Publications Archives

To continue assisting US companies with planning for SEC reporting and capital markets transactions into 2025, we offer our annual SEC Desktop Calendar. This calendar provides both the filing deadlines for key SEC reports and the dates on which financial statements in prospectuses and proxy statements must be updated before use (a/k/a financial staleness deadlines).

You can download a PDF of Gibson Dunn’s SEC Desktop Calendar for 2025 at the link below.

Read More

The following Gibson Dunn lawyers assisted in preparing this update: Hillary Holmes, Andrew Fabens, Lori Zyskowski, Peter Wardle, David Korvin, and Kyle Clendenon.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these developments. To learn more, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Capital Markets or Securities Regulation and Corporate Governance practice groups:

Capital Markets:
Andrew L. Fabens – New York (+1 212.351.4034, [email protected])
Hillary H. Holmes – Houston (+1 346.718.6602, [email protected])
Stewart L. McDowell – San Francisco (+1 415.393.8322, [email protected])
Peter W. Wardle – Los Angeles (+1 213.229.7242, [email protected])

Securities Regulation and Corporate Governance:
Elizabeth Ising – Washington, D.C. (+1 202.955.8287, [email protected])
James J. Moloney – Orange County (+1 949.451.4343, [email protected])
Lori Zyskowski – New York (+1 212.351.2309, [email protected])
Aaron Briggs – San Francisco (+1 415.393.8297, [email protected])
Thomas J. Kim – Washington, D.C. (+1 202.887.3550, [email protected])
Brian J. Lane – Washington, D.C. (+1 202.887.3646, [email protected])
Julia Lapitskaya – New York (+1 212.351.2354, [email protected])
Ronald O. Mueller – Washington, D.C. (+1 202.955.8671, [email protected])
Michael Scanlon – Washington, D.C.(+1 202.887.3668, [email protected])
Mike Titera – Orange County (+1 949.451.4365, [email protected])

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Although this latest round of updates is not as extensive as the 2023 iteration, it includes significant additions that may have meaningful implications for companies as they seek to align their compliance programs with DOJ’s expectations.

On September 23, 2024, the Criminal Division of the U.S. Department of Justice (“DOJ”) announced the latest revision of its Evaluation of Corporate Compliance Programs (the “ECCP”) since its last update in March 2023. The ECCP serves as the Criminal Division’s guidance for its prosecutors to evaluate companies’ compliance programs when making corporate enforcement decisions. This guidance is also often consulted by companies seeking to ensure their compliance programs are effective and would hold up under DOJ’s scrutiny. Principal Deputy Assistant Attorney General (“DAAG”) Nicole M. Argentieri announced the revision of the ECCP during her remarks at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute held in Grapevine, Texas on September 23, 2024.

The most significant revisions of the ECCP center on three areas: (1) evaluation and management of risk related to new technologies, such as artificial intelligence (“AI”); (2) further emphasis on the role of data analysis; and (3) whistleblower protection and anti-retaliation. The key updates in these three areas are discussed below, and a comparison between the 2023 and 2024 ECCP versions can be found here.

(1) AI and Emerging Technologies

Perhaps the most significant update in this new iteration of the ECCP is the heightened focus on how organizations proactively identify, assess, mitigate, and manage the risks associated with their use of emerging technologies, including AI. This emphasis reflects DOJ’s increasing focus on companies’ use of data and technology and its stated expectation that companies’ approach to risk management will be proactive rather than reactive.

AI and more advanced data analytics tools hold great promise for companies’ management of risk. Nevertheless, these capabilities also create risk. Although DOJ appears to recognize the promise, the revisions to the ECCP track DOJ’s concerns about how AI and other technologies can be misused. For example, in February 2024, Deputy Attorney General (“DAG”) Lisa Monaco announced that DOJ would seek sentencing enhancements where offenses were made significantly more dangerous by the misuse of AI. The following month, DAG Monaco drew a parallel to corporate criminal prosecutions, stating that “[w]hen our prosecutors assess a company’s compliance program . . . they consider how well the program mitigates the company’s most significant risks,” emphasizing that for a growing number of businesses, this “now includes the risk of misusing AI.” In the same remarks, DAG Monaco announced that she had directed the Criminal Division to “incorporate assessment of disruptive technology risks—including risks associated with AI—into its guidance on Evaluation of Corporate Compliance Programs.”

The position taken by DOJ in the latest ECCP is summarized by DAAG Argentieri in her recent remarks: “prosecutors will consider whether the company is vulnerable to criminal schemes enabled by new technology, such as false approvals and documentation generated by AI. If so, we will consider whether compliance controls and tools are in place to identify and mitigate those risks, such as tools to confirm the accuracy or reliability of data used by the business. We also want to know whether the company is monitoring and testing its technology to evaluate if it is functioning as intended and consistent with the company’s code of conduct.”

The updated ECCP outlines how companies will be expected to tailor their compliance programs to identify and manage the risks of AI. Corporations deploying AI will need to consider whether:

their risk assessment processes consider and appropriately document their use of AI and other new technologies and how the risk level for intended use cases has been determined (e.g., in circumstances where the particular use of AI creates particular risks, such as confidentiality, privacy, cybersecurity, quality control, bias, etc.);
the AI systems they are deploying have a sufficient degree of human oversight, especially for high-risk uses, and whether the performance of those systems is being assessed by reference to an appropriate “baseline of human decision-making” (e.g., the expected standard to which human decision-makers would be held for a given use case);
appropriate steps have been taken to prioritize and minimize the identified risks—including the potential for misuse of those technologies by company insiders—by implementing compliance tools and controls (e.g., through monitoring, alerts, technical guardrails, continuous testing, human review, or confirming the accuracy or reliability of data); and
they are continuously monitoring and testing their technology to evaluate if it is functioning “as intended,” both in their commercial business and compliance program, and consistent with the laws and the company’s code of conduct. If there are significant deviations in performance, for example where an AI tool makes an inappropriate decision, prosecutors will look at how quickly a company is able to detect and subsequently correct errors and any subsequent decisions.

(2) Emphasis on Data

Another key area of revisions to the ECCP confirms DOJ’s increasing focus on the use of data for compliance purposes, expanding on DOJ’s existing guidance:

The most extensive revisions in this area stress the importance of ensuring that compliance personnel maintain access to company data to assess the effectiveness of the compliance program—including leveraging data analytics tools to create efficiencies in compliance operations and measure the effectiveness of compliance components. This is an area on which DOJ’s Matt Galvin, Counsel for Compliance & Data Analytics at the Criminal Division’s Fraud Section, has focused, including with regard to DOJ’s own use of data analytics and the government’s expectation that companies will incorporate data-driven approaches to compliance as well. During a PLI program in June 2023, Galvin referred to data as “a function of transparency” in an organization. The revisions to the ECCP make clear that compliance personnel should have access equal to that of the business teams to all relevant data, assets, resources, and technology. This expectation on DOJ’s part was previewed by Galvin during the recent 15th Annual Global Ethics Summit in April 2024, where he emphasized that a delta between the use of data analytics by business and compliance teams will draw DOJ’s attention. The ECCP now includes additional questions testing whether the company is appropriately using data analytics tools to measure the effectiveness of compliance programs, the quality of its data sources, and the accuracy of any data analytics models it employs.
Other revisions in the ECCP concern data in the context of third-party management with a particular focus on vendor risk. Prosecutors will gauge whether the third-party risk management process allows for the review of vendors in a timely manner, and whether the company leverages available data to evaluate vendor risk in the course of its relationship with the vendor. This is consistent with DOJ’s increasing scrutiny of companies’ approach to third-party management practices and their ability to assess risks associated with broader categories of third parties emerging as potential new sources of compliance risk.
With regard to M&A transactions, among several revisions, DOJ now guides prosecutors to consider whether companies “account for migrating or combining critical enterprise resource planning systems as part of the integration process.” This again demonstrates an emphasis on control over and access to corporate information.
In examining whether the compliance program works in practice, the revised guidance spells out more specifically that prosecutors should “consider whether the company’s compliance program had a track record of preventing or detecting other instances of misconduct, and whether the company exercised due diligence to prevent and detect criminal conduct.” Prosecutors are now instructed to look at how a company uses data to “gain insights into the effectiveness of its compliance program” and the breadth of non-compliant conduct, beyond criminal conduct, that it is able to prevent.

(3) Whistleblower Reporting

In early August this year, the Criminal Division released guidance regarding the new DOJ Corporate Whistleblower Awards Pilot Program. This month’s revisions to the ECCP align it with the pilot program’s goals by including a paragraph on companies’ “Commitment to Whistleblower Protection and Anti-Retaliation” under the “Confidential Reporting Structure and Investigation Process” section.

In that paragraph, the new guidance advises prosecutors to consider several factors, including whether the company has an anti-retaliation policy; whether it trains employees on both internal and external anti-retaliation and whistleblower protection laws; and how employees who reported misconduct are disciplined in comparison to others involved in the misconduct (meaning whether reporting misconduct is a mitigator impacting a company’s disciplinary response). It also asks whether the company trains employees on both internal reporting systems and “external whistleblower programs and regulatory regimes.”

The ECCP also now directs prosecutors to consider whether and how an organization “incentivize[s] reporting” and whether an organization trains its employees on “external whistleblower programs and regulatory regimes.” Both of these concepts may prove tricky for organizations to address.

Other Notable Additions

In addition to the three main areas discussed above, the revised guidance contains a few other noteworthy revisions in other areas:

The revised guidance makes the paragraph dealing with “Risk-Tailored Resource Allocation” in the “Risk Assessment” section more general, removing examples of “low risk” and “high risk areas,” and instead opting for a broader consideration of whether the company “deploy[s] its compliance resources in a risk-based manner with greater scrutiny applied to greater areas of risk.”
The revisions specify that compliance training should be tailored specifically to the “particular needs, interests, and values of relevant employees,” including being tailored to the relevant industry and geographical region.
Under “Autonomy and Resources,” and particularly in relation to funding and resources, the revised guidance now asks whether the company has “a mechanism to measure the commercial value of investments in compliance and risk management.” In our experience, this is not a common activity of corporate compliance functions, although some certainly do undertake such efforts.

Six Key Takeaways

The updated ECCP is likely to impact significantly how companies tailor their compliance programs to address risks arising out of AI and emerging technologies, reflecting the rapid and dynamic adoption of these technologies across business sectors. To put these requirements into practice, companies will need to build effective governance frameworks and internal policies dealing with emerging technologies and specifically addressing the new challenges and risks they pose.

Here are six other key takeaways from our reading of the updates:

Scope. Companies will need to assess and consider carefully whether technical solutions they deploy may fall under the expanded ambit of the guidance. The ECCP defines AI broadly in accordance with the Office of Management and Budget’s March 2024 memo, which expressly states that “no system should be considered too simple to qualify as covered AI due to a lack of technical complexity,” and where the definition includes “systems that are fully autonomous, partially autonomous, and not autonomous, and it includes systems that operate both with and without human oversight.” Companies will need to assess and consider carefully whether technical solutions they deploy may fall within this definition.
Risk-based compliance. The guidance continues to emphasize that compliance resources should be deployed based on the degree of risk, with greater scrutiny applied to greater areas of risk. The threshold for effective compliance will therefore rely on the design and execution of proactive and effective risk assessments that focus on the actual use cases in which new technologies are being deployed. For example, the risks associated with certain AI tools may vary substantially depending on the use cases for which they are deployed. The guidance also refers to the “baseline of human decision-making” that is used to assess the risk of an AI tool. This concern is reflected in prior comments by DAG Monaco that “[d]iscrimination using AI is still discrimination.” That will require companies to think carefully about the purpose for which they are deploying new technologies such as AI, and whether such technology is effectively meeting that purpose (without running afoul of legal requirements). Strategies employed by companies in this area should be designed for accountability, transparency, and continuous evolution.
Accountability and transparency. Companies are expected to ensure that their new technologies function transparently, and that decisions influenced by these technologies are subject to human review where necessary. The guidance emphasizes that the “black box” nature of some AI systems, and the fact that they might require more third-party management, is not an excuse for failing to meet legal standards. Any compliance program that deploys AI will therefore need to include effective and consistent diligence and procurement standards for third-party models or tools used, staff internal experts with technical competence, ensure that the compliance function is using the data at the company’s disposal to detect risks, and maintain sufficient visibility of how new technologies are functioning in practice and how they are impacting the business.
Continuous monitoring and access to data. The dynamic nature of new technologies, and in particular AI, reinforces the need for regular and possibly more frequent risk assessments and re-evaluation of compliance program effectiveness and monitoring (including testing, which may encompass automated risk detection and real-time monitoring, for high-risk use cases). Moreover, in addition to detecting decisions made by AI that do not meet compliance standards, companies must also be prepared to correct those decisions quickly. Organizations will need to be nimble in adapting compliance systems to fast-evolving legal and technical standards related to AI, as well as rapid technological development. There is already an abundance of practical guidance, including by federal agencies, on best practices in AI governance and compliance, but it has largely been intended for voluntary use (for example, the AI Risk Management Framework released by the National Institute of Standards and Technology (NIST), which the ECCP expressly cites as a resource). The new DOJ guidance indicates that there will be increased regulatory scrutiny on how companies deploying new technologies are choosing to interpret and implement these best practices. Beyond the realm of emerging technologies though, simply articulating an expectation that compliance functions access and monitor corporate data as, for example, a finance or audit function may, could signal a shift in compliance staffing, with compliance officers more often needing to have accounting or technological backgrounds.
Resource allocation. The guidance puts companies on notice that in making charging decisions DOJ may now examine whether companies are devoting adequate resources and technology to AI risk management and compliance and to gathering and leveraging company data for compliance purposes. This suggests that any company investing in new technology development or deployment will need to consider whether appropriately proportional resources are being allocated to compliance, including as compared with overall expenditure on such new technologies.
Approach to compliance reporting. The revisions and additions in relation to whistleblower reporting and anti-retaliation may result in a gradual increase in whistleblower reports by encouraging enhancements to reporting systems that enable employees to feel more secure in reporting misconduct. In addition to ensuring that their anti-retaliation policies are robust and effectively communicated to employees, companies will likely feel the need to allocate additional resources to handle a potential rise in whistleblower reporting in the long term. They will also need to grapple with what they could do to “incentivize” whistleblowing, and whether and how to train employees to report to third parties, in addition to internal corporate channels. While companies typically train employees on the internal procedures for reporting and anti-retaliation protections, it remains to be seen how companies put into practice DOJ’s guidance to train employees on “external whistleblower programs and regulatory regimes” and how DOJ will react to those practices in the context of enforcement.

Conclusion

While the regulatory landscape for AI and other emerging technologies remains unsettled, it is all but certain from the latest revisions of the ECCP that DOJ has its eyes firmly set on the way these new technologies will shape and increase companies’ risk exposure. Along with the other changes in the ECCP outlined here, companies will have to consider carefully and proactively the compliance implications new technologies will bring to their business.

DOJ’s updated guidance underscores the need for companies to evaluate their programs, update their policies and procedures where needed, and stay abreast of how technology can be used to boost—as well as skirt—compliance controls. Our team has deep experience with these issues and is well positioned to assist companies with tackling them as DOJ is set to intensify its focus on this area.

The following Gibson Dunn lawyers prepared this update: F. Joseph Warin, Patrick Stokes, Stephanie Brooker, Michael Diamant, Eric Vandevelde, Oleh Vretsona, Frances Waldmann, Victor Tong, José Madrid, and Kate Goldberg.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of Gibson Dunn’s White Collar Defense and Investigations, Anti-Corruption and FCPA, or Artificial Intelligence practice groups:

Artificial Intelligence:

Keith Enright – Palo Alto (+1 650.849.5386, [email protected])
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, [email protected])
Vivek Mohan – Palo Alto (+1 650.849.5345, [email protected])
Robert Spano – London/Paris (+33 1 56 43 13 00, [email protected])
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, [email protected])
Frances A. Waldmann – Los Angeles (+1 213.229.7914,[email protected])

White Collar Defense and Investigations / Anti-Corruption and FCPA:

Washington, D.C.
F. Joseph Warin (+1 202.887.3609, [email protected])
Stephanie Brooker (+1 202.887.3502, [email protected])
Courtney M. Brown (+1 202.955.8685, [email protected])
David P. Burns (+1 202.887.3786, [email protected])
John W.F. Chesley (+1 202.887.3788, [email protected])
Daniel P. Chung (+1 202.887.3729, [email protected])
M. Kendall Day (+1 202.955.8220, [email protected])
Stuart F. Delery (+1 202.955.8515, [email protected])
Michael S. Diamant (+1 202.887.3604, [email protected])
Gustav W. Eyler (+1 202.955.8610, [email protected])
Melissa Farrar (+1 202.887.3579, [email protected])
Amy Feagles (+1 202.887.3699, [email protected])
Scott D. Hammond (+1 202.887.3684, [email protected])
George J. Hazel (+1 202.887.3674, [email protected])
Adam M. Smith (+1 202.887.3547, [email protected])
Patrick F. Stokes (+1 202.955.8504, [email protected])
Oleh Vretsona (+1 202.887.3779, [email protected])
David C. Ware (+1 202.887.3652, [email protected])
Ella Alves Capone (+1 202.887.3511, [email protected])
Nicole Lee (+1 202.887.3717, [email protected])
Lora Elizabeth MacDonald (+1 202.887.3738, [email protected])
Bryan Parr (+1 202.777.9560, [email protected])
Pedro G. Soto (+1 202.955.8661, [email protected])

New York
Zainab N. Ahmad (+1 212.351.2609, [email protected])
Reed Brodsky (+1 212.351.5334, [email protected])
Mylan L. Denerstein (+1 212.351.3850, [email protected])
Karin Portlock (+1 212.351.2666, [email protected])
Mark K. Schonfeld (+1 212.351.2433, [email protected])
Orin Snyder (+1 212.351.2400, [email protected])

Dallas
David Woodcock (+1 214.698.3211, [email protected])

Denver
Ryan T. Bergsieker (+1 303.298.5774, [email protected])
Robert C. Blume (+1 303.298.5758, [email protected])
John D.W. Partridge (+1 303.298.5931, [email protected])
Laura M. Sturges (+1 303.298.5929, [email protected])

Houston
Gregg J. Costa (+1 346.718.6649, [email protected])

Los Angeles
Michael H. Dore (+1 213.229.7652, [email protected])
Michael M. Farhang (+1 213.229.7005, [email protected])
Diana M. Feinstein (+1 213.229.7351, [email protected])
Douglas Fuchs (+1 213.229.7605, [email protected])
Nicola T. Hanna (+1 213.229.7269, [email protected])
Poonam G. Kumar (+1 213.229.7554, [email protected])
Marcellus McRae (+1 213.229.7675, [email protected])
Eric D. Vandevelde (+1 213.229.7186, [email protected])
Debra Wong Yang (+1 213.229.7472, [email protected])

San Francisco
Winston Y. Chan (+1 415.393.8362, [email protected])
Charles J. Stevens (+1 415.393.8391, [email protected])

Palo Alto
Benjamin Wagner (+1 650.849.5395, [email protected])

London
Patrick Doris (+44 20 7071 4276, [email protected])
Sacha Harber-Kelly (+44 20 7071 4205, [email protected])
Michelle Kirschner (+44 20 7071 4212, [email protected])
Allan Neil (+44 20 7071 4296, [email protected])
Matthew Nunan (+44 20 7071 4201, [email protected])
Philip Rocher (+44 20 7071 4202, [email protected])

Paris
Benoît Fleury (+33 1 56 43 13 00, [email protected])
Bernard Grinspan (+33 1 56 43 13 00, [email protected])

Frankfurt
Finn Zeidler (+49 69 247 411 530, [email protected])

Munich
Kai Gesing (+49 89 189 33 285, [email protected])
Katharina Humphrey (+49 89 189 33 155, [email protected])
Benno Schwarz (+49 89 189 33 110, [email protected])

Hong Kong
Kelly Austin (+1 303.298.5980, [email protected])
Oliver D. Welch (+852 2214 3716, [email protected])

Newsom committed to working with legislators, academics, and other partners to “find the appropriate path forward, including legislation and regulation.”

Update: On September 29, 2024, Governor Newsom vetoed SB 1047 by returning it to the legislature without his signature, criticizing the bill as “a solution that is not informed by an empirical trajectory analysis of AI systems and capabilities.”[1] Building on concerns he previously expressed about the bill,[2] Newsom explained in a statement accompanying his veto that SB 1047 regulates models based only on their cost and size, rather than function, and fails to “take into account whether an Al system is deployed in high-risk environments, involves critical decision-making or the use of sensitive data.”[3]

Despite the veto, Newsom voiced support for AI regulation and California’s role in these efforts, stating, “Safety protocols must be adopted. Proactive guardrails should be implemented, and severe consequences for bad actors must be clear and enforceable,” and that California “cannot afford to wait for a major catastrophe to occur before taking action to protect the public.”[4] Newsom committed to working with legislators, academics, and other partners to “find the appropriate path forward, including legislation and regulation.”[5]

On August 28, 2024, the California State Assembly passed proposed bill SB 1047, the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act, through which California seeks to regulate foundational AI models and impose obligations on companies that develop, fine-tune or provide compute resources to train such models. The bill purports to regulate only the most powerful AI models, trained using large computing capacity, but its requirements are likely to have a broader impact, including on open source models.

SB 1047 currently sits with Governor Newsom. As of September 24, it is unclear whether the Governor will sign the bill or veto it; on September 17, Newsom signaled some discomfort with the bill, but stated that he remained undecided even as he signed several other AI-related bills into law.[6] Gov. Newsom has until the end of September to sign or veto the bill; if he does not veto or return the bill to the legislature, SB 1047 will become law and take effect on January 1, 2026, even if he does not sign it.

Controversial since its introduction, SB 1047 represents a major shift in how U.S. states have sought to regulate AI to date, and the novel approach–including its requirements for developers to implement a “kill switch” and subject themselves to third-party compliance audits, and its applicability to startups and open source AI developers–has caused many major players in the technology sector to oppose the bill or work to weaken its provisions.

Below are 8 key takeaways that highlight the most important aspects of SB 1047 and the ways it may shape the AI landscape if it becomes law.

Expansive definitions of “covered models” and “covered model derivatives” are likely to capture many frontier AI models and subsequent modifications. SB 1047 broadly applies to “covered models,” which are AI models that either:
- Cost over $100 million to develop and are trained using computing power “greater than 10^26 integer or floating-point operations” (FLOPs); or
- Are based on covered models and fine-tuned at a cost of over $10 million and using computing power of three times 10^25 integer or FLOPs.[7]

The frontier models that are publicly available are just below the covered AI model threshold, but the next generation of models will most likely hit that regulation mark.

Certain of SB 1047’s requirements also apply to “covered model derivatives,” which include copies of covered models (whether or not they have been modified).

SB 1047’s requirements apply only to companies that develop or provide compute power to train covered models or covered model derivatives, not to companies that merely use covered models. The law’s principal requirements apply to “developers” that initially train a covered model or that fine-tune a covered model or covered model derivative, all based on the applicable cost and compute requirements. Additional requirements apply to operators of computing clusters when one of their customers “utilizes compute resources that would be sufficient to train a covered model[.]
Before training a covered model, developers are required to implement technical and organization controls designed to prevent covered models from causing “critical harms.” These critical harms include creating or using certain weapons of mass destruction to cause mass casualties; causing mass casualties or at least $500 million in damages by conducting cyberattacks on critical infrastructure or acting with only limited human oversight and causing death, bodily injury, or property damage in a manner that would be a crime if committed by a human; and other comparable harms.
- Kill switch or “shutdown capabilities.” Developers are required to implement a means through which to “promptly enact a full shutdown” of all covered models and covered model derivatives in their control, such that all model operations, including further training, are stopped. In determining whether to enact a full shutdown, developers are required to consider whether it may cause any potential disruptions to critical infrastructure.
- Cybersecurity protections. Developers are required to implement protections “appropriate in light of the risks” to prevent unauthorized access, misuse, or “unsafe post-training modifications” of the covered model and all covered model derivatives in their control.
- Safety protocols. Developers are required to develop a written document safety and security protocol (SSP) and to designate a senior individual to implement the SSP in a manner that complies with the developer’s obligation to exercise reasonable care to mitigate the risk of “foreseeable” downstream misuse of covered models, including by reviewing the SSP for sufficiency on an annual basis. Developers are required to retain an unredacted version of their SSP for the life of the covered model to which it applies plus 5 years, publish a redacted version of the SSP, and to provide an unredacted version to the Attorney General upon request. The SSP is required to:
  - Specify the means through which the developer will comply with its duty to exercise reasonable care as set out above and describe in detail how the developer will comply with SB 1047;
  - Describe how the SSP may be modified;
  - Describes when the developer would implement a full shutdown;
  - Set out testing procedures to determine whether the covered model and its derivatives pose an unreasonable risk of causing or enabling a critical harm or whether the covered model and its derivatives may be modified in a manner that poses such a risk; and
  - States the developer’s compliance obligations in sufficient detail to allow the developer or a third party to determine whether the SSP has been followed.
Developers are subject to rigorous testing, assessment, reporting, and audit obligations.
- Testing and Assessment. Before using a covered model or making it publicly available, a developer is required to assess, including through testing as set out in the SSP, whether there is a possibility that the model could cause critical harm and to record and retain test results from these assessments such that third-parties are capable of duplicating these tests.
- Audits and Reports. Beginning in 2026, developers are required to retain a third-party auditor to perform an independent, annual audit of their compliance with SB 1047. Developers are required to publish redacted copies of their audit reports and to provide unredacted copies to the Attorney General on request. The bill further requires developers to submit annual compliance statements to the Attorney General and to report safety incidents within 72 hours of discovery.
Compute providers are required to implement policies and procedures for customers that use compute sufficient to train a covered model. These procedures are required to include the ability to enact a full shutdown of compute used to train covered models, collecting and verifying identifying information for any customer that uses compute sufficient to train a covered model and assessing whether the customer intends to use the compute resources to train a covered model. Such information is required to be retained for 7 years and shall be provided to the Attorney General on request.
Developers are prohibited from preventing employees from reporting noncompliance internally, to the Attorney General, or to the Labor Commissioner and may not retaliate against employees who do so. These whistleblower protections include requirements that developers inform any employee or contractor working on covered models of their rights and to retain any complaints or reports made by employees or contractors for 7 years. Developers also are required to develop processes through which employees or contractors may make internal reports on an anonymous basis.
Enforcement is exclusively by the Attorney General and does not include a private right of action. The Attorney General may bring a civil action for violations of the bill that cause death or bodily harm; damage, theft, or misappropriation of property; or imminent public safety risks. The Attorney General may seek civil penalties, monetary damages (including punitive damages), injunctive or declaratory relief. Civil penalties for certain violations are capped at 10% of the cost of computing power used to train the covered model.
Certain provisions of SB 1047 may be vulnerable to legal challenge based on constitutional principles. While many of the bill’s provisions will likely pass constitutional muster, including those requiring developers to take technical steps in relation to their covered models, SB 1047 remains subject to legal challenge based on its extraterritorial reach and its assessment requirements.
- No nexus to California. SB 1047 does not have any textual nexus requiring that developers be located in California nor any requirements that covered models be developed, trained, or offered in California for the provisions to apply, standing in opposition to the general presumption that state laws do not apply outside of that state’s borders.
- Assessments may violate the First Amendment. The bill’s assessment provisions may be subject to legal challenge that they are unconstitutional government mandates for developers to create speech, in violation of the First Amendment. The likelihood of such challenges may be increased by the Ninth Circuit’s latest holdings that similar assessment provisions in California’s Age-Appropriate Design Code Act and AB 587 (relating to social media platforms) are facially unconstitutional on First Amendment grounds.[8]

[1] Statement of Gavin Newsom, p. 2 (Sept. 29, 2024), https://www.gov.ca.gov/wp-content/uploads/2024/09/SB-1047-Veto-Message.pdf.

[2] See note 4, infra.

[3] See note 1, supra, at p. 2.

[4] Id.

[5] Id. at p. 3. Contemporaneous with his veto, Newsom announced new partnerships and initiatives for responsibly deploying generative AI and directing state agencies more closely to examine issues surrounding critical harms. The Office of Gov. Gavin Newsom, Governor Newsom announces new initiatives to advance safe and responsible AI, protect Californians (Sept. 29, 2024), https://www.gov.ca.gov/2024/09/29/governor-newsom-announces-new-initiatives-to-advance-safe-and-responsible-ai-protect-californians/.

[6] See Jeremy B. White, Gavin Newsom signals concerns about major AI safety bill, Politico (Sept. 17, 2024), https://subscriber.politicopro.com/article/2024/09/gavin-newsom-signals-concerns-about-major-ai-safety-bill-00179727 (setting out Newsom’s concerns that the bill may create a “chilling effect” and make it harder for California to maintain its status as the home of tech innovation).

[7] The proposed computing threshold mirrors the Biden administration’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.

[8] NetChoice v. Bonta, No. 23-2969 (9th Cir. Aug. 16, 2024); X Corp. v. Bonta, No. 24-271 (9th Cir. Sept. 4, 2024).

The following Gibson Dunn lawyers assisted in preparing this update: Christopher Rosina, Frances Waldmann, Emily Maxim Lamm, Cassandra Gaedt-Sheckter, Vivek Mohan, and Eric Vandevelde.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Artificial Intelligence practice group:

Christopher Rosina – New York (+1 212.351.3855, [email protected])
Frances A. Waldmann – Los Angeles (+1 213.229.7914,[email protected])
Keith Enright – Palo Alto (+1 650.849.5386, [email protected])
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, [email protected])
Vivek Mohan – Palo Alto (+1 650.849.5345, [email protected])
Robert Spano – London/Paris (+33 1 56 43 13 00, [email protected])
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, [email protected])

Gibson Dunn’s Workplace DEI Task Force aims to help our clients develop creative, practical, and lawful approaches to accomplish their DEI objectives following the Supreme Court’s decision in SFFA v. Harvard. Prior issues of our DEI Task Force Update can be found in our DEI Resource Center. Should you have questions about developments in this space or about your own DEI programs, please do not hesitate to reach out to any member of our DEI Task Force or the authors of this Update (listed below).

Key Developments:

On September 5, the Office of Federal Contract Compliance Programs (OFCCP) held an informal compliance conference with Sanofi Pasteur, Inc. to address a complaint made by America First Legal (AFL). AFL alleged that the Sanofi violated the Constitution by implementing in its contracts with the federal government a “Diverse Slate Policy,” which required Sanofi’s talent acquisition team to hire a certain percentage of women and people of color for leadership roles. AFL also filed a complaint with the EEOC, alleging that the “Diverse Slate Policy” violated Title VII of the Civil Rights Act of 1964. During the compliance conference with the OFCCP, Sanofi agreed that placement goals, utilization goals, and hiring benchmarks should “not be interpreted as a ceiling or floor for the employment of particular groups of persons,” but rather, should serve as benchmarks to measure representation in its workforce. Sanofi also agreed to assess its employment practices and remedy any potential discrimination.

On September 9, the Congressional Black Caucus (CBC) released a corporate accountability report focused on Fortune 500 companies’ commitments to DEI and racial equity investments. The report found that most of the Fortune 500 companies that submitted responses to the CBC’s questions remain committed to, and have made progress on, their goals regarding workplace diversity and racial equity, despite recent attacks in the wake of the SFFA decision. The report outlines 12 best practices and approaches implemented by various companies to promote DEI in their workplaces, which the CBC hopes will become standard practice across industries. The report was published almost a year after the CBC issued a corporate accountability letter, addressing attacks on DEI initiatives in the private sector and urging Fortune 500 companies to make public statements affirming their commitments to such initiatives.

On September 23, 2024, U.S. District Judge Gregory F. Van Tatenhove of the Eastern District of Kentucky issued a preliminary injunction against the U.S. Department of Transportation’s Disadvantaged Business Enterprise (“DBE”) program. Represented by the Wisconsin Institute for Law & Liberty, two non-minority contractors sued the Department of Transportation in October 2023, challenging the DEB program’s purpose of directing at least 10% of federal transportation infrastructure funding to contracting firms owned by women and minorities. The DBE program is meant to combat statistical disparities and to remedy past and ongoing discrimination in the federally assisted transportation contracting market. The plaintiffs allege that the DBE program’s race- and gender-based preferences violate the Constitution’s equal protection guarantees. The court held that the plaintiffs would “likely win on the merits of their constitutional claims,” and granted a partial preliminary injunction, preventing the Department of Transportation from using race- and gender-based criteria for contracts on which the two plaintiffs bid. The DBE program is the latest in a series of government affirmative action programs that have been enjoined on constitutional grounds.

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

Bloomberg Law, “Employer Cutbacks to Worker Diversity Groups Pose Legal Risks” (September 10): Rebecca Klar of Bloomberg Law discusses the legal risks posed by the employers’ decisions to restructure employee resource groups (ERGs) in response to backlash from anti-DEI activists including Robby Starbuck and America First Legal. Klar interviewed the former acting chair of the EEOC, Victoria Lipnic, who explained that the legality of ERGs likely depends “on how they were created, who is invited to join, and what is being offered.” And while “most companies have been sophisticated” in their approach to ERGs, including making sure to welcome allies regardless of characteristics like race or sex, Lipnic says that companies thinking about restructuring their ERGs should “not lose sight that real discrimination still happens every day in the workplace” and should ensure the workplace is one of equal opportunity and free from discrimination.
Bloomberg Law, “Investors Push Deere to Explain DEI Rollbacks With New Bid” (September 13): Bloomberg Law’s David Hood reports on shareholder advocacy group As You Sow’s recent proposal to John Deere in the wake of the company’s recent public rollback of certain of its DEI commitments. Hood says that Deere’s decision came on the heels of an aggressive media campaign by anti-DEI activist Robby Starbuck, who has used his social media platform to criticize corporations for their DEI efforts. As You Sow’s proposal asks Deere to provide “data about its recruitment, retention, and promotion” of its employees categorized by “ethnicity, gender and race.” With that information, the proposal says, investors can “assess and compare the effectiveness of companies’ efforts to ensure meritocratic workplaces through DEI efforts.”
The New York Times, “Yale, Princeton and Duke Are Questioned Over Decline in Asian Students” (September 17): Writing for The New York Times, Anemona Hartocollis reports on Edward Blum’s recent threat of further litigation challenging race-based university admissions. Hartocollis says that Blum is now targeting institutions including Princeton, Duke, and Yale, which all reported a decline in the admission of Asian students in the past year. Blum claims that, “[b]ased on S.F.F.A.’s extensive experience,” the “racial numbers” at these top universities “are not possible under true neutrality” and warned that these universities “are now on notice” that more suits would soon follow. Princeton spokeswoman Jennifer Morrill stated that the university has “carefully adhered to the requirements set out by the Supreme Court,” while representatives from Yale and Duke did not comment. Professor William Jacobson of Cornell Law School predicts that Blum’s fight will now transition “away from policies to what is happening in admissions offices.”
AP News, “Major companies abandon an LGBTQ+ rights report card after facing anti-diversity backlash” (September 17): AP News’s Cathy Bussewitz reports on companies’ recent decisions to no longer participate in the Human Rights Campaign’s Corporate Equality Index, which is a scorecard that grades corporate efforts to ensure “that gay lesbian, bisexual, transgender and queer employees did not face discrimination in hiring and on the job.” Bussewitz says that most companies’ decision to end their participation in the Index stems from “conservative activists who have threatened boycotts and firms such as the Wisconsin Institute for Law & Liberty that have challenged DEI programs.” Jason Schwartz, co-chair of the Labor and Employment practice group at Gibson Dunn, observed that the “opponents to [DEI] efforts are winning the war of words, and they’ve got a lot of momentum in the courtroom, so I do think it’s a serious threat that needs to be responded to in a thoughtful way.”

Corporate Diversity:

BNN Bloomberg, “US Companies Nix Career Programs for Women Amid DEI Backslide” (September 17): Writing for BNN Bloomberg, Kelsey Butler and Emily Chang report on studies from LeanIn and McKinsey, finding that companies’ “formal mentorship programs for women” have decreased from 48% in 2022 to 37% in 2024. Butler and Chang attribute the decline to the concerted efforts by conservative activists, including Robby Starbuck, Edward Blum, and Stephen Miller. According to Rachel Thomas, co-founder and CEO of LeanIn, “the pullback in commitments” is “one of the more concerning findings” from their studies, as DEI is “at a moment where companies have momentum in many areas and we need them to keep going.” To that end, Butler and Chang note that “there has been progress in representation of women in the highest rungs of corporate America,” with women now comprising “29% of C-suite positions, up from 17% in 2015.” But the authors of the studies believe this progress is fragile and call for companies to remain steadfast in their desire to ensure women have the support needed to climb the corporate ladder.
Bloomberg Law, “Caterpillar Joins Ford, Lowe’s in Diversity Rethink as Backlash Grows” (September 19): Bloomberg Law’s Jeff Green and Sana Pashankar report on Caterpillar’s decision to pull back on certain diversity policies in response to anti-DEI social media campaigns by conservative activist Robby Starbuck. Green and Pashankar report that Caterpillar is “introducing new guidelines on external sponsorships and donations as part of a review of some of its DEI initiatives.” A company spokesperson, Joan Cetera, confirmed that Caterpillar met with Starbuck prior to announcing these changes. But Cetera clarified that certain measures, like the company’s withdrawal from the Human Rights Campaign’s Corporate Equality Index, were already in place before Starbuck set his sights on the corporation. Green and Pashankar note that Caterpillar’s “tweaks fall short of some of the more substantial changes made by companies like Tractor Supply Co.”
Fortune, “How Robby Starbuck is Taking Aim at DEI Programs of Fortune 500 Companies” (September 19): Fortune’s Lila MacLellan reports on Robby Starbuck’s activism against “woke” workplace culture, including his campaigns against Tractor Supply, John Deere, Harley Davidson, and other companies. MacLellan notes that several of these companies have pulled back their support for the Human Rights Campaign’s Corporate Equality Index and events like Pride parades, and also have “dropp[ed] supplier diversity goals and chang[ed] the focus of their employee resource groups.” While Starbuck has claimed credit for changes to DEI policies at these companies, MacLellan says that many of them were planning to make these changes prior to any outreach from Starbuck. As Alphonso David, CEO of the Global Black Economic Forum, noted, “[W]e should be careful not to assume that [Starbuck’s] efforts are actually directly responsible for these changes.” MacLellan also reports on efforts to counteract Starbuck’s influence: for example, As You Sow, a nonprofit that promotes corporate responsibility through shareholder advocacy, has drafted a shareholder proposal about John Deere’s “ambiguous and inconsistent shift in policies and practices” regarding DEI.

Case Updates:

Below is a list of updates in new and pending cases:

1. Employment discrimination and related claims:

Missouri v. Int’l Bus. Machs. Corp., No. 24SL-CC02837 (Cir. Ct. of St. Louis Cty. 2024): On June 20, the State of Missouri filed a complaint against IBM in state court, alleging that the company is violating the Missouri Human Rights Act by using race and gender quotas in its hiring and basing employee compensation on participation in allegedly discriminatory DEI practices. The complaint cites a leaked video in which IBM’s Chief Executive Officer and Board Chairman, Arvind Krishna, allegedly stated that all executives must increase representation of ethnic minorities in their teams by 1% each year in order to receive a “plus” on their bonus. The complaint also alleges that employees at IBM have been fired or suffered adverse employment actions because they failed to meet or exceed these targets. The Missouri Attorney General is seeking to permanently enjoin IBM and its officers from utilizing quotas in hiring and compensation decisions.
- Latest update: On September 13, 2024, IBM moved to dismiss the suit, arguing that the “plus” bonus is not a “rigid racial quota,” but a lawful means of encouraging “permissible diversity goals.” IBM also argued that the State failed to assert sufficient facts to show that the “plus” bonus influenced any employment decisions in Missouri. The State’s opposition is due October 4, 2024.
Diemert v. City of Seattle, et al., No. 2:22-cv-01640 (W.D. Wash. 2022): On November 16, 2022, the plaintiff, a white male, sued his former employer, the City of Seattle. The plaintiff alleged that the City’s diversity initiatives, which allegedly included mandatory diversity trainings involving critical race theory and encouraging participation in “race-based affinity groups, caucuses, and employee resource groups,” amounted to racial discrimination in violation of Title VII and the Fourteenth Amendment. The plaintiff also alleged that he had been subjected to a hostile work environment. On August 16, 2024, the City filed a motion for summary judgment, arguing that the plaintiff had “resigned voluntarily because he had already moved to Texas and did not wish to return to in-person work.” The City further argued that while it required employees to complete two diversity activities per year, it did not penalize employees who did not fulfill the requirement.
- Latest update: On September 7, 2024, the plaintiff filed his opposition to the motion for summary judgment, arguing that he experienced discrimination that the City failed to remediate. On September 13, 2024, the City replied, contending that the plaintiff relied on allegations outside the record, experienced no adverse actions, and ignored the facts demonstrating the City’s lack of discriminatory intent and efforts to support the plaintiff.

2. Actions against Educational Institutions:

Faculty, Alumni, and Students Opposed to Racial Preferences (FASORP) v. Northwestern University, No. 1:24-cv-05558 (N.D. Ill. 2024): A nonprofit advocacy group filed suit against Northwestern University, alleging that the university is violating Title VI, Title IX, and Section 1981 by considering race and sex in law school faculty hiring decisions. The suit also claims that student editors of the Northwestern University Law Review give discriminatory preference to “women, racial minorities, homosexuals, and transgender people when selecting their members and editors,” and when selecting articles to publish. FASORP is seeking to enjoin Northwestern from (1) considering race, sex, sexual orientation, or gender identity in the appointment, promotion, retention, or compensation of its law school faculty or the selection of articles, editors, and members of the Northwestern University Law Review, and (2) soliciting any information about the race, sex, sexual orientation, or gender identity of law school faculty candidates or applicants for the Law Review. FASORP also asked the court to order Northwestern to establish a new policy for selecting law school faculty and Law Review articles, editors, and members, and to appoint a court monitor to oversee all related decisions.
- Latest update: On September 9, 2024, the university moved to dismiss the complaint for lack of standing and failure to state a claim. The university argues that FASORP lacks standing because it does not allege that any members are qualified and took steps to join the Law School’s faculty, are qualified and took steps to submit articles to the Law Review, or are or were ever Northwestern students. The university also argues that even if FASORP has standing, the claims are outside the ambit of Title VI and Title IX, and the Section 1981-based claims are vague and conclusory. A telephonic hearing on the motion to dismiss is set for January 28, 2025.
Sullivan v. Howard University, No. 1:24-cv-01924 (D.D.C. 2024): On July 1, 2024, a male administrator at Howard University who was transferred to another department filed suit against the university, bringing claims of sex discrimination and retaliation in violation of Section 1981, and sex discrimination, retaliation, and a hostile work environment in violation of the D.C. Human Rights Act (DCHRA).
- Latest update: On September 16, 2024, Howard University filed a partial motion to dismiss, arguing for the dismissal of both claims brought under Section 1981 because it does not protect against sex-based discrimination, and the hostile work environment claim because the alleged conduct was not severe, pervasive, or even linked to the plaintiff’s sex. The motion did not address the sex discrimination and retaliation claims brought under the DCHRA.
Gerber v. Ohio Northern University, No. 2023-1107-CVH (Ohio Ct. Common Pleas Hardin Cnty. 2023): On June 30, 2023, a law professor sued his former employer, Ohio Northern University, for terminating his employment after an internal investigation determined that he bullied and harassed other faculty members. On January 23, 2024, the plaintiff, represented by America First Legal, filed an amended complaint, claiming that his firing was actually in retaliation for his vocal and public opposition to the university’s stated DEI principles and race-conscious hiring, which he believed were illegal. The plaintiff alleged that the investigation and his termination breached his employment contract, violated Ohio civil rights statutes, and constituted various torts, including defamation, false light, conversion, infliction of emotional distress, and wrongful termination in violation of public policy. On June 17, 2024, both parties filed motions for summary judgment. On July 16, the court dismissed the individual defendants based on evidence showing they were not involved in the investigation or termination.
- Latest update: On September 12, 2024, the court granted the university’s motion for summary judgment on the plaintiff’s claims for wrongful termination and emotional distress, but otherwise denied the parties’ cross-motions for summary judgment. The court determined that issues of material fact exist concerning plaintiff’s claims for breach of contract, retaliation, defamation, and false light, which will proceed to a jury trial.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Blaine Evanson, Molly Senger, Zakiyyah Salim-Williams, Matt Gregory, Zoë Klein, Mollie Reiss, Jenna Voronov, Alana Bevan, Marquan Robertson, Janice Jiang, Elizabeth Penava, Skylar Drefcinski, Mary Lindsay Krebs, David Offit, Lauren Meyer, Kameron Mitchell, Maura Carey, and Jayee Malwankar.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and authors:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, [email protected])

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, [email protected])

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, [email protected])

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, [email protected])

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, [email protected])

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group
Orange County (+1 949-451-3805, [email protected])

From the Derivatives Practice Group: This week, the CFTC requested public comment on a rule certification filing and extended two no-action letters in connection with reporting obligations.

New Developments

CFTC Requests Public Comment on a Rule Certification Filing by KalshiEX LLC. On September 26, the CFTC requested public comment on a rule certification filing by KalshiEX LLC, which would amend its rulebook to include rules for a request for quote functionality and amendments to its prohibited transactions rule. The CFTC previously stayed KalshiEX LLC’s filing because, according to the CFTC, the submission presents novel or complex issues that require additional time to analyze and is potentially inconsistent with the Commodity Exchange Act or the CFTC’s regulations. Comments must be submitted on or before Oct. 28, 2024. [NEW]
CFTC Staff Extends No-Action Position for Certain Reporting Obligations Under the Ownership and Control Reports Final Rule. On September 25, the CFTC’s Division of Market Oversight (“DMO”) issued a no-action letter that extends the current no-action position for reporting obligations under the ownership and control reports final rule (“OCR Final Rule”). The OCR Final Rule, approved in 2013, requires the electronic submission of trader identification and market participant data for special accounts and volume threshold accounts through Form 102 and Form 40. DMO said that it is extending its no-action position to address continuing compliance difficulties associated with certain ownership and control reporting obligations identified by reporting parties and market participants. The position extends DMO’s position under CFTC Letter No. 23-14, stating that DMO will not recommend the CFTC commence an enforcement action for non-compliance with certain obligations. These obligations include, among others, the timing of ownership and control report form filings; certain information required to be reported regarding trading account controllers and volume threshold account controllers on Form 102; the reporting threshold that triggers the reporting of a volume threshold account on Form 102; the filing of refresh updates for Form 102; and responses to certain questions on Form 40. The no-action position will remain in effect until the later of the applicable effective date or compliance date of a CFTC action, such as a rulemaking or order, addressing such obligations. [NEW]
CFTC Announces Four Orders Granting Whistleblower Awards – Marking the Most in a Single Day. On September 23, the CFTC announced awards totaling approximately $4.5 million for whistleblowers who, collectively, provided information that led to the success of multiple enforcement actions brought by the CFTC and another authority. The four orders granting awards, to a total of seven whistleblowers, are the most the CFTC has issued on a single day. [NEW]
CFTC Staff Extends Temporary No-Action Letter Regarding Capital and Financial Reporting for Certain Non-U.S. Nonbank Swap Dealers Domiciled in the EU and the UK. On September 20, the CFTC’s Market Participants Division (“MPD”) announced it issued a temporary no-action letter extending CFTC Staff Letters No. 21-20 and 22-10 to certain nonbank swap dealers (SDs) domiciled in the European Union (“EU”) and the United Kingdom (“UK”) that are the subject of pending CFTC reviews for comparability determinations regarding capital and financial reporting requirements. As part of the capital and financial reporting requirements for nonbank SDs, the CFTC adopted a substituted compliance framework that permits certain nonbank SDs to rely on compliance with home-country capital and financial reporting requirements in lieu of meeting all or parts of the CFTC’s capital adequacy and financial reporting requirements, provided the CFTC finds the home-country requirements comparable to the CFTC’s requirements. Through CFTC Staff Letter No. 24-13, issued on September 20, MPD is extending a no-action position to eligible nonbank SDs domiciled in the EU and the UK that are not covered by existing CFTC orders addressing capital and financial reporting requirements. The no-action position is conditioned upon the nonbank SDs remaining in compliance with applicable home-country capital and financial reporting requirements and submitting certain financial reporting information to the CFTC. The no-action position will expire by December 31, 2026 or the effective date of any final CFTC action addressing the comparability of capital and financial reporting requirements applicable to the relevant nonbank SDs. [NEW]
CFTC Approves Final Guidance Regarding the Listing of Voluntary Carbon Credit Derivative Contracts. On September 20, the CFTC approved final guidance regarding the listing for trading of voluntary carbon credit derivative contracts. The guidance applies to designated contract markets (“DCMs”), which are CFTC-regulated derivatives exchanges, and outlines factors for DCMs to consider when addressing certain Core Principle requirements in the Commodity Exchange Act (“CEA”) and CFTC regulations that are relevant to the listing for trading of voluntary carbon credit derivative contracts. The guidance also outlines factors for consideration when addressing certain requirements under the CFTC’s Part 40 Regulations that relate to the submission of new derivative contracts, and contract amendments to the CFTC.
CFTC Approves Part 40 Final Rule to Simplify and Enhance Rule and Product Submission Processes. On September 12, the CFTC approved a final rule to amend Part 40 of the CFTC’s regulations. The regulations in Part 40 implement Section 5c(c) of the CEA and govern how registered entities submit self-certifications, and requests for approval, of their rules, rule amendments, and new products for trading and clearing, as well as the CFTC’s review and processing of such submissions. The amendments are intended to clarify, simplify and enhance the utility of the Part 40 regulations for registered entities, market participants and the CFTC. The final rule is effective 30 days after publication in the Federal Register.
DC Circuit Court Orders Temporary Stay Suspending Trading on Election Contracts. On September 12, the United States Court of Appeals for the District of Columbia Circuit (the “DC Circuit Court”) ordered a temporary stay suspending trading on election contracts offered by KalshiEx LLC (“KalshiEx”) “to give the court sufficient opportunity to consider the emergency motion for stay pending appeal.” Prior to the temporary stay from the DC Circuit Court, the United States District Court for the District of Columbia (the “DC District Court”) overturned an order blocking KalshiEx from allowing election contract trading on its platform and denied the CFTC’s request for a stay pending appeal. KalshiEx filed a response to the CFTC’s emergency motion on September 12 and the CFTC’s reply is due to the DC Circuit Court by 6:00 pm on September 14.
CFTC Approves Final Rule Regarding Exemptions from Certain Compliance Requirements for Commodity Pool Operators, Commodity Trading Advisors, and Commodity Pools. On September 12, the CFTC published a final rule that amends CFTC Regulation 4.7, a provision that provides exemptions from certain compliance requirements for commodity pool operators (“CPOs”) regarding commodity pool offerings to qualified eligible persons (“QEPs”) and for commodity trading advisors (“CTAs”) regarding trading programs advising QEPs. The final rule amends various provisions of the regulation that have not been updated since the rule’s original adoption in 1992. Specifically, the final rule: (1) increases the monetary thresholds outlined in the “Portfolio Requirement” definition that certain persons may use to qualify as Qualified Eligible Persons; (2) codifies exemptive letters allowing CPOs of Funds of Funds operated under Regulation 4.7 to choose to distribute monthly account statements within 45 days of the month-end; (3) includes technical amendments designed to improve its efficiency and usefulness for intermediaries and their prospective and actual QEP pool participants and advisory clients, as well as the general public; and, (4) updates citations within 17 CFR Part 4, and throughout the CFTC’s rulebook, to reflect the new structure of Regulation 4.7.

New Developments Outside the U.S.

SFC and HKMA Publish Conclusions on Enhancements to OTC Derivatives Reporting Regime for Hong Kong. On September 26, the Securities and Futures Commission and the Hong Kong Monetary Authority jointly published conclusions on proposed enhancements to the over-the-counter (“OTC”) derivatives reporting regime for Hong Kong, indicating that they will mandate (i) the use of unique transaction identifiers, (ii) the use of unique product identifiers and (iii) the reporting of critical data elements beginning on September 29, 2025. [NEW]
ESAs Warn of Risks From Economic and Geopolitical Events. On September 10, the three European Supervisory Authorities (“ESAs”) issued their Autumn 2024 Joint Committee Report on risks and vulnerabilities in the EU financial system. In the report, the ESAs underlined ongoing high economic and geopolitical uncertainties, warned of the financial stability risks that they believe stem from these uncertainties and called for continued vigilance from all financial market participants. For the first time, the report also includes a cross-sectoral deep dive into credit risks in the financial sector.
EC Publishes Draghi Report on the Future of European Competitiveness. On September 9, the European Commission (“EC”) published a report, Future of European Competitiveness, authored by former Italian prime minister and head of the European Central Bank Mario Draghi. The report, which was commissioned by EC president Ursula von der Leyen, outlines the EU’s new industrial strategy. Part A of the report outlines the overarching strategy, while Part B discusses sectoral and horizontal policies and related recommendations in more detail. The report covers topics that include energy derivatives, sustainable finance, EU supervision, Basel framework, and collateral. The EC president indicated that she will aim to form a cabinet, with related mission letters that she expects to cover certain aspects of the report as part of future EU policies.

New Industry-Led Developments

ISDA Publishes Updated Best Practices for Confirming Reference Obligations or Standard Reference Obligations. On September 25, ISDA published updated Best Practices for Single-name Credit Default Swaps regarding Reference Obligations or Standard Reference Obligations. The document sets out suggested best practices for confirming the Reference Obligation or Standard Reference Obligations for single-name Credit Default Swaps and is an update to the Best Practice Statement that was published by ISDA on November 18, 2014. [NEW]
Joint Trade Association Issues Statement on EMIR 3.0 Effective Implementation Dates. On September 23, ISDA, the Alternative Investment Management Association, the European Banking Federation, the European Fund and Asset Management Association and FIA sent a letter urging the European Commission and European supervisory authorities to clarify that market participants are not required to implement the European Market Infrastructure Regulation (“EMIR 3.0”) Level 1 provisions prior to the date of application of the associated Level 2 regulatory technical standards (“RTS”). In the letter, the associations state that they are seeking clarification to avoid firms being required to implement the requirements of EMIR 3.0 twice—first, to comply with the Level 1 provisions once EMIR 3.0 enters into force and then when the associated Level 2 RTS becomes applicable. [NEW]
ISDA Publishes Standing Settlement Instructions Suggested Operational Practices. On September 20, ISDA published the ISDA Standing Settlement Instructions (“SSI”) suggested operational practices (“SOP”), which outlines a set of guidelines for the communication, management and usage of SSIs. According to ISDA, the document aims at increasing standardization and efficiency in performing payments for over-the-counter (“OTC”) derivatives and it is an update to the Best Practice Statement that was published by ISDA on August 11, 2010. SOPs for the exchange of SSIs for the purposes of collateral are available in section 1.7 of the Suggested Operational Practices for the OTC Derivatives Collateral Process. [NEW]
ISDA Publishes Results of DC Review Consultation. On September 19, ISDA published the results of a market-wide consultation on proposed changes to the structure and governance of the Credit Derivatives Determinations Committees (“DCs”). ISDA reported that the consultation indicated broad market support to implement many of the recommendations, including establishing a separate governance body, implementing certain transparency proposals relating to the publication of DC decisions and appointing up to three independent members of the DCs. Some of the proposals received a significant minority of objections.
ISDA Submits Letter to US Treasury Department on Listed Transactions. On September 11, ISDA submitted a letter in response to the US Department of the Treasury’s proposal to identify certain basket contract transactions as listed transactions. In the letter, ISDA arguesd that ISDA believes the proposed regulations would apply to many non-abusive transactions, would inappropriately take the place of substantive guidance and would generate compliance burdens and uncertainty for taxpayers.

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Derivatives practice group, or the following practice leaders and authors:

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, [email protected])

Michael D. Bopp, Washington, D.C. (202.955.8256, [email protected])

Michelle M. Kirschner, London (+44 (0)20 7071.4212, [email protected])

Darius Mehraban, New York (212.351.2428, [email protected])

Jason J. Cabral, New York (212.351.6267, [email protected])

Adam Lapidus – New York (212.351.3869, [email protected] )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, [email protected])

William R. Hallatt , Hong Kong (+852 2214 3836, [email protected] )

David P. Burns, Washington, D.C. (202.887.3786, [email protected])

Marc Aaron Takagaki , New York (212.351.4028, [email protected] )

Hayden K. McGovern, Dallas (214.698.3142, [email protected])

Karin Thrasher, Washington, D.C. (202.887.3712, [email protected])

This update provides a high-level summary of meaningful similarities and differences between the CFTC’s proposed and final guidance regarding the listing of voluntary carbon credit derivative contracts.

On September 20, 2024, the Commodity Futures Trading Commission (the CFTC or the Commission) approved final guidance (the VCC Guidance)[1] outlining factors for consideration by CFTC-regulated exchanges, such as designated contract markets (DCMs) and swap execution facilities,[2] regarding the listing for trading of voluntary carbon credit (VCC) derivative contracts.[3] The CFTC did not depart significantly from its proposed guidance on the same topic, issued on December 4, 2023 (the VCC Proposal), and focused on key considerations when addressing certain requirements in the Commodity Exchange Act (the CEA) and CFTC regulations applicable to the design and listing of such contracts.

This update provides a high-level summary of meaningful similarities and differences between the VCC Proposal and the VCC Guidance.[4]

Overview

The VCC Guidance does not establish new obligations for DCMs or modify or supersede the existing regulatory framework regarding the listing of derivative products by DCMs. Rather, it provides the CFTC’s views and guidance on factors potentially relevant to its evaluation of DCM compliance and outlines matters for consideration by a DCM when designing and listing a VCC derivative contract. In the context of VCC derivatives, the VCC guidance applies the already applicable “DCM Core Principles”[5] to VCC derivatives contracts. In particular, DCM Core Principle 3, a requirement that a DCM only list for trading contracts that are not readily susceptible to manipulation, and DCM Core Principle 4, a requirement that a DCM prevent manipulation, price distortion and disruptions of the physical delivery or cash-settlement process through market surveillance, compliance and enforcement practices and procedures, form the foundation of the VCC Guidance. The VCC Guidance also addresses product submission requirements under Part 40 of the CFTC’s regulations and CEA section 5c(c), insofar as such requirements relate to VCC derivatives.

The CFTC and Voluntary Carbon Markets

The VCC Guidance represents the “culmination of over five years of work” and the first time that a U.S. financial regulator has issued “regulatory guidance for contract markets that list financial contracts aimed at providing tools to manage risk, promote price discovery, and foster the allocation of capital towards decarbonization efforts,” according to Commissioner Behnam, who detailed many of the CFTC’s efforts in its supporting statement.[6] According to the VCC Guidance, more than 150 derivative contracts on mandatory emissions program instruments are listed on DCMs[7] and 29 derivative contracts on voluntary carbon market products had been listed for trading by DCMs as of August 2024,[8] up from 18 as of November 2023[9] (only three of which currently have open interest).[10]

The VCC Guidance sits alongside many initiatives, both public and private, designed to encourage standards in VCC derivatives markets and promote transparency and liquidity. There is no primary regulator of the VCC markets; however, the CFTC has regulatory authority over environmental commodity derivatives, as established in a joint product definition rulemaking with the Securities Exchange Commission following the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act.[11] Although the CFTC does not have regulatory authority over the spot trading of VCCs, it has enforcement authority over fraud and manipulation in the spot VCC market.[12] The VCC Guidance should also be understood in the context of the U.S. federal government’s efforts to promote enhance VCC derivatives markets.[13]

But the proper role of the federal government, and the CFTC itself, in VCC derivatives markets remains unsettled. For example, Commissioner Mersinger issued a dissenting statement on the VCC Guidance, stating that it “is a solution in search of a problem,” constituting “guidance on an emerging class of products that have very little open interest and comprise a miniscule percentage of trading activity on CFTC-regulated DCMs” that includes “veiled attempts to propagate controversial political ideologies.”[14] Commissioner Mersinger stated that the inclusion of Environmental and Social Governance compliance and Net Zero goals in the VCC Guidance was misplaced, calling such focus “a backdoor attempt to inject and memorialize certain political ideologies into CFTC regulatory decisions.”[15]

CFTC Guidance for DCMs Regarding the Listing of VCC Derivative Contracts

The VCC Guidance focuses mainly on physically-settled VCC derivative contracts. However, like in the VCC Proposal, the CFTC noted that its discussion of “VCC commodity characteristics for consideration by a DCM in connection with the design and listing of a physically-settled VCC derivative contract[] would also be relevant for cash-settled derivative contracts that settle to the price of a VCC, unless otherwise noted.”[16]

1. A DCM Shall Only List Derivative Contracts That Are Not Readily Susceptible to
Manipulation

The CFTC maintained the position it put forth in the VCC Proposal that, at a minimum, a DCM should address quality standards, delivery points and facilities, and inspection provisions in the design of a VCC derivative contract and that addressing such criteria in the contract’s terms and conditions will assist in promoting accurate pricing and reducing susceptibility to manipulation. In addition to maintaining its position, the CFTC explained in the VCC Guidance that industry-recognized standards for high-integrity VCCs can assist in preventing manipulation and that DCMs should consider identifying the standards program and related crediting program in the contract’s terms and conditions.

A. Quality Standards

The VCC Guidance follows the VCC Proposal in recommending that a DCM should consider transparency, additionality, permanence and risk of reversal, and robust quantification of emissions reductions or removals when addressing quality standards in connection with the design of a VCC derivative contract. In addition to what the CFTC set forth in the VCC Proposal, it recognized that:

a DCM may determine that it is appropriate to consider, when addressing quality standards in connection with derivative contract design, whether the crediting program for underlying VCCs has implemented measures to help ensure that credited mitigation projects or activities: (i) meet or exceed best practices on social and environmental safeguards, and (ii) would avoid locking in levels of [greenhouse gas (“GHG”)] emissions, technologies or carbon intensive practices that are incompatible with the objective of achieving net zero GHG emissions by 2050.[17]

The CFTC substantively revised its recommendations with respect to transparency and additionality, as described immediately below, but carried forward its proposed recommendations with respect to permanence and risk of reversal and robust quantification of emissions reductions or removals.

Transparency. The CFTC supplemented the VCC Proposal on transparency to provide that the terms and conditions of a physically-settled VCC derivative contract should “clearly identify what is deliverable under the contract.”[18]
Additionality. The CFTC refined the VCC Proposal on additionality, explicitly declining to define the term,[19] to provide that a DCM should consider “whether the crediting program for underlying VCCs has procedures in place to test for additionality” and whether such procedures “provide reasonable assurance that GHG emission reductions or removals will be credited only if they are additional.”[20]

B. Delivery Points and Facilities

The CFTC maintained its position set forth in the VCC Proposal that a DCM should consider a crediting program’s governance, tracking mechanisms and measures to prevent double-counting when addressing delivery procedures.

C. Inspection Provisions – Third Party Validation and Verification

In the VCC Guidance, the CFTC indicated that a DCM should look for “reasonable assurances” that crediting programs are validating and verifying credit mitigation projects and activities appropriately, replacing the VCC Proposal’s guidance that DCMs should directly consider a crediting program’s policies and procedures.

In the VCC Proposal, the CFTC proposed that a DCM should consider “how the crediting programs for the underlying VCCs require validation and verification that credited mitigation projects or activities meeting the crediting program’s rules and standards.”[21] The CFTC revised that recommendation in the VCC Guidance and indicated that a DCM consider “whether there is reasonable assurance that the crediting programs for the underlying VCCs have up-to-date, robust and transparent procedures for validating and verifying that credited mitigation projects or activities meet the crediting program’s rules and standards,”[22] including “whether there is reasonable assurance that the crediting program’s procedures reflect best practices with respect to third party validation and verification.”[23]

2. A DCM Shall Monitor a Derivative Contract’s Terms and Conditions as They Relate to
the Underlying Commodity Market.

With respect to monitoring the terms and conditions of a physically-settled VCC derivative contract, the VCC Proposal and Guidance both stated that a DCM should (i) ensure that the underlying VCC reflects the latest certification standard applicable for that VCC and (ii) maintain rules that require its market participants to keep certain records and make them available to the DCM upon request.

3. A DCM Must Satisfy the Product Submission Requirements Under Part 40 of the
CFTC’s Regulations and CEA Section 5c(c).

The VCC Guidance and the VCC Proposal both maintained that that product submissions should be complete and thorough and include:

“[A]n ‘explanation and analysis’ of the contract and the contract’s ‘compliance with applicable provisions of the [CEA], including core principles and the Commission’s regulations thereunder.’”[24]
“[T]hat the explanation and analysis of the contract ‘either be accompanied by the documentation relied upon to establish the basis for compliance with applicable law, or incorporate information contained in such documentation, with appropriate citations to data sources[.]’”[25]
“[I]f requested by Commission staff, . . . any ‘additional evidence, information or data that demonstrates that the contract meets, initially or on a continuing basis, the requirements’ of the CEA or the Commission’s regulations or policies thereunder.”[26]

Conclusion

The VCC Guidance, like the VCC Proposal, is non-binding and limited to exchange-traded VCC derivative contracts. However, it suggests implications for the over-the-counter VCC derivatives market and VCC spot markets. More generally, the VCC Guidance is the CFTC’s latest effort to promote structure and standards and influence the development of global VCC markets.

[1] See “CFTC Approves Final Guidance Regarding the Listing of Voluntary Carbon Credit Derivative Contracts,” Release No. 8969-24, Sept. 20, 2024. Previously, the CFTC issued proposed guidance and a request for public comment regarding the listing for trading of voluntary carbon credit derivative contracts on December 4, 2023. The request for comment elicited approximately 90 comments from derivatives exchanges, industry and trade associations, carbon credit rating agencies and standard setting bodies, among others, during a 75-day public comment period. Our client update on the VCC Proposal is available at https://www.gibsondunn.com/cftc-issues-proposed-guidance-regarding-the-listing-of-voluntary-carbon-credit-derivative-contracts/.

[2] The CFTC stated that, while the VCC Guidance “focuses on the listing of VCC derivative contracts by DCMs, the Commission believes that the factors outlined for consideration also would be relevant for consideration by any SEF that may seek to permit trading in swap contracts that settle to the price of a VCC, or in physically-settled VCC swap contracts.” VCC Guidance, Pre-Print Version at 82.

[3] The statement of support by the Chairman and statement of dissent by Commissioner Mersinger are available at https://www.cftc.gov/PressRoom/PressReleases/8969-24.

[4] Further information on the VCC Proposal can be found In Gibson Dunn’s previous alert, available at: https://www.gibsondunn.com/cftc-issues-proposed-guidance-regarding-the-listing-of-voluntary-carbon-credit-derivative-contracts/

[5] See, e.g., https://www.cftc.gov/LawRegulation/DoddFrankAct/Rulemakings/DF_12_DCMRules/index.htm

[6] Statement of Support of Chairman Rostin Behnam on the Commission’s Final Guidance Regarding the Listing of Voluntary Carbon Credit Derivatives Contracts (September 20, 2024), available at https://www.cftc.gov/PressRoom/SpeechesTestimony/behnamstatement092024.

[7] See VCC Guidance, Pre-Print Version at 14-15.

[8] See Id. at 15.

[9] See Commission Guidance Regarding the Listing of Voluntary Carbon Credit Derivative Contracts; Request for Comment, 88 Fed. Reg. 89410, 89414 (December 27, 2023).

[10] See VCC Guidance, Pre-Print Version at 15.

[11]Further Definition of “Swap,” “Security-Based Swap,” and “Security-Based Swap Agreement”; Mixed Swaps; Security-Based Swap Agreement Recordkeeping; Final Rule, 77 Fed Reg 48208, 48233-48235 (August 13, 2012). (“An agreement, contract or transaction in an environmental commodity may qualify for the forward exclusion from the “swap” definition set forth in section 1a(47) of the CEA, 7 U.S.C. 1a(47), if the agreement, contract or transaction is intended to be physically settled.”)

[12] See 7 U.S.C. § 9; 17 CFR § 180.1.

[13] See e.g., Gibson Dunn’s previous client alert on the Biden-Harris Administration’s Joint Statement of Policy and new Principles for Responsible Participation in Voluntary Carbon Markets, available at: https://www.gibsondunn.com/us-department-of-treasury-releases-joint-policy-statement-and-principles-on-voluntary-carbon-markets/

[14] Dissenting Statement of Commissioner Summer K. Mersinger on Guidance Regarding the Listing of Voluntary Carbon Credit Derivative Contracts (September 20, 2024), available at https://www.cftc.gov/PressRoom/SpeechesTestimony/mersingerstatement092024.

[15] Id.

[16] VCC Guidance, Pre-Print Version at 81.

[17] Id. at 86.

[18] Id. at 86.

[19] Id. at 88.

[20] Id. at 87.

[21] Commission Guidance Regarding the Listing of Voluntary Carbon Credit Derivative Contracts; Request for Comment, 88 Fed. Reg. 89410, 89419 (December 27, 2023).

[22] VCC Guidance, Pre-Print Version at 94.

[23] Id. at 95.

[24] Id. at 98 (quoting 17 CFR 40.2(a)(3)(v) (for self-certification) and 40.3(a)(4) (for Commission approval)).

[25] Id.

[26] Id. at 98 (quoting 17 CFR 40.2(b) (for self-certification) and 40.3(a)(10) (for Commission approval)).

The following Gibson Dunn lawyers assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, and Hayden McGovern.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Derivatives practice group, or the following authors:

Jeffrey L. Steiner – Washington, D.C. (+1 202.887.3632, [email protected])

Adam Lapidus – New York (+1 212.351.3869, [email protected])

This 60 minute module will walk you through the key aspects that you should have in mind when preparing the work plan, structure and instruct the team for an internal investigation. Because there is no “one-size-fits-all”-approach to structuring an internal investigation, we will analyze and asses different key elements of an internal investigation that require attention, namely:

The relevant addressee of the results of the investigation
The work plan and its updates
Considerations to include witness counsel
Considerations to maximize the legal privilege in multi-jurisdictional settings
Considerations to be made before sharing findings with the Government
Preparation of witness interviews (in person and virtual)
Presentation formats for the findings of an investigation

At the end of the module you should have a good understanding of the do’s and don’ts that will enable you to preparing, running an internal investigation and presenting its results more effectively.

PANELISTS:

Benno Schwarz is the partner in charge of the Munich office of Gibson, Dunn & Crutcher and co-chair of the firm’s Anti-Corruption & FCPA Practice Group. He focuses on white collar defense and compliance investigations in a wide array of criminal regulatory matters. For more than 30 years, he has handled sensitive cases and investigations concerning all kinds of compliance issues, especially in an international context. Benno assists his clients in the prevention and avoidance of corruption, fraud and money laundering and in navigating economic sanctions in the corporate sector. His advisory work comprises the planning and implementation of internal corporate as well as independent investigations both nationally and internationally; the structuring, implementation and assessment of compliance management systems; and the representation of companies and their executive bodies before domestic and foreign authorities during associated criminal and administrative proceedings. He also helps clients navigate the complexities of sanctions and counter-sanctions compliance, especially with respect to Russia-related sanctions and export control restrictions, leveraging his insights from his decades-long experience in advising corporate clients on transactional, compliance and trade law related matters involving Russia. Benno has practiced as an admitted German lawyer (Rechtsanwalt) since 1993.

Katharina Humphrey is a partner in Gibson Dunn’s Munich office. She advises clients in Germany and throughout Europe on a wide range of compliance and white collar crime matters. Katharina regularly represents multi-national corporations in connection with cross-border internal corporate investigations and government investigations. She has significant expertise in the areas of anti-bribery compliance – especially regarding the enforcement of German anti-corruption laws and the U.S. Foreign Corrupt Practices Act (FCPA) –, technical compliance, as well as sanctions and anti-money-laundering compliance. She also has many years of experience in advising clients with regard to the implementation and assessment of compliance management systems. The Legal 500 Deutschland 2024 and The Legal 500 EMEA 2024 listed her as “Next Generation Partner” in the field of Compliance and also recommended her for Internal Investigations. Katharina speaks German, English, French and Italian. She is admitted to practice in Germany (Rechtsanwalt).

Oleh Vretsona is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher. He currently practices in the firm’s Litigation Department, where he focuses on white collar criminal defense, internal investigations, regulatory inquiries, antitrust, and corporate compliance. Oleh has represented clients in a wide variety of matters, including matters arising under the U.S. Foreign Corrupt Practices Act and antitrust matters, and he has advised clients on structure and implementation of corporate compliance programs. Oleh has significant experience in conducting internal investigations and advising clients on the effectiveness of their internal compliance controls. Oleh has participated in and managed numerous internal investigations for publicly held corporations involving operations in Russia, Eastern Europe, and various other countries and regions, and conducted extensive fieldwork in those countries, including numerous witness interviews. He is admitted to practice in New York and the District of Columbia.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hour, of which 1.0 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact [email protected] to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour in the General Category.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

Amer Ahmed, Anne Champion, Connor Sullivan, and Apratim Vidyarthi cover significant developments in newly-issued Supreme Court decisions in the 2023–24 term involving the First Amendment, following up on a previous webinar covering current First Amendment issues.

PANELISTS:

Amer S. Ahmed is a partner in the New York office of Gibson, Dunn & Crutcher. He is a member of Gibson Dunn’s Litigation; Trials Practice; Appellate and Constitutional Law; and Media, Entertainment and Technology Practice Groups. Amer’s practice focuses on representing institutional and individual clients in a variety of high-profile litigation matters at the investigatory, trial, and appellate levels, ranging from witness preparation to product-liability actions, white-collar criminal defense, and commercial disputes. Amer has played a lead role in many First Amendment and defamation disputes. Among other matters, he has successfully defended The Washington Post against a libel lawsuit in federal court, won a complete dismissal of defamation claims against a leading social media company, advised technology companies on compliance issues under Section 230 of the Communications Decency Act, prosecuted defamation claims on behalf of a high-profile businessman based on a worldwide smear campaign, and is representing the online publication Media Matters for America in its defense of a defamation case lodged by X Corp. Amer authored the practice guide on Defamation and Reputation Management in the USA on Lexology. Amer graduated from Columbia Law School where he was named a Harlan Fiske Stone Scholar and served as an articles editor of the Columbia Law Review. He received his Bachelor of Arts in Human Biology, with distinction, from Stanford University, where he was a President’s Scholar and was elected to the Phi Beta Kappa Society.

Amer is admitted to practice in the State of New York and the District of Columbia, as well as in the Supreme Court of the United States; the United States Courts of Appeals for the District of Columbia Circuit, Second Circuit, and Fourth Circuit; the United States District Court for the District of Columbia; and the United States District Courts for the Southern and Eastern Districts of New York.

Anne M. Champion is a partner in the New York office of Gibson, Dunn & Crutcher. She is a member of the Transnational Litigation, Media Law, and International Arbitration practice groups. Anne has played a lead role in a wide range of high stakes litigation matters, including several high profile First Amendment disputes. She represented CNN’s Jim Acosta and White House Correspondent Brian Karem in successful suits to reinstate their White House press passes, and Mary Trump in her defeat of an attempt to block publication of her best-selling book about the former President, Too Much and Never Enough: How My Family Created the World’s Most Dangerous Man, for which The American Lawyer recognized her along with Ted Boutrous and Matthew McGill as Litigators of the Week. She was previously recognized as Litigator of the Week for the successful defeat of a petition to confirm an $18 billion sham Egyptian arbitration award against Chevron Corporation and Chevron USA, Inc. She has been recognized by Lawdragon as among the “500 Leading Litigators in America,” by Chambers USA 2023 for General Commercial Litigation, and Benchmark Litigation, which named her to its 2022 list of the “Top 250 Women in Litigation.”

Anne is admitted to practice in the courts of the State of New York, the United States District Courts for the Southern, Eastern, and Northern Districts of New York, the Eastern District of Texas, and the United States Courts of Appeals for the Second Circuit, the D.C. Circuit, and the Federal Circuit.

Connor Sullivan is a partner in the New York office of Gibson, Dunn & Crutcher. He is a member of the Firm’s Media, Entertainment, and Technology; Appellate and Constitutional Law; Privacy, Cybersecurity and Data Innovation; and Intellectual Property Practice Groups.

Connor has significant experience in First Amendment matters representing news media organizations and reporters, as well as litigating attempts to restrain speech prior to publication. He has been involved in some of the Firm’s major recent First Amendment victories, including successfully representing members of the White House press corps suing to secure the return of suspended press credentials and representing Mary Trump, the niece of President Donald Trump, in successfully opposing the Trump family’s attempt to enjoin the publication of her bestselling family memoir. Before joining the firm, he served as a member of the trial team in one of the largest defamation suits ever tried. He is a co-author of “Defamation and Reputation Management in the United States” for the global research platform Lexology. Connor has also worked on behalf of pro bono clients in connection with immigration and First Amendment rights.

Connor is admitted to practice in New York and the District of Columbia, and before the United States Courts of Appeals for the Second, Third, Fourth, Sixth, Ninth, and District of Columbia Circuits and the United States District Courts for the Southern and Eastern Districts of New York and the District of Columbia.

Apratim Vidyarthi is a litigation associate in the New York office of Gibson, Dunn & Crutcher. His practice focuses on white collar, law firm defense, technology, and appellate and constitutional law, with a focus on First Amendment law.

Apratim is involved in several First Amendment matters, including representing Media Matters for America in its defense against Twitter/X Corp’s defamation litigation(s), defending a former White House official’s public speech calling out social media platforms’ hosting of misinformation about COVID vaccines, defending a social media company against state investigations, and defending a large technology company against a mandatory data-sharing bill. Apratim also maintains an active First Amendment pro bono docket, having recently filed amicus briefs in Free Speech Coalition v. Paxton, Villarreal v. Alaniz, and Gonzalez v. Trevino at the Supreme Court and in Pernell v. Lamb in the Eleventh Circuit, and defending a Jewish divorcee’s First Amendment rights to protest their ex-husbands’ refusals to grant permissions to divorce.

Apratim graduated cum laude from the University of Pennsylvania Law School, where he served as Philanthropy Editor on the board of the University of Pennsylvania Law Review. He received a Master’s in Engineering from Carnegie Mellon and Bachelors degrees in Nuclear Engineering and Applied Mathematics from the University of California, Berkeley. Prior to law school, Apratim worked at Deloitte Consulting in their technology consulting group. He is admitted to practice in the State of New York, and before the Eleventh Circuit, and the United States District Courts for the Southern and Eastern Districts of New York.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.5 credit hour, of which 1.5 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact [email protected] to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.25 hour in the General Category.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

The False Claims Act (FCA) is one of the most powerful tools in the government’s arsenal to combat fraud, waste, and abuse involving government funds. Nearly three years ago, the Department of Justice announced the establishment of the Civil Cyber-Fraud Initiative to utilize the False Claims Act to pursue cybersecurity related fraud by government contractors and grant recipients. Since the announcement of the Civil Cyber-Fraud Initiative, the government has continued to promulgate new cybersecurity requirements and reporting obligations in government contracts and funding agreements—which may bring yet more vigorous FCA enforcement efforts by the DOJ. The DOJ, moreover, has entered into several notable FCA settlements premised on alleged cybersecurity violations, and has intervened in a first-of-its kind qui tam case related to DoD cybersecurity regulations. As we approach the third anniversary of the launch of the Civil Cyber-Fraud Initiative, as much as ever, companies that receive government funds—especially companies operating in the government contracting sector—need to understand how the government and private whistleblowers alike are wielding the FCA to enforce required cybersecurity standards, and how they can defend themselves.

Please join this recorded webcast which discusses developments in the FCA, including:

The latest trends in FCA enforcement actions and associated litigation affecting government contractors, including technology companies;
Updates on enforcement actions arising under the DOJ Civil Cyber-Fraud Initiative;
The latest trends in FCA jurisprudence, including developments in particular FCA legal theories affecting your cybersecurity compliance and reporting obligations; and
Updates to the cybersecurity regulations and contractual obligations underlying enforcement actions by DOJ’s Civil Cyber-Fraud Initiative.

PANELISTS:

Winston Y. Chan is a partner in the San Francisco office of Gibson Dunn and Co-Chair of the firm’s White Collar Defense and Investigations practice group, and also its False Claims Act/Qui Tam Defense practice group. He leads matters involving government enforcement defense, internal investigations and compliance counseling, and regularly represents clients before and in litigation against federal, state and local agencies, including the U.S. Department of Justice, Securities and Exchange Commission and State Attorneys General. Prior to joining the firm, Winston served as an Assistant United States Attorney in the Eastern District of New York, where he held a number of supervisory roles and investigated a wide range of corporate and financial criminal matters. Winston is admitted to practice law in the state of California.

Stephenie Gosnell Handler is a partner in Gibson Dunn’s Washington, D.C. office, where she is a member of the International Trade and Privacy, Cybersecurity, and Data Innovation practices. She advises clients on complex legal, regulatory, and compliance issues relating to international trade, cybersecurity, and technology matters. Stephenie ’s legal advice is deeply informed by her operational cybersecurity and in-house legal experience at McKinsey & Company, and also by her active duty service in the U.S. Marine Corps.

Stephenie returned to Gibson Dunn as a partner of the Washington, D.C. office after serving as Director of Cybersecurity Strategy and Digital Acceleration at McKinsey & Company. In this role, she led development of the firm’s cybersecurity strategy and advised senior leadership on public policy and geopolitical trends relating to cybersecurity, technology, and data. Stephenie managed a team of experienced professionals responsible for the firm’s cybersecurity strategic initiatives, cybersecurity standards and certifications program, lifecycle governance initiatives, data analytics and optimization, and digital acceleration efforts across the cyber domain. She previously led McKinsey’s in-house cybersecurity legal team, where she advised on diverse global cybersecurity and technology matters, including strategic legal issues, data localization, regulatory compliance, risk management, governance, preparedness, and response. Stephenie frequently advised at the intersection of cybersecurity, technology, and data and export control and sanctions requirements.

Melissa L. Farrar is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher. Her practice focuses on white collar defense, internal investigations, and corporate compliance. Melissa represents and advises multinational corporations in internal and government investigations on a wide range of topics, including the U.S. Foreign Corrupt Practices Act, the False Claims Act, anti-money laundering, and accounting and securities fraud, including defending U.S. and global companies in civil and criminal investigations pursued by the U.S. Department of Justice and the U.S. Securities and Exchange Commission. She also has experience representing U.S. government contractors in related suspension and debarment proceedings. In addition, Melissa routinely counsels corporations on the design and implementation of their corporate ethics and compliance programs and in connection with transactional due diligence, with a particular emphasis on compliance with anti-corruption and anti-money laundering laws. She has experience in all areas of corporate compliance, including policy and procedure and code of conduct development, program governance and structure design, risk assessment planning and implementation, and the conduct of internal investigations, among others. Melissa is admitted to practice in the District of Columbia and Virginia.

Michael R. Dziuban is a senior associate in the Washington, D.C. office, where he practices in the Firm’s Litigation Department. Michael represents clients in white collar defense and civil enforcement matters, including investigations and lawsuits under the False Claims Act. He has advised government contractors, technology companies, healthcare companies, and individual executives in various stages of FCA enforcement opposite both government agencies and qui tam relators. Michael also has guided clients through government and internal investigations under anti-corruption and anti-money laundering laws, advised clients in government contracts disputes, and counseled companies on their corporate compliance programs. Michael is admitted to practice law in the Commonwealth of Virginia and the District of Columbia.

MCLE CREDIT INFORMATION:

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact [email protected] to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour in the General Category.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

New Developments

CFTC Approves Final Guidance Regarding the Listing of Voluntary Carbon Credit Derivative Contracts. On September 20, the CFTC approved final guidance regarding the listing for trading of voluntary carbon credit derivative contracts. The guidance applies to designated contract markets (“DCMs”), which are CFTC-regulated derivatives exchanges, and outlines factors for DCMs to consider when addressing certain Core Principle requirements in the Commodity Exchange Act (“CEA”) and CFTC regulations that are relevant to the listing for trading of voluntary carbon credit derivative contracts. The guidance also outlines factors for consideration when addressing certain requirements under the CFTC’s Part 40 Regulations that relate to the submission of new derivative contracts, and contract amendments to the CFTC. [NEW]
CFTC Approves Part 40 Final Rule to Simplify and Enhance Rule and Product Submission Processes. On September 12, the CFTC approved a final rule to amend Part 40 of the CFTC’s regulations. The regulations in Part 40 implement Section 5c(c) of the CEA and govern how registered entities submit self-certifications, and requests for approval, of their rules, rule amendments, and new products for trading and clearing, as well as the CFTC’s review and processing of such submissions. The amendments are intended to clarify, simplify and enhance the utility of the Part 40 regulations for registered entities, market participants and the CFTC. The final rule is effective 30 days after publication in the Federal Register. [NEW]
DC Circuit Court Orders Temporary Stay Suspending Trading on Election Contracts. On September 12, the United States Court of Appeals for the District of Columbia Circuit (the “DC Circuit Court”) ordered a temporary stay suspending trading on election contracts offered by KalshiEx LLC (“KalshiEx”) “to give the court sufficient opportunity to consider the emergency motion for stay pending appeal.” Prior to the temporary stay from the DC Circuit Court, the United States District Court for the District of Columbia (the “DC District Court”) overturned an order blocking KalshiEx from allowing election contract trading on its platform and denied the CFTC’s request for a stay pending appeal. KalshiEx filed a response to the CFTC’s emergency motion on September 12 and the CFTC’s reply is due to the DC Circuit Court by 6:00 pm on September 14.
CFTC Approves Final Rule Regarding Exemptions from Certain Compliance Requirements for Commodity Pool Operators, Commodity Trading Advisors, and Commodity Pools. On September 12, the CFTC published a final rule that amends CFTC Regulation 4.7, a provision that provides exemptions from certain compliance requirements for commodity pool operators (“CPOs”) regarding commodity pool offerings to qualified eligible persons (“QEPs”) and for commodity trading advisors (“CTAs”) regarding trading programs advising QEPs. The final rule amends various provisions of the regulation that have not been updated since the rule’s original adoption in 1992. Specifically, the final rule: (1) increases the monetary thresholds outlined in the “Portfolio Requirement” definition that certain persons may use to qualify as Qualified Eligible Persons; (2) codifies exemptive letters allowing CPOs of Funds of Funds operated under Regulation 4.7 to choose to distribute monthly account statements within 45 days of the month-end; (3) includes technical amendments designed to improve its efficiency and usefulness for intermediaries and their prospective and actual QEP pool participants and advisory clients, as well as the general public; and, (4) updates citations within 17 CFR Part 4, and throughout the CFTC’s rulebook, to reflect the new structure of Regulation 4.7.
CFTC Staff Issues No-Action Letter Related to Reporting and Recordkeeping Requirements for Fully Collateralized Binary Options. On September 4, 2024, the CFTC announced the Division of Market Oversight (“DMO”) and the Division of Clearing and Risk have taken a no-action position regarding swap data reporting and recordkeeping regulations in response to a request from LedgerX LLC d/b/a MIAX Derivatives Exchange LLC (“MIAXdx”), a designated contract market and derivatives clearing organization. The Divisions will not recommend the CFTC initiate an enforcement action against MIAXdx or its participants for certain swap-related recordkeeping requirements and for failure to report data associated with fully collateralized binary option transactions executed on or subject to the rules of MIAXdx to swap data repositories. The no-action letter is comparable to no-action letters issued for other similarly situated designated contract markets and derivatives clearing organizations.

New Developments Outside the U.S.

ESAs Warn of Risks From Economic and Geopolitical Events. On September 10, the three European Supervisory Authorities (“ESAs”) issued their Autumn 2024 Joint Committee Report on risks and vulnerabilities in the EU financial system. In the report, the ESAs underlined ongoing high economic and geopolitical uncertainties, warned of the financial stability risks that they believe stem from these uncertainties and called for continued vigilance from all financial market participants. For the first time, the report also includes a cross-sectoral deep dive into credit risks in the financial sector.
EC Publishes Draghi Report on the Future of European Competitiveness. On September 9, the European Commission (“EC”) published a report, Future of European Competitiveness, authored by former Italian prime minister and head of the European Central Bank Mario Draghi. The report, which was commissioned by EC president Ursula von der Leyen, outlines the EU’s new industrial strategy. Part A of the report outlines the overarching strategy, while Part B discusses sectoral and horizontal policies and related recommendations in more detail. The report covers topics that include energy derivatives, sustainable finance, EU supervision, Basel framework, and collateral. The EC president indicated that she will aim to form a cabinet, with related mission letters that she expects to cover certain aspects of the report as part of future EU policies.
MAS Updates FAQs on OTC Derivatives Reporting Regulations. On September 4, the Monetary Authority of Singapore (“MAS”) further updated the Frequently Asked Questions (FAQs) on the Securities and Futures (Reporting of Derivatives Contracts) Regulations 2013. MAS indicated that the FAQs are to aid implementation of the reporting obligations and elaborate on its intentions for some of the requirements. The new Singapore reporting rules will take effect on October 21, 2024.

New Industry-Led Developments

ISDA Publishes Results of DC Review Consultation. On September 19, ISDA published the results of a market-wide consultation on proposed changes to the structure and governance of the Credit Derivatives Determinations Committees (“DCs”). ISDA reported that the consultation indicated broad market support to implement many of the recommendations, including establishing a separate governance body, implementing certain transparency proposals relating to the publication of DC decisions and appointing up to three independent members of the DCs. Some of the proposals received a significant minority of objections. [NEW]
ISDA Submits Letter to US Treasury Department on Listed Transactions. On September 11, ISDA submitted a letter in response to the US Department of the Treasury’s proposal to identify certain basket contract transactions as listed transactions. In the letter, ISDA arguesd that ISDA believes the proposed regulations would apply to many non-abusive transactions, would inappropriately take the place of substantive guidance and would generate compliance burdens and uncertainty for taxpayers. [NEW]
ISDA Responds to Australia’s CFR on Bonds and Repo Clearing. On September 4, ISDA submitted a response to a consultation from Australia’s Council of Financial Regulators (“CFR”) on the central clearing of bonds and repos in Australia. In response to changes in the size and structure of the Australian bond and repo markets, the CFR sought feedback on the costs and benefits of introducing a central counterparty (“CCP”) in the Australian bond and repo markets. It also sought views on the circumstances under which a bond and repo CCP could be operated safely and efficiently by an overseas operator and what additional protections may be required in Australia. ISDA said that it welcomes the fact that the CFR is not considering the introduction of a clearing mandate. In its response, ISDA set out its opinion on the costs and benefits of voluntary central clearing for the Australian bond and repo markets. ISDA also commented on participation and other factors to consider for a bond and repo clearing offering to be viable. On location, the response states it is not uncommon for an overseas operator to provide clearing services related to non-domestic markets and ISDA indicated that it does not see any increased risk for an overseas operator to provide clearing services for the Australian bond and repo markets, as long as the overseas CCP is appropriately supervised and risk-managed.
ISDA Suggested Operational Practice “P43 Reporting of Post-Trade Events: Trades with no prior P43 Reporting.” On September 5, ISDA republished a Suggested Operational Practice (“SOP”) from July 2024 on approaches (e.g., for partial or full unwinds, partial or full novation, or partial or full exercises) under the CFTC amendments for allocated trades. The SOP recommends reporting the first Part 43 reportable post-trade event on an allocated trade with Action type “NEWT” and Event type “TRAD.”

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Derivatives practice group, or the following practice leaders and authors:

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, [email protected])

Michael D. Bopp, Washington, D.C. (202.955.8256, [email protected])

Michelle M. Kirschner, London (+44 (0)20 7071.4212, [email protected])

Darius Mehraban, New York (212.351.2428, [email protected])

Jason J. Cabral, New York (212.351.6267, [email protected])

Adam Lapidus – New York (212.351.3869, [email protected] )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, [email protected])

William R. Hallatt , Hong Kong (+852 2214 3836, [email protected] )

David P. Burns, Washington, D.C. (202.887.3786, [email protected])

Marc Aaron Takagaki , New York (212.351.4028, [email protected] )

Hayden K. McGovern, Dallas (214.698.3142, [email protected])

Karin Thrasher, Washington, D.C. (202.887.3712, [email protected])

Join our panelists for an insightful discussion on the intersection of internal audit and government investigations.

PANELISTS:

Patrick Stokes is a partner in Gibson Dunn’s Washington, D.C. office, and Co-Chair of the firm’s Anti-Corruption and FCPA practice group. His practice focuses on internal corporate investigations and enforcement actions regarding corruption, securities fraud, and financial institutions fraud. Prior to joining the firm, Patrick headed the DOJ’s FCPA Unit, managing the FCPA enforcement program and all criminal FCPA matters throughout the United States covering every significant business sector. Previously, he served as Co-Chief of the DOJ’s Securities and Financial Fraud Unit, overseeing investigations and prosecutions of financial fraud schemes involving corporations, financial institutions, and individuals. He also served as an Assistant United States Attorney in the Eastern District of Virginia, where he prosecuted a wide variety of financial fraud, immigration, and violent crime cases. He is a member of the Maryland State Bar and the District of Columbia Bar.

Oleh has significant experience in conducting internal investigations and advising clients on the effectiveness of their internal compliance controls. He has participated in and managed numerous internal investigations for publicly held corporations involving operations in Russia, Eastern Europe, and various other countries and regions, and conducted extensive fieldwork in those countries, including numerous witness interviews. Oleh is admitted to practice in New York and the District of Columbia.

Michael S. Diamant is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher. He is a member of the White Collar Defense and Investigations Practice Group, and serves on the firm’s Finance Committee. His practice focuses on white collar criminal defense, internal investigations, and corporate compliance. He has represented clients in an array of matters, including accounting and securities fraud, antitrust violations, and environmental crimes, before law enforcement and regulators, including the U.S. Department of Justice and the Securities and Exchange Commission. Michael also has managed numerous internal investigations for publicly traded corporations and conducted fieldwork in nineteen different countries on five continents.

Michael regularly conducts internal investigations for corporations regarding possible anti-bribery violations and assists them in complying with government subpoenas and negotiating settlements with enforcement agencies. He also routinely advises corporations on the adequacy of the design and implementation of their corporate ethics and compliance programs. This has included extensive work on all programmatic elements, including whistleblowing and investigative procedures, codes of conduct, expense approval and reimbursement processes, and oversight and governance functions, among many others. Michael is admitted to practice in the District of Columbia and the State of Virginia.

Courtney M. Brown is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher, where she practices primarily in the areas of white collar criminal defense and corporate compliance. Courtney has experience representing and advising multinational corporate clients, boards of directors, and executives in internal and government investigations and enforcement actions on a wide range of topics, including anti-corruption, anti-money laundering, economic sanctions, financial and accounting, and tax fraud matters. Courtney also counsels corporations on the effectiveness of their compliance programs and in connection with transactional due diligence, with a particular emphasis on compliance with anti-corruption laws, anti-money laundering regulations, and economic and trade sanctions administered by the U.S. Department of Treasury’s Office of Foreign Assets Control. She is a member of the bars of the District of Columbia and Virginia.

MCLE CREDIT INFORMATION:

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact [email protected] to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour in the General Category.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

Gibson, Dunn & Crutcher LLP is pleased to announce with Global Legal Group the release of the International Comparative Legal Guide to Sanctions 2025 – Germany Chapter. Gibson Dunn partner Benno Schwarz and associate Nikita Malevanny are co-authors of the publication which provides an overview of the EU sanctions regime as applied by Germany and covers relevant government agencies, applicable guidance, sanctions jurisdiction, export controls, criminal and civil enforcement, recent developments, and other topics. The chapter was co-authored with Veit Bütterlin-Goldberg and Svea Ottenstein from AlixPartners.

You can view this informative and comprehensive chapter via the link below:

CLICK HERE to view Sanctions 2025 – Germany Chapter.

For further information, please feel free to contact the authors, the Gibson Dunn lawyer with whom you usually work, or any leader or member of the firm’s International Trade practice group.

About Gibson Dunn’s International Trade Practice Group:

Gibson Dunn’s International Trade practice includes some of the most experienced practitioners in the field. Our global experience is unparalleled – the practice’s lawyers have worked extensively across Asia, Europe, the Gulf, and the Americas and many have served in senior government and enforcement roles as principal architects of key sanctions and export controls regimes and relief, including with respect to U.N. sanctions, and U.S. measures against Iran, Russia, Cuba, and Myanmar.

Please visit our International Trade practice page or contact Benno Schwarz (+49 89 189 33-210, [email protected]) or Nikita Malevanny (+49 89 189 33-224, [email protected]) in Munich.

About the Authors:

Benno Schwarz is a partner in the Munich office of Gibson, Dunn & Crutcher and co-chair of the firm’s Anti-Corruption & FCPA Practice Group. He focuses on white collar defense and compliance investigations in a wide array of criminal regulatory matters. For more than 30 years, he has handled sensitive cases and investigations concerning all kinds of compliance issues, especially in an international context, advising and representing companies and their executive bodies. He coordinates the German International Trade Practice Group of Gibson Dunn and assists clients in navigating the complexities of sanctions and counter-sanctions compliance. He is regularly recognized as a leading lawyer in Germany in the areas of white-collar crime, corporate advice, compliance and investigations.

Nikita Malevanny is an associate in the Munich office of Gibson, Dunn & Crutcher, and a member of the firm’s International Trade, White Collar Defense and Investigations, and Litigation Practice Groups. He focuses on international trade compliance, including EU sanctions, embargoes and export controls. He also carries out internal and regulatory investigations in the areas of corporate anti-corruption, anti-money laundering and technical compliance. Handelsblatt / The Best LawyersTM in Germany 2024/2025 have recognized him in their list “Ones to Watch” for litigation and intellectual property law. The Legal 500 Deutschland 2024 and The Legal 500 EMEA 2024 have recommended him for Foreign Trade Law. He holds both German and Russian law degrees and speaks German, English, Russian and Ukrainian. He is a regular member of Gibson Dunn’s cross-border teams supporting and advising clients on global sanctions and export control aspects.

On September 5, 2024, Institutional Shareholder Services (ISS) released its 2024 Proxy Season Review: United States – Executive Compensation. The below chart summarizes our observations of the 2024 data and key takeaways as we look to the 2025 proxy season. While these trends are positive for issuers overall, they underscore that issuers, their boards, compensation committees, and management should continue to take an active role in compensation programs, disclosure, and shareholder engagement practices.

Observations	Key Takeaways
Increased shareholder support for say-on-pay and equity plan proposals. Median say-on-pay support levels rebounded after steadily declining since 2017, though median say-on-pay support did not quite reach 95% (hovering at 94.9%, well below the highs of 2015-2017). Instances of low (less than 70%) say-on-pay support and failed say-on-pay votes each also decreased to 5.1% and 1%, respectively in 2024. Likewise, after declining in 2022 and 2023, equity plan support improved in 2024 and equity plan failure rates normalized at just under 1% (down from 1.6% in 2023).	ISS notes that this is the lowest proxy season say-on-pay failure rate ever observed. We attribute this positive trend to continued transparency in compensation program disclosures and increased attention on shareholder engagement efforts. Issuers should continue to address in their disclosures (1) how their compensation practices affect shareholder dilution and reflect and respond to broader market conditions, including inflationary pressures and economic volatility, and (2) how these factors impact their approach to designing and administering their compensation programs.
Continued positive correlation between pay-for-performance quantitative screen and ISS say-on-pay vote recommendation. Unsurprisingly, higher quantitative screen concern levels correlated to a higher likelihood of an “against” recommendation, with over half of issuers flagged with a “high” concern level receiving “against” recommendations.	Interestingly, the 3% of issuers with a “low” concern level that received “against” recommendations generally were cited for problematic contractual provisions, non-CEO executive pay, insufficient board responsiveness, or severance payouts.
Rising CEO pay. After dipping slightly in 2023, median CEO pay in the S&P 500 reached its highest level since say-on-pay votes began over a decade ago – $15.6 million. The Russell 3000 (excluding the S&P 500) median CEO pay also trended up slightly to $5.3 million, but was still below the high-water mark set in 2021.	ISS notes that the record low say-on-pay failure rates combined with the record high S&P CEO median pay level suggest that investors are considering factors beyond pay magnitude in their voting decisions. Consistent with ISS’s proxy voting guidelines, many large investors’ say-on-pay votes can be swayed by problematic pay practices (such as one-time awards or application of discretion in pay decisions) without clear disclosure of a compelling rationale.
Compensation plan design continues to favor formulaic and performance-based compensation. Annual and long-term incentive awards trended towards non-discretionary and performance-based design, respectively.	ISS’s focus on formulaic performance-based compensation, including the impact of ISS’s pay-for-performance quantitative screen noted above, continues to correlate with the say-on-pay vote recommendation.
Specific sectors and the Russell 3000 continue to use discretionary compensation. While discretionary compensation across all sectors and indices has generally declined or remained steady year-over-year, financial sector CEOs and a higher percentage of Russell 3000 (excluding S&P 500) CEOs continued to receive discretionary bonuses.	Discretionary compensation may still have specific appropriate use cases, though issuers should consider clearly disclosing the business or sector-specific rationale when deploying discretionary compensation. Based on these trends, benchmarking against sector-specific peers may also be helpful.
Higher perquisite numbers driven by aircraft perks and security costs. Median values of CEO “all other compensation” reported in 2024 climbed markedly in the S&P 500, particularly in the upper percentiles of perquisite values.	The ISS report noted that increases in CEO “all other compensation” levels appeared to be primarily driven by larger corporate aircraft perks and security costs. And at the same time, issuers have seen an enhanced focus by the SEC and IRS on reporting and disclosure of these benefits.
Equity plan design trends include continuing rise of evergreen provisions, use of discretion to accelerate vesting, and no minimum vesting requirement. While “problematic” provisions like repricings or cash buyouts of equity awards without shareholder approval, and liberal change in control vesting provisions continued to decline overall, evergreen provisions in equity plans continued a steady rise and were observed in over 15% of 2024 plans up for approval. Issuers seeking plan approval in 2024 continued to eschew limitations on flexibility to accelerate vesting and set vesting schedules.	The prevalence of evergreen provisions is likely attributable in part to the repeal of Section 162(m) of the Internal Revenue Code in 2017 and an increase in SPAC/de-SPAC transactions since 2021. Favoring the ability to set and adjust vesting schedules is unsurprising as issuers balance the need for flexibility in equity plan administration.
No surprises in pay-versus-performance disclosure. Consistent with 2023, most industries used earnings as their most important performance metric and technology, media and telecom looked to revenue. Compensation actually paid (CAP) trended upwards in most industries.	The overall increase in CAP is not surprising given its correlation to increases in stock prices and the year-over-year performance of the relevant industries from fiscal year 2022 to fiscal year 2023.
Modest increases in CEO pay ratio. Median CEO pay ratio in the S&P 500 saw a small increase year-over-year while the other indices (S&P 400, S&P 600, and remaining Russell 3000) remained steady.	Consistent with the trends in CEO pay levels, the median CEO pay-to-median employee ratios in the S&P 500, S&P 400, S&P 600 and remaining Russell 3000 were 189, 111, 73, and 45, respectively.
Say-on-golden parachute failure rate increased. In 2024, proposals seeking advisory approval of compensation payable in connection with a change of control dipped below 80% average support for the first time since 2017, and the failure rate for these proposals hit an all-time-high of 17%.	Say-on-golden parachute support/failure rates have generally correlated to changes in median golden parachute value, which increased 35% year-over-year from 2023 to 2024.

The following Gibson Dunn lawyers assisted in preparing this update: Krista Hanvey, Elizabeth Ising, Ronald Mueller, Ekaterina Napalkova, and Lori Zyskowski.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these issues. To learn more about these developments, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Executive Compensation and Employee Benefits or Securities Regulation and Corporate Governance practice groups:

Executive Compensation and Employee Benefits:
Sean C. Feller – Los Angeles (+1 310.551.8746, [email protected])
Krista Hanvey – Dallas (+ 214.698.3425, [email protected])
Kate Napalkova – New York (+1 212.351.4048, [email protected])

Securities Regulation and Corporate Governance:
Elizabeth Ising – Washington, D.C. (+1 202.955.8287, [email protected])
James J. Moloney – Orange County (+1 949.451.4343, [email protected])
Ronald O. Mueller – Washington, D.C. (+1 202.955.8671, [email protected])
Lori Zyskowski – New York (+1 212.351.2309, [email protected])

I. Introduction

For fiscal years beginning on or after April 1, 2023, domestic public companies are required to disclose whether they have adopted insider trading policies and procedures governing the purchase, sale, and/or other dispositions of their securities by their directors, officers and employees, or the companies themselves, and if so to file those policies and procedures as an exhibit to their annual reports on Form 10-K.[1] While calendar year companies must comply with these requirements in their Form 10-K for, or proxy statement following, the fiscal year ending December 31, 2024, 49 S&P 500 companies had addressed these requirements in filings as of June 30, 2024.[2]

As discussed in the summary of our preliminary observations below, while specific provisions vary from company to company, certain common approaches are emerging with respect to key policy terms. That said, company policies and procedures can vary based on a company’s particular circumstances, some companies may have interpretive materials that were not filed but elaborate on the operation of their policies and procedures, and some companies are updating their policies and procedures in light of the new filing requirements. As a result, we caution companies against treating these early observations as “best practices.” Your Gibson Dunn contacts are available to discuss the specifics of your policy and answer any questions you may have.

II. Persons Subject to the Insider Trading Policies

Nearly all policies we reviewed (96%) cover all company personnel (i.e., directors, officers and all employees of companies and their subsidiaries and, in some cases, certain affiliates) and their family members. Additionally, a significant majority of the policies (82%) expressly state that they apply to legal entities such as trusts whose securities transactions are controlled or influenced by company personnel and, in some cases, their family members. A majority of the policies (63%) also apply insider trading restrictions to contractors and/or consultants.[3]

III. Transactions in Company Securities Subject to the Insider Trading Policies

All of the policies specify types of transactions that are subject to, or are exempt from, the policy terms. Aside from open market sales or purchases, which are addressed in all of the policies, the most commonly addressed transactions include the following:

A significant majority of the policies (86%) provide some level of restriction on gifts, addressing to one degree or another the SEC’s position that gifts can constitute a form of insider trading.[4] A majority (61%) specifically address gifts as being subject to the policy for all covered persons (i.e., prohibiting gifts when an individual subject to the policy is in possession of material nonpublic information (“MNPI”) and/or applying window periods and/or pre-clearance restrictions to gifts),[5] although a handful of companies (8%) restrict gifts only if the donor has reason to believe the donee will sell while the donor has MNPI. Of the policies that do not apply gift restrictions to all employees, a majority restrict gifts only for certain covered persons that are subject to additional restrictions, such as blackout periods and/or pre-clearance procedures.
Option Exercises. A majority of the policies (69%) exempt exercises of options when there is no associated sale on the market; however, exercises of options where there is a sale of some or a portion of shares delivered upon exercise (e.g., cashless broker exercise) are typically treated like any other sale. Of this group, approximately a quarter of the policies specifically provide that withholding of shares for tax withholding purposes is exempt, and a smaller minority of policies provide that withholding of shares for tax withholding purposes and/or the payment of exercise price is exempt.
Vesting and Settlementof Other Equity Awards. A majority of the policies (59%) exempt vesting and settlement of equity awards, such as RSUs and restricted stock, and 51% of the policies specifically provide that withholding of shares for tax purposes (i.e., net share settlement) is exempt.

IV. Transactions in Other Company Securities

Nearly all policies (96%) specifically include some form of restriction on trading in the securities of another company when the person is aware of MNPI about that company or its securities. A significant majority of the policies (82%) prohibit trading in the securities of another company when the person is aware of MNPI about such company that was learned in the course of or as a result of the covered person’s employment or relationship with the company. The rest apply the prohibition more broadly to trading in the securities of another company while aware of MNPI about that company, without specifically addressing how the information was learned. Of the 82%, a minority tailor the prohibition to apply only to trading in the securities of another company that has some sort of a business relationship with the company (e.g., customers, vendors, or suppliers) or that is engaged in a potential business transaction with the company, and a smaller subset of these policies also include a specific reference to “competitors” in this prohibition.

V. Blackout Periods and Preclearance Procedures

Persons subject to quarterly blackout periods. A significant majority of the policies (88%) subject directors, executive officers and a designated subset of employees to regular quarterly blackout periods, with a few policies applying two different blackout periods to different groups of employees. Although the groups of persons (other than directors and executive officers) who are subject to quarterly blackout periods tend to be company-specific, most of the policies identify the “restricted persons” to include employees by title (e.g., all Vice Presidents or higher) and/or by department or role (e.g., all officers in accounting, financial planning and analysis, investor relations, legal and finance departments, etc.) as well as other employees who have been identified as having access to systems that have MNPI. Some policies take a less specific approach and identify restricted persons as those who are designated as such by the officer administering the insider trading policy. A minority of the policies (6%) subject all covered persons under the policy to quarterly blackout periods.
Start and end of quarterly blackout periods. The start date of the quarterly blackout periods ranges from quarter end to four weeks or more prior to quarter end. Under almost half of the policies (45%), the quarterly blackout periods start approximately two weeks prior to quarter end, 14% start the blackout periods three to four weeks prior to quarter end, and 18% start four weeks or more prior to quarter end. A significant majority of the policies (76%) end the quarterly blackout periods one to two full trading days after the release of earnings, with more policies ending after one trading day (51%) than two trading days (24%).[6] Additionally, nearly all policies specifically state that from time to time the company may implement additional special blackout periods.
Preclearance procedures. Nearly all policies require that certain covered persons must preclear their transactions with the appropriate officer administering the insider trading policy prior to execution. There is, however, variation in the persons subject to preclearance procedures—for 65% of the policies, the preclearance persons are a subset of the persons subject to blackout periods, while for a minority of the policies (29%), they are the same as the persons subject to the blackout periods. Of the 65% of the policies, a minority (38%) require preclearance only from the company’s directors and executive officers.[7] Regardless of scope, nearly all of the policies provide that directors and executive officers are subject to preclearance procedures.

VI. Special Prohibitions Under the Insider Trading Policies

All of the policies prohibit or otherwise restrict certain types of transactions regardless of whether they involve actual insider trading, in some cases stating that such transactions present a heightened risk of securities law violations or the potential appearance of improper or inappropriate conduct. The most common prohibitions addressed: hedging transactions (96%);[8] speculative transactions (96%); pledging securities as collateral for a loan (90%); and trading on margin or holding securities in margin accounts (82%). Although a significant majority of the policies apply the prohibition on hedging and speculative transactions to all persons subject to the policy, prohibitions on pledging and/or margin trading/accounts are sometimes limited to sub-categories of persons subject to the insider trading policies (39% and 27%, respectively): for instance, some policies apply the prohibition only to directors and executive officers or persons subject to quarterly blackout periods and/or preclearance procedures.[9]

A significant majority of the policies do not specifically address standing or limit orders or short-term trading, but of the ones that do, a significant majority take the approach of discouraging such transactions rather than strictly prohibiting them. Even where standing or limit orders are not strictly prohibited, some policies require that such orders be cancelled if the person becomes aware of MNPI (or prior to the start of a blackout period, if applicable). A few policies prohibit standing or limit orders if they go beyond a specified duration.

VII. Rule 10b5-1 Plans

All of the policies address the availability of Rule 10b5-1 plans. A significant majority of the policies (86%) do not set forth restrictions on who can enter into a Rule 10b5-1 plan so long as approval and other requirements are met, but a minority of the policies (12%) limit the use of 10b5-1 plans to directors and designated officers. A small minority of the policies (6%) require directors and designated officers to trade only pursuant to Rule 10b5-1 plans.

All of the policies require that Rule 10b5-1 plans be approved prior to adoption, but the policies tend to vary in approach when describing the guidelines for entering into Rule 10b5-1 plans (or modifying or terminating them). A significant majority (71%) of the policies describe the specified conditions under the SEC rules for a plan to qualify as a Rule 10b5-1 plan, although some do so in a more streamlined manner than others. Of these policies, a majority include Rule 10b5-1 plan requirements within the body of the policy, although a minority do so in an appendix and one company filed the plan guidelines as a separate exhibit. A minority of the policies (29%) do not describe the specified conditions under Rule 10b5-1, but provide a general statement regarding the affirmative defense from insider trading liability under the securities laws for transactions under a compliant Rule 10b5-1 plan and refer covered persons to the officer administering the policy for more information and guidelines on how to establish such a plan.

VIII. Policies Addressing Company Transactions

As noted above, Item 408(b) of Regulation S-K requires a public company to disclose whether it has adopted insider trading policies and procedures governing transactions in company securities by the company itself, and, if so, to file the policies and procedures, or if not, to explain why. Of the 23 S&P 500 companies subject to Item 408(b) that filed a Form 10-K and proxy statement prior to June 30, 2024, a significant majority (78%) did not address insider trading policies or procedures governing companies’ transactions in their own securities.[10] Of the ones that did, most included a brief sentence or two about the company’s policy of complying with applicable laws in trading in its own securities. Only one company in our surveyed group filed a company repurchase policy as a separate exhibit.

IX. Filing Practices Regarding Related Policies or Documents

A significant majority (88%) of the companies filed only a single insider trading policy and no other related policies or documents (even where they referenced other related policies in their insider trading policy).[11] In the few cases where multiple policies were filed, they appear to be supplemental guidelines/policies covering topics not generally applicable to all employees (e.g., trading windows, preclearance, 10b5-1 plans).

* * * *

We will continue to monitor public company filings of insider trading policies and procedures and expect to update our survey in early 2025 once calendar year-end companies’ Forms 10-K are on file, as we expect disclosure and filing practices to evolve as companies go through the first full year of complying with the new Item 408(b) disclosure and filing requirements.

[1]See Items 408(b) and 601(b)(19) of Regulation S-K, adopted by the SEC in connection with the Rule 10b5-1 amendments in December 2022. If a company has not adopted such policies and procedures, it is required to explain why it has not done so. Disclosure about the adoption (or not) of policies or procedures must appear in a company’s proxy statement (and must also be included in, or incorporated by reference to, Part III of a company’s Form 10-K), whereas the policies and procedures are to be filed as exhibits to the company’s Form 10-K.

[2] This group of 49 S&P 500 companies includes 23 companies that made Item 408(b) disclosures and 26 companies that were not subject to the disclosure requirements but voluntarily filed their insider trading policies and procedures with a Form 10-K filed prior to June 30, 2024.

[3] A minority of policies also include other service providers specific to their businesses.

[4] See Final Rule: Insider Trading Arrangements and Related Disclosures, Release No. 33-11138 (Dec. 14, 2022). In its adopting release, the SEC stated its view that the terms “trade” and “sale” in Rule 10b5-1 include bona fide gifts of securities and that gifts can be subject to Section 10(b) liability, since the Securities Exchange Act of 1934 does not require that a “sale” be for value and instead provides that the terms “sale” or “sell” each include “any contract to sell or otherwise dispose of.”

[5] A small minority of these policies also provide certain exceptions for gifts, including gifts to family members and/or controlled entities that are already subject to the policy, or exceptions on a case by case basis.

[6] Some policies use business days instead of trading days, but many policies do not define either term. We treated them as the same for purposes of our data analysis.

[7] The remaining 6% includes two policies that do not address preclearance procedures and one policy which is unclear.

[8] Item 407(i) of Regulation S-K requires companies to disclose practices or policies they have adopted regarding the ability of employees (including officers) or directors to engage in certain hedging transactions.

[9] A few policies allow for exceptions, subject to preclearance.

[10] For the purposes of this survey, we limited our review to Exhibit 19 filings and did not review the companies’ disclosures in the body of the proxy statement or Form 10-K addressing Item 408(b)(1) of Regulation S-K.

[11] Under Regulation S-K Item 408(b)(2), if all of a company’s insider trading policies and procedures are included in its code of ethics that is filed as an exhibit to the company’s Form 10-K, that satisfies the exhibit requirement. However, many companies do not file their code of ethics and instead rely on one of the alternative means of making the code available allowed under S-K Item 406(c)(2) and (3).

The following Gibson Dunn lawyers assisted in preparing this update: Aaron K. Briggs, Thomas Kim, Brian Lane, Julia Lapitskaya, James Moloney, Ronald Mueller, Michael Titera, Lori Zyskowski, and Stella Kwak.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these developments. To learn more, please contact the Gibson Dunn lawyer with whom you usually work, or any leader or member of the firm’s Capital Markets or Securities Regulation and Corporate Governance practice groups:

This guidance reflects the increasing willingness of Hong Kong financial regulators to regulate the use of artificial intelligence.

In recent weeks, the Hong Kong Monetary Authority (“HKMA”) has been active in releasing guidance to authorized institutions (“AIs”) regarding their use of artificial intelligence in both customer-facing applications as well as in relating to detection of money laundering and terrorist financing (“ML/TF”). This guidance reflects the increasing willingness of Hong Kong financial regulators to regulate the use of artificial intelligence. We consider that this is reflective of the significant interest of financial institutions in Hong Kong in exploring the use of generative artificial intelligence (“GenAI”) in particular, with 39% of AIs surveyed by the HKMA earlier this year reporting that they either have already adopted GenAI in the provision of general banking products and services as well as daily operations, or that they plan to do so. Given this, we expect other Hong Kong regulators to issue guidance in this space in the coming months.

This client briefing covers:

The guiding principles issued by the HKMA on August 19, 2024 (“GenAI”) in customer-facing applications (“GenAI Guidelines”).[1] The GenAI Guidelines build on a previous HKMA circular “Consumer Protection in respect of Use of Big Data Analytics and Artificial Intelligence by Authorized Institutions” dated November 5, 2019 (“2019 BDAI Guiding Principles”) and provide specific guidelines to AIs on the use of GenAI;[2] and
The circular issued by the HKMA on September 9, 2024 requiring AIs with significant operations in Hong Kong to (a) undertake a study to consider the feasibility of using artificial intelligence in tackling ML/TF, and to (b) submit the feasibility study and an implementation plan to the HKMA by the end of March 2025 (“ML/TF Circular).[3]

I. Background to GenAI Regulation by the HKMA

GenAI is a form of big data analytics and artificial intelligence (“BDAI”) that enables generation of new content such as text, image, audio, video, code or other media, based on vast amounts of data. GenAI’s ability to generate new and original content sets it apart from other forms of traditional artificial intelligence, which is focused on analyzing information and automating processes. While its content-generating ability gives GenAI tremendous potential to streamline business processes and improve efficiency, this ability also creates risks such as hallucination risk (i.e. where a GenAI model generates incorrect or misleading results due to insufficient training data, incorrect assumptions or biases made by the model).

This content-generating ability, combined with the growing interest in GenAI adoption within the banking sector, has prompted the HKMA to issue the GenAI Guidelines. According to a recent survey on the use of BDAI (including GenAI) by AIs conducted by the HKMA, 39% of surveyed AIs reported adopting or planning to adopt GenAI in the provision of general banking products and services, as well as daily operations. While the majority of the current reported use cases in GenAI are in relation to internal business functions, such as summarisation and translation, coding and internal chatbots, the HKMA has stated that it considers that:

the content-generating capability of GenAI lends itself to increased uptake and deployment in relation to customer-facing activities; and
the prospective increase in the use of GenAI in customer-facing activities raises consumer protection concerns due to risks such as lack of explanability and hallucination risks, which in the HKMA’s words ‘could cause even more significant impact on customers’ than the use of less complex BDAI.

Given this, while the HKMA expects all AIs to continue to apply the 2019 BDAI Guiding Principles, the HKMA also expects all AIs to adhere to the additional principles in the GenAI Guidelines in order to ensure appropriate safeguards are in place when GenAI is adopted for customer-facing applications.

II. Summary of the HKMA’s GenAI Guidelines

Using the 2019 BDAI Guiding Principles as a foundation, the GenAI Guidelines adopts the same core principles of governance and accountability, fairness, transparency and disclosure, and data privacy and protection, but introduces additional requirements to address the specific challenges presented by GenAI.

Core Principles	Requirements under GenAI Guidelines
Governance and Accountability	The board and senior management of AIs should remain accountable for all GenAI-driven decisions and processes, and should thoroughly consider the potential impact of GenAI applications on customers through an appropriate committee which sits within the AI’s governance framework.The board and senior management should ensure the following: Clearly defined scope of customer-facing GenAI applications to avoid GenAI usage in unintended areas; Proper policies and procedures and related control measures for responsible GenAI use in customer-facing applications; and Proper validation of GenAI models, including a “human-in-the-loop” approach in early stages, i.e. having a human retain control in the decision-making process, to ensure the model-generated outputs are accurate and not misleading.
Fairness	AIs are responsible for ensuring that GenAI models produce objective, consistent, ethical, and fair outcomes for customers. This includes: That model generated outputs do not lead to unfair outcomes for customers. As part of this, AIs are expected to give consideration to different approaches that may be deployed in GenAI models, such as (a) anonymizing certain data categories; (b) using comprehensive and fair datasets; and (c) making adjustments to remove bias during validation and review; and During the early deployment stage, provide customers with an option to opt out of GenAI use and request human intervention on GenAI-generated decisions as far as practicable. If an “opt-out” option is unavailable, AIs should provide channels for customers to request review of GenAI-generated decisions.
Transparency and Disclosure	AIs should: Provide appropriate transparency to customers regarding GenAI applications; Disclose the use of GenAI to customers; and Communicate the use, purpose, and limitations of GenAI models to enhance customer understanding.
Data Privacy and Protection	AIs should: Implement effective protection measures for customer data; and Where personal data are collected and processed by GenAI applications, comply with the Personal Data (Privacy) Ordinance, including the relevant recommendations and good practices issued by the Office of the Privacy Commissioner for Personal Data, such as the “Guidance on the Ethical Development and Use of Artificial Intelligence” issued on August 18, 2021,[4] and the “Artificial Intelligence: Model Personal Data Protection Framework” issued on June 11, 2024.[5]

Notably, the HKMA has also expressed support for proactive use of BDAI and GenAI in enhancing consumer protection in the banking sector. Examples of suggested use cases include identification of customers who are vulnerable and require more protection and education; identification of customers who may need more information or clarifications to better understand product features, risks, and terms and conditions in the disclosure; or issuance of fraud alerts to customers engaging in transactions with potentially higher risks.

III. Summary of the HKMA Circular

Consistent with the HKMA’s recognition of the potential use of GenAI in consumer protection in the GenAI Guidelines, the HKMA Circular also indicates that the HKMA recognizes the considerable benefits that may come from the deployment of artificial intelligence in monitoring ML/TF. In particular, the HKMA Circular notes that the use of artificial intelligence powered systems ‘take into account a broad range of contextual information focusing not only on individual transactions, but also the active risk profile and past transaction patterns of customers…These systems have proved to be more effective and efficient than conventional rules-based transaction monitoring systems commonly used by AIs.’[6]

Given this, the HKMA has indicated that AIs with significant operations in Hong Kong should:

give due consideration to adopting artificial intelligence in their ML/TF monitoring systems to enable them to stay effective and efficient;
undertake a feasibility study in relation to the adoption of artificial intelligence in their ML/TF monitoring systems and, based on the outcome of that review, should formulate an implementation plan.

The feasibility study and implementation plan should be signed off at the board level and submitted to the HKMA by the end of March 2025.[7]

The HKMA has also indicated that it intends to support the use of artificial intelligence by AIs in this space through the establishment of a dedicated team to provide feedback and guidance to assist AIs, as well as through organisation of an experience sharing forum in November 2024 to allow firms to share regarding their use of artificial intelligence in relation to ML/TF monitoring.

IV. Conclusion

The issue of the GenAI Guidelines and HKMA Circular by the HKMA reflect the HKMA’s awareness of both the considerable potential of GenAI as well as the prospective risks associated with its deployment. Given the HKMA’s interest in this space, we recommend that AIs review and update their policies and procedures in relation to the use of GenAI to ensure compliance with the GenAI Guidelines. As part of this, AIs should ensure that the use of GenAI in customer-facing activities are thoroughly considered at a board and senior management and governance committee level.

Further, it is important more generally that AIs develop the necessary expertise in understanding the artificial intelligence model that is being adopted. This will not only assist senior management in its decision making process with respect to their deployment of artificial intelligence, but will also aid in the development of appropriate internal systems and controls with respect to the use of artificial intelligence. For instance, AIs can consider implementing staff training on the features and risks of artificial intelligence, to ensure that issues caused by artificial intelligence models are adequately escalated and addressed.

[1] “Consumer Protection in respect of Use of Generative Artificial Intelligence”, published by the HKMA on August 19, 2024, available at: https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2024/20240819e1.pdf

[2] “Consumer Protection in respect of Use of Big Data Analytics and Artificial Intelligence by Authorized Institutions”, published by the HKMA on November 5, 2019, available at: https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2019/20191105e1.pdf

[3] “Use of Artificial Intelligence for Monitoring of Suspicious Activities”, published by the HKMA on September 9, 2024, available at https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2024/20240909e1.pdf

[4] “Guidance on the Ethical Development and Use of Artificial Intelligence”, published by the Office of the Privacy Commissioner for Personal Data on August 18, 2021, available at: https://www.pcpd.org.hk/english/resources_centre/publications/files/guidance_ethical_e.pdf

[5] “Artificial Intelligence: Model Personal Data Protection Framework”, published by the Office of the Privacy Commissioner for Personal Data on June 11, 2024, available at https://www.pcpd.org.hk/english/resources_centre/publications/files/ai_protection_framework.pdf

[6] “Use of Artificial Intelligence for Monitoring of Suspicious Activities”, published by the Hong Kong Monetary Authority on September 9, 2024, available at https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2024/20240909e1.pdf

[7] Ibid. The HKMA will communicate with AIs on an individual basis regarding the exact timing for the feasibility study and implementation plan and the format in which they should be provided, and will consider further engagement and follow up in due course. Reference should also be made to:

(a) “Report on AML/CFT Regtech: Case Studies and Insights Volume 1” published on 21 January 2021, available at https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2021/20210121e1a1.pdf;

(b) “Report on AML/CFT Regtech: Case Studies and Insights Volume 2” published on 25 September 2023, available at https://www.hkma.gov.hk/media/eng/doc/key-functions/banking-stability/aml-cft/AMLCFT_Regtech-Case_Studies_and_Insights_Volume_2.pdf ; and

(c) “Thematic Review of Transaction Monitoring Systems and Use of Artificial Intelligence” published on 17 April 2024, which sets out insights for design, implementation and optimisation of transaction monitoring systems, available at https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2024/20240417e1a1.pdf.

The following Gibson Dunn lawyers prepared this update: William Hallatt, Emily Rumble, and Jane Lu.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact any member of Gibson Dunn’s Financial Regulatory team, including the following members in Hong Kong:

William R. Hallatt (+852 2214 3836, [email protected])
Emily Rumble (+852 2214 3839, [email protected])
Arnold Pun (+852 2214 3838, [email protected])
Becky Chung (+852 2214 3837, [email protected])
Jane Lu (+852 2214 3735, [email protected])

Michael Holecek, DJ Manthripragada, and Madeleine McKenna discuss the latest developments in arbitration agreements and mass arbitration. They discuss recent trends in mass arbitration filings and defenses, recent mass arbitration court cases, changes in arbitration provider rules and fee schedules, and approaches to drafting mass arbitration provisions.

PANELISTS:

Michael Holecek is a litigation partner in the Los Angeles office of Gibson, Dunn & Crutcher, where his practice focuses on complex commercial litigation, class actions, and labor and employment law—both in the trial court and on appeal. Michael has first-chair trial experience and has successfully tried to verdict both jury and bench trials, he has served as lead arbitration counsel, and he has presented oral argument in numerous appeals. Michael represents clients in worker classification disputes – including independent contractor misclassification litigation, misclassification lawsuits involving the FLSA and state law, lawsuits under California’s Private Attorneys General Act (“PAGA”), class action employment lawsuits, and lawsuits against staffing agencies and gig economy platforms. He also has considerable experience with drafting arbitration agreements and arbitration clauses, mass arbitration, disputes over arbitration fees, and enforcing arbitration agreements. He has successfully litigated dozens of motions to compel arbitration and class action waivers in California, New York, Florida, Illinois, and other states. In 2023, Michael presented to the ABA National Class Actions Conference on arbitration agreements, class action waivers, and mass arbitration. Michael was recognized in The Best Lawyers in America® 2022 Ones to Watch in Mass Tort Litigation / Class Action.

Dhananjay (DJ) Manthripragada is a partner in the Los Angeles and Washington, D.C. offices of Gibson, Dunn & Crutcher. He is Chair of the firm’s Government Contracts practice group, and also a member of the Litigation, Class Actions, Labor & Employment, and Aerospace and Related Technologies practice groups. DJ has a broad complex litigation practice, and has served as lead counsel in precedent setting litigation before several United States Courts of Appeals, District Courts and state courts in jurisdictions across the country, the Court of Federal Claims, and the Federal Government Boards of Contract Appeals. He has first-chair trial experience and has successfully tried to verdict both jury and bench trials, and has served as lead counsel in arbitration and other alternative dispute resolution forums. His practice spans a wide range of industries, and he has represented some of the world’s leading aerospace and defense, finance, logistics/transportation, high-technology, and pharmaceutical companies in their most significant matters. DJ is also highly regarded as a trusted advisor to clients regarding significant compliance/enforcement, contract, dispute resolution, and employment issues. He was recognized in The Best Lawyers in America® Ones to Watch in Commercial Litigation in 2021 and 2022.

Madeleine McKenna is a litigation associate in Gibson, Dunn & Crutcher’s Los Angeles office. She practices in the firm’s Insurance, Class Actions, Labor and Employment, and Appellate and Constitutional Law Practice Groups, with a focus on complex civil litigation in the trial courts and on appeal. Madeleine has represented clients in a variety of high-stakes, complex litigation matters in state and federal courts, with a particular focus on class and representative actions involving employment and consumer protection claims. She has also litigated a wide variety of appellate matters. Prior to joining Gibson Dunn, she clerked for the Honorable Richard C. Tallman of the U.S. Court of Appeals for the Ninth Circuit.

MCLE CREDIT INFORMATION:

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour.

Gibson, Dunn & Crutcher LLP is authorized by the Solicitors Regulation Authority to provide in-house CPD training. This program is approved for CPD credit in the amount of 1.0 hour. Regulated by the Solicitors Regulation Authority (Number 324652).

Neither the Connecticut Judicial Branch nor the Commission on Minimum Continuing Legal Education approve or accredit CLE providers or activities. It is the opinion of this provider that this activity qualifies for up to 1 hour toward your annual CLE requirement in Connecticut, including 0 hour(s) of ethics/professionalism.

Application for approval is pending with the Colorado, Illinois, Texas, Virginia, and Washington State Bars.

Data center developers, investors, AI companies, and energy companies all stand to benefit from the Administration’s support for AI data center development.

With four months left in his administration, President Biden is making a play for the future with a concerted focus on developing infrastructure to support artificial intelligence (AI). A limiting factor in the advancement of AI is the need to build data centers and their associated energy infrastructure to process the extraordinary quantities of information involved in AI computations and development of large language models. Over the past weeks, the Administration has taken several significant steps to promote the development of AI data centers. Data center developers, investors, AI companies, and energy companies all stand to benefit from the Administration’s support for AI data center development.

Several months ago, Gibson Dunn formed an interdisciplinary task force of partners specializing in energy, infrastructure, real estate, digital and AI, environment, litigation, national security, and public policy to provide integrated advice to clients who are actively pursuing opportunities in the data center sector. We are closely tracking the Administration’s efforts regarding AI data centers and are available to help clients to share their insights with the Administration, as well as to take advantage of the opportunities these high-level initiatives may offer in the coming months.

I. White House Roundtable, Interagency Efforts to Promote AI Data Centers

On September 12, 2024, the Biden Administration convened AI industry leaders, utility companies, and high-level Administration officials to discuss how to ensure the United States continues to lead in AI. After the roundtable, the White House announced several new initiatives to promote AI in ways that will advance national security and protect the environment.

Most significantly, the Administration launched its Task Force on AI Datacenter Infrastructure to coordinate federal government policy across agencies. Led by the National Economic Council, National Security Council, and the White House Deputy Chief of Staff’s office, the Task Force involves the highest levels of the Biden Administration, indicating the importance the Administration is placing on this initiative. The Task Force will work with private sector leaders to identify growth opportunities, as well as with agencies to prioritize AI data center projects.

The Administration also announced that it is tasking the Federal Permitting Improvement Steering Council to work with AI data center developers and federal agencies to set comprehensive timelines for project development, provide technical assistance to the permitting agencies, and distribute funding to agencies to expedite the permitting process for data centers. The U.S. Army Corps of Engineers also will be identifying nationwide permits to expedite the construction of AI data centers. AI data centers require substantial amounts of land, water, and energy—all resources protected or regulated by federal, state, and local permitting regimes. This focus on easing the permitting process for data center developers may give investors some comfort about the shorter-term return on their investments and potentially serve as a model for broader infrastructure permitting reform.

II. Department of Energy Developments

Given AI data centers’ need for significant amounts of energy, combined with the Administration’s clean-energy goals, it is no surprise that the Department of Energy (DOE) is taking the lead on several significant projects to support AI data centers. Of interest to clients, the DOE is planning a series of convenings with industry stakeholders to discuss the challenges associated with data centers’ energy needs.

Moreover, multiple offices within the DOE are working to provide solutions to stakeholders. In August, the DOE Office of Policy developed a list of resources to help data center developers, owners and operators, and interconnection stakeholders take advantage of tax credits, financing programs, and technical assistance.

In July, the DOE Secretary of Energy Advisory Board convened a Working Group on Powering AI and Data Center Infrastructure and presented its recommendations to Jennifer Granholm, the Secretary of Energy.

The Working Group’s report encouraged the DOE to adopt several key immediate and longer-term impact recommendations for supporting AI-driven data center power demand while limiting harm to existing customers and greenhouse gas emissions. The Working Group’s three immediate impact recommendations to the DOE encouraged the DOE to:

explore flexible siting and geographic distribution of AI large language model data centers in an effort to reduce highly concentrated loads;
foster dialogue between energy utilities, data center developers and operators, and other key stakeholders to manage current electricity supply bottlenecks and encourage real-time data sharing; and
rapidly assess reliability, cost, performance, and supply chain issues facing generation, storage, and grid technologies to support data center expansion.

As longer term recommendations, the Working Group encouraged the DOE to:

establish an AI testbed within the DOE to allow researchers to develop and assess algorithms for energy-efficient AI training, and advance the United States’ AI capabilities;
work with other government agencies and the private sector to develop a standardized and adaptable framework for orchestrating grid services; and
accelerate and de-risk private investment in emerging technologies, particularly nuclear, geothermal, long-duration storage, and carbon capture and sequestration.

The DOE’s focus on providing data center solutions will continue as it works in conjunction with other government agencies and the private sector to drive development, provide incentives, and discover efficiencies with respect to AI-driven data center power demands.

III. Department of Commerce Developments

Along with the DOE, the Department of Commerce will play a significant role in the Administration’s efforts to promote data center development. The National Telecommunications and Information Administration (NTIA), a component of the Department of Commerce, has invited comments on data center security and supporting data center growth in the United States. The NTIA is tasked with advising the President on issues related to the internet economy, including internet infrastructure, cybersecurity, and online privacy. Much of its work focuses on expanding broadband access and adoption, particularly in rural parts of the country, and the NTIA administers grant funding programs to support expansion of broadband infrastructure.

The NTIA will use the comments to inform its work on a comprehensive report for the executive branch offering policy recommendations about how the federal government can promote data center development. The NTIA is coordinating its efforts with the DOE. The Administration seeks comments on a variety of data center development topics including AI data center usage, barriers to data center competition, supply chain vulnerabilities, risk management practices, staffing shortages, and power supply challenges.

Offering comments to the NTIA will allow interested parties to shape the recommendations made within the executive branch on the best path toward maximizing data center infrastructure. The NTIA’s advisory role and its coordination with the DOE on this report will allow commenters to reach multiple interested executive agencies through this comment process. Comments are due November 4.

Given the economic, strategic, and national security implications of the AI race, these efforts are likely just the start of a federal government campaign to support AI data centers, regardless of outcome of the November elections. In light of the Administration’s keen interest in collaborating with the private sector on AI data center development, industry participants who want to shape the future of AI and data center policy should take this opportunity to make their voices heard.

Gibson Dunn’s Data Center Task Force attorneys are available to assist clients by offering strategic advice; drafting comment letters to agencies; arranging and preparing for high-level executive branch and congressional meetings; and helping clients take advantage of potential opportunities emerging from the rapidly changing regulatory environment.

The following Gibson Dunn lawyers prepared this update: F. Joseph Warin, Eric Feuerstein, Stephenie Gosnell Handler, William R. Hollaway, Ph.D., Michael D. Bopp, Tory Lauterbach, Amanda Neely, David Casazza, and Simon Moskovitz.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. For additional information about how we may assist you, please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Artificial Intelligence, Energy Regulation & Litigation, National Security, Public Policy, Real Estate, or White Collar Defense & Investigations practice groups, or the following authors:

Vivek Mohan – Co-Chair, Artificial Intelligence Practice Group, Palo Alto (+1 650.849.5345, [email protected])

William R. Hollaway, Ph.D. – Chair, Energy Regulation & Litigation Practice Group, Washington, D.C. (+1 202.955.8592, [email protected])

Tory Lauterbach – Partner, Energy Regulation & Litigation Practice Group, Washington, D.C. (+1 202.955.8519, [email protected])

Stephenie Gosnell Handler – Partner, National Security Practice Group, Washington, D.C. (+1 202.955.8510, [email protected])

Michael D. Bopp – Co-Chair, Public Policy Practice Group, Washington, D.C. (+1 202.955.8256, [email protected])

Eric M. Feuerstein – Co-Chair, Real Estate Practice Group, New York (+1 212.351.2323, [email protected])

F. Joseph Warin – Co-Chair, White Collar Defense & Investigations Practice Group, Washington, D.C. (+1 202.887.3609, [email protected])

Amanda H. Neely – Of Counsel, Public Policy Practice Group, Washington, D.C. (+1 202.777.9566, [email protected])

With this final rule, BIS seeks to tip the scales in favor of more frequent disclosures and introduces new factors to consider when assessing engagement with U.S. regulators.

In a final rule effective September 16, 2024, the Department of Commerce’s Bureau of Industry and Security (“BIS”) updated its process for handling voluntary self-disclosures from industry and expanded its discretion to impose higher monetary penalties for violations of export control laws. Whether to submit a voluntary self-disclosure remains a fact-dependent decision and requires careful weighing of factual, legal, practical and policy considerations.

Background

Corporate violations of U.S. sanctions, export control laws, and foreign direct investment determinations are a key enforcement priority for BIS, the Department of Justice, the Department of the Treasury, and the Committee on Foreign Investment in the United States (“CFIUS”), with each taking an increasingly aggressive enforcement posture through new guidance, compliance expectations, and record-setting penalties in recent years.

On September 12, 2024, BIS announced the publication of a final rule updating its policies regarding voluntary self-disclosures (“VSD”) and the BIS Penalty Guidelines, found at Supplement No. 1 to Part 766 of the Export Administration Regulations (“EAR”). The rule finalizes a series of policy changes by the Office of Export Enforcement (“OEE”) that were first articulated in memoranda publicly issued by BIS beginning in 2022 and that seek to strengthen BIS’s administrative enforcement program and encourage voluntary disclosures of apparent export control violations.^[1]

As we summarized in our 2023 Year-End Sanctions and Export Control Update, these changes aim to:

streamline self-disclosure of minor or technical violations, facilitate corrective action that might otherwise be prohibited, and prioritize enforcement actions against “significant” violations by establishing a dual-track process for VSD submission and processing;
incentivize VSDs by treating failure to disclose significant apparent violations as an aggravating factor;
enhance OEE’s discretion in assessing penalties when warranted;
incentivize compliance-minded firms to report violations committed by other firms or competitors; and
coordinate enforcement efforts through the appointment of a new Chief of Corporate Enforcement position.

The final rule, outlined in greater detail below, highlights BIS’s continued commitment to streamlining the VSD program to facilitate faster resolutions of non-egregious apparent violations and at the same time highlights BIS’s desire to focus its resources on significant infractions, including by expanding its discretion to impose higher civil monetary penalties.

1. Dual-Track VSD Processing, Streamlined Submission of Minor or Technical Violations, and Corrective Action Provisions

a. Dual-Track VSD Processing

Minor or Technical Violations Track

Section 764.5 of the EAR previously set forth a single track for handling VSDs, regardless of the severity of the violation at issue. The final rule adds a new paragraph regarding disclosure of minor or technical violations, defined as any violation that does not include aggravating factors.

These revisions permit firms to disclose minor or technical violations through a “fast-track” process that will be resolved in 60 days, either through a no-action letter or a warning letter. For such apparent violations, firms may submit by email an abbreviated narrative report in lieu of more burdensome narrative and documentation requirements previously set forth in Sections 764.5. For minor or technical violations, the rule also removes the recommendation that firms conduct a five-year lookback, unless OEE suspects that aggravating factors are present. Firms may also “bundle” multiple minor or technical apparent violations into a single submission, if such apparent violations occurred within the prior quarter.

OEE offered several examples of “minor or technical” violations, including immaterial Electronic Export Information filing errors and the incorrect use of one license exception where another license exception was available.

“Significant” Violations Track

For VSDs that concern a “significant violation,” firms should follow the prior procedures, including submission of a full narrative report.

The rule notes that parties unsure whether a disclosure involves a minor or technical violation or a significant violation are advised to follow the procedures for disclosing a significant violation.

Following disclosure of a “significant” apparent violation, OEE will conduct an investigation and may, depending on the facts and circumstances of the case, issue a warning letter or initiate an administrative enforcement proceeding. OEE may also refer the matter to DOJ for criminal prosecution.

b. Treatment of Unlawfully Exported Items

The final rule revises the EAR with regards to the treatment of unlawfully exported items. Consistent with a 2024 policy memorandum, the final rule clarifies that OEE authorizes any person, not just a party submitting a VSD, to request permission to engage in corrective activities otherwise prohibited by Section 764.2(e) (often referred to as a “General Prohibition 10 Waiver”). The rule also authorizes firms to seek the return of any unlawfully exported item to the United States following notification to OEE and removes the need for firms to receive authorization from OEE for such return-related activities. Further, items that have been returned to the United States do not require additional authorization from OEE, provided that those future activities comply with any applicable EAR requirements. This change is likely due in part to the increase in General Prohibition 10 Waiver requests related to items exported, reexported, or transferred (in-country) to Russia and Belarus (including aircraft) following the imposition of strict export controls on these destinations.

Any re-export from abroad or transfer outside of the United States of an item that has been the subject of a self-disclosure would require a license from BIS.

2. Nondisclosure as Aggravating Factor

Assistant Secretary Axelrod previously explained in a January 2024 speech at NYU Law School, “when someone affirmatively chooses not to file a VSD, [BIS] want[s] them to know that they risk incurring concrete costs.”

Consistent with that statement and previous policy memoranda, the final rule confirms that BIS will consider a deliberate decision by a firm not to disclose a significant apparent violation to be an aggravating factor when determining what administrative penalty, if any, should be applied.

A “deliberate decision” occurs when a firm uncovers a significant apparent violation but then chooses not to file a VSD.

The rule adds a new Aggravating Factor D to the BIS Penalty Guidelines for “[f]ailure to disclose a significant violation.”

3. Penalty Guidelines and Increased Discretion

The final rule enhances OEE’s discretion in calculating potential penalties for apparent violations in several significant ways.

First, the rule removes the base penalty caps for non-egregious cases and instead links penalties to transaction value and other circumstances.

As a result, for non-egregious VSD cases, the base penalty amount is no longer capped at a maximum of $125,000, but is instead capped at one-half of the transaction value. For a non-egregious case that is not initiated by a VSD, the base penalty amount is no longer capped at $250,000, but is instead capped at the full transaction value. The rule describes this change as permitting OEE to “impose penalties with sufficient deterrent effect in situations where transaction values are high.”

For egregious VSD cases, the base penalty amount is capped at one-half of the statutory maximum—which is $364,992 or twice the full transaction value, whichever is greater. For an egregious case that is not initiated by a VSD, the base penalty amount is capped at the statutory maximum.

Second, the rule permits BIS to issue non-monetary resolutions for non-egregious conduct that has not resulted in serious national security harm yet nonetheless merits stronger response than a no-action or warning letter. The final rule indicates that such resolutions are likely to “require remediation through the imposition of a suspended denial order with certain conditions, such as training and compliance requirements.”

Third, the final rule removes from the Penalty Guidelines all specific percentage ranges for potential penalty reduction based on mitigating factors. As the rule explains, “[t]he inclusion of specific percentage ranges for some mitigating factors and not for other factors led parties to incorrect assumptions about the range of reduction to which they were entitled.” With the revisions, “OEE is making clear that the civil monetary penalty will be adjusted (up or down) to reflect the applicable factors for administrative action set forth in the BIS Penalty Guidelines.”

Fourth, the final rule amends Aggravating Factor C, “Harm to Regulatory Program Objectives,” to include transactions that enable human rights abuses as a specific consideration when assessing the potential impact of an apparent violation on U.S. foreign policy objectives.

Fifth, the final rule amends General Factor E (previously D), for “Individual Characteristics,” by expanding the scope of past corporate criminal resolutions that OEE may consider when calibrating an enforcement response. Previously, this factor only mentioned prior conviction of an export-related criminal violation. As revised, it includes not only where a respondent has been convicted or entered a guilty plea, but also where a party has entered into any other type of resolution with the Department of Justice or other authorities, including a Deferred Prosecution Agreement or a Non-Prosecution Agreement.

4. Exceptional Cooperation for Third-Party Tips

As explained by Assistant Secretary Axelrod in his January 2024 speech, BIS seeks to ensure a “level playing field” for compliance-minded firms, recognizing that rule-following firms can suffer as firms that flout regulations book business.

The revised Penalty Guidelines now clarify that disclosure of conduct by others that leads to an enforcement action counts as “exceptional cooperation.” BIS will provide cooperation credit for such tips in “a future enforcement action, even for unrelated conduct,” if such an action is ever brought.

The decision to provide cooperation credit for tips as to suspected third-party violations is unusual and marks a significant departure from other VSD programs with uncertain implications for industry.

5. Chief of Corporate Enforcement

Mirroring action taken by the Department of Justice’s National Security Division (“NSD”) in 2023, BIS announced the appointment of Raj Parekh as the agency’s first Chief of Corporate Enforcement. An accompanying press release to the final rule indicates that Mr. Parekh will “serve as the primary interface between BIS’s special agents, the Department of Commerce’s Office of Chief Counsel for Industry and Security, and the Department of Justice,” with the aim of “advance[ing] significant corporate investigations.”

Mr. Parekh joins BIS from the U.S. Attorney’s Office for the Eastern District of Virginia, where he served as Acting U.S. Attorney. He previously worked at DOJ NSD, and the press release notes that this appointment “further reflect[s] BIS’s commitment to this effort.”

Conclusion

In his January speech, Assistant Secretary Axelrod touted the early successes of recent changes to BIS’s VSD program. Specifically, BIS received nearly 80 percent more VSDs containing potentially serious violations in FY2023 than in FY2022, even as the overall number of VSDs remained relatively constant. BIS also experienced a 33 percent uptick in third-party disclosures from industry.

The revised rule reflects BIS’s continued focus on corporate compliance with export controls and the increased centrality of economic statecraft to U.S. national security policy. It also demonstrates that BIS seeks to focus its investigative resources on infractions most likely to damage U.S. national security interests, and its willingness to impose steeper penalties to incentivize compliance. In April 2023, for instance, BIS announced the largest standalone penalty in the agency’s history—a $300 million civil penalty against affiliates of a technology company that allegedly sold hard disk drives to Huawei Technologies Co. Ltd. BIS is not alone in this prioritization, with CFIUS announcing in August 2024 that it imposed the largest penalty in its history—$60 million—for the breach of a mitigation agreement that resulted in harm to U.S. national security equities, and the Treasury’s Office of Foreign Assets Control levying two of the largest civil penalties in its history last year, including a $968 million settlement, for violations of U.S. sanctions law.

In addition, over the last two years, officials at DOJ have sounded a drumbeat of announcements indicating that criminal enforcement of U.S. export control and sanctions law is one of their highest priorities, with the Department hiring 25 new NSD prosecutors to “investigate national security-related economic crimes” and the publication of an updated NSD Enforcement Policy that “strongly encourages companies to voluntarily self-disclose directly to NSD all potentially criminal … violations of the U.S. government’s export control and sanctions regimes.”

While a decision to submit a voluntary self-disclosure will be the result of considering many factors, BIS is seeking to raise the consequences of a decision not to submit a self-disclosure where aggravating factors are present. The factors highlighted in this new rule, as well as the heightened importance of international trade controls in the United States’ response to global challenges, should remain at the forefront when considering a voluntary self-disclosure of any apparent export control violations to BIS or other regulators.

[1] See Memorandum from Bureau of Indus. & Sec., Further Strengthening Our Administrative Enforcement Program (June 30, 2022), https://www.bis.gov/sites/default/files/files/Administrative%20Enforcement%20Memo.pdf; Memorandum from Bureau of Indus. & Sec., Clarifying Our Policy Regarding Voluntary Self-Disclosures and Disclosures Concerning Others (Apr. 18, 2023), https://www.bis.gov/sites/default/files/files/VSD%20Policy%20Memo%20%2804.18.2023%29.pdf; Memorandum from Bureau of Indus. & Sec., Further Enhancements to Our Voluntary Self-Disclosure Process (Jan. 16, 2024), https://www.bis.gov/sites/default/files/files/VSD%20MEMO.pdf.

The following Gibson Dunn lawyers prepared this update: Cody Poplin, Christopher Timura, David Burns, Adam M. Smith, Stephenie Gosnell Handler, Samantha Sewall, Chris Mullen, and Audi Syarief.

Gibson Dunn lawyers are monitoring the proposed changes to U.S. export control laws closely and are available to counsel clients regarding potential or ongoing transactions and other compliance or public policy concerns.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. For additional information about how we may assist you, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or the following leaders and members of the firm’s International Trade practice group:

United States:
Ronald Kirk – Co-Chair, Dallas (+1 214.698.3295, [email protected])
Adam M. Smith – Co-Chair, Washington, D.C. (+1 202.887.3547, [email protected])
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, [email protected])
Christopher T. Timura – Washington, D.C. (+1 202.887.3690, [email protected])
David P. Burns – Washington, D.C. (+1 202.887.3786, [email protected])
Nicola T. Hanna – Los Angeles (+1 213.229.7269, [email protected])
Courtney M. Brown – Washington, D.C. (+1 202.955.8685, [email protected])
Samantha Sewall – Washington, D.C. (+1 202.887.3509, [email protected])
Michelle A. Weinbaum – Washington, D.C. (+1 202.955.8274, [email protected])
Mason Gauch – Houston (+1 346.718.6723, [email protected])
Chris R. Mullen – Washington, D.C. (+1 202.955.8250, [email protected])
Sarah L. Pongrace – New York (+1 212.351.3972, [email protected])
Anna Searcey – Washington, D.C. (+1 202.887.3655, [email protected])
Audi K. Syarief – Washington, D.C. (+1 202.955.8266, [email protected])
Scott R. Toussaint – Washington, D.C. (+1 202.887.3588, [email protected])
Claire Yi – New York (+1 212.351.2603, [email protected])
Shuo (Josh) Zhang – Washington, D.C. (+1 202.955.8270, [email protected])

Asia:
Kelly Austin – Hong Kong/Denver (+1 303.298.5980, [email protected])
David A. Wolber – Hong Kong (+852 2214 3764, [email protected])
Fang Xue – Beijing (+86 10 6502 8687, [email protected])
Qi Yue – Beijing (+86 10 6502 8534, [email protected])
Dharak Bhavsar – Hong Kong (+852 2214 3755, [email protected])
Felicia Chen – Hong Kong (+852 2214 3728, [email protected])
Arnold Pun – Hong Kong (+852 2214 3838, [email protected])

Europe:
Attila Borsos – Brussels (+32 2 554 72 10, [email protected])
Patrick Doris – London (+44 207 071 4276, [email protected])
Michelle M. Kirschner – London (+44 20 7071 4212, [email protected])
Penny Madden KC – London (+44 20 7071 4226, [email protected])
Irene Polieri – London (+44 20 7071 4199, [email protected])
Benno Schwarz – Munich (+49 89 189 33 110, [email protected])
Nikita Malevanny – Munich (+49 89 189 33 224, [email protected])
Melina Kronester – Munich (+49 89 189 33 225, [email protected])
Vanessa Ludwig – Frankfurt (+49 69 247 411 531, [email protected])

The new regulations control quantum computing, advanced semiconductor items, and additive manufacturing technologies.

On September 6, 2024, the Department of Commerce’s Bureau of Industry and Security (BIS) published new regulations to control certain advanced and emerging technologies, including quantum computing, semiconductor manufacturing equipment, Gate All-Around Field-Effect Transistor (GAAFET) technology, and additive manufacturing.[1] The regulations—which were effective when issued but published as an interim final rule (IFR)—are noteworthy because they introduce tools to both build and recognize new ad hoc agreements with like-minded nations on export controls to regulate advanced and emerging technologies, an objective that has been more and more out of reach due to the inability to achieve consensus through the broader multilateral Wassenaar Arrangement (WA) process. This IFR is a key example of BIS’s efforts to enhance international collaboration among U.S. allies and key suppliers of critical inputs for advanced and emerging technologies to implement consistent export controls. Specifically, in the regulations, BIS creates a new License Exception Implemented Export Controls (IEC) to recognize and reward countries who impose similar export controls with easier access to the technology, software, and commodities that enable the development of emerging technologies. BIS also continues a several-year experiment with modified deemed export controls. The new deemed export control framework created by the regulations will help ensure that the United States retains and continues to attract the international talent now working with U.S. universities, research institutes, and companies in advanced and emerging technologies and that BIS’s new export controls will not disrupt the work of non-U.S. collaborators with individual license requirements for foreign nationals on their teams. The regulations became effective on September 6, 2024, however, parties transferring certain quantum technologies to Wassenaar participating states are not required to comply with corresponding license requirements until November 5, 2024.

I. Major features of the Interim Final Rule

BIS’s first step toward reaching a new agreement among like-minded countries on the regulation of advanced and emerging technologies represents a departure from BIS’s typical process of achieving consensus through iterative working group and plenary meetings of the WA. The WA is a voluntary agreement among participating states (today 42 states participate) to control the export of conventional arms and certain dual-use goods to contribute to regional and international security. Although certain states such as Israel, the People’s Republic of China, and Singapore do not participate in WA, the influence of the WA control lists extends beyond the current membership of the WA because many non-participating countries opt to adopt most or all of the same control parameters and exclusions into their own national controls. The specific items that are described on the WA control lists change from year to year through the adoption of amendments to the control lists at annual plenary meetings. However, the ability of the United States and many like-minded countries to reach consensus on the adoption of new controls on several advanced and emerging technologies has been stymied in recent years by the refusal of the Russian Federation, among others, to support the imposition of new controls.

In its new regulations, BIS seeks to encourage the development of new plurilateral controls outside the WA and without the Russian Federation’s support. Since the export control reform efforts of the 2010s, the United States and many observers have described the goal of U.S. export controls as building higher fences around smaller yards. The new framework is designed to enable the United States to coordinate faster fence building in other countries’ yards where critical advances in emerging technologies are also occurring. In the IFR, BIS achieves this aim by imposing new permutations of world-wide licensing requirements on the export, reexport, and in-country transfer (collectively, “export”) of specified items and by creating a new license exception—License Exception IEC—which authorizes exports to and among countries who implement similar export control licensing requirements on these technologies.

Adds new, and revises existing Export Control Classification Numbers (ECCNs) to identify controls on emerging advanced quantum computing, semiconductor manufacturing, GAAFET technology, and additive manufacturing technologies

BIS imposes its new, worldwide licensing requirements on the targeted technologies through amendments to the Export Administration Regulations’s (EAR’s) Commerce Control List (CCL)[2] which now includes additional ECCN entries for certain commodities, software, and technology that enable the design, manufacture, and functionality of (1) quantum computers, (2) semiconductor devices and circuitry, (3) high-performance computing chips, and (4) additive manufacturing items that produce metal or metal alloy components. Examples of listed items in the interim rule include quantum computers and related electronic assemblies and components; cryogenic cooling systems and components; complimentary metal-oxide semiconductor (CMOS) integrated circuits; technology for the development or production of integrated circuits or devices, using GAAFET structures; additive manufacturing equipment, designed to produce metal or metal alloy components; and, technology related to coating systems; among others. The newly-controlled commodities, software, and technology can be found at the following ECCNs: 2B910, 2D910, 2E903, 2E910, 3A901, 3A904, 3B903, 3B904, 3C907, 3C908, 3C909, 3D901, 3D907, 3E901, 3E905, 4A906, 4D906, and 4E906. The IFR also revises the following nine ECCNs: 2E003, 3A001, 3B001, 3C001, 3D001, 3D002, 3E001, 4D001, and 4E001, which are ECCNs that have historically reflected WA controls, to include certain newly-controlled items.

BIS also amends the EAR to enable the agency to more easily identify these and other emerging technologies that it plans to make subject to non-WA-based worldwide export control licensing requirements. Specifically, these items will be assigned ECCNs with a third digit of “9” and the fourth digit as a number from 0 to 7 (i.e., 3A901).

BIS creates a new license exception and adopts new licensing policies that favor exports to like-minded and allied countries

While the new controls on emerging technologies are similar to BIS’s existing controls on other ECCNs controlled for national security and regional stability reasons, BIS will make available a more limited set of license exceptions and will apply different licensing review policies. BIS amends the EAR to create a new License Exception IEC, which authorizes the export of specific technologies to countries that have agreed to adopt the same technical parameters and restrictions in their own export control regimes. And for those countries who have not adopted similar controls, BIS will apply new license review policies that are keyed to the EAR’s country groups, reflective in part of a given state’s participation in different multilateral agreements and U.S. national security determinations and arms embargoes.[3] Thus, when a proposed export involves items controlled by one of the new or modified ECCNs to a country that has not yet implemented similar controls, BIS will apply a presumption of approval for destinations specified in Country Groups A:1 (which includes all WA countries), A:5, and A:6, a presumption of denial for destinations specified in Country Groups D:1 (countries designated for U.S. national security reasons) and D:5 (countries subject to U.S. or UN arms embargoes), and a case-by-case review policy for destinations for the remaining balance of countries.

Alongside the creation of the new License Exception IEC, BIS makes a procedural change to more immediately reward countries that adopt parallel controls. Specifically, BIS bypasses the need to publish every change related to IEC exception availability through Federal Register notices. BIS does this by developing a mechanism to more quickly identify countries that have implemented the same controls through a cross-referenced list that will be available outside of the Federal Register publication. This new License Exception IEC Eligible Items and Destinations list will be maintained by BIS, hosted by the National Archives and Records Administration, and made available by a BIS website hyperlink. By maintaining the list outside of the Federal Register, BIS will be able to more quickly expand the applicability of License Exception IEC by ECCN and by country when a given country adopts sufficient controls. Were BIS obligated to reflect each of these changes in Federal Register notices, collaborators in the United States and like-minded countries would possibly need to wait months, rather than weeks or days, after their governments reached agreement on new controls to take advantage of the new IEC authorization.

BIS uses General Orders to grandfather and authorize exports of specific advanced technologies in recognition of a limited, global talent pool

Over the past two years, BIS has grappled with the challenge of ensuring its new controls on emerging technologies do not disrupt ongoing work involving foreign nationals in the United States or dissuade talented foreign nationals from seeking employment in the United States or in other countries whose companies collaborate with U.S. companies. This disruption can occur when licensing controls are placed on the release of software and technology to non-U.S. persons. These transfers to non-U.S. persons located in the United States are referred to as “deemed exports,” because the release of controlled technology and software to foreign persons is deemed to be an export to the person’s most recent country of citizenship or legal permanent residence. Similarly, a deemed reexport occurs when software or technology is released to a foreign person of a country other than the foreign country of the entity authorized to receive the controlled technology (e.g., a Syrian national employed by a company in France). Given the scarcity of individuals with expertise in many areas of emerging technology and that many specially trained foreign nationals come from jurisdictions that often trigger export control licensing requirements such as China, BIS’s new approach to foreign national licensing is critical to ensuring that the United States does not undermine ongoing work involving emerging technologies and that U.S. companies can continue to recruit the talent they need to advance such activities.

BIS’s experiment with foreign national licensing in the context of advance technology exports started in October 2022, when BIS included an exclusion from the requirement to seek deemed export licenses for certain advanced semiconductor controls and other specified items, such as items related to advanced computing chips and computer technologies, controlled for new “regional stability” purposes. In October 2023, BIS issued additional semiconductor controls and clarifications, which included updated ECCN item tables so as to “not undermine the deemed export and reexport exclusion.”[4] BIS underscored in the same interim rule its interest in receiving comments from businesses on the impact of deemed export provisions which BIS could use to better inform potential additional changes to deemed export licensing requirements. Finally, in April 2024, BIS released its most recent round of clarifications concerning semiconductor controls and reiterated that such controls did not require licensing for the deemed export or reexport of items controlled for “national security” reasons.

The present IFR introduces a few new permutations of deemed export authorizations. The first authorization grandfathers U.S. and non-U.S. entities who had hired foreign national contractors or employees to advance their work as of the effective date of BIS’s new controls (i.e., September 6, 2024), except for those working with certain GAAFET technology.[5] BIS also opted to wholly exclude from deemed export and reexport requirements the release of certain advanced semiconductor technology and software and to partially exclude other semiconductor manufacturing and quantum technology and software for all foreign nationals except those from Group D:1 countries, which are subject to U.S. national security export licensing requirements, and D:5 countries, which are subject to U.S. or United Nations arms embargoes.[6]

To authorize Group D:1 and Group D:5 foreign nationals’ access to controlled software and technology, BIS issues more specific authorizations through general orders, which provide the required authorization subject to certain reporting requirements. One general order authorizes Group D:1 and Group D:5 foreign nationals working as contractors or employees of entities and having access to the newly controlled GAAFET technology, provided that the individuals were supporting GAAFET technology projects as of September 6, 2024.[7] BIS also created a parallel authorization for foreign nationals from the same jurisdictions supporting work with newly controlled quantum technologies, though without a restriction on when these foreign nationals were hired or assigned to supporting these projects.[8] To take advantage of the general licenses, exporters are obligated to file annual reports with BIS (due for 2024 on November 4, 2024 and on February 1 for every year thereafter) that detail the GAAFET and quantum software and technology that the foreign nationals are using or to which they otherwise receiving access in their work, as well as reports concerning the voluntary or involuntary termination of such employees.

Although the Federal Register notice does not offer a specific rationale for the new annual reporting requirements, BIS will be able to use the information gathered to help trace where the contractors and employees authorized to work with these advanced technologies go when their work terminates. In accordance with newly added 15 C.F.R. §§ 743.7 and 743.8, entities must report the identity of the foreign personnel, the specific technology in question, when the person is terminated, and whether, upon termination, the person intends to go to a destination specified in Country Group D:1 or D:5. The introduction of a regulatory requirement to that will allow BIS to track the movement of foreign national employees who are advancing the leading edges of emerging technologies is unprecedented, but may serve as the model for similar authorizations that BIS will extend to foreign nationals working with other emerging technologies.

Use of the export, reexport, and deemed export and reexport licenses set forth in clauses (f)(1) and (f)(2) of General Order No. 6 (which license certain GAAFET exports, reexports, and deemed exports and reexports ongoing prior to September 6, 2024) are also conditioned on the specific application of the technology and software. In particular, although these general licenses extend to companies located in Country Groups A:5 and A:6, they expressly exclude any companies that are working at the direction of companies headquartered or whose ultimate parent is located in a sensitive jurisdiction (Country Groups D:1 or D:5) to develop or produce certain controlled items. Thus, for example, the authorization could not be used to support GAAFET or quantum development or production projects being directed by companies in China or other listed jurisdictions.

II. More fences around more yards, more quickly

The set of amendments that BIS implements through the IFR are among the more complex we have seen. The rule reflects the increasingly innovative tools BIS is employing to address the complicated issues that have arisen over the last two years in imposing controls on emerging technologies advanced semiconductor, semiconductor manufacturing, and supercomputing technologies. Moreover, BIS’s new License Exception IEC and novel use of grandfathering and general orders to mitigate the impact of new controls on the multinational teams collaborating to advance emerging technologies, among other rule features, constitute a playbook, and a new set of regulatory tools, for BIS to recruit like-minded countries to implement important controls outside of the consensus restraints associated with the WA.

Other countries are already adopting equivalent export controls concerning quantum computing and other technologies that will make them eligible for License Exception IEC. For example, on September 7, 2024, a day after the IFR took effect, the Netherlands amended its Regulation on Advanced Production Equipment for Semiconductors to require chip manufacturing giant ASML to apply for a Netherlands export license—rather than a U.S. export license—in order to export its TWINSCAN NXT:1970i and 1980i DUV immersion lithography systems outside the European Union. This amendment, which follows the Netherlands’ original restrictions targeting deep ultraviolet light machines (promulgated in September 2023), has the practical effect of building new walls around the flow of semiconductor manufacturing equipment to sensitive jurisdictions like China. ASML noted in an official statement, that it “believes this requirement will harmonize the approach for issuing export licenses.”

We expect other nations to similarly mirror IEC items licensing requirements and potential exclusions for quantum computing and other emerging technologies in the coming months. In response to the U.S. controls, as well as any potential future controls imposed by like-minded states, companies in the quantum computing, semiconductor manufacturing, GAAFET technology, and additive manufacturing industry should re-evaluate their previous item classifications, update deemed export and reexport policies as needed, and ensure that any required reports are filed in a timely manner. Companies operating in these industries should also evaluate the potential applicability of License Exception IEC—as well as related licensing policies—to their products. Finally, companies in these industries may wish to consider revising or re-evaluating human resources policies in order to more effectively comply with the above-described controls and authorizations relating to foreign nationals’ access to controlled software and technology.

[1] See Commerce Control List Additions and Revisions; Implementation of Controls on Advanced Technologies Consistent With Controls Implemented by International Partners, 89 Fed. Reg. 72,926 (Sept. 6, 2024).

[2] See 15 C.F.R. Part 774, Supplement No. 1.

[3] See 15 C.F.R. Part 740, Supplement No. 1.

[4] Implementation of Additional Export Controls: Certain Advanced Computing Items; Supercomputer and Semiconductor End Use; Updates and Corrections, 88 Fed. Reg. 73,458, 73,485 (Oct. 25, 2023) (codified at 15 C.F.R. § 774, Supplement No. 1).

[5] Commerce Control List Additions and Revisions; Implementation of Controls on Advanced Technologies Consistent with Controls Implemented by International Partners, 89 Fed. Reg. 72,926, 72,929 (Sept. 6, 2024) (to be codified at 15 C.F.R. §§ 742.4(a)(5)(i) &742.6(a)(10)(i)).

[6] Id. at 72,929.

[7] Id. at 72,936 (to be codified at 15 C.F.R. Part 736, Supplement No. 1 , General Order No. 6, subsections (f)(1) and (f)(2)).

[8] Id. at 72,936 (to be codified at 15 C.F.R. Part 736, Supplement No. 1 , General Order No. 6, subsection (f)(3)).

The following Gibson Dunn lawyers prepared this update: Nicole Martinez, Christopher Timura, Chris Mullen, Zach Kosbie, Stephenie Gosnell Handler, and Adam M. Smith.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. For additional information about how we may assist you, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or the following leaders and members of the firm’s International Trade practice group:

*Nicole Martinez, an associate in the firm’s New York office, is not admitted in New York.