Understanding the Utah AI Act and Newly Effective Amendments: What Your Business Needs to Know
Introduction
On May 7, 2025, the Utah Artificial Intelligence Policy Act (UAIP) amendments will go into effect. These amendments provide significant updates to Utah’s 2024 artificial intelligence (AI) laws. In particular, the amendments focus on regulation of AI in the realm of consumer protection (S.B. 226 and S.B. 332), mental health applications (H.B. 452), and unauthorized impersonations (aka “deep fakes”) (S.B. 271).
Background (SB 149)
In March 2024, Utah became one of the first states to enact comprehensive artificial intelligence legislation with the passage of the Utah Artificial Intelligence Policy Act (UAIP, S.B. 149) specifically addressing AI. Commonly referred to as the “Utah AI Act,” these provisions create important obligations for businesses that use AI systems to interact with Utah consumers. The UAIP Act went into effect as of May 1, 2024.
If your business provides or uses AI-powered software or services that Utah residents access, you need to understand these requirements — even if your company isn’t based in Utah. This post will help break down these key amendments and what they mean for your business operations.
GenAI Defined
The Utah Act defines generative AI (GenAI) as a system that is (a) trained on data, (b) interacts with a person in Utah, and (c) generates outputs similar to outputs created by a human. (SB 149, 13-2-12(1)(a)).
Transparency and Disclosure Requirements
If a company provides services in a regulated occupation (that is, those occupations that require a person to obtain a state certification or license to practice that occupation), the company shall disclose when the person is interacting with GenAI in the delivery of regulated services if the interaction is defined as “high risk” by the statute. The disclosure regarding regulated services shall be provided at the beginning of the interaction and disclosed orally if during a verbal interaction or in writing if via a written interaction. If the GenAI supplier wants the benefit of the Safe Harbor, then use of the AI system shall be disclosed at the beginning of any interaction and throughout the exchange of information. (S.B. 226).
If a company uses GenAI to interact with a person in Utah in “non-regulated” occupations, the company must disclose that the person is interacting with a GenAI system and not a human when asked by the Utah consumer.
S.B. 226 further added mandatory requirements for high-risk interactions related to health, financial, and biometric data, or providing personalized advice in areas like finance, law, or healthcare. Additionally, S.B. 226 granted authority to the Division of Consumer Protection to make rules to specify the form and methods of the required disclosures.
Enforcement and Penalties
The Utah Division of Consumer Protection may impose an administrative fine of up to $2,500 for each violation of the UAIP. The courts or the Utah attorney general may also impose a civil penalty of no more than $5,000 for each violation of a court order or administrative order. As made clear by S.B. 226, violations of the Act are subject to injunctive relief, disgorgement of profits, and subject to paying the Division’s attorney fees and costs.
Key Takeaways
The 2024 Act requires that companies clearly and conspicuously disclose when a person is interacting with GenAI if asked or requested by the person interacting with the AI system. The restrictions are even tighter when using GenAI in a regulated occupation that involve sensitive personal information or significant personal decision in the high-risk categories as amended in 2025 under S.B. 226. In those instances, the company shall disclose the use of GenAI. If the supplier wants the benefit of the 2025 Safe Harbor under S.B. 226, the AI system shall disclose its use at the beginning of an interaction and throughout the interaction.
Conclusion
Utah, along with several other states, took the lead to enact AI-related laws. It is likely that states will continue to regulate AI technology ahead of the federal government.
Stay tuned for subsequent blog posts that will provide updates on mental health applications (H.B. 452) and unauthorized impersonations (aka “deep fakes”) (S.B. 271).
CFPB Orders Defunct Debt-Relief Company to Pay $43 Million for Alleged Student Loan Abuses
On May 1, the U.S. District Court for the Northern District of Illinois ordered the former owner of a now-defunct debt-relief company to pay over $43 million in restitution and penalties. The order resolves a lawsuit filed by the CFPB in 2020 alleging violations of the Consumer Financial Protection Act (CFPA) and the Telemarketing Sales Rule (TSR).
The CFPB alleged that the company engaged in deceptive conduct and unlawful billing practices in violation of both statutes. Specifically, the Bureau alleged that the company:
Charged illegal advance fees. The company collected fees from consumers before performing any debt-relief services, in violation of the TSR.
Deceived student loan borrowers. The company misrepresented its ability to secure loan forgiveness or reduced payments and to improve credit scores, constituting deceptive practices under the CFPA.
Failed to provide required disclosures. The company did not clearly inform consumers of material terms, including the true cost, scope, and limitations of its services.
The company was dissolved before the lawsuit was filed and never appeared in the case and a default judgment was entered against it in 2022. On January 10, 2025, the court granted summary judgment against the company’s former owner, finding him personally liable for the company’s conduct. The May 1 order directs him to pay approximately $2.1 million in restitution based on net revenues, and a $41.1 million civil penalty.
Putting It Into Practice: Despite the continued uncertainty surrounding the CFPB’s future role in consumer protection, UDAAP enforcement remains a priority for both federal and state agencies, particularly in matters affecting financially vulnerable consumers (previously discussed here and here). Financial institutions can expect UDAAP enforcement to continue regardless of the result of the ongoing litigation regarding the future of the CFPB (previously discussed here).
Listen to this post
OCC’s Hood Emphasized AI Oversight and Inclusion in Financial Services
On April 29, Acting Comptroller of the Currency Rodney Hood delivered pre-recorded remarks at the National Fair Housing Alliance’s Responsible AI Symposium. In his speech, Hood reiterated the OCC’s commitment to deploying AI responsibly within the banking sector and highlighted the agency’s broader initiatives to promote financial inclusion.
Hood outlined several key OCC initiatives focused on the responsible use of AI in banking, including:
Establishing a risk-based oversight framework. The OCC has issued guidance promoting transparency, accountability, and fairness in AI use in the financial services sector. Hood noted that AI should be governed by the same risk-based, technology-neutral principles that apply to other banking activities.
Encouraging traditional risk management practices for AI. Banks should apply established model risk management principles to AI tools due to the complex nature of AI, including its use of large data sets and intricate algorithms.
Leveraging AI for expanded access to credit. The OCC supports the use of alternative data, such as rent and cash flow information, to improve credit modeling and increase financial inclusion.
Supporting innovation through internal infrastructure. The OCC’s Office of Financial Technology continues to monitor developments in financial technology, including AI adoption and bank-fintech partnerships, and supports supervisory and policy development efforts in those areas.
Hood also discussed the role of Project REACh (Roundtable for Economic Access and Change), an OCC-led initiative that brings together banking, community, and technology stakeholders to expand affordable credit access. Project REAch has supported pilot programs that helped establish over 100,000 accounts for consumers previously unable to access credit. New workstreams under Project REACh aim to tackle homeownership barriers and explore tech-driven inclusion strategies.
Putting It Into Practice: The OCC’s ongoing efforts to promote responsible AI use underscore the federal government’s broader commitment to ensuring AI is integrated safely and equitably into the financial services sector (previously discussed here). With the vision that AI will play a growing role in financial services, market participants should expect continued developments in the regulation of both AI applications and the use of alternative data in credit decisioning on both federal and state levels (previously discussed here, here, and here).
Listen to this post
DEA Proposed Rule for Special Registrations for Telemedicine and Limited State Telemedicine Registrations
On January 17, 2025, the Drug Enforcement Administration (DEA) released the proposed rule, “Special Registrations for Telemedicine and Limited State Telemedicine Registrations.” The proposed rule marks a significant first step in the DEA’s functional establishment of the Special Registration set forth in the Ryan Haight Online Pharmacy Consumer Protection Act of 2008 (RHA). The DEA’s goal in proposing the Special Registration’s framework is to “ensure patient access to care, while maintaining sufficient safeguards to prevent and detect diversion of controlled substances.”
The Special Registration History
The RHA requires that all prescription drugs that are dispensed by means of the internet be issued via a valid prescription, which generally requires an in-person medical evaluation, and that the prescription be issued for a legitimate medical purpose in the usual course of professional practice. The RHA provides distinct circumstances in which the practice of telemedicine is permitted, and in turn, the in-person evaluation is not required in order to properly prescribe a controlled substance. The Special Registration is one of these circumstances, and while the Special Registration exception to the in-person requirement was included in the RHA in 2008, it was not developed beyond the text of the RHA until this year, with the promulgation of the proposed rule. The Special Registration was a common topic of presentation in the DEA Listening Sessions in April 2024, and its development has been called for by a variety of stakeholders in the telemedicine industry.
The Special Registration Framework
The proposed rule is organized by category of Special Registration and conditions for the registration’s maintenance. Specifically, the proposed rule conceptualizes a unique type of practitioner – a “covered online telemedicine platform.” A covered online telemedicine platform means an entity that facilitates connections between patients and clinician practitioners, via an audio-video telecommunications system, for the diagnosis and treatment of patients that may result in the prescription of controlled substances and meets one of four enumerated criteria.
If met, the four criteria reflect that the platform is “integral intermediary in the remote dispensing of controlled substances.” The criteria address platform advertising, associated pharmacy ownership, prescribing guidelines, and handling of medical records. In this way, the proposed rule sets detailed standards, highlights issues that were actively discussed during the DEA Listening Sessions, and defines factors the DEA identifies as indicative of potential diversion or unsafe prescribing. Notably, hospitals, clinics, local in-person medical practices, and insurance providers are excepted from the definition.
Categories of Special Registration
The proposed rule delineates between “clinician practitioners” and “platform practitioners” and sets forth four categories of registration for which a practitioner may apply. Clinician practitioner refers to properly registered physicians and mid-level practitioners. Platform practitioner means a covered online telemedicine platform that dispenses controlled substances by virtue of its central involvement as an intermediary in the remote prescribing of controlled substances by an individual practitioner. Platform practitioners are subject to the requirements imposed upon non-pharmacist practitioners under the Controlled Substances Act, 21 U.S.C. 801-904, and its regulations. The four categories of registration are:
The Telemedicine Prescribing Registration would authorize the prescribing of Schedule III through V controlled substances by clinician practitioners.
The Advanced Telemedicine Prescribing Registration would authorize certain specialized clinician practitioners (i.e., certain categories of “specialized” clinicians defined by the rule) to prescribe Schedule II controlled substances in addition to Schedule III through V controlled substances.
The Telemedicine Platform Registration would authorize covered online telemedicine platforms to dispense Schedule II through V through a clinician practitioner possessing either category of clinician Special Registration above.
The State Telemedicine Registrations, which would be required to prescribe across states, would allow practitioners issued any of the three categories of registration above to obtain a state registration for every state in which patients to whom special registration prescriptions will be issued are located, with certain exceptions.
The proposed rule sets forth eligibility and requirements for each category of Special Registration, although notably application for a certain registration does not guarantee that it will be granted, as each requirement for Special Registration is lined with agency discretion. Ultimately, the DEA Administrator will issue a Special Registration to an applicant when the applicant meets all eligibility requirements set forth in the proposed rule, which includes a practitioner presenting “legitimate need” for the Special Registration, and the Administrator determines that the Special Registration is consistent with the public interest factors stipulated in 21 U.S.C. 823(g)(1) (i.e., the public interest factors considered for conventional practitioner DEA registrations).
Altogether, engaging in the practice of telemedicine under the proposed rule, the practitioner must possess a conventional DEA registration under 21 U.S.C. 823(g), one of the three types of Special Registration for practitioners, and a State Telemedicine Registration for each state in which a patient prescribed a controlled substance is located.
Other Requirements of the Proposed Rule
The proposed rule also requires certain operational standards for special registrants, including:
Disclosure of a Special Registered Location. Special Registration applicants must designate a location as the physical address of the Special Registration.
Certain Disclosures. Platform practitioners, in their application for Telemedicine Platform Registration, must disclose all employment, contractual relationships, or professional affiliations with any clinician special registrant and online pharmacy.
Certain Attestations. Special Registration applicants must attest that they have a legitimate need for a Special Registration for Telemedicine and to the facts and circumstances that form the basis for their “legitimate need” for the Special Registration.
Changes to Special Registration information must be updated within 14 business days of the change.
Patient Verification. The proposed rule provides patient identity verification standards, including patient verification requirements for the first telemedicine encounter and a practitioner’s storage of patient identification information.
Special Registration Prescription Data Reporting. Special registrants must report to DEA on an annual basis the total number of new patients in each state where at least one special registration prescription has been issued and the total number of special registration prescriptions issued by a registrant across states, among other information.
Telecommunications Standards. The proposed rule requires all prescriptions issued via a Special Registration to be through the use of an audio-video telecommunications system, with only limited circumstances allowing for the issuance of a special registration prescription with audio-only technology.
State Law. The proposed rule explicitly requires compliance with state laws and regulations where the patient is located during the telemedicine encounter, the state where the special registrant is located during the telemedicine encounter, and any state in which the special registrant holds a DEA registration.
PDMP Check. Prior to issuing a special registration prescription, a special registrant must perform a check of the state PDMPs in the state the patient is located, the registrant is located and any state with reciprocity agreements with these states.
Prescription Requirements. Special registration prescriptions must contain certain information specific to the Special Registration number, with liability imposed on a pharmacist for filling a special registration prescription that may be missing information.
Moving Forward
The proposed rule acknowledges the expansive nature of telemedicine post-PHE, addresses key players in the telemedicine industry – from popular telemedicine platforms to local practitioners and pharmacists – and attempts to wrangle these diverse interests into a workable Special Registration. Further, it proposes comprehensive application and reporting requirements to facilitate the tracking of special registration prescription information and telemedicine activities by the DEA, which had traditionally been confined to the state level.
Certain aspects of the proposed Special Registration appear clear, such as the form that will be required for the Special Registration and the patient verification requirements. Other elements, such as the practical threshold for “legitimate need” and the DEA’s discretion to grant or deny the Special Registration itself, render logistical aspects of the Special Registration framework unpredictable. Clinician practitioners, platform practitioners, and other telemedicine participants should continue to monitor the development of the proposed rule as, if finalized, a Special Registration will become a key component required for continued telemedicine operations involving the prescription of controlled substances. The written comment period for the proposed rule ended March 18, 2025, and comments are currently under consideration.
Listen to this article
FUELED BY LITIGATION: ExxonMobil Skids Into TCPA Quiet Hours Lawsuit
Greetings TCPAWorld!
I’m back with the latest. Yesterday, ExxonMobil Corporation was named in a new TCPA class action in the Northern District of California. See Yates v. Exxon Mobil Corp., No. 3:25-cv-03984 (N.D. Cal. May 7, 2025). The allegations are already fueling controversy (pun intended). And if you’ve been tracking the ongoing Quiet Hours saga, this one’s straight textbook.
Filed May 7, 2025, the Complaint alleges that Exxon sent Plaintiff five marketing text messages between 6:06 a.m. and 7:46 a.m. local time—well before the 8 a.m. safe harbor set by 47 C.F.R. § 64.1200(c)(1). The messages advertised Exxon’s rewards program with lines like: “Exxon Mobil Rewards+: Earn 3pts/gal each time you fill up” and “Complete your profile and earn $1 in bonus points.”
Sound familiar? It should. This playbook mirrors the MASSIVE surge of Quiet Hours litigation that R.E.A.C.H. (Responsible Enterprises Against Consumer Harassment) has been aggressively fighting in its recent FCC comments.
R.E.A.C.H.’s position is simple: messages sent with “prior express invitation or permission” don’t count as “telephone solicitations,” and therefore fall outside the timing restrictions altogether. If the consumer opts in, the timing shouldn’t matter.
But let’s pump the brakes and think practically. A recipient receiving these messages could be on vacation, visiting family, or just traveling out of their home time zone. In this context, timing isn’t always something a sender can cleanly control—but the litigation risk? That’s very real.
Here, the Complaint is the classic example we are seeing repeatedly. It’s filled with screenshots, timestamps, and a class definition likely to try and sweep in thousands of Exxon Rewards+ members nationwide. And of course, the stakes here are massive.
R.E.A.C.H. recently submitted data to the FCC analyzing 184 Quiet Hours cases filed by a single South Florida law firm through March 31, 2025. The Exxon Complaint fits the mold. Like 77% of those cases, it avoids listing a complete phone number, stating that “Plaintiff’s telephone number has an area code that specifically coincides with locations in California.” Also notable: the Complaint was filed more than a year after the first alleged message, which falls squarely within the filing delays R.E.A.C.H. flagged in over 20% of these cases. So, we see not only familiar fact patterns but also familiar procedural timing that keeps these cases running.
As always,
Keep it legal, keep it smart, and stay ahead of the game.
Talk soon!
Top Five Labor Law Developments for April 2025
U.S. Supreme Court Chief Justice John Roberts temporarily halted a U.S. Court of Appeals for the D.C. Circuit Court order reinstating National Labor Relations Board Member Gwynne Wilcox. Trump, et al. v. Wilcox, et al., No. 24A966 (Apr. 9, 2025). Following President Donald Trump’s unprecedented termination of Board Member Wilcox, the D.C. Circuit issued an en banc order reinstating her to the Board, citing the Court’s 1935 decision in Humphrey’s Executor that upheld the constitutionality of for-cause removal protections for federal agency leaders. The Trump Administration filed an emergency application to the Court for a stay of the D.C. Circuit’s order, arguing subsequent case law narrowed Humphrey’s Executor to apply only to multi-member agencies that do not wield substantial executive power, making the case inapplicable to the Board. Although Chief Justice Roberts’ order temporarily pauses Wilcox’s reinstatement, Wilcox has filed a response to the stay application urging the Court to deny the stay until the D.C. Circuit can issue a decision on the merits of the case. Wilcox also requested that the Court deny the Trump Administration’s petition for certiorari before the D.C. Circuit’s decision, arguing the request to rush the Court’s normal appeal procedures is unwarranted.
A Washington, D.C. federal judge blocked President Trump’s executive order (EO) aiming to exclude certain federal agencies and their subdivisions involved in national security from collective bargaining. National Treasury Employees Union v. Donald J. Trump, et al., No. 1:25-cv-00935 (D.D.C. Apr. 25, 2025). Pursuant to the EO, covered agencies (including the Departments of Defense, Justice, and State) were no longer required to engage in collective bargaining with unions. The National Treasury Employees Union (NTEU), which represents federal workers in 37 departments and agencies, requested a preliminary injunction arguing the order was retaliatory against the unions. The injunction applies to all employees that NTEU represents. Because NTEU was the filing party, employees represented by other unions are not included in the order.
A coalition of unions, nonprofit groups, and local governments filed a complaint in a California federal court arguing President Trump lacks the constitutional authority to downsize or reorganize federal agencies without congressional approval. The lawsuit stems from an EO aiming to reduce the size of the federal government’s workforce and directing each agency head to work with the Department of Government Efficiency on hiring plans. The coalition, which includes national unions such as the Service Employees International Union and the American Federation of State, County and Municipal Employees, as well as the City of Chicago and City of San Francisco, claims the EO violates the U.S. Constitution’s separation of powers and the Administrative Procedure Act. The coalition requests the court to vacate the executive order and the related reorganization plans.
William Emanuel, former Board member and management-side labor attorney, has passed away. Emanuel was appointed to the Board by President Trump in 2017 and served until 2021. Emanuel’s confirmation to the Board gave the Board its first Republican majority in more than a decade. During his time on the Board, Emanuel was involved in reversing a wide range of union-friendly rulings and decisions issued under the Obama Administration, bringing significant changes to Board law.
Former Board General Counsel Jennifer Abruzzo has joined a union-side law firm as an attorney and rejoined the Communications Workers of America (CWA) as a senior advisor. President Trump terminated Abruzzo shortly after Inauguration Day in an expected move. She previously held various roles at the Board and formerly served as special counsel at the CWA. Abruzzo’s time at the Board was marked by aggressive initiatives resulting in overturning precedent on many issues, including expansion of protected concerted activity, increased use of enhanced remedies for unfair labor practice charges, and making it easier for employees to unionize without an election, among others. President Trump recently nominated management-side labor attorney Crystal Carey as the new general counsel. She is awaiting U.S. Senate approval.
FTC Rule on Unfair or Deceptive “Junk” Fees FAQs
On May 5, 2025, Federal Trade Commission staff published Frequently Asked Questions (FAQs) designed to provide consumers and businesses with information regarding the agency’s Rule on Unfair or Deceptive Fees, which takes effect on May 12, 2025.
The Rule on Unfair or Deceptive Fees prohibits bait-and-switch pricing and other tactics used to hide total prices and mislead people about fees in the live-event ticketing and short-term lodging industries. The Final Rule is significantly more narrow than as initially-proposed.
According to the FTC, unfair and deceptive pricing practices can harm consumers and undercut businesses trying to compete fairly on price. The Rule also furthers President Trump’s Executive Order on Combating Unfair Practices in the Live Entertainment Market by ensuring price transparency at all stages of the live-event ticket-purchase process, including the secondary ticketing market.
The Final Rule is intended to preserve flexibility for businesses by not prohibiting any type or amount of fee or specific pricing strategies. However, the Rule requires businesses that advertise prices tell consumers the whole truth up-front about total prices and fees.
The FAQs provide guidance on such topics as:
What Businesses are Covered by the Rule?
Businesses selling live-event tickets and short-term lodging are covered.
The Rule covers any business that offers, displays, or advertises live-event tickets or short-term lodging, including third-party platforms, resellers and travel agents. Coverage applies whether such offers, displays, or advertisements appear online, including through a mobile application, in physical locations, or through some other means.
Importantly, business-to-business transactions are covered. The Rule also protects individual and business consumers.
What are the Final Rule’s Basic Requirements?
A business that includes pricing information in its ads and other offers must tell people upfront the total price they will pay for live-event tickets or short-term lodging. The total price includes all charges or fees the business knows about and can calculate upfront, including charges or fees for mandatory goods or services people have to buy as part of the same transaction.
There are some fees that may be able to by excluded from the total price. In other words, there are a few fees or charges a business can disclose later in the transaction, as long as it discloses them before asking for payment. The total price displayed upfront does not need to include the following charges:
taxes or other government charges;
shipping charges; and
charges for optional goods or services people may select to buy as part of the same transaction.
However, a business must display the total price more prominently than other pricing information, except for the final amount of payment (as described below).
Also, excluded charges must be disclosed prior to asking for payment. Before a business prompts people to pay, the business must disclose the charges it has excluded from the total price. That disclosure should include the nature, purpose and amount of all such charges, and identify the good or service for which charges are imposed.
For example, if a business excludes taxes or shipping charges from the advertised price, the business must “clearly and conspicuously” disclose the amount and purpose of those charges. Before asking for payment, a business must add in any previously excluded charges and display the final amount of payment as prominently as, or more prominently than, the total price.
Importantly, the Rule prohibits misrepresentations about fees and charges. When it comes to fees, a business must tell the truth about information it is required to disclose, such as how much it is charging and why. It also must tell the truth about any other fee-related information it chooses to convey, like whether the fee is refundable. A business must describe what fees are for and avoid vague phrases like “convenience fees,” “service fees,” or “processing fees.”
Live-event tickets are covered under the Rule. Live-tickets events are for concerts, sporting events, music, theater and other live performances that audiences watch as they occur. In general, pre-recorded audio and visual performances and film screenings are not live events covered by the Rule.
Short-term lodging is also covered under the Rule. Examples of covered short-term lodging include:
Temporary sleeping accommodations at a hotel, motel, inn, short-term rental, vacation rental, or other place of lodging;
Home shares and vacation rentals offered through platforms (like Airbnb or VRBO);
Discounted extended stays at a hotel
Examples of lodging that are not covered under the Rule include:
Long-term or other rental housing that involves an ongoing landlord-tenant relationship;
Short-term extensions to leases offered by rental housing providers;
Temporary corporate housing offered by an apartment community under the same conditions as long-term leases.
There is no specified length of stay. The Rule does not mandate what length of stay qualifies as short-term. Whether a stay is short-term will depend on factors such as those listed above.
Which Mandatory Fees or Charges Must be Included in a Business’s Displayed Total Price?
Businesses must include all fees or charges that meet any of the following conditions (other than government charges and shipping charges):
Fees people are required to pay, no matter what;
Fees people cannot reasonably avoid (e.g., credit card processing charges when there is no other viable payment option);
Charges for ancillary goods or services that people must buy to make the underlying good or service fit for its intended purpose, which reasonable consumers would expect to be part of the purchase. For example, if a hotel requires guests to pay for towels, the hotel must include the towel fee in the total price; or
Fees people cannot effectively agree to because the business employs practices such as default billing, pre-checked boxes, or opt-out provisions. For example, a business cannot treat as optional an automatic fee that it removes only if a person notices and challenges it.
Examples of mandatory fees and charges that must be included in the total price:
An online ticket retailer requires people to pay a fee to purchase live-event tickets online. The fee cannot be avoided and must be included in the total price;
A resort charges a nightly rate of $199, plus a mandatory resort fee of $39 per day. The required resort fee must be included in the total price;
A vacation rental adds a cleaning fee that consumers must pay in addition to the nightly rate. The cleaning fee must be included in the total price.
Can a Business Itemize Mandatory Fees or Charges?
Yes, but itemization must not overshadow the total price.
A business may itemize fees or charges for mandatory goods or services required to be included in the total price, but the total price must be clear, conspicuous, and most prominent. In addition, all itemizations must be truthful and not misrepresent fees, including what the fees are for.
Which Fees or Charges can Businesses Exclude from the Total Price?
Businesses may only exclude three categories of charges from the total price:government charges, shipping charges and fees or charges for optional ancillary goods or services that people choose to add to the transaction.
Excluded fees or charges must be disclosed later. Before asking for payment, a business that initially excludes a fee or charge from the total price must clearly and conspicuously disclose:
the nature, purpose and amount of the fee or charge; and
the good or service for which the fee or charge is imposed.
When Must a Business Disclose the Final Amount of Payment, Including Fees or Charges it Excluded from the Total Price?
A business must prominently display the final amount of payment before asking people to pay. A business must calculate, then clearly, conspicuously, and prominently disclose the final amount of payment, including taxes, shipping and optional add-ons, before asking people to pay. The final amount of payment must be displayed as prominently as, or more prominently than, the total price.
What are Ancillary Goods or Services and How Does the Rule Apply to Charges for Them?
Ancillary goods or services are additional goods or services a business offers as part of the same transaction. They may be mandatory or optional, depending on the specific facts of the transaction.
Businesses must disclose fees or charges for mandatory ancillary goods or services in the total price. Fees or charges are mandatory if they relate to a good or service that is:
necessary to make the underlying good or service fit for its intended purpose; or
a required purchase when people buy the underlying good or service.
Examples of mandatory ancillary goods or services:
An online ticket seller automatically charges a 3% credit card surcharge on top of the advertised price and the seller does not offer another viable online payment method without a fee. The credit card payment is then a mandatory ancillary service. The seller must include the fee in the total price because people cannot reasonably avoid it;
At check-in, a hotel automatically charges a resort fee for the use of its facilities, although it waives the fee if a guest notices and challenges it. The resort fee is a mandatory ancillary service. The hotel must include the fee in the total price because: (i) a reasonable consumer would expect use of the hotel facilities to be included with the stay; and (ii) automatically including the fee makes the good or service mandatory by effectively limiting people’s ability to consent.
Businesses do not need to include fees or charges for optional ancillary goods or services in the total price. A business may exclude from the total price fees or charges for optional ancillary goods or services that people may choose to add to the same transaction. However, if a consumer adds them, the business must clearly and conspicuously disclose such fees, and include them in the final amount of payment, before asking the person to pay.
Examples of optional ancillary goods or services:
A comedy club sells tickets in-person at its box office and charges a 3% surcharge when people buy tickets with a credit card but not when people pay with a payment app, debit card, or cash. In this case, using a credit card is an optional ancillary good or service;
A live music venue offers event tickets for $150 and a VIP package for $200 that includes the event ticket, drinks, and an appetizer. The VIP package is an optional ancillary good or service;
A sporting event venue offers people the option to rent binoculars. Binocular rental is an optional ancillary good or service;
A hotel offers guests the option to select a trip protection plan when booking online. The guest affirmatively must check a box to add the plan (the plan is not pre-selected). In this case, the plan is an optional ancillary good or service.
Can Businesses Charge Credit Card Surcharges and Other Payment Processing Fees and, if so, Can They Exclude Such Fees From the Total Price?
Businesses may charge or pass through credit card or other payment processing fees if otherwise permitted by law. If a business requires people to pay with a credit card, the credit card fee is mandatory and must be included in the total price.
If there is another viable payment method people can use at the same location or platform that does not incur a fee, then using the method that incurs a fee is optional, and the business need not include the fee in the total price. The business still must disclose the fee, include it in the final amount of payment before asking for payment, and may not misrepresent the purpose or amount of the charge.
How Does the Rule Treat Shipping Charges?
A business can – but is not required to – exclude shipping charges from the total price. Shipping charges must reasonably reflect a business’s costs to ship physical goods. A business can use flat-rate shipping or shipping costs based on national averages. Shipping charges do not have to reflect a business’s exact cost to ship goods.
A business can incorporate the cost of shipping into the total price, for example, when offering “free shipping.”
If a business excludes shipping charges from the total price, it must disclose such charges before asking for payment and include those charges in the final amount of payment.
Handling charges are not shipping charges. A business must include handling charges in the total price.
How Does the Rule Apply to Fees that Depend on Consumer Choices or Behavior?
If a business cannot calculate a fee or charge in advance because it depends on choices someone makes during the transaction, it can exclude the fee or charge from the total price.
For example:
A theater offers general admission tickets for one price and upgraded balcony seats at a higher price. The theater may advertise the lowest available general admission total price only if people can actually buy tickets at that price and the pricing information is not otherwise misleading;
When booking a hotel room, people may select from several optional features that impact the final amount of payment. The hotel may advertise room rates at the lowest available total price if people can actually book the advertised room at that price and the pricing information is not otherwise misleading. But once someone selects a feature that increases the rate, the hotel must update the total price to reflect such choices.
A business can also exclude from the total price fees incurred after purchase, but only if those fees: (i) couldn’t be known at the time of purchase; or (ii) may not be considered part of the same transaction (for example, fees for late payment or charges for damage to a hotel room).
Can Businesses use Dynamic Pricing?
Businesses may use dynamic pricing strategies to adjust prices, for example, based on demand or inventory, so long as the pricing information is not misleading. Many businesses do, and may continue to, rely on regional or local advertising that enables pricing to vary by region or locality.
How Does the Rule Apply to Discounts and Promotional Pricing?
The Rule allows a business the flexibility to offer discounted pricing or pricing promotions. However, if the discount or promotion is not available to everyone, the total price should not reflect the discount or promotion. Once someone meets the requirements for the discount, the business can update the total price to reflect the discount.
For example:
If a promotion is available only to some people, such as people who enroll in a rewards program, the total price is the price offered to everyone. If a business wants to display both prices, the total price must be most prominent;
If a business offers a promotion such as “Buy One Get One Free,” it must display the total price without the promotion most prominently, unless and until the transaction meets the requirements for the promotion.
If a business advertises a general discount such as “50% off,” without displaying the price of any particular good or service, the display would not require disclosure of the total price.
How Does a Business Disclose Pricing Information “Clearly and Conspicuously?”
A “clear and conspicuous” disclosure is easy for people to understand and difficult for them to miss. The Rule does not require specific fonts or type sizes, but specifies that:
All disclosures. All disclosures must be made in the same way as the offer, display, or ad. In other words, if an ad is visual, the disclosure must be visual. If the ad is audible, the disclosure must be audible. If ads are both visual and audible – for example, a TV ad – the disclosure must be presented both visually and audibly at the same time;
Visual disclosures. A visual disclosure must stand out so it’s easy for people to notice, read, and understand. When offering a visual disclosure, consider the disclosure’s size, contrast with the background and other text, location, and length of time appearing on screen;
Audible disclosures. An audible disclosure – for example, on the radio or in a video – must be at a volume, speed, and cadence sufficient for ordinary consumers to easily hear and understand;
Interactive electronic media. For offers, displays, or ads in interactive electronic media – such as online, including in an app – the disclosure must be unavoidable;
Wording of disclosures. Disclosures must use plain language, can’t be contradicted by other statements, and must be in the same language as the offer, display, or ad.
What are Some Examples of Misrepresentations that May Violate the Rule?
A hotel charges an “environmental fee” but does not actually use the fee to promote environmental sustainability or conservation.
A ticket seller says a “usage fee” is required by the government when it is not.
A speculative ticket seller advertises it has tickets available for a sold-out concert at a certain price but does not actually have those tickets. In this case, the tickets are not “available” at the time the business made the offer.
A secondary ticket seller chooses to itemize all charges that make up the total price of a ticket. The secondary ticket seller includes a “taxes and fees” charge at checkout that inflates the actual government taxes and fees because it includes an amount that the ticket seller keeps as profit.
How Does the Rule Affect National or Regional Advertising Campaigns?
A business that advertises nationally, regionally, or locally with different prices for different locations should advertise the maximum total price applicable to the area the business is targeting.
How Does the Rule Apply to Online Marketplaces?
Businesses that sell or advertise on an online marketplace must provide the marketplace with accurate pricing information, including information about fees or charges for mandatory and optional ancillary goods and services.
Online marketplaces or other intermediaries, including those in the secondary ticket market, responsible for offering, displaying, or advertising the price of a good or service must give sellers the information necessary to calculate the total price. For example, if an intermediary charges a fee to access its platform and the seller passes the fee on to the consumer, the intermediary must give the seller accurate information about the fee so the seller can include this mandatory fee in the total price.
If intermediaries display pricing information for the seller, they must display the total price. In such a case, sellers must provide intermediaries with the information necessary to calculate the total price.
What Happens if a State or Local Law or Regulation has Different Requirements?
Businesses must comply with the Rule and all applicable state or local laws and regulations.
If a state or local law or regulation directly conflicts with the Rule and a business cannot comply with both, the Rule will supersede the state or local law or regulation but only to the extent of the conflict. In other words, a business still must comply with all parts of the state or local law or regulation that do not directly conflict with the Rule.
If a state or local law or regulation gives people greater protections than the Rule, businesses must comply with the Rule and the greater protections provided by the state or local law or regulation.
What happens if a business violates the Rule?
Businesses that violate any FTC Trade Regulation Rule – including the Junk Fees Rule – could be ordered to bring their practices into compliance, refund money back to consumers, and pay civil penalties.
Takeaway: The FTC Final Rule on Unfair or Deceptive “Junk” Fees covers businesses that offer, display or advertise live-event tickets or short-term lodging, “including third-party platforms, resellers, and travel agents,” regardless of where the advertisements appear. Notably, it also applies to B2B transactions. Importantly, sellers must be provided information necessary to calculate and disclose the total price upfront by online marketers and other intermediaries (for example and without limitation, secondary ticket market participants), including fees intermediaries charge.
Litigation Minute: Tough to Swallow: Increased State Regulation of and Attention on Contaminants in Food
What You Need to Know in a Minute or Less
Until recently, state regulators largely deferred to the US Food and Drug Administration (FDA) to scrutinize and regulate contaminants in food, such as heavy metals. In the past several years, however, states have taken an increasingly active role in regulating foods, not only from the standpoint of what can be added to food (e.g., California’s 2023 food additive ban and a broader, more impactful 2025 additive ban in West Virginia) but also from the standpoint of unwanted contaminants in food.
This edition of Litigation Minute discusses some recent state laws and introduced bills that could provide fodder to class action plaintiffs to argue that foods are, for example, labeled in a false or misleading way or unsuitable for their intended use. In a minute or less, here is what you need to know about state laws on contaminants in food.
What Contaminants Are States Targeting?
To provide a sense of the types of laws emerging at the state level on contaminants in food, consider the following examples:
AB 899 in California and Rudy’s Law in Maryland require baby food companies to test every lot of baby food for heavy metals and publish the results on that testing on their website.
New York state has proposed action levels for heavy metals in spices of 0.21 parts per million (ppm) lead, 0.26 ppm cadmium, and 0.21 ppm inorganic arsenic.
Proposed legislation known as LD 130 in Maine would establish maximum levels for perfluoroalkyl and polyfluoroalkyl substances (together, PFAS) in agricultural products.
According to Safer States, 19 states have passed 43 laws affecting substances used in food-contact materials (e.g., bisphenols, PFAS, ortho-phthalates, polystyrene); many of these laws have the aim of preventing these substances from becoming contaminants in food, as well as include goals that are environmentally focused.
How Did We Get Here?
Many of these state laws have been implemented in response to events like the WanaBana applesauce recall for lead, articles noting concerns regarding heavy metals in food in the popular press (e.g., Consumer Reports), blog postings, and social media activity.
The state laws also seek to fill a perceived void where FDA has not taken action or where its compliance with administrative procedure has led to an arguably slow response. For example, FDA initiated its Closer to Zero initiative in 2021 to identify ways to reduce exposure to heavy metals in food consumed by babies and young children. However, as of 1 May 2025, the only action level to have been finalized was lead in certain baby foods (i.e., fruit and vegetable purees, infant cereal, yogurt). FDA had planned on starting the process of setting action levels of arsenic and cadmium in 2025; however, that was prior to workforce reductions recommended by the current administration. It is not clear whether FDA will move forward on these initiatives in 2025. It is possible that continued lack of action at the FDA level will lead to more state laws in the future.
Many of these new state laws seem to have drawn some inspiration from California’s Safe Drinking Water and Toxic Enforcement Act of 1986, popularly known as Proposition 65. Proposition 65 until now had been a unique right-to-know law requiring that a company warn a consumer before exposing them to one of approximately 1,000 listed carcinogens or reproductive toxicants. However, states are now considering legislation similar to Proposition 65. For example, Missouri is currently considering a bill (HB 260) that would require warnings if certain contaminants (e.g., lead, cadmium) or FDA-approved color additives (e.g., Red 40) are in the product. Similarly, Texas has passed a law (SB 25) requiring warnings when certain ingredients (e.g., bleached flour), food additives (e.g., artificial sweeteners), or color additives are used in foods; the Texas law does not require warnings for contaminants.
Impact of State Laws on Litigation Risk
These state laws present plaintiffs with potential avenues for pursuing litigation. With respect to the AB 899 and Rudy’s Law disclosures for baby food, the publication of heavy metal test information could lead to challenges based on Proposition 65 in California. There are also examples of plaintiffs alleging that the presence of such contaminants conflicts with claims like “natural” or health-related claims. One of the earlier examples of this type of lawsuit was Doss v. General Mills, Inc., No. 19-12714 (11th Cir. May 20, 2020), in which the plaintiff alleged that claims like “packed with nutrients” and “wholesome” on Cheerios were rendered misleading by residues of glyphosate that were in compliance with federal law. Similarly, the New York proposed action limits on heavy metals in spices could be a basis for alleging that any spice exceeding those levels render the spices unsuitable for use in food. Class actions following recalls are fairly common.1
Takeaways
States’ increased activity in regulating food provides additional fodder for private plaintiffs seeking to challenge the labeling and safety of foods based on the presence of low levels of contaminants. These laws unfortunately give credence to the position that there is cause for concern, even when exposures are very low and present at levels consistent with Current Good Manufacturing Practices (i.e., industry best practices for producing safe and high-quality foods).
The next edition in this Litigation Minute series will focus on examples of class action litigation targeting contaminants, including a recent case trying and failing to allege that chocolate violated various state unfair business practices and similar laws due to the presence of heavy metals.
Footnotes
1 See, e.g., Willis v. Thomson Int’l Inc., 37-2020-00027164-CU-PL-CTL (Cal. Cnty. Ct. 2020) (filed after a Listeria monocytogenes recall on onions).
Also see websites like TopClassActions.com, which closely monitors product recalls with the expectation that recalls could evolve into class action litigation.
Time Is Money: A Quick Wage and Hour Tip . . . Contractual Indemnification May Not Guard Against FLSA Claims
The complex web of federal and state wage and hour laws create potentially devastating risk of exposure for employers.
Years of possible liability for yet unknown claims, liquidated damages, shifting attorneys’ fees, not to mention the risk of class or collective suit, can quickly transform seemingly minor and technical irregularities into expensive complications. And for companies that partner with other entities to meet their staffing needs, resolving this risk of liability is a critical piece of their business operations.
Quite often, the quick solution for this concern is through a traditional business arrangement: contractual indemnification. Shifting risk of loss via contract is fairly standard, especially as courts generally enforce the unambiguous terms of the parties’ agreement. Yet employers should take note of a concerning trend among courts across the country, which have in some cases refused to enforce indemnification agreements in Fair Labor Standards Act (“FLSA”) matters on public policy grounds.
How Did We Get Here?
Courts ordinarily steer clear of interrupting the unambiguous contractual agreements of sophisticated business entities, so what is motivating this judicial scrutiny of indemnification clauses in FLSA matters? Much can be traced back to the Second Circuit’s decision in Herman v. RSR Sec. Servs. Ltd., which rejected an interpretation of the FLSA that would have provided a statutory right to indemnification or contribution among co-employers.[1]
In Herman, a putative co-employer who had been found liable for back wages following a bench trial sought to shift those losses to his co-defendants, whom he claimed were the plaintiff’s actual employer. In reviewing this claim, the Second Circuit looked to the text of the FLSA, its overarching intent, its remedial mechanisms, and the law’s statutory history. None counseled in favor of creating a new statutory obligation among co-employers. The law was silent as to any right to contribution or indemnification, employers were clearly not the class for whose benefit the FLSA was enacted, and no evidence in the legislative history of the statute favored the judicial creation of this new statutory right. Accordingly, the Second Circuit unequivocally held that “there is no right to contribution or indemnification for employers held liable under the FLSA.” Id. at 144.
More than 20-years after Herman, the Ninth Circuit reached the same conclusion.[2] In rejecting yet another attempt to develop a statutory reading of the FLSA that would have permitted a claim for contribution or indemnification, the Ninth Circuit highlighted how “Congress, not the courts” held responsibility for developing this type of remedy. Following this “cautious” approach toward statutory interpretation, the Ninth Circuit similarly “decline[d] to find an implied cause of action for contribution or indemnification under the FLSA.” Id. at 1105.
How Does this Impact Contractual Obligations?
Although the Second and Ninth Circuit limited their holdings to statutory claims to indemnification under the FLSA—and notwithstanding the judicial “cautio[n]” recognized in their analysis—district courts across the country have not been so restrained. Only two years after Herman, district courts in New York began expanding the rejection of a statutory right to contribution under the FLSA to also negate contractual indemnification agreements. In Gustafson v. Bell Atl. Corp., the defendants sought to enforce an indemnification clause that would have required a putative co-employer to pay for any losses incurred as a result of their violations of the FLSA.[3] The defendants in this matter emphasized that their claim was “purely one for damages for breach of contract by a third party,” and thereby did not fall within the gambit of Herman. The Court disagreed.
Irrespective of the contractual basis for indemnification, the Court held that “defendants’ attempt to recover damages from [the co-employer] for overtime violations is an attempt to receive indemnification for FLSA liability.” Id. (emphasis added). Whether the putative co-employer was responsible for the alleged overtime violation was of no consequence. In the Court’s view: “[a]llowing indemnification in cases such as this would permit employers to contract away their obligations under the FLSA, a result that flouts the purpose of the statute.” Id. Accordingly, the indemnification clause was held unenforceable for purposes of any FLSA-related damages.
Are Courts Uniform In this Approach?
Unsurprisingly, courts across the country are divided on this issue. Some have adopted the public policy arguments noted above, holding that contractual indemnification of FLSA damages would give employers little reason to comply with the statute and run contrary to the FLSA’s statutory purpose.[4] Others have rejected this premise, and distinguished indemnification claims taken against employees (which are prohibited on public policy grounds) from contractual agreements involving sophisticated business entities that should be enforced.[5] Still others have permitted contractual indemnification claims without even opining on this brewing public policy dispute; in these cases, the parties’ unambiguous contractual intent is sufficient to enforce their agreement.[6]
As one court succinctly stated: “[f]or each FLSA case that permits contractual indemnity claims, however, there is a case that prohibits the same.”[7]
How Should Employers Address This Uncertainty?
The lack of any uniformity in this regard, and the policy-based rationale for negating these provisions, presents a difficult problem for employers: an inability to easily allocate risk and develop protection from exposure.
But companies can still take affirmative steps to address this concern. First and foremost, companies must identify potential sources of liability, both internally and through their arrangements with business partners. Indemnification agreements may not provide sufficient protection against FLSA claims, and identification of any vulnerabilities can help dictate how best to allocate appropriate business costs. Next, a comprehensive wage and hour audit of these internal and external pay practices can help quantify risk and potential loss. This will help business leaders maintain compliance with federal and state wage and hour laws, explore remediation opportunities to resolve problems prospectively, and dictate how to structure relationships with business partners in order to reduce the risk of joint liability. Finally, companies and their counsel should carefully consider the forum of any brewing FLSA dispute, in order to gauge the likelihood of success on any indemnification claim.
Judicial uncertainty notwithstanding, these steps can help business leaders identify and quantify risk while also achieving the primary goal of any indemnification clause: safeguarding the company against potential loss.
ENDNOTES
[1] 172 F.3d 132 (2d Cir. 1999).
[2] Scalia v. Employer Solutions Staffing Grp, LLC, 951 F.3d 1097 (9th Cir. 2020).
[3] Gustafson v. Bell Atl. Corp., 171 F. Supp. 2d 311 (S.D.N.Y. 2001).
[4] Goodman v. Port Auth. of N.Y. & N.J., 850 F. Supp. 2d 363 (S.D.N.Y. 2012); Scalia v. MICA Contracting, LLC, 2019 WL 6711616, at *4 (S.D. Ohio Dec. 10, 2019), report and recommendation adopted, 2020 WL 635908 (S.D. Ohio Feb. 11, 2020).
[5] Varnell, Struck & Assocs., Inc. v. Lowe’s Cos., 2008 WL 1820830, at *10-11 (W.D.N.C. Apr. 21, 2008); Plummer v. Rockwater Energy Sols. Inc., 2019 WL 13063612, at *4 (S.D. Tex. July 2, 2019) (“The court finds that no controlling authority bars Rockwater’s claims for contractual indemnity and contribution under the FLSA.”).
[6] Bogosian v. All Am. Concessions, 2011 WL 4460362, at *4 (E.D.N.Y. Sept. 26, 2011).
[7] Robertson v. REP Processing, LLC, 2020 WL 5735081, at *5 (D. Colo. Sept. 24, 2020).
Employers Beware: Blanket Policies Prohibiting Workplace Recordings May Violate the NLRA
In the past, employees recording audio or images in the workplace might resort to use of a bulky tape recorder or a hidden “wire” or camera. Now that smart phones with professional-grade audio and video capabilities are an integral part of our society, clandestine (or blatant) workplace recordings are much more easily accomplished.
With this increased ease of access to reliable and compact recording equipment has come a heightened employer sensitivity to workplace recordings. As a result, many employers are tempted to implement blanket policies prohibiting workplace recordings, or otherwise require management consent to make any workplace recordings.
While some limited prohibitions on workplace recordings are permissible—for instance, to protect confidential business information or private health information—in recent years, the National Labor Relations Board (“NLRB” or the “Board”) has criticized blanket policies prohibiting such activities. The NLRB reasons that policies against workplace recordings may discourage employees from participating in concerted activity with other employees that safeguard their labor rights. In other words, such policies may “chill” employees’ ability to act in concert, and some courts have agreed.
Section 7 of the National Labor Relations Act (“NLRA” or the “Act”) ensures employees’ “right to self-organization, to form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection,” and the right “to refrain from any or all such activities.” Section 8(a)(1) of the Act makes it an unfair labor practice for an employer “to interfere with, restrain, or coerce employees in the exercise of the rights guaranteed in Section 7” of the Act.
The Board has noted that workplace video and audio recording is protected if employees are “acting in concert for their mutual aid and protection” and the employer does not have an “overriding interest” in restricting the recording. As noted above, protection of confidential company information or personal health information can help an employer to demonstrate an overriding interest in restricting recordings. As noted by the Board, a few examples of recordings made in concert for mutual protection that may outweigh an employer’s interest in any restrictions are recordings made to capture:
unsafe working conditions;
evidence of discrimination;
“townhall” meetings with anti-union sentiment; and
conversations about terms and conditions of employment.
Regardless of any state laws that may require two-party consent for recording conversations, the NLRB has held that the NLRA preempts state law, and that protection of employees’ rights under the NLRA overrides concerns about state law recording consent violations.
Thus, at a time when recording capabilities are packed into an ordinary, everyday device carried by nearly every employee in every workplace, employers who still wish to have a policy limiting workplace recordings should ensure that the policy lists valid reasons for implementing the policy, include a carve-out in the policy for protected concerted activities under the NLRA, and not require management approval for recordings that constitute protected concerted activities. Taking such measures can help to ensure the Board will not find an employer’s no-recording policy in violation of the NLRA.
District Court Strikes Down New CMS Rule Imposing Minimum Staffing Requirements for Long-Term Care Facilities
On Monday, April 7, the U.S. District Court for the Northern District of Texas vacated CMS’s recently adopted rule imposing minimum staffing requirements for long-term care facilities participating in Medicaid or Medicare. On April 22, 2024, CMS announced this final rule (the “Final Rule” or “CMS-3442F”), which sought to “significantly reduce the risk of residents receiving unsafe and low-quality care within LTC facilities.”[1] Specifically, the Final Rule would have required nursing homes to provide at least 3.48 hours per resident day of total nurse staffing and required each nursing home to maintain a registered nurse onsite 24 hours a day, 7 days a week – triple Congress’s original directive of 8 hours, 7 days a week.
Although the Final Rule included hardship exemptions and staggered implementation of its requirements, it nevertheless sparked significant controversy – with CMS receiving over 46,000 comments when it was proposed in 2023. Many nursing home residents and their families supported the Rule’s adoption as a necessary response to long-standing concerns over poor facility conditions, neglected residents, and inadequate care. Conversely many in the nursing home industry argued that the Final Rule would increase costs for facilities such that many nursing homes would be forced to shut down, concluding that the Final Rule would ultimately harm patients, particularly those in rural areas, by causing workforce shortages and significantly limiting patients’ access to care.
Accordingly, in June of 2024 the American Health Care Association, LeadingAge, Texas Health Care Association, and other industry advocates sued CMS to block the Final Rule. In its April 7 ruling, the Court acknowledged the failures plaguing nursing homes, which it described as including “inadequate staffing levels, poor infection control, failures in oversight and regulation, and deficiencies that result in actual patient harm.” However, the Court also noted that the Final Rule’s requirement that a registered nurse be onsite 24/7 exceeded the statutory baseline set by Congress. Regarding the minimum nurse staffing requirements, the Court concluded that the Final Rule’s blanket requirement effectively replaced the more flexible standard adopted by Congress. Ultimately the Court struck down nearly all of the Final Rule on the basis that CMS exceeded its authority in its adoption, stating:
Though rooted in laudable goals, the Final Rule still must be consistent with Congress’s statutes. To allow otherwise permits agencies to amend statutes though they lack legislative power. Separation of powers demands more than praiseworthy intent.
In essence, the Court explained that future regulatory solutions related to nursing home minimum staffing requirements will need to come from Congress. CMS has not yet indicated whether it will appeal the Court’s ruling. Thus, for the time being, nursing homes are relieved from the Final Rule’s staffing requirements.
[1] Medicare and Medicaid Programs: Minimum Staffing Standards for Long-Term Care Facilities and Medicaid Institutional Payment Transparency Reporting Final Rule (CMS 3442-F) | CMS
Regulatory Scrutiny on Potential MNPI in the Credit Markets
Over the past year, regulatory scrutiny of the credit markets has intensified, with the SEC investigating the potential use of material nonpublic information (“MNPI”) relating to credit instruments. The SEC brought a number of enforcement actions against investment advisers involving the failure to maintain and enforce written MNPI policies involving trading in distressed debt and collateralized loan obligations, even in the absence of insider trading claims. We anticipate that these investigations of trading in private credit instruments and related MNPI policies will continue, as SEC enforcement staff has increased their focus on these markets.
Although insider trading investigations typically involve equity securities, in 2024 the Commission scrutinized ad hoc creditor committee participants and took action against distressed debt managers relating to MNPI. Many fund managers investing in distressed corporate bonds collaborate with financial advisors to form ad hoc creditors’ committees, aiming to explore beneficial debt restructuring opportunities prior to bankruptcy. Managers often avoid receiving MNPI to avoid prolonged trading restrictions on company bonds. For example, a manager may wish to remain unrestricted until formally entering a non‑disclosure agreement (“NDA”) with the company and will notify external financial advisors and other committee members that it should only receive material prepared on the basis of public information. In other cases, managers will rely on information barriers, organizing their businesses into “public” and “private” sides. The SEC Staff has identified these situations as involving a heightened MNPI risk, emphasizing the need for clear written procedures to handle MNPI and mitigate risks of leakage or inadvertent receipt. While industry participants may struggle to draw specific compliance guidelines from these cases, the key takeaway is that the SEC expects heightened procedures for creditor committee participation and, more generally, consultants or advisers who may have access to MNPI.
The SEC also focused on MNPI when trading securities issued by collateralized loan obligation vehicles (“CLOs”). Last year the SEC settled a case against a New York‑based private fund and CLO manager targeting the steps it took to ensure its analysts and advisers were not themselves misusing MNPI. The fund manager traded tranches of debt and equity securities issued by CLOs it directly managed as well as those managed by third parties. The SEC alleged that as a participant in an ad hoc lender group, the fund manager had become aware of negative developments that concerned a particular borrower, and privately sold CLO equity tranches while in possession of this confidential information. The CLO manager allegedly failed to consider the materiality of the negative information to the sold tranches before trading. While the SEC did not specifically allege insider trading, in part due to the firm obtaining internal compliance approval pre‑sale, the matter led to a settlement focusing on the fund manager’s failure to establish and enforce appropriate policies on the use and misuse of MNPI. As emphasized in other distressed debt and similar MNPI cases, MNPI policies and practices should be tailored to the nature of a firm’s business. The failure to address information flow in these situations may lead to SEC scrutiny of the trading itself and the adviser’s policies under Section 204A of the Advisers Act, which requires investment advisers to establish, maintain and enforce written policies to prevent misuse of MNPI, as well as Section 206(4) and Rule 206(4)-7 (the Compliance Rule). The SEC has been investigating trading in the credit markets and shown a willingness to bring these cases even in the absence of any alleged insider trading, although the Commission recently voted to dismiss the one litigated matter. Interestingly, both Republican SEC Commissioners, despite philosophical objections to enforcement settlements under the Compliance Rule, voted to approve the Section 204A charges in the creditors committee matter, and one voted to approve such claim in the CLO matter. Even with the change in administration, the SEC staff will continue to scrutinize these issues and look at similar risks in the credit markets.
Read more of our Top Ten Regulatory and Litigation Risks for Private Funds in 2025.
Robert Pommer, Seetha Ramachandran, Nathan Schuur, Robert Sutton, Jonathan M. Weiss, William D. Dalsen, Adam L. Deming, Adam Farbiarz, and Hena M. Vora contributed to this article