EPA Emphasizes its Criminal Enforcement Program

This Alert Update supplements a recent VNF alert analyzing the Environmental Protection Agency’s (EPA’s) enforcement priorities for fiscal years (FY) 2024-2027. EPA recently announced that its criminal program helped to develop the Agency’s national enforcement compliance initiatives and strongly suggested that it would look to pursue criminal cases under each initiative.

Previously announced National Enforcement and Compliance Initiatives (NECIs) for FY 2024-2027 include climate change, coal ash landfills and impoundments, a new focus on contaminants such as per- and polyfluoroalkyl substances (PFAS), and environmental justice initiatives. Current NECIs address aftermarket defeat devices for mobile sources, hazardous air pollutant (HAP) emissions, and compliance with the National Pollutant Discharge Elimination System (NPDES) permit program.

EPA’s head of the Office of Enforcement and Compliance Assurance (OECA), David Uhlmann, stated the agency is “promoting far greater strategic coordination between our criminal and civil enforcement programs” when speaking to the American Legal Institute-Continuing Legal Education’s (ALI-CLE) Environmental Law 2024 meeting on February 22, 2024.

Uhlmann highlighted that some prior cases handled civilly should have been potentially handled criminally, and that this may change moving forward. The practical implications for companies of the shift to a more active EPA criminal program may include significantly higher penalties and potential jail time for violations. Uhlmann also noted that “EPA will continue to reserve criminal enforcement for the most egregious violations.” His comments suggest that “egregiousness” will be evaluated based on the adverse effects of the violation, particularly on disproportionately overburdened communities, and the degree of intent. Uhlmann also added that companies could avoid criminal prosecution if they are “honest with the government” and have “strong ethics, integrity, and sustainability programs.”

The U.S. Justice Department’s Environment and National Resources Division (ENRD) litigates both civil and criminal cases for EPA and closely coordinates on enforcement initiatives. The Assistant Attorney General of ENRD, Todd Kim, also spoke during the February 22 ALI-CLE panel, and focused some of his remarks on the enforcement of environmental laws in the online marketplace. He cautioned that “online companies, just like brick-and-mortar companies, would do well to take pains to ensure that they are complying with environmental laws in selling and distributing products,” because EPA and the Department of Justice (DOJ) will enforce such laws in all market settings.

Both Uhlmann and Kim highlighted “21st century” challenges and opportunities, with NECIs addressing challenges and new opportunities such as data availability and analysis allowing EPA and DOJ to better enforce environmental laws and regulations in a targeted and effective manner. Some of the newest data and data analytics are being used to advance EPA’s environmental justice priorities. “So again, companies would do well to think about the ways we use data and to be talking with their neighbors to ensure that they’re doing what they can to ensure that disproportionately overburdened communities are getting the help they need,” Kim stated.

These EPA and DOJ statements clearly signal a potential increase in criminal environmental enforcement actions, creating additional risks for companies that run afoul of regulatory requirements. These corporate risks, which also may also be borne by executives and other employees, may be mitigated through the prompt detection and reporting of non-compliant conduct and through the development and maintenance of robust compliance programs. The ability to conduct prompt and thorough internal investigations and compliance audits should be a central part of an effective corporate compliance program.

SEC Enforcement Targets Anti-Whistleblower Practices in Financial Firm’s Settlement Agreements with Retail Clients by Imposing Highest Penalty in Standalone Enforcement Action Under Exchange Act Rule 21 F-17(a)

As the year gets underway, the Securities and Exchange Commission (SEC or Commission) is continuing its ongoing enforcement efforts to target anti-whistleblower practices by pursuing a broader range of entities and substantive agreements, including the terms of agreements between financial institutions and their retail clients. The most recent settlement with a financial firm signifies that the SEC is imposing increasingly steep penalties to settle these matters while focusing on confidentiality provisions that do not affirmatively permit voluntary disclosures to regulators. We discuss below the latest SEC enforcement actions in the name of whistleblower protection and offer some practical tips for what firms and companies may do to proactively mitigate exposure.

On 16 January 2024, the SEC announced a record $18 million civil penalty against a dual registered investment adviser and broker-dealer (the Firm), asserting that the use of release agreements with retail clients impeded the clients from reporting securities law violations to the SEC in violation of Rule 21F-17(a) of the Securities Exchange Act of 1934 (Exchange Act).1

The SEC found that from March 2020 through July 2023, the Firm regularly required its retail clients to sign confidential release agreements in order to receive a credit or settlement of more than $1,000. Under the terms of these releases, clients were required to keep confidential the existence of the credits or settlements, all related underlying facts, and all information relating to the accounts at issue, or risk legal action for breach of the agreement. The agreements “neither prohibited nor restricted” the clients from responding to any inquiries from the SEC, the Financial Industry Regulatory Authority (FINRA), other regulators or “as required by law.” However, the agreements did not expressly allow the clients to initiate voluntary reporting of potential securities law violations to the regulators. The SEC found that this violated Rule 21F-17(a) “which is intended to ‘encourag[e] individuals to report to the Commission.’”While the Firm did report a number of the underlying client disputes to FINRA, the SEC found this insufficient to mitigate the lack of language in the release agreements that expressly permitted the clients to report potential securities law violations to the SEC.

The SEC initiated a settled administrative proceeding against the Firm, which neither admitted nor denied the SEC’s findings. In addition to the $18 million civil monetary penalty, the settlement requires that the Firm cease and desist from further violations of Rule 21F-17(a). Notably, the SEC credited certain remedial measures promptly undertaken by the Firm, including revising the at-issue release language and affirmatively alerting affected clients that they are not prohibited from communicating with governmental and regulatory authorities.

This enforcement action is significant for several reasons. First, it signals a broader enforcement focus by the SEC with respect to Rule 21F-17(a) in that this is the first action involving the terms of agreements between a financial institution and its retail clients, which are prevalent throughout the financial services industry. Previously, enforcement had focused squarely on restrictive confidentiality provisions involving employees, such as those found in employment or severance agreements or in connection with internal investigation interviews.

Second, the unprecedented magnitude of the penalty in a standalone Rule 21F-17(a) case underscores the SEC’s emphasis on preventing practices that it views as obstructions of whistleblower rights. SEC Enforcement Director Gurbir Grewal’s statement announcing the settlement reflects this position, “Whether it’s in your employment contracts, settlement agreements or elsewhere, you simply cannot include provisions that prevent individuals from contacting the SEC with evidence of wrongdoing.” Companies (public and private), broker-dealers, investment advisers, and other market participants should expect to see continued enforcement investigations in connection with the SEC’s ongoing attention toward compliance with Rule 21F-17(a), as discussed further below.

The SEC’s Whistleblower Protection Program

Established in 2011 pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the SEC Whistleblower Program provides monetary awards to individuals who “tip” the SEC with original information that leads to an enforcement action resulting in monetary sanctions that exceed $1 million. Through the end of the SEC’s FY2023, the SEC has awarded almost $2 billion to 385 whistleblowers.In FY2023 alone, the SEC received over 18,000 whistleblower tips and awarded more than $600 million in whistleblower awards to 68 individuals.4

In furtherance of the Whistleblower Program, the SEC also issued Exchange Act Rule 21F-17(a), which provides that “no person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”5

SEC Struck Several Blows in 2023 Against Companies that Failed to Carve out Whistleblower Protections in Their Confidentiality Agreements

The SEC has been aggressively enforcing Rule 21F-17(a) since its first enforcement action in 2015 with respect to that Rule,through several waves of enforcement actions. During 2023, the SEC was especially active with a number of settled enforcement actions asserting violations of Rule 21F-17(a) in which the respondents neither admitted nor denied the SEC’s findings:

  • In February 2023, the SEC fined a video game development and publishing company $35 million for violating federal securities laws through its inadequate disclosure controls and procedures. The settled action also included a finding that the company had violated Rule 21F-17(a) by executing separation agreements in the ordinary course of its business that required former employees to provide notice to the company if they received a request for information from the SEC’s staff.7
  • In May 2023, the SEC imposed a $2 million fine on an internet streaming company for: (i) retaliating against an employee who reported misconduct to the company’s management prior to and after filing a complaint with the SEC; and, (ii) impeding the reporting of potential securities law violations, by including provisions in employee severance agreements requiring that departing employees waive any potential right to receive a whistleblower award, in violation Rule 21F-17(a).8
  • In September 2023, in another standalone enforcement action for violations of Rule 21F-17(a), the SEC imposed a $10 million civil monetary penalty on a registered investment adviser (RIA) for requiring that its new employees sign employment agreements that prohibited the disclosure of “Confidential Information” to anyone outside of the company, without an exception for voluntary communications with the SEC concerning possible securities laws violations.Further, the RIA required many departing employees to sign a release in exchange for the receipt of certain deferred compensation and other benefits affirming that, among other things, the employee had not filed any complaints with any governmental agency. Although the RIA later revised its policies and issued clarifications to employees that they were not prevented from communicating with the SEC and other regulators, the RIA failed to amend its employment and release agreements to provide the carve out.
  • Also in September 2023, the SEC charged two additional firms with violations of Rule 21F-17(a). In one case imposing a $375,000 civil penalty, the SEC found that a commercial real estate services and investment firm impeded whistleblowers by requiring its employees, as a condition of receiving separation pay, to represent that they had not filed a complaint against the firm with any federal agency.10 In another case, the SEC imposed a $225,000 civil penalty against a privately-held energy and technology company for requiring certain departing employees to waive their rights to monetary whistleblower awards.11 This particular action underscores that Rule 21F-17 applies to all entities, and not only to public companies.

Mr. Grewal, in an October 2023 speech before the New York City Bar Association Compliance Institute, emphasized that potential impediments to the SEC’s Whistleblower Program would be a continued focus of the agency’s enforcement efforts, stating, “we take compliance with Rule 21F-17 very seriously, and so should each of you who work in a compliance function or advise companies. You need to look at these orders and the violative language cited by the Commission and think about how those actions may impact your firms. And if they do, then take the steps necessary to effect compliance.”12

Key Take-Aways

The SEC’s recent enforcement actions demonstrate that violations of Rule 21F-17(a) can carry significant fines and reach virtually any confidentiality agreement that does not carve out communications between a firm’s current or former employees or customers and the SEC or other regulators about potential securities violations. Moreover, although many of the enforcement actions relate to language in agreements, Rule 21F-17 is not so limited and can also apply to language in internal policies, procedures, guidance, manuals, or training materials. The message from the SEC is clear: it will continue to enforce Rule 21F-17 with respect to public companies, private companies, broker-dealers, investment advisers, and other financial services entities.

The SEC in its recent orders has provided credit to companies for cooperation as well as for instituting remedial actions.13 Being proactive in identifying and correcting potential violations in advance of any investigation by the SEC can result in mitigation of any action or penalties.

Legal and compliance officers may want to consider the following steps in order to evaluate and potentially mitigate any potential exposure to an enforcement action:

  • Conduct a review of all employee-facing and client-facing documents or contracts with confidentiality provisions and remove or revise any content that may be viewed as impeding (even unintentionally) a person’s ability to report potential securities law violations to the SEC. Depending on the circumstances, this may involve including a reference expressly permitting communications with the SEC and other government or regulatory entities without advance notice or disclosure to the company.
  • Remove any language from the templates that could be interpreted as hindering an employee’s or client’s ability to communicate with the SEC concerning potential securities law violations, including language threatening disciplinary action against employees for disclosing confidential information in their communications with government agencies when reporting potential violations.
  • Prepare addenda or updates to current employee- and client-facing agreements that reflect the revised confidentiality clauses.
  • Include reference in written anti-retaliation policies that employees’ communications and cooperation with the SEC and other government agencies will not result in retaliation from the company.
  • Conduct trainings for company managers and supervisors regarding appropriate communications to employees regarding their interactions with the government.
  • Implement policies that prevent any company personnel from taking steps to block or interfere with an employee’s use of company platforms or systems to communicate with the SEC and other government agencies.14

In the Matter of JP Morgan Securities LLC, Admin. Proc. No. 3-21829 (Jan. 16, 2024), https://www.sec.gov/files/litigation/admin/2024/34-99344.pdf.

Id. (quoting Securities Whistleblower Incentives and Protections Adopting Release, Release No. 34-63434 (June 13, 2011)).

SEC Office of the Whistleblower Annual Report to Congress for Fiscal Year 2023 (Nov. 14, 2023), https://www.sec.gov/files/2023_ow_ar.pdf; SEC Whistleblower Office Announces Results for FY 2022 (Nov. 15, 2022), https://www.sec.gov/files/2022_ow_ar.pdf; 2021 Annual Report to Congress Whistleblower Program (Nov. 15, 2021), https://www.sec.gov/files/owb-2021-annual-report.pdf; 2020 Annual Report to Congress Whistleblower Program (Nov. 16, 2020), https://www.sec.gov/files/2020_owb_annual_report.pdf.

SEC Office of the Whistleblower Annual Report to Congress for Fiscal Year 2023 (Nov. 14, 2023), https://www.sec.gov/files/2023_ow_ar.pdf.

17 C.F.R. § 240.21F-17.

In the Matter of KBR, Inc., Admin. Proc. No. 3-16466 (Apr. 1 2015), https://www.sec.gov/files/litigation/admin/2015/34-74619.pdf (imposing a US$130,000 fine on a company in a settled enforcement action for requiring that witnesses in certain internal investigations sign confidentiality agreements warning that they could be subject to discipline if they discussed the matters at issue outside the company without prior approval of the company’s legal department).

In the Matter of Activision Blizzard, Inc. Admin. Proc. No. 3-21294 (Feb. 3, 2023), https://www.sec.gov/files/litigation/admin/2023/34-96796.pdf.

In the Matter of Gaia, Inc. et. al., Admin. Proc. No. 3-21438 (May 23, 2023), https://www.sec.gov/files/litigation/admin/2023/33-11196.pdf.

In the Matter of D.E. Shaw & Co., L.P., Admin. Proc. No. 3-21775 (Sep. 29, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98641.pdf.

10 In the Matter of CBRE Inc., Admin. Proc. No. 3-21675  (Sept. 19, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98429.pdf.

11 In the Matter of Monolith Res., LLC, Admin. Proc. No. 3-21629 (Sept. 8, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98322.pdf.

12 Gurbir S. Grewal, Remarks at New York City Bar Association Compliance Institute (Oct. 24, 2023), https://www.sec.gov/news/speech/grewal-remarks-nyc-bar-association-compliance-institute-102423.

13 See, e.g., In the Matter of CBRE Inc., Admin. Proc. No. 3-21675  (Sept. 19, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98429.pdf (crediting respondent’s remediation program, which included, among other measures, an audit of relevant agreements, updates to policies with respect to Rule 21F-17, and mandatory trainings); In the Matter of Monolith Res., LLC, Admin. Proc. No. 3-21629 (Sept. 8, 2023), https://www.sec.gov/files/litigation/admin/2023/34-98322.pdf (crediting respondent’s prompt remedial acts including revisions to the at-issue release language and affirmatively alerting affected clients that they are not prohibited from communicating with governmental and regulatory authorities.)

14 Cf.  In the Matter of David Hansen, Admin Proc. 3-20820 (Apr. 12, 2022), https://www.sec.gov/enforce/34-94703-s (settled SEC enforcement action against former Chief Information Officer of a technology company for violating Rule 21F-17(a) by, among other things, removing an employee’s access to the company’s computer systems after the employee raised concerns regarding misrepresentations contained in the company’s public disclosures).

The Future of Stablecoins, Crypto Staking and Custody of Digital Assets

In the wake of the collapse of cryptocurrency exchange firm FTX, the Securities and Exchange Commission (SEC) has ratcheted up its oversight and enforcement of crypto firms engaged in activities ranging from crypto staking to custody of digital assets. This is due in part to concerns that the historically free-wheeling and largely unregulated crypto marketplace may adversely impact U.S. investors and contaminate traditional financial systems. The arguments that cryptocurrencies and digital assets should not be viewed as securities under federal laws largely fall on deaf ears at the SEC. Meanwhile, the state of the crypto economy in the United States remains in flux as the SEC, other regulators and politicians alike attempt to balance competing interests of innovation and investment in a relatively novel and untested asset class.

Is Crypto Staking Dead?

First, what is crypto staking? By way of background, it’s necessary to understand a bit about blockchain technology, which serves as the underpinning for all cryptocurrency and digital asset transactions. One of the perceived benefits of such transactions is that they are decentralized and “peer-to-peer” – meaning that Person A can transact directly with Person B without the need for a financial intermediary to approve the transaction.

However, in the absence of a central authority to validate a transaction, blockchain requires other verification processes or consensus mechanisms such as “proof of work” (which in the case of Bitcoin mining ensures that transactions are valid and added to the Bitcoin blockchain correctly) or “proof of stake” (a network of “validators” who contribute or “stake” their own crypto in exchange for a chance to validate a new transaction, update the blockchain and earn a reward). Proof of work has come under fire by environmental activists for the enormous amounts of computer power and energy required to solve complex mathematical or cryptographic puzzles to validate a transaction before it can be recorded on the blockchain. In contrast, proof of stake is analogous to a shareholder voting their shares of stock to approve a corporate transaction.

Second, why has crypto staking caught the attention of the SEC? Many crypto firms and exchanges offer “staking as a service” (SaaS) whereby investors can stake (or lend) their digital assets in exchange for lucrative returns. This practice is akin to a person depositing cash in a bank account in exchange for interest payments – minus FDIC insurance backing of all such bank deposits to protect investors.

Recently, on February 9, 2023, the SEC charged two crypto firms, commonly known as “Kraken,” for violating federal securities laws by offering a lucrative crypto asset SaaS program. Pursuant to this program, investors could stake their digital assets with Kraken in exchange for annual investment returns of up to 21 percent. According to the SEC, this program constituted the unregistered sale of securities in violation of federal securities laws. Moreover, the SEC claims that Kraken failed to adequately disclose the risks associated with its staking program. According to the SEC’s Enforcement Division director:

“Kraken not only offered investors outsized returns untethered to any economic realities but also retained the right to pay them no returns at all. All the while, it provided them zero insight into, among other things, its financial condition and whether it even had the means of paying the marketed returns in the first place.”1

Without admitting or denying the SEC’s allegations, Kraken has agreed to pay a $30 million civil penalty and will no longer offer crypto staking services to U.S. investors. Meanwhile, other crypto firms that offer similar programs, such as Binance and Coinbase, are waiting for the other shoe to drop – including the possibility that the SEC will ban all crypto staking programs for U.S. retail investors. Separate and apart from potentially extinguishing a lucrative revenue stream for crypto firms and investors alike, it may have broader consequences for proof of stake consensus mechanisms commonly used to validate blockchain transactions.

NY DFS Targets Stablecoins

In the world of cryptocurrency, stablecoins are typically considered the most secure and least volatile because they are often pegged 1:1 to some designated fiat (government-backed) currency such as U.S. dollars. In particular, all stablecoins issued by entities regulated by the New York Department of Financial Services (NY DFS) are required to be fully backed 1:1 by cash or cash equivalents. However, on February 13, 2023, NY DFS unexpectedly issued a consumer alert stating that it had ordered Paxos Trust Company (Paxos) to stop minting and issuing a stablecoin known as “BUSD.” BUSD is reportedly the third largest stablecoin by market cap and pegged to the U.S. dollar.

The reasoning behind the NY DFS order remains unclear from the alert, which merely states that “DFS has ordered Paxos to cease minting Paxos-issued BUSD as a result of several unresolved issues related to Paxos’ oversight of its relationship with Binance in regard to Paxos-issued BUSD.”The same day, Paxos confirmed that it would stop issuing BUSD. However, in an effort to assuage investors, Paxos stated “All BUSD tokens issued by Paxos Trust have and always will be backed 1:1 with U.S. dollar–denominated reserves, fully segregated and held in bankruptcy remote accounts.”3

Separately, the SEC reportedly issued a Wells Notice to Paxos on February 12, 2023, indicating that it intended to commence an enforcement action against the company for violating securities laws in connection with the sale of BUSD, which the SEC characterized as unregistered securities. Paxos, meanwhile, categorically denies that BUSD constitute securities, but nonetheless has agreed to stop issuing these tokens in light of the NY DFS order.

It remains to be seen whether the regulatory activity targeting BUSD is the beginning of a broader crackdown on stablecoins amid concerns that, contrary to popular belief, such coins may not be backed by adequate cash reserves.

Custody of Crypto Assets

On February 15, 2023, the SEC proposed changes to the existing “custody rule” under the Investment Advisers Act of 1940. As noted by SEC Chair Gary Gensler, the custody rule was designed to “help ensure that [investment] advisers don’t inappropriately use, lose, or abuse investors’ assets.”The proposed changes to the rule (referred to as the “safeguarding rule”) would require investment advisers to maintain client assets – specifically including crypto assets – in qualified custodial accounts. As the SEC observed, “[although] crypto assets are a relatively recent and emerging type of asset, this is not the first time custodians have had to adapt their practices to safeguard different types of assets.”5

A qualified custodian generally is a federal or state-chartered bank or savings association, certain trust companies, a registered broker-dealer, a registered futures commission merchant or certain foreign financial institutions.6 However, as noted by the SEC, many crypto assets trade on platforms that are not qualified custodians. Accordingly, “this practice would generally result in an adviser with custody of a crypto asset security being in violation of the current custody rule because custody of the crypto asset security would not be maintained by a qualified custodian from the time the crypto asset security was moved to the trading platform through the settlement of the trade.”7

Moreover, in a departure from existing practice, the proposed safeguarding rule would require an investment adviser to enter into a written agreement with the qualified custodian. This custodial agreement would set forth certain minimum protections for the safeguarding of customer assets, including crypto assets, such as:

  • Implementing appropriate measures to safeguard an advisory client’s assets8
  • Indemnifying an advisory client when its negligence, recklessness or willful misconduct results in that client’s loss9
  • Segregating an advisory client’s assets from its proprietary assets10
  • Keeping certain records relating to an advisory client’s assets
  • Providing an advisory client with periodic custodial account statements11
  • Evaluating the effectiveness of its internal controls related to its custodial practices.12

The new proposed, cumbersome requirements for custodians of crypto assets appear to be a direct consequence of the collapse of FTX, which resulted in the inexplicable “disappearance” of billions of dollars of customer funds. By tightening the screws on custodians and investment advisers, the SEC is seeking to protect the everyday retail investor by leveling the playing field in the complex and often murky world of crypto. However, it still remains to be seen whether, and to what extent, the proposed safeguarding rule will emerge after the public comment period, which will remain open for 60 days following publication of the proposal in the Federal Register.


1 SEC Press Release 2023-25 (Feb. 9, 2023).

NY DFS Consumer Alert (Feb. 13, 2023) found at https://www.dfs.ny.gov/consumers/alerts/Paxos_and_Binance.

3 Paxos Press Release (Feb. 13, 2023) found at https://paxos.com/2023/02/13/paxos-will-halt-minting-new-busd-tokens/.

4 SEC Press Release 2023-30 (Feb. 15, 2023).

5 SEC Proposed Rule, p. 79.

6 SEC Fact Sheet: Proposed Safeguarding Rule.

7 SEC Proposed Rule, p. 68.

For instance, per the SEC, this could require storing crypto assets in a “cold wallet.”

9 Per the SEC, “the proposed indemnification requirement would likely operate as a substantial expansion in the protections provided by qualified custodians to advisory clients, in particular because it would result in some custodians holding advisory client assets subject to a simple negligence standard rather than a gross negligence standard.” See SEC Proposed Rule, p. 89.

10 Per the SEC, this requirement is intended to “ensure that client assets are at all times readily identifiable as client property and remain available to the client even if the qualified custodian becomes financially insolvent or if the financial institution’s creditors assert a lien against the qualified custodian’s proprietary assets (or liabilities).” See SEC Proposed Rule, p. 92.

11 Per the SEC, “[in] a change from the current custody rule, the qualified custodian would also now be required to send account statements, at least quarterly, to the investment adviser, which would allow the adviser to more easily perform account reconciliations.” See SEC Proposed Rule, p. 98.

12 Per the SEC, the proposed rule would require that the “qualified custodian, at least annually, will obtain, and provide to the investment adviser a written internal control report that includes an opinion of an independent public accountant as to whether controls have been placed in operation as of a specific date, are suitably designed, and are operating effectively to meet control objectives relating to custodial services (including the safeguarding of the client assets held by that qualified custodian during the year).” See SEC Proposed Rule, p. 101.

© 2023 Wilson Elser

Australia: ASIC Reveals 2023 Enforcement Priorities

The Australian Securities and Investments Commission (ASIC) has revealed its key enforcement priorities for 2023. This year, ASIC has signalled an expanded focus on enforcement activity targeting:

  • sustainable finance practices and disclosure of climate risks;
  • financial scams;
  • cyber and operational resilience; and
  • investor harms involving crypto-assets.

In its release, ASIC has emphasised that the regulator’s prioritisation of monitoring in these areas intends to “address misconduct, market integrity threats and consumer harms in sectors including financial services, retail and crypto-assets.”

The warning coincides with this month’s release of ASIC’s enforcement and regulatory report that highlights the major uptick in enforcement and regulatory actions taken by ASIC during the last half of 2022, including:

  • 173 criminal charges being laid and $76.3 million in civil penalties imposed;
  • heightened action against money laundering risks;
  • the issuance of 22 design and distribution obligations (DDO) stop orders to prevent consumers and investors being targeted by products inappropriate to their objectives, financial situation and needs; and
  • the regulator’s first action for greenwashing and consequential issuance of infringement notices for misleading sustainability-related statements.

Another priority of ASIC for the coming year is to increase its transparency to industry and streamline its interactions with the entities it regulates. For the first time, ASIC has released a regulatory developments timetable setting out projected timeframes for ASIC regulatory work, such as the publication of draft or final guidance, and the anticipated making of a legislative instrument. ASIC’s release of these key enforcement priorities and regulatory developments timetable gives us a clear indication of ASIC’s intention to continue its heightened level of surveillance and enforcement action into 2023.

Copyright 2023 K & L Gates

SEC Ramps Up Enforcement against Public Companies and Subsidiaries in FY 2022

The SEC imposed $2.8 billion in monetary settlements, the largest total in any fiscal year recorded in the Securities Enforcement Empirical Database.

New YorkThe U.S. Securities and Exchange Commission (SEC) filed 68 enforcement actions against public companies and subsidiaries in the first full fiscal year of Chair Gary Gensler’s tenure. Monetary settlements imposed in public company or subsidiary actions reached $2.8 billion, according to a report released today by the NYU Pollack Center for Law & Business and Cornerstone Research.

The report, SEC Enforcement Activity: Public Companies and Subsidiaries—Fiscal Year 2022 Update, analyzes information from the Securities Enforcement Empirical Database (SEED). The 68 enforcement actions in FY 2022, which ended September 30, reflected a 28% increase from the previous fiscal year.

The SEC imposed monetary settlements on 97% of the 75 public company and subsidiary defendants that settled in FY 2022. Both the dollar amount and the percentage were the largest of any fiscal year recorded in SEED, which covers actions beginning in FY 2010.

“The number of defendants that settled in FY 2022 with admissions of guilt increased substantially from the previous fiscal year. This was driven by actions involving Broker Dealer allegations brought by the SEC in September,” said Stephen Choi, the Bernard Petrie Professor of Law and Business at New York University School of Law and director of the Pollack Center for Law & Business. “The 16 defendants admitting guilt was double the largest number in any previous fiscal year in SEED.”

The $2.8 billion in monetary settlements imposed in public company or subsidiary enforcement actions in FY 2022 was $921 million more than in FY 2021 and $321 million more than in any other fiscal year in SEED. The median monetary settlement in FY 2022 was $9 million, the largest in SEED. The average settlement was $42 million.

“The increase in monetary settlements is consistent with the SEC’s public statements that ‘robust remedies’ are an enforcement priority,” said report coauthor Sara Gilley, a Cornerstone Research vice president. “The $1.2 billion in monetary settlements with 16 public broker-dealer subsidiaries for recordkeeping failures represents 44% of total monetary settlements in the fiscal year.”

Issuer Reporting and Disclosure continued to be the most common allegation type in FY 2022, accounting for 38% of actions. Allegations in the SEC’s Broker Dealer classification were the second most common for the first time since FY 2018. Nearly 70% of the 16 Broker Dealer actions were filed against financial institutions for recordkeeping failures.

Click here to read the full report from Cornerstone Research.

Copyright ©2022 Cornerstone Research

Feds Announce More Aggressive Enforcement of Poor Performing Nursing Homes

In February of 2022, during his State of the Union Address, President Biden announced an action plan to improve the safety and quality of care in the nation’s nursing homes.[i] On October 21, 2022, Centers for Medicare and Medicaid Services (CMS) announced new requirements to help with oversight of facilities selected to the Special Focus Facilities (SFF) Program.[ii]

The SFF Program was created to help and oversee the poorest performing nursing homes in the country and improve nursing homes that have a history of noncompliance.  The goal is to improve safety and quality of care. The facilities selected for the SFF Program must be inspected no less than once every six months and if severe enforcement is needed, it is at the discretion of the state surveyors. The main objective for the SFF Program is for facilities to show exponential improvement, graduate from the program, and then maintain compliance and better quality of care and safety.

The new CMS requirements, outlined below, are aimed at facilities that continuously fail to improve and remain in the SFF Program for a prolonged period of time. Health and Human Services Secretary Xavier Becerra stated, “Let us be clear: we are cracking down on enforcement of our nation’s poorest-performing nursing homes. As President Biden directed, we are increasing scrutiny and taking aggressive action to ensure everyone living in nursing homes gets the high-quality care they deserve. We are demanding better because our seniors deserve better.”

CMS announced the following revisions to the SFF Program:

  • Effective immediately, CMS will use escalating penalties for violations for deficiencies cited at the same level in subsequent surveys. This can include possible discretionary termination from Medicare and/or Medicaid funding for facilities that are cited with immediate jeopardy deficiencies on any two surveys while participating the in the SFF Program.
  • CMS will consider facilities’ efforts to improve when considering discretionary termination from Medicare and/or Medicaid programs.
  • CMS will impose more severe escalating enforcement remedies for SFF Program facilities for noncompliance and no effort to improve performance.
  • Increased requirements that nursing homes in the SFF Program must meet to graduate from the SFF Program.
  • For three years after graduation from the SFF Program, CMS will ensure nursing homes consistently maintain compliance with safety requirements by continuing to closely monitor these facilities.
  • CMS is offering more support resources to facilities selected for the SFF Program.

Additionally, the Biden administration released a fact sheet with the steps they are taking to in improve the quality of nursing homes. [iii] Some of the steps mentioned include more resources to support union jobs in nursing home care, establishing minimum staffing requirements, incentivizing quality performance through Medicare and Medicaid funding, and enhanced efforts to prevent fraud and abuse.


  1. https://www.whitehouse.gov/briefing-room/statements-releases/2022/02/28/…
  2. https://www.cms.gov/files/document/qso-23-01-nh.pdf
  3. https://www.whitehouse.gov/briefing-room/statements-releases/2022/10/21/…

Article By Thomas W. Hess, Kelly A. Leahy, Sydney N. Pahren, and Bryan L. Cockroft of Dinsmore & Shohl LLP

For more health law and managed care legal news, click here to visit the National Law Review.

© 2022 Dinsmore & Shohl LLP. All rights reserved.

SEC Proposes to Clear-Up Clearing Agencies’ Governance to Mitigate Directors’ Potential Conflicts of Interest

Clearing agencies registered with the Securities and Exchange Commission (SEC) will have to make governance changes to their boards of directors under a new rule proposed by the SEC on August 8, 2022.

The SEC proposed the new rule1 to mitigate the conflicts of interests inherent in clearing agency relationships. The rule follows episodes of market volatility in 2021 that included large fluctuations surrounding COVID-19 and the meme stock craze.

The new rule would amend Section 17Ad-25 of the Securities Exchange Act of 1934 (Exchange Act) to require additional management and governance requirements for clearing agencies that register with the SEC. The proposed rules provide specific new governance requirements on clearing board composition, independent directors, nominating committees and risk management committees. The rule also requires the board to oversee relationships with critical service providers and includes a board obligation to consider various stakeholder views and inputs.

Rationale

The SEC’s rationale for proposing Rule 17Ad-25, titled Clearing Agency Governance and Conflicts of Interest, is to reduce the risk that conflicts of interest inherent in various clearing agency relationships substantially harm the security-based swaps or larger financial market. The SEC is proposing this rule to mitigate conflicts of interest, promote the fair representation of owners and participants in the governance of a clearing agency, identify responsibilities of the board, and increase transparency into clearing agency governance.

The SEC noted that those episodes of increased market volatility revealed certain vulnerabilities in the US securities market and the essential role clearing agencies play in managing the risk if securities transactions fail to clear.

The SEC observed three potential sets of conflicts of interest that the proposed rule attempts to address.

  1. The proposed rule addresses the different perspectives the various stakeholders involved in clearing agencies might have. In particular, a clearing agency owner’s potential interest in protecting the equity and continued operation of the clearing agency diverges from a participant’s potential interest in avoiding the allocation of losses from another defaulting participant. For instance, in the event of a loss, clearing agency participants might prefer to limit access to clearing, while owners may choose to expand the scope of products offered to collect fees.

  2. Larger clearing agency participants’ priorities may diverge significantly from the interests of smaller clearing agency participants. In particular, when a small number of dominant participants exercise control over a registered clearing agency concerning services provided by that clearing agency, those participants might promote margin requirements that are not commensurate with the risks they take, thereby indirectly limiting competition and increasing profit margins for themselves. In other words, a registered clearing agency dominated by a small number of large participants might make decisions designed to provide them with a competitive advantage.

  3. Certain participants may exert undue influence to limit access to the clearing agency based on their own interests, and thus could limit the benefits of the clearing agency to indirect participants.

Rule Requirements

The proposed rule would impose these seven requirements:

  1. define independence in the context of a director serving on the board of a registered clearing agency and require that a majority of directors on the board be independent, unless a majority of the voting rights distributed to shareholders of record are directly or indirectly held by participants of the registered clearing agency, in which case at least 34 percent of the board must be independent directors;

  2. establish requirements for a nominating committee, including with respect to the composition of the nominating committee, fitness standards for serving on the board, and documenting the process for evaluating board nominees;

  3. establish requirements for the function, composition, and reconstitution of the risk management committee;

  4. require policies and procedures that identify, mitigate or eliminate, and document the identification and mitigation or elimination of conflicts of interest;

  5. require policies and procedures that obligate directors to report potential conflicts promptly;

  6. require policies and procedures for the board to oversee relationships with service providers for critical services; and

  7. require policies and procedures to solicit, consider, and document the registered clearing agency’s consideration of the views of its participants and other relevant stakeholders regarding its governance and operations.

The proposing release will be published on SEC.gov and in the Federal Register. The public comment period will remain open for 60 days following publication of the proposing release on the SEC’s website or 30 days following publication of the proposing release in the Federal Register, whichever period is longer.


FOOTNOTES

https://www.sec.gov/rules/proposed/2022/34-95431.pdf

Article By Susan Light of Katten. Jacob C. Setton, an associate in the Financial Markets and Funds practice and candidate for admission to the New York State bar, also contributed to this advisory.

For more SEC and securities legal news, click here to visit the National Law Review.

©2022 Katten Muchin Rosenman LLP

Threats of Antitrust Enforcement in the Supply Chain

With steep inflation and seemingly constant disruptions in supply chains for all manner of goods, the Biden Administration has turned increasingly to antitrust authorities to tame price increases and stem future bottlenecks. These agencies have used the myriad tools at their disposal to carry out their mandate, from targeting companies that use supply disruptions as cover for anti-competitive conduct, to investigating industries with key roles in the supply chain, to challenging vertical mergers that consolidate suppliers into one firm. In keeping with the Administration’s “whole-of-government” approach to antitrust enforcement, these actions have often involved multiple federal agencies.

Whatever an entity’s role in the supply chain, that company can make a unilateral decision to raise its prices in response to changing economic conditions. But given the number of enforcement actions, breadth of the affected industries, and the government’s more aggressive posture toward antitrust enforcement in general, companies should tread carefully.

What follows is a survey of recent antitrust enforcement activity affecting supply chains and suggested best practices for minimizing the attendant risk.

Combatting Inflation as a Matter of Federal Antitrust Policy

Even before inflation took hold of the U.S. economy, the Biden Administration emphasized a more aggressive approach to antitrust enforcement. President Biden appointed progressives to lead the antitrust enforcement agencies, naming Lina Kahn chair of the Federal Trade Commission (FTC) and Jonathan Kanter to head the Department of Justice’s Antitrust Division (DOJ). President Biden also issued Executive Order 14036, “Promoting Competition in the American Economy.” This Order declares “that it is the policy of my Administration to enforce the antitrust laws to combat the excessive concentration of industry, the abuses of market power, and the harmful effects of monopoly and monopsony….” To that end, the order takes a government-wide approach to antitrust enforcement and includes 72 initiatives by over a dozen federal agencies, aimed at addressing competition issues across the economy.

Although fighting inflation may not have been the initial motivation for the President’s agenda to increase competition, the supply disruptions wrought by the COVID-19 pandemic and persistent inflation, now at a 40-year high, have made it a major focus. In public remarks the White House has attributed rising prices in part to the absence of competition in certain industries, observing “that lack of competition drives up prices for consumers” and that “[a]s fewer large players have controlled more of the market, mark-ups (charges over cost) have tripled.” In a November 2021 statement declaring inflation a “top priority,” the White House directed the FTC to “strike back at any market manipulation or price gouging in this sector,” again tying inflation to anti-competitive conduct.

The Administration’s Enforcement Actions Affecting the Supply Chain

The Administration has taken several antitrust enforcement actions in order to bring inflation under control and strengthen the supply chain. In February, the DOJ and FBI announced an initiative to investigate and prosecute companies that exploit supply chain disruptions to overcharge consumers and collude with competitors. The announcement warned that individuals and businesses may be using supply chain disruptions from the COVID-19 pandemic as cover for price fixing and other collusive schemes. As part of the initiative, the DOJ is “prioritizing any existing investigations where competitors may be exploiting supply chain disruptions for illicit profit and is undertaking measures to proactively investigate collusion in industries particularly affected by supply disruptions.” The DOJ formed a working group on global supply chain collusion and will share intelligence with antitrust authorities in Australia, Canada, New Zealand, and the UK.

Two things stand out about this new initiative. First, the initiative is not limited to a particular industry, signaling an intent to root out collusive schemes across the economy. Second, the DOJ has cited the initiative as an example of the kind of “proactive enforcement efforts” companies can expect from the division going forward. As the Deputy Assistant Attorney General for Criminal Enforcement put it in a recent speech, “the division cannot and will not wait for cases to come to us.”

In addition to the DOJ’s initiative, the FTC and other federal agencies have launched more targeted inquiries into specific industries with key roles in the supply chain or prone to especially high levels of inflation. Last fall, the FTC ordered nine large retailers, wholesalers, and consumer good suppliers to “provide detailed information that will help the FTC shed light on the causes behind ongoing supply chain disruptions and how these disruptions are causing serious and ongoing hardships for consumers and harming competition in the U.S. economy.” The FTC issued the orders under Section 6(b) of the FTC Act, which authorizes the Commission to conduct wide-ranging studies and seek various types of information without a specific law enforcement purpose. The FTC has in recent months made increasing use of 6(b) orders and we expect may continue to do so.

Amid widely reported backups in the nation’s ports, the DOJ announced in February that it was strengthening its partnership with and lending antitrust expertise to the Federal Maritime Commission to investigate antitrust violations in the ocean shipping industry. In a press release issued the same day, the White House charged that “[s]ince the beginning of the pandemic, these ocean carrier companies have been dramatically increasing shipping costs through rate increases and fees.” The DOJ has reportedly issued a subpoena to at least one major carrier as part of what the carrier described as “an ongoing investigation into supply chain disruption.”

The administration’s efforts to combat inflation through antitrust enforcement have been especially pronounced in the meat processing industry. The White House has called for “bold action to enforce the antitrust laws [and] boost competition in meat processing.” Although the DOJ suffered some well-publicized losses in criminal trials against some chicken processing company executives, the DOJ has obtained a $107 million guilty plea by one chicken producer and several indictments.

Most recently, the FTC launched an investigation into shortages of infant formula, including “any anticompetitive [] practices that have contributed to or are worsening this problem.” These actions are notable both for the variety of industries and products involved and for the multitude of enforcement mechanisms used, from informal studies with no law enforcement purpose to criminal indictments.

Preventing Further Supply-Chain Consolidation

In addition to exposing and prosecuting antitrust violations that may be contributing to inflation and supply issues today, the Administration is taking steps to prevent further consolidation of supply chains, which it has identified as a root cause of supply disruptions. DOJ Assistant Attorney General Kanter recently said that “[o]ur markets are suffering from a lack of resiliency. Among many other things, the consequences of the pandemic have revealed supply chain fragility. And recent geopolitical conflicts have caused prices at the pump to skyrocket. And, of course, there are shocking shortages of infant formula in grocery stores throughout the country. These and other events demonstrate why competition is so important. Competitive markets create resiliency. Competitive markets are less susceptible to central points of failure.”

Consistent with the Administration’s concerns with consolidation in supply chains, the FTC is more closely scrutinizing so-called vertical mergers, combinations of companies at different levels of the supply chain. In September 2021, the FTC voted to withdraw its approval of the Vertical Merger Guidelines published jointly with the DOJ the year before. The Guidelines, which include the criteria the agencies use to evaluate vertical mergers, had presumed that such arrangements are pro-competitive. Taking issue with that presumption, FTC Chair Lina Khan said the Guidelines included a “flawed discussion of the purported pro-competitive benefits (i.e., efficiencies) of vertical mergers” and failed to address “increasing levels of consolidation across the economy.”

In January 2022, the FTC and DOJ issued a request for information (RFI), seeking public comment on revisions to “modernize” the Guidelines’ approach to evaluating vertical mergers. Although the antitrust agencies have not yet published revised Guidelines, the FTC has successfully blocked two vertical mergers. In February, semiconductor chipmaker, Nvidia, dropped its bid to acquire Arm Ltd., a licenser of computer chip designs after two months of litigation with the FTC. The move “represent[ed] the first abandonment of a litigated vertical merger in many years.” Days later Lockheed Martin, faced with a similar challenge from the FTC, abandoned its $4.4 billion acquisition of missile part supplier, Aerojet Rocketdyne. In seeking to prevent the mergers, the FTC cited supply-chain consolidation as one motivating factor, noting for example that the Lockheed-Aerojet combination would “further consolidate multiple markets critical to national security and defense.”

Up Next? Civil Litigation

This uptick in government enforcement activity and investigations may lead to a proliferation of civil suits. Periods of inflation and supply disruptions are often followed by private plaintiff antitrust lawsuits claiming that market participants responded opportunistically by agreeing to raise prices. A spike in fuel prices in the mid-2000s, for example, coincided with the filing of class actions alleging that four major U.S. railroads conspired to impose fuel surcharges on their customers that far exceeded any increases in the defendants’ fuel costs, and thereby collected billions of dollars in additional profits. That case, In re Rail Freight Fuel Surcharge Antitrust Litigation, is still making its way through the courts. Similarly, in 2020 the California DOJ brought a civil suit against two multinational gas trading firms claiming that they took advantage of a supply disruption caused by an explosion at a gasoline refinery to engage in a scheme to increase gas prices. All indicators suggest that this trend will continue.

Reducing Antitrust Risk in the Supply Chain and Ensuring Compliance

Given the call to action for more robust antitrust enforcement under Biden’s Executive Order 14036 and the continued enhanced antitrust scrutiny of all manner of commercial activities, companies grappling with supply disruptions and rampant inflation should actively monitor this developing area when making routine business decisions.

As a baseline, companies should have an effective antitrust compliance program in place that helps detect and deter anticompetitive conduct. Those without a robust antitrust compliance program should consider implementing one to ensure that employees are aware of potential antitrust risk areas and can take steps to avoid them. If a company has concerns about the efficacy of its current compliance program, compliance reviews and audits – performed by capable antitrust counsel – can be a useful tool to identify gaps and deficiencies in the program.

Faced with supply chain disruptions and rampant inflation, many companies have increased the prices of their own goods or services. A company may certainly decide independently and unilaterally to raise prices, but those types of decisions should be made with the antitrust laws in mind. Given the additional scrutiny in this area, companies may wish to consider documenting their decision-making process when adjusting prices in response to supply chain disruptions or increased input costs.

Finally, companies contemplating vertical mergers should recognize that such transactions are likely to garner a harder look, and possibly an outright challenge, from federal antitrust regulators. Given the increased skepticism about the pro-competitive effects of vertical mergers, companies considering these types of transactions should consult antitrust counsel early in the process to help assess and mitigate some of the risk areas with these transactions.

© 2022 Foley & Lardner LLP

FTC Takes First Actions Under New Made in USA Labeling Rule, Fining Battery Companies for Violations

The Federal Trade Commission (FTC) recently cracked down on Lithionics Battery, LLC, and Lions Not Sheep Products, LLC, for violating the FTC’s Made in USA Labeling Rule. These are some of the first enforcement actions after the FTC codified its longstanding informal Made in USA guidance, which makes it easier for the FTC to seek damages and levy fines. Under the proposed settlement, Lithionics will pay a $100,000 fine for falsely labeling batteries as US-made, while Lions Not Sheep will be required to pay $211,335 for falsely labeling clothing as US-made.

The Made in USA Labeling Rule

Under the Made in USA Labeling Rule, marketers suspected of making unqualified Made in USA claims must prove that their products:

  1. are all or virtually all made in the US;
  2. that all significant processing occurred in the US; and
  3. that the final assembly occurred in the US.

Although Congress enacted legislation authorizing the FTC to seek relief for Made in USA fraud almost thirty years ago, the FTC long remained silent on enforcement due to a general consensus that this specific type of fraud should not be penalized. The 2021 Made in USA Labeling Rule alters this perspective, codifying the FTC’s enforcement policy. With the Commission now being allowed to levy fines, seek damages, penalties, and/or redress on marketers who deceptively and fraudulently represent that their products are made in the US, the FTC has stepped up its enforcement efforts.

The FTC’s Recent Allegations with Lithionics and Lions Not Sheep

Lithionics

Lithionics is a Florida-based company best known for its battery products. The company has become a regular brand throughout American households. It designs and sells products for vehicles, as well as amusement parks.

The FTC alleged that Lithionics has been in violation of the Made in USA Labeling Rule since at least 2018 by intentionally misrepresenting the origin of Lithionics products. According to the Complaint, Lithionics’ products are labeled “Proudly Designed and Built in the USA” and feature an American flag. The claims were also featured across company websites, social media platforms, videos, and printed catalogs. However, according to the FTC, “all Lithionics battery and battery module products contain imported lithium ion cells” and “other significant imported components,” which, if true, would render Lithionics’ Made in USA claims false or unsubstantiated under the Made in USA Labeling Rule.”

Under the proposed order, Lithionics and its owner must stop making these claims unless they can prove their statements are true. As noted above, the company must also pay $100,000 for the alleged activity.

Lions Not Sheep

Lions Not Sheep is a self-proclaimed lifestyle brand that sells sweatshirts, hats, and shirts online.

In its allegations against Lions Not Sheep, the FTC alleged that the company has violated the Made in USA Labeling Rule since May 2021. According to the Complaint, the company intentionally removed tags disclosing that items were made in a foreign country. Instead of leaving the original tags, the FTC alleged that the company replaced them with Made in USA tags despite the products being “wholly imported with limited finishing work performed in the United States.” To make matters worse, the FTC found a video posted on the internet featuring the company’s owner blatantly claiming he could hide the fact that his shirts were made in China.

In addition to charging the company with violating the Made in the USA Labeling Rule, the FTC charged the company with violating mandatory country-of-origin labeling rules, which require all products covered by the Textile Act to include labels disclosing the manufacturer or marketer name and country where the product was manufactured. The company will be prohibited from making these claims and forced to pay $211,335.

Primary Takeaway

With the FTC now levying significant fines under the new Made in USA rule, the potential cost of non-compliance has also significantly increased. Companies should provide notice to their marketing teams and carefully review any existing claims to ensure that Made in USA claims are adequately substantiated and that marketing materials are not conveying unintended implied claims.

© 2022 ArentFox Schiff LLP

HIPAA Enforcement Continues Under Right of Access Initiative

On March 28, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of two additional cases as part of OCR’s HIPAA Right of Access Initiative.

The Right of Access Initiative was launched by OCR in 2019 “to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule” as explained by OCR. In the March 28 announcement, OCR indicated its continuing commitment to enforce compliance with the HIPAA Rules, including the “foundational” Right of Access provision. With the two most recent cases, there have now been 27 investigations and settlements under the Right of Access Initiative (see full chart below).

Nearly all of the investigations in the Right of Access Initiative involve a single individual unable to obtain a copy of some or all of their protected health information from a health care provider or to do so within the timeframe required or in accordance with fees permitted by the HIPAA Privacy Rule. In some cases, additional issues found during the investigation, such as failure to have conducted a HIPAA risk assessment or lack of HIPAA policies, are part of the settlement.  In all cases, in addition to the monetary penalty, the settlement has included a Corrective Action Plan imposing various obligations, such as policy development, training, and mandatory reporting to OCR.

The Right of Access Initiative remains one of the most active areas of HIPAA enforcement. In its most recent Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance, OCR noted that right of access was the third most common issue of complaints resolved. Moreover, the Right of Access Initiative coordinates with the ONC 2020-2025 Federal HIT Strategic Plan and the goal of “Providing patients and caregivers with more robust health information.” It is a core tenant of the Federal HIT Strategic Plan that access to health information will “better support person-centered care and patient empowerment.”

©2022 Epstein Becker & Green, P.C. All rights reserved.