Justice Department has Opportunity to Revolutionize its Enforcement Efforts with Whistleblower Program

Over the past few decades, modern whistleblower award programs have radically altered the ability of numerous U.S. agencies to crack down on white-collar crime. This year, the Department of Justice (DOJ) may be joining their ranks, if it incorporates the key elements of successful whistleblower programs into the program it is developing.

On March 7, the Deputy Attorney General Lisa Monaco announced that the DOJ was launching a “90-day policy sprint” to develop “a DOJ-run whistleblower rewards program.” According to Monaco, the DOJ has taken note of the successes of the U.S.’s whistleblower award programs, such as those run by the Securities and Exchange Commission (SEC) and Internal Revenue Service (IRS), noting that they “have proven indispensable.”

Monaco understood that the SEC and IRS programs have been so successful because they “encourage individuals to report misconduct” by “rewarding whistleblowers.” But how any award program is administered is the key to whether or not the program will work. There is a nearly 50-year history of what rules need to be implemented to transform these programs into highly effective law enforcement tools. The Justice Department needs to follow these well defined rules.

The key element of all successful whistleblower award programs is very simple: If a whistleblower meets all of the requirements set forth by the government for compensation the awards must be mandatory and based on a percentage of the sanctions collected thanks to the whistleblower. A qualified whistleblower cannot be left out in the cold. Denying qualified whistleblowers compensation will destroy the trust necessary for a whistleblower program to work.

It is not the possibility of money that incentives individuals to report misconduct but the promise of money. Blowing the whistle is an immense risk and individuals are only compelled to take such a risk when there is real guarantee of an award.

This dynamic has been laid clear in recent legislative history. There is a long track record of whistleblower laws and programs failing when awards are discretionary and then becoming immensely successful once awards are made mandatory.

For example, under the 1943 version of the False Claims Act awards to whistleblowers were fully discretionary. After decades of ineffectiveness, in 1986, Congress amended the law to set a mandate that qualified whistleblowers receive awards of 15-30% of the proceeds collected by the government in the action connected with their disclosure.

The 1986 Senate Report explained why Congress was amending the law:

“The new percentages . . . create a guarantee that relators [i.e., whistleblowers] will receive at least some portion of the award if the litigation proves successful. Hearing witnesses who themselves had exposed fraud in Government contracting, expressed concern that current law fails to offer any security, financial or otherwise, to persons considering publicly exposing fraud.

“If a potential plaintiff reads the present statute and understands that in a successful case the court may arbitrarily decide to award only a tiny fraction of the proceeds to the person who brought the action, the potential plaintiff may decide it is too risky to proceed in the face of a totally unpredictable recovery.”

In the nearly four decades since awards were made mandatory, the False Claims Act has established itself as America’s premier anti-fraud law. The government has recovered over $75 billions of taxpayer money from fraudsters, the vast majority from whistleblower initiated cases based directly on the 1986 amendments making awards mandatory.

Similar transformations occurred at both the IRS and SEC where ineffective discretionary award laws were replaced by laws which mandated that qualified whistleblowers receive a set percentage of the funds collected thanks to their whistleblowing. Since these reforms, the whistleblower programs have revolutionized these agencies’ enforcement efforts, leading directly to billions of dollars in sanctions and creating a massive deterrent effect on corporate wrongdoing.

Most recently, Congress reaffirmed the importance of mandatory whistleblower awards when it reformed the anti-money laundering whistleblower law. The original version of the law, which passed in January 2021, had no set minimum amount for awards, meaning that they were fully discretionary. After the AML Whistleblower Program struggled to take off, Congress listened to the feedback from whistleblower advocates and passed the AML Whistleblower Improvement Act to mandate that qualified money laundering whistleblowers are awarded.

Monaco states that the DOJ has long had the discretionary authority to pay whistleblower awards to individuals who report information leading to civil or criminal forfeitures and has “used this authority here and there — but never as part of a targeted program.”

The most important step in turning an underutilized and ineffective whistleblower award law into an “indispensable” whistleblower award program has been made clear over the past decades. Qualified whistleblowers must be guaranteed an award based on a percentage of the sanctions collected in connection with their disclosure.

By administering its whistleblower program in a way that mandates award payments, the DOJ would go a long way towards creating a whistleblower program which revolutionizes its ability to fight crime. The Justice Department has taken the most important first step – recognizing the importance of whistleblowers in reporting frauds. It now must follow through during its “90-day sprint,” making sure reforming the management of the Asset Forfeiture Fund works in practice. Whistleblowers who risk their jobs and careers need real, enforceable justice.

Amendments to New York LLC Transparency Act Delay Effective Date, Among Other Changes

New York Governor Kathy Hochul last month signed into law amendments to the recently enacted New York LLC Transparency Act (as amended, the “NYLTA”), extending the NYLTA’s effective date from December 21, 2024, to January 1, 2026 (the “Effective Date”).

The NYLTA will require all limited liability companies (“LLCs”) either formed under New York law or foreign LLCs that seek to be authorized to do business in New York to submit certain beneficial ownership information to the New York Department of State. LLCs will be required to disclose their beneficial owners unless the LLC qualifies for an exemption from the requirements. New York LLCs and foreign LLCs registered to do business in New York should evaluate their structure with counsel that is familiar with the NYLTA (and the federal Corporate Transparency Act (the “CTA”)) to determine whether they will have a filing obligation under the new law.

For New York LLCs formed on or prior to the Effective Date, and foreign LLCs authorized to do business in New York on or prior to the Effective Date, the deadline to file the required beneficial ownership report or the statement specifying the applicable exemptions(s) from the filing requirement is January 1, 2027. For New York LLCs formed after the Effective Date, and foreign LLCs authorized in New York after the Effective Date, the NYLTA will require that beneficial ownership information be submitted within thirty days of filing the articles of organization for an LLC formed under New York law or the initial application for registration filed by a foreign LLC. Thereafter, the NYLTA (as amended) imposes an ongoing requirement to file an annual statement with the New York Department of State confirming or updating (1) the beneficial ownership disclosure information; (2) the street address of the entity’s principal executive office; (3) status as an exempt company, if applicable; and (4) such other information as may be designated by the New York Department of State.

The definitions of important terms such as “exempt company,” “reporting company,” “applicant,” and “beneficial owner” used in the NYLTA refer to the equivalent definitions in the CTA but are limited in application only to LLCs. Correspondingly, the NYLTA shares the same 23 exemptions from the reporting requirements as the CTA. If an LLC falls within one or more of the available exemptions, however, in a departure from the CTA, the NYLTA requires the entity to submit a statement attested to under penalty of perjury indicating the specific exemption(s) for which the LLC qualifies.

Potential penalties for failing to comply with the NYLTA include monetary penalties of $500 for every day that a required filing under the NYLTA is past due, as well as a potential suspension or cancellation of an LLC.

The amendments to the NYLTA also provide that the beneficial ownership information relating to natural persons will be deemed confidential except (1) by written consent of or request by the beneficial owner of the LLC; (2) by court order; (3) to federal, state, or local government agencies performing official duties as required by statute; or (4) for a valid law enforcement purpose. This is in contrast to the original New York statute, which provided for beneficial ownership information to be made publicly available in a searchable database.

DOJ Plan to Offer Whistleblower Awards “A Good First Step”

The Department of Justice (DOJ) will launch a whistleblower rewards program later this year, Deputy Attorney General Lisa Monaco, announced today. Monaco stated that other U.S. whistleblower award programs, such as the SEC, CFTC, IRS and AML programs, “have proven indispensable” and that the DOJ plans to offer awards for tips not covered under these programs.

“This is a good first step, but the Justice Department has miles to go in creating a whistleblower program competitive with the programs managed by the U.S. Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC),” said Stephen M. Kohn.

“We hope that the DOJ will follow the lead of the SEC and CFTC and establish a central Whistleblower Office that can accept anonymous and confidential complaints. Such a program has been required under the anti-money laundering whistleblower law for over three years, but Justice has simply failed to follow the law,” added Kohn, who also serves as Chairman of the Board of the National Whistleblower Center.

According to Monaco, “under current law, the Attorney General is authorized to pay awards for information or assistance leading to civil or criminal forfeitures” but this authority has never been used “as part of a targeted program.” The DOJ is “launching a 90-day sprint to develop and implement a pilot program, with a formal start date later this year,” she stated.

While the specifics of the program have yet to be announced, Monaco did state that the DOJ will only offer awards to individuals who were not involved in the criminal activity itself.

“The Justice Department’s decision to exclude persons who may have had some involvement in the criminal activity is a step backwards and demonstrates a fundamental misunderstanding as to why the Dodd-Frank and False Claims Acts work so well,” continued Kohn. “When the False Claims Act was signed into law by President Abraham Lincoln in 1863 it was widely understood that the award laws worked best when they induced persons who were part of the conspiracy to turn in their former associates in crime. Justice needs to understand that by failing to follow the basic tenants of the most successful whistleblower laws ever enacted, their program is starting off on the wrong foot.”

Geoff Schweller also contributed to this article.

Court Finds Corporate Transparency Act Unconstitutional and Unenforceable as to NSBA Members

On March 1, 2024, the U.S. District Court for the Northern District of Alabama ruled that the Corporate Transparency Act (“CTA”) is unconstitutional.[1] The CTA requires many U.S. entities to disclose their individual beneficial owners in a report filed with the U.S. Treasury. The CTA statute was enacted in 2021.[2] Its implementing regulations require many entities formed in 2024 to report beneficial ownership information within 90 days of formation.[3] The CTA requires many entities formed prior to 2024 to report beneficial ownership information by January 1, 2025.[4]

The federal court’s ruling arose in the context of a constitutional challenge by plaintiffs the National Small Business Association (“NSBA”) and one of its individual members, Isaac Winkles. In granting summary judgment for the plaintiffs, the court held that:

  • the Commerce Clause, the Necessary and Proper clause, the taxing power, and the U.S. government’s authority over foreign affairs and national security do not provide sufficient authority for the Corporate Transparency Act (“CTA”), and the CTA is unconstitutional as a result; and
  • the U.S. government is enjoined from enforcing the CTA as to the NSBA and Isaac Winkles.

The court did not issue a nationwide injunction barring the U.S. government from enforcing the law against other entities within the scope of the CTA’s reporting requirements.

On March 11, 2024, the U.S. Government filed a notice of appeal of the court’s ruling.[5]  The same day, the Financial Crimes Enforcement Network (“FinCEN”), which is the U.S. Treasury bureau that administers the CTA, stated that it will continue to implement the CTA while complying with the court’s order.[6]

FinCEN clarified that it is not currently enforcing the CTA against two categories of persons:

  • individual plaintiff Isaac Winkles and reporting companies for which he is a beneficial owner; and
  • the NSBA and its members as of March 1, 2024.

FinCEN stated, “[o]ther than the particular individuals and entities subject to the court’s injunction [. . .] reporting companies are still required to comply with the law and file beneficial ownership reports as provided in FinCEN’s regulations.”[7]

[1] https://www.govinfo.gov/content/pkg/USCOURTS-alnd-5_22-cv-01448/pdf/USCOURTS-alnd-5_22-cv-01448-0.pdf.

[2] National Defense Authorization Act for Fiscal Year 2021, Pub. L. 116-283, div. F, title LXIV, § 6403 (adding 31 § U.S.C. 5336), available at: https://www.govinfo.gov/content/pkg/PLAW-116publ283/pdf/PLAW-116publ283.pdf.

[3] 31 C.F.R. § 1010.380.

[4] Id.

[5] https://fincen.gov/sites/default/files/shared/54_Notice_of_Appeal.pdf

[6] https://fincen.gov/news/news-releases/updated-notice-regarding-national-small-business-united-v-yellen-no-522-cv-01448

[7] Id.

Insurance — Do You Know What’s in Your Bank’s Policies?

There are many different types of insurance — directors and officers (D&O), employment practices liability (EPLI), and general liability, to name a few. Unfortunately, many clients do not know what is in their policy or policies, including what is covered, their deductibles or retention, or, in some unfortunate cases, that they have no policy at all.

This article attempts to help you answer some simple questions about what to look for when you are buying a policy and what to look for in a current policy when you need to use it. It is not an attempt to promote any particular policy, as each policy has to be read in light of the specific facts at issue.

Buying the cheapest — you may get what you pay for.

In too many cases, we find that clients have simply purchased the cheapest policy they can find. The reasons for this vary. Maybe the client asked for the cheapest policy, maybe the agent simply got the client the cheapest policy, or maybe there was no real conversation at all between the insured (client) and the agent except to “get some insurance.”

This is never an issue — until it is. By way of example, let’s say a lawsuit is filed against you that should kick in your D&O or EPLI policy. You then turn the lawsuit over to your agent for defense and coverage. And then, one of several increasingly common scenarios occurs. You discover that your deductible or retention is very high, e.g., the first $100,000 is on you. Or you discover that many employment cases could be resolved or dismissed for less than that, and that for a little more on the front end, you could have had a lower deductible. Or you discover that what you purchased does not cover alleged fiduciary breaches by your directors and officers, and you could have purchased that coverage if you had asked.

You also might discover that you could have purchased, for a small additional amount, wage and hour coverage that would have covered the overtime lawsuit you were just served, but no one ever specifically talked with the agent about that. You also might discover that the attorney you have worked with for years will not be able to handle the case because there is no “choice of counsel” in the policy. In many cases, spending 30 minutes with your agent (and probably an attorney who has experience working with you) could have resolved these issues — that now are out of your control.

The point is, spending the necessary time with your agent (and attorney) is something that should be done before any policy is purchased or renewed. This allows you to express what you want and consider the options available. It also allows you to avoid issues such as not being able to use the attorney of your choice.

Do you have a claims-made or an occurrence policy?

While each policy and case must be examined individually, generally, an occurrence policy covers claims arising from acts or incidents that occurred during the policy period. This means that if the incident occurred during the policy period and the policy was in effect and in good standing, the claim will be covered, even if you get sued over that incident after the policy has expired.

Claims-made policies are entirely different animals. Claims-made policies generally cover only claims made during the policy period. The claim must also be reported to the insurer as required by the policy.

Generally, claims-made policies are cheaper, as they usually provide coverage for a shorter period of time. Again, however, be aware of “going cheap.” Claims-made policies that are not renewed or are canceled — and for which tail coverage is not purchased — can create exposure for an incident that occurred during the policy period. This can happen, for example, if you simply let the policy lapse and a year or so later someone files a suit against you that would have been a “claim” under your claims-made policy but it was not reported when the policy was effective. It can also occur if you change insurers.

The above is a very general description, and any discussion about the type of policy you should buy or what to do when you renew is beyond the scope of this article, but you should absolutely consult with your agent (and likely your attorney) about any specific needs or concerns you know of prior to purchasing or renewing any policy.

Do you have coverage and defense, or just defense?

Be aware that some policies provide for attorney’s fees and costs to defend claims made against you as well as coverage for any settlement or judgment against you. Some policies, however, only provide for attorney’s fees and costs. Again, this goes to what type of policy you want, what you can afford, and knowing the risks of what you have versus what you do not have.

I have had the unfortunate situation where a client thought they had a policy providing coverage and defense, but the policy provided only defense. The matter involved multiple plaintiffs and conflicting witness testimony that made dismissal of the case prior to any trial impossible. While the resolution of the case was not substantially out of line for the average federal court employment case, the money came directly from the client’s pocket because the policy only provided for defense costs, not coverage for any settlement or verdict. When questions arose about why that type of policy was provided by the agent, it was clear the client had only told the agent to “get some insurance” and made no specific requests.

To sum up, it is unfortunately common that when purchasing insurance of any kind, insureds do not actively engage their agent (or ask for any advice from their attorney) about what types of policies and coverage they may need. This creates many issues (deductible, choice of counsel, lack of coverage, etc.) that likely could have been avoided. There is no guarantee that any issue could be avoided, as no one knows what type of claim or claims might be made in the future, but spending the necessary time on the front end could save many headaches on the back end if your agent gets as much specificity as possible from you.

Federal Court Strikes Down NLRB Joint Employer Rule

On March 8, 2024, just days before it was set to take effect, U.S. District Judge J. Campbell Barker of the Eastern District of Texas vacated the National Labor Relations Board’s (“NLRB’s”) recent rule on determining the standard for joint-employer status.

The NLRB issued the rule on October 26, 2023. It established a seven-factor analysis, under a two-step test, for determining joint employer status. Under the new standard, an entity may be considered a joint employer if each entity has an employment relationship with the same group of employees and the entities share or codetermine one or more of the employees’ essential terms and conditions of employment which are defined exclusively as:

  • Wages, benefits and other compensation;
  • Hours of working and scheduling;
  • The assignment of duties to be performed;
  • The supervision of the performance of duties;
  • Work rules and directions governing the manner, means and methods of the performance of duties and grounds for discipline;
  • The tenure of employment, including hiring and discharge; and
  • Working conditions related to the safety and health of employees.

Set to take effect on March 11, 2024, the NLRB’s decision would have rescinded the 2020 final rule which considered just the direct and immediate control one company exerts over the essential terms and conditions of employment of workers directly employed by another firm. The new rule would have expanded the types of control over job terms and conditions that can trigger a joint employer finding.

In the lawsuit, filed by the United States Chamber of Commerce and a coalition of business groups, the Chamber and coalition claimed that the NLRB’s rule is unlawful and should be struck down because it is arbitrary and capricious. Judge Barker agreed as he held that the NLRB’s new test is unlawfully broad because an entity could be deemed a joint employer simply by having the right to exercise indirect control over one essential term. Judge Barker faulted the design of the two-step test which says an entity must qualify as a common-law employer and must have control over at least one job term of the workers at issue to be considered a joint employer, finding that the test’s second part is always met whenever the first step is satisfied. The Court vacated the new standard and indicated it will issue a final judgment declaring the rule is unlawful.

The NLRB quickly responded to the Court’s ruling. In a statement on March 9, 2024 NLRB Chairman Lauren McFerran said the “District Court’s decision to vacate the Board’s rule is a disappointing setback but is not the last word on our efforts to return our joint-employer standard to the common law principles that have been endorsed by other courts.” According to the NLRB, the “Agency is reviewing the decision and actively considering next steps in this case.”

What Employers Need to Know

The legality of the NLRB’s joint-employer standard has been a contested issue since the October 2023 announcement. The rule will not go into effect as scheduled, but Judge Barker’s decision is unlikely to be the final word on the matter.

For more on the NLRB, visit the NLR Labor & Employment section.

SEC Issues Long-Awaited Climate Risk Disclosure Rule

INTRODUCTION

On Wednesday, 6 March 2024, the Securities and Exchange Commission (SEC) approved its highly anticipated final rules on “The Enhancement and Standardization of Climate-Related Disclosures for Investors” by a vote of 3-2, with Republican Commissioners Hester Peirce and Mark Uyeda dissenting. Accompanying the final rules was a press release and fact sheet detailing the provisions of the rulemaking. The final rules will go into effect 60 days after publication in the Federal Register and will include a phased-in compliance period for all registrants.

This is likely to be one of the most consequential rulemakings of Chairman Gary Gensler’s tenure given the prioritization of addressing climate change as a key pillar for the Biden administration. However, given the significant controversy associated with this rulemaking effort, the final rules are likely to face legal challenges and congressional oversight in the coming months. As such, it remains unclear at this point whether the final rules will survive the forthcoming scrutiny.

WHAT IS IN THE RULE?

According to the SEC’s fact sheet:

  • “The final rules would require a registrant to disclose, among other things: material climate-related risks; activities to mitigate or adapt to such risks; information about the registrant’s board of directors’ oversight of climate-related risks and management’s role in managing material climate-related risks; and information on any climate-related targets or goals that are material to the registrant’s business, results of operations, or financial condition.
  • Further, to facilitate investors’ assessment of certain climate-related risks, the final rules would require disclosure of Scope 1 and/or Scope 2 greenhouse gas (GHG) emissions on a phased-in basis by certain larger registrants when those emissions are material; the filing of an attestation report covering the required disclosure of such registrants’ Scope 1 and/or Scope 2 emissions, also on a phased-in basis; and disclosure of the financial statement effects of severe weather events and other natural conditions including, for example, costs and losses.
  • The final rules would include a phased-in compliance period for all registrants, with the compliance date dependent on the registrant’s filer status and the content of the disclosure.”

NEXT STEPS

The final rules are likely to face significant opposition, including legal challenges and congressional oversight. It is expected that there will be various lawsuits brought against the final rules, which are likely to receive support from several industry groups, or potentially GOP-led state attorneys general who have been active in litigating against environmental, social and governance (ESG) policies and regulations. It is also possible that the final rules could face criticism from some climate advocates that the SEC did not go far enough in its disclosure requirements.

Further, it is expected that the House Financial Services Committee (HFSC) will conduct oversight hearings, as well as introduce a resolution under the Congressional Review Act (CRA), to attempt to block the regulations from taking effect. HFSC Chairman Patrick McHenry (R-NC) indicated that the Oversight and Investigations Subcommittee will hold a field hearing on March 18 and the full Committee will convene a hearing on April 10 to discuss the potential implications of the rules. If a CRA resolution were to pass the House and garner sufficient support from moderate Democrats in the Senate to pass, it would likely be vetoed by President Biden.

Ultimately, the SEC climate risk disclosure rules are unlikely to significantly change the trajectory of corporate disclosures made by multinational companies based in the U.S., most of whom have already been making sustainability disclosures in accordance with the Financial Stability Board’s Task Force on Climate-Related Financial Disclosures. The ongoing problem for investors is that such disclosures are not standardized and therefore are not comparable. Consequently, many of these large issuers may continue to enhance their sustainability disclosures in accordance with standards issued by the International Sustainability Standards Board and the Global Reporting Initiative as an investor relations imperative notwithstanding the SEC’s timetable for implementation of these final rules.

A more detailed analysis of the SEC rules is forthcoming from our Corporate and Asset Management and Investment Funds practices in the coming days.

U.S. Corporate Transparency Act: CTA is Declared Unconstitutional in U.S. District Court Case

The Corporate Transparency Act has been declared unconstitutional. On March 1, 2024, U.S. District Court Judge Liles C. Burke issued a 53-page opinion[1] granting summary judgment for the National Small Business Association and held that the Corporate Transparency Act “exceeds the Constitution’s limits on the legislative branch and lacks a sufficient nexus to any enumerated power to be a necessary or proper means of achieving Congress’ policy goals.”

As a result, Judge Burke found the CTA to be unconstitutional because it exceeds the Constitution’s limits on Congress’ power, without even reaching a decision on whether it violates the First, Fourth, and Fifth Amendments. The Court then permanently enjoined the government from enforcing the CTA against the named plaintiffs and ordered a further hearing on the award of costs of litigation.

While it is likely that this litigation will continue to play out in the federal court system, the initial victory has gone to small business and importantly that means that compliance with this now unconstitutional regulatory regime can be set aside for the current time being.


[1] Nat’l Small Bus. United v. Yellen, No. 5:22-cv-01448-LCB (N.D. Ala. 2022)

Federal Court Strikes Down the Corporate Transparency Act as Unconstitutional

On March 1, 2024, the federal judge presiding over the lone case testing the validity of the Corporate Transparency Act (CTA) struck down the CTA as unconstitutional. As we have explained, through the CTA, Congress imposed mandatory reporting obligations on certain companies operating in the United States, in an effort to enhance corporate transparency and combat financial crime. Specifically, the CTA, which took effect on January 1, 2024, requires a wide range of companies to provide personal information about their beneficial owners and company applicants to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). More than 32.5 million existing entities are expected to be subject to the CTA, and approximately 5 million new entities are expected to join that number each year. By mid-February, approximately a half million reports had been filed under the CTA according to FinCEN.

The CTA’s enforceability is now in doubt. In National Small Business United d/b/a National Small Business Association v. Yellen, the Honorable Liles C. Burke of the United States District Court for the Northern District of Alabama held that the CTA exceeded Congress’s authority to regulate interstate commerce, and that the CTA was not necessary to the proper exercise of Congress’ power to regulate foreign affairs or its taxing power. The Court issued a declaratory judgment—stating that the CTA is unconstitutional—and enjoined the federal government from enforcing the CTA’s reporting requirements against the plaintiffs in that litigation. A nationwide injunction, which would have raised its own enforceability concerns, was not included in the Court’s ruling.

The Court focused on three aspects of the CTA. First, the Court highlighted that the CTA imposes requirements on corporate formation, which is traditionally left to state governments as matters of internal state law. Second, the Court observed that the CTA applies to corporate entities even if the entity conducts purely intrastate commercial activities or no commercial activities at all. Third, the Court concluded that the CTA’s disclosure requirements could not be justified as a data-collection tool for tax officials as that would raise the specter of “unfettered legislative power.”

What the Decision Means for Entities Subject to the CTA

The Court’s decision creates uncertainty on entities’ ongoing obligations under the CTA. Although the Court purported to limit its injunction to the parties in the litigation before it, the lead plaintiff in the suit is the National Small Business Association (NSBA). In its opinion, the Court held that the NSBA had associational standing to sue on behalf of its members. Based on precedent, this means the Court’s injunction likely benefits all of the NSBA’s over 65,000 members. If so, the government is prevented from enforcing the CTA’s reporting requirements against any entity that is a member of the NSBA.

Regardless of membership in the NSBA, however, the Court’s declaratory judgment that the CTA is unconstitutional also raises serious doubts about the government’s ability to enforce the CTA’s reporting requirements. This could amount to a de facto moratorium on CTA enforcement, depending on the government’s view of the decision.

What Happens Next

The government will likely appeal this decision, but the Court’s injunction and declaration will remain in effect unless a stay is granted. To receive a stay, the government will first likely need to file a motion in the district court, which will consider (1) how likely it is that the government will succeed on appeal; (2) whether the government will be irreparably harmed without a stay; (3) whether a stay will injure other parties interested in the litigation; and (4) whether a stay would benefit the public interest. If the district court denies a stay, the government will be able to seek a stay from the Atlanta-based United States Court of Appeals for the Eleventh Circuit.

The government has 60 days to appeal, though it will likely file its appeal sooner given the grant of an injunction and decision’s far-reaching consequences. The grant or denial of stay should be resolved in the coming weeks, but the timing of any final decision from the Court of Appeals is uncertain. In 2023, the median time for the Eleventh Circuit to resolve a case was over 9 months. However, the key deadline by which tens of millions of companies otherwise must file their initial report under the CTA is January 1, 2025.

An Update on the SEC’s Cybersecurity Reporting Rules

As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of the filings made to date.

Six companies have now made Item 1.05 Form 8-K filings. Three of these companies also have amended their first Form 8-K filings to provide additional detail regarding subsequent events. The remainder of the filings seem self-contained such that no amendment is necessary, but these companies may amend at a later date. In general, the descriptions of the cybersecurity incidents have been written at a high level and track the requirements of the new rules without much elaboration. It is interesting, but perhaps coincidental, that the filings seem limited to two broad industry groups: technology and financial services. In particular, two of the companies are bank holding companies.

Although several companies have now made reports under the new rules, the sample space may still be too small to draw any firm conclusions or decree what is “market.” That said, several of the companies that have filed an 8-K under Item 1.05 have described incidents and circumstances that do not seem to be financially material to the particular companies. We are aware of companies that have made materiality determinations in the past on the basis of non-financial qualitative factors when impacts of a cyber incident are otherwise quantitatively immaterial, but these situations are more the exception than the rule.

There is also a great deal of variability among the forward-looking statement disclaimers that the companies have included in the filings in terms of specificity and detail. Such a disclaimer is not required in a Form 8-K, but every company to file under Item 1.05 to date has included one. We believe this practice will continue.

Since the effectiveness of the new rules, a handful of companies have filed Form 8-K filings to describe cybersecurity incidents under Item 8.01 (“Other Events”) instead of Item 1.05. These filings have approximated the detail of what is required under Item 1.05. It is not immediately evident why these companies chose Item 8.01, but presumably the companies determined that the events were immaterial such that no filing under Item 1.05 was necessary at the time of filing. Of course, the SEC filing is one piece of a much larger puzzle when a company is working through a cyber incident and related remediation. It remains to be seen how widespread this practice will become. To date, the SEC staff has not publicly released any comment letters critiquing any Form 8-K cyber filing under the new rules, but it is still early in the process. The SEC staff usually (but not always) makes its comment letters and company responses to those comment letters public on the SEC’s EDGAR website no sooner than 20 business days after it has completed its review. With many public companies now also making the new Form 10-K disclosure on cybersecurity, we anticipate the staff will be active in providing guidance and commentary on cybersecurity disclosures in the coming year.