What You Need to Know About the DOJ’s Consumer Protection Branch

The Consumer Protection Branch of the United States Department of Justice (DOJ) is one of the most overlooked and misunderstood parts of the country’s largest law enforcement agency. With a wide field of enforcement, the Branch can pursue civil enforcement actions or even criminal prosecutions against companies based in the United States and even foreign companies doing business in the country.

Here are four things that Dr. Nick Oberheiden, a defense lawyer at Oberheiden P.C., thinks that people and businesses need to know about the DOJ’s Consumer Protection Branch.

The Wide Reach of “Protecting Consumers”

According to the agency itself, the Consumer Protection Branch “leads Department of Justice enforcement efforts to enforce consumer protection laws that protect Americans’ health, safety, economic security, and identity integrity.” While “identity integrity” is relatively tightly confined to issues surrounding identity theft and the unlawful use of personal data and information, “health,” “safety,” and “economic security” are huge and vaguely defined realms of jurisdiction.

Under the Branch’s enforcement focus or interpretation of its law enforcement mandate, it has the power to prosecute fraud and misconduct in the fields of:

  • Pharmaceuticals and medical devices

  • Food and dietary supplements

  • Consumer fraud, including elder fraud and other scams

  • Deceptive trade practices

  • Telemarketing

  • Data privacy

  • Veterans fraud

  • Consumer product safety and tampering

  • Tobacco products

Business owners and executives are often surprised to learn that the Consumer Protection Branch has so many oversight powers. But the Consumer Protection Branch’s wide reach is not limited to the laws that it can invoke and enforce; it also has a wide geographical reach, as well. In order to carry out its objective, the Branch brings both criminal and affirmative civil enforcement cases throughout the country. In one recent case, the Consumer Protection Branch prosecuted a drug manufacturer for violations of the federal Food, Drug, and Cosmetic Act (FDCA) after the drug maker hid and destroyed records before an inspection by the U.S. Food and Drug Administration (FDA). The drug manufacturer, however, was an Indian company that sold several cancer drugs in the U.S. The plant inspection took place in West Bengal, India.

The Branch Has Lots of Laws at Its Disposal

The extremely broad reach of the Consumer Protection Branch comes with a significant implication: There are numerous laws that the Branch can invoke as it regulates and investigates businesses. Many of these are substantive laws that prohibit certain types of conduct, like:

Others, however, are procedural laws, which prohibit using certain means to carry out a crime, like:

  • Mail fraud (18 U.S.C. § 1341), which is the crime of using the mail system to commit fraud

  • Wire fraud (18 U.S.C. § 1343), which is the crime of using wire, radio, or television communication devices to commit fraud, including the internet

This can mean that many defendants get hit with multiple criminal charges for the same line of conduct, drastically increasing the severity of a criminal case. For example, in one case, a group of pharmacists fraudulently billed insurers for over $900 million in medications that they knew were not issued under a valid doctor-patient relationship. They were charged with misbranding medication and healthcare fraud, in addition to numerous counts of mail fraud for shipping that medication through the mail.

The Branch Has the Power to Pursue Civil and Criminal Sanctions

Lots of business owners and executives are also unaware of the fact that the DOJ’s Consumer Protection Branch has the power to pursue both civil and criminal cases if the law being enforced allows for it.

This has serious consequences for companies, and not just because the Branch can imprison individuals for putting consumers at risk: It also complicates the strategy for defending against enforcement action.

A good example of how this works in real life is a healthcare fraud allegation that is pursued by the Consumer Protection Branch under the False Claims Act, or FCA, because the alleged fraud implicated money from a government healthcare program, like Medicare or Medicaid. For it to be the crime of healthcare fraud, the Consumer Protection Branch would have to prove that there was an intent to defraud the program. If there is no intent, though, the Branch can still pursue civil penalties.

This complicates the defense strategy because keeping prosecutors from establishing your intent is not the end of the case. It just takes prison time off the table. While this is a big step in protecting your rights and interests, it still leaves you and your company open to civil liability. That liability can be quite substantial, as many anti-fraud laws – including the FCA – impose civil penalties on each violation and impose treble damages, or three times the amount fraudulently obtained.

As Dr. Nick Oberheiden, a consumer protection defense lawyer at the national law firm Oberheiden P.C., explains, “While relying on a lack of intent defense can work with other criminal offenses, it is a poor choice when fighting against allegations of fraud because it tacitly admits to the fraudulent actions. Enforcement agencies like the DOJ’s Consumer Protection Branch can then easily impose civil liability against your company.”

The Branch Works in Tandem With Other Agencies

The Consumer Protection Branch only has about 200 prosecutors, support professionals, embedded law enforcement agents, and investigators. However, between October 2020 and December 2021, the Branch charged at least 96 individuals and corporations with criminal offenses and another 112 with civil enforcement actions, collecting $6.38 billion in judgments and resolutions.

The Branch can do this in large part because it works closely with other federal law enforcement agencies, like the:

By pooling their resources with other agencies like these, the DOJ’s Consumer Protection Branch can bring more weight to its enforcement action against your company.

Oberheiden P.C. © 2022

Comparison of Three Federal Fraud and Abuse Laws

In the post-COVID era, health care fraud and abuse issues will be aggressively and swiftly enforced by the government. The legal framework and regulations in the health care space can be intimidating. Below is a comparison of three of the big federal fraud and abuse laws that the government actively enforces; but they are not an exclusive list.  The summary below is a primer on the three main federal fraud and abuse laws and is intended to increase your basic understanding of these laws.


False Claims Act (FCA)

PROHIBITIONS:

  • Prohibits the submission of false or fraudulent claims, false statements material to a false claim, and conspiracy to commit violation
  • Prohibits concealing or avoiding obligation to repay money to government (failure to return overpayments)
  • Claims that violate AKS or Stark can also be considered false claims
  • Common false claims include lack of medical necessity; quality of care; billing/coding issues; off-labeled marketing; retention of overpayments

EXCEPTIONS:

  • n/a

PENALTIES:

  • Treble damages and as of May 9, 2022 per claim penalties between $12,537 and $25,076
  • Regulated by the DOJ

Physician Self-Referral (Stark)

PROHIBITIONS:

  • Prohibits referrals of designated health services by a physician (or an immediate family member) if the physician has a financial relationship with the entity performing the designated health service
  • Regulates financial relationships with physicians (and physician’s immediate family members) only

EXCEPTIONS:

  • The arrangement must completely satisfy an exception or it violates the Stark law

PENALTIES:

  • No criminal enforcement; CMP enforcement for knowing violations: per violation penalties– 3x claims and/or per circumvention scheme penalties; Nonpayment of claims arising from prohibited arrangement; Recoupment of amounts received; Exclusion from federal health programs; FCA liability
  • Regulated by CMS

Anti-Kickback Statute (AKS)

PROHIBITIONS:

  • Prohibits offers of, solicitation of, or payment or receipt of remuneration intended to induce referrals for health care services covered by a government program
  • Covers provision of anything of value to a person who refers, orders/purchases or recommends

EXCEPTIONS:

  • Voluntary safe harbors exist, but arrangements are not required to fit within a safe harbors

PENALTIES:

  • Applies to either party involved in an arrangement that violates AKS; Criminal penalties $100,000 /violation, up to 10 years imprisonment); Civil penalties (CMP3x unlawful remuneration and $100,000/violation); Exclusion from federal health programs; FCA liability
  • Regulated by the OIG

Providers should also be aware of other enforcement statutes such as the Eliminating Kickbacks in Recovery (“EKRA”), the Civil Monetary Penalties Act (“CMP”), and the Travel Act, to name a few, in addition to being well versed in the relevant state health care fraud and abuse frameworks.

Copyright ©2022 Nelson Mullins Riley & Scarborough LLP

Not Ship Shape: SEC Sues Retired Chief Petty Officer for Fraudulent Offerings to Navy-Related Victims

The U.S. Securities and Exchange Commission (“SEC”) Office of Investor Education and Advocacy (“OIEA”), which dates from last century, is concerned with explaining aspects of the capital markets for “Main Street” investors and warning them against potential risks and fraud schemes. On Sept. 25, 2017, the Commission announced the formation of the Retail Strategy Task Force (“RSTF”) in its Division of Enforcement. Its purpose is to consider and implement “strategies to address misconduct that victimizes retail investors,” according to the SEC Press Release issued that day. A primary focus area of the OIEA and RSTF is so-called “affinity investments,” i.e., investment offerings aimed at groups such as churches, ethnic communities, college alumni groups, etc.

On Wednesday, July 27, 2022, the SEC filed suit in the Federal Court for the Northern District of Ohio, Eastern Division, against Robert F. Murray, 42, a retired U.S. Navy Chief Petty Officer residing in North Canton, Ohio, for conducting an unregistered offering of securities in Deep Dive Strategies, LLC, an Ohio private pooled investment fund (the “Fund”). Murray controlled the Fund and acted as investment adviser, telling investors the fund would invest in publicly traded securities. Murray marketed the offering through a Facebook group “with over 3500 active duty, reservists and veterans of the U.S. Navy who shared an interest in investing,” according to the Complaint. Most certainly an “affinity” group. Murray also created “a channel on the Discord social media platform where he live-streamed his trading activity and posted trading advice with a focus on options.”

The Fund was organized in September 2020 and solicited investors through February 2021. Although Murray told investors they could change their minds within 15 days and get their money back, in fact he “almost immediately began spending Fund money on personal expenses.” He transferred monies to his personal checking account and even withdrew cash from the Fund, so by February 2021, $148,000, or approximately 42% of the $355,000 invested by the unsuspecting “Goats” (a nickname for the Navy affinity group), had been “misappropriated” (i.e., stolen) by Murray. By March 2021 he had ceased regular communication with the Goats and failed to respond to requests to redeem “invested” dollars. Some of that misappropriated money was lost gambling at casinos in Cleveland and elsewhere in the Midwest.

Murray provided potential investors with both a Disclosure Statement and a copy of the Fund’s Operating Agreement, and the Complaint identifies several material misstatements and omissions in the two documents. In addition, Murray made oral material misstatements and omitted material information when speaking with potential and actual investors. In fact, Murray lost most of the Fund’s brokerage account on Jan. 13, 2021, when GameStop options purchased in the account saw their value plummet. In that connection see my Feb. 2, 2021, Blog “Rupture Rapture: Should the GameStop?” When the SEC began investigating Murray and the Fund, he asserted his Fifth Amendment rights and declined to answer questions.

In the Complaint, the Commission charges Murray with seven different securities law violations, each set out in a separate Count as follows:

  1. Violation of Section 10(b) of the Securities Exchange Act of 1934, as amended, and Rule 10b-5 thereunder by using devices, making untrue statements, and misleading omissions, and engaging in a business which operate as a fraud on securities purchasers.
  2. Violation of Section 17(a)(1) of the Securities Act of 1933, as amended (the “33 Act”), by offering and selling securities by means of interstate commerce using devices to defraud.  Violations of the 33 Act can be proven without the need to prove scienter (broadly, intent).
  3. Violation of Section 17(a)(2) of the 33 Act by obtaining money or property in connection with the sale of securities by means of untrue statements of material facts and making misleading omissions, engaging in transactions which operate as a fraud on the purchaser, where Murray was at least negligent in engaging in these activities.
  4. Violation of Sections 5(a) and 5(c) of the 33 Act by selling securities without the offering being registered (or exempt from registration), and with the use of a prospectus where the offering was not registered.
  5. Violation of Section 206(1) of the Investment Advisers Act of 1940, as amended (the “40 Act”) by acting as an investment adviser using devices to defraud clients and prospective clients.
  6. Violation of Section 206(2) of the 40 Act by acting as an investment adviser engaging in transactions which operate as a fraud on clients and prospective clients.
  7. Violation of Section 206(4) of the 40 Act and Rule 206(4)-8 thereunder by acting as an investment adviser to a pooled investment vehicle, making untrue statements of material fact and making misleading omissions and engaging in acts that are fraudulent with respect to investors in the pooled investment vehicle.

The SEC seeks entry of findings by the Court of the facts cited in the Complaint and of conclusions of law that concur with the Commission’s assertions of violations. In addition, the SEC seeks entry of a permanent injunction against future violations of the cited securities laws; an order requiring disgorgement of all Murray’s ill-gotten gains plus prejudgment interest; an order imposing a civil penalty of $1,065,000; and an order barring Murray from serving as an officer or director of any public company.

Murray preyed on his fellow Naval servicemen in violation of the unspoken understandings of the “Goats,” that a fellow Navy NCO would not seek to take financial advantage of them. That is why the SEC’s July 28, 2022, Press Release reporting this matter includes an express warning from the OIEA and the RSTF not to make “investment decisions based solely on common ties with someone recommending or selling the investment.” One wonders whether, if the Goats were to catch up with Murray, he would be keelhauled.

©2022 Norris McLaughlin P.A., All Rights Reserved

Ankura Cyber Threat Intelligence Bulletin: August – September 2022

Over the past sixty days, Ankura’s Cyber Threat Investigations & Expert Services (CTIX) Team of analysts has compiled key learnings about the latest global threats and current cyber trends into an in-depth report: The Cyber Threat Intelligence Bulletin. This report provides high-level executives, technical analysts, and everyday readers with the latest intel and insights from our expert analysts.

Download the report for an in-depth look at the key cyber trends to watch and help safeguard your organization from constantly evolving cyber threats with the latest cyber intelligence, ransomware, and threat insights.

 Our latest report explains the following observations in detail:

Law Enforcement Works with Threat Intelligence to Prosecute Human Traffickers

In the age of high-speed internet and social media, criminals have evolved to use information technology to bolster their criminal enterprises and human traffickers are no different. Whether it be through the clearnet or dark web, human traffickers have leveraged the internet to scale their operations, forcing law enforcement to reevaluate how to best combat this problem. In response to the changes in trafficker tactics, techniques, and procedures (TTPs), governments across the world have responded with legislation and policies in an attempt to better thwart the efforts of these criminals. Researchers from Recorded Future’s Insikt Group have published compelling reports as a proof-of-concept (PoC) for a methodology on how law enforcement agencies and investigators can utilize real-time threat intelligence to leverage sources of data in order to aid in tracking, mitigating, and potentially prosecuting human sex traffickers. Download the full report for additional details on law enforcement efforts to prosecute human traffickers and more on the Insikt Group’s findings.

Emerging Threat Organization “MONTI”: Sister Organization or Imposter Threat Group?

Over the past several weeks a new, potentially imposter, threat organization has mimicked the tactics, techniques, procedures (TTPs), and infrastructure of the Conti Ransomware Group. Tracked as MONTI, this doppelganger organization emerged in the threat landscape in July 2022 after compromising a company and encrypting approximately twenty (20) hosting devices and a multi-host VMWare ESXi instance tied to over twenty (20) additional servers. While the July attack pushed the group into the limelight, analysts believe that attacks from the doppelganger organization go back even further into the early summer of 2022. Similarities discovered between Conti Ransomware and the alleged spinoff Monti Ransomware include attack TTPs alongside the reuse of Conti-attributed malicious payloads, deployed tools, and ransom notes. Additionally, the encrypted files exfiltrated by Monti contain nearly identical encryption, which could indicate code re-usage. Read the full report to find out what CTIX analysts expect to see from this group in the future.

Figure 1: Conti Ransom Note

Figure 2: Monti Ransom Note

Iranian State-Sponsored Threat Organization’s Attack Timeline Targeting the Albanian Government

In July 2022, nation-state Iranian threat actors, identified by the FBI as “Homeland Justice”, launched a “destructive cyber-attack” against the Government of NATO-member Albania in which the group acquired initial access to the victim network approximately fourteen (14) months before (May of 2021). During this period, the threat actors continuously accessed and exfiltrated email content. The peak activity was observed between May and June of 2022, where actors conducted lateral movements, network reconnaissance, and credential harvesting.

This attack and eventual data dumps were targeted against the Albania-based Iranian dissident group Mujahideen E-Khalq (MEK), otherwise known as the People’s Mojahedin Organization of Iran. MEK is a “controversial Iranian resistance group” that was exiled to Albania and once listed by the United States as a Foreign Terrorist Organization for activity in the 1970s but was later removed in late 2012. Albania eventually severed diplomatic ties with Iran on September 7, 2022, and is suspected to be the first country to ever have done so due to cyber-related attacks. For a more detailed analysis of this attack and its ramifications, download our full report.

 Figure: Homeland Justice Ransom Note Image

Banning Ransomware Payments Becomes Hot-Button Issue in State Legislature

There is a debate occurring in courtrooms across the United States regarding the ethics and impacts of allowing businesses to make ransomware payments. North Carolina and Florida have broken new ground earlier this year passing laws that prohibit state agencies from paying cyber extortion ransom demands. While these two (2) states have been leading the way in ransomware laws, at least twelve (12) other states have addressed ransomware in some way, adding criminal penalties for those involved and requiring public entities to report ransomware incidents. Download the full report to discover what experts think of government ransomware payment bans and the potential effects they could have on ransomware incidents.

Threat Actor of the Month: Worok

ESET researchers discovered a new cluster of the long-active TA428 identified as “Worok.” TA428 is a Chinese advanced persistence threat (APT) group first identified by Proofpoint researchers in July 2019 during “Operation LagTime IT”, a malicious attack campaign targeted against government IT agencies in East Asia. Download the full report for an in-depth look at Worok’s tactics and objectives, and insights from our analysts about the anticipated future impact of this group.

New List of Trending Indicators of Compromise (IOCs)

IOCs can be utilized by organizations to detect security incidents more quickly as indicators may not have otherwise been flagged as suspicious or malicious. Explore our latest list of technical indicators of compromise within the past sixty (60) days that are associated with monitored threat groups and/or campaigns of interest.

Copyright © 2022 Ankura Consulting Group, LLC. All rights reserved.

Fair Market Value Defensibility Analysis: Why is It Different from a Fair Market Value Opinion?

Fair market value is a pinnacle issue for compliance under the Stark Law and Anti-Kickback Statute. Compensation arrangements that are required to be representative of fair market value under Stark/AKS include employment, independent contractor, medical directorships, exclusive service arrangements, call coverage, quality reviews, medical staff officer stipends, etc.

Many consulting firms provide fair market value opinions relying extensively on the application of benchmark data. Based upon CMS’s statements in the Stark Law Final Rules, although application of benchmark data is a resource that can be utilized, fair market value can and should include the application of market/service area issues (i.e., deficiency of specialty) or physician-specific issues (i.e., expertise, productivity).

Commercial reasonableness is a separate concept from fair market value under Stark/AKS. Commercial reasonableness also entails whether the application of benchmark/market factors are defensible.

When analyzing the defensibility of compensation arrangements, it is important to view fair market value and commercial reasonableness as if advocating the facts and circumstances of the proposed compensation arrangement before a governmental entity (i.e., CMS, OIG, DOJ). When an attorney is rendering a fair market value defensibility analysis, not only will the analysis be protected under the attorney-client privilege, but the analysis will also include references and attachments to all of the applicable documentation and relevant information in case the compensation arrangement is ever required to be defended.

Copyright ©2022 Nelson Mullins Riley & Scarborough LLP

Presidential Pardon for Simple Marijuana Possession Leaves Out Many

Severe immigration consequences for certain non-U.S. citizens remain despite President Joe Biden’s pardon of all prior federal offenses for simple marijuana possession.

On October 6, 2022, President Biden took a major step toward the decriminalization of marijuana, pardoning all prior federal offenses for simple marijuana possession. Although this pardon will affect only approximately 6,500 individuals who were convicted of simple marijuana possession under federal law before October 6, 2022, it does not affect the much larger number of individuals who have been convicted of a marijuana possession offense under state law. To the disappointment of immigration advocates, the pardon does not benefit non-U.S. citizens who were not lawfully present in the United States at the time of their conviction, even if their conviction was under federal law.

Moreover, because marijuana is still listed as a Schedule I drug under the federal Controlled Substances Act:

  • Non-U.S. citizens can still be denied entry to the country for use of marijuana or for working or actively investing in the marijuana industry;

  • Immigration authorities may deny a non-U.S. citizen’s application for lawful permanent residence (green card) or naturalization on the ground that they have a conviction for a marijuana-related offense, an admission by the non-U.S. citizen that they have used marijuana in the past, or that they have worked or is actively investing in the marijuana industry; and

  • The Department of Homeland Security can still place individuals, including green card holders, into removal proceedings (deportation) as a result of marijuana-related offenses, unless the conviction was for simple possession of less than 30 grams.

In his order, President Biden urged governors to consider similar state law pardons for simple marijuana possession charges, which might affect many more individuals. President Biden has also asked the Department of Health and Human Services to consider changing the current Schedule I classification for marijuana. If one of these changes occurred, non-U.S. citizens would substantially benefit, as their state convictions for marijuana-related offenses might be pardoned, thus lowering the negative consequences for immigration purposes.

For now, however, non-U.S. citizens should still be wary of marijuana use, or working or investing in the marijuana industry, even in places in the United States or abroad where those activities are legal. While there may not be federal prosecutions for the use and possession of marijuana, there may be severe immigration consequences for non-U.S. citizens, because the use and possession of marijuana remains illegal in certain states.

Jackson Lewis P.C. © 2022

FinCEN Issues Final Rule on the Corporate Transparency Act Requiring Businesses to Report Beneficial Ownership Information

On September 30, 2022, the U.S. Financial Crimes Enforcement Network (“FinCEN”) published its final rule implementing Section 6403 of the Corporate Transparency Act (“CTA”). The final rule, which will take effect on January 1, 2024, will require “tens of millions” of companies doing business in the U.S. to report certain information about their beneficial owners. The reporting companies created or registered before January 1, 2024, will have until January 1, 2025, to file their initial beneficial ownership reports with FinCEN. Reporting companies created or registered on or after January 1, 2024, will be required to file initial beneficial ownership reports within 30 days of formation.

The CTA was passed by Congress on January 1, 2021, as part of the Anti-Money Laundering Act of 2020 in the National Defense Authorization Act for Fiscal Year 2021. After publishing a Notice of Proposed Rulemaking and receiving public comments, FinCEN adopted the proposed rule largely as proposed, with certain modifications intended to minimize unnecessary burdens on reporting companies.

What Entities are Reporting Companies? The final rule describes two types of reporting companies: domestic and foreign.

  • A domestic reporting company is any entity that is a corporation, a limited liability company, or other entity (such as limited liability partnerships, limited liability limited partnerships, business trusts, and most limited partnerships and business trusts) created by the filing of a document with a secretary of state or any similar office under the law of a state or American Indian tribe.

  • A foreign reporting company is any corporation, limited liability company, or other entity formed under the law of a foreign country and registered to do business in any state or tribal jurisdiction by the filing of a document with a secretary of state or any similar office under the law of a state or American Indian tribe.

What Entities are Exempt? The final rule exempts twenty-three separate categories of entities from the definition of the reporting company. Many of the exempted entities are already subject to federal or state regulations requiring disclosure of beneficial ownership information, such as banks, credit unions, depositary institutions, investment advisors, securities brokers and dealers, accounting firms, governmental entities, tax-exempt entities, and entities registered with the SEC under the Exchange Act of 1934. Additionally, the rules set forth an exemption for “large operating companies” that can demonstrate each of the following factors:

  • Employ more than 20 full-time employees in the U.S.

  • Have an operating presence at a physical office within the U.S.

  • Filed a federal income tax or information return in the U.S. for the previous year demonstrating more than $5 million in gross receipts or sales (excluding gross receipts or sales from sources outside the U.S.)

Finally, under the so-called “subsidiary exemption,” entities whose ownership interests are controlled or wholly owned by one or more exempt entities may also qualify for exemption. If a reporting company was formerly exempt but loses its exemption, it must file an updated report that announces the change and includes all the information required in a reporting company’s initial report.

Who are Beneficial Owners? The final rule requires reporting companies to report each individual who is a beneficial owner of such reporting company. A “beneficial owner” is any individual who, directly or indirectly, either exercises substantial control over the reporting company or owns or controls at least 25 percent of the ownership interests of the reporting company. An individual exercises “substantial control” if such individual:

  • Serves as a senior officer (except for corporate secretary or treasurer)

  • Has authority over the appointment or removal of any senior officer or a majority of the board of directors (or similar body)

  • Directs, determines, or has substantial influence over important decisions made by the reporting company

  • Has any other form of substantial control over the reporting company

Additionally, an individual may exercise substantial control over a reporting company, directly or indirectly, including as a trustee of a trust or similar arrangement, through:

  • Board representation

  • Ownership or control of a majority of the voting power or voting rights of the reporting company

  • Rights associated with any financing arrangement or interest in a company

  • Control over one or more intermediary entities that separately or collectively exercise substantial control over a reporting company

  • Arrangements or financial or business relationships, whether formal or informal, with other individuals or entities acting as nominees

  • Any other contract, arrangement, understanding, relationship, or otherwise

The final rule exempts five categories of individuals from the definition of beneficial owner: (i) minors, (ii) nominees, intermediaries, custodians, and agents, (iii) certain employees who are not senior officers, (iv) heirs with a future interest in the company, and (v) certain creditors.

Who are Company Applicants? In addition to the beneficial owner information, the final rule requires reporting companies created or registered on or after January 1, 2024, to report identifying information about each “company applicant.” A “company applicant” is:

  • Any individual who directly files the document to create a domestic reporting company or register a foreign reporting company with a secretary of state or similar office in the U.S.

  • Any individual who is primarily responsible for directing or controlling such filing if more than one individual is involved in the filing

The final rule provides further clarification as to certain individuals who, by virtue of their formation roles, fall under the definition of “company applicants.” For example:

  • If an attorney oversees the preparation and filing of incorporation documents and a paralegal files them, the reporting company would report both the attorney and paralegal as company applicants.

  • If an individual prepares and self-files documents to create the individual’s own reporting company, the reporting company would report the individual as the only company applicant.

The final rule removes the requirements that i) entities created before the effective date report company applicant information and ii) reporting companies update their company applicant information (except to correct inaccuracies), each of which were set forth in the proposed rules.

When are Initial Reports Due? When an initial report must be filed depends on the status of the reporting company as of January 1, 2024:

  • If Created or Registered on or after January 1, 2024 – It must file a report within 30 calendar days from the earlier of: i) the date on which the company receives actual notice that its creation or registration has become effective, or ii) the date a secretary of state or similar office first provides public notice, such as through a publicly accessible registry, that the company has been created or registered.

  • If Created or Registered Prior to January 1, 2024 – It must file a report not later than January 1, 2025.

What Information Must be Reported? An initial report must include the following information with respect to the reporting company:

  • The full legal name of the reporting company

  • Any trade name or “doing business as” name of the reporting company

  • The street address of the principal place of business of the reporting company (if outside the U.S., the street address of the primary location in the U.S. where it conducts business)

  • The state, tribal, or foreign jurisdiction of formation of the reporting company (a foreign reporting company must also report the state or tribal jurisdiction where it first registers)

  • The IRS Taxpayer Identification Number (“TIN”) of the reporting company (including the EIN of the reporting company, or if a foreign reporting company without a TIN, a tax identification number issued by a foreign jurisdiction and the name of such jurisdiction)

For each company applicant (of a reporting company registered or created on or after January 1, 2024) and each beneficial owner of a reporting company, the following information must be reported:

  • The full legal name of the individual

  • The date of birth of the individual

  • The current business street address (for a company applicant who forms or registers an entity in the course of such company applicant’s business) or residential street address (for all other individuals including beneficial owners)

  • A unique identifying number from, and image of, an acceptable identification document (e.g., a passport)

If a reporting company is directly or indirectly owned by one or more exempt entities and an individual is a beneficial owner of the reporting company exclusively by virtue of such individual’s ownership interest in the exempt entity, the reporting company’s report may list the name of the exempt entity in lieu of the beneficial ownership information set forth above.

When do Companies have to Report Changes? If there is any change with respect to required information previously submitted to FinCEN concerning a reporting company or its beneficial owners, including any change with respect to who is a beneficial owner or information reported for any particular beneficial owner, the reporting company is required to file an updated report within 30 calendar days of when the change occurred.

What are the Penalties for Violations? The final rule provides for a fine of up to $10,000.00 and/or imprisonment of up to two years for any person who willfully: (i) provides or attempts to provide false or fraudulent beneficial ownership information, or (ii) fails to report complete or updated beneficial ownership information to FinCEN. The penalties may also extend to individuals causing a reporting company’s failure to report or update information and senior officials of a reporting company at the time such failure occurs.

What is Coming Next from FinCEN? FinCEN is expected to publish the forms and instructions to be used for reporting beneficial ownership information well in advance of the effective date. FinCEN will further establish a secure nonpublic database for storage of the beneficial ownership information. Finally, FinCEN will issue rules on who may access the information (a limited group of governmental authorities and financial institutions), under what circumstances, and how the parties would generally be required to handle and safeguard the information.

What Should Reporting Companies be Doing Now? Existing companies should begin evaluating whether they are a “reporting company” and if so, determining who are their beneficial owners. Such reporting companies, including any other reporting companies that may be created or registered before the effective date, will have until January 1, 2025, to file an initial report. As noted, reporting companies created or registered on or after the effective date will have 30 calendar days after the date of creation or registration to file an initial report.

© 2022 Miller, Canfield, Paddock and Stone PLC

4 Frequently Asked Questions About MSO Investigations and 3 Defense Strategies

In the last decade, Management Services Organizations, or MSOs, became popular service providers and investment tools for the medical and health care field. Unfortunately, the way some MSOs are structured, they can violate several important laws against healthcare fraud, like the Stark Law or the Anti-Kickback Statute.

Because this is such a novel issue in the medical field, lots of healthcare providers have questions about it. Some want to know how they can defend themselves if they get accused of wrongdoing for their activity with an MSO.

Dr. Nick Oberheiden is an MSO investigation lawyer at Oberheiden P.C. Here are some questions that he frequently gets asked and a few defense strategies that can help.

FAQs About MSO Investigations

1. What are MSOs?

An MSO is a company that provides administrative services to medical professionals. They can help healthcare providers with their:

  • Human resources
  • Operations
  • Coding and billing services
  • Office space management
  • Compliance
  • Contract management

Healthcare companies can either contract with an MSO to provide these services or can outright sell the administrative wing of their practice to an MSO so they can focus on the medical side of their business.

2. Why are MSOs Problematic?

MSO arrangements can become legally problematic when they act as an investment tool for medical professionals. Physicians could buy an ownership stake in an MSO that provided services to, say, a pharmacy. Those physicians could then begin referring patients to that same pharmacy.

In theory, that referral is going to a company – the pharmacy – that neither the physician nor his or her immediate family members have a financial interest in. In reality, though, the distinction gets blurred if the MSO – and therefore the physician – makes money off the referral. This can arguably amount to a kickback, which is unlawful.

3. Is Law Enforcement Actually Looking Into MSOs?

Yes, the justice department or the U.S. Department of Justice (DOJ) has recently begun investigating MSOs that appears to be a medium for illegal kickbacks from one healthcare provider to a referring physician.

Together with the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG), the DOJ has taken the position that MSOs that are only indirectly recouping physicians for referrals is enough to violate anti-kickback laws. In one case, the agencies are pursuing False Claims Act (31 U.S.C. § 3729) violations in addition to violations of the Stark Law (42 U.S.C. § 1395nn) and the Anti-Kickback Statute (42 U.S.C. § 1320a-7b).

However, not all MSOs have come under the scrutiny of federal law enforcement. The DOJ has not declared a blanket rule that all MSOs are unlawful. Instead, it is only targeting those that show the signs of potential healthcare fraud.

4. What are the Potential Penalties for Investing in the Wrong MSO?

At this stage, it is hard to tell. MSOs are still a new development, and we are only seeing the very first charges getting filed against physicians who invest in the “wrong” MSOs. Courts have not yet ruled whether MSOs can facilitate a kickback or amount to a false claim.

If courts do go along with the DOJ’s interpretation of the law, then physicians can face steep penalties for sending business to another healthcare facility that contracts with an MSO that they own or invest in.

The Anti-Kickback Statute is a criminal law that carries up to five years in prison for a conviction, as well as fines of up to $25,000 and program exclusion. The Stark Law is a civil law that, while it does not carry criminal sanctions or jail time, does impose:

  • Denial of payments provided
  • Disgorgement of ill-gotten gains
  • Civil penalties of up to $15,000 for each violation
  • Treble damages
  • Program exclusion

Defense Strategies for Investigations into Your MSO

If you do have an ownership stake in an MSO and are concerned about a potential investigation, or if you are interested in investing in one of these new companies and want to do it right, there are several things that you can do. While every case is unique, here are three defense strategies and compliance procedures that MSO investigation attorney Dr. Nick Oberheiden often recommends considering.

1. Look for Signs That an MSO is Problematic

Not all MSOs are attracting the attention of federal law enforcement. Instead, it is the ones that do not comply with the requirements of anti-kickback statutes and illegal referrals.

Some signs that an MSO is lacking in that department include:

  • A lack of a compliance officer in the company
  • No training regarding important laws like HIPAA, the Stark Law, or the Anti-Kickback Statute
  • The MSO is paid on a percentage basis, rather than through a flat fee (payments should be at fair market value rates)
  • The MSO charges unreasonably high service fees
  • There are incentives for investing physicians to refer clients to the company

All of these are strong signs that the MSO is at risk of civil or even criminal action for healthcare fraud and illegal referrals. Unfortunately, many of these signs also give an investing physician the power to increase his or her return on the investment – a feature that makes the investment seem especially lucrative.

2. Tighten Up the Compliance

If you are invested in an MSO and suddenly see proof that it was too good to be true, you are not powerless. You are a partial owner, after all. You can push the company to tighten up its compliance with anti-kickback laws. In the best cases, this can successfully protect you and avoid scrutiny from law enforcement. Even if it does not, though, it can reduce the restitution that you can be made to pay, and the efforts to fix the MSO can be used to show your good intentions.

3. Stress the Distance Between an MSO’s Ownership and Its Clients

At this point, we still have not seen whether law enforcement’s interpretation of the law will get adopted by a court. Until we know for sure that an indirect payment is enough for anti-kickback liability, a strong defense should be that the MSO’s ownership was too far removed from the MSO’s clients to amount to a violation of the law.

As Dr. Nick Oberheiden, an MSO investigation attorney at Oberheiden P.C., says, “The law is still very much in flux at this point. Kickbacks are generally seen to be direct payments for referrals, and the whole point of the MSO investment opportunity was to avoid that exact setup.”

Oberheiden P.C. © 2022

BREAKING NEWS: Biden to Pardon Federal Marijuana Possession Convictions

In a historic move, today, President Joe Biden announced a three-step program to bring broad changes to federal cannabis policy. As an initial step towards reform, President Biden will pardon all federal offenders convicted of simple marijuana possession. According to administration officials, the pardons will be issued through an administration process overseen by the Department of Justice. Those eligible for the pardons will receive documentation showing they were officially forgiven for their crime.

“No one should be in jail just for using or possessing marijuana,” Biden said in a video announcing his executive actions. “It’s legal in many states, and criminal records for marijuana possession have led to needless barriers to employment, housing, and educational opportunities. And that’s before you address the racial disparities around who suffers the consequences. While white and Black and brown people use marijuana at similar rates, Black and brown people are arrested, prosecuted, and convicted at disproportionate rates.”

“Too many lives have been upended because of our failed approach to marijuana. It’s time that we right these wrongs,” the President said.

As a second step in the program, Biden also encouraged Governors to take similar steps to pardon state simple cannabis possession charges.

And as the last step in this program, President Biden directed the Department of Health and Human Services and Attorney General Merrick Garland to “expeditiously” review the cannabis’s status as a Schedule I controlled drug pursuant to the federal Controlled Substances Act.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.

Whistleblower Receives $11 Million for Reporting Pharmaceutical Fraud

September 16, 2022.  The United States Department of Justice settled a case against the pharmaceutical manufacturer Bayer Corporation.  Under the terms of the settlement, Bayer paid $40 million.  A former employee in the pharmaceutical company’s marketing department filed two qui tam lawsuits alleging violations of the False Claims Act.  For reporting fraud, the whistleblower received approximately $11 million, and they pursued both cases after the Department of Justice (DOJ) declined to intervene.

According to the allegations, the pharmaceutical company was paying kickbacks to healthcare providers to “induce them to utilize the drugs Trasylol and Avelox, and also marketed these drugs for off-label uses that were not reasonable and necessary.”  This lawsuit was filed in the District of New Jersey and alleged that the because of these kickbacks, the pharmaceutical company caused submission of false claims to Medicare and Medicaid.  The lawsuit that was transferred to the District of Minnesota entailed the pharmaceutical company knowingly misrepresenting the safety and efficacy of Baycol, a statin drug, and also renewing contracts with the Defense Logistics Agency based on these misrepresentations.  To settle these allegations, Bayer paid $38,860,555 to the United States and $1,139,445 to the Medicaid Participating States.  The Principal Deputy Assistant Attorney General remarked about this settlement, “Today’s recovery highlights the critical role that whistleblowers play in the effective use of the False Claims Act to combat fraud in federal healthcare programs.”

The False Claims Act incentivizes private citizens to report fraud against the government and holds accountable companies that financially benefit from participation in government contracts and government-sponsored programs.  The Department of Justice needs whistleblowers to the be the antidote to pharmaceutical fraud.

© 2022 by Tycko & Zavareei LLP