Publications Archives

This update addresses several of the most pressing questions involving DOJ’s Whistleblower Pilot Program’s scope and functionality and offers strategies and considerations for navigating this new regime.

On August 1, 2024, the Department of Justice (DOJ) announced its new Corporate Whistleblower Awards Pilot Program (Pilot Program). As previewed by Deputy Attorney General Lisa Monaco earlier this year, longstanding whistleblower programs (such as those operated via the Securities and Exchange Commission, the Commodity Futures Trading Commission, the False Claims Act qui tam program, and the Financial Crimes Enforcement Network) have proven successful, but—from the standpoint of DOJ—have not addressed the full range of corporate and financial misconduct that DOJ seeks to prosecute. The Pilot Program is intended to fill those gaps.

In this update, we answer several of the most pressing questions involving the new Pilot Program’s scope and functionality, as well as offer strategies and considerations that existing and prospective clients should contemplate when navigating this new regime.

I. PILOT PROGRAM: HOW IT WORKS

What Is the Pilot Program?

The Pilot Program is a three-year initiative managed through DOJ Criminal Division’s Money Laundering and Asset Recovery Section (MLARS). The Pilot Program applies to individuals only,[1] with awards issued in DOJ’s sole discretion and funded from DOJ’s Asset Forfeiture Fund (DOJ’s Forfeiture Fund).[2] Awards are only available on forfeitures exceeding $1 million USD.

As will be explained in more detail below, the Pilot Program limits awards to misconduct involving specific offenses: including money laundering related crimes, both foreign and domestic corruption disputes, and health care fraud schemes involving non-governmental entities.[3] Whistleblowers cannot have meaningfully participated in the alleged criminal activity they seek to report, nor can whistleblowers relay information learned through their work as an internal auditor or compliance officer within a given corporation.[4]

Who Can Be a Whistleblower Under the Pilot Program?

Earlier this year, announcements about the Pilot Program had indicated that whistleblowers would be disqualified from receiving any recovery if they participated in any way in the alleged misconduct.[5] However, the now-operative version of the program makes clear that even those who “minimally” participate or are “least culpable” can still be eligible for an award.[6] Determining a whistleblower’s level of culpability is tied to definitions promulgated by the United States Sentencing Commission and will likely be subject to interpretive dispute in individual cases. For instance, we anticipate that purported whistleblowers (even ones who may be significant participants in the scheme) will try to argue that their level of culpability is only “minimal”—thereby positioning themselves as rightful recipients of the forfeited proceeds, or at least attempting to complicate DOJ’s decision making regarding whether to prosecute them individually.

The decision to allow awards to those with unclean hands will also expand the pool of individuals seeking to participate in the Pilot Program.

What Types of Information Must a Whistleblower Relay to Receive an Award?

Under the Pilot Program, individuals are required to provide “original information” to DOJ.[7] Such original information must be derived from the individual’s independent knowledge and must be information not previously known to prosecutors.[8] Importantly, this does not mean that a whistleblower must be the first individual to inform DOJ about alleged wrongdoing. DOJ may well be aware of the alleged misconduct, even to the point where the department already has initiated a criminal investigation. Instead, where a purported whistleblower’s information comes after DOJ has begun to investigate, a whistleblower will only qualify for a reward if DOJ determines that the intelligence is material in some aspect to the ongoing investigation, as well as if the specific information was previously unknown to the government.[9]

In addition to providing “original information,” a whistleblower will need to identify alleged misconduct concerning one of the four following subject areas. These include:

Violations by financial institutions related to money laundering schemes, anti-money laundering compliance violations (in violation of the Bank Secrecy Act), failures to register money transmitting businesses, and additional violations of fraud-related provisions.
Violations related to foreign corruption and bribery, as proscribed under the Foreign Corrupt Practices Act or the Foreign Extortion Prevention Act.
Violations of public corruption statutes—including actions by companies related to bribe payments or kickbacks remitted to covered public officials at both the local (i.e., Federal Program Bribery) and federal level.
Violations associated with federal health care offenses, with the information necessarily involving non-governmental benefit programs as opposed to allegations involving public ones.[10]

How Does the Pilot Program Interact with Other Whistleblower Programs?

Several of the Pilot Program’s subject matter areas overlap with those that are the focus of other federal whistleblower programs. For instance, as we discussed in a January 2021 client alert, the Treasury Department’s Financial Crimes Enforcement Network (or FinCEN), pursuant to the Anti-Money Laundering Act of 2020, provides for awards to whistleblowers who provide information about relevant money laundering violations—a key focus of the Pilot Program as well.[11] Similarly, the Securities and Exchange Commission (SEC) encourages tips regarding alleged bribery and improper payments to foreign officials—similarly tracking those areas of focus in the new Pilot Program.[12] A narrower pilot program recently launched in the Southern District of New York also focuses on soliciting information regarding a narrower set of federal corruption statutes.[13]

Other aspects of the Pilot Program’s covered subject areas (both for other corruption offenses and specific health care offenses) do not similarly overlap with existing federal whistleblower programs. Specifically, reporting instances of domestic public corruption against federal officials is not a current focus of the SEC’s program and reporting regarding health care offenses applies only to non-governmental entities under the Pilot Program, not the public programs covered by DOJ’s False Claims Act qui tam regime.

Whistleblowers will not be able to recover under the Pilot Program if they can recover under another award program (such as through submissions of similar misconduct to the SEC or FinCEN).[14] Nevertheless, the new Pilot Program is structured to incentivize whistleblowers to share their reports with multiple government agencies. As the Pilot Program specifies, “if an individual is unsure of whether they qualify for another U.S. government program or may qualify for … [the Pilot Program], they should submit information to both programs so that the Department can assess the information.”[15] Multiple federal agencies, including DOJ, stand to be apprised of the same alleged misconduct and could conceivably commence concurrent investigations, complicating the field that clients must navigate.

How Will Rewards Under Pilot Program Compare to Other Federal Whistleblower Programs?

Whistleblowers under the Pilot Program likely stand to gain less when compared to available recoveries under other whistleblower programs. Awards for the Pilot Program will be paid from DOJ’s Forfeiture Fund. Already, DOJ’s Forfeiture Fund averages approximately $1.8 billion in outlays per year, and the fund is typically used to (1) compensate victims and (2) pay for law enforcement expenses.[16] The Pilot Program maintains longstanding DOJ prioritization that victims must be paid first, with no award available for whistleblowers until victim compensation takes place.[17] Moreover, as currently structured, any awards paid under the Pilot Program must have been captured in an individual case, meaning that there will be no carryover from one matter to another and thus no freestanding whistleblower compensation fund that can be used to address shortfalls in the amounts that DOJ wishes to compensate a whistleblower. As a result of these and other limitations articulated in the program documents, we doubt that the awards available under the Pilot Program will come anywhere near the lucrative sums paid out by other programs, such as the SEC’s.

II. PILOT PROGRAM: KEY IMPACTS AND TAKEAWAYS FOR CORPORATIONS

The Pilot Program comes on the heels of other DOJ initiatives designed to incentivize corporations to collaborate with, and quickly convey alleged misconduct to, DOJ. A central example is the Corporate Enforcement and Voluntary Self-Disclosure Policy, which we summarized in a March 2023 client alert and incentivizes a corporation’s timely sharing of information to potentially earn presumptions from DOJ against charges for criminal conduct.[18] Given that individual whistleblowers can now earn financial rewards for disclosing similar information directly to DOJ, corporate clients may be unsure of how to address future compliance efforts and position themselves to consider voluntary self-disclosure and other well-deserved cooperation credits. In the remainder of this alert, we consider those questions and the broader implications for corporations that the Pilot Program poses.

Are Whistleblowers Required to Report Alleged Misconduct Through a Corporation’s Compliance Program Before Disclosing Information to DOJ?

No, the Pilot Program contains no specific requirement that whistleblowers first exhaust any internal reporting requirements before reporting information to DOJ. However, DOJ encourages whistleblowers to cooperate with their employers through use of existing internal compliance programs. For instance, the Pilot Program instructs whistleblowers that DOJ will consider whether to increase award amounts based on whether the individual first reported the misconduct through the corporation’s internal compliance program.[19] In turn, if a whistleblower deliberately withholds information from an employer corporation, such omissions stand to decrease the overall value of an informant’s reward as well.[20]

The details of how DOJ applies these factors to awards will be important. Without strong and explicit messaging to whistleblowers that they must first report matters through a corporation’s internal compliance program, DOJ risks undermining some of the very incentives the department previously put forth in the Corporate Enforcement and Voluntary Self-Disclosure Policy—specifically those regarding the benefits corporate entities stand to gain from developing robust compliance programs capable of investigating whistleblower complaints in the first instance.

The structure of the Pilot Program therefore creates an effective race to DOJ between the corporation and its whistleblower employee. This race is complicated because it is rare that any complaint is clear-cut—which means that a corporation is typically required to undertake substantial investigative efforts to ferret out the real gravamen of the complaint. It is not as obvious that individual whistleblowers are burdened by similar administrative requirements.

If Whistleblowers Relay Information to DOJ, Can Corporations Still Earn Criminal Declinations Under the Corporate Enforcement and Voluntary Self-Disclosure Program?

Yes. If a whistleblower makes an internal report to both the corporation and DOJ, the corporation can still qualify for a presumption of a declination. However, the corporation must self-report the conduct to DOJ within 120 days of receiving the whistleblower’s submission and must independently meet the other requirements for voluntary self-disclosure, including demonstrating to DOJ that the corporation exercised due diligence in identifying alleged problems and implementing appropriate remedial measures.[21]

A corporation will need to move relatively expeditiously to report the alleged misconduct in the requisite 120-day window.[22] And moving expeditiously to report alleged misconduct becomes even more important given that corporations are not eligible for a presumption of a declination if DOJ initiates contact before the corporate entity has the chance to disclose matters based on a whistleblower’s report.[23] Corporations should therefore begin to consider whether compliance updates are needed to streamline the consideration of reports and the analysis of voluntary disclosure, all without sacrificing a system’s overall thoroughness. The escalation processes within a company’s human resources, compliance, and legal departments will all be essential to assess. Gibson Dunn stands ready to assist in these efforts.

Will the Pilot Program Lead to More Government-Initiated Investigations of Corporations?

In general, we expect that the Pilot Program will increase the number of DOJ inquiries and investigations that a corporation will face. Employees, inspired by the promise of payment, may submit information to DOJ that would not (and should not) otherwise lead to government scrutiny absent the Pilot Program here. While we fully expect DOJ’s vetting processes to sift out meritless pursuits, corporations should brace for the possibility that increased tips will lead to increased government questions. To that end, corporations should continue to improve internal compliance systems and operate with a continued understanding that DOJ may soon request access to internal, potentially sensitive, information for investigative purposes.

Beyond inquiries from DOJ alone, we do expect that the Pilot Program—with its provision encouraging whistleblowers to submit information to a host of whistleblower programs in moments of doubt—will likely result in duplicate submissions to multiple agencies by whistleblowers. That DOJ will now be receiving information at the same time as other agencies with whistleblower programs could lead to increased coordination (or worse, competition) among agencies with overlapping enforcement authority—generating the need for corporations to engage in more complex decision-making to navigate multi-agency inquiries.

The Pilot Program may also present substantial challenges for corporations that have taken steps to impose zero tolerance disciplinary measures against employees who participate in any alleged wrongdoing. As currently crafted, the Pilot Program allows whistleblowers to reap rewards even where they participated, albeit minimally, in the underlying scheme.[24] However, any otherwise-appropriate termination decision taken by a corporation against such a whistleblower may run counter to the Pilot Program’s anti-retaliation provision—frustrating the chance that the corporation (though operating by objective standards and in good faith) would receive cooperation credit.[25]

III. CONCLUSION: CONSIDERATIONS FOR THE FUTURE

Though in its infancy, we expect the whistleblower bar to lobby Congress for certain changes to the Pilot Program. DOJ crafted the Pilot Program using language from a decades-old statute, 18 U.S.C. 524(c); and pursuant to that provision, DOJ maintains discretion over whether a whistleblower award is ultimately issued. That level of DOJ discretion stands in sharp contrast to FinCEN’s recently crafted whistleblower program—where the relative statutory provision mandated that officials pay tipsters.[26] That distinction may compel the whistleblower bar to lobby Congress for statutory amendments that similarly ensure that Pilot Program whistleblowers are assured of financial compensation in exchange for their proffered intelligence. Should that happen, we expect an even further potential increase in government inquiries and investigations—as the incentive to whistleblowers will become more assured.

As the Pilot Program continues to unfold, we will continue to monitor for relevant updates and report on steps that corporations should take to navigate the newfound program.

[1] Dep’t of Justice Corporate Whistleblower Awards Pilot Program (hereafter Pilot Program) § II.1.

[2] Id. § II.7.a.

[3] Id. § II.3.a-d.

[4] Id. § II.2.e.4.

[5] Dep’t of Justice: Office of Public Affairs, Deputy Attorney General Lisa Monaco Delivers Keynote Remarks at the American Bar Association’s 39th National Institute on White Collar Crime (Mar. 7, 2024), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-keynote-remarks-american-bar-associations.

[6] Pilot Program § III.3.b.i.

[7] Id. § II.2.

[8] Id. § II.2.a-b.

[9] Id. § II.2.c.

[10] Id. § II.3.a-d.

[11] Gibson Dunn: The Top 10 Takeaways for Financial Institutions From the Anti-Money Laundering Act of 2020 (Jan. 1, 2021), https://www.gibsondunn.com/wp-content/uploads/2021/01/the-top-10-takeaways-for-financial-institutions-from-the-anti-money-laundering-act-of-2020.pdf.

[12] U.S. Securities and Exchange Comm’n, Whistleblower Frequently Asked Questions, https://www.sec.gov/enforcement-litigation/whistleblower-program/whistleblower-frequently-asked-questions#faq-3.

[13] Southern District of New York, Whistleblower Pilot Program (Feb. 13, 2024), https://www.justice.gov/d9/2024-05/sdny_wb_policy_effective_2-13-24.pdf.

[14] Pilot Program § II.1.b.

[15] Id. § II.1.b.n.3.

[16] U.S. Dep’t of Justice: Asset Forfeiture Program, FY 2025 Performance Budget (Feb. 27, 2024), https://www.justice.gov/d9/2024-03/afp_fy_2025_pb_narrative_2.27.24_final_1.pdf.

[17] Pilot Program § III.2.c.

[18] U.S. Dep’t of Justice, Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy, https://www.justice.gov/criminal/criminal-fraud/file/1562831/dl.

[19] Pilot Program § III.3.a.iii.

[20] Id. § III.3.b.iii.

[21] U.S. Securities and Exchange Comm’n, Whistleblower Frequently Asked Questions, https://www.sec.gov/enforcement-litigation/whistleblower-program/whistleblower-frequently-asked-questions#faq-3.

[22] U.S. Dep’t of Justice: Criminal Division, Criminal Division Corporate Whistleblower Awards Pilot Program: Frequently Asked Questions (Aug. 1, 2024), https://www.justice.gov/criminal/criminal-division-corporate-whistleblower-awards-pilot-program.

[23] Id.

[24] Pilot Program § § III.3.b.i.

[25] Id. § IV.4.

[26] Gibson Dunn: The Top 10 Takeaways for Financial Institutions From the Anti-Money Laundering Act of 2020 (Jan. 1, 2021), https://www.gibsondunn.com/wp-content/uploads/2021/01/the-top-10-takeaways-for-financial-institutions-from-the-anti-money-laundering-act-of-2020.pdf.

The following Gibson Dunn lawyers prepared this update: M. Kendall Day, F. Joseph Warin, and Ben Schlichting.

Gibson Dunn has deep experience with issues relating to corporate compliance programs, investigations and enforcement actions. For assistance navigating white collar or regulatory enforcement issues, please contact the authors, the Gibson Dunn lawyer with whom you usually work, or any of the leaders and members of the firm’s White Collar Defense and Investigations practice group:

F. Joseph Warin – Washington, D.C. (+1 202.887.3609, [email protected])
M. Kendall Day – Washington, D.C. (+1 202.955.8220, [email protected])

Washington, D.C.
Stephanie Brooker (+1 202.887.3502, [email protected])
Courtney M. Brown (+1 202.955.8685, [email protected])
David P. Burns (+1 202.887.3786, [email protected])
John W.F. Chesley (+1 202.887.3788, [email protected])
Daniel P. Chung (+1 202.887.3729, [email protected])
Stuart F. Delery (+1 202.955.8515, [email protected])
Michael S. Diamant (+1 202.887.3604, [email protected])
Gustav W. Eyler (+1 202.955.8610, [email protected])
Melissa Farrar (+1 202.887.3579, [email protected])
Amy Feagles (+1 202.887.3699, [email protected])
Scott D. Hammond (+1 202.887.3684, [email protected])
George J. Hazel (+1 202.887.3674, [email protected])
Adam M. Smith (+1 202.887.3547, [email protected])
Patrick F. Stokes (+1 202.955.8504, [email protected])
Oleh Vretsona (+1 202.887.3779, [email protected])
David C. Ware (+1 202.887.3652, [email protected])
Ella Alves Capone (+1 202.887.3511, [email protected])
Lora Elizabeth MacDonald (+1 202.887.3738, [email protected])
Nicole Lee (+1 202.887.3717, [email protected])
Pedro G. Soto (+1 202.955.8661, [email protected])

New York
Zainab N. Ahmad (+1 212.351.2609, [email protected])
Reed Brodsky (+1 212.351.5334, [email protected])
Mylan L. Denerstein (+1 212.351.3850, [email protected])
Karin Portlock (+1 212.351.2666, [email protected])
Mark K. Schonfeld (+1 212.351.2433, [email protected])
Orin Snyder (+1 212.351.2400, [email protected])
Alexander H. Southwell (+1 212.351.3981, [email protected])

Dallas
David Woodcock (+1 214.698.3211, [email protected])

Denver
Ryan T. Bergsieker (+1 303.298.5774, [email protected])
Robert C. Blume (+1 303.298.5758, [email protected])
John D.W. Partridge (+1 303.298.5931, [email protected])

Houston
Gregg J. Costa (+1 346.718.6649, [email protected])

Los Angeles
Michael H. Dore (+1 213.229.7652, [email protected])
Michael M. Farhang (+1 213.229.7005, [email protected])
Diana M. Feinstein (+1 213.229.7351, [email protected])
Douglas Fuchs (+1 213.229.7605, [email protected])
Nicola T. Hanna (+1 213.229.7269, [email protected])
Poonam G. Kumar (+1 213.229.7554, [email protected])
Marcellus McRae (+1 213.229.7675, [email protected])
Eric D. Vandevelde (+1 213.229.7186, [email protected])
Debra Wong Yang (+1 213.229.7472, [email protected])

San Francisco
Winston Y. Chan (+1 415.393.8362, [email protected])
Charles J. Stevens (+1 415.393.8391, [email protected])

Palo Alto
Benjamin Wagner (+1 650.849.5395, [email protected])

London
Patrick Doris (+44 20 7071 4276, [email protected])
Sacha Harber-Kelly (+44 20 7071 4205, [email protected])
Michelle Kirschner (+44 20 7071 4212, [email protected])
Allan Neil (+44 20 7071 4296, [email protected])
Matthew Nunan (+44 20 7071 4201, [email protected])
Philip Rocher (+44 20 7071 4202, [email protected])

Paris
Benoît Fleury (+33 1 56 43 13 00, [email protected])
Bernard Grinspan (+33 1 56 43 13 00, [email protected])

Frankfurt
Finn Zeidler (+49 69 247 411 530, [email protected])

Munich
Kai Gesing (+49 89 189 33 285, [email protected])
Katharina Humphrey (+49 89 189 33 155, [email protected])
Benno Schwarz (+49 89 189 33 110, [email protected])

Hong Kong
Kelly Austin (+1 303.298.5980, [email protected])
Oliver D. Welch (+852 2214 3716, [email protected])

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Lee Crain, Grace Hart and Zach Edelman are the authors of “How 3rd Circ. Raised Bar For Constitutional Case Injunctions” [PDF] published by Law360 on August 2, 2024.

This update provides an overview of key class action-related developments during the second quarter of 2024 (April to June).

Table of Contents

Part I discusses a Ninth Circuit decision reversing class certification because individualized causation issues predominated;
Part II reviews recent decisions from the Third and Seventh Circuits dismissing putative class claims for lack of standing;
Part III covers a Ninth Circuit decision affirming class certification without assessing the admissibility of expert opinions, creating a conflict with prior Ninth Circuit decisions and the case law of other courts of appeals; and
Part IV highlights Supreme Court and Ninth Circuit decisions clarifying the scope of the FAA’s transportation-worker exemption.

I. The Ninth Circuit Reverses Class Certification Because Individualized Causation Issues Would Predominate

The Ninth Circuit’s decision in White v. Symetra Assigned Benefits Service Co., 104 F.4th 1182 (9th Cir. 2024), reversing class certification on predominance grounds, will prove useful in future class actions presenting causation issues or other elements requiring individualized inquiry.

The district court in White certified two nationwide classes of about 2,000 people who, after receiving structured settlement annuities to resolve their tort claims, chose “factoring” arrangements in which they exchanged the right to future payments for a discounted lump sum. 104 F.4th at 1185. These factoring agreements are subject to approval by a state court, which must find the agreement “in the payee’s ‘best interest.’” Id. at 1187. In bringing class claims, the plaintiffs alleged that the defendants unlawfully induced them to enter detrimental factoring agreements using unfair and deceptive business practices. Id. at 1192-93. The district court certified the classes, focusing on the “common, uniform marketing materials that the defendants used to solicit annuitants for factoring transactions.” Id. at 1190 (cleaned up).

On interlocutory review under Rule 23(f), the Ninth Circuit reversed class certification, holding that “individual issues of causation will predominate over common ones when evaluating whether defendants’ acts and omissions caused the plaintiffs to enter factoring transactions and incur their alleged injuries.” White, 104 F.4th at 1192. Determining whether the defendants’ conduct actually induced each class member to enter a factoring agreement would require examination of “the unique circumstances that led the annuitant to consider factoring, the details of each plaintiff’s one-on-one communications with the defendants, and the disclosures made to each plaintiff.” Id. at 1195. The court would also need to “consider the state court proceedings that … approved the factoring transactions as in the annuitants’ best interest,” which “were necessarily individualized to each annuitant, and … would also differ across states.” Id. The Ninth Circuit concluded that, “[g]iven the personalized nature of the factoring transactions and the accompanying state court review process, the causal chain” was “too individualized” to support a finding of predominance. Id. at 1195-96.

II. The Third and Seventh Circuits Toss State-Law Claims for Lack of Standing

In two decisions this quarter, Lewis v. GEICO, 98 F.4th 452 (3d Cir. 2024), and In re Recalled Abbott Infant Formula Products Liability Litigation, 97 F.4th 525 (7th Cir. 2024), the Third and Seventh Circuits addressed Article III standing in putative class actions in the wake of the Supreme Court’s landmark decision in TransUnion LLC v. Ramirez, 594 U.S. 413 (2021).

In Lewis, the plaintiffs sued GEICO for breach of their insurance policy, claiming that GEICO applied an improper downward adjustment in estimating the value of their totaled car. The district court certified a class, but the Third Circuit vacated with instructions to dismiss for lack of standing. 98 F.4th at 458, 461. The court explained that the plaintiffs could not rely on the downward adjustment alone because it was not the end of the valuation process—GEICO had applied the adjustment but then increased its valuation of the plaintiffs’ car, and then applied a further upward adjustment in negotiating with the plaintiffs. Id. at 460. The Third Circuit explained that “to ignore these later steps and treat the [downward] adjustment alone as a harm … would impermissibly divorce their standing to sue from any real-world financial injury.” Id. at 460. And the court emphasized that even if the downward adjustment the plaintiffs challenged were illegal, the plaintiffs could not rely on such a “‘bare procedural violation[], divorced from any concrete harm.’” Id. at 461.

In Recalled Abbott Infant Formula, the Seventh Circuit affirmed dismissal of a putative class action for lack of standing. 97 F.4th at 527. Following a recall of infant formula, the plaintiffs brought various state-law claims based on an alleged risk that the products were contaminated. Id. at 527-28. The plaintiffs asserted economic injury based on two theories: (1) they did not get the benefit of their bargain because the formula was at risk of contamination, and (2) they paid a premium for the formula that they would not have paid had they known of the risk. Id. at 528. On appeal, the Seventh Circuit rejected both theories of standing. It explained that the plaintiffs’ “alleged injury is hypothetical or conjectural” because, at the time they bought the formula, there was “no known risk of contamination and no loss of the benefit of the bargain or premium price paid,” and once the plaintiffs became aware of the risk, “they were told not to use the formula, and Abbott offered a refund.” Id. at 529. The plaintiffs’ alleged injury was also not particularized because “they do not allege that any of the products they purchased were contaminated” or that contamination was “sufficiently widespread” to plausibly affect the products they purchased. Id.

III. The Ninth Circuit Holds That District Courts May Rely on Evidence Without Assessing Its Admissibility at Class Certification

In Lytle v. Nutramax Laboratories, Inc., 99 F.4th 557 (9th Cir. 2024), the plaintiffs sought certification of a class of people who bought a product that was labeled (allegedly misleadingly) as promoting canine joint health. Id. at 566. In support of their bid for certification, they offered an expert who proposed a model that would use a survey to establish classwide damages. Id. at 567. But at the time of certification, the expert had neither executed the survey and calculated damages nor even collected the data and formulated the questions he would use in the survey. Id. at 567, 575, 577. The district court certified the class anyway, finding that the proposed-but-unexecuted model was an acceptable way to measure classwide damages in mislabeling cases and that it was unnecessary to actually complete the survey to establish that damages are “capable” of classwide resolution. Id. at 567.

The Ninth Circuit affirmed. It held that plaintiffs may rely on evidence that is not “in an admissible form” to support class certification, stating that admissibility goes merely to the evidence’s weight. Lytle, 99 F.4th at 570-71. It also held that plaintiffs need not prove that classwide damages exist to obtain certification, id. at 571, because even if some plaintiffs ultimately cannot recover and some can, these categories can be separated at a later stage, id. at 572. And it held that the district court need conduct only a “limited” Daubert analysis at the class certification stage if an expert’s model is not “fully developed.” Id. at 576-77.

The decision in Lytle conflicts with the Ninth Circuit’s prior decision in Olean Wholesale Grocery v. Bumble Bee Foods, 31 F.4th 651 (9th Cir. 2022) (en banc), in which the Circuit held en banc that plaintiffs “may use any admissible evidence” to satisfy their burden at class certification. Id. at 665 (emphasis added). And Lytle’s approval of a more limited Daubert analysis at class certification contradicts Olean’s holding that “defendants may challenge the reliability of an expert’s evidence under Daubert” when opposing class certification. Id. at 665 n.7.

The decision in Lytle also deepens a circuit split on the role of Daubert and admissibility at class certification. On one side, the Eighth Circuit permits a limited Daubert analysis for Rule 23 purposes, In re Zurn Pex Plumbing Prod. Liab. Litig., 644 F.3d 604, 611-14 (8th Cir. 2011), and the Sixth Circuit has endorsed the use of at least nonexpert evidence that may not be admissible, Lyngaas v. Curaden AG, 992 F.3d 412, 428-29 (6th Cir. 2021). On the other side, the Third, Fifth, and Seventh Circuits all require a full-bore Daubert analysis and finding of admissible evidence before a class can be certified. Prantil v. Arkema Inc., 986 F.3d 570, 575-76 (5th Cir. 2021); In re Blood Reagants Antitrust Litig., 783 F3d 183, 186-88 (3d Cir. 2015); Am. Honda Motor Co. v. Allen, 600 F.3d 813, 815-16 (7th Cir. 2010).

The defendants in Lytle petitioned for rehearing and rehearing en banc, and the Ninth Circuit ordered a response. The petition remains pending as of this update.

IV. The Supreme Court and the Ninth Circuit Elaborate on the FAA’s Transportation-Worker Exemption

Finally, the Supreme Court and Ninth Circuit issued decisions this quarter analyzing Section 1 of the Federal Arbitration Act, which exempts “contracts of employment of seamen, railroad employees, or any other class of workers engaged in foreign or interstate commerce” from the Act’s pro-arbitration mandate. 9 U.S.C. § 1.

The Supreme Court previously held that the Section 1 exemption applies only to transportation workers. Circuit City Stores, Inc. v. Adams, 532 U.S. 105, 119 (2001). In Bissonnette v. LePage Bakeries Park St., LLC, 601 U.S. 246 (2024), the Court granted certiorari to address whether, to invoke the exemption, a worker must be employed in the transportation industry. And the Court held that “[a] transportation worker need not work in the transportation industry to fall within the exemption.” Id. at 256. The circumstances of the worker, rather than the industry in which he or she works, determine whether the exemption applies. Id. at 252-56.

The Ninth Circuit also considered the transportation-worker exemption in Fli-Lo Falcon, LLC v. Amazon.com, Inc., 97 F.4th 1190 (9th Cir. 2024). The plaintiffs there were delivery businesses, not individuals. The Ninth Circuit rejected their invocation of the Section 1 exemption, holding that “no business entity is similar in nature to the actual human workers enumerated by the text of the transportation worker exemption.” Id. at 1196.

The following Gibson Dunn lawyers contributed to this update: Jessica Pearigen, Alex Ogren, Elizabeth Strassner, Matt Aidan Getz, Wesley Sze, Lauren Blas, Bradley Hamburger, Kahn Scolnick, and Christopher Chorba.

Gibson Dunn attorneys are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Class Actions, Litigation, or Appellate and Constitutional Law practice groups, or any of the following lawyers:

Theodore J. Boutrous, Jr. – Los Angeles (+1 213.229.7000, [email protected])

Christopher Chorba – Co-Chair, Class Actions Practice Group, Los Angeles (+1 213.229.7396, [email protected])

Theane Evangelis – Co-Chair, Litigation Practice Group, Los Angeles (+1 213.229.7726, [email protected])

Lauren R. Goldman – Co-Chair, Technology Litigation Practice Group, New York (+1 212.351.2375, [email protected])

Kahn A. Scolnick – Co-Chair, Class Actions Practice Group, Los Angeles (+1 213.229.7656, [email protected])

Bradley J. Hamburger – Los Angeles (+1 213.229.7658, [email protected])

Michael Holecek – Los Angeles (+1 213.229.7018, [email protected])

Lauren M. Blas – Los Angeles (+1 213.229.7503, [email protected])

We are pleased to provide you with the July 2024 edition of Gibson Dunn’s U.S. bank regulatory update. Feel free to reach out to us to discuss any of the below topics further.

KEY TAKEAWAYS

The intersection of banks and partners remains at the regulatory and supervisory forefront and the Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC) issued a Joint Statement and accompanying Request for Information discussing risks associated with bank-fintech partnerships.
The FDIC issued a new proposal on brokered deposits that would fundamentally reverse the 2020 final rule and impact a wide range of financial institutions, including banks, broker-dealers, registered investment advisers, fintechs and neobanks, as discussed in more detail here.
The FDIC issued a new proposal to expand its authority to approve transactions subject to the Change in Bank Control Act (CIBCA).
The U.S. Supreme Court overruled Chevron v. Natural Resources Defense Council,[1] a landmark decision that had required courts to defer to agencies’ reasonable interpretations of ambiguous statutory terms, as discussed in more detail here.
The FDIC published its final rule with respect to the resolution plan requirements for large banks,[2] declaring an effective date of October 1, 2024, and making certain changes from the proposed rule including the creation of a new category of regulatory feedback (“significant finding”) and modifications to the resolution plan submission cycle. Acting Comptroller Hsu expressed his support for the Final Rule.

DEEPER DIVES

Federal banking agencies continue to focus on bank-fintech partnerships with Joint Statement and Request for Information relating to banking-as-a-service (BaaS) arrangements. On July 25, 2024, the FRB, FDIC and OCC (collectively, the Agencies) issued a Joint Statement cautioning regulated institutions about the risks associated with arrangements with third parties to deliver bank deposit products and services. The Agencies highlighted the following as key areas of risk: (i) operational and compliance risks; (ii) challenges created by growth of the program; and (iii) end user confusion and misrepresentations with respect to deposit insurance coverage. The Agencies draw on existing law and guidance, including safety and soundness standards[3] and Interagency Guidance on Third-Party Risk Management to recommend strategies for combating the identified risks. The Agencies emphasize that “…[e]ffective board and senior management oversight is crucial to ensure a bank’s risk management practices are commensurate with the complexity, risk, size, and nature of the activity and relationship, both when the relationship commences and as it evolves over time.” Accompanying the Joint Statement was a Request for Information on Bank-Fintech Arrangements Involving Banking Products and Services Distributed to Consumers and Businesses, which expands on those risks identified in the Joint Statement and invites comment on, among other topics, (a) descriptions of bank-fintech partnerships; and (b) risk management practices in connection with such relationships.

Insights. The Agencies’ Joint Statement and Request for Information again signals the heightened regulatory and supervisory focus on BaaS arrangements, as well as future rulemakings and/or additional guidance. Regulated institutions are expected to take a much more active role with respect to third-party risk identification, management, and monitoring, especially when the third parties in question support the delivery of regulated financial products, such as deposit accounts. Financial institutions considering partnering with fintechs should, at a minimum, continue to focus on ensuring that their risk management infrastructure meets the expectations of the Agencies as described in the Joint Statement and related guidance.

FDIC issues Interpretive Rule and Request for Information reversing 2020 brokered deposit rules. On July 30, 2024, the FDIC issued a Notice of Proposed Rulemaking proposing changes to the brokered deposit rules set forth at 12 C.F.R. Parts 303 (Filing Procedures) and 337 (Unsafe and Unsound Banking Practices). The Proposed Rule would make changes to the “deposit broker” definition and related “primary purpose” exception to such definition,[4] as well as the notice and application processes associated therewith.[5] Specifically, the Proposed Rule would eliminate the exclusive deposit arrangement carveout[6] and enabling transaction designated business test exceptions[7] from the definition of “deposit broker”, revise the 25% test designated business exception[8] for a primary purpose exception to only be available to broker-dealers and investment advisors and only if less than 10% of the total assets of such entity is under management is placed at one or more insured depository institutions (IDIs), and require that only IDIs file notices and applications to the FDIC for primary purpose exceptions.

Insights. The fundamental changes to the 2020 brokered deposit rules coupled with the FDIC’s Request for Information on Deposits (Deposits RFI) reflect concerns within FDIC on how they currently oversee the risks associated with different types of deposits. While much more will be written on these topics, we believe the conflation of the risks related to certain types of uninsured deposits and the risks of brokered deposits is a central issue. We also continue to be concerned with the over-extension of the restrictions on brokered deposits, as set forth in section 29 of the FDI Act, to banks that are well-capitalized. There is little disagreement within the industry that banks that fail to remain well-capitalized should not be relying on brokered deposits for growth. However, the FDIC and other Agencies have leveraged the definition of brokered deposits for other purposes – essentially defining a very diverse set of deposits to be inherently risky and penalizing banks that accept such deposits – be it in the form of assessments or, for the larger banks, the calculation of the liquidity coverage ratio and the net stable funding ratio. Instead of over-hauling such a recent regulation, the FDIC should first receive and release information relating to the Deposits RFI so that both the FDIC and the industry can consider the actual risks associated with different types of deposits prior to considering any changes to the current rule.

FDIC proposes to expand its authority to review certain bank merger applications under the CIBCA. On July 30, 2024, the FDIC issued a Notice of Proposed Rulemaking to amend the FDIC’s regulations under the Change in Bank Control Act (CIBCA). The CIBCA generally provides that no person, acting directly or indirectly, may acquire control of an insured depository institution (IDI) unless the person has given the appropriate federal banking agency prior notice of the proposed transaction, and the agency has not disapproved the transaction. The FDIC’s CIBCA regulations currently specify eight transactions that are exempt from providing prior notice to the FDIC, including if the transaction to acquire control of the IDI’s holding company is subject to notice to the FRB. The proposed rule would remove such exemption.

Insights. The FDIC has demonstrated material differences between it and the other federal bank regulators in areas such as corporate governance and bank consolidation. Thus, the implications of introducing another regulatory agency into CIBCA notices could be substantial and impact future investor appetite.

Federal financial services regulatory agencies issue final rule to help on automated valuation models. On July 17, 2024, the FRB, FDIC, OCC, the National Credit Union Administration (NCUA), the Consumer Financial Protection Bureau (CFPB), and the Federal Housing Finance Agency issued a final rule pursuant to the Dodd-Frank Act, designed to help ensure the credibility and integrity of models used in valuations for certain mortgages secured by a consumer’s principal dwelling. In particular, the final rule implements quality control standards for automated valuation models (AVM) used by mortgage originators and secondary issuers in valuing the consumer’s dwelling. The final rule requires institutions that engage in certain transactions secured by a consumer’s principal dwelling to adopt certain policies, practices, and procedures designed to ensure a high level of confidence, protect against data manipulation, and avoid conflicts of interest.

Insights. Automated valuation models are being used with increasing frequency, driven by advances in database and modeling technologies. While advances in AVM technology and data availability have the potential to reduce costs and turnaround times of the property valuation process, AVMs present heightened technology and operational risks for mortgage originators and secondary issuers. In particular, adopters of AVMs should take appropriate steps to ensure the credibility and integrity of the valuation outputs generated by the model. Adopters must also understand the inputs used by the model to ensure compliance with applicable nondiscrimination laws.

Acting Comptroller Hsu discusses trends reshaping banking. On July 17, 2024, Acting Comptroller Hsu spoke at the Exchequer Club regarding long-term trends reshaping banking and how the OCC is uniquely positioned to address them. The three trends Hsu identified were: the growing number and size of large banks, the complexity of non-bank relationships, and how polarization is enabling greater fragmentation of the U.S. financial system.

Insights. Notably, Acting Comptroller Hsu’s remarks pointed to the concept of preemption as “critical” to both national banking and combatting what he referred to as a worrisome trend of fragmentation at the state and local levels. The preemption issue is especially timely in light of the Supreme Court’s recent decision in Cantero v. Bank of America (discussed in our previous Client Alert), in which the Supreme Court considered which legal standard courts should use in determining whether the National Bank Act preempts state banking laws. In Cantero, the Supreme Court ultimately rejected the categorical tests advanced by both parties, holding that lower courts must instead determine whether the challenged state law significantly interferes with the exercise by a national bank of its powers, based on a “nuanced comparative analysis” of the Court’s applicable opinions. In his remarks, Acting Comptroller Hsu acknowledged that the OCC will need to embrace and develop a more nuanced analysis in defense of preemption in light of the Cantero decision, and we expect the Supreme Court’s rejection of the categorical standards advanced in Cantero to yield more preemption litigation in the lower courts.

FRB and Arkansas State Bank Department issue cease and desist order against Evolve Bank. On June 11, 2024, the FRB and Arkansas State Bank Department issued a cease and desist order against Evolve Bank & Trust and its parent company Evolve Bancorp, Inc. following a number of identified deficiencies, including with respect to the bank’s fintech partnerships involving deposit account offerings and payment processing products. The Agencies found that the bank was engaged in unsafe and unsound practices as a result of “failing to have in place an effective risk management framework for those [fintech] partnerships.” As a result of the order, Evolve Bank is restricted from establishing new fintech partnership programs or offering new products or services to fintechs unless Evolve Bank obtains the prior approval of the FRB and Arkansas State Bank Department.

Insights. The order against Evolve Bank, as well as other recent bank enforcement actions,[9] reflects the increasing focus of bank regulators on partnerships between fintechs and regulated financial institutions. Regulated institutions seeking to engage in such partnerships are expected to establish robust risk management frameworks to identify and manage safety and soundness risks and should expect increased regulatory focus on such relationships and control processes during exams.

FDIC approves deposit insurance application and merger application for Thrivent Bank. On June 20, 2024, the FDIC approved the deposit insurance application of Thrivent Bank, a proposed Utah-chartered industrial loan bank, as well as the associated merger of Thrivent Federal Credit Union, a federally chartered credit union, with Thrivent Bank. In connection with the approval, Thrivent Financial Holdings, Inc. and Thrivent Financial for Lutherans are required to enter into Capital and Liquidity Maintenance Agreements and Parent Company Agreements with the FDIC.

Insights. The FDIC’s first approval of an industrial loan bank in four years signals a willingness to consider industrial loan companies, which can be an attractive route for other growth-focused nonbanks and fintechs looking to obtain bank licenses of their own without impeding the broader operations of the parent organization. However, the FDIC is expected to continue to require a degree of prudential regulation over the bank’s parent companies through the application of similar capital and liquidity requirements and other parent agreements designed to oblige such parents to serve as a source of financial strength for the bank.[10]

Remarks by Acting Comptroller Michael J. Hsu relating to the use and risks of AI tools in the financial system. On June 6, 2024, Acting Comptroller Hsu spoke at the 2024 Conference on Artificial Intelligence and Financial Stability hosted by the Financial Stability Oversight Council regarding the systemic risk implications of AI in financial markets, as well as challenges and potential solutions for the accountability challenge associated with AI. Specifically, Acting Comptroller Hsu emphasized the need to pause development of AI tools at certain key phases in order to develop controls to ensure responsible innovation and trust, highlighted key financial stability risks associated with AI’s use as a weapon, including AI-enabled fraud, cyberattacks, and disinformation, and advocated for shared responsibility frameworks to combat the unique accountability problems presented by AI.

Insights. Acting Comptroller Hsu’s speech reflects the OCC’s continued focus on the development of AI-enabled tools in financial services and the associated risks to the U.S. financial system. Clearly, explainability, accountability, fraud risk, risk management and controls are top of mind for the OCC. Citing to the OCC’s Supervisory Guidance on Model Risk Management, Hsu noted that the OCC “expects banks to use controls commensurate with ‘a bank’s risk exposures, its business activities, and the complexity and extent of its model use.’” Moreover, by advocating for the development of a shared responsibility framework with support from self-regulatory agencies and network membership, the OCC may be signaling its intention to offer limited direct guidance in the short-term on the topic of AI-development, instead choosing to rely on broader guidance on risk-based approaches to providing financial services and engaging with third parties.

Prepared remarks of CFPB Director Rohit Chopra on fraud in consumer payments. On July 9, 2024, Rohit Chopra, Director of the CFPB, delivered remarks on fraud in consumer payments, which touched on three current vectors of fraud perpetrated against U.S. households: (i) scams from large-scale scam compounds in Southeast Asia targeting Americans via text, messaging applications and social media; (ii) the increasingly-common microtargeting of individuals by using generative AI to impersonate others or by exploiting available personal data; and (iii) via vulnerabilities in new and old payment mechanisms.

Insights. Addressing frauds in consumer payments has been a priority for the CFPB since 2021, and Director Chopra’s remarks highlight some of the actions that the CFPB is taking. With regard to fraud involving the exploitation of personal data, the CFPB is actively working on rules that would prevent data brokers from abusing or misusing personal data. With regard to fraud involving the exploitation of payment mechanism vulnerabilities, the CFPB’s proposed rule on digital wallets and payment apps is an example of the efforts that the CFPB is undertaking to supervise widely used consumer apps.

OTHER NOTABLE ITEMS

Supreme Court overrules Chevron, sharply limiting judicial deference to administrative statutory interpretation. On June 28, 2024, the U.S. Supreme Court overruled Chevron v. Natural Resources Defense Council, a landmark decision that had required courts to defer to executive branch agencies’, including bank regulators’, reasonable interpretations of ambiguous statutory terms. The Court’s opinion is available here. For more information, please see our Client Alert.

FDIC publishes final rule on resolution requirements for large banks. On June 20, 2024, the FDIC approved the final rule relating to resolution planning for insured depository institutions with $50 billion or more in total assets. The final rule is largely consistent with the proposed rule issued by the FDIC in August of 2023. However, the final rule creates a new category of regulatory feedback (“significant finding”) which falls short of qualifying as a “material weakness,” emphasizing that the difference between the two “is one of degree of severity…[a significant finding] is not of the same level of impact and urgency as a material weakness.” In addition, the FDIC loosened the requirement applicable to nine depository institutions with assets greater than or equal to $50 billion and global systemically important bank (GSIB) parents that would have required frequent interim supplement submissions. The final rule provides that such supplements are not required in calendar years when resolution plans are submitted or affiliates submit Dodd-Frank Act resolution plans. The final rule becomes effective on October 1, 2024.

FDIC and FRB announce results of resolution plan review for largest and most complex banks. On June 21, 2024, the FDIC and FRB announced the results of their joint review of the July 2023 resolution plan submissions of the eight largest and most complex banks, highlighting “shortcomings” raising questions with respect to the feasibility of the plans submitted by four of those institutions. Each of the shortcomings noted by the Agencies related to process for modeling the unwinding of derivatives and trading positions during resolution. The FDIC and FRB requested that the banks simulate such positions using scenario inputs different from those used in their 2023 resolution plans in both fast and slow run time frames, with the goal being to understand whether the banks could generate accurate analyses under time pressure and different resolution scenarios. The FDIC and FRB further provided that the remedial actions required to address the identified shortcomings should be addressed in the next resolution plan submission due on July 1, 2025. The FDIC and FRB also requested that all 2025 resolution plan submissions address topics of contingency planning and obtaining foreign government actions required to execute the proposed resolution strategy.

Supreme Court holds the Seventh Amendment entitles a defendant to a jury trial when the SEC seeks civil penalties for securities fraud. On June 27, 2024, the U.S. Supreme Court held that the Seventh Amendment to the Constitution requires the SEC to sue in federal court, not in the agency’s in-house court, when the SEC seeks civil penalties for fraud. The Court’s decision could have broader implications for other agencies, including the FRB, FDIC, OCC, CFPB and others, and other theories of liability. The Court’s opinion is available here. For more information, please see our Client Alert.

FRB publishes 2024 stress test results. On June 27, 2024, the FRB published its 2024 stress test results analyzing whether large banks are sufficiently capitalized and able to continue lending in the event of a severe recession. The FRB examined 31 banks in connection with its 2024 stress test and concluded that all have sufficient capital to absorb almost $685 million in losses and continue lending despite the adverse economic conditions. Under the severely adverse scenario, CET1 capital ratios remained above regulatory minimums throughout the projection horizon. Compared to the 2023 stress test results, the FRB noted (i) greater projected credit card losses due to increased balances and higher delinquency rates; (ii) higher projected corporate losses due to riskier corporate credit portfolios; and (iii) lower levels of pre-provision net revenue offset losses as a result of a decline in noninterest net revenue. The FRB’s 2024 stress test results signal that the large U.S. financial institutions remain well-capitalized and well-positioned to weather an economic downturn.

CFPB proposes interpretive rule to ensure workers know the costs and fees of paycheck advance products. On July 18, 2024, the CFPB issued a notice of proposed interpretive rule clarifying when the Truth in Lending Act, and by extension Regulation Z, applies to providers of “earned wage” credit to consumers. The proposed rule provides that “[e]arned wage products provide consumers with ‘the right to defer payment of debt or to incur debt and defer its payment’ because they incur a ‘debt’ when they obtain money with an obligation to repay via an authorization to debit a bank account or using one or more payroll deductions…” This model is contrasted with the scenario where “…an employee pays wages, [and] no later act of repayment is required, by deduction or otherwise.” The CFPB goes on to criticize so-called “no-cost” models that rely on tipping features or accelerated delivery fees.

CFPB publishes supervisory highlights from recent examinations of auto and student loan servicing companies. On July 2, 2024, the CFPB published its supervisory highlights report identifying violations of law and consumer harm in the areas of auto and student loan servicing and debt collection, including credit card debt collections.

Agencies finalize interagency guidance on reconsiderations of value for residential real estate valuations. On July 18, 2024, CFPB, FRB, FDIC, OCC and NCUA issued final guidance addressing reconsiderations of value (ROVs) for residential real estate transactions (the ROV Guidance). The ROV Guidance advises on policies and procedures that financial institutions may implement to allow consumers to provide financial institutions with information that may not have been considered during an appraisal or if deficiencies are identified in the original appraisal.

[1] See Chevron, U.S.A., Inc. v. Nat. Res. Def. Council, Inc., 467 U.S. 837 (1984).

[2] See 12 C.F.R. § 360 (Resolution and Receivership Rules).

[3] See e.g., 12 C.F.R. Parts 30 (OCC’s Safety and Soundness Standards) and 364 (FDIC’s Standards for Safety and Soundness).

[4] See 12 C.F.R. § 337.6(a)(5).

[5] See 12 C.F.R. § 303.243.

[6] See 12 C.F.R. § 337.6(a)(5)(ii)-(iii).

[7] See 12 C.F.R. § 303.243(b)(3)(i)(B).

[8] See 12 C.F.R. § 303.243(b)(3)(i)(A).

[9] For example, on May 21, 2024 the FDIC entered into a Consent Order with Thread Bank following compliance failures by the bank, including in connection with its fintech partnerships to offer BaaS and loan-as-a-service (LaaS) services.

[10] Note that during the Board of Directors of the FDIC’s July 30, 2024 meeting, the Board considered amendments to Part 354 (Industrial Banks) that would, among other changes, (i) make a parent company of an industrial bank subject to Part 354 if there is a change of control at the parent company or a merger in which the parent company is a resultant entity; and (ii) provide the FDIC with regulatory authority to apply Part 354 in other situations where an industrial bank would become a subsidiary of a company that is not subject to Federal consolidated supervision. In effect, these entities would be “Covered Companies” and would assume any resulting obligations to serve as a source of financial strength for their industrial bank under 12 U.S.C. § 1831o-1.

The following Gibson Dunn lawyers contributed to this issue: Jason Cabral, Ro Spaziani, Zach Silvers, Karin Thrasher, and Nathan Marak.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work or any of the member of the Financial Institutions practice group:

Jason J. Cabral, New York (212.351.6267, [email protected])

Ro Spaziani, New York (212.351.6255, [email protected])

Stephanie L. Brooker, Washington, D.C. (202.887.3502, [email protected])

M. Kendall Day, Washington, D.C. (202.955.8220, [email protected])

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, [email protected])

Sara K. Weed, Washington, D.C. (202.955.8507, [email protected])

Ella Capone, Washington, D.C. (202.887.3511, [email protected])

Rachel Jackson, New York (212.351.6260, [email protected])

Chris R. Jones, Los Angeles (212.351.6260, [email protected])

Zack Silvers, Washington, D.C. (202.887.3774, [email protected])

Karin Thrasher, Washington, D.C. (202.887.3712, [email protected])

Turrieta v. Lyft, Inc., S271721 – Decided August 1, 2024

In a rare split decision, the California Supreme Court held 5–2 today that a plaintiff bringing a representative action under the California Labor Code Private Attorneys General Act (PAGA) does not have a right to intervene in another PAGA action involving overlapping claims or to object to a proposed settlement.

“[A]n aggrieved employee’s status as the State’s proxy in a PAGA action does not give that employee the right to seek intervention in the PAGA action of another employee, to move to vacate a judgment entered in the other employee’s action, or to require a court to receive and consider objections to a proposed settlement of that action.”

Justice Jenkins, writing for the majority

Background:

Under PAGA, an employee “aggrieved” by a violation of the Labor Code can bring an action seeking penalties “on behalf of himself or herself and other current or former employees.” Cal. Lab. Code, § 2699(a). When aggrieved employees bring representative PAGA claims, they act as the agents or proxies of the State, which is deemed the real party in interest.

In 2018, Tina Turrieta brought a PAGA action against Lyft, claiming that she and other drivers using Lyft’s platform were being misclassified as independent contractors. In 2019, Turrieta and Lyft mediated and ultimately agreed to settle the dispute for $15 million, with Lyft agreeing to pay more than $3 million to the State’s Labor & Workforce Development Agency (LWDA). As PAGA requires, the parties gave the LWDA notice of their settlement.

Brandon Olson had brought his own PAGA action against Lyft based on the same misclassification claim. When Turrieta moved for approval of the settlement, Olson moved to intervene in Turrieta’s action. The trial court denied Olson’s motion to intervene and approved the settlement, ruling that Olson lacked standing to intervene since the State was the real party in interest. The trial court likewise denied Olson’s later motion to vacate the resulting judgment. And the California Court of Appeal affirmed, holding that Olson had an insufficient stake in Turrieta’s action to either intervene in the case or challenge the judgment.

Issue Presented:

Does the plaintiff in a representative PAGA action have the right to intervene, object to a proposed settlement, or move to vacate a judgment in a related PAGA action presenting overlapping claims?

Court’s Holdings:

No. A PAGA plaintiff does not have a right to intervene in the ongoing PAGA action of another plaintiff asserting overlapping claims, object to a proposed settlement, or move to vacate a judgment in that action.

What It Means:

The Court’s opinion will create a race to settlement or judgment in PAGA actions that involve overlapping claims. The first representative action to reach a settlement or judgment will resolve overlapping claims, and PAGA plaintiffs in other actions will have no automatic right to intervene or to move to vacate the first-in-time judgment.
The Court expressly reserved the question whether the State itself, separate from the representative plaintiff, could object to a proposed settlement. It also emphasized that although courts are not required to consider objections to a proposed settlement by nonparties, they could choose to do so as a matter of discretion.
In future cases, attention will shift to procedural maneuvers other than intervention, including (i) the right of “plaintiffs in overlapping PAGA actions [to] seek[] consolidation or coordination” and (ii) outreach by other PAGA plaintiffs to the LWDA at the settlement-approval stage.
Dissenting, Justice Liu suggested that allowing intervention by other PAGA plaintiffs would help ensure that proposed PAGA settlements are fair. But the majority explained there are countervailing policy concerns that do not support a right to intervention—including the fact that counsel for other PAGA plaintiffs may use intervention to derail settlement so they can recover higher fees themselves.
Justices Kruger and Groban concurred and wrote separately to emphasize (i) that the opinion does not foreclose intervention by private plaintiffs “to vindicate their own personal interests, as employees who have been aggrieved”; and (ii) that courts have “a duty to ensure the fairness and soundness of any settlement of PAGA claims.”

The Court’s opinion is available here.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the California Supreme Court. Please feel free to contact the following practice group leaders:

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 [email protected]	Allyson N. Ho +1 214.698.3233 [email protected]	Julian W. Poon +1 213.229.7758 [email protected]
Lucas C. Townsend +1 202.887.3731 [email protected]	Bradley J. Hamburger +1 213.229.7658 [email protected]	Michael J. Holecek +1 213.229.7018 [email protected]

Related Practice: Labor and Employment

Jason C. Schwartz
+1 202.955.8242
[email protected]

Katherine V.A. Smith
+1 213.229.7107
[email protected]

Michele L. Maryott
+1 949.451.3945
[email protected]

Related Practice: Litigation

Theodore J. Boutrous, Jr.
+1 213.229.7804
[email protected]

Theane Evangelis
+1 213.229.7726
[email protected]

This alert was prepared by Bradley J. Hamburger, Daniel R. Adler, Ryan Azad, and Matt Aidan Getz.

Gibson Dunn’s U.S. Supreme Court Round-Up provides summaries of cases decided during the October 2023 Term, a preview of cases set to be argued next Term, and highlights other key developments on the Court’s docket. During the October 2023 Term, the Court heard 61 oral arguments and released 59 opinions. The Court has granted 28 petitions thus far for the October 2024 Term.

Spearheaded by Miguel Estrada, the U.S. Supreme Court Round-Up keeps clients apprised of the Court’s most recent actions. The Round-Up previews cases scheduled for argument, tracks the actions of the Office of the Solicitor General, and recaps recent opinions. The Round-Up provides a concise, substantive analysis of the Court’s actions. Its easy-to-use format allows the reader to identify what is on the Court’s docket at any given time, and to see what issues the Court will be taking up next. The Round-Up is the ideal resource for busy practitioners seeking an in-depth, timely, and objective report on the Court’s actions.

View the Round-Up Here

Gibson Dunn has a longstanding, high-profile presence before the Supreme Court of the United States, appearing numerous times in the past decade in a variety of cases. Fifteen current Gibson Dunn lawyers have argued before the Supreme Court, and during the Court’s eight most recent Terms, the firm has argued a total of 21 cases, including closely watched cases with far-reaching significance in the areas of intellectual property, securities, separation of powers, and federalism. Moreover, although the grant rate for petitions for certiorari is below 1%, Gibson Dunn’s petitions have captured the Court’s attention: Gibson Dunn has persuaded the Court to grant 39 petitions for certiorari since 2006.

* * * *

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the U.S. Supreme Court. Please feel free to contact the following attorneys in the firm’s Washington, D.C. office, or any member of the Appellate and Constitutional Law Practice Group.

Miguel A. Estrada (+1 202.955.8257, [email protected])
Katherine Moran Meeks (+1 202.955.8258, [email protected])
Jessica L. Wagner (+1 202.955.8652, [email protected])
Reed Sawyers (+1 202.777.9412, [email protected])

Vidal v. Elster, No. 22-704 – Decided June 13, 2024

Today, the Supreme Court held that the Lanham Act’s prohibition on registration of trademarks that include a living person’s name without that person’s consent does not violate the First Amendment.

“We conclude that a tradition of restricting the trademarking of names has coexisted with the First Amendment, and the names clause fits within that tradition.”

Justice Thomas, writing for the Court

Background:

The Lanham Act establishes certain statutory requirements for trademark registration. One requirement is the Act’s “names clause”—no trademark may include “a name, portrait, or signature identifying a particular living individual except by his written consent.” 15 U.S.C. § 1052(c). In 2018, Steve Elster applied to register the mark “Trump too small,” a reference to then-President Donald J. Trump. The U.S. Patent and Trademark Office denied his request because he had not obtained written consent from President Trump.

Elster appealed, and the Federal Circuit reversed, holding that the names clause violated Elster’s right to free speech under the First Amendment. The Federal Circuit explained that the names clause is a content-based restriction, which is subject to heightened scrutiny under the First Amendment. And it held that the names clause does not satisfy heightened scrutiny here because there is no government interest in restricting speech critical of government officials in the trademark context.

Issue:

Whether the refusal to register a mark under the names clause violates the Free Speech Clause of the First Amendment when the mark contains criticism of a government official or public figure.

Court’s Holding:

No. The names clause does not violate the First Amendment because, while it is content based, it is viewpoint neutral and fits within historical tradition.

What It Means:

The Court underscored that today’s decision is “narrow” because it holds “only that history and tradition establish that the particular restriction before [the Court] . . . does not violate the First Amendment.” Other content-based trademark requirements that lack a similarly well-established history and tradition may still be vulnerable to First Amendment challenges.
Although the Court’s judgment was unanimous, the fractured opinions demonstrate the Court’s disagreement about how to assess the constitutionality of content-based trademark registration requirements. The majority focused on history and tradition. Justice Barrett in a separate opinion (joined by Justice Kagan in full and by Justices Sotomayor and Jackson in part) expressed the view that content-based restrictions should be upheld “so long as they are reasonable in light of the trademark system’s purpose of facilitating source identification.” Justice Sotomayor in a concurring opinion (joined by Justices Kagan and Jackson) said the Court should look to the “well-trodden terrain” of “trademark law and settled First Amendment precedent.”
Today’s ruling distinguished other recent Supreme Court decisions holding that restrictions on trademark registrations do violate the First Amendment when they discriminate based on viewpoint. See Matal v. Tam, 582 U.S. 218 (2017) (disparaging marks) and Iancu v. Brunetti, 588 U.S. 388 (2019) (immoral or scandalous marks). In contrast to those precedents, the Court held that a uniform rule against registering trademarks that include personal names without consent does not single out a trademark based on the specific motivating ideology or the opinion or perspective of the speaker.

The Court’s opinion is available here.

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 [email protected]	Allyson N. Ho +1 214.698.3233 [email protected]	Julian W. Poon +1 213.229.7758 [email protected]
Lucas C. Townsend +1 202.887.3731 [email protected]	Bradley J. Hamburger +1 213.229.7658 [email protected]	Brad G. Hubbard +1 214.698.3326 [email protected]

Related Practice: Intellectual Property

Kate Dominguez +1 212.351.2338 [email protected]	Y. Ernest Hsin +1 415.393.8224 [email protected]	Josh Krevitt +1 212.351.4000 [email protected]
Jane M. Love, Ph.D. +1 212.351.3922 [email protected]	Howard S. Hogan +1 202.887.3640 [email protected]	Ilissa Samplin +1 213.229.7354 [email protected]

This alert was prepared by associates Daniel Adler and Jason Muehlhoff.

Gibson Dunn’s Workplace DEI Task Force aims to help our clients develop creative, practical, and lawful approaches to accomplish their DEI objectives following the Supreme Court’s decision in SFFA v. Harvard. Prior issues of our DEI Task Force Update can be found in our DEI Resource Center. Should you have questions about developments in this space or about your own DEI programs, please do not hesitate to reach out to any member of our DEI Task Force or the authors of this Update (listed below).

Key Developments:

The Northern District of Florida entered a permanent injunction on July 30 prohibiting the enforcement of Florida’s Stop WOKE Act, in Honeyfund.com Inc. v. DeSantis et al., No. 4:22-cv-00227 (N.D. FL. 2022). Among other things, the Stop WOKE Act would have prohibited employers from requiring employees to participate in trainings that identify certain groups of people as “privileged” or “oppressors.” The order follows an opinion from the Eleventh Circuit holding that the law constituted both content and viewpoint discrimination that did not survive strict scrutiny.

On July 23, Robby Starbuck, a conservative activist and social media personality, continued his attacks on corporate DEI initiatives by targeting Harley-Davidson. Starbuck posted a video on X claiming that the company has “gone totally woke,” and criticizing Harley-Davidson’s sponsorship of LGBTQ+ pride events and implementation of various DEI trainings. Starbuck encouraged his viewers to complain directly to Harley-Davidson about its policies and asked them to “use [their] voices and wallets to vote [their] values.”

On July 18, Do No Harm filed a complaint with the EEOC requesting that it investigate the Alliance for Regenerative Medicine (ARM) for allegedly operating a racially discriminatory internship program in violation of Title VII. Do No Harm alleged that ARM’s GROW RegenMed Internship Program violates Title VII because it is only open to individuals who “identify as Black/African American.” Do No Harm also challenged the program’s stated goal of increasing representation of Black employees and executives at ARM member organizations. Do No Harm complained that at least one of its members who is otherwise eligible for the internship program cannot apply because he is white and that the program’s hiring criteria unlawfully discriminate based on race.

On July 15, 2024, the Equal Protection Project (EPP) filed a complaint with the Office for Civil Rights (OCR) of the U.S. Department of Education against Indiana University (IU). The complaint alleged that IU administers several race-based scholarships that discriminate on the basis of race, color, and national origin, in violation of Title VI and the Equal Protection Clause of the Fourteenth Amendment. The EPP cites to 19 scholarships for the Kelley School of Business, the IU Indianapolis campus, and the McKinney School of Law that are intended for underrepresented minority students. The complaint requests that the OCR open an expedited and formal investigation into IU’s scholarship practices and impose remedial relief for those who have been excluded from applying for the University’s allegedly discriminatory scholarships.

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

Bloomberg Law, “Frustrated DEI Officers Risk Tackling Workplace Bias in Court” (July 17): Writing for Bloomberg Law, Khorri Atkinson highlights a complaint filed against Armstrong Teasdale LLP earlier this month by its former vice president of DEI, who is alleging race and sex discrimination in violation of Title VII. The plaintiff claims that Armstrong Teasdale withheld resources necessary for her to perform her job and subjected Black lawyers to a hostile work environment. Atkinson notes that other companies, including Morgan Stanley and United Airlines, have faced similar lawsuits from their DEI professionals, and says that the cases highlight that some DEI managers feel that they lack power, financial resources, and access to top executives, which Atkinson says “undermin[es] companies’ commitments to addressing inequality.”
USA Today, “DEI efforts may be under attack, but companies aren’t retreating from commitments” (July 17): USA Today’s Jessica Guynn reports on companies’ responses to the recent string of attacks on DEI initiatives by “anti-woke” conservative groups. While most companies have remained steadfast in their commitment to DEI, Guynn observes that some have responded to the criticism by pulling back on their DEI commitments, with “some even list[ing] diversity, equity and inclusion as a ‘risk factor’ in regulatory filings.” Joelle Emerson, co-founder and CEO of diversity strategy and consulting firm Paradigm, said that “most companies are continuing their [DEI] work, just less vocally.” Despite the recent criticism, Guynn says that DEI in corporate America is more important than it’s ever been, as leadership in the nation’s largest companies is still “predominantly white and male.”
Law.com, “Companies Deluged With Anti-ESG Shareholder Proposals” (July 18): Law.com’s Chris O’Malley reports on new data from consulting company Georgeson examining the sharp rise of anti-environmental, social and governance (ESG) proposals put to shareholder votes this year. According to O’Malley, ESG has become a “fractious issue” for many companies due to the abundance of conservative pushback on causes like diversity and LGBTQ+ rights. The Georgeson report identified 112 anti-ESG proposals between July 1, 2023 and May 17, 2024—up 19% from last year and nearly double the number of proposals from two years ago. Of these 112 anti-ESG proposals, 70% covered social matters, “such as the risks of championing racial- and gender-equality efforts.” O’Malley also highlighted some recent efforts by anti-ESG proponents, including the National Legal and Policy Center (NLPC)’s anti-ESG proposal to Mondelez International targeting Mondelez’s decision to pledge $500,000 to a pro-LGBTQ group. While Mondelez received strong support from its shareholders and ultimately maintained its pledge, NLPC said its efforts still reached the company’s decisionmakers, claiming that Mondelez “throttled back on its Pride marketing toward children” following NLPC’s proposal.
The Wall Street Journal, “Deere Slashes Diversity Initiatives After Backlash From Conservative Activist” (July 18): The Wall Street Journal’s Victoria Albert and Bob Tita report on John Deere & Co’s recent decision to dial back its diversity initiatives following scrutiny from Robby Starbuck. Starbuck’s campaign against John Deere consisted of a series of social media posts and videos challenging Deere’s “woke” company initiatives. Albert and Tita write that Deere is no stranger to taking up political causes, noting that the company’s founder was an outspoken abolitionist and a staunch supporter of civil rights and the integration movement, as well as various environmental causes. Still, the company maintains that its decision to deprioritize its DEI initiatives will best serve its customers and employees and is simply an opportunity to prove it is “always listening to feedback and looking for opportunities to improve.” Albert and Tita note that the National Black Farmers Association called for a boycott of Deere products and the immediate resignation of CEO John May in response to what the group called “the company’s ‘wrong direction’ on diversity and inclusion.”
Law360, “4 Lessons As 7th Circ. OKs Honeywell Firing Of DEI Protester” (July 19): Writing for Law360, Vin Gurrieri examines a recent decision from the U.S. Court of Appeals for the Seventh Circuit, Charles Vavra v. Honeywell International, Inc. Vavra alleged that Honeywell violated Title VII of the Civil Rights Act of 1964 when it fired him in retaliation for protesting “company-mandated unconscious bias training and other DEI-related communications that he believed discriminated against white workers.” The Seventh Circuit upheld the United States District Court for the Northern District of Illinois’s ruling granting summary judgment to Honeywell on Vavra’s claims, focusing on the fact that Vavra never viewed or participated in the training programs. Gurrieri discussed some takeaways from the Seventh Circuit’s decision, including cautioning that employers should not interpret the decision as a wholesale endorsement of implicit bias trainings. According to Gurrieri, the court simply made clear that a plaintiff must experience the training or at least know its contents to sustain a lawsuit. In addition, Gurrieri advised employers and DEI supporters alike to take note of the EEOC’s supportive stance on antidiscrimination trainings, as the agency submitted an amicus brief highlighting that courts have repeatedly “rejected the theory that antidiscrimination trainings categorically violate Title VII.”
The Wall Street Journal, “When Companies Speak Out on Hot Political Issues, They Often Get It Wrong” (July 23): Writing for The Wall Street Journal, Aviva Phillip-Muller of Simon Fraser University’s Beedie School of Business and Joseph Siev of University of Virginia’s Darden School of Business discuss corporate challenges in navigating discussions of political issues. The authors note that companies are often left with no choice but to respond to political events—such as the Black Lives Matter or #MeToo movements—because of consumer expectations. Phillip-Muller and Siev say that companies often make the mistake of trying to support both sides of an issue in an attempt to “please everyone—and offend no one.” The authors’ report finds that companies’ ambivalence on hot-button topics often results in “reduced respect from those who agreed with them while providing no benefit to those who disagreed.” Phillip-Muller and Siev conclude that the best path for some issues may be for companies to refrain from weighing in at all.
The Wall Street Journal, “Merit, Excellence and Intelligence: An Anti-DEI Approach Catches On” (July 24): The Wall Street Journal’s Callum Borchers discusses the rise of a new framework, Merit, Excellence and Intelligence (“MEI”), meant to serve as a counter to DEI. Alexander Wang, Chief Executive at Scale AI, helped popularize the term, which he says “means hiring the best candidates for open roles without considering demographics.” MEI has found support among some business leaders, including Coinbase CEO Brian Armstrong and Sequoia Capital partner Shaun Maguire. Borchers views its rise as a direct response to “frustration with corporate diversity initiatives.” Borchers says that MEI and DEI share a common root—the belief that unconscious bias taints hiring. But to MEI proponents, “hidden biases are problematic because they can lead to bad hires, not because they can produce a nondiverse workforce.” Human Resources professionals remain skeptical of MEI, noting that it pushes the needle away from equity. If nothing else, Borchers explains, DEI initiatives force companies to ensure there is company-wide attention to biases that may end up hurting certain types of applicants. According to Borchers, should MEI become the dominant framework, harmful biases in hiring may become prominent once again.

Case Updates:

Below is a list of updates in new and pending cases:

1. Contracting claims under Section 1981, the U.S. Constitution, and other statutes:

Californians for Equal Rights Foundation v. City of San Diego, No. 3:24-cv-00484 (S.D. Cal. 2024): On March 12, 2024, the Californians for Equal Rights Foundation filed a complaint on behalf of members who are “ready, willing and able” to purchase a home in San Diego, but are ineligible for a grant or loan under the City’s BIPOC First-Time Homebuyer Program. Plaintiffs allege that the program discriminates on the basis of race in violation of the Equal Protection Clause. On June 18, 2024, the City of San Diego and the Housing Authority of the City of San Diego filed a motion for judgment on the pleadings, arguing that the complaint does not include any allegations against it, and instead alleges a “fictitious [agency] relationship” with the other defendants, the Housing Authority of the City of San Diego and the San Diego Housing Commission.
- Latest update: On July 8, the parties filed a joint motion to dismiss the City and Housing Authority of San Diego as defendants and to deny the City and Housing Authority’s pending motion for the judgment on the pleadings as moot. On July 9, the court granted the joint motion.
Suhr v. Dietrich, No. 2:23-cv-01697-SCD (E.D. Wis. 2023): On December 19, 2023, a dues-paying member of the Wisconsin State Bar filed a complaint against the Bar and seven members of the Bar’s Board of Governors and staff challenging the Bar’s “Diversity Clerkship Program,” a summer hiring program for first-year law students. The program’s application requirements had previously stated that eligibility was based on membership in a minority group. After the Supreme Court’s decision in SFFA, the eligibility requirements were changed to include students with “backgrounds that have been historically excluded from the legal field.” The plaintiff claims that the Bar’s program is unconstitutional even with the new race-neutral language, because, in practice, the selection process is still based on the applicant’s race or gender. After reaching a partial settlement agreement with the defendants to remove the eligibility requirements concerning historically excluded backgrounds, the plaintiff filed an amended complaint, adding challenges to three mentorship and leadership programs that allegedly discriminate based on race, which are funded by mandatory dues paid to the Bar.
- Latest update: On July 19, 2024, the defendants filed a reply in support of their motion to dismiss, arguing that the Eleventh Amendment bars all claims against the individual defendants, as well as any claim for retrospective relief. The defendants further argued that the plaintiff’s claims were time-barred, and that the plaintiff had not identified “actionable non-germane activities” sufficient to state a freedom of association claim because their argument relied on the faulty premise that “any single instance of non-germane activity renders the State Bar unconstitutional.” Instead, the defendants argue, non-germane activity accounts for only 3.6% of total dues revenue, and the other challenged Bar activities are germane activities.

2. Employment discrimination and related claims:

Netzel v. American Express Company, No. 23-16083 (9th Cir. 2023): On August 23, 2022, a group of former American Express employees alleged that the company’s diversity initiatives discriminated against white workers and that the company retaliated against the same workers after they complained, in violation of Title VII and Section 1981. After the district court granted American Express’s motion to compel arbitration, the plaintiffs appealed to the Ninth Circuit, arguing in part that they should not be compelled to arbitrate because they seek “public injunctive relief” against alleged “racial discrimination . . . that specifically harms the general public,” a right they claim is not waivable under California law.
- Latest update: On July 22, 2024, the Ninth Circuit affirmed the district court’s ruling, holding that New York law governs the arbitration agreements, and, under that law, the agreements were not procedurally unconscionable. The court also held, relying on American Express’s representation, that the agreements permit arbitration of claims for public injunctive relief.
Gerber v. Ohio Northern University, No. 2023-1107-CVH (Ohio Ct. Common Pleas Hardin Cnty. 2023): On June 30, 2023, a law professor sued his former employer, Ohio Northern University, for terminating his employment after an internal investigation determined that he bullied and harassed other faculty members. On January 23, 2024, the plaintiff, represented by America First Legal, filed an amended complaint. The plaintiff claims that his firing was actually in retaliation for his vocal and public opposition to the university’s stated DEI principles and race-conscious hiring, which he believed were illegal. The plaintiff alleged that the investigation and his termination breached his employment contract, violated Ohio civil rights statutes, and constituted various torts, including defamation, false light, conversion, infliction of emotional distress, and wrongful termination in violation of public policy. On June 17, 2024, both parties filed motions for summary judgment.
- Latest update: On July 16, the court dismissed the University’s Provost, VP for Financial Affairs, Secretary to the Board of Trustees, and three members of the Board of Trustees as parties to the litigation based on affidavits establishing that “none of the movants possessed investigative duties or voting authority regarding the decision to terminate Plaintiff’s employment,” nor were present when the decision to terminate the plaintiff was made. The plaintiff filed a motion to reconsider the dismissals on July 16, which the court denied on July 17. The cross-motions for summary judgment remain pending.
Beneker v. CBS Studios, No. 2:24-cv-01659-JFW-SSC (C.D. Cal. 2024): On February 29, 2024, a straight, white, male writer sued CBS, alleging that the network’s de facto hiring policy discriminated against him on the bases of sex, race, and sexual orientation in violation of Section 1981 and Title VII. CBS declined to hire the plaintiff as a staff writer multiple times, but did hire several black writers, female writers, and a lesbian writer. The plaintiff requested a permanent injunction against the de facto policy, a staff writer position, and damages. CBS Studios and parent company Paramount Global moved to dismiss the complaint.
- Latest update: On July 15, 2024, the plaintiff opposed CBS’s motion to dismiss, arguing that CBS seeks to “expand the right to discriminate on the basis of race or sexual orientation when that status impinges on an organization’s expressive message, to a generalized right to discriminate on the basis of status alone.” The plaintiff also argued that CBS’s “fraudulent concealment” of its discrimination justifies tolling the statute of limitations, since CBS’s promises to promote the plaintiff delayed him recognizing that he was the victim of discrimination.

3. Challenges to agency rules, laws and regulatory decisions:

Alliance for Fair Board Recruitment v. SEC, No. 21-60626 (5th Cir. 2021): In August 2021, the Alliance for Fair Board Recruitment (AFBR) filed an administrative appeal with the Fifth Circuit, seeking review of the SEC’s approval of Nasdaq’s Board Diversity Disclosure Rule, which requires Nasdaq-listed companies to annually report aggregated statistical information about the board’s self-identified gender, racial, and LGBTQ+ characteristics. In October 2023, the court rejected plaintiff’s challenge to the rule on the grounds that Nasdaq, not the SEC, created the rule. The court granted AFBR’s petition for a rehearing en banc, and oral argument took place in May 2024.
- Latest update: On July 18, 2024, the court issued a letter asking the parties to file supplemental briefs regarding whether the petitioners’ challenge to the Board Recruiting Service Rule was moot. Nasdaq and the SEC both filed supplemental briefs taking the position that the petitioners’ challenge to the Board Recruiting Service Rule is now moot. The petitioners argue that the court can and should vacate the approval order in its entirety, which would vacate the SEC’s approval of the Board Recruiting Service Rule.
Do No Harm v. Lee, No. 3:23-cv-01175-WLC (M.D. Tenn. 2023): On November 8, 2023, Do No Harm sued Tennessee Governor Bill Lee under the Equal Protection Clause, seeking to enjoin a 1988 Tennessee law requiring the governor to “strive to ensure” that at least one board member of the six-member Tennessee Board of Podiatric Medical Examiners is a racial minority. On February 2, 2024, Governor Lee moved to dismiss the complaint for lack of standing. On June 28, 2024, Do No Harm filed a notice of supplemental authority, arguing that a similar case, American Alliance for Equal Rights v. Ivey, No. 2:24-cv-00104-RAH-JTA (M.D. Ala. 2024), supports its claims that anonymous members have individual standing.
- Latest update: On July 9, Governor Lee responded to plaintiff’s notice of supplemental authority, arguing that the Ivey court only found standing because the state bore a heavy burden of demonstrating mootness after standing was first established. There, at the time of the lawsuit, the governor had not yet selected the three appointees of racial minority status to the board. Here, by contrast, the quota was already filled at the time of the lawsuit, leaving the remaining seats open to applicants of any race. Thus, “at the time the suit was filed and continuing to today, Plaintiff’s members have the same opportunity to be appointed to the Board as any other applicant.”.
American Alliance for Equal Rights v. Ivey, No. 2:24-cv-00104-RAH-JTA (M.D. Ala. 2024): On February 13, 2024, AAER filed a complaint against Alabama Governor Kay Ivey, challenging a state law that requires the governor to ensure there are no fewer than two individuals “of a minority race” on the Alabama Real Estate Appraisers Board. The Board has nine seats, including one for a member of the public with no real estate background, which has been unfilled for years. Because there was only one minority member among the Board at the time of filing, AAER asserts that state law requires that the open seat go to a minority. AAER states that one of its members applied for this final seat, but was denied purely on the basis of race, in violation of the Equal Protection Clause of the Fourteenth Amendment. On March 29, 2024, Governor Ivey answered the complaint, admitting that the Board quota is unconstitutional and will not be enforced. On May 7, 2024, the court granted a motion to intervene by the Alabama Association of Real Estate Brokers (AAREB), a trade association and civil rights organization for Black real estate professionals.
- Latest update: On July 17th, the court denied AAER’s motion for judgment on the pleadings because both Governor Ivey and AAREB denied factual allegations about AAER’s member that are critical to its standing. The case is set for a bench trial on November 17, 2025.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Blaine Evanson, Molly Senger, Zakiyyah Salim-Williams, Matt Gregory, Zoë Klein, Mollie Reiss, Jenna Voronov, Alana Bevan, Marquan Robertson, Janice Jiang, Elizabeth Penava, Skylar Drefcinski, Mary Lindsay Krebs, David Offit, Lauren Meyer, Kameron Mitchell, Maura Carey, Jayee Malwankar, and Heather Skrabak.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and authors:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, [email protected])

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, [email protected])

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, [email protected])

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, [email protected])

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, [email protected])

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group
Orange County (+1 949-451-3805, [email protected])

The Proposal would make a number of changes to the FDIC’s brokered deposits rules that could materially affect banks, neobanks, fintechs, and other third parties in the industry.

On July 30, 2024, the Federal Deposit Insurance Corporation (“FDIC”) issued a Notice of Proposed Rulemaking proposing significant changes to the FDIC’s brokered deposits rules (the “Proposal”).[1] The Proposal would make a number of changes highlighted below to the FDIC’s brokered deposits rules that could materially affect banks, neobanks, fintechs and other third parties in the industry, many of whom have crafted business models, started new businesses, or even undertook transformative acquisitions in reliance on the FDIC’s brokered deposits rules finalized in December 2020. Not to mention, the Proposal could materially affect consumers, particularly those who are underbanked or unbanked, and who rely on neobank and fintech apps for access, through bank partnerships, to traditional financial products and services. Comments on the Proposal are due within sixty (60) days of publication in the Federal Register.

I. Background

On December 15, 2020, the FDIC finalized its brokered deposits rules to modernize those regulations and establish a new framework for analyzing whether certain deposit arrangements qualify as brokered deposits (the “2020 Final Rule”).[2] The 2020 Final Rule promoted innovation between commercial banks and fintechs by providing clearer guidance on what constituted a deposit broker and, by extension, a brokered deposit.[3]

Fast forward to 2024 and the intersection of banks and non-bank financial services providers is at the regulatory and supervisory forefront and the environment for banks and bank-fintech partnerships has changed dramatically following the spring 2023 bank failures, current enforcement trends in the bank-fintech partnership space and the bankruptcy of Synapse Financial Technologies, Inc. The Proposal suggests an intent to address this current reality and pulls back on many of the changes to the brokered deposits framework implemented by the 2020 Final Rule.

Notably, at the time the 2020 Final Rule was finalized, then-Director Gruenberg sharply dissented.[4] The preamble to the Proposal references many of those same concerns as a basis for the changes under the Proposal.[5]

II. Key Aspects of the Proposal

The Proposal includes several notable changes that would materially impact the brokered deposits analysis for insured depository institutions (each an “IDI”) and their third parties.

Eliminates exclusive deposit arrangement carveout. The 2020 Final Rule provides that any entity that contracts or partners exclusively with one IDI, and is not placing or facilitating the placement of deposits at any other IDI, is not considered a “deposit broker” and, therefore, any deposits placed by the entity with the IDI are not brokered deposits. The Proposal would eliminate the exclusive deposit arrangement carveout by revising the FDIC’s brokered deposits regulations to restore their applicability to any third party that meets the definition of deposit broker, including those involved in placing deposits at only one IDI.[6]
Revises the definition of “deposit broker,” including adding a new prong to the definition related to fees paid to a third party. The Proposal would impact commonly used bank marketing practices by adding a new prong to the definition of “deposit broker” related to fees paid to a third party, specifically providing that a person is engaged in the business of placing or facilitating the placement of deposits of third parties if that person “has a relationship or arrangement with an IDI or customer where the IDI, or the customer, pays the person a fee or provides other remuneration in exchange for or related to the placement of deposits.”[7] Fees that would be covered under the Proposal would include fees for administrative services provided in connection with a deposit placement arrangement.[8]
Revises the analysis for determining when an agent or nominee meets the primary purpose exception. The Proposal would provide that the primary purpose exception to the “deposit broker” definition would apply “when an agent or nominee whose primary purpose in placing customer deposits at IDIs is for a substantial purpose other than to provide a deposit-placement service or FDIC deposit insurance with respect to particular business lines.”[9] This interpretation would align with how the FDIC historically interpreted the primary purpose exception before the 2020 Final Rule.[10] As part of this analysis and any corresponding application process for a primary purpose exception (“PPE”), the FDIC would analyze the intent of the third party and consider the relationship between the third party and the IDI, including whether fees were paid to the third party.[11]
Eliminates the enabling transactions PPE. The 2020 Final Rule created a PPE for third parties that place deposits to allow their customers to enable transactions (the “enabling transactions test”). Without any substantive discussion, the Proposal quickly eliminates the enabling transactions test and corresponding notice process, stating: “The current enabling transactions test would not satisfy the proposed primary purpose exception, because placing deposits into accounts with transactional features would not, by itself, prove that the substantial purpose of the deposit placement arrangement is for a purpose other than providing deposit insurance or a deposit-placement service. The FDIC believes that there is no relevant difference between an agent or nominee’s purpose in placing deposits to enable transactions and placing deposits to access a deposit account and deposit insurance.”[12] Under the Proposal, IDIs that currently rely on the enabling transactions test under the notice or application process could file an application under the general PPE application process.[13]
No reliance on PPE notices or applications. The Proposal provides that IDIs relying on an existing approved PPE application, 25% test designated exception notice or an enabling transactions exception notice or application would no longer be able to rely on such exceptions. As a result, IDIs would need to submit a new PPE application, rely on the new 10% Broker-Dealer Sweep Exception (described below) or rely on one of the preserved designated business exceptions from the 2020 Final Rule.[14]
Changes the PPE application process. The Proposal would update the PPE application process and would add additional factors to the FDIC’s review of those applications, including any fees paid to the third party and whether the third party has discretion to choose the IDI(s) to place customer funds. The Proposal also would provide that only IDIs, not third parties, must submit PPE applications.[15]
Proposes a Broker-Dealer Sweep Exception. The Proposal would amend the “25% test” to a 10% of assets under management test and rename it the “Broker-Dealer Sweep Exception.” Under the Proposal, the proposed Broker-Dealer Sweep Exception would be available only to a broker-dealer or registered investment adviser and only if less than 10% of its total assets under management, in a particular business line, is placed into non-maturity accounts at one or more IDIs. Prior notice would be required where no additional third party is involved in the sweep program. An application would be required for sweep programs that use one or more third parties.[16]
Removes “matchmaking activities” prong and replaces with “deposit allocation” prong. The Proposal would eliminate the “matchmaking activities” prong to the deposit broker definition and replace it with the new “deposit allocation” standard.[17] As a result, “deposit broker” would include a person who proposes or determines deposit allocations, including through the use of algorithmic or similar technologies.[18] Unlike the current “matchmaking activities” definition which excludes the provision of services to affiliated entities, the “deposit allocation” standard could be met in connection with the provision of services to affiliates.[19]
Retains remaining designated business exceptions. As noted, the Proposal would amend the 25% test and eliminate the enabling transactions test. The Proposal would retain the remaining designated business exceptions listed in the 2020 Final Rule, as well as the additional designated exception for non-discretionary custodians engaged in the placement of deposits.[20]

III. Key Concerns and Takeaways

While much more will be written on these topics, the fundamental changes to the 2020 Final Rule coupled with the FDIC’s Request for Information on Deposits (“Deposits RFI”)[21] reflect concerns within the FDIC on how they currently oversee the risks associated with different types of deposits.

Thematically, we believe that there are several key issues to confront (in addition to the responses to the alternatives in the Proposal and technical clarifications):

First, the restrictions on brokered deposits are derived from Section 29 of the FDIA, which relates to banks that are not well-capitalized. There is little disagreement within the industry that banks that fail to remain well-capitalized should not be relying on brokered deposits for growth. However, the FDIC and other agencies have leveraged the definition of brokered deposits for other purposes – essentially defining a very diverse set of deposits to be inherently risky and penalizing banks that accept such deposits – be it in the form of assessments or, for the larger banks, the calculation of the liquidity coverage ratio and the net stable funding ratio.
Second, the conflation of the risks related to certain types of uninsured deposits and the risks of brokered deposits is not supported by data. The Proposal cites to the FDIC’s 2011 Study on Core Deposits and Brokered Deposits, but even that study indicates that a higher proportion of brokered deposits relative to core deposits at a bank is correlated to—though not necessarily the cause of—greater probability and cost of failure. In addition, the data for that study are not reflective of today’s banking system. Instead of over-hauling such a recent regulation, it would be prudent for the FDIC to receive and release information relating to the Deposits RFI so that both the FDIC and the industry can consider the actual risks associated with brokered deposits. Once such data are analyzed, it would be worth considering whether the definition of a brokered deposit for purposes of institutions that are not well-capitalized should be broadly defined. And, if so, whether there should be different categories of such brokered deposits for other regulatory purposes to more accurately reflect the inherent risks.
Third, there are practical implications of these changes that could pose unintended consequences. For instance, the removal of affiliate considerations for exclusivity and deposit allocations does not reflect the reality of how banks and bank holding companies organize themselves (frequently in consideration of resolution planning). In addition, the burden of new notices for the PPE and ongoing reporting fail to address situations where there is a spot increase in cash held that is wholly unrelated to the business of the broker-dealer or the IDI that is swept the funds.
Fourth, the Proposal could materially affect consumers, particularly those who are underbanked or unbanked, and who rely on neobank and fintech apps for access, through bank partnerships, to traditional financial products and services. The Proposal acknowledges only that consumers “might experience changes in interest rates on those funds, or costs associated with placing those funds with different entities.”[22] The Proposal does not, however, take into account that the 2020 Final Rule was aimed, in part, at enabling banks through bank-fintech partnerships to reach new customers and extend their services to underbanked and unbanked populations. The Proposal would roll this back and could create harmful unintended consequences to those segments of the population through increased costs or decreased availability or access and could push the underbanked or unbanked to less reliable, less safe financial services providers.
Fifth, rulemaking this late in an election year could be vulnerable to reversal depending on the outcome of the election. The process to review and respond to comments submitted in the 60-day public comment period and to finalize the Proposal will take substantial time and may not be completed before the end of the current Administration. If the Proposal is not finalized by then, a new Administration with a different policy perspective could stop the process. In addition, if adopted in a final rule, the Proposal would qualify as a rule under the Congressional Review Act and therefore could be reviewed and disapproved by Congress in the event of a change in the Administration and control of Congress. Under the Congressional Review Act, disapproval would require each chamber to pass a resolution of disapproval by a bare majority and would also require approval by the new President. This is a streamlined legislative process that can be used in a new Congress to undo rules adopted shortly before an election.

IV. Conclusion

As with any proposal, it is imperative that all stakeholders actively engage in the rulemaking process with the FDIC and other policymakers to facilitate a thoughtful approach to the final rule. Recent Supreme Court decisions have increased a trend of judicial skepticism towards agency rulemakings, which could potentially make the Proposal vulnerable to legal challenge under the Administrative Procedure Act. The comment process will play a critical role in highlighting the myriad issues raised by the Proposal, its potentially broader unintended consequences, including impacts on consumers, namely the underbanked and unbanked, and may also form the basis for any future legal challenges to the FDIC’s final rule.

[1] FDIC, Unsafe and Unsound Banking Practices; Brokered Deposits Restrictions (July 30, 2024), available at: https://www.fdic.gov/system/files/2024-07/fr-npr-on-brokered-deposit-restrictions.pdf.

[2] FDIC, Press Release: FDIC Board Approves Final rule on Brokered Deposit and Interest Rate Restrictions (Dec. 15, 2020), available at: https://www.fdic.gov/news/press-releases/2020/pr20136.html. The 2020 Final rule was published in the Federal Register on January 22, 2021. See Unsafe and Unsound Banking Practices: Brokered Deposits and Interest Rate Restrictions, 86 FR 6742 (Jan. 22, 2021).

[3] Section 29 of the Federal Deposit Insurance Act (“FDIA”) does not define the term “brokered deposit.” The determination of whether an activity results in a brokered deposit turns on the definition of “deposit broker.”

[4] The 2020 Final Rule was approved by a vote of three to one, with then-Director Gruenberg dissenting. Then-Director Gruenberg’s dissenting statement is available at: https://www.fdic.gov/news/speeches/2020/spdec1520f.html.

[5] Compare Gruenberg Dissent (“This regulatory change opens up great risk to the banking system. Under this change, a bank could rely for one hundred percent of its deposits on a sophisticated, unaffiliated third party without any of those deposits considered brokered. The bank could fall below well capitalized and still rely on those third party placed deposits for one hundred percent of its funding without any of those deposits considered brokered, effectively an end-run around the statutory prohibition on less than well capitalized banks receiving brokered deposits. A bank could form multiple “exclusive” third party relationships to fund itself without any of those deposits considered brokered.”) with Proposal, p. 36 (“Under this change, an IDI can rely for one hundred percent of its deposits on an unaffiliated third party without any of those deposits considered brokered. The IDI can fall below well capitalized and still rely on those third party placed deposits for one hundred percent of its funding without any of those deposits being considered brokered, which provides an avenue for less than well-capitalized IDis to obtain and retain brokered deposits that appears to conflict with intent of the statutory prohibition. An IDI can form multiple “exclusive” third party relationships to fund itself without any of those deposits considered brokered. Thus, the current regulation exposes the banking system to the kind of risk the brokered deposit restrictions were intended to address.”)

[6] See Proposal, pp. 35-36.

[7] Proposal, p. 29. (emphasis added).

[8] See Proposal, p. 33.

[9] Proposal, p. 38.

[10] Id.

[11] See Proposal, pp. 38-39.

[12] Proposal, p. 54.

[13] See id.

[14] See Proposal, p. 28.

[15] See Proposal, pp. 41-44.

[16] See Proposal, pp. 47-53.

[17] See Proposal, p. 29.

[18] See Proposal, pp. 31-32.

[19] See Proposal, p. 32.

[20] See Proposal, p. 55.

[21] On July 30, 2024, the FDIC issued a request for information soliciting the public’s comments on deposit data that is not currently reported in the Call Report or other regulatory reports, including for uninsured deposits. See FDIC Request for Information on Deposits (July 30, 2024), available at: https://www.fdic.gov/system/files/2024-07/fr-request-for-information-on-deposits.pdf. Comments are due on the Deposits RFI within sixty (60) days of publication in the Federal Register.

[22] Proposal, p. 69.

The following Gibson Dunn lawyers prepared this update: Jason Cabral, Ro Spaziani, Stuart Delery, Matt Gregory and Zach Silvers.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please feel free to contact the Gibson Dunn lawyer with whom you usually work, any member of Gibson Dunn’s Global Financial Regulatory, Financial Institutions, Global Fintech and Digital Assets, Public Policy or Administrative Law and Regulatory practice groups, or the following authors:

Jason J. Cabral – New York (+1 212.351.6267, [email protected])

Ro Spaziani – New York (+1 212.351.6255, [email protected])

Michael Desmond and Nicole Butze are the authors of “IRS Should Brace for More Taxpayer Lawsuits With Chevron’s Death” [PDF] published by Bloomberg Tax on July 1, 2024.

This update summarizes recent enforcement activity, provides an overview of notable legislative and policy developments at the federal and state levels, and analyzes significant court decisions from the first half of the year.

I. Introduction

When the False Claims Act (“FCA”) is not making headlines on the Supreme Court’s docket, the flow of enforcement developments nonetheless remains constant. The first half of 2024 is a reminder that that flow can surge at any moment, bringing with it massive settlements for the government—over $1 billion over six months, in the case of 2024. Meanwhile, as the first half of 2024 also makes clear, there is never a dull moment when it comes to caselaw developments in the lower federal courts, and even when the U.S. Department of Justice (“DOJ”) is not being particularly vocal about its FCA enforcement priorities in speeches and publications, it often is taking steps in other enforcement contexts that have implications for the FCA.

In the first half of 2024, DOJ has continued its focus on FCA matters related to cybersecurity; has initiated pilot programs in criminal enforcement that have implications for qui tam whistleblower incentives; and has concluded settlements across a range of industries and legal theories, with the primacy of settlements in the healthcare industry continuing. Courts have grappled with issues such as FCA causation and the scienter required in FCA cases premised on violations of the Anti-Kickback Statute (“AKS”), and the Supreme Court granted certiorari in a case involving the definition of “claim” under the FCA.

Below, we summarize recent enforcement activity, then provide an overview of notable legislative and policy developments at the federal and state levels, and finally analyze significant court decisions from the first half of the year. Gibson Dunn’s recent publications regarding the FCA may be found on our website, including in-depth discussions of the FCA’s framework and operation, industry-specific presentations, and practical guidance to help companies navigate the FCA. And, of course, we would be happy to discuss these developments—and their implications for your business—with you.

II. Noteworthy DOJ Enforcement Activity During the First Half of 2024

2024 has been a notable half-year for FCA settlements by DOJ: during the first six months of the year, the government announced resolutions totaling over $1 billion.[1] That dollar figure is the highest for the first half of a calendar year—by a significant margin—in recent memory. It also includes two nine-figure settlements, whereas the first half of 2023 included none and the first half of 2022 included only one. While both of those nine-figure settlements grant DOJ claims in the bankruptcy cases of the settling counterparties and the government thus stands to recover significantly less than the settlements’ face values, the fact of resolutions valued at those figures remains a significant development.

Below, we summarize the most notable settlements and judgments from the first half of this year, organized by industry and focused on key theories of liability at issue in the resolutions. As usual, FCA recoveries in the healthcare and life sciences industries dominated enforcement activity during the first half of the year in terms of the number and value of settlements. DOJ, however, also announced notable resolutions in the government contracting and procurement space, described below.

A. Healthcare and Life Science Industries

As usual, the vast majority of FCA recoveries in the first half of 2024 involved entities and individuals in the healthcare and life sciences industries.

On January 4, a healthcare facility operator in Delaware agreed to pay $42.5 million to resolve allegations that the company provided ancillary service providers—including nurse practitioners and physician assistants—to assist with patients as an inducement to non-employee doctors to refer patients to the company’s hospitals. The complaint alleged that these arrangements violated the AKS and the Stark Law. The allegations underlying the settlement agreement stemmed from a qui tam suit brought by the company’s former chief compliance officer, who will receive an unspecified portion of the recovery.[2]
On January 4, a Florida non-profit agreed to pay approximately $19.5 million to resolve allegations that it billed federal healthcare programs for items and services used in clinical trial research that it should have billed to non-government sponsors. The organization itself initiated an independent investigation into the alleged behavior and disclosed its findings to the government. The federal government will receive $18.2 million from the settlement, and Florida Medicaid will receive $1.3 million.[3]
On January 4, a Memphis hospital system agreed to pay $7.25 million to resolve claims that it submitted false claims to Medicare that arose out of improper financial arrangements. Specifically, the government alleged the hospital system had a multi-agreement relationship with a medical clinic, and the hospital system used these various business contracts as a vehicle to pay kickbacks to the clinic to induce it to refer Medicare beneficiaries to the hospital system. The suit resolves a qui tam suit brought by a former president of a hospital within the system and a medical school dean, who will each receive an unspecified portion of the settlement.[4]
On January 5, an Arizona home health agency agreed to pay nearly $10 million to resolve allegations that it submitted false claims to a healthcare program serving Department of Energy employees and contractors with occupational illness. The government alleged that the agency billed the program for nursing and care services when its employees were not physically present in the patients’ homes. It further alleged that the agency’s “friends and family” program violated the AKS by paying cash and in-kind payments for food, travel, and other expenses in exchange for patient referrals. The agency made a voluntary disclosure to the government regarding its friends and family program and in-kind remuneration, and the settlement agreement acknowledges the agency’s cooperation in this regard. The settlement resolves a qui tam suit brought by a former Corporate Administrator and Director of Human Resource Administration and Management at the agency and its predecessor, who will receive approximately $1.7 million from the settlement.[5]
On January 10, a New Jersey clinical laboratory and its CEO agreed to pay $13.2 million to resolve allegations that it billed federal healthcare programs for laboratory tests procured through illegal kickbacks. The government alleged that the laboratory obtained referrals through five different kinds of kickbacks, including: (1) commissions paid based on volume and value of referrals to the laboratory through independent contractors; (2) payments disguised as management services organization fees that were actually incentives for laboratory referrals; (3) payments to healthcare providers disguised as consulting or medical director fees in exchange for ordering lab tests; (4) payments to substance abuse recover centers to induce referrals for lab testing; and (5) specimen collection fees to healthcare providers to induce referrals to the laboratory. In addition, the government alleged that the laboratory and CEO submitted claims for tests that were not medically necessary or not otherwise covered by Medicare and Medicaid.[6]
On January 11, a long-term care hospital agreed to an ability-to-pay settlement requiring it to pay over $18.6 million plus 4.5% interest per year to resolve allegations that the hospital impermissibly claimed excessive cost outlier payments from Medicare. Specifically, the government alleged that the hospital manipulated the cost outlier payment system for supplemental reimbursement by increasing its charges in excess of its costs and beyond what the hospital would be able to repay once Medicare cost reports were reconciled to its charges. In addition to the FCA claim, the settlement involved a $12 million penalty resolving Federal Debt Collection Procedures Act allegations against certain hospital investors for their role in the hospital’s alleged fraudulent transfer of money without equivalence value exchange to its investment management company.[7]
On January 17, a healthcare company and its owners consented to a $2 million judgment, admitting to FCA violations for using medical staff to submit claims for medically unnecessary care to federal healthcare programs. The government alleged that the company hired vulnerable or inexperienced medical staff and then pressured those staff members to provide unnecessary care, and to submit the claims for that care to federal payors. The government further alleged that the company falsified information to obtain Paycheck Protection Program (PPP) loan forgiveness. The consent agreement resolves allegations under the FCA, AKS, and Controlled Substances Act.[8]
On January 23, a Philadelphia pharmacy and its current and former owners agreed jointly to pay approximately $3.9 million to resolve allegations that they billed Medicare and Medicaid for medications that were never dispensed from January 2018 through September 2020. The government also alleged that in some cases the pharmacy dispensed low-cost formulations to beneficiaries but billed Medicare for the high-cost versions of the formulations. The pharmacy and its principal pharmacist entered into an integrity agreement requiring them to undertake significant compliance obligations and conduct third-party audits of their Medicare claims and drug inventory through an Independent Review Organization.[9]
On January 26, a group of durable medical equipment companies agreed to pay $2.1 million to resolve allegations that they submitted false claims to federal healthcare programs by selling used hospital beds as if they were new. The government also alleged the companies upcoded support products and mischaracterized non-reimbursable travel time as repair time in claims for payment made to federal programs and contractors. This settlement resolved a related qui tam suit brought by a former employee, who will receive an undisclosed portion of the settlement amount.[10]
On January 30, a drug rehabilitation facility and a clinical laboratory agreed to resolve liability for submitting false claims for urine drug testing services to the federal Medicare and Kentucky state Medicaid programs by paying $2.2 million and $4.9 million respectively. The government alleged that the drug rehabilitation facility used the same complex panel of urine drug tests for all patients on a weekly basis, despite the results often not being used for diagnosis or treatment and without considering whether individual patients needed the panel. The clinical laboratory performed the urine tests and billed them to federal and state healthcare programs despite knowing that the tests were not typically used for diagnosis or treatment and also performed additional urine drug screens without proper medical orders requesting the screens. As a part of the settlement, the drug rehabilitation facility entered into a corporate integrity agreement with HHS-OIG, which requires the facility to appoint a compliance officer and retain an independent expert for its compliance program. The clinical laboratory’s share of the settlement will require it to cease operations and pay the United States 100% of the net proceeds of the sale of its assets, along with 70% of reimbursements from healthcare payors for one year and any employee retention tax credit funds received. The settlement resolves a related qui tam suit, with the relator receiving an undisclosed portion of the recovery.[11]
On February 7, a Pennsylvania multi-hospital system agreed to pay $11.7 million to resolve allegations that it submitted claims to Medicare for services relating to annual wellness visits. The hospital system voluntarily disclosed that it submitted claims that were not supported by the medical record between December 2015 and November 2022. Following its self-disclosure, the government noted, the hospital system took corrective action, although in resolving the case the government did not specify what that action was.[12]
On February 14, a medical equipment company that rented non-invasive ventilators agreed to pay $25.5 million to resolve allegations that it continued to bill federal health care programs after patients ceased using their devices. Additionally, DOJ alleged that the company failed to confirm that the devices it rented were medically necessary, impermissibly waived coinsurance payments to get more patients to rent their equipment, and paid kickbacks to induce Medicare beneficiaries to rent its equipment. The company admitted it received reimbursement for claims it submitted to federal healthcare programs that did not comply with Medicare billing guidelines. This resolved a related qui tam suit for which the relator will receive an unspecified portion of the proceeds.[13]
On February 16, a Kentucky toxicology lab and its owner agreed to a nearly $5.6 million judgment for violating the FCA by charging court‑ordered urine tests to Medicare and Medicaid, even though the tests were not medically necessary. The lab’s compliance officer also agreed to a $4.87 million judgment against her for a related scheme in which she solicited urine drug tests from non-medical homeless shelters and charged those tests to Medicare and Medicaid. Both the owner and the compliance officer received prison sentences of 46 months and six months respectively for related criminal charges. Furthermore, the lab, the owner, and the compliance officer will be excluded from federal health care program participation for 20 years. The consent agreements resolve a qui tam suit for which the relator will receive an unspecified portion of the proceeds.[14]
On February 28, a pharmaceutical manufacturer, DOJ and an ad hoc group of first lien creditors reached a comprehensive settlement of all federal government claims against the manufacturer. The settlement included resolution of FCA claims asserted by DOJ, which were resolved by granting DOJ a $475.6 million general unsecured claim in the manufacturer’s chapter 11 bankruptcy cases. DOJ alleged that the company marketed its opioid drug to providers the company knew prescribed the drug for non-medically accepted indications, and that the company incentivized such targeting through sales goals, employee incentive compensation plans, and employee performance reviews. In resolution of a parallel criminal investigation, the comprehensive settlement also required a debtor affiliate of the manufacturer to plead guilty to a misdemeanor violation of the Food, Drug and Cosmetic Act (“FDCA”) based on allegations that it introduced misbranded drugs into interstate commerce. Altogether the comprehensive settlement encompassed approximately $8 billion of alleged claims asserted by the IRS, the civil and criminal branches of DOJ, and several federal healthcare agencies. Under the terms of the comprehensive settlement, the company made a single $200 million payment in satisfaction of all the government’s claims upon the effective date of its chapter 11 plan of reorganization in April 2024, and the settlement allowed the company’s pharmaceutical business to emerge under such plan.[15] Gibson Dunn represented the first lien ad hoc group, which negotiated the foregoing economic settlement with DOJ, and was intimately involved in all aspects of this comprehensive resolution and its implementation.
On February 28, a Georgia laboratory and its owner agreed to pay $14.3 million to partially resolve allegations that it submitted false claims to government healthcare programs. In particular, the government alleged that the owner paid independent contractors to recommend that senior living communities order expensive and unnecessary respiratory pathogen panels (RPPs), rather than the COVID-19 tests that the communities initially requested. The contractors also, with the owner’s alleged knowledge, performed COVID-19 tests in senior living communities, but then arranged for the laboratory to submit claims to federal health plans using sham Medicaid diagnosis codes that did not reflect the medical conditions of those receiving the tests. The contractors also allegedly forged physician signatures on RPP order forms. The owner, along with four other people, pleaded guilty to criminal charges connected to the scheme. The federal government will receive $13.9 million from the civil settlement, and Georgia will receive $400,000. The settlement also resolves a qui tam suit for which the relator will receive $2.86 million.[16]
On March 6, a hospital system in New York agreed to pay $17.3 million to resolve allegations that it paid unlawful kickbacks to doctors at the hospital’s chemotherapy infusion center. The government alleged that the hospital entered into contracts with the physicians that linked the physicians’ compensation to the number of referrals made for services at the chemotherapy center. The settlement agreement also resolves claims that the physicians failed to adequately supervise these services as required by Medicare and Medicaid regulations, in addition to claims under New York’s state FCA statute. The hospital voluntarily disclosed the information to the United States.[17]
On March 6, a generic pharmaceutical manufacturer agreed to pay $2 million to resolve allegations that it submitted false claims to TRICARE, the VA, the Federal Employees Health Benefits Program, and the Department of Labor Office of Works Compensation Programs. The government alleged that the company sold adulterated pharmaceuticals after failing to follow controls required by manufacturing regulations, which resulted in the submission of false claims. This settlement resolved the civil liability component of a criminal investigation related to the introduction of adulterated drugs into interstate commerce. The company also entered into a plea agreement to resolve the related criminal indictment, pursuant to which it agreed to a three-year deferred prosecution agreement and to pay an additional $1.5 million fine.[18]
On March 20, two former Philadelphia-based pharmacy employees agreed to pay over $4.1 million to resolve liability under the FCA and Controlled Substances Act for illegally dispensing and distributing controlled substances and engaging in fraudulent billing. Specifically, the government alleged that the former employees dispensed opioids and other “cocktail” drugs in extreme doses and combinations under highly suspicious circumstances, including excessive cash payments and clearly forged prescriptions. The employees also engaged in a scheme using a “BBDF” (“Bill But Don’t Fill”) code to falsely claim to Medicare and other insurers that drugs had been dispensed to patients. The former employees also pled guilty to related criminal charges and were sentenced to several months imprisonment along with receiving permanent bans on dispensing controlled substances. The civil settlement and criminal convictions marked the end of a multi-year investigation into related fraudulent activity at the pharmacy, including activities by its owner and other employees.[19]
On March 25, a clinical laboratory and its owners agreed to pay approximately $13.6 million and to be excluded from federal health care programs for 15 years to resolve allegations that they submitted Medicare claims for tests that were neither medically necessary nor ordered by healthcare providers. Specifically, the government alleged that the laboratory performed and submitted claims for medically unnecessary urinary tract infection panel of tests by PCR when physicians only ordered a less extensive urinalysis tests as part of an illegal kickback scheme. The laboratory allegedly did so because Medicare reimbursements for the PCR tests were significantly higher than reimbursements for the tests the physicians had ordered. This settlement resolved a related qui tam action brought by a physician who owned health care facilities and served patients for whom the laboratory ran tests. The physician relator will receive approximately $2.3 million of the settlement amount.[20]
On March 25, a healthcare staffing company agreed to pay approximately $9.3 million to resolve FCA and criminal liability regarding its visa sponsorship program. Specifically, the government alleged the staffing company submitted false visa immigrant applications, provided false job placement letters, and made false statements to government officials while recruiting healthcare professionals into the United States. Along with undertaking extensive remedial efforts in its compliance, the company also pledged an additional $8 million to healthcare projects in an effort to address harms caused by its prior practices. The pledge will be distributed to various NGOs and non-profits involved with ethical recruitment, strengthening healthcare access and infrastructure in certain developing countries and in rural/underserved U.S. communities.[21]
On March 27, a Georgia teleradiology company and its CEO agreed to pay $3.1 million to settle liability for violations of the FCA and comparable state laws for fraudulently billing federal health care programs. The government alleged that the company’s U.S.-based radiologists failed to adequately review interpretation reports prepared by overseas contractors who were not permitted to practice medicine in the U.S. or bill U.S. federal healthcare programs. The company also misrepresented which medical professionals actually rendered radiology services, and improperly sought reimbursement for services provided by medical professionals outside of the United States. Approximately $2.68 million of the settlement will be paid to the U.S., and the remaining $420,000 will be distributed to various states. The settlement additionally resolves a qui tam suit, but it was not disclosed whether the relators would receive a share of the settlement.[22]
On April 2, a Texas oncology practice and diagnostic reference laboratory agreed to pay approximately $4 million to resolve allegations that they violated the AKS. The government alleged that the laboratory offered illegal kickbacks in exchange for bone marrow biopsy exams, which induced physicians to order the tests. Furthermore, the government contended that one of the practice’s physicians billed federal and state healthcare programs for medically unnecessary tests and services. This settlement resolved a qui tam suit brought by a former physician at the practice who will receive an unspecified amount. The oncology practice also entered into an integrity agreement for a period of three-years as part of the settlement.[23]
On April 9, a California-based nursing home chain agreed to pay approximately $7 million to resolve allegations that it submitted claims to Medicare and Medicaid for reimbursement for skilled care that it did not actually provide. The government alleged that the company misused a COVID-19 emergency waiver that removed the three-day hospital stay requirement to receive reimbursement for skilled care for nursing home residents. The company allegedly submitted claims for skilled care reimbursement when residents at the home were merely exposed to COVID-19, rather than infected, and as a result did not actually receive skilled care in the nursing home. The company will pay the federal government approximately $6.8 million and the state of California approximately $242,000, plus interest. The company will also enter a Corporate Integrity Agreement (CIA) with the Department of Health and Human Services, Office of Inspector General (HHS-OIG). The settlement resolves a qui tam suit for which the relators will receive approximately $1.2 million, plus interest.[24]
On April 24, an Atlanta-based company agreed to pay $2.7 million to resolve allegations that it violated the False Claims Act by failing to implement adequate cybersecurity measures to protect health information obtained through a contract with the Pennsylvania Department of Health to provide staffing for COVID-19 contact tracing. The government alleged that the company transmitted confidential and/or personally identifiable information in unencrypted emails, that it stored and transmitted information through Google files that were not password protected, and that staff used shared passwords to access the information. The government also alleged that the company received complaints for at least five months before the company started remediating the issue. The settlement resolves a qui tam lawsuit brought by a former staff member at the company, who will receive a $499,500 share of the lawsuit.[25]
On April 25, a healthcare management company and its subsidiaries agreed to pay $4.2 million to resolve allegations that it knowingly submitted false Medicare claims. In particular, the government alleged that the company retained overpayments for hospice care claims when the patients were not terminally ill and therefore ineligible for hospice care. This settlement resolved a qui tam suit brought by a former employee, who received $672,000 of the settlement.[26]
On May 6, the owner and operator of multiple medical diagnostic and laboratory-related LLCs agreed to pay $27 million to resolve allegations that he and his companies conspired to violate the FCA by submitting false claims to federal healthcare programs for medically unnecessary cancer genomic tests (CGx) procured through illegal kickbacks. In particular, the government alleged that he and his companies conspired with telemarketers to solicit Medicare beneficiaries for CGx tests and conspired with telemedicine providers to prescribe medically unnecessary CGx tests. The government further claimed that he and his companies conspired with reference laboratories that would perform the CGx tests, and with billing laboratories and a hospital to submit claims to Medicare and Medicaid. The Floridian owner and operator previously pled guilty to criminal healthcare fraud related to this same conduct in 2022. As part of this settlement agreement, his companies agreed to be excluded from all federal health care programs. This settlement resolves three related qui tam actions, including one action brought by a minority owner of one of the LLCs, who will receive approximately $4.7 million of the settlement amount.[27] The portion of the settlement that the other relators will receive is not specified.
On May 8, a Michigan healthcare practice agreed to pay approximately $2 million to resolve allegations that it submitted claims for improperly supervised medical care to Medicare and Medicaid. In particular, the government alleged that the company submitted claims to Medicare and Medicaid for procedures performed by physician assistants in nursing home facilities without the required doctor supervision. The state of Michigan will receive approximately $66,000 from the settlement.[28]
On May 16, a Massachusetts hospital agreed to pay $24.3 million to resolve allegations that it submitted claims to Medicare for medical treatments that did not comply with Medicare rules about evaluating patient suitability for the prescribed medical treatment. Specifically, the government alleged that the hospital knowingly submitted claims for transcatheter aortic valve replacement (TAVR) procedures without the required number of physicians either examining the patient or documenting their judgment regarding the patient’s suitability for the procedure. As part of the settlement, the hospital will enter into a five-year CIA with HHS-OIG under which an Independent Review Organization will annually review the hospital’s Medicare charges. Because the hospital voluntarily assisted the government during its investigation, the hospital received cooperation credit pursuant to DOJ guidelines. The settlement resolves a qui tam suit for which the relator will receive approximately $4.36 million.[29]
On May 17, a medical clinic agreed to pay $7.6 million to resolve allegations that it violated the FCA in connection with three federal grant awards for its research. In particular, the government alleged the clinic failed to disclose that the Principal Investigator on each grant was an employee with pending or active grants from foreign institutions who supported that employee’s research and obligated the employee’s time, which violated the National Institute of Health (NIH)’s transparency requirements. The settlement also resolved allegations that the clinic impermissibly allowed its employees to share passwords for access to the NIH grant reporting platform, which resulted in other employees making false submissions in the name of the Principal Investigator without their knowledge. The HHS-OIG, FBI, and two assistant U.S. attorneys collaborated with the U.S. Attorney’s Office for the Northern District of Ohio to resolve these allegations. The clinic agreed to implement a Corrective Action Plan, and NIH imposed specific award conditions for future grants for at least a one-year period or until completion of the Corrective Action Plan.[30]
On May 20, two New York not-for-profit corporations agreed to pay approximately $10 million to resolve allegations that they submitted false claims to Medicaid for certain long-term care services. The companies administered a Managed Long Term Care Plan (“MLTCP”) for Medicaid beneficiaries, under which they arranged for health and long-term care services and were reimbursed by Medicaid through per-member payments on a monthly basis. As part of the settlement, the companies admitted to collecting payments for the services under the MLTCP that they did not provide or did not adequately document the provision of. The settlement also resolves a qui tam suit brought by a relator. The portion of the settlement that relator will receive is not specified.[31]
On May 22, a medical device manufacturer and two senior executives agreed to pay $12 million to resolve allegations that they violated the False Claims Act by paying kickbacks to spine surgeons to induce the surgeons to use the company’s spinal devices. According to the government’s allegations, the company provided improper renumeration to spinal surgeons in the form of consulting and other fees, registry payments, performance shares, and travel and lavish dinners. The settlement also resolves a qui tam action brought by a former regional sales director for the company, who will receive an approximately $2.2 million share of the recovery.[32]
On May 28, three affiliated healthcare companies operating in Florida, Minnesota, and Wisconsin agreed to pay approximately $14.9 million to resolve allegations that they improperly billed Medicare, Medicaid, and TRICARE by knowingly submitting claims for two Evaluation and Management codes that did not support the level of service that the companies actually provided. Under the settlement, the federal government will receive approximately $13.8 million, and the state governments of Florida and Minnesota will receive approximately $1 million. The company must also enter into a five-year CIA with HHS-OIG, which will require the company to establish and maintain a compliance program and submit to an Independent Review Organization’s review of its Medicare claims to ensure that they are medically necessary. The settlement also resolves a qui tam suit for which the relator will receive approximately $2.8 million.[33]
On June 6, defendants in a New-York ophthalmologist practice agreed to pay approximately $2.5 million to resolve claims that, over a three-year period, they billed federal healthcare programs for medically unnecessary tests and procedures, and services that could not have been performed because the doctor was not in the office at the time the services were purportedly rendered. The government further alleged that the scheme exploited residents in Brooklyn and Queens, many of whom were non-native English speakers or elderly. The settlement agreement resolves two qui tam actions but does not specify the relators’ shares of the recovery.[34]
On June 11, a Chicago-based nurse practitioner group and its former owners agreed to pay approximately $2 million to resolve allegations that it submitted false claims to Medicare and Medicaid. The government alleged that the company and its owners developed patient charting software that generated false, upcoded claims for Medicare and Medicaid. According to the government’s allegations, the company and its owners required its nurse practitioners to use the software, despite knowing that it resulted in fraudulently upcoded claims being submitted to and paid by Medicare and Medicaid. The settlement also resolves a qui tam lawsuit brought by a former employee, which receive approximately $358,647 as part of the settlement.[35]
On June 24, medical centers and a medical college in Texas agreed to pay $15 million to resolve claims they billed for concurrent heart surgeries in violation of Medicare teaching physician and informed consent regulations. According to the government’s allegations, three heart surgeons at the medical center ran a regular practice of running two operating rooms at once, delegating key aspects of the surgeries to unqualified medical assistants. The $15 million recovery is the largest settlement to date involving concurrent surgeries. Under the settlement, the qui tam relator will receive approximately $3.1 million.[36]

B. Government Contracting and Procurement

On January 19, an oil and gas company agreed to pay $34.6 million to resolve allegations it knowingly underpaid royalties owed on oil and gas produced from federal lands. Specifically, the government alleged that the company submitted royalty payments to the federal government based on estimates and subsequently failed to make follow-up payments based on actual volumes and values as required by its agreements with the government. The company received credit under the settlement for cooperation by assisting with the determination of losses.[37]
On January 30, a technology company agreed to pay $5 million to resolve allegations that it falsely overstated cost and pricing data in a subcontract proposal to the U.S. Army. Specifically, the government alleged that the company overstated its costs to a primary contractor who was negotiating with the Army, and that the primary contractor then relied on those estimated costs when negotiating its contract, leading to significant overcharges. The settlement resolves a related qui tam suit for which the relator will receive $900,000.[38]
On January 30, a Virginia-based consulting agency and its parent company agreed to pay $3.9 million to resolve allegations that it made false statements about its status as a women-owned small business (WOSB) to obtain a Defense Health Agency contract regarding providing doctors to an Air Force treatment facility that had been set aside for WOSBs. In particular, the government alleged that the consulting company forfeited its WOSBs status when it failed to update its size certifications post-acquisition as required, and when asked by the government’s contracting official. The company was awarded the contract based on the allegedly false representation when it would not have been eligible had it provided correct information. This settlement resolved a qui tam action brought by an entity healthcare and support services provider, which purportedly discovered the misrepresentations through a report it developed to analyze Defense Health Agency contracts.[39] The settlement amount reflects cooperation from the companies during the government’s investigation.[40]
On March 12, an information and advisory services company agreed to pay $37 million to settle allegations that it violated the FCA and the Financial Institutions Reform, Recovery and Enforcement Act it used data in violation of its government contracts. The government alleged that over a month-long period, the company improperly accessed, retained, and anonymized credit card data it received under various government contracts, which it subsequently used to create proxy data that was incorporated into products and services sold to commercial customers. The company failed to disclose this behavior both to the government and to the commercial clients to whom it sold the products.[41]
On April 23, a company responsible for managing and operating a National Nuclear Security Administration site agreed to pay $18.4 million to settle liability for overpayments that resulted from production technicians submitting falsified timesheets over a six-year period. The company received credit under the settlement for self-disclosing the misconduct, cooperating with the government’s investigation, and for undertaking remediation efforts (including terminating the personnel who engaged in the misconduct).[42]
On June 6, a Canadian manufacturer of protective head gear for U.S. military and law enforcement use agreed to pay approximately $2.5 million to resolve claims that it used foreign-sourced materials in its production of helmet inserts in violation of the Berry Amendment. The company sold its products to the U.S. military under the Defense Logistics Agency’s Special Operational Equipment Tailored Logistic Support Program, which requires that textiles be sourced from the United States in compliance with the Berry Amendment. The government initiated an investigation involving the US Department of Defense, the Defense Criminal Investigative Service, and the Department of the Army Criminal Investigation Division after receiving a complaint from the DLA hotline. The settlement amount reflected that the company accepted responsibility, cooperated with the government’s investigation, and implemented compliance measures.[43]
On June 7, a conglomerate of three medical practice and management groups operating urgent care practices in New Jersey and New York agreed to pay over $12 million to resolve allegations that they submitted false claims for reimbursement of COVID-19 tests to a program that funds COVID-19 testing for uninsured individuals. The government alleged that operators did not adequately confirm whether test recipients had health insurance coverage before submitting their claims to the program, resulting in the erroneous submission of claims for insured persons. It also alleged that the operators caused laboratories to submit false claims for those COVID-19 tests by providing requisition forms that inaccurately indicated the test recipients were uninsured. The operators received credit in the settlement for their voluntary disclosure, cooperation, and remediation efforts. The settlement also resolves a qui tam suit brought by a patient, who will receive approximately $2 million of the settlement.[44]
On June 17, two consulting companies agreed to settle allegations that they violated the False Claims by failing to meet cyber security requirements as part of the administration of the application system for the Emergency Rental Assistance Program. As part of the settlement, both companies admitted that they failed to satisfy their obligation to complete required cybersecurity testing for the systems. One company agreed to pay $7.6 million and the second agreed to pay $3.7 million as part of the settlement. The settlement also resolves a qui tam lawsuit brought by an entity owned by a former employee of one of the companies, which will receive a share of approximately $1.9 million of the settlement.[45]
On June 21, two Wisconsin and Connecticut-based aerospace and parts companies agreed to pay $70 million to resolve False Claims Act allegations that they overcharged the Navy for spare parts and materials needed to repair and maintain Navy aircrafts. According to the government’s allegations, the two companies, which were both wholly-owned subsidiaries of the same parent company, knowingly entered into a contract under which one would purchase parts from the other at a markup. The purchasing company then submitted cost vouchers to the Navy for reimbursement. The settlement also resolves a qui tam suit but does not specify the relator’s share of the recovery.[46]

C. Other

On January 31, an automobile accessory company agreed to pay $3 million to resolve allegations that it knowingly failed to pay antidumping and countervailing duties on materials it imported from China. In particular, the government alleged that the company failed to take any action after being informed that it was not paying the appropriate duties on extruded aluminum components from January 2012 through July 2021. This resolved a qui tam action brought by a former employee who will receive $510,000 plus $75,000 in legal fees as part of the settlement.[47]
On February 29, two individuals in Colorado agreed to pay $3.5 million to resolve allegations that they defrauded the federal government by tampering with rain gauges. The government alleged that the two individuals were part of a conspiracy to tamper with the rain gauges by various means in order to make it appear as though there was below-average rainfall. Doing so would allow them to take advantage of a federal program that pays indemnities to farmers when there is below-average precipitation. In addition to civil penalties, the two individuals pled guilty to criminal charges for which they received prison sentences and were ordered to pay an additional $3.1 million in restitution. The settlement also resolves a qui tam suit for which the relator’s estate will receive approximately $500,000.[48]
On March 13, a construction company agreed to pay $2.5 million plus interest to resolve allegations that it violated FCA by taking out EIDL and PPP loans that it was not entitled to. Specifically, the government alleged that the company’s owner falsely certified in loan applications that he had not been convicted of a felony involving fraud within the last five years even though he had pled guilty and was convicted of a fraud-related felony charge less than three years before the first loan application. This settlement also resolves a qui tam suit for which the relator will receive approximately $250,000.[49]
On March 21, a New Jersey chemical importer and its owner agreed to pay $3.1 million to resolve claims that it fraudulently underpaid customs duties. In particular, the government alleged that the importer conspired with a Chinese vendor to mislabel imported chemicals, including hazardous chemicals, and submitted falsified documents to customs brokers. This settlement also resolves a qui tam suit for which the relator will receive $600,000. The company’s owner additionally pled guilty to wire fraud.[50]
On May 2, a German airline and its Minneapolis-based subsidiary agreed to pay $26.8 million to resolve allegations that it failed to remit to the federal government mandatory travel fees that the airline collected from passengers. In particular, the government alleged that from 2012 to 2018, the company collected fees such as those owed to U.S. Customs and TSA but did not pay those fees to the appropriate government entities. The settlement resolved a qui tam lawsuit for which the relator will receive approximately $4.8 million.[51]
On May 7, a now-bankrupt lender agreed to pay up to $120 million over two settlements to resolve allegations that it submitted false claims for loan forgiveness, loan guarantees, and processing fees to the government under PPP. Under the first settlement, the company agreed to pay up to $63.2 million to resolve allegations that the company inflated PPP loans, causing the Small Business Administration to guarantee and forgive greater loan amounts than borrowers were entitled to receive. And, under the second settlement, the company agreed to pay up to $56.7 million to resolve allegations that the company knowingly failed to implement adequate fraud controls to comply with its regulatory obligations to prevent fraudulent borrowers from seeking PPP benefits. Because the settlement gives the government an unsecured bankruptcy claim, the ultimate settlement amount will depend on the lender’s overall assets. The settlement resolves two qui tam actions for which the relators will receive a portion of the proceeds.[52]
On June 12, multiple nonprofit organizations, including two private country clubs and two homeowners associations, paid approximately $5.8 million to settle allegations that they violated the False Claims Act by knowingly submitting false claims and obtaining PPP loans for which they were not eligible. The settlements also resolved a qui tam action for which the relator will receive approximately $700,000 of the total recovery.[53]
On June 20, four restaurants, two fur apparel distributors, and five individuals agreed to pay approximately $4.6 million to settle allegations that they inflated payroll figures in their PPP loan and forgiveness applications. According to the government, the defendants misrepresented that family members and acquaintances were employed by the businesses, listed the same individuals as “full-time employees” of multiple businesses, inflated payroll figures, and improperly sought loan forgiveness for payroll costs that exceeded the maximum allowed. The settlement also resolved a qui tam lawsuit brought by a former manager at two of the restaurants, but does not specify what, if any, portion of the recovery he will receive.[54]

III. Cyber-Fraud Initiative Updates

The first half of 2024 witnessed notable developments in DOJ’s Civil Cyber-Fraud Initiative, an effort we reported on in our 2023 Year-End Update. The Initiative, launched on October 6, 2021, aims to use the FCA to pursue cybersecurity-related fraud by government contractors and grant recipients that are “knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”[55] In February 2024, Principal Deputy Assistant Attorney General Brian Boynton emphasized that DOJ “will continue to dedicate resources to investigating companies that fail to comply with their cybersecurity obligations.”[56]

A. DOJ Intervenes in First-Of-Its-Kind Cybersecurity Suit Since Launch of Civil Cyber-Fraud Initiative

In the same month in which DOJ re-emphasized its commitment to cybersecurity enforcement, DOJ intervened in a first-of-its-kind qui tam lawsuit, alleging that the Georgia Institute of Technology and Georgia Tech Research Corporation failed to comply with mandatory cybersecurity controls in their Department of Defense (DOD) contracts. In United States ex rel. Craig v. Georgia Tech Research Corporation, et al., the Associate Director of Cybersecurity at Georgia Tech and Principal Information Security Engineer brought the suit in July 2022 against research organizations for allegedly failing to secure and interact with government information and data under standards by the National Institute of Standards and Technology (NIST).

DOD contractors must comply with DFARS 252.204-7012 (“Safeguarding Covered Defense Information and Cyber Incident Reporting”), which requires contractors provide “adequate security” to safeguard the defense information they handle during the course of their work for the DOD. In turn, “adequate security” is defined, at a minimum, as implementation of NIST Special Publication 800-171 (NIST SP 800-171), which has 110 security requirements relating to, among other things, identification and authentication measures; audit and accountability; and system and communications protection measures. The lawsuit alleges that defendants’ internal assessors assigned to determine compliance with NIST were not qualified, and they were pressured interpret the NIST controls to justify certain actions taken in labs as compliant.

The government’s deadline to serve defendants with a complaint-in-intervention is August 22, 2024.

B. Potential Civil Cyber-Fraud Initiative Case on Stay

Similarly, in our 2023 Year-End Update we also reported on an unsealed qui tam complaint against Penn State by a relator who alleged that the university submitted false cybersecurity certifications to DOD. Following a 90-day stay to allow the government additional time to determine whether it will intervene, the parties’ joint written status report updating the court on any developments is due by August 5, 2024.[57]

IV. Legislative and Policy Developments

A. Federal Policy and Legislative Developments

1. Proposed Revisions to Medicare Overpayment Rules

On July 10, 2024, the Centers for Medicare and Medicaid Services (“CMS”) issued a proposed rule regarding the Physician Fee Schedule (“PFS”), which governs Medicare payments for the services of physicians and other healthcare professionals.[58] While changes to the PFS were the headline purpose of the proposed rule, the rule also would bring about significant changes to existing provisions governing healthcare providers’ return of overpayments under Medicare Parts A and B. By way of context, the Affordable Care Act (“ACA”) requires providers to return overpayments to the government within 60 days of the date on which the overpayments are “identified,” and specifies that an overpayment not returned by the appropriate deadline counts as an “obligation” for purposes of the reverse FCA, which prohibits knowing and improper avoidance of an obligation to pay money to the government.[59]

The ACA does not specify what it means to “identify” an overpayment.[60] As originally promulgated, regulations governing the return of overpayments by the Medicare program stated that a provider “identifies” an overpayment when it “has determined, or should have determined through the exercise of reasonable diligence, that [it] has received an overpayment.”[61] In a proposed rule issued in late 2022, CMS proposed to replace this looser standard of knowledge with the relatively more stringent definition of “knowing” and “knowingly” contained in the FCA.[62] This change came in direct response to a district court decision that struck down the “reasonable diligence” standard as permitting the government to premise FCA liability on nothing more than negligence, when the FCA requires a minimum of reckless disregard.[63] That decision and CMS’s response to it, however, left unaddressed a core problem confronting large organizations that face overpayment risks—namely, that it can take much longer than 60 days to determine whether an overpayment has occurred, and the running of that clock without any action to return monies to the government is very often a sign that a good-faith investigation into potential overpayments remains underway, not that overpayments were quickly identified and are being concealed. CMS had previously acknowledged that internal investigations into potential overpayments could take around 180 days, but there was neither a requirement that such investigations be completed in that timeframe nor an explicit provision tolling the deadline for return of overpayments pending such investigations.[64]

The new proposed rule would permit the suspension of the 60-day clock to allow companies to conduct internal investigations, but the devil remains in the details. In particular, in order for the deadline to be suspended, a company would have to have already identified at least one overpayment and be in the midst of a “good-faith investigation to determine the existence of related overpayments,” and would have to actually conduct such a good-faith investigation.[65] And the deadline for returning overpayments would only be suspended until, at the latest, 180 days after the date on which the company identified the initial overpayment that triggered the broader investigation.[66] While these changes enhance incentives for companies to conduct investigations into potential overpayments by extending the reporting deadline pending the completion of such investigations, the reality is that even 180 days may prove an insufficient amount of time for such investigations to fully run their course in large companies. The 180‑day cutoff risks being weaponized by qui tam relators claiming that any investigation that takes longer than 180 days must not have been conducted in “good faith” under the new rule, and that thus any overpayments not returned after the expiration of the 180-day window should form the basis for reverse FCA liability.

CMS is accepting comments on the proposed rule until September 9, 2024.

2. DOJ Whistleblower Reward Program and Voluntary Self-Disclosures Pilot Program for Individuals

Qui tam cases account for the majority of FCA cases initiated in any given year, as well as for the bulk of the monies the government recovers from FCA matters through settlement or judgment. In 2023, qui tam cases represented about 59% of the new FCA cases filed, and about 87% of the recoveries obtained. The FCA qui tam framework has no counterpart in U.S. criminal statutes, but DOJ recently has taken steps to develop a more formal policy for whistleblower awards in the criminal context. In March 2024, DOJ announced the creation of a pilot program that would reward a whistleblower with a portion of the resulting forfeiture if he or she helps DOJ discover significant corporate or financial misconduct.[67] In announcing this program, DOJ noted the successes of similar programs created at the SEC, CFTC, IRS, and FinCEN but acknowledged that those programs were limited to misconduct within those agencies’ jurisdictions. DOJ also noted that qui tam whistleblower initiatives are limited to those actions where fraud against the government is alleged. Thus, DOJ’s new initiative would “fill[] these gaps” to “address the full range of corporate and financial misconduct that the Department prosecutes.”[68]

While details on this pilot program are still forthcoming, the announcement identified important “guardrails.”[69] Payments would be made (1) only after all victims have been properly compensated; (2) only to those who submit truthful information not already known to the government; (3) only to those not involved in the criminal activity itself; and (4) only in cases where there is not an existing financial disclosure incentive—including qui tam awards or an award under another federal whistleblower program.[70] Deputy Attorney General Monaco also told potential future whistleblowers that DOJ was especially interested in information regarding “[c]riminal abuses of the U.S. financial system; [f]oreign corruption cases outside the jurisdiction of the SEC, including FCPA violations by non-issuers and violations of the recently enacted Foreign Extortion Prevention Act; and [d]omestic corruption cases, especially involving illegal corporate payments to government officials.”[71]

Relatedly, in April 2024, DOJ’s Criminal Division announced a pilot program that would extend the benefits of voluntary self-disclosure to individuals who (1) voluntarily, (2) truthfully, and (3) completely self-disclose original information regarding misconduct that was unknown to the department in certain high-priority enforcement areas, (4) fully cooperate and are able to provide substantial assistance against those equally or more culpable, and (5) forfeit any ill-gotten gains and compensate victims.[72] To qualify, a disclosure must relate to at least one of six areas of DOJ focus:

Schemes involving financial institutions (g., money laundering, criminal compliance-related schemes);
Schemes relating to the integrity of financial markets involving financial institutions, investment advisors or funds, or public or large private companies;
Foreign corruption schemes (e.g., violations of the Foreign Corrupt Practices Act, Foreign Extortion Prevention Act, and associated money laundering);
Health care fraud and kickback schemes;
Federal contract fraud schemes; or
Domestic corruption schemes involving bribes or kickbacks paid by or through public or private companies.

Deputy Attorney General Lisa Monaco noted that at least two U.S. Attorney’s offices—in the Southern District of New York and the Northern District of California—established similar programs earlier in the year.[73]

Beyond their significance for DOJ’s criminal enforcement efforts, these developments have important implications for FCA practice as well. Because the FCA penalizes fraud, the conduct at issue in an FCA investigation can sometimes be of interest to criminal authorities too. Yet the risks for a would-be whistleblower in coming forward are magnified when the alleged conduct carries potential criminal, in addition to civil, liability. In such a scenario, the possibility that DOJ will decide the relator has unclean hands carries not just the potential for criminal liability, but also the prospect of outright denial of a qui tam award. The FCA explicitly provides that a relator who is “convicted of criminal conduct arising from his or her role in the [FCA] violation . . . shall be dismissed from the civil action and shall not receive any share of the proceeds of the action.”[74] The new criminal whistleblower pilot program creates an additional financial incentive for reporting misconduct that operates independently of the qui tam mechanism. Alongside that pilot program, the individual voluntary self-disclosure pilot program stands to remove the disincentive that otherwise exists in the form of qui tam award denial in the event of a criminal conviction. Relators may prove more forthcoming about alleged conduct and their own roles in it, if both non-prosecution and financial gain remain on the table. And the carve-out in the pilot whistleblower program for individuals already covered by another whistleblower regime will likely do little to stop relators from making simultaneous reports to both civil and criminal authorities in the hope of maximizing their chances of a recovery.

B. State Legislative Developments

There were no major developments with respect to state FCA legislation in the second half of 2022. HHS-OIG provides an incentive for states to enact false claims statutes in keeping with the federal FCA. If HHS OIG approves a state’s FCA, the state receives an increase of 10 percentage points in its share of any recoveries in cases involving Medicaid. The lists of “approved” state false claims statutes increased to 23 with the approval of Connecticut’s statute this year; while six states remain on the “not approved” list.[75] The other 21 states have either not enacted a state analogue or have not submitted the statue for approval.

V. Case Law Developments

A. U.S. Supreme Court Grants Certiorari in E-Rate Fraud Claims Case

In June, the Supreme Court granted a petition for a writ of certiorari filed by Wisconsin Bell on the question whether reimbursement requests submitted to the Federal Communications Commission’s E-rate program are “claims” under the FCA. See United States ex rel. Heath v. Wis. Bell, 92 F.4th 654, 657 (7th Cir. 2024), cert. granted, 2024 WL 3014477 (U.S. June 17, 2024). The $4.5 billion E-rate program, established under the Telecommunications Act of 1996, provides discounted services to eligible schools and libraries for which service providers competitively bid on pricing and subsidize cost of service. It is funded by private money and administered by a non-profit company. (Note: Gibson Dunn represents Wisconsin Bell in this matter.)

After relator Todd Heath alleged in 2008 that Wisconsin Bell violated the FCA by over-charging schools and libraries, causing the federal government to pay more than it should have, id. at 658, Wisconsin Bell argued that the relator could not satisfy the FCA because, among other things, the E-rate program does not involve government funds, and reimbursement requests are not “claims” within the meaning of the FCA. The district court granted summary judgment for Wisconsin Bell, holding that the relator had not established falsity, scienter, or harm to the government fisc. Id. The Seventh Circuit reversed the district court’s grant of summary judgment. Id. at 671. By reinstating the relator’s claims, the Seventh Circuit created a circuit split with the Fifth Circuit, which had previously held that the FCA does not apply to E-Rate reimbursement requests because the government lacks a financial stake in the allegedly lost funds. See generally United States ex rel. Shupe v. Cisco Sys., Inc., 759 F.3d 379, 388 (5th Cir. 2014).

The certiorari petition was granted on June 17, and oral argument is set for November 4, 2024.

B. The Seventh Circuit Remands on Causation and Upholds Damages Award Against Eighth Amendment Challenge

The Seventh Circuit heard argument in Stop Ill. Health Care Fraud, LLC v. Sayeed, 100 F.4th 899 (7th Cir. 2024) on the FCA causation issue but declined to take a position and remanded to the district court for further argument.

In Stop Ill. Health Care Fraud, Management Principles Inc. (“Management Principles”), a healthcare management company which provided home-based medical services to Medicare recipients, as well as its two subsidiaries and owner, faced AKS allegations for paying Healthcare Consortium of Illinois (“Healthcare Consortium”) $5,000 monthly in exchange for patient referrals. Id. at 902–03. The company allegedly relied on referrals from Healthcare Consortium, a healthcare diagnostic organization, that would refer seniors to local in-home healthcare providers. Id. Management Principles allegedly paid this organization $90,000 for referrals and access to client data, and allegedly billed the federal government over $700,000 for services provided to clients referred by Healthcare Consortium. Id. at 903. Following a bench trial, the district court found that this scheme violated the AKS by paying to induce referrals for medical services. Id. at 904. The district court also found the defendants liable under the FCA for submitting claims for payments stemming from an unlawful referral arrangement. Id. The district court imposed a judgment of nearly $6,000,000, comprised of the sum of per-claim penalties of $5,500 per claim and treble the value of the Medicare claims at issue. Id. The defendants appealed, challenging causation and the award of damages and penalties, “arguing that it [was] constitutionally excessive under the Eighth Amendment and improperly divorced form the actual loss incurred by the government.” Id. at 906.

The Seventh Circuit held the “resulting from” language in the AKS means “at a minimum, every claim that forms the basis of FCA liability must be false by virtue of the fact that the claims are for services that were referred in violation of the Anti-Kickback Statute.” Id. at 908. The court explained that it was “not able to determine with confidence whether any of the services represented in the plaintiff’s loss spreadsheet were provided to patients lawfully referred to the defendants by the [Healthcare] Consortium.” Id. at 909. The court remanded the case back to the district court for the limited task of determining which claims, if any, were the result of a referral process outside the kickback scheme. Id. at 909–10. Thus, in doing so, the Seventh Circuit declined to weigh in conclusively on the proper causation standard for AKS-predicated FCA claims, id. at 909, leaving the Seventh Circuit without a definitive position on either side of the deepening circuit split on this issue, which we covered in our 2023 Mid-Year and End-Year Updates. In declining to take a position, however, the Seventh Circuit signaled that, if it does take a side in the debate, it is unlikely to hold that the existence of a kickback “taints” all subsequent claims for payment, regardless of any causal connection between the kickback and the claims. The court made clear that “[t]hat broad suggestion . . . is inconsistent with [the FCA’s] directive that a false claim must ‘result[] from’ an unlawful kickback.” Id. (second alteration in original). We will continue to closely monitor developments around this issue, including as the related Regeneron case in the First Circuit proceeds to oral argument this summer.

Additionally, the Seventh Circuit also addressed whether the nearly $6 million judgment was unconstitutionally excessive under the Eight Amendment. The court held that the judgment did not violate the Eighth Amendment’s Excessive Fines Clause, but that the district court still erred by calculating those damages based on Medicare claims that might not have been related to the kickback scheme. Id. at 906–07. The court explained that while the Seventh Circuit has not explicitly held whether the Excessive Fines Clause applies to civil penalties under the FCA, the judgment in this particular case would not violate the clause even if it were to apply. Id. The Seventh Circuit held that because the defendants established an extensive scheme that defrauded the government, exploited the private health information of seniors, and undermined the public’s faith in government programs, the judgment was not “grossly disproportional to the gravity of the defendant’s offense,” thereby passing Eighth Amendment scrutiny. Id..

C. The Sixth Circuit Holds Courts Can Require Plaintiffs Take All Reasonable Steps to Dismiss an FCA Suit, Including Seek Government Consent

A relator cannot unilaterally settle FCA claims without the government’s consent. See 31 U.S.C. § 3730 (requiring the government’s consent to any voluntary dismissal of a qui tam case). In State Farm Mut. Auto. Ins. Co. v. Angelo, the Sixth Circuit clarified what steps a court can require a party take to dismiss a FCA suit. 95 F.4th 419 (6th Cir. 2024).

After State Farm sued Michael Angelo, alleging RICO violations, the parties entered into a settlement agreement. Id. at 424. In the agreement, Angelo agreed to take “all steps necessary” to release claims against State Farm. Id. Before the agreement was signed, Angelo filed an FCA suit against State Farm. Id. Because qui tam suits are required to be filed under seal, State Farm was unaware of the case until after the RICO settlement agreement was signed and the complaint was unsealed and served on State Farm. Id. In the ensuing litigation over State Farm’s motion to dismiss the FCA claims, Angelo argued that he could not dismiss the claims because the FCA prohibits relators from dismissing qui tam cases without the government’s consent. Id. at 425. The district court granted State Farm’s motion, ordering Angelo to take all steps necessary to dismiss his FCA claims, including seeking the necessary government consent. Id.

On appeal, the Sixth Circuit upheld the district court’s orders enforcing the RICO settlement agreement. The court explained that while “the FCA statute demands government consent before a qui tam relator can dismiss an FCA claim[,]” the law does not “prevent[] a relator from seeking the required consent or prohibit[] a district court from ordering a relator to seek such consent.” Id. at 429–30 (emphasis in original). The Sixth Circuit rejected Angelo’s argument that under this interpretation, the settlement agreement violates the public policy rationale behind the FCA. Id. at 430. The court held that the “primary goals of the FCA are to incentivize private individuals to bring suit and to alert the government to potential fraud,” goals which the RICO settlement did not undermine. Id. Because Angelo had filed the FCA suit two years before the settlement was signed, both Angelo and the government had ample time to investigate the claims. Id. at 431. The court further explained that even if there had not been ample time, the government still had the opportunity to deny consent to dismiss or to file its own FCA claims, as it was not a party to the RICO settlement and thus was not bound by agreement requiring Angelo to take steps to effectuate dismissal of the qui tam case. Id. at 432.

D. The Second Circuit Clarifies When a Worker Engages in “Protected Activity”

The FCA prohibits retaliation against employees who report potential FCA violations. See 31 U.S.C. § 3730(h)(1). In Pilat v. Amedisys, Inc., workers claimed they were fired in retaliation for raising concerns about certain practices of Amedisys, a home health and hospice company. No. 23-566, 2024 WL 177990 (2d Cir. Jan. 17, 2024). The workers alleged that they disclosed to superiors that Amedisys falsely certified unqualified patients for home care, provided unnecessary and improper treatment, falsified time records, and manipulated patient records. Id. at *1. These schemes allegedly resulted in fraudulent bills to the government for reimbursement under the Medicare and Medicaid programs. Id. The workers alleged that after they expressed concerns over the unethical nature of these practices and their effects on the health of patients and refused to comply with instructions to carry out these practices, Amedisys fired them. Id. at *1–2. The district court held that the Plaintiffs did not have a valid retaliation claim since they did not “engage in protected activity under the statute.” Id. at *1. The court explained that the complaints were “more appropriately characterized as concerns about patient care[,]” and “did ‘not have anything to do with potential false claims.’” Id. at *9 (citing United States v. Amedisys, No. 17-CV-136, 2023 WL 2481144, at *9 (W.D.N.Y. Mar. 13, 2023)).

The Second Circuit reversed and explained that “relators engage in protected activity if they engage in ‘efforts to stop 1 or more violations of’ the FCA.” Pilat, 2024 WL 177990 at *2 (quoting 31 U.S.C. § 3730(h)(1)). Such efforts can include raising concerns to supervisors or refusing to engage in violative practices. Id. Because in this case the workers refused to comply with instructions to engage in conduct that would have violated the FCA, they made “efforts to stop 1 or more violations,” even if their main concern was the safety of patients. Id. The court further rejected the district court reasoning that the Plaintiffs only raised concerns of patient care, not fraud. Even if the complaints were based on concerns of patient care, the Plaintiffs still raised concerns that the amounts billed to the government did not match the actual time spent treating patients, a concern which clearly implicated potential fraud. Id.

E. The Second Circuit Affirms Heightened Scienter Under the Anti-Kickback Statute

While the FCA is a civil statute, DOJ and relators often allege that violations of the AKS—a criminal statute—are what made certain claims for payment false. The two statutes contain different scienter requirements. The FCA imposes liability on any person who “knowingly presents . . . a false or fraudulent claim [to the government] for payment or approval.” 31 U.S.C. § 3729(a)(1)(A). The FCA defines “knowingly” to mean that a person (1) “has actual knowledge of the information,” (2) “acts in deliberate ignorance of the truth or falsity of the information,” or (3) “acts in reckless disregard of the truth or falsity of the information,” and “require[s] no proof of a specific intent to defraud.” 31 U.S.C. § 3729(b)(1)(A-B). The Supreme Court recently clarified that the FCA’s “knowingly” standard refers to the defendant’s knowledge and subjective beliefs, not what an objectively reasonable person might have known or believed. United States ex rel. Schutte v. SuperValu Inc., 143 S. Ct. 1391, 1404 (2023). The AKS, on the other hand, imposes liability on any person who “knowingly and willfully makes or causes to be made any false statement or representation of a material fact in any application for any benefit or payment under a Federal health care program.” 42 U.S.C. § § 1320a–7b. In United States ex rel. Hart v. McKesson Corp., the Second Circuit affirmed a key decision interpreting the willfulness requirement in cases where an FCA violation is premised on a violation of the AKS. 96 F.4th 145 (2d Cir. 2024).

Plaintiffs alleged that Defendants operated an illegal kickback scheme in violation of the AKS and the FCA. Id. at 150. According to the complaint, McKesson offered business management tools for free to customers who agreed to solely purchase drugs from McKesson. Id. at 151–52. Plaintiffs alleged that this scheme violated the AKS and thus the FCA. Id. The district court granted McKesson’s motion to dismiss, holding that to act “willfully” as required by the AKS, “a defendant must act knowing that its conduct is, in some way, unlawful,” a standard Hart failed to plead. Id. at 150. The district court held that because the FCA claim was premised on the AKS claims alone, the defendant failed to plausibly allege an FCA claim. Id.

The Second Circuit affirmed and interpreted the AKS’s “willful” requirement to mean that “a defendant must act with a ‘bad purpose’” and “‘with knowledge that his conduct was unlawful.’” Id. at 157 (quoting Bryan v. United States, 524 U.S. 184, 191 (1998)). The court held that “to violate the AKS, a defendant must act knowing that his conduct is unlawful, even if the defendant is not aware that his conduct is unlawful under the AKS specifically.” Id. at 154 (citing Pfizer v. U.S. Dep’t of Health & Hum. Servs., 42 F.4th 67, 77 (2d Cir. 2022)). The court held that “a defendant’s knowledge of his general legal obligations is not enough if he does not also know that his actions violate those obligations,” id. at 158, and affirmed the dismissal of Hart’s claim for failure to plead willfulness adequately, id. at 157–59. Notably, the Second Circuit looked to the specific knowledge of individuals other than the relator when determining whether the Plaintiff adequately pleaded willfulness. Id. at 160–62 (rejecting relator’s argument that he sufficiently alleged scienter because he pleaded that he told a supervisor that he thought certain conduct violated company policies).

VI. Conclusion

We will monitor these developments, along with other FCA legislative activity, settlements, and jurisprudence throughout the year and report back in our 2024 False Claims Act Year-End Update, which we will publish in early 2025.

[1] These figures, and the summaries that follow, cover the period from January 1, 2024 through June 30, 2024 and focus on settlements valued at $2 million or more.

[2] See Press Release, U.S. Atty’s Office for the Dist. of Del., ChristianaCare Pays $42.5 Million To Resolve Health Care Fraud Allegations (Jan. 4, 2024), https://www.justice.gov/usao-de/pr/christianacare-pays-425-million-resolve-health-care-fraud-allegations-0.

[3] See Press Release, U.S. Atty’s Office for the Middle Dist. of Fl., Florida Research Hospital Agrees To Pay More Than $19.5 Million To Resolve Liability Relating To Self-Disclosure Of Improper Billing For Clinical Trial Costs (Jan. 4, 2024), https://www.justice.gov/usao-mdfl/pr/florida-research-hospital-agrees-pay-more-195-million-resolve-liability-relating-self.

[4] See Press Release, U.S. Atty’s Office for the Middle Dist. of Tenn., Memphis-Based Methodist Le Bonheur Healthcare and Methodist Healthcare-Memphis Hospitals Pay $7.25 Million to Settle Allegations that They Violated the False Claims Act (Jan. 4, 2024), https://www.justice.gov/usao-mdtn/pr/memphis-based-methodist-le-bonheur-healthcare-and-methodist-healthcare-memphis.

[5] See Press Release, Dep’t of Justice, Home Healthcare Company Agrees to Pay Nearly $10 Million to Resolve False Claims Act Allegations Relating to Its Participation in the Energy Employees Occupational Illness Compensation Program (Jan. 5, 2024), https://www.justice.gov/opa/pr/home-healthcare-company-agrees-pay-nearly-10-million-resolve-false-claims-act-allegations.

[6] See Press Release, Dep’t of Justice, New Jersey Laboratory and Its Owner and CEO Agree to Pay Over $13 Million to Settle Allegations of Kickbacks and Unnecessary Testing (Jan. 10, 2024), https://www.justice.gov/opa/pr/new-jersey-laboratory-and-its-owner-and-ceo-agree-pay-over-13-million-settle-allegations.

[7] See Press Release, U.S. Atty’s Office for the Dist. of N.J., New Jersey Hospital and Investors to Pay United States $30.6 Million for Alleged False Claims (Jan. 16, 2024), https://www.justice.gov/usao-nj/pr/new-jersey-hospital-and-investors-pay-united-states-306-million-alleged-false-claims#:~:text=Alleged%20False%20Claims-,New%20Jersey%20Hospital%20and%20Investors%20to%20Pay%20United,Million%20for%20Alleged%20False%20Claims&text=NEWARK%2C%20N.J.%20%E2%80%93%20A%20New%20Jersey,violations%2C%20U.S.%20Attorney%20Philip%20R.

[8] See Press Release, U.S. Atty’s Office for the Dist. of Idaho, AmeriHealth Clinics Consent to a $2 Million Judgment to Resolve Healthcare Fraud Allegations (Jan. 17, 2024), https://www.justice.gov/usao-id/pr/amerihealth-clinics-consent-2-million-judgment-resolve-healthcare-fraud-allegations.

[9] See Press Release, U.S. Atty’s Office for the Dist. of Pa., Current and Former Owners of Center City Philadelphia Pharmacy Agree to Pay Over $4.6 Million to Resolve Civil Investigations of Improper Medicare and Medicaid Billing (Jan. 23, 2024), https://www.justice.gov/usao-edpa/pr/current-and-former-owners-center-city-philadelphia-pharmacy-agree-pay-over-46-million.

[10] See Press Release, U.S. Atty’s Office for the Dist. of S.C., Durable Medical Equipment Companies to Pay Millions in False Claims Settlement (Jan. 26, 2024), https://www.justice.gov/usao-sc/pr/durable-medical-equipment-companies-pay-millions-false-claims-settlement.

[11] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Ky., Kentucky Lab Agrees to $4.9 Million Civil Judgment and Drug Treatment Center Enters Settlement to Pay $2.2 Million to Resolve False Claims Act Allegations (Jan. 30, 2024), https://www.justice.gov/usao-edky/pr/kentucky-lab-agrees-49-million-civil-judgment-and-drug-treatment-center-enters.

[12] See Press Release, U.S. Atty’s Office for the Mid. Dist. of Pa., Penn State Health Agrees To Pay More Than Eleven Million Dollars Following Its Voluntary Disclosure Of Improper Billings Related To Medicare Annual Wellness Visit Services (Feb. 7, 2024), https://www.justice.gov/usao-mdpa/pr/penn-state-health-agrees-pay-more-eleven-million-dollars-following-its-voluntary.

[13] See Press Release, U.S. Atty’s Office for the Southern Dist. of N.Y., U.S. Attorney Announces $25.5 Million Settlement With Durable Medical Equipment Supplier Lincare Inc. For Fraudulent Billing Practices (Feb. 15, 2024), https://www.justice.gov/usao-sdny/pr/us-attorney-announces-255-million-settlement-durable-medical-equipment-supplier.

[14] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Ky., Lexington Lab Agrees to $10.4 Million in Civil Judgments to Resolve False Claims Act Allegations; Owner and Lab Officer Sentenced to Prison (Feb. 16, 2024), https://www.justice.gov/usao-edky/pr/lexington-lab-agrees-104-million-civil-judgments-resolve-false-claims-act-allegations.

[15] See Press Release, U.S. Dep’t of Justice, Opioid Manufacturer Endo Health Solutions Inc. Agrees to Global Resolution of Criminal and Civil Investigations into Sales and Marketing of Branded Opioid Drug (Feb. 29, 2024), https://www.justice.gov/opa/pr/opioid-manufacturer-endo-health-solutions-inc-agrees-global-resolution-criminal-and-civil; Settlement Agreement, Endo Health Solutions Inc., https://content.govdelivery.com/attachments/USDOJOPA/2024/02/29/file_attachments/2799079/Endo%20Civil%20FCA%20Settlement%20Agmt%20%28Fully%20Executed%29.pdf.

[16] See Press Release, U.S. Atty’s Office for the Northern Dist. of Ga., Georgia Laboratory Owner Pleads Guilty to Felony Charge and Agrees to Pay $14.3 Million to Resolve False Claims Act Allegations (Feb. 28, 2024), https://www.justice.gov/usao-ndga/pr/georgia-laboratory-owner-pleads-guilty-felony-charge-and-agrees-pay-143-million; Settlement Agreement, U.S. Dep’t of Justice and Capstone Laboratories (Feb. 28, 2024), https://www.justice.gov/opa/media/1340321/dl?inline.

[17] See Press Release, U.S. Atty’s Office for the Eastern Dist. of N.Y., New York-Presbyterian/Brooklyn Methodist Hospital Settles Health Care Fraud Claims for $17.3 Million (Mar. 12, 2024), https://www.justice.gov/usao-edny/pr/new-york-presbyterianbrooklyn-methodist-hospital-settles-health-care-fraud-claims-173.

[18] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Pa., Generic Pharmaceuticals Manufacturer Pleads Guilty, Agrees to $1.5 Million Criminal Penalty for Distributing Adulterated Drugs and $2 Million to Resolve Civil Liability under the False Claims Act (Mar. 6, 2024), https://www.justice.gov/usao-edpa/pr/generic-pharmaceuticals-manufacturer-pleads-guilty-agrees-15-million-criminal-penalty.

[19] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Pa., Philadelphia Pharmacy Criminal Pleas and Civil Resolutions Result in Multiple Criminal Convictions and Over $4 Million Recovered (Mar. 20, 2024), https://www.justice.gov/usao-edpa/pr/philadelphia-pharmacy-criminal-pleas-and-civil-resolutions-result-multiple-criminal.

[20] See Press Release, U.S. Dep’t of Justice, Gamma Healthcare and Three of Its Owners Agree to Pay $13.6 Million for Allegedly Billing Medicare for Lab Tests That Were Not Ordered or Medically Necessary (Mar. 27, 2024), https://www.justice.gov/opa/pr/gamma-healthcare-and-three-its-owners-agree-pay-136-million-allegedly-billing-medicare-lab.

[21] See Press Release, U.S. Atty’s Office for the Southern Dist. of Ohio, Cincinnati healthcare staffing company agrees to pay $9.25 million to resolve visa fraud investigations (Mar. 25, 2024), https://www.justice.gov/usao-sdoh/pr/cincinnati-healthcare-staffing-company-agrees-pay-925-million-resolve-visa-fraud.

[22] See Press Release, U.S. Atty’s Office for the Southern Dist. of N.Y., U.S. Attorney Announces $3.1 Million False Claims Act Settlement With Radiology Company And Its CEO For Fraudulent Billing Practices (Mar. 28, 2024), https://www.justice.gov/usao-sdny/pr/us-attorney-announces-31-million-false-claims-act-settlement-radiology-company-and-its; Stipulation and Order of Settlement and Dismissal (Mar. 26, 2024), https://www.justice.gov/usao-sdny/media/1345696/dl.

[23] See Press Release, U.S. Atty’s Office for the Western Dist. of Tex., Oncology Practice, Physicians, and Reference Laboratory To Pay Over $4 Million to Settle False Claims Act Allegations (Apr. 2, 2024), https://www.justice.gov/usao-wdtx/pr/oncology-practice-physicians-and-reference-laboratory-pay-over-4-million-settle-false.

[24] See Press Release, U.S. Atty’s Office for the Central Dist. of Cal., San Gabriel Valley-Based Nursing Home Chain and Executives to Pay Over $7 Million to Settle COVID-Related False Claims Allegations (Apr. 26, 2024), https://www.justice.gov/usao-cdca/pr/san-gabriel-valley-based-nursing-home-chain-and-executives-pay-over-7-million-settle; Settlement Agreement, U.S. Dep’t of Justice and ReNew (Apr. 26, 2024), https://www.justice.gov/opa/media/1349866/dl?inline.

[25] See Press Release, U.S. Dep’t of Justice, Office of Public Affairs, Staffing Company to Pay $2.7M for Alleged Failure to Provide Adequate Cybersecurity for COVID-19 Contact Tracing Data (May 1, 2024), https://www.justice.gov/opa/pr/staffing-company-pay-27m-alleged-failure-provide-adequate-cybersecurity-covid-19-contact; Settlement Agreement, U.S. Dep’t of Justice and Insight Global (May 15, 2024), https://www.justice.gov/opa/media/1350311/dl?inline.

[26] See Press Release, U.S. Dep’t of Justice, Elara Caring Agrees to Pay $4.2 Million to Settle False Claims Act Allegations That It Billed Medicare for Ineligible Hospice Patients (May 1, 2024), https://www.justice.gov/opa/pr/elara-caring-agrees-pay-42-million-settle-false-claims-act-allegations-it-billed-medicare.

[27] See Press Release, U.S. Atty’s Office for the Dist. of N.J., Florida Businessman Daniel Hurt to Pay Over $27 Million for Medicare Fraud in Connection With Cancer Genomic Tests (May 24, 2024), https://www.justice.gov/usao-nj/pr/florida-businessman-daniel-hurt-pay-over-27-million-medicare-fraud-connection-cancer.

[28] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Mich., Local Physician and Practice Agree to Pay Over $2 Million to Settle False Claims Act Allegations (May 8, 2024), https://www.justice.gov/usao-edmi/pr/local-physician-and-practice-agree-pay-over-2-million-settle-false-claims-act/.

[29] See Press Release, U.S. Atty’s Office for the Dist. of Mass., Cape Cod Hospital to Pay $24.3 Million to Resolve Allegations That It Failed to Comply With Medicare Cardiac Procedure Rules (May 16, 2024), https://www.justice.gov/usao-ma/pr/cape-cod-hospital-pay-243-million-resolve-allegations-it-failed-comply-medicare-cardiac; Settlement Agreement, U.S. Dep’t of Justice and Cape Cod Hospital (May 16, 2024), https://www.justice.gov/usao-ma/media/1352226/dl.

[30] See Press Release, U.S. Atty’s Office for the Northern Dist. of Ohio, Cleveland Clinic to Pay Over $7 Million to Settle Allegations of Undisclosed Foreign Sources of Funding on NIH Grant Applications and Reports (May 17, 2024), https://www.justice.gov/usao-ndoh/pr/cleveland-clinic-pay-over-7-million-settle-allegations-undisclosed-foreign-sources.

[31] See Press Release, U.S. Atty’s Office for the Southern Dist. of N.Y., U.S. Attorney Announces $10.1 Million Settlement With Managed Long-Term Care Plan For Improper Receipt Of Medicaid Payments (May 23, 2024), https://www.justice.gov/usao-sdny/pr/us-attorney-announces-101-million-settlement-managed-long-term-care-plan-improper.

[32] See Press Release, Dept. of Justice, Office of Public Affairs, Medical Device Manufacturer Innovasis Inc. and Two Top Executives Agree to Pay $12M to Settle Allegations of Improper Payments to Physicians (May 29, 2024), https://www.justice.gov/opa/pr/medical-device-manufacturer-innovasis-inc-and-two-top-executives-agree-pay-12m-settle.

[33] See Press Release, U.S. Atty’s Office for the Middle Dist. of Fl., Chronic Disease Management Provider to Pay $14.9M to Resolve Alleged False Claims (June 5, 2024), https://www.justice.gov/usao-mdfl/pr/chronic-disease-management-provider-pay-149m-resolve-alleged-false-claims; Settlement Agreement, U.S. Dep’t of Justice and Bluestone National, LLC (June 5, 2024), https://www.justice.gov/opa/media/1354511/dl?inline=&utm_medium=email&utm_source=govdelivery.

[34] See Press Release, U.S. Atty’s Office for the Eastern Dist. of N.Y., Queens and Brooklyn-Based Eye Doctor Settles Health Care Fraud Claims for More Than $2.4 Million (June 6, 2024), https://www.justice.gov/usao-edny/pr/queens-and-brooklyn-based-eye-doctor-settles-health-care-fraud-claims-more-24-million.

[35] See Press Release, U.S. Atty’s Office for the Northern Dist. of Ill., Chicago Health Care Company and Its Former Owners To Pay Nearly $2 Million To Settle False Claims Act Lawsuit (June 18, 2024), https://www.justice.gov/usao-ndil/pr/chicago-health-care-company-and-its-former-owners-pay-nearly-2-million-settle-false; Settlement Agreement, U.S. Dep’t of Justice and KFM Holdings et al. (June 17, 2024), https://www.justice.gov/usao-ndil/media/1356316/dl?inline.

[36] See Press Release, U.S. Atty’s Office for the Southern Dist. Of Tex., Texas Medical Center Institutions Agree to Pay $15M Record Settlement Involving Concurrent Billing Claims for Critical Surgeries, https://www.justice.gov/usao-sdtx/pr/texas-medical-center-institutions-agree-pay-15m-record-settlement-involving-concurrent.

[37] See Press Release, U.S. Atty’s Office for the Southern Dist. of Tex., Hilcorp San Juan resolves False Claims Act claims for oil and natural gas royalty underpayments to the United States (Jan. 19, 2024), https://www.justice.gov/usao-sdtx/pr/hilcorp-san-juan-resolves-false-claims-act-claims-oil-and-natural-gas-royalty.

[38] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Mich., Federal Subcontractor Agrees to Pay $5 Million to Settle False Claims Act Allegations (Jan. 30, 2024), https://www.justice.gov/usao-edmi/pr/federal-subcontractor-agrees-pay-5-million-settle-false-claims-act-allegations.

[39] See Complaint, United States ex rel. The Arora Group, Inc. v. Planned Systems International, Inc., No. 1:21-cv-657 (May 28, 2021 E.D. Va.).

[40] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Va., Government Contractors Agree to Pay $3.9 Million to Resolve Claims of Misrepresenting Women-Owned Small Business Status (Jan. 30, 2024), https://www.justice.gov/usao-edva/pr/government-contractors-agree-pay-39-million-resolve-claims-misrepresenting-women-owned.

[41] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Va., Argus Information & Advisory Services agrees to pay $37M to settle allegations that it misused data obtained under government contracts (Mar. 12, 2024), https://www.justice.gov/usao-edva/pr/argus-information-advisory-services-agrees-pay-37m-settle-allegations-it-misused-data.

[42] See Press Release, U.S. Dep’t of Justice, Consolidated Nuclear Security Agrees to Pay $18.4 Million to Settle False Claims Act Allegations of Timecard Fraud (Apr. 23, 2024), https://www.justice.gov/opa/pr/consolidated-nuclear-security-agrees-pay-184-million-settle-false-claims-act-allegations; Settlement Agreement, Consolidated Nuclear Security, LLC (Apr. 22, 2024), https://www.justice.gov/opa/media/1349116/dl?inline.

[43] See Press Release, U.S. Atty’s Office for the Dist. of Vt. Galvion To Pay $2,495,000 To Resolve False Claims Act Allegations (June 6, 2024), https://www.justice.gov/usao-vt/pr/galvion-pay-2495000-resolve-false-claims-act-allegations.

[44] See Press Release, Dep’t of Justice, CityMD Agrees to Pay Over $12M for Alleged False Claims to the COVID-19 Uninsured Program (June 7, 2024), https://www.justice.gov/opa/pr/citymd-agrees-pay-over-12-million-alleged-false-claims-covid-19-uninsured-program.

[45] See Press Release, U.S. Atty’s Office for the Northern Dist. of N.Y., Consulting Companies to Pay $11.3 Million for Failing to Comply with Cybersecurity Requirements in Federally Funded Contract (June 17, 2024), https://www.justice.gov/usao-ndny/pr/consulting-companies-pay-113-million-failing-comply-cybersecurity-requirements.

[46] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Wis., Sikorsky Support Services, Inc. and Derco Aerospace, Inc. Agree to Pay $70 Million to Settle False Claims Act Allegations of Improper Markups on Spare Parts for Navy Trainer Aircraft (June 21, 2024), https://www.justice.gov/usao-edwi/pr/sikorsky-support-services-inc-and-derco-aerospace-inc-agree-pay-70-million-settle.

[47] See Press Release, U.S. Atty’s Office for the Western Dist. of Wash., Automobile accessory company Yakima Products Inc. settles allegations failed to pay duties on extruded aluminum from China (Jan. 31, 2024), https://www.justice.gov/usao-wdwa/pr/automobile-accessory-company-yakima-products-inc-settles-allegations-failed-pay-duties.

[48] See Press Release, U.S. Atty’s Office for the Dist. of Colo., Two Southeastern Colorado Farmers Sentenced to Federal Prison and Will Pay Over $6.5 Million for Defrauding Federal Crop Insurance Programs (Feb. 29, 2024), https://www.justice.gov/usao-co/pr/two-southeastern-colorado-farmers-sentenced-federal-prison-and-will-pay-over-65-million.

[49] See Press Release, U.S. Atty’s Office for the Dist. Of N.J., South Carolina Construction Company and Its Owner Settle Matter Alleging Receipt of Improper CARES Act Loans (Apr. 26, 2024), https://www.justice.gov/usao-nj/pr/south-carolina-construction-company-and-its-owner-settle-matter-alleging-receipt.

[50] See Press Release, U.S. Atty’s Office for the Dist. Of N.J., Owner of New Jersey Company Admits to Evading U.S. Customs Duties and His Company Agrees to $3.1 Million Settlement Agreement (Mar. 21, 2024), https://www.justice.gov/usao-nj/pr/owner-new-jersey-company-admits-evading-us-customs-duties-and-his-company-agrees-31; Information, U.S. v. George Volpe, available at https://www.justice.gov/usao-nj/media/1344671/dl?inline.

[51] See Press Release, U.S. Atty’s Office for the Dist. of D.C., Hahn Air Lines Agrees to Pay $26.8 Million to Resolve False Claims Act Liability for Its Alleged Failure to Pay Travel Fees Collected from Passengers (May 2, 2024), https://www.justice.gov/usao-dc/pr/hahn-air-lines-agrees-pay-268-million-resolve-false-claims-act-liability-its-alleged.

[52] See Press Release, U.S. Atty’s Office for the Dist. of Mass., Kabbage Agrees to Pay up to $120 Million to Resolve Allegations that it Defrauded the Paycheck Protection Program (May 13, 2024), https://www.justice.gov/usao-ma/pr/kabbage-agrees-pay-120-million-resolve-allegations-it-defrauded-paycheck-protection; Settlement Agreement, U.S. Dep’t of Justice and Kabbage, Inc. (May 13, 2024), https://www.justice.gov/usao-ma/media/1351711/dl; Settlement Agreement, U.S. Dep’t of Justice and Kabbage, Inc. (May 13, 2024), https://www.justice.gov/usao-ma/media/1351716/dl.

[53] See Press Release, U.S. Atty’s Office for the Southern Dist. of Cal., Nonprofit Organizations Pay Over $5.8 Million to Resolve Allegations of Fraudulently Obtaining Pandemic-Related Loans (June 12, 2024), https://www.justice.gov/usao-sdca/pr/nonprofit-organizations-pay-over-58-million-resolve-allegations-fraudulently-obtaining.

[54] See Press Release, U.S. Atty’s Office for the Southern Dist. of N.Y., U.S. Attorney Announces $4.6 Million False Claims Act Settlement With Restaurants, Fur Apparel Companies, And Their Owners And Managers For Submitting False Information To Obtain Paycheck Protection Program Loans (June 20, 2024), https://www.justice.gov/usao-sdny/pr/us-attorney-announces-46-million-false-claims-act-settlement-restaurants-fur-apparel.

[55] See Press Release, U.S. Dep’t of Justice, Deputy Attorney General Lisa O. Monaco Announces New Civil Cyber-Fraud Initiative (Oct. 6, 2021), https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-new-civil-cyber-fraud-initiative.

[56] See Speech, U.S. Dep’t of Justice, Principal Deputy Assistant Attorney General Brian M. Boynton Delivers Remarks at the 2024 Federal Bar Association’s Qui Tam Conference (Feb. 22, 2024), https://www.justice.gov/opa/speech/principal-deputy-assistant-attorney-general-brian-m-boynton-delivers-remarks-2024.

[57] See United States ex rel. Matthew Decker v. Pennsylvania State University, 22-cv-03895-PD (E.D. Pa. Oct. 5, 2022).

[58] See Centers for Medicare & Medicaid Servs., Calendar Year (CY) 2025 Medicare Physician Fee Schedule Proposed Rule (July 10, 2024), https://www.cms.gov/newsroom/fact-sheets/calendar-year-cy-2025-medicare-physician-fee-schedule-proposed-rule.

[59] See 42 U.S.C. § 1320a-7k(d); 31 U.S.C. § 3729(a)(1)(G).

[60] See 42 U.S.C. § 1320a-7k(d).

[61] See, e.g., 42 C.F.R. § 422.326(c) (Medicare Advantage rule); see also 42 C.F.R. § 401.305(a)(2) (Part A and B rule), 42 C.F.R. § 423.360(c) (Part D rule) (both similar).

[62] See Dep’t of Health & Hum. Servs., Centers for Medicare & Medicaid Servs., Proposed Rule RIN 0938-AV33, at 1169 (hereinafter “Proposed PFS Rule”).

[63] See id. at 1171–72; see also UnitedHealthcare Ins. Co. v. Azar, 330 F. Supp. 3d 173, 191 (D.D.C. 2018), rev’d in part on other grounds sub nom. UnitedHealthcare Ins. Co. v. Becerra, 16 F.4th 867 (D.C. Cir. 2021).

[64] See Medicare Program; Contract Year 2015 Policy and Technical Changes to the Medicare

Advantage and the Medicare Prescription Drug Benefit Programs, 79 Fed. Reg. 29,844, 29,923

(May 23, 2014).

[65] Proposed PFS Rule at 1173.

[66] Id.

[67] See Speech, U.S. Dep’t of Justice, Deputy Attorney General Lisa Monaco Delivers Keynote Remarks at the American Bar Association’s 39th National Institute on White Collar Crime (Mar. 7, 2024), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-keynote-remarks-american-bar-associations.

[68] Id.

[69] Id.

[70] See id.

[71] Id.

[72] See Blog Post, U.S. Dep’t of Justice, Criminal Division’s Voluntary Self-Disclosures Pilot Program for Individuals (Apr. 22, 2024), https://www.justice.gov/opa/blog/criminal-divisions-voluntary-self-disclosures-pilot-program-individuals; U.S. Dep’t of Justice, Criminal Division Pilot Program On Voluntary Self-Disclosures For Individuals, https://www.justice.gov/criminal/criminal-division-pilot-program-voluntary-self-disclosures-individuals; U.S. Dep’t of Justice, Voluntary Self Disclosures for Individuals Policy (April 15, 2024), https://www.justice.gov/criminal/media/1347991/dl?inline.

[73] See Speech, U.S. Dep’t of Justice, Deputy Attorney General Lisa Monaco Delivers Keynote Remarks at the American Bar Association’s 39th National Institute on White Collar Crime (Mar. 7, 2024), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-keynote-remarks-american-bar-associations

[74] 31 U.S.C. § 3730(d)(3).

[75] State False Claims Act Reviews, HHS-OIG, https://oig.hhs.gov/fraud/state-false-claims-act-reviews/ (last visited July 1, 2024) (FCA Reviews); 42 U.S.C. § 1396h(a).

The following Gibson Dunn lawyers prepared this update: Jonathan Phillips, Winston Chan, John Partridge, James Zelenay, Michael Dziuban, Chumma Tum, Alyse Ullery, José Madrid, Mary Aline Fertin, Hayley Lawrence, Azad Niroomand, Nicole Waddick, Erin Wall, and Sara Zamani.

Gibson Dunn lawyers regularly counsel clients on the False Claims Act issues and are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s False Claims Act/Qui Tam Defense practice group:

Washington, D.C.
Jonathan M. Phillips – Co-Chair (+1 202.887.3546, [email protected])
Stuart F. Delery (+1 202.955.8515,[email protected])
F. Joseph Warin (+1 202.887.3609, [email protected])
Gustav W. Eyler (+1 202.955.8610, [email protected])
Lindsay M. Paulin (+1 202.887.3701, [email protected])
Geoffrey M. Sigler (+1 202.887.3752, [email protected])
Joseph D. West (+1 202.955.8658, [email protected])

San Francisco
Winston Y. Chan – Co-Chair (+1 415.393.8362, [email protected])
Charles J. Stevens (+1 415.393.8391, [email protected])

New York
Reed Brodsky (+1 212.351.5334, [email protected])
Mylan Denerstein (+1 212.351.3850, [email protected])
Alexander H. Southwell (+1 212.351.3981, [email protected])

Denver
John D.W. Partridge (+1 303.298.5931, [email protected])
Ryan T. Bergsieker (+1 303.298.5774, [email protected])
Robert C. Blume (+1 303.298.5758, [email protected])
Monica K. Loseman (+1 303.298.5784, [email protected])

Dallas
Andrew LeGrand (+1 214.698.3405, [email protected])

Los Angeles
James L. Zelenay Jr. (+1 213.229.7449, [email protected])
Nicola T. Hanna (+1 213.229.7269, [email protected])
Jeremy S. Smith (+1 213.229.7973, [email protected])
Deborah L. Stein (+1 213.229.7164, [email protected])
Dhananjay S. Manthripragada (+1 213.229.7366, [email protected])

Palo Alto
Benjamin Wagner (+1 650.849.5395, [email protected])

*Sara Zamani is an associate in the firm’s Denver office currently admitted to practice only in California.

We are pleased to provide you with Gibson Dunn’s Accounting Firm Quarterly Update for Q2 2024. The Update is available in .pdf format at the below link, and addresses news on the following topics that we hope are of interest to you:

PCAOB Undertakes Significant Standard-Setting and Rulemaking Projects
Supreme Court Issues Key Securities and Administrative Law Rulings
President Biden Vetoes Resolution Overturning SEC Crypto Accounting Guidance
Major Ruling in SEC Cybersecurity Case as SEC Clarifies Cyber Disclosure Obligations
SEC Permanently Suspends BF Borgers CPA PC and Grants Extension to Affected Registrants
Unanimous Fifth Circuit Panel Strikes Down SEC Private Funds Rule
European Parliament Adopts Corporate Sustainability Due Diligence Directive
PCAOB Staff Issues Spotlight Reports on Root Cause Analysis and Company Information
SEC Leaders Issue Regulation and Enforcement Statements
Other Recent SEC and PCAOB Enforcement and Regulatory Developments

Please let us know if there are topics that you would be interested in seeing covered in future editions of the Update.

Download Full Newsletter

Warmest regards,
Jim Farrell
Monica Loseman
Michael Scanlon

Chairs, Accounting Firm Advisory and Defense Practice Group, Gibson, Dunn & Crutcher LLP

In addition to the practice group chairs, this update was prepared by David Ware, Timothy Zimmerman, Benjamin Belair, Adrienne Tarver, and Monica Limeng Woolley.

Accounting Firm Advisory and Defense Group Chairs:

James J. Farrell – Co-Chair, New York (+1 212-351-5326, [email protected])

Monica K. Loseman – Co-Chair, Denver (+1 303-298-5784, [email protected])

Michael Scanlon – Co-Chair, Washington, D.C.(+1 202-887-3668, [email protected])

From the Derivatives Practice Group: ISDA released their Document Negotiation Survey, which found that the average time taken to negotiate key derivatives documents hasn’t fallen since 2006.

New Developments

CFTC Staff Issues No-Action Letter Regarding Reporting and Recordkeeping Requirements for Fully Collateralized Binary Options. On July 12, the CFTC announced the Division of Market Oversight and the Division of Clearing and Risk have taken a no-action position regarding swap data reporting and recordkeeping regulations in response to a request from ForecastEx LLC, a designated contract market and derivatives clearing organization. The divisions will not recommend the Commission initiate an enforcement action against ForecastEx or its participants for certain swap-related recordkeeping requirements and for failure to report data associated with binary option transactions executed on or subject to the rules of ForecastEx to swap data repositories. [NEW]
President Biden Announced Intent to Nominate Julie Brinn Siegel as a Commissioner of the CFTC. On July 11, President Biden announced his intent to nominate Julie Brinn Siegel to be a Commissioner of the CFTC. Siegel currently serves as the federal government’s deputy chief operating officer as Senior Coordinator for Management at the Office of Management and Budget (OMB). Prior to that, Siegel served as Secretary of the Treasury Janet Yellen’s Deputy Chief of Staff and served as Senior Counsel and Policy Advisor to U.S. Senator Elizabeth Warren (D-MA). Last month, President Biden nominated CFTC Commissioner Johnson to be Assistant Secretary for Financial Institutions at the Department of Treasury and nominated CFTC Commissioner Christy Goldsmith Romero to be Chair and Member of the Federal Deposit Insurance Corporation (FDIC) which, if confirmed by the Senate, would leave open two Democratic Commissioner seats at the CFTC. Siegel, if nominated and confirmed by the Senate, would take the seat of Commissioner Goldsmith Romero.
First Interagency Fraud Disruption Conference Focuses on Combatting Crypto Schemes Commonly Known as “Pig Butchering.” On July 11, the CFTC and the DOJ’s Computer Crime and Intellectual Property Section’s National Cryptocurrency Enforcement Team (“NCET”) convened the first Fraud Disruption Conference to work on efforts to combat a type of fraud commonly known as “pig butchering.” It is estimated that Americans are scammed out of billions per year, making this a top law enforcement priority. The working group addressed strategies to prevent victimization; using technology to disrupt the fraud; and collaboration on enforcement efforts. Several agencies also collaborated on an anti-victimization messaging campaign to warn Americans to remain vigilant against emerging fraud threats.

New Developments Outside the U.S.

ESAs Publish Joint Final Report on the Draft Technical Standards on Subcontracting under DORA. On July 26, the European Supervisory Authorities published their joint Final Report on the draft Regulatory Technical Standards (“RTS”) specifying how to determine and assess the conditions for subcontracting information and communication technology (“ICT”) services that support critical or important functions under the Digital Operational Resilience Act (“DORA”). These RTS aim to enhance the digital operational resilience of the EU financial sector by strengthening the financial entities’ ICT risk management over the use of subcontracting. [NEW]
ESMA Sets Out Its Long Term Vision on the Functioning of the Sustainable Finance Framework. On July 24, ESMA published an Opinion on the Sustainable Finance Regulatory Framework, setting out possible long-term improvements. ESMA considers that, in the longer-term, the Framework could further evolve to facilitate investors’ access to sustainable investments and support the effective functioning of the Sustainable Investment Value Chain. The opinion recommends several action items, including that all financial products should disclose some minimum basic sustainability information, covering environmental and social characteristics, and a product categorization system, based on a set of clear eligibility criteria and binding transparency obligations. [NEW]
ESAs Establish Framework to Strengthen Coordination in Case of Systemic Cyber Incidents. On July 17, the ESAs announced they will establish the EU systemic cyber incident coordination framework (“EU-SCICF”), in the context of the Digital Operational Resilience Act (“DORA”), that will aim to facilitate an effective financial sector response to a cyber incident that poses a risk to financial stability, by strengthening the coordination among financial authorities and other relevant bodies in the European Union, as well as with key actors at international level.
ESAs Publish Second Batch of Policy Products under DORA. On July 17, the ESAs published the second batch of policy products under DORA. This batch consists of four final draft regulatory technical standards, one set of Implementing Technical Standards and 2 guidelines, all of which aim at enhancing the digital operational resilience of the EU’s financial sector.
Hong Kong HKMA and FSTB Publishes Results from Stablecoin Consultation. On July 17, 2024, the Hong Kong Monetary Authority (“HKMA”) and Financial Services and the Treasury Bureau (“FSTB”) published the Consultation Conclusions on the Legislative Proposal to Implement the Regulatory Regime for Stablecoin Issuers in Hong Kong (“Consultation Conclusions”). The Consultation Conclusions outlined the legislative proposal to implement a regulatory regime for fiat-referenced stablecoin (“FRS”) issuers in Hong Kong. The regime will primarily focus on representations of value which rest on ledgers that are operated in a decentralized manner in which no person has the unilateral authority to control or materially alter its functionality or operation. Under this regime, FRS issuers will require a license. Foreign entities intending to apply for a license will be required to establish a Hong Kong subsidiary and have key management personnel in the territory. [NEW]
ESMA Consults on Firms’ Order Execution Policies Under MiFID II. On July 16, ESMA launched a consultation on draft technical standards specifying the criteria for how investment firms establish and assess the effectiveness of their order execution policies. The objective of the proposed technical standards is to foster investor protection by enhancing investment firms’ order execution. [NEW]
ESMA Publishes 2023 Data on Cross-Border Investment Activity of Firms. On July 15, ESMA announced they completed an analysis of the cross-border provision of investment services during 2023. The main findings include that a total of around 386 firms provided services to retail clients on a cross-border basis in 2023; compared to 2022, the cross-border market for investment services grew by 1.6% in terms of firm numbers, and by 5% in terms of retail clients, while the number of complaints increased by 31%; and Germany, France, Spain, and Italy are the most significant destinations (in terms of number of retail clients) for investment firms providing cross-border services in other Member States. [NEW]
ESAs Consult on Guidelines under the Markets in Crypto-Assets Regulation. On July 12, the ESAs published a consultation paper on Guidelines under Markets in Crypto-assets Regulation (“MiCA”), establishing templates for explanations and legal opinions regarding the classification of crypto-assets along with a standardized test to foster a common approach to classification.
ESAs Report on the Use of Behavioral Insights in Supervisory and Policy Work. On July 11, the ESAs published a joint report following their workshop on the use of behavioral insights by supervisory authorities in their day-to-day oversight and policy work. The report provides a high-level overview of the main topics discussed during the workshop held in February 2024 for national supervisors and other competent authorities, where participants explored the added value of behavioral insights in their work by exchanging their experiences and discussing the challenges they face.
ESMA Publishes the 2024 ESEF Reporting Manual. On July 11, ESMA published the update of its Reporting Manual on the European Single Electronic Format (“ESEF”) supporting a harmonized approach for the preparation of annual financial reports. ESMA has also updated the Annex II of the Regulatory Technical Standards (“RTS”) on ESEF.

New Industry-Led Developments

ISDA Survey Shows Need for Greater Efficiency and Automation in Document Negotiation. ISDA has published its survey on document negotiation, which shows the average time taken to negotiate key derivatives documents hasn’t fallen since 2006, with some negotiations taking longer due to resource constraints, regulatory pressures and operational challenges. The ISDA Document Negotiation Survey collects and reports data on the composition, negotiation and digital automation of ISDA documentation. The results are based on responses from 42 institutions, most of which are banks or broker-dealers. [NEW]
ISDA Submits Letter to IASB on Contracts for Renewable Electricity. On July 17, ISDA submitted a comment letter to the International Accounting Standards Board (“IASB”) in response to its exposure draft, which seeks to address the accounting matters related to renewable electricity contracts and the impact on hedge accounting. ISDA provided additional information and proposed other instances, in addition to contracts for renewable electricity, where ISDA believes that hedge accounting with a variable notional should be permitted, such as balance guaranteed swaps. [NEW]
ISDA Publishes Response to Bank of England and Financial Conduct Authority on UK EMIR Refit. On July 23, ISDA responded to a consultation from the Bank of England (“BoE”) and Financial Conduct Authority (“FCA”) on the additional draft Q&A for position-level reporting of spread bets under the UK European Market Infrastructure Regulation (“UK EMIR”) Refit. In the response, ISDA agreed with the proposal to require reporting of spread bets at position level only, while highlighting that ISDA thinks that the requirement for all derivatives to be reported at the trade level, and the mutual agreement needed between parties for position-level reporting to occur.
ISDA Publishes Whitepaper: Hedge Accounting Under US GAAP. On July 16, ISDA published a whitepaper that explores the issues faced by financial and non-financial institutions in applying hedge accounting for interest rate risk, foreign exchange risk and other risks. It highlights both the prescriptive nature of Accounting Standards Codification 815 and the inconsistent interpretations among auditors, which together create operational burdens and can limit hedging strategies. The paper proposes potential solutions to these challenges, including the expansion of hedge eligibility and the revision of hedge accounting criteria, to allow better use of existing risk management tools.
ISDA and SIFMA Submit Addendum on GIRR Curvature to US Basel III NPR. On July 15, ISDA and the Securities Industry and Financial Markets Association (“SIFMA”) submitted an addendum to the joint US Basel III “endgame” notice of proposed rulemaking. The addendum contains a proposal for general interest rate risk (“GIRR”) curvature to fix an issue that was recently identified.
ISDA Chief Executive Officer Scott O’Malia Offers Informal Comments on Terminating Derivatives Contracts. On July 15, ISDA CEO Scott O’Malia opined on the process to terminate a derivatives contract. ISDA is developing wo initiatives – the ISDA Close-out Framework and the ISDA Notices Hub – that will help ensure a key part of the termination process is more efficient. The ISDA Close-out Framework is designed to illustrate the various steps and decisions firms need to take and is intended as a preparatory tool for future stress events. The ISDA Notices Hub allows the instantaneous delivery and receipt of notices via a secure online platform, eliminating risk exposures and potential losses that can result from delays in terminating derivatives contracts.

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Derivatives practice group, or the following practice leaders and authors:

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, [email protected])

Michael D. Bopp, Washington, D.C. (202.955.8256, [email protected])

Michelle M. Kirschner, London (+44 (0)20 7071.4212, [email protected])

Darius Mehraban, New York (212.351.2428, [email protected])

Jason J. Cabral, New York (212.351.6267, [email protected])

Adam Lapidus – New York (212.351.3869, [email protected] )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, [email protected])

William R. Hallatt , Hong Kong (+852 2214 3836, [email protected] )

David P. Burns, Washington, D.C. (202.887.3786, [email protected])

Marc Aaron Takagaki , New York (212.351.4028, [email protected] )

Hayden K. McGovern, Dallas (214.698.3142, [email protected])

Karin Thrasher, Washington, D.C. (202.887.3712, [email protected])

Quach v. California Commerce Club, Inc., S275121 – Decided July 25, 2024

The California Supreme Court held yesterday that, consistent with federal law, California courts should not consider prejudice to the party resisting arbitration when deciding whether a party has waived its right to compel arbitration.

“Because the state law arbitration-specific prejudice requirement finds no support in statutory language or legislative history, we now abrogate it.”

Justice Groban, writing for the Court

Background:

Parties can waive their right to compel arbitration by waiting too long to assert it or engaging in other conduct inconsistent with an intent to arbitrate. Under the test for waiver the California Supreme Court adopted in St. Agnes Medical Center v. PacifiCare of California (2003) 31 Cal.4th 1187, the most “critical” (and often “determinative”) factor is prejudice to the party resisting arbitration. The St. Agnes rule is an arbitration-specific exception to general state-law principles governing waiver of contract rights, which focus entirely on the conduct of the party that assertedly waived the right. In Morgan v. Sundance (2022) 142 S.Ct. 1708, however, the U.S. Supreme Court rejected a similar rule under the Federal Arbitration Act. The Court held that the FAA does not authorize courts to apply an arbitration-only rule asking whether a party’s waiver resulted in prejudice for the other side.

Peter Quach sued his former employer, the California Commerce Club, after he was fired. Although the Club asserted in its answer that Mr. Quach had agreed to arbitrate any disputes, it initially demanded a jury trial and proposed a discovery plan. The Club didn’t move to compel arbitration until more than a year after the complaint had been filed, and after the parties had engaged in significant discovery. The trial court denied the Club’s motion to compel, ruling that it had waived its arbitration right. A divided panel of the California Court of Appeal reversed, holding that Mr. Quach had not sufficiently shown that he had been prejudiced by the delay under St. Agnes.

Issue Presented:

In deciding whether a party has waived its right to compel arbitration, should courts consider prejudice to the party resisting arbitration (as St. Agnes held), or instead focus only on the conduct of the waiving party (as Morgan held)?

Court’s Holdings:

Courts should not consider prejudice to the party resisting arbitration. The St. Agnes rule has been abrogated.

What It Means:

Parties seeking to enforce arbitration agreements should move to compel arbitration promptly and should avoid engaging in any conduct—including litigation of the merits and factual development through discovery—that suggests an inconsistent intent to proceed in court.
The Court’s decision brings California law in line with federal law, ensuring that courts will apply the same waiver principles regardless of whether a case is governed by the Federal Arbitration Act or the California Arbitration Act. Under those principles, courts should focus “exclusively … on the waiving party’s words or conduct.”
By eliminating the “stringent” prejudice requirement, the decision will make it easier for parties resisting arbitration to show that the party invoking an arbitration agreement had waived its rights under the agreement. Future courts will be especially on the lookout for signs of “undue delay and gamesmanship” in the invocation of an arbitration agreement.
The Court also cautioned that lower courts “should separately evaluate each generally applicable state contract law defense raised by [a] party opposing arbitration,” including waiver, forfeiture, estoppel, laches, and untimeliness, rather than “lump[ing] distinct legal defenses into a catch-all category called ‘waiver.’”

The Court’s opinion is available here.

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 [email protected]	Allyson N. Ho +1 214.698.3233 [email protected]	Julian W. Poon +1 213.229.7758 [email protected]
Lucas C. Townsend +1 202.887.3731 [email protected]	Bradley J. Hamburger +1 213.229.7658 [email protected]	Michael J. Holecek +1 213.229.7018 [email protected]

Related Practice: Labor and Employment

Jason C. Schwartz
+1 202.955.8242
[email protected]

Katherine V.A. Smith
+1 213.229.7107
[email protected]

Jesse A. Cripps
+1 213.229.7792
[email protected]

Related Practice: Litigation

Theodore J. Boutrous, Jr.
+1 213.229.7804
[email protected]

Theane Evangelis
+1 213.229.7726
[email protected]

This alert was prepared by associates Daniel R. Adler, Ryan Azad, and Matt Aidan Getz.

Ilissa Samplin and Grace Hart are the authors of “Questions Linger About DTSA’s Scope After Motorola Ruling” [PDF] published by Law360 on July 25, 2024.

The SEC’s action against SolarWinds related to a highly publicized compromise of the company in 2020 that was attributed to Russia’s Foreign Intelligence Service who had inserted malware into a routine SolarWinds software update.

On July 18, 2024, the U.S. District Court for the Southern District of New York largely granted SolarWinds’ motion to dismiss and dismissed most of the SEC’s claims against the company and its former Chief Information Security Officer (CISO).[1] The SEC’s action against SolarWinds related to a highly publicized compromise of the company in 2020 that was attributed to Russia’s Foreign Intelligence Service (SVR) who had inserted malware into a routine SolarWinds software update. Although thousands of SolarWinds customers received the software update, the SVR used the compromise to access the environments of certain SolarWinds customers in the government and private sector (the “SUNBURST” incident).

The court dismissed most of the claims advanced by the SEC relating to its disclosures, including SolarWinds’ Form 8-K filings, but did sustain claims against SolarWinds and its CISO alleging that a “Security Statement” posted on its website in 2017 may have been false or misleading.

The decision is noteworthy for several reasons:

The court dismissed the SEC’s claim that cybersecurity-related deficiencies were actionable under its rules relating to internal accounting and disclosure controls. The court concluded that the claim was “ill-pled” because “cybersecurity controls are not—and could not have been expected to be—part of the apparatus necessary to the production of accurate” financial reports, noting that “[a]s a matter of statutory construction, [the SEC’s] reading is not tenable.”[2] This is noteworthy because the SEC just last month entered into a settlement in cybersecurity-related case under the theory that internal accounting controls-related regulations could encompass traditional IT assets that were unrelated to financial systems or financial/accounting data.[3] The Solar Winds decision will likely impact how the SEC thinks about its broad use of accounting controls as a basis to charge a violation related to a cyber incident.
The court’s decision makes clear that more than isolated disclosure failures are required to put the adequacy of a company’s disclosure controls and procedures in issue. The decision also leaves open the question of whether, in a close case where the SEC may be inclined to allege fraud, the SEC will continue to be willing to enter into a settlement on the basis of a disclosure controls and procedures violation if the company was willing to do so in order to avoid a fraud charge, as has been their practice to date.
While the decision is an encouraging sign that the SEC’s aggressive attempts to hold CISOs individually liable for company conduct will be evaluated on the factual record and the law, the decision did not dismiss all claims against the CISO (allowing the claims based on allegations of contemporaneous knowledge of falsity of public statements to go forward), and companies and CISOs should remain vigilant in responding to cybersecurity incidents and ensuring the accuracy of all public statements that are made about cybersecurity.

Background

On October 30, 2023, the SEC filed a complaint against SolarWinds and its former CISO alleging that they made materially false and misleading statements and omissions on the company website, blog posts, press releases, Form S-1, and quarterly and annual SEC reports prior to the incident and did the same in two reports on Form 8-K in which the company disclosed the incident.[4] The SEC also conducted an investigation regarding the SUNBURST incident and issued a letter to certain companies because the SEC staff believed those entities were impacted by the SolarWinds compromise and requested that they provide information to the staff on a voluntary basis.[5] In February 2024, the SEC filed an amended complaint including factual details to support its allegations that SolarWinds and its CISO were aware of the company’s weak security practices yet made contrary statements about its strength in SolarWinds’ Security Statement.[6] The Defendants filed a motion to dismiss in March 22, 2024,[7] and the court issued its order on July 18, 2024.

July 18, 2024 Order

The court largely granted Defendants’ motion to dismiss, sustaining only the SEC’s claims alleging securities fraud based on allegations that the company made false or misleading representations in a “Security Statement” posted to SolarWinds’ website. Specifically:

Fraud and False and Misleading Statements

The court dismissed most of the SEC’s securities fraud claims regarding SolarWinds’ statements about its strong security that it made in press releases, blog posts, podcasts and securities filings. However, the court allowed the SEC’s claims based on the Securities Statement on SolarWinds’ website to proceed.[8]

The “Security Statement”

The court found that the SEC adequately pled that the Security Statement posted on SolarWinds’ website contained materially misleading and false representations as to at least two of SolarWinds’ cybersecurity practices: access controls and password protection policies. The court’s holding was based on the allegations in the complaint that SolarWinds had made statements touting that it had strong access controls and password policies when its internal practices and discourse instead “portrayed a diametrically opposite representation for public consumption.”[9] Specifically, the court found that the complaint alleged that the company’s access controls had “deficiencies” that “were not only glaring—they were long-standing, well-recognized within the company, and unrectified over time,” and its password policies were generally not enforced.[10] The court also found that the amended complaint “amply” alleged scienter, including that the former CISO knew of the substantial body of data that impeached the security statement’s content as false and misleading.[11]

The court importantly explained that false statements on public websites can sustain securities fraud liability, as the security statement at issue appeared on SolarWinds’ public website, accessible to all, including investors, and therefore was, according to the court, unavoidably part of the “total mix of information” that SolarWinds furnished to the investing public.[12] The court emphasized that for purposes of evaluating materiality, each representation should be considered collectively, rather than in isolation, as investors evaluate the whole picture.

Press Releases, Blog Posts, and Podcasts

The court dismissed the SEC’s claims that SolarWinds made false and misleading statements related to the 2020 incident in press releases, blog posts, and podcasts explaining that each qualifies as non-actionable corporate puffery, “too general to cause a reasonable investor to rely upon them.”[13] As the court noted, while public statements, such as the website security statement, can serve as the basis for a material misstatement when they contain a degree of specificity, general statements by an issuer about the strength of their cybersecurity program were not sufficient to support a fraud violation.

Pre-Incident Public Filings

The court dismissed each of the SEC’s claims that SolarWinds’ cybersecurity risk disclosures in its SEC filings did not accurately reflect the risks that the company faced. The court found that, viewed in totality, the risk disclosures sufficiently alerted the investing public of the types and nature of the cybersecurity risks SolarWinds faced and the consequences these could present for the company’s financial health and future.[14] The court also held that, on the facts pled, SolarWinds was not required to amend its cybersecurity risk disclosures for certain cyber incidents as the company’s cybersecurity risk disclosures already warned investors of the risks “in sobering terms.”[15]

In the court’s view, issuers are not required to disclose cybersecurity risks with “maximum specificity,” as, according to the court, spelling out a cybersecurity risk may backfire in various ways, such as by arming malevolent actors with information to exploit or by misleading investors as other disclosures might be disclosed with relatively less specificity.[16]

Post-incident Form 8-K

The court found that the SEC did not adequately plead that the post-incident Form 8-K was materially false or misleading, as the disclosure fairly captured the known facts and disclosed what was required for reasonable investors. The court also acknowledged that the impact on stock prices indicated that the market “got the message” (noting SolarWinds’ share prices dropped more than 16% the day of the announcement, and another 8% the next day),[17] and emphasized that SolarWinds published the disclosure just two days after discovering the compromise, when it was still in the early phases of its investigation and had a limited understanding of the attack.

Internal Accounting Controls

The court found that the SEC’s attempt to bring a claim under Section 13(b)(2)(B) of the Exchange Act (relating to internal accounting controls) was unsupported by legislative intent, as the surrounding terms that Congress used when drafting Section 13(b)(2)(B), which refer to “transactions,” “preparation of financial statements,” “generally accepted accounting principles,” and “books and records,” are uniformly consistent with financial accounting. [18] The court’s deep skepticism of the claim that Congress intended to confer the SEC with such authority is reflected in the analogy that doing so would be tantamount to “hid[ing] elephants in mouseholes.”[19]The court also found that the few courts that interpreted the term “internal accounting controls” as used in this section “have consistently construed it to address financial accounting.”[20] In this respect, the court’s conclusion is consistent with the views expressed in several dissents by Commissioners in other settled enforcement actions in which the SEC has used the internal accounting controls provision to impose liability for non-financial related conduct.[21]

Disclosure Controls and Procedures

The court sided with SolarWinds in rejecting the SEC’s claims that the company failed to maintain and adhere to appropriate disclosure controls for cybersecurity incidents. The court was unwilling to accept the SEC’s argument that one-off issues—even if the company misapplied its existing disclosure controls in considering cybersecurity incidents—gave rise to a claim that the company failed to maintain such controls. Importantly, this case relates to conduct prior to the adoption of the SEC’s 2023 cybersecurity rules, which have made it even more important for companies to maintain appropriate controls.

The court acknowledged that SolarWinds had misclassified the severity level of two incidents under its Incident Response Plan (IRP) and failed to elevate a vulnerability to the CEO and CTO for disclosure.[22] However, the court found that these instances—without more—did not support a claim that SolarWinds maintained ineffective disclosure controls.

The SEC did not plead deficiency in the “construction” of SolarWinds’ IRP, nor did it allege routine misclassification of incidents or frequent errors as a result of applying that framework.[23] The court implied that disclosure controls do not have to be perfect—they should provide reasonable assurance that information is being collected for disclosure consideration. The court thus found that the one-off issues identified by the SEC in applying the IRP and associated cybersecurity disclosure controls were not, without more, sufficient to “plausibly impugn [a] company’s disclosure controls systems.”[24]

Key Takeaways

Internal Accounting Controls.

Notably, on June 18, 2024 the SEC claimed in a settlement that another company that had experienced cyber incidents violated rules relevant to internal accounting controls. The SEC alleged that the company failed to “provide reasonable assurances…that access to company assets is permitted only in accordance with management’s…authorization.”[25] The SEC’s claims and approach in that settlement were seen as particularly aggressive as the predicate cybersecurity incident (for which the controls would be relevant) did not impact financial systems or corporate financial and accounting data. That settlement also evoked a notable dissent from two Commissioners arguing that the internal accounting controls provision did not apply to a company’s overall cybersecurity program.
The court in this case comprehensively repudiated the SEC’s effort to bring an internal accounting controls violation based on Section 13(b)(2)(B) in the context of cybersecurity-related actions. The court found the SEC’s position that their authority to regulate an issuer’s “system of internal accounting controls” includes authority to regulate cybersecurity controls “not tenable,” and unsupported by the statute, legislative intent, or precedent. [26] The court held that the statute cannot be construed to broadly cover all systems public companies use to safeguard their valuable assets and that the statute’s reach is limited as it governs systems of “internal accounting controls.”[27]
As such, the SolarWinds decision calls into question—and may signal an end to—the SEC’s recent attempts to adopt an expansive reading of its rules relating to internal accounting controls to govern cybersecurity controls—whether or not such cybersecurity controls are relevant to the production of financial reports.

Disclosure Controls and Procedures.

The decision also calls into question the SEC’s ability to rely on claims of inadequate disclosure controls and procedures in similar circumstances, given that the court found that more than a single disclosure failure is required to put the adequacy of a company’s disclosure controls and procedures in issue.
While this fact-based finding provides reassurance that good-faith, day-to-day mistakes at a company may not be actionable, it remains important to design and maintain disclosure controls that provide for appropriate escalation and consideration.

Assessing Fraud Claims Based on Public Disclosures.

When evaluating the accuracy of public disclosures in the context of a securities fraud claim, representations are to be evaluated based on a holistic assessment, rather than each statement in isolation. The court rearticulated the long-standing view the investing public “evaluates the information available to it ‘as a whole.’” Nevertheless, a securities fraud claim may be pursued where there is evidence that the company—or a CISO or other company officer—is aware of inaccuracies at the time such statements are made.

[1] Opinion and Order, SEC v. SolarWinds Corp. and T. Brown, 1:23-cv-09518-PAE (S.D.N.Y. July 18, 2024) (hereinafter “Order”).

[2] Order at 3, 94–102.

[3] See Gibson Dunn Client Alert, “SEC as Cybersecurity Regulator” (June 20, 2024), available at https://www.gibsondunn.com/wp-content/uploads/2024/06/sec-as-cybersecurity-regulator.pdf?v2; R.R. Donnelley & Sons, No. 3-21969 (S.E.C. June 18, 2024) (order instituting cease and desist proceedings), available at https://www.sec.gov/files/litigation/admin/2024/34-100365.pdf.

[4] Complaint, SEC v. SolarWinds Corp. and T. Brown, No. 23-cv-9518 (Oct. 30, 2023), https://www.sec.gov/files/litigation/complaints/2023/comp-pr2023-227.pdf.

[5] In the Matter of Certain Cybersecurity-Related Events (HO-14225) FAQs, U.S. Securities and Exchange Commission, available at https://www.sec.gov/enforce/certain-cybersecurity-related-events-faqs.

[6] Am. Compl., SEC v. SolarWinds Corp. and T. Brown, No. 23-cv-9518-PAE (S.D.N.Y. Feb. 20, 2024).

[7] Mem. of Law in Support of Mot. to Dismiss, SEC v. SolarWinds Corp. and T. Brown, No. 23-cv-9518-PAE (S.D.N.Y. Mar. 22, 2024).

[8] See Order at 3.

[9] Order at 54.

[10] Order at 54.

[11] Order at 61.

[12] Order at 51 (citation omitted).

[13] Order at 68 (citation omitted).

[14] Order at 71–79.

[15] Order at 75.

[16] Order at 73.

[17] Order at 90.

[18] Order at 96.

[19] Order at 100.

[20] Order at 97–98.

[21] 2023 Year-End Securities Enforcement Update – Gibson Dunn (end notes 20–22); SEC Statement, The SEC’s Swiss Army Statute: Statement on Charter Communications, Inc. (Nov. 14, 2023), available at https://www.sec.gov/news/statement/peirce-uyeda-statement-charter-communications-111423#_ftn6.

[22] Order at 102–106.

[23] Order at 104.

[24] Order at 106.

[25] R.R. Donnelley & Sons, No. 3-21969 (S.E.C. June 18, 2024) (order instituting cease and desist proceedings), available at https://www.sec.gov/files/litigation/admin/2024/34-100365.pdf.

[26] Order at 96.

[27] Order at 96–97.

The following Gibson Dunn lawyers prepared this update: Mark Schonfeld, David Woodcock, Ronald Mueller, Brian Lane, Vivek Mohan, Stephenie Gosnell Handler, Sophie Rohnke, Michael Roberts, Sarah Pongrace, and Ashley Marcus.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Securities Enforcement, Privacy, Cybersecurity & Data Innovation, or Securities Regulation & Corporate Governance practice groups:

Securities Enforcement:
Tina Samanta – New York (+1 212.351.2469, [email protected])
Mark K. Schonfeld – New York (+1 212.351.2433, [email protected])
David Woodcock – Dallas/Washington, D.C. (+1 214.698.3211, [email protected])

Privacy, Cybersecurity and Data Innovation:
Ahmed Baladi – Paris (+33 (0) 1 56 43 13 00, [email protected])
S. Ashlie Beringer – Palo Alto (+1 650.849.5327, [email protected])
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, [email protected])
Joel Harrison – London (+44 20 7071 4289, [email protected])
Jane C. Horvath – Washington, D.C. (+1 202.955.8505, [email protected])
Vivek Mohan – Palo Alto (+1 650.849.5345, [email protected])
Rosemarie T. Ring – San Francisco (+1 415.393.8247, [email protected])
Sophie C. Rohnke – Dallas (+1 214.698.3344, [email protected])

Securities Regulation and Corporate Governance:Elizabeth Ising – Washington, D.C. (+1 202.955.8287, [email protected])
Thomas J. Kim – Washington, D.C. (+1 202.887.3550, [email protected])
Brian J. Lane – Washington, D.C. (+1 202.887.3646, [email protected])
Julia Lapitskaya – New York (+1 212.351.2354, [email protected])
James J. Moloney – Orange County (+1 1149.451.4343, [email protected])
Ronald O. Mueller – Washington, D.C. (+1 202.955.8671, [email protected])
Michael Scanlon – Washington, D.C.(+1 202.887.3668, [email protected])
Lori Zyskowski – New York (+1 212.351.2309, [email protected])

Katharina Humphrey and Sophie Rohnke are the authors of “SEC weitet Zuständigkeit deutlich auf Cybersicherheit aus” [PDF] (SEC significantly expands jurisdiction to include cybersecurity), published by Börsen-Zeitung on July 19, 2024. The article outlines the issue of cyber security with a view to internal accounting control regulations in the U.S. and its impact on German companies with a U.S. listing.

The challengers to the Rule have explained that if the court rules for them on the merits, then the remedy is for the court to vacate the Rule nationwide, in an order that is not limited to the parties in the case. A decision is expected by August 30.

This past Friday, July 19, global tax-consulting firm Ryan, LLC moved for summary judgment in its challenge to the Federal Trade Commission’s Non-Compete Rule in the U.S. District Court for the Northern District of Texas.[1] Gibson Dunn represents Ryan. A group of trade associations led by the United States Chamber of Commerce has likewise moved for summary judgment. Ryan and the trade associations previously won a preliminary injunction and stay of the Rule’s effective date (see Gibson Dunn’s July 5 client alert), which was limited to the parties to the case.[2]

Ryan’s primary argument—which the Court already found was likely to succeed—is that the FTC lacks statutory authority to promulgate the Non-Compete Rule. Ryan also argues that a grant of rulemaking authority to define “unfair methods of competition” would constitute an unconstitutional delegation of legislative power; that the rule is unlawfully retroactive; and that the FTC Commissioners are unconstitutionally insulated from the President’s control. Ryan further contends that the Non-Compete Rule is arbitrary and capricious in violation of the Administrative Procedure Act, because the FTC failed to justify the nearly universal breadth of its ban, overstated the Rule’s purported benefits, and understated its costs.

Ryan has asked the Court to vacate the Non-Compete Rule, with nationwide effect. As Ryan explained in its motion, under applicable Fifth Circuit precedent, if the Court rules for Ryan on the merits, then under the Administrative Procedure Act it is required to vacate the Rule in an order that is not limited to the parties to the case.

The Court has stated that it will rule on the summary judgment motions by August 30, shortly before the Rule is set to take effect on September 4. Briefing on Ryan’s and the trade associations’ motions, as well as the FTC’s expected cross-motion for summary judgment, is scheduled to be completed on August 16.

[1] Ryan’s brief in support of its motion is available here.

[2] Further analysis of the FTC’s Non-Compete Rule is available here.

Eugene Scalia, Allyson N. Ho, Amir C. Tayrani, Andrew Kilberg, Elizabeth A. Kiernan, Aaron Hauptman, and Josh Zuckerman represent Ryan, LLC and prepared this update.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Administrative Law & Regulatory, Labor & Employment, or Antitrust & Competition practice groups:

Administrative Law and Regulatory:
Allyson N. Ho – Dallas (+1 214.698.3233, [email protected])
Eugene Scalia – Washington, D.C. (+1 202.955.8673, [email protected])
Amir C. Tayrani – Washington, D.C. (+1 202.887.3692, [email protected])
Helgi C. Walker – Washington, D.C. (+1 202.887.3599, [email protected])

Labor and Employment:
Andrew G.I. Kilberg – Washington, D.C. (+1 202.887.3759, [email protected])
Karl G. Nelson – Dallas (+1 214.698.3203, [email protected])
Jason C. Schwartz – Washington, D.C. (+1 202.955.8242, [email protected])
Katherine V.A. Smith – Los Angeles (+1 213.229.7107, [email protected])

Antitrust and Competition:
Rachel S. Brass – San Francisco (+1 415.393.8293, [email protected])
Svetlana S. Gans – Washington, D.C. (+1 202.955.8657, [email protected])
Cynthia Richman – Washington, D.C. (+1 202.955.8234, [email protected])
Stephen Weissman – Washington, D.C. (+1 202.955.8678, [email protected])

From the Derivatives Practice Group: This week, the Hong Kong Monetary Authority and Financial Services and the Treasury Bureau published the Consultation Conclusions on the Legislative Proposal to Implement the Regulatory Regime for Stablecoin Issuers in Hong Kong.

New Developments

President Biden Announced Intent to Nominate Julie Brinn Siegel as a Commissioner of the CFTC. On July 11, President Biden announced his intent to nominate Julie Brinn Siegel to be a Commissioner of the CFTC. Siegel currently serves as the federal government’s deputy chief operating officer as Senior Coordinator for Management at the Office of Management and Budget (OMB). Prior to that, Siegel served as Secretary of the Treasury Janet Yellen’s Deputy Chief of Staff and served as Senior Counsel and Policy Advisor to U.S. Senator Elizabeth Warren (D-MA). Last month, President Biden nominated CFTC Commissioner Johnson to be Assistant Secretary for Financial Institutions at the Department of Treasury and nominated CFTC Commissioner Christy Goldsmith Romero to be Chair and Member of the Federal Deposit Insurance Corporation (FDIC) which, if confirmed by the Senate, would leave open two Democratic Commissioner seats at the CFTC. Siegel, if nominated and confirmed by the Senate, would take the seat of Commissioner Goldsmith Romero.
First Interagency Fraud Disruption Conference Focuses on Combatting Crypto Schemes Commonly Known as “Pig Butchering.” On July 11, the CFTC and the DOJ’s Computer Crime and Intellectual Property Section’s National Cryptocurrency Enforcement Team (“NCET”) convened the first Fraud Disruption Conference to work on efforts to combat a type of fraud commonly known as “pig butchering”. It is estimated that Americans are scammed out of billions per year, making this a top law enforcement priority. The working group addressed strategies to prevent victimization; using technology to disrupt the fraud; and collaboration on enforcement efforts. Several agencies also collaborated on an anti-victimization messaging campaign to warn Americans to remain vigilant against emerging fraud threats.
Supreme Court Overrules Chevron, Sharply Limiting Judicial Deference To Agencies’ Statutory Interpretation. On June 28, the Supreme Court overruled Chevron v. Natural Resources Defense Council, a landmark decision that had required courts to defer to agencies’, including the CFTC’s, reasonable interpretations of ambiguous statutory terms. For a more detailed analysis of the ruling please refer to Gibson Dunn’s client alert, available here.
CFTC Announces Supervisory Stress Test Results. On July 1, the CFTC issued Supervisory Stress Test of Derivatives Clearing Organizations: Reverse Stress Test Analysis and Results, a report detailing the results of its fourth Supervisory Stress Test (“SST”) of derivatives clearing organization (“DCO”) resources. Among other findings, the 2024 report concluded the DCOs studied hold sufficient financial resources to withstand many extreme and often implausible price shocks. The purpose of the analysis was twofold: (1) to identify hypothetical combinations of extreme market shocks, concurrent with varying numbers of clearing member (“CM”) defaults, that would exhaust prefunded resources (DCO committed capital, and default fund), and unfunded resources available to the DCOs (this represents the reverse stress test component), and (2) to analyze the impacts of DCO use of mutualized resources on non-defaulted CMs.

New Developments Outside the U.S.

ESAs Establish Framework to Strengthen Coordination in Case of Systemic Cyber Incidents. On July 17, the European Supervisory Authorities (“ESAs”) announced they will establish the EU systemic cyber incident coordination framework (“EU-SCICF”), in the context of the Digital Operational Resilience Act (“DORA”), that will aim to facilitate an effective financial sector response to a cyber incident that poses a risk to financial stability, by strengthening the coordination among financial authorities and other relevant bodies in the European Union, as well as with key actors at international level. [NEW]
ESAs Publish Second Batch of Policy Products under DORA. On July 17, the ESAs published the second batch of policy products under DORA. This batch consists of four final draft regulatory technical standards, one set of Implementing Technical Standards and 2 guidelines, all of which aim at enhancing the digital operational resilience of the EU’s financial sector. [NEW]
Hong Kong HKMA and FSTB Publishes Results from Stablecoin Consultation. On July 17, 2024, the Hong Kong Monetary Authority (“HKMA”) and Financial Services and the Treasury Bureau (“FSTB”) published the Consultation Conclusions on the Legislative Proposal to Implement the Regulatory Regime for Stablecoin Issuers in Hong Kong (“Consultation Conclusions”). The Consultation Conclusions outlined the legislative proposal to implement a regulatory regime for fiat-referenced stablecoin (“FRS”) issuers in Hong Kong. The regime will primarily focus on representations of value which rest on ledgers that are operated in a decentralized manner in which no person has the unilateral authority to control or materially alter its functionality or operation. Under this regime, FRS issuers will require a license. Foreign entities intending to apply for a license will be required to establish a Hong Kong subsidiary and have key management personnel in the territory. [NEW]
ESMA Consults on Firms’ Order Execution Policies Under MiFID II. On July 16, ESMA launched a consultation on draft technical standards specifying the criteria for how investment firms establish and assess the effectiveness of their order execution policies. The objective of the proposed technical standards is to foster investor protection by enhancing investment firms’ order execution. [NEW]
ESMA Publishes 2023 Data on Cross-Border Investment Activity of Firms. On July 15, ESMA announced they completed an analysis of the cross-border provision of investment services during 2023. The main findings include that a total of around 386 firms provided services to retail clients on a cross-border basis in 2023; compared to 2022, the cross-border market for investment services grew by 1.6% in terms of firm numbers, and by 5% in terms of retail clients, while the number of complaints increased by 31%; and Germany, France, Spain, and Italy are the most significant destinations (in terms of number of retail clients) for investment firms providing cross-border services in other Member States. [NEW]
ESAs Consult on Guidelines under the Markets in Crypto-Assets Regulation. On July 12, the ESAs published a consultation paper on Guidelines under Markets in Crypto-assets Regulation (“MiCA”), establishing templates for explanations and legal opinions regarding the classification of crypto-assets along with a standardized test to foster a common approach to classification.
ESAs Report on the Use of Behavioral Insights in Supervisory and Policy Work. On July 11, the ESAs published a joint report following their workshop on the use of behavioral insights by supervisory authorities in their day-to-day oversight and policy work. The report provides a high-level overview of the main topics discussed during the workshop held in February 2024 for national supervisors and other competent authorities, where participants explored the added value of behavioral insights in their work by exchanging their experiences and discussing the challenges they face.
ESMA Publishes the 2024 ESEF Reporting Manual. On July 11, ESMA published the update of its Reporting Manual on the European Single Electronic Format (“ESEF”) supporting a harmonized approach for the preparation of annual financial reports. ESMA has also updated the Annex II of the Regulatory Technical Standards (“RTS”) on ESEF.
ESMA Publishes Statement on Use of Collateral by NFCs Acting as Clearing Members. On July 10, ESMA issued a public statement on deprioritizing supervisory actions linked to the eligibility of uncollateralized public guarantees, public bank guarantees, and commercial bank guarantees for Non-Financial Counterparties (“NFCs”) acting as clearing members, pending the entry into force of EMIR 3.
ESMA Launches New Consultations. On July 10, ESMA published a new package of public consultations with the objective of increasing transparency and system resilience in financial markets, reducing reporting burden and promoting convergence in the supervisory approach.
ESMA Consults on Rules to Recalibrate and Further Clarify the Framework. On July 9, ESMA launched new consultations on different aspects of the Central Securities Depositories Regulation (“CSDR”) Refit. The proposed rules relate to the information to be provided by European CSDs to their national competent authorities (“NCA”s) for the review and evaluation, the information to be notified to ESMA by third-country CSDs, and the scope of settlement discipline.
ESMA Consults on Liquidity Management Tools for Funds. On July 8, ESMA announced it is seeking input on draft guidelines and technical standards under the revised Alternative Investment Fund Managers Directive (“AIFMD”) and the Undertakings for Collective Investment in Transferable Securities (“UCITS”) Directive. Both Directives aim to mitigate potential financial stability risks and promote harmonization of liquidity risk management in the investment funds sector.
ESMA Consults on Reporting Requirements and Governance Expectations for Some Supervised Entities. On July 8, ESMA launched two consultations on proposed guidance for some of its supervised entities. The consultations are aimed at the following entities supervised by ESMA: Benchmark Administrators, Credit Rating Agencies, and Market Transparency Infrastructures. The Consultation Paper sets out the information ESMA expects to receive and a timeline for supervised entities to provide the required information. The objective of the Draft Guidelines is to ensure consistency in cross-sectoral reporting.
ESMA Puts Forward Measures to Support Corporate Sustainability Reporting. On July 5, ESMA published a Final Report on the Guidelines on Enforcement of Sustainability Information (“GLESI”) and a Public Statement on the first application of the European Sustainability Reporting Standards (“ESRS”). ESMA reports that these documents will support the consistent application and supervision of sustainability reporting requirements.
ESMA Releases New MiCA Rules To Increase Transparency for Retail Investors. On July 4, ESMA published the second Final Report under the Markets in Crypto-Assets Regulation (MiCA) covering eight draft technical standards that aim to provide more transparency for retail investors, clarity for providers on the technical aspects of disclosure and record-keeping requirements, and data standards to facilitate supervision by National Competent Authorities (“NCAs”). The report covers public disclosures, as well as descriptions on how issuers should disclose price-sensitive information to the public to prevent market abuses, such as insider dealing.
ESMA Reappoints Three Members to its Management Board. On July 4, ESMA announced that it has reappointed three current members to its Management Board. The appointments took place at the Board of Supervisors meeting on July 3. The Management Board, chaired by Verena Ross, Chair of ESMA, is responsible for ensuring that the Authority carries out its mission and performs the tasks assigned to it under its founding Regulation.

New Industry-Led Developments

ISDA Publishes Whitepaper: Hedge Accounting Under US GAAP. On July 16, ISDA published a whitepaper that explores the issues faced by financial and non-financial institutions in applying hedge accounting for interest rate risk, foreign exchange risk and other risks. It highlights both the prescriptive nature of Accounting Standards Codification 815 and the inconsistent interpretations among auditors, which together create operational burdens and can limit hedging strategies. The paper proposes potential solutions to these challenges, including the expansion of hedge eligibility and the revision of hedge accounting criteria, to allow better use of existing risk management tools. [NEW]
ISDA and SIFMA Submit Addendum on GIRR Curvature to US Basel III NPR. On July 15, ISDA and the Securities Industry and Financial Markets Association (“SIFMA”) submitted an addendum to the joint US Basel III “endgame” notice of proposed rulemaking. The addendum contains a proposal for general interest rate risk (“GIRR”) curvature to fix an issue that was recently identified. [NEW]
ISDA Chief Executive Officer Scott O’Malia Offers Informal Comments on Terminating Derivatives Contracts. On July 15, ISDA CEO Scott O’Malia opined on the process to terminate a derivatives contract. ISDA is developing wo initiatives – the ISDA Close-out Framework and the ISDA Notices Hub – that will help ensure a key part of the termination process is more efficient. The ISDA Close-out Framework is designed to illustrate the various steps and decisions firms need to take and is intended as a preparatory tool for future stress events. The ISDA Notices Hub allows the instantaneous delivery and receipt of notices via a secure online platform, eliminating risk exposures and potential losses that can result from delays in terminating derivatives contracts. [NEW]
Trade Associations Submit Letter on EMIR IM Model Validation. On July 8, ISDA, the Alternative Investment Management Association (“AIMA”), the European Fund and Asset Management Association (“EFAMA”) and the Securities Industry and Financial Markets Association’s asset management group (“SIFMA AMG”) submitted a letter to the ESAs and the European Commission on initial margin (“IM”) model approval requirements set out in the European Market Infrastructure Regulation (“EMIR 3.0”). The letter highlights challenges posed by the three-month period granted to the European Banking Authority and NCAs to validate changes to an IM model and describes how the ISDA Standard Initial Margin Model (“ISDA SIMM”) schedule can be amended to address these issues.
ISDA Proceeds with Development of an Industry Notices Hub. On July 1, ISDA announced it will proceed with the development of an industry-wide notices hub, following strong support from buy- and sell-side institutions globally. The new online platform will allow instantaneous delivery and receipt of critical termination-related notices and help to ensure address details for physical delivery are up to date, reducing the risk of uncertainty and potential losses for senders and recipients of these notices.

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Derivatives practice group, or the following practice leaders and authors:

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, [email protected])

Michael D. Bopp, Washington, D.C. (202.955.8256, [email protected])

Michelle M. Kirschner, London (+44 (0)20 7071.4212, [email protected])

Darius Mehraban, New York (212.351.2428, [email protected])

Jason J. Cabral, New York (212.351.6267, [email protected])

Adam Lapidus – New York (212.351.3869, [email protected] )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, [email protected])

William R. Hallatt , Hong Kong (+852 2214 3836, [email protected] )

David P. Burns, Washington, D.C. (202.887.3786, [email protected])

Marc Aaron Takagaki , New York (212.351.4028, [email protected] )

Hayden K. McGovern, Dallas (214.698.3142, [email protected])

Karin Thrasher, Washington, D.C. (202.887.3712, [email protected])

Ashley Johnson and Jennafer Tryck are the authors of “Dueling Calif. Rulings Offer Insight On 401(k) Forfeiture Suits” [PDF] published by Law360 on July 17, 2024.