Major Takeaways from the CFTC Whistleblower Program’s 2024 Annual Report

by Andrew Feller and Geoff Schweller

photos of the authors

Andrew Feller and Geoff Schweller (photos courtesy of Kohn, Kohn & Colapinto, LLP)

On November 15, the U.S. Commodity Futures Trading Commission (CFTC) released its annual report on its Whistleblower Program and Customer Education Initiatives for the 2024 fiscal year. Since it was established in 2010, the CFTC Whistleblower Program, which offers anonymous reporting channels and monetary awards to commodities whistleblowers, has grown into a critical piece of the CFTC’s enforcement arsenal.

The report details what was a record year for the CFTC Whistleblower Program, with the highest-ever number of both whistleblower tips and award applications received and the most award orders issued in a single fiscal year. Ironically, however, due to its growth and success, the program faces a funding crisis threatening to undermine the program.

Continue reading

Cryptoasset Developments: Prospects for Legal Clarity

by Kevin S. Schwartz, David M. Adlerstein, Samantha M. Altschuler, and Sabina M. Beleuz Neagu

Photos of the authors

Left to Right: Kevin S. Schwartz, David M. Adlerstein, Samantha M. Altschuler, and Sabina M. Beleuz Neagu (photos courtesy of Wachtell, Lipton, Rosen & Katz)

A resilient cryptoasset industry is emerging from weathering years of headwinds — from edicts prohibiting the banking of the industry, to an SEC leadership bent on aggressive regulation-by-enforcement in lieu of transparent rulemaking. Looking ahead, tailwinds abound: Bitcoin and Ether exchange-traded products, approved just this year, already have over $150 billion in assets under management. Leading financial institutions have announced plans to tokenize substantial new funds on public blockchains. And tens of millions of Americans own cryptoassets, as use cases continue to proliferate — from payments for goods and services, both on- and off-blockchain; to decentralized financial (DeFi) platforms; to the authentication of content provenance (an essential need amidst AI’s rapid development). With a new Administration and Congress in the offing, there are at last prospects for regulatory clarity in an arena long clouded by uncertainty.

Continue reading

SEED Findings on the SEC Enforcement Actions against Public Companies and their Subsidiaries in Fiscal Year 2024

by Anat Carmy-Wiechman and Giovanni Patti 

Photos of the authors

Left to right: Anat Carmy-Wiechman and Giovanni Patti (Photos courtesy of authors)

In a new report, the NYU Pollack Center for Law & Business, in collaboration with Cornerstone Research, investigated recent trends in enforcement via the Securities Enforcement Empirical Database (SEED). Below, we highlight some of the key findings.

Continue reading

An Update on SEC Cybersecurity Reporting

by Scott Kimpel

Photo of the author

Photo courtesy of Hunton Andrews Kurth LLP

As we approach the one-year anniversary of the effective date of the U.S. Securities and Exchange Commission (“SEC”) reporting rules on Form 8-K for material cybersecurity incidents, we provide a high-level overview of the last year’s developments.

Background on SEC Reporting Rules

Under the SEC’s rules, Item 1.05 of Form 8-K generally requires public companies in the United States to disclose material cybersecurity incidents within four business days of determining that the incident is material. The disclosure must contain the nature, scope and timing of the incident and the impact or reasonably likely impact of the incident on the company, its financial condition and its results of operations. For these purposes, SEC rules define “cybersecurity incident” to include “an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.”

Continue reading

AI Judgment Rule(s)

by Katja Langenbucher

Photo of Professor Katja Langenbucher

Photo courtesy of author

In an upcoming paper, I explore whether the use of AI to enhance decision-making brings about radical change for legal doctrine or, by contrast, is just another new tool. The essay submits that we must rethink the law’s implicit assumption that (and how) humans make the decisions that corporate law regulates. If there is movement in implicit assumptions about how people make decisions, legal rules need review.

Decision-making is the cornerstone of corporate life and of keen interest to a variety of scholarly disciplines. They range from rational-actor theories over behavioral approaches to neuro-economics and psychology. The law has its own theories on decision-making. Many are normative and specify decision procedures and outcomes. In addition, the law rests on implicit theories of decision-making: A legal rule will look different if, for instance, it assumes either that decision-making follows optimal choice patterns or that heuristics and biases guide human decisions.

Continue reading

Digital Services Act Decoded #1: DSA Enforcement – Key Points

by Laura Knoke, Lutz Riede, Tobias Timmann, Janet Kim, Tristan Lockwood, Luca Mischensky, and Juliana Heer

Top Left to Right: Laura Knoke, Lutz Riede, Tobias Timmann, and Janet H. Kim. Bottom Left to Right: Tristan Lockwood, Luca Mischensky, and Juliana Heer (photos courtesy of Freshfields Bruckhaus Deringer LLP)

The Digital Services Act (DSA) empowers both the European Commission (Commission) and Member State Digital Services Coordinators (DSCs) to take tough enforcement action against non-compliance. Since DSA obligations became fully applicable for most very large online platforms (VLOPs) and very large online search engines (VLOSEs) in August 2023, compliance has been at the top of the Commission’s regulatory agenda. With enforcement action continuing to ramp up over the past year, and obligations for all other intermediary services coming into force in February 2024, it is vital for service providers subject to the DSA to be familiar with the DSA’s different enforcement mechanisms and areas of focus. The enforcement landscape is one that is further complicated by the ability of private parties, such as service users and consumer protection organisations, to bring private actions to facilitate DSA compliance.

Continue reading

U.S. Authorities Charge Adani Defendants with Integrity Washing

by Kevin E. Davis

Photo of the author

Photo courtesy of NYU

Gautam Adani is the founder of one of India’s largest conglomerates and ranks among the country’s prominent business people. He and his nephew Sagar Adani are learning the hard way that, in the U.S. legal system, the coverup can be treated just about as severely as the crime.

The Department of Justice and the Securities and Exchange Commission have accused the Adani defendants of collaborating with executives of a U.S.-listed Mauritian company called Azure Power Global Ltd. in a massive bribery scheme. The conspirators allegedly paid over USD 250 million in bribes to officials in the governments of several Indian states. The bribes were to induce the officials to purchase power that would be supplied by Adani Green Energy Ltd., an Indian company controlled by the Adani defendants, as well Azure. 

Continue reading

Protecting Consumers’ Location Data: Key Takeaways from Four Recent Cases

by Bhavna Changrani

Photo courtesy of the author

Photo courtesy of the author

Since the start of this year, the FTC has announced four groundbreaking cases addressing issues with how businesses collect and, in some cases misuse, people’s location data. If your business collects, buys, sells, or uses location data, take a minute to read about the FTC’s most recent enforcement actions against data brokers and aggregators — MobilewallaGravy/Venntel, InMarket, and X-Mode/Outlogic — and consider these takeaways:

Continue reading

CFPB Issues Final “Open Banking” Rule Requiring Covered Entities to Provide Consumers Access and Transferability of Financial Data

by Jarryd Anderson, Jessica S. Carey, John P. Carlin, Roberto J. Gonzalez, Brad S. Karp, and Kannon Shanmugam

Photos of authors

Top Left to Right: Jarryd Anderson, Jessica Carey, and John Carlin. Bottom Left to Right: Roberto Gonzalez, Brad Karp, and Kannon Shanmugam. (photos courtesy of Paul Weiss)

On October 22, 2024, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) published a 594-page Notice of Final Rulemaking for its “Personal Financial Data Rights” rule, commonly known as the “Open Banking” rule, which will require covered entities—generally, providers of checking and prepaid accounts, credit cards, digital wallets, and other payment facilitators—to provide consumers and consumer-authorized third parties with access to consumers’ financial data free of charge.[1] Covered entities are required to comply with uniform standards to provide access to this financial data through consumer and developer interfaces.[2] The rule imposes requirements on authorized third parties (such as fintechs), as well as data aggregators that facilitate access to consumers’ data, including required disclosures to consumers regarding the third parties’ use and retention of the requested data and a requirement that the data only be used in a manner reasonably necessary to provide the requested product or service (thus foreclosing selling the data or using it for targeted advertising or cross selling purposes).[3]

Continue reading

The CFIUS Colossus: CFIUS’s Expanding Authority Changes the Risk Calculus for M&A Transactions

by Stephenie Gosnell Handler, Michelle Weinbaum, Mason Gauch, and Chris Mullen

Photos of the authors

Left to right: Stephenie Gosnell Handler, Mason Gauch, and Chris Mullen. (Photos courtesy of Gibson Dunn & Crutcher LLP)

A new final rule from the U.S. Department of the Treasury will expand CFIUS’s authority to request information from parties related to a transaction, increases potential penalty amounts, and expedites mitigation agreement negotiations in certain situations. With the exception of modifying the time frame within which parties are required to respond to mitigation agreement proposals, CFIUS largely adopted the language of its April 2024 proposed rule.

On November 18, 2024, the U.S. Department of the Treasury (“Treasury”), as Chair of the Committee on Foreign Investment in the United States (“CFIUS” or “the Committee”) issued a final rule largely codifying a rule proposed in April 2024, with only a handful of small, yet meaningful, changes. As noted in the accompanying press release, the final rule: Continue reading