A Delay in Exit Plans
There was much hope going into 2025 that we would see a rebound in the IPO market after a bit of a drought over the past few years. We left the uncertainty of the election behind us, and good news on the inflation and interest rate fronts were fueling a sense of hope that 2025 was going to be a great year for the IPO market. However, at almost three months into the new year, it is looking like that rebound might be delayed a little longer.
The Wall Street Journal reports that the market volatility we are currently seeing is going to make IPO pricing a “monumental challenge,” and the IPO recovery that venture investors have been waiting on is on hold. The market is reacting to the threats of tariffs and a trade war, as well as recent talks of a recession, and the WSJ says this is keeping some companies on the sidelines as they delay their exit plans.
Yahoo! Finance cites data from Dealogic indicating that the total value of US IPOs is up 62%, coming in at $10 billion as of March 11 – almost double the number of deals compared to the same period in 2024. However, this is still well lower than the kinds of numbers we were seeing in the boom of 2021.
There are some companies who have already gone public this year, with six venture backed IPO’s as of mid-March. And there are still some on track, at least as of now, for the second quarter. Klarna and CoreWeave both filed an IPO prospectus this month, but those plans could be derailed if the market continues its roller coaster ride. Others have already put their plans on hold.
And it is not just IPOs that are delayed – mergers & acquisitions (M&A) are also off to an extremely slow start this year despite expectations that there would be more robust activity this year. PitchBook data show that “US M&A volumes in January were the lowest they’ve been in 10 years, and February wasn’t rosy either.” They point to antitrust policy, market turmoil, and “price mismatches” as contributing factors here. The leadership at the DOJ and FTC also remains critical of Big Tech, so many of those players are sitting on the sidelines which has slowed down dealmaking considerably.
Only time will tell how the back and forth on tariffs will play out, but they are certainly having an impact on the market now and could have longer term impacts that further delay exit plans. A recent article in Forbes notes that the “market’s long-term response to tariffs depends largely on adaptability—how quickly companies can adjust supply chains, pass costs to consumers, or find alternative markets.” But how quickly companies can pivot remains to be seen, and timing will be critical for market stability and for transactions to resume.
There is certainly still hope that successful trade negotiations could end this tariff battle, but there are still fears about the current state of the economy and the potential for a recession. The world is watching closely to see how all of this shakes out, as is everyone sitting on the sidelines planning their next move.
Given that the pre-IPO planning process can be lengthy, and we know that better planning leads to better performance (and that lack of planning leads to poor results), companies and financial sponsors should be getting their ducks in a row for an anticipated IPO market window opening soon, perhaps as early as May 2025.
Australia: APRA Proposes Reforms to Strengthen Governance Standards
The Australian Prudential Regulation Authority (APRA) has proposed reforms to strengthen core prudential standards and guidance on governance, currently set out in SPS 510 Governance, SPS 520 Fit and Proper, and SPS 521 Conflicts of Interest.
The proposals come after APRA chairman, John Lonsdale, witnessed “entities treating compliance with some requirements, as a box-ticking exercise”. Lonsdale also stated that “international best practice on governance has progressed, and we want to ensure that our framework reflects that evolution”.
The proposed reforms include:
Introducing a 10-year tenure limit for non-executive directors at regulated entities;
Extending the current RSE licensee conflict management requirements to banks and insurers;
Strengthening board independence, particularly for entities which are part of a larger group structure;
Clarifying expectations around the roles of boards, the chair and senior management;
Lifting requirements for boards to ensure they have appropriate skills and capabilities to deliver an entity’s strategy;
Raising minimum standards for the fitness and propriety of responsible persons of regulated entities;
Requiring significant financial institutions to have separate audit and risk committees; and
Engaging a third-party performance assessment of the board, committees and individual directors at least every three years.
What’s Next?
APRA has confirmed the changes would be applied proportionately, with less complex institutions facing lower compliance expectations. APRA also aims to lift standards without adding undue cost burden, with Lonsdale stating that “most proposals will involve little change for entities with mature governance practices”.
Over the next three months, the industry will have the opportunity to comment on APRA’s proposals, with submissions required by 6 June 2025. The regulator intends to release updated prudential standards and guidance for formal consultation in early 2026, with the revised framework scheduled to come into force in 2028.
While noting that APRA’s Discussion Paper discloses APRA’s preliminary views, we suggest Australian banks, insurers, and superannuation trustees should review their current governance framework in anticipation of the direction of the regulator’s future expectations.
Amazon Files Suit against CPSC, Challenging CPSC’s Determination That Amazon Is a Distributor
On March 14, 2025, Amazon filed suit against the Consumer Product Safety Commission (CPSC) in the U.S. District Court for the District of Maryland, challenging CPSC’s July 29, 2024, and January 16, 2025, orders determining that Amazon is “a ‘distributor’ of certain products that are defective or fail to meet federal consumer product safety standards, and therefore bears legal responsibility for their recall.” According to CPSC’s January 17, 2025, announcement, “[m]ore than 400,000 products are subject to this Order: specifically, faulty carbon monoxide (CO) detectors, hairdryers without electrocution protection, and children’s sleepwear that violated federal flammability standards.” CPSC determined that the products, listed on Amazon.com and sold by third-party sellers using the Fulfillment by Amazon (FBA) program, pose a “substantial product hazard” under the Consumer Product Safety Act (CPSA). In its complaint, Amazon argues that CPSC “overstepped” the statutory limits of the CPSA by ordering “a wide-ranging recall of products that were manufactured, owned, and sold by third parties,” not Amazon itself. Amazon states that CPSC’s recall order “relies on an unprecedented legal theory that stretches the [CPSA] beyond the breaking point and fails to discharge” CPSC’s obligations under the Administrative Procedure Act (APA).
Amazon argues that it “falls within the definition of third-party logistics provider with respect to products sold using the FBA service because it does not manufacture, own, or sell those products, but instead stores and ships them on behalf of third-party sellers who retain title throughout the transaction.” Amazon notes that CPSC’s July 2021 administrative complaint was the “first of its kind” in seeking to label an online marketplace as a distributor under the CPSA, holding it responsible for recalling products “because it provided the third-party sellers with logistics services.” Amazon cites a statement by Robert S. Adler, then Acting Chair of CPSC, “admitt[ing] that the ‘statute is not perfectly clear on’ whether the Commission’s authority extends to Amazon’s FBA service.”
Amazon also argues that CPSC violated the APA in requiring a new round of recall notices, despite Amazon “having already twice notified every individual who purchased the products” and that Amazon “issue new refunds to purchasers (despite having already provided a full refund to every customer in 2021 or 2022).” According to Amazon, CPSC’s typical product recall practices require only a single round of notices, and binding precedent holds that CPSC “acknowledge and provide a ‘reasoned explanation for’” departing from its past practice.
According to Amazon, the CPSA vests CPSC Commissioners “with a potent combination of governmental functions, authorizing them to act as judge, jury, and prosecutor in the same proceeding.” Amazon notes that the body that voted to file the complaint against it — the Commissioners — “also has the power to hear the evidence, decide factual disputes, interpret and apply the law to the facts, and fashion the remedy.” Amazon states that this arrangement “contravenes Amazon’s Fifth Amendment rights because it ‘violates the [Supreme] Court’s longstanding teaching that ordinarily ‘no man can be a judge in his own case’ consistent with the Due Process Clause.’”
Amazon asks the court to:
Vacate CPSC’s January 16, 2025, Final Order, as well as all earlier orders, “as arbitrary and capricious, contrary to law, in excess of statutory authority, and contrary to constitutional right”;
Declare that Amazon is a third-party logistics provider, not a distributor, with regards to its FBA logistics service; and
Declare the Commissioners’ statutory removal protections unconstitutional.
More information on CPSC’s July 29, 2024, Decision and Order is available in our August 5, 2024, blog item.
Fourth Circuit Stays Preliminary Injunction of Executive Orders Related to DEI Programs
On March 14, 2025, the US Court of Appeals for the Fourth Circuit issued a stay on the US District Court for the District of Maryland’s nationwide preliminary injunction of US President Donald Trump’s executive orders (EOs) that target diversity, equity, and inclusion (DEI) programs – namely, EO Nos. 14151 and 14173 – which allows the government to implement and enforce the EOs while litigation continues.
In Depth
In granting the stay, each member of the three-judge panel issued a concurring opinion explaining their reasoning. Chief Judge Albert Diaz and Judge Pamela Harris agreed that the government showed a sufficient likelihood that it will succeed in demonstrating that the EOs are not unconstitutional, in part because the EOs are limited in scope. For example, the EOs do not state that all efforts to advance DEI are illegal; rather, the “certification” and “enforcement threat” provisions apply only to conduct that violates existing anti-discrimination laws. Additionally, the “termination” provision directs the termination of grants based on the nature of the grant-funded activity, not the grantee’s external speech or activities, which both judges noted might implicate First and Fifth Amendment concerns. Judge Diaz further hinted that the anti-DEI EOs may be unconstitutionally vague as they lack clear definitions of what types of programs the Trump administration seeks to eliminate. Judge Allison Jones Rushing considered the injunction overbroad and believes the government is likely to demonstrate that the anti-DEI EOs are constitutional directives by the president to his officers. Judge Rushing also noted that the case may not be ripe for review because there is no specific agency action being challenged.
The ruling is not a final decision on the legality of the EOs. It merely allows the government to administer the policy while litigation continues. The Fourth Circuit will retain jurisdiction to hear the case on the merits and has agreed to an expedited briefing.
A final ruling on the merits is expected in the next three to six months. In the meantime, employers should keep working with legal counsel to proactively audit their DEI policies to ensure compliance with existing laws while maintaining alignment with company values.
Alivia Combe-DuQuet contributed to this article
FBI Warns of Hidden Threats in Remote Hiring: Are North Korean Hackers Your Newest Employees?
The Federal Bureau of Investigation (FBI) recently warned employers of increasing security risks from North Korean workers infiltrating U.S. companies by obtaining remote jobs to steal proprietary information and extort money to fund activities of the North Korean government. Companies that rely on remote hires face a tricky balancing act between rigorous job applicant vetting procedures and ensuring that new processes are compliant with state and federal laws governing automated decisionmaking and background checks or consumer reports.
Quick Hits
The FBI issued guidance regarding the growing threat from North Korean IT workers infiltrating U.S. companies to steal sensitive data and extort money, urging employers to enhance their cybersecurity measures and monitoring practices.
The FBI advised U.S. companies to improve their remote hiring procedures by implementing stringent identity verification techniques and educating HR staff on the risks posed by potential malicious actors, including the use of AI to disguise identities.
Imagine discovering your company’s proprietary data posted publicly online, leaked not through a sophisticated hack but through a seemingly legitimate remote employee hired through routine practices. This scenario reflects real threats highlighted in a series of recent FBI alerts: North Korean operatives posing as remote employees at U.S. companies to steal confidential data and disrupt business operations.
On January 23, 2025, the FBI issued another alert updating previous guidance to warn employers of “increasingly malicious activity” from the Democratic People’s Republic of Korea, or North Korea, including “data extortion.” The FBI said North Korean information technology (IT) workers have been “leveraging unlawful access to company networks to exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime.”
Specifically, the FBI warned that “[a]fter being discovered on company networks, North Korean IT workers” have extorted companies, holding their stolen proprietary data and code for ransom and have, in some cases, released such information publicly. Some workers have opened user accounts on code repositories, representing what the FBI described as “a large-scale risk of theft of company code.” Additionally, the FBI warned such workers “could attempt to harvest sensitive company credentials and session cookies to initiate work sessions from non-company devices and for further compromise opportunities.”
The alert came the same day the U.S. Department of Justice (DOJ) announced indictments against two North Korean nationals and two U.S. nationals alleging they engaged in a “fraudulent scheme” to obtain remote work and generate revenue for the North Korean government, including to fund its weapons programs.
“FBI investigation has uncovered a years-long plot to install North Korean IT workers as remote employees to generate revenue for the DPRK regime and evade sanctions,” Assistant Director Bryan Vorndran of the FBI’s Cyber Division said in a statement. “The indictments … should highlight to all American companies the risk posed by the North Korean government.”
Data Monitoring
The FBI recommended that companies take steps to improve their data monitoring, including:
“Practice the Principle of Least Privilege” on company networks.
“Monitor and investigate unusual network traffic,” including remote connections and remote desktops.
“Monitor network logs and browser session activity to identify data exfiltration.”
“Monitor endpoints for the use of software that allows for multiple audio/video calls to take place concurrently.”
Remote Hiring Processes
The FBI further recommended that employers strengthen their remote hiring processes to identify and screen potential bad actors. The recommendations come amid reports that North Korean IT workers have used strategies to defraud companies in hiring, including stealing the identities of U.S. individuals, hiring U.S. individuals to stand in for the North Korean IT workers, or using artificial intelligence (AI) or other technologies to disguise their identities. These techniques include “using artificial intelligence and face-swapping technology during video job interviews to obfuscate their true identities.”
The FBI recommended employers:
implement processes to verify identities during interviews, onboarding, and subsequent employment of remote workers;
educate human resources (HR) staff and other hiring managers on the threats of North Korean IT workers;
review job applicants’ email accounts and phone numbers for duplicate contact information among different applicants;
verify third-party staffing firms and those firms’ hiring practices;
ask “soft” interview questions about specific details of applicants’ locations and backgrounds;
watch for typos and unusual nomenclature in resumes; and
complete the hiring and onboarding process in person as much as possible.
Legal Considerations
New vendors have entered the marketplace offering tools purportedly seeking to solve such remote hiring problems; however, companies may want to consider the legal pitfalls—and associated liability—that these processes may entail. These considerations include, but are not limited to:
Fair Credit Reporting Act (FCRA) Implications: If a third-party vendor evaluates candidates based on personal data (e.g., scraping public records or credit history), it may be considered a “consumer report.” The Consumer Financial Protection Bureau (CFPB) issued guidance in September 2024 taking that position as well, and to date, that guidance does not appear to have been rolled back.
Antidiscrimination Laws: These processes, especially as they might pertain to increased scrutiny or outright exclusion of specific demographics or countries, could disproportionately screen out protected groups in violation of Title VII of the Civil Rights Act of 1964 (e.g., causing disparate impact based on race, sex, etc.), even if unintentional. This risk exists regardless of whether the processes involve automated or manual decisionmaking; employers may be held liable for biased outcomes from AI just as if human decisions caused them—using a third-party vendor’s tool is not a defense.
Privacy Laws: Depending on the jurisdiction, companies’ vetting processes may implicate transparency requirements under data privacy laws, such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) in the European Economic Area (EEA), when using third-party sources for candidate screening. Both laws require clear disclosure to applicants about the types of personal information collected, including information obtained from external background check providers, and how this information will be used and shared.
Automated Decisionmaking Laws: In the absence of overarching U.S. federal legislation, states are increasingly filling in the gap with laws regarding automated decisionmaking tools, covering everything from bias audits to notice, opt-out rights, and appeal rights. If a candidate is located in a foreign jurisdiction, such as in the EEA, the use of automated decisionmaking tools could trigger requirements under both the GDPR and the recently enacted EU Artificial Intelligence Act.
It is becoming increasingly clear that multinational employers cannot adopt a one-size-fits-all vetting algorithm. Instead, companies may need to calibrate their hiring tools to comply with the strictest applicable laws or implement region-specific processes. For instance, if a candidate is in the EEA, GDPR and EU AI Act requirements (among others) apply to the candidate’s data even if the company is U.S.-based, which may necessitate, at a minimum, turning off purely automated rejection features for EU applicants and maintaining separate workflows and/or consent forms depending on the candidate’s jurisdiction.
Next Steps
The FBI’s warning about North Korean IT workers infiltrating U.S. companies is the latest involving security risks from foreign governments and foreign actors to companies’ confidential data and proprietary information. Earlier this year, the U.S. Department of Homeland Security published new security requirements restricting access to certain transactions by individuals or entities operating in six “countries of concern,” including North Korea.
Employers, particularly those hiring remote IT workers, may want to review their hiring practices, identity-verification processes, and data monitoring, considering the FBI’s warnings and recommendations. Understanding and addressing these risks is increasingly vital, especially as remote hiring continues to expand across industries.
What’s the Latest News with DEI?
As you know, there’s been a frenzy around DEI initiatives this year in the of wake President Trump’s executive orders regarding diversity, equity, and inclusion programs. We addressed the executive order titled “Ending Illegal Discrimination and Restoring Merit-Based Opportunity” here, and our Bradley colleagues in the Government Enforcement Practice Group weighed in on DEI for government contractors. So, what’s the latest update? The EEOC is on the hunt.
While many organizations filed lawsuits challenging the DEI executive orders on various constitutional grounds, including free speech, the EEOC and other organizations (like state departments of education) are pushing forward with the war on DEI efforts. On Monday, the EEOC made clear that its crosshairs are set on DEI initiatives. In a press release, Acting Chair Andrea Lucas stated the EEOC is “prepared to root out discrimination anywhere it may rear its head” and indicated that the commission issued letters requesting information to 20 law firms concerning their DEI efforts.
More on the Letters
The letters total 210 pages, are all issued by Lucas, and focus on requesting a significant amount of information from each law firm related to their various diversity and inclusion initiatives, data regarding criteria used for internships, recruitment, and internal promotions of lawyers, and reports or plans relating to DEI initiatives. The letters report that the EEOC used only public information to evaluate statements made by the various law firms and uses those public statements (and in some cases court filings) as the basis for requesting such information. The letters claim the DEI “programs, policies, and practices may entail unlawful disparate treatment in terms, conditions, and privileges of employment, or unlawful limiting, segregating, and classifying based—in whole or in part—on race, sex, or other protected characteristics, in violation of Title VII.” Lucas also informed one organization that the “sudden, overnight removal of” the policies from the firm’s webpage give her pause.
What Should You Do?
As we said before, if you want to continue DEI efforts, do so thoughtfully, recognize the risks and, if you have not already, take the steps below:
Conduct a review, but first retain counsel. If you have not already, now is the time to conduct a review of your company’s DEI policies and programs. Before initiating that review, we recommend retaining legal counsel to assist with the review and to provide insight as to all the potential risks. Also, make sure the review is privileged. Make sure your company is not using quota systems based on protected characteristics.
Resist the urge to remove or update policies without first consulting legal counsel. Understand that sudden changes in policies may give the EEOC pause, but they may also be important to comply with the executive orders. Do not rush into a change without thinking it through.
Continue training. Train your supervisors and other decision-makers on best practices, so they know employment decisions should never be motivated by race, sex, or any other protected characteristic. Hiring based on merit is always the best practice.
Be inclusive. Identify ways to help all of your workforce feel included during these unpredictable and everchanging times.
Finally, stay tuned to our blog as we will keep you updated with the latest news in this area.
Listen to this article
EEOC Answers Questions About What Constitutes Illegal DEI Programs
The U.S. Equal Employment Opportunity Commission (EEOC) recently released two technical assistance documents to explain what constitutes illegal diversity, equity, and inclusion (DEI) programs in the workplace. The technical assistance documents align with several executive orders on DEI that President Donald Trump issued shortly after he took office—which are being challenged in court.
Quick Hits
The EEOC recently issued two documents to clarify what the Trump administration considers to be illegal DEI programs.
According to these documents, discrimination may occur if race, sex, or another protected characteristic is just one deciding factor, not the sole deciding factor, in an employment decision.
The guidance suggests employers should open all training and mentoring programs to all demographic groups.
The guidance confirms that employee resource groups or affinity groups may be unlawful if they are not open to everyone.
On March 19, 2025, the EEOC released a technical assistance document called “What You Should Know About DEI-Related Discrimination at Work.” With the U.S. Department of Justice (DOJ), the EEOC also released a one-page document called “What To Do If You Experience Discrimination Related to DEI at Work.” These documents were issued on the heels of Executive Orders 14151 and 14173, aimed at “illegal” DEI initiatives in the federal government and private employment.
Title VII of the Civil Rights Act of 1964 prohibits employment discrimination and harassment based on race, color, sex, national origin, and religion, among other protected characteristics not listed in the technical assistance documents. In a Q&A format, the EEOC stated that an employer’s DEI policy, program, or practice may be unlawful under Title VII if it involves “taking an employment action motivated—in whole or in part—by race, sex, or another protected characteristic.” The EEOC stated that “DEI-related disparate treatment” could include disparate treatment in hiring, firing, promotion, demotion, compensation, and fringe benefits, as well as disparate treatment in:
Access to or exclusion from training;
Access to mentoring, sponsorship, or workplace networking/networks;
Internships, including fellowships or summer associate programs; and
Selection for interviews, including placement or exclusion from a candidate pool.
The EEOC advised employers to offer “training and mentoring that provides workers of all backgrounds the opportunity, skill, experience, and information necessary to perform well and to ascend to upper-level jobs. Employers also should ensure that employees of all backgrounds have equal access to workplace networks.”
The EEOC cautioned employers that they cannot use general business interests, or customers’ and clients’ preferences, as a reason for treating employees disparately based on race, sex, or another protected characteristic. The EEOC recognized bona fide occupational qualifications provide lawful grounds for employment decisions in limited circumstances but do not otherwise make preference-based decisions lawful.
The EEOC noted that DEI training may create legal risk if the training is discriminatory in content, application, execution, or context.
Affinity groups, sometimes called employee resource groups, may be problematic, according to these EEOC guides, if they are not open to everyone or limit terms and conditions of employment to only certain members with certain protected characteristics. The EEOC stated, “Title VII also prohibits employers from limiting, segregating, or classifying employees or applicants based on race, sex, or other protected characteristics in a way that affects their status or deprives them of employment opportunities. This prohibition applies to employee activities that are employer-sponsored, including by making available company time, facilities, or premises, and other forms of official or unofficial encouragement or participation), such as employee clubs or groups.”
Next Steps
The Trump administration’s executive orders on DEI in the workplace are being challenged in court. While it is too early to tell what the ultimate outcome of those cases will be, employers may wish to carefully review the two new technical assistance documents to understand the EEOC’s interpretations and likely enforcement activity. Furthermore, employers may wish to inventory their training and mentoring programs and other practices to determine if any of them conflict with the EEOC’s statement of the law and enforcement priorities.
SEC Issues New Guidance on Self-Certification of Accredited Investor Status in Private Placements
On March 12, 2025, the staff of the Division of Corporate Finance (the staff) of the US Securities and Exchange Commission (the SEC) concurrently issued a no-action letter and interpretive guidance via new Compliance and Disclosure Interpretations (C&DIs) that helpfully clarify and expand the circumstances in which “accredited investor” status may be verified through investor self-certification when the minimum investment amount of an offering crosses applicable thresholds.
The private offering safe harbor afforded by Rule 506(c) of Regulation D (Rule 506(c)) under the Securities Act of 1933, as amended (the Securities Act), allows for the use of general solicitation and general advertising in connection with private placements, provided that, among other requirements, the issuer takes “reasonable steps” to verify that all of the participating purchasers qualify as “accredited investors” pursuant to SEC rules and regulations.1 This accredited investor verification requirement has historically been viewed as materially limiting the usefulness of the Rule 506(c) safe harbor, as the requirement has been understood to necessitate the undertaking of an oftentimes administratively burdensome manual verification process of each participating investor’s status and qualifications, including, for example, the collection and review of individual purchasers’ tax returns to confirm income eligibility thresholds had been met or requiring the engagement of third-party services to confirm ownership of assets (as relying solely on representations delivered by the investors themselves with respect to such qualifications and metrics was deemed insufficient in terms of conducting the “reasonable steps” verification process required by Rule 506(c)).
Significantly however, the recent no-action letter and C&DIs confirm that an issuer may now reasonably conclude in the context of an offering under Rule 506(c) that it has taken reasonable steps to verify a purchaser’s status as an accredited investor in circumstances where:
the purchaser has agreed to make a minimum investment of (i) $200,000 if the purchaser is a natural person or (ii) $1,000,000 if the purchaser is an entity (including, in each case, with confirmation from the purchaser that if such purchase is being made via a capital commitment, that such commitment is binding);
the purchaser provides representations both that (i) it is an accredited investor and that (ii) it is not receiving thirdparty financing in whole or in part with respect to the purchase; and
the issuer does not have any actual knowledge indicating that the purchaser is not in fact an accredited investor or that any of its provided representations (including as to the lack of thirdparty financing) are untrue.
Although the no-action letter and C&DIs, by simplifying the accredited investor verification process in certain circumstances, are expected to enhance the attractiveness of the Rule 506(c) exemption for issuers conducting private offerings, it is important to note that if a Rule 506(c) offering fails to qualify for the safe harbor for any reason, and the issuer has already engaged in general solicitation with respect to such offering (as would normally be permitted under Rule 506(c)), neither the exemption provided by Rule 506(b) of Regulation D (Rule 506(b)),2 which allows issuers to raise unlimited capital from accredited investors and up to 35 non-accredited investors (provided there has been no general solicitation or advertising), nor the general private placement exemption provided by Section 4(a)(2) of the Securities Act, for transactions not involving a public offering, would be available as fallback options with respect to the potentially busted securities law exemption – it is therefore crucial that issuers consult with counsel as early in the process as possible to ensure any potential offering is structured and conducted in a manner in which the availability of an exemption from registration is not called into question.
1 Rule 506(c)(2)(ii).
2 Issuers seeking to avoid burdensome accredited investor verification processes have historically turned to Rule 506(b) as the securities law exemption of choice – between July 1, 2020, and June 30, 2021 (the latest period for which data is available), issuers raised approximately $1.9 trillion under Rule 506(b), compared to $124 billion under Rule 506(c). https://carta.com/learn/private-funds/regulations/regulation-d.
February 2025 ESG Policy Update — Australia
Australian Update
ASIC’s Key Issues Outlook for 2025
On 24 January 2025, the Australian Securities and Investments Commission (ASIC) released its key issues outlook for 2025 which provides insights for Australian businesses and consumers on the most significant current, ongoing and emerging issues within ASIC’s regulatory remit.
ASIC emphasised its desire to be a proactive regulator, ensuring a safe environment for Australian businesses and markets whilst safeguarding consumers. ASIC noted that key factors influencing its perspective on the issues facing Australia’s financial system included:
Increased market volatility;
Geopolitical changes;
The global accumulation of debt to drive growth;
Perceived and real inequality of wealth;
Shifts in the way capital is invested; and
Advances in artificial intelligence, data and cyber risk.
Among other issues, ASIC identified poor quality climate-related disclosures as leading to misinformed investment decisions. ASIC noted that informed decision making by investors is facilitated by the provision of high quality, consistent and comparable information regarding a reporting entities’ climate related risks and opportunities.
Furthermore, ASIC emphasised the importance of reporting entities having appropriate governance and reporting processes to comply with new mandatory climate reporting obligations introduced as part of the Treasury Laws Amendment (Financial Market Infrastructure and Other Measures) Bill 2024 (Cth), which took effect on 1 January 2025. Please refer to our earlier summary of the regime here.
ASIC also noted it will continue to scrutinise disclosures which misrepresent the green credentials of a financial product or investment strategies. Please refer to our summary of ASIC’s guidelines to prevent greenwashing here.
AU$2 Billion Investment in Clean Energy Finance Corporation
On 23 January 2025, the Australian Government announced it is providing an additional AU$2 billion to the Clean Energy Finance Corporation (CEFC). This is Australia’s specialist investor in the nation’s transition to net zero emissions.
The investment aims to enable the CEFC to support Australian households, workers and businesses who are making the shift to renewable energy by offering significant savings.
The investment aims to also help deliver reliable, renewable, cost-saving technologies to the Australian community by generating an expected AU$6 billion in private investment. It is anticipated that this will come from global and local organisations looking to capitalise on the nation’s future renewable energy plan.
This follows the CEFC’s announcement on 16 January 2025 that it had invested AU$100 million in a build-to-rent strategy to facilitate the design and delivery of affordable, sustainable and high-quality homes. These homes will harness the benefits of clean energy technologies, by aiming to be highly efficient, fully electric and powered by renewable energy.
Since its establishment in 2012, the CEFC has played a key role in helping Australia strive towards its emissions reduction targets. In 2024, the CEFC invested over AU$4 billion in local projects which the Australian Government claims unlocked around AU$12 billion in private investment and supported over 4,000 Australian jobs.
Superannuation CEO Roundtables Emphasise Importance of Consistent Climate Risk Disclosures
The Australian Prudential Regulation Authority (APRA) and ASIC recently hosted two Superannuation CEO Roundtables in November and December of 2024, attended by 14 chief executive officers (CEOs) and other executives from a cross-section of superannuation funds. Climate and nature risks were the key focus of discussions, given the recent legislation mandating climate-related financial disclosures and the introduction of the Australian Sustainability Reporting Standards.
The CEOs collectively acknowledged the importance of consistent climate risk disclosure whilst emphasising the need for clear and practical guidance from regulators and calling for standardised metrics, methods and scenarios to ensure comparability across the industry. The CEOs also outlined the current challenge of aligning different reporting standards across jurisdictions. The host regulatory bodies recognised the value of consistency with international standards of climate risk reporting. They noted that appropriate alignment can avoid duplication of efforts, ensure Australian superannuation funds remain in line with global best practices and provide for effective disclosures for members through which informed investment decisions may be made. In turn, discussions further touched on the impact of climate risk on investment strategies and the selection of investment managers and custodians, highlighting the impact on investment decision-making by participants across the industry.
The discussion also covered nature risk, with APRA interested in understanding how superannuation trustees are addressing nature risk given it is a topic of growing importance. It was acknowledged this was a topic that should continue to be explored.
Participants also discussed the role of industry bodies, and all agreed these bodies can play a crucial role in supporting trustees navigate the complexities of the data. ASIC and APRA expressed their commitment to support the superannuation industry and collaborate with industry bodies to drive consistent and accurate disclosures, effective communication with members and alignment with global standards.
Australian Government Announces Green Iron Investment Fund
On 20 February 2025, the Australian Government announced an AU$1 billion Green Iron Investment Fund to support green iron manufacturing and its supply chains by assisting early mover green iron projects and encouraging private investment at scale. “Green iron” refers to iron products made using renewable energy.
Australia is the world’s largest iron ore producer, earning over AU$100 billion in export income in the 2023-24 financial year. The iron and steel industry supports more than 100,000 jobs within Australia.
An initial AU$500 million of the Green Iron Investment Fund will be used to support the Whyalla Steelworks (Whyalla) after the Premier of South Australia, Peter Malinauskas, placed Whyalla into administration on 19 February 2025. The funding is proposed to transform Whyalla into a hub for green iron and steel.
Whyalla is considered strategically important for Australia due to its manufacturing capacity, highly skilled workforce, and access to a deep-water port, high-grade magnetite ore reserves and renewable energy sources.
The remaining AU$500 million will be available for nationwide green iron projects, targeting both existing facilities and new developments. Several companies within the industry are already exploring low-carbon iron production from the Pilbara ores in Western Australia.
The Green Iron Investment Fund is the latest initiative from the Australian Government aimed at bolstering Australia’s green metals sector. Existing initiatives include:
An AU$2 billion investment in Australian-made aluminium;
Passing legislation to deliver Production Tax Credits for hydrogen and critical minerals;
Investing in major critical minerals and rare earth projects through the Critical Minerals Facility;
An AU$3.4 billion investment in Geoscience Australia to accelerate the discovery of resources; and
Funding Hydrogen Headstart to support Australia’s hydrogen and clean energy industries.
View From Abroad
CFOs Expect Higher Returns from Sustainability Initiatives than Traditional Investments
A new report from Kearney, ‘Staying the Course: Chief Financial Officers and the Green Transition’ (Report), released on 17 February 2025, reveals that chief financial officers (CFOs) across the world are prioritising sustainability investments.
Despite recent speculation that investments in the green economy would face a slowdown, this Report clearly indicates that out of more than the 500 CFO respondents across several jurisdictions, including the United Kingdom, United States, United Arab Emirates, and India, 92% noted their intention to increase current investments in sustainability. This Report also found that of all the CFOs surveyed:
69% expected a higher return from sustainability initiatives than from traditional investments;
93% saw a clear business case for investing in sustainability; and
61% saw sustainability investments primarily as a cost decision rather than as something that creates value.
This commitment to increasing climate investments indicates that sustainability investment is not viewed as merely an arm of corporate social responsibility but is also seen as an integral means to maximise efficiencies and returns, take advantage of market opportunities and navigate rapidly evolving regulatory landscapes.
Decision to Scrap DEI Policies May Be Indicative of a Broader Trend
The recent omission of diversity, equity, and inclusion (DEI) commitments from numerous listed companies in their annual filing with the US Securities and Exchange Commission may be a harbinger of a broader global trend which could have repercussions for Australia’s environmental, social and governance (ESG) investment landscape.
Many of Australia’s largest funds currently hold significant capital under management which is invested based on ethical criteria.
DEI policies are integral to a company’s ESG rating, as determined by third-party analytics firms, particularly through the lens of social responsibility practices. By demonstrating a commitment to DEI, companies not only fulfil ethical obligations but also align with investor expectations for responsible corporate behaviour, thereby positively influencing their ESG rating. Contrastingly, deprioritising DEI commitments may result in reduced investor demand and potential exclusion from ESG-focused indices.
In the weeks since President Donald Trump signed executive orders to remove DEI hiring initiatives in the US government and its federal contractors, several US companies have begun withdrawing from similar commitments, potentially signalling a broader global trend that other companies might follow. Companies who withdraw from DEI-related commitments may face the possibility of a decrease in their ESG ratings. Broader market consequences include potentially increased volatility in the ESG indices and long-term negative impacts on corporate performance and investor confidence in sustainable economic growth.
Funds with active ESG investment strategies will need to monitor this trend to ensure that their investment portfolios maintain any positive or negative screens and that any ESG disclosures are not misleading or deceptive. ASIC has shown through its recent enforcement activity targeting greenwashing that it will pursue fund managers who do not have appropriate measures in place to ensure the effectiveness of its ESG-related representations.
Nathan Bodlovich, Cathy Ma, Daniel Shlager, and Bernard Sia also contributed to this article.
The authors would like to thank graduates Daniel Nastasi, Katie Richards, Natalia Tan and clerk Juliette Petro for their contributions to this alert.
California AG Again Enjoined from Implementing California Age Appropriate Design Code Act
On March 13, 2025, the U.S. District Court for the Northern District of California granted a second motion for preliminary injunction in favor of the technology trade group NetChoice. The injunction once again enjoins the California Attorney General from enforcing the California Age Appropriate Design Code Act (the “AADC” or “Code”), which was originally intended to take effect on July 1, 2024. The District Court determined that NetChoice is likely to succeed on claims raised in its amended complaint that the AADC is facially invalid under the First Amendment guarantee of free speech. As a result, the California AG is immediately enjoined from enforcing the Code during the pendency of the litigation.
The claims of free speech infringement stem primarily from the Code’s requirement for covered businesses to perform a data protection impact assessment (“DPIA”) to identify material risks to children under the age of 18, document and mitigate those risks before such children access an online service, product or feature and provide the DPIA to the California Attorney General upon written request. NetChoice asserts that on this basis the Code violates the expressive rights of NetChoice, its members and is void for vagueness under the First Amendment.
An injunction previously granted by the District Court in respect of the Act’s 2023 implementation was partially upheld by a Ninth Circuit panel in August of 2024, with respect to the DPIA requirement and provisions of the Code not grammatically severable from the DPIA requirement, including notice and cure provisions with respect to non-compliance. The Ninth Circuit vacated the rest of the district court’s first ruling and remanded the case to assess other provisions of the Code in more detail and consider whether the law’s unconstitutional provisions are severable from the remainder of the law.
The District Court determined that the AADC is not sufficiently narrowly tailored (under the strict scrutiny standard) to achieve its interest in protecting children online. On the basis that NetChoice has a colorable First Amendment claim, it would suffer irreparable harm if the Code were to take effect. The District Court also found that the enjoined DPIA provisions are not volitionally severable from the remainder of the AADC, though they are functionally severable.
The District Court determined, on the other hand, that NetChoice had not shown that it is likely to succeed on certain other claims, such as that the AADC was pre-empted by the federal Communications Decency Act or by the Children’s Online Privacy Protection Act.
KSA Introduces New Ultimate Beneficial Ownership Rules
Go-To Guide:
The Kingdom of Saudi Arabia’s new UBO Rules, effective 3 April 2025, require most companies to disclose their UBOs to the Ministry of Commerce.
Companies must register UBOs during incorporation, maintain updated UBO records, and notify authorities of changes within 15 days, with penalties up to SAR 500,000 for non-compliance.
The rules exclude publicly listed companies, state-owned entities, and those under liquidation.
The Kingdom of Saudi Arabia minister of commerce recently issued the Rules for the Ultimate Beneficial Owner (UBO Rules), which aim to enhance corporate transparency and align with international standards by requiring companies to disclose their ultimate beneficial owners (UBOs) to the Ministry of Commerce (the Ministry). The UBO Rules apply to all companies registered in the Kingdom, except publicly listed joint-stock companies, and will take effect 3 April 2025.
These rules are part of Saudi Arabia’s commitment to international best practices, including compliance with Financial Action Task Force (FATF) recommendations, and are designed to combat financial crimes, enhance anti-money laundering (AML) enforcement, and improve corporate accountability.
Previous Regulatory Framework
Previously, Saudi Arabia’s regulatory framework required companies to maintain ownership records, but there was no centralized obligation for private companies to disclose UBOs. UBO identification was primarily enforced in financial and regulated sectors under AML and Know Your Customer requirements. However, non-financial businesses lacked a structured UBO disclosure process, making it difficult to trace ownership in complex corporate structures or offshore entities.
Despite this, it was previously possible to obtain some information about the direct owners of companies through the Aamaly portal, where companies’ constitutional documents were published as required under the Saudi Companies Law. Since the constitutional documents typically contained details about shareholders and ownership percentages, anyone could access these documents to determine the direct legal owners of a company. However, this method had limitations, as it only reflected registered direct shareholders rather than the actual UBOs who might control the company through indirect ownership, nominee structures, or layered corporate entities. If ownership was structured through trusts, offshore holdings, or other intermediaries, the true UBOs could remain undisclosed, making it difficult to trace ultimate ownership and control.
Key Changes the UBO Rules Introduce
With the introduction of the new UBO Rules, all companies (except publicly listed joint-stock companies) must now formally register and maintain a record of their UBOs with the Ministry. This expands regulatory oversight beyond financial institutions to all corporate entities, ensuring greater transparency, accountability, and alignment with international standards such as Financial Action Task Force recommendations. Companies will now be required to submit UBO details during incorporation, update them annually, and notify authorities of any changes within 15 days.
UBO Criteria
A UBO is defined as any natural person who meets at least one of the following criteria:
Owns at least 25% of the company’s share capital, directly or indirectly.
Controls at least 25% of the company’s voting rights, directly or indirectly.
Has the power to appoint or remove the majority of the board, manager, or chairman.
Has the ability to influence the company’s operations or decisions.
Represents a legal entity that meets any of the above conditions.
If no individual qualifies under these criteria, the company’s manager, board member, or chairman will be deemed as the UBO.
Key Obligations
Disclosure at Incorporation: Newly formed companies must disclose UBO information as part of the registration process.
Annual Filings: Existing companies must confirm UBO details annually within 30 days before their registration anniversary.
UBO Register & Updates: Companies must maintain a UBO register containing details such as the UBO’s name, national ID or passport details, residential address, contract information, and the criteria used to determine their UBO status. The register must be maintained in the Kingdom.
Updates to UBO Information: Companies are required to notify the Ministry of any changes to the UBO details within 15 days of such change.
Regulatory Requests: The Ministry has the discretion to request UBO related information and supporting documents.
Exemptions
The following entities are exempt from the UBO disclosure requirements:
Companies the state wholly owns or any state-owned authorities, whether directly or indirectly.
Companies undergoing liquidation under the bankruptcy law.
Companies specifically exempted by decision of the minister.
If a company is exempt, it is required to submit proof of its exemption to the Ministry.
Penalties
Failure to comply with the UBO Rules may result in penalties, including fines of up to SAR 500,000 (approx. USD 133,000). Companies operating in the Kingdom should consider taking proactive measures to comply with the UBO Rules.
Will Ling Chi Kill The Corporate Transparency Act?
Ling Chi was a slow and torturous method of execution practiced in Imperial China. Better known in English as “death by a thousand cuts”, ling chi took a terribly long time to kill the condemned prisoner.
The Corporate Transparency Act, or CTA, may also be killed by a thousand cuts. Since enactment, the CTA has been challenged in numerous courts around the country, bills have been introduced in Congress to delay implementation of the act, FinCEN has announced suspension of enforcement against U.S. citizens and domestic reporting companies. See Navigating the Changing Landscape of Corporate Transparency Act Compliance. Now, U.S. District Court Judge Robert J. Jonker has granted judgment:
(1) declaring the Reporting Requirements of the CTA a violation of the Fourth Amendment prohibition against unreasonable searches; (2) relieving Plaintiffs and their members of any obligation to comply with the Reporting Requirements of the CTA; and (3) permanently enjoining Defendants from enforcing any of the CTA’s Reporting Requirements against the plaintiffs and their members, and from using or disclosing any information already provided by the plaintiffs and their members under the Reporting Requirements.
Small Bus. Ass’n of Michigan v. Yellen, 2025 WL 704287 (W.D. Mich. Mar. 3, 2025). Judge Jonker’s comments on the Fourth Amendment are worth noting:
The Constitution generally, and the Bill of Rights in particular, are all about protecting citizens from the power of government. Governmental power has a natural tendency to expand and encroach on the freedom and privacy of citizens. That is true even when the government is pursuing goals—like crime investigation and prevention—that are worthy and important. The Fourth Amendment is one of the key limits on government power that protects the legitimate privacy interests of citizens from unreasonable government intrusion. In Orwell’s 1984, “Big Brother” had omnipresent telescreens everywhere—including every citizen’s living room—that made sure nothing beyond a smuggled, hand-written diary was truly private. The CTA doesn’t go that far, to be sure, but it’s a step in that direction. It compels citizens to disclose private information they are not required to disclose anywhere else just so the government can sit on a massive database to satisfy future law enforcement requests. It does so at a cost of billions of dollars to the citizens least likely to afford it. It amounts to an unreasonable search prohibited by the Fourth Amendment.