In this webcast, Gibson Dunn attorneys discuss how the U.S. Department of Justice’s Consumer Protection Branch has quickly become a leading criminal and civil enforcer of health, safety, fraud, and privacy laws. Having secured billions in monetary penalties across dozens of corporate resolutions in recent years, the Branch is now the DOJ’s fastest-growing enforcement component. It also is the primary outside counsel for key consumer-protection agencies, including the FDA, FTC, CPSC, DEA, and DOT.

Our discussion features the Branch’s recent Director and explores its current and expected enforcement trends. We also discuss the Branch’s unique relationships with agency partners, its resources and authorities, and new corporate compliance policies and expectations. The conversation is of particular interest to life sciences, consumer product, and online companies and executives.



PANELISTS:

Nick Hanna, who most recently served as United States Attorney for the Central District of California, is a litigation partner in Gibson Dunn’s Los Angeles office and co-chairs the firm’s global White Collar Defense and Investigations Practice Group. Nick represents Fortune 500 companies and executives in high-stakes civil litigation, white collar crime, and regulatory and securities enforcement – including internal investigations, False Claims Act cases, compliance counseling and class action defense. Nick is admitted to practice in the State of California.

Gustav W. Eyler is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher. He is Co-Chair of the firm’s FDA and Health Care Practice Group and a member of the White Collar Defense and Privacy Practice Groups. An experienced litigator and a former Director of the U.S. Department of Justice’s Consumer Protection Branch, he defends companies and individuals in government investigations and enforcement actions and counsels clients on the design and implementation of compliance programs.

Gus brings broad and practical experience to clients facing government investigations and litigation. As Director of the Consumer Protection Branch from 2017 to 2022, Gus led more than 250 prosecutors and staff in criminal and civil enforcement actions involving drugs, medical devices, food, tobacco, consumer products, and fraudulent schemes. He personally oversaw and handled matters involving a wide range of statutes, including the Federal Food, Drug, and Cosmetic Act; the Controlled Substances Act; the Consumer Product Safety Act; the Anti-Kickback Statute; the False Claims Act; provisions administered by the National Highway Traffic Safety Administration; and numerous fraud laws. He also led the Justice Department’s partnership with the Federal Trade Commission in achieving landmark corporate resolutions in privacy and deceptive-practice cases related to social media, marketing, and health care companies. Gus is admitted to practice in the District of Columbia and the State of Maryland.

Katlin McKelvie is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher and a member of the firm’s Food and Drug Administration (FDA) and Health Care Practice Group. With over two decades of experience in food and drug law, including as Deputy General Counsel of the Department of Health and Human Services (HHS), Katlin offers clients expansive knowledge of the complex legal and policy issues associated with FDA regulation of food, drugs, medical devices, and cosmetics.

As Deputy General Counsel at HHS, Katlin was responsible for advising senior HHS officials on FDA-related regulatory, enforcement, and litigation matters. Prior to joining HHS, she served as Deputy Health Policy Director and Senior FDA Counsel to the Senate Committee on Health, Education, Labor, and Pensions for Chair Patty Murray. As Committee staff, Katlin played a pivotal role in shaping multiple pieces of legislation the FDA is currently working to implement, most notably the Coronavirus Aid, Relief, and Economic Security (CARES) Act and the Food and Drug Omnibus Reform Act of 2022 (FDORA). Before her time in the Senate, Katlin spent 11 years at FDA, first as Regulatory Counsel in the Office of Prescription Drug Promotion in the Center for Drug Evaluation and Research and then as Associate Chief Counsel for Drugs in the Office of the Chief Counsel. She is admitted to practice law in the District of Columbia.


MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hour, of which 1.0 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact [email protected] to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour in the General Category.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

We are pleased to provide you with the September edition of Gibson Dunn’s digital assets regular update. This update covers recent legal news regarding all types of digital assets, including cryptocurrencies, stablecoins, CBDCs, and NFTs, as well as other blockchain and Web3 technologies. Thank you for your interest.

ENFORCEMENT ACTIONS

UNITED STATES

  • Court Denies Motion to Dismiss in Tornado Cash Criminal Case
    On September 26, Judge Failla of the U.S. District Court for the Southern District of New York denied Tornado Cash developer Roman Storm’s motion to dismiss the criminal charges against him. The Department of Justice has charged Storm and Roman Semenov, another Tornado Cash developer, for conspiracy to commit money laundering, conspiracy to operate an unlicensed money transmitting business, and conspiracy to violate the International Emergency Economic Powers Act. In an hour-long oral opinion, Judge Failla rejected Storm’s arguments for dismissing each of the counts. She explained that: “[A]t this stage in the case the court cannot simply accept Mr. Storm’s narrative that he is being prosecuted merely for writing code. If the jury ultimately accepts this narrative, then it will acquit. But there’s no basis for me to decide as a matter of law that the government hasn’t alleged criminal conduct sufficient to satisfy each of the elements of the offenses charged.” The case will now proceed to trial, which is slated to begin on December 2. CoinDeskLaw360.
  • Former Alameda Research CEO Caroline Ellison Sentenced to Two Years in Prison
    On September 24, Judge Kaplan of the U.S. District Court for the Southern District of New York sentenced Caroline Ellison, the former CEO of Alameda Research, to two years in prison. Ellison was one of three FTX/Alameda insiders cooperating with the government in its prosecution of former FTX CEO Sam Bankman-Fried. She pleaded guilty to seven felony counts of fraud and conspiracy. Although Ellison cooperated and provided critical testimony, Judge Kaplan cited the scale of FTX’s losses—which amounted to $8 billion—as a reason for the two-year sentence. Ellison also has an $11 billion judgment in restitution. New York TimesBloombergForbes.
  • Mango Markets, Blockworks Reach Settlement with SEC
    On September 27, the SEC filed settled charges against Mango DAO, Mango Labs LLC, and Blockworks Foundation, resolving claims about that the MNGO token was offered as an unregistered security, among other claims. As part of the settlement, the entities have agreed to voluntarily destroy their MNGO tokens, request the token’s removal from trading platforms, and pay $700,000. The entities did not admit any wrongdoing as part of the settlement. SEC Press ReleaseCoinDesk.
  • eToro Settles Charges with SEC
    On September 12, eToro agreed to pay $1.5 million to settle charges by the SEC that its crypto trading platform operated an unregistered securities broker and clearing agency. As part of the settlement, eToro will make only Bitcoin, Bitcoin Cash, and Ether available for its U.S. customers for trading. Press Release.
  • DeFi Platform Rari Capital Settles SEC Charges
    On September 18, the SEC announced that Rari Capital, a decentralized finance platform, and its co-founders settled charges that they had misled investors and engaged in unregistered securities-broker activities. According to the SEC’s complaint, Rari Capital offered two products—Earn pools and Fuse pools—which allowed users to deposit digital assets into lending pools managed either by Rari (Earn) or user-created (Fuse) and earn returns. Without admitting the SEC’s allegations, the defendants consented to the entry of final judgments ordering various forms of relief, including permanent injunctions, civil penalties, and disgorgement. SEC Press ReleaseThe Block.
  • New York Restaurant Flyfish Club Settles with SEC Over NFTs
    On September 16, the Flyfish Club, a New York restaurant, settled with the SEC over issues related to its sale of NFTs. The SEC alleged that Flyfish “conducted an unregistered offering of crypto asset securities,” when it sold 1,600 NFTs to U.S. investors, generating $14.8 million, to fund the construction of an exclusive restaurant and bar called the “Flyfish Club.” Flyfish Club agreed to pay $750,000 as part of the settlement. SEC Press ReleaseThe Block.
  • United Texas Bank Agrees to Cease-and-Desist Order
    On September 4, United Texas Bank, a crypto-friendly bank, agreed to a cease-and-desist order with the Federal Reserve and the Texas Department of Banking. Following a May 2023 examination, the regulators found “significant deficiencies” with the bank’s risk-management practices. The order requires the bank to bolster its Bank Secrecy Act and anti-money laundering program and requires the bank’s board of directors to file a written plan on how it will strengthen its oversight of the bank’s program. OrderThe Block.
  • CFTC Obtains $209 Million Judgment Against Operator of Crypto Ponzi Scheme
    On September 3, in an enforcement action brough by the Commodity Futures Trading Commission (CFTC), Judge Rowland of the U.S. District Court for the Northern District of Illinois entered a final judgment against Sam Ikkurty, the operator of an alleged commodity-pool Ponzi scheme, and several related entities. The judgment includes a civil penalty, restitution, disgorgement, and a contempt fine. The CFTC also announced that it had recovered $18 million in digital assets that had been stolen from a court-appointed receiver. CFTC Press ReleaseThe Block.
  • Robinhood Crypto, LLC and the California Department of Justice Settle for $3.9 Million
    On September 4, the California Attorney General announced a $3.9 million settlement with Robinhood Crypto, LLC to resolve an investigation into the company’s consumer disclosures concerning its crypto trading and order-handling arrangements. Robinhood did not admit any wrongdoing as part of the settlement. California DOJThe Block.
  • TrueUSD Stablecoin Backers Settle Fraud and Registration Charges with SEC
    On September 24, TrustToken and TrueCoin settled the SEC’s accusations that the two companies knowingly misrepresented the backing of the TrueUSD stablecoin and offered securities tried to TrueUSD without properly registering with the SEC. TrueCoin was the original issuer of TrueUSD. The companies did not admit or deny wrongdoing in the settlement. The companies agreed to pay $163,766 each in fines, and TrueCoin agreed to return $400,000 in profits and interest if the settlement is approved by the court. SEC Press ReleaseCoinDesk.

REGULATION AND LEGISLATION

UNITED STATES

  • SEC Approves Listing and Trading Options for BlackRock’s Spot Bitcoin ETF
    On September 20, the SEC approved the listing and trading of options for BlackRock’s spot Bitcoin ETF on an “accelerated basis,” eight months after BlackRock applied for approval. The approval has been viewed as a positive signal for the broader acceptance of Bitcoin ETFs, reflecting the growing interest in digital assets among institutional investors. ReutersThe Block.
  • SEC Delays Decision on 7RCC Spot Bitcoin and Carbon Credit Future ETF
    On September 3, the SEC announced that it was delaying until November 21 its decision whether to approve crypto asset manager 7RCC’s application for an ETF aims to expose investors to Bitcoin and carbon credits. 7RCC filed the initial application in December 2023. SECThe BlockCoinTelegraph.

INTERNATIONAL

  • New UK Bill Proposes Classifying Cryptocurrency as Personal Property
    On September 11, a bill was introduced in Parliament that would classify cryptocurrencies, NFTs such as digital art, and carbon credits as personal property. The Justice Minister supported the bill. The law would give legal protection to owners and companies against fraud and scams, while helping judges deal with complex cases where digital holdings are disputed or form part of settlements. The bill aims to address a legal gap, where digital assets were previously excluded from English and Welsh property law, leaving owners of such assets with little recourse if their holdings were interfered with. UK Government Press ReleaseNASDAQ.
  • Nigerian Securities Regulator Grants Approval To Crypto Firms
    On August 29, the Nigerian Securities and Exchange Commission (Nigerian SEC) announced that it granted Approval in Principle to two crypto exchanges under its Accelerated Regulatory Incubation Program and admitted five other digital asset firms into its Regulatory Incubation program. The approvals are a precursor to a full registration with the Nigerian SEC. Forbes.
  • Australia’s Securities Regulator To Require Licensing for Crypto Firms
    On September 23, a commissioner of the Australian Securities and Investments Commission announced that the agency will require crypto firms – including but not limited to crypto exchanges – to be licensed under Australia’s corporations law. The Commission plans to release updated regulatory guidance in two months and will seek industry feedback. WestlawThe Block.

CIVIL LITIGATION

UNITED STATES

  • Bitcoin Miner Swan Bitcoin Sues Former Employees for Conspiring to Steal its Mining Business
    On September 26, Swan Bitcoin filed a complaint in the U.S. District for the Central District of California alleging that its former consultants, employees, and others conspired to execute a “rain and hellfire” plan to usurp Swan’s Bitcoin mining business. Swan alleges that defendants (former consultants) and former Swan employees stole “highly proprietary code” from Swan’s Bitcoin mining software, stole other confidential information related to its mining business, and conspired to resign together to create a competing company named Proton Management. Among other allegations, the complaint notes that these former Swan executives and consultants downloaded thousands of confidential and trade secret documents and, with Proton, solicited Swan’s mining personnel. With this conduct, the complaint alleges, all defendants violated the Defend Trade Secrets Act and the California Business & Professions Code; the former consultants breached their contracts with Swan (including by failing to return Swan’s computers and devices); Proton interfered with Swan’s contractual relations with its former employees and aided and abetted their breaches of the duty of loyalty; and all defendants were engaged in an ongoing conspiracy. (Gibson Dunn represents Swan Bitcoin in this lawsuit.) Law.comAxiosCoinTelegraph.
  • Court Grants SEC’s Motion to Dismiss Consensys’s Declaratory Judgment Suit
    On September 19, Judge O’Connor of the U.S. District Court for the Northern District of Texas granted the SEC’s motion to dismiss a lawsuit filed by Consensys, the developer of the MetaMask wallet. The lawsuit sought a declaratory judgment that transactions in Ether are not securities transactions and that two features of MetaMask (MetaMask Swaps and MetaMask Staking) do not violate the securities laws. The district court dismissed the Ethereum claims as moot because the SEC has concluded its Ethereum investigation and informed Consensys that it did not intend to recommend an enforcement action on that basis. The district court dismissed the MetaMask claims as unripe because, according to the court, neither the Wells Notice Consensys received related to those claims nor the later enforcement action the SEC initiated against Consensys constituted final agency action that would render Consensys’s claims fit for judicial review. DecisionCoinTelegraph.
  • Judge Dismisses Dogecoin Class Action Lawsuit Against Elon Musk and Tesla
    On August 30, Judge Alvin Hellerstein of the U.S. District Court for the Southern District of New York dismissed with prejudice a class action lawsuit against Elon Musk and Tesla, which had alleged that both manipulated the Dogecoin market. Gorog v. Musk, No. 22-05037 (S.D.N.Y. Aug. 30, 2024). The district court ruled that Musk’s tweets about Dogecoin becoming the Earth’s currency or catapulting to the moon were “aspirational and puffery” and “not factual and susceptible to being falsified.” ReutersCoinDesk.

INTERNATIONAL

  • England High Court Rules That Crypto Asset Recovery Requires Tracing Specific Units of Stablecoin Across Different Exchanges
    On September 17, a Deputy Judge of the English High Court made the first-ever ruling under English law on the treatment and status of cryptocurrency after a full trial. The Plaintiff was targeted by fraudsters who talked him into transferring away cryptocurrency assets worth $3.3 million. His lawyers alleged that the money ended up in an exchange in Thailand, called Bitkub, and tried to hold that exchange liable. But the Judge ruled that the evidence given by a blockchain tracing expert was inadequate, because the Plaintiff needed to show how parts of his stolen stablecoin was offloaded through a range of cryptocurrency exchanges after being mixed with money from other sources, through a range of fourteen transactions on the blockchain. The Judge ruled that the Plaintiff would have to track a specific unit of a stablecoin as it moves from wallet to wallet, to hold the receiving exchange liable. Law360.

SPEAKER’S CORNER

UNITED STATES

  • New Paper Argues that Bitcoin Is Protected by the First Amendment
    On September 25, Ross Stevens, the founder and CEO of Stone Ridge Holdings Group and founder and executive chairman of NYDIG, released a paper arguing that bitcoin is speech and expressive association protected by the First Amendment of the U.S. Constitution. Based on a thorough analysis of bitcoin’s functionality and First Amendment precedents, the paper argues that bitcoin “constitutes a highly communicative and at times boisterous community dedicated to winning greater freedom from government fiat,” and that regulators therefore should “conside[r] the First Amendment implications of targeting bitcoin.” Gibson Dunn attorneys Theodore J. Boutrous, Jr., Eugene Scalia, and Nick Harper worked closely with Stevens in preparing the paper. Paper.
  • Maxine Waters Calls for Comprehensive Agreement on Stablecoin Regulations This Year
    On September 24, Rep. Maxine Waters (D-CA) called for a comprehensive agreement on stablecoin regulations before the end of 2024. Waters has been working with Rep. Patrick McHenry (R-NC), who chairs the House Financial Services Committee, to create a regulatory framework for stablecoins since 2022. Waters said she believes lawmakers could reach a deal on the bill that “prioritizes strong protections” for consumers and has “strong federal oversight.” Waters Press StatementThe Block.
  • SEC Commissioner Uyeda Recommends “Customized” S-1 Forms for Digital Assets
    On September 3, during a discussion at Korea Blockchain Week 2024, SEC commissioner Mark T. Uyeda said that the agency needs to create a S-1 registration form that is tailored to digital asset securities. Uyeda noted such a form could help provide regulatory certainty for the digital-asset industry. AxiosThe Block.
  • House Legislators Urge SEC to Clarify How It Treats Crypto Airdrops
    In a September 17 letter to SEC Chair Gary Gensler, House Financial Services Committee Chair Patrick McHenry (R-NC) and House Majority Whip Tom Emmer (R-MN) accused the SEC of “putting its thumb on the scale” by making hostile assertions about airdrops and creating an unforgiving regulatory environment regarding crypto and blockchain technology. The letter requests that the SEC answer whether “giving away non-security digital assets for free” implicates the Howey test. The letter also asks how crypto airdrops are any different from airline miles or credit card points that are “distributed freely to encourage engagement,” much like “airdrops aim to engage users and developers” in growing blockchain networks. LetterThe Block.

OTHER NOTABLE NEWS

  • Court Invalidates CFTC Restriction on Prediction Markets; CFTC Appeals
    On September 12, Judge Cobb of the U.S. District Court for the District of Columbia vacated an order issued by the CFTC that prohibited Kalshi, a prediction market, from offering “event contracts”—a type of derivative contract whose payoff is based on the outcome of a contingent event. Kalshi has offered event contracts for a broad range of events, including the outcomes of U.S. political races. Judge Cobb rejected the CFTC’s arguments that Kalshi’s events contracts violate the Commodity Exchange Act or the CFTC’s regulations. The CFTC has appealed to the D.C. Circuit, which granted a temporary emergency stay of the district court’s order pending appeal. Oral argument took place on September 19. District Court OpinionCoinDesk.
  • Japanese Banks Lauch Stablecoin for Cross-Border Transactions
    On September 6, three Japanese banks launched the trial phase for “Project PAX,” a stablecoin-based platform that aims to speed up cross-border settlements for enterprises. The initiative aims to develop regulated stablecoins that can be integrated with existing financial frameworks. The project plans to use SWIFT’s API framework, already used by banks, to settle payments on the blockchain while complying with anti-money laundering regulations. Yahoo FinanceThe BlockDatachain.
  • University of Chicago Professors Release Desk Reference for Legal Matters in Web 3
    On September 19, Professors Anup Malani and Todd Henderson, professors at the University of Chicago Law School, published Legal Matters in Web 3: A Desk Reference, which is a comprehensive, open-access legal desk reference about crypto-related legal topics. The publication provides a deep dive on those businesses and technologies, sketches a range of legal risks associated with them, and provides a deeper dive on specific legal topics and use a range of projects to illustrate how they interest the Web3 ecosystem. Publication.

The following Gibson Dunn lawyers contributed to this issue: Jason Cabral, Kendall Day, Jeff Steiner, Sara Weed, Chris Jones, Nick Harper, Amanda Goetz, Emma Li, Peter Moon, Henry Rittenberg, and Apratim Vidyarthi.

FinTech and Digital Assets Group Leaders / Members:

Ashlie Beringer, Palo Alto (+1 650.849.5327, [email protected])

Michael D. Bopp, Washington, D.C. (+1 202.955.8256, [email protected]

Stephanie L. Brooker, Washington, D.C. (+1 202.887.3502, [email protected])

Jason J. Cabral, New York (+1 212.351.6267, [email protected])

Ella Alves Capone, Washington, D.C. (+1 202.887.3511, [email protected])

M. Kendall Day, Washington, D.C. (+1 202.955.8220, [email protected])

Michael J. Desmond, Los Angeles/Washington, D.C. (+1 213.229.7531, [email protected])

Sébastien Evrard, Hong Kong (+852 2214 3798, [email protected])

William R. Hallatt, Hong Kong (+852 2214 3836, [email protected])

Martin A. Hewett, Washington, D.C. (+1 202.955.8207, [email protected])

Michelle M. Kirschner, London (+44 (0)20 7071.4212, [email protected])

Stewart McDowell, San Francisco (+1 415.393.8322, [email protected])

Mark K. Schonfeld, New York (+1 212.351.2433, [email protected])

Orin Snyder, New York (+1 212.351.2400, [email protected])

Ro Spaziani, New York (+1 212.351.6255, [email protected])

Jeffrey L. Steiner, Washington, D.C. (+1 202.887.3632, [email protected])

Eric D. Vandevelde, Los Angeles (+1 213.229.7186, [email protected])

Benjamin Wagner, Palo Alto (+1 650.849.5395, [email protected])

Sara K. Weed, Washington, D.C. (+1 202.955.8507, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

We are pleased to provide you with the September edition of Gibson Dunn’s monthly U.S. bank regulatory update. Please feel free to reach out to us to discuss any of the below topics further.

KEY TAKEAWAYS

  • In coordinated actions, the Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC) issued a final policy statement and final rule, respectively, updating the agencies’ approach to evaluating transactions subject to approval under the Bank Merger Act (BMA) and the U.S. Department of Justice (DOJ) announced its withdrawal from the 1995 Bank Merger Guidelines and confirmed that its 2023 Merger Guidelines “remain its sole and authoritative statement across all industries.” The DOJ also issued a 2024 Banking Addendum identifying those portions of the 2023 Merger Guidelines frequently relevant to the DOJ’s consideration of bank mergers.
  • In a speech on September 10, 2024 at the Brookings Institution, Vice Chair for Supervision Michael Barr stated that the federal bank regulatory agencies planned “broad and material changes” to the Basel III endgame proposal and the GSIB surcharge proposal and that he intended “to recommend that the [Federal Reserve] Board re-propose” the rules. No re-proposal has been issued as of the date of publication.
  • The intersection of banks and fintechs remains a focus:
    • The FDIC issued a proposal intended to enhance insured depository institutions’ recordkeeping requirements for certain types of custodial accounts. Comments are due on the proposal 60 days after publication in the Federal Register.
    • Senators Warren (D-MA) and Van Hollen (D-MD) sent a letter to the Board of Governors of the Federal Reserve System (Federal Reserve), FDIC and OCC urging the agencies to (i) prohibit entities that provide products only eligible for FDIC pass-through deposit insurance from using the FDIC name or logo in any materials, (ii) establish rules for bank partners that offer deposit-style products to safeguard customer funds and (iii) supervise, examine and take enforcement actions against those bank partners under the Bank Service Company Act.

DEEPER DIVES

FDIC Adopts Final Statement of Policy on Bank Merger Transactions. In coordination with the OCC and DOJ, on September 17, 2024 the FDIC adopted its final Statement of Policy on Bank Merger Transactions (SOP) substantially as proposed, with limited adjustments. The SOP supersedes the prior Statement of Policy on Bank Merger Transactions 30 days after publication in the Federal Register. The SOP is more principles based than the current Statement of Policy, last updated in 2008, affirms the FDIC’s view concerning the broad applicability of the BMA to merger transactions, including mergers in substance, involving an insured depository institution and any non-insured entity, and revises how the FDIC evaluates applicable statutory factors under the BMA, including competition, convenience and needs, financial stability, and financial and managerial resources.

  • Insights. The SOP provides no clarity as to the timing for the FDIC’s review and approval of BMA applications. Contrary to current practice, the SOP retains the language from the proposal enabling the FDIC Board of Directors to release a statement regarding its concerns with any transaction for which a BMA application has been withdrawn “if such a statement is considered to be in the public interest for purposes of creating transparency for the public and future applicants.” In addition, the SOP retains the proposed language that the FDIC may require divestitures to mitigate competitive concerns before allowing a merger to be consummated, a departure from historical precedent. As raised by commenters, a divestiture could itself require a separate BMA approval, thus delaying significantly the merger transaction. In sum, the SOP revises how the FDIC evaluates the statutory factors for a BMA application, in certain instances seemingly beyond the statutory factor on its face—as raised by FDIC Director Jonathan McKernan in his statement in opposition to the proposal and FDIC Director Travis Hill in his statement in opposition to the final SOP.
  • A few key points to highlight:
    • On financial stability, the SOP focuses in part on large bank mergers, highlighting that, although “size alone is not dispositive,” the FDIC would “generally expect” to hold a hearing for any “application resulting in an institution with greater than $50 billion in assets or for which a significant number of CRA protests are received” and adds that transactions resulting in institutions with total assets in excess of $100 billion “will be subject to added scrutiny.”
    • On competition, the SOP deemphasizes the longstanding 1,800/200 HHI thresholds (although the FDIC does intend to coordinate with other relevant agencies regarding any potential changes to the calculation of, or thresholds for, HHI usage). Although deposits will serve “as an initial proxy for commercial banking products and services,” the FDIC “may consider concentrations in any specific products or customer segments” (e.g., small business or residential loan originations volume, activities requiring specialized expertise). The SOP also provides that the FDIC generally will require that the selling institution not enter into non-compete agreements with any employee of the divested entity nor enforce any existing non-compete agreements with any of those entities.
    • On convenience and needs, the SOP would require the resulting institution “to better meet the convenience and the needs of the community to be served” than would occur without the merger. To establish this, applicants will be required to provide “specific and forward-looking information” to the FDIC for purposes of evaluating the statutory factor, and the FDIC will evaluate all projected or anticipated branch expansion, closings, or consolidations for the first three years following consummation of the merger. Job losses or lost job opportunities from branching changes will be “closely evaluated” under the SOP.
    • On the financial and managerial resources factors, the SOP does not incorporate the proposal’s assertion that the FDIC will not find favorably on the financial resources factor if the merger would result in a weaker institution from a financial perspective. According to the preamble, this statement was removed to avoid the suggestion that an institution that reflects a very strong financial condition would be precluded from absorbing a weaker target. That language was replaced with language affirming that a favorable finding on the financial resources factor would only be appropriate in cases where the merger results in a combined institution “that presents less financial risk than the financial risk posed by the institutions on a standalone basis.”

OCC Issues Final Rule Amending its Bank Merger Reviews. In coordination with the FDIC and DOJ, on September 17, 2024 the OCC issued a final rule to amend its procedures for reviewing applications under the BMA and add a policy statement that summarizes the principles the OCC uses when it reviews proposed bank merger transactions under the BMA. The final rule is effective January 1, 2025. Like the FDIC’s SOP, the OCC’s policy statement provides no clarity as to the timing for the review and approval of BMA applications, although the agency acknowledges it is “mindful of the effects of the length of review periods on all relevant parties.”

  • Insights. The OCC’s final rule and accompanying policy statement eliminate some of the ambiguity contained in the proposed version and suggests that the OCC does not intend a material departure from the approach it has taken in reviewing BMA applications in recent years. Although the key characteristics considered in a BMA application remain consistent, there are a few notable items to highlight:
    • Transactions in which the resulting bank will exceed $50 billion in total assets and transactions where the target’s total assets are 50% of more of the acquirer’s assets should expect additional scrutiny and time for review, but are not precluded from approval under the policy statement. The financial and managerial resources and future prospects factors within the context of the prevailing economic and operating environment will be considered in a BMA application.
    • The OCC specifically provides that it will focus on the integration process and that it is less likely to approve applications involving an acquirer that has engaged in multiple acquisitions with overlapping integration periods, experienced rapid growth, or is functionally the target in the transaction.
    • The ability of the resulting bank to meet the convenience and needs of the community should be forward-looking and distinct from the bank’s record in complying with the Community Reinvestment Act – in other words, while historic practices are indicative of a commitment, the future efforts and plan will be important in the BMA process. For instance, the OCC will more explicitly consider job losses or reduced job opportunities, community investment and development initiatives and efforts to support affordable housing and small business when reviewing a BMA application.

DOJ Announces that 2023 Merger Guidelines will be the “Sole and Authoritative Statement Across all Industries”. Although the DOJ issuance does not provide detailed discussion of how the 2023 Merger Guidelines apply to the banking industry specifically, the DOJ will look to expand bank merger analysis beyond the traditional—and more predictable—assessment of local branch overlaps and HHI screens, into a “comprehensive and flexible framework” contained in the 2023 Merger Guidelines. DOJ will look to consider issues such as the impact at the branch level with respect to individual lines of business, particular customer segments, or the quality/nature of customer service, and across broader geographic regions.

  • Insights. The commentary does not include any reference to the 1995 Bank Merger Guidelines’ HHI thresholds currently used to screen bank merger applications for possible competitive impacts or possible data sources for analyzing a wider array of product markets outside of the FDIC’s Summary of Deposits data. However, the 2023 Merger Guidelines do contain a HHI threshold (1,800/100) and a market share threshold (30% plus change in HHI of 100) for establishing a rebuttable presumption of anticompetitive harm. Importantly, the commentary also specifically states that the “banking agencies may, at their discretion, use their own methods for screening and evaluating bank mergers.”

Vice Chair for Supervision Barr Previews the Federal Banking Agencies’ Revised Basel III Endgame and GSIB Surcharge Proposals. On September 10, 2024, in a speech titled “The Next Steps on Capital,” Vice Chair for Supervision Michael Barr indicated that “broad and material changes” to the Basel III endgame and GSIB surcharge proposals “are warranted” and that he “intend[s] to recommend that the Board re-propose the Basel endgame and GSIB surcharge rules.” Notably, Barr’s remarks evidence a return to tiering. Large banks with assets between $100 and $250 billion would no longer be subject to the endgame changes, other than the requirement to recognize unrealized gains and losses of their securities in regulatory capital. For large banks with assets between $250 and $700 billion that are not GSIBs or internationally active, the re-proposal would apply the new credit risk and operational risk requirements; however, it would apply the frameworks for market risk and CVA frameworks only to firms that engage in significant trading activity. Further, the re-proposal would revert to the simpler definition of capital – the numerator in the capital ratio – for firm’s currently within that capital framework, with the exception of applying the requirement to reflect unrealized losses and gains on certain securities and other aspects of AOCI. GSIBs and other internationally active banks would be subject to the most stringent set of requirements as may be re-proposed (e.g., the re-proposal would (i) no longer adjust a firm’s operational risk charge based on its operational loss history, (ii) reduce operational risk capital requirements for investment management activities to reflect smaller historical operational losses, (iii) extend the reduced risk weight for low-risk corporate exposures to certain regulated entities that a bank judges to be investment grade but which are not publicly traded).

  • Insights. As signaled by Vice Chair for Supervision Barr, the changes are potentially significant, particularly for non-GSIBs, and reflect an understanding across agency leadership of the potentially broad and significant unintended consequences of the proposals. Thus far, no re-proposal has been issued, with some media reports citing competing objections to any re-proposal from members of the FDIC Board of Directors resulting in any re-proposal not having sufficient votes in support. The re-proposal would also delay any final rule until after the election, putting its path to finality at risk if there is a change in the administration. Any final rulemaking also potentially remains subject to legal challenge.

FDIC Proposes Deposit Insurance Recordkeeping Rule for Banks’ Third-Party Accounts. On September 17, 2024, the FDIC issued a proposed rule that would establish new recordkeeping requirements at insured depository institutions (IDIs) for “custodial deposit accounts with transactional features.” The proposal would define a “custodial deposit account with transactional features” as a deposit account that meets three requirements: (1) the account is established for the benefit of beneficial owner(s); (2) the account holds commingled deposits of multiple beneficial owners; and (3) a beneficial owner may authorize or direct a transfer through the account holder from the account to a party other than the account holder or beneficial owner. IDIs holding deposits in such accounts would be required to maintain records identifying (i) the beneficial owners of those deposits, (ii) the balance attributable to each beneficial owner, and (ii) the ownership category in which the deposits are held. IDIs that hold such accounts would be required to establish and maintain written policies and procedures and complete an annual certification of compliance that the IDI has implemented and tested compliance with the rule’s recordkeeping requirements. IDIs also would be required to complete an annual report that (1) describes any material changes to information technology systems relevant to compliance with the rule; (2) lists account holders that maintain such accounts, the total balance of those custodial deposit accounts, and the total number of beneficial owners; (3) sets forth the results of the institution’s testing of its recordkeeping requirements; and (4) provides the results of the required independent validation of any records maintained by third parties. Comments on the proposal will be due 60 days from the date of publication in the Federal Register.

  • Insights. Although by its nature a recordkeeping rule, the proposal, if finalized substantially as proposed, could require significant compliance uplifts for IDIs and their third-party partners. For example, an IDI could maintain account records itself or through a direct contractual arrangement with a third party. To do so through a third party, the IDI would be required to (1) have direct, continuous, and unrestricted access to the records, (2) have continuity plans, including backup recordkeeping, (3) implement internal controls to (i) accurately determine the respective beneficial ownership interests associated with the accounts and (ii) conduct reconciliations against the beneficial ownership records no less frequently than as of the close of business daily, and (4) have a contractual arrangement that would (i) define roles and responsibilities for recordkeeping and (ii) require periodic validation of the third party’s records by a person independent of the third party.

OTHER NOTABLE ITEMS

Speech by Governor Michelle Bowman on the Future of Stress Testing and the Stress Capital Buffer Framework. On September 10, 2024, Governor Michelle W. Bowman gave a speech titled “The Future of Stress Testing and the Stress Capital Buffer Framework.” In her speech, Governor Bowman highlighted the value of stress testing on bank safety and soundness and financial stability, her concerns about the current implementation of the stress test, and the need for a “fundamental rethink and strategic reform of stress testing.” Governor Bowman then shared four principal issues—volatility, the link between stress testing results and capital and the short capital implementation compliance time frame, the lack of transparency, and the overlap between the global market shock in stress testing with the market risk test of Basel III—that should be “addressed” and “prioritized” in the “ongoing evolution of the stress testing framework and stress capital buffer requirements.”

FDIC, Federal Reserve and OCC Extend Comment Period on RFI on Bank-Fintech Arrangements. On September 13, 2024, the federal bank regulatory agencies announced they will extend until October 30, 2024 the comment period on the request for information on bank-fintech arrangements involving banking products and services.

Federal Reserve Board Requests Comment Around Operational Practices of the Discount Window. On September 9, 2024, the Federal Reserve issued a request for information and comment regarding the operational uses of the Discount Window and intraday credit. In particular, the request solicits feedback regarding the collection of legal documentation, processes associated with pledging and withdrawing collateral, processes associated with requesting, receiving, and repaying discount loans, intraday credits and Federal Reserve communication practices. Comments on the request are due by December 9, 2024.

CFPB Proposes Amendment to Remittance Transfer Rule. On September 20, 2024, the Consumer Financial Protection Bureau (CFPB) proposed amendments to the Remittance Transfer Rule concerning disclosure requirements associated with certain international remittances. Specifically, the proposed amendment would require clearer disclosures about the kinds of inquiries that should first be submitted to the remittance provider before contacting the CFPB or applicable state regulator. Comments on the proposed rule are due by November 4, 2024.

CFPB Publishes Guidance on Overdraft Fees Highlighting the Importance of Obtaining and Retaining Client Affirmative Consent to Opt-in. On September 17, 2024, the CFPB published guidance directed at state and federal consumer protection agencies concerning overdraft fees based on “phantom opt-in arrangements” which, according to the published guidance, occur when financial institutions assert they have customer consent to charge overdraft fees but there is no proof they obtained such consent. The thrust of the guidance emphasizes that the Electronic Funds Transfer Act and its counterpart Regulation E are violated if overdraft fees are charged without proof of affirmative consent to enroll in services involving overdraft fees. In its press release announcing the guidance, the CFPB encourages regulators to “assume consumers have not opted into overdraft unless the banks can prove otherwise.”


The following Gibson Dunn lawyers contributed to this issue: Jason Cabral, Ro Spaziani, Zach Silvers, Karin Thrasher, and Nathan Marak.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work or any of the member of the Financial Institutions practice group:

Jason J. Cabral, New York (212.351.6267, [email protected])

Ro Spaziani, New York (212.351.6255, [email protected])

Stephanie L. Brooker, Washington, D.C. (202.887.3502, [email protected])

M. Kendall Day, Washington, D.C. (202.955.8220, [email protected])

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, [email protected])

Sara K. Weed, Washington, D.C. (202.955.8507, [email protected])

Ella Capone, Washington, D.C. (202.887.3511, [email protected])

Rachel Jackson, New York (212.351.6260, [email protected])

Chris R. Jones, Los Angeles (212.351.6260, [email protected])

Zack Silvers, Washington, D.C. (202.887.3774, [email protected])

Karin Thrasher, Washington, D.C. (202.887.3712, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

To continue assisting US companies with planning for SEC reporting and capital markets transactions into 2025, we offer our annual SEC Desktop Calendar. This calendar provides both the filing deadlines for key SEC reports and the dates on which financial statements in prospectuses and proxy statements must be updated before use (a/k/a financial staleness deadlines).

You can download a PDF of Gibson Dunn’s SEC Desktop Calendar for 2025 at the link below.

Read More


The following Gibson Dunn lawyers assisted in preparing this update: Hillary Holmes, Andrew Fabens, Lori Zyskowski, Peter Wardle, David Korvin, and Kyle Clendenon.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these developments. To learn more, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Capital Markets or Securities Regulation and Corporate Governance practice groups:

Capital Markets:
Andrew L. Fabens – New York (+1 212.351.4034, [email protected])
Hillary H. Holmes – Houston (+1 346.718.6602, [email protected])
Stewart L. McDowell – San Francisco (+1 415.393.8322, [email protected])
Peter W. Wardle – Los Angeles (+1 213.229.7242, [email protected])

Securities Regulation and Corporate Governance:
Elizabeth Ising – Washington, D.C. (+1 202.955.8287, [email protected])
James J. Moloney – Orange County (+1 949.451.4343, [email protected])
Lori Zyskowski – New York (+1 212.351.2309, [email protected])
Aaron Briggs – San Francisco (+1 415.393.8297, [email protected])
Thomas J. Kim – Washington, D.C. (+1 202.887.3550, [email protected])
Brian J. Lane – Washington, D.C. (+1 202.887.3646, [email protected])
Julia Lapitskaya – New York (+1 212.351.2354, [email protected])
Ronald O. Mueller – Washington, D.C. (+1 202.955.8671, [email protected])
Michael Scanlon – Washington, D.C.(+1 202.887.3668, [email protected])
Mike Titera – Orange County (+1 949.451.4365, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Although this latest round of updates is not as extensive as the 2023 iteration, it includes significant additions that may have meaningful implications for companies as they seek to align their compliance programs with DOJ’s expectations.

On September 23, 2024, the Criminal Division of the U.S. Department of Justice (“DOJ”) announced the latest revision of its Evaluation of Corporate Compliance Programs (the “ECCP”) since its last update in March 2023. The ECCP serves as the Criminal Division’s guidance for its prosecutors to evaluate companies’ compliance programs when making corporate enforcement decisions. This guidance is also often consulted by companies seeking to ensure their compliance programs are effective and would hold up under DOJ’s scrutiny. Principal Deputy Assistant Attorney General (“DAAG”) Nicole M. Argentieri announced the revision of the ECCP during her remarks at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute held in Grapevine, Texas on September 23, 2024.

The most significant revisions of the ECCP center on three areas: (1) evaluation and management of risk related to new technologies, such as artificial intelligence (“AI”); (2) further emphasis on the role of data analysis; and (3) whistleblower protection and anti-retaliation. The key updates in these three areas are discussed below, and a comparison between the 2023 and 2024 ECCP versions can be found here.

(1) AI and Emerging Technologies

Perhaps the most significant update in this new iteration of the ECCP is the heightened focus on how organizations proactively identify, assess, mitigate, and manage the risks associated with their use of emerging technologies, including AI. This emphasis reflects DOJ’s increasing focus on companies’ use of data and technology and its stated expectation that companies’ approach to risk management will be proactive rather than reactive.

AI and more advanced data analytics tools hold great promise for companies’ management of risk. Nevertheless, these capabilities also create risk. Although DOJ appears to recognize the promise, the revisions to the ECCP track DOJ’s concerns about how AI and other technologies can be misused. For example, in February 2024, Deputy Attorney General (“DAG”) Lisa Monaco announced that DOJ would seek sentencing enhancements where offenses were made significantly more dangerous by the misuse of AI. The following month, DAG Monaco drew a parallel to corporate criminal prosecutions, stating that “[w]hen our prosecutors assess a company’s compliance program . . . they consider how well the program mitigates the company’s most significant risks,” emphasizing that for a growing number of businesses, this “now includes the risk of misusing AI.” In the same remarks, DAG Monaco announced that she had directed the Criminal Division to “incorporate assessment of disruptive technology risks—including risks associated with AI—into its guidance on Evaluation of Corporate Compliance Programs.”

The position taken by DOJ in the latest ECCP is summarized by DAAG Argentieri in her recent remarks: “prosecutors will consider whether the company is vulnerable to criminal schemes enabled by new technology, such as false approvals and documentation generated by AI. If so, we will consider whether compliance controls and tools are in place to identify and mitigate those risks, such as tools to confirm the accuracy or reliability of data used by the business. We also want to know whether the company is monitoring and testing its technology to evaluate if it is functioning as intended and consistent with the company’s code of conduct.”

The updated ECCP outlines how companies will be expected to tailor their compliance programs to identify and manage the risks of AI. Corporations deploying AI will need to consider whether:

  • their risk assessment processes consider and appropriately document their use of AI and other new technologies and how the risk level for intended use cases has been determined (e.g., in circumstances where the particular use of AI creates particular risks, such as confidentiality, privacy, cybersecurity, quality control, bias, etc.);
  • the AI systems they are deploying have a sufficient degree of human oversight, especially for high-risk uses, and whether the performance of those systems is being assessed by reference to an appropriate “baseline of human decision-making” (e.g., the expected standard to which human decision-makers would be held for a given use case);
  • appropriate steps have been taken to prioritize and minimize the identified risks—including the potential for misuse of those technologies by company insiders—by implementing compliance tools and controls (e.g., through monitoring, alerts, technical guardrails, continuous testing, human review, or confirming the accuracy or reliability of data); and
  • they are continuously monitoring and testing their technology to evaluate if it is functioning “as intended,” both in their commercial business and compliance program, and consistent with the laws and the company’s code of conduct. If there are significant deviations in performance, for example where an AI tool makes an inappropriate decision, prosecutors will look at how quickly a company is able to detect and subsequently correct errors and any subsequent decisions.

(2) Emphasis on Data

Another key area of revisions to the ECCP confirms DOJ’s increasing focus on the use of data for compliance purposes, expanding on DOJ’s existing guidance:

  • The most extensive revisions in this area stress the importance of ensuring that compliance personnel maintain access to company data to assess the effectiveness of the compliance program—including leveraging data analytics tools to create efficiencies in compliance operations and measure the effectiveness of compliance components. This is an area on which DOJ’s Matt Galvin, Counsel for Compliance & Data Analytics at the Criminal Division’s Fraud Section, has focused, including with regard to DOJ’s own use of data analytics and the government’s expectation that companies will incorporate data-driven approaches to compliance as well. During a PLI program in June 2023, Galvin referred to data as “a function of transparency” in an organization. The revisions to the ECCP make clear that compliance personnel should have access equal to that of the business teams to all relevant data, assets, resources, and technology. This expectation on DOJ’s part was previewed by Galvin during the recent 15th Annual Global Ethics Summit in April 2024, where he emphasized that a delta between the use of data analytics by business and compliance teams will draw DOJ’s attention. The ECCP now includes additional questions testing whether the company is appropriately using data analytics tools to measure the effectiveness of compliance programs, the quality of its data sources, and the accuracy of any data analytics models it employs.
  • Other revisions in the ECCP concern data in the context of third-party management with a particular focus on vendor risk. Prosecutors will gauge whether the third-party risk management process allows for the review of vendors in a timely manner, and whether the company leverages available data to evaluate vendor risk in the course of its relationship with the vendor. This is consistent with DOJ’s increasing scrutiny of companies’ approach to third-party management practices and their ability to assess risks associated with broader categories of third parties emerging as potential new sources of compliance risk.
  • With regard to M&A transactions, among several revisions, DOJ now guides prosecutors to consider whether companies “account for migrating or combining critical enterprise resource planning systems as part of the integration process.” This again demonstrates an emphasis on control over and access to corporate information.
  • In examining whether the compliance program works in practice, the revised guidance spells out more specifically that prosecutors should “consider whether the company’s compliance program had a track record of preventing or detecting other instances of misconduct, and whether the company exercised due diligence to prevent and detect criminal conduct.” Prosecutors are now instructed to look at how a company uses data to “gain insights into the effectiveness of its compliance program” and the breadth of non-compliant conduct, beyond criminal conduct, that it is able to prevent.

(3) Whistleblower Reporting

In early August this year, the Criminal Division released guidance regarding the new DOJ Corporate Whistleblower Awards Pilot Program. This month’s revisions to the ECCP align it with the pilot program’s goals by including a paragraph on companies’ “Commitment to Whistleblower Protection and Anti-Retaliation” under the “Confidential Reporting Structure and Investigation Process” section.

In that paragraph, the new guidance advises prosecutors to consider several factors, including whether the company has an anti-retaliation policy; whether it trains employees on both internal and external anti-retaliation and whistleblower protection laws; and how employees who reported misconduct are disciplined in comparison to others involved in the misconduct (meaning whether reporting misconduct is a mitigator impacting a company’s disciplinary response). It also asks whether the company trains employees on both internal reporting systems and “external whistleblower programs and regulatory regimes.”

The ECCP also now directs prosecutors to consider whether and how an organization “incentivize[s] reporting” and whether an organization trains its employees on “external whistleblower programs and regulatory regimes.” Both of these concepts may prove tricky for organizations to address.

Other Notable Additions

In addition to the three main areas discussed above, the revised guidance contains a few other noteworthy revisions in other areas:

  • The revised guidance makes the paragraph dealing with “Risk-Tailored Resource Allocation” in the “Risk Assessment” section more general, removing examples of “low risk” and “high risk areas,” and instead opting for a broader consideration of whether the company “deploy[s] its compliance resources in a risk-based manner with greater scrutiny applied to greater areas of risk.”
  • The revisions specify that compliance training should be tailored specifically to the “particular needs, interests, and values of relevant employees,” including being tailored to the relevant industry and geographical region.
  • Under “Autonomy and Resources,” and particularly in relation to funding and resources, the revised guidance now asks whether the company has “a mechanism to measure the commercial value of investments in compliance and risk management.” In our experience, this is not a common activity of corporate compliance functions, although some certainly do undertake such efforts.

Six Key Takeaways

The updated ECCP is likely to impact significantly how companies tailor their compliance programs to address risks arising out of AI and emerging technologies, reflecting the rapid and dynamic adoption of these technologies across business sectors. To put these requirements into practice, companies will need to build effective governance frameworks and internal policies dealing with emerging technologies and specifically addressing the new challenges and risks they pose.

Here are six other key takeaways from our reading of the updates:

  1. Scope. Companies will need to assess and consider carefully whether technical solutions they deploy may fall under the expanded ambit of the guidance. The ECCP defines AI broadly in accordance with the Office of Management and Budget’s March 2024 memo, which expressly states that “no system should be considered too simple to qualify as covered AI due to a lack of technical complexity,” and where the definition includes “systems that are fully autonomous, partially autonomous, and not autonomous, and it includes systems that operate both with and without human oversight.” Companies will need to assess and consider carefully whether technical solutions they deploy may fall within this definition.
  2. Risk-based compliance. The guidance continues to emphasize that compliance resources should be deployed based on the degree of risk, with greater scrutiny applied to greater areas of risk. The threshold for effective compliance will therefore rely on the design and execution of proactive and effective risk assessments that focus on the actual use cases in which new technologies are being deployed. For example, the risks associated with certain AI tools may vary substantially depending on the use cases for which they are deployed. The guidance also refers to the “baseline of human decision-making” that is used to assess the risk of an AI tool. This concern is reflected in prior comments by DAG Monaco that “[d]iscrimination using AI is still discrimination.” That will require companies to think carefully about the purpose for which they are deploying new technologies such as AI, and whether such technology is effectively meeting that purpose (without running afoul of legal requirements). Strategies employed by companies in this area should be designed for accountability, transparency, and continuous evolution.
  3. Accountability and transparency. Companies are expected to ensure that their new technologies function transparently, and that decisions influenced by these technologies are subject to human review where necessary. The guidance emphasizes that the “black box” nature of some AI systems, and the fact that they might require more third-party management, is not an excuse for failing to meet legal standards. Any compliance program that deploys AI will therefore need to include effective and consistent diligence and procurement standards for third-party models or tools used, staff internal experts with technical competence, ensure that the compliance function is using the data at the company’s disposal to detect risks, and maintain sufficient visibility of how new technologies are functioning in practice and how they are impacting the business.
  4. Continuous monitoring and access to data. The dynamic nature of new technologies, and in particular AI, reinforces the need for regular and possibly more frequent risk assessments and re-evaluation of compliance program effectiveness and monitoring (including testing, which may encompass automated risk detection and real-time monitoring, for high-risk use cases). Moreover, in addition to detecting decisions made by AI that do not meet compliance standards, companies must also be prepared to correct those decisions quickly. Organizations will need to be nimble in adapting compliance systems to fast-evolving legal and technical standards related to AI, as well as rapid technological development. There is already an abundance of practical guidance, including by federal agencies, on best practices in AI governance and compliance, but it has largely been intended for voluntary use (for example, the AI Risk Management Framework released by the National Institute of Standards and Technology (NIST), which the ECCP expressly cites as a resource). The new DOJ guidance indicates that there will be increased regulatory scrutiny on how companies deploying new technologies are choosing to interpret and implement these best practices. Beyond the realm of emerging technologies though, simply articulating an expectation that compliance functions access and monitor corporate data as, for example, a finance or audit function may, could signal a shift in compliance staffing, with compliance officers more often needing to have accounting or technological backgrounds.
  5. Resource allocation. The guidance puts companies on notice that in making charging decisions DOJ may now examine whether companies are devoting adequate resources and technology to AI risk management and compliance and to gathering and leveraging company data for compliance purposes. This suggests that any company investing in new technology development or deployment will need to consider whether appropriately proportional resources are being allocated to compliance, including as compared with overall expenditure on such new technologies.
  6. Approach to compliance reporting. The revisions and additions in relation to whistleblower reporting and anti-retaliation may result in a gradual increase in whistleblower reports by encouraging enhancements to reporting systems that enable employees to feel more secure in reporting misconduct. In addition to ensuring that their anti-retaliation policies are robust and effectively communicated to employees, companies will likely feel the need to allocate additional resources to handle a potential rise in whistleblower reporting in the long term. They will also need to grapple with what they could do to “incentivize” whistleblowing, and whether and how to train employees to report to third parties, in addition to internal corporate channels. While companies typically train employees on the internal procedures for reporting and anti-retaliation protections, it remains to be seen how companies put into practice DOJ’s guidance to train employees on “external whistleblower programs and regulatory regimes” and how DOJ will react to those practices in the context of enforcement.

Conclusion

While the regulatory landscape for AI and other emerging technologies remains unsettled, it is all but certain from the latest revisions of the ECCP that DOJ has its eyes firmly set on the way these new technologies will shape and increase companies’ risk exposure. Along with the other changes in the ECCP outlined here, companies will have to consider carefully and proactively the compliance implications new technologies will bring to their business.

DOJ’s updated guidance underscores the need for companies to evaluate their programs, update their policies and procedures where needed, and stay abreast of how technology can be used to boost—as well as skirt—compliance controls. Our team has deep experience with these issues and is well positioned to assist companies with tackling them as DOJ is set to intensify its focus on this area.


The following Gibson Dunn lawyers prepared this update: F. Joseph Warin, Patrick Stokes, Stephanie Brooker, Michael Diamant, Eric Vandevelde, Oleh Vretsona, Frances Waldmann, Victor Tong, José Madrid, and Kate Goldberg.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of Gibson Dunn’s White Collar Defense and Investigations, Anti-Corruption and FCPA, or Artificial Intelligence practice groups:

Artificial Intelligence:

Keith Enright – Palo Alto (+1 650.849.5386, [email protected])
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, [email protected])
Vivek Mohan – Palo Alto (+1 650.849.5345, [email protected])
Robert Spano – London/Paris (+33 1 56 43 13 00, [email protected])
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, [email protected])
Frances A. Waldmann – Los Angeles (+1 213.229.7914,[email protected])

White Collar Defense and Investigations / Anti-Corruption and FCPA:

Washington, D.C.
F. Joseph Warin (+1 202.887.3609, [email protected])
Stephanie Brooker (+1 202.887.3502, [email protected])
Courtney M. Brown (+1 202.955.8685, [email protected])
David P. Burns (+1 202.887.3786, [email protected])
John W.F. Chesley (+1 202.887.3788, [email protected])
Daniel P. Chung (+1 202.887.3729, [email protected])
M. Kendall Day (+1 202.955.8220, [email protected])
Stuart F. Delery (+1 202.955.8515, [email protected])
Michael S. Diamant (+1 202.887.3604, [email protected])
Gustav W. Eyler (+1 202.955.8610, [email protected])
Melissa Farrar (+1 202.887.3579, [email protected])
Amy Feagles (+1 202.887.3699, [email protected])
Scott D. Hammond (+1 202.887.3684, [email protected])
George J. Hazel (+1 202.887.3674, [email protected])
Adam M. Smith (+1 202.887.3547, [email protected])
Patrick F. Stokes (+1 202.955.8504, [email protected])
Oleh Vretsona (+1 202.887.3779, [email protected])
David C. Ware (+1 202.887.3652, [email protected])
Ella Alves Capone (+1 202.887.3511, [email protected])
Nicole Lee (+1 202.887.3717, [email protected])
Lora Elizabeth MacDonald (+1 202.887.3738, [email protected])
Bryan Parr (+1 202.777.9560, [email protected])
Pedro G. Soto (+1 202.955.8661, [email protected])

New York
Zainab N. Ahmad (+1 212.351.2609, [email protected])
Reed Brodsky (+1 212.351.5334, [email protected])
Mylan L. Denerstein (+1 212.351.3850, [email protected])
Karin Portlock (+1 212.351.2666, [email protected])
Mark K. Schonfeld (+1 212.351.2433, [email protected])
Orin Snyder (+1 212.351.2400, [email protected])

Dallas
David Woodcock (+1 214.698.3211, [email protected])

Denver
Ryan T. Bergsieker (+1 303.298.5774, [email protected])
Robert C. Blume (+1 303.298.5758, [email protected])
John D.W. Partridge (+1 303.298.5931, [email protected])
Laura M. Sturges (+1 303.298.5929, [email protected])

Houston
Gregg J. Costa (+1 346.718.6649, [email protected])

Los Angeles
Michael H. Dore (+1 213.229.7652, [email protected])
Michael M. Farhang (+1 213.229.7005, [email protected])
Diana M. Feinstein (+1 213.229.7351, [email protected])
Douglas Fuchs (+1 213.229.7605, [email protected])
Nicola T. Hanna (+1 213.229.7269, [email protected])
Poonam G. Kumar (+1 213.229.7554, [email protected])
Marcellus McRae (+1 213.229.7675, [email protected])
Eric D. Vandevelde (+1 213.229.7186, [email protected])
Debra Wong Yang (+1 213.229.7472, [email protected])

San Francisco
Winston Y. Chan (+1 415.393.8362, [email protected])
Charles J. Stevens (+1 415.393.8391, [email protected])

Palo Alto
Benjamin Wagner (+1 650.849.5395, [email protected])

London
Patrick Doris (+44 20 7071 4276, [email protected])
Sacha Harber-Kelly (+44 20 7071 4205, [email protected])
Michelle Kirschner (+44 20 7071 4212, [email protected])
Allan Neil (+44 20 7071 4296, [email protected])
Matthew Nunan (+44 20 7071 4201, [email protected])
Philip Rocher (+44 20 7071 4202, [email protected])

Paris
Benoît Fleury (+33 1 56 43 13 00, [email protected])
Bernard Grinspan (+33 1 56 43 13 00, [email protected])

Frankfurt
Finn Zeidler (+49 69 247 411 530, [email protected])

Munich
Kai Gesing (+49 89 189 33 285, [email protected])
Katharina Humphrey (+49 89 189 33 155, [email protected])
Benno Schwarz (+49 89 189 33 110, [email protected])

Hong Kong
Kelly Austin (+1 303.298.5980, [email protected])
Oliver D. Welch (+852 2214 3716, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Newsom committed to working with legislators, academics, and other partners to “find the appropriate path forward, including legislation and regulation.”

Update:  On September 29, 2024, Governor Newsom vetoed SB 1047 by returning it to the legislature without his signature, criticizing the bill as “a solution that is not informed by an empirical trajectory analysis of AI systems and capabilities.”[1]  Building on concerns he previously expressed about the bill,[2] Newsom explained in a statement accompanying his veto that SB 1047 regulates models based only on their cost and size, rather than function, and fails to “take into account whether an Al system is deployed in high-risk environments, involves critical decision-making or the use of sensitive data.”[3] 

Despite the veto, Newsom voiced support for AI regulation and California’s role in these efforts, stating, “Safety protocols must be adopted.  Proactive guardrails should be implemented, and severe consequences for bad actors must be clear and enforceable,” and that California  “cannot afford to wait for a major catastrophe to occur before taking action to protect the public.”[4] Newsom committed to working with legislators, academics, and other partners to “find the appropriate path forward, including legislation and regulation.”[5]  

On August 28, 2024, the California State Assembly passed proposed bill SB 1047, the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act, through which California seeks to regulate foundational AI models and impose obligations on companies  that develop, fine-tune or provide compute resources to train such models.  The bill purports to regulate only the most powerful AI models, trained using large computing capacity, but its requirements are likely to have a broader impact, including on open source models.   

SB 1047 currently sits with Governor Newsom.  As of September 24, it is unclear whether the Governor will sign the bill or veto it; on September 17, Newsom signaled some discomfort with the bill, but stated that he remained undecided even as he signed several other AI-related bills into law.[6]  Gov. Newsom has until the end of September to sign or veto the bill; if he does not veto or return the bill to the legislature, SB 1047 will become law and take effect on January 1, 2026, even if he does not sign it.  

Controversial since its introduction, SB 1047 represents a major shift in how U.S. states have sought to regulate AI to date, and the novel approach–including its requirements for developers to implement a “kill switch” and subject themselves to third-party compliance audits, and its applicability to startups and open source AI developers–has caused many major players in the technology sector to oppose the bill or work to weaken its provisions.

Below are 8 key takeaways that highlight the most important aspects of SB 1047 and the ways it may shape the AI landscape if it becomes law.

  1. Expansive definitions of “covered models” and “covered model derivatives” are likely to capture many frontier AI models and subsequent modifications.  SB 1047 broadly applies to “covered models,” which are AI models that either:
    • Cost over $100 million to develop and are trained using computing power “greater than 10^26 integer or floating-point operations” (FLOPs); or
    • Are based on covered models and fine-tuned at a cost of over $10 million and using computing power of three times 10^25 integer or FLOPs.[7]

The frontier models that are publicly available are just below the covered AI model threshold, but the next generation of models will most likely hit that regulation mark.

Certain of SB 1047’s requirements also apply to “covered model derivatives,” which include copies of covered models (whether or not they have been modified).

  1. SB 1047’s requirements apply only to companies that develop or provide compute power to train covered models or covered model derivatives, not to companies that merely use covered models.  The law’s principal requirements apply to “developers” that initially train a covered model or that fine-tune a covered model or covered model derivative, all based on the applicable cost and compute requirements.  Additional requirements apply to operators of computing clusters when one of their customers “utilizes compute resources that would be sufficient to train a covered model[.]
  2. Before training a covered model, developers are required to implement technical and organization controls designed to prevent covered models from causing “critical harms.”  These critical harms include creating or using certain weapons of mass destruction to cause mass casualties; causing mass casualties or at least $500 million in damages by conducting cyberattacks on critical infrastructure or acting with only limited human oversight and causing death, bodily injury, or property damage in a manner that would be a crime if committed by a human; and other comparable harms.
    • Kill switch or “shutdown capabilities.” Developers are required to implement a means through which to “promptly enact a full shutdown” of all covered models and covered model derivatives in their control, such that all model operations, including further training, are stopped. In determining whether to enact a full shutdown, developers are required to consider whether it may cause any potential disruptions to critical infrastructure.
    • Cybersecurity protections. Developers are required to implement protections “appropriate in light of the risks” to prevent unauthorized access, misuse, or “unsafe post-training modifications” of the covered model and all covered model derivatives in their control.
    • Safety protocols. Developers are required to develop a written document safety and security protocol (SSP) and to designate a senior individual to implement the SSP in a manner that complies with the developer’s obligation to exercise reasonable care to mitigate the risk of “foreseeable” downstream misuse of covered models, including by reviewing the SSP for sufficiency on an annual basis. Developers are required to retain an unredacted version of their SSP for the life of the covered model to which it applies plus 5 years, publish a redacted version of the SSP, and to provide an unredacted version to the Attorney General upon request. The SSP is required to:
      • Specify the means through which the developer will comply with its duty to exercise reasonable care as set out above and describe in detail how the developer will comply with SB 1047;
      • Describe how the SSP may be modified;
      • Describes when the developer would implement a full shutdown;
      • Set out testing procedures to determine whether the covered model and its derivatives pose an unreasonable risk of causing or enabling a critical harm or whether the covered model and its derivatives may be modified in a manner that poses such a risk; and
      • States the developer’s compliance obligations in sufficient detail to allow the developer or a third party to determine whether the SSP has been followed.
  3. Developers are subject to rigorous testing, assessment, reporting, and audit obligations.
    • Testing and Assessment. Before using a covered model or making it publicly available, a developer is required to assess, including through testing as set out in the SSP, whether there is a possibility that the model could cause critical harm and to record and retain test results from these assessments such that third-parties are capable of duplicating these tests.
    • Audits and Reports. Beginning in 2026, developers are required to retain a third-party auditor to perform an independent, annual audit of their compliance with SB 1047. Developers are required to publish redacted copies of their audit reports and to provide unredacted copies to the Attorney General on request.  The bill further requires developers to submit annual compliance statements to the Attorney General and to report safety incidents within 72 hours of discovery.
  4. Compute providers are required to implement policies and procedures for customers that use compute sufficient to train a covered model. These procedures are required to include the ability to enact a full shutdown of compute used to train covered models, collecting and verifying identifying information for any customer that uses compute sufficient to train a covered model and assessing whether the customer intends to use the compute resources to train a covered model.  Such information is required to be retained for 7 years and shall be provided to the Attorney General on request.
  5. Developers are prohibited from preventing employees from reporting noncompliance internally, to the Attorney General, or to the Labor Commissioner and may not retaliate against employees who do so. These whistleblower protections include requirements that developers inform any employee or contractor working on covered models of their rights and to retain any complaints or reports made by employees or contractors for 7 years.  Developers also are required to develop processes through which employees or contractors may make internal reports on an anonymous basis.
  6. Enforcement is exclusively by the Attorney General and does not include a private right of action. The Attorney General may bring a civil action for violations of the bill that cause death or bodily harm; damage, theft, or misappropriation of property; or imminent public safety risks. The Attorney General may seek civil penalties, monetary damages (including punitive damages), injunctive or declaratory relief.  Civil penalties for certain violations are capped at 10% of the cost of computing power used to train the covered model.
  7. Certain provisions of SB 1047 may be vulnerable to legal challenge based on constitutional principles. While many of the bill’s provisions will likely pass constitutional muster, including those requiring developers to take technical steps in relation to their covered models, SB 1047 remains subject to legal challenge based on its extraterritorial reach and its assessment requirements.
    • No nexus to California. SB 1047 does not have any textual nexus requiring that developers be located in California nor any requirements that covered models be developed, trained, or offered in California for the provisions to apply, standing in opposition to the general presumption that state laws do not apply outside of that state’s borders.
    • Assessments may violate the First Amendment. The bill’s assessment provisions may be subject to legal challenge that they are unconstitutional government mandates for developers to create speech, in violation of the First Amendment.  The likelihood of such challenges may be increased by the Ninth Circuit’s latest holdings that similar assessment provisions in California’s Age-Appropriate Design Code Act and AB 587 (relating to social media platforms) are facially unconstitutional on First Amendment grounds.[8]

[1] Statement of Gavin Newsom, p. 2 (Sept. 29, 2024), https://www.gov.ca.gov/wp-content/uploads/2024/09/SB-1047-Veto-Message.pdf.

[2] See note 4, infra.

[3] See note 1, supra, at p. 2.

[4] Id.

[5] Id. at p. 3.  Contemporaneous with his veto, Newsom announced new partnerships and initiatives for responsibly deploying generative AI and directing state agencies more closely to examine issues surrounding critical harms.  The Office of Gov. Gavin Newsom, Governor Newsom announces new initiatives to advance safe and responsible AI, protect Californians (Sept. 29, 2024), https://www.gov.ca.gov/2024/09/29/governor-newsom-announces-new-initiatives-to-advance-safe-and-responsible-ai-protect-californians/.

[6] See Jeremy B. White, Gavin Newsom signals concerns about major AI safety bill, Politico (Sept. 17, 2024), https://subscriber.politicopro.com/article/2024/09/gavin-newsom-signals-concerns-about-major-ai-safety-bill-00179727 (setting out Newsom’s concerns that the bill may create a “chilling effect” and make it harder for California to maintain its status as the home of tech innovation).

[7] The proposed computing threshold mirrors the Biden administration’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.

[8] NetChoice v. Bonta, No. 23-2969 (9th Cir. Aug. 16, 2024); X Corp. v. Bonta, No. 24-271 (9th Cir. Sept. 4, 2024).


The following Gibson Dunn lawyers assisted in preparing this update: Christopher Rosina, Frances Waldmann, Emily Maxim Lamm, Cassandra Gaedt-Sheckter, Vivek Mohan, and Eric Vandevelde.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Artificial Intelligence practice group:

Christopher Rosina – New York (+1 212.351.3855, [email protected])
Frances A. Waldmann – Los Angeles (+1 213.229.7914,[email protected])
Keith Enright – Palo Alto (+1 650.849.5386, [email protected])
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, [email protected])
Vivek Mohan – Palo Alto (+1 650.849.5345, [email protected])
Robert Spano – London/Paris (+33 1 56 43 13 00, [email protected])
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Gibson Dunn’s Workplace DEI Task Force aims to help our clients develop creative, practical, and lawful approaches to accomplish their DEI objectives following the Supreme Court’s decision in SFFA v. Harvard. Prior issues of our DEI Task Force Update can be found in our DEI Resource Center. Should you have questions about developments in this space or about your own DEI programs, please do not hesitate to reach out to any member of our DEI Task Force or the authors of this Update (listed below).

Key Developments:

On September 5, the Office of Federal Contract Compliance Programs (OFCCP) held an informal compliance conference with Sanofi Pasteur, Inc. to address a complaint made by America First Legal (AFL). AFL alleged that the Sanofi violated the Constitution by implementing in its contracts with the federal government a “Diverse Slate Policy,” which required Sanofi’s talent acquisition team to hire a certain percentage of women and people of color for leadership roles. AFL also filed a complaint with the EEOC, alleging that the “Diverse Slate Policy” violated Title VII of the Civil Rights Act of 1964. During the compliance conference with the OFCCP, Sanofi agreed that placement goals, utilization goals, and hiring benchmarks should “not be interpreted as a ceiling or floor for the employment of particular groups of persons,” but rather, should serve as benchmarks to measure representation in its workforce. Sanofi also agreed to assess its employment practices and remedy any potential discrimination.

On September 9, the Congressional Black Caucus (CBC) released a corporate accountability report focused on Fortune 500 companies’ commitments to DEI and racial equity investments. The report found that most of the Fortune 500 companies that submitted responses to the CBC’s questions remain committed to, and have made progress on, their goals regarding workplace diversity and racial equity, despite recent attacks in the wake of the SFFA decision. The report outlines 12 best practices and approaches implemented by various companies to promote DEI in their workplaces, which the CBC hopes will become standard practice across industries. The report was published almost a year after the CBC issued a corporate accountability letter, addressing attacks on DEI initiatives in the private sector and urging Fortune 500 companies to make public statements affirming their commitments to such initiatives.

On September 23, 2024, U.S. District Judge Gregory F. Van Tatenhove of the Eastern District of Kentucky issued a preliminary injunction against the U.S. Department of Transportation’s Disadvantaged Business Enterprise (“DBE”) program. Represented by the Wisconsin Institute for Law & Liberty, two non-minority contractors sued the Department of Transportation in October 2023, challenging the DEB program’s purpose of directing at least 10% of federal transportation infrastructure funding to contracting firms owned by women and minorities. The DBE program is meant to combat statistical disparities and to remedy past and ongoing discrimination in the federally assisted transportation contracting market. The plaintiffs allege that the DBE program’s race- and gender-based preferences violate the Constitution’s equal protection guarantees. The court held that the plaintiffs would “likely win on the merits of their constitutional claims,” and granted a partial preliminary injunction, preventing the Department of Transportation from using race- and gender-based criteria for contracts on which the two plaintiffs bid. The DBE program is the latest in a series of government affirmative action programs that have been enjoined on constitutional grounds.

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

  • Bloomberg Law, “Employer Cutbacks to Worker Diversity Groups Pose Legal Risks” (September 10): Rebecca Klar of Bloomberg Law discusses the legal risks posed by the employers’ decisions to restructure employee resource groups (ERGs) in response to backlash from anti-DEI activists including Robby Starbuck and America First Legal. Klar interviewed the former acting chair of the EEOC, Victoria Lipnic, who explained that the legality of ERGs likely depends “on how they were created, who is invited to join, and what is being offered.” And while “most companies have been sophisticated” in their approach to ERGs, including making sure to welcome allies regardless of characteristics like race or sex, Lipnic says that companies thinking about restructuring their ERGs should “not lose sight that real discrimination still happens every day in the workplace” and should ensure the workplace is one of equal opportunity and free from discrimination.
  • Bloomberg Law, “Investors Push Deere to Explain DEI Rollbacks With New Bid” (September 13): Bloomberg Law’s David Hood reports on shareholder advocacy group As You Sow’s recent proposal to John Deere in the wake of the company’s recent public rollback of certain of its DEI commitments. Hood says that Deere’s decision came on the heels of an aggressive media campaign by anti-DEI activist Robby Starbuck, who has used his social media platform to criticize corporations for their DEI efforts. As You Sow’s proposal asks Deere to provide “data about its recruitment, retention, and promotion” of its employees categorized by “ethnicity, gender and race.” With that information, the proposal says, investors can “assess and compare the effectiveness of companies’ efforts to ensure meritocratic workplaces through DEI efforts.”
  • The New York Times, “Yale, Princeton and Duke Are Questioned Over Decline in Asian Students” (September 17): Writing for The New York Times, Anemona Hartocollis reports on Edward Blum’s recent threat of further litigation challenging race-based university admissions. Hartocollis says that Blum is now targeting institutions including Princeton, Duke, and Yale, which all reported a decline in the admission of Asian students in the past year. Blum claims that, “[b]ased on S.F.F.A.’s extensive experience,” the “racial numbers” at these top universities “are not possible under true neutrality” and warned that these universities “are now on notice” that more suits would soon follow. Princeton spokeswoman Jennifer Morrill stated that the university has “carefully adhered to the requirements set out by the Supreme Court,” while representatives from Yale and Duke did not comment. Professor William Jacobson of Cornell Law School predicts that Blum’s fight will now transition “away from policies to what is happening in admissions offices.”
  • AP News, “Major companies abandon an LGBTQ+ rights report card after facing anti-diversity backlash” (September 17): AP News’s Cathy Bussewitz reports on companies’ recent decisions to no longer participate in the Human Rights Campaign’s Corporate Equality Index, which is a scorecard that grades corporate efforts to ensure “that gay lesbian, bisexual, transgender and queer employees did not face discrimination in hiring and on the job.” Bussewitz says that most companies’ decision to end their participation in the Index stems from “conservative activists who have threatened boycotts and firms such as the Wisconsin Institute for Law & Liberty that have challenged DEI programs.” Jason Schwartz, co-chair of the Labor and Employment practice group at Gibson Dunn, observed that the “opponents to [DEI] efforts are winning the war of words, and they’ve got a lot of momentum in the courtroom, so I do think it’s a serious threat that needs to be responded to in a thoughtful way.”

Corporate Diversity:

  • BNN Bloomberg, “US Companies Nix Career Programs for Women Amid DEI Backslide” (September 17): Writing for BNN Bloomberg, Kelsey Butler and Emily Chang report on studies from LeanIn and McKinsey, finding that companies’ “formal mentorship programs for women” have decreased from 48% in 2022 to 37% in 2024. Butler and Chang attribute the decline to the concerted efforts by conservative activists, including Robby Starbuck, Edward Blum, and Stephen Miller. According to Rachel Thomas, co-founder and CEO of LeanIn, “the pullback in commitments” is “one of the more concerning findings” from their studies, as DEI is “at a moment where companies have momentum in many areas and we need them to keep going.” To that end, Butler and Chang note that “there has been progress in representation of women in the highest rungs of corporate America,” with women now comprising “29% of C-suite positions, up from 17% in 2015.” But the authors of the studies believe this progress is fragile and call for companies to remain steadfast in their desire to ensure women have the support needed to climb the corporate ladder.
  • Bloomberg Law, “Caterpillar Joins Ford, Lowe’s in Diversity Rethink as Backlash Grows” (September 19): Bloomberg Law’s Jeff Green and Sana Pashankar report on Caterpillar’s decision to pull back on certain diversity policies in response to anti-DEI social media campaigns by conservative activist Robby Starbuck. Green and Pashankar report that Caterpillar is “introducing new guidelines on external sponsorships and donations as part of a review of some of its DEI initiatives.” A company spokesperson, Joan Cetera, confirmed that Caterpillar met with Starbuck prior to announcing these changes. But Cetera clarified that certain measures, like the company’s withdrawal from the Human Rights Campaign’s Corporate Equality Index, were already in place before Starbuck set his sights on the corporation. Green and Pashankar note that Caterpillar’s “tweaks fall short of some of the more substantial changes made by companies like Tractor Supply Co.”
  • Fortune, “How Robby Starbuck is Taking Aim at DEI Programs of Fortune 500 Companies” (September 19): Fortune’s Lila MacLellan reports on Robby Starbuck’s activism against “woke” workplace culture, including his campaigns against Tractor Supply, John Deere, Harley Davidson, and other companies. MacLellan notes that several of these companies have pulled back their support for the Human Rights Campaign’s Corporate Equality Index and events like Pride parades, and also have “dropp[ed] supplier diversity goals and chang[ed] the focus of their employee resource groups.” While Starbuck has claimed credit for changes to DEI policies at these companies, MacLellan says that many of them were planning to make these changes prior to any outreach from Starbuck. As Alphonso David, CEO of the Global Black Economic Forum, noted, “[W]e should be careful not to assume that [Starbuck’s] efforts are actually directly responsible for these changes.” MacLellan also reports on efforts to counteract Starbuck’s influence: for example, As You Sow, a nonprofit that promotes corporate responsibility through shareholder advocacy, has drafted a shareholder proposal about John Deere’s “ambiguous and inconsistent shift in policies and practices” regarding DEI.

Case Updates:

Below is a list of updates in new and pending cases:

1. Employment discrimination and related claims:

  • Missouri v. Int’l Bus. Machs. Corp., No. 24SL-CC02837 (Cir. Ct. of St. Louis Cty. 2024): On June 20, the State of Missouri filed a complaint against IBM in state court, alleging that the company is violating the Missouri Human Rights Act by using race and gender quotas in its hiring and basing employee compensation on participation in allegedly discriminatory DEI practices. The complaint cites a leaked video in which IBM’s Chief Executive Officer and Board Chairman, Arvind Krishna, allegedly stated that all executives must increase representation of ethnic minorities in their teams by 1% each year in order to receive a “plus” on their bonus. The complaint also alleges that employees at IBM have been fired or suffered adverse employment actions because they failed to meet or exceed these targets. The Missouri Attorney General is seeking to permanently enjoin IBM and its officers from utilizing quotas in hiring and compensation decisions.
    • Latest update: On September 13, 2024, IBM moved to dismiss the suit, arguing that the “plus” bonus is not a “rigid racial quota,” but a lawful means of encouraging “permissible diversity goals.” IBM also argued that the State failed to assert sufficient facts to show that the “plus” bonus influenced any employment decisions in Missouri. The State’s opposition is due October 4, 2024.
  • Diemert v. City of Seattle, et al., No. 2:22-cv-01640 (W.D. Wash. 2022): On November 16, 2022, the plaintiff, a white male, sued his former employer, the City of Seattle. The plaintiff alleged that the City’s diversity initiatives, which allegedly included mandatory diversity trainings involving critical race theory and encouraging participation in “race-based affinity groups, caucuses, and employee resource groups,” amounted to racial discrimination in violation of Title VII and the Fourteenth Amendment. The plaintiff also alleged that he had been subjected to a hostile work environment. On August 16, 2024, the City filed a motion for summary judgment, arguing that the plaintiff had “resigned voluntarily because he had already moved to Texas and did not wish to return to in-person work.” The City further argued that while it required employees to complete two diversity activities per year, it did not penalize employees who did not fulfill the requirement.
    • Latest update: On September 7, 2024, the plaintiff filed his opposition to the motion for summary judgment, arguing that he experienced discrimination that the City failed to remediate. On September 13, 2024, the City replied, contending that the plaintiff relied on allegations outside the record, experienced no adverse actions, and ignored the facts demonstrating the City’s lack of discriminatory intent and efforts to support the plaintiff.

2. Actions against Educational Institutions:

  • Faculty, Alumni, and Students Opposed to Racial Preferences (FASORP) v. Northwestern University, No. 1:24-cv-05558 (N.D. Ill. 2024): A nonprofit advocacy group filed suit against Northwestern University, alleging that the university is violating Title VI, Title IX, and Section 1981 by considering race and sex in law school faculty hiring decisions. The suit also claims that student editors of the Northwestern University Law Review give discriminatory preference to “women, racial minorities, homosexuals, and transgender people when selecting their members and editors,” and when selecting articles to publish. FASORP is seeking to enjoin Northwestern from (1) considering race, sex, sexual orientation, or gender identity in the appointment, promotion, retention, or compensation of its law school faculty or the selection of articles, editors, and members of the Northwestern University Law Review, and (2) soliciting any information about the race, sex, sexual orientation, or gender identity of law school faculty candidates or applicants for the Law Review. FASORP also asked the court to order Northwestern to establish a new policy for selecting law school faculty and Law Review articles, editors, and members, and to appoint a court monitor to oversee all related decisions.
    • Latest update: On September 9, 2024, the university moved to dismiss the complaint for lack of standing and failure to state a claim. The university argues that FASORP lacks standing because it does not allege that any members are qualified and took steps to join the Law School’s faculty, are qualified and took steps to submit articles to the Law Review, or are or were ever Northwestern students. The university also argues that even if FASORP has standing, the claims are outside the ambit of Title VI and Title IX, and the Section 1981-based claims are vague and conclusory. A telephonic hearing on the motion to dismiss is set for January 28, 2025.
  • Sullivan v. Howard University, No. 1:24-cv-01924 (D.D.C. 2024): On July 1, 2024, a male administrator at Howard University who was transferred to another department filed suit against the university, bringing claims of sex discrimination and retaliation in violation of Section 1981, and sex discrimination, retaliation, and a hostile work environment in violation of the D.C. Human Rights Act (DCHRA).
    • Latest update: On September 16, 2024, Howard University filed a partial motion to dismiss, arguing for the dismissal of both claims brought under Section 1981 because it does not protect against sex-based discrimination, and the hostile work environment claim because the alleged conduct was not severe, pervasive, or even linked to the plaintiff’s sex. The motion did not address the sex discrimination and retaliation claims brought under the DCHRA.
  • Gerber v. Ohio Northern University, No. 2023-1107-CVH (Ohio Ct. Common Pleas Hardin Cnty. 2023): On June 30, 2023, a law professor sued his former employer, Ohio Northern University, for terminating his employment after an internal investigation determined that he bullied and harassed other faculty members. On January 23, 2024, the plaintiff, represented by America First Legal, filed an amended complaint, claiming that his firing was actually in retaliation for his vocal and public opposition to the university’s stated DEI principles and race-conscious hiring, which he believed were illegal. The plaintiff alleged that the investigation and his termination breached his employment contract, violated Ohio civil rights statutes, and constituted various torts, including defamation, false light, conversion, infliction of emotional distress, and wrongful termination in violation of public policy. On June 17, 2024, both parties filed motions for summary judgment. On July 16, the court dismissed the individual defendants based on evidence showing they were not involved in the investigation or termination.
    • Latest update: On September 12, 2024, the court granted the university’s motion for summary judgment on the plaintiff’s claims for wrongful termination and emotional distress, but otherwise denied the parties’ cross-motions for summary judgment. The court determined that issues of material fact exist concerning plaintiff’s claims for breach of contract, retaliation, defamation, and false light, which will proceed to a jury trial.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Blaine Evanson, Molly Senger, Zakiyyah Salim-Williams, Matt Gregory, Zoë Klein, Mollie Reiss, Jenna Voronov, Alana Bevan, Marquan Robertson, Janice Jiang, Elizabeth Penava, Skylar Drefcinski, Mary Lindsay Krebs, David Offit, Lauren Meyer, Kameron Mitchell, Maura Carey, and Jayee Malwankar.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and authors:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, [email protected])

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, [email protected])

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, [email protected])

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, [email protected])

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, [email protected])

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group
Orange County (+1 949-451-3805, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

From the Derivatives Practice Group: This week, the CFTC requested public comment on a rule certification filing and extended two no-action letters in connection with reporting obligations.

New Developments

  • CFTC Requests Public Comment on a Rule Certification Filing by KalshiEX LLC. On September 26, the CFTC requested public comment on a rule certification filing by KalshiEX LLC, which would amend its rulebook to include rules for a request for quote functionality and amendments to its prohibited transactions rule. The CFTC previously stayed KalshiEX LLC’s filing because, according to the CFTC, the submission presents novel or complex issues that require additional time to analyze and is potentially inconsistent with the Commodity Exchange Act or the CFTC’s regulations. Comments must be submitted on or before Oct. 28, 2024. [NEW]
  • CFTC Staff Extends No-Action Position for Certain Reporting Obligations Under the Ownership and Control Reports Final Rule. On September 25, the CFTC’s Division of Market Oversight (“DMO”) issued a no-action letter that extends the current no-action position for reporting obligations under the ownership and control reports final rule (“OCR Final Rule”). The OCR Final Rule, approved in 2013, requires the electronic submission of trader identification and market participant data for special accounts and volume threshold accounts through Form 102 and Form 40. DMO said that it is extending its no-action position to address continuing compliance difficulties associated with certain ownership and control reporting obligations identified by reporting parties and market participants. The position extends DMO’s position under CFTC Letter No. 23-14, stating that DMO will not recommend the CFTC commence an enforcement action for non-compliance with certain obligations. These obligations include, among others, the timing of ownership and control report form filings; certain information required to be reported regarding trading account controllers and volume threshold account controllers on Form 102; the reporting threshold that triggers the reporting of a volume threshold account on Form 102; the filing of refresh updates for Form 102; and responses to certain questions on Form 40. The no-action position will remain in effect until the later of the applicable effective date or compliance date of a CFTC action, such as a rulemaking or order, addressing such obligations. [NEW]
  • CFTC Announces Four Orders Granting Whistleblower Awards – Marking the Most in a Single Day. On September 23, the CFTC announced awards totaling approximately $4.5 million for whistleblowers who, collectively, provided information that led to the success of multiple enforcement actions brought by the CFTC and another authority. The four orders granting awards, to a total of seven whistleblowers, are the most the CFTC has issued on a single day. [NEW]
  • CFTC Staff Extends Temporary No-Action Letter Regarding Capital and Financial Reporting for Certain Non-U.S. Nonbank Swap Dealers Domiciled in the EU and the UK. On September 20, the CFTC’s Market Participants Division (“MPD”) announced it issued a temporary no-action letter extending CFTC Staff Letters No. 21-20 and 22-10 to certain nonbank swap dealers (SDs) domiciled in the European Union (“EU”) and the United Kingdom (“UK”) that are the subject of pending CFTC reviews for comparability determinations regarding capital and financial reporting requirements. As part of the capital and financial reporting requirements for nonbank SDs, the CFTC adopted a substituted compliance framework that permits certain nonbank SDs to rely on compliance with home-country capital and financial reporting requirements in lieu of meeting all or parts of the CFTC’s capital adequacy and financial reporting requirements, provided the CFTC finds the home-country requirements comparable to the CFTC’s requirements. Through CFTC Staff Letter No. 24-13, issued on September 20, MPD is extending a no-action position to eligible nonbank SDs domiciled in the EU and the UK that are not covered by existing CFTC orders addressing capital and financial reporting requirements. The no-action position is conditioned upon the nonbank SDs remaining in compliance with applicable home-country capital and financial reporting requirements and submitting certain financial reporting information to the CFTC. The no-action position will expire by December 31, 2026 or the effective date of any final CFTC action addressing the comparability of capital and financial reporting requirements applicable to the relevant nonbank SDs. [NEW]
  • CFTC Approves Final Guidance Regarding the Listing of Voluntary Carbon Credit Derivative Contracts. On September 20, the CFTC approved final guidance regarding the listing for trading of voluntary carbon credit derivative contracts. The guidance applies to designated contract markets (“DCMs”), which are CFTC-regulated derivatives exchanges, and outlines factors for DCMs to consider when addressing certain Core Principle requirements in the Commodity Exchange Act (“CEA”) and CFTC regulations that are relevant to the listing for trading of voluntary carbon credit derivative contracts. The guidance also outlines factors for consideration when addressing certain requirements under the CFTC’s Part 40 Regulations that relate to the submission of new derivative contracts, and contract amendments to the CFTC.
  • CFTC Approves Part 40 Final Rule to Simplify and Enhance Rule and Product Submission Processes. On September 12, the CFTC approved a final rule to amend Part 40 of the CFTC’s regulations. The regulations in Part 40 implement Section 5c(c) of the CEA and govern how registered entities submit self-certifications, and requests for approval, of their rules, rule amendments, and new products for trading and clearing, as well as the CFTC’s review and processing of such submissions. The amendments are intended to clarify, simplify and enhance the utility of the Part 40 regulations for registered entities, market participants and the CFTC. The final rule is effective 30 days after publication in the Federal Register.
  • DC Circuit Court Orders Temporary Stay Suspending Trading on Election Contracts. On September 12, the United States Court of Appeals for the District of Columbia Circuit (the “DC Circuit Court”) ordered a temporary stay suspending trading on election contracts offered by KalshiEx LLC (“KalshiEx”) “to give the court sufficient opportunity to consider the emergency motion for stay pending appeal.” Prior to the temporary stay from the DC Circuit Court, the United States District Court for the District of Columbia (the “DC District Court”) overturned an order blocking KalshiEx from allowing election contract trading on its platform and denied the CFTC’s request for a stay pending appeal. KalshiEx filed a response to the CFTC’s emergency motion on September 12 and the CFTC’s reply is due to the DC Circuit Court by 6:00 pm on September 14.
  • CFTC Approves Final Rule Regarding Exemptions from Certain Compliance Requirements for Commodity Pool Operators, Commodity Trading Advisors, and Commodity Pools. On September 12, the CFTC published a final rule that amends CFTC Regulation 4.7, a provision that provides exemptions from certain compliance requirements for commodity pool operators (“CPOs”) regarding commodity pool offerings to qualified eligible persons (“QEPs”) and for commodity trading advisors (“CTAs”) regarding trading programs advising QEPs. The final rule amends various provisions of the regulation that have not been updated since the rule’s original adoption in 1992. Specifically, the final rule: (1) increases the monetary thresholds outlined in the “Portfolio Requirement” definition that certain persons may use to qualify as Qualified Eligible Persons; (2) codifies exemptive letters allowing CPOs of Funds of Funds operated under Regulation 4.7 to choose to distribute monthly account statements within 45 days of the month-end; (3) includes technical amendments designed to improve its efficiency and usefulness for intermediaries and their prospective and actual QEP pool participants and advisory clients, as well as the general public; and, (4) updates citations within 17 CFR Part 4, and throughout the CFTC’s rulebook, to reflect the new structure of Regulation 4.7.

New Developments Outside the U.S.

  • SFC and HKMA Publish Conclusions on Enhancements to OTC Derivatives Reporting Regime for Hong Kong. On September 26, the Securities and Futures Commission and the Hong Kong Monetary Authority jointly published conclusions on proposed enhancements to the over-the-counter (“OTC”) derivatives reporting regime for Hong Kong, indicating that they will mandate (i) the use of unique transaction identifiers, (ii) the use of unique product identifiers and (iii) the reporting of critical data elements beginning on September 29, 2025. [NEW]
  • ESAs Warn of Risks From Economic and Geopolitical Events. On September 10, the three European Supervisory Authorities (“ESAs”) issued their Autumn 2024 Joint Committee Report on risks and vulnerabilities in the EU financial system. In the report, the ESAs underlined ongoing high economic and geopolitical uncertainties, warned of the financial stability risks that they believe stem from these uncertainties and called for continued vigilance from all financial market participants. For the first time, the report also includes a cross-sectoral deep dive into credit risks in the financial sector.
  • EC Publishes Draghi Report on the Future of European Competitiveness. On September 9, the European Commission (“EC”) published a report, Future of European Competitiveness, authored by former Italian prime minister and head of the European Central Bank Mario Draghi. The report, which was commissioned by EC president Ursula von der Leyen, outlines the EU’s new industrial strategy. Part A of the report outlines the overarching strategy, while Part B discusses sectoral and horizontal policies and related recommendations in more detail. The report covers topics that include energy derivatives, sustainable finance, EU supervision, Basel framework, and collateral. The EC president indicated that she will aim to form a cabinet, with related mission letters that she expects to cover certain aspects of the report as part of future EU policies.

New Industry-Led Developments

  • ISDA Publishes Updated Best Practices for Confirming Reference Obligations or Standard Reference Obligations. On September 25, ISDA published updated Best Practices for Single-name Credit Default Swaps regarding Reference Obligations or Standard Reference Obligations. The document sets out suggested best practices for confirming the Reference Obligation or Standard Reference Obligations for single-name Credit Default Swaps and is an update to the Best Practice Statement that was published by ISDA on November 18, 2014. [NEW]
  • Joint Trade Association Issues Statement on EMIR 3.0 Effective Implementation Dates. On September 23, ISDA, the Alternative Investment Management Association, the European Banking Federation, the European Fund and Asset Management Association and FIA sent a letter urging the European Commission and European supervisory authorities to clarify that market participants are not required to implement the European Market Infrastructure Regulation (“EMIR 3.0”) Level 1 provisions prior to the date of application of the associated Level 2 regulatory technical standards (“RTS”). In the letter, the associations state that they are seeking clarification to avoid firms being required to implement the requirements of EMIR 3.0 twice—first, to comply with the Level 1 provisions once EMIR 3.0 enters into force and then when the associated Level 2 RTS becomes applicable. [NEW]
  • ISDA Publishes Standing Settlement Instructions Suggested Operational Practices. On September 20, ISDA published the ISDA Standing Settlement Instructions (“SSI”) suggested operational practices (“SOP”), which outlines a set of guidelines for the communication, management and usage of SSIs. According to ISDA, the document aims at increasing standardization and efficiency in performing payments for over-the-counter (“OTC”) derivatives and it is an update to the Best Practice Statement that was published by ISDA on August 11, 2010. SOPs for the exchange of SSIs for the purposes of collateral are available in section 1.7 of the Suggested Operational Practices for the OTC Derivatives Collateral Process. [NEW]
  • ISDA Publishes Results of DC Review Consultation. On September 19, ISDA published the results of a market-wide consultation on proposed changes to the structure and governance of the Credit Derivatives Determinations Committees (“DCs”). ISDA reported that the consultation indicated broad market support to implement many of the recommendations, including establishing a separate governance body, implementing certain transparency proposals relating to the publication of DC decisions and appointing up to three independent members of the DCs. Some of the proposals received a significant minority of objections.
  • ISDA Submits Letter to US Treasury Department on Listed Transactions. On September 11, ISDA submitted a letter in response to the US Department of the Treasury’s proposal to identify certain basket contract transactions as listed transactions. In the letter, ISDA arguesd that ISDA believes the proposed regulations would apply to many non-abusive transactions, would inappropriately take the place of substantive guidance and would generate compliance burdens and uncertainty for taxpayers.

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Derivatives practice group, or the following practice leaders and authors:

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, [email protected])

Michael D. Bopp, Washington, D.C. (202.955.8256, [email protected])

Michelle M. Kirschner, London (+44 (0)20 7071.4212, [email protected])

Darius Mehraban, New York (212.351.2428, [email protected])

Jason J. Cabral, New York (212.351.6267, [email protected])

Adam Lapidus  – New York (212.351.3869,  [email protected] )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, [email protected])

William R. Hallatt , Hong Kong (+852 2214 3836, [email protected] )

David P. Burns, Washington, D.C. (202.887.3786, [email protected])

Marc Aaron Takagaki , New York (212.351.4028, [email protected] )

Hayden K. McGovern, Dallas (214.698.3142, [email protected])

Karin Thrasher, Washington, D.C. (202.887.3712, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

This update provides a high-level summary of meaningful similarities and differences between the CFTC’s proposed and final guidance regarding the listing of voluntary carbon credit derivative contracts.

On September 20, 2024, the Commodity Futures Trading Commission (the CFTC or the Commission) approved final guidance (the VCC Guidance)[1] outlining factors for consideration by CFTC-regulated exchanges, such as designated contract markets (DCMs) and swap execution facilities,[2] regarding the listing for trading of voluntary carbon credit (VCC) derivative contracts.[3]  The CFTC did not depart significantly from its proposed guidance on the same topic, issued on December 4, 2023 (the VCC Proposal), and focused on key considerations when addressing certain requirements in the Commodity Exchange Act (the CEA) and CFTC regulations applicable to the design and listing of such contracts.

This update provides a high-level summary of meaningful similarities and differences between the VCC Proposal and the VCC Guidance.[4]

Overview

The VCC Guidance does not establish new obligations for DCMs or modify or supersede the existing regulatory framework regarding the listing of derivative products by DCMs.  Rather, it provides the CFTC’s views and guidance on factors potentially relevant to its evaluation of DCM compliance and outlines matters for consideration by a DCM when designing and listing a VCC derivative contract.  In the context of VCC derivatives, the VCC guidance applies the already applicable “DCM Core Principles”[5] to VCC derivatives contracts.  In particular, DCM Core Principle 3, a requirement that a DCM only list for trading contracts that are not readily susceptible to manipulation, and DCM Core Principle 4, a requirement that a DCM prevent manipulation, price distortion and disruptions of the physical delivery or cash-settlement process through market surveillance, compliance and enforcement practices and procedures, form the foundation of the VCC Guidance.  The VCC Guidance also addresses product submission requirements under Part 40 of the CFTC’s regulations and CEA section 5c(c), insofar as such requirements relate to VCC derivatives.

The CFTC and Voluntary Carbon Markets

The VCC Guidance represents the “culmination of over five years of work” and the first time that a U.S. financial regulator has issued “regulatory guidance for contract markets that list financial contracts aimed at providing tools to manage risk, promote price discovery, and foster the allocation of capital towards decarbonization efforts,” according to Commissioner Behnam, who detailed many of the CFTC’s efforts in its supporting statement.[6]  According to the VCC Guidance, more than 150 derivative contracts on mandatory emissions program instruments are listed on DCMs[7] and 29 derivative contracts on voluntary carbon market products had been listed for trading by DCMs as of August 2024,[8] up from 18 as of November 2023[9] (only three of which currently have open interest).[10]

The VCC Guidance sits alongside many initiatives, both public and private, designed to encourage standards in VCC derivatives  markets and promote transparency and liquidity.  There is no primary regulator of the VCC markets; however, the CFTC has regulatory authority over environmental commodity derivatives, as established in a joint product definition rulemaking with the Securities Exchange Commission following the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act.[11] Although the CFTC does not have regulatory authority over the spot trading of VCCs, it has enforcement authority over fraud and manipulation in the spot VCC market.[12] The VCC Guidance should also be understood in the context of the U.S. federal government’s efforts to promote enhance VCC derivatives markets.[13]

But the proper role of the federal government, and the CFTC itself, in VCC derivatives markets remains unsettled.  For example, Commissioner Mersinger issued a dissenting statement on the VCC Guidance, stating that it “is a solution in search of a problem,” constituting “guidance on an emerging class of products that have very little open interest and comprise a miniscule percentage of trading activity on CFTC-regulated DCMs” that includes “veiled attempts to propagate controversial political ideologies.”[14]  Commissioner Mersinger stated that the inclusion of Environmental and Social Governance compliance and Net Zero goals in the VCC Guidance was misplaced, calling such focus “a backdoor attempt to inject and memorialize certain political ideologies into CFTC regulatory decisions.”[15]

CFTC Guidance for DCMs Regarding the Listing of VCC Derivative Contracts

The VCC Guidance focuses mainly on physically-settled VCC derivative contracts.  However, like in the VCC Proposal, the CFTC noted that its discussion of “VCC commodity characteristics for consideration by a DCM in connection with the design and listing of a physically-settled VCC derivative contract[] would also be relevant for cash-settled derivative contracts that settle to the price of a VCC, unless otherwise noted.”[16]

1. A DCM Shall Only List Derivative Contracts That Are Not Readily Susceptible to
Manipulation

The CFTC maintained the position it put forth in the VCC Proposal that, at a minimum, a DCM should address quality standards, delivery points and facilities, and inspection provisions in the design of a VCC derivative contract and that addressing such criteria in the contract’s terms and conditions will assist in promoting accurate pricing and reducing susceptibility to manipulation.  In addition to maintaining its position, the CFTC explained in the VCC Guidance that industry-recognized standards for high-integrity VCCs can assist in preventing manipulation and that DCMs should consider identifying the standards program and related crediting program in the contract’s terms and conditions.

A. Quality Standards

The VCC Guidance follows the VCC Proposal in recommending that a DCM should consider transparency, additionality, permanence and risk of reversal, and robust quantification of emissions reductions or removals when addressing quality standards in connection with the design of a VCC derivative contract.  In addition to what the CFTC set forth in the VCC Proposal, it recognized that:

a DCM may determine that it is appropriate to consider, when addressing quality standards in connection with derivative contract design, whether the crediting program for underlying VCCs has implemented measures to help ensure that credited mitigation projects or activities: (i) meet or exceed best practices on social and environmental safeguards, and (ii) would avoid locking in levels of [greenhouse gas (“GHG”)] emissions, technologies or carbon intensive practices that are incompatible with the objective of achieving net zero GHG emissions by 2050.[17]

The CFTC substantively revised its recommendations with respect to transparency and additionality, as described immediately below, but carried forward its proposed recommendations with respect to permanence and risk of reversal and robust quantification of emissions reductions or removals.

  • Transparency. The CFTC supplemented the VCC Proposal on transparency to provide that the terms and conditions of a physically-settled VCC derivative contract should “clearly identify what is deliverable under the contract.”[18]
  • Additionality. The CFTC refined the VCC Proposal on additionality, explicitly declining to define the term,[19] to provide that a DCM should consider “whether the crediting program for underlying VCCs has procedures in place to test for additionality” and whether such procedures “provide reasonable assurance that GHG emission reductions or removals will be credited only if they are additional.”[20]

B. Delivery Points and Facilities

The CFTC maintained its position set forth in the VCC Proposal that a DCM should consider a crediting program’s governance, tracking mechanisms and measures to prevent double-counting when addressing delivery procedures.

C. Inspection Provisions – Third Party Validation and Verification

In the VCC Guidance, the CFTC indicated that a DCM should look for “reasonable assurances” that crediting programs are validating and verifying credit mitigation projects and activities appropriately, replacing the VCC Proposal’s guidance that DCMs should directly consider a crediting program’s policies and procedures.

In the VCC Proposal, the CFTC proposed that a DCM should consider “how the crediting programs for the underlying VCCs require validation and verification that credited mitigation projects or activities meeting the crediting program’s rules and standards.”[21]  The CFTC revised that recommendation in the VCC Guidance and indicated that a DCM consider “whether there is reasonable assurance that the crediting programs for the underlying VCCs have up-to-date, robust and transparent procedures for validating and verifying that credited mitigation projects or activities meet the crediting program’s rules and standards,”[22] including “whether there is reasonable assurance that the crediting program’s procedures reflect best practices with respect to third party validation and verification.”[23]

2. A DCM Shall Monitor a Derivative Contract’s Terms and Conditions as They Relate to
the Underlying Commodity Market.

With respect to monitoring the terms and conditions of a physically-settled VCC derivative contract, the VCC Proposal and Guidance both stated that a DCM should (i) ensure that the underlying VCC reflects the latest certification standard applicable for that VCC and (ii) maintain rules that require its market participants to keep certain records and make them available to the DCM upon request.

3. A DCM Must Satisfy the Product Submission Requirements Under Part 40 of the
CFTC’s Regulations and CEA Section 5c(c).

The VCC Guidance and the VCC Proposal both maintained that that product submissions should be complete and thorough and include:

  • “[A]n ‘explanation and analysis’ of the contract and the contract’s ‘compliance with applicable provisions of the [CEA], including core principles and the Commission’s regulations thereunder.’”[24]
  • “[T]hat the explanation and analysis of the contract ‘either be accompanied by the documentation relied upon to establish the basis for compliance with applicable law, or incorporate information contained in such documentation, with appropriate citations to data sources[.]’”[25]
  • “[I]f requested by Commission staff, . . . any ‘additional evidence, information or data that demonstrates that the contract meets, initially or on a continuing basis, the requirements’ of the CEA or the Commission’s regulations or policies thereunder.”[26]

Conclusion

The VCC Guidance, like the VCC Proposal, is non-binding and limited to exchange-traded VCC derivative contracts.  However, it suggests implications for the over-the-counter VCC derivatives market and VCC spot markets. More generally, the VCC Guidance is the CFTC’s latest effort to promote structure and standards and influence the development of global VCC markets.

[1] See “CFTC Approves Final Guidance Regarding the Listing of Voluntary Carbon Credit Derivative Contracts,” Release No. 8969-24, Sept. 20, 2024.  Previously, the CFTC issued proposed guidance and a request for public comment regarding the listing for trading of voluntary carbon credit derivative contracts on December 4, 2023. The request for comment elicited approximately 90 comments from derivatives exchanges, industry and trade associations, carbon credit rating agencies and standard setting bodies, among others, during a 75-day public comment period.  Our client update on the VCC Proposal is available at https://www.gibsondunn.com/cftc-issues-proposed-guidance-regarding-the-listing-of-voluntary-carbon-credit-derivative-contracts/.

[2] The CFTC stated that, while the VCC Guidance “focuses on the listing of VCC derivative contracts by DCMs, the Commission believes that the factors outlined for consideration also would be relevant for consideration by any SEF that may seek to permit trading in swap contracts that settle to the price of a VCC, or in physically-settled VCC swap contracts.” VCC Guidance, Pre-Print Version at 82.

[3] The statement of support by the Chairman and statement of dissent by Commissioner Mersinger are available at https://www.cftc.gov/PressRoom/PressReleases/8969-24.

[4] Further information on the VCC Proposal can be found In Gibson Dunn’s previous alert, available at: https://www.gibsondunn.com/cftc-issues-proposed-guidance-regarding-the-listing-of-voluntary-carbon-credit-derivative-contracts/

[5] See, e.g.https://www.cftc.gov/LawRegulation/DoddFrankAct/Rulemakings/DF_12_DCMRules/index.htm

[6] Statement of Support of Chairman Rostin Behnam on the Commission’s Final Guidance Regarding the Listing of Voluntary Carbon Credit Derivatives Contracts (September 20, 2024), available at https://www.cftc.gov/PressRoom/SpeechesTestimony/behnamstatement092024.

[7] See VCC Guidance, Pre-Print Version at 14-15.

[8] See Id. at 15.

[9] See Commission Guidance Regarding the Listing of Voluntary Carbon Credit Derivative Contracts; Request for Comment, 88 Fed. Reg. 89410, 89414 (December 27, 2023).

[10] See VCC Guidance, Pre-Print Version at 15.

[11]Further Definition of “Swap,” “Security-Based Swap,” and “Security-Based Swap Agreement”; Mixed Swaps; Security-Based Swap Agreement Recordkeeping; Final Rule, 77 Fed Reg 48208, 48233-48235 (August 13, 2012). (“An agreement, contract or transaction in an environmental commodity may qualify for the forward exclusion from the “swap” definition set forth in section 1a(47) of the CEA, 7 U.S.C. 1a(47), if the agreement, contract or transaction is intended to be physically settled.”)

[12] See 7 U.S.C. § 9; 17 CFR § 180.1.

[13] See e.g., Gibson Dunn’s previous client alert on the Biden-Harris Administration’s Joint Statement of Policy and new Principles for Responsible Participation in Voluntary Carbon Markets, available at: https://www.gibsondunn.com/us-department-of-treasury-releases-joint-policy-statement-and-principles-on-voluntary-carbon-markets/

[14] Dissenting Statement of Commissioner Summer K. Mersinger on Guidance Regarding the Listing of Voluntary Carbon Credit Derivative Contracts (September 20, 2024), available at https://www.cftc.gov/PressRoom/SpeechesTestimony/mersingerstatement092024.

[15] Id.

[16] VCC Guidance, Pre-Print Version at 81.

[17] Id. at 86.

[18] Id. at 86.

[19] Id. at 88.

[20] Id. at 87.

[21] Commission Guidance Regarding the Listing of Voluntary Carbon Credit Derivative Contracts; Request for Comment, 88 Fed. Reg. 89410, 89419 (December 27, 2023).

[22] VCC Guidance, Pre-Print Version at 94.

[23] Id. at 95.

[24] Id. at 98 (quoting 17 CFR 40.2(a)(3)(v) (for self-certification) and 40.3(a)(4) (for Commission approval)).

[25] Id.

[26] Id. at 98 (quoting 17 CFR 40.2(b) (for self-certification) and 40.3(a)(10) (for Commission approval)).


The following Gibson Dunn lawyers assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, and Hayden McGovern.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Derivatives practice group, or the following authors:

Jeffrey L. Steiner – Washington, D.C. (+1 202.887.3632, [email protected])

Adam Lapidus – New York (+1 212.351.3869,  [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

This 60 minute module will walk you through the key aspects that you should have in mind when preparing the work plan, structure and instruct the team for an internal investigation. Because there is no “one-size-fits-all”-approach to structuring an internal investigation, we will analyze and asses different key elements of an internal investigation that require attention, namely:

  • The relevant addressee of the results of the investigation
  • The work plan and its updates
  • Considerations to include witness counsel
  • Considerations to maximize the legal privilege in multi-jurisdictional settings
  • Considerations to be made before sharing findings with the Government
  • Preparation of witness interviews (in person and virtual)
  • Presentation formats for the findings of an investigation

At the end of the module you should have a good understanding of the do’s and don’ts that will enable you to preparing, running an internal investigation and presenting its results more effectively.



PANELISTS:

Benno Schwarz is the partner in charge of the Munich office of Gibson, Dunn & Crutcher and co-chair of the firm’s Anti-Corruption & FCPA Practice Group. He focuses on white collar defense and compliance investigations in a wide array of criminal regulatory matters. For more than 30 years, he has handled sensitive cases and investigations concerning all kinds of compliance issues, especially in an international context. Benno assists his clients in the prevention and avoidance of corruption, fraud and money laundering and in navigating economic sanctions in the corporate sector. His advisory work comprises the planning and implementation of internal corporate as well as independent investigations both nationally and internationally; the structuring, implementation and assessment of compliance management systems; and the representation of companies and their executive bodies before domestic and foreign authorities during associated criminal and administrative proceedings. He also helps clients navigate the complexities of sanctions and counter-sanctions compliance, especially with respect to Russia-related sanctions and export control restrictions, leveraging his insights from his decades-long experience in advising corporate clients on transactional, compliance and trade law related matters involving Russia. Benno has practiced as an admitted German lawyer (Rechtsanwalt) since 1993.

Katharina Humphrey is a partner in Gibson Dunn’s Munich office. She advises clients in Germany and throughout Europe on a wide range of compliance and white collar crime matters. Katharina regularly represents multi-national corporations in connection with cross-border internal corporate investigations and government investigations. She has significant expertise in the areas of anti-bribery compliance – especially regarding the enforcement of German anti-corruption laws and the U.S. Foreign Corrupt Practices Act (FCPA) –, technical compliance, as well as sanctions and anti-money-laundering compliance. She also has many years of experience in advising clients with regard to the implementation and assessment of compliance management systems. The Legal 500 Deutschland 2024 and The Legal 500 EMEA 2024 listed her as “Next Generation Partner” in the field of Compliance and also recommended her for Internal Investigations. Katharina speaks German, English, French and Italian. She is admitted to practice in Germany (Rechtsanwalt).

Oleh Vretsona is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher. He currently practices in the firm’s Litigation Department, where he focuses on white collar criminal defense, internal investigations, regulatory inquiries, antitrust, and corporate compliance. Oleh has represented clients in a wide variety of matters, including matters arising under the U.S. Foreign Corrupt Practices Act and antitrust matters, and he has advised clients on structure and implementation of corporate compliance programs. Oleh has significant experience in conducting internal investigations and advising clients on the effectiveness of their internal compliance controls. Oleh has participated in and managed numerous internal investigations for publicly held corporations involving operations in Russia, Eastern Europe, and various other countries and regions, and conducted extensive fieldwork in those countries, including numerous witness interviews. He is admitted to practice in New York and the District of Columbia.


MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hour, of which 1.0 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact [email protected] to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour in the General Category.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Amer Ahmed, Anne Champion, Connor Sullivan, and Apratim Vidyarthi cover significant developments in newly-issued Supreme Court decisions in the 2023–24 term involving the First Amendment, following up on a previous webinar covering current First Amendment issues. 



PANELISTS:

Amer S. Ahmed is a partner in the New York office of Gibson, Dunn & Crutcher. He is a member of Gibson Dunn’s Litigation; Trials Practice; Appellate and Constitutional Law; and Media, Entertainment and Technology Practice Groups. Amer’s practice focuses on representing institutional and individual clients in a variety of high-profile litigation matters at the investigatory, trial, and appellate levels, ranging from witness preparation to product-liability actions, white-collar criminal defense, and commercial disputes. Amer has played a lead role in many First Amendment and defamation disputes. Among other matters, he has successfully defended The Washington Post against a libel lawsuit in federal court, won a complete dismissal of defamation claims against a leading social media company, advised technology companies on compliance issues under Section 230 of the Communications Decency Act, prosecuted defamation claims on behalf of a high-profile businessman based on a worldwide smear campaign, and is representing the online publication Media Matters for America in its defense of a defamation case lodged by X Corp. Amer authored the practice guide on Defamation and Reputation Management in the USA on Lexology. Amer graduated from Columbia Law School where he was named a Harlan Fiske Stone Scholar and served as an articles editor of the Columbia Law Review. He received his Bachelor of Arts in Human Biology, with distinction, from Stanford University, where he was a President’s Scholar and was elected to the Phi Beta Kappa Society.

Amer is admitted to practice in the State of New York and the District of Columbia, as well as in the Supreme Court of the United States; the United States Courts of Appeals for the District of Columbia Circuit, Second Circuit, and Fourth Circuit; the United States District Court for the District of Columbia; and the United States District Courts for the Southern and Eastern Districts of New York.

Anne M. Champion is a partner in the New York office of Gibson, Dunn & Crutcher. She is a member of the Transnational Litigation, Media Law, and International Arbitration practice groups. Anne has played a lead role in a wide range of high stakes litigation matters, including several high profile First Amendment disputes. She represented CNN’s Jim Acosta and White House Correspondent Brian Karem in successful suits to reinstate their White House press passes, and Mary Trump in her defeat of an attempt to block publication of her best-selling book about the former President, Too Much and Never Enough: How My Family Created the World’s Most Dangerous Man, for which The American Lawyer recognized her along with Ted Boutrous and Matthew McGill as Litigators of the Week. She was previously recognized as Litigator of the Week for the successful defeat of a petition to confirm an $18 billion sham Egyptian arbitration award against Chevron Corporation and Chevron USA, Inc. She has been recognized by Lawdragon as among the “500 Leading Litigators in America,” by Chambers USA 2023 for General Commercial Litigation, and Benchmark Litigation, which named her to its 2022 list of the “Top 250 Women in Litigation.”

Anne is admitted to practice in the courts of the State of New York, the United States District Courts for the Southern, Eastern, and Northern Districts of New York, the Eastern District of Texas, and the United States Courts of Appeals for the Second Circuit, the D.C. Circuit, and the Federal Circuit.

Connor Sullivan is a partner in the New York office of Gibson, Dunn & Crutcher. He is a member of the Firm’s Media, Entertainment, and Technology; Appellate and Constitutional Law; Privacy, Cybersecurity and Data Innovation; and Intellectual Property Practice Groups.

Connor has significant experience in First Amendment matters representing news media organizations and reporters, as well as litigating attempts to restrain speech prior to publication. He has been involved in some of the Firm’s major recent First Amendment victories, including successfully representing members of the White House press corps suing to secure the return of suspended press credentials and representing Mary Trump, the niece of President Donald Trump, in successfully opposing the Trump family’s attempt to enjoin the publication of her bestselling family memoir. Before joining the firm, he served as a member of the trial team in one of the largest defamation suits ever tried. He is a co-author of “Defamation and Reputation Management in the United States” for the global research platform Lexology. Connor has also worked on behalf of pro bono clients in connection with immigration and First Amendment rights.

Connor is admitted to practice in New York and the District of Columbia, and before the United States Courts of Appeals for the Second, Third, Fourth, Sixth, Ninth, and District of Columbia Circuits and the United States District Courts for the Southern and Eastern Districts of New York and the District of Columbia.

Apratim Vidyarthi is a litigation associate in the New York office of Gibson, Dunn & Crutcher. His practice focuses on white collar, law firm defense, technology, and appellate and constitutional law, with a focus on First Amendment law.

Apratim is involved in several First Amendment matters, including representing Media Matters for America in its defense against Twitter/X Corp’s defamation litigation(s), defending a former White House official’s public speech calling out social media platforms’ hosting of misinformation about COVID vaccines, defending a social media company against state investigations, and defending a large technology company against a mandatory data-sharing bill. Apratim also maintains an active First Amendment pro bono docket, having recently filed amicus briefs in Free Speech Coalition v. PaxtonVillarreal v. Alaniz, and Gonzalez v. Trevino at the Supreme Court and in Pernell v. Lamb in the Eleventh Circuit, and defending a Jewish divorcee’s First Amendment rights to protest their ex-husbands’ refusals to grant permissions to divorce.

Apratim graduated cum laude from the University of Pennsylvania Law School, where he served as Philanthropy Editor on the board of the University of Pennsylvania Law Review. He received a Master’s in Engineering from Carnegie Mellon and Bachelors degrees in Nuclear Engineering and Applied Mathematics from the University of California, Berkeley. Prior to law school, Apratim worked at Deloitte Consulting in their technology consulting group. He is admitted to practice in the State of New York, and before the Eleventh Circuit, and the United States District Courts for the Southern and Eastern Districts of New York.


MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.5 credit hour, of which 1.5 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact [email protected] to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.25 hour in the General Category.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

The False Claims Act (FCA) is one of the most powerful tools in the government’s arsenal to combat fraud, waste, and abuse involving government funds. Nearly three years ago, the Department of Justice announced the establishment of the Civil Cyber-Fraud Initiative to utilize the False Claims Act to pursue cybersecurity related fraud by government contractors and grant recipients. Since the announcement of the Civil Cyber-Fraud Initiative, the government has continued to promulgate new cybersecurity requirements and reporting obligations in government contracts and funding agreements—which may bring yet more vigorous FCA enforcement efforts by the DOJ. The DOJ, moreover, has entered into several notable FCA settlements premised on alleged cybersecurity violations, and has intervened in a first-of-its kind qui tam case related to DoD cybersecurity regulations. As we approach the third anniversary of the launch of the Civil Cyber-Fraud Initiative, as much as ever, companies that receive government funds—especially companies operating in the government contracting sector—need to understand how the government and private whistleblowers alike are wielding the FCA to enforce required cybersecurity standards, and how they can defend themselves.

Please join this recorded webcast which discusses developments in the FCA, including:

  • The latest trends in FCA enforcement actions and associated litigation affecting government contractors, including technology companies;
  • Updates on enforcement actions arising under the DOJ Civil Cyber-Fraud Initiative;
  • The latest trends in FCA jurisprudence, including developments in particular FCA legal theories affecting your cybersecurity compliance and reporting obligations; and
  • Updates to the cybersecurity regulations and contractual obligations underlying enforcement actions by DOJ’s Civil Cyber-Fraud Initiative.


PANELISTS:

Winston Y. Chan is a partner in the San Francisco office of Gibson Dunn and Co-Chair of the firm’s White Collar Defense and Investigations practice group, and also its False Claims Act/Qui Tam Defense practice group. He leads matters involving government enforcement defense, internal investigations and compliance counseling, and regularly represents clients before and in litigation against federal, state and local agencies, including the U.S. Department of Justice, Securities and Exchange Commission and State Attorneys General. Prior to joining the firm, Winston served as an Assistant United States Attorney in the Eastern District of New York, where he held a number of supervisory roles and investigated a wide range of corporate and financial criminal matters. Winston is admitted to practice law in the state of California.

Stephenie Gosnell Handler is a partner in Gibson Dunn’s Washington, D.C. office, where she is a member of the International Trade and Privacy, Cybersecurity, and Data Innovation practices. She advises clients on complex legal, regulatory, and compliance issues relating to international trade, cybersecurity, and technology matters. Stephenie ’s legal advice is deeply informed by her operational cybersecurity and in-house legal experience at McKinsey & Company, and also by her active duty service in the U.S. Marine Corps.

Stephenie returned to Gibson Dunn as a partner of the Washington, D.C. office after serving as Director of Cybersecurity Strategy and Digital Acceleration at McKinsey & Company. In this role, she led development of the firm’s cybersecurity strategy and advised senior leadership on public policy and geopolitical trends relating to cybersecurity, technology, and data. Stephenie managed a team of experienced professionals responsible for the firm’s cybersecurity strategic initiatives, cybersecurity standards and certifications program, lifecycle governance initiatives, data analytics and optimization, and digital acceleration efforts across the cyber domain. She previously led McKinsey’s in-house cybersecurity legal team, where she advised on diverse global cybersecurity and technology matters, including strategic legal issues, data localization, regulatory compliance, risk management, governance, preparedness, and response. Stephenie frequently advised at the intersection of cybersecurity, technology, and data and export control and sanctions requirements.

Melissa L. Farrar is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher. Her practice focuses on white collar defense, internal investigations, and corporate compliance. Melissa represents and advises multinational corporations in internal and government investigations on a wide range of topics, including the U.S. Foreign Corrupt Practices Act, the False Claims Act, anti-money laundering, and accounting and securities fraud, including defending U.S. and global companies in civil and criminal investigations pursued by the U.S. Department of Justice and the U.S. Securities and Exchange Commission. She also has experience representing U.S. government contractors in related suspension and debarment proceedings. In addition, Melissa routinely counsels corporations on the design and implementation of their corporate ethics and compliance programs and in connection with transactional due diligence, with a particular emphasis on compliance with anti-corruption and anti-money laundering laws. She has experience in all areas of corporate compliance, including policy and procedure and code of conduct development, program governance and structure design, risk assessment planning and implementation, and the conduct of internal investigations, among others. Melissa is admitted to practice in the District of Columbia and Virginia.

Michael R. Dziuban is a senior associate in the Washington, D.C. office, where he practices in the Firm’s Litigation Department. Michael represents clients in white collar defense and civil enforcement matters, including investigations and lawsuits under the False Claims Act. He has advised government contractors, technology companies, healthcare companies, and individual executives in various stages of FCA enforcement opposite both government agencies and qui tam relators. Michael also has guided clients through government and internal investigations under anti-corruption and anti-money laundering laws, advised clients in government contracts disputes, and counseled companies on their corporate compliance programs. Michael is admitted to practice law in the Commonwealth of Virginia and the District of Columbia.


MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hour, of which 1.0 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact [email protected] to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour in the General Category.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

New Developments

  • CFTC Approves Final Guidance Regarding the Listing of Voluntary Carbon Credit Derivative Contracts. On September 20, the CFTC approved final guidance regarding the listing for trading of voluntary carbon credit derivative contracts. The guidance applies to designated contract markets (“DCMs”), which are CFTC-regulated derivatives exchanges, and outlines factors for DCMs to consider when addressing certain Core Principle requirements in the Commodity Exchange Act (“CEA”) and CFTC regulations that are relevant to the listing for trading of voluntary carbon credit derivative contracts. The guidance also outlines factors for consideration when addressing certain requirements under the CFTC’s Part 40 Regulations that relate to the submission of new derivative contracts, and contract amendments to the CFTC. [NEW]
  • CFTC Approves Part 40 Final Rule to Simplify and Enhance Rule and Product Submission Processes. On September 12, the CFTC approved a final rule to amend Part 40 of the CFTC’s regulations. The regulations in Part 40 implement Section 5c(c) of the CEA and govern how registered entities submit self-certifications, and requests for approval, of their rules, rule amendments, and new products for trading and clearing, as well as the CFTC’s review and processing of such submissions. The amendments are intended to clarify, simplify and enhance the utility of the Part 40 regulations for registered entities, market participants and the CFTC. The final rule is effective 30 days after publication in the Federal Register. [NEW]
  • DC Circuit Court Orders Temporary Stay Suspending Trading on Election Contracts. On September 12, the United States Court of Appeals for the District of Columbia Circuit (the “DC Circuit Court”) ordered a temporary stay suspending trading on election contracts offered by KalshiEx LLC (“KalshiEx”) “to give the court sufficient opportunity to consider the emergency motion for stay pending appeal.” Prior to the temporary stay from the DC Circuit Court, the United States District Court for the District of Columbia (the “DC District Court”) overturned an order blocking KalshiEx from allowing election contract trading on its platform and denied the CFTC’s request for a stay pending appeal. KalshiEx filed a response to the CFTC’s emergency motion on September 12 and the CFTC’s reply is due to the DC Circuit Court by 6:00 pm on September 14.
  • CFTC Approves Final Rule Regarding Exemptions from Certain Compliance Requirements for Commodity Pool Operators, Commodity Trading Advisors, and Commodity Pools. On September 12, the CFTC published a final rule that amends CFTC Regulation 4.7, a provision that provides exemptions from certain compliance requirements for commodity pool operators (“CPOs”) regarding commodity pool offerings to qualified eligible persons (“QEPs”) and for commodity trading advisors (“CTAs”) regarding trading programs advising QEPs. The final rule amends various provisions of the regulation that have not been updated since the rule’s original adoption in 1992. Specifically, the final rule: (1) increases the monetary thresholds outlined in the “Portfolio Requirement” definition that certain persons may use to qualify as Qualified Eligible Persons; (2) codifies exemptive letters allowing CPOs of Funds of Funds operated under Regulation 4.7 to choose to distribute monthly account statements within 45 days of the month-end; (3) includes technical amendments designed to improve its efficiency and usefulness for intermediaries and their prospective and actual QEP pool participants and advisory clients, as well as the general public; and, (4) updates citations within 17 CFR Part 4, and throughout the CFTC’s rulebook, to reflect the new structure of Regulation 4.7.
  • CFTC Staff Issues No-Action Letter Related to Reporting and Recordkeeping Requirements for Fully Collateralized Binary Options. On September 4, 2024, the CFTC announced the Division of Market Oversight (“DMO”) and the Division of Clearing and Risk have taken a no-action position regarding swap data reporting and recordkeeping regulations in response to a request from LedgerX LLC d/b/a MIAX Derivatives Exchange LLC (“MIAXdx”), a designated contract market and derivatives clearing organization. The Divisions will not recommend the CFTC initiate an enforcement action against MIAXdx or its participants for certain swap-related recordkeeping requirements and for failure to report data associated with fully collateralized binary option transactions executed on or subject to the rules of MIAXdx to swap data repositories. The no-action letter is comparable to no-action letters issued for other similarly situated designated contract markets and derivatives clearing organizations.

New Developments Outside the U.S.

  • ESAs Warn of Risks From Economic and Geopolitical Events. On September 10, the three European Supervisory Authorities (“ESAs”) issued their Autumn 2024 Joint Committee Report on risks and vulnerabilities in the EU financial system. In the report, the ESAs underlined ongoing high economic and geopolitical uncertainties, warned of the financial stability risks that they believe stem from these uncertainties and called for continued vigilance from all financial market participants. For the first time, the report also includes a cross-sectoral deep dive into credit risks in the financial sector.
  • EC Publishes Draghi Report on the Future of European Competitiveness. On September 9, the European Commission (“EC”) published a report, Future of European Competitiveness, authored by former Italian prime minister and head of the European Central Bank Mario Draghi. The report, which was commissioned by EC president Ursula von der Leyen, outlines the EU’s new industrial strategy. Part A of the report outlines the overarching strategy, while Part B discusses sectoral and horizontal policies and related recommendations in more detail. The report covers topics that include energy derivatives, sustainable finance, EU supervision, Basel framework, and collateral. The EC president indicated that she will aim to form a cabinet, with related mission letters that she expects to cover certain aspects of the report as part of future EU policies.
  • MAS Updates FAQs on OTC Derivatives Reporting Regulations. On September 4, the Monetary Authority of Singapore (“MAS”) further updated the Frequently Asked Questions (FAQs) on the Securities and Futures (Reporting of Derivatives Contracts) Regulations 2013. MAS indicated that the FAQs are to aid implementation of the reporting obligations and elaborate on its intentions for some of the requirements. The new Singapore reporting rules will take effect on October 21, 2024.

New Industry-Led Developments

  • ISDA Publishes Results of DC Review Consultation. On September 19, ISDA published the results of a market-wide consultation on proposed changes to the structure and governance of the Credit Derivatives Determinations Committees (“DCs”). ISDA reported that the consultation indicated broad market support to implement many of the recommendations, including establishing a separate governance body, implementing certain transparency proposals relating to the publication of DC decisions and appointing up to three independent members of the DCs. Some of the proposals received a significant minority of objections. [NEW]
  • ISDA Submits Letter to US Treasury Department on Listed Transactions. On September 11, ISDA submitted a letter in response to the US Department of the Treasury’s proposal to identify certain basket contract transactions as listed transactions. In the letter, ISDA arguesd that ISDA believes the proposed regulations would apply to many non-abusive transactions, would inappropriately take the place of substantive guidance and would generate compliance burdens and uncertainty for taxpayers. [NEW]
  • ISDA Responds to Australia’s CFR on Bonds and Repo Clearing. On September 4, ISDA submitted a response to a consultation from Australia’s Council of Financial Regulators (“CFR”) on the central clearing of bonds and repos in Australia. In response to changes in the size and structure of the Australian bond and repo markets, the CFR sought feedback on the costs and benefits of introducing a central counterparty (“CCP”) in the Australian bond and repo markets. It also sought views on the circumstances under which a bond and repo CCP could be operated safely and efficiently by an overseas operator and what additional protections may be required in Australia. ISDA said that it welcomes the fact that the CFR is not considering the introduction of a clearing mandate. In its response, ISDA set out its opinion on the costs and benefits of voluntary central clearing for the Australian bond and repo markets. ISDA also commented on participation and other factors to consider for a bond and repo clearing offering to be viable. On location, the response states it is not uncommon for an overseas operator to provide clearing services related to non-domestic markets and ISDA indicated that it does not see any increased risk for an overseas operator to provide clearing services for the Australian bond and repo markets, as long as the overseas CCP is appropriately supervised and risk-managed.
  • ISDA Suggested Operational Practice “P43 Reporting of Post-Trade Events: Trades with no prior P43 Reporting.” On September 5, ISDA republished a Suggested Operational Practice (“SOP”) from July 2024 on approaches (e.g., for partial or full unwinds, partial or full novation, or partial or full exercises) under the CFTC amendments for allocated trades. The SOP recommends reporting the first Part 43 reportable post-trade event on an allocated trade with Action type “NEWT” and Event type “TRAD.”

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, and Karin Thrasher.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Derivatives practice group, or the following practice leaders and authors:

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, [email protected])

Michael D. Bopp, Washington, D.C. (202.955.8256, [email protected])

Michelle M. Kirschner, London (+44 (0)20 7071.4212, [email protected])

Darius Mehraban, New York (212.351.2428, [email protected])

Jason J. Cabral, New York (212.351.6267, [email protected])

Adam Lapidus  – New York (212.351.3869,  [email protected] )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, [email protected])

William R. Hallatt , Hong Kong (+852 2214 3836, [email protected] )

David P. Burns, Washington, D.C. (202.887.3786, [email protected])

Marc Aaron Takagaki , New York (212.351.4028, [email protected] )

Hayden K. McGovern, Dallas (214.698.3142, [email protected])

Karin Thrasher, Washington, D.C. (202.887.3712, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Join our panelists for an insightful discussion on the intersection of internal audit and government investigations.



PANELISTS:

Patrick Stokes is a partner in Gibson Dunn’s Washington, D.C. office, and Co-Chair of the firm’s Anti-Corruption and FCPA practice group. His practice focuses on internal corporate investigations and enforcement actions regarding corruption, securities fraud, and financial institutions fraud. Prior to joining the firm, Patrick headed the DOJ’s FCPA Unit, managing the FCPA enforcement program and all criminal FCPA matters throughout the United States covering every significant business sector. Previously, he served as Co-Chief of the DOJ’s Securities and Financial Fraud Unit, overseeing investigations and prosecutions of financial fraud schemes involving corporations, financial institutions, and individuals. He also served as an Assistant United States Attorney in the Eastern District of Virginia, where he prosecuted a wide variety of financial fraud, immigration, and violent crime cases. He is a member of the Maryland State Bar and the District of Columbia Bar.

Oleh Vretsona is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher. He currently practices in the firm’s Litigation Department, where he focuses on white collar criminal defense, internal investigations, regulatory inquiries, antitrust, and corporate compliance. Oleh has represented clients in a wide variety of matters, including matters arising under the U.S. Foreign Corrupt Practices Act and antitrust matters, and he has advised clients on structure and implementation of corporate compliance programs.

Oleh has significant experience in conducting internal investigations and advising clients on the effectiveness of their internal compliance controls. He has participated in and managed numerous internal investigations for publicly held corporations involving operations in Russia, Eastern Europe, and various other countries and regions, and conducted extensive fieldwork in those countries, including numerous witness interviews. Oleh is admitted to practice in New York and the District of Columbia.

Michael S. Diamant is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher. He is a member of the White Collar Defense and Investigations Practice Group, and serves on the firm’s Finance Committee. His practice focuses on white collar criminal defense, internal investigations, and corporate compliance. He has represented clients in an array of matters, including accounting and securities fraud, antitrust violations, and environmental crimes, before law enforcement and regulators, including the U.S. Department of Justice and the Securities and Exchange Commission. Michael also has managed numerous internal investigations for publicly traded corporations and conducted fieldwork in nineteen different countries on five continents.

Michael regularly conducts internal investigations for corporations regarding possible anti-bribery violations and assists them in complying with government subpoenas and negotiating settlements with enforcement agencies. He also routinely advises corporations on the adequacy of the design and implementation of their corporate ethics and compliance programs. This has included extensive work on all programmatic elements, including whistleblowing and investigative procedures, codes of conduct, expense approval and reimbursement processes, and oversight and governance functions, among many others. Michael is admitted to practice in the District of Columbia and the State of Virginia.

Courtney M. Brown is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher, where she practices primarily in the areas of white collar criminal defense and corporate compliance. Courtney has experience representing and advising multinational corporate clients, boards of directors, and executives in internal and government investigations and enforcement actions on a wide range of topics, including anti-corruption, anti-money laundering, economic sanctions, financial and accounting, and tax fraud matters. Courtney also counsels corporations on the effectiveness of their compliance programs and in connection with transactional due diligence, with a particular emphasis on compliance with anti-corruption laws, anti-money laundering regulations, and economic and trade sanctions administered by the U.S. Department of Treasury’s Office of Foreign Assets Control. She is a member of the bars of the District of Columbia and Virginia.


MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hour, of which 1.0 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact [email protected] to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour in the General Category.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Gibson, Dunn & Crutcher LLP is pleased to announce with Global Legal Group the release of the International Comparative Legal Guide to Sanctions 2025 – Germany Chapter. Gibson Dunn partner Benno Schwarz and associate Nikita Malevanny are co-authors of the publication which provides an overview of the EU sanctions regime as applied by Germany and covers relevant government agencies, applicable guidance, sanctions jurisdiction, export controls, criminal and civil enforcement, recent developments, and other topics. The chapter was co-authored with Veit Bütterlin-Goldberg and Svea Ottenstein from AlixPartners.

You can view this informative and comprehensive chapter via the link below:

CLICK HERE to view Sanctions 2025 – Germany Chapter.


For further information, please feel free to contact the authors, the Gibson Dunn lawyer with whom you usually work, or any leader or member of the firm’s International Trade practice group.

About Gibson Dunn’s International Trade Practice Group:

Gibson Dunn’s International Trade practice includes some of the most experienced practitioners in the field. Our global experience is unparalleled – the practice’s lawyers have worked extensively across Asia, Europe, the Gulf, and the Americas and many have served in senior government and enforcement roles as principal architects of key sanctions and export controls regimes and relief, including with respect to U.N. sanctions, and U.S. measures against Iran, Russia, Cuba, and Myanmar.

Please visit our International Trade practice page or contact Benno Schwarz (+49 89 189 33-210, [email protected]) or Nikita Malevanny (+49 89 189 33-224, [email protected]) in Munich.

About the Authors:

Benno Schwarz is a partner in the Munich office of Gibson, Dunn & Crutcher and co-chair of the firm’s Anti-Corruption & FCPA Practice Group. He focuses on white collar defense and compliance investigations in a wide array of criminal regulatory matters. For more than 30 years, he has handled sensitive cases and investigations concerning all kinds of compliance issues, especially in an international context, advising and representing companies and their executive bodies. He coordinates the German International Trade Practice Group of Gibson Dunn and assists clients in navigating the complexities of sanctions and counter-sanctions compliance. He is regularly recognized as a leading lawyer in Germany in the areas of white-collar crime, corporate advice, compliance and investigations.

Nikita Malevanny is an associate in the Munich office of Gibson, Dunn & Crutcher, and a member of the firm’s International Trade, White Collar Defense and Investigations, and Litigation Practice Groups. He focuses on international trade compliance, including EU sanctions, embargoes and export controls. He also carries out internal and regulatory investigations in the areas of corporate anti-corruption, anti-money laundering and technical compliance. Handelsblatt / The Best LawyersTM in Germany 2024/2025 have recognized him in their list “Ones to Watch” for litigation and intellectual property law. The Legal 500 Deutschland 2024 and The Legal 500 EMEA 2024 have recommended him for Foreign Trade Law. He holds both German and Russian law degrees and speaks German, English, Russian and Ukrainian. He is a regular member of Gibson Dunn’s cross-border teams supporting and advising clients on global sanctions and export control aspects.

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

On September 5, 2024, Institutional Shareholder Services (ISS) released its 2024 Proxy Season Review:  United States – Executive Compensation. The below chart summarizes our observations of the 2024 data and key takeaways as we look to the 2025 proxy season. While these trends are positive for issuers overall, they underscore that issuers, their boards, compensation committees, and management should continue to take an active role in compensation programs, disclosure, and shareholder engagement practices.

Observations

Key Takeaways

Increased shareholder support for say-on-pay and equity plan proposals.  Median say-on-pay support levels rebounded after steadily declining since 2017, though median say-on-pay support did not quite reach 95% (hovering at 94.9%, well below the highs of 2015-2017). Instances of low (less than 70%) say-on-pay support and failed say-on-pay votes each also decreased to 5.1% and 1%, respectively in 2024.  

Likewise, after declining in 2022 and 2023, equity plan support improved in 2024 and equity plan failure rates normalized at just under 1% (down from 1.6% in 2023).

ISS notes that this is the lowest proxy season say-on-pay failure rate ever observed. We attribute this positive trend to continued transparency in compensation program disclosures and increased attention on shareholder engagement efforts.

Issuers should continue to address in their disclosures (1) how their compensation practices affect shareholder dilution and reflect and respond to broader market conditions, including inflationary pressures and economic volatility, and (2) how these factors impact their approach to designing and administering their compensation programs.

Continued positive correlation between pay-for-performance quantitative screen and ISS say-on-pay vote recommendation.  Unsurprisingly, higher quantitative screen concern levels correlated to a higher likelihood of an “against” recommendation, with over half of issuers flagged with a “high” concern level receiving “against” recommendations.

Interestingly, the 3% of issuers with a “low” concern level that received “against” recommendations generally were cited for problematic contractual provisions, non-CEO executive pay, insufficient board responsiveness, or severance payouts.

Rising CEO pay.  After dipping slightly in 2023, median CEO pay in the S&P 500 reached its highest level since say-on-pay votes began over a decade ago – $15.6 million. The Russell 3000 (excluding the S&P 500) median CEO pay also trended up slightly to $5.3 million, but was still below the high-water mark set in 2021.

ISS notes that the record low say-on-pay failure rates combined with the record high S&P CEO median pay level suggest that investors are considering factors beyond pay magnitude in their voting decisions. Consistent with ISS’s proxy voting guidelines, many large investors’ say-on-pay votes can be swayed by problematic pay practices (such as one-time awards or application of discretion in pay decisions) without clear disclosure of a compelling rationale.

Compensation plan design continues to favor formulaic and performance-based compensation.  Annual and long-term incentive awards trended towards non-discretionary and performance-based design, respectively.

ISS’s focus on formulaic performance-based compensation, including the impact of ISS’s pay-for-performance quantitative screen noted above, continues to correlate with the say-on-pay vote recommendation.

Specific sectors and the Russell 3000 continue to use discretionary compensation.  While discretionary compensation across all sectors and indices has generally declined or remained steady year-over-year, financial sector CEOs and a higher percentage of Russell 3000 (excluding S&P 500) CEOs continued to receive discretionary bonuses.

Discretionary compensation may still have specific appropriate use cases, though issuers should consider clearly disclosing the business or sector-specific rationale when deploying discretionary compensation. Based on these trends, benchmarking against sector-specific peers may also be helpful.

Higher perquisite numbers driven by aircraft perks and security costs.  Median values of CEO “all other compensation” reported in 2024 climbed markedly in the S&P 500, particularly in the upper percentiles of perquisite values.

The ISS report noted that increases in CEO “all other compensation” levels appeared to be primarily driven by larger corporate aircraft perks and security costs.  And at the same time, issuers have seen an enhanced focus by the SEC and IRS on reporting and disclosure of these benefits.

Equity plan design trends include continuing rise of evergreen provisions, use of discretion to accelerate vesting, and no minimum vesting requirement.  While “problematic” provisions like repricings or cash buyouts of equity awards without shareholder approval, and liberal change in control vesting provisions continued to decline overall, evergreen provisions in equity plans continued a steady rise and were observed in over 15% of 2024 plans up for approval. Issuers seeking plan approval in 2024 continued to eschew limitations on flexibility to accelerate vesting and set vesting schedules.

The prevalence of evergreen provisions is likely attributable in part to the repeal of Section 162(m) of the Internal Revenue Code in 2017 and an increase in SPAC/de-SPAC transactions since 2021. Favoring the ability to set and adjust vesting schedules is unsurprising as issuers balance the need for flexibility in equity plan administration.

No surprises in pay-versus-performance disclosure.  Consistent with 2023, most industries used earnings as their most important performance metric and technology, media and telecom looked to revenue. Compensation actually paid (CAP) trended upwards in most industries.

The overall increase in CAP is not surprising given its correlation to increases in stock prices and the year-over-year performance of the relevant industries from fiscal year 2022 to fiscal year 2023.

Modest increases in CEO pay ratio.  Median CEO pay ratio in the S&P 500 saw a small increase year-over-year while the other indices (S&P 400, S&P 600, and remaining Russell 3000) remained steady.

Consistent with the trends in CEO pay levels, the median CEO pay-to-median employee ratios in the S&P 500, S&P 400, S&P 600 and remaining Russell 3000 were 189, 111, 73, and 45, respectively.

Say-on-golden parachute failure rate increased.  In 2024, proposals seeking advisory approval of compensation payable in connection with a change of control dipped below 80% average support for the first time since 2017, and the failure rate for these proposals hit an all-time-high of 17%.

Say-on-golden parachute support/failure rates have generally correlated to changes in median golden parachute value, which increased 35% year-over-year from 2023 to 2024.


The following Gibson Dunn lawyers assisted in preparing this update: Krista Hanvey, Elizabeth Ising, Ronald Mueller, Ekaterina Napalkova, and Lori Zyskowski.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these issues. To learn more about these developments, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Executive Compensation and Employee Benefits or Securities Regulation and Corporate Governance practice groups:

Executive Compensation and Employee Benefits:
Sean C. Feller – Los Angeles (+1 310.551.8746, [email protected])
Krista Hanvey – Dallas (+ 214.698.3425, [email protected])
Kate Napalkova – New York (+1 212.351.4048, [email protected])

Securities Regulation and Corporate Governance:
Elizabeth Ising – Washington, D.C. (+1 202.955.8287, [email protected])
James J. Moloney – Orange County (+1 949.451.4343, [email protected])
Ronald O. Mueller – Washington, D.C. (+1 202.955.8671, [email protected])
Lori Zyskowski – New York (+1 212.351.2309, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

I. Introduction

For fiscal years beginning on or after April 1, 2023, domestic public companies are required to disclose whether they have adopted insider trading policies and procedures governing the purchase, sale, and/or other dispositions of their securities by their directors, officers and employees, or the companies themselves, and if so to file those policies and procedures as an exhibit to their annual reports on Form 10-K.[1] While calendar year companies must comply with these requirements in their Form 10-K for, or proxy statement following, the fiscal year ending December 31, 2024, 49 S&P 500 companies had addressed these requirements in filings as of June 30, 2024.[2]

As discussed in the summary of our preliminary observations below, while specific provisions vary from company to company, certain common approaches are emerging with respect to key policy terms. That said, company policies and procedures can vary based on a company’s particular circumstances, some companies may have interpretive materials that were not filed but elaborate on the operation of their policies and procedures, and some companies are updating their policies and procedures in light of the new filing requirements. As a result, we caution companies against treating these early observations as “best practices.” Your Gibson Dunn contacts are available to discuss the specifics of your policy and answer any questions you may have.

II. Persons Subject to the Insider Trading Policies

Nearly all policies we reviewed (96%) cover all company personnel (i.e., directors, officers and all employees of companies and their subsidiaries and, in some cases, certain affiliates) and their family members. Additionally, a significant majority of the policies (82%) expressly state that they apply to legal entities such as trusts whose securities transactions are controlled or influenced by company personnel and, in some cases, their family members. A majority of the policies (63%) also apply insider trading restrictions to contractors and/or consultants.[3]

III. Transactions in Company Securities Subject to the Insider Trading Policies

All of the policies specify types of transactions that are subject to, or are exempt from, the policy terms. Aside from open market sales or purchases, which are addressed in all of the policies, the most commonly addressed transactions include the following:

  • A significant majority of the policies (86%) provide some level of restriction on gifts, addressing to one degree or another the SEC’s position that gifts can constitute a form of insider trading.[4] A majority (61%) specifically address gifts as being subject to the policy for all covered persons (i.e., prohibiting gifts when an individual subject to the policy is in possession of material nonpublic information (“MNPI”) and/or applying window periods and/or pre-clearance restrictions to gifts),[5] although a handful of companies (8%) restrict gifts only if the donor has reason to believe the donee will sell while the donor has MNPI. Of the policies that do not apply gift restrictions to all employees, a majority restrict gifts only for certain covered persons that are subject to additional restrictions, such as blackout periods and/or pre-clearance procedures.
  • Option Exercises. A majority of the policies (69%) exempt exercises of options when there is no associated sale on the market; however, exercises of options where there is a sale of some or a portion of shares delivered upon exercise (e.g., cashless broker exercise) are typically treated like any other sale. Of this group, approximately a quarter of the policies specifically provide that withholding of shares for tax withholding purposes is exempt, and a smaller minority of policies provide that withholding of shares for tax withholding purposes and/or the payment of exercise price is exempt.
  • Vesting and Settlementof Other Equity Awards. A majority of the policies (59%) exempt vesting and settlement of equity awards, such as RSUs and restricted stock, and 51% of the policies specifically provide that withholding of shares for tax purposes (i.e., net share settlement) is exempt.

IV. Transactions in Other Company Securities

Nearly all policies (96%) specifically include some form of restriction on trading in the securities of another company when the person is aware of MNPI about that company or its securities. A significant majority of the policies (82%) prohibit trading in the securities of another company when the person is aware of MNPI about such company that was learned in the course of or as a result of the covered person’s employment or relationship with the company. The rest apply the prohibition more broadly to trading in the securities of another company while aware of MNPI about that company, without specifically addressing how the information was learned. Of the 82%, a minority tailor the prohibition to apply only to trading in the securities of another company that has some sort of a business relationship with the company (e.g., customers, vendors, or suppliers) or that is engaged in a potential business transaction with the company, and a smaller subset of these policies also include a specific reference to “competitors” in this prohibition.

V. Blackout Periods and Preclearance Procedures

  • Persons subject to quarterly blackout periods. A significant majority of the policies (88%) subject directors, executive officers and a designated subset of employees to regular quarterly blackout periods, with a few policies applying two different blackout periods to different groups of employees. Although the groups of persons (other than directors and executive officers) who are subject to quarterly blackout periods tend to be company-specific, most of the policies identify the “restricted persons” to include employees by title (e.g., all Vice Presidents or higher) and/or by department or role (e.g., all officers in accounting, financial planning and analysis, investor relations, legal and finance departments, etc.) as well as other employees who have been identified as having access to systems that have MNPI. Some policies take a less specific approach and identify restricted persons as those who are designated as such by the officer administering the insider trading policy. A minority of the policies (6%) subject all covered persons under the policy to quarterly blackout periods.
  • Start and end of quarterly blackout periods. The start date of the quarterly blackout periods ranges from quarter end to four weeks or more prior to quarter end. Under almost half of the policies (45%), the quarterly blackout periods start approximately two weeks prior to quarter end, 14% start the blackout periods three to four weeks prior to quarter end, and 18% start four weeks or more prior to quarter end. A significant majority of the policies (76%) end the quarterly blackout periods one to two full trading days after the release of earnings, with more policies ending after one trading day (51%) than two trading days (24%).[6] Additionally, nearly all policies specifically state that from time to time the company may implement additional special blackout periods.
  • Preclearance procedures. Nearly all policies require that certain covered persons must preclear their transactions with the appropriate officer administering the insider trading policy prior to execution. There is, however, variation in the persons subject to preclearance procedures—for 65% of the policies, the preclearance persons are a subset of the persons subject to blackout periods, while for a minority of the policies (29%), they are the same as the persons subject to the blackout periods. Of the 65% of the policies, a minority (38%) require preclearance only from the company’s directors and executive officers.[7] Regardless of scope, nearly all of the policies provide that directors and executive officers are subject to preclearance procedures.

VI. Special Prohibitions Under the Insider Trading Policies

All of the policies prohibit or otherwise restrict certain types of transactions regardless of whether they involve actual insider trading, in some cases stating that such transactions present a heightened risk of securities law violations or the potential appearance of improper or inappropriate conduct. The most common prohibitions addressed: hedging transactions (96%);[8] speculative transactions (96%); pledging securities as collateral for a loan (90%); and trading on margin or holding securities in margin accounts (82%). Although a significant majority of the policies apply the prohibition on hedging and speculative transactions to all persons subject to the policy, prohibitions on pledging and/or margin trading/accounts are sometimes limited to sub-categories of persons subject to the insider trading policies (39% and 27%, respectively): for instance, some policies apply the prohibition only to directors and executive officers or persons subject to quarterly blackout periods and/or preclearance procedures.[9]

A significant majority of the policies do not specifically address standing or limit orders or short-term trading, but of the ones that do, a significant majority take the approach of discouraging such transactions rather than strictly prohibiting them. Even where standing or limit orders are not strictly prohibited, some policies require that such orders be cancelled if the person becomes aware of MNPI (or prior to the start of a blackout period, if applicable). A few policies prohibit standing or limit orders if they go beyond a specified duration.

VII. Rule 10b5-1 Plans

All of the policies address the availability of Rule 10b5-1 plans. A significant majority of the policies (86%) do not set forth restrictions on who can enter into a Rule 10b5-1 plan so long as approval and other requirements are met, but a minority of the policies (12%) limit the use of 10b5-1 plans to directors and designated officers. A small minority of the policies (6%) require directors and designated officers to trade only pursuant to Rule 10b5-1 plans.

All of the policies require that Rule 10b5-1 plans be approved prior to adoption, but the policies tend to vary in approach when describing the guidelines for entering into Rule 10b5-1 plans (or modifying or terminating them). A significant majority (71%) of the policies describe the specified conditions under the SEC rules for a plan to qualify as a Rule 10b5-1 plan, although some do so in a more streamlined manner than others. Of these policies, a majority include Rule 10b5-1 plan requirements within the body of the policy, although a minority do so in an appendix and one company filed the plan guidelines as a separate exhibit. A minority of the policies (29%) do not describe the specified conditions under Rule 10b5-1, but provide a general statement regarding the affirmative defense from insider trading liability under the securities laws for transactions under a compliant Rule 10b5-1 plan and refer covered persons to the officer administering the policy for more information and guidelines on how to establish such a plan.

VIII. Policies Addressing Company Transactions

As noted above, Item 408(b) of Regulation S-K requires a public company to disclose whether it has adopted insider trading policies and procedures governing transactions in company securities by the company itself, and, if so, to file the policies and procedures, or if not, to explain why. Of the 23 S&P 500 companies subject to Item 408(b) that filed a Form 10-K and proxy statement prior to June 30, 2024, a significant majority (78%) did not address insider trading policies or procedures governing companies’ transactions in their own securities.[10] Of the ones that did, most included a brief sentence or two about the company’s policy of complying with applicable laws in trading in its own securities. Only one company in our surveyed group filed a company repurchase policy as a separate exhibit.

IX. Filing Practices Regarding Related Policies or Documents

A significant majority (88%) of the companies filed only a single insider trading policy and no other related policies or documents (even where they referenced other related policies in their insider trading policy).[11] In the few cases where multiple policies were filed, they appear to be supplemental guidelines/policies covering topics not generally applicable to all employees (e.g., trading windows, preclearance, 10b5-1 plans).

* * * *

We will continue to monitor public company filings of insider trading policies and procedures and expect to update our survey in early 2025 once calendar year-end companies’ Forms 10-K are on file, as we expect disclosure and filing practices to evolve as companies go through the first full year of complying with the new Item 408(b) disclosure and filing requirements.

[1]See Items 408(b) and 601(b)(19) of Regulation S-K, adopted by the SEC in connection with the Rule 10b5-1 amendments in December 2022. If a company has not adopted such policies and procedures, it is required to explain why it has not done so. Disclosure about the adoption (or not) of policies or procedures must appear in a company’s proxy statement (and must also be included in, or incorporated by reference to, Part III of a company’s Form 10-K), whereas the policies and procedures are to be filed as exhibits to the company’s Form 10-K.

[2] This group of 49 S&P 500 companies includes 23 companies that made Item 408(b) disclosures and 26 companies that were not subject to the disclosure requirements but voluntarily filed their insider trading policies and procedures with a Form 10-K filed prior to June 30, 2024.

[3] A minority of policies also include other service providers specific to their businesses.

[4] See Final Rule: Insider Trading Arrangements and Related Disclosures, Release No. 33-11138 (Dec. 14, 2022). In its adopting release, the SEC stated its view that the terms “trade” and “sale” in Rule 10b5-1 include bona fide gifts of securities and that gifts can be subject to Section 10(b) liability, since the Securities Exchange Act of 1934 does not require that a “sale” be for value and instead provides that the terms “sale” or “sell” each include “any contract to sell or otherwise dispose of.”

[5] A small minority of these policies also provide certain exceptions for gifts, including gifts to family members and/or controlled entities that are already subject to the policy, or exceptions on a case by case basis.

[6] Some policies use business days instead of trading days, but many policies do not define either term. We treated them as the same for purposes of our data analysis.

[7] The remaining 6% includes two policies that do not address preclearance procedures and one policy which is unclear.

[8] Item 407(i) of Regulation S-K requires companies to disclose practices or policies they have adopted regarding the ability of employees (including officers) or directors to engage in certain hedging transactions.

[9] A few policies allow for exceptions, subject to preclearance.

[10] For the purposes of this survey, we limited our review to Exhibit 19 filings and did not review the companies’ disclosures in the body of the proxy statement or Form 10-K addressing Item 408(b)(1) of Regulation S-K.

[11] Under Regulation S-K Item 408(b)(2), if all of a company’s insider trading policies and procedures are included in its code of ethics that is filed as an exhibit to the company’s Form 10-K, that satisfies the exhibit requirement. However, many companies do not file their code of ethics and instead rely on one of the alternative means of making the code available allowed under S-K Item 406(c)(2) and (3).

The following Gibson Dunn lawyers assisted in preparing this update: Aaron K. Briggs, Thomas Kim, Brian Lane, Julia Lapitskaya, James Moloney, Ronald Mueller, Michael Titera, Lori Zyskowski, and Stella Kwak.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these developments. To learn more, please contact the Gibson Dunn lawyer with whom you usually work, or any leader or member of the firm’s Capital Markets or Securities Regulation and Corporate Governance practice groups:

Capital Markets:
Andrew L. Fabens – New York (+1 212.351.4034, [email protected])
Hillary H. Holmes – Houston (+1 346.718.6602, [email protected])
Stewart L. McDowell – San Francisco (+1 415.393.8322, [email protected])
Peter W. Wardle – Los Angeles (+1 213.229.7242, [email protected])

Securities Regulation and Corporate Governance:
Elizabeth Ising – Washington, D.C. (+1 202.955.8287, [email protected])
James J. Moloney – Orange County (+1 949.451.4343, [email protected])
Lori Zyskowski – New York (+1 212.351.2309, [email protected])
Aaron Briggs – San Francisco (+1 415.393.8297, [email protected])
Thomas J. Kim – Washington, D.C. (+1 202.887.3550, [email protected])
Brian J. Lane – Washington, D.C. (+1 202.887.3646, [email protected])
Julia Lapitskaya – New York (+1 212.351.2354, [email protected])
Ronald O. Mueller – Washington, D.C. (+1 202.955.8671, [email protected])
Michael Scanlon – Washington, D.C.(+1 202.887.3668, [email protected])
Mike Titera – Orange County (+1 949.451.4365, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

This guidance reflects the increasing willingness of Hong Kong financial regulators to regulate the use of artificial intelligence.

In recent weeks, the Hong Kong Monetary Authority (“HKMA”) has been active in releasing guidance to authorized institutions (“AIs”) regarding their use of artificial intelligence in both customer-facing applications as well as in relating to detection of money laundering and terrorist financing (“ML/TF”). This guidance reflects the increasing willingness of Hong Kong financial regulators to regulate the use of artificial intelligence. We consider that this is reflective of the significant interest of financial institutions in Hong Kong in exploring the use of generative artificial intelligence (“GenAI”) in particular, with 39% of AIs surveyed by the HKMA earlier this year reporting that they either have already adopted GenAI in the provision of general banking products and services as well as daily operations, or that they plan to do so.  Given this, we expect other Hong Kong regulators to issue guidance in this space in the coming months.

This client briefing covers:

  1. The guiding principles issued by the HKMA on August 19, 2024 (“GenAI”) in customer-facing applications (“GenAI Guidelines”).[1] The GenAI Guidelines build on a previous HKMA circular “Consumer Protection in respect of Use of Big Data Analytics and Artificial Intelligence by Authorized Institutions” dated November 5, 2019 (“2019 BDAI Guiding Principles”) and provide specific guidelines to AIs on the use of GenAI;[2] and
  2. The circular issued by the HKMA on September 9, 2024 requiring AIs with significant operations in Hong Kong to (a) undertake a study to consider the feasibility of using artificial intelligence in tackling ML/TF, and to (b) submit the feasibility study and an implementation plan to the HKMA by the end of March 2025 (“ML/TF Circular).[3]

I. Background to GenAI Regulation by the HKMA

GenAI is a form of big data analytics and artificial intelligence (“BDAI”) that enables generation of new content such as text, image, audio, video, code or other media, based on vast amounts of data. GenAI’s ability to generate new and original content sets it apart from other forms of traditional artificial intelligence, which is focused on analyzing information and automating processes. While its content-generating ability gives GenAI tremendous potential to streamline business processes and improve efficiency, this ability also creates risks such as hallucination risk (i.e. where a GenAI model generates incorrect or misleading results due to insufficient training data, incorrect assumptions or biases made by the model).

This content-generating ability, combined with the growing interest in GenAI adoption within the banking sector, has prompted the HKMA to issue the GenAI Guidelines. According to a recent survey on the use of BDAI (including GenAI) by AIs conducted by the HKMA, 39% of surveyed AIs reported adopting or planning to adopt GenAI in the provision of general banking products and services, as well as daily operations. While the majority of the current reported use cases in GenAI are in relation to internal business functions, such as summarisation and translation, coding and internal chatbots, the HKMA has stated that it considers that:

  • the content-generating capability of GenAI lends itself to increased uptake and deployment in relation to customer-facing activities; and
  • the prospective increase in the use of GenAI in customer-facing activities raises consumer protection concerns due to risks such as lack of explanability and hallucination risks, which in the HKMA’s words ‘could cause even more significant impact on customers’ than the use of less complex BDAI.

Given this, while the HKMA expects all AIs to continue to apply the 2019 BDAI Guiding Principles, the HKMA also expects all AIs to adhere to the additional principles in the GenAI Guidelines in order to ensure appropriate safeguards are in place when GenAI is adopted for customer-facing applications.

II. Summary of the HKMA’s GenAI Guidelines

Using the 2019 BDAI Guiding Principles as a foundation, the GenAI Guidelines adopts the same core principles of governance and accountability, fairness, transparency and disclosure, and data privacy and protection, but introduces additional requirements to address the specific challenges presented by GenAI.

Core Principles Requirements under GenAI Guidelines
Governance and Accountability The board and senior management of AIs should remain accountable for all GenAI-driven decisions and processes, and should thoroughly consider the potential impact of GenAI applications on customers through an appropriate committee which sits within the AI’s governance framework.The board and senior management should ensure the following:

  • Clearly defined scope of customer-facing GenAI applications to avoid GenAI usage in unintended areas;
  • Proper policies and procedures and related control measures for responsible GenAI use in customer-facing applications; and
  • Proper validation of GenAI models, including a “human-in-the-loop” approach in early stages, i.e. having a human retain control in the decision-making process, to ensure the model-generated outputs are accurate and not misleading.
Fairness AIs are responsible for ensuring that GenAI models produce objective, consistent, ethical, and fair outcomes for customers. This includes:

  • That model generated outputs do not lead to unfair outcomes for customers. As part of this, AIs are expected to give consideration to different approaches that may be deployed in GenAI models, such as (a) anonymizing certain data categories; (b) using comprehensive and fair datasets; and (c) making adjustments to remove bias during validation and review; and
  • During the early deployment stage, provide customers with an option to opt out of GenAI use and request human intervention on GenAI-generated decisions as far as practicable. If an “opt-out” option is unavailable, AIs should provide channels for customers to request review of GenAI-generated decisions.
Transparency and Disclosure AIs should:

  • Provide appropriate transparency to customers regarding GenAI applications;
  • Disclose the use of GenAI to customers; and
  • Communicate the use, purpose, and limitations of GenAI models to enhance customer understanding.
Data Privacy and Protection AIs should:

  • Implement effective protection measures for customer data; and
  • Where personal data are collected and processed by GenAI applications, comply with the Personal Data (Privacy) Ordinance, including the relevant recommendations and good practices issued by the Office of the Privacy Commissioner for Personal Data, such as the “Guidance on the Ethical Development and Use of Artificial Intelligence” issued on August 18, 2021,[4] and the “Artificial Intelligence: Model Personal Data Protection Framework” issued on June 11, 2024.[5]

Notably, the HKMA has also expressed support for proactive use of BDAI and GenAI in enhancing consumer protection in the banking sector. Examples of suggested use cases include identification of customers who are vulnerable and require more protection and education; identification of customers who may need more information or clarifications to better understand product features, risks, and terms and conditions in the disclosure; or issuance of fraud alerts to customers engaging in transactions with potentially higher risks.

III. Summary of the HKMA Circular

Consistent with the HKMA’s recognition of the potential use of GenAI in consumer protection in the GenAI Guidelines, the HKMA Circular also indicates that the HKMA recognizes the considerable benefits that may come from the deployment of artificial intelligence in monitoring ML/TF. In particular, the HKMA Circular notes that the use of artificial intelligence powered systems ‘take into account a broad range of contextual information focusing not only on individual transactions, but also the active risk profile and past transaction patterns of customers…These systems have proved to be more effective and efficient than conventional rules-based transaction monitoring systems commonly used by AIs.’[6]

Given this, the HKMA has indicated that AIs with significant operations in Hong Kong should:

  • give due consideration to adopting artificial intelligence in their ML/TF monitoring systems to enable them to stay effective and efficient;
  • undertake a feasibility study in relation to the adoption of artificial intelligence in their ML/TF monitoring systems and, based on the outcome of that review, should formulate an implementation plan.

The feasibility study and implementation plan should be signed off at the board level and submitted to the HKMA by the end of March 2025.[7]

The HKMA has also indicated that it intends to support the use of artificial intelligence by AIs in this space through the establishment of a dedicated team to provide feedback and guidance to assist AIs, as well as through organisation of an experience sharing forum in November 2024 to allow firms to share regarding their use of artificial intelligence in relation to ML/TF monitoring.

IV. Conclusion

The issue of the GenAI Guidelines and HKMA Circular by the HKMA reflect the HKMA’s awareness of both the considerable potential of GenAI as well as the prospective risks associated with its deployment. Given the HKMA’s interest in this space, we recommend that AIs review and update their policies and procedures in relation to the use of GenAI to ensure compliance with the GenAI Guidelines. As part of this, AIs should ensure that the use of GenAI in customer-facing activities are thoroughly considered at a board and senior management and governance committee level.

Further, it is important more generally that AIs develop the necessary expertise in understanding the artificial intelligence model that is being adopted. This will not only assist senior management in its decision making process with respect to their deployment of artificial intelligence, but will also aid in the development of appropriate internal systems and controls with respect to the use of artificial intelligence. For instance, AIs can consider implementing staff training on the features and risks of artificial intelligence, to ensure that issues caused by artificial intelligence models are adequately escalated and addressed.

[1] “Consumer Protection in respect of Use of Generative Artificial Intelligence”, published by the HKMA on August 19, 2024, available at: https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2024/20240819e1.pdf

[2] “Consumer Protection in respect of Use of Big Data Analytics and Artificial Intelligence by Authorized Institutions”, published by the HKMA on November 5, 2019, available at: https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2019/20191105e1.pdf

[3] “Use of Artificial Intelligence for Monitoring of Suspicious Activities”, published by the HKMA on September 9, 2024, available at https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2024/20240909e1.pdf

[4] “Guidance on the Ethical Development and Use of Artificial Intelligence”, published by the Office of the Privacy Commissioner for Personal Data on August 18, 2021, available at: https://www.pcpd.org.hk/english/resources_centre/publications/files/guidance_ethical_e.pdf

[5] “Artificial Intelligence: Model Personal Data Protection Framework”, published by the Office of the Privacy Commissioner for Personal Data on June 11, 2024, available at https://www.pcpd.org.hk/english/resources_centre/publications/files/ai_protection_framework.pdf

[6] “Use of Artificial Intelligence for Monitoring of Suspicious Activities”, published by the Hong Kong Monetary Authority on September 9, 2024, available at https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2024/20240909e1.pdf

[7] Ibid. The HKMA will communicate with AIs on an individual basis regarding the exact timing for the feasibility study and implementation plan and the format in which they should be provided, and will consider further engagement and follow up in due course. Reference should also be made to:

(a) “Report on AML/CFT Regtech: Case Studies and Insights Volume 1” published on 21 January 2021, available at https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2021/20210121e1a1.pdf;

(b) “Report on AML/CFT Regtech: Case Studies and Insights Volume 2” published on 25 September 2023, available at https://www.hkma.gov.hk/media/eng/doc/key-functions/banking-stability/aml-cft/AMLCFT_Regtech-Case_Studies_and_Insights_Volume_2.pdf ; and

(c) “Thematic Review of Transaction Monitoring Systems and Use of Artificial Intelligence” published on 17 April 2024, which sets out insights for design, implementation and optimisation of transaction monitoring systems, available at https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2024/20240417e1a1.pdf.


The following Gibson Dunn lawyers prepared this update: William Hallatt, Emily Rumble, and Jane Lu.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact any member of Gibson Dunn’s Financial Regulatory team, including the following members in Hong Kong:

William R. Hallatt (+852 2214 3836, [email protected])
Emily Rumble (+852 2214 3839, [email protected])
Arnold Pun (+852 2214 3838, [email protected])
Becky Chung (+852 2214 3837, [email protected])
Jane Lu (+852 2214 3735, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Michael Holecek, DJ Manthripragada, and Madeleine McKenna discuss the latest developments in arbitration agreements and mass arbitration. They discuss recent trends in mass arbitration filings and defenses, recent mass arbitration court cases, changes in arbitration provider rules and fee schedules, and approaches to drafting mass arbitration provisions.



PANELISTS:

Michael Holecek is a litigation partner in the Los Angeles office of Gibson, Dunn & Crutcher, where his practice focuses on complex commercial litigation, class actions, and labor and employment law—both in the trial court and on appeal. Michael has first-chair trial experience and has successfully tried to verdict both jury and bench trials, he has served as lead arbitration counsel, and he has presented oral argument in numerous appeals. Michael represents clients in worker classification disputes – including independent contractor misclassification litigation, misclassification lawsuits involving the FLSA and state law, lawsuits under California’s Private Attorneys General Act (“PAGA”), class action employment lawsuits, and lawsuits against staffing agencies and gig economy platforms. He also has considerable experience with drafting arbitration agreements and arbitration clauses, mass arbitration, disputes over arbitration fees, and enforcing arbitration agreements. He has successfully litigated dozens of motions to compel arbitration and class action waivers in California, New York, Florida, Illinois, and other states. In 2023, Michael presented to the ABA National Class Actions Conference on arbitration agreements, class action waivers, and mass arbitration. Michael was recognized in The Best Lawyers in America® 2022 Ones to Watch in Mass Tort Litigation / Class Action.

Dhananjay (DJ) Manthripragada is a partner in the Los Angeles and Washington, D.C. offices of Gibson, Dunn & Crutcher. He is Chair of the firm’s Government Contracts practice group, and also a member of the Litigation, Class Actions, Labor & Employment, and Aerospace and Related Technologies practice groups. DJ has a broad complex litigation practice, and has served as lead counsel in precedent setting litigation before several United States Courts of Appeals, District Courts and state courts in jurisdictions across the country, the Court of Federal Claims, and the Federal Government Boards of Contract Appeals. He has first-chair trial experience and has successfully tried to verdict both jury and bench trials, and has served as lead counsel in arbitration and other alternative dispute resolution forums. His practice spans a wide range of industries, and he has represented some of the world’s leading aerospace and defense, finance, logistics/transportation, high-technology, and pharmaceutical companies in their most significant matters. DJ is also highly regarded as a trusted advisor to clients regarding significant compliance/enforcement, contract, dispute resolution, and employment issues. He was recognized in The Best Lawyers in America® Ones to Watch in Commercial Litigation in 2021 and 2022.

Madeleine McKenna is a litigation associate in Gibson, Dunn & Crutcher’s Los Angeles office. She practices in the firm’s Insurance, Class Actions, Labor and Employment, and Appellate and Constitutional Law Practice Groups, with a focus on complex civil litigation in the trial courts and on appeal. Madeleine has represented clients in a variety of high-stakes, complex litigation matters in state and federal courts, with a particular focus on class and representative actions involving employment and consumer protection claims. She has also litigated a wide variety of appellate matters. Prior to joining Gibson Dunn, she clerked for the Honorable Richard C. Tallman of the U.S. Court of Appeals for the Ninth Circuit.


MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hour, of which 1.0 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour.

Gibson, Dunn & Crutcher LLP is authorized by the Solicitors Regulation Authority to provide in-house CPD training. This program is approved for CPD credit in the amount of 1.0 hour. Regulated by the Solicitors Regulation Authority (Number 324652).

Neither the Connecticut Judicial Branch nor the Commission on Minimum Continuing Legal Education approve or accredit CLE providers or activities. It is the opinion of this provider that this activity qualifies for up to 1 hour toward your annual CLE requirement in Connecticut, including 0 hour(s) of ethics/professionalism.

Application for approval is pending with the Colorado, Illinois, Texas, Virginia, and Washington State Bars.

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

With this final rule, BIS seeks to tip the scales in favor of more frequent disclosures and introduces new factors to consider when assessing engagement with U.S. regulators.

In a final rule effective September 16, 2024, the Department of Commerce’s Bureau of Industry and Security (“BIS”) updated its process for handling voluntary self-disclosures from industry and expanded its discretion to impose higher monetary penalties for violations of export control laws.  Whether to submit a voluntary self-disclosure remains a fact-dependent decision and requires careful weighing of factual, legal, practical and policy considerations.

Background

Corporate violations of U.S. sanctions, export control laws, and foreign direct investment determinations are a key enforcement priority for BIS, the Department of Justice, the Department of the Treasury, and the Committee on Foreign Investment in the United States (“CFIUS”), with each taking an increasingly aggressive enforcement posture through new guidance, compliance expectations, and record-setting penalties in recent years.

On September 12, 2024, BIS announced the publication of a final rule updating its policies regarding voluntary self-disclosures (“VSD”) and the BIS Penalty Guidelines, found at Supplement No. 1 to Part 766 of the Export Administration Regulations (“EAR”).  The rule finalizes a series of policy changes by the Office of Export Enforcement (“OEE”) that were first articulated in memoranda publicly issued by BIS beginning in 2022 and that seek to strengthen BIS’s administrative enforcement program and encourage voluntary disclosures of apparent export control violations.[1]

As we summarized in our 2023 Year-End Sanctions and Export Control Update, these changes aim to:

  1. streamline self-disclosure of minor or technical violations, facilitate corrective action that might otherwise be prohibited, and prioritize enforcement actions against “significant” violations by establishing a dual-track process for VSD submission and processing;
  2. incentivize VSDs by treating failure to disclose significant apparent violations as an aggravating factor;
  3. enhance OEE’s discretion in assessing penalties when warranted;
  4. incentivize compliance-minded firms to report violations committed by other firms or competitors; and
  5. coordinate enforcement efforts through the appointment of a new Chief of Corporate Enforcement position.

The final rule, outlined in greater detail below, highlights BIS’s continued commitment to streamlining the VSD program to facilitate faster resolutions of non-egregious apparent violations and at the same time highlights BIS’s desire to focus its resources on significant infractions, including by expanding its discretion to impose higher civil monetary penalties.

1. Dual-Track VSD Processing, Streamlined Submission of Minor or Technical Violations, and Corrective Action Provisions

a. Dual-Track VSD Processing

Minor or Technical Violations Track

Section 764.5 of the EAR previously set forth a single track for handling VSDs, regardless of the severity of the violation at issue.  The final rule adds a new paragraph regarding disclosure of minor or technical violations, defined as any violation that does not include aggravating factors.

These revisions permit firms to disclose minor or technical violations through a “fast-track” process that will be resolved in 60 days, either through a no-action letter or a warning letter.  For such apparent violations, firms may submit by email an abbreviated narrative report in lieu of more burdensome narrative and documentation requirements previously set forth in Sections 764.5.  For minor or technical violations, the rule also removes the recommendation that firms conduct a five-year lookback, unless OEE suspects that aggravating factors are present.  Firms may also “bundle” multiple minor or technical apparent violations into a single submission, if such apparent violations occurred within the prior quarter.

OEE offered several examples of “minor or technical” violations, including immaterial Electronic Export Information filing errors and the incorrect use of one license exception where another license exception was available.

“Significant” Violations Track

For VSDs that concern a “significant violation,” firms should follow the prior procedures, including submission of a full narrative report.

The rule notes that parties unsure whether a disclosure involves a minor or technical violation or a significant violation are advised to follow the procedures for disclosing a significant violation.

Following disclosure of a “significant” apparent violation, OEE will conduct an investigation and may, depending on the facts and circumstances of the case, issue a warning letter or initiate an administrative enforcement proceeding.  OEE may also refer the matter to DOJ for criminal prosecution.

b. Treatment of Unlawfully Exported Items

The final rule revises the EAR with regards to the treatment of unlawfully exported items.  Consistent with a 2024 policy memorandum, the final rule clarifies that OEE authorizes any person, not just a party submitting a VSD, to request permission to engage in corrective activities otherwise prohibited by Section 764.2(e) (often referred to as a “General Prohibition 10 Waiver”).  The rule also authorizes firms to seek the return of any unlawfully exported item to the United States following notification to OEE and removes the need for firms to receive authorization from OEE for such return-related activities.  Further, items that have been returned to the United States do not require additional authorization from OEE, provided that those future activities comply with any applicable EAR requirements.  This change is likely due in part to the increase in General Prohibition 10 Waiver requests related to items exported, reexported, or transferred (in-country) to Russia and Belarus (including aircraft) following the imposition of strict export controls on these destinations.

Any re-export from abroad or transfer outside of the United States of an item that has been the subject of a self-disclosure would require a license from BIS.

2. Nondisclosure as Aggravating Factor

Assistant Secretary Axelrod previously explained in a January 2024 speech at NYU Law School, “when someone affirmatively chooses not to file a VSD, [BIS] want[s] them to know that they risk incurring concrete costs.”

Consistent with that statement and previous policy memoranda, the final rule confirms that BIS will consider a deliberate decision by a firm not to disclose a significant apparent violation to be an aggravating factor when determining what administrative penalty, if any, should be applied.

A “deliberate decision” occurs when a firm uncovers a significant apparent violation but then chooses not to file a VSD.

The rule adds a new Aggravating Factor D to the BIS Penalty Guidelines for “[f]ailure to disclose a significant violation.”

3. Penalty Guidelines and Increased Discretion

The final rule enhances OEE’s discretion in calculating potential penalties for apparent violations in several significant ways.

First, the rule removes the base penalty caps for non-egregious cases and instead links penalties to transaction value and other circumstances.

As a result, for non-egregious VSD cases, the base penalty amount is no longer capped at a maximum of $125,000, but is instead capped at one-half of the transaction value.  For a non-egregious case that is not initiated by a VSD, the base penalty amount is no longer capped at $250,000, but is instead capped at the full transaction value.  The rule describes this change as permitting OEE to “impose penalties with sufficient deterrent effect in situations where transaction values are high.”

For egregious VSD cases, the base penalty amount is capped at one-half of the statutory maximum—which is $364,992 or twice the full transaction value, whichever is greater.  For an egregious case that is not initiated by a VSD, the base penalty amount is capped at the statutory maximum.

Second, the rule permits BIS to issue non-monetary resolutions for non-egregious conduct that has not resulted in serious national security harm yet nonetheless merits stronger response than a no-action or warning letter.  The final rule indicates that such resolutions are likely to “require remediation through the imposition of a suspended denial order with certain conditions, such as training and compliance requirements.”

Third, the final rule removes from the Penalty Guidelines all specific percentage ranges for potential penalty reduction based on mitigating factors.  As the rule explains, “[t]he inclusion of specific percentage ranges for some mitigating factors and not for other factors led parties to incorrect assumptions about the range of reduction to which they were entitled.”  With the revisions, “OEE is making clear that the civil monetary penalty will be adjusted (up or down) to reflect the applicable factors for administrative action set forth in the BIS Penalty Guidelines.”

Fourth, the final rule amends Aggravating Factor C, “Harm to Regulatory Program Objectives,” to include transactions that enable human rights abuses as a specific consideration when assessing the potential impact of an apparent violation on U.S. foreign policy objectives.

Fifth, the final rule amends General Factor E (previously D), for “Individual Characteristics,” by expanding the scope of past corporate criminal resolutions that OEE may consider when calibrating an enforcement response.  Previously, this factor only mentioned prior conviction of an export-related criminal violation.  As revised, it includes not only where a respondent has been convicted or entered a guilty plea, but also where a party has entered into any other type of resolution with the Department of Justice or other authorities, including a Deferred Prosecution Agreement or a Non-Prosecution Agreement.

4. Exceptional Cooperation for Third-Party Tips

As explained by Assistant Secretary Axelrod in his January 2024 speech, BIS seeks to ensure a “level playing field” for compliance-minded firms, recognizing that rule-following firms can suffer as firms that flout regulations book business.

The revised Penalty Guidelines now clarify that disclosure of conduct by others that leads to an enforcement action counts as “exceptional cooperation.”  BIS will provide cooperation credit for such tips in “a future enforcement action, even for unrelated conduct,” if such an action is ever brought. 

The decision to provide cooperation credit for tips as to suspected third-party violations is unusual and marks a significant departure from other VSD programs with uncertain implications for industry.

5. Chief of Corporate Enforcement

Mirroring action taken by the Department of Justice’s National Security Division (“NSD”) in 2023, BIS announced the appointment of Raj Parekh as the agency’s first Chief of Corporate Enforcement.  An accompanying press release to the final rule indicates that Mr. Parekh will “serve as the primary interface between BIS’s special agents, the Department of Commerce’s Office of Chief Counsel for Industry and Security, and the Department of Justice,” with the aim of “advance[ing] significant corporate investigations.”

Mr. Parekh joins BIS from the U.S. Attorney’s Office for the Eastern District of Virginia, where he served as Acting U.S. Attorney.  He previously worked at DOJ NSD, and the press release notes that this appointment “further reflect[s] BIS’s commitment to this effort.”

Conclusion

In his January speech, Assistant Secretary Axelrod touted the early successes of recent changes to BIS’s VSD program.  Specifically, BIS received nearly 80 percent more VSDs containing potentially serious violations in FY2023 than in FY2022, even as the overall number of VSDs remained relatively constant.  BIS also experienced a 33 percent uptick in third-party disclosures from industry.

The revised rule reflects BIS’s continued focus on corporate compliance with export controls and the increased centrality of economic statecraft to U.S. national security policy.  It also demonstrates that BIS seeks to focus its investigative resources on infractions most likely to damage U.S. national security interests, and its willingness to impose steeper penalties to incentivize compliance.  In April 2023, for instance, BIS announced the largest standalone penalty in the agency’s history—a $300 million civil penalty against affiliates of a technology company that allegedly sold hard disk drives to Huawei Technologies Co. Ltd.  BIS is not alone in this prioritization, with CFIUS announcing in August 2024 that it imposed the largest penalty in its history—$60 million—for the breach of a mitigation agreement that resulted in harm to U.S. national security equities, and the Treasury’s Office of Foreign Assets Control levying two of the largest civil penalties in its history last year, including a $968 million settlement, for violations of U.S. sanctions law.

In addition, over the last two years, officials at DOJ have sounded a drumbeat of announcements indicating that criminal enforcement of U.S. export control and sanctions law is one of their highest priorities, with the Department hiring 25 new NSD prosecutors to “investigate national security-related economic crimes” and the publication of an updated NSD Enforcement Policy that “strongly encourages companies to voluntarily self-disclose directly to NSD all potentially criminal … violations of the U.S. government’s export control and sanctions regimes.”

While a decision to submit a voluntary self-disclosure will be the result of considering many factors, BIS is seeking to raise the consequences of a decision not to submit a self-disclosure where aggravating factors are present. The factors highlighted in this new rule, as well as the heightened importance of international trade controls in the United States’ response to global challenges, should remain at the forefront when considering a voluntary self-disclosure of any apparent export control violations to BIS or other regulators.

[1] See Memorandum from Bureau of Indus. & Sec., Further Strengthening Our Administrative Enforcement Program (June 30, 2022), https://www.bis.gov/sites/default/files/files/Administrative%20Enforcement%20Memo.pdf; Memorandum from Bureau of Indus. & Sec., Clarifying Our Policy Regarding Voluntary Self-Disclosures and Disclosures Concerning Others (Apr. 18, 2023), https://www.bis.gov/sites/default/files/files/VSD%20Policy%20Memo%20%2804.18.2023%29.pdf; Memorandum from Bureau of Indus. & Sec., Further Enhancements to Our Voluntary Self-Disclosure Process (Jan. 16, 2024), https://www.bis.gov/sites/default/files/files/VSD%20MEMO.pdf.


The following Gibson Dunn lawyers prepared this update: Cody Poplin, Christopher Timura, David Burns, Adam M. Smith, Stephenie Gosnell Handler, Samantha Sewall, Chris Mullen, and Audi Syarief.

Gibson Dunn lawyers are monitoring the proposed changes to U.S. export control laws closely and are available to counsel clients regarding potential or ongoing transactions and other compliance or public policy concerns.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. For additional information about how we may assist you, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or the following leaders and members of the firm’s International Trade practice group:

United States:
Ronald Kirk – Co-Chair, Dallas (+1 214.698.3295, [email protected])
Adam M. Smith – Co-Chair, Washington, D.C. (+1 202.887.3547, [email protected])
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, [email protected])
Christopher T. Timura – Washington, D.C. (+1 202.887.3690, [email protected])
David P. Burns – Washington, D.C. (+1 202.887.3786, [email protected])
Nicola T. Hanna – Los Angeles (+1 213.229.7269, [email protected])
Courtney M. Brown – Washington, D.C. (+1 202.955.8685, [email protected])
Samantha Sewall – Washington, D.C. (+1 202.887.3509, [email protected])
Michelle A. Weinbaum – Washington, D.C. (+1 202.955.8274, [email protected])
Mason Gauch – Houston (+1 346.718.6723, [email protected])
Chris R. Mullen – Washington, D.C. (+1 202.955.8250, [email protected])
Sarah L. Pongrace – New York (+1 212.351.3972, [email protected])
Anna Searcey – Washington, D.C. (+1 202.887.3655, [email protected])
Audi K. Syarief – Washington, D.C. (+1 202.955.8266, [email protected])
Scott R. Toussaint – Washington, D.C. (+1 202.887.3588, [email protected])
Claire Yi – New York (+1 212.351.2603, [email protected])
Shuo (Josh) Zhang – Washington, D.C. (+1 202.955.8270, [email protected])

Asia:
Kelly Austin – Hong Kong/Denver (+1 303.298.5980, [email protected])
David A. Wolber – Hong Kong (+852 2214 3764, [email protected])
Fang Xue – Beijing (+86 10 6502 8687, [email protected])
Qi Yue – Beijing (+86 10 6502 8534, [email protected])
Dharak Bhavsar – Hong Kong (+852 2214 3755, [email protected])
Felicia Chen – Hong Kong (+852 2214 3728, [email protected])
Arnold Pun – Hong Kong (+852 2214 3838, [email protected])

Europe:
Attila Borsos – Brussels (+32 2 554 72 10, [email protected])
Patrick Doris – London (+44 207 071 4276, [email protected])
Michelle M. Kirschner – London (+44 20 7071 4212, [email protected])
Penny Madden KC – London (+44 20 7071 4226, [email protected])
Irene Polieri – London (+44 20 7071 4199, [email protected])
Benno Schwarz – Munich (+49 89 189 33 110, [email protected])
Nikita Malevanny – Munich (+49 89 189 33 224, [email protected])
Melina Kronester – Munich (+49 89 189 33 225, [email protected])
Vanessa Ludwig – Frankfurt (+49 69 247 411 531, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.