovery.[2]
On January 4, a Florida non-profit agreed to pay approximately $19.5 million to resolve allegations that it billed federal healthcare programs for items and services used in clinical trial research that it should have billed to non-government sponsors. The organization itself initiated an independent investigation into the alleged behavior and disclosed its findings to the government. The federal government will receive $18.2 million from the settlement, and Florida Medicaid will receive $1.3 million.[3]
On January 4, a Memphis hospital system agreed to pay $7.25 million to resolve claims that it submitted false claims to Medicare that arose out of improper financial arrangements. Specifically, the government alleged the hospital system had a multi-agreement relationship with a medical clinic, and the hospital system used these various business contracts as a vehicle to pay kickbacks to the clinic to induce it to refer Medicare beneficiaries to the hospital system. The suit resolves a qui tam suit brought by a former president of a hospital within the system and a medical school dean, who will each receive an unspecified portion of the settlement.[4]
On January 5, an Arizona home health agency agreed to pay nearly $10 million to resolve allegations that it submitted false claims to a healthcare program serving Department of Energy employees and contractors with occupational illness. The government alleged that the agency billed the program for nursing and care services when its employees were not physically present in the patients’ homes. It further alleged that the agency’s “friends and family” program violated the AKS by paying cash and in-kind payments for food, travel, and other expenses in exchange for patient referrals. The agency made a voluntary disclosure to the government regarding its friends and family program and in-kind remuneration, and the settlement agreement acknowledges the agency’s cooperation in this regard. The settlement resolves a qui tam suit brought by a former Corporate Administrator and Director of Human Resource Administration and Management at the agency and its predecessor, who will receive approximately $1.7 million from the settlement.[5]
On January 10, a New Jersey clinical laboratory and its CEO agreed to pay $13.2 million to resolve allegations that it billed federal healthcare programs for laboratory tests procured through illegal kickbacks. The government alleged that the laboratory obtained referrals through five different kinds of kickbacks, including: (1) commissions paid based on volume and value of referrals to the laboratory through independent contractors; (2) payments disguised as management services organization fees that were actually incentives for laboratory referrals; (3) payments to healthcare providers disguised as consulting or medical director fees in exchange for ordering lab tests; (4) payments to substance abuse recover centers to induce referrals for lab testing; and (5) specimen collection fees to healthcare providers to induce referrals to the laboratory. In addition, the government alleged that the laboratory and CEO submitted claims for tests that were not medically necessary or not otherwise covered by Medicare and Medicaid.[6]
On January 11, a long-term care hospital agreed to an ability-to-pay settlement requiring it to pay over $18.6 million plus 4.5% interest per year to resolve allegations that the hospital impermissibly claimed excessive cost outlier payments from Medicare. Specifically, the government alleged that the hospital manipulated the cost outlier payment system for supplemental reimbursement by increasing its charges in excess of its costs and beyond what the hospital would be able to repay once Medicare cost reports were reconciled to its charges. In addition to the FCA claim, the settlement involved a $12 million penalty resolving Federal Debt Collection Procedures Act allegations against certain hospital investors for their role in the hospital’s alleged fraudulent transfer of money without equivalence value exchange to its investment management company.[7]
On January 17, a healthcare company and its owners consented to a $2 million judgment, admitting to FCA violations for using medical staff to submit claims for medically unnecessary care to federal healthcare programs. The government alleged that the company hired vulnerable or inexperienced medical staff and then pressured those staff members to provide unnecessary care, and to submit the claims for that care to federal payors. The government further alleged that the company falsified information to obtain Paycheck Protection Program (PPP) loan forgiveness. The consent agreement resolves allegations under the FCA, AKS, and Controlled Substances Act.[8]
On January 23, a Philadelphia pharmacy and its current and former owners agreed jointly to pay approximately $3.9 million to resolve allegations that they billed Medicare and Medicaid for medications that were never dispensed from January 2018 through September 2020. The government also alleged that in some cases the pharmacy dispensed low-cost formulations to beneficiaries but billed Medicare for the high-cost versions of the formulations. The pharmacy and its principal pharmacist entered into an integrity agreement requiring them to undertake significant compliance obligations and conduct third-party audits of their Medicare claims and drug inventory through an Independent Review Organization.[9]
On January 26, a group of durable medical equipment companies agreed to pay $2.1 million to resolve allegations that they submitted false claims to federal healthcare programs by selling used hospital beds as if they were new. The government also alleged the companies upcoded support products and mischaracterized non-reimbursable travel time as repair time in claims for payment made to federal programs and contractors. This settlement resolved a related qui tam suit brought by a former employee, who will receive an undisclosed portion of the settlement amount.[10]
On January 30, a drug rehabilitation facility and a clinical laboratory agreed to resolve liability for submitting false claims for urine drug testing services to the federal Medicare and Kentucky state Medicaid programs by paying $2.2 million and $4.9 million respectively. The government alleged that the drug rehabilitation facility used the same complex panel of urine drug tests for all patients on a weekly basis, despite the results often not being used for diagnosis or treatment and without considering whether individual patients needed the panel. The clinical laboratory performed the urine tests and billed them to federal and state healthcare programs despite knowing that the tests were not typically used for diagnosis or treatment and also performed additional urine drug screens without proper medical orders requesting the screens. As a part of the settlement, the drug rehabilitation facility entered into a corporate integrity agreement with HHS-OIG, which requires the facility to appoint a compliance officer and retain an independent expert for its compliance program. The clinical laboratory’s share of the settlement will require it to cease operations and pay the United States 100% of the net proceeds of the sale of its assets, along with 70% of reimbursements from healthcare payors for one year and any employee retention tax credit funds received. The settlement resolves a related qui tam suit, with the relator receiving an undisclosed portion of the recovery.[11]
On February 7, a Pennsylvania multi-hospital system agreed to pay $11.7 million to resolve allegations that it submitted claims to Medicare for services relating to annual wellness visits. The hospital system voluntarily disclosed that it submitted claims that were not supported by the medical record between December 2015 and November 2022. Following its self-disclosure, the government noted, the hospital system took corrective action, although in resolving the case the government did not specify what that action was.[12]
On February 14, a medical equipment company that rented non-invasive ventilators agreed to pay $25.5 million to resolve allegations that it continued to bill federal health care programs after patients ceased using their devices. Additionally, DOJ alleged that the company failed to confirm that the devices it rented were medically necessary, impermissibly waived coinsurance payments to get more patients to rent their equipment, and paid kickbacks to induce Medicare beneficiaries to rent its equipment. The company admitted it received reimbursement for claims it submitted to federal healthcare programs that did not comply with Medicare billing guidelines. This resolved a related qui tam suit for which the relator will receive an unspecified portion of the proceeds.[13]
On February 16, a Kentucky toxicology lab and its owner agreed to a nearly $5.6 million judgment for violating the FCA by charging court‑ordered urine tests to Medicare and Medicaid, even though the tests were not medically necessary. The lab’s compliance officer also agreed to a $4.87 million judgment against her for a related scheme in which she solicited urine drug tests from non-medical homeless shelters and charged those tests to Medicare and Medicaid. Both the owner and the compliance officer received prison sentences of 46 months and six months respectively for related criminal charges. Furthermore, the lab, the owner, and the compliance officer will be excluded from federal health care program participation for 20 years. The consent agreements resolve a qui tam suit for which the relator will receive an unspecified portion of the proceeds.[14]
On February 28, a pharmaceutical manufacturer, DOJ and an ad hoc group of first lien creditors reached a comprehensive settlement of all federal government claims against the manufacturer. The settlement included resolution of FCA claims asserted by DOJ, which were resolved by granting DOJ a $475.6 million general unsecured claim in the manufacturer’s chapter 11 bankruptcy cases. DOJ alleged that the company marketed its opioid drug to providers the company knew prescribed the drug for non-medically accepted indications, and that the company incentivized such targeting through sales goals, employee incentive compensation plans, and employee performance reviews. In resolution of a parallel criminal investigation, the comprehensive settlement also required a debtor affiliate of the manufacturer to plead guilty to a misdemeanor violation of the Food, Drug and Cosmetic Act (“FDCA”) based on allegations that it introduced misbranded drugs into interstate commerce. Altogether the comprehensive settlement encompassed approximately $8 billion of alleged claims asserted by the IRS, the civil and criminal branches of DOJ, and several federal healthcare agencies. Under the terms of the comprehensive settlement, the company made a single $200 million payment in satisfaction of all the government’s claims upon the effective date of its chapter 11 plan of reorganization in April 2024, and the settlement allowed the company’s pharmaceutical business to emerge under such plan.[15] Gibson Dunn represented the first lien ad hoc group, which negotiated the foregoing economic settlement with DOJ, and was intimately involved in all aspects of this comprehensive resolution and its implementation.
On February 28, a Georgia laboratory and its owner agreed to pay $14.3 million to partially resolve allegations that it submitted false claims to government healthcare programs. In particular, the government alleged that the owner paid independent contractors to recommend that senior living communities order expensive and unnecessary respiratory pathogen panels (RPPs), rather than the COVID-19 tests that the communities initially requested. The contractors also, with the owner’s alleged knowledge, performed COVID-19 tests in senior living communities, but then arranged for the laboratory to submit claims to federal health plans using sham Medicaid diagnosis codes that did not reflect the medical conditions of those receiving the tests. The contractors also allegedly forged physician signatures on RPP order forms. The owner, along with four other people, pleaded guilty to criminal charges connected to the scheme. The federal government will receive $13.9 million from the civil settlement, and Georgia will receive $400,000. The settlement also resolves a qui tam suit for which the relator will receive $2.86 million.[16]
On March 6, a hospital system in New York agreed to pay $17.3 million to resolve allegations that it paid unlawful kickbacks to doctors at the hospital’s chemotherapy infusion center. The government alleged that the hospital entered into contracts with the physicians that linked the physicians’ compensation to the number of referrals made for services at the chemotherapy center. The settlement agreement also resolves claims that the physicians failed to adequately supervise these services as required by Medicare and Medicaid regulations, in addition to claims under New York’s state FCA statute. The hospital voluntarily disclosed the information to the United States.[17]
On March 6, a generic pharmaceutical manufacturer agreed to pay $2 million to resolve allegations that it submitted false claims to TRICARE, the VA, the Federal Employees Health Benefits Program, and the Department of Labor Office of Works Compensation Programs. The government alleged that the company sold adulterated pharmaceuticals after failing to follow controls required by manufacturing regulations, which resulted in the submission of false claims. This settlement resolved the civil liability component of a criminal investigation related to the introduction of adulterated drugs into interstate commerce. The company also entered into a plea agreement to resolve the related criminal indictment, pursuant to which it agreed to a three-year deferred prosecution agreement and to pay an additional $1.5 million fine.[18]
On March 20, two former Philadelphia-based pharmacy employees agreed to pay over $4.1 million to resolve liability under the FCA and Controlled Substances Act for illegally dispensing and distributing controlled substances and engaging in fraudulent billing. Specifically, the government alleged that the former employees dispensed opioids and other “cocktail” drugs in extreme doses and combinations under highly suspicious circumstances, including excessive cash payments and clearly forged prescriptions. The employees also engaged in a scheme using a “BBDF” (“Bill But Don’t Fill”) code to falsely claim to Medicare and other insurers that drugs had been dispensed to patients. The former employees also pled guilty to related criminal charges and were sentenced to several months imprisonment along with receiving permanent bans on dispensing controlled substances. The civil settlement and criminal convictions marked the end of a multi-year investigation into related fraudulent activity at the pharmacy, including activities by its owner and other employees.[19]
On March 25, a clinical laboratory and its owners agreed to pay approximately $13.6 million and to be excluded from federal health care programs for 15 years to resolve allegations that they submitted Medicare claims for tests that were neither medically necessary nor ordered by healthcare providers. Specifically, the government alleged that the laboratory performed and submitted claims for medically unnecessary urinary tract infection panel of tests by PCR when physicians only ordered a less extensive urinalysis tests as part of an illegal kickback scheme. The laboratory allegedly did so because Medicare reimbursements for the PCR tests were significantly higher than reimbursements for the tests the physicians had ordered. This settlement resolved a related qui tam action brought by a physician who owned health care facilities and served patients for whom the laboratory ran tests. The physician relator will receive approximately $2.3 million of the settlement amount.[20]
On March 25, a healthcare staffing company agreed to pay approximately $9.3 million to resolve FCA and criminal liability regarding its visa sponsorship program. Specifically, the government alleged the staffing company submitted false visa immigrant applications, provided false job placement letters, and made false statements to government officials while recruiting healthcare professionals into the United States. Along with undertaking extensive remedial efforts in its compliance, the company also pledged an additional $8 million to healthcare projects in an effort to address harms caused by its prior practices. The pledge will be distributed to various NGOs and non-profits involved with ethical recruitment, strengthening healthcare access and infrastructure in certain developing countries and in rural/underserved U.S. communities.[21]
On March 27, a Georgia teleradiology company and its CEO agreed to pay $3.1 million to settle liability for violations of the FCA and comparable state laws for fraudulently billing federal health care programs. The government alleged that the company’s U.S.-based radiologists failed to adequately review interpretation reports prepared by overseas contractors who were not permitted to practice medicine in the U.S. or bill U.S. federal healthcare programs. The company also misrepresented which medical professionals actually rendered radiology services, and improperly sought reimbursement for services provided by medical professionals outside of the United States. Approximately $2.68 million of the settlement will be paid to the U.S., and the remaining $420,000 will be distributed to various states. The settlement additionally resolves a qui tam suit, but it was not disclosed whether the relators would receive a share of the settlement.[22]
On April 2, a Texas oncology practice and diagnostic reference laboratory agreed to pay approximately $4 million to resolve allegations that they violated the AKS. The government alleged that the laboratory offered illegal kickbacks in exchange for bone marrow biopsy exams, which induced physicians to order the tests. Furthermore, the government contended that one of the practice’s physicians billed federal and state healthcare programs for medically unnecessary tests and services. This settlement resolved a qui tam suit brought by a former physician at the practice who will receive an unspecified amount. The oncology practice also entered into an integrity agreement for a period of three-years as part of the settlement.[23]
On April 9, a California-based nursing home chain agreed to pay approximately $7 million to resolve allegations that it submitted claims to Medicare and Medicaid for reimbursement for skilled care that it did not actually provide. The government alleged that the company misused a COVID-19 emergency waiver that removed the three-day hospital stay requirement to receive reimbursement for skilled care for nursing home residents. The company allegedly submitted claims for skilled care reimbursement when residents at the home were merely exposed to COVID-19, rather than infected, and as a result did not actually receive skilled care in the nursing home. The company will pay the federal government approximately $6.8 million and the state of California approximately $242,000, plus interest. The company will also enter a Corporate Integrity Agreement (CIA) with the Department of Health and Human Services, Office of Inspector General (HHS-OIG). The settlement resolves a qui tam suit for which the relators will receive approximately $1.2 million, plus interest.[24]
On April 24, an Atlanta-based company agreed to pay $2.7 million to resolve allegations that it violated the False Claims Act by failing to implement adequate cybersecurity measures to protect health information obtained through a contract with the Pennsylvania Department of Health to provide staffing for COVID-19 contact tracing. The government alleged that the company transmitted confidential and/or personally identifiable information in unencrypted emails, that it stored and transmitted information through Google files that were not password protected, and that staff used shared passwords to access the information. The government also alleged that the company received complaints for at least five months before the company started remediating the issue. The settlement resolves a qui tam lawsuit brought by a former staff member at the company, who will receive a $499,500 share of the lawsuit.[25]
On April 25, a healthcare management company and its subsidiaries agreed to pay $4.2 million to resolve allegations that it knowingly submitted false Medicare claims. In particular, the government alleged that the company retained overpayments for hospice care claims when the patients were not terminally ill and therefore ineligible for hospice care. This settlement resolved a qui tam suit brought by a former employee, who received $672,000 of the settlement.[26]
On May 6, the owner and operator of multiple medical diagnostic and laboratory-related LLCs agreed to pay $27 million to resolve allegations that he and his companies conspired to violate the FCA by submitting false claims to federal healthcare programs for medically unnecessary cancer genomic tests (CGx) procured through illegal kickbacks. In particular, the government alleged that he and his companies conspired with telemarketers to solicit Medicare beneficiaries for CGx tests and conspired with telemedicine providers to prescribe medically unnecessary CGx tests. The government further claimed that he and his companies conspired with reference laboratories that would perform the CGx tests, and with billing laboratories and a hospital to submit claims to Medicare and Medicaid. The Floridian owner and operator previously pled guilty to criminal healthcare fraud related to this same conduct in 2022. As part of this settlement agreement, his companies agreed to be excluded from all federal health care programs. This settlement resolves three related qui tam actions, including one action brought by a minority owner of one of the LLCs, who will receive approximately $4.7 million of the settlement amount.[27] The portion of the settlement that the other relators will receive is not specified.
On May 8, a Michigan healthcare practice agreed to pay approximately $2 million to resolve allegations that it submitted claims for improperly supervised medical care to Medicare and Medicaid. In particular, the government alleged that the company submitted claims to Medicare and Medicaid for procedures performed by physician assistants in nursing home facilities without the required doctor supervision. The state of Michigan will receive approximately $66,000 from the settlement.[28]
On May 16, a Massachusetts hospital agreed to pay $24.3 million to resolve allegations that it submitted claims to Medicare for medical treatments that did not comply with Medicare rules about evaluating patient suitability for the prescribed medical treatment. Specifically, the government alleged that the hospital knowingly submitted claims for transcatheter aortic valve replacement (TAVR) procedures without the required number of physicians either examining the patient or documenting their judgment regarding the patient’s suitability for the procedure. As part of the settlement, the hospital will enter into a five-year CIA with HHS-OIG under which an Independent Review Organization will annually review the hospital’s Medicare charges. Because the hospital voluntarily assisted the government during its investigation, the hospital received cooperation credit pursuant to DOJ guidelines. The settlement resolves a qui tam suit for which the relator will receive approximately $4.36 million.[29]
On May 17, a medical clinic agreed to pay $7.6 million to resolve allegations that it violated the FCA in connection with three federal grant awards for its research. In particular, the government alleged the clinic failed to disclose that the Principal Investigator on each grant was an employee with pending or active grants from foreign institutions who supported that employee’s research and obligated the employee’s time, which violated the National Institute of Health (NIH)’s transparency requirements. The settlement also resolved allegations that the clinic impermissibly allowed its employees to share passwords for access to the NIH grant reporting platform, which resulted in other employees making false submissions in the name of the Principal Investigator without their knowledge. The HHS-OIG, FBI, and two assistant U.S. attorneys collaborated with the U.S. Attorney’s Office for the Northern District of Ohio to resolve these allegations. The clinic agreed to implement a Corrective Action Plan, and NIH imposed specific award conditions for future grants for at least a one-year period or until completion of the Corrective Action Plan.[30]
On May 20, two New York not-for-profit corporations agreed to pay approximately $10 million to resolve allegations that they submitted false claims to Medicaid for certain long-term care services. The companies administered a Managed Long Term Care Plan (“MLTCP”) for Medicaid beneficiaries, under which they arranged for health and long-term care services and were reimbursed by Medicaid through per-member payments on a monthly basis. As part of the settlement, the companies admitted to collecting payments for the services under the MLTCP that they did not provide or did not adequately document the provision of. The settlement also resolves a qui tam suit brought by a relator. The portion of the settlement that relator will receive is not specified.[31]
On May 22, a medical device manufacturer and two senior executives agreed to pay $12 million to resolve allegations that they violated the False Claims Act by paying kickbacks to spine surgeons to induce the surgeons to use the company’s spinal devices. According to the government’s allegations, the company provided improper renumeration to spinal surgeons in the form of consulting and other fees, registry payments, performance shares, and travel and lavish dinners. The settlement also resolves a qui tam action brought by a former regional sales director for the company, who will receive an approximately $2.2 million share of the recovery.[32]
On May 28, three affiliated healthcare companies operating in Florida, Minnesota, and Wisconsin agreed to pay approximately $14.9 million to resolve allegations that they improperly billed Medicare, Medicaid, and TRICARE by knowingly submitting claims for two Evaluation and Management codes that did not support the level of service that the companies actually provided. Under the settlement, the federal government will receive approximately $13.8 million, and the state governments of Florida and Minnesota will receive approximately $1 million. The company must also enter into a five-year CIA with HHS-OIG, which will require the company to establish and maintain a compliance program and submit to an Independent Review Organization’s review of its Medicare claims to ensure that they are medically necessary. The settlement also resolves a qui tam suit for which the relator will receive approximately $2.8 million.[33]
On June 6, defendants in a New-York ophthalmologist practice agreed to pay approximately $2.5 million to resolve claims that, over a three-year period, they billed federal healthcare programs for medically unnecessary tests and procedures, and services that could not have been performed because the doctor was not in the office at the time the services were purportedly rendered. The government further alleged that the scheme exploited residents in Brooklyn and Queens, many of whom were non-native English speakers or elderly. The settlement agreement resolves two qui tam actions but does not specify the relators’ shares of the recovery.[34]
On June 11, a Chicago-based nurse practitioner group and its former owners agreed to pay approximately $2 million to resolve allegations that it submitted false claims to Medicare and Medicaid. The government alleged that the company and its owners developed patient charting software that generated false, upcoded claims for Medicare and Medicaid. According to the government’s allegations, the company and its owners required its nurse practitioners to use the software, despite knowing that it resulted in fraudulently upcoded claims being submitted to and paid by Medicare and Medicaid. The settlement also resolves a qui tam lawsuit brought by a former employee, which receive approximately $358,647 as part of the settlement.[35]
On June 24, medical centers and a medical college in Texas agreed to pay $15 million to resolve claims they billed for concurrent heart surgeries in violation of Medicare teaching physician and informed consent regulations. According to the government’s allegations, three heart surgeons at the medical center ran a regular practice of running two operating rooms at once, delegating key aspects of the surgeries to unqualified medical assistants. The $15 million recovery is the largest settlement to date involving concurrent surgeries. Under the settlement, the qui tam relator will receive approximately $3.1 million.[36]

B. Government Contracting and Procurement

On January 19, an oil and gas company agreed to pay $34.6 million to resolve allegations it knowingly underpaid royalties owed on oil and gas produced from federal lands. Specifically, the government alleged that the company submitted royalty payments to the federal government based on estimates and subsequently failed to make follow-up payments based on actual volumes and values as required by its agreements with the government. The company received credit under the settlement for cooperation by assisting with the determination of losses.[37]
On January 30, a technology company agreed to pay $5 million to resolve allegations that it falsely overstated cost and pricing data in a subcontract proposal to the U.S. Army. Specifically, the government alleged that the company overstated its costs to a primary contractor who was negotiating with the Army, and that the primary contractor then relied on those estimated costs when negotiating its contract, leading to significant overcharges. The settlement resolves a related qui tam suit for which the relator will receive $900,000.[38]
On January 30, a Virginia-based consulting agency and its parent company agreed to pay $3.9 million to resolve allegations that it made false statements about its status as a women-owned small business (WOSB) to obtain a Defense Health Agency contract regarding providing doctors to an Air Force treatment facility that had been set aside for WOSBs. In particular, the government alleged that the consulting company forfeited its WOSBs status when it failed to update its size certifications post-acquisition as required, and when asked by the government’s contracting official. The company was awarded the contract based on the allegedly false representation when it would not have been eligible had it provided correct information. This settlement resolved a qui tam action brought by an entity healthcare and support services provider, which purportedly discovered the misrepresentations through a report it developed to analyze Defense Health Agency contracts.[39] The settlement amount reflects cooperation from the companies during the government’s investigation.[40]
On March 12, an information and advisory services company agreed to pay $37 million to settle allegations that it violated the FCA and the Financial Institutions Reform, Recovery and Enforcement Act it used data in violation of its government contracts. The government alleged that over a month-long period, the company improperly accessed, retained, and anonymized credit card data it received under various government contracts, which it subsequently used to create proxy data that was incorporated into products and services sold to commercial customers. The company failed to disclose this behavior both to the government and to the commercial clients to whom it sold the products.[41]
On April 23, a company responsible for managing and operating a National Nuclear Security Administration site agreed to pay $18.4 million to settle liability for overpayments that resulted from production technicians submitting falsified timesheets over a six-year period. The company received credit under the settlement for self-disclosing the misconduct, cooperating with the government’s investigation, and for undertaking remediation efforts (including terminating the personnel who engaged in the misconduct).[42]
On June 6, a Canadian manufacturer of protective head gear for U.S. military and law enforcement use agreed to pay approximately $2.5 million to resolve claims that it used foreign-sourced materials in its production of helmet inserts in violation of the Berry Amendment. The company sold its products to the U.S. military under the Defense Logistics Agency’s Special Operational Equipment Tailored Logistic Support Program, which requires that textiles be sourced from the United States in compliance with the Berry Amendment. The government initiated an investigation involving the US Department of Defense, the Defense Criminal Investigative Service, and the Department of the Army Criminal Investigation Division after receiving a complaint from the DLA hotline. The settlement amount reflected that the company accepted responsibility, cooperated with the government’s investigation, and implemented compliance measures.[43]
On June 7, a conglomerate of three medical practice and management groups operating urgent care practices in New Jersey and New York agreed to pay over $12 million to resolve allegations that they submitted false claims for reimbursement of COVID-19 tests to a program that funds COVID-19 testing for uninsured individuals. The government alleged that operators did not adequately confirm whether test recipients had health insurance coverage before submitting their claims to the program, resulting in the erroneous submission of claims for insured persons. It also alleged that the operators caused laboratories to submit false claims for those COVID-19 tests by providing requisition forms that inaccurately indicated the test recipients were uninsured. The operators received credit in the settlement for their voluntary disclosure, cooperation, and remediation efforts. The settlement also resolves a qui tam suit brought by a patient, who will receive approximately $2 million of the settlement.[44]
On June 17, two consulting companies agreed to settle allegations that they violated the False Claims by failing to meet cyber security requirements as part of the administration of the application system for the Emergency Rental Assistance Program. As part of the settlement, both companies admitted that they failed to satisfy their obligation to complete required cybersecurity testing for the systems. One company agreed to pay $7.6 million and the second agreed to pay $3.7 million as part of the settlement. The settlement also resolves a qui tam lawsuit brought by an entity owned by a former employee of one of the companies, which will receive a share of approximately $1.9 million of the settlement.[45]
On June 21, two Wisconsin and Connecticut-based aerospace and parts companies agreed to pay $70 million to resolve False Claims Act allegations that they overcharged the Navy for spare parts and materials needed to repair and maintain Navy aircrafts. According to the government’s allegations, the two companies, which were both wholly-owned subsidiaries of the same parent company, knowingly entered into a contract under which one would purchase parts from the other at a markup. The purchasing company then submitted cost vouchers to the Navy for reimbursement. The settlement also resolves a qui tam suit but does not specify the relator’s share of the recovery.[46]

C. Other

On January 31, an automobile accessory company agreed to pay $3 million to resolve allegations that it knowingly failed to pay antidumping and countervailing duties on materials it imported from China. In particular, the government alleged that the company failed to take any action after being informed that it was not paying the appropriate duties on extruded aluminum components from January 2012 through July 2021. This resolved a qui tam action brought by a former employee who will receive $510,000 plus $75,000 in legal fees as part of the settlement.[47]
On February 29, two individuals in Colorado agreed to pay $3.5 million to resolve allegations that they defrauded the federal government by tampering with rain gauges. The government alleged that the two individuals were part of a conspiracy to tamper with the rain gauges by various means in order to make it appear as though there was below-average rainfall. Doing so would allow them to take advantage of a federal program that pays indemnities to farmers when there is below-average precipitation. In addition to civil penalties, the two individuals pled guilty to criminal charges for which they received prison sentences and were ordered to pay an additional $3.1 million in restitution. The settlement also resolves a qui tam suit for which the relator’s estate will receive approximately $500,000.[48]
On March 13, a construction company agreed to pay $2.5 million plus interest to resolve allegations that it violated FCA by taking out EIDL and PPP loans that it was not entitled to. Specifically, the government alleged that the company’s owner falsely certified in loan applications that he had not been convicted of a felony involving fraud within the last five years even though he had pled guilty and was convicted of a fraud-related felony charge less than three years before the first loan application. This settlement also resolves a qui tam suit for which the relator will receive approximately $250,000.[49]
On March 21, a New Jersey chemical importer and its owner agreed to pay $3.1 million to resolve claims that it fraudulently underpaid customs duties. In particular, the government alleged that the importer conspired with a Chinese vendor to mislabel imported chemicals, including hazardous chemicals, and submitted falsified documents to customs brokers. This settlement also resolves a qui tam suit for which the relator will receive $600,000. The company’s owner additionally pled guilty to wire fraud.[50]
On May 2, a German airline and its Minneapolis-based subsidiary agreed to pay $26.8 million to resolve allegations that it failed to remit to the federal government mandatory travel fees that the airline collected from passengers. In particular, the government alleged that from 2012 to 2018, the company collected fees such as those owed to U.S. Customs and TSA but did not pay those fees to the appropriate government entities. The settlement resolved a qui tam lawsuit for which the relator will receive approximately $4.8 million.[51]
On May 7, a now-bankrupt lender agreed to pay up to $120 million over two settlements to resolve allegations that it submitted false claims for loan forgiveness, loan guarantees, and processing fees to the government under PPP. Under the first settlement, the company agreed to pay up to $63.2 million to resolve allegations that the company inflated PPP loans, causing the Small Business Administration to guarantee and forgive greater loan amounts than borrowers were entitled to receive. And, under the second settlement, the company agreed to pay up to $56.7 million to resolve allegations that the company knowingly failed to implement adequate fraud controls to comply with its regulatory obligations to prevent fraudulent borrowers from seeking PPP benefits. Because the settlement gives the government an unsecured bankruptcy claim, the ultimate settlement amount will depend on the lender’s overall assets. The settlement resolves two qui tam actions for which the relators will receive a portion of the proceeds.[52]
On June 12, multiple nonprofit organizations, including two private country clubs and two homeowners associations, paid approximately $5.8 million to settle allegations that they violated the False Claims Act by knowingly submitting false claims and obtaining PPP loans for which they were not eligible. The settlements also resolved a qui tam action for which the relator will receive approximately $700,000 of the total recovery.[53]
On June 20, four restaurants, two fur apparel distributors, and five individuals agreed to pay approximately $4.6 million to settle allegations that they inflated payroll figures in their PPP loan and forgiveness applications. According to the government, the defendants misrepresented that family members and acquaintances were employed by the businesses, listed the same individuals as “full-time employees” of multiple businesses, inflated payroll figures, and improperly sought loan forgiveness for payroll costs that exceeded the maximum allowed. The settlement also resolved a qui tam lawsuit brought by a former manager at two of the restaurants, but does not specify what, if any, portion of the recovery he will receive.[54]

III. Cyber-Fraud Initiative Updates

The first half of 2024 witnessed notable developments in DOJ’s Civil Cyber-Fraud Initiative, an effort we reported on in our 2023 Year-End Update. The Initiative, launched on October 6, 2021, aims to use the FCA to pursue cybersecurity-related fraud by government contractors and grant recipients that are “knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”[55] In February 2024, Principal Deputy Assistant Attorney General Brian Boynton emphasized that DOJ “will continue to dedicate resources to investigating companies that fail to comply with their cybersecurity obligations.”[56]

A. DOJ Intervenes in First-Of-Its-Kind Cybersecurity Suit Since Launch of Civil Cyber-Fraud Initiative

In the same month in which DOJ re-emphasized its commitment to cybersecurity enforcement, DOJ intervened in a first-of-its-kind qui tam lawsuit, alleging that the Georgia Institute of Technology and Georgia Tech Research Corporation failed to comply with mandatory cybersecurity controls in their Department of Defense (DOD) contracts. In United States ex rel. Craig v. Georgia Tech Research Corporation, et al., the Associate Director of Cybersecurity at Georgia Tech and Principal Information Security Engineer brought the suit in July 2022 against research organizations for allegedly failing to secure and interact with government information and data under standards by the National Institute of Standards and Technology (NIST).

DOD contractors must comply with DFARS 252.204-7012 (“Safeguarding Covered Defense Information and Cyber Incident Reporting”), which requires contractors provide “adequate security” to safeguard the defense information they handle during the course of their work for the DOD. In turn, “adequate security” is defined, at a minimum, as implementation of NIST Special Publication 800-171 (NIST SP 800-171), which has 110 security requirements relating to, among other things, identification and authentication measures; audit and accountability; and system and communications protection measures. The lawsuit alleges that defendants’ internal assessors assigned to determine compliance with NIST were not qualified, and they were pressured interpret the NIST controls to justify certain actions taken in labs as compliant.

The government’s deadline to serve defendants with a complaint-in-intervention is August 22, 2024.

B. Potential Civil Cyber-Fraud Initiative Case on Stay

Similarly, in our 2023 Year-End Update we also reported on an unsealed qui tam complaint against Penn State by a relator who alleged that the university submitted false cybersecurity certifications to DOD. Following a 90-day stay to allow the government additional time to determine whether it will intervene, the parties’ joint written status report updating the court on any developments is due by August 5, 2024.[57]

IV. Legislative and Policy Developments

A. Federal Policy and Legislative Developments

1. Proposed Revisions to Medicare Overpayment Rules

On July 10, 2024, the Centers for Medicare and Medicaid Services (“CMS”) issued a proposed rule regarding the Physician Fee Schedule (“PFS”), which governs Medicare payments for the services of physicians and other healthcare professionals.[58] While changes to the PFS were the headline purpose of the proposed rule, the rule also would bring about significant changes to existing provisions governing healthcare providers’ return of overpayments under Medicare Parts A and B. By way of context, the Affordable Care Act (“ACA”) requires providers to return overpayments to the government within 60 days of the date on which the overpayments are “identified,” and specifies that an overpayment not returned by the appropriate deadline counts as an “obligation” for purposes of the reverse FCA, which prohibits knowing and improper avoidance of an obligation to pay money to the government.[59]

The ACA does not specify what it means to “identify” an overpayment.[60] As originally promulgated, regulations governing the return of overpayments by the Medicare program stated that a provider “identifies” an overpayment when it “has determined, or should have determined through the exercise of reasonable diligence, that [it] has received an overpayment.”[61] In a proposed rule issued in late 2022, CMS proposed to replace this looser standard of knowledge with the relatively more stringent definition of “knowing” and “knowingly” contained in the FCA.[62] This change came in direct response to a district court decision that struck down the “reasonable diligence” standard as permitting the government to premise FCA liability on nothing more than negligence, when the FCA requires a minimum of reckless disregard.[63] That decision and CMS’s response to it, however, left unaddressed a core problem confronting large organizations that face overpayment risks—namely, that it can take much longer than 60 days to determine whether an overpayment has occurred, and the running of that clock without any action to return monies to the government is very often a sign that a good-faith investigation into potential overpayments remains underway, not that overpayments were quickly identified and are being concealed. CMS had previously acknowledged that internal investigations into potential overpayments could take around 180 days, but there was neither a requirement that such investigations be completed in that timeframe nor an explicit provision tolling the deadline for return of overpayments pending such investigations.[64]

The new proposed rule would permit the suspension of the 60-day clock to allow companies to conduct internal investigations, but the devil remains in the details. In particular, in order for the deadline to be suspended, a company would have to have already identified at least one overpayment and be in the midst of a “good-faith investigation to determine the existence of related overpayments,” and would have to actually conduct such a good-faith investigation.[65] And the deadline for returning overpayments would only be suspended until, at the latest, 180 days after the date on which the company identified the initial overpayment that triggered the broader investigation.[66] While these changes enhance incentives for companies to conduct investigations into potential overpayments by extending the reporting deadline pending the completion of such investigations, the reality is that even 180 days may prove an insufficient amount of time for such investigations to fully run their course in large companies. The 180‑day cutoff risks being weaponized by qui tam relators claiming that any investigation that takes longer than 180 days must not have been conducted in “good faith” under the new rule, and that thus any overpayments not returned after the expiration of the 180-day window should form the basis for reverse FCA liability.

CMS is accepting comments on the proposed rule until September 9, 2024.

2. DOJ Whistleblower Reward Program and Voluntary Self-Disclosures Pilot Program for Individuals

Qui tam cases account for the majority of FCA cases initiated in any given year, as well as for the bulk of the monies the government recovers from FCA matters through settlement or judgment. In 2023, qui tam cases represented about 59% of the new FCA cases filed, and about 87% of the recoveries obtained. The FCA qui tam framework has no counterpart in U.S. criminal statutes, but DOJ recently has taken steps to develop a more formal policy for whistleblower awards in the criminal context. In March 2024, DOJ announced the creation of a pilot program that would reward a whistleblower with a portion of the resulting forfeiture if he or she helps DOJ discover significant corporate or financial misconduct.[67] In announcing this program, DOJ noted the successes of similar programs created at the SEC, CFTC, IRS, and FinCEN but acknowledged that those programs were limited to misconduct within those agencies’ jurisdictions. DOJ also noted that qui tam whistleblower initiatives are limited to those actions where fraud against the government is alleged. Thus, DOJ’s new initiative would “fill[] these gaps” to “address the full range of corporate and financial misconduct that the Department prosecutes.”[68]

While details on this pilot program are still forthcoming, the announcement identified important “guardrails.”[69] Payments would be made (1) only after all victims have been properly compensated; (2) only to those who submit truthful information not already known to the government; (3) only to those not involved in the criminal activity itself; and (4) only in cases where there is not an existing financial disclosure incentive—including qui tam awards or an award under another federal whistleblower program.[70] Deputy Attorney General Monaco also told potential future whistleblowers that DOJ was especially interested in information regarding “[c]riminal abuses of the U.S. financial system; [f]oreign corruption cases outside the jurisdiction of the SEC, including FCPA violations by non-issuers and violations of the recently enacted Foreign Extortion Prevention Act; and [d]omestic corruption cases, especially involving illegal corporate payments to government officials.”[71]

Relatedly, in April 2024, DOJ’s Criminal Division announced a pilot program that would extend the benefits of voluntary self-disclosure to individuals who (1) voluntarily, (2) truthfully, and (3) completely self-disclose original information regarding misconduct that was unknown to the department in certain high-priority enforcement areas, (4) fully cooperate and are able to provide substantial assistance against those equally or more culpable, and (5) forfeit any ill-gotten gains and compensate victims.[72] To qualify, a disclosure must relate to at least one of six areas of DOJ focus:

Schemes involving financial institutions (g., money laundering, criminal compliance-related schemes);
Schemes relating to the integrity of financial markets involving financial institutions, investment advisors or funds, or public or large private companies;
Foreign corruption schemes (e.g., violations of the Foreign Corrupt Practices Act, Foreign Extortion Prevention Act, and associated money laundering);
Health care fraud and kickback schemes;
Federal contract fraud schemes; or
Domestic corruption schemes involving bribes or kickbacks paid by or through public or private companies.

Deputy Attorney General Lisa Monaco noted that at least two U.S. Attorney’s offices—in the Southern District of New York and the Northern District of California—established similar programs earlier in the year.[73]

Beyond their significance for DOJ’s criminal enforcement efforts, these developments have important implications for FCA practice as well. Because the FCA penalizes fraud, the conduct at issue in an FCA investigation can sometimes be of interest to criminal authorities too. Yet the risks for a would-be whistleblower in coming forward are magnified when the alleged conduct carries potential criminal, in addition to civil, liability. In such a scenario, the possibility that DOJ will decide the relator has unclean hands carries not just the potential for criminal liability, but also the prospect of outright denial of a qui tam award. The FCA explicitly provides that a relator who is “convicted of criminal conduct arising from his or her role in the [FCA] violation . . . shall be dismissed from the civil action and shall not receive any share of the proceeds of the action.”[74] The new criminal whistleblower pilot program creates an additional financial incentive for reporting misconduct that operates independently of the qui tam mechanism. Alongside that pilot program, the individual voluntary self-disclosure pilot program stands to remove the disincentive that otherwise exists in the form of qui tam award denial in the event of a criminal conviction. Relators may prove more forthcoming about alleged conduct and their own roles in it, if both non-prosecution and financial gain remain on the table. And the carve-out in the pilot whistleblower program for individuals already covered by another whistleblower regime will likely do little to stop relators from making simultaneous reports to both civil and criminal authorities in the hope of maximizing their chances of a recovery.

B. State Legislative Developments

There were no major developments with respect to state FCA legislation in the second half of 2022. HHS-OIG provides an incentive for states to enact false claims statutes in keeping with the federal FCA. If HHS OIG approves a state’s FCA, the state receives an increase of 10 percentage points in its share of any recoveries in cases involving Medicaid. The lists of “approved” state false claims statutes increased to 23 with the approval of Connecticut’s statute this year; while six states remain on the “not approved” list.[75] The other 21 states have either not enacted a state analogue or have not submitted the statue for approval.

V. Case Law Developments

A. U.S. Supreme Court Grants Certiorari in E-Rate Fraud Claims Case

In June, the Supreme Court granted a petition for a writ of certiorari filed by Wisconsin Bell on the question whether reimbursement requests submitted to the Federal Communications Commission’s E-rate program are “claims” under the FCA. See United States ex rel. Heath v. Wis. Bell, 92 F.4th 654, 657 (7th Cir. 2024), cert. granted, 2024 WL 3014477 (U.S. June 17, 2024). The $4.5 billion E-rate program, established under the Telecommunications Act of 1996, provides discounted services to eligible schools and libraries for which service providers competitively bid on pricing and subsidize cost of service. It is funded by private money and administered by a non-profit company. (Note: Gibson Dunn represents Wisconsin Bell in this matter.)

After relator Todd Heath alleged in 2008 that Wisconsin Bell violated the FCA by over-charging schools and libraries, causing the federal government to pay more than it should have, id. at 658, Wisconsin Bell argued that the relator could not satisfy the FCA because, among other things, the E-rate program does not involve government funds, and reimbursement requests are not “claims” within the meaning of the FCA. The district court granted summary judgment for Wisconsin Bell, holding that the relator had not established falsity, scienter, or harm to the government fisc. Id. The Seventh Circuit reversed the district court’s grant of summary judgment. Id. at 671. By reinstating the relator’s claims, the Seventh Circuit created a circuit split with the Fifth Circuit, which had previously held that the FCA does not apply to E-Rate reimbursement requests because the government lacks a financial stake in the allegedly lost funds. See generally United States ex rel. Shupe v. Cisco Sys., Inc., 759 F.3d 379, 388 (5th Cir. 2014).

The certiorari petition was granted on June 17, and oral argument is set for November 4, 2024.

B. The Seventh Circuit Remands on Causation and Upholds Damages Award Against Eighth Amendment Challenge

The Seventh Circuit heard argument in Stop Ill. Health Care Fraud, LLC v. Sayeed, 100 F.4th 899 (7th Cir. 2024) on the FCA causation issue but declined to take a position and remanded to the district court for further argument.

In Stop Ill. Health Care Fraud, Management Principles Inc. (“Management Principles”), a healthcare management company which provided home-based medical services to Medicare recipients, as well as its two subsidiaries and owner, faced AKS allegations for paying Healthcare Consortium of Illinois (“Healthcare Consortium”) $5,000 monthly in exchange for patient referrals. Id. at 902–03. The company allegedly relied on referrals from Healthcare Consortium, a healthcare diagnostic organization, that would refer seniors to local in-home healthcare providers. Id. Management Principles allegedly paid this organization $90,000 for referrals and access to client data, and allegedly billed the federal government over $700,000 for services provided to clients referred by Healthcare Consortium. Id. at 903. Following a bench trial, the district court found that this scheme violated the AKS by paying to induce referrals for medical services. Id. at 904. The district court also found the defendants liable under the FCA for submitting claims for payments stemming from an unlawful referral arrangement. Id. The district court imposed a judgment of nearly $6,000,000, comprised of the sum of per-claim penalties of $5,500 per claim and treble the value of the Medicare claims at issue. Id. The defendants appealed, challenging causation and the award of damages and penalties, “arguing that it [was] constitutionally excessive under the Eighth Amendment and improperly divorced form the actual loss incurred by the government.” Id. at 906.

The Seventh Circuit held the “resulting from” language in the AKS means “at a minimum, every claim that forms the basis of FCA liability must be false by virtue of the fact that the claims are for services that were referred in violation of the Anti-Kickback Statute.” Id. at 908. The court explained that it was “not able to determine with confidence whether any of the services represented in the plaintiff’s loss spreadsheet were provided to patients lawfully referred to the defendants by the [Healthcare] Consortium.” Id. at 909. The court remanded the case back to the district court for the limited task of determining which claims, if any, were the result of a referral process outside the kickback scheme. Id. at 909–10. Thus, in doing so, the Seventh Circuit declined to weigh in conclusively on the proper causation standard for AKS-predicated FCA claims, id. at 909, leaving the Seventh Circuit without a definitive position on either side of the deepening circuit split on this issue, which we covered in our 2023 Mid-Year and End-Year Updates. In declining to take a position, however, the Seventh Circuit signaled that, if it does take a side in the debate, it is unlikely to hold that the existence of a kickback “taints” all subsequent claims for payment, regardless of any causal connection between the kickback and the claims. The court made clear that “[t]hat broad suggestion . . . is inconsistent with [the FCA’s] directive that a false claim must ‘result[] from’ an unlawful kickback.” Id. (second alteration in original). We will continue to closely monitor developments around this issue, including as the related Regeneron case in the First Circuit proceeds to oral argument this summer.

Additionally, the Seventh Circuit also addressed whether the nearly $6 million judgment was unconstitutionally excessive under the Eight Amendment. The court held that the judgment did not violate the Eighth Amendment’s Excessive Fines Clause, but that the district court still erred by calculating those damages based on Medicare claims that might not have been related to the kickback scheme. Id. at 906–07. The court explained that while the Seventh Circuit has not explicitly held whether the Excessive Fines Clause applies to civil penalties under the FCA, the judgment in this particular case would not violate the clause even if it were to apply. Id. The Seventh Circuit held that because the defendants established an extensive scheme that defrauded the government, exploited the private health information of seniors, and undermined the public’s faith in government programs, the judgment was not “grossly disproportional to the gravity of the defendant’s offense,” thereby passing Eighth Amendment scrutiny. Id..

C. The Sixth Circuit Holds Courts Can Require Plaintiffs Take All Reasonable Steps to Dismiss an FCA Suit, Including Seek Government Consent

A relator cannot unilaterally settle FCA claims without the government’s consent. See 31 U.S.C. § 3730 (requiring the government’s consent to any voluntary dismissal of a qui tam case). In State Farm Mut. Auto. Ins. Co. v. Angelo, the Sixth Circuit clarified what steps a court can require a party take to dismiss a FCA suit. 95 F.4th 419 (6th Cir. 2024).

After State Farm sued Michael Angelo, alleging RICO violations, the parties entered into a settlement agreement. Id. at 424. In the agreement, Angelo agreed to take “all steps necessary” to release claims against State Farm. Id. Before the agreement was signed, Angelo filed an FCA suit against State Farm. Id. Because qui tam suits are required to be filed under seal, State Farm was unaware of the case until after the RICO settlement agreement was signed and the complaint was unsealed and served on State Farm. Id. In the ensuing litigation over State Farm’s motion to dismiss the FCA claims, Angelo argued that he could not dismiss the claims because the FCA prohibits relators from dismissing qui tam cases without the government’s consent. Id. at 425. The district court granted State Farm’s motion, ordering Angelo to take all steps necessary to dismiss his FCA claims, including seeking the necessary government consent. Id.

On appeal, the Sixth Circuit upheld the district court’s orders enforcing the RICO settlement agreement. The court explained that while “the FCA statute demands government consent before a qui tam relator can dismiss an FCA claim[,]” the law does not “prevent[] a relator from seeking the required consent or prohibit[] a district court from ordering a relator to seek such consent.” Id. at 429–30 (emphasis in original). The Sixth Circuit rejected Angelo’s argument that under this interpretation, the settlement agreement violates the public policy rationale behind the FCA. Id. at 430. The court held that the “primary goals of the FCA are to incentivize private individuals to bring suit and to alert the government to potential fraud,” goals which the RICO settlement did not undermine. Id. Because Angelo had filed the FCA suit two years before the settlement was signed, both Angelo and the government had ample time to investigate the claims. Id. at 431. The court further explained that even if there had not been ample time, the government still had the opportunity to deny consent to dismiss or to file its own FCA claims, as it was not a party to the RICO settlement and thus was not bound by agreement requiring Angelo to take steps to effectuate dismissal of the qui tam case. Id. at 432.

D. The Second Circuit Clarifies When a Worker Engages in “Protected Activity”

The FCA prohibits retaliation against employees who report potential FCA violations. See 31 U.S.C. § 3730(h)(1). In Pilat v. Amedisys, Inc., workers claimed they were fired in retaliation for raising concerns about certain practices of Amedisys, a home health and hospice company. No. 23-566, 2024 WL 177990 (2d Cir. Jan. 17, 2024). The workers alleged that they disclosed to superiors that Amedisys falsely certified unqualified patients for home care, provided unnecessary and improper treatment, falsified time records, and manipulated patient records. Id. at *1. These schemes allegedly resulted in fraudulent bills to the government for reimbursement under the Medicare and Medicaid programs. Id. The workers alleged that after they expressed concerns over the unethical nature of these practices and their effects on the health of patients and refused to comply with instructions to carry out these practices, Amedisys fired them. Id. at *1–2. The district court held that the Plaintiffs did not have a valid retaliation claim since they did not “engage in protected activity under the statute.” Id. at *1. The court explained that the complaints were “more appropriately characterized as concerns about patient care[,]” and “did ‘not have anything to do with potential false claims.’” Id. at *9 (citing United States v. Amedisys, No. 17-CV-136, 2023 WL 2481144, at *9 (W.D.N.Y. Mar. 13, 2023)).

The Second Circuit reversed and explained that “relators engage in protected activity if they engage in ‘efforts to stop 1 or more violations of’ the FCA.” Pilat, 2024 WL 177990 at *2 (quoting 31 U.S.C. § 3730(h)(1)). Such efforts can include raising concerns to supervisors or refusing to engage in violative practices. Id. Because in this case the workers refused to comply with instructions to engage in conduct that would have violated the FCA, they made “efforts to stop 1 or more violations,” even if their main concern was the safety of patients. Id. The court further rejected the district court reasoning that the Plaintiffs only raised concerns of patient care, not fraud. Even if the complaints were based on concerns of patient care, the Plaintiffs still raised concerns that the amounts billed to the government did not match the actual time spent treating patients, a concern which clearly implicated potential fraud. Id.

E. The Second Circuit Affirms Heightened Scienter Under the Anti-Kickback Statute

While the FCA is a civil statute, DOJ and relators often allege that violations of the AKS—a criminal statute—are what made certain claims for payment false. The two statutes contain different scienter requirements. The FCA imposes liability on any person who “knowingly presents . . . a false or fraudulent claim [to the government] for payment or approval.” 31 U.S.C. § 3729(a)(1)(A). The FCA defines “knowingly” to mean that a person (1) “has actual knowledge of the information,” (2) “acts in deliberate ignorance of the truth or falsity of the information,” or (3) “acts in reckless disregard of the truth or falsity of the information,” and “require[s] no proof of a specific intent to defraud.” 31 U.S.C. § 3729(b)(1)(A-B). The Supreme Court recently clarified that the FCA’s “knowingly” standard refers to the defendant’s knowledge and subjective beliefs, not what an objectively reasonable person might have known or believed. United States ex rel. Schutte v. SuperValu Inc., 143 S. Ct. 1391, 1404 (2023). The AKS, on the other hand, imposes liability on any person who “knowingly and willfully makes or causes to be made any false statement or representation of a material fact in any application for any benefit or payment under a Federal health care program.” 42 U.S.C. § § 1320a–7b. In United States ex rel. Hart v. McKesson Corp., the Second Circuit affirmed a key decision interpreting the willfulness requirement in cases where an FCA violation is premised on a violation of the AKS. 96 F.4th 145 (2d Cir. 2024).

Plaintiffs alleged that Defendants operated an illegal kickback scheme in violation of the AKS and the FCA. Id. at 150. According to the complaint, McKesson offered business management tools for free to customers who agreed to solely purchase drugs from McKesson. Id. at 151–52. Plaintiffs alleged that this scheme violated the AKS and thus the FCA. Id. The district court granted McKesson’s motion to dismiss, holding that to act “willfully” as required by the AKS, “a defendant must act knowing that its conduct is, in some way, unlawful,” a standard Hart failed to plead. Id. at 150. The district court held that because the FCA claim was premised on the AKS claims alone, the defendant failed to plausibly allege an FCA claim. Id.

The Second Circuit affirmed and interpreted the AKS’s “willful” requirement to mean that “a defendant must act with a ‘bad purpose’” and “‘with knowledge that his conduct was unlawful.’” Id. at 157 (quoting Bryan v. United States, 524 U.S. 184, 191 (1998)). The court held that “to violate the AKS, a defendant must act knowing that his conduct is unlawful, even if the defendant is not aware that his conduct is unlawful under the AKS specifically.” Id. at 154 (citing Pfizer v. U.S. Dep’t of Health & Hum. Servs., 42 F.4th 67, 77 (2d Cir. 2022)). The court held that “a defendant’s knowledge of his general legal obligations is not enough if he does not also know that his actions violate those obligations,” id. at 158, and affirmed the dismissal of Hart’s claim for failure to plead willfulness adequately, id. at 157–59. Notably, the Second Circuit looked to the specific knowledge of individuals other than the relator when determining whether the Plaintiff adequately pleaded willfulness. Id. at 160–62 (rejecting relator’s argument that he sufficiently alleged scienter because he pleaded that he told a supervisor that he thought certain conduct violated company policies).

VI. Conclusion

We will monitor these developments, along with other FCA legislative activity, settlements, and jurisprudence throughout the year and report back in our 2024 False Claims Act Year-End Update, which we will publish in early 2025.

[1] These figures, and the summaries that follow, cover the period from January 1, 2024 through June 30, 2024 and focus on settlements valued at $2 million or more.

[2] See Press Release, U.S. Atty’s Office for the Dist. of Del., ChristianaCare Pays $42.5 Million To Resolve Health Care Fraud Allegations (Jan. 4, 2024), https://www.justice.gov/usao-de/pr/christianacare-pays-425-million-resolve-health-care-fraud-allegations-0.

[3] See Press Release, U.S. Atty’s Office for the Middle Dist. of Fl., Florida Research Hospital Agrees To Pay More Than $19.5 Million To Resolve Liability Relating To Self-Disclosure Of Improper Billing For Clinical Trial Costs (Jan. 4, 2024), https://www.justice.gov/usao-mdfl/pr/florida-research-hospital-agrees-pay-more-195-million-resolve-liability-relating-self.

[4] See Press Release, U.S. Atty’s Office for the Middle Dist. of Tenn., Memphis-Based Methodist Le Bonheur Healthcare and Methodist Healthcare-Memphis Hospitals Pay $7.25 Million to Settle Allegations that They Violated the False Claims Act (Jan. 4, 2024), https://www.justice.gov/usao-mdtn/pr/memphis-based-methodist-le-bonheur-healthcare-and-methodist-healthcare-memphis.

[5] See Press Release, Dep’t of Justice, Home Healthcare Company Agrees to Pay Nearly $10 Million to Resolve False Claims Act Allegations Relating to Its Participation in the Energy Employees Occupational Illness Compensation Program (Jan. 5, 2024), https://www.justice.gov/opa/pr/home-healthcare-company-agrees-pay-nearly-10-million-resolve-false-claims-act-allegations.

[6] See Press Release, Dep’t of Justice, New Jersey Laboratory and Its Owner and CEO Agree to Pay Over $13 Million to Settle Allegations of Kickbacks and Unnecessary Testing (Jan. 10, 2024), https://www.justice.gov/opa/pr/new-jersey-laboratory-and-its-owner-and-ceo-agree-pay-over-13-million-settle-allegations.

[7] See Press Release, U.S. Atty’s Office for the Dist. of N.J., New Jersey Hospital and Investors to Pay United States $30.6 Million for Alleged False Claims (Jan. 16, 2024), https://www.justice.gov/usao-nj/pr/new-jersey-hospital-and-investors-pay-united-states-306-million-alleged-false-claims#:~:text=Alleged%20False%20Claims-,New%20Jersey%20Hospital%20and%20Investors%20to%20Pay%20United,Million%20for%20Alleged%20False%20Claims&text=NEWARK%2C%20N.J.%20%E2%80%93%20A%20New%20Jersey,violations%2C%20U.S.%20Attorney%20Philip%20R.

[8] See Press Release, U.S. Atty’s Office for the Dist. of Idaho, AmeriHealth Clinics Consent to a $2 Million Judgment to Resolve Healthcare Fraud Allegations (Jan. 17, 2024), https://www.justice.gov/usao-id/pr/amerihealth-clinics-consent-2-million-judgment-resolve-healthcare-fraud-allegations.

[9] See Press Release, U.S. Atty’s Office for the Dist. of Pa., Current and Former Owners of Center City Philadelphia Pharmacy Agree to Pay Over $4.6 Million to Resolve Civil Investigations of Improper Medicare and Medicaid Billing (Jan. 23, 2024), https://www.justice.gov/usao-edpa/pr/current-and-former-owners-center-city-philadelphia-pharmacy-agree-pay-over-46-million.

[10] See Press Release, U.S. Atty’s Office for the Dist. of S.C., Durable Medical Equipment Companies to Pay Millions in False Claims Settlement (Jan. 26, 2024), https://www.justice.gov/usao-sc/pr/durable-medical-equipment-companies-pay-millions-false-claims-settlement.

[11] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Ky., Kentucky Lab Agrees to $4.9 Million Civil Judgment and Drug Treatment Center Enters Settlement to Pay $2.2 Million to Resolve False Claims Act Allegations (Jan. 30, 2024), https://www.justice.gov/usao-edky/pr/kentucky-lab-agrees-49-million-civil-judgment-and-drug-treatment-center-enters.

[12] See Press Release, U.S. Atty’s Office for the Mid. Dist. of Pa., Penn State Health Agrees To Pay More Than Eleven Million Dollars Following Its Voluntary Disclosure Of Improper Billings Related To Medicare Annual Wellness Visit Services (Feb. 7, 2024), https://www.justice.gov/usao-mdpa/pr/penn-state-health-agrees-pay-more-eleven-million-dollars-following-its-voluntary.

[13] See Press Release, U.S. Atty’s Office for the Southern Dist. of N.Y., U.S. Attorney Announces $25.5 Million Settlement With Durable Medical Equipment Supplier Lincare Inc. For Fraudulent Billing Practices (Feb. 15, 2024), https://www.justice.gov/usao-sdny/pr/us-attorney-announces-255-million-settlement-durable-medical-equipment-supplier.

[14] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Ky., Lexington Lab Agrees to $10.4 Million in Civil Judgments to Resolve False Claims Act Allegations; Owner and Lab Officer Sentenced to Prison (Feb. 16, 2024), https://www.justice.gov/usao-edky/pr/lexington-lab-agrees-104-million-civil-judgments-resolve-false-claims-act-allegations.

[15] See Press Release, U.S. Dep’t of Justice, Opioid Manufacturer Endo Health Solutions Inc. Agrees to Global Resolution of Criminal and Civil Investigations into Sales and Marketing of Branded Opioid Drug (Feb. 29, 2024), https://www.justice.gov/opa/pr/opioid-manufacturer-endo-health-solutions-inc-agrees-global-resolution-criminal-and-civil; Settlement Agreement, Endo Health Solutions Inc., https://content.govdelivery.com/attachments/USDOJOPA/2024/02/29/file_attachments/2799079/Endo%20Civil%20FCA%20Settlement%20Agmt%20%28Fully%20Executed%29.pdf.

[16] See Press Release, U.S. Atty’s Office for the Northern Dist. of Ga., Georgia Laboratory Owner Pleads Guilty to Felony Charge and Agrees to Pay $14.3 Million to Resolve False Claims Act Allegations (Feb. 28, 2024), https://www.justice.gov/usao-ndga/pr/georgia-laboratory-owner-pleads-guilty-felony-charge-and-agrees-pay-143-million; Settlement Agreement, U.S. Dep’t of Justice and Capstone Laboratories (Feb. 28, 2024), https://www.justice.gov/opa/media/1340321/dl?inline.

[17] See Press Release, U.S. Atty’s Office for the Eastern Dist. of N.Y., New York-Presbyterian/Brooklyn Methodist Hospital Settles Health Care Fraud Claims for $17.3 Million (Mar. 12, 2024), https://www.justice.gov/usao-edny/pr/new-york-presbyterianbrooklyn-methodist-hospital-settles-health-care-fraud-claims-173.

[18] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Pa., Generic Pharmaceuticals Manufacturer Pleads Guilty, Agrees to $1.5 Million Criminal Penalty for Distributing Adulterated Drugs and $2 Million to Resolve Civil Liability under the False Claims Act (Mar. 6, 2024), https://www.justice.gov/usao-edpa/pr/generic-pharmaceuticals-manufacturer-pleads-guilty-agrees-15-million-criminal-penalty.

[19] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Pa., Philadelphia Pharmacy Criminal Pleas and Civil Resolutions Result in Multiple Criminal Convictions and Over $4 Million Recovered (Mar. 20, 2024), https://www.justice.gov/usao-edpa/pr/philadelphia-pharmacy-criminal-pleas-and-civil-resolutions-result-multiple-criminal.

[20] See Press Release, U.S. Dep’t of Justice, Gamma Healthcare and Three of Its Owners Agree to Pay $13.6 Million for Allegedly Billing Medicare for Lab Tests That Were Not Ordered or Medically Necessary (Mar. 27, 2024), https://www.justice.gov/opa/pr/gamma-healthcare-and-three-its-owners-agree-pay-136-million-allegedly-billing-medicare-lab.

[21] See Press Release, U.S. Atty’s Office for the Southern Dist. of Ohio, Cincinnati healthcare staffing company agrees to pay $9.25 million to resolve visa fraud investigations (Mar. 25, 2024), https://www.justice.gov/usao-sdoh/pr/cincinnati-healthcare-staffing-company-agrees-pay-925-million-resolve-visa-fraud.

[22] See Press Release, U.S. Atty’s Office for the Southern Dist. of N.Y., U.S. Attorney Announces $3.1 Million False Claims Act Settlement With Radiology Company And Its CEO For Fraudulent Billing Practices (Mar. 28, 2024), https://www.justice.gov/usao-sdny/pr/us-attorney-announces-31-million-false-claims-act-settlement-radiology-company-and-its; Stipulation and Order of Settlement and Dismissal (Mar. 26, 2024), https://www.justice.gov/usao-sdny/media/1345696/dl.

[23] See Press Release, U.S. Atty’s Office for the Western Dist. of Tex., Oncology Practice, Physicians, and Reference Laboratory To Pay Over $4 Million to Settle False Claims Act Allegations (Apr. 2, 2024), https://www.justice.gov/usao-wdtx/pr/oncology-practice-physicians-and-reference-laboratory-pay-over-4-million-settle-false.

[24] See Press Release, U.S. Atty’s Office for the Central Dist. of Cal., San Gabriel Valley-Based Nursing Home Chain and Executives to Pay Over $7 Million to Settle COVID-Related False Claims Allegations (Apr. 26, 2024), https://www.justice.gov/usao-cdca/pr/san-gabriel-valley-based-nursing-home-chain-and-executives-pay-over-7-million-settle; Settlement Agreement, U.S. Dep’t of Justice and ReNew (Apr. 26, 2024), https://www.justice.gov/opa/media/1349866/dl?inline.

[25] See Press Release, U.S. Dep’t of Justice, Office of Public Affairs, Staffing Company to Pay $2.7M for Alleged Failure to Provide Adequate Cybersecurity for COVID-19 Contact Tracing Data (May 1, 2024), https://www.justice.gov/opa/pr/staffing-company-pay-27m-alleged-failure-provide-adequate-cybersecurity-covid-19-contact; Settlement Agreement, U.S. Dep’t of Justice and Insight Global (May 15, 2024), https://www.justice.gov/opa/media/1350311/dl?inline.

[26] See Press Release, U.S. Dep’t of Justice, Elara Caring Agrees to Pay $4.2 Million to Settle False Claims Act Allegations That It Billed Medicare for Ineligible Hospice Patients (May 1, 2024), https://www.justice.gov/opa/pr/elara-caring-agrees-pay-42-million-settle-false-claims-act-allegations-it-billed-medicare.

[27] See Press Release, U.S. Atty’s Office for the Dist. of N.J., Florida Businessman Daniel Hurt to Pay Over $27 Million for Medicare Fraud in Connection With Cancer Genomic Tests (May 24, 2024), https://www.justice.gov/usao-nj/pr/florida-businessman-daniel-hurt-pay-over-27-million-medicare-fraud-connection-cancer.

[28] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Mich., Local Physician and Practice Agree to Pay Over $2 Million to Settle False Claims Act Allegations (May 8, 2024), https://www.justice.gov/usao-edmi/pr/local-physician-and-practice-agree-pay-over-2-million-settle-false-claims-act/.

[29] See Press Release, U.S. Atty’s Office for the Dist. of Mass., Cape Cod Hospital to Pay $24.3 Million to Resolve Allegations That It Failed to Comply With Medicare Cardiac Procedure Rules (May 16, 2024), https://www.justice.gov/usao-ma/pr/cape-cod-hospital-pay-243-million-resolve-allegations-it-failed-comply-medicare-cardiac; Settlement Agreement, U.S. Dep’t of Justice and Cape Cod Hospital (May 16, 2024), https://www.justice.gov/usao-ma/media/1352226/dl.

[30] See Press Release, U.S. Atty’s Office for the Northern Dist. of Ohio, Cleveland Clinic to Pay Over $7 Million to Settle Allegations of Undisclosed Foreign Sources of Funding on NIH Grant Applications and Reports (May 17, 2024), https://www.justice.gov/usao-ndoh/pr/cleveland-clinic-pay-over-7-million-settle-allegations-undisclosed-foreign-sources.

[31] See Press Release, U.S. Atty’s Office for the Southern Dist. of N.Y., U.S. Attorney Announces $10.1 Million Settlement With Managed Long-Term Care Plan For Improper Receipt Of Medicaid Payments (May 23, 2024), https://www.justice.gov/usao-sdny/pr/us-attorney-announces-101-million-settlement-managed-long-term-care-plan-improper.

[32] See Press Release, Dept. of Justice, Office of Public Affairs, Medical Device Manufacturer Innovasis Inc. and Two Top Executives Agree to Pay $12M to Settle Allegations of Improper Payments to Physicians (May 29, 2024), https://www.justice.gov/opa/pr/medical-device-manufacturer-innovasis-inc-and-two-top-executives-agree-pay-12m-settle.

[33] See Press Release, U.S. Atty’s Office for the Middle Dist. of Fl., Chronic Disease Management Provider to Pay $14.9M to Resolve Alleged False Claims (June 5, 2024), https://www.justice.gov/usao-mdfl/pr/chronic-disease-management-provider-pay-149m-resolve-alleged-false-claims; Settlement Agreement, U.S. Dep’t of Justice and Bluestone National, LLC (June 5, 2024), https://www.justice.gov/opa/media/1354511/dl?inline=&utm_medium=email&utm_source=govdelivery.

[34] See Press Release, U.S. Atty’s Office for the Eastern Dist. of N.Y., Queens and Brooklyn-Based Eye Doctor Settles Health Care Fraud Claims for More Than $2.4 Million (June 6, 2024), https://www.justice.gov/usao-edny/pr/queens-and-brooklyn-based-eye-doctor-settles-health-care-fraud-claims-more-24-million.

[35] See Press Release, U.S. Atty’s Office for the Northern Dist. of Ill., Chicago Health Care Company and Its Former Owners To Pay Nearly $2 Million To Settle False Claims Act Lawsuit (June 18, 2024), https://www.justice.gov/usao-ndil/pr/chicago-health-care-company-and-its-former-owners-pay-nearly-2-million-settle-false; Settlement Agreement, U.S. Dep’t of Justice and KFM Holdings et al. (June 17, 2024), https://www.justice.gov/usao-ndil/media/1356316/dl?inline.

[36] See Press Release, U.S. Atty’s Office for the Southern Dist. Of Tex., Texas Medical Center Institutions Agree to Pay $15M Record Settlement Involving Concurrent Billing Claims for Critical Surgeries, https://www.justice.gov/usao-sdtx/pr/texas-medical-center-institutions-agree-pay-15m-record-settlement-involving-concurrent.

[37] See Press Release, U.S. Atty’s Office for the Southern Dist. of Tex., Hilcorp San Juan resolves False Claims Act claims for oil and natural gas royalty underpayments to the United States (Jan. 19, 2024), https://www.justice.gov/usao-sdtx/pr/hilcorp-san-juan-resolves-false-claims-act-claims-oil-and-natural-gas-royalty.

[38] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Mich., Federal Subcontractor Agrees to Pay $5 Million to Settle False Claims Act Allegations (Jan. 30, 2024), https://www.justice.gov/usao-edmi/pr/federal-subcontractor-agrees-pay-5-million-settle-false-claims-act-allegations.

[39] See Complaint, United States ex rel. The Arora Group, Inc. v. Planned Systems International, Inc., No. 1:21-cv-657 (May 28, 2021 E.D. Va.).

[40] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Va., Government Contractors Agree to Pay $3.9 Million to Resolve Claims of Misrepresenting Women-Owned Small Business Status (Jan. 30, 2024), https://www.justice.gov/usao-edva/pr/government-contractors-agree-pay-39-million-resolve-claims-misrepresenting-women-owned.

[41] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Va., Argus Information & Advisory Services agrees to pay $37M to settle allegations that it misused data obtained under government contracts (Mar. 12, 2024), https://www.justice.gov/usao-edva/pr/argus-information-advisory-services-agrees-pay-37m-settle-allegations-it-misused-data.

[42] See Press Release, U.S. Dep’t of Justice, Consolidated Nuclear Security Agrees to Pay $18.4 Million to Settle False Claims Act Allegations of Timecard Fraud (Apr. 23, 2024), https://www.justice.gov/opa/pr/consolidated-nuclear-security-agrees-pay-184-million-settle-false-claims-act-allegations; Settlement Agreement, Consolidated Nuclear Security, LLC (Apr. 22, 2024), https://www.justice.gov/opa/media/1349116/dl?inline.

[43] See Press Release, U.S. Atty’s Office for the Dist. of Vt. Galvion To Pay $2,495,000 To Resolve False Claims Act Allegations (June 6, 2024), https://www.justice.gov/usao-vt/pr/galvion-pay-2495000-resolve-false-claims-act-allegations.

[44] See Press Release, Dep’t of Justice, CityMD Agrees to Pay Over $12M for Alleged False Claims to the COVID-19 Uninsured Program (June 7, 2024), https://www.justice.gov/opa/pr/citymd-agrees-pay-over-12-million-alleged-false-claims-covid-19-uninsured-program.

[45] See Press Release, U.S. Atty’s Office for the Northern Dist. of N.Y., Consulting Companies to Pay $11.3 Million for Failing to Comply with Cybersecurity Requirements in Federally Funded Contract (June 17, 2024), https://www.justice.gov/usao-ndny/pr/consulting-companies-pay-113-million-failing-comply-cybersecurity-requirements.

[46] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Wis., Sikorsky Support Services, Inc. and Derco Aerospace, Inc. Agree to Pay $70 Million to Settle False Claims Act Allegations of Improper Markups on Spare Parts for Navy Trainer Aircraft (June 21, 2024), https://www.justice.gov/usao-edwi/pr/sikorsky-support-services-inc-and-derco-aerospace-inc-agree-pay-70-million-settle.

[47] See Press Release, U.S. Atty’s Office for the Western Dist. of Wash., Automobile accessory company Yakima Products Inc. settles allegations failed to pay duties on extruded aluminum from China (Jan. 31, 2024), https://www.justice.gov/usao-wdwa/pr/automobile-accessory-company-yakima-products-inc-settles-allegations-failed-pay-duties.

[48] See Press Release, U.S. Atty’s Office for the Dist. of Colo., Two Southeastern Colorado Farmers Sentenced to Federal Prison and Will Pay Over $6.5 Million for Defrauding Federal Crop Insurance Programs (Feb. 29, 2024), https://www.justice.gov/usao-co/pr/two-southeastern-colorado-farmers-sentenced-federal-prison-and-will-pay-over-65-million.

[49] See Press Release, U.S. Atty’s Office for the Dist. Of N.J., South Carolina Construction Company and Its Owner Settle Matter Alleging Receipt of Improper CARES Act Loans (Apr. 26, 2024), https://www.justice.gov/usao-nj/pr/south-carolina-construction-company-and-its-owner-settle-matter-alleging-receipt.

[50] See Press Release, U.S. Atty’s Office for the Dist. Of N.J., Owner of New Jersey Company Admits to Evading U.S. Customs Duties and His Company Agrees to $3.1 Million Settlement Agreement (Mar. 21, 2024), https://www.justice.gov/usao-nj/pr/owner-new-jersey-company-admits-evading-us-customs-duties-and-his-company-agrees-31; Information, U.S. v. George Volpe, available at https://www.justice.gov/usao-nj/media/1344671/dl?inline.

[51] See Press Release, U.S. Atty’s Office for the Dist. of D.C., Hahn Air Lines Agrees to Pay $26.8 Million to Resolve False Claims Act Liability for Its Alleged Failure to Pay Travel Fees Collected from Passengers (May 2, 2024), https://www.justice.gov/usao-dc/pr/hahn-air-lines-agrees-pay-268-million-resolve-false-claims-act-liability-its-alleged.

[52] See Press Release, U.S. Atty’s Office for the Dist. of Mass., Kabbage Agrees to Pay up to $120 Million to Resolve Allegations that it Defrauded the Paycheck Protection Program (May 13, 2024), https://www.justice.gov/usao-ma/pr/kabbage-agrees-pay-120-million-resolve-allegations-it-defrauded-paycheck-protection; Settlement Agreement, U.S. Dep’t of Justice and Kabbage, Inc. (May 13, 2024), https://www.justice.gov/usao-ma/media/1351711/dl; Settlement Agreement, U.S. Dep’t of Justice and Kabbage, Inc. (May 13, 2024), https://www.justice.gov/usao-ma/media/1351716/dl.

[53] See Press Release, U.S. Atty’s Office for the Southern Dist. of Cal., Nonprofit Organizations Pay Over $5.8 Million to Resolve Allegations of Fraudulently Obtaining Pandemic-Related Loans (June 12, 2024), https://www.justice.gov/usao-sdca/pr/nonprofit-organizations-pay-over-58-million-resolve-allegations-fraudulently-obtaining.

[54] See Press Release, U.S. Atty’s Office for the Southern Dist. of N.Y., U.S. Attorney Announces $4.6 Million False Claims Act Settlement With Restaurants, Fur Apparel Companies, And Their Owners And Managers For Submitting False Information To Obtain Paycheck Protection Program Loans (June 20, 2024), https://www.justice.gov/usao-sdny/pr/us-attorney-announces-46-million-false-claims-act-settlement-restaurants-fur-apparel.

[55] See Press Release, U.S. Dep’t of Justice, Deputy Attorney General Lisa O. Monaco Announces New Civil Cyber-Fraud Initiative (Oct. 6, 2021), https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-new-civil-cyber-fraud-initiative.

[56] See Speech, U.S. Dep’t of Justice, Principal Deputy Assistant Attorney General Brian M. Boynton Delivers Remarks at the 2024 Federal Bar Association’s Qui Tam Conference (Feb. 22, 2024), https://www.justice.gov/opa/speech/principal-deputy-assistant-attorney-general-brian-m-boynton-delivers-remarks-2024.

[57] See United States ex rel. Matthew Decker v. Pennsylvania State University, 22-cv-03895-PD (E.D. Pa. Oct. 5, 2022).

[58] See Centers for Medicare & Medicaid Servs., Calendar Year (CY) 2025 Medicare Physician Fee Schedule Proposed Rule (July 10, 2024), https://www.cms.gov/newsroom/fact-sheets/calendar-year-cy-2025-medicare-physician-fee-schedule-proposed-rule.

[59] See 42 U.S.C. § 1320a-7k(d); 31 U.S.C. § 3729(a)(1)(G).

[60] See 42 U.S.C. § 1320a-7k(d).

[61] See, e.g., 42 C.F.R. § 422.326(c) (Medicare Advantage rule); see also 42 C.F.R. § 401.305(a)(2) (Part A and B rule), 42 C.F.R. § 423.360(c) (Part D rule) (both similar).

[62] See Dep’t of Health & Hum. Servs., Centers for Medicare & Medicaid Servs., Proposed Rule RIN 0938-AV33, at 1169 (hereinafter “Proposed PFS Rule”).

[63] See id. at 1171–72; see also UnitedHealthcare Ins. Co. v. Azar, 330 F. Supp. 3d 173, 191 (D.D.C. 2018), rev’d in part on other grounds sub nom. UnitedHealthcare Ins. Co. v. Becerra, 16 F.4th 867 (D.C. Cir. 2021).

[64] See Medicare Program; Contract Year 2015 Policy and Technical Changes to the Medicare

Advantage and the Medicare Prescription Drug Benefit Programs, 79 Fed. Reg. 29,844, 29,923

(May 23, 2014).

[65] Proposed PFS Rule at 1173.

[66] Id.

[67] See Speech, U.S. Dep’t of Justice, Deputy Attorney General Lisa Monaco Delivers Keynote Remarks at the American Bar Association’s 39th National Institute on White Collar Crime (Mar. 7, 2024), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-keynote-remarks-american-bar-associations.

[68] Id.

[69] Id.

[70] See id.

[71] Id.

[72] See Blog Post, U.S. Dep’t of Justice, Criminal Division’s Voluntary Self-Disclosures Pilot Program for Individuals (Apr. 22, 2024), https://www.justice.gov/opa/blog/criminal-divisions-voluntary-self-disclosures-pilot-program-individuals; U.S. Dep’t of Justice, Criminal Division Pilot Program On Voluntary Self-Disclosures For Individuals, https://www.justice.gov/criminal/criminal-division-pilot-program-voluntary-self-disclosures-individuals; U.S. Dep’t of Justice, Voluntary Self Disclosures for Individuals Policy (April 15, 2024), https://www.justice.gov/criminal/media/1347991/dl?inline.

[73] See Speech, U.S. Dep’t of Justice, Deputy Attorney General Lisa Monaco Delivers Keynote Remarks at the American Bar Association’s 39th National Institute on White Collar Crime (Mar. 7, 2024), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-keynote-remarks-american-bar-associations

[74] 31 U.S.C. § 3730(d)(3).

[75] State False Claims Act Reviews, HHS-OIG, https://oig.hhs.gov/fraud/state-false-claims-act-reviews/ (last visited July 1, 2024) (FCA Reviews); 42 U.S.C. § 1396h(a).

The following Gibson Dunn lawyers prepared this update: Jonathan Phillips, Winston Chan, John Partridge, James Zelenay, Michael Dziuban, Chumma Tum, Alyse Ullery, José Madrid, Mary Aline Fertin, Hayley Lawrence, Azad Niroomand, Nicole Waddick, Erin Wall, and Sara Zamani.

Gibson Dunn lawyers regularly counsel clients on the False Claims Act issues and are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s False Claims Act/Qui Tam Defense practice group:

Washington, D.C.
Jonathan M. Phillips – Co-Chair (+1 202.887.3546, jphillips@gibsondunn.com)
Stuart F. Delery (+1 202.955.8515,sdelery@gibsondunn.com)
F. Joseph Warin (+1 202.887.3609, fwarin@gibsondunn.com)
Gustav W. Eyler (+1 202.955.8610, geyler@gibsondunn.com)
Lindsay M. Paulin (+1 202.887.3701, lpaulin@gibsondunn.com)
Geoffrey M. Sigler (+1 202.887.3752, gsigler@gibsondunn.com)
Joseph D. West (+1 202.955.8658, jwest@gibsondunn.com)

San Francisco
Winston Y. Chan – Co-Chair (+1 415.393.8362, wchan@gibsondunn.com)
Charles J. Stevens (+1 415.393.8391, cstevens@gibsondunn.com)

New York
Reed Brodsky (+1 212.351.5334, rbrodsky@gibsondunn.com)
Mylan Denerstein (+1 212.351.3850, mdenerstein@gibsondunn.com)
Alexander H. Southwell (+1 212.351.3981, asouthwell@gibsondunn.com)

Denver
John D.W. Partridge (+1 303.298.5931, jpartridge@gibsondunn.com)
Ryan T. Bergsieker (+1 303.298.5774, rbergsieker@gibsondunn.com)
Robert C. Blume (+1 303.298.5758, rblume@gibsondunn.com)
Monica K. Loseman (+1 303.298.5784, mloseman@gibsondunn.com)

Dallas
Andrew LeGrand (+1 214.698.3405, alegrand@gibsondunn.com)

Los Angeles
James L. Zelenay Jr. (+1 213.229.7449, jzelenay@gibsondunn.com)
Nicola T. Hanna (+1 213.229.7269, nhanna@gibsondunn.com)
Jeremy S. Smith (+1 213.229.7973, jssmith@gibsondunn.com)
Deborah L. Stein (+1 213.229.7164, dstein@gibsondunn.com)
Dhananjay S. Manthripragada (+1 213.229.7366, dmanthripragada@gibsondunn.com)

Palo Alto
Benjamin Wagner (+1 650.849.5395, bwagner@gibsondunn.com)

*Sara Zamani is an associate in the firm’s Denver office currently admitted to practice only in California.

We are pleased to provide you with Gibson Dunn’s Accounting Firm Quarterly Update for Q2 2024. The Update is available in .pdf format at the below link, and addresses news on the following topics that we hope are of interest to you:

PCAOB Undertakes Significant Standard-Setting and Rulemaking Projects
Supreme Court Issues Key Securities and Administrative Law Rulings
President Biden Vetoes Resolution Overturning SEC Crypto Accounting Guidance
Major Ruling in SEC Cybersecurity Case as SEC Clarifies Cyber Disclosure Obligations
SEC Permanently Suspends BF Borgers CPA PC and Grants Extension to Affected Registrants
Unanimous Fifth Circuit Panel Strikes Down SEC Private Funds Rule
European Parliament Adopts Corporate Sustainability Due Diligence Directive
PCAOB Staff Issues Spotlight Reports on Root Cause Analysis and Company Information
SEC Leaders Issue Regulation and Enforcement Statements
Other Recent SEC and PCAOB Enforcement and Regulatory Developments

Please let us know if there are topics that you would be interested in seeing covered in future editions of the Update.

Download Full Newsletter

Warmest regards,
Jim Farrell
Monica Loseman
Michael Scanlon

Chairs, Accounting Firm Advisory and Defense Practice Group, Gibson, Dunn & Crutcher LLP

In addition to the practice group chairs, this update was prepared by David Ware, Timothy Zimmerman, Benjamin Belair, Adrienne Tarver, and Monica Limeng Woolley.

Accounting Firm Advisory and Defense Group Chairs:

James J. Farrell – Co-Chair, New York (+1 212-351-5326, jfarrell@gibsondunn.com)

Monica K. Loseman – Co-Chair, Denver (+1 303-298-5784, mloseman@gibsondunn.com)

Michael Scanlon – Co-Chair, Washington, D.C.(+1 202-887-3668, mscanlon@gibsondunn.com)