Corporate Compliance Archives - Page 2 of 17

OECD Tour de Table Includes Information on U.S. Developments on the Safety of Manufactured Nanomaterials

The Organization for Economic Cooperation and Development (OECD) has published the latest edition of the Developments in Delegations on the Safety of Manufactured Nanomaterials and Advanced Materials — Tour de Table. The Tour de Table compiles information provided by delegations on the occasion of the 23rd meeting of the OECD Working Party on Manufactured Nanomaterials (WPMN) in June 2023. The Tour de Table lists U.S. developments on the human health and environmental safety of nanomaterials. Risk assessment decisions, including the type of nanomaterials assessed, testing recommended, and outcomes of the assessment include:

The U.S. Environmental Protection Agency (EPA) completed review of four low volume exemptions (LVE) that included a graphene material, a titanium dioxide material, and two graphene oxide materials, one of which was a modification to an existing exemption. EPA denied two of the LVEs and granted two under conditions that limited human and environmental exposures to prevent unreasonable risks.
According to the Tour de Table, EPA has under review 17 premanufacture notices (PMN), 16 of which are for multi-walled carbon nanotube chemical substances and one of which is for a graphene material. The Tour de Table states that EPA is still reviewing these 17 chemical substances for potential risks to human health and the environment. EPA completed its review of one significant new use notice (SNUN) for a single-walled carbon nanotube, regulating it with a consent order due to limited available data on nanomaterials. The consent order limits uses and human and environmental exposures to prevent unreasonable risks.

The Tour de Table includes the following information regarding risk management approaches in the United States:

Between June 2022 and June 2023, EPA received notification of two nanoscale substances based on metal oxides that met reporting criteria pursuant to its authority under the Toxic Substances Control Act (TSCA) Section 8(a), bringing the total number of notifications to 87. Reporting criteria exempted nanoscale chemical substances already reported as new chemicals under TSCA and those nanoscale chemical substances that did not have unique or novel properties. According to the Tour de Table, most reporting was for metals or metal oxides.
Since January 2005, EPA has received and reviewed more than 275 new chemical notices for nanoscale materials under TSCA, including fullerenes and carbon nano-onions, quantum dots, semiconducting nanoparticles, and carbon nanotubes. EPA has issued consent orders and significant new use rules (SNUR) permitting manufacture under limited conditions. A manufacturer or processor wishing to engage in a designated significant new use identified in a SNUR must submit a SNUN to EPA at least 90 days before engaging in the new use. The Tour de Table notes that because of confidential business information (CBI) claims by submitters, EPA may not be allowed to reveal to the public the chemical substance as a nanoscale material in every new chemical SNUR it issues for nanoscale materials. EPA will continue to issue SNURs and consent orders for new chemical nanoscale materials in the coming year.
Because of limited data to assess nanomaterials, the consent orders and SNURS contain requirements to limit exposure to workers through the use of personal protective equipment (PPE), limit environmental exposure by not allowing releases to surface waters or direct releases to air, and limit the specific applications/uses to those described in the new chemical notification.

Regarding updates, including proposals, or modifications to previous regulatory decisions, the Tour de Table states that “[t]he approaches used, given the level of available information, are consistent with previous regulatory decisions. EPA’s assessments now assume that the environmental hazard of a nanomaterial is unknown unless acceptable hazard data is submitted with nanomaterial submission.”

The Tour de Table lists the following new regulatory challenge(s) with respect to any action for nanomaterials:

Standards/methods for differentiating between different forms of the same chemical substance that is a nanomaterial;
Standardized testing for the physical properties that could be used to characterize/identify nanomaterials; and
Differentiation between genuinely new nanoscale materials introduced in commerce and existing products that have been in commerce for decades or centuries.

SEC Enforcement Targets Anti-Whistleblower Practices in Financial Firm’s Settlement Agreements with Retail Clients by Imposing Highest Penalty in Standalone Enforcement Action Under Exchange Act Rule 21 F-17(a)

As the year gets underway, the Securities and Exchange Commission (SEC or Commission) is continuing its ongoing enforcement efforts to target anti-whistleblower practices by pursuing a broader range of entities and substantive agreements, including the terms of agreements between financial institutions and their retail clients. The most recent settlement with a financial firm signifies that the SEC is imposing increasingly steep penalties to settle these matters while focusing on confidentiality provisions that do not affirmatively permit voluntary disclosures to regulators. We discuss below the latest SEC enforcement actions in the name of whistleblower protection and offer some practical tips for what firms and companies may do to proactively mitigate exposure.

On 16 January 2024, the SEC announced a record $18 million civil penalty against a dual registered investment adviser and broker-dealer (the Firm), asserting that the use of release agreements with retail clients impeded the clients from reporting securities law violations to the SEC in violation of Rule 21F-17(a) of the Securities Exchange Act of 1934 (Exchange Act).¹

The SEC found that from March 2020 through July 2023, the Firm regularly required its retail clients to sign confidential release agreements in order to receive a credit or settlement of more than $1,000. Under the terms of these releases, clients were required to keep confidential the existence of the credits or settlements, all related underlying facts, and all information relating to the accounts at issue, or risk legal action for breach of the agreement. The agreements “neither prohibited nor restricted” the clients from responding to any inquiries from the SEC, the Financial Industry Regulatory Authority (FINRA), other regulators or “as required by law.” However, the agreements did not expressly allow the clients to initiate voluntary reporting of potential securities law violations to the regulators. The SEC found that this violated Rule 21F-17(a) “which is intended to ‘encourag[e] individuals to report to the Commission.’”²While the Firm did report a number of the underlying client disputes to FINRA, the SEC found this insufficient to mitigate the lack of language in the release agreements that expressly permitted the clients to report potential securities law violations to the SEC.

The SEC initiated a settled administrative proceeding against the Firm, which neither admitted nor denied the SEC’s findings. In addition to the $18 million civil monetary penalty, the settlement requires that the Firm cease and desist from further violations of Rule 21F-17(a). Notably, the SEC credited certain remedial measures promptly undertaken by the Firm, including revising the at-issue release language and affirmatively alerting affected clients that they are not prohibited from communicating with governmental and regulatory authorities.

This enforcement action is significant for several reasons. First, it signals a broader enforcement focus by the SEC with respect to Rule 21F-17(a) in that this is the first action involving the terms of agreements between a financial institution and its retail clients, which are prevalent throughout the financial services industry. Previously, enforcement had focused squarely on restrictive confidentiality provisions involving employees, such as those found in employment or severance agreements or in connection with internal investigation interviews.

Second, the unprecedented magnitude of the penalty in a standalone Rule 21F-17(a) case underscores the SEC’s emphasis on preventing practices that it views as obstructions of whistleblower rights. SEC Enforcement Director Gurbir Grewal’s statement announcing the settlement reflects this position, “Whether it’s in your employment contracts, settlement agreements or elsewhere, you simply cannot include provisions that prevent individuals from contacting the SEC with evidence of wrongdoing.” Companies (public and private), broker-dealers, investment advisers, and other market participants should expect to see continued enforcement investigations in connection with the SEC’s ongoing attention toward compliance with Rule 21F-17(a), as discussed further below.

The SEC’s Whistleblower Protection Program

Established in 2011 pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the SEC Whistleblower Program provides monetary awards to individuals who “tip” the SEC with original information that leads to an enforcement action resulting in monetary sanctions that exceed $1 million. Through the end of the SEC’s FY2023, the SEC has awarded almost $2 billion to 385 whistleblowers.³In FY2023 alone, the SEC received over 18,000 whistleblower tips and awarded more than $600 million in whistleblower awards to 68 individuals.⁴

In furtherance of the Whistleblower Program, the SEC also issued Exchange Act Rule 21F-17(a), which provides that “no person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”⁵

SEC Struck Several Blows in 2023 Against Companies that Failed to Carve out Whistleblower Protections in Their Confidentiality Agreements

The SEC has been aggressively enforcing Rule 21F-17(a) since its first enforcement action in 2015 with respect to that Rule,⁶through several waves of enforcement actions. During 2023, the SEC was especially active with a number of settled enforcement actions asserting violations of Rule 21F-17(a) in which the respondents neither admitted nor denied the SEC’s findings:

In February 2023, the SEC fined a video game development and publishing company $35 million for violating federal securities laws through its inadequate disclosure controls and procedures. The settled action also included a finding that the company had violated Rule 21F-17(a) by executing separation agreements in the ordinary course of its business that required former employees to provide notice to the company if they received a request for information from the SEC’s staff.⁷
In May 2023, the SEC imposed a $2 million fine on an internet streaming company for: (i) retaliating against an employee who reported misconduct to the company’s management prior to and after filing a complaint with the SEC; and, (ii) impeding the reporting of potential securities law violations, by including provisions in employee severance agreements requiring that departing employees waive any potential right to receive a whistleblower award, in violation Rule 21F-17(a).⁸
In September 2023, in another standalone enforcement action for violations of Rule 21F-17(a), the SEC imposed a $10 million civil monetary penalty on a registered investment adviser (RIA) for requiring that its new employees sign employment agreements that prohibited the disclosure of “Confidential Information” to anyone outside of the company, without an exception for voluntary communications with the SEC concerning possible securities laws violations.⁹Further, the RIA required many departing employees to sign a release in exchange for the receipt of certain deferred compensation and other benefits affirming that, among other things, the employee had not filed any complaints with any governmental agency. Although the RIA later revised its policies and issued clarifications to employees that they were not prevented from communicating with the SEC and other regulators, the RIA failed to amend its employment and release agreements to provide the carve out.
Also in September 2023, the SEC charged two additional firms with violations of Rule 21F-17(a). In one case imposing a $375,000 civil penalty, the SEC found that a commercial real estate services and investment firm impeded whistleblowers by requiring its employees, as a condition of receiving separation pay, to represent that they had not filed a complaint against the firm with any federal agency.¹⁰In another case, the SEC imposed a $225,000 civil penalty against a privately-held energy and technology company for requiring certain departing employees to waive their rights to monetary whistleblower awards.¹¹This particular action underscores that Rule 21F-17 applies to all entities, and not only to public companies.

Mr. Grewal, in an October 2023 speech before the New York City Bar Association Compliance Institute, emphasized that potential impediments to the SEC’s Whistleblower Program would be a continued focus of the agency’s enforcement efforts, stating, “we take compliance with Rule 21F-17 very seriously, and so should each of you who work in a compliance function or advise companies. You need to look at these orders and the violative language cited by the Commission and think about how those actions may impact your firms. And if they do, then take the steps necessary to effect compliance.”¹²

Key Take-Aways

The SEC’s recent enforcement actions demonstrate that violations of Rule 21F-17(a) can carry significant fines and reach virtually any confidentiality agreement that does not carve out communications between a firm’s current or former employees or customers and the SEC or other regulators about potential securities violations. Moreover, although many of the enforcement actions relate to language in agreements, Rule 21F-17 is not so limited and can also apply to language in internal policies, procedures, guidance, manuals, or training materials. The message from the SEC is clear: it will continue to enforce Rule 21F-17 with respect to public companies, private companies, broker-dealers, investment advisers, and other financial services entities.

The SEC in its recent orders has provided credit to companies for cooperation as well as for instituting remedial actions.¹³ Being proactive in identifying and correcting potential violations in advance of any investigation by the SEC can result in mitigation of any action or penalties.

Legal and compliance officers may want to consider the following steps in order to evaluate and potentially mitigate any potential exposure to an enforcement action:

Conduct a review of all employee-facing and client-facing documents or contracts with confidentiality provisions and remove or revise any content that may be viewed as impeding (even unintentionally) a person’s ability to report potential securities law violations to the SEC. Depending on the circumstances, this may involve including a reference expressly permitting communications with the SEC and other government or regulatory entities without advance notice or disclosure to the company.
Remove any language from the templates that could be interpreted as hindering an employee’s or client’s ability to communicate with the SEC concerning potential securities law violations, including language threatening disciplinary action against employees for disclosing confidential information in their communications with government agencies when reporting potential violations.
Prepare addenda or updates to current employee- and client-facing agreements that reflect the revised confidentiality clauses.
Include reference in written anti-retaliation policies that employees’ communications and cooperation with the SEC and other government agencies will not result in retaliation from the company.
Conduct trainings for company managers and supervisors regarding appropriate communications to employees regarding their interactions with the government.
Implement policies that prevent any company personnel from taking steps to block or interfere with an employee’s use of company platforms or systems to communicate with the SEC and other government agencies.¹⁴

¹In the Matter of JP Morgan Securities LLC, Admin. Proc. No. 3-21829 (Jan. 16, 2024), https://www.sec.gov/files/litigation/admin/2024/34-99344.pdf.

²Id. (quoting Securities Whistleblower Incentives and Protections Adopting Release, Release No. 34-63434 (June 13, 2011)).

³SEC Office of the Whistleblower Annual Report to Congress for Fiscal Year 2023 (Nov. 14, 2023), https://www.sec.gov/files/2023_ow_ar.pdf; SEC Whistleblower Office Announces Results for FY 2022 (Nov. 15, 2022), https://www.sec.gov/files/2022_ow_ar.pdf; 2021 Annual Report to Congress Whistleblower Program (Nov. 15, 2021), https://www.sec.gov/files/owb-2021-annual-report.pdf; 2020 Annual Report to Congress Whistleblower Program (Nov. 16, 2020), https://www.sec.gov/files/2020_owb_annual_report.pdf.

⁴SEC Office of the Whistleblower Annual Report to Congress for Fiscal Year 2023 (Nov. 14, 2023), https://www.sec.gov/files/2023_ow_ar.pdf.

⁵17 C.F.R. § 240.21F-17.

⁶In the Matter of KBR, Inc., Admin. Proc. No. 3-16466 (Apr. 1 2015), https://www.sec.gov/files/litigation/admin/2015/34-74619.pdf (imposing a US$130,000 fine on a company in a settled enforcement action for requiring that witnesses in certain internal investigations sign confidentiality agreements warning that they could be subject to discipline if they discussed the matters at issue outside the company without prior approval of the company’s legal department).

⁷In the Matter of Activision Blizzard, Inc. Admin. Proc. No. 3-21294 (Feb. 3, 2023), https://www.sec.gov/files/litigation/admin/2023/34-96796.pdf.

⁸In the Matter of Gaia, Inc. et. al., Admin. Proc. No. 3-21438 (May 23, 2023), https://www.sec.gov/files/litigation/admin/2023/33-11196.pdf.

⁹In the Matter of D.E. Shaw & Co., L.P., Admin. Proc. No. 3-21775 (Sep. 29, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98641.pdf.

¹⁰In the Matter of CBRE Inc., Admin. Proc. No. 3-21675 (Sept. 19, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98429.pdf.

¹¹In the Matter of Monolith Res., LLC, Admin. Proc. No. 3-21629 (Sept. 8, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98322.pdf.

¹²Gurbir S. Grewal, Remarks at New York City Bar Association Compliance Institute (Oct. 24, 2023), https://www.sec.gov/news/speech/grewal-remarks-nyc-bar-association-compliance-institute-102423.

¹³See, e.g., In the Matter of CBRE Inc., Admin. Proc. No. 3-21675 (Sept. 19, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98429.pdf (crediting respondent’s remediation program, which included, among other measures, an audit of relevant agreements, updates to policies with respect to Rule 21F-17, and mandatory trainings); In the Matter of Monolith Res., LLC, Admin. Proc. No. 3-21629 (Sept. 8, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98322.pdf (crediting respondent’s prompt remedial acts including revisions to the at-issue release language and affirmatively alerting affected clients that they are not prohibited from communicating with governmental and regulatory authorities.)

¹⁴Cf. In the Matter of David Hansen, Admin Proc. 3-20820 (Apr. 12, 2022), https://www.sec.gov/enforce/34-94703-s (settled SEC enforcement action against former Chief Information Officer of a technology company for violating Rule 21F-17(a) by, among other things, removing an employee’s access to the company’s computer systems after the employee raised concerns regarding misrepresentations contained in the company’s public disclosures).

Supreme Court Upholds Corporate Whistleblower Protections in Landmark Ruling

Today, the U.S. Supreme Court issued a unanimous ruling holding that whistleblowers do not need to prove that their employer acted with “retaliatory intent” to be protected under the Sarbanes-Oxley Act (SOX). The decision in the case, Murray v. UBS Securities, LLC, has immense implications for a number of whistleblower protection laws.

“This is a major win for whistleblowers and thus a huge win for corporate accountability,” said leading whistleblower attorney David Colapinto, a founding partner of Kohn, Kohn & Colapinto.

“A ruling in favor of UBS would have overturned more than 20 years of precedent in SOX whistleblower cases and made it exceedingly more difficult for whistleblowers who claim retaliation under many similarly worded federal whistleblower statutes,” Colapinto continued.

“Thankfully, the Court was not swayed by UBS’ attempt to ignore the plain meaning of the statute and instead upheld the burden of proof that Congress enacted to protect whistleblowers who face retaliation,” added Colapinto.

In an amicus curiae brief filed in the case on behalf of the National Whistleblower Center, the founding partners of Kohn, Kohn & Colapinto outlined the Congressional intent behind the burden of proof standard in SOX.

“In crafting the unique ‘contributing factor’ test for whistleblowers, Congress left an incredibly straight-forward legislative history documenting the value of whistleblowers’ contributions, the risks and retaliation whistleblowers faced, the barriers the previous burden of proof presented for whistleblowers, and Congress’ explicit intention to lower that burden of proof for whistleblowers,” the brief states.

In the Court’s opinion, Justice Sonia Sotomayor likewise pointed to the Congressional intent of SOX’s contributing-factor burden of proof standard:

“To be sure, the contributing-factor framework that Congress chose here is not as protective of employers as a motivating-factor framework. That is by design. Congress has employed the contributing-factor framework in contexts where the health, safety, or well-being of the public may well depend on whistleblowers feeling empowered to come forward. This Court cannot override that policy choice by giving employers more protection than the statute itself provides.”

This article was authored by Geoff Schweller.

Client Alert: New Reporting Requirements Under the Corporate Transparency Act

On January 1, 2024, the Corporate Transparency Act (CTA) took effect. This new federal anti-money laundering law obligates many corporations, limited liability companies and other business entities to report to the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), certain information about the entity, the entity’s beneficial owners and the individuals who created or registered the entity to do business. This client alert summarizes the CTA’s key requirements and deadlines. For more detailed information, please review the official “Beneficial Ownership Information Reporting FAQs” and the “Small Entity Compliance Guide” published by FinCEN.

Frequently Asked Questions

WHO MUST REPORT INFORMATION UNDER THE CTA?

The following “reporting companies” are subject to the CTA’s reporting requirements: (a) any U.S. corporation, limited liability company or other entity created by the filing of a document with a state or territorial government office; and (b) any non-U.S. entity that is registered to do business in any U.S. jurisdiction.

The CTA provides for 23 types of entities that are exempt from its reporting requirements, including companies that currently report to the U.S. Securities and Exchange Commission, insurance companies and tax-exempt entities, among others. Most notably, a company does not need to comply with the CTA if it has more than $5,000,000 in gross receipts for the previous year (as reflected in filed federal tax returns), at least one physical office in the U.S. and at least 20 employees in the U.S. For a full list of exemptions, including helpful checklists, please see Chapter 1.2, “Is my company exempt from the reporting requirements?”, of the Small Entity Compliance Guide.

A subsidiary of an exempt entity also will enjoy exempt status.

WHAT INFORMATION MUST BE REPORTED?

A reporting company is required to report the following information to FinCEN, and to keep the information current with FinCEN on an ongoing basis:

The reporting company’s full legal name;
Any trade name or “doing business as” (DBA) name of the reporting company;
The reporting company’s principal place of business;
The reporting company’s jurisdiction of formation (and, for non-U.S. reporting companies, the jurisdiction where the company first registered to do business in the U.S.); and
The reporting company’s Employer Identification Number (EIN).

A reporting company also is required to identify its “beneficial owners” and “company applicant.” A beneficial owner is an individual who either: (a) exercises “substantial control” over the reporting company; or (b) owns or controls at least 25 percent of the ownership interests of the reporting company. A company applicant is an individual who directly files or is primarily responsible for filing the document that creates or registers the reporting company.

A reporting company must report and keep current the following information for each beneficial owner and company applicant:

Full legal name;
Date of birth;
Complete current address;
Unique identifying number and issuing jurisdiction from, and image of, one of the following non-expired documents:
a. U.S. passport;
b. State driver’s license; or
c. Identification document issued by a state, local government or tribe.

WHEN ARE REPORTS DUE?

A reporting company that was first formed or registered to do business in the United States before January 1, 2024 will need to file its initial report with FinCEN no later than January 1, 2025.

A reporting company that is first formed or registered to do business in the United States between January 1, 2024 and January 1, 2025 will need to file its initial report with FinCEN within 90 calendar days after the effective date of its formation or registration to do business.

A reporting company that is first formed or registered to do business in the United States on or after January 1, 2025 will need to file its initial report with FinCEN within 30 calendar days after the effective date of its formation or registration to do business.

HOW DOES MY COMPANY FILE REPORTS WITH FINCEN?

Reports must be filed electronically through the BOI E-Filing System. For additional instructions and other technical guidance, please see the Help & Resources page.

WHAT HAPPENS IF MY COMPANY DOES NOT COMPLY WITH THE CTA?

At the time the filing is made, a reporting company is required to certify that its report or application is true, correct, and complete. Therefore, it is the reporting company’s responsibility to identify its beneficial owners and verify the accuracy of all reported information.

A person or reporting company who willfully violates the CTA’s reporting requirements may be subject to civil penalties of up to $500 for each day that the violation continues, plus criminal penalties of up to two years’ imprisonment and a fine of up to $10,000.

In the case of an accidental violation – for instance, if an initial report inadvertently contained a typo or outdated information – the CTA provides a safe harbor for reporting companies to correct the original report within 90 days after the deadline for the original report. If this safe harbor deadline is missed, the reporting company and individuals providing inaccurate information may be subject to the CTA’s civil and criminal penalties.

OTHER THAN FILING ACCURATE REPORTS, HOW CAN MY COMPANY STAY COMPLIANT?

A reporting company should consider taking the following actions to facilitate compliance with the CTA’s reporting requirements:

Amending existing governing documents, such as LLC or stockholder agreements, to require beneficial owners to promptly provide required information and otherwise cooperate in the company’s compliance with the CTA;
Designating an officer to oversee the company’s initial and ongoing CTA reporting;
Maintaining, reviewing and updating records on a regular cadence to reflect equity transfers, option grants and other transactions that affect ownership interest calculations; and
Developing a secure process for collecting and storing a beneficial owner’s photo identification and other sensitive information for CTA reporting purposes.

New Diligence Opportunity for Financial Institutions

On Jan. 1, 2024, the Corporate Transparency Act (“CTA”) took effect. As a result, all business entities, unless expressly exempt by the CTA, must file Reports of Beneficial Ownership Information (“BOI”) with the Financial Crimes Enforcement Network (“FinCEN”), a unit of the U.S. Treasury. Under the CTA, “financial institutions,” i.e., banks and other entities that provide financings and are subject to the “Know Your Customer” and “Customer Due Diligence” regulations of FinCEN pursuant to the Bank Secrecy Act, the USA Patriot Act, and the Anti-Money Laundering Act of 2020, may access the BOI on reports filed with FinCEN.

To gain access to the BOI, the financial institution MUST:

Obtain the written consent of the customer, i.e., the borrower, guarantor, or other loan party, in connection with the diligence process required before entering a business relationship with the customer, or as part of the continuing diligence required in an existing relationship. Accordingly, forms used by the financial institution to open or to continue an existing business relationship must include a clear and conspicuous provision in which the customer gives consent. This will probably require a complete review and revision of those forms;
Determine that obtaining access to the BOI is reasonably necessary for the financial institution to meet its diligence obligations. That determination should be spelled out in the written request to FinCEN for access; and
Acknowledge the scope of confidentiality obligations with respect to the BOI obtained, including the limited use permitted of the information, as well as safeguarding that accessed BOI from misuse.

Financial institutions should be prepared to request access to BOI as a matter of course. In any case where a customer engages in violative activity, and the BOI would have alerted the financial institution to possible risks, that institution could be exposed to sanctions by its principal prudential regulator and/or by other law enforcement agencies.

Becoming Antitrust Aware in 2024: Top Five Recommendations for the New Year

A new year means resolutions which are often centered around self-improvement measures like weight loss, exercise plans, and other health improvement measures. Companies can also benefit from resolutions. Increasing antitrust awareness is not usually on the resolution list but here we offer some ideas for companies as they embark on a new year.

Treat antitrust as a priority in 2024.

As antitrust lawyers, our viewpoint may be biased, and we certainly appreciate that most companies already have a lengthy list of priorities for their in-house and outside legal teams. Given that all companies, regardless of their size, are subject to the antitrust laws, and given the high stakes involved (including criminal penalties and treble damages awards), antitrust certainly deserves to be on the priority list. One relatively easy way to get the ball rolling is to put fresh eyes on your company’s antitrust policy. When was the last time it was updated? What type of trainings does your company use to teach the concepts contained in the policy? The training doesn’t need to be – and shouldn’t be – boring or esoteric. Instead, trainings should be engaging and tailored to the specific antitrust risks that workgroups may face. For example, the sales team will need different antitrust training than those working on supply chain or environmental, social, and governance (ESG) initiatives. Ask your antitrust lawyer to create easy-to-follow, lively online trainings that can be viewed on demand. And if your company doesn’t have an antitrust policy, we suggest that creating one be moved to the top (or near top) of the legal department’s to-do list in 2024.

Understand the current antitrust enforcement priorities.

2024 will be a significant year for antitrust. It’s an election year, which means 2024 may be the Biden Administration’s last year to execute on plans that have been in the works since President Biden issued Executive Order 14036, “Promoting Competition in the American Economy,” in July 2021. Some of the Administration’s more dramatic plans include significant revisions to the Hart-Scott-Rodino (HSR) premerger notification process. While we don’t expect all the FTC and DOJ’s sweeping proposals to make it into the HSR final rule, we do expect some changes to be made, and they will likely mean significant additional burdens for filing parties. We also expect to see the FTC’s new rule on non-compete agreements. The FTC’s proposal would ban most non-compete agreements, and some states have already enacted their own prohibitions on non-compete agreements.

If your company engages in M&A, be aware of the new Merger Guidelines.

The newest Merger Guidelines, addressing both horizontal and vertical mergers, were unveiled in December 2023 . One of the most significant changes announced in the 2023 Merger Guidelines are the decreased levels of concentration that will trigger a rebuttable presumption of illegality. Under the new Guidelines, a market share of greater than 30% and a concentration increase of 100 points will be enough to trigger that rebuttable presumption. That is not to say the presumption is the death knell for a transaction, but it does mean that the government enforcement will be aggressive. Also be aware that the 2023 Guidelines introduce new topics, such as labor markets. Early analysis and planning will be critical, requiring involvement of skilled antitrust counsel.

Understand that application of the antitrust laws is constantly evolving.

The language of the core U.S. antitrust laws – the Sherman Act, the Clayton Act, and the FTC Act, hasn’t changed, but the application of these laws is always evolving. For example, the antitrust enforcers and private plaintiffs are increasingly focused on labor issues, such as “no poach” agreements and wage fixing. Antitrust enforcers are also focused on private equity, as evidenced by the FTC’s recent lawsuit against Welsh, Carson, Anderson, and Stowe and some of the changes contained in the proposed revisions to the HSR Rules. Technology is also a significant factor that provokes interesting questions that don’t have answers, at least not currently. For example, do pricing algorithms lead to price fixing? How will antitrust enforcers deal with artificial intelligence?

Pay attention to state antitrust enforcers.

The federal regulators at the Department of Justice and Federal Trade Commission may get most of the attention, but we must never forget that states have their own antitrust laws and their own antitrust enforcers, who have the power to investigate and bring legal action. Often, the state regulators work collaboratively with their federal counterparts, but the state regulators are free to go their own way, such as those targeting various ESG initiatives. Also bear in mind that states are increasingly blazing new trails, such as bans on non-competes. Thirteen states have also enacted “mini” HSR premerger notification statutes for health care deals. It’s always prudent to check the laws of the state or states where business is conducted to determine if there are any state-specific antitrust considerations.

2023 Key Developments In The False Claims Act

2023 was another active year for the False Claims Act (FCA), marked by notable appellate decisions, emerging enforcement trends, and statutory amendments to state FCAs. We summarize the year’s most important developments for practitioners and government-facing businesses.

Developments in Caselaw

Supreme Court Holds That FCA Scienter Incorporates A Subjective Standard

The Supreme Court issued two consequential decisions on the False Claims Act this term. In the first, United States ex rel. Schutte v. SuperValu Co., 1 the Court held that objectively reasonable interpretations of ambiguous laws and regulations only provide a defense to the FCA’s scienter requirement if the defendant in fact interpreted the law or regulation that way during the relevant period. The Court held that the proper scienter inquiry is whether the defendant was “conscious of a substantial and unjustifiable risk” that their conduct was unlawful. 2 Previously, some courts (including the courts below in Schutte) had dismissed FCA claims based on an ambiguity in relevant statutory or regulatory provisions identified by a party’s attorneys, even if the party never actually believed that interpretation. Schutte precludes such a defense. That said, Schutte does require relators or the Government to allege facts to support an inference of actual knowledge of falsity, and some courts have granted motions to dismiss on that basis post-Schutte. 3

High Court Reaffirms Government’s Authority To Intervene And Dismiss Declined Actions, While Some Justices Raise Constitutional Questions

The Court also decided United States ex rel. Polansky v. Executive Health Resources, Inc., 4 which held that the Government may intervene in a declined action—i.e., where the Government declines to litigate the case at the outset under 31 U.S.C. § 3730(b)(4)(B)—for the purpose of dismissing it over the relator’s objection. The case essentially preserves the status quo, as courts widely recognized the authority of the Government to dismiss declined qui tams before Polansky. Polansky places two minor restrictions on the Government’s ability to dismiss declined actions. First, the Government has to intervene. 5 Second, the Government needs to articulate some rationale for dismissal to meet the standard of Rule 41(a), which the Court remarked that it will be able to do in “all but the most exceptional cases.” 6 More notably, however, three of the nine Justices (Justice Thomas in dissent and Justices Kavanaugh and Barrett in concurrence) signaled that they would entertain a challenge to the constitutionality of the qui tam mechanism under Article II. 7 Though the one court that has considered such arguments on the merits post-Polansky rejected them, 8 it remains likely that additional, similar challenges will be made.

Split In Authority Deepens On Causation In Kickback Cases

In FCA cases where the relator alleges a violation of the Anti-Kickback Statute (AKS), the payment of a kickback needs—at least in part—to have caused a submission of a false claim. That requirement flows from the statutory text of the AKS, which provides that claims “resulting from” AKS violations are “false or fraudulent claim[s]” for the purpose of the FCA. 9 But courts have not coalesced around a single standard for what it means for a false claim to “result from” a kickback. Before this year, the Third Circuit in United States ex rel. Greenfield v. Medco Health held that there needs to be “some link” between kickback and referral beyond temporal proximity. 10 On the other hand, the Eighth Circuit in United States ex rel. Cairns v. D.S. Medical, LLC, held that the kickback needs to be a but-for cause of the referral. 11 Earlier this year, the Sixth Circuit endorsed the Eighth Circuit’s interpretation of causation. The court reasoned that but-for causation is the “ordinary meaning” of “resulting from” and no other statutory language in the AKS or FCA justifies departure from a but-for standard. 12 But not every court has adopted the Sixth Circuit’s straightforward analysis.

In the District of Massachusetts, for example, two decisions issued this summer came out on opposite sides of the split. In both cases, United States v. Teva Pharmaceuticals USA, Inc., 13 and United States v. Regeneron Pharmaceuticals, Inc., 14 the Government alleged that the pharmaceutical companies were improperly paying copayment subsidies to patients for their drugs. Yet Teva adopted Greenfield’s “some link” standard, while Regeneron adopted the “but-for” standard of the Sixth and Eighth Circuits. The Teva court also certified an interlocutory appeal to the First Circuit to resolve the issue prior to trial, which remains pending. 15 FCA defendants in cases arising out of the AKS thus continue to face substantial uncertainty as to the applicable standard outside the Third, Sixth, and Eighth Circuits. That said, there is mounting skepticism of the Greenfield analysis, 16 and those defendants retain good arguments that the standard adopted by the Sixth and Eighth Circuits should apply.

Enforcement Trends

The also Government remained active in investigating and, in many cases, settling False Claims Act allegations. That enforcement activity included several large settlements, including a $377 million settlement with Booz Allen Hamilton arising out of its failure to comply with Federal Acquisition Regulation cost accounting standards. 17 Our review of this year’s activity revealed significant trends in both civil and criminal enforcement, which we briefly describe below.

Focus On Unsupported Coding In Medicare Advantage (Part C) Claims

Medicare recipients are increasingly turning to private insurers to manage the administration of their Medicare benefits: over half of Medicare enrollees now opt for managed care plans. 18 The Government announced several important enforcement actions focused on submissions to and the administration of Medicare Advantage plans.

On September 30, DOJ announced a $172 million settlement with Cigna due to an alleged scheme to submit unsupported Medicare coding to increase reimbursement rates. According to the press release, Cigna operated a “chart review” team that reviewed providers’ submitted materials and identified additional applicable diagnosis coding to include on requests for payment. The Government alleges that some of the coding Cigna added was not substantiated by the chart review. 19

Similarly, in October, the Government declined to prosecute insurer HealthSun for submitting diagnosis coding to CMS that increased applicable reimbursement rate of treatment without an actual underlying diagnosis by the treating physician. The declination was based on HealthSun’s voluntary self-disclosure of the conduct through the Criminal Division’s recently updated Corporate Enforcement and Voluntary Self-Disclosure Policy. 20 DOJ did, however, indict the company’s former Director of Medicare Risk Adjustment Analytics for conspiracy to commit healthcare fraud and several counts of wire fraud and major fraud against the Government in the Southern District of Florida. 21

In May, the United States Attorney’s Office for the Eastern District of Pennsylvania announced a settlement against a Philadelphia primary care practice based on the submission of allegedly unsupported Medicare diagnosis coding in Part C submissions. The press release asserts that the practice coded numerous claims with morbid obesity diagnoses when the patients lacked the required body-mass index for the diagnosis and diagnosed chronic obstructive pulmonary disease without appropriate substantiation. 22

Both managed care organizations and providers that submit claims to Medicare Advantage should review their claim coding practices to ensure that their claims accurately reflect the medical diagnoses of the treating physician, as well as the treatment provided.

DOJ Follows Through On Civil Cyber-Fraud Initiative

In 2021, DOJ announced the launch of its Civil Cyber-Fraud Initiative, 23 which was aimed at policing government contractors’ failures to adequately protect government information by meeting prescribed cybersecurity requirements. This year, the enforcement of that policy led the Government to alleged FCA violations based on implied or explicit certifications of compliance with cybersecurity regulations:

In September, the Government declined to intervene in a qui tam action against Pennsylvania State University alleging that Penn State falsely certified compliance with Defense Federal Acquisition Regulation Supplement 252.204-7012, which specifies controls required to safeguard defense-related information, during the length of its contract with the Defense Department. 24 However, the parties subsequently sought a 180 day stay of proceedings due to an ongoing government investigation, which was granted. 25 The application for the stay hinted that the Government may yet intervene in the action and file a superseding complaint. 26

DOJ also announced in September a $4 million settlement with Verizon Business Network Services LLC arising out of Verizon’s provision of internet services to federal agencies that was required to meet specific security standards. The Government’s press release, which specifically noted Verizon’s cooperation with the investigation, alleged that Verizon failed to implement “three required cybersecurity controls” in its provision of internet service, which were not individually specified. 27

Entities doing business with the Government should ensure that they are aware of all applicable cybersecurity laws and regulations governing that relationship and that they are meeting all such requirements.

Continued Crackdown On Telemedicine Fraud Schemes

Following OIG-HHS’s July 2022 Special Fraud Alert 28 regarding the recruitment of practitioners to prescribe treatment based on little to no patient interaction over telemedicine, DOJ announced several significant settlements involving that exact conduct. In many circumstances, the Government pursued criminal charges rather than civil FCA penalties alone.

In September, the United States Attorney’s Office for the District of Massachusetts announced a guilty plea to a conspiracy to commit health care fraud charge. The Government alleged that the defendant partnered with telemarketing companies to pay Medicare beneficiaries “on a per-order basis to generate orders for [durable medical equipment] and genetic testing,” and then found doctors willing to sign “prepopulated orders” based on telemedicine appointments that the doctors did not actually attend. 29

In June, as part of a “strategically coordinated” national enforcement action, DOJ announced action against several officers of a south Florida telemedicine company for an alleged $2 billion fraud involving the prescription of orthotic braces and other items to targeted Medicare recipients through cursory telemarketing appointments that were presented as in-person examinations. 30

Although enforcement in the telemedicine space to date has largely focused on obviously fraudulent conduct, practitioners should be aware that the Government may view overly short telemedicine appointments as insufficient to support diagnoses leading to claims for payment from the Government.

State False Claims Acts

Both Connecticut and New York made notable alterations to the scope of conduct covered by their state FCAs. Companies doing business with state governments should be aware that 32 states have their own FCAs, not all of which mirror the federal FCA.

Connecticut Expands FCA To Mirror Scope Of Federal Statute

Prior to this year, Connecticut’s False Claims Act covered only payments sought or received from a “stateadministered health or human services program” In June, however, Connecticut enacted a substantial revision to its state FCA, which seeks to mirror the scope and extent of the Federal FCA. 31 Those doing business with the state of Connecticut should conduct an FCA-focused compliance review of that business to avoid potential liability arising out of state law, and should also understand federal FCA jurisprudence, which is likely to have a significant influence on the new law’s interpretation.

New York Expands FCA To Cover Allow Tax-Related FCA Claims Against Non-Filers

New York is among the few states whose state FCAs cover tax-related claims. Prior to this year, though, the state and its municipalities could only assert tax-related claims against those who actually filed and whose filings contained false statements of fact. In May, New York amended its FCA to allow a cause of action against those who knowingly fail to file a New York tax return and pay New York taxes. 32 Companies doing business in New York should be aware that not filing required taxes in New York may potentially subject them to, among other things, the treble damages for which the FCA provides.

1 143 S. Ct. 1391 (2023).
2 Schutte, 143 S. Ct. at 1400-01.
3 See, e.g., United States ex rel. McSherry v. SLSCO, L.P., No. 18-CV-5981, 2023 WL 6050202,
at *4 (E.D.N.Y. Sept. 15, 2023).
4 143 S. Ct. 1720 (2023).
5 Id. at 1730.
6 Id. at 1734.
7 Id. at 1737 (Kavanaugh, J., concurring); id. at 1741-42 (Thomas, J., dissenting).
8 See United States ex rel. Wallace v. Exactech, Inc., No. 7:18-cv-01010, 2023 WL 8027309, at
*4-6 (N.D. Ala. Nov. 20, 2023).
9 See 42 U.S.C. § 1320a-7b(g).
10 United States ex rel. Greenfield v. Medco Health Sol’ns, 880 F.3d 89, 98-100 (3d Cir. 2018).
11 United States ex rel. Cairns v. D.S. Med., LLC, 42 F. 4th 828, 834-36 (8th Cir. 2022).
12 United States ex rel. Martin v. Hathaway, 63 F. 4th 1043, 1052-53 (6th Cir. 2023).
13 Civ. A. No. 20-11548, 2023 WL 4565105 (D. Mass. July 14, 2023).
14 Civ. A. No. 20-11217, 2023 WL 7016900 (D. Mass. Oct. 25, 2023)
15 See United States v. Teva Pharma USA, Inc., No. 23-1958 (1st Cir. 2023).
16 See, e.g., Regeneron, 2023 WL 7016900, at *11 (remarking that the Greenfield analysis is
“fraught with problems” and “disconnected from long-standing common-law principles of
causation”).
17 https://www.justice.gov/opa/pr/booz-allen-agrees-pay-37745-million-settle-false-claims-act-
allegations.
18 https://www.kff.org/policy-watch/half-of-all-eligible-medicare-beneficiaries-are-now-enrolled-
in-private-medicare-advantage-plans/.
19 https://www.justice.gov/opa/pr/cigna-group-pay-172-million-resolve-false-claims-act-
allegations.
20 See https://www.justice.gov/opa/speech/assistant-attorney-general-kenneth-polite-jr-delivers-
remarks-georgetown-university-law.
21 https://www.justice.gov/opa/pr/former-executive-medicare-advantage-organization-charged-
multimillion-dollar-medicare-fraud.
22 https://www.justice.gov/usao-edpa/pr/primary-care-physicians-pay-15-million-resolve-false-
claims-act-liability-submitting.
23 See https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-new-
civil-cyber-fraud-initiative.
24 See United States ex rel. Decker v. Penn. State Univ., Civ. A. No. 22-3895 (E.D. Pa. 2023).
25 Id. at ECF Nos. 24, 37.
26 Id. at ECF No. 24.

27 See https://www.justice.gov/opa/pr/cooperating-federal-contractor-resolves-liability-alleged-
false-claims-caused-failure-fully.
28 https://oig.hhs.gov/documents/root/1045/sfa-telefraud.pdf.
29 https://www.justice.gov/usao-ma/pr/owner-telemedicine-companies-pleads-guilty-44-million-
medicare-fraud-scheme.
30 https://www.justice.gov/opa/pr/national-enforcement-action-results-78-individuals-charged-
25b-health-care-fraud.
31 See Conn. Gen. Stat. §§ 4-274–4-289.
32 See N.Y. State Fin. Law § 189(4)(a).

Beware of Corporate Transparency Act Scams and Fraud

The Corporate Transparency Act’s (CTA) Beneficial Ownership Information reporting requirements are set to take effect on January 1, and bad actors are already using the CTA’s requirements to solicit unauthorized access to Personally Identifiable Information. To that end, the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) recently issued a warning regarding such scams. FinCEN describes these efforts as follows:

“The fraudulent correspondence may be titled “Important Compliance Notice” and asks the recipient to click on a URL or to scan a QR code. Those e-mails or letters are fraudulent. FinCEN does not send unsolicited requests (emphasis added). Please do not respond to these fraudulent messages, or click on any links or scan any QR codes within them.”

Despite Record Year, SEC Must Improve Whistleblower Program to Align with White House Anti-Corruption Initiative

SEC Chair Gary Gensler announced on October 25th that in the 2023 fiscal year, the Commission received a record number of 18,000 whistleblower tips.

The SEC Whistleblower Program has grown rapidly and effectively since its inception in 2010 – the 2022 Fiscal Year set a record of 12,300 whistleblower tips. This was a near doubling of the 2020 tips, which set a record of 6,911.

The SEC transnational whistleblower program responds to individuals who voluntarily report original information about potential misconduct. If tips lead to a successful enforcement action, the whistleblowers are entitled to 10-30% of the recovered funds. The programs have created clear anti-retaliation protections and strong financial incentives for reporting securities and commodities fraud.

The U.S. Strategy on Countering Corruption is a White House initiative from December of 2021 that establishes the fight against corruption as a core tenant of national security interests. It outlines strategic pillars and objectives within each. The recommendations on improving the SEC’s whistleblower provisions as outlined below have the same goal of creating stronger processes to combat corruption.

Since the SEC Whistleblower Program was created in 2010, whistleblowers have played a crucial role in the SEC’s enforcement efforts. Overall, since the whistleblower program was established in 2010, “[e]enforcement actions brought using information from meritorious whistleblowers have resulted in orders for more than $6.3 billion in total monetary sanctions, including more than $4.0 billion in disgorgement of ill-gotten gains and interest, of which more than $1.5 billion has been, or is scheduled to be, returned to harmed investors,” according to the 2022 annual report.

This $6.3 billion recovered via sanctions is money that is put back into the pockets of investors and everyday Americans.

The SEC does not credit related enforcement actions to award notifications and sanctions in order to maintain the anonymity and confidentiality of whistleblowers, award notifications don’t tie to underlying enforcement action. The $6.3 billion does not include DOJ enforcement actions, which combined would show a much larger number.

Non-U.S. citizens who blow the whistle on potential securities frauds committed by publicly traded companies outside the United States are eligible to receive awards, as well as those whistleblowers who report violations of the Foreign Corrupt Practices Act. This anti-corruption legislation prohibits the payment of anything of value to foreign government officials in order to obtain a business advantage.

Whistleblowers from over 130 countries have used the SEC Whistleblower Program to report fraud in their workplace.

Despite the massive growth of tips received, many whistleblowers’ cases are dismissed by the SEC due to insubstantial filing errors and strict time parameters on forms, or reported to the news media, other U.S. government agencies, or international government workers in roles that are public abroad but private in the U.S.

Considering these narrow qualifications and to ensure that the process for qualifying as a whistleblower aligns with U.S. anti-corruption priorities, the National Whistleblower Center recommends that the program be improved by expanding the definition of voluntary, further the provisions of identity protection and rewards. These recommendations align with the White House drafted United States Strategy on Countering Corruption.

Whistleblowers identified in case investigations should be automatically eligible for rewards, rather than mandated to meet technical form requirements.

The SEC should maintain their “Three Conditions” qualifications standards and expand the definition of “voluntary.” The current language disqualifies whistleblowers who report fraud to the media, other government agencies, foreign law enforcement, or a U.S. embassy before the SEC, considering them “involuntary.” These restrictions dissuade potential whistleblowers from engaging with the program and thus interfere with federal anti-corruption objectives. The agency must ensure that whistleblowers who file complaints internally before coming to the SEC maintain award eligibility.

The SEC should not incentivize or require whistleblowers to report internally before filing claims with the agency, as this exposes them to retaliation. If a whistleblower was removed from their position, they could no longer provide the Commission with the most updated information, which would harm the investigation.

By establishing a consistent inter-agency protocol concerning whistleblowers who have participated in the crime they report, the SEC can further protect the confidentiality and anonymity of whistleblowers in all ongoing federal investigations surrounding their disclosures.

Whistleblowers must receive the full force of related action provisions and rewards if the company or agency they report is simultaneously being investigated by another branch of government.

SEC regulations should contain strict deadlines for paying awards. These regulations should be premised on the fact that the SEC and Justice Department investigators and prosecutors will know the identity and contributions of all whistleblowers who would qualify for a reward in a particular case.

In the IRS (Internal Revenue Service) Whistleblower Program, procedures require that their investigators file whether or not there was a whistleblower involved in the case at the time the case file is closed. Agents thus know who the whistleblowers are, and the agency can process a claim quickly. The integration of affidavits and statements from front-line investigators into the decision-making process accelerates the reward payout.

Wait times for awards received are another disincentivizing factor for blowing the whistle. The SEC should establish and abide by a strict deadline for paying awards to ensure that whistleblowers are compensated fully and promptly. Rewards should not have a cap limit.

Such changes reinforce the White House Strategy’s objective to “bolster the ability of civil society, media, and private sector actors to safely detect and expose corruption,” “curb illicit finance,” and “enhance enforcement efforts” in the name of “modernizing, coordinating, and resourcing U.S. Government efforts to fight corruption.”

Enhancing the program ensures that whistleblowers whose information successfully leads to enforcement action on money laundering crimes are rewarded, no matter how they provide the information.

Such provisions will demonstrate to international whistleblowers that the risk of blowing the whistle on fraud is worth taking and the United States will support them through the process.

This article was authored by Sophie Luskin.

The Corporate Transparency Act December 2023 Update

The Corporate Transparency Act (“CTA” or the “Act”) comes into effect on January 1, 2024. Enacted by Congress as part of the Anti-Money Laundering Act of 2020, the CTA requires certain entities, domestic and foreign, to report beneficial ownership to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”).

The CTA’s reporting obligations will apply to “Reporting Companies” (discussed below) currently in existence, and to those formed after January 1, 2024. However, while FinCEN estimates that the CTA will affect over 32 million entities, it will largely impact only smaller and unregulated companies. For example, companies that meet the CTA’s definition of a “large operating company,” are publicly traded or regulated, or are a subsidiary of certain exempt entities are not required to submit beneficial ownership information to FinCEN. Accordingly, while all companies should take note of the CTA and the significant change in the law for corporate reporting obligations, an equally vast number of entities will likely find themselves exempt from these requirements.

With the CTA’s effective date fast approaching, companies should consider its potential impact to their compliance obligations and, if appropriate, implement appropriate policies and procedures for handling reporting.

WHAT DOES THE CTA REQUIRE?

The CTA will require Reporting Companies to file reports electronically with FinCEN identifying their beneficial owners, in addition to certain other information. For Reporting Companies formed prior to 2024, these reports require information about the Reporting Company and its beneficial owners. Reporting Companies formed prior to 2024 will have until January 1, 2025, to file an initial report.

For Reporting Companies formed on or after January 1, 2024, reports will require information about the Reporting Company and its beneficial owners, as well as its company applicants (i.e., individuals involved in the company’s formation filing). Reporting Companies formed after January 1, 2024, will have 30 days from formation to file their initial reports, although FinCEN recently issued a final rule extending this reporting period to 90 days for companies created or registered in 2024.

WHO MUST REPORT?

Reporting Companies are defined as legal entities that are formed through a filing in a state secretary of state’s office or similar office under the law of a state or Indian tribe. Reporting Companies can be domestic or foreign and include, but are not limited to, corporations, limited liability companies, certain partnerships and certain trusts. A foreign Reporting Company is an entity formed under foreign law that registers to do business in any state or Indian tribe. Certain entities outside of the CTA’s scope include sole proprietorships, most general partnerships, common law trusts, unincorporated
associations, and foreign entities not registered to do business in a state or tribal jurisdiction. These entities are likely to have no reporting obligations under the CTA.

EXEMPT ENTITIES

The CTA provides 23 exemptions for Reporting Companies that would otherwise be required to report beneficial ownership information under the Act. These exemptions are predominantly for large or heavily regulated companies, including:

securities reporting issuers, banks, credit unions, depository institution holding companies, money services businesses, brokers-dealers, securities exchange or clearing agencies, pooled investment vehicles, regulated investment companies and investment advisors, insurance companies and state-licensed insurance providers, and accounting firms;
“large operating companies” who have more than 20 full-time employees in the U.S., an operating presence at a physical office within the United States, and more than $5 million in gross receipts or sales on their previous years’ U.S. tax returns;
U.S. publicly traded companies;
governmental authorities and tax-exempt entities; and
inactive entities who have been in existence prior to January 1, 2020, are not engaged in active business, are not owned in any manner by a foreign person, have not had a change in ownership within the last 12 months, have not sent or received any amount greater than $1,000 within the last 12 months, and have no assets or ownership interests in any entity in the United States or abroad.

The CTA also exempts subsidiaries of certain exempt entities if those exempt entities own or control the subsidiary.

WHAT MUST BE REPORTED?

Reporting Companies are required to report to FinCEN:

basic company information, including full legal name, trade names, business address, state of incorporation or business registration, and employer identification number;
information of Beneficial Owners, including full legal name, date of birth, residential street address, unique ID number from individual’s identification document and issuing jurisdiction of acceptable ID document (e.g., driver’s
license, passport, state-issued ID, etc.), and image of ID document from which unique ID number was obtained;
information of Company Applicants, including full legal name, date of birth, business address, unique ID number from individual’s identification document and issuing jurisdiction of acceptable ID document, and image of ID document from which unique ID number was obtained. A “Company Applicant” is defined as the individual who directly files a document with the state secretary of state’s office to create the entity or register it to do business in the state, and the individual who is primarily responsible for directing or controlling the filing.

There is no cap on the number of beneficial owners a Reporting Company is required to report. In contrast, a Reporting Company cannot have more than two reportable company applicants. Additionally, the CTA only requires Reporting Companies formed on or after January 1, 2024, to report company applicants in their initial reports. There is no requirement to report company applicants for entities formed prior to January 1, 2024.

WHO IS A BENEFICIAL OWNER?

A beneficial owner is defined as any individual who, directly or indirectly, either exercises substantial control over a Reporting Company or owns or controls at least 25% of the ownership interests of such Reporting Company.

An individual may exert substantial control by (i) serving as a senior officer (e.g., company’s president, CEO, COO, CFO or general counsel, or any officer who performs a similar function), (ii) having authority to appoint or remove certain officers or a majority of directors (or similar governing body) of the Reporting Company or (iii) having “substantial influence” over important matters at the company, regardless of their title or role.

Ownership interests in a company generally refer to any arrangement that establishes ownership rights in the Reporting Company, such as stock, capital or profit interests, convertible interests, options to buy or sell any of the above-named interests, or contracts, relationships or other understandings. Option interests must be treated as exercised for purposes of the analysis. Additionally, a beneficial owner may own or control such interest directly or indirectly, jointly with another person or through an agent, custodian, trust or intermediary entity.

The CTA identifies five instances where an individual who would otherwise be a beneficial owner under the Act qualifies for an exception. In these cases, the Reporting Company does not have to report the individual’s information to FinCEN. These exceptions are as follows:

a minor child;
a nominee, intermediary, custodian or agent;
an employee (excluding senior officers);
an inheritor, whose only interest in the company is a future interest through a right of inheritance; and
a creditor.

HOW TO REPORT

No filings are due prior to the Act’s effective date. While FinCEN has published draft forms for filing by a Reporting Company for comment, they are not yet finalized. FinCEN is also in the process of setting up the beneficial owner reporting infrastructure, the Beneficial Ownership Secure System (“BOSS”), which has not yet been finalized.

If beneficial owners or company applicants do not want to provide their personal data to a Reporting Company, individuals have the option of applying directly to FinCEN for a “FinCEN identifier” (a “FinCEN ID”). The individual will need to provide directly to FinCEN all of the same data that he or she would need to submit to the Reporting Company, but then would only need to provide his or her FinCEN ID to the Reporting Company for inclusion on its reporting.

Individuals who receive FinCEN IDs have the burden of keeping their data updated with FinCEN, whereas a Reporting Company has the burden of keeping the individual’s data current if the individual reports such data directly to the Reporting Company.

WHEN TO REPORT

For non-exempt Reporting Companies in existence as of January 1, 2024, they will have until January 1, 2025, to make their initial beneficial ownership report.

For non-exempt Reporting Companies formed on or after January 1, 2024, they will need to file their first beneficial ownership report within 30 calendar days after the date of formation. On November 29, 2023, FinCEN issued a final rule extending this deadline to 90 days for companies formed or registered in 2024. The time of formation is the earlier of (i) a company receiving actual notice of its registration from the state secretary of state or (ii) a company receiving notice of its registration becoming publicly available.

In addition to filing initial reports, Reporting Companies are also obligated to make reports within 30 days of a change to any data that FinCEN requires to be reported for the company and its beneficial owners.

PENALTIES FOR NONCOMPLIANCE

Congress included steep penalties for non-compliance with the CTA’s reporting requirements. Specifically, the CTA provides that willfully reporting or attempting to report false or fraudulent beneficial ownership, or willfully failing to make updates, shall be punishable with a civil penalty up to $500 per day while such violation continues, with a possible criminal fine up to $10,000 and up to two years in prison. If a reporting violation is found to be “willful,” the CTA provides that responsible parties can include individuals that cause the failure, or are senior officers of the Reporting Company at the
time of the failure. The CTA also enhances criminal penalties when a Reporting Company’s failure to file is combined with other illegal activity.

Additionally, it is also unlawful to knowingly disclose or knowingly use beneficial ownership information obtained by the person for an unauthorized purposes. Violations are punishable with a mandatory civil penalty of $500 per day while the violation continues, plus a possible criminal fine of up to $250,000, five years in prison, or both.

HOW YOU CAN PREPARE

The CTA will alter the ways entities organize and govern themselves and it will impose substantial and continuing reporting obligations. In the weeks leading up to the CTA’s implementation, entities should be developing internal policies and procedures to assess their reporting obligations, identify beneficial owners, and identify company applicants on a go-forward basis.

Reporting Companies may wish to consider adopting a CTA compliance policy. Such a policy can educate managers and senior officers on obligations under the CTA, address procedures for reporting to FinCEN and monitoring changes to a company’s reporting status and beneficial ownership, and address the application of the CTA to potential future affiliates of the Reporting Company.

Reporting Companies may also wish to consider how the CTA may implicate its constituent documents and evaluate amending existing operating agreements to incorporate provisions addressing compliance with the CTA. Similarly, some entities may wish to consider their organizational structures and corporate governance in light of the obligation to collect and report personally identifiable information. Additionally, Reporting Companies should consider how the CTA will impact future material transactions, such as mergers and acquisitions.

Share this:

Like this:

The SEC’s Whistleblower Protection Program

SEC Struck Several Blows in 2023 Against Companies that Failed to Carve out Whistleblower Protections in Their Confidentiality Agreements

Key Take-Aways

Share this:

Like this:

Share this:

Like this:

Frequently Asked Questions

WHO MUST REPORT INFORMATION UNDER THE CTA?

WHAT INFORMATION MUST BE REPORTED?

WHEN ARE REPORTS DUE?

HOW DOES MY COMPANY FILE REPORTS WITH FINCEN?

WHAT HAPPENS IF MY COMPANY DOES NOT COMPLY WITH THE CTA?

OTHER THAN FILING ACCURATE REPORTS, HOW CAN MY COMPANY STAY COMPLIANT?

Share this:

Like this:

Share this:

Like this:

Treat antitrust as a priority in 2024.

Understand the current antitrust enforcement priorities.

If your company engages in M&A, be aware of the new Merger Guidelines.

Understand that application of the antitrust laws is constantly evolving.

Pay attention to state antitrust enforcers.

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

WHAT DOES THE CTA REQUIRE?

WHO MUST REPORT?

EXEMPT ENTITIES

WHAT MUST BE REPORTED?

WHO IS A BENEFICIAL OWNER?

HOW TO REPORT

WHEN TO REPORT

PENALTIES FOR NONCOMPLIANCE

HOW YOU CAN PREPARE

Share this:

Like this: