Federal Court Suspends Enforcement of Corporate Transparency Act Nationwide

by Matthew Bisanz, Brad A. Resnikoff, and Kelly F. Truesdale

Photos of the authors

Matthew Bisanz, Brad A. Resnikoff, and Kelly F. Truesdale (Photos courtesy of Mayer Brown)

On December 3, 2024, the US District Court for the Eastern District of Texas entered a preliminary injunction suspending enforcement of the Corporate Transparency Act (CTA) and its implementing regulations nationwide, concluding that the CTA is likely unconstitutional as it is outside Congress’s power.[1] Although not the first court to reach such a conclusion, the breadth of the relief provided by the court—applying nationwide, rather than to the specific plaintiffs—reflects a significant development, given the rapidly approaching compliance deadlines for many existing companies under the CTA.

The Texas court’s decision has immediate implications for the 32 million reporting companies facing a year-end deadline to report beneficial ownership information to the government, particularly as reporting in early December indicated that only about 30% of the estimated total filings had been received.[2] While the Texas court’s decision effectively suspends the compliance deadline—as the Financial Crimes Enforcement Network (FinCEN) has confirmed—during the pendency of the injunction, the Government has already appealed the decision to the Fifth Circuit and is currently seeking to stay the effect of the preliminary injunction.

Continue reading

“Operation Chokepoint 2.0”: De-Banking Policies and the Adverse Use of Reputational Risk in Bank Supervision

by Stephen T. Gannon, Max Bonici, Elizabeth Lan Davis, and Kristal Rovira

Photos of the authors

Left to Right: Stephen T. Gannon, Max Bonici, Elizabeth Lan Davis, and Kristal Rovira (photos courtesy of Davis Wright Tremaine LLP)

How subjective supervisory standards suppressed innovation and damaged innovators.

“The power to regulate—in addition to the power to tax—is the power to destroy.”

Peter Wallison, Judicial Fortitude (2018)

As we have previously noted, we expect that the second Trump Administration will be significantly more favorable to crypto than the Biden Administration, especially with the recent appointment of David Sacks as the Administration’s “Crypto Czar.” We anticipate that in short order the new Administration will address “de-banking,” a regulatory practice that has vexed the digital asset industry—and banking in general—over the last several years. In this context, “de-banking” means canceling banking services to crypto entities and individuals associated with them or crypto activities. It is a practice that has been sharply criticized and has become even less comprehensible as the digital asset industry has matured and embraced (indeed, has sought) reasonable regulation. In the last several days the attention paid to this issue has increased sharply as a result of comments by Marc Andreessen on the Joe Rogan podcast.

Regrettably, the de-banking problem is not new. De-banking crypto is simply the latest variation of regulators using vague and amorphous standards to supervise bank conduct through the subjective lens of what the federal banking agencies call “reputational risk.”

Below we discuss how we got here and some ways forward.

Continue reading

CPPA Proposed Rulemaking Package Part 1 – Cybersecurity Audits

by Avi Gesser, Matt Kelly, Johanna N. Skrzypczyk, H. Jacqueline Brehmer, Ned Terrace, Mengyi Xu, and Amer Mneimneh

Photos of the authors

Top: Avi Gesser, Matt Kelly, and Johanna N. Skrzypczyk,. Bottom: H. Jacqueline Brehmer, Ned Terrace, and Mengyi Xu. (Photos courtesy of Debevoise & Plimpton LLP)

Key Takeaways

  • On November 22, 2024, the California Privacy Protection Agency (CPPA) launched a formal public comment period on its draft regulations addressing annual cybersecurity audits and other privacy obligations under the California Consumer Privacy Act (CCPA).
  • These proposed rules aim to establish robust standards for thorough and independent cybersecurity audits, delineating both procedural and substantive requirements for businesses processing personal information.
  • In this update, we provide an overview of the new cybersecurity audit provisions, including key thresholds for applicability, detailed audit expectations, and the evolving regulatory landscape shaping cybersecurity compliance.

Continue reading

TD Bank Pleads Guilty to Bank Secrecy Act and Money Laundering Conspiracy Violations and Agrees to Pay More Than $3.09 Billion in Criminal and Civil Penalties for “Systemic Breakdown” in Compliance Policies, Procedures, and Processes

by Jonathan J. Rusch

photo of author

Photo courtesy of the author

In any corporate compliance program, chief compliance officers must be mindful that their programs are not guaranteed to maintain consistent levels of funding from year to year.  Factors such as expanding or contracting business operations, declining business conditions, or external events such as recessions or COVID may require various year-to-year adjustments in a compliance program’s staffing levels and internal controls operations.[1]

Even so, it is essential that senior management in any company or financial institution recognize and accept the fact that at all times, the compliance programs in their enterprise must be adequately resourced and empowered to function effectively.[2] What a company’s senior leadership may not do, under any circumstances, is to make decisions that, over time, systematically starve critical compliance programs of resources essential to the effectiveness of those programs.

Continue reading

Major Takeaways from the CFTC Whistleblower Program’s 2024 Annual Report

by Andrew Feller and Geoff Schweller

photos of the authors

Andrew Feller and Geoff Schweller (photos courtesy of Kohn, Kohn & Colapinto, LLP)

On November 15, the U.S. Commodity Futures Trading Commission (CFTC) released its annual report on its Whistleblower Program and Customer Education Initiatives for the 2024 fiscal year. Since it was established in 2010, the CFTC Whistleblower Program, which offers anonymous reporting channels and monetary awards to commodities whistleblowers, has grown into a critical piece of the CFTC’s enforcement arsenal.

The report details what was a record year for the CFTC Whistleblower Program, with the highest-ever number of both whistleblower tips and award applications received and the most award orders issued in a single fiscal year. Ironically, however, due to its growth and success, the program faces a funding crisis threatening to undermine the program.

Continue reading

Cryptoasset Developments: Prospects for Legal Clarity

by Kevin S. Schwartz, David M. Adlerstein, Samantha M. Altschuler, and Sabina M. Beleuz Neagu

Photos of the authors

Left to Right: Kevin S. Schwartz, David M. Adlerstein, Samantha M. Altschuler, and Sabina M. Beleuz Neagu (photos courtesy of Wachtell, Lipton, Rosen & Katz)

A resilient cryptoasset industry is emerging from weathering years of headwinds — from edicts prohibiting the banking of the industry, to an SEC leadership bent on aggressive regulation-by-enforcement in lieu of transparent rulemaking. Looking ahead, tailwinds abound: Bitcoin and Ether exchange-traded products, approved just this year, already have over $150 billion in assets under management. Leading financial institutions have announced plans to tokenize substantial new funds on public blockchains. And tens of millions of Americans own cryptoassets, as use cases continue to proliferate — from payments for goods and services, both on- and off-blockchain; to decentralized financial (DeFi) platforms; to the authentication of content provenance (an essential need amidst AI’s rapid development). With a new Administration and Congress in the offing, there are at last prospects for regulatory clarity in an arena long clouded by uncertainty.

Continue reading

SEED Findings on the SEC Enforcement Actions against Public Companies and their Subsidiaries in Fiscal Year 2024

by Anat Carmy-Wiechman and Giovanni Patti 

Photos of the authors

Left to right: Anat Carmy-Wiechman and Giovanni Patti (Photos courtesy of authors)

In a new report, the NYU Pollack Center for Law & Business, in collaboration with Cornerstone Research, investigated recent trends in enforcement via the Securities Enforcement Empirical Database (SEED). Below, we highlight some of the key findings.

Continue reading

An Update on SEC Cybersecurity Reporting

by Scott Kimpel

Photo of the author

Photo courtesy of Hunton Andrews Kurth LLP

As we approach the one-year anniversary of the effective date of the U.S. Securities and Exchange Commission (“SEC”) reporting rules on Form 8-K for material cybersecurity incidents, we provide a high-level overview of the last year’s developments.

Background on SEC Reporting Rules

Under the SEC’s rules, Item 1.05 of Form 8-K generally requires public companies in the United States to disclose material cybersecurity incidents within four business days of determining that the incident is material. The disclosure must contain the nature, scope and timing of the incident and the impact or reasonably likely impact of the incident on the company, its financial condition and its results of operations. For these purposes, SEC rules define “cybersecurity incident” to include “an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.”

Continue reading

AI Judgment Rule(s)

by Katja Langenbucher

Photo of Professor Katja Langenbucher

Photo courtesy of author

In an upcoming paper, I explore whether the use of AI to enhance decision-making brings about radical change for legal doctrine or, by contrast, is just another new tool. The essay submits that we must rethink the law’s implicit assumption that (and how) humans make the decisions that corporate law regulates. If there is movement in implicit assumptions about how people make decisions, legal rules need review.

Decision-making is the cornerstone of corporate life and of keen interest to a variety of scholarly disciplines. They range from rational-actor theories over behavioral approaches to neuro-economics and psychology. The law has its own theories on decision-making. Many are normative and specify decision procedures and outcomes. In addition, the law rests on implicit theories of decision-making: A legal rule will look different if, for instance, it assumes either that decision-making follows optimal choice patterns or that heuristics and biases guide human decisions.

Continue reading

Digital Services Act Decoded #1: DSA Enforcement – Key Points

by Laura Knoke, Lutz Riede, Tobias Timmann, Janet Kim, Tristan Lockwood, Luca Mischensky, and Juliana Heer

Top Left to Right: Laura Knoke, Lutz Riede, Tobias Timmann, and Janet H. Kim. Bottom Left to Right: Tristan Lockwood, Luca Mischensky, and Juliana Heer (photos courtesy of Freshfields Bruckhaus Deringer LLP)

The Digital Services Act (DSA) empowers both the European Commission (Commission) and Member State Digital Services Coordinators (DSCs) to take tough enforcement action against non-compliance. Since DSA obligations became fully applicable for most very large online platforms (VLOPs) and very large online search engines (VLOSEs) in August 2023, compliance has been at the top of the Commission’s regulatory agenda. With enforcement action continuing to ramp up over the past year, and obligations for all other intermediary services coming into force in February 2024, it is vital for service providers subject to the DSA to be familiar with the DSA’s different enforcement mechanisms and areas of focus. The enforcement landscape is one that is further complicated by the ability of private parties, such as service users and consumer protection organisations, to bring private actions to facilitate DSA compliance.

Continue reading